Dear friends,
I’ve been struggling with this problem for some time, and I hope it will be trivial for someone here.
google and wiki are my friends, but I’m stuck at following:
I have:
domain server at 192.168.1.1
analytics server at 192.168.1.10
20 welding machines at 192.168.1.160-179
20 mikrotik map 2nd’s
unifi uap ac lite AP at 192.168.1.130 (and some tp-links both simple and router AP’s if needed at disposal)
problem:
how to properly setup the mikrotiks to make a bridge to connect all the machines to the network so that the analytics server can ping / access them?
I can ping the mikotik devices from the server without problem, ping the machines from the mikrotik RouterOS (when connected with winbox) also without problem,
but I can not ping the machines from the server directly (or any other PC on the network)
background/more info:
the welding machines have Ethernet ports, and when connected via LAN cables, everything works fine
however, as many are mobile, and work conditions are rough, the cables were frequently damaged, so we decided to go wireless
in test setup, I’ve set a simple Tp-link AP in client mode, and connected it to my Unifi AP, and a welding machine to it’s Ethernet port - all worked without problems
as the tp-link is an office device and needs external power we needed something better, so the welding supplier delivered mikrotik devices in enclosed cases with power and Ethernet connections that can be easily connected to the machines.
I’ve set up the mikrotiks in CPE - bridge mode, and to save the ip pool, gave them the 192.168.7.x subnet (also added the subnet in the domain controller)
I can ping the 7.x mikrotiks from the server without problem all the time, but the 1.x machines behind them just keep appearing and disappearing (pingable for a few minutes, then gone)
I thought that this is because the mikrotiks themselves are in 7.x, so I gave them (bridge) also 1.x addresses (1.180 - 1.199), but now, nothing works, cant even ping them.
Am I missing a route, or am I doing it completely the wrong way..my head hurts 
I’m grateful for any help and advice.
I would follow a different approach.
You can program the mAPs as simple wireless bridges, i.e. welding machines, and AP will “think” they’re directly connected to each other.
I wouldn’t even assign IPs to the mAPs theirselves, and would manage them via L2:
- using mac-winbox (Neighbors tab on Winbox, click on the MAC of each device appearing)
or
- Winbox & RoMON (Tools > RoMON tick enable on each mAP)
Try this:
/interface bridge
add name=LocalBR
/interface ethernet
set [ find default-name=ether2 ] master-port=ether1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=station-pseudobridge \
radio-name=WeldingMachineID ssid=YOURSSID wmm-support=enabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys \
supplicant-identity=MikroTik wpa2-pre-shared-key=YOURKEY
/interface bridge port
add bridge=LocalBR interface=wlan1
add bridge=LocalBR interface=ether1
/system identity
set name=WeldingMachineID
/tool romon
set enabled=yes
This L2 bridging would be more transparent if a ROS AP were used, as this will allow setting it in ap-bridge, then the mAPs in station-bridge for true L2 transparency.
Former settings should work equally well if you only connect one device to the mAP ether ports (doesn’t matter which one) as seems to be your case.
The advantages of this approach is simplicity. Welding machines will get their IP & settings straight from the UniFi; with this setup in place you can consider the mAPs as transparent ethernet to wireless transceivers.
pukkita, thank you for your suggestion.
your idea without IP is even better.
the machines don’t even need DHCP as they have fixed IP’s
I’ve set up an office test rig and hooked a laptop to a mAP Eth2 and configured it as you suggested.
I gave my laptop an IP within the subnet of the main network.
the laptop immediately had network access to all devices and is working flawlessly.
however when I try to ping the laptop from my other PC (fixed LAN) it says “destination host unreachable”.
then I ping my PC from my laptop, it goes without problems, and then I can also ping back the laptop too, but only for a short while.
Like when I ping the pc form behind the mAP, a temporary route is set, so I can ping it back. but then it goes away.
how to make this “visibility” permanent?
Thank you for your assistance!
the laptop immediately had network access to all devices and is working flawlessly.
however when I try to ping the laptop from my other PC (fixed LAN) it says “destination host unreachable”.
then I ping my PC from my laptop, it goes without problems, and then I can also ping back the laptop too, but only for a short while.
Does your laptop have a firewall? this looks like being due to a stateful firewall…
No, it’s a basic win7 pro machine, LAN connection set as work network.
switch–>pc1
–>pc2,
–>tp-link <–wifi–> mAP <–laptop
The problem is that the machines exhibit the same behaviour. I can constantly ping the mAP’s connected to them, ping the machines from within the mAP winbox, but only can ping the machine directly from time to time - i.e. when the machine itself announces itself on the network.
I’m starting to suspect that this is beyond the mikrotiks, but the whole network layout itself. ofcourse, mikrotik ↔ non routerOS connections also may be a problem.
I will try to set up one mAP as an AP in the office and check.
I would simplify my life and get rid of the tp-link as the AP.
Put a routerboard as AP in wireless mode = ap-bridge, then all mAPs in station-bridge. True L2 bridging, and much more stable and robust operation.
Stellar candidates for AP in your production environment: RB951Ui-2HnD or RB951G-2HnD.
The chairman and welding engineers are impatient, so I had to come up with a rapid solution.
It turns out, that the wireless connections in the production hall are stable, however, both the routerboards, and the machines behind them only create very short-time entries in the ARP table on the network.
So I rounded up the MAC’s from the machines and put them in the static ARP table on the analytics server and voila, instantly pingable and reachable form the server.
As I have 4 mAP units surplus, I will now have time to dive deeper into RouterOS and try to setup the routerboard ↔ routerboard connection.
I’m especially interested in the full mesh setup, so that I don’t have to worry about any of the edge machines in large-steel-object-welding-arc-heavy environment loosing connection as every node is also an AP. (as described in https://wiki.mikrotik.com/wiki/Wireless_WDS_Mesh ).
If all goes well, I’l implement this at a later date in the production.
Thank you pukkita, I’ll look into your suggestions for future procurement.