Community discussions

MikroTik App
 
CamJam
just joined
Topic Author
Posts: 4
Joined: Sun May 21, 2023 11:37 pm

Home AP Dual Client comms between different SSID on same network

Mon May 22, 2023 6:14 am

Hey,
I have a hap ac lite running Home AP Dual default config with no additional changes. There are 2 separate SSIDs for the 2Ghz and 5Ghz.
Currently on the default setup I cannot ping/talk to devices which are connected on the other SSID. Is there a setting that allows client to client comms between different wireless SSID/networks. Currently both SSIDs are on the same subnet.
I did see there is a post about something similar if running CAPsMAN - viewtopic.php?t=189107
Is there something similar to this that can be added to the default Home AP Dual config?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Home AP Dual Client comms between different SSID on same network

Tue May 23, 2023 10:56 pm

Post config between code quotes [ ] so we can have a look.
 
CamJam
just joined
Topic Author
Posts: 4
Joined: Sun May 21, 2023 11:37 pm

Re: Home AP Dual Client comms between different SSID on same network

Thu May 25, 2023 12:03 am

Hopefully this makes sense?
# may/25/2023 08:54:26 by RouterOS 6.49.7
# software id = AMII-MWMC
#
# model = RouterBOARD 952Ui-5ac2nD
# serial number = 6CBA06DDC49E
/interface bridge
add admin-mac=6C:3B:6B:3E:9F:CB auto-mac=no comment=defconf fast-forward=no \
    name=bridge
/interface ethernet
set [ find default-name=ether1 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
    ether2-master
set [ find default-name=ether3 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether4 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether5 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=\
    ether1 keepalive-timeout=60 name=pppoe-out1 password= \
    use-peer-dns=yes user=
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
    20/40mhz-Ce country="new zealand" disabled=no distance=indoors frequency=\
    auto frequency-mode=manual-txpower mode=ap-bridge multicast-helper=full \
    name=2Ghz ssid=2GHz station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac \
    channel-width=20/40mhz-Ce country="new zealand" disabled=no distance=\
    indoors frequency=auto frequency-mode=manual-txpower mode=ap-bridge \
    multicast-helper=full name=5Ghz ssid=5Ghz station-roaming=enabled \
    wireless-protocol=802.11
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key= \
    wpa2-pre-shared-key=
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.149
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
    bridge name=defconf
/interface bridge filter
add action=drop chain=forward in-interface=!2Ghz src-mac-address=\
    !88:19:08:35:F2:D7/FF:FF:FF:FF:FF:FF
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=2Ghz
add bridge=bridge comment=defconf interface=5Ghz
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=2Ghz list=discover
add interface=5Ghz list=discover
add interface=bridge list=discover
add interface=pppoe-out1 list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
add interface=pppoe-out1 list=WAN
/interface wireless access-list
add signal-range=-80..80 vlan-mode=no-tag
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2-master network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface=pppoe-out1
/ip ssh
set forwarding-enabled=remote
/system clock
set time-zone-name=Pacific/Auckland
/system routerboard settings
set auto-upgrade=yes boot-device=nand-only
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Home AP Dual Client comms between different SSID on same network

Thu May 25, 2023 6:46 am

Does it happen from both sides ?
2GHz to 5Ghz and 5Ghz to 2GHz ?

I am wondering why this is in default config.

/interface bridge filter
add action=drop chain=forward in-interface=!2Ghz src-mac-address=\
    !88:19:08:35:F2:D7/FF:FF:FF:FF:FF:FF

MAC address seems to point to Apple.

Remove that setting if you don't need it.
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: Home AP Dual Client comms between different SSID on same network

Thu May 25, 2023 9:58 am

Though choosing as accesspoint, you are running the Lite as router. That makes no sense, unless choosen deliberately.
Being in the default config...please don't choose wpa-psk...it is nearly as bad as having no security at all...
 
CamJam
just joined
Topic Author
Posts: 4
Joined: Sun May 21, 2023 11:37 pm

Re: Home AP Dual Client comms between different SSID on same network

Fri May 26, 2023 7:44 am

@Holvoetne - Yes, happens both ways. That was probably me playing with limiting a device on the wifi at some point.

@erlinden - The device is setup as a home internet router and access point. I would imagine that's what 'Home AP Dual' is for? Fair enough about WPS-PSK - i didn't realise it was enabled by default.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Home AP Dual Client comms between different SSID on same network  [SOLVED]

Fri May 26, 2023 7:48 am

@Holvoetne - Yes, happens both ways. That was probably me playing with limiting a device on the wifi at some point.
Did you already remove that line ?
As it is now it will block all forwarding traffic over bridge for all devices not having that MAC address for all incoming interfaces not being 2GHz.
(and it has some consequences too for return traffic)
 
CamJam
just joined
Topic Author
Posts: 4
Joined: Sun May 21, 2023 11:37 pm

Re: Home AP Dual Client comms between different SSID on same network

Mon May 29, 2023 1:50 am

Looks like I should have had the drop rule in the firewall settings no the bridge.
Thanks for your help.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Home AP Dual Client comms between different SSID on same network

Mon May 29, 2023 11:49 am

Already reported ...
The other not (just I do)

I wonder how the moderators approve it, and why it's not deleted immediately...
When I did it, 5 minutes didn't pass from a report, and I kept an eye on new members whether or not they wrote valid things in the first post...
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Home AP Dual Client comms between different SSID on same network

Mon May 29, 2023 11:52 am

When I used to be a moderator on another board, that was my approach as well.
Watched new users, watched the IP address they used (all too often it always came from the same sources and phpBB has the possibility to use blacklist, so I used that quite a bit), watched reports, ...
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Home AP Dual Client comms between different SSID on same network

Mon May 29, 2023 12:15 pm

It's a matter of involvment of moderators.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2978
Joined: Mon Apr 08, 2019 1:16 am

Re: Home AP Dual Client comms between different SSID on same network

Mon May 29, 2023 12:26 pm

To separate SSID's on one AP, with WLAN interfaces and even ethernet interfaces bridged together, I use the same bridge port "horizon" value.
Same usage for the Powerbox connecting (bridging) the different AP's.
This also stops broadcasts from one to the other. The network forms a tree structure.

So all downstream links (WLAN, wifi, ether,...) have the same horizon, the uplink has no horizon or different horizon set.
All will communicate with the uplink, the uplink can reach all downlinks, no communication among the downlinks.
Many client devices are very curious and chat (broadcast, multicast) a lot. (Windows, Dropbox, Bonjour, mDNS, Skype, ....)
And those broadcasts are a heavy load on the wifi air time, as they are sent at basic rate.

Disabling "forwarding" in the wifi authorization is working within that SSID instance only.
Last edited by bpwl on Mon May 29, 2023 12:39 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Home AP Dual Client comms between different SSID on same network

Mon May 29, 2023 12:33 pm

It's a matter of involvment of moderators.
Today I'll help you ;)
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Home AP Dual Client comms between different SSID on same network

Mon May 29, 2023 12:34 pm

It's a matter of involvment of moderators.
I am aware and as already indicated in some other posts, much respect for those taking up this task.
Since I've done it myself for several years, I know how much time and dedication can be involved.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Home AP Dual Client comms between different SSID on same network

Mon May 29, 2023 12:36 pm

That's why I apologized to @BartoszP for mistreating him (in the past)...
I've been do that too and it's quite tiring...
When you're on the other side, and you care, then you realize it...

Who is online

Users browsing this forum: Google [Bot] and 75 guests