Community discussions

MUM Europe 2020
 
jzero4242
just joined
Topic Author
Posts: 5
Joined: Wed Jan 15, 2020 12:29 pm
Location: United Kingdom

Home IoT and guest wifi not working

Wed Jan 15, 2020 9:12 pm

I am planning to set up an isolated IoT (smart devices) wifi network at home, I have read some tips and ideas but I am still stuck.
What works: private wifi works, sees the internet, IoT's wifi connects, and IoT devices can see each other
What doesn't work: the IoT wifi doesn't see neither the internet or the private net (servers)
My setup (I also attached the picture below)
  • I have an internet gateway/router, with fiber optic link, which exists and is given, it's not a Mikrotik, but I want to leave it there. It also has a DHCP server
  • I am adding my Mikrotik AC2, in bridged mode, so it's on the same 192.168.1.0/24 network as all the internal ethernet
  • There will be a second AC2, but I'm not there yet
On the Mikrotik (I also attached the config) I have successfully set up IP addresses for the IoT LAN, also a virtual AP, also DHCP (although that is only for testing, as I will use static IPs for devices), also set up a bridge (for possible VLAN separation in the future). I have also attempted to masquerade, but that didn't help either.
Anywhere I read it says the subnets should see each other (when computers are connected both to the Mikrotik at least), but they don't. Just starting to go mad about this, glad if someone can have any ideas.
homelan1.png
You do not have the required permissions to view the files attached to this post.
 
jzero4242
just joined
Topic Author
Posts: 5
Joined: Wed Jan 15, 2020 12:29 pm
Location: United Kingdom

Re: Home IoT and guest wifi not working

Thu Jan 16, 2020 2:56 pm

I still need help, but just one note:
- I can actually ping 192.168.1.2 from the Iot net (homeaut) wifi, but not 192.168.1.1 (the internet gateway router)
- However, if I enable the masquerading rule (that's in the attached config), I can even ping 192.168.1.1, so all the 192.168.1.0/24 local subnet. But I still cannot access the internet, not even with that masquerading.
 
WeWiNet
Member Candidate
Member Candidate
Posts: 208
Joined: Thu Sep 27, 2018 4:11 pm

Re: Home IoT and guest wifi not working

Thu Jan 16, 2020 6:26 pm

Do I read this right that you use same IP address range on the Mirkotik device clients in "home NET" and on the Internet Gateway?
I assume this is the error...?
WeWiNet

**
MTCNA
hapac2, map, hap-lite, ltap-mini, RB4011 :-) !!!
 
jzero4242
just joined
Topic Author
Posts: 5
Joined: Wed Jan 15, 2020 12:29 pm
Location: United Kingdom

Re: Home IoT and guest wifi not working

Fri Jan 17, 2020 1:41 am

Do I read this right that you use same IP address range on the Mirkotik device clients in "home NET" and on the Internet Gateway?
I assume this is the error...?
I don't think that's a problem. The internet gateway (router) has a public IP address and an internal address of 192.168.1.1, also DHCP serving the whole 192.168.1.0/24 subnet.
I am using mikrotik in bridge mode, just the management IP address is 192.168.1.2, otherwise all home net wifi clients and LAN clients get DHCP addresses from my internet gateway, so all 192.168.1.*
And this part works (at least on wifi).
Just my split off IoT network doesn't see the internet, and only sees 192.168.1.* through NAT, which shouldn't be needed.
 
User avatar
jvanhambelgium
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Home IoT and guest wifi not working  [SOLVED]

Fri Jan 17, 2020 8:22 am

I still need help, but just one note:
- I can actually ping 192.168.1.2 from the Iot net (homeaut) wifi, but not 192.168.1.1 (the internet gateway router)
- However, if I enable the masquerading rule (that's in the attached config), I can even ping 192.168.1.1, so all the 192.168.1.0/24 local subnet. But I still cannot access the internet, not even with that masquerading.
Well ... this seems a very basic routing issue. You are pinging from 192.168.10.x (IOT Net) towards your ISP/Gateway ... does it have route back for that ? It only knows about 192.168.1.x which is locally connected on its LAN-side. If you NAT upfront towards some 192.168.1.x then indeed you'll get reply from the ISP/Gateway.
Fact that you can ping 192.168.1.2 (= Wifi AP) from the connected IOT Net because your client (wired/wireless) is directly connected here.

Your last comment is interesting

However, if I enable the masquerading rule (that's in the attached config), I can even ping 192.168.1.1, so all the 192.168.1.0/24 local subnet. But I still cannot access the internet, not even with that masquerading.

So indeed after MASQ/NAT you can now ping the ISP/Gateway which makes sense, but I would assume you could do that. The IP-packing coming into your ISP/Gateway now carries a source-IP of 192.168.1.2 (after NAT) and destined for Internet (eg. 8.8.8.8). Can you configure this ISP/Gateway ? Are there security features on this that prevent IP's not "handed out" by its local DHCP to access
to be forwarded ? Any logging on this box ?
 
jzero4242
just joined
Topic Author
Posts: 5
Joined: Wed Jan 15, 2020 12:29 pm
Location: United Kingdom

Re: Home IoT and guest wifi not working

Fri Jan 17, 2020 11:19 pm

Thank you for the ideas. It's actually almost working -- except for the internet access.
I have set up a Raspberry Pi at address 192.168.1.10 (HomeLan)
And connected with a mobile to the IoT network: 192.168.10.254
Once I added a "static route" on the Raspberry Pi, so that 192.168.10.0/24 is routed through 192.168.1.2 (the Mikrotik bridge IP address), things worked, so Raspberry Pi (on HomeLan) sees my mobile phone (Iot network), and vica versa. All good on that part.

But my Iot network (mobile phone) still doesn't see the internet.
Maybe you're right and my internet gateway/router refuses to allow unregistered IP address sources access to the internet (MAC filtering).
I even tried to add a static route on the internet gateway (like above), but that didn't help.

Now I also realize my Mikrotik router also cannot pull firmware updates and cannot ping the internet for the same reason.

As a test I think I will try to DHCP client my Mikrotik to see if this might be the problem.
 
jzero4242
just joined
Topic Author
Posts: 5
Joined: Wed Jan 15, 2020 12:29 pm
Location: United Kingdom

Re: Home IoT and guest wifi not working

Fri Jan 17, 2020 11:27 pm

That was it!! Thank you!

It was my internet gateway/router, it had automatic MAC+DHCP filtering, so it didn't allow neither my Mikrotik or the subnets out to the internet.
Once I set Mikrotik to DHCP and then set a fix IP address on the DHCP server, it all worked.

Who is online

Users browsing this forum: isldboy and 41 guests