eth1 - device management with winbox
wlan1 - wifi access to internet
wlan2 - network for clients with wlan1 as master
l2tp/ipsec - traffic for wlan2 is being routed via vpn
where wlan2 exists only when wlan1 connection has been established and then clients on wlan2 have access to internet via vpn.
I’m trying to understand how to get internet on cable with eth1 instead of wlan1, having both options enabled with the following logic:
use internet from cable when it is connected, OR
use internet from wlan1 when there’s no cable on eth1
This is basically the last step that leads to a perfect travel router with map lite
To make that work, don’t forget you have to disable firewall on WAN.
Else problem is, if both ETH and WLAN 1 are WAN and you have a firewall, you will not be able to configure the device
The WLAN2 interface will only be visible when WLAN 1 is connected to an AP.
For instance you have set WLAN1 up for SSID MY_CHOICE, when you go into another place/hotel this SSID is not there
and WLAN 1 will forever scan for this SSID. During this process WLAN2 will not be available and you can’t connect from LAN side.
To avoid this you have to disable firewall or allow access from the WAN side.
To make it simpler you can just create a bridge, make all interfaces ports on that bridge.
Then you have no hassle at all.
(this is in case you either use ETH or you use WLAN1, and not both at same time)
I am not sure why you would disable the firewall on the WAN. The WI-FI interface is serving as a WAN connection, so it should be firewalled unless you have very specific needs. Also the interface needs to be NAT’ed, so adding it to the WAN list ensures that this is done using the default config. I have been running this configuration for a router with multiple uplinks (WI-FI, Ethernet and LTE) for ages
Map lite has 1 ETH port and 1 WLAN interface. If both are WAN, you can configure the router ONLY if WLAN 2 (virtual interface) is up and running.
As WLAN1 is STA mode, it will look for SSID on each radio channel continuously.
If it finds it, the slave interface WLAN2 (only LAN interface in this setup) will come up and you can connect to this and configure it.
Now if you move to a new location (new SSID), as this is the whole purpose, your slave WLAN interface won’t be accessible as the master
interface scans all 2.4G channels without stopping.
How do you enter now the new SSID?
You can only access and configure the map lite if WLAN 1 can connect to its SSID if it has firewall.
Or you do scripting and more advanced things
I did not consider the hardware limitations on the mAP lite, as I have been doing this on a device with dual chain WI-FI, multiple ethernet interfaces and LTE, and even have scripting on top of this to bend the router to my will, hence I have not been facing this issue. But you are right if doing it on a mAP lite, there is a risk of locking yourself out of the router if the uplink WI-FI does not connect.
Meanwhile, I do not see how this can be resolved through a firewall rule; if the WI-FI uplink in station mode does not connect, the virtual interface in ap bridge mode will not be available, firewall or not, so WI-FI is not an option. Unless you script the interface to change mode.
This leaves the Ethernet interface, but this interface will be a DHCP client, so it does not have an address (unless it has both the DHCP client and a static address at the same time with the risk of address conflicts with the network it is connecting to). So the only viable option here might be Winbox using the MAC address, or scripting. Firewalling should not be required for the Winbox mac address based approach, as this is layer 2, while the firewall is layer3. But if going with the static address approach, it will require a firewall change.
Personally I would probably choose a device with more interface (as I have). If this is not viable, I would opt for scripting to ensure that a WI-FI connection is always available to the router.
I’ve added a connect list with several mostly frequently used ssids and it solves the problem of auto switching between known networks.
For unknown networks I use lan-to-usbc adapter on my android phone. So the last thing is to enable automated switch between eth and wlan1, when Internet cable is available.
On my second map lite that hangs on my router there is a similar setup, but based on defconf and Internet coming from cable. There’s a bridge that I don’t have in my configuration on the first device using wlan1, probably this is something that I need, but not sure, if this is what I need.
So there’s basically only one step before getting a perfect travel router - everything is covered except a possibilty of getting Internet from cable.
with such a small size and functionality out of the box - I don’t see any other device like that on the market