Guys, i posted the other day i had this working but i didnt know why. Now, no dice.....im missing something here.
If you read my old thread, i had this working...but i messed somthing up. Ive literally spent days working on this with no luck.
I have an RV, inside the RV is a HAP. This will provide wireless and Ethernet for the local devices in the RV. Simply DHCP private network, dhcp, ports 1-4 on a bridge. No issue with that.
A WAP is plugged into port 5. This wap is outside the RV and will get internet from my office (or public wifi wherever the RV happens to be) and bridge it to the HAP inside the RV. Simple right? I thought so too.
The issue is on the WAP. I can put it in station mode, it grabs an IP via DHCP from an external network no problem. I put it in pusedo bridge, turn off its DHCP client. Activate DHCP client on eth5 of the HAP. Now the HAP, since bridged to the WAP, should grab an ip. It doesnt. If i enter an IP manually it will work. But it cant get that DHCP request for some reason. Ports on the WAP bridge are set to trusted, and i tried RTSP and none for protocol. I connect an old UBNT picostation in place of the wap....put it in bridge mode, and boom...it works perfectly. So why not the WAP? (I would just use the old picostation, but it lacks a connect list kind of feature, so i have to manually go in and re-select the station every time i move the RV. I have several offices and places im at a lot, so i would like to have them in the connect list, hence the use for the WAP.
I tried connecting the WAP directly to a PC, pusedo bridge mode, same issue....PC cannot get an ip from DHCP server. Ive got to be missing something simple here.
Still no luck with simple Bridge
You do not have the required permissions to view the files attached to this post.
-
-
kenakapheus
just joined
- Posts: 6
- Joined:
Re: Still no luck with simple Bridge
As far as i remember 802.11 does not really work with multiple clients on one Connection.
Basically the WAP has to masquerade all MAC addresses which breaks DHCP.
Try pointing the DHCP-Relay on the WAP at the real DHCP-Server.
Basically the WAP has to masquerade all MAC addresses which breaks DHCP.
Try pointing the DHCP-Relay on the WAP at the real DHCP-Server.
Re: Still no luck with simple Bridge
I would have moved routing/NAT to the WAP instead. That would solve your problem.
Re: Still no luck with simple Bridge
The preferred setup is indeed to have the NAT/Firewall/DHCP server in the wAP, not in the hAP. (viewtopic.php?f=2&t=171945#p840919)
Then you just work with "station" to the ISP, not pseudo bridge. DHCP works in theory with pseudo bridge, but the Mikrotik bridges seem sometimes not to be able to handle this properly. (DHCP lease gets offered but not bound. see: viewtopic.php?f=2&t=116963 , no real stable solution or root cause found yet. STP protocol and bridge port MAC learning are suspects.)
In all cases check where you define DHCP client and server. If interfaces are bound to the bridge, IP addresses, DHCP client and DHCP server should only be defined on the bridge, not on the interface.
In your pseudo bridge setup the wAP can also have an IP address. If the ISP does not allow 2 IP addresses, he might be caching the wAP MAC address for many hours. (while denying any other DHCP request from another MAC address. ISP trying to avoid double connections.)
Then you just work with "station" to the ISP, not pseudo bridge. DHCP works in theory with pseudo bridge, but the Mikrotik bridges seem sometimes not to be able to handle this properly. (DHCP lease gets offered but not bound. see: viewtopic.php?f=2&t=116963 , no real stable solution or root cause found yet. STP protocol and bridge port MAC learning are suspects.)
In all cases check where you define DHCP client and server. If interfaces are bound to the bridge, IP addresses, DHCP client and DHCP server should only be defined on the bridge, not on the interface.
In your pseudo bridge setup the wAP can also have an IP address. If the ISP does not allow 2 IP addresses, he might be caching the wAP MAC address for many hours. (while denying any other DHCP request from another MAC address. ISP trying to avoid double connections.)
Re: Still no luck with simple Bridge
If you have issues I would start on WAP as a fully bridged AP (double NAT will not cause an issue here).
On WAP use "QUICKSET" CPE mode, select router (not bridged) and bridge ports, enable DHCP server etc. (other Ip subnet than on the hap)
It should work this way. Once working improve further or keep it as this!
On WAP use "QUICKSET" CPE mode, select router (not bridged) and bridge ports, enable DHCP server etc. (other Ip subnet than on the hap)
It should work this way. Once working improve further or keep it as this!
Re: Still no luck with simple Bridge
I really dont want the WAP to do the NAT, for the reason i want the HAp inside the coach to be the main routing device. It will have multiple ways to grab internet, the WAP is just one of them. The others are LTE, a plain ethernet to a port at my place, or via the USB port. If i do keep it as is but put the WAP on NAT, yes, it works...but tripple NAT.
I find it crazy the WAP cant do what a cheap $20 ethernet extender can do. The UBNT picostation does it fine, but lacks the connect list...but i guess will work if i setup some hacking way to do a connect list on it.
--John
I find it crazy the WAP cant do what a cheap $20 ethernet extender can do. The UBNT picostation does it fine, but lacks the connect list...but i guess will work if i setup some hacking way to do a connect list on it.
--John
-
-
CZFan
Forum Guru
- Posts: 2098
- Joined:
- Location: South Africa, Krugersdorp (Home town of Brad Binder)
- Contact:
Re: Still no luck with simple Bridge
You dont need to have Double / Tripple NAT, just configure routing properly between the wAP and hAP..... If i do keep it as is but put the WAP on NAT, yes, it works...but tripple NAT.
I find it crazy the WAP cant do what a cheap $20 ethernet extender can do. The UBNT picostation does it fine, but lacks the connect list...but i guess will work if i setup some hacking way to do a connect list on it.
--John
I sincerely doubt the $20 ethernet (WiFi) extender is going to provide you connectivity to other ISPs, etc as you travel
Re: Still no luck with simple Bridge
Treat the WAP as device on the LAN. and make the LAN vlan20
Create a bridge on the WAP for the vlans for the incoming signal and assign vlan10 to that traffic (access port).
On the HAP create the vlan structure for the lan vlan20
Associate vlan10 with the dhcp client and ethernet interface.
Seems like that would work.
Create a bridge on the WAP for the vlans for the incoming signal and assign vlan10 to that traffic (access port).
On the HAP create the vlan structure for the lan vlan20
Associate vlan10 with the dhcp client and ethernet interface.
Seems like that would work.
Re: Still no luck with simple Bridge
OP did not explain the wAP config. If you want the wAP to be transparant between ISP and hAP, then "pseudo-bridge-clone" should be used.
From the wiki:
Mode station-pseudobridge-clone
This mode is the same as station-pseudobridge mode, except that it connects to AP using "cloned" MAC address - that is either address configured in station-bridge-clone-mac parameter (if configured) or source address of first forwarded frame. This essentially appears on AP as if end-user device connected to station connected to AP.
From the wiki:
Mode station-pseudobridge-clone
This mode is the same as station-pseudobridge mode, except that it connects to AP using "cloned" MAC address - that is either address configured in station-bridge-clone-mac parameter (if configured) or source address of first forwarded frame. This essentially appears on AP as if end-user device connected to station connected to AP.
Re: Still no luck with simple Bridge
Just tried with pusedo-bridge-clone, still no luck. Pretty small config, here it is:
/interface bridge
add fast-forward=no name=bridge1 protocol-mode=none
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap group-ciphers=tkip,aes-ccm mode=dynamic-keys name=SECURITYPROFILE supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country="united states" disabled=no distance=indoors frequency=auto installation=outdoor mode=station-pseudobridge-clone \
security-profile=SECURITYPROFILE ssid=OFFICE_SSID wireless-protocol=802.11
/interface bridge port
add bridge=bridge1 interface=ether1 learn=yes trusted=yes
add bridge=bridge1 interface=wlan1 learn=yes trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip address
add address=192.168.8.2/24 comment="Management IP Only" interface=bridge1 network=192.168.8.0
/ip dns
set allow-remote-requests=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/interface bridge
add fast-forward=no name=bridge1 protocol-mode=none
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap group-ciphers=tkip,aes-ccm mode=dynamic-keys name=SECURITYPROFILE supplicant-identity=MikroTik unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country="united states" disabled=no distance=indoors frequency=auto installation=outdoor mode=station-pseudobridge-clone \
security-profile=SECURITYPROFILE ssid=OFFICE_SSID wireless-protocol=802.11
/interface bridge port
add bridge=bridge1 interface=ether1 learn=yes trusted=yes
add bridge=bridge1 interface=wlan1 learn=yes trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip address
add address=192.168.8.2/24 comment="Management IP Only" interface=bridge1 network=192.168.8.0
/ip dns
set allow-remote-requests=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Re: Still no luck with simple Bridge
Yes normal config (and even LAN & WAN list is not used)
Would do the same, except for the bridge port learning. For wireless this is a delicate matter. My best results with DHCP and wifi connections is when it's left on "auto".
What happens if you replace the hAP with a laptop. Does it get the DHCP lease ?
Would do the same, except for the bridge port learning. For wireless this is a delicate matter. My best results with DHCP and wifi connections is when it's left on "auto".
../interface bridge port
add bridge=bridge1 interface=ether1 learn=yes trusted=yes
add bridge=bridge1 interface=wlan1 learn=yes trusted=yes
Code: Select all
learn (auto | no | yes; Default: auto) Changes MAC learning behaviour on a bridge port
yes - enables MAC learning
no - disables MAC learning
auto - detects if bridge port is a Wireless interface and uses Wireless registration table instead of MAC learning, will use Wireless registration table if the Wireless interface is set to one of ap-bridge,bridge,wds-slave mode and bridge mode for the Wireless interface is disabled.Re: Still no luck with simple Bridge
Thats how ive been testing lately, same issue. Doesnt get an ip. I should point out if i put an IP in the laptop or HAP manually, it works fine. So the only issue is its not getting DHCP....
What happens if you replace the hAP with a laptop. Does it get the DHCP lease ?
The most frustrating part is i HAD IT WORKING and must have changed something. FYI, changed port learn to auto...
--John
Re: Still no luck with simple Bridge
/system logging add topics=DHCP