Community discussions

 
Bran812
just joined
Topic Author
Posts: 6
Joined: Fri Nov 16, 2018 12:20 am

hAP ac^2: Internet stops working when I enable 5ghz wifi

Sun Nov 18, 2018 3:48 pm

Hi, I have a hAP ac^2. It's my first Mikrotik device and I use it to connect to the Internet. I have problems when I Enable the 5Ghz wifi interface because the Internet connection stops working and I only have LAN access.

Internet is on ether1 and has VLAN 832, the rest of the ports (including Wireless interfaces) are in a bridge (the bridge is my LAN)

First I thought It was a problem with the Firewall, I added these filters and Internet was working with the 5Ghz wifi enabled:

Code: Select all

add action=fasttrack-connection chain=forward comment= connection-nat-state=dstnat
add action=accept chain=forward comment=connection-nat-state=dstnat
But 3 days later suddenly the Internet connection stopped working and I didn't change anything on the router.

I rebooted the router, after that I deleted and import the Firewall filters but the Internet wasn't working. Finally I turned off 5Ghz wifi and Internet started working inmediately.

Please, Could someone help me to get Internet and 5Ghz wifi working at the same time? What I am missing in the configuration?
 
User avatar
fmarais007
just joined
Posts: 15
Joined: Thu Jan 11, 2018 9:16 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Mon Nov 19, 2018 2:54 pm

Hi,

My guess would be you are causing some sort of network loop.

Please post output of your "/interface bridge port" setup, and your "/interface wireless" setup.
 
Bran812
just joined
Topic Author
Posts: 6
Joined: Fri Nov 16, 2018 12:20 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Tue Nov 20, 2018 1:45 am

Hi,

My guess would be you are causing some sort of network loop.

Please post output of your "/interface bridge port" setup, and your "/interface wireless" setup.
Thanks for your response. This is my setup:

Code: Select all

/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge broadcast-flood=no edge=no-discover interface=Wlan_25G unknown-multicast-flood=no unknown-unicast-flood=no
add bridge=bridge broadcast-flood=no edge=no-discover interface=Wlan_5G unknown-multicast-flood=no unknown-unicast-flood=no

/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n channel-width=20/40mhz-Ce country=spain disabled=no frequency=auto \
frequency-mode=regulatory-domain mode=ap-bridge name=Wlan_25G ssid=Wlan_25G wireless-protocol=802.11 wmm-support=enabled
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country=spain distance=indoors \
frequency=auto frequency-mode=regulatory-domain max-station-count=20 mode=ap-bridge multicast-helper=disabled name=Wlan_5G ssid=Wlan_5G \
wireless-protocol=802.11 wmm-support=enabled
 
User avatar
fmarais007
just joined
Posts: 15
Joined: Thu Jan 11, 2018 9:16 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Tue Nov 20, 2018 12:46 pm

Hi,

I don't see anything out of the ordinary. You could perhaps set the channel width on both devices to 20mhz only.

Just to clarify, when you enable the 5Ghz WLAN you don't have internet anywhere? Or just on the 5Ghz WLAN? Or no Internet on either WLAN 1 or 2, only LAN has internet?
 
Bran812
just joined
Topic Author
Posts: 6
Joined: Fri Nov 16, 2018 12:20 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Tue Nov 20, 2018 3:38 pm

Just to clarify, when you enable the 5Ghz WLAN you don't have internet anywhere? Or just on the 5Ghz WLAN? Or no Internet on either WLAN 1 or 2, only LAN has internet?
I don't have Internet anywhere but I still can access to LAN with both Wifi interfaces and all ethernet ports on bridge.

When internet is down I see TX traffic on ether1, but no RX.
 
User avatar
fmarais007
just joined
Posts: 15
Joined: Thu Jan 11, 2018 9:16 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Wed Nov 21, 2018 9:52 am

Hi,

That is quite strange indeed.
Can you please export your entire config and dump it here?
 
Bran812
just joined
Topic Author
Posts: 6
Joined: Fri Nov 16, 2018 12:20 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Fri Nov 23, 2018 8:12 pm

Hi,

That is quite strange indeed.
Can you please export your entire config and dump it here?
Yes, here you have:

Code: Select all

# nov/22/2018 00:25:03 by RouterOS 6.43.4
# model = RBD52G-5HacD2HnD
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n channel-width=20/40mhz-Ce country=spain disabled=no frequency=auto \
frequency-mode=regulatory-domain mode=ap-bridge name=Wlan_25G ssid=Wlan_25G wireless-protocol=802.11 wmm-support=enabled
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country=spain distance=indoors \
frequency=auto frequency-mode=regulatory-domain max-station-count=20 mode=ap-bridge multicast-helper=disabled name=Wlan_5G ssid=Wlan_5G \
wireless-protocol=802.11 wmm-support=enabled
/interface bridge
add admin-mac=B8:69:F4:72:DA:92 arp=proxy-arp auto-mac=no igmp-snooping=yes mtu=1500 name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=1000M-full,2500M-full,5000M-full,10000M-full arp=disabled loop-protect=off
/interface vlan
add arp=proxy-arp interface=ether1 name=Internet vlan-id=832
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys supplicant-identity=MikroTik \
wpa-pre-shared-key=ABCDEFGH wpa2-pre-shared-key=ABCDEFGH
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=vpn-pool ranges=192.168.2.2-192.168.2.30
/ip dhcp-server
add add-arp=yes address-pool=dhcp disabled=no interface=bridge lease-time=23h59m59s name=dhcp-bridge
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge broadcast-flood=no edge=no-discover interface=Wlan_25G unknown-multicast-flood=no unknown-unicast-flood=no
add bridge=bridge broadcast-flood=no edge=no-discover interface=Wlan_5G unknown-multicast-flood=no unknown-unicast-flood=no
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set tcp-syncookies=yes
/interface detect-internet
set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN
/interface list member
add interface=Internet list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=Internet use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=NotPublic
add address=10.0.0.0/8 comment=RFC6890 list=NotPublic
add address=100.64.0.0/10 comment=RFC6890 list=NotPublic
add address=127.0.0.0/8 comment=RFC6890 list=NotPublic
add address=169.254.0.0/16 comment=RFC6890 list=NotPublic
add address=172.16.0.0/12 comment=RFC6890 list=NotPublic
add address=192.0.0.0/24 comment=RFC6890 list=NotPublic
add address=192.0.2.0/24 comment=RFC6890 list=NotPublic
add address=192.168.0.0/16 comment=RFC6890 list=NotPublic
add address=192.88.99.0/24 comment=RFC3068 list=NotPublic
add address=198.18.0.0/15 comment=RFC6890 list=NotPublic
add address=198.51.100.0/24 comment=RFC6890 list=NotPublic
add address=203.0.113.0/24 comment=RFC6890 list=NotPublic
add address=224.0.0.0/4 comment=RFC4601 list=NotPublic
add address=240.0.0.0/4 comment=RFC6890 list=NotPublic
/ip firewall filter
add action=fasttrack-connection chain=forward comment="Fasttrack established and related packets" connection-state=established,related
add chain=input comment="Accept established and related packets" connection-state=established,related
add action=fasttrack-connection chain=input comment="Accept all connections from local network" in-interface=bridge
add action=accept chain=input comment="Accept all connections from local network" in-interface=bridge
add action=drop chain=input comment="Drop invalid packets" connection-state=invalid
add action=drop chain=input comment="Drop all packets which are not destined to routes IP address" dst-address-type=!local
add action=drop chain=input comment="Drop all packets which does not have unicast source IP address" src-address-type=!unicast
add action=drop chain=input comment="Drop all packets from public internet which should not exist in public network" in-interface=Internet src-address-list=\
NotPublic
add action=fasttrack-connection chain=forward comment="Fastrack Accepted and Related (Forward)" connection-state=established,related
add action=accept chain=forward comment="Accept established and related packets (Forward)" connection-state=established,related
add action=fasttrack-connection chain=forward comment="Forward from Bridge and VPN to Internet" in-interface=bridge out-interface=Internet src-address=\
192.168.1.0-192.168.2.255
add action=accept chain=forward comment="Forward from Bridge and VPN to Internet" in-interface=bridge out-interface=Internet src-address=192.168.1.0-192.168.2.255
add action=fasttrack-connection chain=forward comment=\
"Forward NAT" connection-nat-state=\
dstnat
add action=accept chain=forward comment=\
"Forward NAT" connection-nat-state=\
dstnat
add action=drop chain=forward comment="Drop invalid packets" connection-state=invalid
add action=drop chain=forward comment="Drop not DestNATed from WAN" connection-nat-state=!dstnat in-interface=Internet
add action=drop chain=forward comment="Drop all packets from public internet which should not exist in public network" in-interface=Internet \
src-address-list=NotPublic
add action=drop chain=forward comment="Drop all packets from local network to internet which should not exist in public network" dst-address-list=NotPublic \
in-interface=bridge out-interface=Internet
add action=drop chain=forward comment="Drop all packets in local network which does not have local network address" in-interface=bridge src-address=\
!192.168.1.0-192.168.2.255
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT for Bridge and VPN" ipsec-policy=out,none out-interface=Internet src-address=\
192.168.1.0-192.168.2.255
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
/ip route
add distance=255 gateway=255.255.255.255
add distance=1 dst-address=10.0.0.0/8 type=unreachable
add distance=1 dst-address=172.16.0.0/12 type=unreachable
add distance=1 dst-address=192.168.0.0/16 type=unreachable
/ip route rule
add dst-address=192.168.1.0/24 interface=bridge src-address=192.168.1.0/24 table=main
add dst-address=0.0.0.0/0 interface=Internet src-address=192.168.1.0/24 table=main
 
User avatar
fmarais007
just joined
Posts: 15
Joined: Thu Jan 11, 2018 9:16 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Sun Nov 25, 2018 2:25 pm

Hi,

I see you have deviated quite a bit from the default settings for your interfaces.
Do you have a reason why proxy-arp is enabled for your bridge and vlan?
also, why arp is disabled on ether1 interface?

I would start with changing all interfaces to standard enabled arp mode.

I would also untick Use IP Firewall on bridge settings.
 
Bran812
just joined
Topic Author
Posts: 6
Joined: Fri Nov 16, 2018 12:20 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Tue Nov 27, 2018 10:00 pm

Hi,

I see you have deviated quite a bit from the default settings for your interfaces.
Do you have a reason why proxy-arp is enabled for your bridge and vlan?
also, why arp is disabled on ether1 interface?

I would start with changing all interfaces to standard enabled arp mode.

I would also untick Use IP Firewall on bridge settings.
ARP is disabled on ether1 because untagged traffic is ignored in this interface so ARP is useless.

In switch I set proxy-arp on switch because I thought that may be blocking the connection to the Internet.

I changed ARP to Enabled in all interfaces and I checked that "Use IP Firewall" is disabled on bridge, but the problem persists. :(
 
User avatar
fmarais007
just joined
Posts: 15
Joined: Thu Jan 11, 2018 9:16 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Thu Nov 29, 2018 1:29 pm

Hi,

I've setup a router similar to your config, but with mostly default settings.

Try the following:
/interface bridge
add fast-forward=no name=bridge
/interface vlan
add interface=ether1 name=Internet vlan-id=832
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=wifi-security \
    supplicant-identity="" wpa-pre-shared-key=ABCDEFGH wpa2-pre-shared-key=\
    ABCDEFGH
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n country=spain frequency=auto \
    mode=ap-bridge security-profile=wifi-security ssid=Wlan_25G
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=spain frequency=auto \
    mode=ap-bridge security-profile=wifi-security ssid=Wlan_5G
/ip pool
add name=dhcp_pool0 ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge lease-time=1d name=\
    dhcp1
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
/ip address
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=Internet \
    use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d max-udp-packet-size=512 \
    servers=8.8.8.8
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=NotPublic
add address=10.0.0.0/8 comment=RFC6890 list=NotPublic
add address=100.64.0.0/10 comment=RFC6890 list=NotPublic
add address=127.0.0.0/8 comment=RFC6890 list=NotPublic
add address=169.254.0.0/16 comment=RFC6890 list=NotPublic
add address=172.16.0.0/12 comment=RFC6890 list=NotPublic
add address=192.0.0.0/24 comment=RFC6890 list=NotPublic
add address=192.0.2.0/24 comment=RFC6890 list=NotPublic
add address=192.168.0.0/16 comment=RFC6890 list=NotPublic
add address=192.88.99.0/24 comment=RFC3068 list=NotPublic
add address=198.18.0.0/15 comment=RFC6890 list=NotPublic
add address=198.51.100.0/24 comment=RFC6890 list=NotPublic
add address=203.0.113.0/24 comment=RFC6890 list=NotPublic
add address=224.0.0.0/4 comment=RFC4601 list=NotPublic
add address=240.0.0.0/4 comment=RFC6890 list=NotPublic
/ip firewall filter
add action=accept chain=forward comment=\
    "Allow established and related packets" connection-state=\
    established,related
add action=accept chain=input comment="Allow established and related packets" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "Allow traffic from NotPublic address list" src-address-list=NotPublic
add action=drop chain=forward comment="Drop invalid packets" \
    connection-state=invalid
add action=drop chain=forward comment="Drop all forward traffic"
add action=drop chain=input comment="Drop all input traffic"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Internet src-address=\
    192.168.1.0-192.168.2.255
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
/ip route
add distance=1 gateway=Internet
Make adjustments to the default settings if absolutely necessary and let me know if this works.
Firewall rules are very basic. This blocks all outside traffic coming in and allows only traffic from the NotPublic list in and out.
 
Bran812
just joined
Topic Author
Posts: 6
Joined: Fri Nov 16, 2018 12:20 am

Re: hAP ac^2: Internet stops working when I enable 5ghz wifi

Wed Dec 05, 2018 1:54 am

Hi,

I've setup a router similar to your config, but with mostly default settings.

Try the following:
/interface bridge
add fast-forward=no name=bridge
/interface vlan
add interface=ether1 name=Internet vlan-id=832
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=wifi-security \
    supplicant-identity="" wpa-pre-shared-key=ABCDEFGH wpa2-pre-shared-key=\
    ABCDEFGH
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n country=spain frequency=auto \
    mode=ap-bridge security-profile=wifi-security ssid=Wlan_25G
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=spain frequency=auto \
    mode=ap-bridge security-profile=wifi-security ssid=Wlan_5G
/ip pool
add name=dhcp_pool0 ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge lease-time=1d name=\
    dhcp1
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
/ip address
add address=192.168.1.1/24 interface=bridge network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=Internet \
    use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d max-udp-packet-size=512 \
    servers=8.8.8.8
/ip dns static
add address=192.168.1.1 name=router.lan
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=NotPublic
add address=10.0.0.0/8 comment=RFC6890 list=NotPublic
add address=100.64.0.0/10 comment=RFC6890 list=NotPublic
add address=127.0.0.0/8 comment=RFC6890 list=NotPublic
add address=169.254.0.0/16 comment=RFC6890 list=NotPublic
add address=172.16.0.0/12 comment=RFC6890 list=NotPublic
add address=192.0.0.0/24 comment=RFC6890 list=NotPublic
add address=192.0.2.0/24 comment=RFC6890 list=NotPublic
add address=192.168.0.0/16 comment=RFC6890 list=NotPublic
add address=192.88.99.0/24 comment=RFC3068 list=NotPublic
add address=198.18.0.0/15 comment=RFC6890 list=NotPublic
add address=198.51.100.0/24 comment=RFC6890 list=NotPublic
add address=203.0.113.0/24 comment=RFC6890 list=NotPublic
add address=224.0.0.0/4 comment=RFC4601 list=NotPublic
add address=240.0.0.0/4 comment=RFC6890 list=NotPublic
/ip firewall filter
add action=accept chain=forward comment=\
    "Allow established and related packets" connection-state=\
    established,related
add action=accept chain=input comment="Allow established and related packets" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "Allow traffic from NotPublic address list" src-address-list=NotPublic
add action=drop chain=forward comment="Drop invalid packets" \
    connection-state=invalid
add action=drop chain=forward comment="Drop all forward traffic"
add action=drop chain=input comment="Drop all input traffic"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Internet src-address=\
    192.168.1.0-192.168.2.255
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
/ip route
add distance=1 gateway=Internet
Make adjustments to the default settings if absolutely necessary and let me know if this works.
Firewall rules are very basic. This blocks all outside traffic coming in and allows only traffic from the NotPublic list in and out.
I made a reset of the router and imported your settings and no luck, I must turn off 5g band to get Internet working.

I tried other things like removing wifi interface from bridge but the problem remains. It's like my router can't run VLANs and wifi at the same time >_<

I'm going to send a support request to Mikrotik because I think maybe it's a hardware problem.

Thank you very much for your help!

Who is online

Users browsing this forum: Bing [Bot], JohnTRIVOLTA and 16 guests