WIRELESS NETWORKING

Connect MikroTik to an open WiFi network and provide Internet over LAN and WLAN

We’ll show you how to set up a network, where you can assign and manage your local IP addresses and connect it to a public WiFi for internet access.

Krzysztof Radecki
Nov 4 · 7 min read
Figure 1. Mikrotik hAP ac lite (RB952Ui-5ac2nD)
Figure 2. Hackathon’s on-premise wireless status quo
Figure 3. Our modifications
  1. Turn one of the wireless interfaces into a WAN interface and connect it to an existing wireless network.

1. Resetting MikroTik router

ATTENTION: Make sure to perform all modifications using a wired network connection with your laptop connected to port LAN2, LAN3, LAN4 or LAN5. Wireless connection will most likely drop during this process and the Internet port is a designated WAN port hence there will be no access to the router when MikroTik is in its default configuration.

Figure 4. Using the command line to reset Mikrotik to factory settings
/system reset-configuration
Figure 5. Host verification failed error message after the configuration reset

2. Configuring the wireless security profile

First, we’ll need to configure the wireless security profiles. RouterOS uses the security profiles for:

  1. connecting to any guest wireless network.
/interface wireless security-profiles
set [ find default=yes ] \
authentication-types=wpa-psk,wpa2-psk \
mode=dynamic-keys \
supplicant-identity=MikroTik \
wpa-pre-shared-key=MySecretPassword \
wpa2-pre-shared-key=MySecretPassword
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk \
management-protection=allowed \
mode=dynamic-keys name=dac_office \
supplicant-identity=MikroTik \
wpa-pre-shared-key=MySecretPassword \
wpa2-pre-shared-key=MySecretPassword

3. Configuring the wireless interfaces

Now that we have prepared the profiles, let’s configure the wireless interfaces. As we’ve mentioned before, the hAP ac lite has two: wlan1 working in the 2,4GHz range and wlan2 working in the 5Ghz range. We will use the 5GHz one to connect to an existing access point to provide better internet speed. First, we must investigate the on-premise wireless network we’ll be trying to establish a connection with:

/interface wireless scan wlan2
Figure 6. Wireless network scanning from the CLI
Figure 7. The output of the wireless networks scan
/interface wireless
set [ find default-name=wlan1 ] \
band=2ghz-b/g/n \
disabled=no frequency=2412 \
mode=ap-bridge \
ssid=DAC_PrivateNetwork \
wireless-protocol=802.11
/interface wireless
set [ find default-name=wlan2 ] \
band=5ghz-a/n/ac \
channel-width=20/40mhz-Ce \
disabled=no \
distance=indoors \
frequency=5200 \
mode=station-bridge \
security-profile=dac_office \
ssid=DAC \
wireless-protocol=802.11

4. Configure the interface lists members

Looking good so far. Now we must configure the interface lists. MikroTik comes with two predefined ones: LAN and WAN. Both come with a set of pre-configured parameters for LAN and WAN connectivity respectively. By default, the ether1 is assigned to WAN list and ether2-ether5, wlan1 and wlan2 are bridged and assigned to theLAN list. Let’s identify the interface number associated with the WAN:

/interface list member print
Figure 8. The output of interface member list command
/interface list member remove numbers=1
/interface list member
add comment=defconf interface=wlan2 list=WAN

5. Configuring the bridge

We’re almost there. As we’ve mentioned before, ether2-ether5 as well as wlan1 and wlan2 interfaces are bridged in the default configuration. We need to change that. The wlan2 interface must be removed from the bridge and the ether1 port must be added to it. First, let’s identify the number of the wlan2 port in the bridge configuration:

/interface bridge port print
Figure 9. The default bridge interfaces
/interface bridge port remove numbers=5
/interface bridge port
add bridge=bridge comment=defconf interface=ether1

6. Wrapping up — configuring the DHCP client

Great! One final thing to do. We need to configure the DHCP-client to be associated with thewlan2 interface. Our working assumption is that the wireless network we are connecting to has a DHCP server that will assign an IP address to our router (just as it would assign it to your laptop, should you connect to it directly):

/ip dhcp-client
add comment=defconf \
dhcp-options=hostname,clientid \
disabled=no \
interface=wlan2

7. Closing remarks

Bear in mind that this is not the most optimal network configuration. You are behind a double NAT (MikroTik’s and the one in the on-premise network), but you have the ability to assign static IP addresses within your own private network. If you’re looking for a permanent solution, you should definitely do your research, but for our short term use case, it was more then enough.

DAC Technology Blog

Learn how we use tech to solve our clients’ problems

Krzysztof Radecki

Written by

CTO at DAC | Co-founder and CEO at Harinezumi OÜ

DAC Technology Blog

Learn how we use tech to solve our clients’ problems

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade