Community discussions

MikroTik App
 
mrmcrae
just joined
Topic Author
Posts: 14
Joined: Wed Jul 06, 2022 7:22 pm

Wireless Bridge Design Assistance

Mon Aug 08, 2022 11:07 pm

Firstly I have zero experience with Mikrotik products and been asked to try and assist a customer who have bought these themselves and tried to install however, they themselves are unsure on how to configure them properly.

I have received current config files and a little more info. Not much on there.

I have tried a notepad++ compare mikrotik config and found that P2P-02 does not have an ip route configured, should this be configured?

Should the management VLAN be untagged on both the SW and Mikrotik config? I believe SW-B and SW-C both have a Meraki AP hanging off them.

Customer:

The main issue I was having was with devices authenticating via ISE, DHCP does not seem to be returning requests, so whilst ISE authenticated the device connection failed. If a device has a static IP and authenticates with Mac Address Bypass, the devices work.

P2P-03 and P2P-04 have not been installed/configured yet.

Although their main issue seems to be dhcp related, however, I would like to rule out the Mikrotik configuration and ensure good practices are implemented..

Bridge SI.PNG
Mikrotik P2P-01 Config:
[admin@P2P-01] > export
# jun/13/2022 13:54:10 by RouterOS 7.2.3
# software id = 5YBC-HC9N
#
# model = RBLHGG-60ad
# serial number = CXXXXXXXXX9B
/interface bridge
add admin-mac=C4:AD:XX:XX:XX:05 auto-mac=no comment=defconf ingress-filtering=no name=bridge pvid=105 vlan-filtering=yes
/interface w60g
set [ find ] disabled=no mode=bridge name=wlan60-1 ssid=AtoB
/interface w60g station
add mac-address=C4:AD:XX:XX:XX:06 name=wlan60-station-1 parent=wlan60-1 remote-address=C4:AD:XX:XX:XX:5E
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1 pvid=105
add bridge=bridge ingress-filtering=no interface=wlan60-1 pvid=105
add bridge=bridge ingress-filtering=no interface=wlan60-station-1 pvid=105
/interface bridge vlan
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=1
add bridge=bridge untagged=bridge,ether1,wlan60-1,wlan60-station-1 vlan-ids=105
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=114
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=120
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=204
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=230
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=65
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=180
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=240
/interface list member
add interface=wlan60-1 list=WAN
add interface=bridge list=LAN
/ip address
add address=10.20.105.200/24 comment=defconf interface=ether1 network=10.20.105.0
/ip dns
set servers=10.20.5.13,172.20.5.11
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.20.105.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/system identity
set name=P2P-01
/system ntp client
set enabled=yes
/system ntp client servers
add address=10.20.5.13
add address=10.20.5.11
Mikrotik P2P-02 Config:
[admin@P2P-02] > export
# jun/22/2022 14:33:45 by RouterOS 7.2.3
# software id = NFB1-VT4G
#
# model = RBLHGG-60ad
# serial number = CxxxxxxxxDAD
/interface bridge
add admin-mac=C4:AD:XX:XX:XX:5D auto-mac=no comment=defconf name=bridge pvid=105 vlan-filtering=yes
/interface w60g
set [ find ] disabled=no mode=station-bridge name=wlan60-1 ssid=AtoB
/interface w60g station
add mac-address=C4:AD:XX:XX:XX:5E name=wlan60-station-1 parent=wlan60-1 remote-address=C4:AD:XX:XX:XX:06
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1 pvid=105
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan60-1 pvid=105
add bridge=bridge ingress-filtering=no interface=wlan60-station-1 pvid=105
/interface bridge vlan
add bridge=bridge untagged=ether1,wlan60-1,wlan60-station-1,bridge vlan-ids=105
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=1
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=65
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=114
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=120
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=180
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=204
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=230
add bridge=bridge tagged=ether1,wlan60-1,wlan60-station-1 vlan-ids=240
/interface list member
add interface=wlan60-1 list=WAN
add interface=ether1 list=LAN
/ip address
add address=10.20.105.201/24 comment=defconf interface=ether1 network=10.20.105.0
/ip dns
set servers=10.20.5.13,172.20.5.11
/system identity
set name=P2P-02
/system ntp client
set enabled=yes
/system ntp client servers
add address=10.20.5.13
add address=10.20.5.11
/tool sniffer
set filter-interface=all filter-ip-address=!10.20.5.54/32 filter-mac-address=!C0:25:XX:XX:XX:7B/FF:FF:FF:FF:FF:FF filter-port=!bootps,!bootpc
Switch port configs:
SW-A
interface GigabitEthernet1/0/24
 description WiFi P2P (AtoB)
 switchport trunk allowed vlan 1-20,22-114,116-4094
 switchport trunk native vlan 105
 switchport mode trunk
 no logging event link-status
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 no snmp trap link-status
 mls qos cos 2
 mls qos trust cos
 spanning-tree portfast edge
 spanning-tree bpduguard disable
!
-----------------------------------------

SW-B
interface GigabitEthernet0/1
 description Wireless P2P(Building B to Building A)
 switchport trunk allowed vlan 1-20,22-114,116-4094
 switchport trunk native vlan 105
 switchport mode trunk
 no logging event link-status
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 no snmp trap link-status
 mls qos cos 2
 mls qos trust cos
 spanning-tree portfast edge
 spanning-tree bpduguard disable
 ip dhcp snooping trust
!
-----------------------------------------

 SW-C
 interface GigabitEthernet1/0/1
 description description Wireless P2P (Building C to B)
 switchport trunk allowed vlan 1-20,22-114,116-4094
 switchport trunk native vlan 105
 switchport mode trunk
 switchport nonegotiate
 priority-queue out
 no snmp trap link-status
 mls qos cos 2
 mls qos trust cos
 spanning-tree portfast edge
 spanning-tree bpduguard disable
 ip dhcp snooping trust
!

Any help is greatly appreciated. :)
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: holvoetn, mikronoob89, wojtag and 24 guests