Community discussions

MikroTik App
 
User avatar
PCNetworks
newbie
Topic Author
Posts: 35
Joined: Tue Feb 19, 2013 7:57 am
Location: California

[SOLVED] QRT G-2SHPnD Configured as WDS Access-Point to Access-Point Connection Issue

Mon Mar 16, 2015 1:03 am

Used: http://wiki.mikrotik.com/wiki/Wireless_WDS_Mesh
After using dynamic mesh, pointed all routers DNS towards the first router at the bandwidth source.

ROS Version: 6.27

UPDATE I have configured the wireless settings on 2 of the Access Points as station leaving the Gateway device configured under ap bridge...
When doing this, the routers connect wireless-ly and gain gateway access, which indicates that wireless and encryption settings are allowing proper connection between each intended AP.
Likewise... I can use any number of mobile devices to successfully connect to the Internet VIA the primary gateway AP.

I have (3) three QRT G-2SHPnD

I want to setup them up using WDS Access Point (ap bridge) configuration where the (2) Access Points will have NO Ethernet provided gateway connectivity, ONLY WDS Wireless is desired to provide them gateway from the MAIN ROUTER.

When I have the devices all connected VIA Ethernet making settings, I am able to ping each host from one another successfully with present routing established, including ping the world.
So far I have only had success with client connections being able to gateway from the MAIN ROUTER, when the other 2 Access Points are powered but not connected to Ethernet they allow mobile devices to connect wireless-ly and acquire IP Address, however no gateway is available tot he connected device..

I have configured the Wireless, Wireless security and DHCP for roaming clients, the AP's are static IP Addresses within the same network.

When viewing Wireless > Registration from any one of the (3) three devices, it is clear that a wireless connection is established between all (3) three Access Points and they are running in WDS as AP.

UPDATE: I just discovered that "when" the 2 Access Points are connected to the gateway Access Point; When I am inside of the gateway Access Point observing the Neighbor list.... there are no neighbors listed - an this is with ALL interfaces enabled in Discovery Interfaces

The problem begins when I remove (2) two of the Access Points from their Ethernet connection where configuration occurred; even though the Wireless Connectivity remains stable you are unable to ping the Wireless Interface IP Address of any of the wireless-ly connected Access Point's.

If someone could enlighten me as to my errors would be great.

Below I have ran export on all 3 routers....

MAIN ROUTER
# jan/02/1970 22:13:34 by RouterOS 6.27
# software id = 6Z77-50U0
#
/interface bridge
add mtu=1500 name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-local
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip management-protection=allowed mode=dynamic-keys name=SecProf \
    supplicant-identity="" unicast-ciphers=tkip wpa-pre-shared-key="M&C<|R&jX@*'\?<O]Gj\?\$4pYT'FSl4IFF;*:LdBq+db\$YaKhQy\?mL; ou(/W9^I\$" \
    wpa2-pre-shared-key="M&C<|R&jX@*'\?<O]Gj\?\$4pYT'FSl4IFF;*:LdBq+db\$YaKhQy\?mL; ou(/W9^I\$"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no l2mtu=2290 mode=ap-bridge name=wlan1-gateway radio-name=Saini-1 \
    security-profile=SecProf ssid=EYE wds-mode=dynamic
/ip neighbor discovery
set wlan1-gateway discover=no
/ip pool
add name=pool1 ranges=10.0.0.20-10.0.0.84
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge1 name=dhcp-server-1 src-address=10.10.0.1
/system logging action
set 3 remote=198.105.254.64
/interface bridge port
add bridge=bridge1 comment="LAN Port to Bridge" interface=ether1-local
add bridge=bridge1 comment="WLAN Port to Bridge" interface=wlan1-gateway
/interface wireless access-list
add comment="Saini-3 Access" mac-address=4C:5E:0C:50:EA:60 signal-range=-100..120
add comment="Saini-2 Access" mac-address=4C:5E:0C:50:EA:5E signal-range=-100..120
/interface wireless connect-list
add comment="Saini-3 Connect" interface=wlan1-gateway mac-address=4C:5E:0C:50:EA:60 security-profile=SecProf signal-range=-100..120 ssid=\
    EYE
add comment="Saini-2 Connect" interface=wlan1-gateway mac-address=4C:5E:0C:50:EA:5E security-profile=SecProf signal-range=-100..120 ssid=\
    EYE
/ip accounting
set account-local-traffic=yes enabled=yes
/ip accounting web-access
set accessible-via-web=yes
/ip address
add address=10.0.0.21/24 comment="TEST ONLY  Gateway" interface=bridge1 network=10.0.0.0
add address=10.10.0.1/32 comment="WLAN Interface" interface=bridge1 network=10.10.0.0
add address=192.168.88.1/24 comment="LAN Interface" interface=bridge1 network=192.168.88.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=wlan1-gateway
/ip dhcp-server network
add address=10.0.0.0/24 comment="WLAN DHCP configuration" dns-server=10.0.0.1 gateway=10.0.0.1 ntp-server=64.6.144.6,64.147.116.229
/ip dns
set allow-remote-requests=yes servers=198.6.1.3
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=established disabled=yes
add chain=input comment="default configuration" connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=wlan1-gateway
add chain=forward comment="default configuration" connection-state=established disabled=yes
add chain=forward comment="default configuration" connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=established disabled=yes
add chain=input comment="default configuration" connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=wlan1-gateway
add chain=forward comment="default configuration" connection-state=established disabled=yes
add chain=forward comment="default configuration" connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add chain=input comment="Accept established connections" connection-state=established disabled=yes
add chain=input comment="Accept related connections" connection-state=related disabled=yes
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid disabled=yes
add chain=input comment=UDP disabled=yes protocol=udp
add chain=input comment="Allow limited pings" disabled=yes limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" disabled=yes protocol=icmp
add chain=input comment="SSH for secure shell" disabled=yes dst-port=22 protocol=tcp
add chain=input comment=winbox disabled=yes dst-port=8291 protocol=tcp
add chain=input comment="From VSAT network" disabled=yes src-address=10.0.0.0/24
add chain=input disabled=yes src-address=10.10.0.0/24
add action=log chain=input comment="Log everything else" disabled=yes log-prefix="DROP INPUT"
/ip firewall nat
add action=masquerade chain=srcnat comment="Bridge NAT" out-interface=bridge1
add action=masquerade chain=srcnat comment="WLAN NAT" out-interface=bridge1
add action=masquerade chain=srcnat comment="LAN NAT" out-interface=bridge1
/ip packing
add interface=ether1-local
add interface=wlan1-gateway
add interface=bridge1
/ip proxy
set cache-path=web-proxy1
/ip route
add comment="TEST ONLY Default Static Route" distance=1 gateway=10.0.0.1
add comment="Route to AP-Secondary" distance=1 dst-address=10.10.0.2/32 gateway=bridge1 pref-src=10.10.0.1
add comment="Route to AP-Tertiary" distance=1 dst-address=10.10.0.3/32 gateway=bridge1 pref-src=10.10.0.1
add comment="Route to Saini-2 LAN" distance=1 dst-address=192.168.89.1/32 gateway=bridge1
add comment="Route to Saini-3 LAN" distance=1 dst-address=192.168.90.1/32 gateway=bridge1
/ip service
set telnet address=0.0.0.0/0
set ftp address=0.0.0.0/0
set www address=0.0.0.0/0
set ssh address=0.0.0.0/0
set www-ssl address=0.0.0.0/0
set api address=0.0.0.0/0
set winbox address=0.0.0.0/0
set api-ssl address=0.0.0.0/0
/ip smb
set comment=MikrotikSMB-1 enabled=yes
/snmp
set contact=help4u@pcnetworking.us enabled=yes location=Saini
/system clock
set time-zone-autodetect=no
/system identity
set name=AP-Primary
/system leds
set 0 interface=wlan1-gateway
/system ntp client
set enabled=yes

SECOND ROUTER
# mar/14/2015 23:35:11 by RouterOS 6.27
# software id = GV3L-CIKT
#
/interface bridge
add mtu=1500 name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-local
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip \
    management-protection=allowed mode=dynamic-keys name=SecProf \
    supplicant-identity="" unicast-ciphers=tkip wpa-pre-shared-key=\
    "M&C<|R&jX@*'\?<O]Gj\?\$4pYT'FSl4IFF;*:LdBq+db\$YaKhQy\?mL; ou(/W9^I\$" \
    wpa2-pre-shared-key=\
    "M&C<|R&jX@*'\?<O]Gj\?\$4pYT'FSl4IFF;*:LdBq+db\$YaKhQy\?mL; ou(/W9^I\$"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no l2mtu=2290 mode=\
    ap-bridge name=wlan1-gateway radio-name=Saini-2 security-profile=SecProf \
    ssid=EYE wds-default-bridge=bridge1 wds-mode=dynamic
/ip neighbor discovery
set wlan1-gateway discover=no
/ip pool
add name=pool1 ranges=10.0.0.85-10.0.0.149
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge1 name=server1 \
    src-address=10.10.0.2
/interface bridge port
add bridge=bridge1 interface=ether1-local
add bridge=bridge1 interface=wlan1-gateway
/interface wireless connect-list
add comment="Saini-3 Access" interface=wlan1-gateway mac-address=\
    4C:5E:0C:50:EA:60 security-profile=SecProf signal-range=-100..120 ssid=\
    EYE
add comment="Saini-1 Access" interface=wlan1-gateway mac-address=\
    4C:5E:0C:4C:40:11 security-profile=default signal-range=-100..120 ssid=\
    EYE
/ip accounting
set account-local-traffic=yes enabled=yes
/ip accounting web-access
set accessible-via-web=yes
/ip address
add address=10.0.0.22/24 comment="LAN test Gateway" interface=bridge1 \
    network=10.0.0.0
add address=10.10.0.2/32 comment="WLAN Interface" interface=bridge1 network=\
    10.10.0.0
add address=192.168.89.1/24 comment="LAN Interface" interface=bridge1 \
    network=192.168.89.0
/ip dhcp-server network
add address=10.0.0.0/32 dns-server=10.0.0.1 gateway=10.0.0.1 ntp-server=\
    64.6.144.6,64.147.116.229
/ip dns
set allow-remote-requests=yes servers=10.0.0.21
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=wlan1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" disabled=yes \
    in-interface=wlan1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
add chain=input comment="Accept established connections" connection-state=\
    established
add chain=input comment="Accept related connections" connection-state=related
add action=drop chain=input comment="Drop invalid connections" \
    connection-state=invalid
add chain=input comment=UDP protocol=udp
add chain=input comment="Allow limited pings" limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add chain=input comment="SSH for secure shell" dst-port=22 protocol=tcp
add chain=input comment=winbox dst-port=8291 protocol=tcp
add chain=input comment="From VSAT network" src-address=10.0.0.0/24
add chain=input src-address=10.10.0.0/24
add action=log chain=input comment="Log everything else" log-prefix=\
    "DROP INPUT"
/ip firewall nat
add action=masquerade chain=srcnat comment="WLAN NAT" out-interface=bridge1 \
    to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="LAN NAT" out-interface=bridge1
add action=masquerade chain=srcnat comment="Bridge NAT" out-interface=bridge1 \
    to-addresses=0.0.0.0
/ip packing
add interface=ether1-local
add interface=wlan1-gateway
add interface=bridge1
/ip route
add comment="TEST ONLY Default Static Gateway" distance=1 gateway=10.0.0.21 \
    pref-src=10.0.0.22
add comment="Route to AP-Tertiary" distance=1 dst-address=10.10.0.3/32 \
    gateway=bridge1 pref-src=10.10.0.2
add comment="Route to Saini-1 LAN" distance=1 dst-address=192.168.88.1/32 \
    gateway=bridge1
add comment="Route to Saini-3 LAN" distance=1 dst-address=192.168.90.1/32 \
    gateway=bridge1
/ip smb
set comment=MikrotikSMB-2 enabled=yes
/snmp
set contact=help4u@pcnetworking.us enabled=yes location=Saini-2
/system clock
set time-zone-name=America/New_York
/system identity
set name=AP-Secondary
/system leds
set 0 interface=wlan1-gateway
/system ntp client
set enabled=yes
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether1-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether1-local

ROUTER THREE
# jan/01/1970 19:27:03 by RouterOS 6.27
# software id = L1QA-7AXU
#
/interface bridge
add mtu=1500 name=bridge1
/interface ethernet
set [ find default-name=ether1 ] name=ether1-local
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=tkip management-protection=allowed mode=dynamic-keys name=SecProf \
    supplicant-identity="" unicast-ciphers=tkip wpa-pre-shared-key="M&C<|R&jX@*'\?<O]Gj\?\$4pYT'FSl4IFF;*:LdBq+db\$YaKhQy\?mL; ou(/W9^I\$" \
    wpa2-pre-shared-key="M&C<|R&jX@*'\?<O]Gj\?\$4pYT'FSl4IFF;*:LdBq+db\$YaKhQy\?mL; ou(/W9^I\$"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no l2mtu=2290 mode=ap-bridge name=wlan1-gateway radio-name=Saini-3 \
    security-profile=SecProf ssid=EYE wds-default-bridge=bridge1 wds-mode=dynamic
/ip neighbor discovery
set wlan1-gateway discover=no
/ip pool
add name=pool1 ranges=10.10.0.150-10.10.0.215
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge1 lease-time=3d name=server1 src-address=10.10.0.3
/interface bridge port
add bridge=bridge1 interface=ether1-local
add bridge=bridge1 interface=wlan1-gateway
/interface wireless connect-list
add comment="Saini-1 Access" interface=wlan1-gateway mac-address=4C:5E:0C:4C:40:11 security-profile=SecProf signal-range=-100..120 ssid=EYE
add comment="Saini-2 Access" interface=wlan1-gateway mac-address=4C:5E:0C:50:EA:5E security-profile=SecProf signal-range=-100..120 ssid=EYE
/ip accounting
set account-local-traffic=yes enabled=yes
/ip accounting web-access
set accessible-via-web=yes
/ip address
add address=10.0.0.23/24 comment="LAN Interface" interface=bridge1 network=10.0.0.0
add address=10.10.0.3/32 comment="WLAN Interface" interface=bridge1 network=10.10.0.0
add address=192.168.90.1/24 comment="LAN Interface" interface=bridge1 network=192.168.90.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=wlan1-gateway
/ip dhcp-server network
add address=10.0.0.0/32 dns-server=10.0.0.1 gateway=10.0.0.1 ntp-server=64.6.144.6,64.147.116.229
/ip dns
set allow-remote-requests=yes servers=10.0.0.1
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=established disabled=yes
add chain=input comment="default configuration" connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=wlan1-gateway
add chain=forward comment="default configuration" connection-state=established disabled=yes
add chain=forward comment="default configuration" connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add chain=input comment="default configuration" disabled=yes protocol=icmp
add chain=input comment="default configuration" connection-state=established disabled=yes
add chain=input comment="default configuration" connection-state=related disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=wlan1-gateway
add chain=forward comment="default configuration" connection-state=established disabled=yes
add chain=forward comment="default configuration" connection-state=related disabled=yes
add action=drop chain=forward comment="default configuration" connection-state=invalid disabled=yes
add chain=input comment="Accept established connections" connection-state=established disabled=yes
add chain=input comment="Accept related connections" connection-state=related disabled=yes
add action=drop chain=input comment="Drop invalid connections" connection-state=invalid disabled=yes
add chain=input comment=UDP disabled=yes protocol=udp
add chain=input comment="Allow limited pings" disabled=yes limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" disabled=yes protocol=icmp
add chain=input comment="SSH for secure shell" disabled=yes dst-port=22 protocol=tcp
add chain=input comment=winbox disabled=yes dst-port=8291 protocol=tcp
add chain=input comment="From VSAT network" disabled=yes src-address=10.0.0.0/24
add chain=input disabled=yes src-address=10.10.0.0/24
add action=log chain=input comment="Log everything else" disabled=yes log-prefix="DROP INPUT"
/ip firewall nat
add action=masquerade chain=srcnat comment="WLAN NAT" out-interface=bridge1 src-address=0.0.0.0
add action=masquerade chain=srcnat comment="LAN NAT" out-interface=bridge1 src-address=0.0.0.0
add action=masquerade chain=srcnat comment="WDS NAT" out-interface=bridge1 src-address=0.0.0.0
/ip packing
add interface=ether1-local
add interface=wlan1-gateway
/ip proxy
set cache-path=web-proxy1
/ip route
add comment="TEST ONLY Default Static Gateway" distance=1 gateway=10.0.0.21
add comment="Route to AP-Secondary" distance=1 dst-address=10.10.0.2/32 gateway=bridge1 pref-src=10.10.0.3
add comment="Route to Saini-1 LAN" distance=1 dst-address=192.168.88.1/32 gateway=bridge1
add comment="Route to Saini-2 LAN" distance=1 dst-address=192.168.89.1/32 gateway=bridge1
/ip smb
set comment=MikrotikSMB-3 enabled=yes
/snmp
set contact=help4u@pcnetworking.us enabled=yes location=Saini-2
/system clock
set time-zone-autodetect=no time-zone-name=America/New_York
/system identity
set name=AP-Tertiary
/system leds
set 0 interface=wlan1-gateway
/system ntp client
set enabled=yes
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether1-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether1-local

Who is online

Users browsing this forum: Majestic-12 [Bot] and 37 guests