Community discussions

MikroTik App
 
Lukasz85
just joined
Topic Author
Posts: 8
Joined: Wed Jul 28, 2021 10:34 am

Router on a STICK with two hAP lite

Wed Jul 28, 2021 10:40 am

Hi
I'm struggling to set "router on a STICK" scenario. I have two identical RB941-2nD-TC routers. One of them should be set as SWITCH (with VLANS) and second one as ROUTER (with dhcp server). The chart below shows what I want to accomplish. Can anyone help me with such configuration ? Ofcourse every PC should have different IP address (sorry for that 192.168.88.2 error ;) )

Image
 
Lukasz85
just joined
Topic Author
Posts: 8
Joined: Wed Jul 28, 2021 10:34 am

Re: Router on a STICK with two hAP lite

Mon Aug 16, 2021 6:09 pm

Well, nobody helped so I figured it by myself.
SWITCH
# jan/02/1970 00:34:19 by RouterOS 6.48.3
# software id = 9WAK-B8SP
#
# model = RB941-2nD
# serial number = ********
/interface bridge
add name=bridge
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
/interface ethernet switch port
set 0 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure
set 1 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=10 vlan-header=add-if-missing vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
/interface ethernet switch vlan
add ports=ether1,ether4 switch=switch1 vlan-id=10
add ports=ether3,ether4 switch=switch1 vlan-id=20
/system identity
set name=SWITCH
[admin@SWITCH] > 
The router is configured as below:
ROUTER
# aug/16/2021 17:05:40 by RouterOS 6.48.3
# software id = YTFL-1X3R
#
# model = RouterBOARD 941-2nD
# serial number = **********
/interface bridge
add admin-mac=CC:2D:E0:21:0F:4F auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid=MikroTik-210F53 wireless-protocol=802.11
/interface vlan
add interface=ether1 loop-protect=on name=vlan1 vlan-id=10
add interface=ether1 loop-protect=on name=vlan20 vlan-id=20
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=vlan20
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=vlan1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=vlan1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=ROUTER
/tool mac-server
set allowed-interface-list=LAN
[admin@ROUTER] > 

And also, you will lost acces to the SWITCH after uploading this config. I have not yet discovered how to make it accessible through winbox.... Work in progress.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Router on a STICK with two hAP lite

Mon Aug 16, 2021 7:44 pm

There will also be a reason why you did the opposite, putting the switch between the internet and the router.

Nobody wants to help if there is a SMIPS device involved, the RouterBOARD 941-2nD.
For me, the worst MikroTik RouterBOARD ever made™.
 
Lukasz85
just joined
Topic Author
Posts: 8
Joined: Wed Jul 28, 2021 10:34 am

Re: Router on a STICK with two hAP lite

Tue Aug 17, 2021 12:54 am

Well.... The post was "how to?" Not "why"....
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Router on a STICK with two hAP lite

Tue Aug 17, 2021 1:02 am

Well.... The forum is "User" Not "Support"....
 
Lukasz85
just joined
Topic Author
Posts: 8
Joined: Wed Jul 28, 2021 10:34 am

Re: Router on a STICK with two hAP lite

Tue Aug 17, 2021 7:56 am

It really doesn't matter if the choice of putting switch device between provider and router was reasonable or not. What matter's if it is possible or not and how to achieve that. Don't you think ?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Router on a STICK with two hAP lite

Tue Aug 17, 2021 9:37 am

Your design should be doable, but since you have two equal devices, why would you not have the router function at the first RB941?
This way you do not need any VLAN (that is complicated to get correct on RouerBoard, compare to Cisco, HP and others)
 
Lukasz85
just joined
Topic Author
Posts: 8
Joined: Wed Jul 28, 2021 10:34 am

Re: Router on a STICK with two hAP lite

Tue Aug 17, 2021 9:57 am

Because I have two unused mikrotik devices. I don't need to buy another device. Maybe we should stick to the topic. And yes, I have to do this this way, no need to explain why.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Router on a STICK with two hAP lite

Tue Aug 17, 2021 10:14 am

I do say that you set 1st RB as Router, second as a switch. Just swap it around.
No extra or other device.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Router on a STICK with two hAP lite

Tue Aug 17, 2021 10:17 am

Is impossible to stick to the topic
A "router on a stick" is a router that has a single physical or logical connection to a network.
It is a method of inter-VLAN (virtual local area networks) routing where one router is connected to a switch via a single cable.
The router has physical connections to the broadcast domains where one or more VLANs require the need for routing between them.
On your schema you have also used as a switch the router, then the "router on a stick" is not feasable.
 
Lukasz85
just joined
Topic Author
Posts: 8
Joined: Wed Jul 28, 2021 10:34 am

Re: Router on a STICK with two hAP lite

Tue Aug 17, 2021 10:30 am

Let us close this topic. Sorry for any inconvenience. I just tried to solve my problem, and I think I did but for some reason I'm being punished for that.

Who is online

Users browsing this forum: lurker888 and 40 guests