At the start, I actually though this be straightforward: set "station-pseudobridge" mode on "mesh" wi-fi interface on one of the Audiences, and I'd be done. Assuming all interfaces are just bridged on both units. But there is only "station" mode in wifiwave2, so not so simple. Certainly using ap on one, station on another does just connect. But the "mesh" wifi interface are ports of the bridge interface, the ONLY traffic that passes are the "Neighbors"/CDP broadcast but ARP goes unanswered so anything IP fails. Changing the ARP mode of the "mesh" wifi interface had no effects – tried them all (proxy-arp, local-proxy-arp, enabled, & disabled even) , in all combos on both sides, just in case. I would have though at least the far end of the wifi link would work, but if the connected router does not respond to requires for it's own IP. Basically it seems once a wifiwave2 "station" goes into a bridge, ARP doesn't work, at all.
Removing the "mesh" wifi interface from the bridge, assigning IPs and routing between the two Audience does work - so the "station" to "ap" does seem to work at 802.11-level. But my goal is bridge ONE L2 LAN between the two units, not just have them do L3 routing between them.
Not detoured, and curious to see if there was at least someway to make this work. My next idea was to use a EoIP tunnel (sorta like DTLS tunnels used CAPsMAN) over the non-bridge "mesh" interface, then add the EoIP tunnel to the bridge. This does in fact work, but obviously MTU is squashed. I ran into another issue with wifiwave2 in that it seemingly doesn't allow the MTU to be changed (or perhaps the UI/CLI doesn't correctly reflect the change) – for my testing, I just changed the EoIP tunnel to 1500 MTU.
Obviously the EoIP tunnel isn't ideal and I suspect I've run into bugs/limits of the wifiwave2 package. So perhaps this is just a feature request for "station-pseudobridge" in wifiwave2 package.
Be also curious if I'm missing something/someway to bridge between two Audience using wifiwave2, to eventually eat some CAKE .
I'll post the configuration, but basically I think there are still some bugs/missing things in wifiwave2...
The "Hub" Audience (e.g. "wifi" mesh interface is in AP mode):
# nov/14/2021 10:31:11 by RouterOS 7.1rc6
# software id = AC0K-0Z8R
# model = RBD25GR-5HPacQD2HPnD
/interface bridge
add name=bridge1
/interface lte
# SIM not present
set [ find ] allow-roaming=no name=lte1
/interface eoip
add comment="tunnel using non-bridged \"mesh\" wifi interface to another Audie\
nce in station mode, so bridge1 is connect between an in-range peer" \
local-address=192.168.71.1 mac-address=02:23:06:EB:8C:53 mtu=1500 name=\
eoip-wifimesh remote-address=192.168.71.72 tunnel-id=71
/interface vrrp
add comment="use VRRP on bridge1 so only one default route for \"mesh bridge\"\
\_(if peer cannot connect or is off, each unit still operates independentl\
y)" interface=bridge1 name=vrrp-bridge1 priority=99
/interface list
add name=WAN
add name=LAN
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes name=mobileskyfi
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes name=noproblem
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes name=ztsecure
/interface wifiwave2 configuration
add channel.skip-dfs-channels=all .width=20mhz country="United States3" name=\
M171 security=mobileskyfi ssid=M171
add channel.skip-dfs-channels=all country="United States3" name=SkyTower \
security=noproblem ssid=SkyTower
add channel.skip-dfs-channels=all country="United States3" hide-ssid=yes \
name=SkyBridge security=ztsecure ssid=SkyBridge+SkyTower
/interface wifiwave2
set [ find default-name=wifi1 ] configuration=M171 configuration.mode=ap \
disabled=no name=wifi-2.4Ghz
set [ find default-name=wifi2 ] configuration=SkyTower configuration.mode=ap \
disabled=no name=wifi-5Ghz
set [ find default-name=wifi3 ] arp-timeout=30s configuration=SkyBridge \
configuration.mode=ap disabled=no l2mtu=1600 mtu=1550 name=wifi-MeshAP
/ip pool
add name=dhcp ranges=192.168.0.201-192.168.0.249
add name=dhcp_pool1 ranges=192.168.71.201-192.168.71.249
/ip dhcp-server
add address-pool=dhcp interface=vrrp-bridge1 lease-time=1h name=dhcp1
add address-pool=dhcp_pool1 interface=wifi-MeshAP name=dhcp2
/port
set 0 name=usb1
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
identity="xxx" name=zt1 \
port=9993
/zerotier interface
add instance=zt1 mac-address=2E:D1:09:E9:A3:35 name=zerotier1 network=\
xxx
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=wifi-2.4Ghz
add bridge=bridge1 interface=wifi-5Ghz
add bridge=bridge1 interface=eoip-wifimesh
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=lte1 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=wifi-2.4Ghz list=LAN
add interface=wifi-MeshAP list=LAN
add interface=wifi-5Ghz list=LAN
add interface=bridge1 list=LAN
add interface=vrrp-bridge1 list=LAN
add interface=eoip-wifimesh list=LAN
add interface=ppp-out1 list=WAN
add interface=zerotier1 list=LAN
/ip address
add address=192.168.0.71/24 interface=bridge1 network=192.168.0.0
add address=192.168.0.1 interface=vrrp-bridge1 network=192.168.0.1
add address=192.168.71.1/24 interface=wifi-MeshAP network=192.168.71.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.71.72 client-id=1:c4:ad:34:86:57:ae comment=\
"for M172-Rizi station (routing & EoIP need fixed IP address)" \
mac-address=C4:AD:34:86:57:AE server=dhcp2
/ip dhcp-server network
add address=192.168.0.0/24 comment="bridge1 LAN (via VRRP)" dns-server=\
208.67.222.222,8.8.4.4 gateway=192.168.0.1 netmask=24
add address=192.168.71.0/24 comment=\
"PtMP Hub network for using \"mesh\" wifi interface without bridging" \
dns-server=208.67.222.222,8.8.4.4 gateway=192.168.71.1
/ip dns
set servers=208.67.222.222,8.8.4.4
/ip firewall filter
add action=accept chain=forward comment="allow zerotier" in-interface=\
zerotier1
add action=accept chain=input comment="allow zerotier" in-interface=zerotier1
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment="always allow winbox" connection-state=\
related dst-port=8291 protocol=tcp
add action=drop chain=input in-interface-list=!LAN
add action=drop chain=forward comment=\
"invalid connections should not go out to LTE" connection-state=invalid \
log=yes log-prefix=lteinvalid out-interface=lte1
add action=drop chain=output comment=\
"invalid connections should not go out to LTE" connection-state=invalid \
log=yes log-prefix=lteinvalid out-interface=lte1
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip packing
add disabled=yes interface=eoip-wifimesh packing=compress-all unpacking=\
compress-all
/ip route
add check-gateway=ping comment=\
"static route to M172-Rizi \"station\" in \"mesh\" wifi" disabled=no \
distance=12 dst-address=0.0.0.0/0 gateway=192.168.71.72 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=lte1 type=external
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=M171-Yizi
/system logging
add topics=debug
/system routerboard settings
set auto-upgrade=yes cpu-frequency=auto
/tool graphing interface
add
/tool netwatch
add down-script=\
":log warn \"netwatch ping over local mesh NOT responding within 100ms\"" \
host=192.168.71.72 interval=1s timeout=100ms up-script=\
":log info \"netwatch ping over local mesh responding within 100ms\""
add down-script=\
":log info \"netwatch ping to Google NOT responding within 250ms\"" host=\
8.8.8.8 interval=1s timeout=250ms up-script=\
":log debug \"netwatch ping to Google responding within 250ms\""
add down-script=\
":log error \"netwatch ping to Google NOT responding within 500ms\"" \
host=8.8.8.8 interval=1s timeout=500ms up-script=\
":log info \"netwatch ping to Google responding within 500ms\""
/tool sms
set port=lte1 receive-enabled=yes
/tool sniffer
set file-limit=10000KiB file-name=wifi-m171.pcap filter-interface=wifi-MeshAP
# nov/14/2021 10:30:48 by RouterOS 7.1rc6
# software id = 8QEA-KKXK
# model = RBD25GR-5HPacQD2HPnD
/interface bridge
add name=bridge1
/interface lte
set [ find ] allow-roaming=no band="" mtu=1480 name=lte1
/interface eoip
add comment="tunnel using non-bridged \"mesh\" wifi interface to another Audie\
nce in AP mode, so bridge1 is connect between an in-range peer" \
local-address=192.168.71.72 mac-address=02:B4:CF:BA:59:9F mtu=1500 name=\
eoip-wifimesh remote-address=192.168.71.1 tunnel-id=71
/interface vrrp
add comment="use VRRP on bridge1 so only one default route for \"mesh bridge\"\
\_(if peer cannot connect or is off, each unit still operates independentl\
y)" interface=bridge1 name=vrrp-bridge1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=broadband ip-type=ipv4 use-peer-dns=no
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes name=mobileskyfi
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes name=noproblem
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes name=ztsecure
/interface wifiwave2 configuration
add channel.skip-dfs-channels=all country="United States3" name=SkyTower \
security=noproblem ssid=SkyTower
add channel.skip-dfs-channels=all country="United States3" hide-ssid=yes \
name=SkyBridge security=ztsecure ssid=SkyBridge+SkyTower
add channel.skip-dfs-channels=all .width=20mhz country="United States3" name=\
M172 security=mobileskyfi ssid=M172
/interface wifiwave2
set [ find default-name=wifi1 ] configuration=M172 configuration.mode=ap \
disabled=no name=wifi-2.4Ghz
set [ find default-name=wifi2 ] configuration=SkyTower configuration.mode=ap \
disabled=no name=wifi-5Ghz
set [ find default-name=wifi3 ] arp-timeout=30s configuration=SkyBridge \
configuration.mode=station disabled=no l2mtu=1600 mtu=1550 name=\
wifi-MeshStation
/ip pool
add name=dhcp ranges=192.168.0.201-192.168.0.249
/ip dhcp-server
add address-pool=dhcp interface=vrrp-bridge1 lease-time=1h name=dhcp1
/routing table
add fib name=""
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp,rest-api"
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
identity="xxx" name=zt1 \
port=9993
/zerotier interface
add instance=zt1 mac-address=2E:28:C3:96:80:D3 name=zerotier1 network=\
xxx
/interface bridge port
add bridge=bridge1 comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge1 comment=defconf ingress-filtering=no interface=wifi-2.4Ghz
add bridge=bridge1 comment=defconf ingress-filtering=no interface=wifi-5Ghz
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=eoip-wifimesh
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=bridge1 list=LAN
add interface=lte1 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=wifi-2.4Ghz list=LAN
add interface=wifi-MeshStation list=LAN
add interface=wifi-5Ghz list=LAN
add interface=vrrp-bridge1 list=LAN
add interface=eoip-wifimesh list=LAN
add interface=zerotier1 list=LAN
/ip address
add address=192.168.0.72/24 interface=bridge1 network=192.168.0.0
add address=192.168.0.1 interface=vrrp-bridge1 network=192.168.0.1
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=\
"PtMP Station for \"mesh\" wifi interface (obtain IP from \"hub\" AP)" \
default-route-distance=21 interface=wifi-MeshStation use-peer-dns=no \
use-peer-ntp=no
/ip dhcp-server network
add address=192.168.0.0/24 comment="bridge1 LAN (via VRRP)" dns-server=\
208.67.222.222,8.8.4.4 gateway=192.168.0.1 netmask=24
/ip dns
set servers=208.67.222.222,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward comment="allow zerotier" in-interface=\
zerotier1
add action=accept chain=input comment="allow zerotier" in-interface=zerotier1
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment="always allow winbox" dst-port=8291 \
protocol=tcp
add action=drop chain=input in-interface-list=!LAN
add action=drop chain=forward comment=\
"invalid connections should not go out to LTE" connection-state=invalid \
log=yes log-prefix=lteinvalid out-interface=lte1
add action=drop chain=output comment=\
"invalid connections should not go out to LTE" connection-state=invalid \
log=yes log-prefix=lteinvalid out-interface=lte1
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip packing
add disabled=yes interface=eoip-wifimesh packing=compress-all unpacking=\
compress-all
/ip route
add check-gateway=ping comment="static route to \"hub\" for internet routing, \
used if local LTE interface is down" disabled=no distance=15 dst-address=\
0.0.0.0/0 gateway=192.168.0.71 pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=lte1 type=external
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=M172-Rizi
/system logging
add topics=debug
/system package update
set channel=development
/system routerboard settings
set auto-upgrade=yes cpu-frequency=auto
/tool graphing interface
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add down-script=\
":log warn \"netwatch ping over local mesh NOT responding within 100ms\"" \
host=192.168.71.1 interval=1s timeout=100ms up-script=\
":log info \"netwatch ping over local mesh responding within 100ms\""
add down-script=\
":log info \"netwatch ping to Google NOT responding within 250ms\"" host=\
8.8.8.8 interval=1s timeout=250ms up-script=\
":log debug \"netwatch ping to Google responding within 250ms\""
add down-script=\
":log error \"netwatch ping to Google NOT responding within 500ms\"" \
host=8.8.8.8 interval=1s timeout=500ms up-script=\
":log info \"netwatch ping to Google responding within 500ms\""
/tool sms
set port=lte1 receive-enabled=yes
/tool sniffer
set file-limit=10000KiB file-name=wifi-m172.pcap filter-interface=\
wifi-MeshStation
1. The MTU docs don't specifically mention the Audience: https://help.mikrotik.com/docs/display/ ... n+RouterOS
2. Out of curiosity, I'm not sure ip/packing does anything in v7.1rc6 - though it be radically different way to clamp L2 MTU and/or reduce packet sizes, curious at CPU/latency for the compression on something more powerful like the Audience. But didn't seem to work, even though the interfaces I tried were all "neighbors".