Hello,
I have been trying to use a RB941-2nD running ROS 7.16.1 to transparently bridge a single ethernet port of its to a wireless station connection. My AP is a unifi product, so I’m not able to use any of the fancy bridge modes. The only options available to me are mode=station, mode=station-pseudobridge and mode=station-pseudobridge-clone as these are the only ones that are able to make an association with my APs.
In my mind, the station-pseudobridge-clone would be an ideal option here. In principle I see at least partially the behaviour as documented here. First the interface connects to the AP using its configured mac-address as described. But then /interface/wireless/monitor wlan2 indefinitely shows searching-for-address-to-clone: yes even though /tool/sniffer/quick interface=wlan2 demonstrates that there are plenty of traffic to clone the mac from. The only way I am able to get the cloning behaviour to happen is if I set station-bridge-clone-mac manually.
What I would really like is a behaviour wherein the station would not connect at all until there is a MAC address available to clone, and only connect with the cloned address. Is it something that’s possible to achieve? I imagine I can write a script to disable the wlan2 interface if ether2 is unplugged (and vice-versa), but how would I go about finding the source MAC address of the first packet sent by the connected device?
I’ve been using the following configuration for my tests – maybe someone is able to spot something in there that prevents a transparent source mac clone?
# 1970-01-02 02:05:23 by RouterOS 7.16.1
# software id = 954P-994L
#
# model = RB941-2nD
# serial number = 9473099E7F25
/interface pwr-line
set [ find default-name=pwr-line1 ] disabled=yes
/interface bridge
add name=bridge1 protocol-mode=none
add name=bridge2 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] arp=proxy-arp band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto on-fail-retry-time=1s ssid="" station-roaming=enabled wireless-protocol=802.11
add arp=proxy-arp disabled=no mac-address=02:00:00:00:00:00 master-interface=wlan1 mode=station-pseudobridge-clone name=wlan2 ssid="testap" station-bridge-clone-mac=B8:69:F4:24:D2:1F station-roaming=enabled
/interface ethernet
set [ find default-name=ether1 ] loop-protect=off
set [ find default-name=ether2 ] loop-protect=off
set [ find default-name=ether3 ] loop-protect=off
set [ find default-name=ether4 ] loop-protect=off
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=fencegw
/interface bridge port
add bridge=bridge2 interface=wlan2
add bridge=bridge2 interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=*2000011
/ip settings
set rp-filter=strict
/ipv6 settings
set disable-ipv6=yes
/ip address
add address=192.168.88.1/24 interface=ether1 network=192.168.88.0
/ip dhcp-client
add interface=ether4
Here ether1 is for management, ether2 is the bridged interface, and ether4 acting as the “client” that’s connected to ether2. ether4 has a DHCP client configured to generate some of the traffic for MAC address cloning (which fails to happen). I’ve also tried an unrelated device instead of connecting ether2 and ether4 together, much to the same effect.
Any ideas much appreciated.