/ip/firewall/connection table shows the ping attempts to the sites from which there is no reply, but only with a (C)onfirmed marks, while the sites that can be pinged/reached get SACs.
Internet speed is ok.
Why did you make a second bridge ?
With “wifi station” you mean your device connects to another device via Wifi to get internet access, this is then transferred to other clients on AC2 ?
Did you use station mode for wlan1 connection to the originating access point ? Also, what type of device is that access point ?
With “wifi station” you mean your device connects to another device via Wifi to get internet access, this is then transferred to other clients on AC2 ?
Exactly, and I’d like to be able to connect to AC2 (the mikrotik router) both via wired and wireless.
Did you use station mode for wlan1 connection to the originating access point ? Also, what type of device is that access point ?
It’s another home ASUS router used as AP. I’m trying to imitate the scenario of connecting to a hotel wifi. I would like then to be able to use cable on ether3, and wifi on wlan2. (Once I can get this straight, I would also like to setup a third party VPN on bridge2.)
1- The diagram you link to is not complete since you do not indicate what you plan to do with ether1-2-4-5 ? Nor other wlan interfaces ? That VPN service you want to link to is also not mentioned there. It is needed to have the full picture when setting things up.
2- remove bridge2. Unless you have a REAL good reason to make a new bridge, it’s usually not needed. And if you do, you usually also know quite well why.
3- your wlan1 interface is still in ap-bridge. It should be in station mode. I indicated so above and its also in the instructions you linked to, it’s explicitly mentioned (and even HIGHLIGHTED) (assuming it is effectively wlan1 which you want to use to connect to Asus)
4- attach wlan2 and ether3 back to the remaining bridge
5- attach dhcp server to remaining bridge and make sure it’s the only one.
Maybe some other bits and pieces but that’s what I see for starters.
It’s clear to me you did not follow the instructions as explained in that link you referred to.
I suggest you start from scratch, follow those instructions to the letter and then it will work.
What are you planning to do with that VPN ? Is that outbound VPN or inbound ?
If inbound, how are you sure the required ports are available to reach your device ?
If outbound, what service, what purpose ?
3- your wlan1 interface is still in ap-bridge. It should be in station mode. I indicated so above and its also in the instructions you linked to, it’s explicitly mentioned (and even HIGHLIGHTED) (assuming it is effectively wlan1 which you want to use to connect to Asus)
Afaiu wlan2 is in ap-bridge mode indeed, but wlan1 is already using the security profile, so it’s not in ap-bridge mode. Could you point to the place where you see that wlan1 is in ap-bridge mode?
I know it’s not the clearest setup, but it does work, my only problem is that certain sites are unavailable. When I reattach bridge2, the same sites don’t work, but some still do.
Would you have any tips as to why this could be happening? What logs should I look into, apart from /ip/firewall//connections.
I’m not sure I fully understand this, but does it mean that it’s not possible to reach sites X from IP Y using Mikrotik APs? Or is it? Is there a workaround for this?
In the diagram and instructions you showed, the settings are made on the device without configuration. You are configuring on a device that has a default config and then also your modification.
For wlan1 to work correctly as a wan port on the default config it needs to be added to the wan interface list.
The problem when only part of the sites open may have 2 reasons.
Reduced MSS/MTU.
Problems with DNS
You don’t write from where the sites are not available from the Lan port or the Wlan2 port.
In any case resetting the device to factory settings and setting it again will fix many problems.
factory reset
Set WLAN1 to station mode, configure the security profile. DHCP client on it.
exclude the port WLAN1 from the bridge and add it to the WAN list
Check if it works
Thanks a lot, this was the missing part, plus the factory reset. Both LAN and wlan2 are working now.
Now I’m gonna mess up everything again by adding the VPN, but that’s a separate issue, this part is solved, thanks again.
