Add an Access Point to my home installation ... how ?

roe1974 · April 7, 2021, 1:33pm

Hello together
I would like to add an access point to my installation at home. I need your help.
What do I currently have:
1 x RB4011iGS+5HacQ2HnD-IN configured as follows:
ETH-1: WAN port
ETH-7: Here the access point should be connected (via PWR-LINE PRO)
WLAN-1 2.4GHz: SSID “HomeBase”, frequency 2437, ACL
WLAN-2 5GHz: SSID “HomeBase”, frequency 5180, ACL
Virtual AP 2.4GHz: SSID “Homeautomation-24”.
Virtual AP 5GHz: SSID “Homeautomation-50”
Virtual AP 2.4GHz: SSID "Guest
Bridge: All ETH ports and WLANs

The access point is a cAP AC (not yet configured).
How must it be configured to broadcast the same SSIDs ?
Do the clients then get the same IP as on the RB4011iGS+5HacQ2HnD-IN or does the AP have its own IP range ?
Do I really need CapsMan ?
…

Please help !
lg Richard

anav · April 7, 2021, 1:59pm

Nope dont need capsman.

Use ether2 to setup the capac and use ether1 to power the capac while configuring.
Ether2 is the default connection on 192.168.88.1 network.
Keep all that as you will be able to troubleshoot the capac independently of the bridge setup.
I typically put the capac into WISP mode via quickset and then never touch quickset again.
I add an IP Address for the CAPAC and attach this to either the bridge or if using vlans, give it a vlan subnet address. (fixed LANIP on the desired subnet)
Basically all data flows in through ether 1 onto a bridge.
YOu will use vlans to carry the traffic to the appropriate wlans…

I setup the bridge and access point as per this guide…
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

roe1974 · April 7, 2021, 2:17pm

OK, thx
IP Range in Router is 192.168.0.0/24 … router IP is 192.168.0.1
… so IP Range in AP is the same ?
br, Richard
PS: does the WISP “quick set” set device address DHCP from wired ? … so the the main router is DHCP for the clients connected to the AP ?

anav · April 7, 2021, 2:55pm

Basically yes, assuming you have the WLAN networks running on vlans.
Its the simplest way.
So bridge on router has vlans 10,20,30 lets say 10 is your home vlan, 20 is guest wlan, and 30 is device vlan.
thus vlan 10 subnet is 192.168.0.0/24, guest wlan 192.168.20.0/24 and devices vlan 192.168.30.0/24
Read the guide/reference above.

The capac would get assigned a static IP lets say 192.168.0.149 and you can actually do this on the router, by entering the IP address you selected and the mac address of the capac.
And be sure to assign this IP address on the capac itself
The only thing you do on the capac ref vlans is identify them as being associated with the bridge you create on the CAPAC (which you also do on the router but of course on the router have to add all the dhcp stuff).

roe1974 · April 7, 2021, 2:58pm

but at the moment i dont use VLANs :-/

anav · April 7, 2021, 3:44pm

Then how were you expecting to move all those WLAN networks to another device??
Trust me its not that complicated and it makes life actually easier during the config.

You define the vlans in the router (interface is bridge-router)
You create the dhcp networks for the vlans (same as you would for a typical lan subnet).
Then the tricky part is defining the bridge ports and the bridge vlans appropriately.
Its a matter of knowing what is at the end of the ether ports. (dumb devices, aka PC) or (smart devices - switch or access point that can read vlan tags).
No need to do anything special for firewall rules or routes etc. the defaults pretty much do everthing and can be tweaked later.

anav · April 7, 2021, 4:08pm

ETH-7: Here the access point should be connected (via PWR-LINE PRO)
WLAN-1 2.4GHz: SSID “HomeBase”, frequency 2437, ACL
WLAN-2 5GHz: SSID “HomeBase”, frequency 5180, ACL
Virtual AP 2.4GHz: SSID “Homeautomation-24”.
Virtual AP 5GHz: SSID “Homeautomation-50”
Virtual AP 2.4GHz: SSID "Guest
Bridge: All ETH ports and WLANs

need 3 vlans, vlan10-home, vlan20-devices, vlan30-guest (assuming all vlans will travel through ether7)

Bridge ports
wlan1_2.4 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=10 {note: home lan} {access port}
wlan2_5 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=10 {note: home lan} {access port}
Vwlan3_2.4 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=20 {note: home automation LAN} {access port}
Vwlan4_5 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=20 {note: home automation 5.0} {access port}
Vwlan5_2.4 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=30 {Note: guest lan} {access port}
ether7 ingress-filtering=yes frame types -only allow vlan tagged {note trunk port carrying all vlans}
ether2-6 WILL ASSUME THESE ARE ALL HOME LAN PORTS GOING TO DUMB DEVICES>…
(thus all look like etherX ingress-filtering=yes frame types - only allow priority and untagged frames pvid=10 {note: home lan} {access port}

Bridge vlans
add bridge=bridge-home tagged=bridge-Home,ether7 untagged=WLAN1_2.4,WLAN2_5,ether2,ether3,ether4,ether5,ether6 vlan-ids=10
add bridge=bridge-home tagged=ether7 untagged=Vwlan3_2.4,Vwlan4_5 vlan-ids=20
add bridge=bridge-home tagged=ether7 untagged=Vlwan5__2.4 vlan-ids=30

Similar on the CAPAC in that you need to define vlans 10,20,30 and associate them with a bridge (bridge-AP) but no dhcp stuff.
Bridge ports
wlan1_2.4 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=10 {note: home lan} {access port}
wlan2_5 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=10 {note: home lan} {access port}
Vwlan3_2.4 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=20 {note: home automation LAN} {access port}
Vwlan4_5 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=20 {note: home automation 5.0} {access port}
Vwlan5_2.4 ingress-filtering=yes frame types - only allow priority and untagged frames pvid=30 {Note: guest lan} {access port}
ether1 ingress-filtering=yes frame types - only allow tagged frames {trunk port}

Bridge vlans
add bridge=bridge-AP tagged=bridge-AP,ether1 untagged=WLAN1_2.4,WLAN2_5,ether2,ether3,ether4,ether5,ether6 vlan-ids=10
add bridge=bridge-home tagged=ether1 untagged=Vwlan3_2.4,Vwlan4_5 vlan-ids=20
add bridge=bridge-home tagged=ether1 untagged=Vlwan5__2.4 vlan-ids=30

roe1974 · April 7, 2021, 6:54pm

oh thx !!!
i will give it a try:)
br, richard