A Mikrotik RouterBoard 951 2HnD working as an AP to a pfSense interface



  • Good evening,
    I know how to create an AP, using an internal AP- card.
    Will it be possible to connect with an RJ-45 an AP, like the one described into the subject, to an interface of the pfSense and still to be able to use it as an actual AP, and how if it is possible?
    Thank You and Best Regards,
    sean



  • @agrozdanov:

    … and still to be able to use it as an actual AP...

    What's your difference between an "actual AP" and an AP connected to your pfSense?



  • Hi Chris,
    I tried to do it with an Access Point before and it didn't work. I mean, if you know other products like SmoothWall Express e.g., there is a Purple Interface there in which you are plugging the AP and it is working + you have access to its web- interface for setups.
    How to configure this in pfSense with a Mikrotik RouterBoard 951 2HnD which is an actual AP - https://routerboard.com/RB951G-2HnD?
    Best Regards,
    Asen



  • Actual, I used just to emphasize it is not a wireless card…



  • @agrozdanov:

    …there is a Purple Interface there in which you are plugging the AP and it is working + you have access to its web- interface for setups...

    Nothing keeps you from doing so in pfSense (except for purple).
    Depending on your configuration it's probably an additional interface you have to configure before use, including rules, DHCP server and what have you.



  • Thank you Chris,
    Can you give a hand with this?
    I still cannot access from a PC the interface of Mikrotik. I see all of my rules seem ok but I have no connectivity.
    Best Regards,
    agrozdanov



  • post screenshots maybe? My Chris-tal ball is broken.



  • Indeed Chris you are completely right  :), sorry for the delay of replaying.
    I have one spare Dell- server on which I have installed CentOS 7 with KVM as hypervizor.
    I have created a virtual pfSense- router with two interfaces - WAN and LAN, both in BRIDGE- mode (KVM- has a warning while using BRIDGE - "In most configurations, macvtap does not work for host to guest network communication"). WAN's IP (with DHCP) is 172.24.50.56/24, and the LAN's one (Manually) - 192.168.88.2/24 (default network for the Mikrotik- routers).
    The aim is to add an AP, using Mikrotik RouterBoard 951 2HnD - https://i.mt.lv/routerboard/files/rb951G-2HnD-qg-140219101044.pdf and people to be able to authenticate with their AD- credentials, using Radius.
    After doing the above I am having connectivity - IP - 192.168.88.200/24 from my iPhone and I can access the web- interface of the router - 192.168.88.2/24, but I cannot access the management interface of the Mikrotik - 192.168.88.1/24. The embedded link will show you the default settings - https://1drv.ms/f/s!AIl6-DSakWI0gSU. The default gateway my iPhone receives is 192.168.88.1 and DNS - 8.8.8.8. No Internet connectivity either.
    Best Regards,
    Asen



  • If you cannot ping 192.168.88.1/24 from 192.168.88.200/24 then there's something wrong in that broadcast domain.

    I neither know CentOS nor KVM as hypervisor. And I never heard of macvtap before. So I'm outta here.



  • Hi Chris,
    I do not know what happened the last night but now I have access to the AP's management interface as well as from the pfSense WAN and LAN I can successfully ping google.ca but on the end devices connected to the AP, still no internet - when I ping from 192.168.88.0/24 to 172.24.50.0/24, no response.
    I am guessing I need to change some rules and NAT? Do you think you can give a hand with the pfSense tuning?
    Thanks and Best Regards,
    Asen