You are here

Connection to Home Router

7 posts / 0 new
Last post
KD0VWH
Connection to Home Router
I have done a lot of searching and have been able to partially get my setup working, but need some additional help to complete my setup.

Here is what I have

Home Router (Asus RT-AC68P) connected to a Mikrotik hAP ac (RB952Ui-5ac2nD-US) into port 1.

From the Mikrotik I have TP-Link CPE210 connected into port 5.

Both the Mikrotik and the TP-Link have been flashed with the latest firmware and I have done all the required setup, but I must be missing something.

If I connect via a laptop into one of the other ports on the Mikrotik (say port 2) I am able to communicate just fine with both the Mikrotik and the CPE210.  When I look at the mesh on the Mikrotik I can see the CPE210 as a neighbor and I can click on it and it will open up its page.

The issue is when I am using my home computer and connected to the Mikrotik via my home router, I am able to see the Mikrotik and gets to its configuration page with no problem.  I can see the CPE210 as a neighbor, but when I try and access the CPE210 I get an error that it can't reach the local.mesh:8080.

I have configured port forwarding in my Asus router on the 5525 port for the IP address that I assigned to the hAP ac on my home network.

What else do I need to be able to do in order to get to the CPE210 from my home network so that I don't have to plug in a separate laptop into the Mikrotik, while still protecting my home network?

I have attached pictures of the setup page for both my Mikrotik and hAP ac.

Thanks.

KD0VWH - Keith
 
File Attachment: 
K6CCC
K6CCC's picture
You don't - that way anyway.
You don't - that way anyway.

Port 1 on the hAP is used as a WAN interface for a tunnel.  Yes, you can access the local (connected) node, but the WAN port is not routed to the AREDN 10.x.y.z network.  The other part of the problem is that your computer has no idea how to route to a 10.x.y.z address,  I do things a little different, so I can't really explain the "normal" way of getting a computer on your home network to reach the AREDN network.  Hopefully someone else can.  BTW, port 5525 port forwarding is only used if you are operating as a Tunnel Server.

As I said, what I am doing is not "normal", but this is what I am doing.  I am not using a typical consumer grade router.  Port 1 on my hAP gets a DHCP address from one VLAN on router, and is used exclusively for tunnel connections (both as a tunnel server and a tunnel client).  Port 2 of the hAP is connected to a different VLAN (VLAN 5) on the router and on that LAN, the router is getting a DHCP address from the hAP.  My router has been told that traffic for 10.x.y.z can be reached on VLAN 5 with a gateway of the address of the hAP.  The router also knows that DNS service for .local.mesh can be obtained from the hAP.  So when this computer has traffic for a 10.x.y.z address, the computer sends it to the router on VLAN 101 (where this computer lives).  The router knows to send the traffic out VLAN 5 to the hAP and the hAP takes it from there.  If the computer first needs to do a DNS lookup for a .local.mesh url, the computer asks the router, which in turn asks the hAP.
Have I completely confused you?
 
nc8q
nc8q's picture
get to the CPE210 from my home network
"What else do I need to be able to do in order to get to the CPE210 from my home network so that I don't have to plug in a separate laptop into the Mikrotik, while still protecting my home network?"

Your setup is common and sensible.
Your results are expected.

1. Why do you want to 'get to the CPE210' from your home LAN instead of from your Mikrotik hAP's LAN?
2. Neither the Mikrotik hAP nor the CPE210 offers any protection to your home network.

If you connect your 'laptop' to the LAN of the Mikrotik, the laptop will have access to
of course the Mikrotik's LAN, the CPE210, your local AREDN-mesh LAN, your home LAN, and your home routers ISP network.

If you seek something else, please specify.
I hope this helps,
Chuck

 
AH6LE
I have a hAP Lite connected

I have a hAP Lite connected to my home Cisco router. My desktop computer has both CAT5 LAN and Wifi and my hAP tunnels into the local mesh.

So I have my Desktop CAT5 connected to the Cisco router (subnet 192.168.x.x) and its wireless connected to the hAP's Wifi (subnet 10.150.x.x). So I have access to both from my "main" computer. It works fine!

nc8q
nc8q's picture
I have access to both from my "main" computer. It works fine!

"So I have my Desktop CAT5 connected to the Cisco router (subnet 192.168.x.x) and its wireless connected to the hAP's Wifi (subnet 10.150.x.x).
So I have access to both from my "main" computer. It works fine!"

In your above setup, if you remove your Desktop's LAN connection to your home router, your Desktop will still have access to
the hAP, the hAP's LAN, your home router's LAN, and your home routers WAN (internet).
IOW, The Desktop's ethernet connection to your home router is redundant.

Chuck

K6CCC
K6CCC's picture
Windows sometimes does not
Windows sometimes does not handle multiple LAN connections very well - at least not without some tweeking.
 
km6zpo
km6zpo's picture
Windows sometimes does not

RE "Windows sometimes does not" 

Agreed!  Adding notes here in case anyone is searching for this issue.

The tweak I had to do in order to run multiple LAN connections to the same computer (one of for my outside WAN and the other is for the MESH) was that I had to set the Interface metric of the MESH connected lan to 10 so that DNS calls to anything on the mesh would be resolved via the MESH AP first before the other LAN interface (WAN) attempted DNS resolution. 

Problem: when running multiple NICS on the same Windows box, DNS queries to MESH devices are not answered.
Solution:
1) Go to: Control Panel\Network and Internet\Network Connections
2) Right click, properties of the MESH connected LAN
3) Highlight Internet Protocol Version 4 and click Properties
3a) NOTE: IP 6 should be unchecked!
4) In the Internet Protocol Version 4 Properties window, click Advanced...
5) Uncheck "Automatic metric" and set Inteface metric to 10.
6) Click OK to close Advanced window
7) Click OK to close Internet Protocol Version 4 Properties window
8) Click close to close Adapter properties.
9) Go to the Mesh Status page of your node.
10) Click any other node's name to test DNS resolution.

 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer