Community discussions

MikroTik App
 
slimprize
Member Candidate
Member Candidate
Topic Author
Posts: 108
Joined: Thu Aug 09, 2012 2:43 am

How do I configure a HAP ac as a wireless access point

Thu Oct 07, 2021 4:27 am

Hi all,

I have a spare RouterBOARD 962UiGS-5HacT2HnT router. I want to configure it as a wireless access point. What do I need to do?
Could you please give me instructions from the terminal? I am blind so prefer using the commanddline because of accessibility challenges with the web fig interface and winbox.

I have done the following so far after resetting the router's configuration to factory defaults.
1. Disabled the dhcp server.
2. Disabled the dhcp-client.
3. Setup the wireless interface namely wlan2 with its associated security profile.
4. The router has a fixed static IP address on my lan and i have set its gateway.

What do I have to do next?

Pranav
 
Henthe
just joined
Posts: 7
Joined: Sun Oct 03, 2021 10:03 pm

Re: How do I configure a HAP ac as a wireless access point

Thu Oct 07, 2021 7:38 am

Since you have disable dhcp server I'm going to assume that you want to have this just passthrough up to your router. For commands I'm assuming you aren't running version 7 (pretty sure they are same, but haven't messed with it). You also mentioned factory defaults, so:

You should already have a bridge interface. Can check by doing
interface bridge print
Example output where there is a bridge
Flags: X - disabled, R - running 
 #   NAME                                                                             MTU ACTUAL-MTU L2MTU
 0 R bridge1                                                                         auto       1500  1598

If you don't have a bridge, please create one with
 interface bridge add
Created in this way it will be named "bridge1"

Once you have verified that you have a bridge you need to make sure that the interface you are using to connect to your router and the wlan2 interface are both members of the bridge. To check:
 interface bridge port print
Example output
Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 
 #     INTERFACE                      BRIDGE                      HW  PVID PRIORITY  PATH-COST INTERNAL-PATH-COST    HORIZON
 5 I H ether2                         bridge1                     yes    1     0x80         10                 10       none
 6 I   wlan2                          bridge1                            1     0x80         10                 10       none

If the port you are using to go to the router is not here please add it by:
interface bridge port add interface=ether1 bridge=bridge1
Once you have the uplink port and your wlan2 in the same bridge, assuming DHCP is set up for that port on the router your Wi-Fi clients will get IPs from it. You'll also want to put the IP address on the bridge interface instead of on the uplink port. If that IP was 10.9.8.7/29 you could do:
ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                      
 0 D 192.168.0.6/24     192.168.0.0     MGMT vlan 666                                                                                  
 1   10.9.8.7/29        10.9.8.0        ether1                                                                                         
 2 X 192.168.88.1/24    192.168.88.0    bridge1
 ip address set 1 interface=bridge1
 
If matching the index number is difficult, you could also do:
ip address set [find address="10.9.8.7/29"] interface=bridge1
 
slimprize
Member Candidate
Member Candidate
Topic Author
Posts: 108
Joined: Thu Aug 09, 2012 2:43 am

Re: How do I configure a HAP ac as a wireless access point

Thu Oct 07, 2021 8:43 pm

Hi,

Many thanks for your lucid instructions. I however am making a mistake somewhere. See the below verbose export. When I take the router to the location where it needs to be, I do not get any wireless signals from the router. I did try plugging in the LAN cable without successs. I can however access the router over thee LAN so something is working.

Pranav

[<code>]
# oct/07/2021 23:03:03 by RouterOS 6.48.4
# software id = 44P9-FNDB
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A7708EAC3B4
/interface bridge
add admin-mac=CC:2D:E0:AB:76:59 ageing-time=5m arp=enabled arp-timeout=auto \
auto-mac=no comment=defconf dhcp-snooping=no disabled=no fast-forward=yes \
forward-delay=15s igmp-snooping=no max-message-age=20s mtu=auto name=\
bridge priority=0x8000 protocol-mode=rstp transmit-hold-count=6 \
vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default \
loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=\
CC:2D:E0:AB:76:58 mtu=1500 name=ether1 orig-mac-address=CC:2D:E0:AB:76:58 \
rx-flow-control=off speed=1Gbps tx-flow-control=off
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default \
loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=\
CC:2D:E0:AB:76:59 mtu=1500 name=ether2 orig-mac-address=CC:2D:E0:AB:76:59 \
rx-flow-control=off speed=1Gbps tx-flow-control=off
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default \
loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=\
CC:2D:E0:AB:76:5A mtu=1500 name=ether3 orig-mac-address=CC:2D:E0:AB:76:5A \
rx-flow-control=off speed=1Gbps tx-flow-control=off
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default \
loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=\
CC:2D:E0:AB:76:5B mtu=1500 name=ether4 orig-mac-address=CC:2D:E0:AB:76:5B \
rx-flow-control=off speed=1Gbps tx-flow-control=off
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full arp=enabled \
arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 loop-protect=default \
loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=\
CC:2D:E0:AB:76:5C mtu=1500 name=ether5 orig-mac-address=CC:2D:E0:AB:76:5C \
poe-out=auto-on poe-priority=10 power-cycle-interval=none \
!power-cycle-ping-address power-cycle-ping-enabled=no \
!power-cycle-ping-timeout rx-flow-control=off speed=1Gbps \
tx-flow-control=off
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full arp=enabled arp-timeout=auto \
auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no \
full-duplex=yes l2mtu=1600 loop-protect=default \
loop-protect-disable-time=5m loop-protect-send-interval=5s mac-address=\
CC:2D:E0:AB:76:5D mtu=1500 name=sfp1 orig-mac-address=CC:2D:E0:AB:76:5D \
rx-flow-control=off sfp-shutdown-temperature=95C speed=1Gbps \
tx-flow-control=off
/queue interface
set bridge queue=no-queue
/interface ethernet switch
set 0 cpu-flow-control=yes mirror-source=none mirror-target=none name=switch1
/interface ethernet switch port
set 0 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 1 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 2 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 3 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 4 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
set 5 default-vlan-id=auto vlan-header=leave-as-is vlan-mode=disabled
/interface list
set [ find name=all ] comment="contains all interfaces" exclude="" include="" \
name=all
set [ find name=none ] comment="contains no interfaces" exclude="" include="" \
name=none
set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" \
include="" name=dynamic
set [ find name=static ] comment="contains static interfaces" exclude="" \
include="" name=static
add comment=defconf exclude="" include="" name=WAN
add comment=defconf exclude="" include="" name=LAN
/interface lte apn
set [ find default=yes ] add-default-route=yes apn=internet \
default-route-distance=2 name=default use-peer-dns=yes
/interface wireless security-profiles
set [ find default=yes ] authentication-types="" disable-pmkid=no \
eap-methods=passthrough group-ciphers=aes-ccm group-key-update=5m \
interim-update=0s management-protection=disabled \
management-protection-key="" mode=none mschapv2-password="" \
mschapv2-username="" name=default radius-called-format=mac:ssid \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=\
"" wpa2-pre-shared-key="my key"
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=none allow-sharedkey=\
no ampdu-priorities=0 amsdu-limit=8192 amsdu-threshold=8192 antenna-gain=\
3 area="" arp=enabled arp-timeout=auto band=2ghz-b/g/n basic-rates-a/g=\
6Mbps basic-rates-b=1Mbps bridge-mode=enabled channel-width=20/40mhz-XX \
compression=no country=india default-ap-tx-limit=0 \
default-authentication=yes default-client-tx-limit=0 default-forwarding=\
yes disable-running-check=no disabled=yes disconnect-timeout=3s distance=\
indoors frame-lifetime=0 frequency=auto frequency-mode=regulatory-domain \
frequency-offset=0 guard-interval=any hide-ssid=no ht-basic-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-supported-mcs="mcs-0,mc\
s-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,m\
cs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-2\
3" hw-fragmentation-threshold=disabled hw-protection-mode=none \
hw-protection-threshold=0 hw-retries=7 installation=indoor \
interworking-profile=disabled keepalive-frames=enabled l2mtu=1600 \
mac-address=CC:2D:E0:AB:76:5F max-station-count=2007 mode=ap-bridge mtu=\
1500 multicast-buffering=enabled multicast-helper=default name=wlan1 \
noise-floor-threshold=default nv2-cell-radius=30 nv2-downlink-ratio=50 \
nv2-mode=dynamic-downlink nv2-noise-floor-offset=default \
nv2-preshared-key="" nv2-qos=default nv2-queue-count=2 nv2-security=\
disabled nv2-sync-secret="" on-fail-retry-time=100ms preamble-mode=both \
radio-name=CC2DE0AB765F rate-selection=advanced rate-set=default \
rx-chains=0,1,2 scan-list=default secondary-channel="" security-profile=\
default skip-dfs-channels=disabled ssid=old station-bridge-clone-mac=\
00:00:00:00:00:00 station-roaming=disabled supported-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-chains=0,1,2 \
tx-power-mode=default update-stats-interval=disabled vlan-id=1 vlan-mode=\
no-tag wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=100 \
wds-ignore-ssid=no wds-mode=disabled wireless-protocol=802.11 \
wmm-support=disabled wps-mode=push-button
set [ find default-name=wlan2 ] adaptive-noise-immunity=none allow-sharedkey=\
no ampdu-priorities=0 amsdu-limit=8192 amsdu-threshold=8192 antenna-gain=\
2 area="" arp=enabled arp-timeout=auto band=5ghz-a/n/ac basic-rates-a/g=\
6Mbps bridge-mode=enabled channel-width=20/40/80mhz-XXXX compression=no \
country=india default-ap-tx-limit=0 default-authentication=yes \
default-client-tx-limit=0 default-forwarding=yes disable-running-check=no \
disabled=no disconnect-timeout=3s distance=indoors frame-lifetime=0 \
frequency=auto frequency-mode=regulatory-domain frequency-offset=0 \
guard-interval=any hide-ssid=no ht-basic-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-supported-mcs="mcs-0,mc\
s-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,m\
cs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-2\
3" hw-fragmentation-threshold=disabled hw-protection-mode=none \
hw-protection-threshold=0 hw-retries=7 installation=indoor \
interworking-profile=disabled keepalive-frames=enabled l2mtu=1600 \
mac-address=CC:2D:E0:AB:76:5E max-station-count=2007 mode=ap-bridge mtu=\
1500 multicast-buffering=enabled multicast-helper=default name=wlan2 \
nv2-cell-radius=30 nv2-downlink-ratio=50 nv2-mode=dynamic-downlink \
nv2-preshared-key="" nv2-qos=default nv2-queue-count=2 nv2-security=\
disabled nv2-sync-secret="" on-fail-retry-time=100ms preamble-mode=both \
radio-name=CC2DE0AB765E rate-selection=advanced rate-set=default \
rx-chains=0,1,2 scan-list=default secondary-channel="" security-profile=\
default skip-dfs-channels=disabled ssid=Periscope5G \
station-bridge-clone-mac=00:00:00:00:00:00 station-roaming=disabled \
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
tdma-period-size=2 tx-chains=0,1,2 tx-power-mode=default \
update-stats-interval=disabled vht-basic-mcs=mcs0-7 vht-supported-mcs=\
mcs0-9,mcs0-9,mcs0-9 vlan-id=1 vlan-mode=no-tag wds-cost-range=50-150 \
wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=\
disabled wireless-protocol=802.11 wmm-support=disabled wps-mode=\
push-button
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9M\
bps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:\
17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,H\
T40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-\
7:17"
set wlan2 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9M\
bps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:\
17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,H\
T40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-\
7:17"
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
flash/hotspot html-directory-override="" http-cookie-lifetime=3d \
http-proxy=0.0.0.0:0 login-by=cookie,http-chap name=default rate-limit="" \
smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none \
!insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=\
default !parent-queue !queue-type shared-users=1 status-autorefresh=1m \
transparent-proxy=no
/ip ipsec mode-config
set [ find default=yes ] name=request-only responder=no use-responder-dns=\
exclusively
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=2m \
dpd-maximum-failures=5 enc-algorithm=aes-128,3des hash-algorithm=sha1 \
lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=\
aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=\
modp1024
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=yes disabled=yes interface=bridge \
lease-script="" lease-time=10m name=defconf use-radius=no
/ppp profile
set *0 address-list="" !bridge !bridge-horizon bridge-learning=default \
!bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server \
!idle-timeout !incoming-filter !insert-queue-before !interface-list \
!local-address name=default on-down="" on-up="" only-one=default \
!outgoing-filter !parent-queue !queue-type !rate-limit !remote-address \
!session-timeout use-compression=default use-encryption=default use-mpls=\
default use-upnp=default !wins-server
set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default \
!bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server \
!idle-timeout !incoming-filter !insert-queue-before !interface-list \
!local-address name=default-encryption on-down="" on-up="" only-one=\
default !outgoing-filter !parent-queue !queue-type !rate-limit \
!remote-address !session-timeout use-compression=default use-encryption=\
yes use-mpls=default use-upnp=default !wins-server
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 \
pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 \
pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 \
pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 \
pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address \
pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB \
pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 \
pcq-total-limit=2000KiB
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
set sfp1 queue=only-hardware-queue
set wlan1 queue=wireless-default
set wlan2 queue=wireless-default
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\
3200 framer-policy=none
set wlan2 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\
3200 framer-policy=none
/routing bgp instance
set default as=65530 client-to-client-reflection=yes !cluster-id \
!confederation disabled=no ignore-as-path-len=no name=default out-filter=\
"" redistribute-connected=no redistribute-ospf=no redistribute-other-bgp=\
no redistribute-rip=no redistribute-static=no router-id=0.0.0.0 \
routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never !domain-id \
!domain-tag in-filter=ospf-in metric-bgp=auto metric-connected=20 \
metric-default=1 metric-other-ospf=auto metric-rip=20 metric-static=20 \
!mpls-te-area !mpls-te-router-id name=default out-filter=ospf-out \
redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=no router-id=0.0.0.0 \
!routing-table !use-dn
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/snmp community
set [ find default=yes ] addresses=::/0 authentication-password="" \
authentication-protocol=MD5 disabled=no encryption-password="" \
encryption-protocol=DES name=public read-access=yes security=none \
write-access=no
/system logging action
set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=flash/log disk-lines-per-file=1000 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=\
0.0.0.0 syslog-facility=daemon syslog-severity=auto syslog-time-format=\
bsd-syslog target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
eb,sniff,sensitive,api,romon,tikapp,!ftp,!write,!policy,!dude" skin=\
default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
ssword,web,sniff,sensitive,api,romon,tikapp,!ftp,!policy,!dude" skin=\
default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
winbox,password,web,sniff,sensitive,api,romon,tikapp,!dude" skin=default
/caps-man aaa
set called-format=mac:ssid interim-update=disabled mac-caching=disabled \
mac-format=XX:XX:XX:XX:XX:XX mac-mode=as-username
/caps-man manager
set ca-certificate=none certificate=none enabled=no package-path="" \
require-peer-certificate=no upgrade-policy=none
/caps-man manager interface
set [ find default=yes ] disabled=no forbid=no interface=all
/certificate settings
set crl-download=no crl-store=ram crl-use=no
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=\
defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none hw=yes ingress-filtering=no interface=ether2 \
internal-path-cost=10 learn=auto multicast-router=temporary-query \
path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=\
defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none hw=yes ingress-filtering=no interface=ether3 \
internal-path-cost=10 learn=auto multicast-router=temporary-query \
path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=\
defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none hw=yes ingress-filtering=no interface=ether4 \
internal-path-cost=10 learn=auto multicast-router=temporary-query \
path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=\
defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none hw=yes ingress-filtering=no interface=ether5 \
internal-path-cost=10 learn=auto multicast-router=temporary-query \
path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=\
defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none hw=yes ingress-filtering=no interface=sfp1 \
internal-path-cost=10 learn=auto multicast-router=temporary-query \
path-cost=10 point-to-point=auto priority=0x80 pvid=1 restricted-role=no \
restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=\
defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none ingress-filtering=no interface=wlan1 internal-path-cost=10 \
learn=auto multicast-router=temporary-query path-cost=10 point-to-point=\
auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no \
tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=\
defconf disabled=no edge=auto fast-leave=no frame-types=admit-all \
horizon=none ingress-filtering=no interface=wlan2 internal-path-cost=10 \
learn=auto multicast-router=temporary-query path-cost=10 point-to-point=\
auto priority=0x80 pvid=1 restricted-role=no restricted-tcn=no \
tag-stacking=no trusted=no unknown-multicast-flood=yes \
unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no \
use-ip-firewall-for-vlan=no
/ip firewall connection tracking
set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes \
tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=\
1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s \
tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s tcp-unacked-timeout=5m \
udp-stream-timeout=3m udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=static lldp-med-net-policy-vlan=disabled \
protocol=cdp,lldp,mndp
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes \
arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes \
max-neighbor-entries=8192 route-cache=yes rp-filter=no secure-redirects=\
yes send-redirects=yes tcp-syncookies=no
/interface detect-internet
set detect-interface-list=none internet-interface-list=none \
lan-interface-list=none wan-interface-list=none
/interface l2tp-server server
set allow-fast-path=no authentication=pap,chap,mschap1,mschap2 \
caller-id-type=ip-address default-profile=default-encryption enabled=no \
ipsec-secret="" keepalive-timeout=30 max-mru=1450 max-mtu=1450 \
max-sessions=unlimited mrru=disabled one-session-per-host=no use-ipsec=no
/interface list member
add comment=defconf disabled=no interface=bridge list=LAN
add comment=defconf disabled=no interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1,md5 cipher=blowfish128,aes128 default-profile=default enabled=\
no keepalive-timeout=60 mac-address=FE:2E:09:27:3D:D8 max-mtu=1500 mode=\
ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no force-aes=no keepalive-timeout=60 max-mru=1500 \
max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any \
verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless cap
set bridge=none caps-man-addresses="" caps-man-certificate-common-names="" \
caps-man-names="" certificate=none discovery-interfaces="" enabled=no \
interfaces="" lock-to-caps-man=no static-virtual=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.5.6/24 comment=defconf disabled=no interface=bridge \
network=192.168.5.0
add address=192.168.3.4/8 disabled=no interface=ether1 network=192.0.0.0
/ip cloud
set ddns-enabled=no ddns-update-interval=none update-time=yes
/ip cloud advanced
set use-local-address=no
/ip dhcp-client
add add-default-route=yes comment=defconf default-route-distance=1 \
dhcp-options=hostname,clientid disabled=yes interface=ether1 \
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set accounting=yes interim-update=0s store-leases-disk=5m
/ip dhcp-server network
add address=192.168.5.0/24 caps-manager="" comment=defconf dhcp-option="" \
dns-server="" gateway=192.168.5.6 netmask=24 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-concurrent-queries=100 max-concurrent-tcp-sessions=20 \
max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s \
servers=192.168.3.1 use-doh-server="" verify-doh-cert=no
/ip dns static
add address=192.168.5.6 comment=defconf disabled=no name=router.lan ttl=1d
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN !to-addresses !to-ports
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
set pptp disabled=no
set udplite disabled=no
set dccp disabled=no
set sctp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
set [ find default=yes ] comment="counters and limits for trial users" \
disabled=no name=default-trial
/ip ipsec policy
set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=\
all src-address=::/0 template=yes
/ip ipsec settings
set accounting=yes interim-update=0s xauth-use-radius=no
/ip proxy
set always-from-cache=no anonymous=no cache-administrator=webmaster \
cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no \
max-cache-object-size=2048KiB max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=:: parent-proxy-port=0 port=8080 serialize-connections=no \
src-address=::
/ip route
add !bgp-as-path !bgp-atomic-aggregate !bgp-communities !bgp-local-pref \
!bgp-med !bgp-origin !bgp-prepend !check-gateway disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=192.168.3.1 !route-tag !routing-mark scope=\
30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443 tls-version=any
set api address="" disabled=no port=8728
set winbox address="" disabled=no port=8291
set api-ssl address="" certificate=none disabled=no port=8729 tls-version=any
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/flash/pub \
disabled=no max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set auth-method=none connection-idle-timeout=2m enabled=no max-connections=\
200 port=1080 version=4
/ip ssh
set allow-none-crypto=no always-allow-password-login=no forwarding-enabled=no \
host-key-size=2048 strong-crypto=no
/ip tftp settings
set max-block-size=4096
/ip traffic-flow
set active-flow-timeout=30m cache-entries=32k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes \
dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes \
igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes \
ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=\
yes nat-dst-port=yes nat-events=no nat-src-address=yes nat-src-port=yes \
out-interface=yes packets=yes protocol=yes src-address=yes \
src-address-mask=yes src-mac-address=yes src-port=yes sys-init-time=yes \
tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes tcp-window-size=yes tos=yes \
ttl=yes udp-length=yes
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-circuit-id-in-nas-port-id=no \
use-radius=no
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-community=public \
trap-generators=temp-exception trap-target="" trap-version=1
/system clock
set time-zone-autodetect=yes time-zone-name=Asia/Kolkata
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system identity
set name=MikroTik
/system leds
set 0 disabled=no interface=wlan1 leds=wlan1-led type=wireless-status
set 1 disabled=no interface=wlan2 leds=wlan2-led type=wireless-status
set 2 disabled=no interface=sfp1 leds=sfp-led type=interface-activity
/system leds settings
set all-leds-off=never
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0 server-dns-names=""
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
/system routerboard settings
set auto-upgrade=yes boot-device=nand-if-fail-then-ethernet boot-protocol=\
bootp force-backup-booter=no protected-routerboot=disabled \
reformat-hold-button=20s reformat-hold-button-max=10m silent-boot=no
/system routerboard reset-button
set enabled=no hold-time=0s..1m on-event=""
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes ping-start-after-boot=5m \
ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 start-tls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
/tool romon
set enabled=no id=00:00:00:00:00:00 secrets=""
/tool romon port
set [ find default=yes ] cost=100 disabled=no forbid=no interface=all \
secrets=""
/tool sms
set allowed-number="" auto-erase=no channel=0 port=none receive-enabled=no \
secret="" sim-pin=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any \
filter-interface="" filter-ip-address="" filter-ip-protocol="" \
filter-ipv6-address="" filter-mac-address="" filter-mac-protocol="" \
filter-operator-between-entries=or filter-port="" filter-size="" \
filter-stream=no memory-limit=100KiB memory-scroll=yes only-headers=no \
streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator
set latency-distribution-max=100us measure-out-of-order=yes \
stats-samples-to-keep=100 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no
[</code>]
Last edited by slimprize on Fri Oct 08, 2021 10:52 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19117
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: How do I configure a HAP ac as a wireless access point

Thu Oct 07, 2021 9:34 pm

Can you post a non verbose option please LOL
/export hide-sensitive file=anynameyouwish

Why are there two IP addresses??
ip address
add address=192.168.5.6/24 comment=defconf disabled=no interface=bridge \
network=192.168.5.0
add address=192.168.3.4/8 disabled=no interface=ether1 network=192.0.0.0
 
Henthe
just joined
Posts: 7
Joined: Sun Oct 03, 2021 10:03 pm

Re: How do I configure a HAP ac as a wireless access point

Thu Oct 07, 2021 9:52 pm

Yes, regular export or compact export are much easier to read through. Your wlan2 is enabled and in ap bridge as well as a bridge port so it should be broadcasting and passing through traffic to anything on ether2, ether3, ether4, ether5, or sfp1. If your devices are 5GHz compatible otherwise, it's possible that autochannel landed on something your devices can't detect. Could try setting a manual frequency to test, or enable wlan 1 with it's old ssid to check if that is detected by your devices.
interface wireless set 1 frequency=5180
 
slimprize
Member Candidate
Member Candidate
Topic Author
Posts: 108
Joined: Thu Aug 09, 2012 2:43 am

Re: How do I configure a HAP ac as a wireless access point

Fri Oct 08, 2021 2:51 am

Hi,
Sorry about the verbose export and thanks for reminding me about the hide sensitive option.
I have 2 IP addresses because the router asked me for a lan side network address. I had to put something in which I did. Otherwise, web fig was not applying the configuration. I am happy to start from scratch. Please see below for the compact export.

The IP address 192.168.3.4 is my LAN ip address which I want to assign to the router.
Pranav
# oct/08/2021 05:16:11 by RouterOS 6.48.4
# software id = 44P9-FNDB
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A7708EAC3B4
/interface bridge
add admin-mac=CC:2D:E0:AB:76:59 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country=india distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid=old wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country=india disabled=no distance=indoors frequency=\
    auto installation=indoor mode=ap-bridge ssid=Periscope5G \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.5.6/24 comment=defconf interface=bridge network=\
    192.168.5.0
add address=192.168.3.4/8 interface=ether1 network=192.0.0.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.5.0/24 comment=defconf gateway=192.168.5.6 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.3.1
/ip dns static
add address=192.168.5.6 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
    ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.3.1
/system clock
set time-zone-name=Asia/Kolkata
/system routerboard settings
set auto-upgrade=yes
Last edited by slimprize on Fri Oct 08, 2021 10:51 am, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: How do I configure a HAP ac as a wireless access point

Fri Oct 08, 2021 10:28 am

Use Code Tag while posting code. Looks much better.

Eks:
# oct/08/2021 05:16:11 by RouterOS 6.48.4
# software id = 44P9-FNDB
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A7708EAC3B4
/interface bridge
add admin-mac=CC:2D:E0:AB:76:59 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=india distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid=old wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=india disabled=no distance=indoors frequency=\
auto installation=indoor mode=ap-bridge ssid=Periscope5G \
wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.5.6/24 comment=defconf interface=bridge network=\
192.168.5.0
add address=192.168.3.4/8 interface=ether1 network=192.0.0.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.5.0/24 comment=defconf gateway=192.168.5.6 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.3.1
/ip dns static
add address=192.168.5.6 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.3.1
/system clock
set time-zone-name=Asia/Kolkata
/system routerboard settings
set auto-upgrade=yes
 
Henthe
just joined
Posts: 7
Joined: Sun Oct 03, 2021 10:03 pm

Re: How do I configure a HAP ac as a wireless access point

Fri Oct 08, 2021 6:48 pm

But anyway, that config should have your SSID being broadcast. Might be an issue with either the hap or the device you're checking wireless visibility with. Have you tried enabling wlan1 to check if your devices can see it? Could also see if wlan2 can detect other ssid when it performs a scan, assuming others are near you.
 
slimprize
Member Candidate
Member Candidate
Topic Author
Posts: 108
Joined: Thu Aug 09, 2012 2:43 am

Re: How do I configure a HAP ac as a wireless access point

Sat Oct 09, 2021 12:48 pm

Hi,

Many thanks for the configuration. I found the problem. I had not assigned a dhcp client to the bridge.

Pranav

Who is online

Users browsing this forum: No registered users and 47 guests