Groove AP Configuration

From Wiki
Jump to: navigation, search


  • MikroTik GrooveA-2HPn
  • Firmware 6.18
  • License Level 4 (WISP AP)


The goal is to create a configuration for a GrooveA-2HPn with the following parameters:

  • One secured wireless network, using WPA/WPA2-PSK
  • Address are assigned via DHCP ( to
  • Most addresses are assigned based on MAC ( to reserved)
  • Some addresses are poll from pool ( to
  • Default route should be gateway of Ethernet port
  • One open wireless network
  • Address are assigned via DHCP ( to
  • Most addresses are assigned based on MAC ( to reserved)
  • Some addresses are poll from pool ( to
  • Optional Ethernet connection
  • Address obtained via DHCP
  • Secured wireless network should use Ethernet as default route
  • If NTP server available, Groove offers NTP service on wireless networks
  • Special requirements
  • Traffic on wireless networks is isolated from other wireless networks
  • Dynamically meshed APs
  • Bonus features
  • Currently, one Groove is designated as the master, primarily because of the DHCP requirement and potential Ethernet gateway. If any Groove can be the master, that would be ideal

What Works

  • Secured wireless network
  • Open wireless network
  • DHCP server for wireless networks, with fixed and dynamic addresses offerings
  • Wireless network traffic isolated (via bridge filters)
  • Ethernet obtains address via DHCP
  • Groove NTP clock set if NTP server available over Ethernet

What Doesn't Work

  • Can't find configuration where secured wireless network routes traffic to Ethernet, if Ethernet present.


Address to are reserved for the IP addresses of each of the Grooves on the wireless networks.

Assuming that is the Ethernet default gateway, not sure the DHCP server can offer that address or not. The client may know the default gateway is, but without the default gateway being in the range, it won't have an interface for it to route to. So the Groove should be offering 192.168.0.x as the default gateway, then route that to

Because I can't be sure what IP addresses may be handed to the Groove on the Ethernet side, I don't want to hard-code default gateway numbers. My home network is, but if I go to a range with a DSL modem and plug this in, it may get 192.168.1.x addresses, and should handle that automatically.

I tried adding 'ether1' to the bridge ports, but that resulted in the Groove's DHCP server being used, and basically turned the Groove into a wireless bridge.

Supposedly routing is more efficient than filtering. This is not a high-traffic network, so there won't be much of a CPU load to worry about, but I don't understand how to isolate the wireless networks with the IP routing, without using different subnets. I tried that at one point, and a DHCP server can only be assigned to an interface. While I could assign any single subnet to an interface, I never figured how to have the secure wireless network on, and the unsecured wireless network on on That's also sub-ideal, since I'd have to update two DHCP tables any time I added a device who's IP addresses I want assigned based on it's MAC.

License Level 4 is capable of the functions necessary. The only difference between 4, 5 and 6 is that 5 and 6 have a higher number of tunnels and HotSpot active users.