Community discussions

MikroTik App
 
egal667
just joined
Topic Author
Posts: 13
Joined: Sat Feb 25, 2023 2:09 am

cAP XL inaccessible via IP, only with MAC via Winbox

Tue May 16, 2023 3:27 pm

I have a cAP XL configured as a bridge, connected to a router via another switch. The router is the DHCP server, and the cAP has a static IP configured, in the same subnet.

I cannot connect to the cAP's webfig interface with a browser, nor with Winbox via it's IP. It only works from Winbox with the MAC address.

It responds to pings though. And when I ping it, ARP is resolving the right MAC, so I'm guessing it's not an address conflict.

What am I missing here?

This is the output of /export hide-sensitive compact:

[admin@MikroTik cAP XL ac] > /export hide-sensitive compact
# jan/16/1970 20:09:44 by RouterOS 6.49.7
# software id = BBL3-MUR9
#
# model = RBcAPGi-5acD2nD
# serial number = HDK08******
/interface bridge
add admin-mac=48:A9:8A:25:56:85 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys name=auth supplicant-identity="" \
    unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=israel disabled=no distance=indoors \
    frequency=2442 installation=indoor mode=ap-bridge security-profile=auth ssid="Net 2.4" wireless-protocol=\
    802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=israel disabled=no distance=indoors \
    installation=indoor mode=ap-bridge security-profile=auth ssid="Net 5" wireless-protocol=802.11
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/queue interface
set wlan1 queue=only-hardware-queue
set wlan2 queue=only-hardware-queue
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
add disabled=yes
/ip address
add address=192.168.88.2/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.2 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system identity
set name="MikroTik cAP XL ac"
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
    \n   :if ([system leds settings get all-leds-off] = \"never\") do={\r\
    \n     /system leds settings set all-leds-off=immediate \r\
    \n   } else={\r\
    \n     /system leds settings set all-leds-off=never \r\
    \n   }\r\
    \n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Tue May 16, 2023 3:51 pm

In winbox ensure you include the port# lets say 51555

connect to:IP-ADDRESS:51555


Why is your capax setup as a router???
 
holvoetn
Forum Guru
Forum Guru
Posts: 5327
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Tue May 16, 2023 4:07 pm

...
 
egal667
just joined
Topic Author
Posts: 13
Joined: Sat Feb 25, 2023 2:09 am

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Tue May 16, 2023 5:03 pm

In winbox ensure you include the port# lets say 51555

connect to:IP-ADDRESS:51555


Why is your capax setup as a router???

Excuse my ignorance but how can you tell it's setup as a router? And how do I set it to bridge mode?

Adding the port didn't change anything, same error.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Tue May 16, 2023 5:18 pm

Just to be clear, you only have one flat network?? No vlans, no wifi for homeusers, guests, IOT devices, etc..... ???
 
egal667
just joined
Topic Author
Posts: 13
Joined: Sat Feb 25, 2023 2:09 am

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Tue May 16, 2023 5:25 pm

Just to be clear, you only have one flat network?? No vlans, no wifi for homeusers, guests, IOT devices, etc..... ???

There's a vlan and guest wifi defined on the router that's at 192.168.88.1. I'm connecting to the cAP via wifi directly though.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Wed May 17, 2023 1:53 am

Again riddles, nothing clear, I asked if you had one flat network throughout and you answered a vlan and guest network........ is that two different things or the same thing?

Where is the other subnet then the non guest subnet??

What is the capacxl attached to, what device, if MT where is its config........... where is internet coming from............
 
holvoetn
Forum Guru
Forum Guru
Posts: 5327
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Wed May 17, 2023 12:01 pm

test
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Wed May 17, 2023 5:37 pm

You failed the test, try again.
 
egal667
just joined
Topic Author
Posts: 13
Joined: Sat Feb 25, 2023 2:09 am

Re: cAP XL inaccessible via IP, only with MAC via Winbox

Sat May 20, 2023 9:13 pm

Again riddles, nothing clear, I asked if you had one flat network throughout and you answered a vlan and guest network........ is that two different things or the same thing?

Where is the other subnet then the non guest subnet??

What is the capacxl attached to, what device, if MT where is its config........... where is internet coming from............

I think I see where you're going with this, so I powered the cAP with a PoE injector and no data, to eliminate possible network interference. The whole topography is:

Laptop <--- wifi ---> cAP

No vlans, no guest networks. What I posted in the original post is the configuration.

Since it has no DHCP server I configured the laptop with a static IP (192.168.88.61, subnet 255.255.255.0). And it still behaves the same, I can connect with winbox via MAC but not via IP.

Who is online

Users browsing this forum: Ahrefs [Bot], dmconde and 59 guests