I'm using IP cams for work projects, usually connected to a PoE switch for data and current, the switch being connected to a computer or an nvr or whatever. The thing is that I need to equip a location where I won't be able to pull a long enough PoE cable. I have two MikroTik GrooveA 52 ac and my goal is to connect one of them to the IP cam, the other one to the computer or nvr and access the IP cam data from the computer/nvr.
From my research, I understand that creating a bridge between the two mikrotik devices could be a solution. Currently, I have been able to connect the two mikrotik devices together, one in bridge mode, the other in station bridge mode, using the nv2 protocol. I created a bridge on the eth1 and wan1 interfaces on both devices and assigned fixed IP adresses on the bridges, on the same subnet (192.168.88.X).
To test the network, my station-bridge mikrotik is connected by Lan to a computer. I can't access the IP cam adress and I really don't understand what more should I do. I tried using different subnets (my IP cam IP is 192.168.254.X) but it doesn't seem to work either. I tried to give my computer network board a fixes IP adress on the same subnet than the bridge to ensure that it can communicate with it, doesn't work either (+ I'm not sure if I should give it an adress on the same subnet than the bridge or than the eth1 port but whatever).
Following are my mikrotik configurations.
Bridge device :
Code: Select all
[admin@MikroTik] > /export hide-sensitive
# jan/02/1970 01:32:27 by RouterOS 6.47.10
# software id = 3T9K-QFMV
#
# model = RBGrooveGA-52HPacn
# serial number = <CENSORED>
/interface bridge
add name="Camera Bridge"
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
country=france disabled=no frequency=auto installation=outdoor mode=bridge \
nv2-security=enabled ssid="MikroTik Veodis" wireless-protocol=nv2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
# DHCP server can not run on slave interface!
add address-pool=default-dhcp disabled=no interface=ether1 name=defconf
/interface bridge port
add bridge="Camera Bridge" interface=ether1 trusted=yes
add bridge="Camera Bridge" interface=wlan1 trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=LAN
add comment=defconf interface=wlan1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=\
192.168.88.0
add address=192.168.88.2 interface="Camera Bridge" network=192.168.88.2
/ip dhcp-client
# DHCP client can not run on slave interface!
add comment=defconf disabled=no interface=wlan1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Station-bridge device :
Code: Select all
[admin@MikroTik] > /export hide-sensitive
# jan/02/1970 01:20:55 by RouterOS 6.47.10
# software id = RWX4-XH9J
#
# model = RBGrooveGA-52HPacn
# serial number = <CENSORED>
/interface bridge
add name="Camera Bridge"
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
country=france disabled=no frequency=auto installation=outdoor mode=\
station-bridge nv2-security=enabled ssid="MikroTik Veodis" \
wireless-protocol=nv2
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.11-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=ether1 name=defconf
/interface bridge port
add bridge="Camera Bridge" interface=ether1 trusted=yes
add bridge="Camera Bridge" interface=wlan1 trusted=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=LAN
add comment=defconf interface=wlan1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether1 network=\
192.168.88.0
add address=192.168.88.3 interface="Camera Bridge" network=192.168.88.3
/ip dhcp-client
add comment=defconf interface=wlan1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
And yes I know i'm probably using outdated routeros version but will ofc update it before really installing the network.
Thank you very much for your help, i'm really getting crazy here.
NilsRiver