Hi.
I have two AP SXT sq5ac. I need to connect two networks with two different ranges. The first network 192.168.106.0 and the second network 192.168.107.0.
I followed this video https://www.youtube.com/watch?v=mmWfPHq9lK4&t
I set the first one in quick set as PTP Bridge AP .
I set the second one in quick set as PTP Bridge CPE.
The transmitters are succesfully connected via wifi.
Now I would probably still need help with what else to set up, so that devices from these different networks can see each other.
Thanks
Sorry for the amount of text…
I will assume each network has its own gateway/router that provides
dhcp and internet.
Something like 106.1 supplying 192.168.106.0/24, and 107.1 similar.
Thoughts
In the short term, setup ROMON on both units, tools/romon put a password into it, and
enable. (Same password in both units) Apparently it is not very secure,
so probably want turned off later, but while setting up, might save you
getting locked out of remote unit.
On the AP SXT, probably want to set the wlan1 multicast helper option to Full
(in the wireless tab)
There are a few options, I will look at 3.
1. Routed.
A secondary IP link is made on the gateway router at each end, the SXT’s
are connected to these new links and appropriate routes are put into the
gateways.
eg.
On 106.1, second link could be 192.168.104.1/24 with a
route of 192.168.107.0/24 via 192.168.104.2
On 107.1, it would have 192.168.104.2 with a route of
192.168.106.0/24 via 192.168.104.1
The SXT’s would have IP addresses of 192.168.104.6 and 192.168.104.7
(They are only used for management, assuming they are in a bridge)
Positives
Link is pretty quiet. (Not much broadcast traffic wasting bandwidth in link)
No changes on the main 106 and 107 networks.
To get to 107 devices on 106 just send to their default gateway and it gets there.
Negatives
Need a gateway that will allow a second routed link. (unlikely if basic router/modem)
DNS configured on each end, so can connect to devices at other end by name.
Can’t autodiscover printers, etc at other end.
Though see
http://forum.mikrotik.com/t/how-to-mdns-and-ssdp-over-wireguard/165473/1
for a workaround
2. Bridged
The bridged wireless link is connected direct into the 2 networks.
The SXT connected to the 106.x network, should have a 106.x/23 IP address on it.
The SXT connected to the 107.x network, should have a 107.x/23 IP address on it.
(Probably both having the same last digit would be handy)
Only used to connect to the devices, all traffic is bridged.
Note:
You can use some port forwarding/src nat on the remote SXT to allow
you to connect to devices on the remote network to reconfigure them.
On both SXT’s need to block DHCP from traversing the link.
Add bridge filtering rules
Out Interface = WLAN1, IP UDP To Port 67 drop
Out Interface = WLAN1, IP UDP To Port 68 drop
Will likely need to eventually block other stuff, but this should be enough initially.
With wireshark should be able to see broadcasts from the other network.
Check that no broadcast loop has been created (somehow)
Make both sides of link use extended address range, so they will Arp
for things at the other side of the link
(106.0/23 rather than 106.0/24 and 107.0/24)
On BOTH Gateways, make the DHCP server hand out an
address range of 192.168.106.0/23
with 106.1 now being 106.1/23 handing out IP addresses in the range say
192.168.106.20-192.168.106.220 (for example) and 106.1 as DNS server,
and default gateway (as it does presently)
And 107.1 now 107.1/23 handing out 192.168.107.20-192.168.107.220
and 107.1 as DNS server, and default gateway.
106.1 should now be able to ping 107.1
Other devices should become accessible from the other network when they
renew their DHCP leases.
Statically assigned devices will need to be changed manually.
see note above regarding connection to remote devices.
Positives
Get to see all the printers, etc on the remote network.
Uses existing hardware.
Looks to use existing SXT config.
Negatives
Not very scalable, if current networks are noisy, new joined one
will be noisier, and all that noise is going over the link.
(Only good for small numbers of users/devices)
Have to rejig network settings for all devices.
Hopefully DHCP will cover most of it
3. Routed with Proxy Arp
From the existing network’s point of view, this option is configured the
same and looks similar to option 2. Bridged
However the SXT’s are configured differently.
Instead of bridging, they are routing.
So you can setup as bridging initially, and then convert to Routed with
Proxy Arp later.
SXT Changes
The 2 SXT’s know the 2 networks are actually /24’s and use proxy arp to
grab packets destined for the other network and forward them over the
wireless link.
So as far as devices on each network is concerned, they arp for an IP
address (which happens to be on the other network), something answers,
they send the packet to it, and they get a response (from a device on
the other network).
This assumes AP is on 106.x, and Client on 107.x change as required.
On the AP
Add an IP address to the wlan1 interface. Say 192.168.105.1/24
Change the 106.x/23 address back to 106.x/24
Add a static route to 192.168.107.x/24 via 192.168.105.2
Enable proxy arp on the bridge.
On the client,
Remove the wlan1 interface from the bridge.
Change the wireless mode to station (I assume it is currently station bridge)
Change the 107.x/23 address back to 107.x/24
Add the matching AP wlan1 IP address to wlan1 (192.168.105.2/24)
Add a static route to 192.168.106.x/24 via 192.168.105.1
Enable proxy arp on the bridge.
The Client and AP should be able to ping each other on both their IP addresses.
Hopefully you should now be able ping and connect to devices on the other network.
If you do a tracert to devices on the other network, you will see they
take a couple of hops.
Positives
Little broadcast traffic on the link, or onto either network
No additional hardware
Negatives
No Autodiscovery, etc of devices on other network, need DNS
Have to rejig network for all devices (same as Bridging)
You can’t move a statically addressed 107.x device to the 106.x network (must readdress to 106.x)
Another simpler option, that might work if the gateways have the ability to add static routes.
In the gateway add a static route for the other subnet via the local SXT’s IP address on both sides.
Change the sxt’s so the link is routed. (ie. with 105.1 on wlan1, similar to Option3) and add a route to .107.x via 105.2
Then change the sxt local address to be static and a /32 with other side being the gateway.
eg. for .106 sxt
IP address 192.168.106.100 network 192.168.106.1
Add a default route 0.0.0.0/0 via 192.168.106.1
With some luck that might work.
Need to change SXT’s IP address to be a /32 so it routes packets to local network via the gateway, otherwise devices on network will send to gateway to get to 107.x but the SXT will send reply packet back directly to the device, which is asymmetric and usually works poorly.