• Ether2 - Ether5, switch mode.
• Wireless is bridge with "switch" ports
• LAN (switch mode) side have DHCP Server and DNS cache
• Ether1 is the WAN ("Internet") with DHCP Client to get some an IP from the Router ISP.

Thought default configuration contained masquerade and DHCP server...my mistake.

If I understand correctly, you are looking for a way to let your device work as a switch with accesspoint functionallity.

This can be easaly done by resetting the device with no default configuration:
viewtopic.php?t=71522
Then create a bridge and attach all the interfaces.
Configure DHCP client and WiFi and you're done.

That's the point I was happy with safe mode. I was never able to connect to the device with no default configuration.

That's the point I was happy with safe mode. I was never able to connect to the device with no default configuration.

If I understand correctly, you are looking for a way to let your device work as a switch with accesspoint functionallity.

This can be easaly done by resetting the device with no default configuration:
viewtopic.php?t=71522
Then create a bridge and attach all the interfaces.
Configure DHCP client and WiFi and you're done.

1. Create Bridge - well, this literary says what to do. Go to Bridge menu, create new bridge (button with "+" symbol in winbox or button with "add new" text in webfig), name it as you want and hit OK/Save
2. Attach interfaces - again pretty simple: Go to Bridge Menu, tab "ports" (because you want to add port to the bridge) again hit the "add new" button, select port and bridge and thats it You can either select ports one by one or you can simply select "all" item which will add all of them at once (but then you lose ability to control them separately)
3. Configure DHCP client - Go to IP -> DHCP Client, again "add new", name it properly and select your "bridge" as interface (you should never select specific port which is on the bridge, because such interface is in "slave" mode and the configuration will not work correctly)
4. Configure wifi - fortunately, there is a tutorial: https://wiki.mikrotik.com/wiki/Manual:M ... ireless_AP (just the first part about wireless and security profile)

/export hide-sensitive

It is actually not that hard, as it may look. Basic knowledge of network is recommended. (I thought there is some basic manual on wiki but I couldn't find one... I assume you are asking for such simple questions that nobody ever thought to write it up...)

1. Create Bridge - well, this literary says what to do. Go to Bridge menu, create new bridge (button with "+" symbol in winbox or button with "add new" text in webfig), name it as you want and hit OK/Save
2. Attach interfaces - again pretty simple: Go to Bridge Menu, tab "ports" (because you want to add port to the bridge) again hit the "add new" button, select port and bridge and thats it You can either select ports one by one or you can simply select "all" item which will add all of them at once (but then you lose ability to control them separately)
3. Configure DHCP client - Go to IP -> DHCP Client, again "add new", name it properly and select your "bridge" as interface (you should never select specific port which is on the bridge, because such interface is in "slave" mode and the configuration will not work correctly)
4. Configure wifi - fortunately, there is a tutorial: https://wiki.mikrotik.com/wiki/Manual:M ... ireless_AP (just the first part about wireless and security profile)

Or you can reset your config and go the easy way with "quickset", in top-left corner of the window select "wisp AP" and select "bridge" mode... That will do practically same result...

If something does not work as expected, most likely there is a mistake in your config. If you can't find a solution using https://wiki.mikrotik.com/wiki/Category:Manual , try to summarize your situation, explain what you are trying to achieve, what worked, what didnt worked and export your config using terminal command

Code: Select all

/export hide-sensitive

(and paste it here). That way, anyone will easily understand your whole config and there is higher chance that you get your answers.

This can be easaly done by resetting the device with no default configuration:
viewtopic.php?t=71522

1. go to interface -> interface list: double-click on entry with ether1 interface and change the List from WAN to LAN
2. go to IP -> dhcp-server: remove or disable the DHCP server (buttons - or x)
3. go to IP -> addresses: doubleclick on the entry with 192.168.0.100 and change interface from ether2 to bridge
4. go to IP -> dhcp-client: doubleclick on the entry and change interface from ether1 to bridge - if your home network is in 192.168.0.xxx range and you want to keep static IP 192.168.0.100, you may disable/remove the dhcp-client instead of changing it.
5. go to Bridge -> ports: one by one, attach remaining ports ether3, ether4, ether5 and wlan2 to bridge (for each, add new entry by clicking on + button, select corresponding ethernet interface and bridge, confirm with OK button)
6. go to Wireless -> Security Profiles: doubleclick on "default" entry, change Mode to dynamic keys, check WPA2 PSK and both aes ccm, uncheck WPA PSK, WPA EAP, WPA2 EAP, and both tkip. Set some wifi password into "WPA2 Pre-Shared Key" fields This step is not necessary but without it, your wifi will be open to everyone and that is dangerous. If you have some really old device which won't connect, you may try to check "WPA PSK" and both tkip fields. In such case, don't forget to put your password also to "WPA Pre-Shared Key" field. Old WPA protocol or TKIP encryption are not considered very secure but if your devices require it, I guess you don't have much choice. You can change it anytime later.

@ukracer: Well, this config is clearly default one. I wrongly assumed that you did the config reset with "no-defaults" as mentioned in the original text which you quoted:

This can be easaly done by resetting the device with no default configuration:
viewtopic.php?t=71522

If you start with some config already applied, it is bit more challenging because there will be a lot of setting which needs to be removed/changed. Given the config you posted I would suggest following:
(keep in mind that I still assume you want to have switch+wifi. If your goal is different, let us know)

1. go to interface -> interface list: double-click on entry with ether1 interface and change the List from WAN to LAN
2. go to IP -> dhcp-server: remove or disable the DHCP server (buttons - or x)
3. go to IP -> addresses: doubleclick on the entry with 192.168.0.100 and change interface from ether2 to bridge
4. go to IP -> dhcp-client: doubleclick on the entry and change interface from ether1 to bridge - if your home network is in 192.168.0.xxx range and you want to keep static IP 192.168.0.100, you may disable/remove the dhcp-client instead of changing it.
5. go to Bridge -> ports: one by one, attach remaining ports ether3, ether4, ether5 and wlan2 to bridge (for each, add new entry by clicking on + button, select corresponding ethernet interface and bridge, confirm with OK button)
6. go to Wireless -> Security Profiles: doubleclick on "default" entry, change Mode to dynamic keys, check WPA2 PSK and both aes ccm, uncheck WPA PSK, WPA EAP, WPA2 EAP, and both tkip. Set some wifi password into "WPA2 Pre-Shared Key" fields This step is not necessary but without it, your wifi will be open to everyone and that is dangerous. If you have some really old device which won't connect, you may try to check "WPA PSK" and both tkip fields. In such case, don't forget to put your password also to "WPA Pre-Shared Key" field. Old WPA protocol or TKIP encryption are not considered very secure but if your devices require it, I guess you don't have much choice. You can change it anytime later.

I recommend to do it in order as written, otherwise your mikrotik dhcp-server may interfere with rest of the network.
When you disable your DHCP server, you might lose connection. In such case, don't panic and connect your winbox via MAC address (works best if you are directly connected by ethernet cable to LAN port - currently ether2)

Once you are done with all these things, you should see your network without any issue on all ports. If you have any issues, share again your current config. As you already noticed, no personal stuff is there and it gives us complete overview of your setting which makes it easy to help.
If everything goes right, you can also clear your firewall rules in IP->firewall->filter and IP->firewall->NAT

@anav
does the wisp ap mode on your cAP configure only 5G wifi or both 2G and 5G? I actually tried that earlier on my hAP ac^2 and it worked perfectly, except skipping the 2G wifi configuration.

Thats why you use your magic pin and reset it to defaults and then following the steps.

Yup exactly, so why cannot you connect to the router from the PC.
If the PC is setup with static IP 192.168.88.2 and point to gateway 192.168.88.1 and the router reset to defaults it should just work
Did you startup winbox??

I guess the big problem with such "simple" tasks is that prior to starting to configure, RB needs to be reset with no configuration. And then usual (by SOHO standards) configuration method (use web browser) doesn't work, one needs to use Winbox.

As there's no such simple default config to choose in quickset, things get complicated out of beginner users' proportions.

Okay after you have used the pin to reset the router, and have setup your pc.
Just plug eth2 directly to your PC. You should be able to winbox directly into the router unless its broken???

If you start with some config already applied, it is bit more challenging because there will be a lot of setting which needs to be removed/changed. Given the config you posted I would suggest following:
(keep in mind that I still assume you want to have switch+wifi. If your goal is different, let us know)

1. go to interface -> interface list: double-click on entry with ether1 interface and change the List from WAN to LAN
2. go to IP -> dhcp-server: remove or disable the DHCP server (buttons - or x)
3. go to IP -> addresses: doubleclick on the entry with 192.168.0.100 and change interface from ether2 to bridge
4. go to IP -> dhcp-client: doubleclick on the entry and change interface from ether1 to bridge - if your home network is in 192.168.0.xxx range and you want to keep static IP 192.168.0.100, you may disable/remove the dhcp-client instead of changing it.
5. go to Bridge -> ports: one by one, attach remaining ports ether3, ether4, ether5 and wlan2 to bridge (for each, add new entry by clicking on + button, select corresponding ethernet interface and bridge, confirm with OK button)
6. go to Wireless -> Security Profiles: doubleclick on "default" entry, change Mode to dynamic keys, check WPA2 PSK and both aes ccm, uncheck WPA PSK, WPA EAP, WPA2 EAP, and both tkip. Set some wifi password into "WPA2 Pre-Shared Key" fields This step is not necessary but without it, your wifi will be open to everyone and that is dangerous. If you have some really old device which won't connect, you may try to check "WPA PSK" and both tkip fields. In such case, don't forget to put your password also to "WPA Pre-Shared Key" field. Old WPA protocol or TKIP encryption are not considered very secure but if your devices require it, I guess you don't have much choice. You can change it anytime later.

I recommend to do it in order as written, otherwise your mikrotik dhcp-server may interfere with rest of the network.
When you disable your DHCP server, you might lose connection. In such case, don't panic and connect your winbox via MAC address (works best if you are directly connected by ethernet cable to LAN port - currently ether2)

Once you are done with all these things, you should see your network without any issue on all ports. If you have any issues, share again your current config. As you already noticed, no personal stuff is there and it gives us complete overview of your setting which makes it easy to help.
If everything goes right, you can also clear your firewall rules in IP->firewall->filter and IP->firewall->NAT

If you start with some config already applied, it is bit more challenging because there will be a lot of setting which needs to be removed/changed. Given the config you posted I would suggest following:
(keep in mind that I still assume you want to have switch+wifi. If your goal is different, let us know)

1. go to interface -> interface list: double-click on entry with ether1 interface and change the List from WAN to LAN
2. go to IP -> dhcp-server: remove or disable the DHCP server (buttons - or x)
3. go to IP -> addresses: doubleclick on the entry with 192.168.0.100 and change interface from ether2 to bridge
4. go to IP -> dhcp-client: doubleclick on the entry and change interface from ether1 to bridge - if your home network is in 192.168.0.xxx range and you want to keep static IP 192.168.0.100, you may disable/remove the dhcp-client instead of changing it.
5. go to Bridge -> ports: one by one, attach remaining ports ether3, ether4, ether5 and wlan2 to bridge (for each, add new entry by clicking on + button, select corresponding ethernet interface and bridge, confirm with OK button)
6. go to Wireless -> Security Profiles: doubleclick on "default" entry, change Mode to dynamic keys, check WPA2 PSK and both aes ccm, uncheck WPA PSK, WPA EAP, WPA2 EAP, and both tkip. Set some wifi password into "WPA2 Pre-Shared Key" fields This step is not necessary but without it, your wifi will be open to everyone and that is dangerous. If you have some really old device which won't connect, you may try to check "WPA PSK" and both tkip fields. In such case, don't forget to put your password also to "WPA Pre-Shared Key" field. Old WPA protocol or TKIP encryption are not considered very secure but if your devices require it, I guess you don't have much choice. You can change it anytime later.

I recommend to do it in order as written, otherwise your mikrotik dhcp-server may interfere with rest of the network.
When you disable your DHCP server, you might lose connection. In such case, don't panic and connect your winbox via MAC address (works best if you are directly connected by ethernet cable to LAN port - currently ether2)

Once you are done with all these things, you should see your network without any issue on all ports. If you have any issues, share again your current config. As you already noticed, no personal stuff is there and it gives us complete overview of your setting which makes it easy to help.
If everything goes right, you can also clear your firewall rules in IP->firewall->filter and IP->firewall->NAT