I'm lost... PTP Bridge issues

Hello,

I am a beginner with MicroTik devices and absolutely excited!

I have a D-Link xDSL modem router, provided by my ISP.
I’ve just got two hAP lites that, that I wish to use for a wireless bridge between the D-Link and a Raspberry Pi located in another room.

My goal is to have my PC, Raspberry Pi and mobile phones all on the same network (192.168.1.* ) and have internet access.

Since the Pi does not have a decent wireless antenna, I connect it to one of the LAN ports on one of the hAPs, that is located next to the Pi. This hAP is configured as a PTP bridge CPE. The other hAP is configured as a PTP bridge AP, and is connected via LAN to the D-Link.

To sum it up, this is my setup:
D-Link ADSL modem router 192.168.1.* ------- Ethernet ------- hAP PTP bridge AP ------- wireless ------- hAP PTP bridge CPE ------- Ethernet ------- Pi

Question 1
Unfortunately, this setup does not work. The Pi does not get a valid address on my home LAN and has no internet access.
A strange thing I noticed is that when I connect to the hAP PTP bridge AP, the last IP address listed for the single client there (is that supposed to be the other hAP or the Pi?) is sometimes 192.168.1.* and sometimes 192.168.88.250. It changes from time to time between these two addresses, without anything to prompt this change (the other hAP and Pi are idle). From the Pi side, the address it is allocated is always 192.168.88.250.
Attached are the exports from both hAPs. I basically used the quickest with PTP Bridge AP and PTP Bridge cPE.

Question 2
Does it matter which Ethernet ports are used on the hAPs?
Specifically, on the PTP Bridge AP hAP - should I connect the D-Link to port #1 (“Internet”) or to another port? Can I connect other devices (e.g. my PC) to this hAP?

Question 3
Currently, the D-Link provides a wireless AP for other devices in my home (e.g. mobile phones).
My question is whether one of the hAPs can replace the AP role of the D-Link? I would prefer to use the D-Link as a router modem only, and turn off its WiFi.
I suspect that in my current configuration this is impossible, as the two hAPs wireless interface is dedicated to the PTP only. Is that correct? Is there an alternative setup that is better for my situation?

Thank you!
AP20191226.x.rsc (3.4 KB)
CPE20191226.x.rsc (3.54 KB)

You could configure both hAPs so that everything becomes a transparent part of your D-Link-driven home LAN. However there isn’t any appropriate quick set mode for that.

If you want to do it, then get winbox tool from dowload section. Then configure both hAPs equally with one difference mentioned in the list of tasks. I suggest you start with the AP hAP (you can test proper setup by connecting some wireless device to it), then continue with CPE hAP.

1. reset units to no defaults (mind: not factory defaults)
2. connect to the unit using wire and winbox … using MAC conectivity
3. create bridge and add all interfaces (ethernet and wireless) to it
4. create DHCP client on bridge interface
5. configure wireless interface - set correct country.
   Also configure security profile. You could set things to same values as D-Link, but that would interfere with wireless bridge operation … it is essential that CPE hAP connects to hAP, not to D-Link. If you decide to switch D-Link wireless off, then you can set hAPs to same values, but be sure to switch off D-Link wireless before you configure CPE hAP.

• on AP hAP set mode to ap-bridge
  • on CPE hAP set mode to station-bridge

Now all ether ports are equal (LAN … with default setup that’s not the case). Conect AP hAP using wire to D-Link LAN port. You can connect any number of devices to ether ports of CPE hAP.

You can use AP hAP to connect other wireless devices (phones, tablets, …), it can do both normal AP and bridge at the same time.

All devices (regardless if they are wired to D-Link, any of hAPs or wireless) will obtain IP addresses via DHCP from D-Link and will be in same LAN.

If you decide to keep D-Link wireless running, you have to use different SSID for wireless bridge. However, if you’d like to get another wireless AP with “normal” SSID at the point where CPE hAP sits, you can create virtual AP on that hAP. Create another security profile, this time mirror settings ftom D-Link and apply that security profile to the VAP created. Your wireless devices should then more or less seamlessly roam between the two APs.
The same setup (with separate SSID for wireless bridge) would support dual-AP if you use AP hAP as primary AP for wireless devices … in this case a virtual AP with additional security profile is needed on AP hAP as well.

A side note: it would be benefitial to switch off D-Link wireless because that would reduce amount of interference … unless D-Link has much better wireless coverage.

mkx, thank you very much for the detailed reply.

I followed your instructions as best as I could, but got stuck in the middle.

Let me note I’m a Mikrotik beginner, so perhaps I misinterpreted some of your instructions. Let me detail what I have done

I started with the AP hAP. Unless mentioned otherwise, I accepted all default values.

1. Connect the hAP using an ethernet cable to my PC, use port #2 of hAP
2. Use WinBox with MAC address to configure the hAP
3. System > Reset configuration > no default configuration + do not backup
4. Wait for reboot
5. Bridge > Add(“bridge1”)
6. Bridge > Ports > Add> all interfaces to “bridge 1” (is this the right place?)
7. IP > DHCP client > Add > interface: “bridge1” (is this the right place?)
8. Wireless > Security profiles > Add> Name: “profile1”, leave all defaults and set password
9. Interfaces > wlan1 > Wireless > Advanced mode (since otherwise can’t select security profile) > Country: israel, SSID: MyAP, Mode: ap bridge, Security profile: “profile1” (note the SSID is a different than the one used by the D-Link)
10. Interfaces > wlan1 > Enable (since it was greyed out)

As suggested, I stopped at this point to test the AP using my mobile phone.

The new WLAN was visible, but the phone was not able to get an IP address. The phone tries connecting multiple times and gets stuck on “obtaining IP address” for a long time, until it finally gives up with an “IP configuration Failure”. It seems the authentication was OK, since I tried a wrong password on purpose and it failed immediately with a descriptive error. I tested using two different mobile phones with the same result.

I checked the logs on the hAP:

00:21:33 wireless,info ***@wlan1: connected, signal strength -38 
00:22:09 wireless,info ***@wlan1: disconnected, received deauth: sending station leaving (3) 
00:22:10 wireless,info ***@wlan1: connected, signal strength -38 
00:22:17 system,info,account user admin logged in via local 
00:22:47 wireless,info ***@wlan1: disconnected, received deauth: sending station leaving (3) 
00:22:48 wireless,info ***@wlan1: connected, signal strength -36 
00:23:24 wireless,info ***@wlan1: disconnected, received deauth: sending station leaving (3) 
00:23:25 wireless,info ***@wlan1: connected, signal strength -38

This is the /export output from the hAP:

# jan/02/1970 00:38:32 by RouterOS 6.46.1
# software id = ***
#
# model = RB941-2nD
# serial number = ***
/interface bridge
add name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=profile1 \
    supplicant-identity="" wpa-pre-shared-key=*** wpa2-pre-shared-key=\
    ***
/interface wireless
set [ find default-name=wlan1 ] country=israel disabled=no mode=ap-bridge \
    security-profile=profile1 ssid=MyAP
/interface bridge port
add bridge=bridge1 interface=all
/ip dhcp-client
add disabled=no interface=bridge1

Thanks again.

When you stopped with setting up and tested the wireless, did you conbect hAP to D-Link? If hAPs are configured according to my guidelines, they won’t serve IP addresses, they will rely on some other device (D-Link in your case) to do it.

BTW, I’m not sure if adding interface all to bridge actually does the trick (I’ve never seen set it like this). You better add all existing interfaces one by one. And remove interface “all” from it, it probably won’t do any good.


BTW2: if you want to have timestamps in log meaningfull, then you’ll have to set time … best to do it using SNTP client, it’s part of base ROS (System NTP client). And use some public NTP server, such as il.pool.ntp.org .

Silly me… Thanks again, mkx. That did the trick.