Community discussions

MUM Europe 2020
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 4:11 pm

First of all I'm looking for pointers here.
I have 2 Mikrotik routers on standard setup as of yet. Each with their own 100MB/s line. They are at the same place and I would like to connect them so both networks would be able to see each other but Internet traffic should stay where it belongs.
I thought about using VPN but wouldn't that be a waste with them being close to each other?
Could perhaps Wireless Bridging be the right choice?

Thanks in advance.
 
User avatar
gabrielpike
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Thu Apr 17, 2014 4:17 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 4:16 pm

Sure a wireless bridge would work fine however a wired connection is always better. Then use static routes to connect the 2 LANs.
Gabriel Pike
MTCNA
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 4:30 pm

yeah wired would be better I know Just the way the rooms are laid out that's a no-go. thanks.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 4:32 pm

First - make sure the two LAN networks are using different IP networks.
(e.g. 192.168.1.0/24 = mikrotik1 LAN, and 192.168.2.0/24 = mikrotik2 LAN)

Choose an interconnection interface - such as ether5 (why not use gigabit?)
Make sure ether5 is not running as slave port to any other port.
Choose an IP for the interconnect - 192.168.255.0/30
Assign 192.168.255.1/30 on ether5, mikrotik 1
Assign 192.168.255.2/30 on ether5, mikrotik 2

Ping test across the link to confirm the link is good.

Create static routes across the link:
mikrotik1: /ip route add dst=192.168.2.0/24 gateway=192.168.255.2
mikrotik2: /ip route add dst=192.168.1.0/24 gateway=192.168.255.1

Create firewall filters which deny Internet traffic across the link:
both mikrotiks:
/ip firewall filter
add chain=forward in-interface=ether5 out-interface=WAN action=drop
add chain=forward in-interface=ether5 action=accept

Finally, make sure that your NAT rules do not match lan-to-lan traffic, and you're all set.
If they do match, make them more specific to the Internet connection

Or else you can create exception rules:
/ip firewall nat add chain=srcnat out-interface=ether5 action=accept
/ip firewall nat add chain=srcnat in-interface=ether5 action=accept
(make sure these rules come before any rule which is incorrectly matching lan-to-lan)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 4:48 pm

Nice instruction thank you for that. I just don't see where wireless bridging is involved there. Or does the internal bridge handle that automatically?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 6:57 pm

HAhaha - I missed that detail. Somehow, I thought the wireless bridge was gabrielpike's suggestion. That's what I get for scanning to quickly.

I wouldn't use wireless bridge - just your usual AP/Endpoint relationship is fine.

Basically, my solution works for wireless too - just use interface wlan1 in stead of ether5

The only thing left is to configure the wlan.
Pick one of them to be the AP, set up the SSID and wpa2 keys.
The other is in station mode, and you configure it to connect to the SSID you created on router1.

Basically, edit the default security profile and Authentication types - only WPA2 PSK is checked.
Unicast and group ciphers, only aes ccm is selected.
Enter a WPA2 Pre-shared key
Management Protection = disabled
No changes are needed in RADIUS/EAP/Static Keys tabs.

On the AP router, set the SSID and the defaults should pretty much work.

On the Staion router, set the mode to station. You can actually use the Scan tool to find your SSID, select it and hit connect.

Once the wlan interfaces are linked, then the IP routing in my previous example will work exactly the same way. Just replace all instances of ether5 with wlan1
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 8:00 pm

So I'd have one SSID for both routers? Not exactly what I had in mind. I still want them to be separate. Is it possible by using Virtual APs?
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 8:07 pm

No. The second router will not have an SSID at all in the above setup... It will search for the first router's SSID on the air, and it won't be accessible "directly" and wirelessly by any other devices. WiFi devices would need to connect to the first router, in order to reach devices connected by wire on the second router.

If you want both routers to be usable as APs, you'd need to set up a WSD bridge on the second router... mode=station-wds I think (I haven't personally done WDS with MikroTik... yet). In that mode, you again have the second router search the first one on the air, but the router also has its own SSID that WiFi devices can access wirelessly.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 8:17 pm

Alright, makes sense. So any other ideas? Perhaps wireless bridging seems like the way to go again?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 8:27 pm

Alright, makes sense. So any other ideas? Perhaps wireless bridging seems like the way to go again?
Or just plug in a couple of dedicate APs for end users.

When you put too many things in one place, strangeness ensues.

You know that old riddle about having a rowboat, a chicken, a fox, and a bag of chicken feed - how do you get all 3 across the river if the boat can only hold one item? Take the chicken across, row back, bring the fox across, bring the chicken back to the first side with you so the fox won't eat it, drop off the chicken and get the chicken feed, take it across, row back empty, collect the chicken and then you're across the river.

Don't put yourself in a situation like this.
Instead:
Put a virtual SSID on the router1 and bridge that virtualAP to the LAN bridge there.
Install an inexpensive 951 model at side 2, and make the 951 be a simple AP/bridge, and connect it to router2 with a cable. Make sure it's on a different channel than router1, and you're done.

Easy and no rowing back and forth with chickens and foxes and bags of bird seed.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 8:38 pm

They are at the same place
I missed out that detail the first time I saw this topic...

Because of that factor alone, yes, I totally agree with ZeroByte. The two routers should definitely be connected to each other with a cable, and simply emit two different SSIDs, ideally in different directions (for better coverage).


The aforementioned WDS bridging is useful if the two routers are too far from each other for a cable to be feasible, but by virtue of it being wireless, the bandwidth and reliability suffers with that approach.
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 9:06 pm

Outline question: I'm sorry for this.

why should I bridge Wlan and one Ether together?
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 9:22 pm

I didn't know that reference. :D Makes sense. I don't really want to buy more devices for this project. And even though i currently live in Latvia it takes surprisingly long to get one. I waited 3 weeks for one of my routers, if memory serves me right.

Edit:
They are at the same place
I missed out that detail the first time I saw this topic...

Because of that factor alone, yes, I totally agree with ZeroByte. The two routers should definitely be connected to each other with a cable, and simply emit two different SSIDs,
Your right, as I mentioned before the only problem is that due to the layout of my apartment it's rather difficult to route a cable here. A certain someone (female) will lynch me if I start routing cables across the ceiling. :D
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 9:33 pm

Your right, as I mentioned before the only problem is that due to the layout of my apartment it's rather difficult to route a cable here. A certain someone (female) will lynch me if I start routing cables across the ceiling. :D
Why not on the floor, literally "under the rug" then ;) ?
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 9:43 pm

Your right, as I mentioned before the only problem is that due to the layout of my apartment it's rather difficult to route a cable here. A certain someone (female) will lynch me if I start routing cables across the ceiling. :D
Why not on the floor, literally "under the rug" then ;) ?
Little to no rugs available here. Otherwise I would need to tear the floor up. So nope not a good way :)
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 9:47 pm

Well, WDS then indeed... I mean, given the environment factor you call "female" :-P ... That's not an easily fixable one. :lol:
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 10:15 pm

I think I might be mis-understanding the design.

For now, don't worry about the link being wired or wireless.....
topo1.png
I imagined topology 1 from your original question.

Is it really more like 2 - where you just want to extend the LAN to another part of the apartment with the second router acting as a second AP?

Or maybe a hybrid where you want LAN1 and LAN2 to have their own unique SSID, but be available via wifi from either router....
You do not have the required permissions to view the files attached to this post.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2411
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 10:17 pm

What I gathered was topology 1, but with the two APs somewhat overlapping in their range... So, a hybrid of the two - the settings of topology 1, and the WiFi coverage (more or less) of topology 2.

Right KennyDB?
PEAR2_Net_RouterOS(1.0.0b6) - My API client in PHP
(Rate my posts? If you want... no pressure...)
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Tue Mar 31, 2015 10:49 pm

FWIW - even in a hybrid solution, I would only bridge the "roaming" SSIDs - and I would still use a 2nd radio at whichever end has its 1st radio in station mode.

WDS repeater / WDS slave really makes me gag.

I'm going to wait for a reply from OP before going into any lengthy discourse on how it might be done.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Wed Apr 01, 2015 2:35 pm

So as I can see I might have only 2 choices here either LAN to LAN or wds setup. Do I see that right?

Well to state my needs here again:
I have 2 RB2011UiAS-2HnD
1. I want both "separate networks" to be able to communicate with each other. (Pretty much like a VPN setup does.)
2. They should still be separate e.g. own sub-net, ssid etc.
3. Both routers are well within WiFi range of each other
4. LAN to LAN setup Is not possible in my case (Even if I'd like to, I am very well aware of the benefit)
Or maybe a hybrid where you want LAN1 and LAN2 to have their own unique SSID, but be available via wifi from either router....
That sound more like what I was looking for. Would be nice to do it using Wifi only, but as it seems I will not get around using 2 more wireless devices ( perhaps "hAP lite which is rather inexpensive)
and use them in a station/client setup in which I have to configure my current routers to treat them as a LAN to LAN setup.

Right?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Wed Apr 01, 2015 3:12 pm

That sound more like what I was looking for. Would be nice to do it using Wifi only, but as it seems I will not get around using 2 more wireless devices ( perhaps "hAP lite which is rather inexpensive)
and use them in a station/client setup in which I have to configure my current routers to treat them as a LAN to LAN setup.

Right?
If you want 2 aps with both lans advertised from both aps, then I 100% agree and recommend that you use seperate radios for this than you are using for the router-to-router connection.

Build the router-to-router connection as I explained in my previous post, and then you will want to add a couple of things to let the APs allow "roaming":

On wlan1 on both routers, add two vlan sub-interfaces:
wlan1.lan1 (vlan id 10)
wlan1.lan2 (vlan id 20)

Also create two bridges: brLan1, brLan2.

Now on Router1:
Make sure the LAN1 configurations are all using brLan1 bridge
(you probably already were because of how the 2011 uses 2 internal switches)
Add vlan interface wlan1.lan1 to this bridge.
Add wlan1.lan2 to brLan2 - but don't bother to put any IP address settings or anything - this is just to send wifi traffic back to the other side.

On Router2:
Make sure all LAN2 settings are using brLan2 bridge
add interface wlan1.lan2 to brLan2
add interface wlan1.lan1 to brLan1 and don't put any settings here.

When you add the external APs to your network, configure them to use vlan10 on wlan1 and vlan20 for wlan2, and create ethX.lan1 vlan id 10 / ethX.lan2 vlan id 20 on an ethernet interface and add those to the appropriate bridges, and connect the APs to ethX interface.

I will draw a more detailed diagram of this with vlans and such becase "a picture is work 1000 words."
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Question: Connecting 2 home RB2011UiAS-2HnD

Wed Apr 01, 2015 4:07 pm

If you cannot use cable, you can use wds link logically in the same way like it is cable. On one side put it to local bridge and on the second side leave it unbridged and set DHCP client to it. Once it joins, the second side gets ip from the first side. Then you just set static routes to both sides to point packet from one network to the other and vice versa. You have to share the frequency but the virtual Ap settings on both sides can be different with different own passphrases. Layer 2 traffic will not leak from one network to another. You just need to have different subnets.

No vlans or external APs needed.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Wed Apr 01, 2015 5:23 pm

No vlans or external APs needed.
So you're saying make router 1 have AP and two virtual AP
The virtual AP -> LAN1 / LAN2 (both being bridges - no IP on LAN2 bridge)

On router 2, set wlan1 mode = WDS Slave, with 2 virtual APs bridged to LAN1 and LAN2, with LAN1 having no ip here?

It saves needing the external radios, but doesn't this essentially cut the bandwidth capacity in half in several cases for router 2's wifi?

lan2 host on router1 virtual AP --> lan1 device
lan1 host on router2 virtual AP -> anything
lan2 host on router2 virtual AP -> lan1 device
lan2 host on router2 virtual AP -> lan2 host on router1 virtual AP

If any of these traffic paths will be busy (streaming media from PC to roku or something like that) - wouldn't that tend to seriously degrade the quality of router 2's wireless networks?
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Wed Apr 01, 2015 6:00 pm

Expecting that you have set your lan/wan settings already correctly.

There will be only one local bridge on each router. Local address ranges should be distinct to each other (for example 192.168.1.0/24 and 162.168.2.0/24, with x.x.x.1 assigned to local bridge on each router.

On both routers create the same wds security profile. Both APs set to ap bridge mode on wlan1 interface with the same security profile set on wlan1 level. Set static mesh wds mode and default bridge none, ignoring ssid for wds. Create wds interface on both routers, link them by the crossed mac addresses. You should see it talking to each other.

Create virtual AP on each router, set it as you wish with its own security profile and separate mac address. Add the virtual AP to local bridges. Check the clients are able to connect correctly.

Put the wds on router1 to local bridge, set the dhcp client on second wds and do not put it into bridge. Then router1 will be bridging and router2 will be routing. Check the routes and correct / add them if necessary.

Sure it cuts the capacity if there will be simultaneous communication both on wds link and on virtual ap. Talking of one AP to its clients will interfere with the second AP talking to its clients. But it is the cheapest and immediatelly implementable solution. You should try it first to see if you can live with it or not. You will see according your traffic needs and local conditions that none can forsee. If there will be throughtput problem (even with using 2x2mimo, 20/40HT mode), and you decide to use separate wifi link, use 5GHz panel/directional devices, for example SXT Lite 5 on both sides. If you will use something like hAP lite, you will just make additional interference to your 2.4GHz band because these devices will transmit all around uselessly.

Do not use the quickset. Fully remove the configuration from the routers before you start and set it from blank. Only by this you can be sure what is set and how it should be working. Learn first how to set the router manually to be working as standalone home router and then try to make more complicated settings on top of it.

An the last thing: Cable is the best wifi. Even if you cannot use cable, do it.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Thu Apr 02, 2015 5:33 am

An the last thing: Cable is the best wifi. Even if you cannot use cable, do it.
I knew I liked you, Jarda.

And I think this is the longest post I've seen you make by about 1000 times.... :)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Question: Connecting 2 home RB2011UiAS-2HnD

Thu Apr 02, 2015 9:15 am

That's because I use tapatalk on my phone mostly so it's technically hard to write longer posts. But there are many my long posts on this forum also.

There are things that have to be repeated endlessly. Using wires instead wifi is one of them.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Thu Apr 02, 2015 9:17 am

That's because I use tapatalk on my phone mostly so it's technically hard to write longer posts. But there are many my long posts on this forum also.

There are things that have to be repeated endlessly. Using wires instead wifi is one of them.
My motto - no free-space photons in networking. :)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
KennyDB
just joined
Topic Author
Posts: 11
Joined: Mon Jan 19, 2015 1:10 pm

Re: Question: Connecting 2 home RB2011UiAS-2HnD

Thu Apr 02, 2015 1:31 pm

Alright fantastic. I am going to try these ideas as soon as I am able to Thanks ZeroByte and jarda.
Of course if an opportunity opens up I am going to switch to cable. But for now I will have to consider a wireless setup instead.
And considering the devices we are talking about It should be clear to everyone here that Cable was and still is the superior power here. :)
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Thu Apr 02, 2015 10:44 pm

Fingers crossed. Keep us informed.

Who is online

Users browsing this forum: MSN [Bot] and 33 guests