I have an RB4011 (6.43.12) connected to a WAP LTE KIT (6.44.1)
They are both plugged into the same switch and the EoIP tunnel is showing as up.
The LTE interface is active(and was working previously in a direct configuration but we are trying to move the LTE IP address directly onto an interface on the 4011 to make configuration easier)
the RB4011 end of the tunnel is getting an IP address from the WAP and it seems to be in the correct range
However, I can not seem to get traffic flowing.
In my research i noted that several people seemed to have problems getting passthrough working so it would be helpful to know if it really does work before spending time chasing it.
Any tips on how to get this working?
addendum:
the ip address I am receiving on the EoIP does not seem correct as the gateway is in the 10.x.x.x range while the IP address assigned is in the 100.113.x.x range
when getting IP directly from the LTE without the tunnel I am seeing only 100.113.x.x/32
I’ve lte kit in pass-through working. As of ROS v6.43, it’s working with point-to-point ip’s 10.177.0.1/32 on lte side and whatever your isp servers on the client side. As of v6.45 Mikrotik will reintroduce (if all goes well) the option to have routed ip’s from /30 or wider range, as it was in pre 6.43 version.
If your lte kit & 4011 are directly connected why do you need eoip? Simplest would be to create vlan on both ends and use that for the “internet”. The carrier / untagged can then be used for management.
I was using EoIP as it just seemed simpler (essentially a virtual “wire” between the two boxes that shows up as an interface which is easy to determine as “up”)
it looks like using vlans is a more usual method though so I’ll switch to that and see if it helps… at least I’ll be on the same page as others who have it working
would it be possible to see your config from the wAP?
good to know re CGNAT (we are connecting to EE in the UK and i understand they use it… hoping they give me ipv6 soon
Once I did that on the WAP-R LTE Kit… the external IP passed to what ever device I connected.
If you look at the APN…
I am in the North East Part of the US. And paid for a static PUBLIC IP from Verizon Wireless, to allow for remote access.
That required the static entry in the APN of NE01.VZWSTATIC
so, my understanding is that I should be able to leave eth1 on the wAP connected to my office switch and configure a vlan under eth1 to connect to my main router (RB4011)
the lan connection (eth1) on the RB4011 needs a new vlan port with the same tag
i should then be able to configure the lte-passthrough on the wAP to pass the LTE ip address etc to the vlan (10 in this case) and the vlan interface on the 4011 should pick up the correct address (assuming DHCP client is configured on the vlan port)
am i missing anything? (there is only one dell switch between these two devices, but so far the above has not worked as I am not seeing the address on the vlan port of the 4011 although I can see it making dhcp requests on the vlan port…)
I could simply connect the wAP directly to the 4011 and passthrough to eth1 but I would lose the wifi AP abilities and simplicity of configuration on the lan
Ideally I am trying to accomplish LTE passthrough + winbox management on the lan + wifi AP using capsman
apologies for the newbie questions.. i always feel like a newbie every time i discover and try something new with Mikrotik
Make sure nothing else is using vlan10, especially not the dhcp, as lte will allow only the first client in.
dell switch is a “dumb” switch, with no vlan filtering right?
make sure you configure “/ip settings rp-filter=loose” (or off) on LTE, there is a bug in 6.43+ which will ignore traffic on pass-through interface due to rp-filter=strict (workaround planned for 6.45)
if you configure ether1 for pass-through, you won’t be able to reach lte device from router (=pass-through client). All traffic will be forwarded to lte modem and discarded there if not relevant. That includes any management vlans, UNLESS you override the source mac of this traffic.
Question: my lte suffers from frequent lte disconnects, which most of the time the modem resolves itself, but sometimes it can’t and I need to recycle (stop-start) lte interface to resume connectivity. That the reason why I have netwatch to monitor remote ip.
Do you experience similar issues?
Mar 27 05:35:56 ltegw.home lte,info lte1: not registred, state: 11
Mar 27 05:35:58 ltegw.home lte,info lte1: registered home
Mar 27 05:45:28 ltegw.home lte,info lte1: not registred, state: 11
Mar 27 05:45:30 ltegw.home lte,info lte1: registered home
Mar 27 06:14:56 ltegw.home lte,info lte1: not registred, state: 11
Mar 27 06:14:59 ltegw.home lte,info lte1: registered home
Mar 27 06:23:23 ltegw.home lte,info lte1: not registred, state: 11
Mar 27 06:23:24 ltegw.home lte,info lte1: registered home
Mar 27 06:39:43 ltegw.home lte,info lte1: not registred, state: 11
Mar 27 06:39:43 ltegw.home lte,info lte1: registered home
def no dhcp on the vlan10 other than the client on the RB4011
the dell is a smart switch in “dumb” mode… factory default (we never got around to setting it up ;)… although there is a chance it could be doign something we don;t want…
rp-filter is set to no
per last point… i assume you mean on the wAP. that is why I am trying to push the pass-though to the vlan interface leaving ether1 available for management and capsman
I’m not planning on the LTE being the default gateway.. it is one of 4 wan connections along with 3 dsl lines
(is that an incorrect assumption on my part that the untagged interface would still be usable? I note that some people have configured 2 vlans, one for internet and one for management. just avoiding that to limit config complexity on the RB4011 if possible… it is already complex enough!
OR… if I plug the wAP directly back into the RB4011 and passthrough to eth1 can i simply add a vlan port to the wAP and 4011 and add that to the bridge in the 4011
in theory that ought to give me management and capsman back (I hope) but maybe simplify things (and I can use the RB4011 poe to power the wAP as a bonus )
Your last post is what I had before refactoring to previously posted config: pass-through on ether directly and management on vlan, wrapped by additonal bridge with overridden mac, but
that bridge / vlan won’t be in hardware (wasn’t a problem for me as it’s low volume anyway)
extra config to maintain
hard to access vlan when things go wrong and I need to connect with patch cable directly to it
“is that an incorrect assumption on my part that the untagged interface would still be usable?” no, it’s not incorrect, naked interface could be used for mgmt, exactly what is in config above
excellent. thanks. i shall persevere with the current plan then.
at this point i think we need to have a deeper look a that dell switch as my vlan10 does not appear to be getting the pass-through data
time to play with retro 9600 baud serial cables!!?!
just for the record:
while we thought the dell switch was not an issue, it does appear to have been blocking tagged traffic. once that was sorted things are looking much better
at least we are seeing a 4G ip address show up on the main router… so pass-through is at least doing something
