Mikrotik as a switch with wifi

jorikdima · Wed Oct 24, 2018 8:22 am

Hello,
I have a hAP ac lite and would like to use it in the following way:
I have a regular router (NETGEAR) with a cable modem (USA). It works as an AP in 2.4G and wired router. Everything is good except signal on the second floor and I have no way to conduct a cable there.
I also have a hAP which I want to use to solve the problem. The idea consists of two parts:
1. I put Microtic somewhere in the middle or also at the second floor but with direct line of sight to NETGEAR. I connect Microtik's WiFi to Netgear as a regular client. Everything else on the second floor i connect through ethernet to the Microtic. I'd like to have a common subnet so that everyone connected directly to NETGEAR have access to everyone connected to Microtic. DHCP server is also on NETGEAR only.
2. Also I'd like have the same access if someone is connected to Microtic's 5G as to AP on the second floor. Just a transparent network everyone has access to everyone and the same subnet.

What I have done.
I read that Microtic needs to be in a simple switch mode.

I updated to the most recent FW, reset its config, it's totally clean and no default config. I decided to have the first step done yet and just disabled 5G.
I put all interfaces under one bridge.
I made 2.4G as a station and connected to my NETGEAR telling credentials
I set up DHCP client for the bridge.
No NAT, no firewall

This setup works... unstable I would say. The issue is that just few times I had IP address issued by DHCP server, most of time DHCP client is searching. But when it was issued Mikrotik had access to NETGEAR and internet. But no one connected to the Mikrotic through a cable had an access to anywhere other that to Mikrotik. Even if I set up IP address on microtik's clients manually - no access to the internet.
So two issues:
- something wrong with IP address lease
- no access from clients connected to Mikrotik
I assumed something is wrong with WiFi connection (definitely not signal power as these tests have been done close to the netgear). I eliminated WiFi and connected microtik to the Netgear through a cable. No issues with IP leasing and Mikrotik's clients have internet access either. Just a regular wired switch.
Config:

Code: Select all

/interface bridge

add fast-forward=no name=bridge1 protocol-mode=none

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n frequency=2422 name=wlan2.4 \

    ssid=NETGEAR48

set [ find default-name=wlan2 ] band=5ghz-n/ac mode=ap-bridge name=wlan5 ssid=\

    MikroTik

/interface list

add name=LAN

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\

    dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=mypassword

/ip hotspot profile

set [ find default=yes ] html-directory=flash/hotspot

/interface bridge port

add bridge=bridge1 interface=LAN

/interface list member

add interface=ether1 list=LAN

add interface=ether2 list=LAN

add interface=ether3 list=LAN

add interface=ether4 list=LAN

add interface=ether5 list=LAN

add interface=wlan5 list=LAN

add interface=wlan2.4 list=LAN

/ip dhcp-client

add dhcp-options=hostname,clientid disabled=no interface=bridge1

/system clock

set time-zone-name=America/Los_Angeles

/system routerboard settings

set silent-boot=no

Questions:
1. How to allow connection from Microtik's wired clients if Mikrotic is connected through WiFi?
2. What's wrong with my WiFi connection? I have a very unstable DHCP client?
3. How to implement step #2? Mikrotic should be an 5G AP and transparent to the others.

Thanks

karlisi · Wed Oct 24, 2018 10:30 am

Try this

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n frequency=2422 name=wlan2.4 \
ssid=NETGEAR48 mode=station-pseudobridge

Jotne · Wed Oct 24, 2018 12:05 pm

I have posted a config here where the MT is just a switch with wifi and gets its IP as a DHCP client.
viewtopic.php?f=13&t=140572

jorikdima · Fri Oct 26, 2018 6:37 am

I have posted a config here where the MT is just a switch with wifi and gets its IP as a DHCP client.
viewtopic.php?f=13&t=140572

I think your setup has WLAN as an AP not as a client to another AP like I want.

jorikdima · Fri Oct 26, 2018 6:37 am

Try this

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n frequency=2422 name=wlan2.4 \
ssid=NETGEAR48 mode=station-pseudobridge

No pseudobridge didn't help.

jorikdima · Fri Oct 26, 2018 8:02 am

Seems like something is wrong with wireless connection. When I turn wlan5 on I do see in a few seconds connection in Registration tab of wireless window in WinBox. And now seems like it leases IP through DHCP more often. And this DHCP is correct: it's from my subnet and I do see it in the list of attached devices on my main router.
But! I can'e even ping my router from microtic, I think before i could

And i can't make a MAC ping.
That is strange. From one side - no ping, but IP address is leased, that means there is a data transactions.
How can i debug it?

jorikdima · Fri Oct 26, 2018 8:16 am

Amazing. I can connect to mikrotik from another computer in the same network through WiFi, before I could do it only with wired connection directly to Mikrotik. But I can do that only in MAC connection mode in winbox. Nothing relate to IP level works. May that's a clue? But not for me.

Jotne · Fri Oct 26, 2018 9:45 am

Both solution do use NAT, so your Wifi does only see the MT Router and no client hidden behind it.

This will connect to a wifi network and share it out both on wifi and on the swithch ports.
External Wifi in this test is Guestnett no security
Inside Wifi ssid:Inside wpa2 ssid:Test1234

/interface bridge
add fast-forward=no name=bridge-internal
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=Test1234 supplicant-identity="" wpa2-pre-shared-key=Test1234
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=Test1234 ssid=Inside
add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:90:87:D6 master-interface=wlan1 mode=station multicast-buffering=disabled name=wlan2-external ssid=Guestnett wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=192.168.88.20-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-internal name=dhcp1
/interface bridge port
add bridge=bridge-internal interface=ether1
add bridge=bridge-internal interface=ether2
add bridge=bridge-internal interface=ether3
add bridge=bridge-internal interface=ether4
add bridge=bridge-internal interface=wlan1
/ip address
add address=192.168.88.1/24 interface=bridge-internal network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan2-external
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wlan2-external

Here is the same setup, except this does connect to an encrypted network.
External Wifi in this test is Work wpa2 ssid:Secret1
Inside Wifi ssid:Inside wpa2 ssid:Test1234

/interface bridge
add fast-forward=no name=bridge-internal
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=Test1234 supplicant-identity="" wpa2-pre-shared-key=Test1234
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=Outside supplicant-identity="" wpa2-pre-shared-key=Secret1
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge security-profile=Test1234 ssid=Inside
add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:90:87:D6 master-interface=wlan1 mode=station multicast-buffering=disabled name=wlan2-external security-profile=Outside ssid=Work \
    wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=192.168.88.20-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-internal name=dhcp1
/interface bridge port
add bridge=bridge-internal interface=ether1
add bridge=bridge-internal interface=ether2
add bridge=bridge-internal interface=ether3
add bridge=bridge-internal interface=ether4
add bridge=bridge-internal interface=wlan1
/ip address
add address=192.168.88.1/24 interface=bridge-internal network=192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan2-external
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wlan2-external

Here is how it looks like in a block diagram.

Wifi-Wifi-Bridge-Simple.jpg

WeWiNet · Fri Oct 26, 2018 7:38 pm

Hi

have you tried to start with quickset: CPE?
On the left side you scan for the SSID and provide the password and you can connect to the network.
On the right side use bridged mode, uncheck DHCP, NAT, firewall etc. and select: bridge all LAN ports together.

Once that done leave quickset (and never come back as they say

) and connect to the Mtik via LAN interface and WInbox MAC address
and add a virtual Wifi AP interface and make it part of the bridge. Give it same SSID and password etc, as your main AP.

You should be all set.

Mikrotik as a switch with wifi

Mikrotik as a switch with wifi

Re: Mikrotik as a switch with wifi

Re: Mikrotik as a switch with wifi

Re: Mikrotik as a switch with wifi

Re: Mikrotik as a switch with wifi

Re: Mikrotik as a switch with wifi

Re: Mikrotik as a switch with wifi

Re: Mikrotik as a switch with wifi

Re: Mikrotik as a switch with wifi

Who is online