Community discussions

 
jerseyknoll
just joined
Topic Author
Posts: 13
Joined: Fri Aug 09, 2019 2:57 pm

Cap ac wireless Windows clients have no internet

Tue Aug 13, 2019 11:02 pm

I just setup a Mikrotik CAP AC ap on eht10 of my RB3011. I have it set to WISP AP mode. My cell phones and Amazon FireTV devices all connect fine but none of my wireless Widows clients can connect to the internet.
[admin@Mikrotik] > /export hide-sensitive
# aug/13/2019 15:00:11 by RouterOS 6.45.3
# software id = W44L-WQN2
#
# model = RouterBOARD 3011UiAS
# serial number = 8EEE0A0F8170
/interface bridge
add admin-mac=74:4D:28:30:C7:24 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
    service-name=centurylink user=CTL
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/caps-man manager
set enabled=yes
/caps-man manager interface
add disabled=no interface=ether10
/dude
set enabled=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip accounting
set enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.88.254 mac-address=00:18:61:07:E4:5B server=defconf
add address=192.168.88.250 client-id=1:0:2:c9:52:74:ba mac-address=\
    00:02:C9:52:74:BA server=defconf
add address=192.168.88.246 client-id=1:b8:27:eb:72:1b:c9 mac-address=\
    B8:27:EB:72:1B:C9 server=defconf
add address=192.168.88.245 client-id=1:0:2:c9:52:6d:6e mac-address=\
    00:02:C9:52:6D:6E server=defconf
add address=192.168.88.243 client-id=1:5c:41:5a:20:27:8f mac-address=\
    5C:41:5A:20:27:8F server=defconf
add address=192.168.88.242 client-id=1:cc:f7:35:ad:b6:35 mac-address=\
    CC:F7:35:AD:B6:35 server=defconf
add address=192.168.88.240 client-id=1:74:4d:28:c5:ad:eb mac-address=\
    74:4D:28:C5:AD:EB server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=192.168.88.246,192.168.88.2
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment=PLEX dst-port=32400 in-interface=\
    pppoe-out1 protocol=tcp
add action=accept chain=forward comment=PLEX dst-port=32400 in-interface=\
    pppoe-out1 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid log=yes log-prefix=FI_D_port-test
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=forward comment="Allow Port Forwarding - DSTNAT" \
    connection-nat-state=dstnat disabled=yes
/ip firewall nat
add action=dst-nat chain=dstnat comment=Letsencrypt dst-address=!192.168.88.1 \
    dst-address-type=local dst-port=80 protocol=tcp to-addresses=\
    192.168.88.245 to-ports=180
add action=dst-nat chain=dstnat comment=Letsencrypt dst-address=!192.168.88.1 \
    dst-address-type=local dst-port=443 protocol=tcp to-addresses=\
    192.168.88.245 to-ports=1443
add action=dst-nat chain=dstnat dst-port=32400 in-interface=pppoe-out1 \
    protocol=tcp to-addresses=192.168.88.245 to-ports=32400
add action=dst-nat chain=dstnat dst-port=32400 in-interface=pppoe-out1 \
    protocol=udp to-addresses=192.168.88.245 to-ports=32400
add action=masquerade chain=srcnat comment=LetsencrypLocal dst-address=\
    192.168.88.254 dst-port=180,1443 protocol=tcp
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip service
set www-ssl disabled=no
/system clock
set time-zone-name=America/Chicago
/system identity
set name=Mikrotik
/system logging
add prefix=MikroTik topics=dhcp
add prefix=MikroTik topics=!debug
add prefix=MikroTik topics=!debug
/system scheduler
add disabled=yes interval=5m name="Data to Splunk" on-event=\
    Data_to_Splunk_using_Syslog policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=aug/11/2019 start-time=16:01:38
/tool graphing interface
add allow-address=192.168.88.250/32
/tool graphing queue
add allow-address=192.168.88.250/32
/tool graphing resource
add allow-address=192.168.88.250/32
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@Mikrotik] > 

Who is online

Users browsing this forum: No registered users and 20 guests