I have mikrotik, connected to internal network.
Topology:
Main router (with wireless AP) - 192.168.1.1
Mikrotik connected to network through wireless interface - got address from DHCP - 192.168.1.130
Address 192.168.1.3 - is a bridge IP address
[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.1.3/24 192.168.1.0 bridge-local
1 D 192.168.1.130/24 192.168.1.0 wlan1
i am connected with laptop to port 4 on router, can ping 192.168.1.3 and 192.168.1.130 but i cannot ping 192.168.1.1 (and of course cannot use internet).
Where am i doing error?
[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.1.1 1
1 ADC 192.168.1.0/24 192.168.1.3 bridge-local 0
but i was also trying to set-up bridge as 192.168.1.130
[admin@MikroTik] /interface bridge> pri
Flags: X - disabled, R - running
0 R name="bridge-local" mtu=1500 l2mtu=1598 arp=enabled
mac-address=D4:CA:6D:B4:E7:11 protocol-mode=rstp priority=0x8000
auto-mac=no admin-mac=D4:CA:6D:B4:E7:11 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] /interface bridge port> pri
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 wlan1 bridge-local 0x80 10 none
1 I ether2-master-local bridge-local 0x80 10 none
2 ether4 bridge-local 0x80 10 none
What for?
I am able to ping bridge network, and Wireless interface from interface4, it means - i am able to do it inside of bridge.
Now i want to go out and i am not able to.
You have a dynamic ip 1 D 192.168.1.130/24 192.168.1.0 wlan1 in bridge. Do you get this from dhcp? You also have the .3 address to the interface in the same bridge since wlan is put in bridge. To have this as a layer2 connection, making the “CPE” have an IP to ping a gateway behind your bridge, you should use wds. unless your client use wds, and you put in bridge, rather than the wlan interface itself, this solution is a good way do this. But like all other stuff, its possible in manny ways
Make a bridge, put ether and wlan to bridge. Remove all your IP stuff, and use dhcp, or the .3 Ip to bridge. Then you should be able to get a ping to your gateway behind (probobly .1?)
[admin@MikroTik] /interface bridge port> print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST
0 ether2-master-local bridge-local 0x80 10
1 wlan1 bridge-local 0x80 10
[admin@MikroTik] /interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge-local" mtu=1500 l2mtu=1598 arp=enabled mac-address=D4:CA:6D:B4:E7:11
protocol-mode=rstp priority=0x8000 auto-mac=no admin-mac=D4:CA:6D:B4:E7:11
max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m
[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.1.1 1
1 ADC 192.168.1.0/24 192.168.1.3 bridge-local 0
[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.1.3/24 192.168.1.0 bridge-local
I am able to ping 192.168.1.3 from computer connected to ethernet, but i cannot ping that addres from computer connected to wireless.
do you use switch chip? (since name is xxxx-master) switch and bridge together might have some issues.
But. Is router able to ping .1? if so, setup is correct, and you should use wds to make a bridge all “the way”
I would still do like i told in first post.
Have the .3 address to the ethernet interface.
Make a new subnet to wlan. Lets say 10.0.0.1/24 Add dhcp server etc to wlan. Make a srcnat masqurade out interface ether1 to firewall, and wolla. it should work
Its also possible to tell the .1 that 10.0.0.0/24 is behind .3 or whatever you use, and dont use the nat.
If you use wds, your client need to support wds. If the AP create a wds interface, and you put it in bridge, it will be ok and a layer2 from ether1 to client
This is actualy a hackto fix Your problem - No real bridge
Mode station-pseudobridge
This mode from wireless connection point of view is the same as standard station mode. It has limited support for L2 bridging by means of some services implemented in station:
MAC address translation for IPv4 packets - station maintains IPv4-to-MAC mapping table and replaces source MAC address with its own address when sending frame to AP (in order to be able to use 3 address frame format), and replaces destination MAC address with address from mapping table for frames received from AP. IPv4-to-MAC mappings are built also for VLAN encapsulated frames.
single MAC address translation for the rest of protocols - station learns source MAC address from first forwarded non-IPv4 frame and uses it as default for reverse translation - this MAC address is used to replace destination MAC address for frames received from AP if IPv4-to-MAC mapping can not be performed (e.g. - non-IPv4 frame or missing mapping).
This mode is limited to complete L2 bridging of data to single device connected to station (by means of single MAC address translation) and some support for IPv4 frame bridging - bridging of non-IP protocols to more than one device will not work. Also MAC address translation limits access to station device from AP side to IPv4 based access - the rest of protocols will be translated by single MAC address translation and will not be received by station itself.
This mode is available for all protocols except nv2 and should be avoided when possible. The usage of this node can only be justified if AP does not support better mode for L2 bridging (e.g. when non-RouterOS AP is used) or if only one end-user device must be connected to network by means of station device.
and i am not able to.
