Community discussions

MikroTik App
 
davidw
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Apr 27, 2007 11:11 pm

How to manage multiple Access Points when using WDS

Mon Sep 03, 2007 5:12 am

Hi There,

I have the following configuration

DSL-MODEM
===============
ether1: 192.168.1.254
Portforwarding 8291==>192.168.1.1

AP 1
===============
ETHER1: 192.168.1.1
WLAN1: 10.5.50.1 (ap-bridge with dynamic wds enabled)
WDS-BRIDGE: (WLAN1 ports included)
DHCP setup to give ip's to wds-bridge clients

AP 2 (WDS AP)
===============
WLAN1: (wds station mode)
WLAN2: (ap bridge)
wds-bridge created with WLAN1 & WLAN2 ports included

Using port forwarding on 8291 we can successfully manage and more importantly monitor AP1 from public IP address

How can I monitor AP2 from a public IP address ?

I know I can mac telnet from one AP to the other but I want to be able to use DUDE to monitor its status so I can tell if it goes offline.

Hope this makes sense.

Cheers
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6623
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: How to manage multiple Access Points when using WDS

Mon Sep 03, 2007 2:31 pm

It is not possible to manage over NAT multiple router via Winbox without full nat, when separate IP address is assigned to router, it is possible to use SSH.
 
davidw
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Apr 27, 2007 11:11 pm

Re: How to manage multiple Access Points when using WDS

Mon Sep 03, 2007 2:35 pm

It is not possible to manage over NAT multiple router via Winbox without full nat, when separate IP address is assigned to router, it is possible to use SSH.
So what would I need to do to use ssh ?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6623
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: How to manage multiple Access Points when using WDS

Mon Sep 03, 2007 2:36 pm

You have to use DST-NAT at border router (that uses public/routeable address), and redirect specific port to the required router.
 
davidw
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Apr 27, 2007 11:11 pm

Re: How to manage multiple Access Points when using WDS

Tue Sep 04, 2007 12:12 am

You have to use DST-NAT at border router (that uses public/routeable address), and redirect specific port to the required router.

yep understand that, and I have succesfully done that but can not get it to work with WDS.

if my router and ap 1 are on 192.168.0.0 address range, should I make AP2 on 192.168.0.0 as well ?

How would my DSL router know to get to AP 2 via AP 1 ?
 
User avatar
JJCinAZ
Member
Member
Posts: 473
Joined: Fri Oct 22, 2004 8:03 am
Location: Tucson, AZ
Contact:

Re: How to manage multiple Access Points when using WDS

Tue Sep 04, 2007 8:03 am

You could use vpn to get access to everything in the 192.168.0.0 range. With 3.0 you can put a dude server on the router.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6623
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: How to manage multiple Access Points when using WDS

Tue Sep 04, 2007 8:27 am

If you have WDS, I assume you have bridged network between AP1 AP2 and DSL router.
They should be accessible directly, if they are not assign another private subnet to AP2 and setup routing on DSL and AP1 and set NAT rules to forward SSH.
 
User avatar
ivaring
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Sun Dec 24, 2006 3:25 pm
Contact:

Re: How to manage multiple Access Points when using WDS

Wed Sep 05, 2007 10:45 pm

I've one question/doubt.
Why someone would use NAT while bridging one net?.

Regards.
 
freewifi
just joined
Posts: 7
Joined: Thu Sep 06, 2007 2:49 am

Re: How to manage multiple Access Points when using WDS

Thu Sep 06, 2007 3:14 am

what if I have 3 or 4 routeros devices in the same network?

Surely this has come up before.
 
davidw
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Apr 27, 2007 11:11 pm

Re: How to manage multiple Access Points when using WDS

Thu Sep 06, 2007 6:05 am

what if I have 3 or 4 routeros devices in the same network?

Surely this has come up before.
you can only manage 1 of your routers/devices using winbox on port 8291. This is done by setting up port forwarding on your DSL modem.

The rest you will have to use the web interface and select a different port for each device.

Does this make sense ?
 
freewifi
just joined
Posts: 7
Joined: Thu Sep 06, 2007 2:49 am

Re: How to manage multiple Access Points when using WDS

Thu Sep 06, 2007 3:10 pm

yes thanks. i havnt really looked into the web interface. from what I can remember it was quite limited but better than nothing.
cheers
 
unlimitedme
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Tue Apr 24, 2007 1:01 pm

Re: How to manage multiple Access Points when using WDS

Wed Sep 26, 2007 7:56 am

i am very confuse with your setup,
NATing with bridge??? :shock:
 
dsobin
Member Candidate
Member Candidate
Posts: 160
Joined: Mon Jun 04, 2007 3:58 am
Location: New Jersey, USA

Re: How to manage multiple Access Points when using WDS

Fri Sep 28, 2007 10:04 pm

We run a bridged mesh network with two radios (bridged) per node.

On each node, one radio is used for BackHaul (uplink/downlink), and the other is an AP for local users to connect.
The BH radios are all configured as ap-bridge/WDS, with SSID hidden.

All of our nodes are part of a single private subnet.

One node is the gateway and has a public Internet connection. The GW node also runs the hotspot for all the other nodes.

We spent much time trying to figure out how to reach all our nodes from the Internet via winbox. As has
been pointed out, if you have only 1 public IP, you can only port forward 8291 once. You can edit
the firewall each time you want to connect to another node, but this is not useful for managing your network since you need to see all nodes at once.

Our solution turned out to be trivial (after spending 2 months struggling to find a solution, that is!).

On the gateway node we enable the PPTP server, create a pptp user, and assign it a unique address on the
private subnet.

On our network management client where we run winbox, we create a pptp tunnel over the public Internet to the gateway node. Now winbox acts like it's on the same subnet as all of the other nodes and can manage everything at once. I haven't used the Dude yet, but I expect it will work the same as winbox.

If you have never used windows to create a VPN, just select "Create a new connection" under Network Connections and select the options for VPN. Enter the public ip address of the gateway node when asked
and that's about it.

If you have a separate gateway router between the public Internet and the MikroTik nodes, forward TCP port 1723 (which is PPTP) from the gateway router to the private IP address of the first MT node. You also need to forward protocol 47 (GRE) the same way. Some routers do that for you automatically when you forward port 1723. Other routers have special ways of forwarding protocols rather than ports.

Note that you do NOT need to forward port 8291 at all. Once the VPN tunnel is set up, any request from
winbox on port 8291 will appear to originate from inside the first MT node.

A previous response to this post mentioned VPN also, but I saw more posts after that one so I thought I'd
add some more details.

Please let me know if this help you out.

Does anyone think this would be worth a Wiki entry?
 
kanch
newbie
Posts: 41
Joined: Mon Mar 26, 2007 3:41 am
Location: USA/Brazil

Re: How to manage multiple Access Points when using WDS

Sat Sep 29, 2007 6:52 am

I think it should go in the Wiki for sure. Great post
 
davidw
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Apr 27, 2007 11:11 pm

Re: How to manage multiple Access Points when using WDS

Sat Sep 29, 2007 12:55 pm

We run a bridged mesh network with two radios (bridged) per node.

On each node, one radio is used for BackHaul (uplink/downlink), and the other is an AP for local users to connect.
The BH radios are all configured as ap-bridge/WDS, with SSID hidden.

All of our nodes are part of a single private subnet.

One node is the gateway and has a public Internet connection. The GW node also runs the hotspot for all the other nodes.

We spent much time trying to figure out how to reach all our nodes from the Internet via winbox. As has
been pointed out, if you have only 1 public IP, you can only port forward 8291 once. You can edit
the firewall each time you want to connect to another node, but this is not useful for managing your network since you need to see all nodes at once.

Our solution turned out to be trivial (after spending 2 months struggling to find a solution, that is!).

On the gateway node we enable the PPTP server, create a pptp user, and assign it a unique address on the
private subnet.

On our network management client where we run winbox, we create a pptp tunnel over the public Internet to the gateway node. Now winbox acts like it's on the same subnet as all of the other nodes and can manage everything at once. I haven't used the Dude yet, but I expect it will work the same as winbox.

If you have never used windows to create a VPN, just select "Create a new connection" under Network Connections and select the options for VPN. Enter the public ip address of the gateway node when asked
and that's about it.

If you have a separate gateway router between the public Internet and the MikroTik nodes, forward TCP port 1723 (which is PPTP) from the gateway router to the private IP address of the first MT node. You also need to forward protocol 47 (GRE) the same way. Some routers do that for you automatically when you forward port 1723. Other routers have special ways of forwarding protocols rather than ports.

Note that you do NOT need to forward port 8291 at all. Once the VPN tunnel is set up, any request from
winbox on port 8291 will appear to originate from inside the first MT node.

A previous response to this post mentioned VPN also, but I saw more posts after that one so I thought I'd
add some more details.

Please let me know if this help you out.

Does anyone think this would be worth a Wiki entry?
awesome - will give it a go - thanks for the tip
 
davidw
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Apr 27, 2007 11:11 pm

Re: How to manage multiple Access Points when using WDS

Sat Sep 29, 2007 12:59 pm

We run a bridged mesh network with two radios (bridged) per node.

On each node, one radio is used for BackHaul (uplink/downlink), and the other is an AP for local users to connect.
The BH radios are all configured as ap-bridge/WDS, with SSID hidden.

All of our nodes are part of a single private subnet.

One node is the gateway and has a public Internet connection. The GW node also runs the hotspot for all the other nodes.

We spent much time trying to figure out how to reach all our nodes from the Internet via winbox. As has
been pointed out, if you have only 1 public IP, you can only port forward 8291 once. You can edit
the firewall each time you want to connect to another node, but this is not useful for managing your network since you need to see all nodes at once.

Our solution turned out to be trivial (after spending 2 months struggling to find a solution, that is!).

On the gateway node we enable the PPTP server, create a pptp user, and assign it a unique address on the
private subnet.

On our network management client where we run winbox, we create a pptp tunnel over the public Internet to the gateway node. Now winbox acts like it's on the same subnet as all of the other nodes and can manage everything at once. I haven't used the Dude yet, but I expect it will work the same as winbox.

If you have never used windows to create a VPN, just select "Create a new connection" under Network Connections and select the options for VPN. Enter the public ip address of the gateway node when asked
and that's about it.

If you have a separate gateway router between the public Internet and the MikroTik nodes, forward TCP port 1723 (which is PPTP) from the gateway router to the private IP address of the first MT node. You also need to forward protocol 47 (GRE) the same way. Some routers do that for you automatically when you forward port 1723. Other routers have special ways of forwarding protocols rather than ports.

Note that you do NOT need to forward port 8291 at all. Once the VPN tunnel is set up, any request from
winbox on port 8291 will appear to originate from inside the first MT node.

A previous response to this post mentioned VPN also, but I saw more posts after that one so I thought I'd
add some more details.

Please let me know if this help you out.

Does anyone think this would be worth a Wiki entry?
I should clarify something - this is good for managing using winbox but for monitoring using dude it won't work so well if fthe vpn connection drops and does not reconnect.

Our solution was to use port forarding using dst-nat etc and the :"make binding" function - if anyone is interested I will post the configs.
 
dsobin
Member Candidate
Member Candidate
Posts: 160
Joined: Mon Jun 04, 2007 3:58 am
Location: New Jersey, USA

Re: How to manage multiple Access Points when using WDS

Sun Sep 30, 2007 8:04 am

After my last post, we started using Dude via VPN (pptp) and found that it works fine. We've had the connection up since right after that post with no problems. Also, I'm told that we can configure this VPN connection to auto reconnect if it drops.

What is your concern about having the VPN drop? Has this happened after you tried it? Since the
VPN is just a connection over an existing hardwired Internet connection, what might cause it to drop?

We are counting on continuing to use VPN tunnels for the Dude, so any experience you might have with VPN's dropping, or any other problems with this configuration, would be of interest to us.
 
davidw
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Fri Apr 27, 2007 11:11 pm

Re: How to manage multiple Access Points when using WDS

Sun Sep 30, 2007 8:15 am

After my last post, we started using Dude via VPN (pptp) and found that it works fine. We've had the connection up since right after that post with no problems. Also, I'm told that we can configure this VPN connection to auto reconnect if it drops.

What is your concern about having the VPN drop? Has this happened after you tried it? Since the
VPN is just a connection over an existing hardwired Internet connection, what might cause it to drop?

We are counting on continuing to use VPN tunnels for the Dude, so any experience you might have with VPN's dropping, or any other problems with this configuration, would be of interest to us.
I would have thought that if the modem connection drops the adsl connection the chances of it reconnecting are slim - just a gut feel - I have nothing to base this one. I will do some testing over the next few weeks and let you know.

Question for you: How many separate vpn connections will you be maintaining ?
 
dsobin
Member Candidate
Member Candidate
Posts: 160
Joined: Mon Jun 04, 2007 3:58 am
Location: New Jersey, USA

Re: How to manage multiple Access Points when using WDS

Mon Oct 01, 2007 1:14 am

We currently have 3 VPN connections up to different parts of our network, each with a different subnet. Each subnet has between 5 and 10 nodes.

We use DSL at our main location, and it drops for only few minutes maybe once every 3 months, usually in the early hours of the morning. I assume this is maintenance downtime from Verizon.

Since we have a hotspot at the gateway node of each subnet, we also use a make-binding/bypass entry on the hotspot for each node on the subnet.

I think we need a wiki for "How to access servers with static-IP behind a hotspot". We struggled for awhile before figuring it out.
 
enrique
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Thu Mar 30, 2006 12:33 pm

Re: How to manage multiple Access Points when using WDS

Thu Oct 04, 2007 1:51 pm

hello davidw.

come on Post your solution here, it is very interenting.

regards

Who is online

Users browsing this forum: anav, eworm, Jeffgut and 41 guests