P2P links with Mikrotik to non-Mikrotik devices

An important issue regarding wireless links between devices from multiple vendors is that layer 2 traffic cannot be be forwarded. This arises from a limitation in the 802.11 protocol which only allows 3 of the 4 mac addresses required to be held in a wireless packet. Most vendors have their own proprietary workaround for this issue, and Mikrotik is no exception to the rule. Connecting a Mikrotik to another Mikrotik will allow you to forward layer 2 traffic without any issues, but connecting a Mikrotik to a Mimosa, for example, will not.

What this means in terms of functionality is that you will not be able to use protocols like DHCP, neighbor discovery, same subnet communication or anything else that relies on layer 2 broadcasting.

In RouterOS, we can solve this problem by using the station-pseudobridge mode in the wireless interface settings. This setting instructs the device to hold a translation table so that once the packets return they can be forwarded through to a single end client. This will allow bridging behavior between the AP and one client, but only one client. Layer 2 communication has no semi-unique identifiers like ports in layer 3 to make these address translations work for multiple clients.

So, for situations where you have a switch behind the client AP and multiple clients rather than just one, the station-pseudobridge setting will no longer work. We have two more options for multiple clients:

• The first option is to use WDS (Wireless Distribution System). This protocol works as a sort of 'mesh', allowing you to connect multiple wireless devices together. This isn't completely related to what we are after, since we're only considering a point to point link between two nodes with multiple clients. The WDS protocol incorporating the 4 mac addresses in its packets so we can bridge the network together and have no issues at all. The downside of WDS is that you will reduce your bandwidth by 50%, since each wireless packet that is received by a device in the WDS configuration will then rebroadcast to all the other devices on the network, kind of like a bridge.
• The second option requires another Mikrotik. So consider the following network: two PC's connected to a switch which connects to a Mikrotik station. The station connects wirelessly to an AP from a different vendor, and finally a Mikrotik router connected to the AP via ethernet. Then, you can remove the wireless interface from the bridge on the station, and create a new subnet to connect the client to the router. This subnet is just there so we can get IP connectivity between the two devices. From here, you can create an EoIP tunnel between the two Mikrotiks. This encapsulates all layer 2 traffic inside IP/layer 3 packets, so once it goes through the wireless interface the original packets 4 mac addresses will stay the same and only the outer layers will be changed. This means that we can put the EoIP tunnel in the bridge on the client and on the router you can bridge the eoip tunnel with the rest of the network and you will have transparent layer 2 communication from the Mikrotik client and the Mikrotik router that you can then forward through to the rest of the network :)

If you do not have an extra Mikrotik device, and agree that WDS is not viable in situations like this, the only option from here is to segregate the networks and use routing. In this case, you could take the wireless interface out of the bridge again and add a DHCP client to the wireless interface. Then, you could add a DHCP server going to the switch so this side of the link has its own internal network. Then, either set a masquerade going out the wireless interface (worst case) or make sure you have a 0.0.0.0/0 route using the IP address of the AP (non-Mikrotik) as the gateway. On top of this you would need to have a route on your main gateway to the subnet you added for the Mikrotik client. 

E.g: