Community discussions

MikroTik App
 
rulllesss
just joined
Topic Author
Posts: 5
Joined: Sun Mar 15, 2020 7:45 pm

AC Lite under CapsMan control. No internet on LAN port

Sat Jan 09, 2021 7:36 pm

Hi all,
I have MikroTik RB952Ui-5ac2nD as router (CAPsMan) and Mikrotik wsAP AC Lite as access point (CAP).
Wifi works just fine, but LAN ports on AP AC Lite do not provide internet via ethernet cable.
They all are in bridge but this does not help...
Any ideas on how can I make this setup working... ?


============AP Lite config===========
# jun/14/1970 05:22:14 by RouterOS 6.47
# software id = WBDM-4RE6
#
# model = RBwsAP-5Hac2nD
# serial number = B8820B24B5BC
/interface bridge
add name=bridge1
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(18dBm), SSID: machina2, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac(14dBm), SSID: machina5, CAPsMAN forwarding
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/interface wireless cap
#
set discovery-interfaces=ether1 enabled=yes interfaces=wlan1,wlan2
/system identity
set name=AP2

===========ROUTER config=============
# jan/03/2021 17:14:00 by RouterOS 6.47
# software id = 3BYN-IVVH
#
# model = RB952Ui-5ac2nD
# serial number = BEB80B38016B
/caps-man channel
add band=2ghz-b/g/n frequency=2412 name=channel2 tx-power=20
add band=5ghz-a/n/ac frequency=5180 name=channel5 tx-power=20
/interface bridge
add admin-mac=C4:AD:34:59:80:54 auto-mac=no comment=defconf name=bridge
add name="bridge1- guest"
/interface ethernet
set [ find default-name=ether1 ] mac-address=E8:94:F6:B8:41:B9
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(20dBm), SSID: machina2, CAPsMAN forwarding
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-XX country=no_country_set distance=indoors frequency=auto \
frequency-mode=manual-txpower installation=indoor mode=ap-bridge ssid=\
machina2 wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac(17dBm), SSID: machina5, CAPsMAN forwarding
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
channel-width=20/40/80mhz-XXXX country=no_country_set distance=indoors \
frequency=auto frequency-mode=manual-txpower installation=indoor mode=\
ap-bridge ssid=machina5 wireless-protocol=802.11
/caps-man datapath
add bridge=bridge client-to-client-forwarding=yes name=datapath1
add bridge="bridge1- guest" name=datapath2-guest
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
name=security1
add name=security2-guest
/caps-man configuration
add channel=channel2 datapath=datapath1 mode=ap name=cfg2 rx-chains=0,1,2 \
security=security1 ssid=machina2 tx-chains=0,1,2
add channel=channel5 datapath=datapath1 mode=ap name=cfg5 security=security1 \
ssid=machina5
add channel=channel2 datapath=datapath2-guest mode=ap name=cfg2-guest \
rx-chains=0,1,2,3 security=security2-guest ssid=guest2 tx-chains=0,1,2,3
add channel=channel5 datapath=datapath2-guest mode=ap name=cfg5-guest \
rx-chains=0,1,2,3 security=security2-guest security.authentication-types=\
"" ssid=guest5 tx-chains=0,1,2,3
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface="bridge1- guest" name=dhcp1
/queue type
add kind=pcq name=queue1-guest-download pcq-classifier=dst-address \
pcq-dst-address6-mask=64 pcq-rate=5M pcq-src-address6-mask=64
add kind=pcq name=queue2-guest-upload pcq-classifier=src-address \
pcq-dst-address6-mask=64 pcq-rate=5M pcq-src-address6-mask=64
/queue simple
add max-limit=5M/5M name=queue1-guest queue=\
queue2-guest-upload/queue1-guest-download target=192.168.10.0/24
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
cfg2 slave-configurations=cfg2-guest
add action=create-dynamic-enabled master-configuration=cfg5 \
slave-configurations=cfg5-guest
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless cap
#
set discovery-interfaces=bridge enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
add address=192.168.10.1/24 interface="bridge1- guest" network=192.168.10.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=UnblockCapsman dst-address-type=local \
src-address-type=local
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked dst-address-type=local dst-limit=\
1,5,dst-address/1m40s src-address-type=local
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input dst-address-type=local src-address-type=local
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related src-address=192.168.88.0/24
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip route rule
add action=drop dst-address=192.168.10.0/24 src-address=192.168.88.0/24
add action=drop dst-address=192.168.88.0/24 src-address=192.168.10.0/24
/system clock
set time-zone-name=Europe/Kiev
/system identity
set name=ROUTER
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
rulllesss
just joined
Topic Author
Posts: 5
Joined: Sun Mar 15, 2020 7:45 pm

Re: AC Lite under CapsMan control. No internet on LAN port

Sun Jan 17, 2021 8:21 am

Anyone, any ideas ?

Who is online

Users browsing this forum: gorajski, tdw and 54 guests