Hi Butch,

It was my understanding that using Mikrotik, EoIP, WDS and RSTP you could
achieve a similar thing with only 1-2 ping drops per handoff between AP's at
least that's what is being claimed by some on the MK forum. We are just
about to test such a setup to facilitate a roaming VoIP solution so 5-7 ping
failures is going to be too noticeable.



-----Original Message-----
Behalf Of Butch Evans
Sent: 04 September 2006 03:58
To: Equipment List
Cc: Arnis Riekstins; Part-15 Mikrotik List; WISP List; Wispa List
Subject: [WISPA] Bragging on Mikrotik

I want to take this opportunity to share with these lists some 
things that we have recently done with a Mikrotik RouterOS based 
network.  This may seem to some like "blatant advertising", but it 
is certainly not intended to be that.

Many of you have looked for a solution that will let you do some of 
the things that we now have working (testing is still underway) 
using pure Mikrotik network.  The network is a 13 AP network 
(2.4GHz) that covers an entire city.  There are a few small areas 
that do not currently have coverage, but these can be filled in 
easily as they are identified.  The network was built by a small 
city in eastern OK (I won't go into detail here). The intent of the 
network was to provide for first responders with access to the 
internet as well as city resources.  In addition to this, the city 
wanted to make the network available for internet access to the 
general public (I don't know the details, but my understanding is 
that local ISPs will handle this part).

Obviously, we needed to make certain that the police, fire and EMS 
units had security from the rest of the network.  We are handling 
this in several ways.  Mikrotik has the ability to create what are 
called virtual APs (a virtual AP is a second AP, with the ability to 
use distinct access-lists as well as distinct security profiles from 
the physical radio card).  That is to say, that the virtual AP 
"acts" like a second radio card but is, in reality, using only one 
physical radio card.  At any rate, this virtual AP is being used for 
the city's network, while the other ISPs will be using their own 
virtual AP to provide their internet service.

The police, fire and ambulance vehicles will be equipped with their 
own Mikrotik Routerboard with some very interesting capabilities. 
Due to the size of the network, and the need to allow for separation 
of services, we decided to route the entire network.  Allowing 
seamless mobility in this environment presents several unique 
challenges.  First, we must allow the CPE device to connect to 
several APs, insure they do not connect to unknown APs AND make sure 
that we know the IP information as the device moves throughout the 

There are many ways we could have used to accomplish all of this 
(the Mikrotik is just that flexible).  We ended up with the 
following solution, which allows the mobile unit to seamlessly move 
through the network, AND will connect to the strongest AP (it checks 
every 15 seconds).  Mikrotik's scripting host was invaluable in this 
solution.  The script checks the signal level of the currently 
active radio (there is a 2.4GHz AND a 900MHz radio in each CPE) and 
(if it is below acceptable levels), it will search for the strongest 
AP (on either radio), connect to that AP, then proceed to 
reconfigure the CPE so that it works on the network.  Finally, the 
IPSEC tunnel (which is not implemented, yet) will be established and 
normal communications for the IP cams, laptop or whatever other 
equipment is located in the vehicle will resume.

Our initial testing showed that the we could drive through town 
pinging the city hall's server and not drop more than 5-7 pings each 
time we switched APs.  Testing will continue throughout the upcoming 
week and it is likely that we will have to tweak our configuration 

NOW, before some of you start pounding me for being part of a "muni 
wifi network" solution, let me ease your mind.  The city owns this 
network, and they are allowing for access to the internet, but the 
city will not be selling the access (at least that is my 
understanding).  I don't want to argue this point anyway.  It will 
fall on deaf ears if any of you start it anyway.  :-)

I am not at liberty to provide much detail about the network at this 
time, but I wanted to share this much, as this is an exciting option 
that many of you may have searched for.  I just wanted to let you 

Butch Evans
Network Engineering and Security Consulting
Mikrotik Certified Consultant
WISPA Wireless List: wireless@wispa.org


Archives: http://lists.wispa.org/pipermail/wireless/

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.7/436 - Release Date: 01/09/2006

No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.7/438 - Release Date: 05/09/2006

WISPA Wireless List: wireless@wispa.org


Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to