Community discussions

MikroTik App
 
iPink01
just joined
Topic Author
Posts: 2
Joined: Wed Mar 04, 2020 3:59 pm

Configuring the wlan1 onto a different subnet

Wed Mar 04, 2020 4:12 pm

I have a Mikrotik hAP lite
MY MOM USES TOO MUCH BANDWIDTH
so i want to use the QOS and Queues to limit her.
i have to put the wlan1 onto a different bridge in order to queue it without affecting th elan ports.
so i create a bridge called WIFI and i assign Wlan1 to it.
i then create a network 192.168.10.0/24 and i assign the network to a dhcp server with a new pool.

i recieve internet from my LTE router being 192.168.8.1
the lan to my pc is 192.168.9.1

i dont know if the wifi networks gateway must be 192.168.10.0 or 192.168.9.1 or 192.168.8.1
I created a dstnat in interface wlan1 and in bridge WIFI

when connecting to the wifi from my phone it says internet may not be available

# mar/04/2020 16:10:58 by RouterOS 6.46.3
# software id = JBB1-7STW
#
# model = RB941-2nD
# serial number = 9D740BE762C9
/interface bridge
add name=WIFI
add admin-mac=C4:AD:34:18:40:59 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country="south africa" default-forwarding=no disabled=no distance=indoors \
frequency=auto installation=indoor mode=bridge ssid="It Hurts When IP" \
wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
UnicornRainbows wpa2-pre-shared-key=UnicornRainbows
/ip pool
add name=dhcp ranges=192.168.9.100-192.168.9.150
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=WIFI name=dhcp1
/interface bridge nat
add action=accept chain=dstnat in-bridge=WIFI in-interface=wlan1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=WIFI comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.9.1/24 comment=defconf interface=ether2 network=192.168.9.0
add address=192.168.8.2/24 interface=ether1 network=192.168.8.0
add address=192.168.10.0/24 interface=wlan1 network=192.168.10.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.9.0/24 comment=defconf gateway=192.168.9.1 netmask=24
add address=192.168.10.0/24 gateway=192.168.9.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=192.168.9.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.8.1
/system clock
set time-zone-name=Africa/Johannesburg
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

please assist
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 987
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Configuring the wlan1 onto a different subnet

Thu Mar 05, 2020 10:37 am

First, please put config exports into code blocks, makes it much easier to read.

For your problem, this should fix it:
## make sure your dhcp sends out dns servers and correct gateways. A Gateway must be in the same subnet to be reachable.
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1 dns-server=192.168.10.1

## change this
/ip address
add address=192.168.10.0/24 interface=wlan1 network=192.168.10.0

## to this:
/ip address
add address=192.168.10.1/24 interface=WIFI network=192.168.10.0
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
iPink01
just joined
Topic Author
Posts: 2
Joined: Wed Mar 04, 2020 3:59 pm

Re: Configuring the wlan1 onto a different subnet

Thu Mar 05, 2020 3:12 pm

Sorry i will put code into code blocks next time

also i did what you suggested and it still doesnt work :(
# mar/05/2020 15:18:57 by RouterOS 6.46.3
# software id = JBB1-7STW
#
# model = RB941-2nD
# serial number = 9D740BE762C9
/interface bridge
add name=WIFI
add admin-mac=C4:AD:34:18:40:59 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="south africa" default-forwarding=no disabled=no distance=indoors \
    frequency=auto installation=indoor mode=bridge ssid="It Hurts When IP" \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
    UnicornRainbows wpa2-pre-shared-key=UnicornRainbows
/ip pool
add name=dhcp ranges=192.168.9.100-192.168.9.150
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=WIFI name=dhcp1
/interface bridge nat
add action=accept chain=dstnat in-bridge=WIFI in-interface=wlan1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=WIFI comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.9.1/24 comment=defconf interface=ether2 network=192.168.9.0
add address=192.168.8.2/24 interface=ether1 network=192.168.8.0
add address=192.168.10.1/24 interface=WIFI network=192.168.10.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.9.0/24 comment=defconf gateway=192.168.9.1 netmask=24
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,192.168.10.1
/ip dns static
add address=192.168.9.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
    out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.8.1
/system clock
set time-zone-name=Africa/Johannesburg
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
IPAsupport
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Fri Sep 20, 2019 4:02 pm

Re: Configuring the wlan1 onto a different subnet

Tue Aug 25, 2020 5:26 am

Hey man,

192.168.10.0 can't be used, I won't extend myself on this but you can google some network subneting if you want to know more about it
So change it to
add address=192.168.10.1/24 interface=wlan1 network=192.168.10.0

Then the gateway for that network should be also that IP address 192.168.10.1
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com

Who is online

Users browsing this forum: joegoldman and 26 guests