DHCP/DNS configuration for two router setup

LukeS · Thu Feb 01, 2024 7:43 pm

Hello,

I have a working set-up that I want to modify but I don't know how to do it. I have two MT routers in my setup with ROS 7.13.3.

Router-1 is a hAPax² with network 192.168.88.1/24 that connects to the internet on ether1. The other 4 ether-ports and wifi-2G and wifi-5G "ports" are bridged.

Router-2 is installed in a mobile cabinet with some audio-visual equipment connected to it on the ether-ports. Being mobile I don't want to run a cable from router-2 to router-1. They connect over wifi-5G.
Router-2 is a hAPac² with network 192.168.66.1/24. The wifi-5G interface is defined as a station that logins into router-1. A DHCP-client is defined on wifi-5G. The equipment attached to router-2 has internet access over wifi-5G. The 5 ether-ports and wifi-2G "port" are bridged.

However I don't need or want a second network 192.168.66.0/24. I would be more convenient to have all equipment on the 192.168.88.0 network. I have tried modifying DHCP and DNS entries to no avail. My question is how to configure router-2 (and/or router-1) to this end.

wifi5g.jpg

# 2024-02-01 18:10:42 by RouterOS 7.13.3
# software id = ABCD-1234
#
# model = RBD52G-5HacD2HnD
# serial number = ABCDEF1234
/interface bridge
add igmp-snooping=yes name=bridgeTV
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
    country=netherlands disabled=no frequency=auto installation=indoor \
    mac-address=AA:BB:CC:DD:EE:80 mode=ap-bridge name=wifi-2G ssid=\
    "2171AA=22"
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country=netherlands disabled=no frequency=auto \
    installation=indoor mac-address=AA:BB:CC:DD:EE:7F name=wifi-5G ssid=\
    2171AA-22
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.66.100-192.168.66.199
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridgeTV name=dhcp-server
/interface bridge port
add bridge=bridgeTV interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=wifi-2G
/ip neighbor discovery-settings
set discover-interface-list=*2000011
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.66.1/24 interface=bridgeTV network=192.168.66.0
/ip dhcp-client
add interface=wifi-5G
/ip dhcp-server network
add address=192.168.66.0/24 gateway=192.168.66.1
/ip dns
set allow-remote-requests=yes servers=192.168.66.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wifi-5G
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=MikrotikTV
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes

TheCat12 · Thu Feb 01, 2024 10:56 pm

I think the easiest way is to remove the dhcp-server, the pool, the nat rule and the dhcp-client and just set the address to one from the desired subnet and add the 5G-WiFi link to the bridge

LukeS · Fri Feb 02, 2024 6:59 pm

Hi TheCat12,

I followed your suggestions and the result is quite interesting although not everything is what I wish to achieve. The exported configuration is minimal. Note that after a reboot ROS automatically inserts a DHCP -client on the bridge with the comment ;;;internet detect. Any equipment connected to router-2 is also assigned an IP on the 192.168.88.0 network. I can ping from the winbox-router-2 any connected equipment . But I cannot ping anything on the other side of the wifi-5G link not 8.8.8.8 or even the DNS/DHCP server 192.168.88.1. There is no internet connection.

There is a working wifi connection between router-1 and router-2:
the DHCP server on router-1 hands-out IP addresses for router-2 as I would like it to do.
And I can use winbox on router-2 from both sides using IP-address on router-2 and MAC-address from the other end of the wifi-5G link and

But no internet: Could this be a routing issue?

 /ip dhcp-client print
Flags: D - DYNAMIC
Columns: INTERFACE, USE-PEER-DNS, ADD-DEFAULT-ROUTE, STATUS, ADDRESS
#   INTERFACE  USE-PEER-DNS  ADD-DEFAULT-ROUTE  STATUS  ADDRESS          
;;; internet detect
0 D bridgeTV   yes           yes                bound   192.168.88.106/24

/ip route print
Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
    DST-ADDRESS      GATEWAY       DISTANCE
DAd 0.0.0.0/0        192.168.88.1         1
DAc 192.168.88.0/24  bridgeTV             0

# 2024-02-02 15:19:08 by RouterOS 7.13.3
# software id = ABCD-1234
#
# model = RBD52G-5HacD2HnD
# serial number = ABCDEF1234
/interface bridge
add igmp-snooping=yes name=bridgeTV
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
    country=netherlands disabled=no frequency=auto installation=indoor \
    mac-address=AA:BB:CC:DD:EE:80 mode=ap-bridge name=wifi-2G ssid=\
    "2171AA=22"
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country=netherlands disabled=no frequency=auto \
    installation=indoor mac-address=AA:BB:CC:DD:EE:7F name=wifi-5G ssid=\
    2171AA-22
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeTV interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridgeTV interface=wifi-2G
add bridge=bridgeTV interface=wifi-5G
/ip neighbor discovery-settings
set discover-interface-list=*2000011
/interface detect-internet
set detect-interface-list=all
/ip dns
set allow-remote-requests=yes
/system identity
set name=MikrotikTV
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes

pe1chl · Fri Feb 02, 2024 9:31 pm

You can fix that using this command:

/interface detect-internet set detect-interface-list=none

LukeS · Sun Feb 04, 2024 5:52 pm

I tried your tip (set detect-interface-list=none) but it did not let all equipment run in the same domain. Are you sure this command changes the behavior? To me it seems to be a filter for reporting purposes, not something that changes the state of an interface.

I am surprised my requirement seems to be so complicated. If I could use a CAT-cable from router-1 to router-2 I would have replaced router-2 with a cheap and simple non-managed switch. One end of the cable into router-1 and the other end into the switch. My equipment on the switch side is all wired and would also be plugged into the switch to make it work. Now I replace my CAT-cable with a wifi-connection and all simplicity is gone

jaclaz · Sun Feb 04, 2024 7:24 pm

This:
set discover-interface-list=*2000011
doesn't look good.
It may be completely unrelated, but whenever you find a value *<number> it usually means that for *whatever* reasons the RoS has lost some data (like a reference to something that has been deleted) and replaces those with the asterisk+number.

pe1chl · Sun Feb 04, 2024 8:49 pm

I tried your tip (set detect-interface-list=none) but it did not let all equipment run in the same domain. Are you sure this command changes the behavior? To me it seems to be a filter for reporting purposes, not something that changes the state of an interface.

Study the matter a bit better and make your config work without detect-internet. You will not regret it. detect-internet only causes trouble.

LukeS · Mon Feb 05, 2024 4:05 pm

Hi Jaclaz,
I’ll address you from now on as hawk-eye, I missed the *number entry. And it is indeed not good. I never knew the tool existed and set all entries = none i.e. I switched it off.

Hi pe1chl,
You probably are right: don’t use detect-internet. The cryptic documentation is hidden in the Diagnostics section of Help. Not the first place I would look and states use with precaution; then I know enough: stay clear.
- - - - -
While ploughing through the MT-Help I may have identified the problem I’m having. In the section https://help.mikrotik.com/docs/display/ ... tion+Modes they explain the 802.11 protocol doesn’t allow bridging over wifi. That I can’t define all equipment on a single network is a bridging problem and not a problem of configuring DHCP or DNS. I will investigate this the coming days.

jaclaz · Mon Feb 05, 2024 5:06 pm

I'll have to call you "Trapper", then.

No experience whatsoever at it, but since you have two Mikrotik devices, it should be possible to use station-bridge mode, though, since one is Ac2 and one is Ax2, it is possible that you will have the issue with "wifi" vs. "wireless":
viewtopic.php?t=203224

LukeS · Mon Feb 19, 2024 7:33 pm

A final closing post as I have achieved my goal. As is often the case with forum questions I was barking up the wrong (dhcp/dns) tree while it is indeed a bridging problem. The 802.11 protocol doesn’t support L2-bridging over wifi. Fortunately, there is a 4-address frame extension to the protocol to overcome this limitation.

To this end I changed the router-2 mode from station to station-bridge to enable the 4-address frame implementation. Initially that did not work because of hardware differences between the hAPax² and hAPac². In both packages there is a station-bridge mode for the radio’s, but they are not compatible.

I found the solution for this issue in the section https://help.mikrotik.com/docs/display/ ... ss'package, there is a driver set for the older hardware that allows it to work with the newer hardware. I swapped the hAPac² wireless-7.13.4-arm.npk for a package named wifi-qcom-ac-7.13.4-arm.npk that is compatible with the hAPax². It replaces the Wireless menu in Winbox with the Wifi menu.

Thanks to you all for pointing me in the right direction.

DHCP/DNS configuration for two router setup [SOLVED]

DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup

Re: DHCP/DNS configuration for two router setup [SOLVED]

Who is online