Hey Guys,
I've done VAP's before in other devices such as UniFi's and Fortinet's
I'm having a bit of an issue getting it to work on my RB,
Here's the setup
I'm using a RB2011-UAS-2Hn-LIN , have got the box working fine with everything else which is PPPoE client running to get internet ect,
I've got the main wlan1 working fine using standard DHCP and routes fine to internet
The issue I'm having is when I setup a Virtual AP, I set the master port as wlan1 as per instructions, made a different SSID and password (in this case basically adding a guest account) but it doesn't seem to route anywhere..
I have tried putting in a separate DHCP client using a different pool as I don't want any guests getting into my default LAN network
I have also even tried to add in a static DNS and static address to the interface wlan2 (virtual)
where might i be doing wrong??
Cheers
Kev
-
-
TheWiFiGuy
Member
- Posts: 351
- Joined:
- Location: UK
Re: Virtual AP (VAP) - help Setup
Have you set correct masquerade rules?
Can you paste your config, as its pretty hard to guess where your going wrong without seeing exactly what you have done.
Can you paste your config, as its pretty hard to guess where your going wrong without seeing exactly what you have done.
Re: Virtual AP (VAP) - help Setup
here we go, had to edit out a couple of addresses, as you can understand 
# feb/24/2013 20:34:23 by RouterOS 5.24
# software id = xxxx-xxxx
#
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
add name=bridge_link_to_EoIP
/interface wireless
set 0 antenna-gain=4 band=2ghz-b/g/n channel-width=20/40mhz-ht-above country=\
"united kingdom" disabled=no distance=indoors ht-rxchains=0,1 \
ht-txchains=0,1 l2mtu=2290 mode=ap-bridge ssid=Internal \
tx-power-mode=manual-table wireless-protocol=802.11
/interface ethernet
set 0 name=sfp1-gateway
set 1 name=ether1-gateway
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 comment="EoIP Tunnel / Testing"
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gateway name=\
pppoe-out1 password=abc123 use-peer-dns=yes user=mypppoelogin
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:20,2Mbps:20,5.5Mbps:20,11Mbps:20,6Mbps:20,9M\
bps:20,12Mbps:20,18Mbps:20,24Mbps:20,36Mbps:20,48Mbps:20,54Mbps:20,HT20-0:\
20,HT20-1:20,HT20-2:20,HT20-3:20,HT20-4:20,HT20-5:20,HT20-6:20,HT20-7:20,H\
T40-0:20,HT40-1:20,HT40-2:20,HT40-3:20,HT40-4:20,HT40-5:20,HT40-6:20,HT40-\
7:20"
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
passthrough mode=dynamic-keys supplicant-identity=MikroTik \
wpa-pre-shared-key=cantbreakthiscode wpa2-pre-shared-key=cantbreakthiscode
add authentication-types=wpa-psk,wpa2-psk eap-methods=passthrough \
management-protection=allowed mode=dynamic-keys name=Test-Wifi \
supplicant-identity="" wpa-pre-shared-key=12345678 wpa2-pre-shared-key=\
12345678
/interface wireless
add area="" arp=enabled bridge-mode=enabled default-ap-tx-limit=0 \
default-authentication=yes default-client-tx-limit=0 default-forwarding=\
yes disable-running-check=no disabled=no hide-ssid=no l2mtu=2290 \
mac-address=xx:xx:xx:xx:xx:xx master-interface=wlan1 max-station-count=\
2007 mtu=1500 multicast-helper=default name=wlan2 proprietary-extensions=\
post-2.9.25 security-profile=Test-Wifi ssid=Guest update-stats-interval=\
disabled wds-cost-range=0 wds-default-bridge=none wds-default-cost=0 \
wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.60-192.168.88.254
add name=Guest_Pool ranges=172.16.1.2-172.16.1.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge-local name=default
add address-pool=Guest_Pool disabled=no interface=wlan2 lease-time=1d name=\
Guest
/snmp community
set [ find default=yes ] name=client
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password=abc123 \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no time-zone=-00:00
/tool user-manager profile
add name=Test name-for-users="" override-shared-users=off owner=admin price=0 \
starts-at=logon validity=0s
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
bridge-local
add address=172.16.1.1/32 interface=wlan2 network=172.16.1.1
/ip dhcp-client
add comment="default configuration" disabled=no interface=sfp1-gateway
add comment="default configuration" disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=172.16.1.0/24 dns-server=172.16.1.1 gateway=172.16.1.1
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 name=router
add address=172.16.1.1 name=Guest
/ip firewall address-list
add address=xxx.xxx.xxx.xxx list=AllowedFullAccess
/ip firewall connection tracking
set tcp-syncookie=yes
/ip firewall filter
add chain=input comment="Allow access from all connections on Address Li\
st 'AllowedFullAccess'" in-interface=pppoe-out1 src-address-list=\
AllowedFullAccess
add chain=input comment=\
"Allow access from all connections on internal LAN" in-interface=\
bridge-local
add chain=input comment="Allow normal pings, but not Ping Of Death" \
in-interface=pppoe-out1 limit=1,5 protocol=icmp
add chain=input comment=\
"Allow already allowed and established connections" \
connection-state=established in-interface=pppoe-out1
add chain=input comment="Allow already allowed Related connections" \
connection-state=related in-interface=pppoe-out1
add action=log chain=input comment="Log everything being dropped" \
in-interface=pppoe-out1 log-prefix=Dropping:
add action=drop chain=input comment=\
"Drop everything else not allowed above" in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
yes out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=pppoe-out1 to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
172.16.1.0/24
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
/ip neighbor discovery
set sfp1-gateway disabled=yes
set ether1-gateway disabled=yes
set wlan1 disabled=yes
set pppoe-out1 disabled=no
set wlan2 disabled=yes
/ip service
set telnet disabled=yes
set ftp address=192.168.88.0/24
set www port=80
set ssh port=22
set api disabled=no
/ip upnp
set enabled=yes
/system identity
set name=2011-UAS
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set pppoe-out1 disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether10 disabled=yes display-time=5s
set eoip-tunnel1 disabled=yes display-time=5s
set ether9-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether6-master-local disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether1-gateway disabled=yes display-time=5s
set sfp1-gateway disabled=yes display-time=5s
set wlan2 disabled=yes display-time=5s
/system ntp client
set enabled=yes mode=unicast primary-ntp=pool.ntp.org
/tool graphing interface
add interface=pppoe-out1
add interface=wlan1
add interface=wlan2
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
Re: Virtual AP (VAP) - help Setup
Shouldn't this be at least a /24 network?
Code: Select all
/ip address
add address=172.16.1.1/32 interface=wlan2 network=172.16.1.1Re: Virtual AP (VAP) - help Setup
haha, nice spot, i did a typo instead of just putting in /24 i did something stupid and went on the network and put the same ip address in which made it a /32
tis all working now!
Thanks for noticing, needed 2nd pair eyes lol
Kev
edit: also i just disabled this code as its not required either as the main src-nat rule takes everything out anyway
tis all working now!
Thanks for noticing, needed 2nd pair eyes lol
Kev
edit: also i just disabled this code as its not required either as the main src-nat rule takes everything out anyway
Code: Select all
add action=masquerade chain=srcnat out-interface=pppoe-out1 src-address=\
172.16.1.0/24
Last edited by kevigizmo on Sun Feb 24, 2013 11:58 pm, edited 1 time in total.
Re: Virtual AP (VAP) - help Setup
Then, as you say, "Don't forget to give karma!" 
Who is online
Users browsing this forum: No registered users and 75 guests