Previously we were using a Microtik HapLite Router and it was not possible to "see" or print from a mobile phone to a WiFi printer connected to the same WiFi network. I posted to the forum and was advised to enable all port forwarding and that solved the problem.

Now we have upgraded to a Microtik Hap AC2 router and have experienced the same problem with the WiFi printer. I can't find the setting that allows all port forwarding. I need help please with step by step instructions to enable all port forwarding. Your advice would be appreciated.

Kind regards
Chris

All port forwarding is ridiculous.
All you need is the IP address of the printer and the main port(s) the printer uses.......

Need one port forwarding rule in forward chain....
add chain=forward action=accept connection-nat-state=dstnat

THen need dstnat rules something like
add chain=dstnat action=dst-nat in-interface-list=WAN dst-port=PORT(local printer uses) protocol=tcp \
to-address=IPaddressPrinter

For an HP printer it would appear that 9100 is the main printing port and 631 tcp ( for ipp protocol ).
and also perhaps snmp for printer status (windows), 161 udp/tcp

add chain=dstnat action=dst-nat in-interface-list=WAN dst-port=9100,161,631 protocol=tcp \
to-address=IPaddressPrinter
add chain=dstnat action=dst-nat in-interface-list=WAN dst-port=161 protocol=udp \
to-address=IPaddressPrinter

Thank you for your reply. All I want is for any guest with a phone to be able to find the printer on the network and print. At the moment it appears that all devices connected to the network can receive internet but cannot communicate with one another.

With the previous router I had to check the setting, "Default forward" in the wireless network settings. That was quick and easy and worked just fine. What I would like to find out is how to do this with the Hap AC2. I can't find this setting anywhere. I need step by step instructions on where to find it.

Kind regards
Chris

So how is the user selecting the printer and printing???

@anav
There is a misunderstanding on "port".
The feature is (was) in /interface wireless, and is called "defaut-forwarding", see:
viewtopic.php?p=1047200
https://wiki.mikrotik.com/wiki/Manual:I ... properties

default-forwarding (yes | no; Default: yes) This is the value of forwarding for clients that do not match any entry in the access-list

(nothing to do with port forwarding)

No idea if it was moved in some later RoS or if the Hap AC2 OP has is using the "old" wireless or the "new" Wifi (or whatever).

@Chris
Please post the exact RoS version you are running and which wireless/wifi are you using.

So how is the user selecting the printer and printing???

All a user has to do is open any document on their android phone, and then click the 3 dots and select "print". Then the available printers will show up on the network, select and print. With the previous Haplite router the printer was only available when "Default Forwarding" was checked in the wireless settings.

Kind regards
Chris

@anav
There is a misunderstanding on "port".
The feature is (was) in /interface wireless, and is called "defaut-forwarding", see:
viewtopic.php?p=1047200
https://wiki.mikrotik.com/wiki/Manual:I ... properties

default-forwarding (yes | no; Default: yes) This is the value of forwarding for clients that do not match any entry in the access-list

(nothing to do with port forwarding)

No idea if it was moved in some later RoS or if the Hap AC2 OP has is using the "old" wireless or the "new" Wifi (or whatever).

@Chris
Please post the exact RoS version you are running and which wireless/wifi are you using.

________

Thank you for your reply. This is at a meeting hall and I am responsible to look after the equipment. I will see if I can get some more information.
The router is broadcasting WiFi on 2.4 MHz and 5 MHz. Mobile phones and the printer are connected to the same network.

If I can select the "Default Forward" option for the particular WiFi network the problem will probably be solved.

This is the router we are using:
https://help.mikrotik.com/docs/pages/vi ... at%20loads.

Kind regards
Chris

Ahh okay, so basically default forward just means NO BSS blocking. All wired clients within a WLAN ( same SSID ) can reach/see each other..

@Chris
It is needed the Ros version and also which wireless package is installed.

In some versons the setting is in
/interface wireless
and called "default-forwarding" as in the given link, in newer it should be (maybe) in
/interface wifi datapath
and called "client-isolation"
https://help.mikrotik.com/docs/display/ ... properties

client-isolation (no | yes) Determines whether client devices connecting to this interface are (by default) isolated from others or not.
This policy can be overridden on a per-client basis using access list rules, so a an AP can have a mixture of isolated and non-isolated clients.
Traffic from an isolated client will not be forwarded to other clients and unicast traffic from a non-isolated client will not be forwarded to an isolated one.
Default: no

What is "strange" is that the default for the first is yes (i.e. allow forwarding) and the default for the second is no (i.e. negate client isolation) so *someone* must have changed the setting on both the old and new device.

Ahh okay, so basically default forward just means NO BSS blocking. All wired clients within a WLAN ( same SSID ) can reach/see each other..

Yes that is correct. I am a newbie and used the wrong terminology. Right now the printer is invisible to other devices using the same WiFi Network. I want to know how I can make it visible.

Kind regards
Chris

@Chris
It is needed the Ros version and also which wireless package is installed.

In some versons the setting is in
/interface wireless
and called "default-forwarding" as in the given link, in newer it should be (maybe) in
/interface wifi datapath
and called "client-isolation"
https://help.mikrotik.com/docs/display/ ... properties

client-isolation (no | yes) Determines whether client devices connecting to this interface are (by default) isolated from others or not.
This policy can be overridden on a per-client basis using access list rules, so a an AP can have a mixture of isolated and non-isolated clients.
Traffic from an isolated client will not be forwarded to other clients and unicast traffic from a non-isolated client will not be forwarded to an isolated one.
Default: no

What is "strange" is that the default for the first is yes (i.e. allow forwarding) and the default for the second is no (i.e. negate client isolation) so *someone* must have changed the setting on both the old and new device.

____________________

Thank you for this information.

The old HapLite router was a older100 Mbps device and we upgraded to a 1Gbps Hap AC2.

I will see if I can find any of those 2 settings. I have no idea where to find the Ros Version or wireless package.

Is there a search function where I can look for, "default-forwarding" or "client-isolation" ?

Kind regards
Chris

No, no search function that I know of.
Connect to the device, better if using Winbox.
Then follow these instructions to export configuration:
viewtopic.php?t=203686#p1051720
then open It in Notepad or any text editor and search for them.
Alternatively in Winbox Terminal try using [TAB] auto-completion, i.e. type:
/interface wi[TAB]
and see what options you are given, and navigate through either wireless or wifi ...

No, no search function that I know of.
Connect to the device, better if using Winbox.
Then follow these instructions to export configuration:
viewtopic.php?t=203686#p1051720
then open It in Notepad or any text editor and search for them.
Alternatively in Winbox Terminal try using [TAB] auto-completion, i.e. type:
/interface wi[TAB]
and see what options you are given, and navigate through either wireless or wifi ...

Thank you. I will have to try that another time. In the meantime I have attached this screenshot in case it helps.

After a lot of searching I found the setting under Network/Datapath/Client isolation.

I checked all 4 WIFi networks in the building and client isolation was already not checked. However the printer panel shows it is connected to WiFi and is still invisible to other devices on the same WiFi network. So there must be another reason the printer is invisible.

Is there anything else I can check?

Kind regards
Chris

I don't know.
Maybe you have *something* in access list rules (where exceptions to the "general" settings can be made) or it could be something else, like a firewall rule, cannot really say.
At this point, the only possibility is that you follow the instructions for making an export and post it (sanitizing sensible data).
Then some more experienced member can (hopefully) spot where the issue may lie (provided that it is on the Mikrotik side and not something to be changed in the actual printer).

Thank you. I will try and see if I can export the settings and take it from there.

Kind regards
Chris

This could be one reason?

viewtopic.php?t=207399#p1073690

...

Sorry, I previously posted my reply below on the wrong thread. I have removed it and have posted here on the correct thread.

Thank you Ammo and to everyone for your replies. I finally got around to exporting the Router report which I have pasted below. "Client Isolation" is definitely not checked.

In the meantime, a friend successfully printed from the printer which got me very confused. On my phone I get the message, "this printer is not available". So I clicked "print" anyway to see what would happen, and lo and behold, the document printed! I did not attempt to connect by "wifi direct" so I guess it is somehow printing across the wifi network! When we had the old haplite router the printer was clearly visible. With the new HapAC2 modem I get the message that it's not available. So I will have to do some more troubleshooting.

I wonder if the problem is a weak wifi signal? The printer is about 8 metres from the router with only a drywall in between. The printer wifi light is active showing it is connected to the network. Another point is that the printer is in the middle of 2 wifi routers in the building with the same ssid and password. So I don't know if there is a clash of interests. So maybe client forwarding is not the problem here.

Kind regards
Chris

___________________

Router Report (Question marks ??? are to block out sensitive info)

# 2024-05-08 18:54:18 by RouterOS 7.14.3
# software id = D7R3-GMMZ
#
# model = RBD52G-5HacD2HnD
# serial number = ??????????
/interface bridge
add arp=reply-only fast-forward=no name=br_Guests protocol-mode=none
add admin-mac=???????? auto-mac=no fast-forward=no name=br_MGMT \
priority=0x11
/interface wifi
set [ find default-name=wifi2 ] channel.band=5ghz-ac .frequency=5180 .width=\
20/40/80mhz configuration.mode=ap .ssid="????????" disabled=no \
security.authentication-types=wpa2-psk .group-encryption=ccmp \
.group-key-update=1h .wps=disable
/interface vlan
add interface=br_MGMT mtu=1560 name=V51_Guests vlan-id=51
/interface list
add name=custom
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip smb
set enabled=no
/interface wifi
# authentication-types not suitable for any Owe Transition Mode role
set [ find default-name=wifi1 ] channel.band=2ghz-n .frequency=2462 .width=\
20mhz configuration.mode=ap .qos-classifier=priority .ssid="????????" \
datapath.client-isolation=no disabled=no security.authentication-types=\
wpa2-psk .connect-group="" .connect-priority=0 .dh-groups="" \
.disable-pmkid=no .group-encryption=ccmp .group-key-update=1h \
.management-encryption=cmac .management-protection=allowed \
.owe-transition-interface=wifi1 .sae-anti-clogging-threshold=0 \
.sae-max-failure-rate=disabled .sae-pwe=hunting-and-pecking .wps=disable
/interface bridge port
add bridge=br_MGMT interface=ether1
add bridge=br_MGMT interface=ether2
add bridge=br_MGMT interface=ether3
add bridge=br_MGMT interface=ether4
add bridge=br_MGMT interface=ether5
add bridge=br_Guests interface=wifi1
add bridge=br_Guests interface=wifi2
add bridge=br_Guests interface=V51_Guests
/ip neighbor discovery-settings
set discover-interface-list=custom protocol=mndp
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=br_MGMT list=custom
/ip address
add address=???????? interface=br_MGMT network=????????
/ip cloud
set update-time=no
/ip dns
set cache-max-ttl=1d servers=????????
/ip route
add disabled=no dst-address=???????? gateway=???????? routing-table=main \
suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set always-allow-password-login=yes forwarding-enabled=both
/system clock
set time-zone-autodetect=no time-zone-name=????????/????????
/system identity
set name=MK_????????
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=europe.pool.ntp.org
/system watchdog
set automatic-supout=no
Top