I tried to make a free guest wifi for the people after a tornado, because I got now working DSL and mobile signal is bad most of the time. It doesn't work and i'm running out of ideas what could be wrong.
I have my SSID and guest SSID. I would like for my SSID to be bridged and guest SSID routed.
Here's the config :
Code: Select all
# jun/29/2021 23:15:37 by RouterOS 6.48.3
# software id = L91T-8RII
#
# model = RB952Ui-5ac2nD
# serial number = D3D50CD5D7FB
/interface bridge
add name=bridge1 protocol-mode=none
add mtu=1500 name=bridge2 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="czech republic" disabled=no frequency=2462 mode=ap-bridge ssid=HeslojeAhoj station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-n/ac country="czech republic" disabled=no frequency=5290 mode=ap-bridge ssid=HeslojeAhoj station-roaming=enabled wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
add name=profile supplicant-identity=MikroTik
/interface wireless
add disabled=no mac-address=4A:8F:5A:04:E9:B3 master-interface=wlan2 name=wlan3 security-profile=profile ssid=Verejne-wifi
add disabled=no mac-address=4A:8F:5A:04:E9:B4 master-interface=wlan1 name=wlan4 security-profile=profile ssid=Verejne-wifi
/ip pool
add name=dhcp_pool1 ranges=172.16.0.2-172.16.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/snmp community
add addresses=0.0.0.0/0 name=xpear1x
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge filter
add action=accept chain=forward in-interface=wlan3
add action=accept chain=forward out-interface=wlan3
add action=accept chain=forward in-interface=wlan4
add action=accept chain=forward out-interface=wlan4
/interface bridge port
add bridge=bridge2 interface=ether2
add bridge=bridge2 interface=ether3
add bridge=bridge2 interface=ether4
add bridge=bridge2 interface=ether5
add bridge=bridge2 interface=wlan2
add bridge=bridge2 interface=wlan1
add bridge=bridge1 interface=wlan3
add bridge=bridge1 interface=wlan4
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
add interface=bridge2 list=LAN
/ip address
add address=10.0.0.195/24 interface=bridge2 network=10.0.0.0
add address=172.16.0.1 interface=bridge1 network=172.16.0.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server network
add address=172.16.0.0/24 dns-server=9.9.9.9 gateway=172.16.0.1 netmask=24
/ip dns
set servers=10.0.0.138
/ip firewall filter
add action=accept chain=forward dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge2
/ip route
add distance=1 gateway=10.0.0.138
/snmp
set contact=tomas enabled=yes location=h22 trap-community=xpear1x
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=miniap3-5g-garaz
/system upgrade mirror
set primary-server=10.0.0.166
/tool sniffer
set filter-interface=bridge2 filter-ip-address=9.9.9.9/32
The client doesn't receive any pings back ( all end with timeout ). Packet sniffer running on the AP catches the following :
Code: Select all
[admin@miniap3-5g-garaz] > /tool sniffer packet print
# TIME INTERFACE SRC-ADDRESS DST-ADDRESS IP-PROTOCOL SIZE CPU FP
0 0.132 bridge2 10.0.0.195 9.9.9.9 icmp 64 0 no
1 0.158 bridge2 9.9.9.9 10.0.0.195 icmp 64 0 no
2 0.159 bridge2 9.9.9.9 172.16.0.254 icmp 64 0 no
3 1.161 bridge2 10.0.0.195 9.9.9.9 icmp 64 0 no
4 1.187 bridge2 9.9.9.9 10.0.0.195 icmp 64 0 no
5 1.187 bridge2 9.9.9.9 172.16.0.254 icmp 64 0 no
It's possible, that there are some unecessary things configured, because I tried to fiddle with different checkboxes (it actually works as a troubleshooting method on checkpoint firewalls, apparently not here... )