Community discussions

MikroTik App
 
User avatar
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 169
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

MUM training, first tries - NAT strategy for wireless nodes?

Tue Jan 24, 2006 10:18 am

Hi,

few days ago I got home from MT training before MUM at Prague. Man, the training and the conference itself was really very good experience!

Well, so now I need some at least small pointers. You know, I tried to be really concentrated during the training, both because I wanted to learn something new, and because our teacher, Janis, knows Aikido, so we better tried to be carefull :-)

OK, once I got home, I was able to replace our current Ovislink AP, connected to ADSL, in less than 10 minutes, configuring interfaces, masquarade, dns server etc., so that clients would not notice anything ...

However - the next step is, that we will very soon remove our ADSL nodes, as we got our first true line from big ISP. The network scheme will be as follows -

one main router (MT in PC), 5GHz radio nodes, which will hold 2 - 3 2.4 cards. And here is my question:

I want to see target user PC IPs at main router. But, doing it the way we have it currently, I would see only our 5GH node external interface IP at our main router, not 2.4 clients.

Normally I would put all interfaces into bridge, but from the training I do remember, that wireless interface in client mode can't be put into the bridge. So what is my option? How do I get my 2.4 subnet client IPs to my router? Should I create EoIP tunnel? I simply want those 2 - 3 2.4GHz AP client IPs to be visible by our main router.

Thanks a lot,
Petr
 
User avatar
HarvSki
Member
Member
Posts: 395
Joined: Fri May 28, 2004 3:37 pm
Location: London, UK

Tue Jan 24, 2006 5:17 pm

I think you could use EoIP like this: http://wiki.mikrotik.com/wiki/EoIP
or maybe WDS or route the IPs...
 
User avatar
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 169
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Tue Jan 24, 2006 5:30 pm

Thanks for the tip. I will probably go with EoIP, as WDS is not widely used here. We have nearly full or already full 2.4 band, not so flat area, and nobody uses it for kind of Mesh networks here. But maybe to bridge two or three radios on one RB it would do the job.

As for routing, dunno how to do it without the NAT ...

-pekr-
 
smilga
just joined
Posts: 17
Joined: Wed Jun 02, 2004 3:10 pm

Wed Jan 25, 2006 11:59 am

I suggest you to use WDS instead of EOIP becouse with EOIP you will have bigger overhead.
 
GJS
Member
Member
Posts: 418
Joined: Sat May 29, 2004 4:07 pm
Location: London

Wed Jan 25, 2006 7:27 pm

To route you just need to add static routes and appropriate gateways. As you can only route between different networks you will have to have a network for your customers, say 10.0.1.0/24, then a network between the CPE and the AP, say 10.0.2.0/24, then you can NAT to the public address space.

I found this method the least resource and overhead hungry but adding the extra network between the CPE and the AP added a lot of configuration complexity just because MT cannot bridge between a wireless and ethernet interface.
 
User avatar
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 169
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Thu Jan 26, 2006 5:24 pm

To route you just need to add static routes and appropriate gateways. As you can only route between different networks you will have to have a network for your customers, say 10.0.1.0/24, then a network between the CPE and the AP, say 10.0.2.0/24, then you can NAT to the public address space.

I found this method the least resource and overhead hungry but adding the extra network between the CPE and the AP added a lot of configuration complexity just because MT cannot bridge between a wireless and ethernet interface.
Hi GJS,

I am not sure I understand what you suggest here properly, but well, I am slow sometimes :-)

Our set up will be as follows ....

Router (5AP)
10.0.1.1
|
10.0.1.2 10.0.1.3 10.0.1.4
|-------------|------------|
5CL_1 5CL_2 5CL3
10.0.0.x 10.0.0.x 10.0.0.x

So you trying to say, that with above kind of set-up, that might be a problem? So your suggestion is, that in terms of your network, you should not allow two clients to have the same IP on the whole landscape network picture? So not using NAT?

Could you please tweak IP scheme in my picture above? (I just hope it does not get distorted :-)


btw - does anyone know, why ethernet and wireless adapters can't be bridged? I mean - I know they can't be, but why? Is that technological limitation or just MT simply does not implement it yet? And if it is so, maybe we could write feature-request then :-)

Cheers,
Petr
 
smilga
just joined
Posts: 17
Joined: Wed Jun 02, 2004 3:10 pm

Thu Jan 26, 2006 5:30 pm

For bridge wireless with ethernet use WDS.
You can use nat but you will not see client address in main router.
 
GJS
Member
Member
Posts: 418
Joined: Sat May 29, 2004 4:07 pm
Location: London

Thu Jan 26, 2006 5:59 pm

Hi pekr,

The IP scheme you have shown is correct according to the example I mentioned. In the case of your diagram you have an extra network, 10.0.1.0/24, which you would not need if the clients could act as bridges. It's not a problem, but for me it just complicates the network.

I understand the lack of bridging in MT is due to limitations of 802.11:

http://www.mikrotik.com/docs/ros/2.9/interface/bridge

However, many other client devices are availble that act as transparent bridges.

Also, be aware that some bridges do MAC address translation, where client computer NIC MAC is translated to MAC of the bridge. This can be a benefit if you want to do MAC access control on the AP and only allow your client device to connect, regardless of what computer is being used.
 
User avatar
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 169
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Thu Jan 26, 2006 9:10 pm

Hi pekr,

The IP scheme you have shown is correct according to the example I mentioned. In the case of your diagram you have an extra network, 10.0.1.0/24, which you would not need if the clients could act as bridges. It's not a problem, but for me it just complicates the network.

I understand the lack of bridging in MT is due to limitations of 802.11:

http://www.mikrotik.com/docs/ros/2.9/interface/bridge

However, many other client devices are availble that act as transparent bridges.

Also, be aware that some bridges do MAC address translation, where client computer NIC MAC is translated to MAC of the bridge. This can be a benefit if you want to do MAC access control on the AP and only allow your client device to connect, regardless of what computer is being used.
OK. In our case the node looks like follows - RB532, 5GHz client to connecto main router 5GHz AP (backbone), and 1 - 3 2.4 radios, for client connections ...

As we can't create the bridge between wireless client and AP, then I would use WDS, is that right? So I just create a bridge, then I add 5GHz AP + those 1 - 3 2.4 radios to that? No NAT/Masquarading needed then, right?

As for MAC tranlatioon, for our users we are using Ovislinks, so we have got quite reverse problem - we can't get their MAC and we would like to :-) We don't want more than one PC for each client to be connected, unless he/she asks for that. I know it is nearly impossible to find out NATted network, but it will be at least more difficult for them to hide another computer, while Ovislink has more ports, so it would allow them to connect more PCs by default :-)

Thanks and regards,
-pekr-

Who is online

Users browsing this forum: f008600 and 60 guests