Community discussions

MikroTik App
 
Jojo1243
just joined
Topic Author
Posts: 4
Joined: Wed Feb 03, 2021 1:56 pm

Can Hap ac2 repeat and create a private wireless network at the same time?

Wed Feb 03, 2021 8:32 pm

Hi mikrotiks!

I am fresh and amazed by the mikrotik capabilities.
Now I have to create the following network setup and was wondering how to set it up. I understand and am able to setup the simple repeating process but I want to achieve a second network on another floor with its own IP range and own SSID to make it more private rather it being all the same network. But both nets will use the same ISP which is alright. The privacy just has to filter out the other devicea in plain view.

How do I achieve this:

ISP --- Router w/ WiFi SSID A (((--))) office devices IP-Range A
(((--))) Mikrotik as repeater but SSID B (((--))) private devices IP-Range B

How ist this possible? Preferably with its own DHCP for SSID B.

Also I would like to setup the repeating inside mikrotik for the best data exchange similar like crossband repeating. Is that possible, too? If so, how?

Thanks for any hints in the right direction!
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 1452
Joined: Mon Apr 08, 2019 1:16 am

Re: Can Hap ac2 repeat and create a private wireless network at the same time?  [SOLVED]

Thu Feb 04, 2021 3:22 pm

1. Quickset CPE comes close to what you want. But Quickset does not have enough flexibility to complete the setup.

2. Needed building blocks are:
-WLAN as station, in the WAN interface lis (this triggers protection and NAT with the default firewall), with DHCP client , not connected to bridge
- Bridge (if you have multiple LAN ports), in the LAN interface list (allows access and forwarding with the default firewall), IP address, DNS server and DHCP server
- LAN ports (no IP address or other IP services if bridge is used)
- - other band WLAN as AP
- - virtual WLAN on top of the "WLAN as station" set up as AP (will be sharing the radio. AP will wait for station being connected to start operating)
- - ethernet interfaces (all connected to bridge)

3. Example
Use ether2-5 to do the config starting from the factory default. (Ether1 is blocked by firewall default!)
WLAN1 (2.4GHz) as uplink. Add DHCP client (or move DHCP client from ether1 to WLAN1). Remove WLAN1 from the bridge port.
Set SSID and security for connection (or scan and select SSID) on WLAN1. WLAN1 gets IP address; DNS server and Gateway from your other network.
WLAN2 as AP, with its own SSID and security. WLAN2 clients get IP address from DHCP server on bridge. They use bridge as gateway. They do NAT with the WLAN1 IP address for internet access.
WLANxx (Virtual WLAN with WLAN1 as master) set up as WLAN2. Works as WLAN2. Don't forget to add to bridge.
Ethernet connections, all connected to bridge (check ether1 !!! which was the WAN port in the default setup and was not connected to bridge)

4. Unless you wanted something else ... like having original AND private LAN both distributed by the hAP ac2
 
Jojo1243
just joined
Topic Author
Posts: 4
Joined: Wed Feb 03, 2021 1:56 pm

Re: Can Hap ac2 repeat and create a private wireless network at the same time?

Thu Feb 04, 2021 5:26 pm

Hi bpwl,

thank you so much for taking the time!
Yes indeed I was stuck in Quickset and couldn't get it right.

I think I understood everything except for the Virtual WLAN Part. Could you elaborate that particular step a little further, please?
Is the Virtual WLAN here working only to keep the original WLAN free for more Data to pass through or what is its purpose? If I set this up for WLAN1 but to act as WLAN2 I will mix the ranges here, don't I? Is a single Virtual WLAN able to transmit all the radio and configuration parts for both WLAN interfaces to their respective exchange Points or am I understanding something wrong here? In my current incomplete understanding both WLAN interfaces would need a Virtual WLAN to benefit from separated configuration and Data transmission?

regarding 4: No I think you understood correctly. The original router will remain sending and transmitting data on its own SSID. I just need the MikroTik to add another one on top with its own sec but sharing the originals Internet access.
1. Quickset CPE comes close to what you want. But Quickset does not have enough flexibility to complete the setup.

2. Needed building blocks are:
-WLAN as station, in the WAN interface lis (this triggers protection and NAT with the default firewall), with DHCP client , not connected to bridge
- Bridge (if you have multiple LAN ports), in the LAN interface list (allows access and forwarding with the default firewall), IP address, DNS server and DHCP server
- LAN ports (no IP address or other IP services if bridge is used)
- - other band WLAN as AP
- - virtual WLAN on top of the "WLAN as station" set up as AP (will be sharing the radio. AP will wait for station being connected to start operating)
- - ethernet interfaces (all connected to bridge)

3. Example
Use ether2-5 to do the config starting from the factory default. (Ether1 is blocked by firewall default!)
WLAN1 (2.4GHz) as uplink. Add DHCP client (or move DHCP client from ether1 to WLAN1). Remove WLAN1 from the bridge port.
Set SSID and security for connection (or scan and select SSID) on WLAN1. WLAN1 gets IP address; DNS server and Gateway from your other network.
WLAN2 as AP, with its own SSID and security. WLAN2 clients get IP address from DHCP server on bridge. They use bridge as gateway. They do NAT with the WLAN1 IP address for internet access.
WLANxx (Virtual WLAN with WLAN1 as master) set up as WLAN2. Works as WLAN2. Don't forget to add to bridge.
Ethernet connections, all connected to bridge (check ether1 !!! which was the WAN port in the default setup and was not connected to bridge)

4. Unless you wanted something else ... like having original AND private LAN both distributed by the hAP ac2
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 1452
Joined: Mon Apr 08, 2019 1:16 am

Re: Can Hap ac2 repeat and create a private wireless network at the same time?

Thu Feb 04, 2021 6:29 pm

You triggered my "Virtual WLAN" response, because you said "repeater". A one wifi radio device can be a "repeater", accepting a wifi connection from a network, and have clients at the same time by using two functions on the same radio. (hAp ac2 has 2 radio's, one in the 2.4 GHz band and one in the 5 GHz band.) The virtual WLAN is only needed here to be able to have clients connecting on both radio's, while having a connection to the ISP at the same time. It's not ideal. It's sharing that capacity for the 2 functions. But with a single radio hAP (hAp Lite, mAP, ...) it would have been the only way. If you want the full performance and can connect all clients to the other band, don't use that virtual WLAN. (or just disable it)

Creating WLAN and Virtual WLAN is also done, when you hit "Setup Repeater" in Winbox while looking at the master WLAN.

Another reason for having virtual WLAN, is when you have more than one SSID. (Other brands typically give you the ability of using 4 SSID's per radio). A second SSID here, on the same radio, will require a virtual WLAN. (it has it's own settings like mode, SSID and security, but uses the same frequency as the master WLAN). You can have more then 4 SSID's this way. (The practical limit is 20 as you share the capacity, the software limit is 127 per radio)

Your WLAN's are all connected to the bridge. So data flows equally, independent on what WLAN you are connected. Using one band for the uplink and the other band for the clients is no problem. It is called "repeater turbo mode" with some brands, as there is no performance penalty for sharing the radio for 2 functions. It's the preferred setup for performance.

In the hAP ac2 WLAN1 is for band 2.4 GHz, and WLAN2 is for band 5 GHz. They are both master WLAN. One master WLAN is for one radio. Both WLAN can have the same SSID (and security). Clients will roam between the 2 SSID on the clients decision. (normally based on signal strength, and mostly preferring 5 GHz these days).
 
Jojo1243
just joined
Topic Author
Posts: 4
Joined: Wed Feb 03, 2021 1:56 pm

Re: Can Hap ac2 repeat and create a private wireless network at the same time?

Fri Feb 05, 2021 1:52 pm

Dear bpwl,

you are one of the reasons the internet is still a good place sometimes after all.
Thank you very much for taking the extra time to respond extensively without having prejudices.
You just wanted to help somebody you never met and never will in such detail and nicely written. That's rare and amazing.
All the best to you and thanks again!
You triggered my "Virtual WLAN" response, because you said "repeater". A one wifi radio device can be a "repeater", accepting a wifi connection from a network, and have clients at the same time by using two functions on the same radio. (hAp ac2 has 2 radio's, one in the 2.4 GHz band and one in the 5 GHz band.) The virtual WLAN is only needed here to be able to have clients connecting on both radio's, while having a connection to the ISP at the same time. It's not ideal. It's sharing that capacity for the 2 functions. But with a single radio hAP (hAp Lite, mAP, ...) it would have been the only way. If you want the full performance and can connect all clients to the other band, don't use that virtual WLAN. (or just disable it)

Creating WLAN and Virtual WLAN is also done, when you hit "Setup Repeater" in Winbox while looking at the master WLAN.

Another reason for having virtual WLAN, is when you have more than one SSID. (Other brands typically give you the ability of using 4 SSID's per radio). A second SSID here, on the same radio, will require a virtual WLAN. (it has it's own settings like mode, SSID and security, but uses the same frequency as the master WLAN). You can have more then 4 SSID's this way. (The practical limit is 20 as you share the capacity, the software limit is 127 per radio)

Your WLAN's are all connected to the bridge. So data flows equally, independent on what WLAN you are connected. Using one band for the uplink and the other band for the clients is no problem. It is called "repeater turbo mode" with some brands, as there is no performance penalty for sharing the radio for 2 functions. It's the preferred setup for performance.

In the hAP ac2 WLAN1 is for band 2.4 GHz, and WLAN2 is for band 5 GHz. They are both master WLAN. One master WLAN is for one radio. Both WLAN can have the same SSID (and security). Clients will roam between the 2 SSID on the clients decision. (normally based on signal strength, and mostly preferring 5 GHz these days).
 
User avatar
snib
just joined
Posts: 2
Joined: Sun Feb 21, 2021 3:44 am

Re: Can Hap ac2 repeat and create a private wireless network at the same time?

Sun Feb 21, 2021 9:56 am

Thank you very much, senior bpwl, for your reply which is marked as the solution as it helped me to finally understand what I had to add to the default configuration to make my device doing both getting traffic from another Wifi AP and NATting it both to the Ethernet ports and over its own Wifi AP. I was looking for that solution several times, including this forum, and all my previous attempts failed. It also helped me to understand how to convert the ether1/WAN port to an usual LAN port, which is pretty neat thing on my device because it has just 3 Ethernet ports in all.
And I'm total newbie to RouterOS.
The three essential things for me to understand were:
- virtual WLAN2 needs to be part of the one and only bridge along with all the LAN ports;
- WLAN1 must be in station mode, while WLAN2 in ap-bridge mode;
- DHCP server must be assigned to the bridge.
What annoyed me the most was the fact that many other much simpler and cheaper routers has this feature/mode working out of the box. But meanwhile I couldn't find a solution for RouterOS to make the same setup working. IMHO this mode should be one of the default modes on the Quickset page, because it's very widely demanded, much more often than CPE mode, especially for the devices with two radio bands and for those devices that allow to add additional Wifi modules/adapters.

I have a question not concerning RouterOS but Wifi itself. It's probably a pretty silly question. Why is there that limitation that Wifi adapters can't switch fast enough to support two (or more) access points using different radio channels? Is that just hard (or too expensive) to implement or is that deliberately limited by the standard?
You triggered my "Virtual WLAN" response, because you said "repeater". A one wifi radio device can be a "repeater", accepting a wifi connection from a network, and have clients at the same time by using two functions on the same radio. (hAp ac2 has 2 radio's, one in the 2.4 GHz band and one in the 5 GHz band.) The virtual WLAN is only needed here to be able to have clients connecting on both radio's, while having a connection to the ISP at the same time. It's not ideal. It's sharing that capacity for the 2 functions. But with a single radio hAP (hAp Lite, mAP, ...) it would have been the only way. If you want the full performance and can connect all clients to the other band, don't use that virtual WLAN. (or just disable it)

Creating WLAN and Virtual WLAN is also done, when you hit "Setup Repeater" in Winbox while looking at the master WLAN.

Another reason for having virtual WLAN, is when you have more than one SSID. (Other brands typically give you the ability of using 4 SSID's per radio). A second SSID here, on the same radio, will require a virtual WLAN. (it has it's own settings like mode, SSID and security, but uses the same frequency as the master WLAN). You can have more then 4 SSID's this way. (The practical limit is 20 as you share the capacity, the software limit is 127 per radio)

Your WLAN's are all connected to the bridge. So data flows equally, independent on what WLAN you are connected. Using one band for the uplink and the other band for the clients is no problem. It is called "repeater turbo mode" with some brands, as there is no performance penalty for sharing the radio for 2 functions. It's the preferred setup for performance.

In the hAP ac2 WLAN1 is for band 2.4 GHz, and WLAN2 is for band 5 GHz. They are both master WLAN. One master WLAN is for one radio. Both WLAN can have the same SSID (and security). Clients will roam between the 2 SSID on the clients decision. (normally based on signal strength, and mostly preferring 5 GHz these days).
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 1452
Joined: Mon Apr 08, 2019 1:16 am

Re: Can Hap ac2 repeat and create a private wireless network at the same time?

Sun Feb 21, 2021 3:41 pm

What annoyed me the most was the fact that many other much simpler and cheaper routers has this feature/mode working out of the box. But meanwhile I couldn't find a solution for RouterOS to make the same setup working. IMHO this mode should be one of the default modes on the Quickset page, because it's very widely demanded, much more often than CPE mode, especially for the devices with two radio bands and for those devices that allow to add additional Wifi modules/adapters.
Yes there is a large market of "wifi repeaters" just doing that. In many cases sold by ISP or shops for "Smart wifi" or "wifi everywhere in the house" solutions. Also carried as a wifi-assistent when travelling. The Quicksets are very limited, and it is difficult to know what they actually will bring, they almost never support 2 wifi radio's. I think MKT has brought us the wizard "Setup Repeater", in the hope just to cover that, as the whole setup is fairly simple once you understand RouterOS.
I have a question not concerning RouterOS but Wifi itself. It's probably a pretty silly question. Why is there that limitation that Wifi adapters can't switch fast enough to support two (or more) access points using different radio channels? Is that just hard (or too expensive) to implement or is that deliberately limited by the standard?
I don't know if anyone has a single radio operating on multiple channels. But a radio in a channel is quite busy. It must listen to all transmission headers to know how long the airtime is reserved for that transmission, an important information in the 'game' to acquire a slot for transmission, An AP must also send beacons (10/second). A radio might listen on another channel (e.g. to check if it is free for DFS usage) , but I would be surprised it can really synchronize with a second channel to be able to participate in the transmissions.

Who is online

Users browsing this forum: meshnet and 31 guests