Groove AP Configuration

From Wiki
Jump to: navigation, search

Hardware

  • MikroTik GrooveA-2HPn
  • Firmware 6.18
  • License Level 4 (WISP AP)

Goal

The goal is to create a configuration for a GrooveA-2HPn with the following parameters:

  • One secured wireless network, using WPA/WPA2-PSK
  • Address are assigned via DHCP (192.168.17.16 to 192.168.17.254)
  • Most addresses are assigned based on MAC (192.168.17.10 to 192.168.17.159 reserved)
  • Some addresses are poll from pool (192.168.17.160 to 192.168.17.254)
  • Default route should be gateway of Ethernet port
  • One open wireless network
  • Address are assigned via DHCP (192.168.17.16 to 192.168.17.254)
  • Most addresses are assigned based on MAC (192.168.17.10 to 192.168.17.159 reserved)
  • Some addresses are poll from pool (192.168.17.160 to 192.168.17.254)
  • Optional Ethernet connection
  • Address obtained via DHCP
  • Secured wireless network should use Ethernet as default route
  • If NTP server available, Groove offers NTP service on wireless networks
  • Special requirements
  • Traffic on wireless networks is isolated from other wireless networks
  • Dynamically meshed APs
  • Bonus features
  • Currently, one Groove is designated as the master, primarily because of the DHCP requirement and potential Ethernet gateway. If any Groove can be the master, that would be ideal

What Works

  • Secured wireless network
  • Open wireless network
  • DHCP server for wireless networks, with fixed and dynamic addresses offerings
  • Wireless network traffic isolated (via bridge filters)
  • Ethernet obtains address via DHCP
  • Groove NTP clock set if NTP server available over Ethernet

What Doesn't Work

  • Can't find configuration where secured wireless network routes traffic to Ethernet, if Ethernet present.

Notes

Address 192.168.17.1 to 192.168.17.15 are reserved for the IP addresses of each of the Grooves on the wireless networks.

Assuming that 172.16.0.254 is the Ethernet default gateway, not sure the DHCP server can offer that address or not. The client may know the default gateway is 172.16.0.254, but without the default gateway being in the 192.168.17.0/24 range, it won't have an interface for it to route to. So the Groove should be offering 192.168.0.x as the default gateway, then route that to 172.16.0.254.

Because I can't be sure what IP addresses may be handed to the Groove on the Ethernet side, I don't want to hard-code default gateway numbers. My home network is 172.16.0.0/12, but if I go to a range with a DSL modem and plug this in, it may get 192.168.1.x addresses, and should handle that automatically.

I tried adding 'ether1' to the bridge ports, but that resulted in the Groove's DHCP server being used, and basically turned the Groove into a wireless bridge.

Supposedly routing is more efficient than filtering. This is not a high-traffic network, so there won't be much of a CPU load to worry about, but I don't understand how to isolate the wireless networks with the IP routing, without using different subnets. I tried that at one point, and a DHCP server can only be assigned to an interface. While I could assign any single subnet to an interface, I never figured how to have the secure wireless network on 192.168.17.0/24, and the unsecured wireless network on on 192.168.18.0/24. That's also sub-ideal, since I'd have to update two DHCP tables any time I added a device who's IP addresses I want assigned based on it's MAC.

License Level 4 is capable of the functions necessary. The only difference between 4, 5 and 6 is that 5 and 6 have a higher number of tunnels and HotSpot active users.