I bought a Router Board hAP AC and Groove to try and set up a WiFi repeater(?) on my sailboat. The idea is that when I'm in different marinas I could configure the Groove for that Marina, and provide a consistent connection for all my devices through the Router Board.

I am so confused.

It looks like the "quick set" feature for "Home AC Dual" is almost what I want, but it sets LAN port 1 as the WAN, and I need it to be LAN port 5 where I have the Groove using the PoE.

Any help (in very simple steps) would be greatly appreciated. Since I have tried to follow a couple of different guides with no good results, please start with how to reset

Before starting, make a backup. One can never have too many backups.
Save it on your desktop. Just to be safe.

1) Connect to the router through wifi or ports 2, 3 or 4. Keep the Groove off, for now.
2) Log in the router. Go to "bridge -> ports"
3) Click at the ether5 port. Change it, from ether5 to ether1. This will remove port 5 from your bridge, and add port 1 to it.
4) Go to "Interfaces -> interfaces list"
5) Change ether1, from "WAN" to "LAN" (I think is LAN, don't remember the default value). Change ether5, from "LAN" to "WAN". Remove ether5 from the "discover" list. You can add ether1 to this list, if You want.

Before the step #6 is prudent to enter "safe mode". When in this mode the router undo everything done, if we loose connection with it.

6) Go to "IP -> Firewall". Check "filter rules" and "NAT". We want to make sure that no rule uses the changed interfaces (ether1 and ether5). New versions usually use the interface list (we took care of that on the #5 step) on the rules. If it uses interfaces, change ether1 to ether5, and ether5 to ether1.

If everything went well, your router should be using ether5 as WAN port, and ether1 now is part of the bridge - and you can use it as another intranet port.

There is no need to use quick set every time.

If you manage to connect in marina then in different marrina go to Wireless menu and connect to different AP.

Define new Security profile for new network
change SSID and maybe other settings on the wireless interface, wireless tab

Ah, yes: cieplik206 is right. Don't use the quick set more than once. It should be used once (many people don't like it, and don't use at all, me included), and never again. It can mess up what is already done.

Groove should be ready to roll: it's default config is CPE Router, and that is exactly what You want. Just plug it in ether5, and it should work.

On thing should be changed, either at Groove or at hAP AC: both of them use 192.168.88.1 as internal network. It won't work this way.

I think it's easier to change the hAP, since we will be connected directly to it.
We need to choose a new network for it. How about 192.168.89.0/24?

1) Open Winbox (https://mikrotik.com/download), and connect to the hAP through MAC address. Yes, we need it to be through MAC, since we will be changing the IP of the unit.
2) Go to ip -> address. You can just change it from 192.168.88.1 to 192.168.89.1 (we just added 1 to the "88" part).
3) Now, go to "ip -> dhcp server -> networks". Open the existing one. Change everything there, from "192.168.88.x" to "192.168.89.x"
4) Go to "ip -> pool". Open the existing one. Change everything there, from "192.168.88.x" to "192.168.89.x"

Done!

Now, how does it work?
When you get to a new marina, you open the Groove (192.168.88.1), and
1) Go to "wireless -> security profiles" and create a new one to this marina. One good idea is to name the profile after the marina. This way is easy to identify.
2) Go to "wireless -> wifi interfaces" and open the existing one. Change the security profile to this new one.
3) Done! You should be connected now.

If you are returning to this marina, you can skip the step 1 above, and just change the security profile being used.

Thank you for the instructions, but I've tried (and tried, and tried!) and I'm just not quite getting there.

I can hook the hAP to the Groove and access the config in both. I can choose a wifi channel in the Groove.

I CANNOT actually access anything when I connect to the hAP. No DNS resolution, and no internet access.

(As a reminder, I'm trying to setup the Groove on the PoE [ether5] interface and use the hAP as an access point when I move from marina to marina)

My hAP config:
# jan/02/1970 00:34:05 by RouterOS 6.42.10
# software id = Z7QC-G55R
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A7A090BF681
/interface bridge
add admin-mac=B8:69:F4:35:6E:0B auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
"Emma Christine 2" wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=\
ap-bridge ssid="Emma Christine 5" wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=***** \
wpa2-pre-shared-key=******
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=sfp1 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
add interface=ether1 list=WAN
add interface=ether5 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
/ip dhcp-client
# DHCP client can not run on slave interface!
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN


Groove config:
# jun/06/2019 15:24:33 by RouterOS 6.44.3
# software id = 65JC-3BQC
#
# model = RouterBOARD Groove GA-52HPacn
# serial number = A3F20923A582
/interface bridge
add admin-mac=B8:69:F4:C0:4D:5D auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX disabled=no frequency=auto ssid=flooglea5
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=****** \
wpa2-pre-shared-key=*****
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
add bridge=bridge comment=defconf interface=wlan1
/interface list member
add interface=wlan1 list=WAN
add interface=bridge list=LAN
/ip address
add address=192.168.88.3/8 interface=ether1 network=192.0.0.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
bridge
# DHCP client can not run on slave interface!
add dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip ssh
set forwarding-enabled=remote
/system clock
set time-zone-name=America/New_York
/system identity
set name="MikroTik Groove"

I have a different take on how to configure your hardware from the posts above. I try to set up the system for the easiest operation by cruisers that move from place to place. This entails a double nat at minimum but a double nat is not a problem for most cruiser.

The configuration attached to this post is a default configuration from a Groove 52ac that has a level 3 license and is by default a CPE. You have a GrooveGA 52ac which is has a level 4 license and is by default an AP making the configuration more difficult for you.

The configuration has been modified from the original default by changing the IP's being used from 192.168.88.0/24 to 192.168.89.0/24 so that the Groove will work with your hAP default configuration. It also has the default wireless settings changed to the 2.4Ghz band rather than 5Ghz.

1. Using winbox drag and drop "config-89.rsc" into the flash folder in Files
2. Go to System->reset and check mark No Default Configuration and Do Not Backukp. Set Run After Reset to "flash/config-89.rsc" and then click "Reset Configuration".

Your Groove will be configured as a CPE with the LAN as a DHCP server. It will operate as a stand-alone when connected to a computer LAN port or with a router if plugged into the WAN port.

Start with your hAP ac set to its default configuration. If you use the POE that came with your Groove you can plug the Groove into Port 1 on the router and start using it.

To set your hAP so that port 5 can be used as a WAN port and provide POE-out to your Groove I like to remove port 5 from the bridge and create a new bridge called bridge-wan that contains both port 1 and port5. It is an easy modification to the hAP and works. You lose 1 port which isn't normally important to a cruiser.

To make port 5 a WAN port:
1. Go to Interfaces->Interface List and delete WAN
2. Go to Bridge and create a bridge called bridge-wan.
3. Go to Bridge->Ports and delete ether5 from bridge then add ether1 and ether5 to bridge-wan.
4. Go to Interfaces->Interface List and add WAN=bridge-wan
5. Go to IP->DHCP Client and change the ether1 entry to bridge-wan
6. Go to System->Reboot and re-boot the router.

In your browser or winbox you will enter 192.168.89.1 to get to the Groove. On the Quick Set page you can quickly choose an AP and connect. Check that you get an IP in the Wireless section in the upper right quarter of the Quick Set page this shows you are connected and communicating with the AP.

This is just a minimal setup. You should set the Frequency Mode to "Regulatory Domain", the country to the appropriate setting and the antenna gain to an appropriate setting based on how strong the received signal is. Don't leave the Antenna Gain at 0.

You should add a login password to the Groove and the router. The Groove can be set up to scan both 2 & 5 ghz signals by using the Channels tab in wireless.

hi pamela32

i want to thank you for your post, after a day of frustration - and many other threads on this website
that confused and misled,
yours was concise, helpful & WORKED!
I reconfigured groove per your direction ....89.1
i did have to do a factory reset HAP AC - and then a step by step of your directions.
(& by trial and error have learned a little along the way)

I now have access from the HAP AC (wired or wireless ports) to internet via groove CPE - all good.

I just have one question ...
after finally getting it working per above- the winbox application correctly sees the HAP AC as a neighbor ... but no ammount of refresh allows it to see the groove.
I can access the groove using a browser (wired or wireless) frm the HAP AC by inputting the ...89.1 IP address.
but the winbox (PC) app cant see it as neighbor and nor does winbox IOS app in discovery....

.. only minor I know - because I can use the browser to access the config...
but curious .. as there is obviously something im missing?

Well as far as I can follow the configuration the Groove and the PC are not neighbours. The Groove is on the WAN side op the hAP AC , and the PC is on the LAN side of the hAP AC? Two different networks. The WAN side is towards the internet. A LAN side device can reach a WAN side device by its IP address, not by broadcast discover.

Hi All,
This is my first post.
Over my head's question was right in line with what I was looking for.
I got my router/groove working on ether5 as well.
Pamela mentioned that you could have the groove autoscan both 2 and 5 gh networks.
"The Groove can be set up to scan both 2 & 5 ghz signals by using the Channels tab in wireless."

Can you shed a little more light on how this done?
I'd really appreciate it.
Thanks,
Sam