Community discussions

MikroTik App
 
souljazk
just joined
Topic Author
Posts: 17
Joined: Tue Jan 12, 2016 10:05 am

PoE - station mode - Winbox on Eth1

Thu Jun 02, 2022 3:24 pm

I'm running a HAPAc2 in station mode (working fine thank you again @Ca6ko), via a PoE injector (Eth1). My understanding is that by design this does not allow Winbox to see the router. There are currently no firewall filter rules (removed config and started from zero config). I do however have a /Firewall - NAT - Masquerade rule for the SRCNat.

I found the following when Googling, but would like to see if there is a better / more recommended method? This device does not face the internet directly.

URL: viewtopic.php?t=45096

"
I had to remove this one to get it to work though ?

filter add chain=input action=drop in-interface=ether1-gateway comment="de
fault configuration"
"

My HAP Ac2's current config is:
# jun/02/2022 14:21:17 by RouterOS 6.49.6
# software id = 9CY3-QU61
#
# model = RBD52G-5HacD2HnD
# serial number = ***REMOVED***
/interface bridge
add name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk,wpa2-eap management-protection=allowed mode=dynamic-keys name=profile1-wifi-2.4-STATION supplicant-identity="" wpa2-pre-shared-key= ***REMOVED***
add authentication-types=wpa2-psk,wpa2-eap mode=dynamic-keys name=profile2-5Ghz supplicant-identity="" wpa2-pre-shared-key="\ ***REMOVED***"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn country=" ***REMOVED***" disabled=no frequency=2442 installation=indoor security-profile=profile1-wifi-2.4-STATION ssid= ***REMOVED***
set [ find default-name=wlan2 ] band=5ghz-onlyn country=" ***REMOVED***" disabled=no frequency=5200 installation=indoor mode=ap-bridge security-profile=profile2-5Ghz ssid=" ***REMOVED***" wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address= ***REMOVED*** master-interface=wlan1 multicast-buffering=disabled name="wlan3-Office AP" security-profile=profile2-5Ghz ssid= ***REMOVED*** wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=172.16.1.2-172.16.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 lease-time=1d name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan2
add bridge=bridge1 interface="wlan3-Office AP"
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all
/ip address
add address=172.16.1.1/24 interface=bridge1 network=172.16.1.0
/ip dhcp-client
add disabled=no interface=wlan1
/ip dhcp-server network
add address=172.16.1.0/24 dns-server=192.168.110.1,1.1.1.2,1.0.0.2 gateway=172.16.1.1
/ip firewall nat
add action=masquerade chain=srcnat src-address=172.16.1.0/24 src-address-list=""
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name= ***REMOVED***

Who is online

Users browsing this forum: dmconde, GoogleOther [Bot] and 39 guests