Would anyone be so kind as to help with this simple setup for mAP lite please?
It is a tiny access point, that has only two interfaces: 1 wifi and 1 ethernet port.
It will be constantly connected to my home network wifi.
I'd like it to pass any traffic from wifi / LAN, to any device that will be connected through the ethernet port.
Basically, I would like it to work similarly to unmanaged switch connected to LAN.
# dec/23/2022 13:54:33 by RouterOS 7.6
# software id = K6BA-06RU
#
# model = RBmAPL-2nD
# serial number = NNNNNNNNNNNN
/interface pwr-line
set [ find default-name=pwr-line1 ] disabled=yes
/interface bridge
add admin-mac=NN:NN:NN:NN:NN:NN auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=NNNNNNNNNNNN disabled=no distance=indoors frequency=auto installation=\
indoor ssid=NNNNNNNNNNNN wireless-protocol=nv2-nstreme-802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp ranges=192.168.88.3-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=yes interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1
add bridge=bridge ingress-filtering=no interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=all
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=wlan1 list=LAN
add interface=ether1 list=LAN
add interface=bridge list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip dhcp-client
add interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 netmask=24
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=NNNNNNNNNNNN
/system ntp client
set enabled=yes
/system ntp client servers
add address=europe.pool.ntp.org
/system scheduler
add interval=1w name=auto-upgrade on-event="/system package update\r\
\ncheck-for-updates once\r\
\n:delay 3s;\r\
\n:if ( [get status] = \"New version is available\") do={ install }" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=dec/25/2022 start-time=03:30:00
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Just to be specific:
- Although it's currently getting IP from DHCP I'm unable to connect to it via Winbox using IP address. Only MAC connection works. How to fix that?
- NTP Client is unable to connect. Ping 8.8.8.8 is not working. How to fix that?
- How to configure it so it will work just like a LAN switch for device connected via ether1 port? My gateway is 192.168.0.1.
- For the setup displayed above, do I need Firewall at all? Can I remove ALL rules?