I'm having trouble setting up my Mikrotik hAP ac2 RBD52G-5HacD2HnD-TC that I purchased last year. It was working with my last ISP, but I've switched over to a new one. My ISP (Ziply) has an ONT, which provides an ethernet WAN jack in my apartment. I wasn't able to get an IP address with DHCP using my Mikrotik router, so the installer temporarily provided me with an Arris router.
After looking at the packets between the ONT and Arris router with Wireshark, I noticed that there is a VLAN layer with priority 0, DEI 0, and ID 0.
How can I go about setting up this configuration on my router for both ethernet and wireless clients?
Thank you!
EDIT: I was able to get this working. Here's my working config. I used netinstall to flash it with routeros 6.49.6,
Code: Select all
sudo ./netinstall -r -s ./mikrotik-config.scr -a 192.168.88.1 routeros-arm-6.49.6.npkCode: Select all
:delay 30s
##################################################################################################
# ABOUT:
#
# Creates a WAN bridge with VLAN tagging, to use with Ziply when it's VLAN tagged. I'm basing this
# off of https://forum.mikrotik.com/viewtopic.php?t=154954
#
# Date: 05-10-2022
#
##################################################################################################
# create two bridges, a WAN side and a LAN side
/interface bridge
add name=Bridge_LAN protocol-mode=none
add name=Bridge_WAN admin-mac=bc:5b:d5:df:a7:12 pvid=1 auto-mac=no igmp-snooping=yes protocol-mode=none vlan-filtering=yes
# setup wifi
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=2442 installation=indoor mode=ap-bridge ssid=eggplanet2 \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-XXXX country="united states" disabled=no distance=indoors frequency=5500 installation=indoor mode=\
ap-bridge ssid=eggplanet wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=1234567890
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip neighbor discovery-settings
set discover-interface-list=LAN
# Add ports to each bridge
/interface bridge port
# WAN
add bridge=Bridge_WAN interface=ether1
# LAN
add bridge=Bridge_LAN interface=ether2
add bridge=Bridge_LAN interface=ether3
add bridge=Bridge_LAN interface=ether4
add bridge=Bridge_LAN interface=ether5
add bridge=Bridge_LAN interface=wlan1
add bridge=Bridge_LAN interface=wlan2
/interface list member
add comment=defconf interface=Bridge_LAN list=LAN
add comment=defconf interface=Bridge_WAN list=WAN
# Ready a DHCP client to pull an IP from the ATT ONT
/ip dhcp-client add dhcp-options=clientid disabled=no interface=Bridge_WAN use-peer-dns=no use-peer-ntp=no
# Standard MikroTik LAN configuration stuff. Modify to suit your LAN preferences
/ip pool add name=pool_LAN ranges=10.0.0.10-10.0.0.99
/ip dhcp-server add add-arp=yes address-pool=pool_LAN always-broadcast=yes disabled=no interface=Bridge_LAN lease-time=2d name=dhcp_LAN
/ip address add address=10.0.0.1/24 interface=Bridge_LAN
/ip dhcp-server network add address=10.0.0.0/24 dns-server=10.0.0.1 gateway=10.0.0.1
/ip dns set allow-remote-requests=yes servers="1.1.1.1,8.8.8.8"
/ip dns static add address=10.0.0.1 comment=defconf name=router.lan
# Sample Firewall
/ip firewall filter
add chain=input action=accept connection-state=established,related comment="Allow established related"
add chain=input action=accept in-interface=Bridge_LAN comment="Allow LAN"
add chain=input action=accept protocol=icmp comment="Allow Ping"
add chain=input action=drop comment="Drop all other input"
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add chain=forward action=accept connection-state=established,related comment="Allow established related"
add chain=forward action=accept connection-state=new in-interface=Bridge_LAN comment="Allow LAN"
add chain=forward action=accept connection-nat-state=dstnat in-interface=Bridge_WAN comment="Allow port forwards"
add chain=forward action=drop comment="Drop all other forward"
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
# Sample masquerade
/ip firewall nat add action=masquerade chain=srcnat comment="Default masq" out-interface=Bridge_WAN
/system ntp client
set enabled=yes primary-ntp=128.138.140.44 secondary-ntp=129.6.15.28
