I'm trying to deploy a wireless system in a large hotel and I'd like to make it as seamless as possible for users to roam from AP to AP. So, I designed the system to be controlled from one central router (RB532 running 2.9.31) and setup the hotspot on that router on the bridge interface. Since all of the access points are wired back to a central location I setup a subnet 172.16.150.0/24 and assigned .1 to the central router (on ether1) and .10 through .21 for the 12 access points and created EoIP tunnels from .1 to each of the end points. I placed all of the EoIP tunnels into a bridge, enabled RSTP, and created my hotspot with a network of 10.5.50.0/24 (the default) on that bridge. On the access points I created the EoIP tunnel and added the tunnel and wlan1 to a bridge. When a client attaches to the access point, it connects wirelessly, gets and IP address from the central server, but then has no connectivity after that.
I've tried a bunch of different things including forcing the dhcp server to add an arp entry with a lease, eliminating the hotspot and simply having the dhcp server and masquerade rule, using stp instead of rstp (thought perhaps there was an incompatibility between EoIP and rstp), among other things. Other than the masquerade rule, there are no firewall rules at this point.
I am at a loss. Anyone have any ideas?
Thanks,
Craig Russell
WDA, LLC
-
-
BrianHiggins
Forum Veteran
- Posts: 720
- Joined:
- Location: Norwalk, CT
- Contact:
what is the point of an EoIP tunnel when the APs are already connected to the same switch as the hotspot?
if E1 is the public side, and E2 is the private side, just run the hotspot service on E2, and bridge the APs
if you're worried about security of the APs, assign a VLAN to E2 on the Hotspot server, and the matching ethernet interface on the APs (likley E1) and bridge the AP to the VLAN, and run your hotspot interface on the VLAN interface.
EoIP tunnels are only needed to simulate layer 2 connectivity across a layer 3 connection.
if E1 is the public side, and E2 is the private side, just run the hotspot service on E2, and bridge the APs
if you're worried about security of the APs, assign a VLAN to E2 on the Hotspot server, and the matching ethernet interface on the APs (likley E1) and bridge the AP to the VLAN, and run your hotspot interface on the VLAN interface.
EoIP tunnels are only needed to simulate layer 2 connectivity across a layer 3 connection.
-
-
crussell_1969
just joined
- Posts: 21
- Joined:
I have not tried to connect directly into the ethernet port because the hotspot is running on the bridge interface not the ethernet port. Using the EoIP subnet and setting up a Masquerade rule I can get out over the ethernet port.
The reason for the EoIP tunnels is because I cannot bridge the wlan port directly to an ethernet port so in order to create a flat network across 12 Access points I am using the EoIP tunnels to allow me to bridge the wlan port to the tunnel. I am doing this to enable easy roaming between access points.
I've done a similar setup using wds and wireless links without an issue. I believe that my issue lies in ARP since the broadcast traffic for dhcp works fine. Just not sure where my disconnect is coming from.
The reason for the EoIP tunnels is because I cannot bridge the wlan port directly to an ethernet port so in order to create a flat network across 12 Access points I am using the EoIP tunnels to allow me to bridge the wlan port to the tunnel. I am doing this to enable easy roaming between access points.
I've done a similar setup using wds and wireless links without an issue. I believe that my issue lies in ARP since the broadcast traffic for dhcp works fine. Just not sure where my disconnect is coming from.
-
-
BrianHiggins
Forum Veteran
- Posts: 720
- Joined:
- Location: Norwalk, CT
- Contact:
you can bridge wlan1 to a ethernet port, a VLAN or EoIP tunnel, as long as wlan1 is set to mode=ap-bridge
just try this and see if it works well for your needs (I think this is the setup you are really looking for, and change the addresses to whatever you want)
on your hotspot system, remove all bridge interfaces (or better, do a system reset)
disable all except ether1 and ether2 on your hotspot server, they aren't needed.
plug ether1 into your connection to the internet, and make sure the hotspot server can ping out to the world. once that is working keep going below.
create a vlan with ID 1234 on ether2 of your hotspot server
assign the ip of 192.168.1.1/24 to ether2 of your hotspot server
setup your hotspot to run on vlan1 NOT ether2 (just use the wizard in winbox, real easy, don't forget to setup DNS to allow requests)
plug ether2 into a switch / hub and plug all your APs into the same switch / hub
then on each AP, do the following:
create a vlan with the ID of 1234 on ether1
bridge wlan1 to vlan1 NOT ether1
assign an IP of 192.168.1.x/24 to ether1 of the AP, do NOT assign any IP to vlan1
now connect to any AP and test, you should see the hotspot screen.
just try this and see if it works well for your needs (I think this is the setup you are really looking for, and change the addresses to whatever you want)
on your hotspot system, remove all bridge interfaces (or better, do a system reset)
disable all except ether1 and ether2 on your hotspot server, they aren't needed.
plug ether1 into your connection to the internet, and make sure the hotspot server can ping out to the world. once that is working keep going below.
create a vlan with ID 1234 on ether2 of your hotspot server
assign the ip of 192.168.1.1/24 to ether2 of your hotspot server
setup your hotspot to run on vlan1 NOT ether2 (just use the wizard in winbox, real easy, don't forget to setup DNS to allow requests)
plug ether2 into a switch / hub and plug all your APs into the same switch / hub
then on each AP, do the following:
create a vlan with the ID of 1234 on ether1
bridge wlan1 to vlan1 NOT ether1
assign an IP of 192.168.1.x/24 to ether1 of the AP, do NOT assign any IP to vlan1
now connect to any AP and test, you should see the hotspot screen.
-
-
crussell_1969
just joined
- Posts: 21
- Joined: