Community discussions

MikroTik App
 
donegal
just joined
Topic Author
Posts: 3
Joined: Tue Sep 20, 2022 10:22 pm

Two hAP ac3's and Ubiquti radios - tips for sharing FTTH connection

Sun Apr 16, 2023 3:26 am

Hi folks,

I'm going to be setting up a wireless bridge soon to take a FTTH broadband connection at one property and share it to a property about 2 kilometres away. I've purchased 2 x MikroTik hAP ac³ and 2 x Ubiquiti AirMAX NanoBeam 5AC to complete the job. I currently use a hAP ac³ at work and while a steep learning curve, it seems a vary capable, stable piece of equipment so I decided to stick with them for this project. I haven't used Ubiquiti kit before but the name is good so seems to be the go to.

The layout will be as folllows:
P2P MikroTik Bridge diagram.png

So I'm looking for pointers as to how best to approach this setup

> I need to VLAN tag the WAN at Property 1 to establish FTTH connection ... assume this shouldn't be much trouble
> I don't want clients in Property 2 to be treated as LAN clients of Property 1
> I want to avoid double-NAT and any issues from running two DHCP servers on the one link
> I might be able to establish two PPPoE sessions (two public IP's) on the one FTTH connection so curious what could be done with this
> Open to hearing small details from anyone who setup similar

Thanks
You do not have the required permissions to view the files attached to this post.
 
User avatar
Frederick88
newbie
Posts: 49
Joined: Thu Jun 24, 2021 12:34 pm

Re: Two hAP ac3's and Ubiquti radios - tips for sharing FTTH connection

Sun Apr 16, 2023 6:57 am

no need to double NAT.

just create two LANs, one for each property.

eg
property 1 uses VLAN 111
property 2 uses VLAN 222

you can present vlan 222 as an untagged native port for the wireless point to point

viewtopic.php?p=781603
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two hAP ac3's and Ubiquti radios - tips for sharing FTTH connection

Sun Apr 16, 2023 11:32 am

Using VLANs would mean that any broadcast traffic in LAN2 (property 2 LAN) would consume precious resources on wireless link.

IMO it would be better to configure radio link as routed link:
  • set up a routing subnet ... a /29 would suffice, 4 addresses (plus broadcast and network) are needed: both nanobeams, property2 hAP ax3 (WAN IP address) and property1 hAP ax3 (port, dedicated for link towards property2)
  • set up property2 hAP ax3 as if WAN was true WAN, just disable all NAT rules. Use property1 hAP ax3' "routing" address as default gateway. You may want to change also firewall filter rules (or entirely disable firewall if both properties are trust worthy ...). Make sure property2 LAN address space is not the same as property1 LAN address space.
  • set up property1 hAP ax3 so that ether port linking towards property2 is taken off bridge and configured in stand-alone manner, i.e. set routing subnet address (with apropriate subnet mask) on ether port.
    Default NAT rules should cover all involved subnets just fine.
    You may want to adjust firewall filter rules (if both properties are not trustworthy).
  • set up routing on property1 hAP ax3 ... add static route with destination of property2 LAN subnet and using property2 hAP ax3 "routing" IP address as gateway

Optionally you may want to establish some sort of encrypted tunnel (e.g. wireguard) between both hAP ax3 routers and use that tunnel to route traffic between both properties ... it's a bit of a complication, but does add a layer of security over wireless link ... making life a bit harder for anybody on the street trying to sniff traffic.
 
donegal
just joined
Topic Author
Posts: 3
Joined: Tue Sep 20, 2022 10:22 pm

Re: Two hAP ac3's and Ubiquti radios - tips for sharing FTTH connection

Sun Apr 16, 2023 4:04 pm

Thanks folks,

I'm a little rusty on the terminology but to put it in very simple terms, I basically want Property 2 traffic to traverse to the internet as if the router at Property 1 isn't there. Now I understand this isn't possible and that both router 1 and router 2 will need to be setup to be aware of each others presence, Ethernet ports assigned, etc but if I can have the router in Property 2 handle the DHCP, DNS and any firewall rules for that property, keeping the load off the router in Property 1 and negating the need for clients in Property 2 to traverse the wireless link for IP assignments, DNS cache, etc .. that would be ideal. It will take a bit of trial and error but I'd be confident the Mikrotiks can cater for such a setup

As for encryption on the wireless bridge with wireguard, while it's certainly interesting, it would be overkill. The two properties are very rural.. the only thing snooping the traffic would be sheep grazing in the fields between!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: Two hAP ac3's and Ubiquti radios - tips for sharing FTTH connection

Sun Apr 16, 2023 4:25 pm

The independence of both properties regarding internet access depends on how does ISP allow you to use their service. If they allow you to connect two (independent) routers, then you can make things pretty independent. For example, you could follow idea by @Frederick88 to use VLANs ... but just to transparrently connect router of property2 to ISP modem via wireless hop (without exposing both wireless devices to brute force of internet). You could use VLAN-aware switch to terminate that VLAN and connect that switch to ISP gadget (you could connect property1 hAP ax to that switch as well if that suits you). Or you can use hAP ax on property1 to terminate VLAN instead.
However, if ISP only allows single client, then the scenario I explained is probably the best approach .... but then the whole networking setup is, of course, far from making both properties independent.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], apitsos, neki and 73 guests