Topic Author
Topic Author
Posts: 3
Joined: Wed Apr 10, 2019 9:38 pm

Access to webfig not working

Fri Apr 12, 2019 9:18 am

I have a newbie question. I own a mikrotik hap ac2.
When I use it for the very first time, I'm able to connect on the web interface by entering in my browser
At this point I only change some settings on the quick setup page. I put the router into the bridge mode, enter the getaway and dns adress of my main router ( and click on apply.
After this I'm unable to reach the mikrotik web interface anymore. Mikrotik has now ip (I also see it on the main router) but doesn't work
I've changed the web settings in ip>service to allow local LAN but with no luck
The only way to access the mikrotik settings is using winbox with mac adress
How can I enable the webfig in my local LAN ?
Thank you for helping out
Member Candidate
Member Candidate
Member Candidate
Posts: 130
Joined: Thu Apr 05, 2012 8:16 pm

Re: Access to webfig not working

Sat Apr 13, 2019 1:30 am

Can you post the output of:-
/ip firewall export

You may need to obscure any private details such as public IP addresses if needed.
just joined
Posts: 2
Joined: Sat Apr 27, 2019 5:54 pm

Re: Access to webfig not working

Sun Apr 28, 2019 12:31 am

I am new to Mikrotik, so I can't tell which RouterOS version introduced this issue, but I can tell what is causing it and how to resolve it. I am running a hAp ac^2 with RouterOS v6.43.10.
I believe, the Quick Set WISP AP (and probably the Home AP as well), Bridge mode sets a few configuration items incorrectly. One of them is making the WebFig interface inaccessible.
The firewall rule #4 "defconf:drop all not coming from LAN" drops our WebFig packets because the bridge interface is not on the LAN interface list.
You can resolve this by either:
1. adding the bridge interface to the LAN list (RECOMMENDED):
Interfaces->Interface List tab->Add New: List=LAN, Interface=bridge, Enabled=True ->OK
2. Disabling the firewall rule, which drops our WebFig packages:
IP->Firewall: Press disable on rule #4 (drop all not coming from LAN)

The solution #1 seems right to me, as it is corrects the root cause. However, the #2 might be OK to do as well, as I believe there is no reason to have firewall rules at all in bridge mode whatsoever. (Though I am interested in any reasoning which proves that otherwise)

I also find other Quick Set "bridge" mode settings quite strange or erroneous. A bridge is essentially a switch. Yet, there is
1. a configured DHCP server, (a switch does not need a DNS server)
2. The DHCP server is configured with a strange IP pool (it may be in conflict with IP pool of the master DHCP server pobably running in our router)
3. A firewall is configured with many rules (a switch does not need a firewall) (?)
4. A static DNS server is configured (a switch does not need a DNS server)
5. The ether1 interface is configured for WAN (a bridge does not need a WAN port and its a waste of one ethernet port)
just joined
Posts: 6
Joined: Mon Sep 29, 2014 8:50 pm

Re: Access to webfig not working

Sat Sep 14, 2019 10:38 pm

Thank you George, this was driving me nuts. I had used quickset to set up a wireless bridge with a Mini Hap and I could never get back into the settings using the IP. Adding the bridge to the interface list did the trick.
just joined
Topic Author
Posts: 3
Joined: Wed Apr 10, 2019 9:38 pm

Re: Access to webfig not working

Sun Sep 15, 2019 7:28 pm

Thank you. I disabled the IP->Firewall rule #4
In fact I found it out some days after my post but forgot to write it here. This rule shouldn't be enable by default by mikrotik in my opinion
just joined
Posts: 1
Joined: Thu Nov 28, 2019 11:38 am

Re: Access to webfig not working

Thu Nov 28, 2019 1:12 pm

Thank you, George, you saved my day!

