Hello,
I just got my Mikrotik HAP ax3 yesterday and wanted to configure it for my home network. The reason why I got this router is that I got a new "router" from my internet provider because I upgraded my internet speed and the old one apparently could not be used anymore. The router that was provided by my internet provider however doesn't give you any setting. You can just change settings via an app and you can basically just change the name and password of the Wi:Fi.
Now to the Mikrotik router. It's currently plugged into the internet provider router which would then be my gateway with the standard address 192.168.0.1. For the Mikrotik router I kept it at the 192.168.88.1 address for the internal network to not have any conflict and the internet side of the Mikrotik router got the 192.168.0.113. Everything plugged into the Mikrotik router or connected to its wifi should be in a 192.168.88.0/24 network. I tried the standard config which does work bu tonly the wifi. So I can connect to the wifi and guest wifi and I'm getting internet access but if I just connect to the Router via LAN on any of the ports 2-5 I just can't get a Internet connection. I read that a lot of people don't seem to like the standard config so I deleted everything and started from scratch with a few youtube tutorials. Here are the links to the video courses I used:
- seemed like the best since it's quite short but didn't work: https://www.youtube.com/watch?v=tg5pHb-NKHA&t=608s
- a whole playlist with step by step configuration: https://www.youtube.com/watch?v=Ax5zHj5kPPQ&t=4s
The thing is if I do a manual config I'm also not getting a internet connection not even via wifi. If anyone has an idea what might be the problem I'd be really happy. I already read a few post here on the forum but it didn't work for me.
-
-
mightyengineer
just joined
- Posts: 2
- Joined:
HAP ax3 Wi:Fi working but no internet via LAN ports
You do not have the required permissions to view the files attached to this post.
Re: HAP ax3 Wi:Fi working but no internet via LAN ports
If you want to start from scratch, you can read the following First time configuration article from the docs:
https://help.mikrotik.com/docs/spaces/R ... figuration
Looking at the configuration you've exported I only see one thing that seems out of order - the DHCP client.
I don't know whether it was just not exported but on the DHCP client there should be that will give you breakout to the internet. Or you could add the route yourself:
https://help.mikrotik.com/docs/spaces/R ... figuration
Looking at the configuration you've exported I only see one thing that seems out of order - the DHCP client.
I don't know whether it was just not exported but on the DHCP client there should be
Code: Select all
add-default-route=yesCode: Select all
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.1
Re: HAP ax3 Wi:Fi working but no internet via LAN ports
Changes to your config.
1. You have guest wifi but no subnet for the guest network so that has been added.
2. Recommend to not use bridge filters to control traffic, use standard ip firewall filter rules (bridge filters are for advanced users for niche cases).
3. So the solution is one of two choices, two bridges or two vlans and single bridge,
Will show the two bridges method although I prefer two vlans.
4. Adjusted the settings for two bridges and also the firewall rules.
5. Assuming not using IPV6 and thus adjusted that.
6. Created a TRUSTED interface to differentiate settings from guests for certain functions.
model = C53UiG+5HPaxD2HPaxD
1. You have guest wifi but no subnet for the guest network so that has been added.
2. Recommend to not use bridge filters to control traffic, use standard ip firewall filter rules (bridge filters are for advanced users for niche cases).
3. So the solution is one of two choices, two bridges or two vlans and single bridge,
Will show the two bridges method although I prefer two vlans.
4. Adjusted the settings for two bridges and also the firewall rules.
5. Assuming not using IPV6 and thus adjusted that.
6. Created a TRUSTED interface to differentiate settings from guests for certain functions.
model = C53UiG+5HPaxD2HPaxD
Code: Select all
# serial number =
/interface bridge
add auto-mac=no comment=defconf name=bridgeH
add auto-mac=no comment=defconf name=bridgeG
/interface wifi
set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\
10min-cac .width=20/40/80mhz configuration.mode=ap .ssid=LanCisneros_5GHz \
disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes \
.ft-over-ds=yes
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\
10min-cac .width=20/40mhz configuration.mode=ap .ssid=LanCisneros_2GHz \
disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes \
.ft-over-ds=yes
add configuration.ssid=LanCisneros_Guest disabled=no mac-address=\
F6:1E:57:6B:2B:E8 master-interface=wifi1 name=wifi3
add configuration.ssid=LanCisneros_Guest disabled=no mac-address=\
F6:1E:57:6B:2B:E9 master-interface=wifi2 name=wifi4
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=TRUSTED
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=guest-dhcp ranges=192.168.78.10-192.168.78.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridgeH name=defconf
add address-pool=guest-dhcp interface=bridgeG name=guest-server
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridgeH comment=defconf interface=ether2
add bridge=bridgeH comment=defconf interface=ether3
add bridge=bridgeH comment=defconf interface=ether4
add bridge=bridgeH comment=defconf interface=ether5
add bridge=bridgeH comment=defconf interface=wifi1
add bridge=bridgeH comment=defconf interface=wifi2
add bridge=bridgeG interface=wifi3
add bridge=bridgeG interface=wifi4
/ip neighbor discovery-settings
set discover-interface-list=TRUSTED
/interface list member
add interface=ether1 list=WAN
add interface=bridgeH list=LAN
add interface=bridgeG list=LAN
add interface=bridgeH list=TRUSTED
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridgeH network=\
192.168.88.0
add address=192.168.78.1/24 comment=defconf interface=bridgeG network=\
192.168.78.0
/ip dhcp-client
add comment=defconf interface=ether1 default-route=yes
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
192.168.88.1
add address=192.168.78.0/24 comment=defconf dns-server=192.168.78.1 gateway=\
192.168.78.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input in-interface=bridgeH { consider adding a source address list to only allow admin devices to router config }
add action=accept chain=input comment="users to services" in-interface-list=LAN dst-port=53 protocol=udp
add action=accept chain=input comment="users to services" in-interface-list=LAN dst-port=53 protocol=tcp
add action=drop chain=input comment="drop all else" { put this rule in last, only after the above ones are in place to avoid being locked out }
++++++++++++++++++++++++++++++++
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat disabled=yes { enable or remove if not required }
add action=drop chain=forward comment="drop all else"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ipv6 settings
set disable-ipv6=yes forward=no
/ipv6 firewall filter
add action=drop chain=input comment="drop all"
add action=drop chain=forward comment="drop all"
/system note
set show-at-login=no
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system routerboard wps-button
set enabled=yes on-event=wps-accept
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="\r\
\n :foreach iface in=[/interface/wifi find where (configuration.mode=\"a\
p\" && disabled=no)] do={\r\
\n /interface/wifi wps-push-button \$iface;}\r\
\n "
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=TRUSTED
Re: HAP ax3 Wi:Fi working but no internet via LAN ports
One small syntax error:
/ip dhcp-client
add comment=defconf interface=ether1 add-default-route=yes
And one more:
/disk settings
set auto-media-interface=bridgeH auto-media-sharing=yes auto-smb-sharing=yes
The second one shouldn't be of that great matter.
Also one suggestion - disable IP services which you won't be using like API, API-SSL, FTP, etc.
/ip dhcp-client
add comment=defconf interface=ether1 add-default-route=yes
And one more:
/disk settings
set auto-media-interface=bridgeH auto-media-sharing=yes auto-smb-sharing=yes
The second one shouldn't be of that great matter.
Also one suggestion - disable IP services which you won't be using like API, API-SSL, FTP, etc.
Re: HAP ax3 Wi:Fi working but no internet via LAN ports
Three other considerations.
Do you want the guest users on 2.4 to see other guest users on 2.4
Do you want the guest users on 5ghz to see other guest users on 5 ghz
Do you wan the guest users on 2.4 to see guest users on 5ghz.
IF NO.
a. on wifi create datapath1 and check client isolation. then on wifi configuration tab ADD datapath1, apply ok.
b. on wifi configuration tab ADD datapath1 apply ok.
c. ON /interface bridge port choose horizon of 2 or any number for both wifi3 and wifi4.
Do you want the guest users on 2.4 to see other guest users on 2.4
Do you want the guest users on 5ghz to see other guest users on 5 ghz
Do you wan the guest users on 2.4 to see guest users on 5ghz.
IF NO.
a. on wifi create datapath1 and check client isolation. then on wifi configuration tab ADD datapath1, apply ok.
b. on wifi configuration tab ADD datapath1 apply ok.
c. ON /interface bridge port choose horizon of 2 or any number for both wifi3 and wifi4.
-
-
mightyengineer
just joined
- Posts: 2
- Joined:
Re: HAP ax3 Wi:Fi working but no internet via LAN ports
First of all, thank you for all the helpful replies and ways to improve my setup! I was checking the routes, dhcp, nat masquerade almost everything I could logically think of. I then tried the default config and was confused why this wouldn't work as well since it's probably meant for people to easily install the router.
So it turns out the problem was my laptops network interface. I was sitting there for hours thinking about possible errors and when my laptop battery died I connected a macbook and all of the sudden it just worked. I was spending two days and then an empty laptop battery fixes my problems. I tested all the ports with the macbook and they work fine. I tested it with the two PCs at home and it worked fine.
I feel a bit dumb for not thinking about changing the device as well since I was sure that it must have been a mistake I made with the configuration of the device. So maybe this post serves as a reminder to always check everything and every device involved just to be on the safe side.
So it turns out the problem was my laptops network interface. I was sitting there for hours thinking about possible errors and when my laptop battery died I connected a macbook and all of the sudden it just worked. I was spending two days and then an empty laptop battery fixes my problems. I tested all the ports with the macbook and they work fine. I tested it with the two PCs at home and it worked fine.
I feel a bit dumb for not thinking about changing the device as well since I was sure that it must have been a mistake I made with the configuration of the device. So maybe this post serves as a reminder to always check everything and every device involved just to be on the safe side.
Who is online
Users browsing this forum: StupidProgrammer and 22 guests