Community discussions

MikroTik App
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Help with configuring 2011 as home AP with PPOE Wan ISP

Thu Dec 06, 2012 2:47 pm

Hi
i just recently purchased 2011 Router and had some problems:
My Internet provider[aDSL with PPOE] named MTS/MGTS[also known as stream.ru and under various MTU-xxx, Comstar aliases in past]
1. configured ISP CPE[aDSL router from DL]according with ISP instructions[as if PC was set-up instead of 2011]. tested with PC ppoe-client - worked.
2. after boothing and updating[and paper in box suggest] firmware i was attempted to configure it.
3. properlyset-up DHCP Client, DNS Client, PPoE Client, IPv4 adress for my [single used]port. Tested - pings to internet resources[or checks for firmware update]worked.
but there was't internet on my LAN port. i guess i lack experience with configuring FireWall and NAT.
can anyone provide simplest-as-possible/"for dummies"/"вариант для совсем деревьев" way to configure it ? also welcomed links on related YouTube videos[most recently found by me - over-complicated/out-of-scope/ irrelevant and/or based on outdated/irrelevant firmware/hardware MicroTik] and or relevant resources/threads anywhere arounf Web[including THIS forum of course].

Thx and merry christmass for anyone and anyone valuable for you.
Basiley.

p.s.
i guess "Quick Setup"[thing in icons above in new MicroTik firmware WebFig/WinBox interface] wizard is just what i need[remind me most consumer/soho routers, which is compliment, IMHO], but in reality, its not :[ - result of attempt to set-up both "AP" or "Home AP" was not working PPOE client and sometimes bogus LAN IPv4 adresses, assigned to LAN interfaces.

p.p.s. sorry again for newb question.

Generally, goal is: share internet to one destop PC[thru Ethernet] and to notebook.
preq/setup - xDSL ISP with PPOE.DNS and IPv4, assigned thru PPOE DHCP.
eth1 port connected to xDSL router in bridge mode thru interface with 192.168.1.1 adress with DHCP server with 192.168.1.3-192.168.1.254 range
destop PC connected to Eth5 port with 192.168.88.3 adress.
Last edited by Basiley on Thu Dec 06, 2012 5:40 pm, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Thu Dec 06, 2012 2:50 pm

start by showing what you have. open terminal, type "/export compact" and paste output here.
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Thu Dec 06, 2012 4:10 pm

ok, there is:

# jan/01/2002 01:00:09 by RouterOS 6.0rc5
# software id = ZUNK-IBF5
#
/interface ethernet
set 0 l2mtu=1500 name=LAN
set 1 l2mtu=1460 mtu=1460 name=WAN
/interface pppoe-client
add add-default-route=yes disabled=no interface=WAN max-mru=1460 max-mtu=1460 name=pppoe-out1 password=ppoepassword use-peer-dns=yes user=MGTSxxxxxx@mgts
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no permissions=owner signup-allowed=no time-zone=-00:00
/ip address
add address=192.168.1.2/24 comment="default configuration" interface=WAN network=192.168.1.0
add address=192.168.88.1/24 interface=LAN network=192.168.88.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=WAN
/ip dns
set allow-remote-requests=yes cache-size=8192KiB servers=62.112.106.130,62.112.113.170,195.34.31.5
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.88.0/24
add action=masquerade chain=srcnat out-interface=WAN
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=no display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set pppoe-out1 disabled=yes display-time=5s
set sfp1 disabled=yes display-time=5s
set WAN disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set LAN disabled=yes display-time=5s
set ether6 disabled=yes display-time=5s
set ether7 disabled=yes display-time=5s
set ether8 disabled=yes display-time=5s
set ether9 disabled=yes display-time=5s
set ether10 disabled=yes display-time=5s
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 11:39 am

oh i got some help from other resource ixbt.com forum member named "Джамаль" suggested add one line for masquerading and it helped.
http://forum.ixbt.com/topic.cgi?id=14:51483-68#2133
all i need today[before ISP update connection to GPON and i can finally use SFP module(sadly they demand models with own MAC-adress)] is advice how to setup properly 2011 as Wi-Fi station to share internet to smartphone. found where[in WinBox] to tweak RF band/mode, but how to tune password, WPA-mode, crypto-mode ?
also very likely someone can help/suggest to tweal firewall reasonable [for home router]?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 11:42 am

you can set up wifi security by making a new profile. then choose this new profile in your wireless card settings
Screen Shot 2012-12-07 at 11.41.57 AM.png
You do not have the required permissions to view the files attached to this post.
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 11:52 am

wow, its works, tnx alot for pointing me there. [generally i avoid use WPA and TKIP unless bogus(read Apple/Sony or outdated)devices connected].
next question - do i need to setup DHCP server to make Wi-Fi device able to surf internet ? ie what else[aside twealing WLAN interface]i need to create/config/change to be able to check mail/news from phone thru wifi[for example].
what is correct "Mode" fo in "Wireless" tab of WiFi interface ? goal is simple - share wi-fi from PPOE client clearly working within 2011 and thru masqueraded LAN.
[sadly not much RF devices support NVStreme or NV2, aside MicroTik, so most people forced to use WiFi in HG networks]

[off-topic]
quite curious, but didn't found in manuals, menu/tools asnwer so can i ask here - does present versions of Microtik support SEND ? [secure(CGA-based) NDP replacement].
found NTP stuff[both client and server] - cool !!
Torch&sniffer - even better !! [lot more handy to actually go and see WHAT happen in YOU network instead of wandering around, scratching head and shouting "wtf was THAT ??!"]
[/end off-topic]
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 12:38 pm

actually, Apple supports WPA2/AES and works better with that combination. Avoid TKIP at all costs.
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 2:12 pm

so basically "AP Bridge" doesn't require anything ?
but it bridged with what ? my "LAN"[Eth5] port ? ppoe client ?
i mean, i didn't found where to look for status of WiFi Bridge, contrary to interfaces in "Bridge" icon of WinBox[or im missed it, looking :[.

[about TKIP/WPA1 vs WPA2/AES]
well, maybe newer Apple devices or newer firmware for older support WPA2-AES without TKIP, but all im seen - don't, despite claims.
similarly some Sony PSP devices and older WM/Symbian smartphones - doesn't support pure WPA2-AES, sadly :[ basically its good reason to update 2 new product[PSP Vita ? when they got at least 2Gb RAM and GX64x0 GPU], but bad sign 2 choose same vendor.
generally IPv6 and SEND would b mandatory for generic ISP aswel as DNSSec becoming already and some Gov't considering making it ISP licensing requirements and/or limit access to Gov't contract to incapable ISP's
[/about TKIP/WPA1 vs WPA2/AES]
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 2:13 pm

ap-bridge is the name of the access point mode in RouterOS. it doesn't bridge anything to anywhere. it simply allows multiple clients to connect.
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 2:57 pm

ap-bridge is the name of the access point mode in RouterOS. it doesn't bridge anything to anywhere. it simply allows multiple clients to connect.
but those "multiple clients" allowed to connect to what/where ? LAN interface ? directly to ppoe client ? or even directly to WAN port?
why am asking ?:
1. WiFi still didn't work, dunno why[currently checking setting, maybe missed something].
2. concerned about "ap-bridge" mode in terms of security. i mean - how well it isolated from LAN traffic on ethernet ports, to put it simple/straight.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 2:59 pm

by default they are only allowed to connect to the AP itself. if you want to allow them to connect to your internet provider, configure a SRC-NAT rule (called 'masquerade'), and configure them with private IP addresses.

http://wiki.mikrotik.com/wiki/How_to_co ... Masquerade

actually, the whole article will be useful if you read it from the top
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 3:04 pm

by default they are only allowed to connect to the AP itself. if you want to allow them to connect to your internet provider, configure a SRC-NAT rule (called 'masquerade'), and configure them with private IP addresses.

http://wiki.mikrotik.com/wiki/How_to_co ... Masquerade

actually, the whole article will be useful if you read it from the top
oh, thanks a lot !!
/me went reading.
EXACTLY !! im missing part about masquerading WiFi, just like i do for LAN port before !! tnx.

so "AP-Bridge" completely isolated AP ? cool, tnx.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 3:15 pm

wait.

you don't need to separately masquerade the LAN and the WLAN. You could do this (which is how the RB2011 is configured out of the box):

1. make a new bridge interface in the bridge menu
2. add all LAN ports and WLAN port into the Bridge (in the Bridge -> Port) menu
3. Configure DHCP-server on the bridge interface. Now all devices in LAN and WLAN clients will get IPs from the same range
4. Configure a new masquerade rule, specifying ONLY these things: out-interface (your pppoe-out), chain "src-nat", action "masquerade"

this should be all
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 3:36 pm

wait.

you don't need to separately masquerade the LAN and the WLAN. You could do this (which is how the RB2011 is configured out of the box):

1. make a new bridge interface in the bridge menu
2. add all LAN ports and WLAN port into the Bridge (in the Bridge -> Port) menu
3. Configure DHCP-server on the bridge interface. Now all devices in LAN and WLAN clients will get IPs from the same range
4. Configure a new masquerade rule, specifying ONLY these things: out-interface (your pppoe-out), chain "src-nat", action "masquerade"

this should be all
oh:
1. in my experience "out of the box" 2011 had bridged only Eth6-Eth10 interfaces.
2. i didn't see directly connecting WiFi to Wired network by bridging as really healthy and secure idea.
3. if anything else didn't work i try bridging.
4. there was no "all LAN ports" on my 2011, only ONE[Eth5, renamed as "LAN"], other LAN ports - disabled. Eth1[named as "WAN"]was configured as WAN port.
5. im didn't use DHCP in my Wired LAN, but understand why WiFi clients need it.
6. about other tabs in "Wireless Tables" page - should i create something in "Access list", "Connect list" and "Channells", empty by defauly ?
Last edited by Basiley on Fri Dec 07, 2012 3:39 pm, edited 1 time in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 3:39 pm

I just hope you get the idea. Once you know your way around, you can configure it however you like. That's the nice thing about RouterOS.

connect list is only for CPE mode, you will run AP mode
access list is to limit your clients to certain MAC addresses, and drop everyone else
channels is for using non standard frequencies and channel widths, you don't need this, as regular Wifi devices don't support them
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 3:45 pm

I just hope you get the idea. Once you know your way around, you can configure it however you like. That's the nice thing about RouterOS.

connect list is only for CPE mode, you will run AP mode
access list is to limit your clients to certain MAC addresses, and drop everyone else
channels is for using non standard frequencies and channel widths, you don't need this, as regular Wifi devices don't support them
so generally, AP-Bridge configured to allow access "by default" and this access list is to blacklist/whitelist certain clients? and redundant in my case, thus, yes.
currently stuck in configuring DHCP server. on page "Networks" - what would be assigned as "Gateway" there ? :/
common sense tell me that would be "Local Adress" from "Status" page/tab of properties of my PPoE client, but maybe im wrong? [it assigned dynamically by ISP, i suppose so setting static gate to DHCP in that case...]

p.s. yeah, i like absence of artificial limitations in MicroTik. Funny thing - even reading manual from WinBox/WebFig - working ;-) 10-15yrs ago anyone would kill for such feature in hardware ;)
also noticed that 2011 produced notable less jitter than other stuff. maybe better/faster/cleaner IC/firmware. not noticeable when you surfing web-pages, but when you do some video streming/conferencing, gaming, etc...
Last edited by Basiley on Fri Dec 07, 2012 4:07 pm, edited 2 times in total.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 3:47 pm

in the general wireless preferences you will see a checkbox "default authenticate: [V]". Unckeck this, and the access list will be used. If it is empty, nobody will be able to connect.
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 3:57 pm

in the general wireless preferences you will see a checkbox "default authenticate: [V]". Unckeck this, and the access list will be used. If it is empty, nobody will be able to connect.
oh i get it. oh, i prefer default with auth ;)

weird but [enabled]WiFi interface shown in bridge as "disabled port" it was okay ? :/

btw is there any way to configure DynDNS client in MicroTik UI[ie WebFig/WinBox] without scripting ? :[
and if not - is there any kind of template of such script ?
 
Basiley
Member Candidate
Member Candidate
Topic Author
Posts: 101
Joined: Thu Dec 06, 2012 2:42 pm

Re: Help with configuring 2011 as home AP with PPOE Wan ISP

Fri Dec 07, 2012 6:35 pm

oh, its WORKED !!
basically "Quick Setup Guide" from IPv4/DHCP Manual/Wiki provide handy link to super-duper-powerful "/ip dhcp-server setup" combo, what provide reasonable[way better than i can]defaults/settings.


thans alot for help !! now im can fully enjoy Internet.
Happy New Year to anyone :-)
thread can be safely closed/erased, i guess.
[discover answers on erased there questions in Wiki and ixbt].

p.s.
very sorry for my annoying/newb question, which is obviously fell into "lack of basic TCP-IP knowledge", case in support request form :=)

Who is online

Users browsing this forum: No registered users and 21 guests