Hello @all,
I'm trying to integrate a new wAP AX (wave2) into an existing CAPSMAN network (hAP AC, 3 wAP). There is an "internal" (192.168.0.0) and a guest (192.168.100.0) wifi. I'm also blocking the internal network by an access list.
I configured the new wAP AC to connect to the new Wireless Capsman to the hAP - this seems that this is working. But if I connect a device to the WIFI this device is not getting an IP address.
Thanks in advance!
The config of the hAP:
Config of the wAP:
I'm trying to integrate a new wAP AX (wave2) into an existing CAPSMAN network (hAP AC, 3 wAP). There is an "internal" (192.168.0.0) and a guest (192.168.100.0) wifi. I'm also blocking the internal network by an access list.
I configured the new wAP AC to connect to the new Wireless Capsman to the hAP - this seems that this is working. But if I connect a device to the WIFI this device is not getting an IP address.
Thanks in advance!
The config of the hAP:
Code:
# 2025-04-06 19:57:41 by RouterOS 7.18.2# software id = **ELIDED**## model = RB962UiGS-5HacT2HnT# serial number = **ELIDED**/caps-man channeladd band=2ghz-b/g/n control-channel-width=20mhz extension-channel=Ce \ frequency=2422 name=channel3/interface bridgeadd admin-mac=CC:2D:E0:31:F7:C3 auto-mac=no comment=defconf name=bridge \ port-cost-mode=shortadd fast-forward=no name=bridge_guests port-cost-mode=short/interface wireless# managed by CAPsMAN# channel: 2452/20-Ce/gn(17dBm), SSID: **ELIDED**, CAPsMAN forwardingset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \ country=**ELIDED** distance=indoors frequency=auto mode=ap-bridge ssid=**ELIDED** station-roaming=enabled wireless-protocol=802.11# managed by CAPsMAN# channel: 5180/20-Ceee/ac/P(21dBm), SSID: **ELIDED**, CAPsMAN forwardingset [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\ 20/40/80mhz-Ceee country=**ELIDED** distance=indoors frequency=auto mode=\ ap-bridge ssid=**ELIDED**_AC station-roaming=enabled wireless-protocol=\ 802.11add mac-address=CE:2D:E0:31:F7:C9 master-interface=wlan1 name=wlan51 ssid=\ MikroTik_Router station-roaming=enabledadd mac-address=CC:2D:E0:0F:D7:8C master-interface=wlan1 name=wlan52 ssid=\ MikroTik_Router station-roaming=enabled/interface ethernetset [ find default-name=ether2 ] comment="Uplink"set [ find default-name=sfp1 ] advertise=\ 10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full/caps-man securityadd authentication-types=wpa2-psk encryption=aes-ccm name=internaladd authentication-types=wpa2-psk encryption=aes-ccm name=guest/caps-man configurationadd country=**ELIDED** datapath.bridge=bridge .client-to-client-forwarding=yes \ name=cfg1 security=internal ssid=**ELIDED**add country=**ELIDED** datapath.bridge=bridge_guests \ .client-to-client-forwarding=yes .local-forwarding=no mode=ap name=\ cfg_guests security=guest ssid=**ELIDED**_guestsadd channel.band=5ghz-n/ac .control-channel-width=20mhz .extension-channel=\ XXXX country=**ELIDED** datapath.client-to-client-forwarding=yes \ .local-forwarding=yes name=cfg-5ghz-ac security=guest ssid=""add channel.band=5ghz-onlyn .control-channel-width=20mhz .extension-channel=\ XX country=**ELIDED** datapath.client-to-client-forwarding=yes \ .local-forwarding=yes name=cfg-5ghz-an security=guest ssid=""/caps-man interfaceadd arp=enabled channel.band=2ghz-g/n configuration=cfg1 \ datapath.client-to-client-forwarding=yes disabled=no l2mtu=1600 \ mac-address=CC:2D:E0:31:F7:C9 master-interface=none mtu=1500 name=hAP \ radio-mac=CC:2D:E0:31:F7:C9 radio-name=CC2DE031F7C9 security=internaladd arp=enabled channel.band=5ghz-n/ac configuration=cfg1 \ datapath.client-to-client-forwarding=yes disabled=no l2mtu=1600 \ mac-address=CC:2D:E0:31:F7:C8 master-interface=none mtu=1500 name=hAP_AC \ radio-mac=CC:2D:E0:31:F7:C8 radio-name=CC2DE031F7C8 security=internaladd channel.band=2ghz-g/n configuration=cfg_guests disabled=no l2mtu=1600 \ mac-address=CE:2D:E0:31:F7:C9 master-interface=hAP mtu=1500 name=\ hAP_Guest radio-mac=00:00:00:00:00:00 radio-name="" security=guestadd channel.band=2ghz-g/n configuration=cfg1 disabled=no l2mtu=1600 \ mac-address=08:55:31:D9:0F:78 master-interface=none name=\ wAP_1stfloor_livingRoom radio-mac=08:55:31:D9:0F:78 radio-name=\ 085531D90F78 security=internaladd channel.band=5ghz-n/ac configuration=cfg1 disabled=no l2mtu=1600 \ mac-address=08:55:31:D9:0F:79 master-interface=none name=\ wAP_1stfloor_livingRoom_AC radio-mac=08:55:31:D9:0F:79 radio-name=\ 085531D90F79 security=internaladd channel.band=2ghz-g/n configuration=cfg_guests disabled=no l2mtu=1600 \ mac-address=0A:55:31:D9:0F:78 master-interface=wAP_1stfloor_livingRoom \ name=wAP_1stfloor_livingRoom_Guest radio-mac=00:00:00:00:00:00 \ radio-name="" security=guestadd channel.band=2ghz-g/n configuration=cfg1 disabled=no l2mtu=1600 \ mac-address=CC:2D:E0:0F:D7:8D master-interface=none name=\ wAP_1stfloor_sleepingRoom radio-mac=CC:2D:E0:0F:D7:8D radio-name=\ CC2DE00FD78D security=internaladd channel.band=5ghz-n/ac configuration=cfg1 disabled=no l2mtu=1600 \ mac-address=CC:2D:E0:0F:D7:8C master-interface=none name=\ wAP_1stfloor_sleepingRoom_AC radio-mac=CC:2D:E0:0F:D7:8C radio-name=\ CC2DE00FD78C security=internaladd channel.band=2ghz-g/n configuration=cfg_guests disabled=no l2mtu=1600 \ mac-address=CE:2D:E0:0F:D7:8D master-interface=wAP_1stfloor_sleepingRoom \ name=wAP_1stfloor_sleepingRoom_Guest radio-mac=00:00:00:00:00:00 \ radio-name="" security=guestadd channel.band=2ghz-g/n configuration=cfg1 disabled=no l2mtu=1600 \ mac-address=CC:2D:E0:3E:70:38 master-interface=none name=wAP_Basement \ radio-mac=CC:2D:E0:3E:70:38 radio-name=CC2DE03E7038 security=internaladd channel.band=5ghz-n/ac configuration=cfg1 disabled=no l2mtu=1600 \ mac-address=CC:2D:E0:3E:70:37 master-interface=none name=wAP_Basement_AC \ radio-mac=CC:2D:E0:3E:70:37 radio-name=CC2DE03E7037 security=internaladd channel.band=2ghz-b/g/n configuration=cfg_guests disabled=no l2mtu=1600 \ mac-address=CE:2D:E0:3E:70:38 master-interface=wAP_Basement name=\ wAP_Basement_Guest radio-mac=00:00:00:00:00:00 radio-name="" security=\ guestadd channel=channel3 configuration=cfg_guests configuration.ssid=\ **ELIDED**_guests_pv disabled=no l2mtu=1600 mac-address=\ CE:2D:E0:3E:70:39 master-interface=wAP_Basement name=\ wAP_Basement_Guest_PV radio-mac=00:00:00:00:00:00 radio-name="" security=\ guest/interface listadd exclude=dynamic name=discoveradd name=macteladd name=mac-winboxadd name=WANadd name=LANadd name=LAN_Guests/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wifi datapathadd bridge=bridge client-isolation=no disabled=no name=bridge_internal/interface wifi securityadd authentication-types=wpa2-psk,wpa3-psk disabled=no name=internaladd authentication-types=wpa2-psk,wpa3-psk disabled=no name=guest/interface wifi configurationadd country=**ELIDED** datapath.bridge=bridge .client-isolation=no disabled=no \ name=cfg1 security=internal ssid=**ELIDED**add country=**ELIDED** datapath.bridge=bridge_guests .client-isolation=no \ disabled=no mode=ap name=cfg_guests security=guest ssid=\ **ELIDED**_guests/interface wifi# operated by CAP F4:1E:57:89:64:EC%bridge, traffic processing on CAPadd configuration=cfg1 configuration.mode=ap datapath=bridge_internal \ disabled=no name=wAP_office_AX_5GHz radio-mac=F4:1E:57:89:64:EF security=\ internal# operated by CAP F4:1E:57:89:64:EC%bridge, traffic processing on CAPadd configuration=cfg1 configuration.mode=ap datapath=bridge_internal \ disabled=no name=wAP_office_AX_24GHz radio-mac=F4:1E:57:89:64:EE \ security=internal# operated by CAP F4:1E:57:89:64:EC%bridge, traffic processing on CAPadd configuration=cfg_guests configuration.mode=ap datapath.bridge=\ bridge_guests disabled=no mac-address=F6:1E:57:89:64:EE master-interface=\ wAP_office_AX_24GHz name=wAP_office_AX_24GHz_Guest security=guest/interface wireless security-profilesset [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\ dynamic-keys supplicant-identity=MikroTikadd authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys \ name=guests supplicant-identity=MikroTik/interface wirelessadd keepalive-frames=disabled mac-address=02:00:00:AA:00:01 master-interface=\ wlan1 multicast-buffering=disabled name=wlan_guests security-profile=\ guests ssid=**ELIDED**_guests station-roaming=enabled wds-cost-range=0 \ wds-default-cost=0 wps-mode=disabledadd mac-address=CE:2D:E0:31:F7:C8 master-interface=wlan2 name=wlanac_guests \ security-profile=guests ssid=**ELIDED**AC_guests station-roaming=enabled/ip ipsec peeradd disabled=yes name=peer2 passive=yes/ip ipsec profileset [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5/ip pooladd name=dhcp ranges=192.168.0.100-192.168.0.254add name=dhcp_pool_guests ranges=192.168.100.100-192.168.100.254add name=pool-vpn ranges=192.168.123.100-192.168.123.199/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=1d name=dhcpPoolInternaladd address-pool=dhcp_pool_guests interface=bridge_guests lease-time=12h \ name=dhcpPoolGuests/ip smb usersset [ find default=yes ] disabled=yes/ppp profileadd dns-server=192.168.123.254 local-address=192.168.123.254 name=vpn \ remote-address=pool-vpn use-compression=no use-encryption=required/routing bgp templateset default disabled=no output.network=bgp-networks/routing ospf instanceadd disabled=no name=default-v2/routing ospf areaadd disabled=yes instance=default-v2 name=backbone-v2/snmp communityset [ find default=yes ] addresses=0.0.0.0/0/caps-man access-listadd action=accept comment="ACCEPT GUESTS" disabled=no interface=hAP_Guest \ ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="ACCEPT GUEST" \ disabled=no interface=wAP_1stfloor_livingRoom_Guest ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="ACCEPT GUESTS" \ disabled=no interface=wAP_1stfloor_sleepingRoom_Guest ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="ACCEPT GUESTS" \ disabled=no interface=wAP_Basement_Guest ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="ACCEPT GUESTS" \ disabled=no interface=wAP_Basement_Guest_PVadd action=accept allow-signal-out-of-range=10s comment="Galaxy S8" \ disabled=no mac-address=30:07:4D:7D:59:1B ssid-regexp=""add action=accept comment="iPAD PRO" disabled=no mac-address=\ 78:7B:8A:54:F4:94 ssid-regexp=""add action=accept comment="NB-TEC-71 X360 1030 G2" disabled=no mac-address=\ F8:63:3F:42:E3:98 ssid-regexp=""add action=accept comment="Amazon Fire Stick" disabled=no mac-address=\ 84:D6:D0:94:18:CF signal-range=..120 ssid-regexp="" time=\ 0s-1d,sun,mon,tue,wed,thu,fri,satadd action=accept comment="A3" disabled=no mac-address=\ BC:E6:3F:E9:B8:A6 signal-range=..120 ssid-regexp="" time=\ 0s-1d,sun,mon,tue,wed,thu,fri,satadd action=accept allow-signal-out-of-range=10s comment="S10" disabled=no \ mac-address=6C:C7:EC:FF:DF:E8add action=accept comment="iPAD" disabled=no mac-address=\ 5C:F5:DA:A2:0E:7A ssid-regexp=""add allow-signal-out-of-range=10s comment="Fire TV Stick" disabled=no \ mac-address=CC:F7:35:FB:9A:9E ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment=\ "amazon echo dot (B\C3\BCro)" disabled=no mac-address=00:71:47:97:D6:6Cadd action=accept comment="HP Laptop" disabled=no mac-address=\ FC:F8:AE:ED:B4:FD ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="x360 1030 G3" \ disabled=no mac-address=A4:C3:F0:75:0D:69 ssid-regexp="" time=\ 0s-1d,sun,mon,tue,wed,thu,fri,satadd action=accept allow-signal-out-of-range=10s comment=\ "HP Probook 4740s Erich" disabled=no mac-address=44:6D:57:97:E3:3C \ ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="Dragonfly MAX" \ disabled=no mac-address=54:14:F3:E2:AF:F4 ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment=\ "Samsung Galaxy Tab S6" disabled=no mac-address=7C:89:56:E2:AA:CE \ ssid-regexp=""add action=accept allow-signal-out-of-range=10s disabled=no mac-address=\ 0C:25:76:4F:A0:F5 ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="ipad pro 11 M1" \ disabled=no mac-address=4C:2E:B4:77:B1:A3 ssid-regexp=""add allow-signal-out-of-range=10s comment="ipad pro 11" disabled=no \ mac-address=64:0B:D7:D7:CE:E5add action=accept allow-signal-out-of-range=10s comment="x360 1040 G8" \ disabled=no mac-address=7C:50:79:01:92:80 ssid-regexp=""add allow-signal-out-of-range=10s comment=\ "p2dev testger\E4te wieder l\F6schen" disabled=no mac-address=\ 0C:25:76:A2:60:67 ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="Schullaptop Maxi" \ disabled=no mac-address=70:32:17:FD:1F:BF ssid-regexp=""add allow-signal-out-of-range=10s disabled=no mac-address=0C:25:76:50:7E:90 \ ssid-regexp=""add allow-signal-out-of-range=10s disabled=no mac-address=0C:25:76:50:7C:7F \ ssid-regexp=""add allow-signal-out-of-range=10s disabled=no mac-address=0C:25:76:50:79:EC \ ssid-regexp=""add allow-signal-out-of-range=10s disabled=no mac-address=0C:25:76:50:7B:EE \ ssid-regexp=""add allow-signal-out-of-range=10s disabled=no mac-address=0C:25:76:A2:60:0A \ ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment=\ "iphone 20 mini (testgeraet ttp)" disabled=no mac-address=\ 20:0E:2B:ED:E2:A9 ssid-regexp=""add action=accept allow-signal-out-of-range=10s comment="iPhone 15 Pro" \ disabled=no mac-address=74:42:18:A8:F2:1B ssid-regexp=""add allow-signal-out-of-range=10s comment="S25 Ultra" disabled=no \ mac-address=28:9F:04:38:C6:2B ssid-regexp=""add action=reject allow-signal-out-of-range=10s comment="DENY all others..." \ disabled=no interface=any ssid-regexp=""/caps-man managerset ca-certificate=CAPsMAN-CA-CC2DE031F7C2 certificate=CAPsMAN-CC2DE031F7C2 \ enabled=yes/caps-man provisioningadd action=create-dynamic-enabled disabled=yes hw-supported-modes=gn \ master-configuration=cfg_guests name-format=prefix-identity name-prefix=\ 2ghzadd action=create-dynamic-enabled disabled=yes hw-supported-modes=ac \ master-configuration=cfg-5ghz-ac name-format=prefix-identity name-prefix=\ 5ghz-acadd action=create-dynamic-enabled disabled=yes hw-supported-modes=an \ master-configuration=cfg-5ghz-an name-format=prefix-identity name-prefix=\ 5ghz-an/interface bridge filter# wlan_guests not ready# in/out-bridge-port matcher not possible when interface (wlan_guests) is not slaveadd action=drop chain=forward in-interface=wlan_guests# wlan_guests not ready# in/out-bridge-port matcher not possible when interface (wlan_guests) is not slaveadd action=drop chain=forward out-interface=wlan_guests# no interfaceadd action=drop chain=forward in-interface=*B# no interfaceadd action=drop chain=forward out-interface=*B# no interfaceadd action=drop chain=forward in-interface=*B# no interfaceadd action=drop chain=forward out-interface=*B# wlanac_guests not ready# in/out-bridge-port matcher not possible when interface (wlanac_guests) is not slaveadd action=drop chain=forward in-interface=wlanac_guests# wlanac_guests not ready# in/out-bridge-port matcher not possible when interface (wlanac_guests) is not slaveadd action=drop chain=forward out-interface=wlanac_guests/interface bridge portadd bridge=bridge comment=defconf ingress-filtering=no interface=ether2 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf hw=no ingress-filtering=no interface=sfp1 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 \ internal-path-cost=10 path-cost=10add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2 \ internal-path-cost=10 path-cost=10add bridge=bridge_guests ingress-filtering=no interface=wlan_guests \ internal-path-cost=10 path-cost=10add bridge=bridge disabled=yes ingress-filtering=no interface=ether1 \ internal-path-cost=10 path-cost=10add bridge=bridge ingress-filtering=no interface=ether3 internal-path-cost=10 \ path-cost=10add bridge=bridge ingress-filtering=no interface=ether4 internal-path-cost=10 \ path-cost=10add bridge=bridge ingress-filtering=no interface=ether5 internal-path-cost=10 \ path-cost=10add bridge=bridge_guests ingress-filtering=no interface=wlanac_guests \ internal-path-cost=10 path-cost=10add bridge=bridge interface=wAP_office_AX_24GHzadd bridge=bridge interface=wAP_office_AX_5GHzadd bridge=bridge_guests interface=wAP_1stfloor_sleepingRoom_Guestadd bridge=bridge_guests interface=wAP_office_AX_24GHz_Guest/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=LAN/ip settingsset max-neighbor-entries=8192/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface detect-internetset detect-interface-list=all/interface l2tp-server serverset authentication=mschap2 default-profile=*1 enabled=yes use-ipsec=yes/interface list memberadd interface=ether2 list=discoveradd interface=ether3 list=discoveradd interface=ether4 list=discoveradd interface=ether5 list=discoveradd interface=sfp1 list=discoveradd interface=wlan1 list=discoveradd interface=wlan2 list=discoveradd interface=bridge list=discoveradd interface=wlan_guests list=discoveradd interface=*B list=discoveradd interface=ether2 list=macteladd interface=sfp1 list=macteladd interface=ether2 list=mac-winboxadd interface=wlan2 list=macteladd interface=sfp1 list=mac-winboxadd interface=wlan1 list=macteladd interface=wlan2 list=mac-winboxadd interface=wlan1 list=mac-winboxadd interface=*B list=macteladd interface=*B list=mac-winboxadd interface=ether1 list=WANadd interface=bridge list=LANadd interface=bridge_guests list=LAN_Guestsadd interface=bridge_guests list=discover/interface ovpn-server serveradd auth=sha1 certificate="VPN SERVER" cipher=aes256-cbc default-profile=vpn \ disabled=no mac-address=FE:CC:07:3D:A5:70 name=ovpn-server1 \ require-client-certificate=yes/interface pptp-server server# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol insteadset enabled=yes/interface wifi access-listadd action=accept comment="ACCEPT GUESTS" disabled=no interface=\ wAP_office_AX_24GHz_Guestadd action=accept comment="S25 Ultra Nic" disabled=no mac-address=\ 28:9F:04:38:C6:2Badd action=reject comment="DENY all others..." disabled=no interface=any/interface wifi capsmanset ca-certificate=CAPsMAN-CA-CC2DE031F7C2 certificate=CAPsMAN-CC2DE031F7C2 \ enabled=yes package-path="" require-peer-certificate=no upgrade-policy=\ none/interface wireless access-listadd mac-address=00:04:20:26:55:E3add mac-address=30:07:4D:7D:59:1Badd mac-address=5C:F8:A1:DC:24:C7add mac-address=F8:63:3F:42:E3:98/interface wireless cap# set caps-man-addresses=127.0.0.1 certificate=request enabled=yes interfaces=\ wlan1,wlan2 lock-to-caps-man=yes/ip addressadd address=192.168.0.1/24 comment=defconf interface=bridge network=\ 192.168.0.0add address=192.168.100.1/24 comment=defconf interface=bridge_guests network=\ 192.168.100.0add address=192.168.200.1/24 disabled=yes interface=ether1 network=\ 192.168.200.0add address=45.212.28.12/29 interface=ether1 network=45.212.28.12/ip dhcp-clientadd comment=defconf disabled=yes interface=ether1/ip dhcp-server leaseadd address=192.168.0.110 client-id=1:1c:ca:e3:71:4d:d5 comment=Doorbird \ mac-address=1C:CA:E3:71:4D:D5 server=dhcpPoolInternaladd address=192.168.0.123 client-id=1:b4:0:16:87:8f:16 comment="tetra MOVE" \ mac-address=B4:00:16:87:8F:16 server=dhcpPoolInternaladd address=192.168.0.124 client-id=1:b4:0:16:82:df:5d comment="tetra DESK" \ mac-address=B4:00:16:82:DF:5D server=dhcpPoolInternaladd address=192.168.0.115 client-id=1:0:4:20:27:ae:c7 comment=\ "SB B\FCgelzimmer" mac-address=00:04:20:27:AE:C7 server=dhcpPoolInternaladd address=192.168.0.104 client-id=1:0:4:20:26:55:e3 comment="SB Maximilian" \ mac-address=00:04:20:26:55:E3 server=dhcpPoolInternaladd address=192.168.0.111 client-id=1:0:4:20:2c:6f:59 comment="SB Sebastian" \ mac-address=00:04:20:2C:6F:59 server=dhcpPoolInternaladd address=192.168.100.120 client-id=1:c:25:76:4f:d3:c2 comment=\ "sunmi P2Pro Testgeraet" mac-address=0C:25:76:4F:D3:C2 server=\ dhcpPoolGuestsadd address=192.168.0.119 client-id=1:38:ef:e3:c:9a:c5 comment=Lane3000 \ mac-address=38:EF:E3:0C:9A:C5 server=dhcpPoolInternaladd address=192.168.0.136 client-id=1:c4:c3:6b:5:8b:e3 comment="iPAD Pro M1" \ mac-address=C4:C3:6B:05:8B:E3 server=dhcpPoolInternal/ip dhcp-server networkadd address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 \ netmask=24add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,8.8.8.8/ip dns staticadd address=192.168.0.1 name=router type=Aadd address=192.168.0.10 name=nextcloud.1stfloor.at type=Aadd address=192.168.0.10 name=plex.1stfloor.at type=A/ip firewall filteradd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=input comment="defconf: accept ICMP" disabled=yes \ protocol=icmpadd action=drop chain=forward comment="TECS Log testsystem" disabled=yes \ dst-port=514 protocol=tcpadd action=drop chain=forward comment="TECS Closed Port" disabled=yes \ dst-port=8445 protocol=tcpadd action=drop chain=forward comment="TECS Log production" disabled=yes \ dst-port=9514 protocol=tcpadd action=drop chain=forward comment="TEST Closed port" disabled=yes \ dst-port=9990 protocol=tcp src-port=""add action=drop chain=forward comment="TEST Closed port" disabled=yes \ dst-port=9991 protocol=tcp src-port=""add action=drop chain=forward comment="TEST Closed port" disabled=yes \ dst-port=9440 protocol=tcp src-port=""add action=drop chain=forward comment="TEST Closed port" disabled=yes \ dst-port=9514 protocol=tcp src-port=""add action=drop chain=forward comment="TEST Closed port" disabled=yes \ dst-port=9445 protocol=tcp src-port=""add action=drop chain=forward comment="TEST Closed port" disabled=yes \ dst-port=40999 protocol=tcp src-port=""add action=drop chain=forward comment="TEST Closed port" disabled=yes \ dst-port=23443 protocol=tcp src-port=""add action=accept chain=forward comment="VIA TECS Auth" disabled=yes \ dst-address=185.24.101.137 dst-port=514,8445 log-prefix="VIA DROP: " \ protocol=tcp src-address=192.168.100.108add action=accept chain=forward comment="VIA SUNMI AppStore" disabled=yes \ dst-address=101.37.179.4 dst-port=443,80 log-prefix="VIA DROP: " \ protocol=tcp src-address=192.168.100.114add action=accept chain=forward comment="VIA SUNMI Remote Assistance" \ disabled=yes dst-address=120.55.19.74 dst-port=80 log-prefix="VIA DROP: " \ protocol=tcp src-address=192.168.100.114add action=drop chain=forward comment="DROP ALL FROM IP" disabled=yes log=yes \ log-prefix="VIA DROP: " src-address=192.168.0.119add action=drop chain=forward comment="BLOCK Squeezebox Sebastian" disabled=\ yes src-mac-address=00:04:20:2C:6F:59add action=drop chain=forward comment="BLOCK Squeezebox Maximilian" disabled=\ yes src-mac-address=00:04:20:26:55:E3add action=accept chain=input comment="accept OpenVPN" dst-port=1194 \ protocol=tcpadd action=accept chain=input comment="accept OVPN->LAN" dst-address=\ 192.168.0.0/24 src-address=192.168.123.0/24add action=accept chain=forward comment="accept OVPN->LAN" dst-address=\ 192.168.0.0/24 src-address=192.168.123.0/24add action=accept chain=input comment="defconf: accept established,related" \ connection-state=established,relatedadd action=accept chain=forward comment="defconf: accept established,related" \ connection-state=established,relatedadd action=drop chain=input comment="defconf: drop all from WAN" \ in-interface-list=WANadd action=drop chain=forward comment="drop guest to lan" in-interface=\ bridge_guests log=yes log-prefix=GUESTS out-interface-list=!WANadd action=drop chain=input comment="drop guest to lan" dst-address=\ 192.168.0.0/24 log=yes log-prefix=GUESTS src-address=192.168.100.0/24add action=drop chain=forward comment="drop guest to lan" dst-address=\ 192.168.0.0/24 log=yes log-prefix=GUESTS src-address=192.168.100.0/24add action=drop chain=input comment="drop wegconfig for guests" dst-address=\ 192.168.100.1 dst-port=8291 log=yes log-prefix=GUESTS protocol=tcp \ src-address=192.168.100.0/24add action=drop chain=input comment="drop wegconfig for guests" dst-address=\ 192.168.100.1 dst-port=80 log=yes log-prefix=GUESTS protocol=tcp \ src-address=192.168.100.0/24add action=drop chain=input comment="drop wegconfig for guests" dst-address=\ 192.168.100.1 dst-port=22 log=yes log-prefix=GUESTS protocol=tcp \ src-address=192.168.100.0/24add action=drop chain=input comment="drop wegconfig for guests" dst-address=\ 192.168.100.4 log=yes log-prefix=GUESTS src-address=192.168.100.0/24add action=drop chain=input comment="drop invalid input" connection-state=\ invalid log-prefix="DROP INPUT"add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ out-interface-list=WAN src-address=192.168.0.0/24add action=masquerade chain=srcnat comment="guests nat" out-interface-list=\ WAN src-address=192.168.100.0/24add action=dst-nat chain=dstnat dst-port=80 in-interface=ether1 protocol=tcp \ to-addresses=192.168.0.10 to-ports=80add action=dst-nat chain=dstnat comment=nextcloud dst-port=443 in-interface=\ ether1 protocol=tcp to-addresses=192.168.0.10 to-ports=443add action=dst-nat chain=dstnat comment=ZVT dst-port=20007 in-interface=\ ether1 protocol=tcp to-addresses=192.168.0.119 to-ports=20007add action=dst-nat chain=dstnat comment=plex dst-port=20748 in-interface=\ ether1 protocol=tcp to-addresses=192.168.0.10 to-ports=32400add action=netmap chain=srcnat comment="OPENVPN NAT" src-address=\ 192.168.0.0/24 to-addresses=192.168.123.0/24add action=netmap chain=dstnat comment="OPENVPN NAT" dst-address=\ 192.168.123.0/24 to-addresses=192.168.0.0/24/ip kid-controladd fri="" mon="" name=kid1 sat="" sun="" thu="" tue="" wed=""/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=45.212.28.12/ip serviceset www-ssl disabled=no/ip smb sharesset [ find default=yes ] directory=/flash/pub/ip upnpset enabled=yes/ip upnp interfacesadd interface=bridge type=internaladd interface=ether1 type=external/ppp secretadd name=nicolai profile=vpn service=ovpn/routing bfd configurationadd disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5/system clockset time-zone-name=Europe/Vienna/system identityset name=MikroTik_Router/system loggingadd prefix=debug-log: topics=debug/system noteset show-at-login=no/system scheduleradd interval=1d name=enable_Wlan on-event=enable_wlan policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2018-01-12 start-time=06:00:00add interval=1d name=disable_Wlan on-event=disable_wlan policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2018-01-12 start-time=01:00:00/system scriptadd dont-require-permissions=no name=disable_wlan owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="c\ aps-man interface disable wAP_1stfloor_livingRoom_AC\r\ \ncaps-man interface disable wAP_1stfloor_livingRoom\r\ \ncaps-man interface disable wAP_1stfloor_livingRoom_Guest\r\ \ncaps-man interface disable wAP_1stfloor_sleepingRoom_AC\r\ \ncaps-man interface disable wAP_1stfloor_sleepingRoom\r\ \ncaps-man interface disable wAP_1stfloor_sleepingRoom_Guest\r\ \ncaps-man interface disable wAP_Basement_AC\r\ \n#caps-man interface disable wAP_Basement\r\ \n#caps-man interface disable wAP_Basement_Guest\r\ \n# caps-man interface disable wAP_Basement_Guest_PV\r\ \n# /interface/wifi/disable wAP_1stfloor_livingRoom_AX\r\ \n# /interface/wifi/disable wAP_1stfloor_livingRoom_AX2.4\r\ \n# /interface/wifi/disable wAP_1stfloor_livingRoom_AX2.4_guests"add dont-require-permissions=no name=enable_wlan owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="c\ aps-man interface enable wAP_1stfloor_livingRoom_AC\r\ \ncaps-man interface enable wAP_1stfloor_livingRoom\r\ \ncaps-man interface enable wAP_1stfloor_livingRoom_Guest\r\ \ncaps-man interface enable wAP_1stfloor_sleepingRoom_AC\r\ \ncaps-man interface enable wAP_1stfloor_sleepingRoom\r\ \ncaps-man interface enable wAP_1stfloor_sleepingRoom_Guest\r\ \ncaps-man interface enable wAP_Basement_AC\r\ \n# caps-man interface enable wAP_Basement\r\ \n# caps-man interface enable wAP_Basement_Guest\r\ \n# caps-man interface enable wAP_Basement_Guest_PV\r\ \n# /interface/wifi/enable wAP_1stfloor_livingRoom_AX\r\ \n# /interface/wifi/enable wAP_1stfloor_livingRoom_AX2.4\r\ \n# /interface/wifi/enable wAP_1stfloor_livingRoom_AX2.4_guests"/tool mac-serverset allowed-interface-list=mactel/tool mac-server mac-winboxset allowed-interface-list=mac-winboxCode:
# 2025-04-06 19:58:29 by RouterOS 7.18.2# software id = **ELIDED**## model = wAPG-5HaxD2HaxD# serial number = **ELIDED**/interface wifi# managed by CAPsMAN CC:2D:E0:31:F7:C3%ether1, traffic processing on CAP# mode: AP, SSID: **ELIDED**, channel: 2472/ax/eCset [ find default-name=wifi1 ] configuration.manager=capsman datapath=capdp \ disabled=no# managed by CAPsMAN CC:2D:E0:31:F7:C3%ether1, traffic processing on CAP# mode: AP, SSID: **ELIDED**, channel: 5500/ax/Ceeeeeee/Dset [ find default-name=wifi2 ] configuration.manager=capsman datapath=capdp \ disabled=no/interface bridge portadd bridge=*6 comment=defconf interface=ether1add bridge=*6 comment=defconf interface=ether2/interface wifi capset discovery-interfaces=ether1 enabled=yes/interface wifi datapathadd bridge=*6 comment=defconf disabled=no name=capdp/ip addressadd address=192.168.0.13/24 interface=ether1 network=192.168.0.0add address=192.168.100.13/24 interface=ether1 network=192.168.100.0/ip dhcp-client# Interface not activeadd comment=defconf interface=*6/ip dnsset servers=192.168.0.1,8.8.8.8/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main \ suppress-hw-offload=no/system clockset time-zone-name=Europe/Vienna/system identityset name=wAP_1stfloor_office/system loggingadd topics=debug/system noteset show-at-login=noStatistics: Posted by tyhpon — Sun Apr 06, 2025 9:06 pm