I am trying to set up a home network. I have a new hAP ax3 that I just received. I have a tp-link TL-SG108E managed switch. And I also have a Netgear Orbi RBR750 with 2 satellites that is in Access Point mode. The goal is as follows:
1) I want to have the basic LAN which will have some wired connections to a few computers and printers, and a Synology NAS. I wan to have the hAP ax3 wifi on this LAN with the main SSID so that my smart phone can connect to the LAN for email. etc.I want the wifi to use the LAN DHCP to get IP addresses. I will have one Untagged port in the swtch for the LAN. There will aso be a Tagged trunk port that is shared by all of the networks.
2) I want a vlan that will use the Orbi wifi access point. I will have 4 Untagged ports in the switch for this vlan. The Orbi will have a static IP as will the satellites. The DHCP will be the hAP ax3.This network will have a different SSID. It will be the access point for about 50 or so IoT devices that will be controlled by a Home Assistant also on this vlan, except it is a wired conenction.
3) I will also have a Guest network that is on the Orbi as well. The Orbi actually has a built in DHCP for this Network, so I am assigning a static IP to this SSID, but no Untagged port on the switch.
I have evertything setup and all of the devices are conncting to the correct location and getting the correct IP from the correct DHCP. All 3 SSID's are showing up on my smartphone, and I can connect to each of them and get the correct IP But here are my issues:
a) The Guest network connects to my smartphone but has no internet access.
b) There is a long lag before I can connect to any site on the internet, often timing out before the connection completes. I am certain this is related to my setup and not the equipment itself. If I connect directly to port 2 on the hAP ax3, I see immediate connection and nearly 800Mbps on a wired connection. I also have nearly 200Mbps wireless. When I connect to the tp-Link switch on an unmanaged port I see the same wired speed. And when I connect to the Orbi with an unmanaged port I also see those same speeds.
I am guessing it is a firewall issue? I can't see how it could have anything to do with the ports being tagged or untagged. They do no thave any contorl over the port speeds. I would appreciate any help or suggestions. I cna post config file if needed.
Thanks,
Mike
Re: Need help setting up a hAP ax3
Draw a network diagram to make it clearer...
All doable on the hapax3
Suggest you read this article --> viewtopic.php?p=1111667#p1111667
All doable on the hapax3
Suggest you read this article --> viewtopic.php?p=1111667#p1111667
Re: Need help setting up a hAP ax3
I made an image and it is attached. Please offer suggestions on what I think I want to get to.
Mike
Mike
You do not have the required permissions to view the files attached to this post.
Re: Need help setting up a hAP ax3
Easy Peasy.
You need at least 4 vlans
a. management vlan99
b. homevlan vlan10
c. guestvlan vlan20
d. iotvlan vlan30
Router--> Trunk port to TPLINK switch --> static lanip on 192.168.99.0/subnet ( vlans 99, 10,20,30 )
TPLINK -- > Trunk port to Orbi device --> static lanip on 192.168.99.0/subnet (vlans 99,20,30 )
e. I would take one port on the hapax3 #4 for example and make it an off bridge port to do the configuration.
I already provided the link to read for setting up vlans.
To avoid vlan filtering hiccups, and to config from a safe spot, recommend you take ether4 off the bridge let say port4
/interface ethernet
set [ find default-name=ether4] name=OffBridge4
/ip address
add address=192.168.65.1/29 interface=OffBridge4 network=192.168.65.0
/interface list member
add interface=Offbridge4 list=LAN { or trusted or base/management whatever is the interface list that is trusted )
Now plug in your laptop into ether4, change ipv4 settings to 192.168.65.2 and you should be in!!!
You need at least 4 vlans
a. management vlan99
b. homevlan vlan10
c. guestvlan vlan20
d. iotvlan vlan30
Router--> Trunk port to TPLINK switch --> static lanip on 192.168.99.0/subnet ( vlans 99, 10,20,30 )
TPLINK -- > Trunk port to Orbi device --> static lanip on 192.168.99.0/subnet (vlans 99,20,30 )
e. I would take one port on the hapax3 #4 for example and make it an off bridge port to do the configuration.
I already provided the link to read for setting up vlans.
To avoid vlan filtering hiccups, and to config from a safe spot, recommend you take ether4 off the bridge let say port4
/interface ethernet
set [ find default-name=ether4] name=OffBridge4
/ip address
add address=192.168.65.1/29 interface=OffBridge4 network=192.168.65.0
/interface list member
add interface=Offbridge4 list=LAN { or trusted or base/management whatever is the interface list that is trusted )
Now plug in your laptop into ether4, change ipv4 settings to 192.168.65.2 and you should be in!!!
Re: Need help setting up a hAP ax3
Thanks so very much!!! I have it set up as shown in the image right now, and none of the Red wired devices have access to the internet (the wireless devices do have access) and I have no idea why. I assume it is a firewall rule?
Re: Need help setting up a hAP ax3
I dont assume anything LOL
please post config for review.
/export file=anynameyouwish (minus router serial number, any public WANIP information, vpn keys, long dhcp lease lists etc. )
please post config for review.
/export file=anynameyouwish (minus router serial number, any public WANIP information, vpn keys, long dhcp lease lists etc. )
Re: Need help setting up a hAP ax3
OK, I have made some progress. I think I have most everything working, except the wifi. Nether wifi1 or wifi2 is broadcasting the SSID. At one point I was able to assign my smartphone a manual IP, and then it connected without internet. IO tried changing a few settings and now I can;t even get it to connect at all. I am attaching my sanitized config file below. Can you tell me what is wrong?
You do not have the required permissions to view the files attached to this post.
Re: Need help setting up a hAP ax3
Before stating what is wrong, I will say that the wifi setup is horrendous on these things, not logical or intuitive.
Okay You seem to be missing the wifi channel settings, the wifi security settings, the wifi configuration settings.
Also your use of vlans and bridge is not quite there.
Why do you hide subnet private IPs. No point, they are meaningless for security...
Next time skip long lease lists, dont need to see those, nor ipv6 rules or lists.
model = C53UiG+5HPaxD2HPaxD
/interface vlan
add interface=bridge name=NET30 vlan-id=30
add interface=bridge name=NET13 vlan-id=13
add interface=bridge name=HOME5 vlan-id=5
/ip pool
add name=dhcp ranges=xx.xx.xx.150-xx.xx.xx.254
add name=dhcp_pool1 ranges=yy.yy.yy.150-yy.yy.yy.254
add name-dhcp_pool3 ranges=???????
/ip dhcp-server
add address-pool=dhcp interface=HOME5 name=defconf
add address-pool=dhcp_pool1 interface=NET13 name=dhcp1
add address-pool=dhcp_pool3 interface=NET30 ????????
/interface bridge port
add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-untagged interface=ether2 pvid=5
add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-untagged interface=ether3 pvid=13
add bridge=bridge ingress-filtering=yes frame-type=admit-only-vlan-tagged interface=ether5 comment="trunk to smart device"
add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-untagged interface=wifi1 pvid=13
add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-untagged interface=wifi2 pvid=13
/interface bridge vlan
add bridge=bridge tagged=ether5,bridge untagged=vlan2 vlan-ids=5 comment="house lan"
add bridge=bridge tagged=ether5,bridge vlan-ids=30
add bridge=bridge tagged=ether5,bridge untagged=ether3,wifi1,wifi2 vlan-ids=13 comment="everything else"
/interface detect-internet
set detect-interface-list=NONE
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=NET30 list=LAN
add interface=NET13 list=LAN
add interface=HOME5 list=LAN
add interface=OffBridge4 list=LAN
/ip address
add address=xx.xx.xx.1/24 comment=defconf interface=bridge network=xx.xx.xx.0
add address=yy.yy.yy.1/24 interface=IoTNet network=yy.yy.yy.0
add address=192.168.65.1/29 interface=bridge network=192.168.65.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=xx.xx.xx.0/24 comment=defconf dns-server=xx.xx.xx.1 gateway=\
xx.xx.xx.1 netmask=24
add address=yy.yy.yy.0/24 gateway=yy.yy.yy.1
add address=??????
+++++++++++++++++++++++++++++++
Example wifi settings......
/interface wifi channel
add band=5ghz-ax disabled=no frequency=5500 name=channel5 width=20/40mhz
add band=2ghz-ax disabled=no frequency=2412 name=channel2 width=20mhz
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk connect-priority=0/1 disable-pmkid=yes disabled=no encryption=ccmp,gcmp,ccmp-256,gcmp-256 ft=yes ft-over-ds=yes name=2WIFI
add authentication-types=wpa2-psk,wpa3-psk connect-priority=0/1 disable-pmkid=yes disabled=no encryption=ccmp,gcmp,ccmp-256,gcmp-256 ft=yes ft-over-ds=yes name=5wifi
/interface wifi configuration
add channel=channel5 channel.band=5ghz-ax .frequency=5220 .width=20/40mhz country=Canada disabled=no mode=ap name=Config5 security=5wifi security.authentication-types=wpa2-psk,wpa3-psk .disable-pmkid=yes .encryption=ccmp,gcmp,ccmp-256,gcmp-256 .ft=no ssid=APART-stream
add channel=channel2 channel.band=2ghz-ax .frequency=2412 .width=20mhz country=Canada disabled=no mode=ap name=config2 security=2WIFI security.authentication-types=wpa2-psk,wpa3-psk .disable-pmkid=yes .encryption=ccmp,gcmp,ccmp-256,gcmp-256 .ft=no ssid=APART-range
/interface wifi
set [ find default-name=wifi1 ] channel=channel5 channel.band=5ghz-ax .skip-dfs-channels=10min-cac .width=20/40mhz configuration=Config5 configuration.mode=ap disabled=no security=2WIFI security.authentication-types=wpa2-psk .encryption=ccmp .ft=no
set [ find default-name=wifi2 ] channel=channel2 channel.band=2ghz-ax .skip-dfs-channels=10min-cac .width=20mhz configuration=config2 configuration.mode=ap disabled=no security=2WIFI security.authentication-types=wpa2-psk .encryption=ccmp .ft=no
Okay You seem to be missing the wifi channel settings, the wifi security settings, the wifi configuration settings.
Also your use of vlans and bridge is not quite there.
Why do you hide subnet private IPs. No point, they are meaningless for security...
Next time skip long lease lists, dont need to see those, nor ipv6 rules or lists.
model = C53UiG+5HPaxD2HPaxD
/interface vlan
add interface=bridge name=NET30 vlan-id=30
add interface=bridge name=NET13 vlan-id=13
add interface=bridge name=HOME5 vlan-id=5
/ip pool
add name=dhcp ranges=xx.xx.xx.150-xx.xx.xx.254
add name=dhcp_pool1 ranges=yy.yy.yy.150-yy.yy.yy.254
add name-dhcp_pool3 ranges=???????
/ip dhcp-server
add address-pool=dhcp interface=HOME5 name=defconf
add address-pool=dhcp_pool1 interface=NET13 name=dhcp1
add address-pool=dhcp_pool3 interface=NET30 ????????
/interface bridge port
add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-untagged interface=ether2 pvid=5
add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-untagged interface=ether3 pvid=13
add bridge=bridge ingress-filtering=yes frame-type=admit-only-vlan-tagged interface=ether5 comment="trunk to smart device"
add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-untagged interface=wifi1 pvid=13
add bridge=bridge ingress-filtering=yes frame-type=admit-only-priority-and-untagged interface=wifi2 pvid=13
/interface bridge vlan
add bridge=bridge tagged=ether5,bridge untagged=vlan2 vlan-ids=5 comment="house lan"
add bridge=bridge tagged=ether5,bridge vlan-ids=30
add bridge=bridge tagged=ether5,bridge untagged=ether3,wifi1,wifi2 vlan-ids=13 comment="everything else"
/interface detect-internet
set detect-interface-list=NONE
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=NET30 list=LAN
add interface=NET13 list=LAN
add interface=HOME5 list=LAN
add interface=OffBridge4 list=LAN
/ip address
add address=xx.xx.xx.1/24 comment=defconf interface=bridge network=xx.xx.xx.0
add address=yy.yy.yy.1/24 interface=IoTNet network=yy.yy.yy.0
add address=192.168.65.1/29 interface=bridge network=192.168.65.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=xx.xx.xx.0/24 comment=defconf dns-server=xx.xx.xx.1 gateway=\
xx.xx.xx.1 netmask=24
add address=yy.yy.yy.0/24 gateway=yy.yy.yy.1
add address=??????
+++++++++++++++++++++++++++++++
Example wifi settings......
/interface wifi channel
add band=5ghz-ax disabled=no frequency=5500 name=channel5 width=20/40mhz
add band=2ghz-ax disabled=no frequency=2412 name=channel2 width=20mhz
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk connect-priority=0/1 disable-pmkid=yes disabled=no encryption=ccmp,gcmp,ccmp-256,gcmp-256 ft=yes ft-over-ds=yes name=2WIFI
add authentication-types=wpa2-psk,wpa3-psk connect-priority=0/1 disable-pmkid=yes disabled=no encryption=ccmp,gcmp,ccmp-256,gcmp-256 ft=yes ft-over-ds=yes name=5wifi
/interface wifi configuration
add channel=channel5 channel.band=5ghz-ax .frequency=5220 .width=20/40mhz country=Canada disabled=no mode=ap name=Config5 security=5wifi security.authentication-types=wpa2-psk,wpa3-psk .disable-pmkid=yes .encryption=ccmp,gcmp,ccmp-256,gcmp-256 .ft=no ssid=APART-stream
add channel=channel2 channel.band=2ghz-ax .frequency=2412 .width=20mhz country=Canada disabled=no mode=ap name=config2 security=2WIFI security.authentication-types=wpa2-psk,wpa3-psk .disable-pmkid=yes .encryption=ccmp,gcmp,ccmp-256,gcmp-256 .ft=no ssid=APART-range
/interface wifi
set [ find default-name=wifi1 ] channel=channel5 channel.band=5ghz-ax .skip-dfs-channels=10min-cac .width=20/40mhz configuration=Config5 configuration.mode=ap disabled=no security=2WIFI security.authentication-types=wpa2-psk .encryption=ccmp .ft=no
set [ find default-name=wifi2 ] channel=channel2 channel.band=2ghz-ax .skip-dfs-channels=10min-cac .width=20mhz configuration=config2 configuration.mode=ap disabled=no security=2WIFI security.authentication-types=wpa2-psk .encryption=ccmp .ft=no
Re: Need help setting up a hAP ax3
OK, what's the trick for adding my country - the United States? I tried editing the example wifi /interface wifi configuration section. I tried United States and it doesn't like the space. I tried 'United States' and it doesn't like the '. I tried UnitedStates (no space) and it says no such country.
Re: Need help setting up a hAP ax3
Unrelated to your post, but wanted to say hi and welcome and love your qrz page!
Re: Need help setting up a hAP ax3
"United States"OK, what's the trick for adding my country - the United States? I tried editing the example wifi /interface wifi configuration section. I tried United States and it doesn't like the space. I tried 'United States' and it doesn't like the '. I tried UnitedStates (no space) and it says no such country.
Double quotes.