- MikroTik.by
- Нет интернета на гостевом wi-fi (vlan)
- Нет интернета на гостевом wi-fi (vlan)
- Mikrotik guest wifi нет интернета
- Mikrotik guest wifi нет интернета
- Re: Guest WiFi, but it does not have internet access
- Re: Guest WiFi, but it does not have internet access
- Re: Guest WiFi, but it does not have internet access
MikroTik.by
For every complex problem, there is a solution that is simple, neat, and wrong.
Нет интернета на гостевом wi-fi (vlan)
Нет интернета на гостевом wi-fi (vlan)
Сообщение greendoom » 25 июн 2021, 11:19
Всем добрый день! Прошу сильно не пинать, так как в теме микротиков я новый человек. Есть 24-х портовик CRS326-24G-2S+. Настроен в режиме обычного свича. Есть внешний дхцп сервачок. Купили 3 микрота hap ac2 для вай фая. Ну соответственно поднял на 24 портовике Capsman, чтобы он рулил этими тремя точками. Настроил, как в большинстве мануалов, две сети: op-office для офисных работников и op-guest для гостей. Для офисного вай фая выставил в Datapath Local forwarding и client to client forwarding. Все хорошо. А вот с гостевой сеткой косяк. Не удается никак на нее инет дать. Пробовал через отдельный бридж, но не сработало. Сейчас сделал для гостевых интерфейсов отдельный vlan, поднял на нем дхцп. Поместил этот vlan в бридж со всеми портами. В итоге клиент получает айпишник от дцхп на микроте, но в инет не выходит. Подскажите, что я упустил. Что нужно донастроить, чтобы не поломать существующую сетку и прикрутить изолированный гостевой вай фай?
# jun/25/2021 10:36:37 by RouterOS 6.47 # software model = CRS326-24G-2S+ # serial number = ******** /caps-man channel add band=2ghz-b/g/n frequency=2447 name=office-2G add band=5ghz-a/n/ac frequency=5300 name=office-5G /interface bridge add admin-mac=C4:********** auto-mac=no comment=defconf name=bridge /interface vlan add arp=reply-only interface=bridge name=vlan10-guest vlan-id=10 /caps-man datapath add bridge=bridge client-to-client-forwarding=yes local-forwarding=yes name=\ op-office add bridge=bridge client-to-client-forwarding=no local-forwarding=no name=\ op-guest vlan-id=10 vlan-mode=use-tag /caps-man security add authentication-types=wpa2-eap eap-methods=passthrough \ eap-radius-accounting=yes encryption=aes-ccm group-encryption=aes-ccm \ name=op-office add authentication-types=wpa2-psk encryption=aes-ccm name=op-guest \ passphrase=********* /caps-man configuration add channel=office-2G country=belarus datapath=op-office mode=ap name=\ op-office-2G rx-chains=0,1,2,3 security=op-office ssid=office \ tx-chains=0,1,2,3 add channel=office-5G country=belarus datapath=op-office mode=ap name=\ op-office-5G rx-chains=0,1,2,3 security=op-office ssid=office \ tx-chains=0,1,2,3 add channel=office-2G country=belarus datapath=op-guest mode=ap name=\ op-guest-2G rx-chains=0,1,2,3 security=op-guest ssid=office-guest \ tx-chains=0,1,2,3 add channel=office-5G country=belarus datapath=op-guest mode=ap name=\ op-guest-5G rx-chains=0,1,2,3 security=op-guest ssid=office-guest \ tx-chains=0,1,2,3 /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp_pool_guest ranges=192.168.89.2-192.168.89.254 /ip dhcp-server add add-arp=yes address-pool=dhcp_pool_guest disabled=no interface=\ vlan10-guest name=dhcp-guest /queue type add kind=pcq name=queue-guest-download pcq-classifier=dst-address pcq-rate=\ 10M add kind=pcq name=queue-guest-upload pcq-classifier=src-address pcq-rate=10M /queue simple add max-limit=10M/10M name=queue-guest queue=\ queue-guest-upload/queue-guest-download target=192.168.89.0/24 /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\ sword,web,sniff,sensitive,api,romon,dude,tikapp" /caps-man access-list add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\ -75..120 ssid-regexp="" add action=reject allow-signal-out-of-range=10s disabled=no signal-range=\ -120..76 ssid-regexp="" /caps-man manager set enabled=yes /caps-man provisioning add action=create-dynamic-enabled master-configuration=op-office-2G \ name-format=prefix-identity name-prefix=2G radio-mac=48:******** \ slave-configurations=op-guest-2G add action=create-dynamic-enabled master-configuration=op-office-5G \ name-format=prefix-identity name-prefix=5G radio-mac=48:******** \ slave-configurations=op-guest-5G add action=create-dynamic-enabled master-configuration=op-office-2G \ name-format=prefix-identity name-prefix=2G radio-mac=48:******** \ slave-configurations=op-guest-2G add action=create-dynamic-enabled master-configuration=op-office-5G \ name-format=prefix-identity name-prefix=5G radio-mac=48:********* \ slave-configurations=op-guest-5G add action=create-dynamic-enabled master-configuration=op-office-2G \ name-format=prefix-identity name-prefix=2G radio-mac=48:********* \ slave-configurations=op-guest-2G add action=create-dynamic-enabled master-configuration=op-office-5G \ name-format=prefix-identity name-prefix=5G radio-mac=48:********* \ slave-configurations=op-guest-5G /interface bridge port add bridge=bridge comment=defconf hw=no interface=ether1 add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf interface=ether5 add bridge=bridge comment=defconf interface=ether6 add bridge=bridge comment=defconf interface=ether7 add bridge=bridge comment=defconf interface=ether8 add bridge=bridge comment=defconf interface=ether9 add bridge=bridge comment=defconf interface=ether10 add bridge=bridge comment=defconf interface=ether11 add bridge=bridge comment=defconf interface=ether12 add bridge=bridge comment=defconf interface=ether13 add bridge=bridge comment=defconf interface=ether14 add bridge=bridge comment=defconf interface=ether15 add bridge=bridge comment=defconf interface=ether16 add bridge=bridge comment=defconf interface=ether17 add bridge=bridge comment=defconf interface=ether18 add bridge=bridge comment=defconf interface=ether19 add bridge=bridge comment=defconf interface=ether20 add bridge=bridge comment=defconf interface=ether21 add bridge=bridge comment=defconf interface=ether22 add bridge=bridge comment=defconf interface=ether23 add bridge=bridge comment=defconf interface=ether24 /interface list member add interface=ether1 list=WAN add interface=ether2 list=LAN add interface=ether3 list=LAN add interface=ether4 list=LAN add interface=ether5 list=LAN add interface=ether6 list=LAN add interface=ether7 list=LAN add interface=ether8 list=LAN add interface=ether9 list=LAN add interface=ether10 list=LAN add interface=ether11 list=LAN add interface=ether12 list=LAN add interface=ether13 list=LAN add interface=ether14 list=LAN add interface=ether15 list=LAN add interface=ether16 list=LAN add interface=ether17 list=LAN add interface=ether18 list=LAN add interface=ether19 list=LAN add interface=ether20 list=LAN add interface=ether21 list=LAN add interface=ether22 list=LAN add interface=ether23 list=LAN add interface=ether24 list=LAN /ip address add address=192.168.65.225/24 disabled=yes interface=ether2 network=\ 192.168.65.0 add address=192.168.65.230 interface=bridge network=192.168.65.0 add address=192.168.89.1/24 interface=vlan10-guest network=192.168.89.0 /ip dhcp-client add disabled=no interface=bridge /ip dhcp-server network add address=192.168.89.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.89.1 /ip dns set servers=192.168.65.15,192.168.65.60 /ip route add disabled=yes distance=1 gateway=192.168.65.1 /ip route rule add action=drop disabled=yes dst-address=192.168.89.0/24 src-address=\ 192.168.65.0/24 add action=drop disabled=yes dst-address=192.168.65.0/24 src-address=\ 192.168.89.0/24 /radius add address=192.168.65.145 secret=******** service=wireless timeout=3s600ms /system clock set time-zone-name=Europe/Minsk /system identity set name="Mikrotik" /system logging add topics=radius /system routerboard settings set boot-os=router-os Mikrotik guest wifi нет интернета
I have a probabbly trivial problem but I cant really get past to it.
So I am trying to confiugre a guest wifi on my cAP ac. I am not doing this via wizard, because already I have set up main — working wifi network and want just to add secodary as guest.
The problem is that the guest wifi (the guest bridge) doesnt get any wifi.
I have another device which is gateway on network 192.168.1.2
cAP 192.168.1.3 is also a DHCP server for 192.168.1.0/24
1) so I added new virtual wifi interface
2) created new bridge for the guest wifi
3) added new port, added there newly created wifi and bridge
4) created new DHCP server for the newly created bridge interface/
The wifi gives out IP addresses for new devices but there is no internet.
5) added NAT rule chain=srcnat out-interface=WAN action=masquerade
Still no internet to the guest wifi.
[admin@MikroTik] > /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 192.168.1.2 1 1 ADC 10.10.10.0/24 10.10.10.1 guest-bridge 0 2 ADC 192.168.1.0/24 192.168.1.3 bridge 0 admin@MikroTik] > ip export hide-sensitive # dec/20/2019 15:39:54 by RouterOS 6.43 # # model = RouterBOARD cAP Gi-5acD2nD /ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot /ip pool add name=dhcp_pool0 ranges=192.168.1.200-192.168.1.250 add name=dhcp_pool1 ranges=10.10.10.2-10.10.10.254 add name=dhcp_pool2 ranges=10.10.10.2-10.10.10.254 /ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=bridge lease-time=5m name=dhcp1 add address-pool=dhcp_pool2 disabled=no interface=guest-bridge name=dhcp2 /ip address add address=192.168.1.3/24 interface=ether2 network=192.168.1.0 add address=10.10.10.1/24 interface=guest-bridge network=10.10.10.0 /ip dhcp-client add comment=defconf dhcp-options=hostname,clientid interface=bridge /ip dhcp-server lease add address=192.168.1.150 client-id=1:7c:7a:91:3e:80:14 mac-address=7C:7A:91:3E:80:14 server=dhcp1 /ip dhcp-server network add address=10.10.10.0/24 dns-server=8.8.8.8 gateway=10.10.10.1 netmask=24 add address=192.168.1.0/24 dns-server=192.168.1.2 gateway=192.168.1.2 /ip dns set servers=192.168.1.2 /ip firewall filter add action=reject chain=forward comment="test" dst-address=!192.168.1.0/24 reject-with=icmp-network-unreachable src-address=192.168.1.136 add action=accept chain=output disabled=yes add action=accept chain=input connection-state=established add action=accept chain=forward add action=accept chain=output /ip firewall nat add action=masquerade chain=srcnat log=yes out-interface-list=WAN /ip route add distance=1 gateway=192.168.1.2Mikrotik guest wifi нет интернета
I’m quite new to MikroTik and even my knowledge about networks is just plain (it means I can configure ASUS routers through GUI, but MikroTik is completely different story, right ?).
I did basic configuration of my RouterBoard RB951G-2HnD (it means network, wifi, mac access list, some static addresses for some devices in networks). No I’m just trying to create Guest WiFi. I checked some guides on internet, but I have still same problem — device (cell phone) is connected, but can’t access the internet.
What I did (in short, feel free to ask me for more details, I will provide it, now I don’t know what’s important and what is not, so I don’t want to spam to much):
— created another security profile (I want another password for guest wifi than in my common network)
— created virtual AP and linked it to security profile above
— created address list (this is a point where I blindly followed guides, I don’t understand it too much — like what the hell is 192.168.99.0/24?)
— created IP pool
— created DHCP server for guest wifi
— created network (another tab in DHCP settings)
How is my netword physically created (if it’s necessary):
— WAN is connected to port 1 in MikroTik
— from port 2 there is a cable which sends internet to switch and rest of my cable network
So, how I said, I will provide what you say, just guide me. Thanks.
MikroTik Support
Posts: 25692 Joined: Fri May 28, 2004 11:04 am Location: Riga, Latvia
Re: Guest WiFi, but it does not have internet access
Factory default device can be configured for an additional Guest Wifi SSID in just two clicks.
Open 192.168.88.1 and in the QuickSet page that opens, choose «HOME AP». Then click «GUEST NETWORK»
Re: Guest WiFi, but it does not have internet access
It didn’t work. Cell phone even did not connect to guest wireless network with these quick setting on MikroTik.
With my briefly described settings cell phone connected, however internet connection is not available for it. Maybe some type of bridge is necessary?
MikroTik Support
Posts: 25692 Joined: Fri May 28, 2004 11:04 am Location: Riga, Latvia
Re: Guest WiFi, but it does not have internet access
just make sure you reset the device, before doing the quicket. you can’t mix these settings with what you configured yourself.
do not go into the other menus at all. the reset will undo any conflicting config you might have set up in the other menus.