I have a Mikrotik CRS305 and a HAPAC2 . I have connected both to the ISP Modem via RJ45 . Both HAPAC2 & CRS305 have their own separate DHCP server/clients running on them.
HAPAC2 has WLAN1 & WLAN2
ISP MODEM: VIRGIN MEDIA Modem with multiple RJ45 ports to connect to router(s)
Scenario:
Current Setup
modem->--hapac2 (eth1). Hapac2 is set as dual AP (wlan1 & wlan2) wifi router which has its own DHCP serve and client
modem->CRS305(eth1). CRS305 has its own DHCP serve and client and is connected to a machine ABCD on its ETH4. Machine ABCD doesn't have wifi access
What I am attempting to do
CRS305(ETH2)---->HAPAC(ETH2)
Expectation:
HAPAC2 wlan1-should use the DHCP server of CRS305 (and not of hapac2) . I want to isolate access to Machine ABCD only for devices connected to wlan1. Also devices connected to wlan2 should not see devices on wlan1
HAPAC2 wlan2- should use the DHCP server/Client of HAPAC2. should have no access to Machine ABCD or to anything connected to CRS305
I am trying to isolate the area highlighted in box with dotted lines in the diagram
Edit1: added more info
Edit2: Better diagram
-
-
darmstadtium
just joined
- Posts: 4
- Joined:
HAPac2 WLANs having separate DHCP Client
You do not have the required permissions to view the files attached to this post.
Last edited by darmstadtium on Sun Jan 09, 2022 2:09 pm, edited 9 times in total.
Re: Using Mikrotik HapAC2 as AP on 5ghz and
Create two bridges on the hAP ac^2 and put the given interfaces under the bridge ports:
Code: Select all
/interface/bridge/add name=ETH1
/interface/bridge/add name=ETH2
/interface/bridge/port add bridge=ETH1 interface=ether1
/interface/bridge/port add bridge=ETH1 interface=wlan2
/interface/bridge/port add bridge=ETH2 interface=ether2
/interface/bridge/port add bridge=ETH2 interface=wlan1-
-
darmstadtium
just joined
- Posts: 4
- Joined:
Re: Using Mikrotik HapAC2 as AP on 5ghz and
Thank you. I tried the above but I think something is wrong. when I connect ETH2 of HAPAC2 to CRS305, I see that the CRS305 DHCP server has now leases of all devices previously connected to the 5ghz SSID of hapac2. is this something to do with firewall setting ? I am sorry I am a bit of a novice.
note I have slightly modified my original question to better explain my query .
note I have slightly modified my original question to better explain my query .
Re: Using Mikrotik HapAC2 as AP on 5ghz and
Keep going. I read it several times and I'm still not sure what exactly you want. What is ISP modem? Is it actually a router with more than one LAN port, so you can connect two devices to it? And then you want a separate subnet behind each router? So behind hAP it should include its 5GHz wifi a maybe some ethernet ports. And behind CRS it should include its ethernet ports, and additionally clients connected to hAP 2GHz wifi?Edited for clarity
Re: Using Mikrotik HapAC2 as AP on 5ghz and
Concur with erlinden,
What is the requirement, for users or devices?
A frivolous experiment in what you want is a waste of everyones time without context.
It would appear that a better design could be formulated with a clearer sense of purpose, that speaks very little of the equipment or the relationship between them.
What is germane is the discussion of what the use cases are!
What is the requirement, for users or devices?
A frivolous experiment in what you want is a waste of everyones time without context.
It would appear that a better design could be formulated with a clearer sense of purpose, that speaks very little of the equipment or the relationship between them.
What is germane is the discussion of what the use cases are!
-
-
darmstadtium
just joined
- Posts: 4
- Joined:
Re: Using Mikrotik HapAC2 as AP on 5ghz and
My Apologies again guys. Thanks again for trying to help me here.
I have once again edited the original post for clarity. To add context, I am a Roon user. This is an audio streaming server (Machine ABCD) running Roon , which is connected to my stereo. It has a Remote app I have installed on my iPhone , which I can use to control music playback (playlist selection etc) only if I am on the same network as system ABCD. I am trying to isolate this music server from all other devices in my wifi network apart from those connected to a certain wifi (wlan1)
Plan is setup up wlan1 in such a way that I can only connect to my music server if I am on wlan1. And I will only connect my iPhone to this wlan1 when using my stereo. else my stereo is isolated from other devices on my network . Hope this is better explanation
once again sorry for the initial incomplete query
I have once again edited the original post for clarity. To add context, I am a Roon user. This is an audio streaming server (Machine ABCD) running Roon , which is connected to my stereo. It has a Remote app I have installed on my iPhone , which I can use to control music playback (playlist selection etc) only if I am on the same network as system ABCD. I am trying to isolate this music server from all other devices in my wifi network apart from those connected to a certain wifi (wlan1)
Plan is setup up wlan1 in such a way that I can only connect to my music server if I am on wlan1. And I will only connect my iPhone to this wlan1 when using my stereo. else my stereo is isolated from other devices on my network . Hope this is better explanation
once again sorry for the initial incomplete query
Re: HAPac2 WLANs having separate DHCP Client
Now this is a clear case description. (The initial request was describing an attempt to solve this case)
This looks like a typical VLAN case where WLAN1 en eth4(CRS305) are access ports of that same VLAN, and eth2 on hAP ac2 and on CRS305 are trunk or hybrid ports for that VLAN.
VLAN config will depend on the question if you need access to the internet for machine ABCD or when you are on WLAN1 or not.
There are quite some possibilities. Now you potentially make a loop with the modem-CRS305-hAP ac2. Depending on the requirements this can stay as is or be reduced with one link.
Once requirements are clear, there are enough forum members following this who would be glad to give you the optimal corresponding VLAN setup.
(It can even be done without VLAN) Choice depends on what else you want to do with this equipment.
This looks like a typical VLAN case where WLAN1 en eth4(CRS305) are access ports of that same VLAN, and eth2 on hAP ac2 and on CRS305 are trunk or hybrid ports for that VLAN.
VLAN config will depend on the question if you need access to the internet for machine ABCD or when you are on WLAN1 or not.
There are quite some possibilities. Now you potentially make a loop with the modem-CRS305-hAP ac2. Depending on the requirements this can stay as is or be reduced with one link.
Once requirements are clear, there are enough forum members following this who would be glad to give you the optimal corresponding VLAN setup.
(It can even be done without VLAN) Choice depends on what else you want to do with this equipment.
Re: HAPac2 WLANs having separate DHCP Client
To refine the design, why do you need the CRS305, what other functions does it have as technically you could do without it and connect the hapac to the abcd machine.
-
-
darmstadtium
just joined
- Posts: 4
- Joined:
Re: HAPac2 WLANs having separate DHCP Client
My server connects via an SFP port. And I use the CRS305 as a FMC. I don’t wanna water your time in explaining the audio related reasons why I want the CRS305. Long story short I need it in the loop. And I want it to be a separate network.
Re: HAPac2 WLANs having separate DHCP Client
Vlan10 - WLAN1
Vlan20 - WLAN2
On HAPAC
identify both and any other vlans on the hapac network to the ONE bridge
only vlan20 gets full IP address/dhcp server/IP pool dhcp server network
Vlan10 gets an IP address as per what you want to give it on the subnet such as 192.168.10.4)
Bridge port settings
ether2 is a trunk port in both cases for vlan10, and any other vlans you need to connect between them.
WLAN1 and WLAN2 are access ports with pvid of 10 and 20 respectively on the hapac.
Bridge vlan settings
tagged are bridge,ether2 untagged is wlan10 to vlan-id=10
the untagging of wlan2 is done automatically and does not need entry here (and same for wlan10 above but I put it manually for clarity and so it shows up in the config for reading).
On hapac, if you have a drop all rule at the end of the forward firewall filter chain, then automatically L3 traffic between vlan10 and 20 is blocked.
The fact they are on different vlans blocks the L2 traffic between them. Good to go.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Vlan20 - WLAN2
On HAPAC
identify both and any other vlans on the hapac network to the ONE bridge
only vlan20 gets full IP address/dhcp server/IP pool dhcp server network
Vlan10 gets an IP address as per what you want to give it on the subnet such as 192.168.10.4)
Bridge port settings
ether2 is a trunk port in both cases for vlan10, and any other vlans you need to connect between them.
WLAN1 and WLAN2 are access ports with pvid of 10 and 20 respectively on the hapac.
Bridge vlan settings
tagged are bridge,ether2 untagged is wlan10 to vlan-id=10
the untagging of wlan2 is done automatically and does not need entry here (and same for wlan10 above but I put it manually for clarity and so it shows up in the config for reading).
On hapac, if you have a drop all rule at the end of the forward firewall filter chain, then automatically L3 traffic between vlan10 and 20 is blocked.
The fact they are on different vlans blocks the L2 traffic between them. Good to go.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Who is online
Users browsing this forum: No registered users and 37 guests