Community discussions

MikroTik App
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Client IP over wan LINK host not REACHABLE

Mon May 18, 2020 8:31 pm

Hello every one, I have having issues passing client ip for data over my point to point link, when i try to ping the client ip on his router, the ping test is not going through meaning client cannot get internet

bellow in my configuration..
The switch Config
# jan/02/1970 01:11:52 by RouterOS 6.43.16
# software id = LY1B-3SJX

# model = RB941-2nD

/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge1 \
vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface vlan
add interface=bridge1 name=v300 vlan-id=300
add interface=bridge1 name=v1000 vlan-id=1000
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether4
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=ether3 pvid=300
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether2
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether4,ether2 untagged=ether3 vlan-ids=\
300,1000
/interface list member
add interface=wlan1 list=WAN
add list=LAN
add interface=bridge1 list=LAN
/ip address
add address=172.16.30.10/24 interface=v300 network=172.16.30.0
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add distance=1 gateway=172.16.35.1
/tool romon
set enabled=yes

Main router Configuration
# jan/02/1970 02:18:05 by RouterOS 6.44.5

#
# model = RB941-2nD
# serial number = A1C30B7530C8
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge1 \
vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface vlan
add interface=bridge1 name=v300 vlan-id=300
add interface=bridge1 name=v1000 vlan-id=1000
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=172.16.30.2-172.16.30.254
add name=dhcp_pool1 ranges=172.16.35.2
add name=dhcp_pool2 ranges=172.16.30.2-172.16.30.254
add name=dhcp_pool3 ranges=172.16.35.2
add name=dhcp_pool4 ranges=172.16.30.2-172.16.30.254
add name=dhcp_pool5 ranges=172.16.35.2
/ip dhcp-server
add address-pool=dhcp_pool4 disabled=no interface=v300 name=dhcp1
add address-pool=dhcp_pool5 disabled=no interface=v1000 name=dhcp2
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=ether3 pvid=300
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether2
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether2 vlan-ids=300,1000
/ip address
add address=172.16.30.1/24 interface=v300 network=172.16.30.0
add address=172.16.35.1/30 interface=v1000 network=172.16.35.0
/ip dhcp-server network
add address=172.16.30.0/24 gateway=172.16.30.1
add address=172.16.35.0/30 gateway=172.16.35.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,4.2.2.2
/system identity
set name="main rt"
/tool romon
set enabled=yes

client AP
# jan/02/1970 00:47:03 by RouterOS 6.42.10

#
# model = RBDisc-5nD
# serial number = 8AFD0A2311F1
/interface bridge
add name=bridge1 vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce \
country="united states" disabled=no frequency-mode=superchannel \
nv2-preshared-key=KILLkill999 nv2-security=enabled ssid=AP \
wds-default-bridge=bridge1 wds-mode=dynamic wireless-protocol=nv2
/interface vlan
add interface=bridge1 name=v300 vlan-id=300
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=wlan1
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=wlan1,bridge1,ether1 vlan-ids=300
add bridge=bridge1 tagged=wlan1,ether1 vlan-ids=1000
/ip address
add address=172.16.30.5/24 interface=v300 network=172.16.30.0
#error exporting /ip ssh
#interrupted


AP config
# jan/02/1970 01:59:02 by RouterOS 6.44.5

#
# model = 911G-5HPnD
# serial number = A2330B609591
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge1 \
vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n channel-width=20/40mhz-Ce \
country="united states" disabled=no frequency-mode=superchannel \
installation=outdoor mode=ap-bridge nv2-preshared-key=KILLkill999 \
nv2-security=enabled ssid=AP wds-default-bridge=bridge1 wds-mode=dynamic \
wireless-protocol=nv2
/interface vlan
add interface=bridge1 name=v300 vlan-id=300
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=wlan1
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether1
/interface bridge vlan
add bridge=bridge1 tagged=wlan1,ether1 vlan-ids=1000
add bridge=bridge1 tagged=wlan1,bridge1,ether1 vlan-ids=300
/ip address
add address=172.16.30.2/24 interface=v300 network=172.16.30.0
/ip route
add check-gateway=ping distance=1 gateway=172.16.30.1
/tool romon
set enabled=yes

Client router Config ND ERROR
# jan/02/1970 00:40:01 by RouterOS 6.44.5
# software id = VFK3-4FE6
#
# model = RB941-2nD
# serial number = 93710B4C099F
/interface bridge
add ingress-filtering=yes name=wan-Link vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface vlan
add interface=wan-Link name=v1000 vlan-id=1000
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=wan-Link frame-types=admit-only-untagged-and-priority-tagged \
ingress-filtering=yes interface=wlan1 pvid=1000
/interface bridge vlan
add bridge=wan-Link tagged=wan-Link untagged=ether1 vlan-ids=1000
/interface list member
add interface=wlan1 list=WAN
add list=LAN
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=172.16.35.2/30 interface=v1000 network=172.16.35.0
/ip firewall nat
# wan not ready
add action=masquerade chain=srcnat out-interface=*7 out-interface-list=WAN
/ip route
add distance=1 gateway=172.16.35.1


Please i need urgent help as the client is not longer friendly.



Emmah
You do not have the required permissions to view the files attached to this post.
 
User avatar
mutluit
Member
Member
Posts: 421
Joined: Wed Mar 25, 2020 4:04 am

Re: Client IP over wan LINK host not REACHABLE

Wed May 20, 2020 11:01 pm

Your problem description is unclear. What is not working? Ping to which destination?
You should post a simple drawing of your network and state what exactly is not working.
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Fri May 22, 2020 5:59 pm

Thanks a million

I configured my router as follows:
Management vlan is vlan300
Main router ip: 172.16.30.1/24
ap IP: 172.16.30.2/24
client AP: 172.16.30.3/24

I also created the client data on the main router with the following ips
vlan1000
ip: 172.16.35.1/30 and also configured NAT on the main router

but on the client router i cant ping the default gateway from the client router, this also indicate that the client cannot browse the internet.

Thanks
You do not have the required permissions to view the files attached to this post.
 
anav
Forum Guru
Forum Guru
Posts: 4159
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Client IP over wan LINK host not REACHABLE

Fri May 22, 2020 9:39 pm

I am a bit confused by the setup and terminology used.
For example why do you express the wifi connection at the top of schematic as a WAN Link?

Can you confirm that (from bottom left):
Router is an MT device setup as a router
Switch is an MT device setup as a router but only using it as a switch
First AP is an MT device setup HOW - are you serving local devices as well as second AP, OR only used as wifi link to second AP??
Second AP is an MT device set up as an AP - serving local devices
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Client IP over wan LINK host not REACHABLE

Fri May 22, 2020 11:45 pm

In the export of the configuration of the client (the 941), I can see
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik

which means that the mode is set to station (default settings are not shown in export). But in mode=station, the header of the frames in the air only contains the source MAC address of the wireless interface, so bridging does not work (which may not matter much in this case unless you want to connect some wired clients to the same VLAN using ether1), but VLAN tagging most likely doesn't work either. So you need to change the mode of client's wlan1 to station-bridge.

Once you fix this, the next issue is this:

interface bridge port
add bridge=wan-Link frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan1 pvid=1000


At the AP side (the 911), both VLAN 300 and VLAN 1000 are sent/expected over the air as tagged, hence you cannot set any of these as the bridge port's pvid at the client side.

So the other fix must be that you set the pvid in the row above to 1, so that frames with VID 1000 would be expected and sent tagged over the wlan1 port of bridge wan-Link, and that you change frame-types to admit-only-vlan-tagged.

Last, the action=masquerade rule refers to an out-interface which doesn't exist any more, so just remove the out-interface parameter from it, as you have the out-interface-list=WAN there; however, you have to make v1000 a member of interface list WAN instead of wan1.

Plus, if you really want ether1 to be an access port to VLAN 1000 on bridge wan-Link as the /interface bridge vlan row with vlan-ids=1000 suggests, you must add a row interface=ether1 bridge=wan-Link pvid=1000 to /interface bridge port. But the fact that you host just a /30 subnet in that VLAN suggests that the ether1 should rather be removed from that row in /interface bridge vlan.

So fix these first and let us know the outcome. If it is not enough, we may dig further.

I could imagine that adding wlan1 as an access port of VLAN 1000 on bridge1 at the AP side might make it possible to use mode=station at wlan1 at the client side, but I've never tested that, and even if it worked, you would lose the possibility to use VLAN 300 to manage the client's 941 device, and you would have to modify the rest of the configuration accordingly (attach the IP configuration to wan-Link rather than to v1000, or maybe remove the bridge wan-Link completely and attach the IP configuration directly to wan1.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
anav
Forum Guru
Forum Guru
Posts: 4159
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 2:57 am

Sindy and OP, the point being, is this an optimal approach given the OPs scenario.
Is there other missing information that we need to do this task.?
I see many more issues but they may not be, if the design suits the purpose.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 8:36 am

@anav, in cases like this, I follow a simple rule - emergency to be resolved first. So I do/suggest the minimum needed to make it work "somehow", and once the service gets going, there is enough time to make it work "better" - more efficient, more elegant, whatever. Asking the OP to redo it from scratch at this stage would mean much more time to spend on that at both my and his side, and time is exactly what he cannot afford to lose any more. Besides, there may actually be more elements in that network than those shown, so changing the concept (if needed, I haven't really analysed whether there is a need for that) might mean a service outage for many more clients.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
anav
Forum Guru
Forum Guru
Posts: 4159
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 2:35 pm

I understand your logic, and it is clear that you are the master of networking, of which I often think, if I could only have one small slice of your brain!! ;-) - but my efforts are more on the software and requirements angle.
I see bugs that are not coding but are that of poorly articulated and understood requirements that only get more expensive to fix as time goes on.
Much better to start with less errors in understanding and then one is not painted into a corner of config hell.

Just my philosophy, :-)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
anav
Forum Guru
Forum Guru
Posts: 4159
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 3:16 pm

To that end, I would like to ask the OP the purpose of the first AP - is it just used in a pt to pt type link to the second AP (and server no local clients)?

If true and the first AP is a ptp link (not local service), what is the best way to configure that AP so that it doesnt respond to local clients (and get distracted).
a. ap firewall only allowing second APs IP address for wifi side?
b. how to avoid attempted associations from other wifi devices?

Also assuming bridge on router, connects to bridge on switch, connects to bridge on first ap, connects to bridge on 3rd AP
(just to keep the configs straight then, I would name it bridge1, bridge2, bridge3, bridge4 respectively)
DHCP only required on router
Each device has to define the vlans in use.
What I dont understand is vlan100 0 - /30 - which yields two available IP addresses. So basically assuming only one device being reached.

What I dont understand is why you have vlan300 going to the clients device?? I believe this is a type and you meant vlan1000?
If it is incapable of reading vlan tags, why would you send both streams of traffic to it?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 3:22 pm

@Sindy... That for your swift suggestion i would have these issues fixed and would let you know if my problem is solved or not...

Like i said, am new to this type of configuration, and it may not be the best configuration, but am very much open for any design that you think is best for my problem

Emmah
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 3:58 pm

@Sindy... That for your swift suggestion i would have these issues fixed and would let you know if my problem is solved or not...
Wait... I've completely misunderstood your setup as the order of your configuration exports doesn't match the order of the elements in the chain on the drawing, and the "Station AP" is not an AP at all. What do you think the letters AP mean?

The fact that you draw the wireless links and ethernet links the same way doesn't help either.

And from your OP it seemed that the only thing which doesn't work is that the Mikrotik at the client end doesn't see through the VLAN 1000 to the main router, but there are actually more issues which you haven't mentioned.

So the wireless settings on the client's 941 are a red herring as its wireless interface is not used as a station connected to the "Station AP" but via ethernet.

So wait and do nothing, I must read the configurations throughly once more.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
anav
Forum Guru
Forum Guru
Posts: 4159
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 4:46 pm

What kind of connection do you have from ap to ap, wirless? wired?
Why do you call it a WAN link?
Plus the three million other questions asked in my post above.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 5:05 pm

So what to fix, device-by-device, to make the VLAN 1000 transparent end-to-end:
  • "main router":
    • I cannot see any internet uplink configured there, so even once the VLAN1000 becomes transparent, the "Client Data" device will only get access to that router itself, not to internet. Please clarify.
  • "switch"
    • you cannot have more than one VID in the vlan-ids list of a row under /interface bridge vlan if the untagged list of that row is not empty - only one VLAN can be the default one on any given port. As you presumably only want to access VLAN 300 via ether3 at this device, just remove the untagged=ether3 from there; untagged ports are added automatically based on the pvid value at the row under /interface bridge port
    • as you don't need to assign an address from the subnet in VLAN 1000 to this device, the /interface vlan row with vlan-id=1000 is not necessary at this device at all
  • PtP AP (on the picture, "AP"):
    • no remarks
  • PtP Station (on the picture, "Station AP"):
    • change the wireless interface mode to station-bridge (as I've suggested before for a different device due to the misunderstanding), the reasons are the same like explained there
    • the configuration export broke at this device, so there may be something else wrong that is not visible. A reset to defaults and re-creation of the configuration from scratch is highly recommendable
  • "Client data":
    • wlan1 should not be a member port of bridge wan-Link at all; instead, ether1 has to be a member port of that bridge (a tagged one, i.e. with pvid=1) and the /interface bridge vlan row must respect this (vlan-ids=1000 bridge=wan-Link tagged=wan-Link,ether1).

Now sorry for being so open, I usually stay at strictly technical level here, but dealing with networking requires a more organized approach:
  • you've implemented the same thing (bridge vlan configuration) differently on each of the three devices - on one, you use a single row for both vlans, on the other one, you have a separate row for each VLAN but you list the bridge among tagged ports on both although you don't use /interface vlan for vlan 1000, and on the third device, you have the most detailed setup (the bridge is listed among tagged ports only for vlan-ids=300 to which a local /interface vlan is attached). All three configurations work, it's just the fact that you!ve used three different ones what bothers me.
  • on five devices in total, you run three different RouterOS versions, all of them way outdated
  • the configuration export on one device has failed and you didn't care
  • you've posted the configurations in random order, without explaing the roles of those devices in the chain until @mutluit asked you to do that
So please consider changing either the approach or the area of business activity. Otherwise headache will be your unseparable companion, as in this chaos hard to find mistakes will appear all the time.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 5:15 pm

@anav...

The connection between both ap are point to multi-point,

i want to be able to send client traffic over to their ap station at the client side.

example. when the point to multi-point link are established, the client router should be able to reach its default gateway on our main router and at their own vlan because we want to separate the all the client traffic.

like i said all suggestions are very welcome.

please, based on the diagram,

we have our main router Rb3011 configured to have the following
1. mgt vlan 300 ip 172.16.30.1/24 and the client ip on vlan 1000 IP: 172.16.35.1/30
2. the multipoint Ip: vlan 300 ip 172.16.30.2/24 and it should carry the client vlan1000 traffic
3. The client station ap IP 172.16.30.3/24 and it should also receive the client vlan traffic
4. the client router should be able the receive the vlan 1000 traffic that would be sent from the Main router, the the client ip is 172.16.35.2/30

This is the over all configure i am trying to achieve with my simple design.

@sindy... i still awaits your final study on the config

Thanks
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 5:37 pm

Thanks Sindy....


I intentionally did not connect the internet to the router as this not my problem, i just want to focus on the main issues which is the client router not assigning its vlan on the main router.

Please me detailed the function at its level, Please take note that this is just summary of the problem i am facing implementing the design

1.) Main tour would provide services not limited to as followings
management vlan and ip
vlan 300 172.16.30.1/24 Note: this would be used to management the main router
vlan1000 172.16.35.1/30 This would carry the client traffic (data) to the client router

I ma configure or decide to confure dhcp pool or not

2.) The main switch
The function of the switch is just to forward the management vlan traffic and the client vlan traffic to the the AP

3.) The AP
the main AP functions
1. Carry the mgt vlan 300 for management 172.16.30.2/24
2. Carry the client vlan 1000
Note: This is multi-point and point link

4) The Client AP
1. receive the Vlan traffic from the main AP
Receive management vlan 300 Ip: 172.16.30.3/24

Note the Client AP should be able to forward the client vlan traffic coming from the main router as 172.16.35.0/30 Networks

5.) The client router should receive the traffic at ether1 port with ip address: 172.16.35.2/30

Finally, the client router should be able to receive internet from the main router

This is the focus of the problem
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 5:53 pm

Please me detailed the function at its level, Please take note that this is just summary of the problem i am facing implementing the design
...
This is the focus of the problem
To me, the most comprehensible description remains the picture. Even with your description above, I still understand that no wireless clients actually connect to the "Client AP" device - that device only acts as a wireless client (STAtion) of the other AP, and the connection from that device to the client's router is a wired one. Is that correct?

As for the overall goal, my understanding is this:
  • the path should be transparent at L2 for VLAN 1000 from the main router all the way to the client router, whilst only the endpoint devices have an IP address assigned in a subnet that occupies that VLAN.
  • the path should be transparent at L2 for VLAN 300 from the main router all the way to the "client AP" and each device except the router at the client's end has an IP address assigned in a subnet which occupies that VLAN. It is not clear to me why you don't extend VLAN 300 also to the client's endpoint to be able to manage it remotely without need to allow management from within VLAN 1000.
My advice on what to fix on which device was given based on the understanding above.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
anav
Forum Guru
Forum Guru
Posts: 4159
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Client IP over wan LINK host not REACHABLE

Sat May 23, 2020 6:23 pm

Okay so to confirm,
The first access point does not talk to any local devices smartphones etc.
Its ONLY purpose is to establish a wifi link to a second AP. (not a wired connection to the second AP)

Now at the second AP, I will assume its acting as an AP/switch - in other words its considered part of the LANs provided by the original router but continued over the WIFI.
Can you confirm that this second AP is connected to the client device BY WIFI (not wired).
Are there any other wifi clients this AP has?
Are there any wired clients this AP has?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Mon May 25, 2020 4:47 pm

Hello Sindy, Based on th diagram the vlan300 at the client side it just a mistake on me design it should be vlan 1000 for client dtata.

I did not intent to manage the client router only to pass the vlan1000 traffic to the client router
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Mon May 25, 2020 4:49 pm

@anav, the connection on the client side from the AP is wired not wifi, the ether1 cable on the Ap would be connected to the ether1 port on the client router
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Mon May 25, 2020 5:00 pm

@Sindy...

based on your question " that device only acts as a wireless client (STAtion) of the other AP, and the connection from that device to the client's router is a wired one. Is that correct?" the answer is YES

based on your second question "My advice on what to fix on which device was given based on the understanding above"..

Answer
I want the client vlan1000 to be transparent from the main router over to the client Router.... which would now serve at accessport to receive the vlan1000 traffic from the main router.
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Client IP over wan LINK host not REACHABLE

Mon May 25, 2020 5:23 pm

OK. What is important is that the mode (tagged/tagless) of each VLAN was the same at both ends of each link between two adjacent devices. So if you want both VLANs to reach the "client AP" device, you must change the wireless interface mode there to station-bridge as I've suggested in my first post.

But for the wired link between the "client AP" and "client data" devices, you can choose whether you will make ether1 an access port to VLAN 1000 on the bridge on the "client AP", with vlan-id=1000, which will allow you to move the IP configuration currently attached to v1000 directly to ether1 at the "client data" device and remove the v1000 and the bridge wan-Link completely, or whether you will make ether1 a trunk port of the bridge with VLAN 1000 permitted on it at "client AP" side, which requires that the vlan interface v1000 remains at the "client data" device, attached to ether1 as its carrier interface (which is the approach I've suggested above), and the IP configuration there remains attached to v1000 like it is now.

But first of all, fix the configuration issue at "client AP", as you can get trapped in a blind alley if you attempt to modify it in this state.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Mon May 25, 2020 5:52 pm

@Sindy.... let me try and i would get back to you on my success
 
anav
Forum Guru
Forum Guru
Posts: 4159
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Client IP over wan LINK host not REACHABLE

Mon May 25, 2020 6:29 pm

Ahh okay, I missed that totally. The end unit is not a PC, its another router. Assuming the Hapac on the client side is acting as an access point switch and not a router (dont want conflict on dhcp for example)

SO haplite WIRED to routeboard(2.4ghzAP) then over WIFI to disclite (client side) WIRED to haplite (client)

Bridgeone - start router - create vlans and dhcps etc. trunk port to routerboard
Bridgetwo - routerboard - create vlans - trunk port from router, trunk port over wifi to disclite
Bridgethree - disclite(client side) - create vlan, trunk port from routerboard over wifi, trunk port to client router
Bridgefour - end router (client) - create vlans. trunk port from disclite

How to best setup up the routerboard to disclite over wifi (use of Nv2 or nstream or any other items etc......) is over my head!!

I believe sindy is stating use "AP Bridge" mode for routerboard and "Station Bridge" mode for disclite.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
webparent
just joined
Topic Author
Posts: 11
Joined: Mon May 18, 2020 8:01 pm

Re: Client IP over wan LINK host not REACHABLE

Mon May 25, 2020 8:28 pm

@sindy....

I tried your wonderful suggestion, i did setup a dhcp server on the main router and on the client side on AP client i made the ehter
1 an access port and it was able to get an ip from the main router and with dns ip, but me problem is i still cannot ping the default gateway..... i want to believe its not a problem since i acquired IP address and a dns IP

hope to hear from you sonnest
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Client IP over wan LINK host not REACHABLE

Mon May 25, 2020 8:38 pm

Show me the output of /ip dhcp-server network print from the main router. It is possible that you haven't delegated a proper netmask to the client.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: No registered users and 52 guests