Hi
My setup is an IPCOP firewall connected to an adsl modem in bride mode
I currently have an Edimax Access point connected to the Blue interface of my Firewall that clients then connect to.
The IP address of my Edimax Access Point is 192.168..253 and the IP of the Blue interface (its default gateway) is 192.168.2.254
I want to basically just swap the Edimax for the RB411AR.
Clients all have static IP addresses as I prefer (at this point) not to enable DHCP
I have configured and activated an interface in my RB411AR to AP bridge mode, set security to WPA2 with a key and can see the SSID from my laptop. (but also see a message next to it saying information sent over this network might be visible to others)
How do I assign an IP address of 192.168.2.153 to new AP? Stations / clients already have Static IP address in that subnet.
Very new to this so please bare with me; is my current AP, the Edimax, handling NAT at the moment and is that why I need to now configure SRC-NAT in my RB where as before i never had to? Is what SRC-NAT does known as Masquerading?
What must I do now?
This is as far, (or near rather) as I have gotten any help / guidance very much appreciated, thanks.
Re: RB411AR as access point
I'm confused.
You say the firewall (AP's default gateway) is 192.168.2.254, and the AP is .253. Yet clients also have IP addresses in 192.168.2.0/24?
NAT happens (usually, but you're not running a transparent firewall) on layer 3 boundaries. The AP has the same IP subnets on both sides and according to you is bridging, so it isn't a layer 3 boundary - therefore it wouldn't be doing NAT.
Once we've got that sorted out things are pretty easy. To assign an IP address, you go to "/ip address" (or IP > Address in winbox) and add an IP with a CIRD mask for subnet to the right interface. If you end up bridging, you're going to assign the IP to the bridge interface. If you route/NAT, you assign it to the interface facing the firewall (and another IP to the wireless radio). Then add a default route by going to "/ip route" (or IP > Route) and add an entry for 0.0.0.0/0 with a gateway of 192.168.2.254.
If you do end up NATing then you're going to go to "/ip firewall nat" and add an entry in the srcnat chain that has an action of "masquerade" and an out-interface set to the interface facing the firewall. Again, if the AP bridges you will not want to actually NAT on the AP.
You say the firewall (AP's default gateway) is 192.168.2.254, and the AP is .253. Yet clients also have IP addresses in 192.168.2.0/24?
NAT happens (usually, but you're not running a transparent firewall) on layer 3 boundaries. The AP has the same IP subnets on both sides and according to you is bridging, so it isn't a layer 3 boundary - therefore it wouldn't be doing NAT.
Once we've got that sorted out things are pretty easy. To assign an IP address, you go to "/ip address" (or IP > Address in winbox) and add an IP with a CIRD mask for subnet to the right interface. If you end up bridging, you're going to assign the IP to the bridge interface. If you route/NAT, you assign it to the interface facing the firewall (and another IP to the wireless radio). Then add a default route by going to "/ip route" (or IP > Route) and add an entry for 0.0.0.0/0 with a gateway of 192.168.2.254.
If you do end up NATing then you're going to go to "/ip firewall nat" and add an entry in the srcnat chain that has an action of "masquerade" and an out-interface set to the interface facing the firewall. Again, if the AP bridges you will not want to actually NAT on the AP.
Re: RB411AR as access point
Okay, from what I gather my firewall is doing the natting.
So i need to assign an IP address, in this case 192.168.2.253/24 to the bridge interface...
which interface; ether1 or wlan1 is the bridge interface?
And if I assign the above IP to iether one if the above interfaces, how are they going to communicate with one another?
In other words say i assign 192.168.2.253/24 to wlan1, how is ether1 which is the firewall facing interface going to connect and communicate with the default gateway / firewall which has an IP of 192.168.2.254?
Thanks
So i need to assign an IP address, in this case 192.168.2.253/24 to the bridge interface...
which interface; ether1 or wlan1 is the bridge interface?
And if I assign the above IP to iether one if the above interfaces, how are they going to communicate with one another?
In other words say i assign 192.168.2.253/24 to wlan1, how is ether1 which is the firewall facing interface going to connect and communicate with the default gateway / firewall which has an IP of 192.168.2.254?
Thanks
Re: RB411AR as access point
I'm assuming you're using Winbox.
First, you're going to bridge the two interfaces. Go to Bridge > Bridge and add a bridge. By default it will be called 'bridge1', that's fine. Then go the Bridge > Ports and add the ether1 and wlan1 interfaces to bridge1. Now the two interfaces are directly connected - what goes into one can go out the other.
Then assign the IP address as described above to the 'bridge1' interface.
So the bridge interface isn't ether1 or wlan1 - it's a virtual concept that connects the two. Basically the IP address will be assigned to both ether1 and wlan1 at the same time (well, really, it's assigned to the magic glue that makes the two capable of talking to one another).
First, you're going to bridge the two interfaces. Go to Bridge > Bridge and add a bridge. By default it will be called 'bridge1', that's fine. Then go the Bridge > Ports and add the ether1 and wlan1 interfaces to bridge1. Now the two interfaces are directly connected - what goes into one can go out the other.
Then assign the IP address as described above to the 'bridge1' interface.
So the bridge interface isn't ether1 or wlan1 - it's a virtual concept that connects the two. Basically the IP address will be assigned to both ether1 and wlan1 at the same time (well, really, it's assigned to the magic glue that makes the two capable of talking to one another).
Re: RB411AR as access point
Thanks, done.
I now have (under my address List in Winbox)
192.168.2.253/24 - Bridge1
Default Config
192.168.88.1/24 - ether1
I can now connect to the new Mikrotik SSID from my laptop and see it under Wireless / registration, but cant ping it. Nor can I ping 192.168.2.253 from my laptop. In winbox I selected Bridge1 as the Interface (under ping to) but it just times out...
If I am connecting to Mikrotik SSID and can see it under registration; why can I not Ping?
The TX/Rx rate is listed as 11Mbps; is there a setting I can change to get this to 54Mbps?
I now have (under my address List in Winbox)
192.168.2.253/24 - Bridge1
Default Config
192.168.88.1/24 - ether1
I can now connect to the new Mikrotik SSID from my laptop and see it under Wireless / registration, but cant ping it. Nor can I ping 192.168.2.253 from my laptop. In winbox I selected Bridge1 as the Interface (under ping to) but it just times out...
If I am connecting to Mikrotik SSID and can see it under registration; why can I not Ping?
The TX/Rx rate is listed as 11Mbps; is there a setting I can change to get this to 54Mbps?
Re: RB411AR as access point
Ticked the Ping ARP Box and now can ping my laptop.
Should one always have to enable / tick this to be able to ping?
Can also now connect to the internet via RB via Firewall.
Ping MS's are at about 300 which seems a bit delayed...
Set wan1 to G only and i think that sorted out the 11mbps. (its now 54mbps)
Thanks again for the help.
Should one always have to enable / tick this to be able to ping?
Can also now connect to the internet via RB via Firewall.
Ping MS's are at about 300 which seems a bit delayed...
Set wan1 to G only and i think that sorted out the 11mbps. (its now 54mbps)
Thanks again for the help.