HowTo: Building to Building PTP links using MikroTik Wireless Products

748_l

We are often asked how to make building to building or ‘point to point’ wireless links. As theMikroTik interface does not change between models this ‘How To’ can apply to any MikroTikWireless based device. For this How To I will be using a pair of the new MikroTik SXT AC’s, to create a L2 transparent wireless bridge in a simple point to point mode (PtP).  This How To can also apply to point to multi point scenarios (PtMP). One SXT will be set up in ‘Bridge’ mode (effectively an AP) and the other as ‘Station Bridge’ (i.e. the ‘client’), to ensure best performance the link will be created and secured using the Mikrotik NV2 TDMA based protocol.
Step 1 – The first port of call for configuring any Mikrotik device is to manually change your systems IP address in order to communicate with the Mikrotik equipment effectively, in this How To I will be using 192.168.88.2 as my system IP initially and then swapping back to DHCP once the link is established. (note that Mikrotik devices are configured on 192.168.88.1 for Ether 1 from the manufacturer by default).
CaptureMTlinuxIPMTOSX-IP-confMT






Step 2 – Once a static IP has been set on your computer you will be able to log in and configure the Mikrotik Wireless device using the free Winbox tool provided by Mikrotik HERE, there is also a web gui tool (WebFig) but we will not be using that for this How To. Once Winbox is downloaded and launched you will be able to see your first Mikrotik Wireless device under the neighbours tab (only plug in one device directly into your system at a time for initial configuration).  If the device does not immediately appear, press the ‘Refresh’ button.
Winbox
Step 3 – Connect to the first wireless device using its default IP of 192.168.88.1  default username will be admin with no password set. Once connected a new window will appear with many options, see image below for reference.
winboxblank
Step 4 – Now that we are logged into the Mikrotik we can begin configuring it for use in our PTP link, the first one we are going to configure is the access point which might be plugged directly into a switch in the main office, or a broadband router at home. To enable us to transparently bridge Layer 2 traffic across the link, we are going to bridge the ethernet and the wireless interfaces together.  Doing this will also allow a DHCP server to assign the Mikrotik a unique Network IP which will allow for easy configuration in the future on your internal network, which may not be on the same 192.168.88.0/24 network. To create a bridge simply select bridge from the left menu, a new window will appear within Winbox. Select the + symbol to create a new bridge and give it a meaning full name e.g. “Wireless bridge”.
wireless bridge
Step 5 – Now that we have a bridge we have to assign the interfaces to it, on a Mikrotik SXT or Netmetal you normally have 2 interfaces, namely wlan1 and Ether1-local. An OmniTik for example will have more ethernet interfaces. To assign interfaces to the bridge simply select the ports tab under the ‘Bridge’ window and use the + to add the required interfaces, for this SXT I have assigned both ‘ether1-local’ and ‘wlan1’ to the new bridge.
bridge ports
Step 6 –  Now that we have a working bridge we need to instruct that bridge to receive an IP address from the DHCP server/router, to do this select ‘IP’ from the left hand menu followed by DHCP Client then + to add a new client interface, next select the bridge interface that we created earlier. Nothing will happen at this stage providing the Mikrotik is directly connected to your system.  (Once we’re finished, we will remove the static IP currently on ether1-local).
DHCP Client
Step 7 – Now its time to configure the Wireless interface on our Mikrotik to broadcast a secure wireless signal for our station side to connect to. This can be done by selecting Wireless from the left hand menu followed by double clicking ‘wlan1-gateway’ from the interface list (normally only 1 Wlan interface is listed but it’s actual name may change depending on the type ofMikroTik RouterBoard). This will bring up a new window with many options, select the wireless tab within the new window and then click on ‘Advanced mode’. More options will now appear but don’t panic! First thing we should configure is the frequency mode which will automatically bring the Mikrotik into Compliance with local regulatory guidelines (set by Ofcom in the UK), ensure that Frequency Mode is set to ‘regulatory-domain’ and the county is set to the country that the Mikrotik will be operating in. In this case, I have selected United Kingdom. Once this is done ‘simple mode’ can be re-selected or you can continue to work in Advanced mode.
Step 8 – Still in the wireless tab under the wireless interface configuration window change the Mode to ‘ap bridge’  and the SSID to something appropriate, I used ‘Mikrotik PTP’. If the SXT only has a Level 3 license, then the mode ‘ap bridge’ is not available, so select ‘bridge’ instead.  For a point to point system, there is no difference between ‘ap bridge’ and ‘bridge’ wireless modes.  For point to multi-point, you will need a MikroTik RouterBoard wireless product with a Level 4 license. Wireless protocol should now be changed to ‘nv2’, by doing this simple change we have added a substantial layer of reliability to the wireless signal we are producing compared to using 802.11 WiFi mode. No conventional wireless client such as laptop or phone can communicate on the NV2 protocol as they don’t understand it onlyMikrotik devices can use NV2.  (Note that there are also no device drivers available for Windows, Linux or Mac OSX as the NV2 mode is a proprietary TDMA based system).
Wirelessconf
Step 9 – To add a significant amount of extra security to the link we are creating, navigate to the NV2 tab under the wireless interface configuration window, tick the security box and enter in a Preshared key of your choosing, click apply when done.  NV2 will then switch to encrypting the wireless data using AES.
Nv2
Step 10 – The first Mikrotik is now ready and can be plugged in to the main network (it’s wise to delay actually mounting this unit, until the second unit is connected and tested).  Plug in the second Mikrotik direct to your computer (this will be the Station device for the remote end we are connecting to) and repeat steps 1-7 on this second device.
Step 11 – The mode for this Mikrotik shoudl be set to ‘station bridge’ with all other settings remaining the same as last time with the SSID set to the same as before and Wireless protocol set to nv2. Select the NV2 tab and enter the same AES preshared key as you did on the last device, Select apply.
wirelessst
Step 12 (Testing) – If everything has gone to plan with the previous steps we should now have a wireless link between the 2 Mikrotik devices, therefore we will now test this link. Ensure that the AP end configured earlier is plugged into your main network and leave the station end device plugged into your computer. Do not connect the station client end into the same network as your AP device, otherwise when the wireless connects, it will create a broadcast storm! To see if the devices have connected open a winbox connection to the device you have plugged in and select Wireless from the left hand menu, select the ‘Registration’ table and you will see the connection in this window, if nothing is displayed please go over the previous steps.
wirelessreg
Next remove the static IPs set on each of the two devices’ ether1 interfaces and also the fixed IP on your computer (see step 1). Your computer should now be served an IP address over the wireless link from your own DHCP server. Providing the AP is connected to your main network which also serves the internet you will now have full internet access subject to any network access restrictions and policies already in affect. Both Mikrotik devices will also have received an IP address from the DHCP Server with means that you will be able to winbox to either device once they connected to the same network and the wireless link is connected.
Step 13 –  Mount both devices in the respective locations and angle them towards each other ensuring full radio line of site (remember – just because YOU can see the other end with your eyes, does not mean the same thing as the radios being able to ‘see’ each other. Read up on Fresnel Zone!) For the best connection, there are LEDs on the rear of Mikrotik PTP devices with can aid in precise positioning by indicating signal strength.
MIkroLED

Comments

Popular posts from this blog

DMASOFTLAB RADIUS MANAGER BILLING SYSTEM v 4.1 Finally Released

How To Configure Nano Station M2 As Access point