Ordinarily not, but in this case it did require a maintenance window since I was trying to export a configuration with the new wifi-qcom-ac installed.Making a config export does not require a maintenance window.
Fortunately I've made huge progress! The wifi-qcom-ac package is now installed (instead of the wireless package), and it appears I've got everything working at least as well as it did with the wireless package. The next project will be to get the 4 WiFi radios (total across the 2 routers) under CAPsMAN (running on the "interior" hAP ac^3), but that's a project for a future day. Below is a terse export of the configuration on "MikroTik 1," the ISP-facing hAP ac^2. The ~ (tilde) marks indicate redacted information. Critiques would be welcome. The DHCP server attached to wifi1 (the 2.4 GHz radio) and doling out addresses in the 10.0.2.x subnet is no longer displaying "invalid" in WebFig, so that cosmetic (?) issue appears to be resolved. I think I must've missed some configuration repair items with the wlan(x) to wifi(x) renaming back before I opened this thread, but I guess they're all cleaned up now in this configuration.
"Free HDD Space" on the hAP ac^2 with base RouterOS 7.13.3 and the wifi-qcom-ac package (only) is hovering around 672 KiB. Is that the best I can do, or would a netinstall improve that number? Anything else I can do to improve free space?
Code:
# 2024-02-~~ ~~:~~:~~ by RouterOS 7.13.3# software id = YR0I-AGNB## model = RBD52G-5HacD2HnD# serial number = C~~~~~~~~~~~/interface bridge add admin-mac=08:55:~~:~~:~~:~~ auto-mac=no comment=defconf name=bridge port-cost-mode=short/interface list add comment=defconf name=WAN/interface list add comment=defconf name=LAN/interface lte apn set [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wifi security add authentication-types=wpa2-psk connect-priority=0 disable-pmkid=yes disabled=no encryption=ccmp management-protection=disabled name=default-sec wps=disable/interface wifi security add authentication-types=wpa2-psk connect-priority=0 disable-pmkid=yes disabled=no encryption=ccmp management-protection=disabled name=default-guest wps=disable/interface wifi set [ find default-name=wifi1 ] channel.band=2ghz-n .frequency=2412 .skip-dfs-channels=all .width=20mhz configuration.country=Singapore .mode=ap .ssid=~ disabled=no security=default-guest security.connect-priority=0/interface wifi set [ find default-name=wifi2 ] channel.band=5ghz-ac .frequency=5745 .skip-dfs-channels=all .width=20mhz configuration.country=Singapore .mode=ap .ssid=~ disabled=no security=default-sec security.connect-priority=0/ip pool add name=dhcp ranges=10.0.1.10-10.0.1.190/ip pool add name=dhcp-guest ranges=10.0.2.10-10.0.2.190/ip dhcp-server add address-pool=dhcp interface=bridge lease-time=3h name=defconf/ip dhcp-server add address-pool=dhcp-guest bootp-support=none interface=wifi1 lease-time=2h name=guest/queue type add kind=sfq name=sfq-default sfq-perturb=10/queue type add cake-rtt=200ms kind=cake name=cake-default/queue simple add disabled=yes max-limit=65M/85M name=sfq-default queue=sfq-default/sfq-default target=10.0.1.0/24/queue simple add max-limit=4M/8M name=sfq-guest queue=sfq-default/sfq-default target=10.0.2.0/24/queue simple add max-limit=65M/85M name=cake-default queue=cake-default/cake-default target=10.0.1.0/24/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=wifi2 internal-path-cost=10 path-cost=10/ip neighbor discovery-settings set discover-interface-list=none/ip settings set max-neighbor-entries=8192/ipv6 settings set accept-router-advertisements=no disable-ipv6=yes max-neighbor-entries=8192/interface list member add comment=defconf interface=bridge list=LAN/interface list member add comment=defconf interface=ether1 list=WAN/interface ovpn-server server set auth=sha1,md5/ip address add address=10.0.1.1/24 comment=defconf interface=bridge network=10.0.1.0/ip address add address=10.0.2.1/24 interface=wifi1 network=10.0.2.0/ip cloud set update-time=no/ip dhcp-client add comment=defconf interface=ether1 use-peer-dns=no use-peer-ntp=no/ip dhcp-server lease add address=10.0.1.201 mac-address=90:32:~~:~~:~~:~~ server=defconf/ip dhcp-server lease add address=10.0.1.240 mac-address=94:CC:~~:~~:~~:~~ server=defconf/ip dhcp-server lease add address=10.0.1.241 mac-address=94:CC:~~:~~:~~:~~ server=defconf/ip dhcp-server lease add address=10.0.1.2 lease-time=6h mac-address=08:55:~~:~~:~~:~~ server=defconf/ip dhcp-server lease add address=10.0.1.200 mac-address=20:C9:~~:~~:~~:~~ server=defconf/ip dhcp-server network add address=10.0.1.0/24 comment=defconf dns-server=9.9.9.9,1.1.1.2 gateway=10.0.1.1 netmask=24/ip dhcp-server network add address=10.0.2.0/24 dns-server=9.9.9.9,1.1.1.2 gateway=10.0.2.1 netmask=24/ip dns set servers=9.9.9.9,1.1.1.2/ip dns static add address=10.0.1.1 comment=defconf name=router.lan/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" in-interface-list=LAN protocol=icmp/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes hw-offload=yes/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN/ip firewall filter add action=drop chain=forward dst-address=10.0.1.0/24 src-address=10.0.2.0/24/ip firewall filter add action=drop chain=forward dst-address=10.0.2.0/24 src-address=10.0.1.0/24/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN/ip firewall nat add action=masquerade chain=srcnat out-interface=wifi1 src-address=10.0.2.0/24/ip service set telnet disabled=yes/ip service set ftp disabled=yes/ip service set www address=10.0.1.0/24/ip service set ssh address=10.0.1.0/24/ip service set api address=10.0.1.0/24 disabled=yes/ip service set winbox address=10.0.1.0/24/ip service set api-ssl address=10.0.1.0/24 disabled=yes/ip smb set allow-guests=no comment=Backup/ip ssh set strong-crypto=yes/routing bfd configuration add disabled=no/system clock set time-zone-autodetect=no time-zone-name=Asia/Singapore/system identity set name="MikroTik 1"/system note set show-at-login=no/system ntp client set enabled=yes/system ntp client servers add address=pool.ntp.org/tool bandwidth-server set enabled=no/tool mac-server set allowed-interface-list=none/tool mac-server mac-winbox set allowed-interface-list=none/tool mac-server ping set enabled=noStatistics: Posted by BBCWatcher — Sun Feb 04, 2024 7:11 am