Community discussions

MikroTik App
 
User avatar
lolost
just joined
Topic Author
Posts: 1
Joined: Mon Jun 21, 2021 11:18 am
Location: Bellota Coast

hAP ac2 with Airport Express wireless bridge. DHCP not working

Mon Jun 21, 2021 12:21 pm

Hi. I recently joined Mikrotik family for my home network. I'm struggling with this problem, lets see if any of you can figure out whats the issue.

I have this setup. Airport Express accesses to wlan1 from Mikrotik hAP AC2 and creates a wireless bridge. Airport Express is configured to "join" the network, not to WDS or create new network. Wired to Airport Express there is CLIENT (sat tv decoder) using this bridge to join local network.
IMG_0926.jpg
The problem is CLIENT can't get DHCP lease. Log shows:
Captura de pantalla 2021-06-21 a las 10.27.41.png

It used to work with my old Asus AC56U router without any tweak. Tried other client device and the issue persists, something is wrong with DHCP over the wireless bridge. Client works with static ip and is reachable with ping. The problem is DHCP lease fails and some point.

My firewall config:
/ip firewall address-list
add address=192.168.1.0/24 list=lan_horizon
add address=192.168.0.0/16 list=man_horizon
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid log-prefix=invalid
add action=accept chain=input comment=\
    "basicconf: accept router access from LAN" src-address-list=man_horizon
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid log=yes log-prefix=invalid
add action=drop chain=forward comment=\
    "basicconf: drop tries to reach not public addresses from LAN" \
    dst-address-list=not_in_internet in-interface=localbridge log=yes \
    log-prefix=!public_from_LAN out-interface=!localbridge
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=jump chain=forward comment="basicconf: jump to ICMP filters" \
    jump-target=icmp protocol=icmp
add action=drop chain=forward comment=\
    "basicconf: drop incoming from internet which is not public IP" \
    in-interface-list=WAN log=yes log-prefix=!public src-address-list=\
    not_in_internet
add action=drop chain=forward comment=\
    "basicconf: drop packets from LAN that do not have LAN IP" in-interface=\
    localbridge log=yes log-prefix=LAN_!LAN src-address-list=!man_horizon
add action=accept chain=icmp comment="basicconf: echo reply" icmp-options=0:0 \
    protocol=icmp
add action=accept chain=icmp comment="basicconf: net unreachable" \
    icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="basicconf: host unreachable" \
    icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment=\
    "basicconf: host unreachable fragmentation required" icmp-options=3:4 \
    protocol=icmp
add action=accept chain=icmp comment="basicconf: allow echo request" \
    icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="basicconf: allow time exceed" \
    icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="basicconf: allow parameter bad" \
    icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="basicconf: deny all other types"
/ip firewall nat
add action=accept chain=srcnat comment=\
    "defconf: accept all that matches IPSec policy" disabled=yes \
    ipsec-policy=out,ipsec
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN

My DHCP config:
/ip pool
add name=lan_pool0 ranges=192.168.1.101-192.168.1.254
/ip dhcp-server
add address-pool=lan_pool0 disabled=no interface=localbridge name=lan_dhcp0

Any help? Thanks in advance.
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], mkx and 74 guests