I have a mikrotik running a hotspot. All is working well but i need access to the access point behind the mikrotik. Hotspot is on the default address that mikrotik sets up when you go thru the hotspot setup.(10.4.50.0/24) I have my access points (ubiquity radios) all setup on 10.5.50.0/24 with a gateway of 10.5.50.1. They are coming in on eth2 (10.4.50.1) and (10.5.50.1) added to eth2. Have not been able to get to radios behind the mikrotik. I have tried to add another address on eth2 (10.5.50.1) eth2 and add a route but no work could not ping radios. STUCK and have been reading. Any Tips

I have a mikrotik running a hotspot. All is working well but i need access to the access point behind the mikrotik. Hotspot is on the default address that mikrotik sets up when you go thru the hotspot setup.(10.4.50.0/24) I have my access points (ubiquity radios) all setup on 10.5.50.0/24 with a gateway of 10.5.50.1. They are coming in on eth2 (10.4.50.1) and (10.5.50.1) added to eth2. Have not been able to get to radios behind the mikrotik. I have tried to add another address on eth2 (10.5.50.1) eth2 and add a route but no work could not ping radios. STUCK and have been reading. Any Tips

Post your export and maybe a diagram. I am not entirely sure what you are trying to get access to or from where? Or what you are trying to add. Maybe its just me, but the above is confusing.

nov/23/2013 03:09:34 by RouterOS 6.6
# software id = 0U45-62CQ
#
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip neighbor discovery
set ether1 discover=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=Wichita RV Park
/ip hotspot profile
set [ find default=yes ] login-by=http-chap
add hotspot-address=10.4.50.1 login-by=http-chap,http-pap name=hsprof1
/ip hotspot user profile
set [ find default=yes ] mac-cookie-timeout=3d name=HotSpot
/ip pool
add name=hs-pool-2 ranges=10.4.50.2-10.4.50.99
/ip dhcp-server
add address-pool=hs-pool-2 disabled=no interface=ether2 lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-2 addresses-per-mac=5 disabled=no interface=ether2 name=hotspot1 profile=hsprof1
/queue simple
add max-limit=2M/4M name=queue1 target=10.4.50.75/32
add max-limit=2M/4M name=queue2 target=10.4.50.62/32

/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no permissions=owner signup-allowed=no time-zone=-00:00
/ip address
add address=10.4.50.1/24 comment="hotspot network" interface=ether2 network=10.4.50.0
add address=10.5.50.1/24 interface=ether2 network=10.5.50.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=10.4.50.0/24 comment="hotspot network" gateway=10.4.50.1
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" src-address=10.4.50.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" disabled=yes out-interface=ether2 src-address=10.5.50.0/24 to-addresses=0.0.0.0
/ip hotspot ip-binding
add address=10.4.50.95 mac-address=24:A4:3C:40:2C:68 server=hotspot1 to-address=10.4.50.9

OK. And what exactly are you trying to do? Or what isn't working?

Sent from my SCH-I545 using Tapatalk

I can not ping or go to access points behind mikrotik.10.5.50.0/24

I can not ping or go to access points behind mikrotik.10.5.50.0/24

Ping them from where?

From the mikrotik. If the mikrotik can not ping them then i can not set up a port forward from the isp router. i am trying to remote into the radios from the internet .I can remote into mikrotik but not the radios behind the mikrotik.

From the mikrotik. If the mikrotik can not ping them then i can not set up a port forward from the isp router. i am trying to remote into the radios from the internet .I can remote into mikrotik but not the radios behind the mikrotik.

Do your access points support VLANs? ... really your network is kinda messy. What you really should have is two VLANs. 1 management VLAN and 1 Hotspot VLAN. Looking at your config the way it is it "should" be able ping them, which means your error is somewhere beyond the MikroTik.

Really not that much to it to be messy 3 radios 2 link radios and a access point.

More so your two subnets running over the same network. Including your hotspot traffic and your management traffic.

Sent from my SCH-I545 using Tapatalk

So how would you do it.

Vlans.

Sent from my SCH-I545 using Tapatalk

Vlans.

Sent from my SCH-I545 using Tapatalk

I'll elaborate now that I'm back on my laptop. What I would do is setup two bridges on the MikroTik. And then setup two VLANs say 1 and 200. Add those VLANs to the bridges... Setup the one bridge as a management network with the 10.5 network and setup the second as the hotspot network with the 10.4 range. This way you isolate your hotspot traffic from your management traffic.

The only caveat is that your other APs need to understand VLANs and be able to support them... But in order to really give you recommendations about that I have to know what all of the hardware you are using is.

-Eric

Vlans.

Sent from my SCH-I545 using Tapatalk

I'll elaborate now that I'm back on my laptop. What I would do is setup two bridges on the MikroTik. And then setup two VLANs say 1 and 200. Add those VLANs to the bridges... Setup the one bridge as a management network with the 10.5 network and setup the second as the hotspot network with the 10.4 range. This way you isolate your hotspot traffic from your management traffic.

The only caveat is that your other APs need to understand VLANs and be able to support them... But in order to really give you recommendations about that I have to know what all of the hardware you are using is.

-Eric

The config would look something like this...

ros code

/interface vlan
  add name=vlan-management id=1 interface=ether2
  add name=vlan-hotspot id=200 interface=ether2
/interface bridge
  add name=bridge-management
  add name=bridge-hotspot
/interface bridge port
  add interface=vlan-management bridge=bridge-management
  add interface=vlan-hotspot bridge=bridge-hotspot
/ip address
  add address=10.5.0.1/24 interface=bridge-management
  add address=10.4.0.1/24 interface=bridge-hotspot

Then setup the hotspot on the bridge-hotspot interface.

Makes perfect sense to me but just not familiar with vlans but i will try that setup.

n5jtt

Was going to send this by direct email, thinking your a ham, I looked on qrz and tryed the listed address, but we returned as not correct.

I also have this type system, maybe this will help.

So if I understand correctly, you are trying, from outside the network, to connect to any of your access points or the point to point radios, correct?

Are you able to connect to the main router?

There are a couple of things that you need to do to make this happen.

1) Your IP from the ISP needs to be set as static from the the ISP.
2) The ISP router needs to be set as a bridge.
3) If you are using a Mikrotik routerboard with at least two either ports, either 1 should be set to WLAN and connected to the ISP router, ONLY, with auto IP>(ISP issues 63.63.154.21 to the router).

4) Either2 will be where you set up the IP addressing for both the back bone and the hotspot and this is where either or switch or your first link radio connects.

Back bone IP's will be hidden from all users, hotspot will assign IP's to users, these need to be differant, (back bone 10.1.1.x and hotspot would be 10.6.6.x)

Now, if all the above is correct, on your computer you set a new network connection called VPN.

When you wish to connect to the system, you connect using the VPN to the system.

After you connect to the system, to connect to one of you access points, open you browser and in the address bar, enter the IP of the device, (ie access point2 10.1.1.200).

What type equipment are you using?

On your access points, disable DHCP as IPs come from the router and set each in the back bone network.

Lets figure out how to contact direct

I checked that out in QRZ.com and address is correct (moved here from texas) but email is very old email address. I am not very active in hamradio computer linux and wireless took over.
Email = n5jtt@yahoo.com

if someone can help.i have mikrotik with hotspot and behind him another mikrotik as ap.how i can be reached from outside to the ap.i have static address.
Her is my config:eth 1 is connect to isp modem,eth 2 is local network,eth 5 is hotspot interface config, master port=none.
hotspot address is 172.22.0.1/16
My Ap iss set up as ap bridge,with address 172.22.0.96/16
I can not remote ap from outside.
Thanks.

I solved problem.
Thank you.

Since the thread is already "resurrected" I would like to point out the actual root cause for anyone else having this issue:

If the AP has an IP address on the same network as a hotspot (even if the IP is a different range) then you need to add a permanent bypassed IP binding for each AP - Even though the IP is different than the hotspot range, the hotspot server is still going to intercept all traffic.

The management vlan solution is FAR better, so use that if possible. If not possible, then an IP binding is going to be required.