Community discussions

MikroTik App
 
cw1nte
newbie
Topic Author
Posts: 27
Joined: Sun Jun 07, 2020 6:27 pm

Management access to PtP link

Sat Jan 25, 2025 4:36 pm

Hi. Confession - I'm no network expert but can normally get things working. Rather than cobble something to do what I want I'd like to understand standard or good practice for this sort of situation...

I have a wireless-wire link from my home office to the house ISP router and internet, all working OK.
(I swapped around interfaces so WAN is on PoE Ether5 so the pair of Ubiquity Nanostations 5ACget PoE power each (the other end has an injector), that all seems fine and I can access management of the 5ACs suing DHCP IP addresses but these were given by the house router.
That is not ideal as the tools, logs and expertise live my office end, if there is any problem with link or kit I want to be able to look from my end step by step and not require access via the ISP router before I can see anything.

I've seen complex discussions about VLANS/areas/subnets/DHCP vs fixed IP and large complex installations that do not seem relevant to me (3-8 devices in office and 10-20 in the home).

So I can set up a DHCP server on Ether5, and when I boot 5ACs they take IP from that DHCP and I can see them in my MT hAP Lite address table (done, tested and disabled/reset back again).

What I'm unclear about are the following:
1. DHCP or fixed IPs (I think DHCP looks better as self adjusting and requires less documentation or information to be noted)

2. What IP range to give and what that implies for how to access the management of 5ACs from either end, but primarily from the office end.
This is where I get very out of comfort zone, sure I could cobble something working but what is good practice and what are the implications/issues?

The hAP Lite operates at 192.168.88.1 and...
I'm tempted to think easiest might be to put the DHCP on Ether5 to offer 192.168.87.x or maybe 192.168.20.x as that seems a Ubiquiti common range.
I think that might get routed correctly from office LAN to Ether 5 and work with no messing/setup required at least from the Office end. TBH no idea what would happen or be possible from the house router LAN!

What should I be considering and doing??
Thanks in advance for pointers and contributions.
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: Management access to PtP link

Mon Jan 27, 2025 12:13 am

1. Better fixed IPs, since you'll have only four devices in the subnet and you'll need static routing

2. You could give it whatever IP range you want. The only requirement is that it doesn't clash with any other preexisting subnet.

You could do the following:

1. Add an address to ether5:
/ip address
add address=192.168.87.1/29 interface=ether5
2. Set up static addresses on the AC5s and the home router interface

3. Add a route on the hAP lite pointing to the home router as internet gateway:
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.87.x
4. Add a route on the home router pointing to the hAP lite for traffic destined to its LAN:
/ip route
add dst-address=192.168.88.0/24 gateway=192.168.87.1
as expressed in ROS

If the two routers have the same LAN addresses, you would need to masquerade traffic leaving the hAP lite
 
cw1nte
newbie
Topic Author
Posts: 27
Joined: Sun Jun 07, 2020 6:27 pm

Re: Management access to PtP link

Mon Jan 27, 2025 2:01 pm

Thanks so much for your help. I see the sense in what you say but I don't think there is much control over the router at the home end as the ISP (Virginmedia) make only very basic facilities available, so I can't set the IP AFAIK (re set static address on home router interface). It's port does do DHCP and with the default setup I first started with the 2 AC5s both took an IP from that router in 192.168.0.15x range and were reachable (while all was working well).

The good of that seemed to be that the IP addresses and devices of the AC5s can at least be seen by anyone who needs to see them (I always I assume things may outlive me!).
Downside is I think I need to to have the VirginMedia router operating to access to AC5s from the office LAN. As this is UNTESTED I could be wrong in that - or at least perhaps I could add routes to the MT office router to allow direct traffic. Straying into my ignorance here!

I presently have on MT after my various playings and explorings to date: /ip route print
0 ADS 0.0.0.0/0 192.168.0.1 1
1 ADC 192.168.0.0/24 192.168.0.10 ether5 0
2 ADC 192.168.1.0/28 192.168.1.1 ether5 0
3 ADC 192.168.88.0/24 192.168.88.1 bridge 0
4 X S 192.168.88.0/28 192.168.88.1 ether5 1
5 X S 192.168.88.10/32 ether5 1
Some deactivated...

I had thought to set a DHCP running on Ether5, let it setup some IPs for the AC5s and then make them static so I can know what they are in normal times etc. That is where the 192.168.88.10/32 above came from as I setup a DHCP server in that range on Ether 5.
That way the system seems to me to be self documenting but also would adjust and continue to work if an AC5 is replaced after a failure.
With a suitable route added on etc MT packets would exchange happily (Office LAN) <-> (AC5 either unit) with no need of the VM router at house to be operating/connected etc??
If that is all correct I then need to know how best to choose and set up the route or address ranges at MK and AC5s...

Plus there is some stuff to remove from clean up from my attempts and tests!
( not sure now where/why this one came into being: 2 ADC 192.168.1.0/28 192.168.1.1 ether5 )

The other extra possibility for confusion arises from the short period after booting AC5 when it has management radio on, with 192.168.172.1 if laptop (say) connected on an AC5s own wifi connection. Right now that seems clear enough but in 3 years time when I have not been near any of this stuff??
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: Management access to PtP link

Mon Jan 27, 2025 4:21 pm

Perhaps you could do something else but that would require a second (preferably MT) router - put the Virgin Media router into bridge/modem mode and add your router behind it with more capabilities. That way you'll also be partially independent from the VM router
 
cw1nte
newbie
Topic Author
Posts: 27
Joined: Sun Jun 07, 2020 6:27 pm

Re: Management access to PtP link

Mon Jan 27, 2025 8:03 pm

I had thought about an extra router next to the ISP modem/router, it could help in many ways and I even have a spare MK hAP Lite which seemed to fail on me so I got a new one quick rather than stay out in the office connecting over poor phone signals.
Don't know if you can suggest how to try fixing it: at power on it does the various reset LED patterns as expected but never seems to come up as a wifi device and I can't ping it if I plug in.
Is there some best step-by-step way to test, maybe via the USB? Where might I look for information on that (when I get some time free...)
Is there some way to update or replace firmware and get some access back??

It may be too simple to appear as a problem but if I go for DHCP on Ether5 using a subnet such as 192.168.10.x is there a better way to do it? ie /24 or /28 or /30 - does that really help or change much now or in future?
What is the correct way /minimum extra I need to add for my office LAN to reach that subnet?>
Am I right that until I have a proper router like the MT off the ISP modem/router I may be limited accessing the AC5s etc from the house end?
Thanks again :-)
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: Management access to PtP link

Mon Jan 27, 2025 8:49 pm

For the spare hAP lite, I would suggest resetting it by pushing the small RES button on bootup and then trying to connect to it. If it fails, may Netinstall be on your side.

For the bare minimum to access internet and such through the office LAN, you would use the DHCP subnet of the VM router by setting up static addresses on everything outside of the DHCP pool so that you don't lose access to the antennas if something happens to the home router. On the office router you would also add a default route:
/ip route
add dst-address=0.0.0.0/0 gateway="home_router_IP"
Only limitation would be that you won't be able to access the office LAN from the home end.

As for the netmask, you could leave it for now as the default one (/24)
 
cw1nte
newbie
Topic Author
Posts: 27
Joined: Sun Jun 07, 2020 6:27 pm

Re: Management access to PtP link

Tue Jan 28, 2025 5:09 pm

Hi, and thanks again!!
re "I would suggest resetting it by pushing the small RES button on bootup and then trying to connect to it" that was what I was referring to in my previous (obviously ambiguous/unlear post) about getting the various LED patterns when I pressed reset after boot or prior and during power on.
Despite those ways of resetting seeming to start I never seems to establish any form of contact, maybe I should have waited much longer??
In some cases I may have only waited 5 minutes, and a too early repeat of reset might cause further issues?
Maybe I need to find some time to explore and/or post purely on that topic!

I'll have a go at all this as soon as I get a bit of time!

IDEALLY I'd find a way to allow service discovery across the 2 LANS (more & office) for Spotify, Bonjour, printers etc but under my control.... probably requires all being on the same subnet which requires a NAT router at the home end (that spare hAP Lite?), probably...
 
User avatar
TheCat12
Long time Member
Long time Member
Posts: 520
Joined: Fri Dec 31, 2021 9:13 pm

Re: Management access to PtP link

Tue Jan 28, 2025 6:57 pm

Here you can find details about the reset/Netinstall process for hAP lite:

https://help.mikrotik.com/docs/spaces/U ... 0/hAP+lite

And here more about them generally:

https://help.mikrotik.com/docs/spaces/R ... set+Button



Technically I think they don't need to be on the same subnet but you need a router capable of being set up so that you can add routes
 
jaclaz
Forum Guru
Forum Guru
Posts: 2304
Joined: Tue Oct 03, 2023 4:21 pm

Re: Management access to PtP link

Tue Jan 28, 2025 11:51 pm

Only as a side note, you seem like attempting to access that hap lite via IP (possibly using your browser to access its web interface aka webfig).
If you are not using It, now It Is the right moment to start using Winbox.
The old 3.x version Is Windows only ( but can run in Linux under wine), the new - still experimental -version 4.x can run on Windows, Linux and MacOS.
The advantage Is that It can normally auto-detect Mikrotik devices and can connect both via IP and via MAC.
So even if the device has no IP address (or it has been reset or however has changed from the one you expect It to be) Winbox can usually connect.
Remember that in default configuration ether1 Is blocked as WAN by firewall so try ether2-4.
 
cw1nte
newbie
Topic Author
Posts: 27
Joined: Sun Jun 07, 2020 6:27 pm

Re: Management access to PtP link

Wed Jan 29, 2025 3:10 pm

THANKS TO ALL for the info and illumination shed. I will try the v4 Winbox as had no PC here and did not want to run under a VM though I have some set up...
For historic ref etc for future readers I will try to get around to posting any significant hAP Lite recovery notes...