Wireless WDS mesh + Virtual AP + VLAN(?)

Zsoltt23 · March 3, 2016, 7:58am

Hi All,

I’m an old new user. I haven’t been here for years, but now I have a challenge that I can’t figure out how to solve.

Scenario:
hAP lite router+AP0:
ETH1 for WAN
wlan1 for WDS mesh (SSID: WMESH)
wlan2 (virtual AP) for secure_wifi (dhcp on AP0)
wlan3 (virtual AP) for guest_wifi (hotspot and dhcp on AP0)

hAP lite AP1:
wlan1 for WDS mesh (SSID: WMESH)
wlan2 (virtual AP) for secure_wifi (dhcp on AP0)
wlan3 (virtual AP) for guest_wifi (hotspot and dhcp on AP0)

hAP lite AP2:
wlan1 for WDS mesh (SSID: WMESH)
wlan2 (virtual AP) for secure_wifi (dhcp on AP0)
wlan3 (virtual AP) for guest_wifi (hotspot and dhcp on AP0)

There are no wired connection between the hAP lites. What I’d like to do is to be able to enable seamless roaming between the APs for secure_wifi and guest_wifi. For this I think I need to bridge them and/or use VLAN. Any idea how to do that? I have created the WDS mesh without any problem, but I can’t bridge the rest of APs. Or should I create a WDS bridge for each of them too? (And maybe forget about WMESH?)

Thanks for your help,

Zsolt

Zsoltt23 · March 3, 2016, 8:52am

Solved!

I have created two AP interfaces on every hAP lite (guest and secure) and created two wds mesh (mesh_guest and mesh_secure) added a separate network to them, and problem solved.

Thanks!

Zs

jarda · March 3, 2016, 5:27pm

One wds is enough. Hang the vlans on it and make two bridges connecting each vlan with its Ap. That’s how I have it running on one place now.

Zsoltt23 · March 3, 2016, 7:24pm

Thanks for your repsonse!
Can you please post an example on how to “hang the vlans” on it?
Create a VLAN for for the guest and the secure ap on every ap then put them into the mesh port?

jarda · March 4, 2016, 9:34pm

Check the export below. It is from one of the routers that works as “repeater”. It is connected via wds to other wds ap. The wds interfaces are not bridged to any lans, nor they have any ip addresses. They just carry two vlans that are separatelly bridged, here to their virtual aps individually. This is complete export, including other things that are not essential, or even maybe not active / necessary. For example all firewall rules are switched off, so just ignore them.

The export is done from RB941-2nD (hap lite), the other side is the same RB941-2nD device, set similarly - just taking the vlans from wire and bridging it to the vlans on wds interface. Running ros 6.32.3.

/interface bridge
add admin-mac=4C:5E:0C:F9:99:41 auto-mac=no name=bridge1
add admin-mac=4C:5E:0C:F9:99:42 auto-mac=no name=bridge2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=dynamic-keys name=wifiA supplicant-identity="" wpa2-pre-shared-key=somekeyhere1
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=dynamic-keys name=wifiB supplicant-identity="" wpa2-pre-shared-key=somekeyhere2
add authentication-types=wpa2-psk eap-methods="" group-key-update=1h mode=dynamic-keys name=wifiB-test supplicant-identity="" wpa2-pre-shared-key=somekeyhere3
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=2ghz-b/g/n country="my country" disabled=no disconnect-timeout=15s distance=indoors frequency=2472 frequency-mode=regulatory-domain hide-ssid=yes hw-retries=15 \
    keepalive-frames=disabled max-station-count=20 mode=ap-bridge radio-name="RB941-2ND(B)" security-profile=wifiA ssid="" vlan-id=9 wds-ignore-ssid=yes wds-mode=static-mesh wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface wireless nstreme
set wlan1 enable-polling=no
/interface wireless wds
add comment="to (A)" disabled=no master-interface=wlan1 name=wds wds-address=4C:5E:0C:EF:D7:B5
/ip neighbor discovery
set wds comment="to (A)"
/interface vlan
add interface=wds l2mtu=1596 name=vlan1.wds vlan-id=1
add interface=wds l2mtu=1596 name=vlan2.wds vlan-id=2
/interface wireless
add disabled=no mac-address=4C:5E:0C:F9:99:31 master-interface=wlan1 max-station-count=20 name=wifiB security-profile=wifiB ssid=wifiB wds-cost-range=0 wds-default-cost=0 wds-ignore-ssid=yes wds-mode=static-mesh wmm-support=enabled wps-mode=disabled
add mac-address=4C:5E:0C:F9:99:33 master-interface=wlan1 name=wifiB-test security-profile=wifiB-test ssid=afa-test wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no mac-address=4C:5E:0C:F9:99:32 master-interface=wlan1 name=wifiA.wifiB security-profile=wifiA ssid=wifiA.wifiB wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=pool254 ranges=192.168.254.2-192.168.254.10
/ip dhcp-server
add add-arp=yes address-pool=pool254 disabled=no interface=wifiB-test lease-time=1h name=server254
/snmp community
set [ find default=yes ] authentication-password=somepaswrodfordude encryption-password=otherpasswordfordude name=dude
/user group
add name=dude policy=local,telnet,ssh,ftp,read,policy,test,winbox,web,sniff,api,!reboot,!write,!password,!sensitive
/interface bridge port
add bridge=bridge2 interface=ether1
add bridge=bridge2 interface=ether2 path-cost=20
add bridge=bridge2 interface=ether3 path-cost=30
add bridge=bridge2 interface=ether4 path-cost=40
add bridge=bridge2 interface=wifiB
add bridge=bridge1 interface=wifiA.wifiB
add bridge=bridge1 interface=vlan1.wds
add bridge=bridge2 interface=vlan2.wds
/ip address
add address=192.168.254.1/24 interface=wifiB-test network=192.168.254.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge1
add default-route-distance=2 dhcp-options=hostname,clientid disabled=no interface=bridge2
/ip dhcp-server network
add address=192.168.254.0/24 dns-server=192.168.254.1 gateway=192.168.254.1
/ip firewall filter
add action=fasttrack-connection chain=forward disabled=yes
add chain=forward disabled=yes
add action=drop chain=forward disabled=yes in-interface=bridge1 out-interface=bridge2
add action=drop chain=forward disabled=yes in-interface=bridge2 out-interface=bridge1
/ip firewall mangle
add action=mark-connection chain=prerouting disabled=yes in-interface=bridge1 new-connection-mark=bridge1 passthrough=no
add action=mark-connection chain=prerouting disabled=yes in-interface=bridge2 new-connection-mark=bridge2 passthrough=no
/queue interface
set wlan1 queue=only-hardware-queue
set wifiB queue=only-hardware-queue
set wds queue=only-hardware-queue
set wifiA.wifiB queue=only-hardware-queue
/snmp
set enabled=yes trap-version=3
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Prague
/system identity
set name="RB941-2ND(B)"
/system logging
add topics=wireless
/system ntp client
set enabled=yes
/system routerboard settings
set cpu-frequency=650MHz protected-routerboot=disabled
/tool graphing
set store-every=hour
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add

Zsoltt23 · March 6, 2016, 9:07pm

Thanks for your answer!

I have adopted the idea, and it is working great!

Thanks again!

jarda · March 7, 2016, 7:16am

Glad it helped.