Two AP, one DHCP server, 2 SSID's

tzupan · August 12, 2014, 1:24pm

Hey guys!
I need your help.

In our our organization we have 2 MT’s:

RB951G-2HnD is the main one (connecting to SIP)
RB751G-2HnD is the AP in the hall

We have WIRE connection between!

In the MAIN:

2 bridges (one privat, one public)
2 SSID’s (one privat, one public)
2 networks (privat: 10.0.0.x; public: 192.168.17.x)

In the SECOND:

I need to set it up to work just as AP
Need to have both SSID’s
Need that the client gets the IP from MAIN router

Actually I tried some different options, but actually noone is working…

Can someone paste a link (if already exists) to some guide or write steps for me?

Thank you Regards, Tomaz

Kickoleg · August 12, 2014, 1:48pm

Setup VLAN and add it to bridge for public network and interface to second AP, at the second AP setup same configuration.
Actually you may do it easy with CAPsMAN without VLAN. Search WIKI how it setup… And maybe helpful this link http://blog.gowifi.co.nz/2014/03/introducing-capsman-from-mikrotik.html

tzupan · August 12, 2014, 1:52pm

I have working MAIN router with 2 SSID’s, so there is no problem.
I need to solve, how to setup SECONDARY AP, to work with MAIN router
Also to got an IP from the MAIN router, depands on which SSID user connect.

The problem is, because my device don’t want to change from 1st to 2nd MT AP device.

Kickoleg · August 12, 2014, 2:02pm

add Ether interface(Second AP) to the bridge with privat network
setup VLAN and add it to the interface Ether(Second AP) after add to the Public bridge
on the second AP setup bridge ether(From Main) + AP Privat
add virtual wifi interface for Public
setup VLAN and add it to ether(From Main)
setup bridge for Public add VLAN and VritualAP for Public

tzupan · August 12, 2014, 2:25pm

Kickoleg:

tzupan:

Kickoleg:

Setup VLAN and add it to bridge for public network and interface to second AP, at the second AP setup same configuration.

I have working MAIN router with 2 SSID’s, so there is no problem.
I need to solve, how to setup SECONDARY AP, to work with MAIN router
Also to got an IP from the MAIN router, depands on which SSID user connect.

The problem is, because my device don’t want to change from 1st to 2nd MT AP device.

add Ether interface(Second AP) to the bridge with privat network

setup VLAN and add it to the interface Ether(Second AP) after add to the Public bridge

on the second AP setup bridge ether(From Main) + AP Privat

add virtual wifi interface for Public

setup VLAN and add it to ether(From Main)

setup bridge for Public add VLAN and VritualAP for Public

I’m thinking that I’m too stupid do solve even with your help
Can you please add on which MAIN/SLAVE do I need to add something

Sorry, but really doesn’t know what you mean with: From Main, Second AP…

My contact: tomaz at planika dot net

Kickoleg · August 12, 2014, 2:59pm

A few assumptions:

MAIN router worked properly and have two bridges with two different DHCP servers on it, (Bridge-privat) first pool-addresses for Privat LAN,(bridge-public) second pool-addresses for Public LAN.
MAIN router have Wireless interface for Privat LAN and have Virtual Wireless interface for Public LAN.
You have connection with Second Router via (for example) Ether5 and on the Second router Ehter1 (for example)
MAIN router:
/interface bridge port add interface=ether5 bridge=bridge-privat
/interface vlan add name=VLAN_public interface=ether5 vlan-id=10 (for example)
/interface bridge port add interface=VLAN_public bridge=bridge-public
Second router:
assumption:
Allready setup Wireless interface with same SSID and security as MAIN router for Privat LAN (Wlan_privat for example)
Allready setup Virtual wireless interface with same SSID and security as MAIN router for Public LAN (Wlan_public for example)
/interface bridge add name=bridge_privat
/interface bridge add name=bridge_public
/interface bridge port add interface=ether1 bridge=bridge_privat
/interface bridge port add interface=Wlan_privat bridge=bridge_privat
/interface vlan add name=VLAN_public interface=ether1 vlan-id=10
/interface bridge port add interface=VLAN_public bridge=bridge_public
/interface bridge port add interface=Wlan_public bridge=bridge_public

tzupan · September 4, 2014, 11:07am

Thanks for your help! It really helps and now it’s working PERFECT!

Another question. I have remote access configured for Master router, but now I want to have remote access to Slave router too.
How to do that?

Thanks one more time

Rudios · September 4, 2014, 12:21pm

Kickoleg:

A few assumptions:

MAIN router worked properly and have two bridges with two different DHCP servers on it, (Bridge-privat) first pool-addresses for Privat LAN,(bridge-public) second pool-addresses for Public LAN.

MAIN router have Wireless interface for Privat LAN and have Virtual Wireless interface for Public LAN.

You have connection with Second Router via (for example) Ether5 and on the Second router Ehter1 (for example)
MAIN router:
/interface bridge port add interface=ether5 bridge=bridge-privat
/interface vlan add name=VLAN_public interface=ether5 vlan-id=10 (for example)
/interface bridge port add interface=VLAN_public bridge=bridge-public
Second router:
assumption:

Allready setup Wireless interface with same SSID and security as MAIN router for Privat LAN (Wlan_privat for example)

Allready setup Virtual wireless interface with same SSID and security as MAIN router for Public LAN (Wlan_public for example)
/interface bridge add name=bridge_privat
/interface bridge add name=bridge_public
/interface bridge port add interface=ether1 bridge=bridge_privat
/interface bridge port add interface=Wlan_privat bridge=bridge_privat
/interface vlan add name=VLAN_public interface=ether1 vlan-id=10
/interface bridge port add interface=VLAN_public bridge=bridge_public
/interface bridge port add interface=Wlan_public bridge=bridge_public

I would go a step further and put both networks on a VLAN.
so remove the ether port that is connecting to the other routerboard from the bridge it belongs to and add an additional VLAN to that interface. Then put that new VLAN interface as member of the private bridge. Do this on both devices and the traffic will be more separated.

Kickoleg · September 4, 2014, 12:59pm

I suggested that only the initial configuration …
Everyone can do more complicated configuration

Kickoleg · September 4, 2014, 1:09pm

Simple add to your privat_bridge on the CAP AP ip address from your IP range and add dst-nat rule with port forwarding …

tzupan · July 2, 2015, 10:38am

One more question.
If I’d like to limit each wifi:
Privat to 4M
Public to 4M

do I need to configure that on both or just on master router to work properly?

Thanks

Rudios · July 3, 2015, 10:19am

If you mean that every connected device will be limited to the 4Mbit of internet speed, just configure simple queue on the master router.

tzupan · July 8, 2015, 10:01am

Hey!
Ok, I did it

But… I have a little problem with SLAVE AP. I have configured both as we talk before (Thanks Kickoleg!). My PUBLIC access is working fine, but PRIVAT it’s working for internal lan but don’t go to the internet.

I try to reconfigure it as Rudios mentionen to put both on vlan but something goes wrong. Any suggestions?

Regards, Tomaž

Rudios · July 8, 2015, 6:35pm

Can you share your configs please?
Possibly something with masquerading rule?

tzupan · July 15, 2015, 12:49pm

Hey!
Ok, I already fixed problem with Slave AP so now it’s working perfect. Now I have a feeling that my simple queue is not working properly. I’m attaching config here.

0    ;;; Total provider speed 25/3MB
      name="TOTAL" target=10.0.0.0/24,192.168.17.0/24 parent=none 
      packet-marks="" priority=8/8 queue=default-small/default-small 
      limit-at=3M/25M max-limit=3M/25M burst-limit=0/0 burst-threshold=0/0 
      burst-time=0s/0s 

 1    ;;; 3MB/512k
      name="3MB/512k" target=10.0.0.0/24,192.168.17.0/24 parent=TOTAL 
      packet-marks="" priority=1/1 queue=UL-512k/DL-3M limit-at=0/0 
      max-limit=512k/3M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s 

 2    ;;; 1MB/256k
      name="1MB/256k" target=10.0.0.0/24,192.168.17.0/24 parent=TOTAL 
      packet-marks="" priority=2/2 queue=UL-256k/DL-1M limit-at=0/0 
      max-limit=256k/1M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s 

 3    ;;; 512k/256k
      name="512k/256k" target=10.0.0.0/24,192.168.17.0/24 parent=TOTAL 
      packet-marks="" priority=3/3 queue=UL-256k/DL-512k limit-at=0/0 
      max-limit=256k/512k burst-limit=0/0 burst-threshold=0/0 
      burst-time=0s/0s

I have a feeling that if limiting is enabled limit total traffic to it’s limit not to limit speed per connected device. Some suggestion about my config?

P.s.: The point is that I wanted to split connection 25/3 to undefined number of connected clients. More clients will connect lower will be the connection speed.

Thanks a lot! Regards, Tomaž

tzupan · July 20, 2015, 4:07pm

Anyone?
Please