Community discussions

MikroTik App
 
darthgizm0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sat Dec 17, 2022 5:27 am
Location: USA

Wireless repeater and AP

Wed May 24, 2023 5:57 pm

Hello all,

I have a client who has 4 lawn sprinkler controllers that can be controlled via mobile app once they are connected to a wifi network. They have one controller that is 127 meters away across a baseball field from the maintenance shed that has a Cisco AP broadcasting the wifi signal from a mast mounted near the roof of the shed. There are times where the controller will disconnect from the wifi and the staff cannot manage the controller.

To resolve this issue I began thinking of using an external wAP ac mounted to a mast near the controller to act as a wireless repeater and broadcast a local SSID for the controller to connect to. I tested a scenario with a hAP ac lite where it would connect to my home wifi and the hAP ac lite would broadcast a local SSID so my phone could connect to it and could communicate with the main network. My testing gave me the results I was looking to accomplish so I asked the client to purchase a wAP ac but during the on-site setup I was not able to get an IP from the firewall.

Now that it's the next day and had a chance to think about it more the Cisco AP is broadcasting a SSID that will connect tag traffic on VLAN 8. Do I need to configure the VLAN in the Mikrotik as well so it can request an IP on VLAN 8 that the Cisco AP is connecting?

Summary:
I can connect to a SSID tagged on VLAN 8 with my phone and receive an IP
I setup a wAP ac as a wireless repeater to connect to the same SSID and broadcast a local SSID for a sprinkler controller, nothing connected to the repeater can't get an IP from the router
Do I need to configure a VLAN in the Mikrotik repeater for devices connecting to the Mikrotik SSID to receive an IP from the repeated network?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5326
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireless repeater and AP

Wed May 24, 2023 6:25 pm

If your phone can connect and get an IP, so should wap. VLAN should not be needed on wap since it will act as extension of the wifi channel.
But how is the wap configured ?
Export config, minus serial, post between [ ] code quotes so we can have a look.

On your home test setup, is your wifi router also Mikrotik ? I assume you used station bridge mode on hap ac lite to test ?
That will most likely not work with non-MT APs.
Maybe mode station-pseudobridge-clone might work ?
 
darthgizm0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sat Dec 17, 2022 5:27 am
Location: USA

Re: Wireless repeater and AP

Wed May 24, 2023 7:05 pm

I am remote so I was working with my tech who was testing the wAP in his home and I was testing with the hAP ac lite in my home that does have a hEX for the router and cAP ac for wifi. The wAP was using station pseudobridge to connect to the home wifi. Home wifi is ISP modem/router. I'll see if I can export config in a bit.
 
darthgizm0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sat Dec 17, 2022 5:27 am
Location: USA

Re: Wireless repeater and AP

Fri May 26, 2023 4:18 pm

Here is the config, I tried using a DHCP server on the wAP ac for my devices to get an IP and browse out but that didn't work.
# may/19/2023 11:55:41 by RouterOS 6.48.6
# software id = MEBG-J4C0
#
# model = RBwAPG-5HacD2HnD

/interface bridge
add admin-mac=18:FD:74:50:2A:B9 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-onlyac channel-width=\
    20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \
    installation=outdoor mode=ap-bridge name=wlan2-5G ssid=Mikrotik-5 \
    wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=\
    wlan1-2.4-Rainbird-repeater supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=\
    station-pseudobridge name=wlan1-2.4 security-profile=\
    wlan1-2.4-Rainbird-repeater ssid=Rainbird
add disabled=no mac-address=1A:FD:74:50:2A:BA master-interface=wlan1-2.4 \
    name=wlan1 security-profile=wlan1-2.4-Rainbird-repeater ssid=Rainbird.mt \
    wds-default-bridge=bridge wps-mode=disabled
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name="bridge dhcp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=wlan1-2.4
add bridge=bridge comment=defconf interface=wlan2-5G
add bridge=bridge interface=*8
add bridge=bridge interface=wlan1
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1-2.4 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
# DHCP client can not run on slave interface!
add comment=defconf disabled=no interface=ether1
add disabled=no interface=bridge
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=4.2.2.2,8.8.8.8 \
    gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system ntp client
set enabled=yes server-dns-names=pool.ntp.org
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-ip-address=192.168.88.252/32
 
holvoetn
Forum Guru
Forum Guru
Posts: 5326
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireless repeater and AP

Fri May 26, 2023 4:42 pm

Hmmm, Rainbird ? Used to have valves with an older controller back in France from that brand.
Had to replace them every 3 or 4 years because of frost damage (somehow they kept water inside even when all pipes were drained and aired yet when it freezes, well ...a nice crack)
Didn't know they also have wireless connected devices.

Reviewing help pages I see station-pseudobridge-clone (and station-pseudobridge) only allow one device to be connected from what I can see.

If a separate subnet is an option:
- change mode of wlan1-2.4 to station
- remove wlan1-2.4 from bridge
- move dhcp client from interface bridge to wlan1-2.4
It should get an IP from the AP it connects to.

At this point clients connecting to that wap should get an IP from DHCP pool on your device.
And they should get out (since you nicely put wlan1-2.4 in the WAN list).

On ether1 you also have a DHCP client but ether 1 is part of bridge. So can't do that.
Some "rogue" interface names (old tests ?) on bridge ports. Best to clean them out.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10186
Joined: Mon Jun 08, 2015 12:09 pm

Re: Wireless repeater and AP

Fri May 26, 2023 4:51 pm

Remember that you cannot run a bridging wireless repeater across different brands! WiFi does not have a standardized transparent bridge mode.
The safest bet is to remove the bridge and make a routing setup, i.e. have a different network on the AP side (with its own DHCP server etc), and double-NAT.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5326
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireless repeater and AP

Fri May 26, 2023 4:56 pm

That's what station mode does and removing that wifi interface from the bridge.
 
darthgizm0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sat Dec 17, 2022 5:27 am
Location: USA

Re: Wireless repeater and AP

Wed May 31, 2023 6:11 pm

Reviewing help pages I see station-pseudobridge-clone (and station-pseudobridge) only allow one device to be connected from what I can see.

If a separate subnet is an option:
- change mode of wlan1-2.4 to station
- remove wlan1-2.4 from bridge
- move dhcp client from interface bridge to wlan1-2.4
It should get an IP from the AP it connects to.

At this point clients connecting to that wap should get an IP from DHCP pool on your device.
And they should get out (since you nicely put wlan1-2.4 in the WAN list).
We are testing it now in office, in station mode the wAP ac does connect to a SSID, the wAP ac does receive an IP from the main network and can ping an internet IP. The next step I need is the wAP ac to broadcast a SSID for the Rainbird device to connect to (for our testing it will be an mobile phone). I created a virtual wlan and configured it as an ap bridge with the primary interface being wlan-2.4 but it does not broadcast.

Any suggestions?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5326
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireless repeater and AP

Wed May 31, 2023 6:32 pm

Without seeing what you already put in the config, hard to tell.
 
darthgizm0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sat Dec 17, 2022 5:27 am
Location: USA

Re: Wireless repeater and AP

Wed May 31, 2023 8:04 pm

Sorry about that, here is the current config.
# may/31/2023 12:47:59 by RouterOS 6.48.6
# software id = MEBG-J4C0
#
# model = RBwAPG-5HacD2HnD

/interface bridge
add admin-mac=18:FD:74:50:2A:B9 auto-mac=no comment=defconf name=bridge
add name=bridge1 protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states" \
    disabled=no name=wlan1-2.4 ssid=Compu-Global-Hyper-Mega-Net
set [ find default-name=wlan2 ] disabled=no name=wlan2-5G ssid=MikroTik
add mac-address=1A:FD:74:50:2A:BA master-interface=wlan1-2.4 name=wlan1 ssid=\
    "Jorge's Test" wds-default-bridge=bridge wps-mode=disabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name="bridge dhcp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1-2.4 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add disabled=no interface=bridge
add disabled=no interface=wlan1-2.4
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=4.2.2.2,8.8.8.8 \
    gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system ntp client
set enabled=yes server-dns-names=pool.ntp.org
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-ip-address=192.168.88.252/32
 
holvoetn
Forum Guru
Forum Guru
Posts: 5326
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireless repeater and AP

Wed May 31, 2023 8:16 pm

This part:
add mac-address=1A:FD:74:50:2A:BA master-interface=wlan1-2.4 name=wlan1 ssid=\
    "Jorge's Test" wds-default-bridge=bridge wps-mode=disabled

The new virtual interface is named wlan1 (confusing :shock: )
You did not add it to the bridge ?
You should also add it to interface list LAN.
I would remove this part: wds-default-bridge=bridge. There is no WDS link.

Next:
you have 2 DHCP clients. One on WLAN1-2.4 which is ok.
But also one on bridge ? Not ok.

Can you do those changes already ?

PS it is sometimes easier to use one radio for the uplink and the other for the downlink.
But I guess distance is requiring you to use 2.4GHz for the uplink and the Rainbird devices will also have only 2.4GHz capability ?
 
darthgizm0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sat Dec 17, 2022 5:27 am
Location: USA

Re: Wireless repeater and AP

Wed May 31, 2023 8:24 pm

You are correct on that assumption which is why I was trying the station pseudobridge option. I need to connect to a 2.4 SSID and broadcast a 2.4 SSID for the Rainbird. It has a 2.4 GHz WLAN NIC only.
 
darthgizm0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sat Dec 17, 2022 5:27 am
Location: USA

Re: Wireless repeater and AP

Wed May 31, 2023 8:26 pm

Do I need to make a virtual wireless interface and add it to a bridge with wlan-2.4?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5326
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireless repeater and AP

Wed May 31, 2023 8:38 pm

No.
Wlan1-2.4 is your uplink.
Stays of the bridge.

But your virtual itf needs to be added to bridge and proper interface list, as indicated before.
I suggest you do the changes I mentioned.
 
darthgizm0
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 56
Joined: Sat Dec 17, 2022 5:27 am
Location: USA

Re: Wireless repeater and AP

Wed May 31, 2023 10:08 pm

Thank you for your help, I added the virtual interface to the bridge, cleaned up any wrong/leftover configuration and the wifi test is working as expected. Latest export is below.
# may/31/2023 15:00:06 by RouterOS 6.48.6
# software id = MEBG-J4C0
#
# model = RBwAPG-5HacD2HnD

/interface bridge
add admin-mac=18:FD:74:50:2A:B9 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan2 ] name=wlan2-5G ssid=MikroTik
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
add authentication-types=wpa2-psk comment="Password: *" mode=\
    dynamic-keys name=client_profile supplicant-identity=MikroTik
add authentication-types=wpa2-psk comment="Password: *" mode=\
    dynamic-keys name=Rainbird_profile supplicant-identity=MikroTik
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn country="united states" \
    disabled=no name=wlan1-2.4 security-profile=client_profile ssid=\
    client
add disabled=no mac-address=1A:FD:74:50:2A:BA master-interface=wlan1-2.4 \
    name=wlan-Rainbird security-profile=Rainbird_profile ssid=Rainbird \
    wps-mode=disabled
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name="bridge dhcp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge interface=ether1
add bridge=bridge interface=wlan-Rainbird
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wlan1-2.4 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add disabled=no interface=wlan1-2.4
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=4.2.2.2,8.8.8.8 \
    gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface-list=WAN
/system clock
set time-zone-name=America/New_York
/system identity
set name=MikroTik-wAP-ac
/system ntp client
set enabled=yes server-dns-names=pool.ntp.org
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-ip-address=192.168.88.252/32
 
holvoetn
Forum Guru
Forum Guru
Posts: 5326
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Wireless repeater and AP

Wed May 31, 2023 10:09 pm

Perfect !

Who is online

Users browsing this forum: connorcrb, grusu and 31 guests