hAP AC2 as main router over bridge setup

Mon Aug 26, 2019 5:20 pm

Hello everyone,

I'm not sure how to better phrase the subject but i will try to provide better explanation.
I have rather complicated setup that i would like to make it work.
Consider following scenario, this is my in-home setup, so sorry for Serbian language on some terms but you should get the gist of it.
I would like to make MirkoTik route all traffic, because i will implement some advanced routing rules, VPN server/Client and more.
I want to keep local ip address subnet of because controller.lan (and possibly some more devices in the future because this is where all the LAN Cables are) is connected to my ISP router (Technicolor). And that router also has wireless capabilities so it's good to extend WiFi range by having two APs.

I've setup a bridge on MikroTik and joined all ports on bridge. Even ether1 which is direct connection to Technicolor.
I've assigned it IP as seen on diagram and I've setup DHCP server so it would assign gateway parameter as Setup NAT masquerade on it and really everything works perfectly.
What I've noticed is that i have issues when i want to access controller.lan outside my LAN via port forwarding. Since technicolor is actually the gateway from which all traffic flows, I've setup port forwarding on it.

IF! I set default gateway on controller.lan to be (mikrotik) i cannot access it due to MT masquerading outgoing IP and technicolor cannot track it. So I've added rule to NOT masquerade outgoing 22 (when response needs to be sent back to client) from controller.lan and all works well..
But I'm curious of other problems i might encounter. For example bridge loops, routing loops perhaps? How can i circumvent problems like those?
I realize that this is not recommended method but can anything be done to better utilize this type of setup since i would really like MT to handle connections and i can do so much more stuff to better utilize network equipment.

I cannot move MT in place of technicolor since i have coaxial cable going to it from which i get internet access.
Re: hAP AC2 as main router over bridge setup

Mon Aug 26, 2019 6:42 pm

Personally I'd add another RBD52G where Technicolor is. Then I'd forget about Technicolor's wireless, routing and firewalling (in short: configure it to bridge mode so that it semi-transparently passes traffic to your main RB). Then I'd configure one of RBD52Gs (possibly the one in the store room) to perform routing, firewalling, etc. and the other as LAN switch + AP (the way you have it minus DHCP server).

The problem with having two devices sharing tasks of routing, NATing etc. is that things run out of sync really fast (like connection tracking when there's possibility to have routing triangles or similar) and then the saving (70EUR or whatever cost of RBD52G) doesn't offset the headache you'll have. Even if you want to do the routing etc. on RBD in living room, you could quite easily make it fly with another RB instead of Technicolor as you would have all the tools available: VLANs, full routing, several subnets, ... which can hardly be done using other vendors' SOHO toys.
Re: hAP AC2 as main router over bridge setup

Tue Aug 27, 2019 7:08 pm

Unfortunately, due to financial sit here in Serbia, i could barely afford this one :) This one costs 100 EUR here, btw.
So i will barely be able to afford another one and avoid my wife killing me in the process. That's why i wanted to see if i could get this one working this way. But it's definitely having some issues, just can't figure out what issues.
I've described this here: viewtopic.php?f=13&t=151481
But haven't received any reply yet. It's happening again, couple of days after factory reset. Suspecting would this be hardware issue, or just wasn't designed for this. :(

