Home Network Update

When I received my new router (a MikroTik Cloud Router Switch CRS109-8G-1S-2HnD-IN), I was surprised and disappointed to find that even though it had two external antennas for wireless receiving and transmitting, the range of the wireless signal was considerably less than that of my previous router (a MikroTik RB751U-2HnD). Despite this, every other function of the router was great, including switching and routing at gigabit speeds (compared to my last router’s Fast Ethernet speeds).

A messy display. The top router is my old router (which I now use as an access point) while the bottom router is my new router.

Because of this, I decided I would re-purpose my old router to be a stand-alone access point (AP) for my network. This would not only increase signal strength but allow me to move my access point away from my other equipment, reducing interference. It would also allow me to position the access point in a location closer to the center of the house to ensure more even coverage.

A satellite image of my house (courtesy of Google Maps) with overlays of the old AP location versus the new AP location.

In order to do this, I first set up a local network on the AP router specifically to use for management in case of an issue with the rest of the network or any other issues. After doing this, I set up a network on my router specifically to use for remote management of the AP from the rest of the network (how I would be managing it most of the time). Since I only needed two host IP addresses (one for the router and one for the AP), I used a /30 network. After this, I enabled remote management and allowed connections through to the AP. Once I verified this was working, I shut down the AP so I could move it to its new location.

The IP address settings for the new /30 network.

Once I finished setting up the AP in its new location, I booted it and was able to connect to its management interface from the admin network. Once I opened the management interface, I created a few new VLANs to allow data to be passed from multiple virtual access points to their respective networks. These VLANs were configured with IDs 50, 51, and 52. Their designated purposes were the main network, the admin network, and the guest network respectively. After creating these VLANs on both the router and AP, I set up trunking between the router and the AP. This ensured that VLAN traffic could be properly transferred and interpreted by both endpoints.

A simplified diagram of the trunking between the router and the access point.

At this point, I had to configure virtual access points that would run on the AP (guest, admin, main). To do this, I disabled connection to the main wireless interface and instead created multiple virtual access points on this interface. I also configured appropriate security profiles using the same information the other router’s wireless configuration had to ensure users could connect without having to change their connection information.

The physical wireless interface and its three virtual access points, which correspond to the three VLANs I set up earlier.

On the AP, I bridged each VLAN to its corresponding virtual access point to ensure data sent and received from the virtual access point was transferred to the proper VLAN back at the router. At this point, the AP and the router could pass VLAN information over the trunk cable from the appropriate virtual access point, but devices would not be able to connect because no networking had been configured at the router.

The three bridge interfaces and the VLANs and virtual APs they join.

Getting networking up and running was a fairly straightforward process, since I had most of the networking configured previously from when I used the router’s built-in wireless interface. All I had to do was move the DHCP servers configured on the router and their corresponding networks to the proper VLAN with the exception of the admin network. In that case, I simply joined the VLAN to the bridge I previously used to join the built in wireless interface and the wired interfaces.

DHCP servers and their interfaces. Note that guest and main are on VLANs while admin is on a bridge due to the fact it spans a VLAN and several physical interfaces.

Once I was finished with that, I tested each wireless network to make sure IPs were being assigned properly and there was internet connectivity. After that, I made a backup of the configuration of both the router and the AP and enabled email alerts on the AP. To get an idea of what my network looks like, see below:

My network. Please note that the AP has three virtual access points, each with its own SSID and each corresponding to a VLAN that is passed over the connection to the router.