Can't access Interent from host connected to station

noxid8 · June 27, 2011, 2:22pm

Hi all, I have been pounding through documents and forums for the last few days trying to get my setup going (might not be optimal, suggestions welcome). I almost have it but I seem to have a routing issue. Here is the setup

I’m trying to connect three remote sites to a main site that has Internet access.

I have One AP (Groove) with three Stations (SXT). I want each site to be on a different subnet so I have setup three virtual APs with their own subnet.

My laptop can connect via wireless to the AP and can access the Internet fine. My stations are also connecting to the AP just fine and can also ping out to the Internet. But if I connect my laptop to the station via ethernet I can’t ping the AP or get to the Internet. I can ping the station but that’s it. The laptop gets its ip from the station. I have tried assigning it a gateway of both the AP (10.1.101.1) and the station (10.1.101.2) with the same results.

The station setup is very basic two interfaces (ether1 and wlan1) bridged with a single ip (10.1.101.2) for the bridge. The ip for the virtual AP I’m connecting to is 10.1.101.1. There are two routes on the station

10.1.101.0/24 - bridge1
0.0.0.0/0 - 10.1.101.1

On the AP there is also the same route different gateway

10.1.101.0/24 - wlan1
0.0.0.0/0 xx.xx.xx.xx - (my public address)

It’s probably something basic that I’m missing. I really appreciate the help, thanks.

Feklar · June 27, 2011, 3:24pm

Each interface on a routerboard is generally going to be a separate routed interface. This means you will either need to put a subnet on the Ethernet interface and set up routes so traffic can get out, or bridge the Ethernet interface with the wireless so it acts as a layer2 device.

noxid8 · June 27, 2011, 4:11pm

Feklar,

Are you saying to bridge the ethernet and the wireless on the AP, because it’s already bridged on the station.

Thanks.

Feklar · June 27, 2011, 6:57pm

Yes, sorry I didn’t catch that.

Please provide:
/interface bridge export
/ip address print detail
/ip firewall export

noxid8 · June 28, 2011, 2:31am

Thanks for helping me. Here is the provided for both AP and one station. xx.xx.xx.xx is the private ip.

AP

[AP-System] > interface bridge export

jun/26/2011 19:53:13 by RouterOS 5.5

software id = J7J2-JZPB

/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
[AP-System] > set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
expected variable name (line 1 column 5)
[AP-System] > no

[AP-System] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
address=xx.xx.xx.xx/22 network=xx.xx.xx.0 interface=ether1
actual-interface=ether1

1 address=10.1.100.1/24 network=10.1.100.0 interface=wlan
actual-interface=wlan

2 address=10.1.101.1/24 network=10.1.101.0 interface=wlan1
actual-interface=wlan1

3 address=10.1.102.1/24 network=10.1.102.0 interface=wlan2
actual-interface=wlan2

4 address=10.1.103.1/24 network=10.1.103.0 interface=wlan3
actual-interface=wlan3

[AP-System] > /ip firewall export

jun/26/2011 19:54:00 by RouterOS 5.5

software id = J7J2-JZPB

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[AP-System] >

Station

[Station-System] > /interface bridge export

jan/01/1970 17:20:58 by RouterOS 5.5

software id = 9V8D-PFLL

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
disabled=no forward-delay=15s l2mtu=2290 max-message-age=20s mtu=1500
name=bridge1 priority=0x8000 protocol-mode=rstp transmit-hold-count=6
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no

[Station-System] > /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 address=10.1.101.2/24 network=10.1.101.0 interface=bridge1
actual-interface=bridge1

[Station-System] > /ip firewall export

jan/01/1970 17:21:15 by RouterOS 5.5

software id = 9V8D-PFLL

/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
[Station-System] >

Thanks again!

Feklar · June 28, 2011, 1:16pm

Nothing is sticking out to me why it isn’t working.

What mode is the stations radio card in?

cbrown · June 28, 2011, 6:10pm

What do you have in /interface wireless?

Be sure to use WDS and bridge the WDS interface with your ether1.

noxid8 · June 28, 2011, 11:55pm

Good call guys. The “station” was in station mode and after doing some reading that mode does not do bridging, even though it lets you configure it that way. Since the docs do not recommend station-bridge mode, I’ll be looking into doing wds-station or wds slave. suggestions on what would be best to use?

Thanks.

cbrown · June 29, 2011, 12:01am

I would use station-wds but remember wds also hurts your bandwidth. But that may not be important in your case.

noxid8 · June 29, 2011, 3:35am

I’m not worried about bandwidth right now, I’m limiting each station to 3Mb.

So I’m thinking I’ll leave the wlan and ether interfaces on the AP unbridged since the ether port will have the public ip and then I’ll nat out from the wlan. Then on the stations I’ll bridge the wlan and ether interfaces. Does this sound right?

Thanks again for the help.

cbrown · June 29, 2011, 11:50am

Yep, that sounds fine. Don’t forget to add your WDS to the bridge.

noxid8 · June 30, 2011, 4:49am

I did some more reading and I decided to go with the station bridge mode. Everything is up and running on all three stations and everything looks good. Thanks for all the help and suggestions.