Advice on repurposing some networking gear

ThunderRd

ThunderRd

Irreverent Query Chairman
Staff member
My home network is like this:

75/20 Fiber connection endpoint

to

Zyxel SBG-3300 https://www.zyxel.com/products_serv...l-Business-Security-Gateway-SBG3300-N-Series/
Connecting via PPPoE. This gateway device handles all wireless connections and I run a DHCP server on it, assigning IPs in the 192.168.1.30 - 192.168.1.99 range to the wireless clients

to

Linksys LGS308 8-port managed switch https://www.linksys.com/us/p/P-LGS308/
This switch handles all LAN clients, [computers and Smart TVs] all with fixed IPs in the 192.168.1.10 - 192.168.1.29 range

I am quite satisfied with this setup, it's secure and easy to manage. I lock down the access to the WLAN with MAC authentication unless I'm throwing a party, in which case I can allow guests easy access by removing the MAC restrictions.

But I've outgrown the 8 ports on the switch (I need at least 10 LAN ports now), and have no desire to buy a bigger one.

I have some good gear hanging around from when I closed one of my shops last year, specifically this router: Mikrotik CCR1016-12g https://mikrotik.com/product/CCR1016-12G

Now, this is a serious piece of network gear, and it's overkill for my purposes, but it's already paid for. So, I'd like to repurpose the existing Zyxel gateway as a WAP, and use this router as the gateway, keeping the WLAN behind the Mikrotik router.

It runs RouterOS, which is a Linux-based router operating system. It's complex. I've been playing around with this for several days, but I'm not a networking savant. I currently have the gear working differently from what I actually want - using the router in bridge mode, so it functions as a 12-port switch replacing the smaller switch, and behind the Zyxel.

When I started mucking about with it, I had no problem setting up the new router as the gateway, performing the PPPoE authentication with the ISP and handling the wired LAN clients, but for the life of me I could not figure out how to get the WLAN working properly, so I've reverted the network to running using the router as a 12-port switch, as I mentioned before.

Before I get deeper into this, does anyone have any useful suggestions on how to get this done? I know it requires running a bridge interface for the port that will handle the Zyxel unit, but I think there is more to it than just that. Do I need to create a VLAN with a different IP range? From what I see, every port can be configured separately for its own purpose.

https://wiki.mikrotik.com/wiki/Manual:TOC
 
Wow, nice setup there!
I wish I had more experience in networking to help you out. One day I would like to have a setup like yours. I mostly have PC's and no wireless... so it should be easy for me.

Maybe Gizmo will have some suggestions?

PS - Let me know if you have any switches laying around. I would love to buy one off you.
 
Yeah, sorry, I'm a dry well. I've messed with PPPoE enough to be able to set it up when I have to, but it usually involves several hours of cussing and reading documentation every time I do it.
 
I have an old friend who is pretty good at networking and all this stuff. I'll ask him...
 
Oh, the PPPoE authentication stuff is already working, and so are the wired clients. No problem there. The wired network functions as it should, although I have yet to work on the firewall rules. That shouldn't be any trouble.

My problem is the bridging procedure to the wireless AP. It looks right, but it doesn't work.

I have a RouterOS reference book due to be delivered tomorrow. That may help.
 
Dunno about the bridging; I'm a little curious why you are doing it that way?

Seems to me like it would be easier to have the Mikrotik sit at 192.168.1.0/24, and put the WAP at 192.168.2.0/24. Have the WAP use the Mikrotik as its default gateway, and tell the Mikrotik that all traffic for 192.168.2.0/24 goes to whatever IP you assign the router interface on the WAP.

This allows you to have the WAP manage DHCP for it's entire space, keep the two networks separate, but still allow communication between them. If you want the servers in a DMZ so that the WAP folks can't see them, you should be able to easily accommodate that by letting 192.168.2.0/24 traffic go only to the internet at the Mikrotik router. You can even allow only SPECIFIC WAP IPs to access your servers.

I'm sure you know all of this, so I'm a little confused?
 
I guess what I was trying to do was to have the wireless clients in the 192.168.1.0/24 subnet along with the wired LAN, but what you are saying is better; just create a new subnet for the WLAN.

I'm probably guilty of the wrong terminology as well. The 'bridging' I spoke of refers to the individual configuration of the physical ethernet ports on the device to a master port, in this case ether2, which is the assigned port attached to the gateway address 192.168.1.1.

Ether1 is the service port assigned to the PPPoE conection from the fiber endpoint. But all the other 10 ethernet ports are not configured by default; I have to 'bridge' each one individually to ether2 so they all carry the same signal.

Where I was probably wrong, as you have said, is creating WLAN1 and placing it on, say, ether12, and then attempting to bridge it to ether2, without changing the subnet of the WAP device.

The book is in my hands now, so I expect I'll figure it out soonish. This video shows what I'm talking about regarding the physical ports themselves. Although the video is for a far simpler model than the one I have, and uses out of date configuration software, the concept is clear:

It's a daunting piece of hardware if one isn't really network-savvy. I guess I know more than the average guy, but that means I have enough knowledge to be dangerous, LOLZ
 
You must log in or register to reply here.
Back
Top