Wireless Bridge

Singib · November 24, 2015, 9:38am

Hi,
Please advise me how to setup a Wireless Bridge on MikroTik mAP-2n (It is a nice small box having RouterOS, 2 Ethernet ports and 1 WiFi).

My goal is to transparently connect 2 Web Cams to home LAN. A Home LAN is routed by Zyxel Keenetic Giga2 (Firewall, NAT, DHCP, …).

The picture is like this:
IPCAM====[MikroTik mAP 2n]…[Zyxel Keenetic Giga2, 192.168.1.1]====ISP

====== - is an Ethernet line,
… - is a wireless channel (Wi-Fi actually)

I have created Bridge on MikroTik, added Eht1, Eth2, WiFi interfaces to this bridge. Wifi is configured as “station” and connected to Zyxel.
However, it is insufficient some glue or magic.
Devices, connected to Mikrotik do not obtain IP addresses from Zyxel DHCP (and therefore do not work )

What is the problem?

Thank you

pukkita · November 24, 2015, 11:06am

please post an export; open a new terminal in winbox and issue:

/export

then paste it here (edit out passwords).

If DHCP is not working, that means that Layer 2 is being cut at some place. Do other Zyxel wireless clients get ips by DHCP fine?

Singib · November 24, 2015, 12:05pm

Export:

[admin@MikroTik] > /export
# nov/24/2015 00:12:04 by RouterOS 6.28
# software id = GGB5-DDMH
#
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC \
    disabled=no frequency=2457 l2mtu=1600 name=WIFI ssid=****
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys wpa2-pre-shared-key=*********
/interface bridge port
add bridge=bridge1 interface=WIFI
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether1
/ip address
add address=192.168.1.2/24 interface=bridge1 network=192.168.1.0
/ip dns
set servers=192.168.1.1
/ip route
add distance=1 gateway=192.168.1.1
/romon port
add disabled=no
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 3 interface=ether1
/system routerboard settings
set cpu-frequency=400MHz protected-routerboot=disabled
[admin@MikroTik] >

If DHCP is not working, that means that Layer 2 is being cut at some place. Do other Zyxel wireless clients get ips by DHCP fine?

Yes, fine

pukkita · November 24, 2015, 2:44pm

Your setup is fine AFAIK.

The problem could be the Zyxel connection not being completely transparent, you can try setting a IP > DHCP Relay to keep using the Zyxel as DHCP server, see http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay.

cdiedrich · November 25, 2015, 8:20am

Station-bridge mode is only supported when the AP you connect to is MikroTik as well - unfortunately, standard 802.11 does not support L2 bridging (there’s only space for three MAC addresses where four would be needed).
You should try it with mode=station-pseudobridge-clone, see here in the manual

-Chris

Singib · November 25, 2015, 7:45pm

strange behavior…
when i set Station-bridge mode, clients of mikrotik cannot obtain IP address. I set Gateway = 192.168.1.2 (same IP as IP of bridge) - DHCP works. But ping from client is not reliable.
When I set pseudobridge-clone, client works.. But does not see another wired clent of mikrotik.

ZYXEL router log reports permanently:
Nov 25 22:34:45ndhcps_WEBADMIN: making OFFER of 192.168.1.43 to b8:27:eb:22:0e:e8.
Nov 25 22:34:55ndhcps_WEBADMIN: DHCPDISCOVER received from b8:27:eb:22:0e:e8.
Nov 25 22:34:56ndhcps_WEBADMIN: making OFFER of 192.168.1.43 to b8:27:eb:22:0e:e8.
Nov 25 22:35:03ndhcps_WEBADMIN: DHCPDISCOVER received from b8:27:eb:22:0e:e8.
…
I know, b8:27:eb:22:0e:e8 is the second client of mikrotik (on Ethernet2 port).
So, on my first client (Windows computer on Ethernet 1 port) i see ARP report:

Interface: 192.168.1.37 — 0xb
Internet address MAC Type
192.168.1.1 10-7b-ef-55-38-b4 dynamic
192.168.1.35 00-11-32-03-b1-13 dynamic
192.168.1.40 00-00-00-00-00-00 invalid
192.168.1.42 00-00-00-00-00-00 invalid
192.168.1.43 00-00-00-00-00-00 invalid
192.168.1.254 00-00-00-00-00-00 invalid

prooooblem…

Singib · November 25, 2015, 7:48pm

oh, current /export

# nov/25/2015 22:48:51 by RouterOS 6.33.1
# software id = GGB5-DDMH
#
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC \
    disabled=no frequency=2457 mode=station-pseudobridge-clone name=WIFI ssid=
    *****
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys wpa2-pre-shared-key=*******
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/system logging action
set 1 disk-file-name=log
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=WIFI
/ip address
add address=192.168.1.2/24 interface=ether1 network=192.168.1.0
/ip dns
set servers=192.168.1.1
/ip route
add distance=1 gateway=192.168.1.1
/system clock
set time-zone-name=Europe/Moscow
/system leds
set 3 interface=ether1
/system routerboard settings
set cpu-frequency=400MHz
/tool romon port
add

b1863515 · November 26, 2015, 5:54pm

I guess that you’ll get similar errors because bridging a wireless interface used as a station is kinda non-standard. You might be better off using dst-nat.

Singib · November 6, 2016, 9:54pm

Hi,
I just returned to this thread after a year

I found out, that on side of Zyxel router I see a WIFI connection form Mikrotik router, but this connection does not have IP address (just 0.0.0.0)!
Probably, it is the key problem?
My current configuration is:

nov/06/2016 21:37:24 by RouterOS 6.37.1

software id = GGB5-DDMH

/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=2457
mode=station-pseudobridge ssid=***
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=
dynamic-keys wpa2-pre-shared-key=****
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.1.2/24 interface=wlan1 network=192.168.1.0
add address=192.168.1.3/24 interface=bridge1 network=192.168.1.0
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1
/ip route
add distance=1 gateway=192.168.1.1
/system leds
set 3 interface=wlan1
/system routerboard settings
set cpu-frequency=400MHz