Community discussions

 
scubamaggo
just joined
Topic Author
Posts: 7
Joined: Sun Nov 12, 2017 6:07 pm

Link 2 Mikrotik Routers

Sun Nov 26, 2017 1:05 am

Hello,

I am trying to link two Mikrotik Routers so that one of them is connected to internet via a modem and the other is connected to the first Mikrotik router via Ethernet. The first router works fine, I can connect to its Wireless Network and devices connected to the ethernet interfaces can access the internet. The second router however is giving me a lot of trouble. Right now, I can't access the internet even for devices connected directly via ethernet. Here is how my setup looks like right now:
lan_setup.jpg
Following are the 2 configs for my devices. I eventually want to Router 1 to be the CapsMan, thats why these settings are already included.

Config Router 1:
/interface bridge
add admin-mac=64:D1:54:68:7D:E0 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface wireless
# managed by CAPsMAN
# channel: 2422/20-Ce/gn(20dBm), SSID: MikroTik-687DE5, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-687DE5 \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-Ceee distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-687DE4 wireless-protocol=802.11
/ip neighbor discovery
set ether1 discover=no
/caps-man configuration
add channel.band=2ghz-b/g/n channel.control-channel-width=20mhz \
channel.extension-channel=Ce country=germany datapath.bridge=bridge mode=\
ap name=cfg1 security.authentication-types=wpa2-psk security.encryption=\
aes-ccm security.passphrase=***** ssid=MikroTik-687DE5
/caps-man interface
add configuration=cfg1 disabled=no l2mtu=1600 mac-address=64:D1:54:62:CC:03 \
master-interface=none name=cap1 radio-mac=64:D1:54:62:CC:03
add configuration=cfg1 disabled=no l2mtu=1600 mac-address=64:D1:54:68:7D:E5 \
master-interface=none name=cap2 radio-mac=64:D1:54:68:7D:E5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
supplicant-identity=MikroTik wpa2-pre-shared-key=*****
/ip pool
add name=default-dhcp ranges=192.168.88.100-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge comment=livingRoom interface=cap1
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless cap
#
set bridge=bridge caps-man-addresses=127.0.0.1 enabled=yes interfaces=wlan1
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"enable local wireless interface to be managed by CAPsMAN" dst-port=\
5246,5247 protocol=udp src-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip upnp
set enabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="MikroTik Main"
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge


---------------------------------------------------------
---------------------------------------------------------
Config Router 2:
/interface bridge
add admin-mac=64:D1:54:62:CB:FF auto-mac=no name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2422/20-Ce/gn(20dBm), SSID: MikroTik-687DE5, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridgeLocal interface=ether2
add bridge=bridgeLocal interface=ether3
add bridge=bridgeLocal interface=ether4
/interface wireless cap
#
set bridge=bridgeLocal certificate=request discovery-interfaces=ether1 \
enabled=yes interfaces=wlan1 lock-to-caps-man=yes
/ip address
add address=192.168.88.2/24 interface=ether1 network=192.168.88.0
add address=192.168.88.3/24 interface=ether2 network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="MikroTik LivingRoom"
You do not have the required permissions to view the files attached to this post.
 
kujo
Member Candidate
Member Candidate
Posts: 158
Joined: Sat Jun 18, 2016 10:17 am
Location: Ukraine

Re: Link 2 Mikrotik Routers

Sun Nov 26, 2017 12:56 pm

Please, add to your schema ip addresses of used nets. Looks like you make a mistake with networks assign!


Yours respectfully!
 
scubamaggo
just joined
Topic Author
Posts: 7
Joined: Sun Nov 12, 2017 6:07 pm

Re: Link 2 Mikrotik Routers

Sun Nov 26, 2017 1:17 pm

Thank you very much for your reply. I am not 100% what information you require of me. My idea behind the desired IP address setup is the following:
  • Router 1 has the static IP address 192.168.88.1
  • Router 2 has the static IP address 192.168.88.2
  • The device connected to Router 2 via ether 2 has the static IP address 192.168.88.3
All connected devices should be in the 192.168.88.0/24 Network, with the 100-254 range being used for dynamic ips.
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Link 2 Mikrotik Routers  [SOLVED]

Sun Nov 26, 2017 2:33 pm

Hello,

...
set name="MikroTik LivingRoom"
I assume, that the 2nd router has nothing to do with routing. It actually works as a switch.
If I see right, your ether1 port is not bridged with the others. You need to switch your config a bit.

1. Remove all addresses from all physical ports.
2. Brdige ALL ports (except wlan, as it is managed by CAPsMAN).
3. Assign new addres 192.168.88.2 to the BRIDGE port (or make DHCP-Client settings for BRIDGE port - not for ether1).
4. In case of setting DHCP-client for bridge, you will need to set up manually MAC address for bridge as MikroTik likes to change it from time to time when it's set to default, and your DHCP server may assign different IP in that case.
5. Make sure that the discovery interface in CAP settings on MikroTik2 is set to your bridge port.

That should be enough.
 
scubamaggo
just joined
Topic Author
Posts: 7
Joined: Sun Nov 12, 2017 6:07 pm

Re: Link 2 Mikrotik Routers

Sun Nov 26, 2017 7:19 pm

Awesome, that seemed to work. Thank you so much! You are right, I want the 2nd router to act as a switch.

I took the suggestion of assigning the address 192.168.88.2 to the Bridge and deleting all DHCP-Client settings. Are there any advantages for either approach (i.e. DHCP-Client vs manual assigning)?
Also how would I set a manual ip address for the device connected to ether2 on Mikrotik2? I have deleted all ip addresses as you suggested. Here is my config right now:

Mikrotik 2:
# nov/26/2017 00:55:05 by RouterOS 6.38.3
# software id = 229J-INAF
#
/interface bridge
add admin-mac=64:D1:54:62:CB:FF auto-mac=no name=bridgeLocal
/interface wireless
# managed by CAPsMAN
# channel: 2442/20-Ce/gn(20dBm), SSID: MikroTik-687DE5, CAPsMAN forwarding
set [ find default-name=wlan1 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridgeLocal interface=ether2
add bridge=bridgeLocal interface=ether3
add bridge=bridgeLocal interface=ether4
add bridge=bridgeLocal interface=ether1
/interface wireless cap
#
set bridge=bridgeLocal certificate=request discovery-interfaces=bridgeLocal \
enabled=yes interfaces=wlan1 lock-to-caps-man=yes
/ip address
add address=192.168.88.2 interface=bridgeLocal network=192.168.88.0
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="MikroTik LivingRoom"
 
SPKA16
newbie
Posts: 25
Joined: Fri Aug 05, 2016 8:41 pm

Re: Link 2 Mikrotik Routers

Sun Nov 26, 2017 7:33 pm

Change your line to:

/ip address
add address=192.168.88.2/24 interface=bridgeLocal network=192.168.88.0

Then it should start responding.
 
scubamaggo
just joined
Topic Author
Posts: 7
Joined: Sun Nov 12, 2017 6:07 pm

Re: Link 2 Mikrotik Routers

Sun Nov 26, 2017 9:31 pm

What would be the effect of this change? I thought that .../24 is used for matching 0-254 in the last ip block. Here I want one static ip address for Mikrotik2. Using matiaszon instructions everythings seems to be working fine now. All thats left is a static ip for the device connected to ether2.
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Link 2 Mikrotik Routers

Mon Nov 27, 2017 1:15 am

Awesome, that seemed to work. Thank you so much! You are right, I want the 2nd router to act as a switch.

I took the suggestion of assigning the address 192.168.88.2 to the Bridge and deleting all DHCP-Client settings. Are there any advantages for either approach (i.e. DHCP-Client vs manual assigning)?
Well, I like to have all DHCP IP range on MikroTik. All addresses I want to stay the same I just make them static in DHCP lease table. This way you know, they won't repeat. But if you have not too many devices, and you know, that static IP's are out of the DHCP pool, there will be no such a big difference.
Also how would I set a manual ip address for the device connected to ether2 on Mikrotik2? I have deleted all ip addresses as you suggested. Here is my config right now:
You can't set manually on switch/router the IP address of device connected to that switch/router. You have to set it up on THAT DEVICE. And you have to remember that this address has to be unique. I would however strongly recommend to use DHCP isntead. Just let the device to get the address from the router (even if it's connected to your MikroTik2 it should get the address from MikroTik1). If you want to make sure, that this specific devices will always have the same IP, just log into MikroTik1 and make that lease static. Even if it received a completly different address (for example 192.168.88.249) and you want it to have different (for example 192.168.88.4, the easiest way is to use WinBox, go to IP > DHCP Server > Leases > right-click on that address > Make static > double-click on that line > write an address you want (for example 192.168.88.4) > Apply > OK. You can then renew the address on that device or just simply unplug LAN cable and plug again after while - it should be getting specified address from now on.
/ip address
add address=192.168.88.2 interface=bridgeLocal network=192.168.88.0
It should be:
/ip address
add address=192.168.88.2/24 interface=bridgeLocal network=192.168.88.0
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: Link 2 Mikrotik Routers

Mon Nov 27, 2017 1:19 am

What would be the effect of this change? I thought that .../24 is used for matching 0-254 in the last ip block. Here I want one static ip address for Mikrotik2. Using matiaszon instructions everythings seems to be working fine now. All thats left is a static ip for the device connected to ether2.
/24 describes a mask. It's like using "255.255.255.0" in some other configurations. You have to use it.

Who is online

Users browsing this forum: No registered users and 24 guests