simple question (maybe?); how to reach server?

RouterOS General
1

My network was routed. Meaning client antenna connects to AP and from there sometime through several hops and even more routers/antennas (BH links) towards my border router.

I used to setup dhcp-server in AP, so client antenna would get IP and with a srce-nat rule client could go online by using his antenna’s IP to reach border router. In border router his traffic was translated into public IP.

Now I want to setup PPoE in border router. So all clients are administrated in one point (=border router or other heavy machine attached directly to this border router).
But for client’s wifi router in PPoE-client mode, it is necessary for client to ‘see’ the PPoE server?

My solution was to setup vlans from AP’s-client network (vlan on ethernet-gateway in bridge with wlan for radio connected to the clients.)
All vlans coming from different would pass over my network and end in one bridge on the border router. On the bridge the PPoE server could run…?

But for the transfer into such system I run into all kinds of problems;

  1. by terminating all vlan’s in one bridge, I create one big IP-network that runs to all clients and through many tenths of wireless backhauls. This is not good because it saturates and disturbes my network.
  2. to have vlan’s running through bridges, split in some instances, run together with other part on the network in trunks, etc. etc. is also very complicated to achieve and troubleshoot.
  3. vlans’s themselves also need to be administrated carefully. One digit misspelled somewhere and a lot goes bananas.

The idea was when all the vlans from each AP would be terminated in one (bridge)interface, each client that connects to an AP would immediately ‘see’ the PPoE server on that interface and asker credentials which after given would mean acceptance as client and administered.

I don’t even seem to reach that PPoE status since I’m continually battered with vlan issues… and when do I transfer all clients to PPoE? It is going to be a tremendous task which probably goes wrong somewhere and leaves the network in chaos for a while, clients mad and I with hands in my hair!

Is there no other way to have clients after first connection of their CPE antenna to get to the PPoE server and get an IP from that and than it just all works?

There seems to be not too much literature what is the best way of setting up such a network like mine. Basically all clients are wireless, fixed antenna’s and the network just plain routed. (Well, now also many bridges to make transparent passing of vlans possible)

Anybody that has suggestions, ideas, of give me a hand in the right direction?


(I know, “guru” is my status as member, but that doesn’t mean I know all! Probably it just means I write a lot! :laughing: )

2

FIRST OF ALL, FORGET VLAN.

I suggest you to do that for migrate your networks from DHCP style to PPPOE style:

Create one VirtualAP on AP. bridge it with one EoIP.
The other side of EoIP are inside PPPoE server.

Put one pppoe-server listening on EoIP end.

On “server” side you have done.


The CPE must be configured: wlan simply are “station” connected to VirtualAP ad ap-bridge,

wlan do not have any address, only ether1 for dhcp etc. on client side.

put pppoe-client listening on cpe wlan,
add masquerade with out = pppoe-client

You done…


IF you want reach CPE are three way: neighbor on pppoe-server, registration on ap, by winbox using pppoe-client IP.



On future when pppoe are > of dhcp, use VirtualAP for DHCP and real interface for pppoe until you not configure all your device for use pppoe server.

3

@rextended; Let me see if I understand you well and at the same time add question/remarks:

“Create one VirtualAP on AP”; That’s the first problem, my network runs with NV2 and virtual AP’s are not possible in this case. It is no option to go to 802.11 because it will see my networks go bananas. So we have to find another way to do the transfer.

“bridge it wit one EoIP”; Ok, but now we make just an EoIP tunnel. I only have vlan. Is that so much different? I asked a few times on the forum what tunnels to use when, but never got a good answer. So I just decided to pick vlan. But maybe a bad choice? (Why?)

“Put one ppoe-server listening on EoIP end”; Ok, I understand that. But if I have several AP’s that will see each their own EoIP tunnel they all end in the same border router where the pppoe server is to be located. But do I put all these end points on one etherinterface? Or a bridge interface? (Since ‘lines’ come in over 4 or 5 different ethernet interfaces). And the pppoe server ‘sits’ on that same interface?


CPE site is all clear to me, that was also going to be the setup in working with vlan’s..


I need to find a workaround for the in-ability to the virtual AP.
Maybe I make a script that ‘pings’ the dhcp-server’s IP (=end point of either the present vlan in the border router, or the dhcp-server in the AP if vlan is not there yet.)
As long as the dhcp-server can be reached (with a delay of some minutes to allow a first time associating CPE to get an IP from dhcp-server so it becomes 'pingable?) CPE will have dhcp-client enable on the wlan interface (mode=station)

Then, if after 5 mins the dhcp-server still can’t be reached (or can’t be reached anymore) the script should disable the dhcp-client and enable a pppoe-client.
Now CPE wil ‘listen’ to a pppoe-server.
I can now disable the dhcp-server and enable the pppoe server so CPE will jump from dhcp to pppoe client?

Third I will make a netwatch that pings my time server on my network. When after 15 mins that one is not reachable (because pppoe-client also not can’t be reached) the CPE will reboot and sequence starts again. If I now saw that pppoe server did not work, I can back enable the dhcp-server and CPE will be able to get IP this way and is reachable again with internet access?

hmm, EoIP tunnel, hmm I need to think about that…

4

So basically I should abandon my vlans and thus go back to a fully routed network in regard of all nodes (backhauls, servers and AP’s) so at least in AP a route exists to border router and in border router the AP can be reached. (Now I use several bridges to allow transparant passing of vlan’s and less need to make routing tables. The disadvantage is that bridges have their own imperfections at times, specially in changing mac addresses and/or the use of splitting of vlans on or in bridges.

Another complication I have; Some AP’s (Omnitik) not only have 2 or 3 backhauls for transport to next AP (they can be bridged with backhaul to central) but even have one CPE on its wlan network that in fact is a building with several clients. These clients therefore do NOT have their own CPE antenna, but the building has one CPE that gets bridged towards a switch (or rb750 or similar) and client wifi routers are connected to these switch/router). So how am I going to arrange these clients will ‘see’ pppoe server?

Should I put the EoIP tunnel for these start at this building CPE? So client wifi thas in this case has to be pppoe client has to be connected through a switch to the ethernet port of the CPE? This ethernet port has to be in the bridge with the wlan and the bridge now has to be the end point of the EIoP tunnel?
(How do I now ‘reach’ this CPE? Should I also put pppoe client on the wlan of this CPE? Or should I still maintain an IP on the wlan? But the wlan of the AP has no IP. So now I have to arrange that too? And make a route to reach this network from border? Sounds a bit complicated…?

5

It’s begin to be a bit too much complicated dont you think? We own a lot’s of tower and RF technologies, we use PPPoE and VLAN’s. Really simple.

1- Keep in mind that the PPPoE can’t be routed. So that’s means that your untagged VLAN have to be the PPPoE One.

2- The management can be tagged, dependent the device you use. See the Device specs.

3- The others Vlan’s will be bridged or routed depending your CPE configuration. The most important is to do not try to route your PPPoE. It’s a L2 protocol, not a L3.

Most peoples think that Mikrotik will act like a super boosted L3 switch. It’s false. The tagging management are automatic in most RB Hardware and the only way I’ll be able to play correctly with the VLAN’s it to create a bridge like (bridge-local) and attach my Vlan’s to this Bridge.

You can passtrough your vlan by sending an already tagged VID in your packet, but it’s at least impossible to “untagged” it to a specific port. It’s not a Switch, it’s a ROUTERBOARD! with ROUTEROS.

RouterOS will act more like a router than a switch. So that’s means the VLAN’s you build will be attached to an interface WITH an IP Address. Tagging and untagging are a real mess.

I hope try a CSR soon to test the VLAN’s features but actually I’ve to attached a L3 switch in the front of my RB and untagged my VLANs into the switch, not the RB.

One thing you can try:

1- Create a bridge
2- Create a VLAN Interface with the parent interface the bridge
3- Add 3 physical ports to the bridge.

Using a laptop/pc plugged into the interfaces, try to ping your VLAN interface. If you can reach it, you can assume that you have 3 untagged port on the VLAN ID you set. But you can’t be able to use it outside of the Routerboard.

Keep me in touch