Community discussions

MikroTik App
  4. RouterOS
  5. Wireless Networking

internet / hotspot bridge using STX 6pack RB2011 and RB951

Post Reply
 
martolvan
just joined
Topic Author
Posts: 8
Joined: Fri Oct 04, 2013 2:55 pm

internet / hotspot bridge using STX 6pack RB2011 and RB951

Mon Mar 24, 2014 2:23 pm

BB2011UiAS-hot-hotsp.rsc
RB951-ap-poe-1.rsc
Hi I've been struggling alot with making this work (10 days)

Mission is

[RB2011UiAS - internet gateway w. hotspot and internal net] > [STX-G5HPnd r2 -PtMP] <> 5 x [STX 5PHnd] > [RB915Ui-2HnD]

network setup is :
internet <> internal network 192.168.60.0/24, VLAN 13 - SSID: Company
> Hotspot network 192.168.50.0/24, VLAN 23 - SSID: Guestnet

It all works on the RB2011 box using that wifi, but never using RB951 wifi, My intention is to use bridged non routed networks separating them using VLAN tagging in both ends.

I do only get ip address for guest net through STX link, however if I substitute STX link with wire I get ip addresses from the RB2011 but no internet connection.
I attach all configs here:
You do not have the required permissions to view the files attached to this post.
Top
 
martolvan
just joined
Topic Author
Posts: 8
Joined: Fri Oct 04, 2013 2:55 pm

Re: internet / hotspot bridge using STX 6pack RB2011 and RB9

Wed Mar 26, 2014 12:18 am

I have gotten Both the RB2011 and the RB951 to work on both VLANS (giving ip's, routing traffic, active hotspot) through wire but no matter how I change the STX link it will not route both Vlans I can one at a time.
Different STP RSTP etc have little effect I can only create vLAN bridges in the AP unit with level 4 ROS.

Is what I'm trying to achieve not possible with this STX link ?
Top
 
martolvan
just joined
Topic Author
Posts: 8
Joined: Fri Oct 04, 2013 2:55 pm

Re: internet / hotspot bridge using STX 6pack RB2011 and RB9

Fri Apr 11, 2014 8:04 pm

Finally I got this to work even though I still can not find the logic in VLAN implementation í Microtik her is the working config
#RB2011 router
# apr/11/2014 12:24:02 by RouterOS 6.5
# software id = W5K8-11HQ
#
/interface bridge
add l2mtu=1594 name=bridge-guestnet protocol-mode=rstp
add admin-mac=4C:5E:0C:27:3B:47 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] name=ether10-uplink
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=2462 hide-ssid=yes \
l2mtu=2290 mode=ap-bridge ssid="" wireless-protocol=802.11
/ip neighbor discovery
set ether1-gateway discover=no
set ether3 discover=no
/interface vlan
add interface=ether10-uplink l2mtu=1594 name=vlan13 vlan-id=1
add interface=ether10-uplink l2mtu=1594 name=vlan23 vlan-id=23
/interface wireless
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:27:3B:51 master-interface=\
wlan1 name=wlan-hoffell ssid=Hoffell wds-cost-range=0 wds-default-cost=0
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
otherpw wpa2-pre-shared-key=otherpw
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=prfile-guest \
supplicant-identity="" wpa-pre-shared-key=guestnet wpa2-pre-shared-key=\
guestnet
/interface wireless
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:27:3B:50 master-interface=\
wlan1 name=wlan-guestnet security-profile=prfile-guest ssid=guestnet \
wds-cost-range=0 wds-default-cost=0
/ip hotspot profile
set [ find default=yes ] login-by=cookie
add dns-name=hoffell-hotspot.local hotspot-address=192.168.0.1 login-by=\
cookie,http-pap name=hsprof1 rate-limit=256000 smtp-server=10.0.0.3
/ip pool
add name=dhcp_pool1 ranges=192.168.100.20-192.168.100.199
add name=dhcp_pool2 ranges=192.168.0.20-192.168.0.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge-local name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=bridge-guestnet name=dhcp2
/ip hotspot
add address-pool=dhcp_pool2 disabled=no interface=bridge-guestnet name=\
hotspot1 profile=hsprof1
/ip hotspot user profile
set [ find default=yes ] address-pool=dhcp_pool2 idle-timeout=none \
keepalive-timeout=2m mac-cookie-timeout=3d rate-limit=500000 \
shared-users=3
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local edge=no interface=ether5 point-to-point=yes
add bridge=bridge-guestnet interface=wlan-guestnet
add bridge=bridge-guestnet edge=no interface=vlan23
add bridge=bridge-local interface=wlan-hoffell
add bridge=bridge-local edge=no interface=ether10-uplink
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface ethernet switch port
set 4 default-vlan-id=0
set 5 default-vlan-id=0
/interface ethernet switch vlan
add independent-learning=no ports=ether5 switch=switch1 vlan-id=13
add independent-learning=no ports=ether5 switch=switch1 vlan-id=23
add ports=ether10-uplink switch=switch2 vlan-id=13
add ports=ether10-uplink switch=switch2 vlan-id=23
/ip address
add address=192.168.100.1/24 comment="default configuration" interface=\
bridge-local network=192.168.100.0
add address=192.168.0.1/24 interface=bridge-guestnet network=192.168.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=10.0.0.1 domain=guest.net gateway=\
192.168.0.1 netmask=24 ntp-server=193.4.194.10
add address=192.168.100.0/24 dns-server=10.0.0.1 domain=hoffell.local gateway=\
192.168.100.1 netmask=24 ntp-server=193.4.194.10 wins-server=192.168.100.1
/ip dns
set allow-remote-requests=yes servers=212.30.200.200,212.30.200.199
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=input dst-address=192.168.100.0/24 protocol=tcp \
src-address=192.168.0.0/24
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.0.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.0.0/24 to-addresses=0.0.0.0
/ip hotspot user
add name=admin password=pwpwpwpw
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=1
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H1
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H2
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H3
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H4
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=H5
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M1
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M2
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M3
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M4
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M5
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M6
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M7
add limit-bytes-in=300000000 limit-bytes-out=300000000 limit-bytes-total=\
500000000 name=M8
/ip hotspot walled-garden
add dst-host=htttp://www.vedur.is src-address=192.168.0.0/24
add dst-host=htttp://www.vegagerd.is src-address=192.168.0.0/24
add dst-host=htttp://www.vegag.is src-address=192.168.0.0/24
add dst-host=htttp://www.belgingur.is src-address=192.168.0.0/24
/ip service
set telnet disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip smb
set allow-guests=no domain=Hoffell enabled=yes interfaces=bridge-local
/lcd interface
set sfp1 interface=sfp1
set ether1-gateway interface=ether1-gateway
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6-master-local interface=ether6-master-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-uplink interface=ether10-uplink
set wlan1 interface=wlan1
/lcd interface pages
set 0 interfaces="sfp1,ether1-gateway,ether2,ether3,ether4,ether5,ether6-maste\
r-local,ether7-slave-local,ether8-slave-local,ether9-slave-local,ether10-u\
plink,wlan1"
/system clock
set time-zone-name=Atlantic/Reykjavik
/system identity
set name=ROUT1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.4.194.10 secondary-ntp=\
130.208.160.41
/system scheduler
add interval=1d name=rst-hspot-user-cnt on-event=rst-hspot-cnt policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=feb/25/2006 start-time=12:30:01
/system script
add name=rst-hspot-cnt policy=\
ftp,reboot,read,write,policy,test,winbox,password source=\
"/ip hotspot user reset-counters"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=wlan1
add interface=bridge-local
/tool sniffer
set filter-interface=ether10-uplink streaming-server=192.168.100.1

#SXT AP G-5HnD r2, Distribution Bridge access point

# apr/11/2014 11:48:11 by RouterOS 6.1
# software id = RWIN-I709
#
/interface bridge
add l2mtu=1600 name=bidge-local protocol-mode=rstp
/interface wireless
set 0 antenna-gain=14 band=5ghz-a/n channel-width=20/40mhz-ht-above country=\
iceland disabled=no frequency=5200 ht-ampdu-priorities=0,1,2,3,4,5,6,7 \
ht-guard-interval=long ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=\
ap-bridge name=wlan-1 nv2-preshared-key=pwpwpwpw nv2-security=enabled \
ssid=DistrHF wds-default-bridge=bidge-local wds-ignore-ssid=yes wds-mode=\
static wireless-protocol=nv2
/interface wireless nstreme
set wlan-1 enable-polling=no framer-policy=dynamic-size
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods=\
passthrough mode=dynamic-keys supplicant-identity=MikroTik \
wpa2-pre-shared-key=pwpwpwpw
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/interface bridge port
add bridge=bidge-local edge=no interface=ether1
add bridge=bidge-local interface=wlan-1
/interface bridge settings
set use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.100.10/24 interface=bidge-local network=192.168.100.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns
set servers=8.8.8.8
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Atlantic/Reykjavik
/system identity
set name=BR-AP1
/system leds
set 0 interface=wlan-1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.4.194.10 secondary-ntp=\
130.208.160.41

# SXT 5HPnD Brigdge station 1 thru 5

# apr/11/2014 10:47:19 by RouterOS 6.10
# software id = 3F35-G4HM
#
/interface bridge
add l2mtu=1598 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyn channel-width=\
20/40mhz-ht-above disabled=no frequency=5200 l2mtu=2290 mode=\
station-bridge nv2-preshared-key=pwpwpwpw nv2-security=enabled ssid=\
DistrHF wds-default-bridge=bridge-local wds-mode=static \
wireless-protocol=nv2
/interface ethernet
set [ find default-name=ether1 ] mac-address=D4:CA:6D:D0:AC:8A name=\
ether1-local
/interface wireless nstreme
set wlan1 enable-nstreme=yes
/interface vlan
add interface=ether1-local l2mtu=1594 name=vlan13 vlan-id=13
/interface ethernet switch port
set 0 vlan-mode=disabled
set 1 vlan-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=pwpwpwpw
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/interface bridge port
add bridge=bridge-local edge=no interface=ether1-local
add bridge=bridge-local edge=no interface=wlan1 point-to-point=yes
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.100.11/24 interface=bridge-local network=192.168.100.0
/ip dns
set servers=8.8.8.8
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip route
add distance=1 gateway=192.168.100.1
/ip upnp
set allow-disable-external-interface=no
/system clock
set time-zone-name=Atlantic/Reykjavik
/system identity
set name=BR-ST1
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.4.194.10


# RB 951Ui-HPnD user Acesspoin 1 to 5 each powers theit relative SXT unit on port 5

# apr/11/2014 11:42:57 by RouterOS 6.5
# software id = PSL0-XTXG
#
/interface bridge
add l2mtu=1594 name=bridge-guestnet protocol-mode=rstp
add l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=iceland disabled=no \
frequency=2437 frequency-mode=superchannel hide-ssid=yes l2mtu=2290 mode=\
ap-bridge ssid="" wireless-protocol=802.11
/interface eoip
add mac-address=00:00:5E:80:00:02 name=eoip-GW remote-address=192.168.0.1 \
tunnel-id=3
/ip neighbor discovery
set ether2 discover=no
/interface vlan
add interface=ether5 l2mtu=1594 name=vlan13 vlan-id=13
add interface=ether5 l2mtu=1594 name=vlan23 vlan-id=23
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:FB:FB:F1 master-interface=\
wlan1 name=wlan-hoffell ssid=Hoffell wds-cost-range=0 wds-default-bridge=\
bridge-local wds-default-cost=0
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
otherpw wpa2-pre-shared-key=otherpw
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=guestnet \
supplicant-identity="" wpa-pre-shared-key=guestnet wpa2-pre-shared-key=\
guestnet
/interface wireless
add disabled=no l2mtu=2290 mac-address=D6:CA:6D:FB:FB:F2 master-interface=\
wlan1 name=wlan-guestnet security-profile=guestnet ssid=guestnet \
wds-cost-range=0 wds-default-bridge=bridge-guestnet wds-default-cost=0
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/interface bridge port
add bridge=bridge-guestnet edge=no interface=vlan23
add bridge=bridge-guestnet edge=yes interface=wlan-guestnet
add bridge=bridge-local edge=no interface=ether5
add bridge=bridge-local edge=yes interface=wlan-hoffell
/interface bridge settings
set use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/ip address
add address=192.168.0.3/24 interface=eoip-GW network=192.168.0.0
add address=192.168.100.3/24 interface=bridge-local network=192.168.100.0
/ip dns
set servers=8.8.8.8
/system clock
set time-zone-name=Atlantic/Reykjavik
/system identity
set name=AP2
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes mode=unicast primary-ntp=193.4.194.10 secondary-ntp=\
130.208.160.41
Regards Stefan
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 34 guests
  4. RouterOS
  5. Wireless Networking