Page 1 of 1

RB951G-2HnD as AP with 2 VLANs

Posted: Tue Oct 07, 2014 4:41 am
by davidreaton
We recently upgraded the network in our church with a CCR-1016-12G cloud core router and a RB951G-2HnD used as an access point. I configured 2 VLANs (SSIDs=Prayer and KBCfreewifi) in addition to the primary network (SSID = KBC). These are trunked together to the CCR. There are separate IP pools set up for the VLANs, and a hotspot splash page for the public wifi.

Everything works as intended, for a few minutes. Initially, the wireless clients get the proper IP addresses from the correct pool, and the public wifi users see the splash page before they get on the internet. After about 5 minutes, the connection stops. The clients are still connected to the AP, but there's no internet access. Nothing can be pinged, internal network or external. Walk away and come back 30 minutes later, you can connect again, but with the same behavior. I logged wireless events and you can see that the AP lowers the connection speed until it just gives up and disconnects due to 'excessive data loss'.

Any help will be much appreciated! The 951 config is listed below.



# oct/06/2014 13:18:26 by RouterOS 6.4
# software id = X3Z0-1NV6
/interface bridge
add l2mtu=1594 name=Prayer
add l2mtu=1594 name=Public
add admin-mac=D4:CA:6D:CC:7F:C1 auto-mac=no l2mtu=1598 name=bridge-local \
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
/interface vlan
add interface=ether1-gateway l2mtu=1594 name=vlanPrayer vlan-id=10
add interface=ether1-gateway l2mtu=1594 name=vlanPublic vlan-id=20
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa-pre-shared-key=\
xxxxxxxxxxxxxxyyyyyyyyyyyyzz wpa2-pre-shared-key=\
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-key-update=1h \
management-protection=allowed mode=dynamic-keys name=KBC \
supplicant-identity="" wpa-pre-shared-key=xxxxxxxxxxxxxxy \
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h \
management-protection=allowed mode=dynamic-keys name=Prayer \
supplicant-identity="" wpa2-pre-shared-key=xxxxxxxxxxxxxxyyyyyyyyyyyyzz
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed name=Public supplicant-identity=""
/interface wireless
set 0 band=2ghz-b/g/n country="united states" disabled=no distance=indoors \
ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=ap-bridge \
security-profile=KBC ssid=KBC tx-power-mode=all-rates-fixed \
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:CC:7F:C5 master-interface=\
wlan1 name=wlanPrayer security-profile=Prayer ssid=Prayer wds-cost-range=\
0 wds-default-cost=0
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:CC:7F:C6 master-interface=\
wlan1 name=wlanPublic security-profile=Public ssid=KBCfreewifi \
wds-cost-range=0 wds-default-cost=0
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
/ip pool
add name=default-dhcp ranges=
/ip dhcp-server
add address-pool=default-dhcp interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether1-gateway
add bridge=Prayer interface=vlanPrayer
add bridge=Public interface=vlanPublic
add bridge=Public interface=wlanPublic
add bridge=Prayer interface=wlanPrayer
/ip address
add address= interface=wlan1 network=
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
/ip dhcp-server network
add address= comment="default configuration" dns-server=\ gateway=
/ip dns
set allow-remote-requests=yes
/ip dns static
add address= name=router
/ip firewall filter
add chain=forward comment="default configuration" connection-state=\
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
yes out-interface=ether1-gateway to-addresses=
/ip route
add distance=1 gateway=
/system clock
set time-zone-name=America/Chicago
/system identity
set name="Lower Level Hall Under Sanctuary"
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp= secondary-ntp=\