Community discussions

MikroTik App
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

MT Accesspoint configuration

Thu Nov 24, 2022 8:50 pm

Hello,

I am currently trying to integrate an MT AP into my existing network.
I was able to successfully assign the Vlan 172 and Vlan7 on ether1 to the AP with the static management address 172.16.0.30 (Vlan172) and 192.168.0.2 (Vlan7).

So far so good, now I want to assign the Vlan 7 to the Wlan interface Wlan1 and Wlan2, but I dont know how. :(
Can someone tell me how I assign this Vlan to the Wlan1 +2?
Des_AP_Docu3.jpg


# jan/02/1970 02:22:43 by RouterOS 7.6
# software id = ZB9L-KM9R
#
# model = RBcAPGi-5acD2nD
/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge ssid=User-2G
set [ find default-name=wlan2 ] disabled=no mode=ap-bridge ssid=User-5G
/interface vlan
add interface=ether1 name=ether1-vlan7 vlan-id=7
add interface=ether1 name=ether1-vlan172 vlan-id=172
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridge1 comment="FirstConfig 192.168.16.70" interface=ether2
add bridge=bridge1 comment="TRUNK " interface=ether1
/ip address
add address=192.168.16.70/21 comment="FirstConfig Statische Adresse 192.168.16\
    .70 can be disabled after configuration" interface=ether2 network=\
    192.168.16.0
add address=172.16.0.30/26 comment="AP Managment Address" interface=\
    ether1-vlan172 network=172.16.0.0
add address=192.168.0.2/21 comment="AP Ip for SSID Wlan1 and Wlan2" \
    interface=ether1-vlan7 network=192.168.0.0



routeros.png
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 9026
Joined: Mon Jun 08, 2015 12:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 9:03 pm

In the config of the wireless interface, under tab Wireless, set the VLAN mode to "use tag" and enter the desired VLAN tag.
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 9:20 pm

In the config of the wireless interface, under tab Wireless, set the VLAN mode to "use tag" and enter the desired VLAN tag.

Hm... I only see the field vlanmode and vlan id when I start to create a virtual wlan interface wlan3 for multissid
fuerantwort1.png
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 9026
Joined: Mon Jun 08, 2015 12:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 9:41 pm

Click on "Advanced Mode" first.
 
mkx
Forum Guru
Forum Guru
Posts: 8966
Joined: Thu Mar 03, 2016 10:23 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 9:45 pm

It's in Advanced Mode ...
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 9:53 pm

Click on "Advanced Mode" first.
It's in Advanced Mode ...


omg...
I've set it that way, but no change.

As soon as I connect my phone to wlan1 / 2G, I see traffic on the interface for a short time and then the message Connection error comes up on the phone. :(
# jan/02/1970 04:03:34 by RouterOS 7.6
# software id = ZB9L-KM9R
#
# model = RBcAPGi-5acD2nD
# serial number = HD20854X659
/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] country=**** disabled=no frequency=2417 \
    mode=ap-bridge skip-dfs-channels=all ssid=User-2G vlan-id=7 vlan-mode=\
    use-tag
set [ find default-name=wlan2 ] country=**** disabled=no mode=ap-bridge \
    skip-dfs-channels=all ssid=User-5G vlan-id=7 vlan-mode=use-tag
/interface vlan
add interface=ether1 name=ether1-vlan7 vlan-id=7
add interface=ether1 name=ether1-vlan172 vlan-id=172
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridge1 comment="FirstConfig 192.168.16.70" interface=ether2
add bridge=bridge1 comment="TRUNK " interface=ether1
/ip address
add address=192.168.16.70/21 comment="FirstConfig Statische Adresse 192.168.16\
    .70 can be disabled after configuration" interface=ether2 network=\
    192.168.16.0
add address=172.16.0.30/26 comment="AP Managment Address" interface=\
    ether1-vlan172 network=172.16.0.0
add address=192.168.0.2/21 comment="AP Ip for SSID Wlan1 and Wlan2" \
    interface=ether1-vlan7 network=192.168.0.0
Last edited by BartoszP on Sun Nov 27, 2022 1:07 am, edited 1 time in total.
Reason: Use proper tags: quote to quote, code for code
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Thu Nov 24, 2022 10:21 pm

 
pe1chl
Forum Guru
Forum Guru
Posts: 9026
Joined: Mon Jun 08, 2015 12:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 10:27 pm

Click on "Advanced Mode" first.
It's in Advanced Mode ...


omg...
I've set it that way, but no change.

As soon as I connect my phone to wlan1 / 2G, I see traffic on the interface for a short time and then the message Connection error comes up on the phone. :(
Look again. When the main interface is in Simple mode it does not show VLAN options, but for the virtual interface in Simple mode it does show it.
Exactly what you describe. When you see the button "Advanced mode" it is in Simple mode.

It is normal (today) that a device will not connect until everything is configured correctly, including having a working DHCP server on that network.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Thu Nov 24, 2022 11:08 pm

........................... including having a working DHCP server on that network.
Now you are clouding issues, there is no need for dhcp server on the MT Access point in most cases.................... one is simply carrying the vlans from the router to the Access point.........
In fact the only vlan that actually needs to be identified as a vlan is the management or base vlan from which the AP gets its own IP address and still no DHCP is require for that.
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 11:26 pm


omg...
I've set it that way, but no change.

As soon as I connect my phone to wlan1 / 2G, I see traffic on the interface for a short time and then the message Connection error comes up on the phone. :(
Look again. When the main interface is in Simple mode it does not show VLAN options, but for the virtual interface in Simple mode it does show it.
Exactly what you describe. When you see the button "Advanced mode" it is in Simple mode.

It is normal (today) that a device will not connect until everything is configured correctly, including having a working DHCP server on that network.
ok but as I said I opened the advanced mode and there I set the mode and VLAN ID as you can see in the config.

All services are available on the trunk connected to ether1 on the AP, including DHCP.
Yesterday it was already running and I also got a dhcp address on my phone via this ap.
Unfortunately, I shot the config to pieces when I wanted to expand the config with a third guest vlan and virtuel wlan 3 and 4 and mentally took a wrong turn somewhere....
But there I get the whole thing realized with individual bridges for each vlan.

It's also one of those things that every guide I find does it differently.
one says no, only one bridge, others say you need one for each vlan.

Anyway, do you have a link to a how-to that explains step by step how to set up an access point via the routo's webgui and maybe it's similar to my setup only with other vlans?
 
pe1chl
Forum Guru
Forum Guru
Posts: 9026
Joined: Mon Jun 08, 2015 12:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 11:26 pm

........................... including having a working DHCP server on that network.
Now you are clouding issues, there is no need for dhcp server on the MT Access point in most cases..
I write "on the network". he is setting up a network using VLANs, and he has not got that working. Until he has the proper connectivity to the intended VLAN, he probably has no DHCP server and the behavior is as expected.
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 11:34 pm

........................... including having a working DHCP server on that network.
Now you are clouding issues, there is no need for dhcp server on the MT Access point in most cases.................... one is simply carrying the vlans from the router to the Access point.........
In fact the only vlan that actually needs to be identified as a vlan is the management or base vlan from which the AP gets its own IP address and still no DHCP is require for that.
Right, there can't be anything wild about getting the ap to work. Everything is provided in the trunk. 3 switches before is an opensense vm on an esxi and provides routing, dhcp and firewall functionalities over the network.
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Nov 24, 2022 11:40 pm


Now you are clouding issues, there is no need for dhcp server on the MT Access point in most cases..
I write "on the network". he is setting up a network using VLANs, and he has not got that working. Until he has the proper connectivity to the intended VLAN, he probably has no DHCP server and the behavior is as expected.
Take a look at the drawing at the top left where the services arrive :P
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Thu Nov 24, 2022 11:55 pm

Did you look at my link above for easy switch setup ???????......................

Also read PARA C here. viewtopic.php?t=182373

All the info is there!!! The first link gives you the concepts, then follow the ^^^My advice is
Work on the config for both devices after reading and applying the knowledge of the two linked articles and will provide support.

/export file=anynameyouwish ( minus router/device serial number and any public wanip information )
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Fri Nov 25, 2022 12:06 am

i fly over but saw that i then have to deal with the cli. I actually wanted to avoid that with the webgui, but if there are no webui turorials, then I'll read up and then do it completely via the console. ;)
Last edited by BartoszP on Sun Nov 27, 2022 1:08 am, edited 2 times in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart. lines of quote, 1 line of post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Fri Nov 25, 2022 12:08 am

I like the easy way, nothing wrong with web gui if you know what the commands are doing.
I still use CLI to read all configs so it still has its place for most of us one way or another.
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Fri Nov 25, 2022 12:30 am

I like the easy way, nothing wrong with web gui if you know what the commands are doing.
I still use CLI to read all configs so it still has its place for most of us one way or another.
yes right , you have to understand the gui switches and most youtube videos use different approaches for the vlan configuration, it just confuses.
In one video he builds the vlans over several bridges. the other says no more than one bridge and builds it completely differently.

Well, I'll will read it all over the weekend and then come back with other questions. xD

First of all, thank you :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Fri Nov 25, 2022 12:44 am

KISS, one bridge all vlans attached to bridge, all vlans get ip pool, dhcp server, dhcp server network, ip address, bridge does NO dhcp etc......
Vlans disseminated via etherports and wlans at /interface bridge ports and /interface bridge vlans, firewall rules to match, bingo bongo done!

Same same fw rules.

Concept input chain and forward chain.
Default rules
User added rules
DROP all else

viewtopic.php?t=180838
If you want to get cute and bloated, not on my watch LOL. Do it after you have a solid basic working config and you leave here so I dont have to see it>
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Fri Nov 25, 2022 9:21 pm

Thx a lot :)

Another question, how can i get access to the configs examples ?
access.png
You do not have the required permissions to view the files attached to this post.
Last edited by BartoszP on Sun Nov 27, 2022 1:09 am, edited 1 time in total.
Reason: removed excessive quotting of preceding post; be wise, quote smart. lines of quote, 1 line of post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Fri Nov 25, 2022 9:23 pm

Probably due to the fact just joined, but to be honest the config examples are not in config format and thus confusing.
##############################################################################
# Topic:		Using RouterOS to VLAN your network
# Example:		Access Point
# Web:			https://forum.mikrotik.com/viewtopic.php?t=143620
# RouterOS:		6.43.13
# Date:			April 15, 2021
# Notes:		Start with a reset (/system reset-configuration)
# Thanks:		mkx, sindy
###############################################################################

#######################################
# Naming
#######################################

# name the device being configured
/system identity set name="AccessPoint"


#######################################
# VLAN Overview
#######################################

# 10 = BLUE
# 20 = GREEN
# 30 = RED
# 99 = BASE (MGMT) VLAN


#######################################
# WIFI Setup
#
# Example wireless settings only. Do
# NOT use in production!
#######################################

# Blue SSID
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="password"
/interface wireless set [ find default-name=wlan1 ] ssid=BLUE_SSID frequency=auto mode=ap-bridge disabled=no

# Green SSID
/interface wireless security-profiles add name=GREEN_PROFILE authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="password"
/interface wireless add name=wlan2 ssid=GREEN_SSID master-interface=wlan1 security-profile=GREEN_PROFILE disabled=no

# Red SSID
/interface wireless security-profiles add name=RED_PROFILE authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="password"
/interface wireless add name=wlan3 ssid=RED_SSID master-interface=wlan1 security-profile=RED_PROFILE disabled=no


#######################################
# Bridge
#######################################

# create one bridge, set VLAN mode off while we configure
/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no


#######################################
#
# -- Access Ports --
#
#######################################

# ingress behavior
/interface bridge port

# Blue, Green, Red VLAN
add bridge=BR1 interface=wlan1 pvid=10
add bridge=BR1 interface=wlan2 pvid=20
add bridge=BR1 interface=wlan3 pvid=30

# egress behavior, handled automatically


#######################################
#
# -- Trunk Ports --
#
#######################################

# ingress behavior
/interface bridge port

# Purple Trunk. Leave pvid set to default of 1
add bridge=BR1 interface=ether1

# egress behavior
/interface bridge vlan

# Purple Trunk. L2 switching only, Bridge not needed as tagged member (except BASE_VLAN)
set bridge=BR1 tagged=ether1 [find vlan-ids=10]
set bridge=BR1 tagged=ether1 [find vlan-ids=20]
set bridge=BR1 tagged=ether1 [find vlan-ids=30]
add bridge=BR1 tagged=BR1,ether1 vlan-ids=99


#######################################
# IP Addressing & Routing
#######################################

# LAN facing AP's Private IP address on a BASE_VLAN
/interface vlan add interface=BR1 name=BASE_VLAN vlan-id=99
/ip address add address=192.168.0.3/24 interface=BASE_VLAN

# The Router's IP this AP will use
/ip route add distance=1 gateway=192.168.0.1


#######################################
# IP Services
#######################################

# We have a router that will handle this. Nothing to set here.
# Attach this AP to a router configured as shown under the "RoaS" example.


#######################################
# VLAN Security
#######################################

# Only allow ingress packets without tags on Access Ports
/interface bridge port
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=wlan1]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=wlan2]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=wlan3]

# Only allow ingress packets WITH tags on Trunk Ports
/interface bridge port set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether1]


#######################################
# MAC Server settings
#######################################

# Ensure only visibility and availability from BASE_VLAN, the MGMT network
/interface list add name=BASE
/interface list member add interface=BASE_VLAN list=BASE
/ip neighbor discovery-settings set discover-interface-list=BASE
/tool mac-server mac-winbox set allowed-interface-list=BASE
/tool mac-server set allowed-interface-list=BASE


#######################################
# Turn on VLAN mode
#######################################
/interface bridge set BR1 vlan-filtering=yes
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Sat Nov 26, 2022 4:45 pm

Hi,
I have now implemented the Access Point example from viewtopic.php?t=143620.
I got the commands from the "VLAN Example #2" here: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge


First I did a complete config reset on the AP.
Then i connected my pc and the ap nic ether2 over a singel switch that is not connected to my network.
The other nic of the ap (ether1) is connected with the managed switch on the trunk port.


I then implemented the whole thing as follows via mac access over ether2:
#Devicename:
/system identity set name="AccessPoint-WZ"


#Wlan Password policy:
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="password"

#Wlan-config
/interface wireless set [ find default-name=wlan1 ] ssid=USer-2G frequency=auto mode=ap-bridge disabled=no
/interface wireless set [ find default-name=wlan2 ] ssid=User-5G frequency=auto mode=ap-bridge disabled=no

#create a bridge:
/interface bridge add name=BR1 protocol-mode=none vlan-filtering=no

#Assign vlans to bridge-port interfaces

/interface bridge port
add bridge=BR1 interface=wlan1 pvid=7
add bridge=BR1 interface=wlan2 pvid=7

#create trunk ports

add bridge=BR1 interface=ether1


#egress config
/interface bridge vlan

set [find interface=BR1] tagged=ether1 vlan-ids=7
add bridge=BR1 tagged=BR1,ether1 vlan-ids=172

# IP Addressing & Routing
/interface vlan 

add interface=BR1 name=Management-Vlan172 vlan-id=172
/ip address add address=172.16.0.30/26 interface=Management-Vlan172
/ip route add distance=1 gateway=172.16.0.1

# VLAN Security
/interface bridge port

# Only allow ingress packets without tags on Access Ports
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=wlan1]
set bridge=BR1 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=wlan2]

# Only allow ingress packets WITH tags on Trunk Ports
/interface bridge port set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether1]

#Mac Server settings

/interface list add name=BASE
/interface list member add interface=Management-Vlan172 list=BASE
/ip neighbor discovery-settings set discover-interface-list=BASE
/tool mac-server mac-winbox set allowed-interface-list=BASE
/tool mac-server set allowed-interface-list=BASE

/interface bridge set BR1 vlan-filtering=yes

After doing this the config on the ap looks like this:
# jan/02/1970 02:56:28 by RouterOS 7.6
# software id = ZB9L-KM9R
#
# model = RBcAPGi-5acD2nD
# serial number = HD20854X659
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=germany disabled=no \
    frequency=2417 mode=ap-bridge skip-dfs-channels=all ssid=User-2G vlan-id=\
    7 vlan-mode=use-tag wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=germany disabled=no \
    mode=ap-bridge skip-dfs-channels=all ssid=User-5G vlan-id=7 vlan-mode=\
    use-tag wireless-protocol=802.11
/interface vlan
add interface=BR1 name=Management-Vlan172 vlan-id=172
add interface=BR1 name=User-Vlan7 vlan-id=7
/interface list
add include=all name=BASE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
    wlan1 pvid=7
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
    wlan2 pvid=7
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=BASE lldp-med-net-policy-vlan=1
/interface bridge vlan
add bridge=BR1 tagged=ether1,BR1 vlan-ids=172
add bridge=BR1 tagged=ether1,BR1 untagged=wlan1,wlan2 vlan-ids=7
/interface list member
add interface=BR1 list=BASE
/ip address
add address=172.16.0.30/26 interface=Management-Vlan172 network=172.16.0.0
add address=192.168.0.2/21 interface=User-Vlan7 network=192.168.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 pref-src=\
    "" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/system identity
set name=AccessPoint-WZ
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE
So far so good...


I can now reach the management address 172.16.0.30 and the user interface 192.168.0.2 from outside. (Ping and webgui works)
Both addresses are now available on ether1 of the access point.
Unfortunately I still get an error when connecting to wlan1 and wlan2.
Have I overlooked something here?
Last edited by BartoszP on Sun Nov 27, 2022 1:10 am, edited 1 time in total.
Reason: Use proper tags: quote to quote, code for code
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Sat Nov 26, 2022 5:11 pm

(1) Yeah why are you putting vlan information WITHIN the wifi settings, should be REMOVED.
attaching vlans to wlans is done by settings at (which seem to be well done by the way)

/interface bridge port
/interface bridge vlan

(2) Why do you have address information for the vlans on the Access point, that is done on the main router ??? NOT REQUIRED
/ip address
add address=172.16.0.30/26 interface=Management-Vlan172 network=172.16.0.0
add address=192.168.0.2/21 interface=User-Vlan7 network=192.168.0.0
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Sat Nov 26, 2022 5:24 pm

to 1: ok understand, is now removed.

to2: ok for 192.168.0.2/21 i understand this because if a device i using the wlan1 or 2 it gets then a dhcp adresss over the network from the router.
but the management vlan has no dhcp its static based. how should i reach the webgui of the ap without the static ip?

# jan/02/1970 01:19:17 by RouterOS 7.6
# software id = ZB9L-KM9R
#
# model = RBcAPGi-5acD2nD
# serial number = HD20854X659
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=germany disabled=no \
    frequency=2417 mode=ap-bridge skip-dfs-channels=all ssid=User-2G \
    wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=germany disabled=no \
    mode=ap-bridge skip-dfs-channels=all ssid=User-5G wireless-protocol=\
    802.11
/interface vlan
add interface=BR1 name=Management-Vlan172 vlan-id=172
add interface=BR1 name=User-Vlan7 vlan-id=7
/interface list
add include=all name=BASE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
    wlan1 pvid=7
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
    wlan2 pvid=7
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=BASE lldp-med-net-policy-vlan=1
/interface bridge vlan
add bridge=BR1 tagged=ether1,BR1 vlan-ids=172
add bridge=BR1 tagged=ether1,BR1 untagged=wlan1,wlan2 vlan-ids=7
/interface list member
add interface=BR1 list=BASE
/system identity
set name=AccessPoint-WZ
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE

Last edited by BartoszP on Sun Nov 27, 2022 1:11 am, edited 2 times in total.
Reason: Use proper tags: quote to quote, code for code
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Sat Nov 26, 2022 5:35 pm

1. you define vlan172 as being attached the bridge done!
2. you assign the vlan to the interface list of base. ( not the bridge )
3. you set neighbours discovery to interface list of BASE ( drop the fancy stuff vlan1 ???)
4. you set mac server winbox server entry to BASE. ( mac server by itself entry is set to NONE, not secure )
5. set /ip dns
set allow-remote-requests=yes servers=172.16.0.1 comment="dns through trusted subnet gateway"
6. /ip route
add disabled=no dst-address=0.0.0.0/0 gateway=172.16.0.1 comment="ensures route avail through trusted subnet gateway"

7. AND MY BAD yes you do need the one address for the device itself, I meant the vlan7 only should be scrapped.

you thus should keep
/ip address
add address=172.16.0.30/26 interface=Management-Vlan172 network=172.16.0.0
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Sat Nov 26, 2022 5:44 pm

Many Many Thx !!!!! Now it is working :D
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Dec 01, 2022 5:31 pm

Hello me again... :)

I was able to expand my config so far and it works as learned. :)

What bothers me now is that when I connect the AP to the switch trunk, it starts to flap after a while. It also disappears after a short time, but it's really annoying.

Without the Ap, everything runs normally.

Any ideas?

Ping From PC to DNS Server:
ping.png
AP Config:
# jan/02/1970 00:04:37 by RouterOS 7.6
# software id = ZB9L-KM9R
#
# model = RBcAPGi-5acD2nD
# serial number = HD20854X659
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface vlan
add interface=BR1 name=Guest-Vlan15 vlan-id=1
add interface=BR1 name=IOT-Vlan39 vlan-id=39
add interface=BR1 name=Kameras-Vlan31 vlan-id=31
add interface=BR1 name=Management-Vlan172 vlan-id=172
add interface=BR1 name=User-Vlan7 vlan-id=7
/interface list
add include=all name=BASE
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=IOT \
supplicant-identity=""
add authentication-types=wpa2-psk mode=dynamic-keys name=User \
supplicant-identity=""
add authentication-types=wpa2-psk mode=dynamic-keys name=Guest \
supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=germany disabled=no \
frequency=2417 mode=ap-bridge security-profile=User skip-dfs-channels=all \
ssid=R2D2-User wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=germany disabled=no \
mode=ap-bridge security-profile=User skip-dfs-channels=all ssid=R2D2-User \
wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=1A:FD:74:92:5D:F0 \
master-interface=wlan1 multicast-buffering=disabled name=wlan3 \
security-profile=Guest ssid=R2D2-Guest wds-cost-range=0 wds-default-cost=\
0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=1A:FD:74:92:5D:F1 \
master-interface=wlan2 multicast-buffering=disabled name=wlan4 \
security-profile=Guest ssid=R2D2-Guest wds-cost-range=0 wds-default-cost=\
0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=1A:FD:74:92:5D:F2 \
master-interface=wlan1 multicast-buffering=disabled name=wlan5 \
security-profile=IOT ssid=R2D2-IOT wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=1A:FD:74:92:5D:F3 \
master-interface=wlan2 multicast-buffering=disabled name=wlan6 \
security-profile=IOT ssid=R2D2-IOT wds-cost-range=0 wds-default-cost=0 \
wps-mode=disabled
add keepalive-frames=disabled mac-address=1A:FD:74:92:5D:F4 master-interface=\
wlan1 multicast-buffering=disabled name=wlan7 ssid=R2D2-Kameras \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add keepalive-frames=disabled mac-address=1A:FD:74:92:5D:F5 master-interface=\
wlan2 multicast-buffering=disabled name=wlan8 ssid=R2D2-Kameras \
wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan1 pvid=7
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan2 pvid=7
add bridge=BR1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan3 pvid=15
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan4 pvid=15
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan5 pvid=39
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan6 pvid=39
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan7 pvid=31
add bridge=BR1 frame-types=admit-only-untagged-and-priority-tagged interface=\
wlan8 pvid=31
/ip neighbor discovery-settings
set discover-interface-list=BASE lldp-med-net-policy-vlan=1
/interface bridge vlan
add bridge=BR1 tagged=ether1,BR1 vlan-ids=172
add bridge=BR1 tagged=ether1,BR1 untagged=wlan1,wlan2 vlan-ids=7
add bridge=BR1 tagged=BR1,ether1 vlan-ids=1
add bridge=BR1 tagged=BR1,ether1 untagged=wlan3,wlan4 vlan-ids=15
add bridge=BR1 tagged=BR1,ether1 untagged=wlan5,wlan6 vlan-ids=39
add bridge=BR1 tagged=BR1,ether1 untagged=wlan7,wlan8 vlan-ids=31
/interface list member
add interface=BR1 list=BASE
/ip address
add address=172.16.0.30/26 interface=Management-Vlan172 network=172.16.0.0
/ip dns
set allow-remote-requests=yes servers=172.16.0.1
/ip route
add comment="ensures route avail through trusted subnet gateway" disabled=no \
dst-address=0.0.0.0/0 gateway=172.16.0.1
/snmp
set enabled=yes trap-target=0.0.0.0
/system identity
set name=AccessPoint-WZ
/system logging
add topics=wireless,debug
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE
On the Switch runs SwitchOS
switchos-8port-sw.png
20221201_163535.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by qwerty0815 on Thu Dec 01, 2022 6:02 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Thu Dec 01, 2022 6:00 pm

Try on bridge setting STP mode to RSTP from none, and if that doesnt work try MSTP. If that doesnt help no other ideas.
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Dec 01, 2022 6:05 pm

Try on bridge setting STP mode to RSTP from none, and if that doesnt work try MSTP. If that doesnt help no other ideas.
Thx, i will try it :)
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Dec 01, 2022 6:26 pm

Try on bridge setting STP mode to RSTP from none, and if that doesnt work try MSTP. If that doesnt help no other ideas.
Thx, i will try it :)
Both options are not working :(
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Thu Dec 01, 2022 6:32 pm

Hmmm, so the router is not connected diretly to the AP, its connected to an MT switch lite and then to the AP??
 
qwerty0815
just joined
Topic Author
Posts: 16
Joined: Wed Nov 23, 2022 8:09 pm

Re: MT Accesspoint configuration

Thu Dec 01, 2022 6:49 pm

Hmmm, so the router is not connected diretly to the AP, its connected to an MT switch lite and then to the AP??
yes thats right...

But i found now the Problem, i have a faulty LACP Bonding between two Switches wich was the reason of the Flaps. :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14471
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: MT Accesspoint configuration

Thu Dec 01, 2022 9:39 pm

Phew..............

Who is online

Users browsing this forum: Semrush [Bot] and 18 guests