Community discussions

 
GmbH
just joined
Topic Author
Posts: 6
Joined: Tue Mar 13, 2018 7:05 pm

Problems accessing wAP G-5HacT2HnD

Mon Jan 07, 2019 11:27 pm

Hello,

I have configured wAP G-5HacT2HnD as a simple dual AP (via QuickSet, Home AP Dual) and I'm having problems accessing admin interface. The AP has IP 192.168.1.50 from LAN side, 192.168.2.1 from WiFi - when connecting via WiFi both addresses are working, from LAN side I can only ping 192.168.1.50 but cannot access it.

Is there something obvious what should I change / check?

I would also like to know what is the difference between router and bridge configuration in QuickSet WISP AP? In latter, the only way to access AP is via Winbox and MAC address.

Thank you,
Best Regards,
 
mkx
Forum Guru
Forum Guru
Posts: 1260
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems accessing wAP G-5HacT2HnD

Tue Jan 08, 2019 11:23 am

From wAP's point of (default) router config, the wired connection is not LAN but rather WAN. And by default management connections from WAN are prohibited.

If you want to make wireless to be a full part of your (wired) LAN, then you should reconfigure your wAP ac unit to (non-WISP) bridge mode ... so it will become a simple AP. I don't think there's a Quckset option for that, the easiest way might be to reset with no config, connect with winbox via MAC and create minimum config:
  • create bridge, add wireless and ether1 to it
  • set IP address to bridge (either statically or start DHCP client on it)
  • setup both wireless interfaces (set country, SSID, PSK, ...)
BR,
Metod
 
GmbH
just joined
Topic Author
Posts: 6
Joined: Tue Mar 13, 2018 7:05 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 1:36 am

I've created minimum config, bridge receives proper IP, WLAN is working, but again I cannot access the admin interface (works only via Winbox/MAC) - it is the same situation as in QuickSetup with WISP & bridge configuration.

So how can I bring up admin interface on bridge / ethernet?

Thank you,
Best Regards,
 
mistry7
Forum Guru
Forum Guru
Posts: 1090
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 8:58 am

I've created minimum config, bridge receives proper IP, WLAN is working, but again I cannot access the admin interface (works only via Winbox/MAC) - it is the same situation as in QuickSetup with WISP & bridge configuration.

So how can I bring up admin interface on bridge / ethernet?

Thank you,
Best Regards,
Dies it have an IP from your LAN side?
 
mkx
Forum Guru
Forum Guru
Posts: 1260
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 9:19 am

So how can I bring up admin interface on bridge / ethernet?

Post full configuration (output of /export hide-sensitive) and enclose it in [ code] ... [ /code] environment for better readability.
BR,
Metod
 
GmbH
just joined
Topic Author
Posts: 6
Joined: Tue Mar 13, 2018 7:05 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 1:52 pm

Here is my configuration:
# jan/02/1970 13:07:50 by RouterOS 6.43.8
# software id = *
#
# model = RouterBOARD wAP G-5HacT2HnD
# serial number = *
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] loop-protect=on name=ether
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=poland default-authentication=no default-forwarding=no disabled=no \
    distance=indoors frequency=auto frequency-mode=regulatory-domain mode=\
    ap-bridge name=wlan-2GHz ssid=* wireless-protocol=802.11 wps-mode=\
    disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee \
    default-authentication=no default-forwarding=no disabled=no distance=\
    indoors frequency=auto mode=ap-bridge name=wlan-5GHz ssid=* \
    wireless-protocol=802.11 wps-mode=disabled
/interface list
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge interface=ether
add bridge=bridge interface=wlan-2GHz
add bridge=bridge interface=wlan-5GHz
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=\
    all wan-interface-list=all
/interface list member
add interface=bridge list=LAN
add interface=ether list=LAN
/interface wireless access-list
add interface=all mac-address=*
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no inte
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Warsaw
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Bridge interface gets from DHCP a correct IP 192.168.1.50, and I would like to have an access to admin interface via that IP - from LAN & WLAN. Any other obvious misconfiguration? Is that a "proper" configuration for a simple AP in home environment?
 
mkx
Forum Guru
Forum Guru
Posts: 1260
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 2:09 pm

As this is not internet router, you should disable /interface detect-internet, it sometimes causes weird misbehaviour. I'm not sure that /interface wireless access-list needs anything in it, seems you're not doing any ACL stuff.

Other than that setup looks fine for a simple AP.
BR,
Metod
 
GmbH
just joined
Topic Author
Posts: 6
Joined: Tue Mar 13, 2018 7:05 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 2:48 pm

I've disabled /interface detect-internet - nothing changed.

On /interface wireless access-list I have several MAC addresses which are allowed to connect to WLAN - both WLAN interfaces have default-authentication=no default-forwarding=no, so I assume that any MAC which is not on the list won't connect to WLAN even with a valid password.
 
mkx
Forum Guru
Forum Guru
Posts: 1260
Joined: Thu Mar 03, 2016 10:23 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 3:23 pm

On /interface wireless access-list I have several MAC addresses which are allowed to connect to WLAN ...
... which weren't in your posted config. Which makes me wonder if there's something else which might interfere with access to wAP from LAN.

I'm sure you did restart wAP plenty of times ... sometimes there are some intermittent connectivity woes which go away after a restart.
BR,
Metod
 
Exiver
just joined
Posts: 7
Joined: Sat Jan 10, 2015 6:45 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 3:42 pm

There is a problem with your configuration.

You added the wifi and the lan port to your bridge "bridge"
/interface bridge
add name=bridge
[...]
/interface bridge port
add bridge=bridge interface=ether
add bridge=bridge interface=wlan-2GHz
add bridge=bridge interface=wlan-5GHz
[...]
Everything correct until here. Next we cant see on which interface your DHCP client is listening (seems like the line is cut in your pasted config):
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no inte
Should be the bridge since dhcp shouldnt be able to run on a slave interface.

Next thing ( i think these settings are creating the non reachability from LAN):
/interface list member
add interface=bridge list=LAN
add interface=ether list=LAN
[...]
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Please make sure you either use all of the slave interfaces in your interface list "LAN" (for example: ether1, wlan1, wlan2) or chose only the bridge, since all of the devices are already members of that bridge..
 
GmbH
just joined
Topic Author
Posts: 6
Joined: Tue Mar 13, 2018 7:05 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 4:57 pm

/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no inte
Should be the bridge since dhcp shouldnt be able to run on a slave interface.

Yes, the cut out part had a bridge interface, and bridge interface gets the correct IP address

Next thing ( i think these settings are creating the non reachability from LAN):
/interface list member
add interface=bridge list=LAN
add interface=ether list=LAN
[...]
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

I've corrected this - on interface list LAN there is only a bridge and I've removed mac-server settings. Here is a current configuration:

# jan/02/1970 17:14:23 by RouterOS 6.43.8
# software id = *
#
# model = RouterBOARD wAP G-5HacT2HnD
# serial number = *
/interface bridge
add name=bridge
/interface ethernet
set [ find default-name=ether1 ] loop-protect=on name=ether
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=poland \
    default-authentication=no default-forwarding=no disabled=no distance=indoors frequency=\
    auto frequency-mode=regulatory-domain mode=ap-bridge name=wlan-2GHz ssid=* \
    wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee \
    default-authentication=no default-forwarding=no disabled=no distance=indoors frequency=\
    auto mode=ap-bridge name=wlan-5GHz ssid=* wireless-protocol=802.11 wps-mode=\
    disabled
/interface list
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge interface=ether
add bridge=bridge interface=wlan-2GHz
add bridge=bridge interface=wlan-5GHz
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=bridge list=LAN
/interface wireless access-list
add interface=all mac-address=*
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Warsaw

Although no changes in accessing admin interface.
 
Exiver
just joined
Posts: 7
Joined: Sat Jan 10, 2015 6:45 pm

Re: Problems accessing wAP G-5HacT2HnD

Thu Jan 10, 2019 6:25 pm

Okay thats weird but maybe export hide-sensitive doesnt print everything interesting.

Can you please provide the output for

/ip service export
and
/ip firewall export

Please make sure you hide anything containing personal stuff like serial number of the router and so on.
 
GmbH
just joined
Topic Author
Posts: 6
Joined: Tue Mar 13, 2018 7:05 pm

Re: Problems accessing wAP G-5HacT2HnD

Fri Jan 11, 2019 12:30 am

Here are requested settings:

/ip service export
# jan/03/1970 00:33:08 by RouterOS 6.43.8
# software id = *
#
# model = RouterBOARD wAP G-5HacT2HnD
# serial number = *
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes

/ip firewall export
# jan/03/1970 00:33:27 by RouterOS 6.43.8
# software id = *
#
# model = RouterBOARD wAP G-5HacT2HnD
# serial number = *

It seems that it started to work - after several reboots I've noticed that AP is not getting assigned IP - the MAC address has changed. So I've searched a bit, and now I've assigned a static admin-mac to bridge interface. After couple of reboots I can access admin interface via assigned IP without problems.

Case closed - thank you!
Best Regards,
 
Goozling
just joined
Posts: 1
Joined: Thu Jan 10, 2019 2:14 pm

Re: Problems accessing wAP G-5HacT2HnD

Sat Jan 12, 2019 9:10 am

I just bought an "Mikrotik wAP ac"[0] to figure out how well the hardware is. The data sheet and the price look promising. I would love to have OpenWrt/LEDE support for this access point but have not yet ported any device to OpenWrt/LEDE. So I might need some help. Also I heard that sysupgrade is broken for ar71xx-mikrotik.

My final plan is to use this device in my local Freifunk community for places where we need a outdoor access point.

I'll provide pictures and more documentation when I have the device in my hands (planned for in 16h).

Who is online

Users browsing this forum: arnoldmikro and 25 guests