I have the following setup:
wAP LTE : bridge -mode
wAP AC : station bridge -mode
On the wAP AC that is a ‘station bridge’, I cannot perform packages upgrade, as it cannot connect to internet. Also, NTP time sync does not work.
Is there some particular setup needed on the ‘station bridge’ to get internet connectivity for the RouterOS on that wAP AC itself? Or is it possible at all in this mode?
All the wireless clients connected to the wAP AC ‘station bridge‘ have internet connection working just fine, so the basic bridging setup works as expected. Also, the wAP LTE could perform packages upgrade, so Mikrotik services are working, no issues there.
Yeah. Did both those things. Before setting default route I got “network unreachable” for pinging an internet host IP address from the wAP AC (station bridge). After adding default route, I got a host connection failure. But again, pinging from a wifi client (station) within the network, it works.
So this is what made me suspect some other configuration might be required on the station bridge.
If station bridge device can ping your gateway, then it should be able to connect beyond gateway if default route is configured properly (and gateway doesn’t block it somehow).
You can post full config of station bridge device (in terminal window execute /export file=anynameyouwish hide-sensitive - the last parameter is only applicable in ROS v6) so we’ll be able to check what exactly is missing.
The ‘station bridge’ 192.168.88.2 can ping the ‘bridge’ internal address 192.168.88.1, but for some reason the station bridge cannot reach the extenal LTE interface. But as expected, the stations in the network can reach the external interface.. bridge.cfg.rsc (4 KB) station-bridge.cfg.rsc (3.61 KB)
The default route setting on station brdige is wrong. It should be like this:
/ip route
add distance=1 gateway=192.168.88.1
Using interface name as gateway doesn’t work too well for non-PtP interfaces.
Other problems on station-bride device: you shouldn’t run DHCP server on station bridge, DHCP server on main router should do the trick. If you want, you can run DHCP client on station-bridge, but it should be bound to interface brdige instead of ether1 … but you don’t need DHCP client when you get the route setting done right. You don’t need “allow-remote-requests” set to yes on station-bridge device (the rest of LAN devices will use main router as DNS server), so you better disable this (allowing this can cause some problems). You better disable/remove all firewall rules for chain=forward … since your statin-bridge device doesn’t do the routing, they probably won’t get triggered any way. But if somehow they do get triggered, you may get caught by surprise if some traffic won’t pass as expected. Rules for chain=input are different … if you want to somehow restrict access to station-bridge device and its services. And get rid of that additional IP address, you don’t need it (it’s worng anyway because it doesn’t have proper netmask set … /24). Remove the brdige1 as well, it’s not used so it can only cause problems.
On the main router, you have one small problem: LAN address (192.168.88.1/24) is set on ether1 … which is a well known error of QuickSet … it should be defined on bridge interface.
Awesome, thanks a million! I knew it was something oddly simple like this. I just opted for the interface as that’s what the GUI setup offered me, using an IP makes much more sense to me. Should’ve been pretty obvious, but I could not get my head around it.
Other problems on station-bride device …
Definitely will do these cleanups! The bridge1 is a leftover for some instructions I got earlier for initial setup and was left actually unconfigured, as I figured I can just use the default bridge-interface.