Community discussions

MikroTik App
 
cannotdoit
just joined
Topic Author
Posts: 4
Joined: Sat May 21, 2022 10:57 pm

cAP routing issue

Sat May 21, 2022 11:25 pm

Hi all,
I am trying to remove NAT on my cAP and just use routing, but as soon as I disable the NAT rule, I lose upstream connectivity.
My setup is like that:

Image

I have VirginMedia HUB4 that runs in modem mode; then an opnsense "on a stick" that plays the gateway role. Both are connected to csr125. The opnsense LAN interface is 10.0.1.254/24, the csr's bridge is on 10.0.1.253/24. There's a cAP which ether1 is on 10.0.1.206, while the cAP's bridge is on 10.0.0.254 and the single wireless network is 10.0.0.0/24.

I have configured eBGP between the cAP and the opnsense, which is working just fine - I see all the routes I expect to see on both sides. My goal is to disable NAT on the cAP, but as soon as I do that I lose connectivity to 10.0.1.0/24 network and thus internet connection.
No firewall is enabled on either of the mikrotiks, cause all the rules are on the opnsense. There is ANY-ANY-ALLOW rule on the opnsense's LAN interface.

There's the cAP config:
# may/21/2022 21:11:01 by RouterOS 7.2.3
# software id = D2RT-4QNM
#
# model = RBcAPGi-5acD2nD
/interface bridge add name=bridge1
/interface wireless set [ find default-name=wlan1 ] band=2ghz-g/n basic-rates-a/g=12Mbps basic-rates-b="" country=no_country_set disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower mode=ap-bridge multicast-helper=disabled rate-set=configured skip-dfs-channels=all ssid=myhomessid supported-rates-a/g=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b="" wireless-protocol=802.11 wps-mode=disabled
/interface wireless set [ find default-name=wlan2 ] band=5ghz-onlyac basic-rates-a/g=12Mbps channel-width=20/40/80mhz-Ceee country=no_country_set disabled=no frequency=auto frequency-mode=manual-txpower installation=indoor mode=ap-bridge multicast-helper=disabled rate-set=configured ssid=myhomessid supported-rates-a/g=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps wireless-protocol=802.11 wps-mode=disabled
/interface list add name=WAN
/interface list add name=LAN
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool add name=dhcp ranges=10.0.0.1-10.0.0.100
/ip dhcp-server add address-pool=dhcp interface=bridge1 name=dhcp1
/routing bgp template add as=65002 disabled=no hold-time=12s input.filter="" keepalive-time=4s name=temp1 output.redistribute=connected router-id=10.0.0.254 routing-table=main
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=wlan2
/interface bridge port add bridge=bridge1 interface=wlan1
/ipv6 settings set disable-ipv6=yes
/interface list member add list=LAN
/interface list member add interface=ether1 list=WAN
/interface list member add interface=bridge1 list=LAN
/ip address add address=10.0.0.254/24 interface=bridge1 network=10.0.0.0
/ip dhcp-client add interface=ether1
/ip dhcp-server network add address=10.0.0.0/24 gateway=10.0.0.254 netmask=24
/ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN
/routing bgp connection add as=65002 connect=yes disabled=no hold-time=12s input.filter="" keepalive-time=4s listen=yes local.address=10.0.1.206 .role=ebgp name=opnsense output.redistribute=connected remote.address=10.0.1.254/32 .allowed-as="" .as=65001 router-id=10.0.0.254 routing-table=main templates=temp1 use-bfd=no
/system clock set time-zone-name=Europe/London


Any idea what's going on? Any help will be greatly appreaciated!

Cheers!
Last edited by cannotdoit on Sun May 22, 2022 12:14 am, edited 1 time in total.
 
User avatar
ingdaka
Trainer
Trainer
Posts: 452
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: cAP routing issue

Sat May 21, 2022 11:47 pm

Is not problem on CAP, your router that CAP use as gateway should have a route to CAP LAN IP
 
cannotdoit
just joined
Topic Author
Posts: 4
Joined: Sat May 21, 2022 10:57 pm

Re: cAP routing issue

Sun May 22, 2022 12:05 am

Is not problem on CAP, your router that CAP use as gateway should have a route to CAP LAN IP
Thanks for the answer, ingdaka; However, as I mentioned before, there's an established bgp session between the opnsense and the cAP, ie. the opnsense has a route to cap's LAN.
It is something else..
root@opn:~ # netstat -rn
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 87.x.x.x UGS em0_vlan
10.0.0.0/24 10.0.1.206 UG1 em0 <----------- that's the one
10.0.1.0/24 link#1 U em0
10.0.1.254 link#1 UHS lo0
10.255.0.0/24 link#7 U wg0
10.255.0.1 link#7 UHS lo0
10.255.0.10 link#7 UHS wg0
10.255.0.11 link#7 UHS wg0
87.x.x.x.0/24 link#6 U em0_vlan
87.x,x,x link#6 UHS lo0
127.0.0.1 link#3 UH lo0
194.168.4.100 87.x.x.x UGHS em0_vlan
194.168.8.100 87.x.x.x UGHS em0_vlan

Who is online

Users browsing this forum: BioMax, Fogga, GoogleOther [Bot], itvisionpk, mszru and 46 guests