General • Can't get DHCP with WLAN when using bridge VLAN filtering

Hi everyone, i'm implementing the new (to me) Bridge VLAN Filtering in my network, as they say it's the best practice to use this VLAN method. Ok, everything was working fine, i can get IP addresses when connected to the ethernet ports, but when i was configuring the WLANs, i couldn't get IP addresses.

My equipment:

• Mikrotik RouterBOARD RB3011UiAS-RM @ RouterOS v7.15beta9

• Mikrotik hAP AC3 (RBD53iG-5HacD2HnD) @ RouterOS v7.15beta9

• Mikrotik Cloud Smart Switch CSS326-24G-2S+

Notes:

• I didn't configured CAPsMAN for a single reason, in the day i was configuring everything, i've seen on Mikrotik's wiki that VLANs don't work with WPA3 as can be seen in the Datapath Properties section of this page: https://help.mikrotik.com/docs/display/ ... properties.

  "802.11ac chipsets do not support this type of VLAN tagging , but they can be configured as VLAN access ports in bridge settings."

  • I can't get DHCP only from WLAN, LAN is working fine
  • Each SSID is configured as a access port
  • I'm using my hAP AC3 as my RADIUS server (with UserMan)
  • I'm using WPA3 EAP-TTLS for some networks, and WPA3 PSK for others
  Questions:
  • Is it possible do assign dynamic VLANs in some other way? Have one SSID to rule them all and depending on the user that logs in, a different VLAN will be assigned, then they'll get DHCP from that respective network?
  • If no, it's possible to limit the SSID that an user can connect? Ex.: User1 can connect only to SSID1 and User2 only connects to SSID2 and SSID3 for example.
  • Does Mikrotik have some form of PPSK?
  • Also, internet is kinda slow, i mean, it's working, but when i load a page, the loading lasts for about 10s, i don't really know what is causing this performance issue.
  Can you guys take a look and help me? Even a direction to follow would be very helpful, thanks in advance.
  
  RB3011UiAS-RM Config
  Code:

  [Prometheus@MikroTik-RB3011UiAS-RM] > export# 2024-04-03 13:30:30 by RouterOS 7.15beta9# software id = 73G8-DCW6## model = RB3011UiAS# serial number = XXXXXXXXXXXX/diskset usb1 media-interface=none media-sharing=noadd media-interface=none media-sharing=no parent=usb1 partition-number=1 partition-offset=512 partition-size="62 058 921 472" type=partition/interface bridgeadd frame-types=admit-only-vlan-tagged name=BRIDGE-VLAN-SW1 vlan-filtering=yesadd frame-types=admit-only-vlan-tagged name=BRIDGE-VLAN-SW2 vlan-filtering=yes/interface ethernetset [ find default-name=ether1 ] comment="ISP ONT | Primary WAN Link | Auth: | ISP: Algar Telecom | Type: Fiber | Rx: 600 Mbps | Tx: 300 Mbps "set [ find default-name=ether2 ] comment="Backup WAN Link | Auth: N/A | ISP: N/A | Type: N/A | Rx: N/A | Tx: N/A | Future Implementation | Disabled for Port Security" disabled=yesset [ find default-name=ether3 ] comment="Main Management Interface"set [ find default-name=ether4 ] comment="Backup Management Interface"set [ find default-name=ether5 ] comment="Connection Between Switch Chips | Hardware Limitation | Connected to Ether6"set [ find default-name=ether6 ] comment="Connection Between Switch Chips | Hardware Limitation | Connected to Ether5"set [ find default-name=ether7 ] comment="Downlink | Trunk | Mikrotik CSS326-24G-2S+RM"set [ find default-name=ether8 ] comment="Disabled for Port Security" disabled=yesset [ find default-name=ether9 ] comment="Disabled for Port Security" disabled=yesset [ find default-name=ether10 ] comment="Downlink | Trunk | Mikrotik hAP-AC3 (RBD53iG-5HacD2HnD)" poe-out=offset [ find default-name=sfp1 ] comment="Disabled for Port Security" disabled=yes/interface pppoe-clientadd add-default-route=yes comment="Main WAN Link | Auth: | ISP: Algar Telecom | Type: Fiber | Rx: 600 Mbps | Tx: 300 Mbps " disabled=no interface=ether1 max-mru=1492 max-mtu=1492 name=PPPoE-AlgarTelecom use-peer-dns=yes user=algar/interface vlanadd interface=BRIDGE-VLAN-SW2 name=VLAN10-TrustedNetwork vlan-id=10add interface=BRIDGE-VLAN-SW2 name=VLAN20-FamilyNetwork vlan-id=20add interface=BRIDGE-VLAN-SW2 name=VLAN30-LegacyNetwork vlan-id=30add interface=BRIDGE-VLAN-SW2 name=VLAN40-GuestsNetwork vlan-id=40add interface=BRIDGE-VLAN-SW2 name=VLAN50-IoTNetwork vlan-id=50add interface=BRIDGE-VLAN-SW2 name=VLAN60-StreamingNetwork vlan-id=60add interface=BRIDGE-VLAN-SW2 name=VLAN70-PrintersNetwork vlan-id=70add interface=BRIDGE-VLAN-SW2 name=VLAN80-VoIPNetwork vlan-id=80add interface=BRIDGE-VLAN-SW2 name=VLAN90-SecurityNetwork vlan-id=90add interface=BRIDGE-VLAN-SW2 name=VLAN99-ManagementNetwork vlan-id=99add interface=BRIDGE-VLAN-SW2 name=VLAN100-ServersNetwork vlan-id=100add interface=BRIDGE-VLAN-SW2 name=VLAN200-WireguardNetwork vlan-id=200add interface=BRIDGE-VLAN-SW2 name=VLAN255-DemilitarizedNetworkNetwork vlan-id=255/interface listadd name=WANadd name=LANadd name=Management/ip pooladd name=POOL-PTP-Ether2 ranges=192.168.0.2-192.168.0.254add name=POOL-VLAN10-TrustedNetwork ranges=10.0.10.2-10.0.10.254add name=POOL-VLAN20-FamilyNetwork ranges=10.0.20.2-10.0.20.254add name=POOL-VLAN30-LegacyNetwork ranges=10.0.30.2-10.0.30.254add name=POOL-VLAN40-GuestsNetwork ranges=10.0.40.2-10.0.40.254add name=POOL-VLAN50-IoTNetwork ranges=10.0.50.2-10.0.50.254add name=POOL-VLAN60-StreamingNetwork ranges=10.0.60.2-10.0.60.254add name=POOL-VLAN70-PrintersNetwork ranges=10.0.70.2-10.0.70.254add name=POOL-VLAN80-VoIPNetwork ranges=10.0.80.2-10.0.80.254add name=POOL-VLAN90-SecurityNetwork ranges=10.0.90.2-10.0.90.254add name=POOL-VLAN99-ManagementNetwork ranges=10.0.99.2-10.0.99.254add name=POOL-VLAN100-ServersNetwork ranges=10.0.100.2-10.0.100.254add name=POOL-VLAN200-WireguardNetwork ranges=10.0.200.2-10.0.200.254add name=POOL-VLAN255-DemilitarizedNetwork ranges=10.0.255.2-10.0.255.254/ip dhcp-serveradd address-pool=POOL-VLAN10-TrustedNetwork comment="DHCP Server for Trusted Network" interface=VLAN10-TrustedNetwork name=DHCPv4-VLAN10-TrustedNetworkadd address-pool=POOL-VLAN20-FamilyNetwork comment="DHCP Server for Family Network" interface=VLAN20-FamilyNetwork name=DHCPv4-VLAN20-FamilyNetworkadd address-pool=POOL-VLAN30-LegacyNetwork comment="DHCP Server for Legacy Network" interface=VLAN30-LegacyNetwork name=DHCPv4-VLAN30-LegacyNetworkadd address-pool=POOL-VLAN40-GuestsNetwork comment="DHCP Server for Guests Network" interface=VLAN40-GuestsNetwork name=DHCPv4-VLAN40-GuestsNetworkadd address-pool=POOL-VLAN50-IoTNetwork comment="DHCP Server for IoT Network" interface=VLAN50-IoTNetwork name=DHCPv4-VLAN50-IoTNetworkadd address-pool=POOL-VLAN60-StreamingNetwork comment="DHCP Server for Streaming Network" interface=VLAN60-StreamingNetwork name=DHCPv4-VLAN60-StreamingNetworkadd address-pool=POOL-VLAN70-PrintersNetwork comment="DHCP Server for Printers Network" interface=VLAN70-PrintersNetwork name=DHCPv4-VLAN70-PrintersNetworkadd address-pool=POOL-VLAN80-VoIPNetwork comment="DHCP Server for VoIP Network" interface=VLAN80-VoIPNetwork name=DHCPv4-VLAN80-VoIPNetworkadd address-pool=POOL-VLAN90-SecurityNetwork comment="DHCP Server for Security Network" interface=VLAN90-SecurityNetwork name=DHCPv4-VLAN90-SecurityNetworkadd address-pool=POOL-VLAN99-ManagementNetwork comment="DHCP Server for Management Network" interface=VLAN99-ManagementNetwork name=DHCPv4-VLAN99-ManagementNetworkadd address-pool=POOL-VLAN100-ServersNetwork comment="DHCP Server for Servers Network" interface=VLAN100-ServersNetwork name=DHCPv4-VLAN100-ServersNetworkadd address-pool=POOL-VLAN200-WireguardNetwork comment="DHCP Server for Wireguard Network" interface=VLAN200-WireguardNetwork name=DHCPv4-VLAN200-WireguardNetworkadd address-pool=POOL-VLAN255-DemilitarizedNetwork comment="DHCP Server for Demilitarized Network" interface=VLAN255-DemilitarizedNetworkNetwork name=DHCPv4-VLAN255-DemilitarizedNetwork/portset 0 name=serial0/user-manager user groupset [ find default-name=default ] inner-auths=peap-mschap2 outer-auths=eap-tls/interface bridge portadd bridge=BRIDGE-VLAN-SW2 frame-types=admit-only-vlan-tagged interface=ether7add bridge=BRIDGE-VLAN-SW2 frame-types=admit-only-vlan-tagged interface=ether10add bridge=BRIDGE-VLAN-SW1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=99add bridge=BRIDGE-VLAN-SW1 interface=ether4 pvid=99add bridge=BRIDGE-VLAN-SW1 interface=ether5add bridge=BRIDGE-VLAN-SW2 interface=ether6/interface bridge vlanadd bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=10add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=20add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=30add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=40add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=50add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=60add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=70add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=80add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=90add bridge=BRIDGE-VLAN-SW2 tagged=ether6,ether7,ether10,BRIDGE-VLAN-SW2 vlan-ids=99add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=100add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=200add bridge=BRIDGE-VLAN-SW2 tagged=ether7,ether10 vlan-ids=255add bridge=BRIDGE-VLAN-SW1 tagged=ether5,BRIDGE-VLAN-SW1 untagged=ether3,ether4 vlan-ids=99/interface list memberadd interface=PPPoE-AlgarTelecom list=WANadd interface=ether2 list=WANadd interface=ether3 list=Managementadd interface=ether4 list=Managementadd interface=VLAN99-ManagementNetwork list=Managementadd interface=VLAN10-TrustedNetwork list=LANadd interface=VLAN20-FamilyNetwork list=LANadd interface=VLAN30-LegacyNetwork list=LANadd interface=VLAN40-GuestsNetwork list=LANadd interface=VLAN50-IoTNetwork list=LANadd interface=VLAN60-StreamingNetwork list=LANadd interface=VLAN70-PrintersNetwork list=LANadd interface=VLAN80-VoIPNetwork list=LANadd interface=VLAN90-SecurityNetwork list=LANadd interface=VLAN100-ServersNetwork list=LANadd interface=VLAN200-WireguardNetwork list=LANadd interface=VLAN255-DemilitarizedNetworkNetwork list=LAN/ip addressadd address=10.0.10.1/24 comment="IP Address for VLAN 10" interface=VLAN10-TrustedNetwork network=10.0.10.0add address=10.0.20.1/24 comment="IP Address for VLAN 20" interface=VLAN20-FamilyNetwork network=10.0.20.0add address=10.0.30.1/24 comment="IP Address for VLAN 30" interface=VLAN30-LegacyNetwork network=10.0.30.0add address=10.0.40.1/24 comment="IP Address for VLAN 40" interface=VLAN40-GuestsNetwork network=10.0.40.0add address=10.0.50.1/24 comment="IP Address for VLAN 50" interface=VLAN50-IoTNetwork network=10.0.50.0add address=10.0.60.1/24 comment="IP Address for VLAN 60" interface=VLAN60-StreamingNetwork network=10.0.60.0add address=10.0.70.1/24 comment="IP Address for VLAN 70" interface=VLAN70-PrintersNetwork network=10.0.70.0add address=10.0.80.1/24 comment="IP Address for VLAN 80" interface=VLAN80-VoIPNetwork network=10.0.80.0add address=10.0.90.1/24 comment="IP Address for VLAN 90" interface=VLAN90-SecurityNetwork network=10.0.90.0add address=10.0.99.1/24 comment="IP Address for VLAN 99" interface=VLAN99-ManagementNetwork network=10.0.99.0add address=10.0.100.1/24 comment="IP Address for VLAN 100" interface=VLAN100-ServersNetwork network=10.0.100.0add address=10.0.200.1/24 comment="IP Address for VLAN 200" interface=VLAN200-WireguardNetwork network=10.0.200.0add address=10.0.255.1/24 comment="IP Address for VLAN 255" interface=VLAN255-DemilitarizedNetworkNetwork network=10.0.255.0/ip dhcp-server networkadd address=10.0.10.0/24 comment="Trusted Network" dns-server=94.140.14.14,94.140.14.14 gateway=10.0.10.1 netmask=24add address=10.0.20.0/24 comment="Family Network" dns-server=94.140.14.15,94.140.15.16 gateway=10.0.20.1add address=10.0.30.0/24 comment="Legacy Network" dns-server=94.140.14.15,94.140.15.16 gateway=10.0.30.1add address=10.0.40.0/24 comment="Guests Network" dns-server=94.140.14.15,94.140.15.16 gateway=10.0.40.1add address=10.0.50.0/24 comment="IoT Network" dns-server=94.140.14.14,94.140.15.15 gateway=10.0.50.1add address=10.0.60.0/24 comment="Streaming Network" dns-server=94.140.14.14,94.140.15.15 gateway=10.0.60.1add address=10.0.70.0/24 comment="Printers Network" dns-server=94.140.14.14,94.140.15.15 gateway=10.0.70.1add address=10.0.80.0/24 comment="VoIP Network" dns-server=94.140.14.14,94.140.15.15 gateway=10.0.80.1add address=10.0.90.0/24 comment="Security Network" dns-server=94.140.14.14,94.140.15.15 gateway=10.0.90.1add address=10.0.99.0/24 comment="Management Network" dns-server=94.140.14.14,94.140.15.15 gateway=10.0.99.1add address=10.0.100.0/24 comment="Servers Network" dns-server=1.1.1.1,1.0.0.1 gateway=10.0.100.1add address=10.0.200.0/24 comment="Wireguard Network" dns-server=1.1.1.1,1.0.0.1 gateway=10.0.200.1add address=10.0.255.0/24 comment="Demilitarized Network" dns-server=1.1.1.1,1.0.0.1 gateway=10.0.255.1/ip dnsset cache-size=4096KiB servers=1.1.1.1,1.0.0.1/ip firewall address-listadd address=0.0.0.0/8 comment="RFC6890/RFC1122 - Section 3.2.1.3" list=no_forward_ipv4add address=169.254.0.0/16 comment="RFC6890/RFC3927 - Link Local" list=no_forward_ipv4add address=224.0.0.0/4 comment=Multicast list=no_forward_ipv4add address=255.255.255.255 comment="RFC6890/RFC0919 - Section 7 - Limited Broadcast" list=no_forward_ipv4add address=127.0.0.0/8 comment="RFC6890/RFC1122 - Section 3.2.1.3 - Loopback" list=bad_ipv4add address=192.0.0.0/24 comment="RFC6890 - Section 2.1 - IETF Protocol Assignments" list=bad_ipv4add address=192.0.2.0/24 comment="RFC6890/RFC5737 - TEST-NET-1" list=bad_ipv4add address=198.51.100.0/24 comment="RFC6890/RFC5737 - TEST-NET-2" list=bad_ipv4add address=203.0.113.0/24 comment="RFC6890/RFC5737 - TEST-NET-3" list=bad_ipv4add address=240.0.0.0/4 comment="RFC6890/RFC1112 - Reserved" list=bad_ipv4add address=224.0.0.0/4 comment=Multicast list=bad_src_ipv4add address=255.255.255.255 comment="RFC6890/RFC0919 - Section 7 - Limited Broadcast" list=bad_src_ipv4add address=0.0.0.0/8 comment="RFC6890/RFC1122 - Section 3.2.1.3" list=bad_dst_ipv4add address=224.0.0.0/4 comment=Multicast list=bad_dst_ipv4/ip firewall filteradd action=fasttrack-connection chain=forward comment=Fasttrack connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="Accept all that matches IPSec policy" disabled=yes ipsec-policy=in,ipsecadd action=add-src-to-address-list address-list=1111 address-list-timeout=30s chain=input comment="Port Knocking - Step 01" dst-port=1111 in-interface-list=WAN protocol=tcpadd action=add-src-to-address-list address-list=2001 address-list-timeout=30s chain=input comment="Port Knocking - Step 02" dst-port=2001 in-interface-list=WAN protocol=tcp src-address-list=1111add action=add-src-to-address-list address-list=secured address-list-timeout=30m chain=input comment="Port Knocking - Step 03" dst-port=3011 in-interface-list=WAN protocol=tcp src-address-list=2001add action=accept chain=input comment="Port Knocking - Accept" in-interface-list=WAN src-address-list=securedadd action=drop chain=input comment=Blacklist disabled=yes in-interface-list=WAN src-address-list=blacklistadd action=add-src-to-address-list address-list=blacklist address-list-timeout=16h40m chain=input comment=Blacklist disabled=yes dst-port=666 in-interface-list=WAN protocol=tcpadd action=add-src-to-address-list address-list=blacklist address-list-timeout=1m chain=input comment=Blacklist disabled=yes dst-port=21,22,23,8291,10000-60000 in-interface-list=WAN protocol=tcp src-address-list=!securedadd action=add-src-to-address-list address-list=bruteforce_blacklist address-list-timeout=1d chain=input comment=Blacklist connection-state=new dst-port=22 protocol=tcp src-address-list=connection3add action=add-src-to-address-list address-list=connection3 address-list-timeout=1h chain=input comment="Third attempt" connection-state=new dst-port=22 protocol=tcp src-address-list=connection2,!securedadd action=add-src-to-address-list address-list=connection2 address-list-timeout=15m chain=input comment="Second attempt" connection-state=new dst-port=22 protocol=tcp src-address-list=connection1add action=add-src-to-address-list address-list=connection1 address-list-timeout=5m chain=input comment="First attempt" connection-state=new dst-port=22 protocol=tcpadd action=accept chain=input comment="Accept traffic not from blacklist" dst-port=22 protocol=tcp src-address-list=!bruteforce_blacklistadd action=accept chain=input comment="Accept ICMP after RAW" protocol=icmpadd action=accept chain=input comment="Accept established,related,untracked" connection-state=established,related,untrackedadd action=drop chain=input comment="Drop all traffic not coming from management interfaces" in-interface-list=!Managementadd action=accept chain=forward comment="Accept all that matches IPSec policy" disabled=yes ipsec-policy=in,ipsecadd action=fasttrack-connection chain=forward comment=Fasttrack connection-state=established,related hw-offload=yesadd action=accept chain=forward comment="Accept established,related, untracked" connection-state=established,related,untrackedadd action=drop chain=forward comment="Drop invalid" connection-state=invalidadd action=drop chain=forward comment="Drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WANadd action=drop chain=forward comment="Drop bad forward IPs" src-address-list=no_forward_ipv4add action=drop chain=forward comment="Drop bad forward IPs" dst-address-list=no_forward_ipv4/ip firewall natadd action=accept chain=srcnat comment="Accept all that matches IPSec policy" disabled=yes ipsec-policy=out,ipsecadd action=masquerade chain=srcnat comment="NAT Masquerade" out-interface-list=WAN/ip firewall rawadd action=accept chain=prerouting comment="Enable for transparent firewall" disabled=yesadd action=accept chain=prerouting comment="Accept DHCP discover" dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=udp src-address=0.0.0.0 src-port=68add action=drop chain=prerouting comment="Drop bogon IP's" src-address-list=bad_ipv4add action=drop chain=prerouting comment="Drop bogon IP's" dst-address-list=bad_ipv4add action=drop chain=prerouting comment="Drop bogon IP's" src-address-list=bad_src_ipv4add action=drop chain=prerouting comment="Drop bogon IP's" dst-address-list=bad_dst_ipv4add action=drop chain=prerouting comment="Drop non global from WAN" in-interface-list=WAN src-address-list=not_global_ipv4add action=drop chain=prerouting comment="Drop forward to local lan from WAN" disabled=yes dst-address=192.168.88.0/24 in-interface-list=WANadd action=drop chain=prerouting comment="Drop bad UDP" port=0 protocol=udpadd action=jump chain=prerouting comment="Jump to ICMP chain" jump-target=icmp4 protocol=icmpadd action=jump chain=prerouting comment="Jump to TCP chain" jump-target=bad_tcp protocol=tcpadd action=accept chain=prerouting comment="Accept everything else from LAN" in-interface-list=LANadd action=accept chain=prerouting comment="Accept everything else from WAN" in-interface-list=WANadd action=accept chain=prerouting comment="Accept everything else from Management" in-interface-list=Managementadd action=drop chain=prerouting comment="Drop the rest"add action=drop chain=bad_tcp comment="TCP flag filter" protocol=tcp tcp-flags=!fin,!syn,!rst,!ackadd action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,synadd action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rstadd action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ackadd action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urgadd action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rstadd action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urgadd action=drop chain=bad_tcp comment="TCP port 0 drop" port=0 protocol=tcpadd action=accept chain=icmp4 comment="Echo reply" icmp-options=0:0 limit=5,10:packet protocol=icmpadd action=accept chain=icmp4 comment="Net unreachable" icmp-options=3:0 protocol=icmpadd action=accept chain=icmp4 comment="Host unreachable" icmp-options=3:1 protocol=icmpadd action=accept chain=icmp4 comment="Protocol unreachable" icmp-options=3:2 protocol=icmpadd action=accept chain=icmp4 comment="Port unreachable" icmp-options=3:3 protocol=icmpadd action=accept chain=icmp4 comment="Fragmentation needed" icmp-options=3:4 protocol=icmpadd action=accept chain=icmp4 comment=Echo icmp-options=8:0 limit=5,10:packet protocol=icmpadd action=accept chain=icmp4 comment="Time exceeded " icmp-options=11:0-255 protocol=icmpadd action=drop chain=icmp4 comment="Drop other icmp" protocol=icmp/ip serviceset telnet disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/system clockset time-zone-name=America/Sao_Paulo/system identityset name=MikroTik-RB3011UiAS-RM/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=200.160.7.186add address=201.49.148.135add address=200.186.125.195add address=200.20.186.76/system package updateset channel=testingset auto-upgrade=yes/tool romonset enabled=yes id=00:00:00:00:30:11/user-managerset certificate=CA-CERTIFICATE

  hAP AC3 Config
  Code:

  [Prometheus@MikroTik hAP-AC3] > export# 1970-01-02 11:08:47 by RouterOS 7.15beta9# software id = IETE-65SI## model = RBD53iG-5HacD2HnD# serial number = XXXXXXXXXXX/interface bridgeadd frame-types=admit-only-vlan-tagged name=BRIDGE vlan-filtering=yes/interface wifiset [ find default-name=wifi1 ] channel.band=2ghz-n .skip-dfs-channels=all .width=20/40mhz configuration.country=Brazil .hide-ssid=no .mode=ap .ssid="LFH - Management" disabled=no name=VLAN99-Management-2.4GHz security.authentication-types=wpa3-eap .disable-pmkid=yes .eap-methods=ttls .encryption=ccmp,ccmp-256 .ft=no .ft-over-ds=no .wps=\    disableset [ find default-name=wifi2 ] channel.band=5ghz-ac .skip-dfs-channels=all .width=20/40/80mhz configuration.country=Brazil .hide-ssid=no .mode=ap .ssid="LFH - Management" disabled=no name=VLAN99-Management-5.8GHz security.authentication-types=wpa3-eap .disable-pmkid=yes .eap-methods=tls .encryption=ccmp,ccmp-256 .ft=no .ft-over-ds=no \    .wps=disable/interface wifi configurationadd channel.skip-dfs-channels=all country=Brazil disabled=no mode=ap name=Preset-EAP-TTLS security.authentication-types=wpa3-eap .disable-pmkid=yes .eap-methods=ttls .encryption=ccmp,ccmp-256 .ft=no .ft-over-ds=no .wps=disableadd channel.skip-dfs-channels=all country=Brazil disabled=no mode=ap name=Preset-PSK security.authentication-types=wpa3-psk .disable-pmkid=yes .eap-methods=ttls .encryption=ccmp,ccmp-256 .ft=no .ft-over-ds=no .wps=disable/interface wifiadd configuration=Preset-EAP-TTLS configuration.mode=ap .ssid="LFH - Trust" disabled=no mac-address=1A:FD:74:XX:XX:XX master-interface=VLAN99-Management-2.4GHz name=VLAN10-TrustedNetwork-2.4GHz security.eap-methods=ttlsadd configuration=Preset-EAP-TTLS configuration.mode=ap .ssid="LFH - Trust" disabled=no mac-address=1A:FD:74:XX:XX:XX master-interface=VLAN99-Management-5.8GHz name=VLAN10-TrustedNetwork-5.8GHz security.eap-methods=ttlsadd configuration=Preset-EAP-TTLS configuration.mode=ap .ssid="LFH - Family" disabled=no mac-address=1A:FD:74:XX:XX:XX master-interface=VLAN99-Management-2.4GHz name=VLAN20-FamilyNetwork-2.4GHz security.authentication-types=wpa3-eap .eap-methods=ttls .encryption=ccmp,ccmp-256add configuration=Preset-EAP-TTLS configuration.mode=ap .ssid="LFH - Family" disabled=no mac-address=1A:FD:74:XX:XX:XX master-interface=VLAN99-Management-5.8GHz name=VLAN20-FamilyNetwork-5.8GHz security.authentication-types=wpa3-eap .eap-methods=ttls .encryption=ccmp,ccmp-256add configuration=Preset-PSK configuration.mode=ap .ssid="LFH - Guests" disabled=no mac-address=1A:FD:74:XX:XX:XX master-interface=VLAN99-Management-2.4GHz name=VLAN40-GuestsNetwork-2.4GHz security.authentication-types=wpa3-psk .eap-methods=ttls .encryption=ccmp,ccmp-256add configuration=Preset-PSK configuration.mode=ap .ssid="LFH - Guests" disabled=no mac-address=1A:FD:74:XX:XX:XX master-interface=VLAN99-Management-5.8GHz name=VLAN40-GuestsNetwork-5.8GHz security.authentication-types=wpa3-psk .eap-methods=ttls .encryption=ccmp,ccmp-256add configuration=Preset-PSK configuration.mode=ap .ssid="LFH - IoT" disabled=no mac-address=1A:FD:74:XX:XX:XX master-interface=VLAN99-Management-2.4GHz name=VLAN50-IoTNetwork-2.4GHz security.authentication-types=wpa2-psk,wpa3-psk .encryption=ccmp,ccmp-256add configuration=Preset-PSK configuration.mode=ap .ssid="LFH - IoT" disabled=no mac-address=1A:FD:74:XX:XX:XX master-interface=VLAN99-Management-5.8GHz name=VLAN50-IoTNetwork-5.8GHz security.authentication-types=wpa2-psk,wpa3-psk .eap-methods=ttls .encryption=ccmp,ccmp-256/user-manager profileadd name=EAP-TTLS name-for-users=EAP-TTLS validity=unlimited/user-manager useradd name=Prometheus shared-users=2add name=LucasFigueiraHarada shared-users=2/user-manager user groupset [ find default-name=default ] outer-auths=eap-tls,eap-ttls,eap-peap,eap-mschap2/interface bridge portadd bridge=BRIDGE frame-types=admit-only-vlan-tagged interface=ether1add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=99add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=99add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=99add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=99add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=VLAN40-GuestsNetwork-2.4GHz pvid=40add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=VLAN40-GuestsNetwork-5.8GHz pvid=40add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=VLAN10-TrustedNetwork-2.4GHz pvid=10add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=VLAN10-TrustedNetwork-5.8GHz pvid=10add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=VLAN20-FamilyNetwork-2.4GHz pvid=20add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=VLAN20-FamilyNetwork-5.8GHz pvid=20add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=VLAN99-Management-2.4GHz pvid=99add bridge=BRIDGE frame-types=admit-only-untagged-and-priority-tagged interface=VLAN99-Management-5.8GHz pvid=99/interface bridge vlanadd bridge=BRIDGE tagged=ether1 untagged=ether2,ether3,ether4,ether5,VLAN99-Management-2.4GHz,VLAN99-Management-5.8GHz vlan-ids=99add bridge=BRIDGE tagged=ether1 untagged=VLAN40-GuestsNetwork-2.4GHz,VLAN40-GuestsNetwork-5.8GHz vlan-ids=40add bridge=BRIDGE tagged=ether1 untagged=VLAN20-FamilyNetwork-2.4GHz,VLAN20-FamilyNetwork-5.8GHz vlan-ids=20add bridge=BRIDGE tagged=ether1 untagged=VLAN10-TrustedNetwork-2.4GHz,VLAN10-TrustedNetwork-5.8GHz vlan-ids=10/radiusadd address=127.0.0.1 service=hotspot,wireless,ipsec,dot1x/system identityset name="MikroTik hAP-AC3"/system noteset show-at-login=no/system package updateset channel=testing/system routerboard settingsset auto-upgrade=yes/tool romonset enabled=yes id=00:00:00:00:AC:03/user-managerset certificate=SERVER-CERTIFICATE enabled=yes/user-manager routeradd address=127.0.0.1 name=hAP-AC3/user-manager user-profileadd profile=EAP-TTLS user=Prometheusadd profile=EAP-TTLS user=LucasFigueiraHarada

Statistics: Posted by LFHarada — Wed Apr 03, 2024 7:46 pm

---