Community discussions

MikroTik App
 
istbolgar
just joined
Topic Author
Posts: 1
Joined: Mon May 09, 2022 5:53 pm

wAP as Bridged Wireless Adapter

Mon May 09, 2022 6:15 pm

Hey, everyone. I have what should be a very simply configuration that's just not working the way I would expect. Hopefully it's something stupid that I'm missing.

Basically we're just trying to connect IP cameras to eth1 and eth2 of a wAP ac, connect wlan1 or wlan2 to a wireless network, and bridge all four of those interfaces together (though only one of the wlan ports would be enabled at a time), and effectively create a wireless adapter for the two connected devices. However, while devices connected to eth1 and eth2 can communicate with each other and even receive DHCP addresses from the router, no other traffic will not pass from behind the wAP to the core network or from the core to the wAP's client devices. As you can see below, there are no firewall rules or NAT in place. I'm not sure why traffic can make it up to the wAP itself from either side but not through it since the interfaces should effectively be acting as a switch. Even stranger is that some traffic does seem to pass, like DHCP and ONVIF discovery, but nothing else. Any help would be appreciated.
# may/09/2022 11:01:17 by RouterOS 7.2.1
# software id = 5Q5F-WIHZ
#
# model = RBwAPG-5HacD2HnD
# serial number = 
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united states" frequency=auto name=wlan2G ssid="[removed]" station-roaming=enabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40mhz-Ce country="united states" disabled=no frequency=auto name=wlan5G ssid="[removed]" station-roaming=enabled
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,rest-api"
/interface bridge port
add bridge=bridge1 interface=wlan5G
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/ip dhcp-client
add interface=bridge1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=America/New_York
/system identity
set name=wAPac01-Pilot
/system ntp client
set enabled=yes
/tool romon
set enabled=yes
 
AidanAus
Member Candidate
Member Candidate
Posts: 177
Joined: Wed May 08, 2019 7:35 am
Location: Australia
Contact:

Re: wAP as Bridged Wireless Adapter

Tue May 10, 2022 5:55 am

the big thing here will be if you are connecting to another Mikrotik or if you are using a 3rd party device, due to the way the 802.11 protocol works the packets will loose one of the 4 mac addresses needed in the header to fully forward layer 2 packets. This is not a Mikrotik constraint but one that effect all party's devices since it is a constraint with the protocol its self and is only on the station/client side.

If you are going from Mikrotik to non-mikrotik you will not be able to bridge the interface over unless you use something like WDS but that will cause you to loose half your throughput due to the fact that all devices will become AP's and will need to re broadcast transmittions.
the easy way to do this is to set the mikrotik's wireless interface to station, then add a dhcp client onto that interface, from there you can go to ip/firewall nat and add a masquerade going out that interface. Once this is done you would add all the other interfaces to their own bridge and set up a local lan.
doing it this way will add an additional nat to the other end of the network and will only allow that network to access the net or the devices on the other side of the wireless bridge and not traffic initiated form the other way since there is no nat.

I would 100% recommend reading what the station modes do, as well as this there is a section that will go into more detail about the 802.11 limitation that is 100% worth the read
https://wiki.mikrotik.com/wiki/Manual:W ... tion_Modes

Who is online

Users browsing this forum: Bing [Bot], dmitris, karlisi, onnyloh, sadjoe and 96 guests