Stopping double NAT on WAP LTE with RB951G-2Hnd

castlemaster · April 12, 2018, 7:58am

Hi All,

I’ve been using my RB951G-2HnD for years with 3 seperate ADSL Modems and all has been working swimingly.

Today I’ve received the wAP LTE Kit, the kit iself works fine, however the issue I have is trying to get it to work with my 951 properly without getting double NAT. My LTE Carrier (EE in the UK) use CGNAT, I’ll admit, I stumbled onto my current config on my 951 so I’m no routerOS expert so can anyone offer me any advice on how on earth I can setup the wAP so that it acts in much the same way that my adsl modems do and just pass the IP address back to my 951 which I want as my main router and network gateway, I don’t want to use the WiFI on the wAP at all and no DHCP server on that either.

Any advice on configuring so I don’t get into a double NAT situation would be gratefully appreciated.

Thank you

poizzon · April 12, 2018, 4:40pm

RB951G-2Hnd - use like as a switch/access point,
wAP LTE as router

castlemaster · April 12, 2018, 4:56pm

Hi there,

I’m unsure how i’d get it working that way, surely I’d still need to use the 951 as a router as all my machines on the lan still need to go through that (which then by mangle rules determines which adsl/lte port they go out through)? So is there no way to keep the 951 as a router (as it will still have 3xADSL) and stop double (or indeed tripple if the lte modem uses CGNAT) natting?

mkx · April 12, 2018, 8:20pm

A thought and I don’t know if it’s doable. Here it goes: dedicate one ethernet port on 951 for connection to wAP. Configure 951 and wAP for point-to-point connectivity (as described here). Then have wAP do NAT towards LTE but make 1:1 nat with target being 951 (not sure if you can do 1:1 srcnat). I guess this would almost make wAP behave as bridge between LTE and ethernet, only IP address gets changed. I don’t think you can get by without NAT on wAP.

You might want to throw VLAN into the mix for various reasons:

if you want to have management access to wAP directly from LAN and not through 951, given that wAP has only got single ethernet port. For this resson, you’d have two VLANs on the wire between both MTs, one would be bridged to LAN in 951, the other one would be used for internet traffic.
if you’re running short of ethernet ports on 951 but you happen to have spare VLAN capable switch … then you can run several VLANs in trunk connection between 951 and switch and configure ports on switch as access ports for those VLANs … on 951 you would use vlan interfaces just like you’re using “real” interfaces right now

matiaszon · April 13, 2018, 11:40am

Hi All,

I’ve been using my RB951G-2HnD for years with 3 seperate ADSL Modems and all has been working swimingly.

Today I’ve received the wAP LTE Kit, the kit iself works fine, however the issue I have is trying to get it to work with my 951 properly without getting double NAT. My LTE Carrier (EE in the UK) use CGNAT, I’ll admit, I stumbled onto my current config on my 951 so I’m no routerOS expert so can anyone offer me any advice on how on earth I can setup the wAP so that it acts in much the same way that my adsl modems do and just pass the IP address back to my 951 which I want as my main router and network gateway, I don’t want to use the WiFI on the wAP at all and no DHCP server on that either.

Any advice on configuring so I don’t get into a double NAT situation would be gratefully appreciated.

Thank you

You can use “passthrough” option on wAP LTE kit. You can read more here:
http://forum.mikrotik.com/t/wap-lte-kit-in-bridge-mode/113210/1