MikroTik

Community discussions
https://forum.mikrotik.com/

Layer-3 forwarding for AP with L2 client forwarding disabled

https://forum.mikrotik.com/viewtopic.php?t=86052

Page 1 of 1

Layer-3 forwarding for AP with L2 client forwarding disabled

Posted: Sun Jun 15, 2014 6:14 pm
by taduikis
Hi,

I'm currently struggling at the setup that for easier understanding I provided example picture below.

Let's say there's an AP with forwarding between wireless clients disabled. While disabling forwarding is a good thing for security this also means any communication between wireless clients that got IP addresses assigned from within same subnet is not possible. What I'd like to do is to somehow let Layer-3 forwarding through a gateway they all share. This is of course required for firewalling, centralized bandwidth and access control in general.

I don't want PPPoE and /32 tunnels, bridge firewalling at AP is also not favorable.

Is this even theoretically possible or I'm missing something?
fwd-routing.png

Re: Layer-3 forwarding for AP with L2 client forwarding disa

Posted: Sun Jun 15, 2014 10:35 pm
by taduikis
Well, seems like I found acceptable solution already. At first look, Proxy-ARP seems to be a solution, but it doesn't work on the same/single interface. So you need what cisco calls - Local Proxy-ARP. MikroTik doesn't really have it by default, but this guy here ingeniously thought how to make one. Gotta love MikroTik and this forum :)

For those who are interested here are some links that explains the problem in more detail:
http://en.wikipedia.org/wiki/MAC-Forced_Forwarding
http://serverfault.com/questions/212074 ... -interface
https://learningnetwork.cisco.com/threa ... 0&tstart=0

Still, if anyone has suggestions or thoughts, you're always welcome to share :)
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/