Bridging Networks With SXT - Seri 2

8/19/2019 Bridging Networks With SXT - Seri 2

1/9

TKJ SMK Informatika Wonosobo – Indonesia P a g e | 1 |

Bridging Networks with SXT

Two RouterBOARD SXT devices can be used to establish transparent wireless point-to-point network link. There are

multiple options how to do that. This guide shows the most simple and easiest way how to do that by using bridge wireless

mode on one side and station-bridge wireless mode on the other side.

RouterBOARD SXT devices has only Level 3 RouterOS license, but even with that it is possible to make wireless

connection between two SXT devices.

Contents

1. Make connection to the RouterBOARD SXT

2. Configure the first SXT device to the wireless bridge mode

3. Configure the second SXT device to the wireless station-bridge mode

4. Finetuning the RouterOS configuration to get the max speed

Make connection to the RouterBOARD SXT

There are multiple ways how to connect to the RouterBOARD (winbox, webfig, telnet, ssh, ...), but this guide will show

how to configure the device using Winbox utility. Winbox utility can be downloaded from the MikroTik webpage (Winbox) or from the RouterBOARDs webpage. The SXT device by default has IP address 192.168.88.1 configured as a

default IP address on the ethernet interface. In order to connect to the SXT device make sure your computers IP address

range is form the same network address space. Connect the ethernet cable from the PC to the SXT device and power it on.

Open the Winbox utility and in the "Connect To" field write the IP address of the SXT device. If it can't connect click on the

"..." button to search for a RouterOS based devices. In that discovery windows select the SXT device IP or MAC which you

found and click Connect.

Configure the first SXT device to the wireless bridge mode

SXT device has build in default wireless configuration already, so only few changes are needed to be done. Open Wireless

menu and select the wireless interface. Change the Mode setting to "bridge" and specify the "frequency" on which the

wireless radio will be operating. If you don't see your countries allowed frequencies, then click in the "Advanced Mode" and

chose your country from the "country" dropbox field and then chose the frequency. It is recommended to use the frequency

that is in the bold in the wireless frequency drop down field. It is suggested to click on a "Apply" after each setting change

as if you configure some setting incorrectly every setting will be reverted to the previous state (not recommended when the

link is already active and running).

http://www.mikrotik.com/download/winbox.exehttp://www.mikrotik.com/download/winbox.exehttp://wiki.mikrotik.com/wiki/File:Sxt_winbox1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_setup1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_winbox1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_setup1.pnghttp://www.mikrotik.com/download/winbox.exe


2/9


Disable the NAT (masquerade) rule in the IP Firewall NAT menu as it is not needed when the transparent wireless setupo isused. Disable the Firewall rule the IP Firewall Filter Input chain.

Disable the DHCP server and DHCP client as they are not needed in the transparent wireless setup. Go to the IP DHCPServer menu and disable the server. Go to the IP DHCP Client menu and disable the client.

Create a Bridge interface and add add ethernet and wireless interface to the bridge ports. Open Bridge menu and click on

"+" and press OK. Open Bridge Ports menu and add 2 entries, one with ethernet interface added to the bridge and second

with wireless interfaces added to the bridge.

http://wiki.mikrotik.com/wiki/File:Sxt_dhcp1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_nat1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_advanced1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_dhcp1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_nat1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_advanced1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_dhcp1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_nat1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_advanced1.png


3/9


It is advised to do so as the default IP address that the SXT device usually is used only for initial configuration as you may

confuse the SXT device with the other one if they both will be online in the same network. Add an IP address to the bridge

interface to communicate to the router after the SXT device will be deployed in the network. IP address can be added fromthe IP Address menu.

The basic configuration for the Bridge mode device is done.

http://wiki.mikrotik.com/wiki/File:Sxt_ip1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_bridge1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_ip1.pnghttp://wiki.mikrotik.com/wiki/File:Sxt_bridge1.png


4/9


Configure the second SXT device to the wireless station-bridge mode

Connect to the second SXT device the same way as it is described in first step. Configuration of the second SXT device is

similar to the first one.

Open Wireless menu and select the wireless interface. Change the Mode setting to "station-bridge". Make sure that you use

the same country as the first SXT device. In order to change the country setting you need to click on the "Advanced Mode" button and then you will see the country field.

[image with station-bridge and county]

Disable the NAT (masquerade) rule in the IP Firewall NAT menu as it is not needed when the transparent wireless setupo is

used. Disable the Firewall rule the IP Firewall Filter Input chain.

[image on NAT disable and filter disable]

Disable the DHCP server and DHCP client as they are not needed in the transparent wireless setup. Go to the IP DHCP

Server menu and disable the server. Go to the IP DHCP Client menu and disable the client.

[image with both menus]

Create a Bridge interface and add add ethernet and wireless interface to the bridge ports. Open Bridge menu and click on

"+" and press OK. Open Bridge Ports menu and add 2 entries, one with ethernet interface added to the bridge and second

with wireless interfaces added to the bridge.

[image with bridge port add dialog for both interfaces]

It is advised to do so as the default IP address that the SXT device usually is used only for initial configuration as you may

confuse the SXT device with the other one if they both will be online in the same network. Add an IP address to the bridge

interface to communicate to the router after the SXT device will be deployed in the network. IP address can be added from

the IP Address menu.

[image with IP address adding]

The basic configuration for the Station-bridge device is done.

Finetuning the RouterOS configuration to get the max speed

After both devices are configured you should be able to see from the station-bridge device that the wireless connection is

established. It also means that the transparent setup should be working fine and you should be able to communicate between

both networks that are connected to the SXT ethernet sides.

http://wiki.mikrotik.com/wiki/Bridging_Networks_with_SXT

http://wiki.mikrotik.com/wiki/Bridging_Networks_with_SXThttp://wiki.mikrotik.com/wiki/Bridging_Networks_with_SXThttp://wiki.mikrotik.com/wiki/Bridging_Networks_with_SXT


5/9


Building to Building PTP links using MikroTik Wireless Products

We are often asked how to make building to building or „point to point‟ wireless links. As the MikroTik interfacedoes not change between models this „How To‟ can apply to any MikroTik Wireless based device. For this HowTo I will be using a pair of the new MikroTik SXT AC‟s, to create a L2 transparent wireless bridge in a simplepoint to point mode (PtP). This How To can also apply to point to multi point scenarios (PtMP). One SXT will be

set up in „Bridge‟ mode (effectively an AP) and the other as „Station Bridge‟ (i.e. the „client‟), to ensure bestperformance the link will be created and secured using the Mikrotik NV2 TDMA based protocol.

Step 1 – The first port of call for configuring anyMikrotik device is to manually change your systems IPaddress in order to communicate with theMikrotik equipment effectively, in this How To I will beusing 192.168.88.2 as my system IP initially and thenswapping back to DHCP once the link is established.(note that Mikrotik devices are configured on192.168.88.1 for Ether 1 from the manufacturer bydefault).

Step 2 – Once a static IP has been set on your computer you will be able to log in and configure the Mikrotik Wireless device using the free Winbox tool provided by Mikrotik HERE, there is also a web gui tool (WebFig) butwe will not be using that for this How To. Once Winbox is downloaded and launched you will be able to see yourfirst Mikrotik Wireless device under the neighbours tab (only plug in one device directly into your system at atime for initial configuration). If the device does not immediately appear, press the „Refresh‟ button.

http://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://download2.mikrotik.com/routeros/winbox/3.0beta3/winbox.exehttp://download2.mikrotik.com/routeros/winbox/3.0beta3/winbox.exehttp://download2.mikrotik.com/routeros/winbox/3.0beta3/winbox.exehttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttps://blog.linitx.com/wp-content/uploads/2014/10/CaptureMT.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/Winbox.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/CaptureMT.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/Winbox.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/CaptureMT.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/Winbox.jpghttp://linitx.com/brand/mikrotikhttp://download2.mikrotik.com/routeros/winbox/3.0beta3/winbox.exehttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotik


6/9


Step 3 – Connect to the first wireless device using its default IP of 192.168.88.1 default username will be adminwith no password set. Once connected a new window will appear with many options, see image below forreference.

Step 4 – Now that we are logged into the Mikrotik we can begin configuring it for use in ourPTP link, the first one we are going to configure is the access point which might be plugged

directly into a switch in the main office, or a broadband router at home. To enable us totransparently bridge Layer 2 traffic across the link, we are going to bridge the ethernet andthe wireless interfaces together. Doing this will also allow a DHCP server to assign theMikrotik a unique Network IP which will allow for easy configuration in the future on yourinternal network, which may not be on the same 192.168.88.0/24 network. To create abridge simply select bridge from the left menu, a new window will appear within Winbox.Select the + symbol to create a new bridge and give it a meaning full name e.g. “Wirelessbridge”.

Step 5 –

Now that we have a bridge we have to assign the interfaces to it, on a Mikrotik SXT or Netmetal younormally have 2 interfaces, namely wlan1 and Ether1-local. An OmniTik for example will have more ethernetinterfaces. To assign interfaces to the bridge simply select the ports tab under the „Bridge‟ window and use the +to add the required interfaces, for this SXT I have assigned both „ether1-local‟ and „wlan1‟ to the new bridge.

Step 6 –

Now that we have a working bridge we need to instruct that bridge to receive an IP address from theDHCP server/router, to do this select „IP‟ from the left hand menu followed by DHCP Client then + to add a newclient interface, next select the bridge interface that we created earlier. Nothing will happen at this stageproviding the Mikrotik is directly connected to your system. (Once we‟re finished, we will remove the static IPcurrently on ether1-local).

http://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttps://blog.linitx.com/wp-content/uploads/2014/10/winboxblank.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/bridge-ports.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/wireless-bridge.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/winboxblank.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/bridge-ports.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/wireless-bridge.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/winboxblank.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/bridge-ports.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/wireless-bridge.jpghttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotik


7/9


Step 7 – Now its time to configure the Wireless interface on our Mikrotik to broadcast a secure wireless signalfor our station side to connect to. This can be done by selecting Wireless from the left hand menu followed by

double clicking „wlan1-gateway‟ from the interface list (normally only 1 Wlan interface is listed but it‟s actualname may change depending on the type of MikroTik RouterBoard). This will bring up a new window with manyoptions, select the wireless tab within the new window and then click on „Advanced mode‟. More options will nowappear but don‟t panic! First thing we should configure is the frequency mode which will automatically bring theMikrotik into Compliance with local regulatory guidelines (set by Ofcom in the UK), ensure that Frequency Modeis set to „regulatory-domain‟ and the county is set to the country that the Mikrotik will be operating in. In this case,I have selected United Kingdom. Once this is done „simple mode‟ can be re -selected or you can continue to workin Advanced mode.

Step 8 – Still in the wireless tab under the wireless interface configuration window change the Mode to „apbridge‟ and the SSID to something appropriate, I used „Mikrotik PTP‟. If the SXT only has a Level 3 license, thenthe mode „ap bridge‟ is not available, so select „bridge‟ instead. For a point to point system, there is nodifference between „ap bridge‟ and „bridge‟ wireless modes. For point to multi-point, you will need a MikroTik

RouterBoard wireless product with a Level 4 license. Wireless protocol should now be changed to „nv2‟, by doingthis simple change we have added a substantial layer of reliability to the wireless signal we are producingcompared to using 802.11 WiFi mode. No conventional wireless client such as laptop or phone cancommunicate on the NV2 protocol as they don‟t understand it only Mikrotik devices can use NV2. (Notethat there are also no device drivers available for Windows, Linux or Mac OSX as the NV2 mode is a proprietaryTDMA based system).

http://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttps://blog.linitx.com/wp-content/uploads/2014/10/DHCP-Client.jpghttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotik


8/9


Step 9 – To add a significant amount of extra security to the link we are creating, navigate to the NV2 tab underthe wireless interface configuration window, tick the security box and enter in a Preshared key of your choosing,click apply when done. NV2 will then switch to encrypting the wireless data using AES.

Step 10 – The first Mikrotik is now ready and can be plugged in to the main network (it‟s wise to delay actuallymounting this unit, until the second unit isconnected and tested). Plug in thesecond Mikrotik direct to your computer

(this will be the Station device for theremote end we are connecting to) andrepeat steps 1-7 on this second device.

Step 11 – The mode for this Mikrotik shoudl be set to „station bridge‟ with allother settings remaining the same as lasttime with the SSID set to the same asbefore and Wireless protocol set to nv2.Select the NV2 tab and enter the same AES preshared key as you did on the lastdevice, Select apply.

http://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttps://blog.linitx.com/wp-content/uploads/2014/10/Nv2.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/Wirelessconf.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/Nv2.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/Wirelessconf.jpghttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotik


9/9


Step 12 (Testing) – If everything has gone toplan with the previous steps we should nowhave a wireless link between the 2 Mikrotik devices, therefore we will now test this link.

Ensure that the AP end configured earlier isplugged into your main network and leave thestation end device plugged into your computer.Do not connect the station client end into thesame network as your AP device, otherwisewhen the wireless connects, it will create abroadcast storm! To see if the devices haveconnected open a winbox connection to thedevice you have plugged in and selectWireless from the left hand menu, select the„Registration‟ table and you will see theconnection in this window, if nothing isdisplayed please go over the previous steps.

Next remove the static IPs set on each of the two devices‟ ether1 interfaces and also the fixed IP on yourcomputer (see step 1). Your computer should now be served an IP address over the wireless link from your ownDHCP server. Providing the AP is connected to your main network which also serves the internet you will nowhave full internet access subject to any network access restrictions and policies already in affect. Both Mikrotik devices will also have received an IP address from the DHCP Server with means that you will be able to winboxto either device once they connected to the same network and the wireless link is connected.

Step 13 – Mount both devices in the respective locations and angle them towards each other ensuring full radioline of site (remember – just because YOU can see the other end with your eyes, does not mean the same thingas the radios being able to „see‟ each other. Read up on Fresnel Zone!) For the best connection, there are LEDson the rear of Mikrotik PTP devices with can aid in precise positioning by indicating signal strength.

https://blog.linitx.com/howto-building-building-ptp-links-mikrotik-wireless-products/
http://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttps://blog.linitx.com/wp-content/uploads/2014/10/wirelessst.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/wirelessreg.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/wirelessst.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/wirelessreg.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/wirelessst.jpghttps://blog.linitx.com/wp-content/uploads/2014/10/wirelessreg.jpghttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotikhttp://linitx.com/brand/mikrotik

Documents

Bridging Networks With SXT - Seri 2