Problem se ziskanim DHCP skeze station-pseudobridge

[hellboycze]

Ahoj,

Snazim se tu dat dohromady nejakou konfiguraci na RB951G-2HnD a nemohu vyresit trivialne marginalni problém.

Vysledek, kterého potrebuji dosáhnout, je naprosto stupidni switch, který je do site pripojen jako AP client.

Tedy mam nekde neMikrotik AP s DHCP a tu 951 potrebuji na toto AP pripojit skrz wifi tak, abych na ethernetovych portech Mikrotiku dostaval DHCP.

Mikrotik mam nastaveny tak, ze všechno funguje, ale jen skrz LAN (proste switch), ale pokud MIkrotik pripojim jen skzr wlan na to AP, tak proste nemohu dostat DHCP na pocitacu pripojenem na MK ethernetu (když nastavim pevne IP adresy, tak se skrz Ethernet-WLAN - AP dostanu na internet, ale dhcp mi nedojde).

Prikladam konfig. Prosim, vedel by někdo poradit, co delam spatne?

# jan/02/1970 00:01:30 by RouterOS 5.26
# software id = QBLS-6F6Z
#
/interface bridge
add admin-mac=4C:5E:0C:FA:A0:A3 ageing-time=5m arp=enabled auto-mac=no \
disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500 \
name=bridge priority=0x8000 protocol-mode=rstp transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=4C:5E:0C:FA:A0:A2 \
master-port=none mtu=1500 name=ether1-masterport speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=4C:5E:0C:FA:A0:A3 \
master-port=ether1-masterport mtu=1500 name=ether2-slave speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=4C:5E:0C:FA:A0:A4 \
master-port=ether1-masterport mtu=1500 name=ether3-slave speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=4C:5E:0C:FA:A0:A5 \
master-port=ether1-masterport mtu=1500 name=ether4-slave speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=4C:5E:0C:FA:A0:A6 \
master-port=none mtu=1500 name=ether5-config-port speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods=\
passthrough group-ciphers=aes-ccm group-key-update=5m interim-update=0s \
management-protection=disabled management-protection-key="" mode=\
dynamic-keys name=default radius-eap-accounting=no radius-mac-accounting=\
no radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=\
557E04D0835D wpa2-pre-shared-key=557E04D0835D
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip \
group-key-update=5m interim-update=0s management-protection=allowed \
management-protection-key="" mode=dynamic-keys name=brno \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity="" tls-certificate=none \
tls-mode=no-certificates unicast-ciphers=tkip wpa-pre-shared-key="" \
wpa2-pre-shared-key=Semsenedostanes
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 area="" \
arp=enabled band=2ghz-b/g/n basic-rates-a/g=6Mbps basic-rates-b=1Mbps \
bridge-mode=enabled channel-width=20/40mhz-ht-above compression=no \
country=no_country_set default-ap-tx-limit=0 default-authentication=yes \
default-client-tx-limit=0 default-forwarding=yes dfs-mode=none \
disable-running-check=no disabled=no disconnect-timeout=3s distance=\
indoors frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower \
frequency-offset=0 hide-ssid=no ht-ampdu-priorities=0 ht-amsdu-limit=8192 \
ht-amsdu-threshold=8192 ht-basic-mcs=\
mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any \
ht-rxchains=0,1 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-\
6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-1\
7,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" ht-txchains=0,1 \
hw-fragmentation-threshold=disabled hw-protection-mode=none \
hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
4C:5E:0C:FA:A0:A7 max-station-count=2007 mode=station-pseudobridge mtu=\
1500 multicast-helper=default name=wlan1 noise-floor-threshold=default \
nv2-cell-radius=30 nv2-noise-floor-offset=default nv2-preshared-key="" \
nv2-qos=default nv2-queue-count=2 nv2-security=disabled \
on-fail-retry-time=100ms periodic-calibration=default \
periodic-calibration-interval=60 preamble-mode=both \
proprietary-extensions=post-2.9.25 radio-name=4C5E0CFAA0A7 \
rate-selection=advanced rate-set=default scan-list=default \
security-profile=brno ssid=tp-link station-bridge-clone-mac=\
00:00:00:00:00:00 supported-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled \
wireless-protocol=any wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9M\
bps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:\
17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,H\
T40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-\
7:17"
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\
3200 framer-policy=none
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp-configpool ranges=192.168.10.10-192.168.10.25
/ip dhcp-server
add address-pool=dhcp-configpool authoritative=after-2sec-delay \
bootp-support=static disabled=no interface=ether5-config-port lease-time=\
1d name=dhcp-config
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=yes use-mpls=default \
use-vj-compression=default
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge port
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether1-masterport path-cost=10 point-to-point=auto priority=\
0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=disabled
set 1 vlan-header=leave-as-is vlan-mode=disabled
set 2 vlan-header=leave-as-is vlan-mode=disabled
set 3 vlan-header=leave-as-is vlan-mode=disabled
set 4 vlan-header=leave-as-is vlan-mode=disabled
set 5 vlan-header=leave-as-is vlan-mode=disabled
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=\
1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:34:C6:70:D3:16 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.5.1/24 comment="IP adresa switche" disabled=no interface=\
bridge network=192.168.5.0
add address=192.168.10.1/24 comment="konfiguracni port" disabled=no \
interface=ether5-config-port network=192.168.10.0
/ip dhcp-client
add add-default-route=yes comment="default configuration" \
default-route-distance=1 disabled=no interface=ether1-masterport \
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.10.0/24 comment="default configuration" dhcp-option="" \
dns-server=8.8.8.8 gateway=192.168.10.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=4096 servers=""
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set ether1-masterport disabled=yes
set ether2-slave disabled=no
set ether3-slave disabled=no
set ether4-slave disabled=no
set ether5-config-port disabled=no
set wlan1 disabled=yes
set bridge disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\
no src-address=0.0.0.0
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1-masterport queue=only-hardware-queue
set ether2-slave queue=only-hardware-queue
set ether3-slave queue=only-hardware-queue
set ether4-slave queue=only-hardware-queue
set ether5-config-port queue=only-hardware-queue
set wlan1 queue=wireless-default
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
trap-target="" trap-version=1
/system clock
set time-zone-name=manual
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system identity
set name=MikroTik
/system leds
set 0 disabled=no interface=wlan1 leds=wlan-led type=wireless-status
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=no mode=broadcast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
600MHz force-backup-booter=no silent-boot=no
/system scheduler
add disabled=yes interval=5m name=Check_ether4 on-event=\
ldz-internal->external policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=jan/01/1970 start-time=00:10:00
/system script
add name=ldz-internal->external policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":global g1 \"na\"\
\n:global bool\
\n/interface ethernet monitor ether4 once do={:set g1 \$status}\
\n:if (\$g1=\"no-link\") do={\
\n:put \"Interface ether4 neaktivni, prepiname na externi konfiguraci\"\
\n/system reset-configuration run-after-reset=ldz-homeconfig-wifi.rsc\
\n}\
\n:if (\$g1=\"link-ok\") do={\
\n:put \"Interface eth4 aktivni, zustavame na interni konfiguraci\"\
\n};\
\n"
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=yes interface=all
add disabled=no interface=ether2-slave
add disabled=no interface=ether3-slave
add disabled=no interface=ether4-slave
add disabled=no interface=ether5-config-port
add disabled=no interface=wlan1
add disabled=no interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes interface=all
add disabled=no interface=ether2-slave
add disabled=no interface=ether3-slave
add disabled=no interface=ether4-slave
add disabled=no interface=ether5-config-port
add disabled=no interface=wlan1
add disabled=no interface=bridge
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
"" filter-mac-address="" filter-mac-protocol="" filter-port="" \
filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no

[ef]

Nedávej wireles mode=station-pseudobridge ale mode= station-bridge

[hellboycze]

Pokud pouziji rezim statin-bridge, tak se mi ta wlan1 na AP (upozornuji, ze to neni Mikrotik AP, ale TP-LINK) vubec nechce pripojit. Co se tyka popisu tech modu, tak na wiki je prave uvedeno, ze statin-bridge je pouze pro MikroTik zarizeni, zatim station-pseudobridge je pro NeMikrotik zarizeni.

Pokud pouziju mode=station, tak je to ok, MK se pripoji, pokud mode=station-pseudobrige, tak je to take OK, wlan se take pripoji, ale nefunguje to tak, jak by melo (ted myslim to DHCP).

[Ladik]

Protoze station-bridge a station-pseudobridge je jenom MikroTik compatible.
Hlavne si vypni "RSTP" v nastaveni bridge !!! a dej tam "none", pak by ti to v rezimu station-pseudobridge melo projit.

[the.max]

Budeš muset udělat WDSko. Na tom TP-Linku budeš muset zapnout WDSko a na 951 pak vytvořit buď statický nebo dynaický WDSko. WDS interface pak také přidat do bridge. Tím zíškáš plně transparentní spojení a tp-link uvidí MAC adresy všech zařízení připojených za 951.
Druhá možnost je v 951 nastavit DHCP relay, ale nikdy jsem to nezkoušel. Teoreticky by to mělo fungovat tak, že to bude forwardovat DHCP requesty z LAN přez wifi a přitom to ošetří tu neviditelnost MAC adresy.
Třetí varianta, vyhodit tp-linka a nahradit také mikrotikem. Potom by už šel nastavit režim station bridge.

[Ladik]

Ahoj ozivim toto tema.
Mam take nejake AP na ktere se pripojuju s MikroTikem HeX znacku toho AP nevim pristup do ni nemam.
MK v modu bridge eth1-5 s wlan (pseudobridge), net jede, dhcp projde normalne.

Ale blokuje to pristup na tiskarnu pres IP a nedostanu se na www rozhrani toho MikroTiku ani tiskarny (ani WinBOX - jen pres mac ten jede), ze site pred nim, jenom kdyz jsem napojeny kabelem primo do toho MikroTIku a v tom bude problem ten MikroTIk neco zahadne blokuje.
Nemate nekdo radu:
Je tam jenom bridge s IP a default routou na gateway

Diky za kazdou radu

[K3NY]

zkus sem hodit vypis z console -> export compact, at je videt co mas kde nastaveny, takhle se neda presne urcit kde je nebo neni problem

[Ladik]

Tady to je, na WInBox se dostanu pres IP jenom kdyz jsem zapojeny kabelem, ale ja to potrebuju pres WiFi tam bude zakopany pes.
/interface bridge
add name=bridge1 protocol-mode=none
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=wpa supplicant-identity="" wpa-pre-shared-key=xxxxxxxx wpa2-pre-shared-key=xxxxxxxx
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n country="czech republic" disabled=no frame-lifetime=1000 frequency-mode=regulatory-domain hw-retries=15 mode=\
station-pseudobridge radio-name="" security-profile=wpa ssid=XXX wireless-protocol=802.11 wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
/ip address
add address=172.16.4.233/24 interface=bridge1 network=172.16.4.0
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add distance=1 gateway=172.16.4.100
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Prague
/system identity
set name=xxx
/system routerboard settings
set cpu-frequency=650MHz init-delay=0s protected-routerboot=disabled

[ludvik]

Ta wifi je připojená někam co máš pod kontrolou? Logicky bude problém na straně AP, když zde určitě není ...

[Ladik]

Praveze pod kontrolou neni a zarizeni k ni pripojene jedou normalne do site.
Jenom jsme do stitkove tiskarny nechteli kupovat drahou wifi kartu za to bych mel CCRko 36jadrove
Tak je tam levny HeX bohuzel ten pseudobridge nefunguje moc dobre.
Funguje to jakoby jednosmerne, pritom net za tim i sluzby jedou.
Proste se pres wifi na to neda dostat, ale po kabelu ano, resp da ale jen pres mac to same na tu tiskarnu pres mac, ale ne na IP neco to blokuje.
Ping jde na tiskárnu z vnejsku normalne, ale sluzby na ni nepropusti.
Z toho MikroTiku si pingnu jak server pred wifi tak tu tiskarnu na nej pripojenou.

[ludvik]

Ty se nepřipojuješ na tento mikrotik, ale na ten co má ap. Pokud je ta tvoje konfigurace kompletní, tak tam prostě nemáš nic, co by to mělo blokovat.
Je to pravděpodobnější, než že jsi objevil chybu ROS.

Pro jistotu zkus vypnout fastpath na bridgi i v systému.

[Ladik]

Ano konfigurace je kompletni.
Vypnuti fast path nepomohlo.
Me hlavne zarazi, ze se nemuzu dostat ze site na toho MikroTika pres IP z wlan strany, ale mac ano.

[ludvik]

Použij sniffer, nebo alespoň torch a sleduj, jestli ti to vůbec přijde ...