Community discussions

MikroTik App
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Colubris/Mikrotik in Hotel

Sun Oct 05, 2008 12:26 am

I want to connect my 4 RB433 AP Bridge with Gateway colubris MSC3200 connected with ethernet cable. By default forward work on wlan, if users connect to AP different, they are visible between them. How to hide users
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Colubris/Mikrotik in Hotel

Sun Oct 05, 2008 4:29 am

If I'm correct in assuming you're using the colubris as the main access controller and the mikrotik as a wireless point, just turn off "default forwarding" on the mikrotik wireless interface.
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: Colubris/Mikrotik in Hotel

Mon Oct 06, 2008 3:38 pm

yes, default forwarding is already OFF.
EXAMPLE: IF MR ANTONIO is LINKED TO ACCESS POINT 1 AND MR UGO is ASSOCIATED WITH ACCESS POINT 2, AND I ARE ASSOCIATED WITH ACCESS POINT 3, I SEE ME THAT, MR ANTONIO AND MR UGO ON IPSCAN.....CAN YOU SEE THEM IN COMPUTER. NOT SAFE!!!
VLAN AND ETHERNET RB411A ARE IN FOR BRIDGE CONFIGURATION

AP1----
AP2---- <---- SWICTH <------- MSC3200 <------ ADSL
AP3----
AP4----
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Colubris/Mikrotik in Hotel

Mon Oct 06, 2008 4:28 pm

Ah ok I see what you mean.. you need to setup vlans on the local switch there comming back to a single promiscuious plug (that will goto the colubris)

When you connect AP's up like that, although they will not pass traffic from wireless clients connected to the same AP, the switch will happily pass connections coming in from one AP out to the other.

You just want to make sure that each port can only see itself and the uplink port (sometimes referred to as a "customer vlan" or an "edge vlan" depending on what sort of switch you're using).. and if it's not managed then you're not going to be able to fix it.
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: Colubris/Mikrotik in Hotel

Mon Oct 06, 2008 10:05 pm

daisy chain?


AP4----AP3----AP2----AP1----<--- MSC3200 <------ ADSL

IS POSSIBLE?

THANKS
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Colubris/Mikrotik in Hotel

Tue Oct 07, 2008 2:10 am

Yes it is, you would have to setup each AP's WDS config then add a forwarding rule to allow only the next and last AP's traffic to be forwarded
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: Colubris/Mikrotik in Hotel

Tue Oct 07, 2008 12:12 pm

sorry WDS?
The access point is connected ethernet in/out with colubris (ip 10.59.1.1). computers connected wifi dhcp is assigned 10.59.1.x
IP addresses of access points are 192.168.2.x , as a rule type can apply?
Tank
 
User avatar
Ibersystems
Forum Guru
Forum Guru
Posts: 1686
Joined: Wed Apr 12, 2006 12:29 am
Location: Cabrils, Barcelona - Spain
Contact:

Re: Colubris/Mikrotik in Hotel

Tue Oct 07, 2008 4:50 pm

Hola,

you have to make it with the firewall.

You can make a firewall rule that if Antonio goes to the IP of colubris it should be passed but later if Antonio goes to its same lan /24 it has to be rejected or droped.

Also you can make it with filters in a bridge in the Ethernet and WLAN:

[admin@central] > interface bridge filter print all
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; ACCEPT 192.168.0.238 (SERVER)
chain=forward out-interface=ether2 action=accept in-interface=wlan1
mac-protocol=ip src-address=192.168.0.238/32 dst-address=0.0.0.0/0

1 ;;; ACCEPT 192.168.0.239 (SERVER)
chain=forward out-interface=ether2 action=accept in-interface=wlan1
mac-protocol=ip src-address=192.168.0.239/32 dst-address=0.0.0.0/0

2 ;;; ACCEPT 192.168.0.240 (SERVER)
chain=forward out-interface=ether2 action=accept in-interface=wlan1
mac-protocol=ip src-address=192.168.0.240/32 dst-address=0.0.0.0/0

3 ;;; ##############BLOCK 192.168.0.0 (other users)
chain=forward out-interface=ether2 action=drop in-interface=wlan1
mac-protocol=ip src-address=192.168.0.0/24 dst-address=0.0.0.0/0

4 ;;; ACCEPT 192.168.1.251 (ADSL ROUTER)
chain=forward out-interface=ether2 action=accept in-interface=wlan1
mac-protocol=ip src-address=192.168.1.251/32 dst-address=0.0.0.0/0

5 ;;; ##############BLOCK 192.168.1.0 (OTHER LAN USERS)
chain=forward out-interface=ether2 action=drop in-interface=wlan1

Here my WLAN users are in 192.168.0.X.


See you,
Martín.
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: Colubris/Mikrotik in Hotel

Wed Oct 08, 2008 5:22 pm

:( No :(
thanks. I do not understand
ip of my MSC3200 is 10.59.1.1 users are connected DHCP 10.59.1.x.
Rb433 APs are configured in bridge- port: wlan1+eth1+eth2 - bridge firewall activated.

msc3200 -----eth1(ip AP1 192.168.2.10)eth2----eth1(AP2 192.168.2.11)eth2----eth1(AP3 192.168.2.12).

How should translate your firewall?
thanks
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: Colubris/Mikrotik in Hotel

Thu Oct 16, 2008 3:03 pm

tank Martín,
I've done other tests and have set this and it works:

[admin@MikroTik1] /interface bridge filter> print all
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=accept in-interface=wlan1 dst-mac-address=00:03:52:--:--:--/FF:FF:FF:FF:FF:FF

1 chain=forward action=drop in-interface=wlan1 mac-protocol=ip src-address=10.59.1.0/24 dst-address=0.0.0.0/0

everything worked. If I add wlan2, this filter seems to work even on wlan2 without setting. I wrong?
because it's the same bridge1?
Roberto
Last edited by videolab on Thu Oct 16, 2008 4:27 pm, edited 2 times in total.
 
User avatar
Ibersystems
Forum Guru
Forum Guru
Posts: 1686
Joined: Wed Apr 12, 2006 12:29 am
Location: Cabrils, Barcelona - Spain
Contact:

Re: Colubris/Mikrotik in Hotel

Thu Oct 16, 2008 3:45 pm

Perfect.

If in interface is bridge put the bridge instead of wlan1.
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: Colubris/Mikrotik in Hotel

Fri Oct 17, 2008 8:47 am

TANK Martín and Sergejs, Uldis in support Mikrotik.

With your help I apply this filter:

[admin@MikroTik3] > in bridge filter print all
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; accept WLAN1 MAC
chain=forward action=accept in-interface=wlan1 dst-mac-address=00:03:52:XX:XX:XX/FF:FF:FF:FF:FF:FF

1 ;;; drop WLAN1 e GTW
chain=forward action=drop in-interface=wlan1 mac-protocol=ip src-address=10.59.1.0/24 dst-address=0.0.0.0/0

2 ;;; accept WLAN3 MAC
chain=forward action=accept in-interface=wlan3 dst-mac-address=00:03:52:XX:XX:XX/FF:FF:FF:FF:FF:FF

3 ;;; drop WLAN3 e GTW
chain=forward action=drop in-interface=wlan3 mac-protocol=ip src-address=10.59.1.0/24 dst-address=0.0.0.0/0

4 ;;; drop for UBNT 10.10.10.xx client
chain=forward action=drop mac-protocol=ip dst-address=10.10.10.0/24


Wlan 2 station-WDS for link
ACCESS CONTROLLER MSC 3200 COLUBRIS MAC-ADDR. 00:03:52:XX:XX:XX IP 10.59.1.1
I have this filter type applied in plant installed for Italian operator ISP in tourist town
filters 0 and 1 for radio connected ethernet
0,1,2,3,4 filters for 1x radio-wds (wlan2) + 2x ap-bridge (wlan1-wlan3)

Regards,
Roberto
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: Colubris/Mikrotik in Hotel

Sat Oct 25, 2008 4:47 pm

Another problem in this network:
with a computer connected via Ethernet customer after log-in, other customers Internet access through other radio AP 2.4 on board, so free.
The network controller MSC3200, sees mac-address of RB433 and enables other computers connected to it via AP-BRIDGE radio in bridge interface.
Can I hide mac-address of RB433?
 
User avatar
Ibersystems
Forum Guru
Forum Guru
Posts: 1686
Joined: Wed Apr 12, 2006 12:29 am
Location: Cabrils, Barcelona - Spain
Contact:

Re: Colubris/Mikrotik in Hotel

Mon Oct 27, 2008 12:16 pm

Play a little with masquerade : P
 
videolab
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 59
Joined: Mon Feb 25, 2008 12:41 am

Re: Colubris/Mikrotik in Hotel

Mon Oct 27, 2008 3:37 pm

thanks.

Roberto

Who is online

Users browsing this forum: No registered users and 13 guests