IPTV traffic through Mikrotik hAP lite (RB941-2nD-TC)

Hello everyone who is stopping by!

I would like to start with a quick backround story:
First of I am a complete beginner in terms of Networking & Mikrotik configurations and aquired my bare minimum knowledge mainly through google and youtube.
Now to my issue, my grandparents have a fairly large property and usually spend their days in rooms far away (10-30 meters) from the main modem (Zyxel VMG1312-B10D) and due to the distance getting any kind of WIFI signal there is impossible. They ran ethernet cables from the modem to said rooms for IPTV, the provider for internet and IPTV is the Bosnian company HTEronet. Modem is directly connect to Android TV boxed via the ethernet cables.
To get some WIFI into the rooms I wanted to add the Mikrotik as an Access Point between the Modem and Android Box, but i can’t seem to get it running no matter what I try. The other issue is that I am not able to do any works whenever I like due to living abroad - only possible during holidays.
For now I set the Mikrotiks as WIFI repeaters, but the signal is very bad and the ping extremely high.

Being lost and not able to find a similar issue on the internet, I thought maybe asking in this Forum could clear my my issue.

The configuration (I don’t have the Mikrotik config extract available due to said reasons)
Zyxel VMG1312-B10D Ether 3/4 - Ether 1 Mikrotik hAP lite Ether 3/4 - Android TV Box
Ether 1 to receive DHCP client, Bridge Ether 2-4 & WLAN (AP Bridge), add DHCP server to the Bridge and apply src nat mascerade on Ether 1 → WIFI works, I have internet connection on LAN.

As soon as the Android TV Box is restartet, the IPTV doesn’t work unless i add Ether 1 into the bridge.
Once Ether 1 is in the Bridge the IPTV works, but DHCP client gets disconnected and remains on “searching”, WIFI doesn’t work, no internet connecton on other LAN ports.

Now my questions is, is it possible that the issue created is due to the IPTV using VLAN? As i found out during Christmas, that it seems like the ADSL-IPTV is running via VLAN 40.

Adding a dumb switch, to not run the IPTV through the Mikrotik, didn’t help anything either.
The only alternetive i have would be to run additional Ethernet cables to those rooms and connect them via a dumb switch to the modem, but this could be a challenge because the hoses for wires running in the walls are already pretty packed.
The next chance i will have to work on this is most likely during Easter time.

Long text, I hope it is understandable.
If anybody has any clue how to solve this issue, help would be really appreciated.

Thank you for reading and have a nice day!

From the little I know on the matter, IPTV is tricky.

There is more than a single way the service can be provided by your ISP, you should first thing see if there is some (official or unofficial) documentation on how the service is provided.

Generally speaking if it is using a VLAN, it will only work if you configure the Mikrotik as a VLAN aware bridge, as you reported:

1. Mikrotik as router (no VLANs, natted LAN and WAN) = internet but No IPTV
2. Mikrotik as (dumb) bridge = IPTV but No internet
   while likely you want:
3. Mikrotik as VLAN aware bridge (and natted LAN via VLAN) = IPTV on one port and internet on the other ones.

Very loosely the idea is that the packets coming from the ISP router are enclosed/encapsulated in this sort of protecting envelope, if the Mikrotik is setup as a bridge they pass through it as they are but don’t allow the internet packets to go through, if the Mikrotik is setup as router they break but allow the internet to packets, by making the Mikrotik a VLAN aware filtering bridge you allow these packets to go to a destination port interface untouched while the internet packets also can go through.
You can think at VLANs as a way to have different traffic pass through a single ethernet cable, the alternative to running multiple cables, but there is the need of something directing the traffic.

But there could be further complications, if the IPTV is multicast and/or IGMP snooping is required.

Before the cock crows today you will be pointed (one or more times) to this all-pervasive thread/tutorial on VLANs:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

You can use the time before you get back home to study it, but it is not a direct answer to your question and it is rather difficult to go through, at least it could be useful to give you some familiiarity with the concepts and terminology.

Once you have some more accurate data, and you have the possibility to play with the settings, post again with your current configuration and the ISP data, I am sure that some of the members more ffamiliar with VLANs will be able to assist you.

Thank you Jaclaz for your input.

I already had some idea what VLAN is and what it can be used for, but for a “non network engineer” person like me it is insanely complicated to set up, despite watching countless videos on YouTube + it is not 100% sure this would work.

What I am mostly curious about is, when the mikrotik starts receiving the iptv packages can those cause the DHCP client to drop if VLAN is not configured?

Also I remembered that I took some pictures of a few modem settings - sadly I can’t seem to be able to attach them…
Input from the Connection tab:

WAN1 Information

• Encapsulation:PPPoE
• IP Address: 62.113.5.103
• IP Subnet Mask: 255.255.255.255
• Primary DNS server: 212.39.126.5
• Secondary DNS server: 212.39.98.164

WAN2 Information

• Encapsulation: Bridge

WAN3 Information

• Encapsulation: IPoE
• IP Address: 10.129.53.57
• IP Subnet Mask: 255.255.252.0
• DHCP: Client

WAN4 Information

• Encapsulation: Bridge

Following VLANS according to the pictures I have:
WAN 1 - VDSL VLAN 2015
WAN 2 - VDSL-IPTV VLAN 40
WAN 3 - VDSL management VLAN 2016
WAN 4 - VDSL-VoIP VLAN 2017
WAN 5-7 - ADSL, ADSL-IPTV & ADSL management no VLAN

So if I understand it correctly my Mikrotik configuration would need to be like: tagged VLAN 40 on ether 1 and untagged VLAN 40 on ether 3 & 4?
But will this prevent the DHCP client on either 1 from disconnecting or do i need to put the DHCP client on a bridge containing only ether 2 and WLAN?

Plan B for me would be to run two wires into a 8 port managed switch and split the network to 3 or 4 IPTV spots and 2 MIkrotiks, which is a bit crazy compared to two (+ 1 for the smart TV) existing wires.

As usual any help is greatly appreciated!

From what I understand of your reported setup, right now you are connecting the Mikrotik as a router (to have wi-fi work) and as a switch (to have IPTV working) and it has no VLANs set.

In the first case the ether1 is (relative to Mikrotik) a WAN port, it has a DHCP client running on it (on ether1) that gets the IP from the DHCP server running on the Zyxel, let’s say that this DHCP Server is configured on 192.168.1.1/24, the ether1 of the Mikrotik will get (still say) 192.168.1.2, then all the other ports are into a bridge (LAN) with a DHCP server on it, by default using 192.168.88.1/24, the connections on LAN are masqueraded to the out-interface=ether1 (or out-interface-list=WAN) in /ip firewall nat.

When you only add ether1 to the bridge what probably happens is the following:

1. ether1 “loses” its dignity of standalone interface
2. the DHCP client on it doesn’t work anymore (because now ether1 is slave in the bridge and the DHCP client should be running on the bridge, not the single interface)
3. the DHCP server on the MIkrotik bridge should still run, and attempt to assign an IP in the 192.168.88.1/24 range BUT the DHCP server of the Zyxel is now connected “directly” and there is a “fight” between the two DHCP servers
4. the masquerade nat doesn’t work anymore as the out-interface is now part of the bridge, and as well nothing traverse the firewall

Any device connected to the Mikrotik is bridged to any other device (the Mikrotik has become a “dumb” switch, though with a contrasting configuration).

VLANs right now should have nothing to do with the issue, it seems to me that on exit from the Zyxel all packets are untagged, but I am not sure to have understood it correctly how exactly the Mikrotik is connected to the Zyxel.
It is however possible that the IPTV is still on a VLAN (while the internet is not) so that when the device is a bridge the android box gets it, but it is also possible that the Android TV box somehow gets a “right” IP address from the Zixel DHCP server whilst the bridge Mikrotk DHCP server prevails on the wi-fi (and thus you get an IP in the 192.168.88.0/24 range that leads to nowhere?
If this latter is the case, disabling the DHCP server on the Mikrotik would make the Mikrotik a “completely dumb” switch and everything could start working.

But it has to be checked when you are there what happens, which IP addresses are leased to what, etc.

I have attached the current situation of the network. Figured out the file size was too big for the previous pictures to post.

In the first case the ether1 is (relative to Mikrotik) a WAN port, it has a DHCP client running on it (on ether1) that gets the IP from the DHCP server running on the Zyxel, let’s say that this DHCP Server is configured on 192.168.1.1/24, the ether1 of the Mikrotik will get (still say) 192.168.1.2, then all the other ports are into a bridge (LAN) with a DHCP server on it, by default using 192.168.88.1/24, the connections on LAN are masqueraded to the out-interface=ether1 (or out-interface-list=WAN) in /ip firewall nat.

This was the very first configuration I had tried, internet was good but not IPTV. After that i set all LAN ports into a bridge and configured WIFI Repeaters to get some WIFI.

If this latter is the case, disabling the DHCP server on the Mikrotik would make the Mikrotik a “completely dumb” switch and everything could start working.

This I also had tried, bridging all ports, creating a dumb switch without any DHCP server and without DHCP client, only IPTV works and I also gave it a shot to put the DHCP client on the bridge as suggested by some forum post, but that didn’t change anything. The DHCP client on the bridge was connected until IPTV was started, then it went into searching.
Using a real dumb switch, bought one just for try out, to connect Android Box and Mikrotik to the Zyxel gave the same DHCP client searching issue when IPTV is running.

Additionally torching the ports where the IPTV is running on gives me like 0 input, nothing shows up. However I can get an IP from the menu within the Android TV Box.

My best guess would be it is either an issue due to VLANS or the Zyxel configuration itself only broadcasts the IPTV traffic through the cable when IPTV is started and blocks all internet traffic at the same time? If the second one is the case then I anyway have no other option than physically splitting the connections, but how to figure out what the root cause it.

Well, about the doubling the cables, since you are anyway using a 100 connection, you are using only 4 wires, so you can use the other 4 for a second connection, far from being “perfect” but it works.

From the scheme you posted I still believe that there is no VLAN involved at the moment, as if the IPTV was on a VLAN, then it would (should) pass untouched the dumb switch (or you can try to plug directly for test an android box to ether2 or 3 of the Zyxel to confirm) so that it needs to be configured on the anrdroid box(es) explicitly.

I have no direct experience with IPTV (anmd of course it can be configured in a zillion ways) but it seems to me impossible that once “started” (how?) it “blanks” internet connection.

It is entirely possible that IPTV works in “switch mode” and does not in “router mode” because of some missing settings when routing (IGMP-proxy) on the latter, but I don’t understand why in switch mode only IPTV works, see:
http://forum.mikrotik.com/t/mikrotik-router-and-iptv-cant-get-it-to-work/80071/1

I have attached the initial setup and additionally the, I believe, required setup if I can’t find a solution for this problem.

From the scheme you posted I still believe that there is no VLAN involved at the moment, as if the IPTV was on a VLAN, then it would (should) pass untouched the dumb switch (or you can try to plug directly for test an android box to ether2 or 3 of the Zyxel to confirm) so that it needs to be configured on the anrdroid box(es) explicitly

This was also my expectation when I bought the dumb switch, which it does, but it does not allow other traffic to run in parallel.
In the initial setup the Android TV Boxes were directly connected to the Zyxel, I just wanted to use the Mikrotiks as WIFI Access Points, but with wired connection instead of a repeater configuration.

I have no direct experience with IPTV (anmd of course it can be configured in a zillion ways) but it seems to me impossible that once “started” (how?) it “blanks” internet connection.

So basically I unplug the Android TV Box, IPTV streams stops, plug it into the Mikrotik and configure a dumb switch with WLAN - I have a internet connection on the Laptop and Smartphone and can reach webpages. As soon as I restart the Android TV Box to restart the stream, the stream comes back on just fine, but no internet page on the Laptop or Smartphone is reachable anymore. On the Laptop within the network control panel it says “no internet connection”. Same was with the physical dumb switch that I bought.

It is entirely possible that IPTV works in “switch mode” and does not in “router mode” because of some missing settings when routing (IGMP-proxy) on the latter, but I don’t understand why in switch mode only IPTV works, see:

I had tried doing some IGMP settings with no success, but also had no active firewall rules as they should be already done by the ISP modem anyway - will keep this in mind anyway.
But my current conclusion is I might need to do a lot more digging in the Zyxel settings and also contact the ISP because it is ridiculous to have such issues…

But my current conclusion is I might need to do a lot more digging in the Zyxel settings and also contact the ISP because it is ridiculous to have such issues…

I was finally able to get a reply from the ISP after a lot of confusion and lack of replies.
Anyway in short summery they told me it is not possible to run IPTV and internet over the same wire at the same time, which aligns pretty much with my assumption as to why the DHCP client was getting disconnected when the IPTV is started. This means i will have to go forward with the plan to run additional wires to each STB/AP and add 1 managed or 2 dumb switches, yay me…

@Jaclaz thank you very much for your help!