Community discussions

MikroTik App
 
froszu
just joined
Topic Author
Posts: 14
Joined: Tue Jul 06, 2021 9:54 pm

basics: guest WiFi network / no internet access

Thu Nov 24, 2022 3:02 pm

I am trying to learn both networking basics and RouterOS.
My hardware:
- RB5009 as a Router
- cAP XL ac as Acces Point

My current setup is simple home wifi:
Router has one bridge for all ports (except port1 WAN), one 192.168.2.0/24 network and one DHCP server. There are no custom firewall rules except of what was set by default.
Under Port 2 is connected cAP XL and it is given a static lease address 192.168.2.3.
cAP is broadcadsting two SSIDs: miranda + miranda5. All it's interfaces (ethernet and wireless) are under one bridge, so effectively connecting to WiFi I am in 192.168.2.0 network. There is no DHCP server nor client.
This setup works OK and I assume it is generally correct.

Now my goal is to add another isolated 'guest' SSID. I tried following this tutorial: https://xan.manning.io/2015/12/05/creat ... eros6.html
The new guest network is created and I can connect to it, however without internet access. This is short summary of extra steps for `guest` wifi:

- add new guest_bridge
- add new virtual wireless interface (and set it master) and add it to guest_bridge. Also set SSID and guest_profile
- add new IP address for guest_bridge: 172.16.0.1
- add DHCP server and new network 172.16.0.0/16 and guest_IP_pool
- for above network, set gateway and DNS to 172.16.0.1
- add Firewall NAT masquerade

I did not complete network isolation steps from tutorial, since no internet is accessible from `guest` wifi

Can anybody please take a look and tell me what am I missing?
I attach screenshots and configuartions of both devices.

thanks.
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14354
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: basics: guest WiFi network / no internet access

Thu Nov 24, 2022 11:17 pm

I will have a look later in the meantime..
all you should need to do is add the vlan on the main router as per any other vlan, and this new one specifically pertains to the new SSID. GUEST access etc.
Then you tag that along with other vlans on the trunk port going to the access point.

On the access point you add that vlan to ether1 as another one of the tagged vlans coming in on the trunk port coming in on the Capac.
Then you add the new WLAN as another bridge port with pvid of the new vlan and ensure you also add it to /interface bridge vlans..........

viewtopic.php?t=182276
 
froszu
just joined
Topic Author
Posts: 14
Joined: Tue Jul 06, 2021 9:54 pm

Re: basics: guest WiFi network / no internet access

Sat Nov 26, 2022 4:41 pm

Thanks for taking time. I will go into vlans but its too soon for me. I need to do sone reading and learning (great links there).
Before i jump into vlans I'd really like to know why my setup is not working. Walking before running!

Cheers
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14354
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: basics: guest WiFi network / no internet access

Sat Nov 26, 2022 5:20 pm

Sorry as soon as you stated a guest network then you are really talking setting up vlans ...............

Read PARA C. viewtopic.php?t=182373
 
froszu
just joined
Topic Author
Posts: 14
Joined: Tue Jul 06, 2021 9:54 pm

Re: basics: guest WiFi network / no internet access

Tue Nov 29, 2022 12:14 pm

Anyone else have idea what could be wrong with my setup ?
 
erlinden
Forum Guru
Forum Guru
Posts: 1279
Joined: Wed Jun 12, 2013 1:59 pm

Re: basics: guest WiFi network / no internet access

Tue Nov 29, 2022 2:17 pm

Anyone else have idea what could be wrong with my setup ?
Agree with anav: read a bit more about VLAN.
Besides...you only want your router to take care of DHCP, not your accesspoint.

About your wireless settings:
- don't use auto
- only choose 20MHz channelwidth on the 2.4GHz radio
- don't use XXXX as extension, choose you control channel manually (like Ceee)
- don't use b/g/n and a/n/ac (unless you really have to), instead use g/n and n/ac
 
froszu
just joined
Topic Author
Posts: 14
Joined: Tue Jul 06, 2021 9:54 pm

Re: basics: guest WiFi network / no internet access

Tue Nov 29, 2022 2:58 pm

Anyone else have idea what could be wrong with my setup ?
Agree with anav: read a bit more about VLAN.
Besides...you only want your router to take care of DHCP, not your accesspoint.

About your wireless settings:
- don't use auto
- only choose 20MHz channelwidth on the 2.4GHz radio
- don't use XXXX as extension, choose you control channel manually (like Ceee)
- don't use b/g/n and a/n/ac (unless you really have to), instead use g/n and n/ac
Got it, thanks.
Can you elaborate a bit on what you mean by "you only want your router to take care of DHCP, not your accesspoint" ? This seems as most simple/straightforward solution to me.
edit: I guess you mean DHCP server (createdon AP) for guest network.

If you know any good/recomended HowTo for this kind of setup - please share. I will do my own search of course too.
edit: will go through this now: viewtopic.php?t=182276
thanks!
 
erlinden
Forum Guru
Forum Guru
Posts: 1279
Joined: Wed Jun 12, 2013 1:59 pm

Re: basics: guest WiFi network / no internet access

Tue Nov 29, 2022 3:13 pm

Please read this:
viewtopic.php?f=23&t=143620
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14354
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: basics: guest WiFi network / no internet access

Tue Nov 29, 2022 4:03 pm

That is a good link but can be confusing.......
Read it then apply it like so..............

^^^My advice is not to config/copy pcunite's formats verbatim from the first link above, its stilted and confusing. Instead simply using winbox, work through the Configuration Steps logically.

Add Bridge (or modify default Bridge as required)
Add VLANS with the parent interface being the Bridge
Create Subnet Structure for each VLAN (and likely modify the default subnet to be one of the VLANs)
Construct /interface bridge ports ( etherports and WLANs as applicable )
Construct /interface bridge vlans ( tagged and untagged **** Should match up with /interface bridge ports as a cross-check )
Make Changes to LAN Interface List ( remove bridge and add all vlans typically)
Add Management/Base Interface List & applicable members (Base Vlan and off bridge etherport for example)
Adjust Firewall Rules as necessary (Base List to Input Chain, LAN List to Input Chain for DNS, etc. ( required router services ))
Go to CLI and run export and see if any errors crop up.
Turn on bridge vlan filtering.

Who is online

Users browsing this forum: Google [Bot] and 10 guests