Community discussions

MikroTik App
 
padlocked17
just joined
Topic Author
Posts: 6
Joined: Sun Aug 22, 2021 11:47 pm

Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Sun Aug 22, 2021 11:57 pm

Good Afternoon all,

I'm completely new to MikroTik but wanted to try out there equipment in a use case. We have an RV that I want to create an internal Wifi network on and use the G-52SHPacn to pull in internet from a campground. I'm trying to figure out the best way to setup the equipment to allow me to do the following:
  • Power the RB260GSP via an AC adapter and then provide POE output to the hAP AC Lite and Metal 52 ac
  • Connect and configure the RB260GSP, hAP ac lite and Metal 52 ac via the internal network created by the hAP ac lite
Essentially I need the Metal 52 ac to act as the internet provider by pulling in an external signal and using that as the WAN source on the hAP AC Lite. I'd like to be able to login to the Metal 52 ac wirelessly when connected to the hAP ac lite in order to scan for and connect to the external wifi network at various campgrounds.

Is this possible?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 723
Joined: Tue Dec 17, 2019 1:08 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Mon Aug 30, 2021 12:13 am

Good Morning,
It should work without any problems.

The "Easy" Way: One Big Network.

Step 1 : Configure hAP AC as Main-Router
- Basic-Config
- DHCP-Server
- Wlan
- etc....

Step 2: Configure Other Mikrotik-Devices
Basic Config + RB260GSP and Metal 52 AC as DHCP-Client
Metal 52 as Static-Lease

Steo 3: Gateway
On the hAP AC unter /ip route ...
Enter the IP of the Metal52 for 0.0.0.0/0

Step 4: NAT
On the Metal52
add NAT / Masquerade for outgoing

Everything schould now Work....
because it's one Big Network, you will be able to connect to all Mikrotik devices via Web, Shh, Winbox , etc

P.S: After everything ist working like you want it to, dont forget to Secure your Mikrotik-Devices (Password, Firewall, etc..)
 
padlocked17
just joined
Topic Author
Posts: 6
Joined: Sun Aug 22, 2021 11:47 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Sun Sep 19, 2021 6:00 am

I appreciate the initial push. I've got the Metal52 setup in CPE + Router + DHCP + NAT. I then have that acquiring a signal and passing it to the WAN interface on the hAP ac Lite.

The issue I'm running into is how to login to a captive portal when connected to a network that requires a login via that method. Any ideas how to allow me to login to a captive portal when connecting the Metal52 to that type of network?

Current metal configuration is below:
# sep/18/2021 20:02:37 by RouterOS 6.48.3
# software id = E3ZJ-05D4
#
# model = RBMetalG-52SHPacn
# serial number = B7DE0DB59B0C
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no frequency=auto \
    installation=outdoor mode=station-pseudobridge ssid="Raptor Guest" \
    wireless-protocol=nv2-nstreme-802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk group-ciphers=\
    tkip,aes-ccm supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/ip pool
add name=dhcp ranges=192.168.101.100-192.168.101.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether1 name=defconf
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=LAN
add comment=defconf interface=wlan1 list=WAN
add list=LAN
/ip address
add address=192.168.101.1/24 comment=defconf interface=ether1 network=\
    192.168.101.0
/ip dhcp-client
add comment=defconf disabled=no interface=wlan1
/ip dhcp-server network
add address=192.168.101.0/24 comment=defconf gateway=192.168.101.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.101.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system identity
set name=MikroTikMetal
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Sun Sep 19, 2021 4:00 pm

Sounds like the metal unit should simply be an accesspoint switch antenna so to speak, no decisions required just a conduit for wifi signal to the HAPAC.
On the hapac you are connected via PC to one port do to the authentication required is my guess.
I dont think there is a way for the router to answer hotspot questions?/
 
User avatar
w32pamela
Member Candidate
Member Candidate
Posts: 212
Joined: Fri Jul 12, 2013 4:22 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Mon Sep 20, 2021 3:29 pm

After you connect to the AP with the captive portal first make sure you have an IP from the AP then make your first URL request to a non-https:// website such as http://httpforever.com/ . This usually allows the captive portal redirect page to come up.
 
padlocked17
just joined
Topic Author
Posts: 6
Joined: Sun Aug 22, 2021 11:47 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Mon Sep 20, 2021 5:42 pm

After you connect to the AP with the captive portal first make sure you have an IP from the AP then make your first URL request to a non-https:// website such as http://httpforever.com/ . This usually allows the captive portal redirect page to come up.
That is part of the issue I'm running into. I'm testing this out with a Unifi Guest Controller. When I connect to the open network with a laptop directly, it grabs an IP address and pops up with the captive portal to enter credentials. When using the Metal52, it doesn't acquire an IP address and doesn't allow for the captive portal to login. I'm sure different portals will behave differently, I' just unsure why the Metal52 is behaving differently than the computer.

I'm certainly open to any other ideas.
 
padlocked17
just joined
Topic Author
Posts: 6
Joined: Sun Aug 22, 2021 11:47 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Mon Sep 20, 2021 5:45 pm

Sounds like the metal unit should simply be an accesspoint switch antenna so to speak, no decisions required just a conduit for wifi signal to the HAPAC.
On the hapac you are connected via PC to one port do to the authentication required is my guess.
I dont think there is a way for the router to answer hotspot questions?/
Correct on all fronts. I figured having a double NAT wouldn't be a huge issue. I have it setup so that I can access the Metal52 directly from the wireless network generated from the hAP AC to make all things wireless and easier to use.

What I can't figure out is how to get the Metal52 to "pass through" the same as a computer does to accept any captive portals I might encounter. Currently running a Unifi Guest portal to test and it won't acquire an IP address unlike a computer or other wireless device.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Mon Sep 20, 2021 6:23 pm

When you say it doesn't acquire an IP address do you mean wlan1 connects but the dhcp-client fails to acquire an address?

The use of mode=station-pseudobridge is strongly discouraged due to vendor interoperability issues, and as you are operating the Metal as a router is unnecessary. I wouldn't expect hotspots to be using proprietary protocols, wireless-protocol=802.11 may be a better choice.

There can be other issues with captive portals as some attempt to detect when people are using routers and NAT as this potentially reduces the operators revenue on paid-for hotspots.
 
User avatar
w32pamela
Member Candidate
Member Candidate
Posts: 212
Joined: Fri Jul 12, 2013 4:22 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Wed Sep 22, 2021 4:08 am

When you try to make a connection does the status on the Quick Set page oscillate between "searching for network" and "connected to ess"?
 
padlocked17
just joined
Topic Author
Posts: 6
Joined: Sun Aug 22, 2021 11:47 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Wed Sep 22, 2021 4:57 pm

When you say it doesn't acquire an IP address do you mean wlan1 connects but the dhcp-client fails to acquire an address?

The use of mode=station-pseudobridge is strongly discouraged due to vendor interoperability issues, and as you are operating the Metal as a router is unnecessary. I wouldn't expect hotspots to be using proprietary protocols, wireless-protocol=802.11 may be a better choice.

There can be other issues with captive portals as some attempt to detect when people are using routers and NAT as this potentially reduces the operators revenue on paid-for hotspots.
Correct. WLAN shows connected to ESS, gives all the stats on the AP, but doesn't acquire a IP address through the DHCP server on the AP (in this case it's a Unifi AP setup with a Guest Portal for testing).

Talk to me about station-pseudobridge vs 802.11. I read up on the modes here https://wiki.mikrotik.com/wiki/Manual:W ... tion_Modes but I'm not sure what mode would be better suited since the AP isn't running routerOS. station-pseudobridge, station-pseudobridge-clone and station all appear to support 802.11.

Do you think bridging the connection vs setting up as an AP could alleviate the problem by not double NAT'ing?
 
padlocked17
just joined
Topic Author
Posts: 6
Joined: Sun Aug 22, 2021 11:47 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Wed Sep 22, 2021 4:58 pm

When you try to make a connection does the status on the Quick Set page oscillate between "searching for network" and "connected to ess"?
No, rock solid on "connected to ess".
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Wed Sep 22, 2021 5:33 pm

If i recall in days long gone, connect with PC then clone pC mac address on router mac address ??
 
User avatar
w32pamela
Member Candidate
Member Candidate
Posts: 212
Joined: Fri Jul 12, 2013 4:22 pm

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Wed Sep 22, 2021 7:21 pm

Does the Metal identify your Unifi as routerboard hardware; you will see an "R" in the first column of "Scanner" in wireless? I ask this because I am not familiar with Ubiquiti's Unifi hardware but I know that Ubiquiti's Airmax hardware such as Nanostation or Bullets will be identified by Mikrotik CPE's as routerboards. When this happens routerOS will change your wireless Mode to whatever mode it see as appropriate. This can prevent the acquiring of IP.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Wed Sep 22, 2021 7:39 pm

Talk to me about station-pseudobridge vs 802.11. I read up on the modes here https://wiki.mikrotik.com/wiki/Manual:W ... tion_Modes but I'm not sure what mode would be better suited since the AP isn't running routerOS. station-pseudobridge, station-pseudobridge-clone and station all appear to support 802.11.
mode and wireless-protocol are different things, not all combinations are valid. As you are not connecting to a Mikrotik AP only 802.11 works, so there isn't much point trying to connect with the others. That page is where it says station-pseudobridge should only be used as a last resort, so unless bridging use mode=station.

Do you think bridging the connection vs setting up as an AP could alleviate the problem by not double NAT'ing?
No. As you are not even getting an IP address NAT doesn't enter into it. Some captive portal systems only allow connections from one MAC address, so bridge and having multiple MACs is likely to make authentication and use worse once you have sorted the IP connectivity issue.

Who is online

Users browsing this forum: LeoNaXe, NimbuS and 44 guests