I'm old school so tend to use terminal for configs, however I have tried using webfig to generate configs to see if I am missing something and incorporate that into my config, its first time I have configured 5 or 2 GHz-ax on Mikrotik. Here's the config so far. its is based upon a working hap-lite config from a bridge perspective and have tried it in the same switch port to hopefully eliminate an issues however the hap-lite OS version is quite a bit behind so many things may have changed in the interim. I have tried removing various filtering etc. to no effect.
Code: Select all
# 2024-12-08 13:38:26 by RouterOS 7.16.2
# software id = GVPW-XG05
#
# model = C52iG-5HaxD2HaxD
# serial number = HGN09KRM1JH
/interface bridge
add name=bridge1 protocol-mode=none
/interface vlan
add interface=bridge1 name=mgmt-vlan vlan-id=48
/interface list
add name=BASE
/interface wifi channel
add band=2ghz-ax name=ch-2ghz
add band=5ghz-ax name=ch-5ghz
/interface wifi security
add authentication-types=wpa2-psk ft=yes ft-over-ds=yes name=wifi1-auth wps=disable
add authentication-types=wpa2-psk ft=yes ft-over-ds=yes name=wifi2-auth wps=disable
/interface wifi configuration
add channel.skip-dfs-channels=10min-cac .width=20/40/80mhz country="United Kingdom" mode=ap name=wifi1-conf security=wifi1-auth ssid=non-guest
add channel.skip-dfs-channels=10min-cac .width=20/40mhz country="United Kingdom" mode=ap name=wifi2-conf security=wifi2-auth ssid=guest
/interface wifi
set [ find default-name=wifi1 ] channel=ch-5ghz configuration=wifi1-conf disabled=no
set [ find default-name=wifi2 ] channel=ch-2ghz configuration=wifi2-conf disabled=no
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wifi1 pvid=8
add bridge=bridge1 interface=ether2 pvid=32
add bridge=bridge1 interface=ether3 pvid=16
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=ether1
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=wifi2 pvid=24
/ip neighbor discovery-settings
set discover-interface-list=BASE
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether2 vlan-ids=32
add bridge=bridge1 tagged=ether1 untagged=ether3 vlan-ids=16
add bridge=bridge1 tagged=bridge1,ether1 vlan-ids=48
add bridge=bridge1 tagged=ether1 untagged=wifi1 vlan-ids=8
add bridge=bridge1 tagged=ether1 untagged=wifi2 vlan-ids=24
/interface list member
add interface=mgmt-vlan list=BASE
/ip address
add address=192.168.48.9/24 interface=mgmt-vlan network=192.168.48.0
/ip dns
set servers=192.168.48.33
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add distance=1 gateway=192.168.48.1
/system clock
set time-zone-name=Europe/London
/system identity
set name=Barn-AP
/system logging
set 0 topics=wireless,debug
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=uk.pool.ntp.org
/tool mac-server
set allowed-interface-list=BASE
/tool mac-server mac-winbox
set allowed-interface-list=BASE
The packet sniffer occasionally spots a DHCP request, but usually the client fails on authentication, only occasionally does it fail on "can't get IP address". The fact that the failure changes occasionally makes me think it is struggling a bit to connect so maybe wifi configuration is wrong. I have tried with minimal configs before adding dfs and width settings etc. all to no avail. I've checked and double checked passphrases, remove wpa3 so it just wpa2.
I've been trying various things for a couple of days now so I though I would share my pain and see if anybody can spot the probably obvious error before I get the lighter fluid out