Community discussions

MikroTik App
 
Matthew1471
just joined
Topic Author
Posts: 9
Joined: Wed Feb 20, 2019 1:10 pm

station-pseudobridge L3 bridge to non MikroTik?

Wed Feb 20, 2019 1:16 pm

Hi,

I have a relatively simple setup and after Googling found a lot of more complicated enviroments that I tried to transplant their settings after using quickset and didn't get it to work (eth5 kept getting DHCP address but couldn't connect to anything).
Non-MK Router -> Unifi AP     .................... MK hAP AC2 -> Deskop Computer
                                                              -> NAS
I believe I want station-pseudobridge and I am aware of the L2 limitations but as this is a IP routed network should still be possible?

Got it working using CPE quickset and "Router" but would like to have "Bridge" so I can connect to the NAS directly via its IP.

Possible?

Sources: viewtopic.php?t=120919 and https://wiki.mikrotik.com/wiki/Connect_ ... ss_Network and viewtopic.php?t=112398
Last edited by Matthew1471 on Wed Feb 20, 2019 10:31 pm, edited 2 times in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: station-pseudobridge L3 bridge to non MikroTik?

Wed Feb 20, 2019 7:00 pm

I would use Ap wisp mode.
All you need to do is configure the interfaces and the bridge and put all your hapac2 ports as part of the bridge.
If there are vlans coming in they have to be created on the hap and added to the bridge.
Create any wifi networks required.

Thats about it....
post your hapac config and would be helpful a diagram to show what networks are being passed through to the hap.
 
Matthew1471
just joined
Topic Author
Posts: 9
Joined: Wed Feb 20, 2019 1:10 pm

Re: station-pseudobridge L3 bridge to non MikroTik?

Wed Feb 20, 2019 9:07 pm

I would use Ap wisp mode.
All you need to do is configure the interfaces and the bridge and put all your hapac2 ports as part of the bridge.
If there are vlans coming in they have to be created on the hap and added to the bridge.
Create any wifi networks required.

Thats about it....
post your hapac config and would be helpful a diagram to show what networks are being passed through to the hap.
Thank you for the reply. I've fixed the formatting in the post (couldn't review it while it was awaiting moderation)

I just want hapac2 to connect the wired devices to my WiFi (not as another AP) and be able to reach the NAS via its IP.

Here is the current Routing config where I've currently got it working in Routing mode:
# feb/20/2019 18:13:22 by RouterOS 6.43.12
# software id = PLRF-D419
#
# model = RBD52G-5HacD2HnD
# serial number = XXXXXXXXXXXX
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] antenna-gain=3 band=5ghz-onlyac \
    channel-width=20/40/80mhz-XXXX country="united kingdom" disabled=no \
    distance=indoors frequency=auto frequency-mode=regulatory-domain ssid=\
    <<SSID>> wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk disable-pmkid=yes \
    eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik \
    wpa-pre-shared-key=<<PASSWORD>> wpa2-pre-shared-key=<<PASSWORD>>
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf disabled=yes interface=wlan2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=wlan2 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan1 list=LAN
add interface=bridge list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=\
    192.168.88.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=wlan2
/ip dhcp-server lease
add address=192.168.88.3 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
add address=192.168.88.2 client-id=1:XX:XX:XX:XX:XX:XX mac-address=\
    XX:XX:XX:XX:XX:XX server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf domain=LAN gateway=192.168.88.1 \
    netmask=24 ntp-server=192.168.0.254
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=MikroTik.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=80,443,445 in-interface=wlan2 \
    protocol=tcp to-addresses=192.168.88.3
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/London
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
I ideally would like to get it working in Bridge mode so the NAS has its own IP along with the MikroTik.

Thank you for your help :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: station-pseudobridge L3 bridge to non MikroTik?

Wed Feb 20, 2019 10:00 pm

Like I said, you dont need most of that config.
Enter the config through winbox and make the changes necessary.

I gather the wifi is coming in WLAN3 from an AP.
You want to connect to that and then provide switch and wifi to other devices (as an access point switch).
I gather you have three chains for the hap ac2.
Thus you should be able to easily get wifi in on WLAN3 and provide WIFI on WLAN1 and 2.
You want all of the connections to be served by the main router.

Identify all the interfaces as you have done.
Create the bridge as you have done.
No vlans to worry about.
Add the ports to the bridge as you have done

How to connect to the wifi via wifi.......... real wisp stuff that is a bit too heady for me as I havent done it..........
Add the wifi settings on the WLAN 3 (assuming thats the wlan network to use for connecting to the router) so they match the SSID and security password of the wifi its connecting too.
That should be the start but there are more steps, how to tell hapac what its lanip is from the router? etc......... Like put it in ap wisp mode.

The other way which may be simpler to start with then you can adjust via winbox is to reset the unit to defaults and then use quickset defaults.
If you reset to defaults to get you going, I believe it defaults to 192.168.88.1.
Thus plug it into your pc, change your pc ipv4 address static to 192.168.88.2 with dns and gateway of 192.168.88.1
Use winbox to access the unit.

In the default setup you have several things to look.
Configure the default wifi on the left to match the wifi you are mating too.
Select AP wisp mode
802.11
Mode=bridge
source=wlan
add address you can set to auto or you can set statically.
In other words if you know what ip address you want the unit to have from the main router you can enter it here.
Thats it.
 
Matthew1471
just joined
Topic Author
Posts: 9
Joined: Wed Feb 20, 2019 1:10 pm

Re: station-pseudobridge L3 bridge to non MikroTik?

Thu Feb 21, 2019 1:21 am

This works if the PC has a static IP.. for some reason when it gets the address via DHCP it still won't have Internet access. I'm starting to suspect the non-MK router (Ubiqiuiti EdgeRouter running ISC DHCPd) might not allow duplicate MACs for different IPs.
# feb/20/2019 22:55:29 by RouterOS 6.43.12
# software id = PLRF-D419
#
# model = RBD52G-5HacD2HnD
# serial number = XXXXXXXXXXXX
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] antenna-gain=3 band=5ghz-onlyac \
    channel-width=20/40/80mhz-XXXX country="united kingdom" disabled=no \
    distance=indoors frequency=auto frequency-mode=regulatory-domain mode=\
    station-pseudobridge ssid=<<SSID>> wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk disable-pmkid=yes \
    eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik \
    wpa-pre-shared-key=<<PASSWORD>> wpa2-pre-shared-key=<<PASSWORD>>
/interface bridge port
add bridge=bridge1 interface=wlan2
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
/interface list member
add interface=wlan2 list=WAN
add list=LAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan1 list=LAN
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge1
/system clock
set time-zone-name=Europe/London
GIven I have connectivity if I go static I'm starting to think this is some ISC DHCPD incompatability : viewtopic.php?t=14667 and viewtopic.php?t=93292
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: station-pseudobridge L3 bridge to non MikroTik?

Thu Feb 21, 2019 10:33 pm

I believe I want station-pseudobridge and I am aware of the L2 limitations but as this is a IP routed network should still be possible?
https://wiki.mikrotik.com/wiki/Manual:W ... tion_Modes
This indicates station-pseudobridge is for a single client. A bridge is not a routed network.
Got it working using CPE quickset and "Router" but would like to have "Bridge" so I can connect to the NAS directly via its IP.
This is a routed network. If you disable the src-nat masquerade and add a Route to your EdgeRouter for the hAP LAN, then you should be able to connect to the NAS directly without NAT. You may also have to change the src-nat on the EdgeRouter to include the hAP LAN if it is not broad enough currently to cover it.

With legacy and M series Ubiquiti, you could use WDS on the AP and station-wds on CPE and it would work perfect. But it seems they have dropped WDS in UniFi for their own Uplink protocols.
 
Matthew1471
just joined
Topic Author
Posts: 9
Joined: Wed Feb 20, 2019 1:10 pm

Re: station-pseudobridge L3 bridge to non MikroTik?

Sun Mar 03, 2019 6:19 pm

This indicates station-pseudobridge is for a single client. A bridge is not a routed network.

"This mode is limited to complete L2 bridging of data to single device connected to station and some support for IPv4 frame bridging"

That's fine as I am not worried about L2 bridging I just want the MIkroTik to read the IPv4 / L3 header and route accordingly like that address claims it should be able to do for IPv4 frames.

The reason I suspect this is all possible is my ASUS RT-AC68U was able to do this fine, so I know it's technically feasible.

I actually think I got it working in Bridge mode so long as I didn't want DHCP to work (it looks like even DHCP will work if the DHCP response is broadcast to all MACs due to the fact the destination MAC isn't bridged when the DHCP server tries replying to the MikroTik with one of the client MACs). The MikroTik needs to have some sort of DHCP proxy service / relay I suspect for this all to work the way I want it to.

This is a routed network. If you disable the src-nat masquerade and add a Route to your EdgeRouter for the hAP LAN, then you should be able to connect to the NAS directly without NAT. You may also have to change the src-nat on the EdgeRouter to include the hAP LAN if it is not broad enough currently to cover it.

I can connect using the MikroTik's IP directly to my NAS and have it basically working via NAT. Dream goal would have been for each device to have an IP address on the same subnet rather than having to do destination NAT. Maybe it's not possible to do this like it was with my ASUS RT-AC68U while running a DHCP server that isn't broadcasting replies to all MACs?

With legacy and M series Ubiquiti, you could use WDS on the AP and station-wds on CPE and it would work perfect. But it seems they have dropped WDS in UniFi for their own Uplink protocols.

Yes just not sure why it worked so well with the ASUS RT-AC68U (until some of their more recent firmwares meant it needed a reboot once a fortnight, https://www.snbforums.com/threads/rt-ac ... ter.48581/).

Who is online

Users browsing this forum: andrep, mtkvvv and 43 guests