I have a working set-up that I want to modify but I don’t know how to do it. I have two MT routers in my setup with ROS 7.13.3.
Router-1 is a hAPax² with network 192.168.88.1/24 that connects to the internet on ether1. The other 4 ether-ports and wifi-2G and wifi-5G “ports” are bridged.
Router-2 is installed in a mobile cabinet with some audio-visual equipment connected to it on the ether-ports. Being mobile I don’t want to run a cable from router-2 to router-1. They connect over wifi-5G.
Router-2 is a hAPac² with network 192.168.66.1/24. The wifi-5G interface is defined as a station that logins into router-1. A DHCP-client is defined on wifi-5G. The equipment attached to router-2 has internet access over wifi-5G. The 5 ether-ports and wifi-2G “port” are bridged.
However I don’t need or want a second network 192.168.66.0/24. I would be more convenient to have all equipment on the 192.168.88.0 network. I have tried modifying DHCP and DNS entries to no avail. My question is how to configure router-2 (and/or router-1) to this end.
# 2024-02-01 18:10:42 by RouterOS 7.13.3
# software id = ABCD-1234
#
# model = RBD52G-5HacD2HnD
# serial number = ABCDEF1234
/interface bridge
add igmp-snooping=yes name=bridgeTV
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
country=netherlands disabled=no frequency=auto installation=indoor \
mac-address=AA:BB:CC:DD:EE:80 mode=ap-bridge name=wifi-2G ssid=\
"2171AA=22"
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=netherlands disabled=no frequency=auto \
installation=indoor mac-address=AA:BB:CC:DD:EE:7F name=wifi-5G ssid=\
2171AA-22
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.66.100-192.168.66.199
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridgeTV name=dhcp-server
/interface bridge port
add bridge=bridgeTV interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=wifi-2G
/ip neighbor discovery-settings
set discover-interface-list=*2000011
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.66.1/24 interface=bridgeTV network=192.168.66.0
/ip dhcp-client
add interface=wifi-5G
/ip dhcp-server network
add address=192.168.66.0/24 gateway=192.168.66.1
/ip dns
set allow-remote-requests=yes servers=192.168.66.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wifi-5G
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=MikrotikTV
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes
I think the easiest way is to remove the dhcp-server, the pool, the nat rule and the dhcp-client and just set the address to one from the desired subnet and add the 5G-WiFi link to the bridge
I followed your suggestions and the result is quite interesting although not everything is what I wish to achieve. The exported configuration is minimal. Note that after a reboot ROS automatically inserts a DHCP -client on the bridge with the comment ;;;internet detect. Any equipment connected to router-2 is also assigned an IP on the 192.168.88.0 network. I can ping from the winbox-router-2 any connected equipment . But I cannot ping anything on the other side of the wifi-5G link not 8.8.8.8 or even the DNS/DHCP server 192.168.88.1. There is no internet connection.
There is a working wifi connection between router-1 and router-2:
the DHCP server on router-1 hands-out IP addresses for router-2 as I would like it to do.
And I can use winbox on router-2 from both sides using IP-address on router-2 and MAC-address from the other end of the wifi-5G link and
But no internet: Could this be a routing issue?
/ip dhcp-client print
Flags: D - DYNAMIC
Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS, ADDRESS
# INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS
;;; internet detect
0 D bridgeTV yes yes bound 192.168.88.106/24
/ip route print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAd 0.0.0.0/0 192.168.88.1 1
DAc 192.168.88.0/24 bridgeTV 0
# 2024-02-02 15:19:08 by RouterOS 7.13.3
# software id = ABCD-1234
#
# model = RBD52G-5HacD2HnD
# serial number = ABCDEF1234
/interface bridge
add igmp-snooping=yes name=bridgeTV
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
country=netherlands disabled=no frequency=auto installation=indoor \
mac-address=AA:BB:CC:DD:EE:80 mode=ap-bridge name=wifi-2G ssid=\
"2171AA=22"
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=netherlands disabled=no frequency=auto \
installation=indoor mac-address=AA:BB:CC:DD:EE:7F name=wifi-5G ssid=\
2171AA-22
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeTV interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=wifi-2G
add bridge=bridgeTV interface=wifi-5G
/ip neighbor discovery-settings
set discover-interface-list=*2000011
/interface detect-internet
set detect-interface-list=all
/ip dns
set allow-remote-requests=yes
/system identity
set name=MikrotikTV
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes
I tried your tip (set detect-interface-list=none) but it did not let all equipment run in the same domain. Are you sure this command changes the behavior? To me it seems to be a filter for reporting purposes, not something that changes the state of an interface.
I am surprised my requirement seems to be so complicated. If I could use a CAT-cable from router-1 to router-2 I would have replaced router-2 with a cheap and simple non-managed switch. One end of the cable into router-1 and the other end into the switch. My equipment on the switch side is all wired and would also be plugged into the switch to make it work. Now I replace my CAT-cable with a wifi-connection and all simplicity is gone
This:
set discover-interface-list=*2000011
doesn’t look good.
It may be completely unrelated, but whenever you find a value * it usually means that for whatever reasons the RoS has lost some data (like a reference to something that has been deleted) and replaces those with the asterisk+number.
Hi Jaclaz,
I’ll address you from now on as hawk-eye, I missed the *number entry. And it is indeed not good. I never knew the tool existed and set all entries = none i.e. I switched it off.
Hi pe1chl,
You probably are right: don’t use detect-internet. The cryptic documentation is hidden in the Diagnostics section of Help. Not the first place I would look and states use with precaution; then I know enough: stay clear.
While ploughing through the MT-Help I may have identified the problem I’m having. In the section https://help.mikrotik.com/docs/display/ROS/Wireless+Station+Modes they explain the 802.11 protocol doesn’t allow bridging over wifi. That I can’t define all equipment on a single network is a bridging problem and not a problem of configuring DHCP or DNS. I will investigate this the coming days.
No experience whatsoever at it, but since you have two Mikrotik devices, it should be possible to use station-bridge mode, though, since one is Ac2 and one is Ax2, it is possible that you will have the issue with “wifi” vs. “wireless”: http://forum.mikrotik.com/t/station-mode-not-pseudobridge/172605/1
A final closing post as I have achieved my goal. As is often the case with forum questions I was barking up the wrong (dhcp/dns) tree while it is indeed a bridging problem. The 802.11 protocol doesn’t support L2-bridging over wifi. Fortunately, there is a 4-address frame extension to the protocol to overcome this limitation.
To this end I changed the router-2 mode from station to station-bridge to enable the 4-address frame implementation. Initially that did not work because of hardware differences between the hAPax² and hAPac². In both packages there is a station-bridge mode for the radio’s, but they are not compatible.
I found the solution for this issue in the section https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-Replacing’wireless’package, there is a driver set for the older hardware that allows it to work with the newer hardware. I swapped the hAPac² wireless-7.13.4-arm.npk for a package named wifi-qcom-ac-7.13.4-arm.npk that is compatible with the hAPax². It replaces the Wireless menu in Winbox with the Wifi menu.
Thanks to you all for pointing me in the right direction.
