No Access To Any Websites

NS16 · Fri Mar 03, 2023 1:06 am

Hi, new to Mikrotik and I have a LTE router with Hap Ac Lite and I have a big issue straight away that I dont have any access to the internet, Netflix etc.

I dont have much experience in knowing what to do so im hoping you guys can get me out of a pickle!

thank you.

NS16 · Fri Mar 03, 2023 1:55 am

model = RB952Ui-5ac2nD

# serial number = C55F0B6xxxx
/interface bridge
add admin-mac=C4:AD:34:B5:A9:B4 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united kingdom" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid= wireless-protocol=\
    802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid= \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN

k6ccc · Fri Mar 03, 2023 2:00 am

Thank you for uploading the configuration. Without it, we're guessing...
For future reference, when uploading click the code display icon in the toolbar above the text entry (the code display icon is the 7th one from the left and looks like a square with a blob in the middle). Then paste the text from the file in between the two code words in brackets. Makes it easier to deal with on the forum.

NS16 · Fri Mar 03, 2023 2:04 am

no problem will remember next time…are you able to help?

k6ccc · Fri Mar 03, 2023 2:14 am

That's a really straight forward config...
Confirm that the LTE "router" is connected to port 1 of the hAP via a cable, and you are plugging in the computer you are using for test into any other port on the hAP? The test computer should be set for DHCP and should therefore get an IP address in the 192.168.88.x range. If all this is true, you should be able to communicate with the hAP via IP address 192.168.88.1
Since you were able to capture the config of the hAP, I am assuming for the moment that the hAP is getting an IP address on port 1 (being used as the WAN port). Can you confirm if the hAP is getting an IP address on the WAN interface (port 1)? If yes, can try tools on the hAP and try to ping 8.8.8.8. Do you get a response?
Are you using WinBox, WebFig, or a text based command port to communicate with the hAP?

NS16 · Fri Mar 03, 2023 2:30 am

Hi, yes connections to the Hap are correct in the way you said.

I was only able to post the terminal script by using a hotspot on my phone, however for some reason I can now connect through my Hap using the IP address 192.168.1.1 but before I was only able to access the LTE via IP address 192.168.88.1...but now I can't access the LTE address.

any suggestions?

k6ccc · Fri Mar 03, 2023 2:40 am

My suggestion for using a cable rather than a WiFi connection is it is a known and eliminates the WiFi as being part of the problem...

I was only able to post the terminal script by using a hotspot on my phone, however for some reason I can now connect through my Hap using the IP address 192.168.1.1 but before I was only able to access the LTE via IP address 192.168.88.1...but now I can't access the LTE address.

That statement is confusing. Almost sounds like you were connecting via WiFi to the LTE router and not the hAP. What is the LTE router, and how is it configured?
I was assuming it was operating essentially as a cellular modem and providing a wired internet connection to the hAP. Sounds like there is more to it.

NS16 · Fri Mar 03, 2023 2:52 am

right essentially what I've done is left an ISP who had pre-configured my Mikrotik equipment the LTE and the Hap and I've since left them and now have a cheaper tariff using a SIM only deal.

What they told me to do was to factory reset the Hap and that has since wiped out the previous configurations and I'm left in this mess so that's the situation I'm at and I'm at a loss of what to do hence being new to the Mikrotik world, hope that makes sense.

NS16 · Fri Mar 03, 2023 2:55 am

so the situation at the moment is that I'm only able to login to the LTE via 192.168.88.1 but once I try and enter 192.168.1.1 I'm unable to do this.

Also I'm able to access the internet on my mobile phone no problem but everything else such as laptop, Netflix, TV's there is nothing at the moment.

k6ccc · Fri Mar 03, 2023 3:02 am

I've got to run, but it sounds like the LTE router is another Mikrotik and it is also trying to have a LAN address range of 192.168.1.n. Therefore, the WAN side of hAP and the LAN side of the hAP are both in the same address range - which will not work right. Are you trying to use the hAP just as a switch and leave all the router functions in the LTE router, or leave teh LTE router as dumb as you can make it and use the hAP for all your "router" functions?
And what is the LTE router?

NS16 · Fri Mar 03, 2023 3:10 am

Hi, yes the LTE is also a Mikrotik brand and its purpose is to give the best possible signal and its located externally and the purpose of the Hap is to act as the router.

How do I go about configuring in the way its meant to do its job correctly without both devices conflicting the IP addresses?

anav · Fri Mar 03, 2023 3:19 am

If LTE is simply passing a public IP to the hapac, shouldnt be conflict.
More likely LTE is getting the public IP and then through its LAN passing the traffic to the HAPAC.
The problem is the HAPAC probably has the same LAN IP subnet as the LTE,
So k6ccc is stating change the default LANIP structure on either of the two MT devices to something else.

NS16 · Fri Mar 03, 2023 3:22 am

Hi, do you mind going through exactly what I need to do in the settings and how to change these values if you don't mind.

NS16 · Fri Mar 03, 2023 12:13 pm

any help guys?

anav · Fri Mar 03, 2023 1:41 pm

You have to do the work LOL, its the only way to learn the router.
What i suggest is you take an unused port on the hapac ether X.

1. assign 192.168.55.1/24 IP address to it
2. ensure you add it ( the ether port ) to the Interface list of LAN
3. ensure you remove it ( the ether port ) off the bridge.
4. plug your laptop into ether X and put ipv4 settings of 192.168.55.5 for example, 255.255.255.0 gateway 192.168.55.1 DNS server 192.168.55.1

And you should be able to login into winbox.
Then you can play with changing the settings of the bridge without fear of locking yourself out.
Will take some steps.
but mainly
(1) change the IP pool of the bridge first
from 192.168.88.XX - 192.168.88.YYY (to your new subnet)
To: 10.10.88.XX - 10.10.88.YYY
(2) change the IP address assigned to the lan to 10.10.88.1/24
(3) DHCP server ( should require no change )
(4) change the dhcp server-NETWORK to 10.10.88.0/24 gateway 10.10.88.1 and dns-server 10.10.88.1

That should be close to see if you have a better experience with the two devices interacting...........

NS16 · Sat Mar 04, 2023 3:12 pm

# jan/02/1970 00:39:32 by RouterOS 6.49.7
# software id = XZJM-ETQG
#
# model = RB952Ui-5ac2nD
# serial number = C55F0B6C8136
/interface bridge
add admin-mac=C4:AD:34:B5:A9:B4 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united kingdom" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid=MikroTik wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
    192.168.1.0
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.1.1 netmask=24
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/code]

NS16 · Sat Mar 04, 2023 3:13 pm

# mar/04/2023 03:46:53 by RouterOS 7.7
# software id = RTPD-F59M
#
# model = RBLHGR
# serial number = C8930CED6994
/interface bridge
add name=bridge1
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band=""
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=everywhere ip-type=ipv4 passthrough-interface=\
bridge1 passthrough-mac=auto use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=defconf
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=via-AAISP
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=lte1 list=WAN
add disabled=yes list=LAN
add interface=bridge1 list=LAN
add disabled=yes interface=ppp-out1 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge1 network=\
192.168.1.0
add address=192.168.88.1/24 interface=ether1 network=192.168.88.0
/ip arp
add address=192.168.1.30 interface=bridge1 mac-address=E8:78:29:54:91:AA
/ip dhcp-client
add disabled=yes interface=*1
/ip dhcp-server lease
add address=192.168.1.30 client-id=1:e8:78:29:54:91:aa mac-address=\
E8:78:29:54:91:AA server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=forward connection-state=established
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward protocol=icmp
add action=drop chain=forward connection-nat-state=dstnat disabled=yes \
in-interface=!*4
add action=drop chain=forward connection-nat-state=!dstnat disabled=yes \
in-interface-list=WAN
add action=fasttrack-connection chain=forward disabled=yes dst-port=53 \
hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward disabled=yes dst-port=53 \
hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward disabled=yes dst-port=53 \
hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward disabled=yes dst-port=53 \
hw-offload=yes protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat disabled=yes dst-address=81.187.83.242 \
dst-port=44158 in-interface=*4 protocol=tcp to-addresses=192.168.1.30
add action=masquerade chain=srcnat disabled=yes out-interface=*4
/ip proxy
set port=1080
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=*4 pref-src="" \
routing-table=via-AAISP scope=30 suppress-hw-offload=no target-scope=10
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=lte1 type=external
/routing rule
add action=lookup-only-in-table disabled=no src-address=192.168.1.30 table=\
via-AAISP
/system clock
set time-zone-name=Europe/London
/system identity
set name="MikroTik LTE"

NS16 · Sat Mar 04, 2023 3:17 pm

Hi guys, I've now got no internet access at all...this is turning into a very steep learning curve...can any of you good people get me back online.

thanks.

NS16 · Sat Mar 04, 2023 5:10 pm

any help?

anav · Sat Mar 04, 2023 5:59 pm

Help with what??

The advice provided was that likely you had the same LAN subnet on both devices and therefore there would be conflict.
Tell us what you attempted, because we have no clue to what you had, what you changed and what you want to do????

NS16 · Sat Mar 04, 2023 6:08 pm

okay since I tried what you suggested I firstly reset the configuration of the Hap AC lite and in doing so it had wiped out all previous configurations so I've tried copy and pasted the previous log I posted earlier in this thread in hope of having the same settings as before on my Hap and that was when I noticed I have since not had any internet at all.

NS16 · Sat Mar 04, 2023 6:10 pm

so yeah im a fool in doing so and now I have created a worse scenario and hoping you good people can work out how I can get back online.

anav · Sat Mar 04, 2023 6:16 pm

No poster here told you to reset the entire hap device.
I was quite clear to change a port first and take it off the bridge so as to be able to modify (not reset) the hapac.

So it seems like you invent history LOL. In any case will look at both configs....

OKAY Not BAD, almost there.
The problem now is you have two subnets on each device, so lets choose wisely.

Lets keep .88.X on the LTE and .1.X on the haplite.

So the haplite should look like.
By the way you duplicated your forward chain firewall rules thus removed the duplication.
/tool mac-server should be set to NONE, not LAN.
Also fixed was was ip dhcp-server network.

As you can see I took ether5 off the bridge, assigned an address to the etherport and added it to the interface list of LAN.
You should be able to hoop up your laptop to ether5, stick in an IPV4 setting on the ethernet card (properties) to 192.168.55.5 255.255.255.0 gateway 192.168.55.1 dns server 192.168.55.1 and then config the router. Always use safe mode but you are more likely to have less interruption while configuring.

[i]# model = RB952Ui-5ac2nD
/interface bridge
add admin-mac=C4:AD:34:B5:A9:B4 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united kingdom" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid=MikroTik wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=ether5  list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
    192.168.1.0
add address=192.168.55.1/24 comment=defconf interface=ether5 network=\
    192.168.55.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 gateway=\
    192.168.1.1 netmask=24
/ip dns  ( remove the static dns settings not required)
set allow-remote-requests=yes servers=1.1.1.2,8.8.8.8
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/tool mac-server
set allowed-interface-list=NONE
/tool mac-server mac-winbox
set allowed-interface-list=LAN[/i]

NS16 · Sat Mar 04, 2023 6:23 pm

thanks for helping, im ready when you are

anav · Sat Mar 04, 2023 6:34 pm

I am very confused on your LTE, not being familiar with such devices.

Is the WAN port the LTE port?
Is the WAN port a pppoe-1out interface??

Why do you have subnets, I believe that what we want to do is having ONE BRIDGE with IP address of 192.168.88.1/24 correct???
192.168.1.0
192.168.88.0
192.168.30.0

How many ports are on the LTE device...... aka bridge ports..............

NS16 · Sat Mar 04, 2023 6:38 pm

Hi, yes there is a WAN 1 x port on the LTE and the other end goes in port 5 on the HAP which is PoE out to power the external LTE.

so will need ether5 as that powers the LTE.

yes that's right ONE bridge not sure what those other subnets are.

NS16 · Sat Mar 04, 2023 6:59 pm

You should be able to hoop up your laptop to ether5, stick in an IPV4 setting on the ethernet card (properties) to 192.168.55.5 255.255.255.0 gateway 192.168.55.1 dns server 192.168.55.1 and then config the router. Always use safe mode but you are more likely to have less interruption while configuring.

Hi, where do I do this?

NS16 · Sat Mar 04, 2023 7:22 pm

I have internet!

however my wifi doesn't work...are you able to sort?

anav · Sat Mar 04, 2023 7:38 pm

Well, do you have access to the internet from a wired computer aka wired to the haplite?
If so, then there is nothing wrong with the haplite settings for the most part and its isolated to the wifi settings.
Everything from a previous config looks normal.

wlan1 and wan2 are correctly identified as bridge ports
I dont see anything weird on your wifi settings, so not sure......

NS16 · Sat Mar 04, 2023 7:42 pm

where do I enter the IPV4 settings you mentioned?

I only have internet access off a wired connection and I have no wifi at all at the moment?

anav · Sat Mar 04, 2023 8:25 pm

On you laptop, properties of your nic card or internet connection......................
....

niccard1.jpg

....

niccard2.JPG

NS16 · Sat Mar 04, 2023 8:38 pm

thanks thats done, still no wifi though?

NS16 · Sat Mar 04, 2023 9:09 pm

also just noticed that the internet access via ethernet on the Hap is also not working again.

anav · Sat Mar 04, 2023 9:13 pm

Wired or wifi................... seems like you are not having fun

NS16 · Sat Mar 04, 2023 9:18 pm

both…im having a terrible time LOL

anav · Sat Mar 04, 2023 9:35 pm

But you said you had it,,,,,,,,, what did you change for you to lose it?? ( at least wired that is )

NS16 · Sat Mar 04, 2023 9:40 pm

I put the IPV4 settings on my Mac and then it was lost.

On the Mac I was unable to change the DNS server would that be why?

anav · Sat Mar 04, 2023 9:44 pm

Oh okay so the router didnt lose internet your macbook did LOL..........

NS16 · Sat Mar 04, 2023 9:46 pm

ah right okay…LOL.

can you work you magic again to get me back up and running with ethernet and wifi access…desperate measures LOL

NS16 · Sat Mar 04, 2023 9:56 pm

not sure if it helps but noticed that DHCP Client - ether1 status is stopped and just done a Ping test and getting nothing

anav · Sat Mar 04, 2023 10:06 pm

The trick on a mac is to go to advanced settings for your ethernet,
and instead of going to TCP/IP first go to DNS servers.
Here put in 192.168.55.1 and hit OKAY

Then go to TCP/IP select manual, put in 192.168.55.5 for address, 255.255.255.0 for subnet mask and then for router enter 192.168.55.1 and hit OK

that brings you back to previous page and hit apply.

NS16 · Sat Mar 04, 2023 10:13 pm

okay done that and still no internet via ethernet

anav · Sat Mar 04, 2023 10:20 pm

Then set your laptop back to getting dhcp automatically and connect to one of the bridge ports................
Very strange, you changed nothing on the MT so internet should be there......logic..........

NS16 · Sat Mar 04, 2023 10:37 pm

nope still aint working after changing back

anav · Sat Mar 04, 2023 10:37 pm

Can you connect your mac directly to ether5 on the lte??

NS16 · Sat Mar 04, 2023 10:38 pm

shall I send my current config again in case something is missed?

anav · Sat Mar 04, 2023 10:40 pm

Config on both, going out for awhile but will look at them upon returning

NS16 · Sat Mar 04, 2023 11:07 pm

I’ve noticed on the config you’ve written…you’ve put /ip dns (remove the static dns settings not required)

where is that located?

NS16 · Sat Mar 04, 2023 11:28 pm

# mar/04/2023 05:06:48 by RouterOS 7.7
# software id = RTPD-F59M
#
# model = RBLHGR
# serial number = C8930CED6994
/interface bridge
add name=bridge1
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band=""
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=everywhere ip-type=ipv4 passthrough-interface=\
    bridge1 passthrough-mac=auto use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.254-192.168.88.10
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=defconf
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=via-AAISP
/interface bridge port
add bridge=bridge1 interface=ether1
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=lte1 list=WAN
add disabled=yes list=LAN
add interface=bridge1 list=LAN
add disabled=yes interface=ppp-out1 list=LAN
add interface=*6 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge1 network=\
    192.168.88.0
/ip arp
add address=192.168.1.30 interface=bridge1 mac-address=E8:78:29:54:91:AA
/ip dhcp-client
add interface=*1
/ip dhcp-server lease
add address=192.168.1.30 client-id=1:e8:78:29:54:91:aa mac-address=\
    E8:78:29:54:91:AA server=defconf
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf gateway=192.168.1.1 netmask=24
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=forward connection-state=established
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward protocol=icmp
add action=drop chain=forward connection-nat-state=dstnat disabled=yes \
    in-interface=!*4
add action=drop chain=forward connection-nat-state=!dstnat disabled=yes \
    in-interface-list=WAN
add action=fasttrack-connection chain=forward disabled=yes dst-port=53 \
    hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward disabled=yes dst-port=53 \
    hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward disabled=yes dst-port=53 \
    hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward disabled=yes dst-port=53 \
    hw-offload=yes protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat disabled=yes dst-address=81.187.83.242 \
    dst-port=44158 in-interface=*4 protocol=tcp to-addresses=192.168.1.30
add action=masquerade chain=srcnat disabled=yes out-interface=*4
/ip proxy
set port=1080
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=*4 pref-src="" \
    routing-table=via-AAISP scope=30 suppress-hw-offload=no target-scope=10
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=lte1 type=external
/routing rule
add action=lookup-only-in-table disabled=no src-address=192.168.1.30 table=\
    via-AAISP
/system clock
set time-zone-name=Europe/London
/system identity
set name="MikroTik LTE"
/code]

NS16 · Sat Mar 04, 2023 11:29 pm

# jan/02/1970 00:29:12 by RouterOS 6.49.7
# software id = XZJM-ETQG
#
# model = RB952Ui-5ac2nD
# serial number = C55F0B6C8136
/interface bridge
add admin-mac=C4:AD:34:B5:A9:B4 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="united kingdom" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge ssid=MikroTik wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="united kingdom" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=ether5 list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
    192.168.1.0
add address=192.168.55.1/24 comment=defconf interface=ether5 network=\
    192.168.55.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.1 gateway=\
    192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.2,8.8.8.8
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/code]

anav · Sun Mar 05, 2023 3:16 am

I’ve noticed on the config you’ve written…you’ve put /ip dns (remove the static dns settings not required)

where is that located?

You REALLY need to try harder LOL.......
....

dns.JPG

anav · Sun Mar 05, 2023 3:24 am

So on the hapaclite, you elected to go with 192.168.1.0/24 as the LAN subnet, GREAT!

Then WTF are you still doing with the same network on the LTE??
You need to get rid of it and stick with 192.168.88.0/24 as the LAN subnet on the LTE.........

HAPLITE
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=\
192.168.1.0

LTE
/ip pool
add name=dhcp ranges=192.168.1.254-192.168.88.10
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge1 name=defconf

Also what is this setting for???
/ip arp
add address=192.168.1.30 interface=bridge1 mac-address=E8:78:29:54:91:AA

Why do you UPNP on the LTE ?????

Why is their a destination nat rule on the LTE?? going to an address that doesnt exist on the LTE..............
add action=dst-nat chain=dstnat disabled=yes dst-address=81.187.83.242 \
dst-port=44158 in-interface=*4 protocol=tcp to-addresses=192.168.1.30

NS16 · Sun Mar 05, 2023 10:27 am

Hi, I’ve done those changes and I still havent got internet access?

not sure what those other rules are and just checked and I dont have UPNP enabled from what I can see?

NS16 · Sun Mar 05, 2023 10:39 am

do I keep both those dhcp ranges on the LTE or just the one?

NS16 · Sun Mar 05, 2023 10:40 am

there is also a Dynamic IP address on the LTE - which I cant remove…is that meant to be there?

NS16 · Sun Mar 05, 2023 11:36 am

would it be something to do with DHCP client as its currently set to ether1 and status says stopped

NS16 · Sun Mar 05, 2023 12:13 pm

also I’ve noticed that to edit the config in the LTE I had to paste in the original log in the terminal I posted at the beginning of this thread to see it pop up on the ethernet connection to access it if that makes sense.

As the config you edited for me where you changed over some settings I wasn’t then able to see the LTE to edit it.

but just to confirm I have edited the ip pools and dhcp settings so they are not the same on both devices.

so yeah the issue still exists that I dont have any internet access.

anav · Sun Mar 05, 2023 2:29 pm

Are you saying the 192.168.1.30 stuff has to stay in LTE1?

If that is the case then the answer is simple put all 192.168.1.X on the LTE and change the HAPLite to 192.168.88.X
So reverse it............

NS16 · Sun Mar 05, 2023 3:07 pm

okay got you so will that sort the issue?

anav · Sun Mar 05, 2023 3:10 pm

I can only hope. I dont understand the LTE config sadly.

NS16 · Sun Mar 05, 2023 3:31 pm

so do I need to reverse every settings on both devices?

NS16 · Sun Mar 05, 2023 4:31 pm

what settings in total do I need to reverse?

anav · Sun Mar 05, 2023 6:17 pm

Well in the LTE
Change the bridge IP address to 192.168.1.1/24 network 192.168.1.0
Change the bridge IP pool to 192.168.1.10-192.168.1.254
Change the dhcp server-network to 192.168.1.0/24 dns server=192.168.1.1 gateway=192.168.1.1

REMOVE anything with 192.168.88.X

+++++++++++++++++++++++++++++++++++++
On the haplite, ensure

Change the bridge IP address to 192.168.88.1/24 network 192.168.88.0
Change the bridge IP pool to 192.168.88.10-192.168.88.254
Change the dhcp server-network to 192.168.88.0/24 dns server=192.168.88.1 gateway=192.168.88.1

REMOVE anything with 192.168.1.X ( except of course anything WANIP as the haplite will get a wanip on the 192.168.1.0/24 subnet. )

NS16 · Sun Mar 05, 2023 6:44 pm

done all the changes and still no internet access

anav · Sun Mar 05, 2023 10:21 pm

Start a new thread just asking for LTE internet access help. LTE - NO Internet Access ????

Just state you are hooking up your PC to ether5 with the laptop to try and get ethernet.
The laptop should get a LANIP on the 192.168.1.0/24 subnet right now when you plug in correct??

So the issue is setting up LTE correctly......

NS16 · Mon Mar 06, 2023 10:01 am

thank you for taking time out to help.

Who is online