Hi, I need to bridge two physical locations with a WiFI link, and I need all of the devices in both locations to be on the same subnet so they can all talk to each other, and I need to be able to connect devices on either end via WiFI or ethernet. I would prefer to use the same SSID in both locations, but it's not a strict requirement. Basically, I need to achieve this:


In location A, there is an old Buffalo WHR-G54s running Tomato serving as the default gateway and serving as an AP. I only have WiFI access to the WHR-G54s, so I can only make software changes to it.

I used to achieve connectivity in location B via WDS with an Asus RT-N16, also running Tomato, which just died. So now I have a Mikrotik RB951Ui-2HnD coming in the mail, and I've been reading about the different options here:
- http://wiki.mikrotik.com/wiki/Manual:Wi ... tion_Modes
- http://wiki.mikrotik.com/wiki/Manual:Wireless_AP_Client
But it's not clear to me which of those station modes allow for both wireless and ethernet connections on both ends, and I'm not sure which is the most appropriate given the heterogenous router hardware and software that I have.

Thanks a lot for the help.

The repeater function will not work with other vendors - you will only be able to have 1 client behind your Mikrotik this way. (It needs mikrotik in both ends..)

WDS MIGHT be possible, but that I have never tried.

This page is much clearer and better written than the Mikrotik documentation:
https://wiki.openwrt.org/doc/howto/clientmode
But I'm not sure which of that applies to RouterOS, and which would be best for my setup?

you can do it but it is not easy and does not work as a wireless repeater. Here are some options that I have not tried.
http://forum.mikrotik.com/viewtopic.php?t=110720
http://forum.mikrotik.com/viewtopic.php?t=112398
I did manage to get it working. I configured a bridge put the wireless radio into the bridge along with Ethernet1. I then made all the other ethernet ports slaves of ethernet 1. I then configured the wireless as a ap bridge with an ssid for my homes users to connect including security profile. I then created a virtual ap in the settings I set this up as a station with the ssid of the other ap. I configured dhcp client on the virtual wireless interface. Here is the page I followed https://www.reddit.com/r/mikrotik/comme ... _repeater/

Thanks a lot for the Reddit link, that might do what I need. But I see that post is referring to a setup with 2 Mikrotik devices.

So, I guess I need more explanation on what a "pseudo station bridge" is, and how it works. Will it work with a non-RouterOS devices as the AP? And it will it allow clients to connect both wireless and via ethernet on both ends and still be able to talk to each other?

So, I guess I need more explanation on what a "pseudo station bridge" is, and how it works.

Have a look at this wiki page.

When I set it up following the reddit post I did not have 2 mikrotik units just 1 and could not get access to other hardware so needed to make it work.

So, I guess I need more explanation on what a "pseudo station bridge" is, and how it works. Will it work with a non-RouterOS devices as the AP? And it will it allow clients to connect both wireless and via ethernet on both ends and still be able to talk to each other?

"Pseudo bridge" = Layer-2 NAT. All devices behind the Mikrotik will bet L2-NATed to the same MAC (the Mikrotik's MAC). It works only with IPv4 (the MT maintains a IPv4 addr → MAC addr lookup table).

I wonder if you can create an EoIP bridge between the MT and DD-WRT:
http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP
https://www.dd-wrt.com/wiki/index.php/EoIP_Routing

So, I guess I need more explanation on what a "pseudo station bridge" is, and how it works.

Have a look at this wiki page.

Yep, thanks, I linked to it in the first post in this thread, but I didn't really understand the page.

When I set it up following the reddit post I did not have 2 mikrotik units just 1 and could not get access to other hardware so needed to make it work.

Yep, this is where I'm at for now. I will probably eventually install another Microtik in the AP location, but I can't right now.

"Pseudo bridge" = Layer-2 NAT. All devices behind the Mikrotik will bet L2-NATed to the same MAC (the Mikrotik's MAC). It works only with IPv4 (the MT maintains a IPv4 addr → MAC addr lookup table).

Thanks for the explanation. And do all protocols work over this bridge, assuming they run on IPv4? I seem to have read somewhere that certain protocols might not work.

And what about "station-pseudobridge-clone"? I really don't understand the difference in real-world behavior between this and "station-pseudobridge".

I wonder if you can create an EoIP bridge between the MT and DD-WRT:
http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP
https://www.dd-wrt.com/wiki/index.php/EoIP_Routing

I also ran across this option. Right now the AP is running Tomato, and it has a PPTP Client. (I assume I need a PPTP server, which Tomato doesn't seem to have, and I'm not sure if the old DD-WRT builds for the WHR-54G have it either.) Could I make it work backwards with Tomato as the client and the PPTP server on the Mikrotik?

I also found this:
http://dumbpcs.blogspot.com/2013/06/usi ... o-non.html
Does that make sense to any of you? And again, would that allow for wired and wireless clients on both segments to connect and see each other?

And what about "station-pseudobridge-clone"? I really don't understand the difference in real-world behavior between this and "station-pseudobridge".

They only differ by the station's MAC-address. In the station-pseudobridge mode wireless station uses it's own MAC address, whereas in station-pseudobridge-clone it uses a MAC address of another device behind that station whose packet goes over the bridge first. The station-pseudobridge-clone mode may only be useful when bridging just a single device.

Thanks @andriys for the explanation.

So if I use "station-pseudobridge" would that work with the DHCP server on the Tomato AP? Can it still see different devices and assign them an IP?

Thanks for the explanation. And do all protocols work over this bridge, assuming they run on IPv4? I seem to have read somewhere that certain protocols might not work.

I've never used it so I'm not sure. It *should* work with most IPv4 protocols, since they *shouldn't* care about their MAC address getting NATed, but there might be some weird ones that do. E.g. any sort of MAC-based access control would not work.

And what about "station-pseudobridge-clone"? I really don't understand the difference in real-world behavior between this and "station-pseudobridge".

Probably that is only useful if you have only one device behind the AP. MT will use that device's MAC instead of its own. But with more than one device, all will still share one MAC.

I also ran across this option. Right now the AP is running Tomato, and it has a PPTP Client. (I assume I need a PPTP server, which Tomato doesn't seem to have, and I'm not sure if the old DD-WRT builds for the WHR-54G have it either.) Could I make it work backwards with Tomato as the client and the PPTP server on the Mikrotik?

I don't know anything about PPTP. From Wikipedia it looks like an L3 link, not an L2 link (like PPP)?

So if I use "station-pseudobridge" would that work with the DHCP server on the Tomato AP?

No, I don't see how DHCP can technically work over the pseudobridge. And I remember seeing multiple posts here reporting that it does not work indeed.

Thanks for the explanation. And do all protocols work over this bridge, assuming they run on IPv4? I seem to have read somewhere that certain protocols might not work.

I've never used it so I'm not sure. It *should* work with most IPv4 protocols, since they *shouldn't* care about their MAC address getting NATed, but there might be some weird ones that do. E.g. any sort of MAC-based access control would not work.

Hmm, I see. I wonder about things like STUN and whatever method that things like Skype use for NAT traversal with VoIP clients?

So if I use "station-pseudobridge" would that work with the DHCP server on the Tomato AP?

No, I don't see how DHCP can technically work over the pseudobridge. And I remember seeing multiple posts here reporting that it does not work indeed.

Ah OK. But no problem with just running another DHCP server in a different range on the Mikrotik station?

Also I would be interested in your comments on this post that I mentioned earlier:

I also found this:
http://dumbpcs.blogspot.com/2013/06/usi ... o-non.html
Does that make sense to any of you? And again, would that allow for wired and wireless clients on both segments to connect and see each other?

So if I use "station-pseudobridge" would that work with the DHCP server on the Tomato AP? Can it still see different devices and assign them an IP?

I think I see how DHCP *could* work (after all, DHCP packet carries client MAC, so it can differ from source MAC) but it does not surprise me that it does not work in practice This is a topic I have been meaning to explore for a while so I will set this up on my home network and take some packet captures.

You might be able to get away with a DHCP relay on the MT.

And just in case this whole setup doesn't work right (I can't test it because my Mikrotik hasn't arrived yet), what is the Mikrotik term for a simple repeater? If the bridged and unified network doesn't work, I could hobble along for a while with the Mikrotik acting as a wireless client to the Tomato AP and then setting up an internal VLAN and doing its own NAT and DHCP for clients that are connected to a different SSID that the Mikrotek broadcasts. DD-WRT describes it well here as a "WLAN Repeater":
https://www.dd-wrt.com/wiki/index.php/Wlan_Repeater

And just in case this whole setup doesn't work right (I can't test it because my Mikrotik hasn't arrived yet), what is the Mikrotik term for a simple repeater?

I think the closest is to set up MT in ap-bridge mode, and add a virtual client in station mode. SSID of AP should be different than the link (since APs are not bridged), but frequency must be the same (restriction of virtual client). Then set up appropriate routes on client interface and DHCP server on main (AP) interface.

http://wiki.mikrotik.com/wiki/Manual:In ... al_Clients

(Side note, I'm not sure the practical difference between station-wds and ap-bridge + virtual station-bridge. Would virtual station-bridge have faster handover because forwarding is based on internal tables rather than RSTP?)

Thanks @colanderman for the details.

Then set up appropriate routes on main (AP) interface

What is achieved with this step?

Thanks @colanderman for the details.

Then set up appropriate routes on main (AP) interface

What is achieved with this step?

Ah sorry I got those backward. Edited my post to correct. You need routes on the client interface (not AP) so MT knows to forward traffic across it. Of course these routes can come from DHCP or RIP etc.

You need routes on the client interface (not AP) so MT knows to forward traffic across it. Of course these routes can come from DHCP or RIP etc.

Ah OK, thanks. And could I get a brief explanation of the from/destination in these routes, and what these accomplish in "real world" terms?

Sorry I'm a bit slow with this concept, since I'm coming from DD-WRT/Tomato where most of that stuff is abstracted out with a task-oriented interface, whereas RouterOS just has you configure low-level parameters.

Ah OK, thanks. And could I get a brief explanation of the from/destination in these routes, and what these accomplish in "real world" terms?

Once packets reach the Mikrotik, since the virtual client interface (connected to the other AP) and the AP interface are not bridged, the MT needs to know that it should forward IP packets between them. It won't do this unless both sides have routes saying this should happen.

The most basic setup, manually configured, would be as follows.

Give the interfaces the following addresses (or similar):
DD-WRT AP: 192.168.1.1/24
Mikrotik virtual client: 192.168.1.2/24
Mikrotik AP: 192.168.2.1/24 (and run a DHCP server here for that network)

This will automatically add the route 192.168.1.0/24 to the MT virtual client, and 192.168.2.0/24 to the MT AP. So packets arriving on the virtual client interface for the 192.168.2.0/24 network will be forwarded to the AP (and will thus reach clients on that network), and packets arriving on the AP interface for 192.168.1.0/24 will be forwarded to the virtual client (and will thus reach the DD-WRT).

But you probably also want the MT to forward traffic to *other* networks to the DD-WRT as well. And also (I forgot this one) the DD-WRT needs to know that it should forward traffic to 192.168.2.0/24 to the MT. So you need at least these additional routes:
DD-WRT: 192.168.2.0/24 via 192.168.1.2
Mikrotik: 0.0.0.0/0 via 192.168.1.1

Of course maybe you want to be more refined than 0.0.0.0/0 but that should work fine for a basic setup.

Now instead of manually configuring static IPs & routes, you could automate some of this. You could have the DD-WRT give the MT virtual client its address and routes via DHCP (but you would still need to set the 192.168.2.0/24 route on the DD-WRT). Or you could run RIP on both routers, so the 0.0.0.0/0 and 192.168.2.0/24 routes get automatically installed (but you would still need to set the 192.168.1.2/24 address on the MT). But for a simple setup, manual configuration is probably fine.

I hope this makes sense. I'm somewhat new at this myself, having just set up a similar network last month.

OK, that's starting to make sense, thanks a lot for the detailed explanation, it's much appreciated.

So with the above described setup, will that just get me internet access for all clients on the Mikrotik station side, or will they be able to connect to other machines on the other side too? And what about things like broadcasts for auto-discovery of things like Bonjour and Microsoft / SMB networking?

Yes, clients will be able to access each other across the link. If you have more than one subnet on the MT side, you will need to add all the corresponding routes to the DD-WRT. The 0.0.0.0/0 route should be sufficient to route everything else from the MT to the DD-WRT.

I'm not sure about multi/broadcast, I haven't worked with that before. I think you would need to set up an IGMP proxy (http://wiki.mikrotik.com/wiki/Manual:Routing/IGMP-Proxy) on the MT but I will defer to someone more experienced for the details.

OK great. As soon as I receive my Mikrotik I'll experiment with the different options that have been given in this thread and report back. (I might have some more specific implementation questions too once I get my hands dirty with the project, so I hope you all won't mind if I resurrect this topic a bit later on.)

So after about 6 hours of experimenting I think I have it figured out, using the Setup Repeater tool under Wireless.
First of all, I tried RouterOS 6.38, but the repeater setup wasn't routing or resolving names. Eventually after a lot of experimenting I tried 6.39rc45, which does work.

1. Start with a fresh configuration
2. While the Quick Set mode is still in the default AP mode, set the Mikrotik router's IP address to something inside the subnet of the main AP router that I'm trying to bridge with.
2.1. Still in the Quick Set page, also set the range of the DHCP server. My main AP router serves out 192.168.1.10-192.168.1.50 , so I configured the Mikrotik to do 192.168.1.51-192.168.1.254 .
3. After applying those changes, go to the Wireless -> Setup Repeater button, and put in the MAC, SSID, and WiFI password for the main AP I'm trying to bridge with, and hit Start.
4. Go back to the Quick Set page. Now it will have changed to CPE mode. Configure the gateway (the main AP I'm trying to bridge with) and the DNS server, hit apply, and you're good to go.

This works just as well as my former Tomato <-> Tomato WDS setup. Clients can connect on either side of the bridge either wirelessly or via ethernet, DHCP works correctly, Samba shares on both sides of the bridge are browseable and accessible to all of the Linux systems I've tried, and Skype and WebRTC seem to work fine.

Thanks for the report, glad to know setup-repeater works.

Yeah, Setup Repeater is pretty slick.

So I have another question: what if I don't want clients on each side of the bridge to see each other? Like supposing I'm at a hotel and I don't want to be on the same network as everyone else. What's the simplest way of using a Mikrotik as a wireless client connected to one SSID and an AP broadcasting another SSID at the same time?

Disclaimer: I am a MikroTik novice
These are the steps I used to configure a RB Metal 2SHPn as a repeater...

Environment:
RB 951G-2HnD running Router OS version 6.44.3 configured as "Home AP"
RB Metal 2SHPn running Router OS version 6.44.3

1. Start WinBox
2. Connect to the RB Metal 2SHPn via Ethernet

3. System > Reset Configuration
4. System > Reset Configuration > Check "No Default Configuration"
5. System > Reset Configuration > Press "Reset Configuration" button

[MikroTik will reboot, reconnect via WinBox]

6. Quick Set > Combo Box > Select "PTP Bridge CPE"

7. Quick Set > Wireless > Country > Change to desired local (optional - WinBox might need to reconnect)
8. Quick Set > Wireless > (Survey List) > Select AP from the list (the "Network Name:" fills in)
9. Quick Set > Wireless > WiFi Password > Enter passphrase

10. Quick Set > Wireless > Press "Connect" button

11. Quick Set > Configuration > Address Acquisition > Automatic
12. Quick Set > Configuration > Address Source > WLAN

13. Quick Set > System > Router Identity > Change to desired name (optional)
14. Quick Set > System > Password > Change to desired password (optional)

15. Quick Set > Press "OK" button

16. Wireless > wlan1 (double click) > Press "Setup Repeater" button

17. Setup Repeater > Address > Enter AP MAC (optional - recommended if multiple APs with same SSID and / or tighter security)
18. Setup Repeater > SSID > Enter same AP SSID as in step 8
19. Setup Repeater > Passphrase > Enter same passphrase as in step 9

20. Setup Repeater > Press "Start" button

21. Setup Repeater > (status bar) > will say "scanning" and then say "done"

22. Setup Repeater > Press "Close" button

23. Interface <wlan1> > Press "OK" button

24. Exit WinBox