Hi All,
I'm looking for directions/help to get the WAN IP passed through on Lan port 2 (where another router will pick this up). I already have the bridge working picking up WAN/Internet traffic on VLAN 100 back to the lan ports (192.168.x.x) - but i want to get rid of the NAT here.
any help/sample config files available?
Kr,
Pascal
Re: Help needed: Transparant bridge: WAN IP on LAN port 2
Normally pure bridge with the two ports you want to join together should be enough. Take care not to have any ip settings on that bridge or its members.
-
-
prmfeddema
newbie
- Posts: 29
- Joined:
Re: Help needed: Transparant bridge: WAN IP on LAN port 2
Hi Jarda,
thanks for the reply. I've tried the bridge option but this is not working for me (most likely due to my ignorance). I'm getting an ip on the sfp1, but no ip on the vlan100. Also the ip is not propagated to the connected pc on lan port 2. Would you be willing to help me out (or would you have some scripts that i can use as an example?
The desired target infra looks like this: Log of the bridge solution:
i have a routed solution working - but the key here is to eliminate natting on the MikroTik.
routed log screenshot for the existing (routed) solution i have this config
thanks for the reply. I've tried the bridge option but this is not working for me (most likely due to my ignorance). I'm getting an ip on the sfp1, but no ip on the vlan100. Also the ip is not propagated to the connected pc on lan port 2. Would you be willing to help me out (or would you have some scripts that i can use as an example?
The desired target infra looks like this: Log of the bridge solution:
i have a routed solution working - but the key here is to eliminate natting on the MikroTik.
routed log screenshot for the existing (routed) solution i have this config
You do not have the required permissions to view the files attached to this post.
Re: Help needed: Transparant bridge: WAN IP on LAN port 2
If I understand well, you just want to make the media conversion from sfp to ethernet. Nothing more. All the other networking tasks should do the Asus, right? If so,
1) remove whole configuration from the mikrotik (will need to manage mikrotik over connected mac address after that)
2) make the bridge, set the administrative mac address to it other than the mac registered at the ISP (that mac should be on the interface of Asus with dhcp client on, heading to mikrotik)
3) put sfp and ehternet heading to Asus to the bridge (will need to reconnect the winbox as mac address would change probably)
this is the minimum you need to do.
If you will need any other features available, you would need to make special VLAN on the interface in ASUS and connect that VLAN to your inner network bridge in ASUS. Then make the same VLAN on the other side in mikrotik and put DHCP client on it. IP forwarding of the mikrotik should be off, in case it intercepts something.
1) remove whole configuration from the mikrotik (will need to manage mikrotik over connected mac address after that)
2) make the bridge, set the administrative mac address to it other than the mac registered at the ISP (that mac should be on the interface of Asus with dhcp client on, heading to mikrotik)
3) put sfp and ehternet heading to Asus to the bridge (will need to reconnect the winbox as mac address would change probably)
this is the minimum you need to do.
If you will need any other features available, you would need to make special VLAN on the interface in ASUS and connect that VLAN to your inner network bridge in ASUS. Then make the same VLAN on the other side in mikrotik and put DHCP client on it. IP forwarding of the mikrotik should be off, in case it intercepts something.
-
-
IPAsupport
Frequent Visitor
- Posts: 62
- Joined:
Re: Help needed: Transparant bridge: WAN IP on LAN port 2
Would you share with us your bridge config?
-
-
prmfeddema
newbie
- Posts: 29
- Joined:
Re: Help needed: Transparant bridge: WAN IP on LAN port 2
Apologies for the late reply - all my time has been taken up by work. Thanks for the input.
I have the internet bridge working now - i will post the config and new diagram shortly. Remaining actions are to get full IPTV (i only get a part of the channels) and security in place. Diagram and config will be posted shortly.
Kr,
Pascal
I have the internet bridge working now - i will post the config and new diagram shortly. Remaining actions are to get full IPTV (i only get a part of the channels) and security in place. Diagram and config will be posted shortly.
Kr,
Pascal
-
-
prmfeddema
newbie
- Posts: 29
- Joined:
Re: Help needed: Transparant bridge: WAN IP on LAN port 2
So here is the current config:
As you can see i nicely get the WAN ip address and pass this on to my asus router and it works very well - however the full objective to have IPTV running over the LAN (after the Asus router/mesh network) is not yet achieved.
Config:
As for IPTV: IPTV is working - but only for a limited amount of channels - i'm guessing a part of the IPTV goes over the vlan and another part does not (it seems that additional work is need to get the HD channels). I suspect this has to do with routing an an IGMP proxy/snooping/vlan 101 but i'm lacking some knowledge in this area here. I need some help here (i can run several test if needed).
Finally - and as you can see there is no firewalling being done. Does anyone have pointer to a good setup to cover the basics here?
As you can see i nicely get the WAN ip address and pass this on to my asus router and it works very well - however the full objective to have IPTV running over the LAN (after the Asus router/mesh network) is not yet achieved.
Config:
Code: Select all
# jan/04/1970 16:17:38 by RouterOS 6.47.3
# software id = ECBP-PPX7
#
# model = RB760iGS
/interface bridge add igmp-snooping=yes name=bridge-lan protocol-mode=none pvid=100 vlan-filtering=yes
/interface vlan add interface=sfp1 name=vlan101 vlan-id=101
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port add bridge=bridge-lan interface=sfp1
/interface bridge port add bridge=bridge-lan interface=ether2 pvid=100
/interface bridge vlan
# port with pvid added to untagged group which might cause problems, consider adding a seperate VLAN entry
add bridge=bridge-lan tagged=sfp1 untagged=ether2 vlan-ids=100,101
/routing igmp-proxy set quick-leave=yes
/routing igmp-proxy interface add alternative-subnets=0.0.0.0/0 interface=vlan101 upstream=yes
/routing igmp-proxy interface add interface=bridge-lan
As for IPTV: IPTV is working - but only for a limited amount of channels - i'm guessing a part of the IPTV goes over the vlan and another part does not (it seems that additional work is need to get the HD channels). I suspect this has to do with routing an an IGMP proxy/snooping/vlan 101 but i'm lacking some knowledge in this area here. I need some help here (i can run several test if needed).
Finally - and as you can see there is no firewalling being done. Does anyone have pointer to a good setup to cover the basics here?
You do not have the required permissions to view the files attached to this post.