Passing switched IPTV through a MikroTik access point (running RouterOS)

Question

My ISP delivers IPTV over a dedicated VLAN on the WAN line. In the simplest setup (as used by the provider-supplied router), that VLAN on the external interface is just terminated and bridged through to some of the internal Ethernet interfaces – the IPTV network is entirely switched and the router doesn’t do any actual routing on that network (it doesn’t even have an IP address bound to that network).

Since running a wire from the router to my TV is difficult, I have a pair of wifi bridges. One connects to the IPTV port on the router, the other to the set-top box. Both have identical hardware, one being configured as the access point, the other one as the client, paired via WPS Push Button Connect.

So the “old” setup now is:

ISP ----- Router ----- WiFi bridge 1 · · · WiFi bridge 2 ----- IPTV receiver
                \
                 ----- Switch ----- AP (old) · · · Smartphone
                             \
                               ----- PC
----- LAN link    ===== LAN trunk link    · · · WiFi link

The router is my own, configured from scratch. This took some experimentation, see Configuring pfSense for IPTV delivered via separate VLAN on WAN link. So far this setup has worked.

Now I would like to set up a MikroTik access point (RouterOS-based) that can serve multiple wifis and will also replace the router-side wifi bridge. I have reconfigured the router interface for the wifi bridge as a trunk interface, with my home LAN and the IPTV network on different VLANs, and also set up the first Ethernet interface on the MikroTik AP in the same way. On the wireless side I have two virtual wifis configured, each bridged to the respective VLAN. I then associated the receiver-side wifi bridge with the IPTV SSID on the new AP.

So the “new” setup is:

ISP ----- Router ===== MikroTik AP · · · WiFi bridge 2 ----- IPTV receiver
                \                    ·
                 ----- Switch        · · Smartphone
                             \
                               ----- PC
----- LAN link    ===== LAN trunk link    · · · WiFi link

I can use the home LAN wifi with my PC and smartphone, but the IPTV receiver doesn’t pick up any TV streams. A packet capture on the MikroTik’s IPTV wifi interface show some traffic that is clearly IPTV traffic from the ISP (such as IGMP membership queries), so at least I know I am connected to the right network.

From my experience with the router I suspect the MikroTik AP may be causing similar problems, discarding certain packets as invalid rather than forwarding them, although the packets in question are needed for IP multicasts to work.

The bridge interface has some options related to IGMP, but I don’t know if they’re relevant or how to configure them so that everything goes through. Does anyone have an idea?

Answer 1

TL;DR

Due to technical limitations of the 802.11 standard, there is no vendor-neutral way to do transparent L2 bridging. Attempts to do transparent L2 bridging between two wifi devices from different vendors will usually not work. Details see here.

Step by Step

I ran a few tests to find out more:

First, I ran a packet capture on the AP and the router while powering up the AP and saved both.

For further tests I moved the IPTV receiver to the router and AP.

First, I reverted to the old setup on the router and plugged the IPTV receiver directly into the IPTV port of the router. I started a packet capture on that interface , then powered up the IPTV receiver.

There is a DHCP cycle (discover/offer/request/ack), after which the receiver immediately sends an IGMP2 Membership Group report, registering for a multicast group. This is followed immediately by lots of incoming multicast traffic.

In comparison, the packet capture taken over the wifi bridge and MikroTik AP (intended setup) looks different:

• messages from the receiver show the MAC address of the wifi bridge, not that of the receiver
• DHCP messages show the receiver address as the client IP address, so the wifi bridge is acting as a DHCP relay
• the DHCP discover/offer pair repeats several times until a request is seen
• the DHCP ack goes 255.255.255, not the newly assigned IP
• the DHCP request/ack pair also repeats several times
• the IPTV receiver never communicates with the IP address it was assigned

Next I reconfigured the MikroTik AP, adding the (unused) second Ethernet interface to the IPTV bridge. I reverted the router to the VLAN trunk setup, and connected the IPTV receiver to the second Ethernet interface of the AP. Here, the receiver was able to connect.

Finally, I tried to use an Asus RP-N12 access point/repeater, configured as a media bridge. Here, nothing showed up in the packet capture, even though the RP-N12 was connected to the AP as a station.

Conclusion

The MikroTik AP is configured correctly to forward all IPTV traffic, as can be seen when adding the second Ethernet interface to the IPTV bridge and connecting the IPTV receiver directly via Ethernet.

However, MikroTik’s wifi AP implementation is not compatible with the bridging standard used by the VAP 2400.

Options are:

• replace the receiver-side VAP 2400 with a MikroTik device which supports bridging and uses the same standard as the AP
• add a another interface to the router which serves IPTV on the native VLAN and plug the VAP access point in there
• get a VLAN switch and insert it between the router and the MikroTik AP (both interfaces configured as trunk), and connect the VAP 2400 access point to a third port which is on the IPTV VLAN.

I decided that the last option is the easiest one, and got a five-port switch with VLAN and PoE injection (also by MikroTik, for around € 50). I still need a VAP2400 on either end of the IPTV link, but since the switch supplies PoE, I no longer need a separate AC adapter and POE injector for the AP.