Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

hAP ac^2 won't pass IPs

Post Reply
 
User avatar
Paul9cf22ad1
newbie
Topic Author
Posts: 37
Joined: Sun Mar 12, 2017 11:40 pm
Location: Seattle, WA

hAP ac^2 won't pass IPs

Sun Apr 07, 2019 7:38 pm

I'm at my whits end, and have been going in circles now. I have an RB3011 that I have configured to be my DHCP server. I have two wireless routers an hAP and wAP. Problems started two weeks ago when I added the hAP I screwed something up and now neither wireless router functions. I've pulled the wAP for now and am concentrating on getting the hAP to work. No sense going through all of the things I've tried. The current configuration is
  • All are running RouterOS 6.44.1
  • I have reset both the RB and hAP (Via WinBox > System > Reset Configuration > with No Default Configuration set)
  • Minimal configuration from here:
    • Added new administration user name and deleted admin
    • Disabled a bunch of services (telnet,ftp,www,api,api-ss)
  • On the RB3011 in Quick Set:
    • Selected Router
    • Address Acquition set to Automatic (from the Cable Modem)
    • Local Network
      • IP Address =192.168.88.1
      • DHCP Server & NAT Selected
      • DHCP Server Range = 192.168.88.10-192.168.88.254
  • On the hAP in Quick Set, Home AP Dual mode:
    • Set both SSIDs
    • Country = united states3
    • Set WiFi Password
    • Internet Address Acquisition set to Automatic
    • Local Network IP Address set to 192.168.88.1, mask 255.255.255.0(/24)
    • DHCP Server, NAT and UPnP not selected.
I can see the wireless clients connect to the hAP, then the log says they received disassoc; sending station leaving (8)

Devices connected directly to the RB3011 do get IP addresses (3 desktops, 2 servers & the hAP). So it looks like the DHCP server is working. The hAP looks like it is in bridge mode but no IP are being passed.
RB3011
Code: Select all
# apr/07/2019 09:52:49 by RouterOS 6.44.1
# software id = QSEQ-N8CZ
#
# model = RouterBOARD 3011UiAS
# serial number = 71A0065DE59E
/interface bridge add name=bridge1
/interface list add name=WAN
/interface list add name=LAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=ether3
/interface bridge port add bridge=bridge1 interface=ether4
/interface bridge port add bridge=bridge1 interface=ether5
/interface bridge port add bridge=bridge1 interface=ether6
/interface bridge port add bridge=bridge1 interface=ether7
/interface bridge port add bridge=bridge1 interface=ether8
/interface bridge port add bridge=bridge1 interface=ether9
/interface bridge port add bridge=bridge1 interface=ether10
/interface bridge port add bridge=bridge1 interface=sfp1
/interface list member add interface=ether1 list=WAN
/interface list member add list=LAN
/interface list member add interface=bridge1 list=LAN
/ip address add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh port=2200
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/system clock set time-zone-name=America/Los_Angeles
/system identity set name="MikroTik RB3011"
/tool mac-server set allowed-interface-list=none
hAP
Code: Select all
# jan/02/1970 00:08:39 by RouterOS 6.44.1
# software id = EWNV-K0BF
#
# model = RBD52G-5HacD2HnD
# serial number = A97A092ACFA8
/interface bridge add name=bridge1
/interface wireless set [ find default-name=wlan1 ] country="united states3" disabled=no mode=ap-bridge ssid=Bree_IoT wireless-protocol=802.11
/interface wireless set [ find default-name=wlan2 ] country="united states3" disabled=no mode=ap-bridge ssid=MikroTik wireless-protocol=802.11
/interface list add name=WAN
/interface list add name=LAN
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=xxxxxxxx wpa2-pre-shared-key=xxxxxxxx
/interface bridge port add bridge=bridge1 interface=wlan2
/interface bridge port add bridge=bridge1 disabled=yes interface=ether1
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=ether3
/interface bridge port add bridge=bridge1 interface=ether4
/interface bridge port add bridge=bridge1 interface=ether5
/interface bridge port add bridge=bridge1 interface=wlan1
/interface list member add interface=ether2 list=LAN
/interface list member add interface=ether3 list=LAN
/interface list member add interface=ether4 list=LAN
/interface list member add interface=ether5 list=LAN
/interface list member add interface=wlan1 list=LAN
/interface list member add interface=ether1 list=WAN
/interface list member add interface=bridge1 list=LAN
/ip address add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh port=2200
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
Any help would be appreciated.
Top
 
sutrus
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Fri Jun 30, 2017 11:27 pm

Re: hAP ac^2 won't pass IPs

Sun Apr 07, 2019 9:19 pm

On the hAP changes the IP address. The IP address 192.168.88.1 uses RB3011.
Top
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: hAP ac^2 won't pass IPs

Mon Apr 08, 2019 1:04 am

On both the hAP and wAP, use WISP AP from quickset after reset from no-default. After you configure the wireless, select Mode=Bridge, Address Acquisition=Automatic, Bridge All LAN Ports=yes and hit apply. After a couple seconds hit Apply again and it should now have IP from your RB3011. You can now also use all ethernet ports.

I do hope you added at least the default firewall rules or equivalent, back on your RB3011.
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19363
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: hAP ac^2 won't pass IPs

Mon Apr 08, 2019 1:41 am

Follow 2 frogs advice and the point that stood out for me in your rb3011 config was this contradiction..........

/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port add bridge=bridge1 interface=ether2

/ip address add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
Top
 
User avatar
Paul9cf22ad1
newbie
Topic Author
Posts: 37
Joined: Sun Mar 12, 2017 11:40 pm
Location: Seattle, WA

Re: hAP ac^2 won't pass IPs

Mon Apr 08, 2019 5:48 am

On the hAP changes the IP address. The IP address 192.168.88.1 uses RB3011.
I don't think I understand what you are saying I should change.
Top
 
User avatar
Paul9cf22ad1
newbie
Topic Author
Posts: 37
Joined: Sun Mar 12, 2017 11:40 pm
Location: Seattle, WA

Re: hAP ac^2 won't pass IPs

Mon Apr 08, 2019 7:27 am

On both the hAP and wAP, use WISP AP from quickset after reset from no-default. After you configure the wireless, select Mode=Bridge, Address Acquisition=Automatic, Bridge All LAN Ports=yes and hit apply. After a couple seconds hit Apply again and it should now have IP from your RB3011. You can now also use all ethernet ports.
On the WISP AP mode of the Quick Set page:
  • Under Configuration, Bridge was already selected.
  • Under Bridge, Address Acquisition was set to Automatic
  • Under Bridge, I only see; Address Acquisition, Address Source, IP Address, Netmask & Gateway. Nothing about ports.
    • On the Bridge menu, ether1-5 are on bridge1, as is wlan1&2. Ether1 is the root port, wlan1 is designated port and the others are disabled.
Top
 
User avatar
Paul9cf22ad1
newbie
Topic Author
Posts: 37
Joined: Sun Mar 12, 2017 11:40 pm
Location: Seattle, WA

Re: hAP ac^2 won't pass IPs

Mon Apr 08, 2019 7:32 am

/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge port add bridge=bridge1 interface=ether2

/ip address add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
I'm a bit of a noob with RouterOS. What correction do you think I should make? Are you saying it should read:

/ip address add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
Top
 
User avatar
Paul9cf22ad1
newbie
Topic Author
Posts: 37
Joined: Sun Mar 12, 2017 11:40 pm
Location: Seattle, WA

Re: hAP ac^2 won't pass IPs

Mon Apr 08, 2019 7:46 am

I do hope you added at least the default firewall rules or equivalent, back on your RB3011.
After I knew that I wasn't getting an IP from the hAP I added the following;
Code: Select all
/tool mac-server set allowed-interface-list=none
/tool mac-server ping set enabled=no
/ip neighbor discovery-settings set discover-interface-list=LAN
/tool bandwidth-server set enabled=no
/ip dns set allow-remote-requests=no
/ip proxy set enabled=no
/ip socks set enabled=no
/ip upnp set enabled=no
/ip cloud set ddns-enabled=no update-time=no
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
Is that adequate?
Top
 
User avatar
Paul9cf22ad1
newbie
Topic Author
Posts: 37
Joined: Sun Mar 12, 2017 11:40 pm
Location: Seattle, WA

Re: hAP ac^2 won't pass IPs

Mon Apr 08, 2019 7:51 am

So here is the sad thing. The only changes I made since my Original Post was I added the firewall rules and other settings that I noted in the previous message. All of a sudden the various wireless devices are showing up on the DHCP Server Leases list. So which of these made things work? And why?
Code: Select all
/tool mac-server set allowed-interface-list=none
/tool mac-server ping set enabled=no
/ip neighbor discovery-settings set discover-interface-list=LAN
/tool bandwidth-server set enabled=no
/ip dns set allow-remote-requests=no
/ip proxy set enabled=no
/ip socks set enabled=no
/ip upnp set enabled=no
/ip cloud set ddns-enabled=no update-time=no
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
Top
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 26 guests
  4. RouterOS
  5. Wireless Networking