5G/LTE through Wifi bridge to network

nug · November 20, 2023, 4:23pm

Hello,
I am struggling with following setup and need advice how to do it properly or which way I should go ?

Local network (PCs over ethernet connection)
^
| ethernet
v
Hap AX3 (static ip 192.168.88.1,DHCP server - pool 192.168.88.3-254, Wifi AP )
^
| 5Ghz AX wifi bridge
v
Chateau 5G AX (static ip 192.168.88.2, Wifi station bridge )
^
| 5G/LTE
v
5G provider (internet)

Currently I am able to go through Wifi bridge and access from local network to wifi/bridge interface in Chateau, but I cannot make connection between bridge interface and lte interface there to access internet.

Current setting: (changed macs, ssids, apns,removed default ip firewall settings, in testing mode-doing minimal setup so far)
OS: Router OS 7.12rc5

Hap Ax3:

# model = C53UiG+5HPaxD2HPaxD
/interface bridge
add admin-mac=xxx auto-mac=no name=bridge
/interface wifiwave2
set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5620-7300 .secondary-frequency=disabled .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.antenna-gain=0 .mode=ap .ssid=CNET1 disabled=no mtu=1500 name=wifi1-5g security.authentication-types=wpa2-psk,wpa3-psk
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=10min-cac .width=20/40mhz configuration.mode=ap .ssid=2GSSID disabled=no security.authentication-types=wpa2-psk,wpa3-psk
/interface list
add name=WAN
add name=LAN
/ip pool
add name=default-dhcp ranges=192.168.88.3-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge lease-time=10m name=defconf
/queue type
set 7 kind=codel
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether1
add bridge=bridge interface=wifi2
add bridge=bridge interface=wifi1-5g
/interface list member
add interface=bridge list=LAN
/ip address
add address=192.168.88.1/24 interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=yes interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN

Chateau 5G:

# model = S53UG+M-5HaxD2HaxD
/interface bridge
add admin-mac=xxx auto-mac=no name=bridge
/interface ethernet
set [ find default-name=ether5 ] name=ether5-2.5g
/interface wifiwave2
set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5620-7300 .secondary-frequency=5785 .skip-dfs-channels=10min-cac .width=20/40/80mhz configuration.mode=station-bridge .ssid=CNET1 disabled=no mtu=1500 name=wifi1-5g security.authentication-types=wpa2-psk,wpa3-psk
set [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=10min-cac .width=20/40mhz configuration.mode=ap .ssid=2GSSID2 disabled=no mtu=1500 security.authentication-types=wpa2-psk,wpa3-psk
/interface lte
set [ find default-name=lte1 ] allow-roaming=no band="" nr-band=""
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] name=xxx use-network-apn=no
/queue type
set 7 kind=codel
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5-2.5g
add bridge=bridge interface=wifi1-5g
add bridge=bridge interface=wifi2
add bridge=bridge interface=ether1
add bridge=bridge interface=WAN
/interface list member
add interface=bridge list=LAN
add interface=lte1 list=WAN
/interface wifiwave2 access-list
add action=accept comment=ax3 disabled=no mac-address=xxx vlan-id=1
/ip address
add address=192.168.88.2/24 interface=bridge network=192.168.88.0
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1  name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=WAN src-address=192.168.88.0/24

rplant · November 21, 2023, 12:23am

Hi,

The Chateau doesn’t appear to have configuration for a default gateway.
Is there a default route via the lte in /ip/route?

Perhaps a dhcp client on the lte interface enabling the default route and dns.

Then once that is done, you should be able to ping and traceroute the internet say 8.8.8.8 from the chateau.
Can you also ping google.com from the chateau.

Then on the hapax3 change the gateway and dns to point at the chateau .88.2

/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.2 gateway=192.168.88.2

After this perhaps disconnect some of the devices attached to the network and reconnect them.
So they get the new dhcp settings.
(or ipconfig /renew for windows)

With luck It should work, but I am not sure if it is an ideal way to set it up.

Amm0 · November 21, 2023, 2:35am

On the main hAPax router, you can also just add a default route (rather than just using .2 as the gateway in DHCP).

/ip route add gateway=192.168.88.2 distance=2

If you have a primary internet on hAPax already (which you don’t seem to) but if you only have one route, distance=2 still be the primary route (but leave distance=1 available)

nug · November 26, 2023, 3:22am

I was finally able get to test this out:

The Chateau doesn’t appear to have configuration for a default gateway.
Is there a default route via the lte in /ip/route?

My IP routes (/ip route print):

Hap Ax3:

Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS      GATEWAY  DISTANCE
DAc 192.168.88.0/24  bridge          0

Chateau 5G:

Flags: D - DYNAMIC; X - DISABLED, I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, m - MODEM
Columns: DST-ADDRESS, GATEWAY, DISTANCE
#     DST-ADDRESS       GATEWAY  DISTANCE
  DAm 0.0.0.0/0         lte1            2
  DAc 100.87.40.2XX/32  lte1            0
  DAc 192.168.88.0/24   bridge          0

Perhaps a dhcp client on the lte interface enabling the default route and dns.

Yes, it was triggered by add default option in lte apn

/interface lte apn print
Flags: * - DEFAULT
Columns: NAME, APN, ADD-DEFAULT-ROUTE, DEFAULT-ROUTE-DISTANCE
#   NAME  APN       ADD-DEFAULT-ROUTE  DEFAULT-ROUTE-DISTANCE
0 * apn1    internet  yes

I followed both your ideas and add those commands in Hap Ax3:

/ip route add gateway=192.168.88.2 distance=2
/ip dns set servers=192.168.88.2

And then I also figured out that in my local windows testing setup I forgot to set DNS to 192.168.88.1 and then I could get internet through link!

One thing that misled me was timeouts in ping in Chateau 5G on bridge interface, which suggested some other issue between lte1/bridge interfaces

/tool ping 8.8.8.8 interface=lte1 → worked
/tool ping 8.8.8.8 interface=bridge → timeout!
/tool ping 8.8.8.8 → worked

So thank you both for help.

Although it is working, I am not sure if this wireless config (wifi modes, setting AP on Hap ax3) is ideal to maximize throughput to internet or there is better way to follow ? (i am not having much experience with reduced modes in wifiwave2)

Amm0 · November 26, 2023, 6:10pm

Always DNS…

Dunno exactly — but likely firewall filter since ping on router goes through output, not forward. Now plain /tool/ping is pretty starting point. But you’re better off just pinging from PC/device, than using interface= since you can test a few things (e.g. DNS “ping www.google.com” on PC/device )

With AX, I found “less is more”. But you do want to make sure your country is set, that the only critical setting. Otherwise the default should be okay. You can use small channel-width, e.g. 40Mhz or 20Mhz IF there are a lot of other Wi-Fi network in your area.

Also since your wireless bridging, depending on what your doing… You might use 2.4Ghz interface for the bridge so it uses a seperate network than the 5Ghz. 2.4Ghz be a little slower (limited to 40Mhz), but that might free up the Chateau 5G for use as 2nd 5Ghz AP to extend coverage.