Hello.
I bought hex_s + cap_ac, but I can't configure last.
I turned on hex_s_port5 and cap_ac_port1,
I see that cap_ac gets the IP from hex_s,
I can ping cap_ac,
but can't see cap_ac in winbox.
there is no mac, it doesn't connect over IP.
my laptop is plugged into hex_s through an old rb2011uas.
winbox v3.18.exe sees rb2011uas and hex_s, but cap_ac is not available to me.
I don't understand what is the reason ((
Is it a mikrotik design for this model, or I need to contact the seller?
thanks in advance.
Re: can't connect to new cAP ac (((
I don't remember exactly default configuration on cAP ac but ether1 may be filtered by the default rules in firewall because it may be considered as external interface. Usually that is the default configuration on devices with more than one ethernet port, try connecting with ethernet port 2 temporally.
Re: can't connect to new cAP ac (((
Reset it (and make sure it is not set to CapsMan): https://wiki.mikrotik.com/wiki/Manual:Reset
Why are you still using 3.18 of Winbox, we are already at 3.24: https://mikrotik.com/download
Why are you still using 3.18 of Winbox, we are already at 3.24: https://mikrotik.com/download
Re: can't connect to new cAP ac (((
If both are at default configuration, bear in mind, that they both have 192.168.88.1 on their Ether1 port and there will be IP conflicts. You should reconfigure it according to your needs.
Re: can't connect to new cAP ac (((
Yes, thank for the answers.
I moved my laptop in other room, and connect laptop in cap_ac_port2,
winbox immediately connected to cap_ac
I didn't see the standard window that happens when starting on a new device.
maybe someone already connect this unit in shop and don't clear config.
This is the config from the device(i remove SN and MAC).
https://pastebin.com/VjnCpGX8
I was afraid for a problem with flash memory on a new device.
Now I can change everything for myself. Thanks.
I moved my laptop in other room, and connect laptop in cap_ac_port2,
winbox immediately connected to cap_ac
I didn't see the standard window that happens when starting on a new device.
maybe someone already connect this unit in shop and don't clear config.
This is the config from the device(i remove SN and MAC).
https://pastebin.com/VjnCpGX8
I was afraid for a problem with flash memory on a new device.
Now I can change everything for myself. Thanks.
-
-
elektrinis
just joined
- Posts: 6
- Joined:
Re: can't connect to new cAP ac (((
Kinda old thread, however I had some serious issues with default configuration. By serious I mean I lost 3 hours of my life on this.
My setup is:
Mikrotik LTE dish -> PoE switch -> Mikrotik cAP AC.
The LTE dish is configured as router and has a 192.168.88.1 and a DHCP server.
Packed with cAP AC is a leaflet, where it is said the AP will be configured in bridged mode. So I figure it should work out of box.
But no, once connected, my whole network went down, including wired clients.
I could not login to any of WebFigs.
Then I have disconnected the cAP from my network and logged in to WebFig through default open WiFi network.
What I saw on QuickSet was: the cAP's default configuration is WISP AP - router.
When I changed this to "bridged", I lost connection, as it took a random IP address.
When I then connected it to my network, I still could not log in.
I have never had to use Winbox before, but there seemed to be no other choice now. I saw the cAP AC was in bridge mode now, however IP was set to static and not configured. So I also needed to switch it to automatic to get the IP from my router.
Conclusions:
1. The leaflet (quick start guide?) is misleading, as actual configuration is router, not bridge.
2. After switching it to bridge, one would expect it to get the IP address automatically.
3. One more issue to report on RouterOS: when configuring dual-band WiFi in WISP AP mode and on QuickSet page, there is no option to name the second band, or check a box to name them together. You have to switch to Home AP Dual, name both networks, then switch back to WISP AP.
I understand these products are not meant to be used by housewives, but the arrogance is sometimes through the roof. One guy said I don't understand what I am doing and that I need the MTCNA certificate so we could continue the discussion.
As a home user, I expect the device to have to proper de-fault configuration to be plug&play, and that QuickSet would work as expected, without workarounds and fixes around it.
My setup is:
Mikrotik LTE dish -> PoE switch -> Mikrotik cAP AC.
The LTE dish is configured as router and has a 192.168.88.1 and a DHCP server.
Packed with cAP AC is a leaflet, where it is said the AP will be configured in bridged mode. So I figure it should work out of box.
But no, once connected, my whole network went down, including wired clients.
I could not login to any of WebFigs.
Then I have disconnected the cAP from my network and logged in to WebFig through default open WiFi network.
What I saw on QuickSet was: the cAP's default configuration is WISP AP - router.
When I changed this to "bridged", I lost connection, as it took a random IP address.
When I then connected it to my network, I still could not log in.
I have never had to use Winbox before, but there seemed to be no other choice now. I saw the cAP AC was in bridge mode now, however IP was set to static and not configured. So I also needed to switch it to automatic to get the IP from my router.
Conclusions:
1. The leaflet (quick start guide?) is misleading, as actual configuration is router, not bridge.
2. After switching it to bridge, one would expect it to get the IP address automatically.
3. One more issue to report on RouterOS: when configuring dual-band WiFi in WISP AP mode and on QuickSet page, there is no option to name the second band, or check a box to name them together. You have to switch to Home AP Dual, name both networks, then switch back to WISP AP.
I understand these products are not meant to be used by housewives, but the arrogance is sometimes through the roof. One guy said I don't understand what I am doing and that I need the MTCNA certificate so we could continue the discussion.
As a home user, I expect the device to have to proper de-fault configuration to be plug&play, and that QuickSet would work as expected, without workarounds and fixes around it.
-
-
bennettnw2
just joined
- Posts: 1
- Joined:
Re: can't connect to new cAP ac (((
Hello All,
My apologies for the necro-post on top of necro-post but solving this next issue may help this thread to be more complete. I ran into the same problem as OP and once I used the power injector on eth1 and moved my router -> AP connection to eth2, I was able to use WinBox and configure the access point to work as it should. I assumed that since the AP was configured and running, if I switched the eth2 connection back to eth1 (to take advantage of PoE and less wiring), everything should be "all good". However that was not the case. I was not able to connect to the AP.
I switched back to the setup that was working previously and I could connect again. I scoured the internet for a solution but did not find one. The only thing I changed was to add an IP for the eth1 interface.
My question is: How do I configure this AP so that I can use just the PoE port? Or, this just came to me, is PoE and data transmission an either/or proposition? I am also assuming that I can send data while also using PoE. Let me check that real quick. Ok, I've confirmed that it is both/and not either/or! My question remains though, how can I use just the PoE port so I do not have to have two runs of cable going to my AP.
I've included the configuration outputs below. By the way, all of these settings were setup through the QuickSet utility. Except for one that I added via the terminal when I assigned an IP to eth1. Thanks in advance!
Router Configuration:
Access Point Configuration:
My apologies for the necro-post on top of necro-post but solving this next issue may help this thread to be more complete. I ran into the same problem as OP and once I used the power injector on eth1 and moved my router -> AP connection to eth2, I was able to use WinBox and configure the access point to work as it should. I assumed that since the AP was configured and running, if I switched the eth2 connection back to eth1 (to take advantage of PoE and less wiring), everything should be "all good". However that was not the case. I was not able to connect to the AP.
I switched back to the setup that was working previously and I could connect again. I scoured the internet for a solution but did not find one. The only thing I changed was to add an IP for the eth1 interface.
My question is: How do I configure this AP so that I can use just the PoE port? Or, this just came to me, is PoE and data transmission an either/or proposition? I am also assuming that I can send data while also using PoE. Let me check that real quick. Ok, I've confirmed that it is both/and not either/or! My question remains though, how can I use just the PoE port so I do not have to have two runs of cable going to my AP.
I've included the configuration outputs below. By the way, all of these settings were setup through the QuickSet utility. Except for one that I added via the terminal when I assigned an IP to eth1. Thanks in advance!
Router Configuration:
Code: Select all
# dec/05/2020 13:59:15 by RouterOS 6.47.8
# software id = R640-JC3H
#
# model = RB760iGS
# serial number = xxxxxxxxxxx
/interface bridge
add admin-mac=48:8F:5A:FB:xx:xD auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
192.168.88.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
/ppp secret
add name=vpn
/system clock
set time-zone-name=America/New_York
/system identity
set name=bfamikro
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Access Point Configuration:
Code: Select all
# dec/05/2020 13:57:03 by RouterOS 6.45.9
# software id = FR2H-64MR
#
# model = RBcAPGi-5acD2nD
# serial number = xxxxxxxxxxxxxx
/interface bridge
add admin-mac=08:55:31:05:xx:x1 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid="MySSID" wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \
installation=indoor mode=ap-bridge ssid="MySSID" \
wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=profile \
supplicant-identity=MikroTik
/interface wireless
add disabled=no mac-address=0A:55:31:05:FF:D3 master-interface=wlan2 name=\
wlan3 security-profile=profile ssid="MySSID's Guests"
add disabled=no mac-address=0A:55:31:05:FF:D2 master-interface=wlan1 name=\
wlan4 security-profile=profile ssid="MySSID's Guests"
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/interface bridge filter
add action=drop chain=forward in-interface=wlan3
add action=drop chain=forward out-interface=wlan3
add action=drop chain=forward in-interface=wlan4
add action=drop chain=forward out-interface=wlan4
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=wlan3
add bridge=bridge interface=wlan4
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.2/24 comment=defconf interface=ether2 network=\
192.168.88.0
add address=192.168.88.3/24 interface=ether1 network=192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.2 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
-
-
DizzyBafdger
just joined
- Posts: 1
- Joined:
Re: can't connect to new cAP ac (((
I came across this post looking for a solution. I found one. There may be different solutions, but this works for me
To use only ether1 and take advantage of the POE in:
Using Winbox:
-Open Interfaces, Interface list
-Make ether1 a member of the LAN interface list
The default interface list for ether1 is WAN, thus the default firewall rules block winbox connections to ether1 by default.
Be aware that making this change is very unsafe if ether1 is connected directly to the internet.
You may reconfigure ether2 as the WAN interface if you wish, or leave both interfaces in LAN and connect a second AP to ether2.
To use only ether1 and take advantage of the POE in:
Using Winbox:
-Open Interfaces, Interface list
-Make ether1 a member of the LAN interface list
The default interface list for ether1 is WAN, thus the default firewall rules block winbox connections to ether1 by default.
Be aware that making this change is very unsafe if ether1 is connected directly to the internet.
You may reconfigure ether2 as the WAN interface if you wish, or leave both interfaces in LAN and connect a second AP to ether2.
Re: can't connect to new cAP ac (((
For anyone reading this the easiest solution is to bring the capac next to your PC and configure it using Ether2.
Do all the bridge and other setup whilst happily connected on ether 2 and thus when you connect it in situ, it will just work.
Trying to do it all from ether1 is a pain in da butt.
Even better, log in on ether1, ensure ether2 is not on a bridge,
then assign an IP address to ether2 192.168.5.1/24 and then log in via ether2 putting something like 192.168.5.5 on your ipv4 settings on the computer.
Then one can config to ones hearts content.
To config the AP
Configuring off bridge - viewtopic.php?t=181718
Configuring any WIFI device on ROS - viewtopic.php?t=182276
Do all the bridge and other setup whilst happily connected on ether 2 and thus when you connect it in situ, it will just work.
Trying to do it all from ether1 is a pain in da butt.
Even better, log in on ether1, ensure ether2 is not on a bridge,
then assign an IP address to ether2 192.168.5.1/24 and then log in via ether2 putting something like 192.168.5.5 on your ipv4 settings on the computer.
Then one can config to ones hearts content.
To config the AP
Configuring off bridge - viewtopic.php?t=181718
Configuring any WIFI device on ROS - viewtopic.php?t=182276