Community discussions

MUM Europe 2020
 
User avatar
mbfound
Member Candidate
Member Candidate
Topic Author
Posts: 134
Joined: Tue Jul 01, 2014 1:18 pm
Location: South Africa

Virtual AP (and maybe WDS) help needed

Mon May 04, 2015 2:37 pm

Hi all,

I'm testing a virtual ap with wds setup but for the love of me I can't get the private network to send/receive.

Wlan1 is the private network with encryption. wlan2 is the public wifi network with no encryption and using radius. The hotspot works fine and is able to send/receive and login.

I'm probably overlooking something simple. Config for main router below and secondary/wds/slave router below that.
# may/04/2015 13:23:16 by RouterOS 6.27
# software id = JMA5-T5NA
#
/interface bridge
add name=hs_bridge
add name=private_bridge
/interface wireless security-profiles
set [ find default=yes ] eap-methods="" interim-update=1m \
    radius-mac-accounting=yes supplicant-identity=MikroTik
add authentication-types=wpa-psk eap-methods="" group-ciphers=tkip \
    management-protection=allowed mode=dynamic-keys name=private \
    supplicant-identity="" unicast-ciphers=tkip wpa-pre-shared-key=12345678 \
    wpa2-pre-shared-key=12345678
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g country="south africa" dfs-mode=no-radar-detect disabled=no \
    frequency=auto l2mtu=2290 mode=ap-bridge security-profile=private ssid=\
    Test tx-power=10 tx-power-mode=all-rates-fixed wds-default-bridge=\
    private_bridge wds-mode=dynamic wireless-protocol=802.11
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:BE:36:4C master-interface=\
    wlan1 name=wlan2 ssid="Test HS" wds-cost-range=0 wds-default-bridge=\
    hs_bridge wds-default-cost=0 wds-mode=dynamic
/ip hotspot profile
add dns-name=hotspot.bfound.co.za hotspot-address=10.1.1.1 http-proxy=\
    0.0.0.0:8080 login-by=http-chap name=hsprof1 radius-interim-update=10m \
    use-radius=yes
/ip pool
add name=dhcp ranges=10.10.1.2-10.10.10.254
add name=no-https ranges=10.10.21.1-10.10.30.254
add name=wds ranges=10.10.20.1-10.10.20.254
add name=privatepool ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=hs_bridge lease-time=30m name=\
    hotspot_dhcp use-radius=yes
add address-pool=privatepool disabled=no interface=private_bridge lease-time=\
    1d name=private_dhcp
/ip hotspot
add address-pool=dhcp disabled=no idle-timeout=none interface=hs_bridge name=\
    hotspot1 profile=hsprof1
add address-pool=privatepool disabled=no idle-timeout=none interface=\
    private_bridge name=private_hs
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no address-pool=dhcp \
    keepalive-timeout=1h rate-limit="100k/1M 100k/2M 100K/512k 10/10" \
    session-timeout=2h shared-users=unlimited
/interface bridge port
add bridge=private_bridge interface=wlan1
add bridge=hs_bridge interface=wlan2
/ip address
add address=10.10.1.1/16 interface=wlan2 network=10.10.0.0
add address=192.168.1.1/32 interface=private_bridge network=192.168.1.1
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.10.0.0/16 dns-server=10.10.1.1,8.8.8.8,8.8.4.4 gateway=\
    10.10.1.1
add address=192.168.1.0/24 dns-server=192.168.1.1,8.8.8.8 gateway=192.168.1.1
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat out-interface=ether1
/ip hotspot user
add name=hotspot-user password=123456
/ip hotspot walled-garden
add comment="place hotspot rules here" disabled=yes
*bunch of rules*
/ip hotspot walled-garden ip
add action=accept disabled=no dst-port=443 protocol=tcp src-address=\
    10.10.1.2-10.10.10.254
add action=accept disabled=no src-address=10.10.20.1-10.10.20.254
/ip proxy
set enabled=yes
/radius
add address=xxxxxxxxx secret=xxxxxxxxx service=\
    hotspot,wireless,dhcp timeout=600ms
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=4AC704F9643D
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=196.25.1.9 secondary-ntp=41.216.204.3
/system scheduler
*some scripts to check for updates*
/tool graphing interface
add
/tool graphing queue
add
/tool graphing resource
add
----------------------------------
# jan/02/1970 00:15:52 by RouterOS 6.18
# software id = K61L-J26C
#
/interface bridge
add l2mtu=2290 name=hs_bridge
add l2mtu=2290 name=private_bridge
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk eap-methods="" \
    group-ciphers=tkip supplicant-identity=MikroTik unicast-ciphers=tkip \
    wpa-pre-shared-key=12345678 wpa2-pre-shared-key=12345678
add authentication-types=wpa-psk eap-methods="" group-ciphers=tkip \
    management-protection=allowed mode=dynamic-keys name=private \
    supplicant-identity="" unicast-ciphers=tkip wpa-pre-shared-key=12345678
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
    band=2ghz-b/g country="south africa" default-forwarding=no dfs-mode=\
    no-radar-detect disabled=no frequency=2412 frequency-mode=\
    regulatory-domain l2mtu=2290 mode=wds-slave security-profile=private \
    ssid=Test wds-default-bridge=private_bridge wds-mode=dynamic \
    wireless-protocol=802.11
add disabled=no l2mtu=2290 mac-address=4E:5E:0C:BE:35:C8 master-interface=\
    wlan1 name=wlan2 ssid="Test HS" wds-cost-range=0 wds-default-bridge=\
    hs_bridge wds-default-cost=0 wds-mode=dynamic
/interface bridge port
add bridge=private_bridge interface=wlan1
add bridge=hs_bridge interface=wlan2
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=private_bridge
add dhcp-options=hostname,clientid disabled=no
add default-route-distance=0 dhcp-options=\
    *FFFFFFFF,*FFFFFFFF,hostname,clientid disabled=no interface=hs_bridge
/ip firewall nat
add action=masquerade chain=srcnat out-interface=wlan1
add action=masquerade chain=srcnat out-interface=ether1
/ip upnp
set allow-disable-external-interface=no
/snmp
set trap-community=public
/system identity
set name=4AC704723AC5
/system leds
set 0 interface=wlan1 type=interface-status
set 5 interface=wlan1

Who is online

Users browsing this forum: MSN [Bot] and 11 guests