Mikrotik routers are great for people who understand networking and want to be able to tweak lots of details (I don’t claim to understand networking very well, but I do like tinkering with networks and services). They are inexpensive and can handle home office needs with ease. Also, a rare case of devices that are not made in China — they are made in Lithuania!

I have an hAP ac3 as the home router, however there are farther locations where the WiFi connectivity is unstable. I thought of setting up a WiFi repeater to move it closer to that faraway place. I wanted to connect the repeater with the router via WiFi due to some difficulties with laying an Ethernet cable between them (yes, a cable would better anyway). My pick is an mAP Lite WiFi router — a tiny, light device.

There is a short section on the wiki describing a command to setup a wireless repeater, but without much explanation or context: https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#Repeater. I’ll describe my pitfalls and my correct setup.

First try

I tried the repeater command after some other tests. In that case I think I setup a DHCP client on wlan1 to connect to the main network, removed it from the bridge (to separate that network from admin’s LAN), ran the repeater setup — and got a network with an IP in the default network 192.168.88.0/24 and not working internet. I fixed that by changing the WAN interface list to wlan1 (from the default ether1) — so that the default srcnat firewall rule works. This is not what I wanted since I would need to also configure NAT and firewall rules on the repeater as well.

The setup is: wlan1 is used to connect to the main AP and a virtual wlan2 (on top of wlan1) is a repeater AP. In this case there was a (Layer 3) router between them. Basically I needed a (Layer 2) switch, or bridge, between them. Is it possible to do that with WiFi? It took me some time to figure out that it is possible: you connect to an AP but don’t get an IP address from its DHCP server. So I turned off the DHCP client on wlan1 and added both wlan1 and wlan2 to a new bridge — now it worked.

It’s all cumbersome here because I didn’t record my steps, so instead I’ll describe how to setup such a repeater after a configuration reset (it’s easier than after messing up with the config for a while).

With clean configuration

Reset configuration.

After that I connected to its default WiFi, and winbox’d to 192.168.88.1. First, I’d like to have the single Ethernet port for winbox access:

1
2
3

/system/identity/set name=repeater
/ip/dhcp-client/disable ether1
/interface/bridge/port/add interface=ether1 bridge=bridge

This also sets a different name for the device. Then I setup the WiFi repeater using the command on the wiki and also set my country so that the device uses the locally allowed radio frequencies:

1
2

/interface/wireless/setup-repeater wlan1 address=xx:xx:xx:xx:xx:xx ssid=home passphrase=foo
/interface/wireless/set wlan1 country=ukraine

Finally I change the repeater’s SSID for easier testing, it’s much easier to know which AP I’m connected to (revert it later):

1

/interface/wireless/set wlan2 ssid=home_ext

This was very easy. It’s interesting that this did not setup an extra DHCP client or server on the wlan interfaces meaning my initial confusion with the router vs bridge was of my own cause.

Separate bridge

However one more step left. I noticed that both wlan interfaces were in the default bridge; that doesn’t look good because the bridge has a DHCP server (for local winbox access) and I don’t need that for the AP:

1
2
3
4
5
6
7
8
9
10

/interface/bridge/port/print
Flags: I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON
#    INTERFACE  BRIDGE  HW   PVID  PRIORITY  PATH-COST  INTERNAL-PATH-COST  HORIZON
;;; defconf
0 IH pwr-line1  bridge  yes     1  0x80             10                  10  none
;;; defconf
1    wlan1      bridge          1  0x80             10                  10  none
2  H ether1     bridge  yes     1  0x80             10                  10  none
3    wlan2      bridge          1  0x80             10                  10  none

Both wlans need to be in the same bridge (so that they share the same broadcast domain and connecting a client to the repeater will be the same as if it was connected to the main router), but in a separate one, which I’ll create:

1
2
3
4

/interface/bridge/port/disable numbers=1,3
/interface/bridge/add name=repeater-bridge
/interface/bridge/port/add bridge=repeater-bridge interface=wlan1
/interface/bridge/port/add bridge=repeater-bridge interface=wlan2

The wireless registration table on the repeater confirms that two clients are connected to its WiFi:

1
2
3
4
5
6

/interface/wireless/registration-table/print
Columns: INTERFACE, RADIO-NAME, MAC-ADDRESS, AP, SIGNAL-STRENGTH, TX-RATE, UPTIME
#  INTERFACE  RADIO-NAME  MAC-ADDRESS        AP   SIGNAL-STRENGTH  TX-RATE                 UPTIME
0  wlan1      homeap      AA:BB:CC:34:56:78  yes  -47dBm@1Mbps     300Mbps-40MHz/2S/SGI    48s
1  wlan2                  BB:CC:DD:12:34:56  no   -28dBm@24Mbps    144.4Mbps-20MHz/2S/SGI  48s
2  wlan2                  BB:CC:DD:23:45:67  no   -36dBm@1Mbps     144.4Mbps-20MHz/2S/SGI  48s

It’s interesting that the main router’s “Wireless > Registration table” shows changing “Last IP” for the repeater’s MAC Address depending on which device used the network latest. However its “DHCP Server > Leases” displays correct leases for both devices connected to the repeater, so that works great.

The end

Note: in this setup, there is no WiFi connectivity for the repeater itself because it acts as a Layer 2 switch (a bridge) between two wireless interfaces and there is no IP address for it (at Layer 3). As a consequence, it doesn’t know the correct time if you turn it on occasionally (no NTP).

An alternative is to use CAPsMAN, which should also provide better seamless roaming between the APs, but I haven’t tested roaming in my setup much. I’ve never setup CAPsMAN, so I did want to waste time on changing the wireless setup and it’s probably an overkill for my use case.