Community discussions

 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

MAP2n as Travel Router Configuration Assistance

Wed Aug 07, 2019 9:53 pm

I'm currently trying to setup a MAP2n as a travel router so when I'm away from home I can connect to the hotel wireless on the WAN and still broadcast my own SSID on the 2.4 radio so that I can connect to that and then vpn. I've seen the document on doing this on a HAP ac lite w/ the dual radios but having an issue getting this to work on a single radio. Does anyone happen to have a working configuration that I can modify to fit what i need? I can get the HAP if needed but was hoping to avoid that since i already have a 2n? I have a 2nd 2n and a mAp lit as well if those would help.
Last edited by mumbles202 on Thu Aug 08, 2019 5:27 pm, edited 1 time in total.
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router

Thu Aug 08, 2019 1:16 am

Here's what i presently have configured if it helps:

/interface bridge
add admin-mac=6C:3B:6B:AA:BB:CC auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=mykey1232 \
wpa2-pre-shared-key=mykey1232
add authentication-types=wpa2-psk management-protection=allowed mode=\
dynamic-keys name=TravelNet supplicant-identity=MikroTik \
wpa2-pre-shared-key=59613mykey
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=Testing \
supplicant-identity="" wpa-pre-shared-key=59613mykey wpa2-pre-shared-key=\
59613mykey
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
mode=station-pseudobridge security-profile=Testing ssid=HotelWiFi
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:AA:BB:CD \
master-interface=wlan1 name=wlan2 security-profile=TravelNet ssid=\
MyWifi wds-cost-range=0-4294967295 wds-default-bridge=bridge \
wds-default-cost=0 wmm-support=enabled wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.20-192.168.88.200
add name=default-dhcp ranges=192.168.88.20-192.168.88.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge interface=ether1
add bridge=bridge interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.225/24 comment=defconf interface=ether2 network=\
192.168.88.0
add address=192.168.88.225/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
# DHCP client can not run on slave interface!
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
wlan1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.225 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.225 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface=wlan1
/system clock
set time-zone-name=America/New_York
/tool graphing interface
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
Exiver
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Jan 10, 2015 6:45 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 08, 2019 6:11 pm

There are a few things to mention here:

-> It doesnt matter if the router has two or one radio - but it looks like you have already configured a slave wifi interface (wlan2).
-> Set the mode for wlan1 to "station"
-> Set the mode for wlan2 to "ap-bridge" and delete entries "wds-default-bridge" and "wds-cost"
-> You have configured a dhcp-client on ether1 - please delete that
-> You have configured an ip address on ether2 - please delete that
(ether1 and ether2 are part of your bridge "bridge" - which has associated an ip already. Secondly a dhcp client and an ip address should never be configured on a slave interface, always on the master - in this case the bridge but this is not needed in your case)
-> You have two ip address pools. Please delete the pool named "default-dhcp"
-> Add dns-server=192.168.88.225 to your /ip dhcp-server network entry
-> Since "ether1" is not your WAN-interface, please delete it from the /interface list member
-> I didnt check your /ip firewall filter - lets expect them to work
-> Last step would be to enter hotels ssid in your /interface wireless configuration for wlan1 and the psk for wpa/wpa if needed under /interface wireless security -> profile "testing"


Next time pls post your configuration in [ code ] Blocks - its much more easy to read
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 08, 2019 7:45 pm

Thanks for taking the time to review and post back. A couple of questions (and they might not be possible):

1.) Is it possible to keep wlan 1 and ether1 as part of the same bridge so if either is available (depending on the hotel) either can be used as the WAN interface? Wired would be preferred but if only wireless is available I'll work w/ that.
2.) the same for wlan2 and ether 2, so that either can be used for my "LAN" side of the Tik?
 
Exiver
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Jan 10, 2015 6:45 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 08, 2019 7:55 pm

You could definitely do that. But there are a few things that need to be changed:

-> Add a second bridge called something like "external" and change the name of the existing bridge from "bridge" to something more intuitive like "internal"
-> Remove "ether1" from the first bridge and add "ether1" and "wlan1" to the bridge "external" (/interface bridge port)
-> Set your dhcp-client to run on the interface "external"
-> Set your NAT-Rule (/ip firewall nat) to out-interface-list=WAN (depends if you still have the two entries there, if you have deleted one already make sure there is no additional "out-interface" parameter since this could interfere with the "out-interface-list". You can remove it with "unset X out-interface")
-> Make sure bridge "internal" is on your "LAN" interface list and bridge "external" on WAN list (/interface list member)

One more thing to mention: If wlan1 AND ether1 are connected to the same or multiple networks this will cause problems since your dhcp-client is maybe able to see multiple dhcp-servers thus resulting in weird behavior.
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 08, 2019 8:03 pm

You could definitely do that. But there are a few things that need to be changed:

-> Add a second bridge called something like "external" and change the name of the existing bridge from "bridge" to something more intuitive like "internal"
-> Remove "ether1" from the first bridge and add "ether1" and "wlan1" to the bridge "external" (/interface bridge port)
-> Set your dhcp-client to run on the interface "external"
-> Set your NAT-Rule (/ip firewall nat) to out-interface-list=WAN (depends if you still have the two entries there, if you have deleted one already make sure there is no additional "out-interface" parameter since this could interfere with the "out-interface-list". You can remove it with "unset X out-interface")
-> Make sure bridge "internal" is on your "LAN" interface list and bridge "external" on WAN list (/interface list member)

One more thing to mention: If wlan1 AND ether1 are connected to the same or multiple networks this will cause problems since your dhcp-client is maybe able to see multiple dhcp-servers thus resulting in weird behavior.
Thanks. Yes, it makes much more sense like you said to rename the bridges so they're more logically named. And yes, would either be wired or wireless for the "external" bridge. Haven't seen a usable wired connection in some time but just in case.
 
Exiver
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Jan 10, 2015 6:45 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 08, 2019 8:07 pm

We do provide LAN based access in at least one hotel here in Germany (additional to wifi) ;o) But you are right this is not really common i guess. You can give it a try - even in your home network. Set the SSID on wlan1 to your private SSID at home, change the psk-passphrase and check whether it works when your computer or smartphone is connected to the maps ssid. You can even try plugging in the lan cable.

Its better to check it now than having trouble when on vacation and trying to make it work ;-)
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 08, 2019 9:09 pm

Agreed re testing. Had to wipe the configuration as I was able to lost access to the box when i was moving the changing the bridge port membership and couldn't get back using WinBox. So this is what i have now:
------------------------------

/interface bridge
add admin-mac=6C:3B:6B:AA:BB:CC auto-mac=no comment=defconf name=bridge
add name=external
add name=internal
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=OfficeTest \
supplicant-identity="" wpa-pre-shared-key=hotelkey123 wpa2-pre-shared-key=\
hotelkey123
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=MyInternal \
supplicant-identity="" wpa-pre-shared-key=MyWirelessKey wpa2-pre-shared-key=\
MyWirelessKey
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united states" \
disabled=no distance=indoors installation=indoor security-profile=\
OfficeTest ssid=HotelSSID wds-cost-range=0 wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:61:C8:68 \
master-interface=wlan1 multicast-buffering=disabled name=wlan2 \
security-profile=MyInternal ssid=MyWirelessSSID wds-cost-range=0 \
wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.20-192.168.88.200
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=internal name=defconf
/interface bridge port
add bridge=internal comment=defconf interface=ether2
add bridge=external interface=ether1
add bridge=external interface=wlan1
add bridge=internal interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=internal list=LAN
add comment=defconf interface=external list=WAN
/ip address
add address=192.168.88.225/24 comment=defconf interface=internal network=\
192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
external
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.225,1.1.1.1 \
gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system logging
add
add topics=wireless,debug
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

-------------------------------------------------------

I'm testing it against a wireless network that i know for sure works (my cell is 2 ft from the Tik and it connects using the same SSID and PSK w/o any issues). On the Tik if i enable wireless debugging and seeing this:
-----------------------------
wlan1: must select network

The network is then listed

wlan1: no network that satisfies connect-list, by default choose with strongest signal
wlan1: MAC-ADDRESS not acceptable for security profile: does not have matching group ciphers
wlan1: failed to select network

-----------------------------
The network is using WPA2 and AES for sure. I can test again at home but I've verified the settings w/ a laptop as well.

I see that wlan2 isn't being broadcast. Is that just being wlan1 isn't connected? If so, i'd have to walk w/ a laptop or use ether2 to uplink a 2nd unit to accomplish what i want correct?
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Fri Aug 09, 2019 4:55 am

So I stand corrected, tried this at home and it worked perfectly minus 1 mistake on the DHCP server section. Only issue I foresee now is wlan2 not being available unless the Map connects to wlan1 first. Not a problem if I know the SSID ahead of time but won't always be the case. More than likely will disable wlan2 and Daisy chain a Maplite off of it so I can connect to the management interface of the 2n and configure as needed.
 
nostromog
Member Candidate
Member Candidate
Posts: 161
Joined: Wed Jul 18, 2018 3:39 pm

Re: MAP2n as Travel Router Configuration Assistance

Fri Aug 09, 2019 10:37 am

Only issue I foresee now is wlan2 not being available unless the Map connects to wlan1 first. Not a problem if I know the SSID ahead of time but won't always be the case. More than likely will disable wlan2 and Daisy chain a Maplite off of it so I can connect to the management interface of the 2n and configure as needed.
I'm using a mAP Lite for this, and for our use case It is a pity that when the station mode code of Mikrotik does not keep doing background scans (of the kind it uses to look for better APs) when it looses connection, so that the AP slave interface would keep working while the station finds an AP. Not sure how difficult it would be, but it would be lovely to have it.

To handle it I use two tricks:
* If I'm in an area where I can afford it (wherever EU roaming-like-at-home is working) I will shortly turn my cellular (which is in the access list) sharing on while I configure the new place
* If not I can just connect a cabled ethernet to the mAP and use either sharing connection in my laptop and ssh to the address it gives me, or just ssh ping ff02::1%eth1 to find out the link local address and then do ssh admin@fe80::b869:f4ff:fe89:9efb%eth1 (or whatever the first DUP! address is)

It would still be much more convenient that the slave AP keeps working while the station is looking for an AP. I wonder if simply changing the code to use background scanning when disconnected would work without degradation of other features...
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Fri Aug 09, 2019 4:15 pm

Can you have multiple profiles to connect to on wlan1? If so your first idea works for me. The 2nd is great too when I travel for work, but don't always have a laptop otherwise.
 
nostromog
Member Candidate
Member Candidate
Posts: 161
Joined: Wed Jul 18, 2018 3:39 pm

Re: MAP2n as Travel Router Configuration Assistance

Sun Aug 11, 2019 11:07 am

Can you have multiple profiles to connect to on wlan1? If so your first idea works for me. The 2nd is great too when I travel for work, but don't always have a laptop otherwise.
yes, you write different security profiles and connect list entries. See the manual. I have set up one per wifi, in order of preference

Sent from my Redmi Note 5 using Tapatalk

 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 15, 2019 7:32 pm

So I added the following code:


/interface wireless security-profiles
add authentication-types=wpa2-psk management-protection=allowed mode=\
dynamic-keys name=lost_duckling supplicant-identity=MikroTik \
wpa2-pre-shared-key=MyTempPSK


:log info "script: Going into Lost Duckling mode"
/interface wireless set wlan1 mode=ap-bridge ssid="Lost Duckling" security-profile=lost_duckling

based on another thread i was reading and while it seemingly works to broadcast that SSID when i can't connect (I'll have to try it connecting to a known network later), but when i join i just get hung on trying to obtain an ip address when trying to connect from my phone. Do I need to setup a dhcp server on the interface (if so, is there a way to set it up so it only does dhcp when it's in this mode or will that happen by default)?
 
nostromog
Member Candidate
Member Candidate
Posts: 161
Joined: Wed Jul 18, 2018 3:39 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 15, 2019 10:12 pm

So I added the following code:


/interface wireless security-profiles
add authentication-types=wpa2-psk management-protection=allowed mode=\
dynamic-keys name=lost_duckling supplicant-identity=MikroTik \
wpa2-pre-shared-key=MyTempPSK


:log info "script: Going into Lost Duckling mode"
/interface wireless set wlan1 mode=ap-bridge ssid="Lost Duckling" security-profile=lost_duckling

based on another thread i was reading and while it seemingly works to broadcast that SSID when i can't connect (I'll have to try it connecting to a known network later), but when i join i just get hung on trying to obtain an ip address when trying to connect from my phone. Do I need to setup a dhcp server on the interface (if so, is there a way to set it up so it only does dhcp when it's in this mode or will that happen by default)?
You are supposed to add connect list entries so that the interface chooses the best one. Something like:
/interface wireless connect-list
add interface=sta1 security-profile=sec1 ssid=SSID1
add interface=sta1 security-profile=sec2 ssid=SSID2
And then your router will connect to these APs, depending on order...

An important gotcha with it is that this is completely independent of L3, (IP). As I often carry the router on my backpack, using a powerpack, it happens to me that I go from a wifi to another one while the dhcp lease from the previous one is still active. so the dhcp-client information will be completely wrong. I have an script to release the dhcp-client, but it is kind of complicated to have the right conditions under which to trigger it.
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Thu Aug 15, 2019 11:01 pm

Thanks, will look into it. I lost the working configuration I had previously setup so I'll try to get that working again, and once that is working add this into it.
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Fri Aug 16, 2019 4:57 pm

So played w/ this some and realized w/ the Lost_Duckling mode making it a AP instead of a bridge I can then connect to my normal wlan and get into the web-config. I should then be able to setup the hotel wireless as a new profile and change wlan1 back to a station save and try to connect correct?
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Tue Aug 20, 2019 6:53 pm

Curious how youd get around a sign in captive portal that you get redirected to automatically? Hotel wireless is open with a captive portal as soon as you connect so not sure how to get around that on the Tik?
 
nostromog
Member Candidate
Member Candidate
Posts: 161
Joined: Wed Jul 18, 2018 3:39 pm

Re: MAP2n as Travel Router Configuration Assistance

Tue Aug 20, 2019 8:18 pm

So played w/ this some and realized w/ the Lost_Duckling mode making it a AP instead of a bridge I can then connect to my normal wlan and get into the web-config. I should then be able to setup the hotel wireless as a new profile and change wlan1 back to a station save and try to connect correct?
Making it a AP is great! I had not tested it. I tested without adding a dhcp-server either, but even if you can't connect to it, it allows connection in the virtual AP to manage it. I love it.
Curious how youd get around a sign in captive portal that you get redirected to automatically? Hotel wireless is open with a captive portal as soon as you connect so not sure how to get around that on the Tik?
First, you need to give captive portals lower priority in the connect list, so that they don't hijack well known authenticated connections. I had lots of problems with it when I had buses passing nearby offering free wifi and my mAP was roaming from the wifi I was connected to them every so and so...
Second, I have managed to log into the portal using the laptop or cellular through the router, but it is sometimes tricky. I need to test it more. Sometimes the captive portals will require some dhcp options, sometimes APs can ban the router if it emits some strange traffic...

One of the problems if you open the mAP to roaming via connect-list is that you might get a dhcp-lease of 24 hours from a given wifi... and then you switch off, go to a different place and switch it on in the same day, and nothing works, plus the router is looking desperately for the wrong gateway, which can get you banned as some APs will have some blacklisting going on. I have a script that will check a series of conditions and release the lease, something like this:

Note that wan-bridge is a bridge with external interfaces: wireless in station mode, sta1, sometimes ether1 if plugged to upstream, might be pwrline-out1...)
# ensure that registration/dhcp lease are current...
{
   :if (([:len [/interface bridge host f where mac-address=[/ip arp get [find where address=[/ip dhcp-client get \
           [f where interface="wan-bridge"] gateway ]] mac-address ]]]=0) or \
       ([/interface bridge host get [f where mac-address=[/ip arp get [f address=[/ip dhcp-client get \
           [f where interface="wan-bridge"  ] gateway ]] mac-address ]] age ]>5s)) \
        do={
          /log info "releasing dhcp lease on network change"
          /ip dhcp-client release [find where interface="wan-bridge"]
          /ipv6 dhcp-client release [find where interface="wan-bridge"]
          }
  }
The idea is: if the gatweay mac address is not in the ARP table or it is there, but has more than 5 seconds of age -> release the dhcp leases (the router will take care of trying to get a new one). If is a way to get layer 2 knowledge (where 802.11 lives) up to a Layer 3 protocol (DHCP)... but can fail if both routers have, say 192.168.1.1 as gateway and it answers. It is acceptable but it needs more work. I have found no scriptable event that serves the purpose.
 
mumbles202
newbie
Topic Author
Posts: 29
Joined: Wed Jul 31, 2019 7:13 pm

Re: MAP2n as Travel Router Configuration Assistance

Wed Aug 21, 2019 12:59 am

So maybe I have an issue with my firewall rules. I have the wlan setup and see I'm getting an IP from the hotel but unable to get out. I connected with my phone, then use that Mac address to update the wlan Mac so I could bypass the portal but still no good. I have a masquerade rule in place for my WAN but maybe something else is the problem. Don't have my laptop with me so using webfig and while I can bring up the terminal I can't find a way to actually key anything in. Tried a couple of Android devices but none being up the keyboard in terminal. Tempted to default it and try this all from webfig.

Who is online

Users browsing this forum: No registered users and 20 guests