hAP ac lite as travel router - configuration assistance

mumbles202 · Mon Sep 30, 2019 4:45 pm

I'm trying to follow some posts I found online about making the hAP ac lite a travel router. I've set it up following the config examples, but not able to connect to the wireless as a client (I can connect to the SSID that is being broadcast by the hAP w/o any issues). Can anyone possibly review and see what I've done wrong:

# jan/02/1970 00:29:57 by RouterOS 6.45.6
# software id = XP7Q-7UJG
#
# model = RB952Ui-5ac2nD
# serial number = AAAAAAAAAAAA

/interface bridge
add comment=defconf name=bridge

/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-master

/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=\
    ap-bridge name=wlan2-5G-LAN ssid=Ephesus2 wireless-protocol=802.11 \
    wps-mode=disabled

/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=\
    MyWirelessPasswordGoesHere
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip,aes-ccm \
    mode=dynamic-keys name=wlan-WAN supplicant-identity="" unicast-ciphers=\
    tkip,aes-ccm wpa2-pre-shared-key=596rf3234f
add name=none supplicant-identity=MikroTik

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no distance=indoors \
    frequency=2462 mode=station-pseudobridge name=wlan1-2G-WAN \
    security-profile=wlan-WAN ssid=upstreamSSID wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=AA:AA:AA:AA:AA:AA \
    master-interface=wlan1-2G-WAN multicast-buffering=disabled name=\
    wlan3-2G-LAN ssid=My24GHzNetwork wds-cost-range=0 wds-default-cost=0 \
    wps-mode=disabled

/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot

/ip pool
add name=default-dhcp ranges=172.19.26.10-172.19.26.254
add name=dhcp ranges=172.19.26.3-172.19.26.254

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
# DHCP server can not run on slave interface!
add address-pool=dhcp disabled=no interface=ether2-master name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan2-5G-LAN
add bridge=bridge interface=wlan3-2G-LAN
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5

/interface list member
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=wlan2-5G-LAN list=discover
add interface=bridge list=discover
add interface=wlan3-2G-LAN list=discover
add interface=bridge list=mactel
add interface=ether2-master list=mactel
add interface=ether3 list=mactel
add interface=bridge list=mac-winbox
add interface=ether4 list=mactel
add interface=ether2-master list=mac-winbox
add interface=ether5 list=mactel
add interface=ether3 list=mac-winbox
add interface=wlan2-5G-LAN list=mactel
add interface=ether4 list=mac-winbox
add interface=wlan3-2G-LAN list=mactel
add interface=ether5 list=mac-winbox
add interface=wlan2-5G-LAN list=mac-winbox
add interface=wlan3-2G-LAN list=mac-winbox

/ip address
add address=172.19.26.1/24 comment=defconf interface=bridge network=\
    172.19.26.0
add address=172.19.26.1/24 interface=ether2-master network=172.19.26.0

/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    wlan1-2G-WAN
add dhcp-options=hostname,clientid disabled=no interface=ether1-WAN

/ip dhcp-server network
add address=172.19.26.0/24 comment=defconf gateway=172.19.26.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=172.19.26.1 name=router

/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
# in/out-interface matcher not possible when interface (wlan3-2G-LAN) is slave - use master instead (bridge)
add action=accept chain=input dst-port=68 in-interface=wlan3-2G-LAN protocol=\
    udp
add action=drop chain=input comment="defconf: drop all from WAN" \
    in-interface=ether1-WAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1-WAN
add chain=input protocol=icmp
add chain=input connection-state=established
add chain=input connection-state=related
add action=drop chain=input in-interface=ether1-WAN
add action=drop chain=input in-interface=wlan1-2G-WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=ether1-WAN
add action=masquerade chain=srcnat out-interface=ether1-WAN
add action=masquerade chain=srcnat out-interface=wlan1-2G-WAN

/ip upnp
set enabled=yes

/ip upnp interfaces
add interface=wlan1-2G-WAN type=external

mumbles202 · Wed Oct 02, 2019 12:05 am

Has anyone successfully done this? Do i need to downgrade to an earlier version, say 6.3.7.5? I was able to get a mAP2n to connect and then could use the wired port as a LAN input to a mAP lite but can't access the 2n via WebFig when doing it like this.

mumbles202 · Wed Oct 02, 2019 11:20 pm

So looking it over and troubleshooting it a bit, it looks to possibly be connecting, but not getting an ip address on the wlan1-2G-WAN interface. In Winbox I'm showing the interface as searching for a dhcp address under dhcp client. Are there any debugs i can take to see what might be happening?

Amm0 · Thu Oct 03, 2019 4:39 am

I'd bet if you look a the security profiles (/interface wireless security-profiles) is where your issue is, specifically I'd make sure you enable both AES and TKIM, as both the Group and Unicast Ciphers. If the password and authentication protocols don't match the SSID, it won't connect, even if you use the "Scan" option to "Connect" in winbox since that depends on the authentication being correct.

You may want to try the "bugfix" or "longterm" (/system package update set channel=long-term then /system package update install) version instead, just to see if that's the issue, and upgrade/downgrade the firmware (/system routerboard upgrade + reboot) to match the version.

mumbles202 · Thu Oct 03, 2019 6:30 am

Thanks. I'll take a look again in the morning. I thought I copied it from a working mAP config but I'll be sure to double check.

mumbles202 · Thu Oct 03, 2019 4:54 pm

So I discovered that if I simply change the mode on the 2.4 radio to station rather than station pseudo it connects right away with no other changes made. Does that just mean I can't have the app have a 2.4 client facing SSID as well as the 5 GHz?

Amm0 · Thu Oct 03, 2019 5:11 pm

Yeah, if you're using 2.4Ghz as a "station", your device can't use it to connect to the Mikrotik.

The "station bridge" and "pseudo-bridge" are more useful if you want to put the 2.4Ghz interface into a bridge port on the LAN side, then the "remote" Wi-Fi does all the DHCP – but you have do stuff with arp like set proxy-arp in some case... So think your "station" and NAT approach is more likely to work if you changing the Wi-Fi you using as a WAN, and the Mikrotik router maintains control of your network regardless of what internet source you use.

If 5Ghz isn't working to connect from a device/phone, just make sure it's set to "ap bridge" and put as a bridge port is RouterOS (and add 5Ghz interface as a LAN type to Interface > Interface Lists if you're using them). Since using 2.4Ghz as a WAN source, and NAT'ing it, I think "station" is actually what you want.

mumbles202 · Thu Oct 03, 2019 6:34 pm

Using the 2.4 as a station and the 5 GHz as a ap-bridge I'm able to connect without any issues from a wireless client and have internet with the Til connecting on the 2.4 radio. I'm ok with this as all my end devices should support 5 GHz, just trying to work through it. Now that I think about it, had the same problem using the mAP2n which is why I ended up using it to feed my mAP lite.

Amm0 · Thu Oct 03, 2019 6:47 pm

Don't know how much you want to know but this video had a pretty good overview of how to tune the Wi-Fi:
https://www.youtube.com/watch?v=JRbAqie1_AM

One thing I took awhile from that was to always set the "antenna-gain" to match the device's gain. For, the hAP ac lite, it's antenna-gain=2. Also, it was suggested to set:
frequency-mode=regulatory-domain, wireless-protocol=802.11, wmm-support=enabled, wps-mode=disabled, and set your country code.

And, since the 2,4Ghz Wi-Fi uplink is going to max out at ~50Mb/s, you can use a 20Mhz channel width on you 5Ghz since all you need and you'd have a greater chance of lower interference.

mumbles202 · Fri Oct 04, 2019 8:32 am

Thanks for the link. I'll check it out and see what applies for this case.

badwolf4561 · Fri Oct 04, 2019 8:42 pm

I've setup my hap ac lite as a travel router using the method here:

https://www.justinho.com/blog/2017/07/1 ... -lite.html

Works very very well. Really impressed with the outcome.

mumbles202 · Fri Oct 04, 2019 10:05 pm

I've setup my hap ac lite as a travel router using the method here:

https://www.justinho.com/blog/2017/07/1 ... -lite.html

Works very very well. Really impressed with the outcome.

Thanks. That's actually where I started. I'm not able to get it working as a pseudo-station though, only when I set the 2.4 to station. When it's a pseudo I never get an IP for the Wlan. As soon as I switch to station it works fine.

mumbles202 · Fri Oct 04, 2019 10:37 pm

So strangely I see that it does work even when I have the hAP in station mode. I'm connected fine over both 2.4 and 5 GHz.

mumbles202 · Sun Oct 06, 2019 10:58 pm

So strangely I see that it does work even when I have the hAP in station mode. I'm connected fine over both 2.4 and 5 GHz.

So I thought out worked on 2.4 as well but after a reboot the 2.4 ssid is no longer broadcasting.

hAP ac lite as travel router - configuration assistance

hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Re: hAP ac lite as travel router - configuration assistance

Who is online