Community discussions

MikroTik App
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

network design help

Sun Sep 30, 2007 4:31 am

i'm using ROS on PC as a main router , firewall , etc ..
i want to connect it to RB333 as the main AP for my network ..
i just need to make seperated networks using these equipment , like this :

pc-ether1 (192.168.1.1/24) ----> rb333-ether1( 192.168.1.2)----->wlan1 ( 192.168.1.3)
pc-ether2 (192.168.2.1/24) ----> rb333-ether2( 192.168.2.2)----->wlan2 ( 192.168.2.3)
.
.
.
is it possible on the RB side?
i need it to be like that , for example i need to run web-proxy and DHCP server in the main pc for only 192.168.1.0/24 network ..
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Sun Sep 30, 2007 4:38 am

or may be bridge rb-ether1 + rb-wlan1 , rb-ether2 + rb-wlan2 ?
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Sun Sep 30, 2007 7:59 pm

hello ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Mon Oct 01, 2007 1:37 am

what does you mean saying "separated networks"? please clarify the description of the task
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Mon Oct 01, 2007 1:38 am

i need it to be like that , for example i need to run web-proxy and DHCP server in the main pc for only 192.168.1.0/24 network ..
use firewall rules, allow only this subnet and deny all other
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Mon Oct 01, 2007 3:16 am

nice photo , anyway i dont think u understand me at all ..
in RB333 we got 3 ethernet + 3 Wlan slots right ?
can we just make 3 bridges (eth1+wlan1 ) , ( eth2+wlan2) and ( eth3+wlan3) ?
each bridge connected (ethernet) to an interface at the main MT with a different subnet ..
and we had run hotspot , pppoe and dhcp on each of the 3 interfaces at the main MT ..
Image
Last edited by samsoft08 on Mon Oct 01, 2007 4:17 am, edited 2 times in total.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Mon Oct 01, 2007 4:03 am

yep, you even do not need three eths in RB, just make three VLAN interfaces, bridge them with corresponding wlans, and create the same Vlans on MT. then allow packet forwarding from/to internet (optionally, if not using web proxy, for example), and forbid the rest, to disallow communication between wlans

then you can add any hotspot/pppoe/dhcp servers on any vlan you just created
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Mon Oct 01, 2007 5:11 am

nice reply .. ok , i will explain the whole idea :

Image

now , I have two kind of clients , first is a group of clients sharing a bandwidth of 512k/256k , those clients connected to WL01-RB01 and WL04-RB02 on a hotspot server at main ROS ..
second type of clients is clients getting dedicated bandwidth by thier RB's wich is all linked to WL02 (PtmP) .. let's say RB-03 get 1024/256 and RB03 get 384/128 and so on ..

let me guess :
for first type of clients..
at main ROS side , eth01 connected to RB01,
add vlan (vlan01) on eth01 with ip 192.168.1.1/24..
add hotspt on vlan01 ..
at RB01 side , eth01 is connected to main ROS ..
add vlan (vlan01) at eth01
bridge vlan01 + WL01 ... ip 192.168.1.2/24
now every client connected to WL01 will authonticate by the main ROS hotspot .. correct ??

at RB-02 side :
add vlan (vlan01) on WL03(the dish antenna)
bridge vlan01 + WL04(the omni antenna) ... ip 192.168.1.2/24
now every client connected to WL04 will authonticate by the main ROS hotspot .. correct ??

let us stop here couse i need correction or confirmation ..
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Mon Oct 01, 2007 1:48 pm

not quite

at main ROS side , eth01 connected to RB01,
add vlan01 (id=1) on eth01 with ip 192.168.1.1/24
add vlan02 (id=2) on eth01 with ip 192.168.2.1/24
add vlan03 (id=3) on eth01 with ip 192.168.3.1/24
add hotspots on vlan01, vlan02, etc.

at RB01 side , eth01 is connected to main ROS
add vlan01 (id=1) at eth01
add vlan01_2 (id=1) at WL02
add vlan02 (id=2) at eth01
add vlan02_2 (id=2) at WL02
bridge vlan01 + vlan01_2 + WL01 ... no ip - you do not need ip on this bridge
second bridge vlan02 + vlan02_2
now every client connected to WL01 will be authenticated by the main ROS hotspot on interface vlan01

at RB-02 side :
add vlan01 (id=1) on WL03
add vlan02 (id=2) on WL03
add vlan02_2 (id=2) on eth01? well, users
bridge vlan01 + WL04, second bridge vlan02 + vlan02_2 ... no ip
now every client connected to WL04 will be authenticated by the main ROS hotspot on interface vlan01, and clients on RB02-ethernet will be authenticated by hotspot on vlan02
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Tue Oct 02, 2007 12:04 am

its so nice , i like it , but i have some questions :
bridge vlan01 + vlan01_2 + WL01 ... no ip - you do not need ip on this bridge
do you mean i won't assign IP to the RB at all ? wht if i need to login this RB ?

whts the dissadvantages of using vlan's ? as heavy trafick at RB or decreasing throuput ?


is there another solution ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Tue Oct 02, 2007 1:54 am

do you mean i won't assign IP to the RB at all ? wht if i need to login this RB ?
do not assign IP to bridge. assign it to eth01, and bridge will not interfere with it, it will just transport packets from WLAN to VLAN on main MT
added: p.s. err... it's only about RB-01 =) well, you should add IP to bridge on other RBs =)
whts the dissadvantages of using vlan's ? as heavy trafick at RB or decreasing throuput ?
Specifications
Standards and Technologies: VLAN (IEEE 802.1Q)
Hardware usage: Not significant
is there another solution ?
I do not see any easy ways
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Tue Oct 02, 2007 1:10 pm

thanks for your great help , and below is a block diagram of what i understood from your configuration :
Image

there is only IP's that i'm confused about ..
for RB01 we assigned IP to eth01 , wich subnet ?
for the rest of RB's we will assign IP's to the Bridge , is the bridge IP showen above is correct ?
so when i want to ping RB03 for example i'll ping 192.168.2.3 ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Tue Oct 02, 2007 3:47 pm

assign IPs to RB's bridges according to vlan, in which traffic is transmitted, e.g. 192.168.1.3 for RB-01, 192.168.2.3 for RB-02, etc. this is because main MT performs routing, so these segments should agree with addresses, assigned to vlans on main MT
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Tue Oct 02, 2007 10:27 pm

ok 3 more things :

1- wht about RB01 IP ?
2- there will be more than one RB03, they will all work on vlan02 , is it ok ?
3- the wlan02 at RB01 is ap-bridge , RB02-wlan03 , RB03-wlan05 and the rest RB's wlan's linked to wlan02 mode is station , correct ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Tue Oct 02, 2007 11:54 pm

1- wht about RB01 IP ?
also on bridge, for generality =)
2- there will be more than one RB03, they will all work on vlan02 , is it ok ?
if you don't want to differentiate RB03 and others, you may use vlan02
if you do want - then you should add corresponding vlans on RB-next and RB-01
for example, RB-04:
add vlan04 (id=4) on WL06
add vlan04_2 (id=4) on eth01
bridge vlan04 + vlan04_2
and then at RB01:
add vlan04 (id=4) at eth01
add vlan04_2 (id=4) at WL02
second bridge vlan04 + vlan04_2

now every client connected to WL06 will be authenticated by the main ROS hotspot on interface vlan04
3- the wlan02 at RB01 is ap-bridge , RB02-wlan03 , RB03-wlan05 and the rest RB's wlan's linked to wlan02 mode is station , correct ?
sorry, it seems like true, but I did not work with wireless networks =(
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Wed Oct 03, 2007 12:35 am

ok , on RB01 the IP is on the bridge , but we have 2 bridges on RB01 wich bridge ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Wed Oct 03, 2007 1:12 am

ok , on RB01 the IP is on the bridge , but we have 2 bridges on RB01 wich bridge ?
vlan1, of course. other bridges are simply to pass other vlans from WL02 to main MT
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Mon Oct 08, 2007 4:09 am

as written in the manual :
it is not possible to have VLAN put on a wireless interface in station mode bridged with any other interface.
so does this deny all the setup above ???
we suppose to put vlan on wlan which is in station mode !!!!!
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Mon Oct 08, 2007 5:28 am

I made a simple test , its like this :

main ROS :
vlan1 on eth1 , vlan1 ip=192.168.3.1/24
dhcp1 on vlan1

rb01 connected to main ros through eth1 :vlan1 on eth1
wlan1 ap-bridge
bridge1 = wlan1+vlan1
eth1 ip = 192.168.3.10/24

i connected to rb1 wlan1 with a PC wirless card .

now i can do the following:
1-getting ip from dhcp1
2-ping from my PC gateway , DNS , any web site , etc ..
2-ping rb01 from main ros or any other pc connected to it
what i cant do :
1-any kind of internet browsing !!!!

please i need help here its so urgent !!!
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: network design help

Mon Oct 08, 2007 3:17 pm

now i can do the following:
1-getting ip from dhcp1
2-ping from my PC gateway , DNS , any web site , etc ..
2-ping rb01 from main ros or any other pc connected to it
what i cant do :
1-any kind of internet browsing !!!!
i.e. you can traceroute any website (like google.com), but cannot connect to it on port 80?
well, check your firewall filter/nat rules...
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Mon Oct 08, 2007 11:29 pm

its ok now , it was the V3R1 , upgrade to V3R6 solved this problem ( RB333 ) ...
now i'm going to continue testing the rest of the network , thanks for your great help..
 
User avatar
samsoft08
Long time Member
Long time Member
Topic Author
Posts: 613
Joined: Sat Nov 26, 2005 10:52 pm

Re: network design help

Tue Oct 09, 2007 7:20 am

a new problem ..
client who is trying to connect to RB03 through Wlan04 or eth01 , cant even get an IP address from dhcp1 pool1 !!!! whts the problem ?

I begin to think about quit the whole network because i found it not an easy solution ..
maybe Vlan cant work through wireless !!!!!
vlan on main ROS ----> vlan on Wlan ------> vlan on Wlan !!!!!!

Who is online

Users browsing this forum: Bing [Bot] and 34 guests