This is my config:
\
- RB153 with one wireless card.
- ether1 and ether2 are disabled
- ether3,4,5 are bridged with IP address 192.168.2.30 assigned to the Bridge1 interface.
- WLAN1 is the single wireless card with IP 10.5.50.1/24
- Default route is set to 192.168.2.2
- no NAT is enabled
The bridge interface is connected to a cable modem on the 192.168.2/24 network.
Problem:
My wireless client can connect, gets assigned an IP address of 10.5.50.100 with gateway of 10.5.50.1, subnet mask of 255.255.255.0 . The client can ping the gateway 10.5.50.1 and the bridge interface 192.168.2.30. However, it can’t ping 192.168.2.2 which is the cable modem attached to the bridge interface.
What do I have configured incorrectly?
RouterOS 2.9.40
/ interface ethernet
set ether1 name=“ether1” mtu=1500 mac-address=00:0C:42:0D:06:3B arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default
speed=100Mbps comment=“” disabled=yes
set ether2 name=“ether2” mtu=1500 mac-address=00:0C:42:0D:06:3C arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default
speed=100Mbps comment=“” disabled=yes
set ether3 name=“ether3” mtu=1500 mac-address=00:0C:42:0D:06:3D arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default
speed=100Mbps comment=“” disabled=no
set ether4 name=“ether4” mtu=1500 mac-address=00:0C:42:0D:06:3E arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default
speed=100Mbps comment=“” disabled=no
set ether5 name=“ether5” mtu=1500 mac-address=00:0C:42:0D:06:3F arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default
speed=100Mbps comment=“” disabled=no
/ interface wireless
set wlan1 name=“wlan1” mtu=1500 mac-address=00:80:48:41:50:80 arp=enabled disable-running-check=no
radio-name=“008048415080” mode=ap-bridge ssid=“MikroTik” area=“” frequency-mode=manual-txpower
country=no_country_set antenna-gain=0 frequency=2422 band=2.4ghz-b/g scan-list=default
rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps basic-rates-b=1Mbps
basic-rates-a/g=6Mbps max-station-count=2007 ack-timeout=dynamic tx-power-mode=default
noise-floor-threshold=default periodic-calibration=default periodic-calibration-interval=60
burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none
wds-default-cost=100 wds-cost-range=50-150 wds-ignore-ssid=no update-stats-interval=disabled
default-authentication=yes default-forwarding=yes default-ap-tx-limit=0
default-client-tx-limit=0 proprietary-extensions=post-2.9.25 hide-ssid=no
security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms preamble-mode=both
compression=no allow-sharedkey=no comment=“” disabled=no
/ interface wireless nstreme
set wlan1 enable-nstreme=no enable-polling=yes framer-policy=none framer-limit=3200
/ interface wireless manual-tx-power-table
set wlan1 manual-tx-powers=1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:
17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17
/ interface wireless security-profiles
set default name=“default” mode=static-keys-required authentication-types=“” unicast-ciphers=“”
group-ciphers=“” wpa-pre-shared-key=“” wpa2-pre-shared-key=“” tls-mode=no-certificates
tls-certificate=none static-algo-0=104bit-wep static-key-0=“65432109876543210987654321”
static-algo-1=none static-key-1=“” static-algo-2=none static-key-2=“” static-algo-3=none
static-key-3=“” static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key=“”
radius-mac-authentication=no group-key-update=5m
add name=“Hotspot” mode=none authentication-types=“” unicast-ciphers=“” group-ciphers=“”
wpa-pre-shared-key=“” wpa2-pre-shared-key=“” tls-mode=no-certificates tls-certificate=none
static-algo-0=none static-key-0=“” static-algo-1=none static-key-1=“” static-algo-2=none
static-key-2=“” static-algo-3=none static-key-3=“” static-transmit-key=key-0
static-sta-private-algo=none static-sta-private-key=“” radius-mac-authentication=no
group-key-update=5m
/ interface wireless align
set frame-size=300 active-mode=yes receive-all=no audio-monitor=00:00:00:00:00:00
filter-mac=00:00:00:00:00:00 ssid-all=no frames-per-second=25 audio-min=-100 audio-max=-20
/ interface wireless access-list
add mac-address=00:09:7C:31:87:57 interface=wlan1 authentication=yes forwarding=yes ap-tx-limit=0
client-tx-limit=0 private-algo=none private-key=“” comment=“” disabled=no
/ interface wireless snooper
set multiple-channels=yes channel-time=200ms receive-errors=no
/ interface wireless sniffer
set multiple-channels=no channel-time=200ms only-headers=no receive-errors=no memory-limit=10
file-name=“” file-limit=10 streaming-enabled=no streaming-server=0.0.0.0 streaming-max-rate=0
/ interface l2tp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=pap,chap,mschap1,mschap2
default-profile=default-encryption
/ interface pptp-server server
set enabled=no max-mtu=1460 max-mru=1460 authentication=mschap1,mschap2 keepalive-timeout=30
default-profile=default-encryption
/ interface bridge
add name=“bridge1” mtu=1500 arp=enabled stp=no priority=32768 ageing-time=5m forward-delay=15s
garbage-collection-interval=5s hello-time=2s max-message-age=20s comment=“” disabled=no
/ interface bridge port
add interface=ether3 bridge=bridge1 priority=128 path-cost=10 comment=“” disabled=no
add interface=ether4 bridge=bridge1 priority=128 path-cost=10 comment=“” disabled=no
add interface=ether5 bridge=bridge1 priority=128 path-cost=10 comment=“” disabled=no
/ ip pool
add name=“hs-pool-8” ranges=10.5.50.2-10.5.50.100
/ ip ipsec proposal
add name=“default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m lifebytes=0
pfs-group=modp1024 disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.2 distance=1 scope=255 target-scope=10 comment=“”
disabled=no
/ ip dhcp-client
add interface=ether1 use-peer-dns=yes use-peer-ntp=yes comment=“” disabled=yes
add interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment=“” disabled=yes
/ ip dhcp-server
add name=“dhcp1” interface=wlan1 lease-time=1h address-pool=hs-pool-8 bootp-support=static
authoritative=after-2sec-delay disabled=no
/ ip dhcp-server config
set store-leases-disk=5m
/ ip dhcp-server lease
/ ip dhcp-server network
add address=10.5.50.0/24 gateway=10.5.50.1 netmask=24 comment=“hotspot network”
/ ip hotspot
add name=“hotspot1” interface=wlan1 address-pool=hs-pool-8 profile=hsprof14 idle-timeout=5m
keepalive-timeout=none addresses-per-mac=2 disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=“default” hotspot-address=0.0.0.0 dns-name=“” html-directory=hotspot rate-limit=“”
http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
add name=“hsprof14” hotspot-address=10.5.50.1 dns-name=“mybroadband.com” html-directory=hotspot
rate-limit=“” http-proxy=0.0.0.0:0 smtp-server=0.0.0.0 login-by=cookie,http-chap
http-cookie-lifetime=3d split-user-domain=no use-radius=no
add name=“hsprof15” hotspot-address=10.5.60.1 dns-name=“hs.mybroadband.com”
html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0 smtp-server=0.0.0.0
login-by=cookie,http-chap http-cookie-lifetime=3d split-user-domain=no use-radius=no
/ ip hotspot user
add name=“user1” password=“xxxxxx” profile=default comment=“” disabled=no
add name=“admin” password=“xxxxxx” profile=default comment=“” disabled=no
/ ip hotspot user profile
set default name=“default” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m
shared-users=1 transparent-proxy=yes open-status-page=always advertise=no
/ ip proxy
set enabled=no src-address=0.0.0.0 port=8080 parent-proxy=0.0.0.0:0 cache-administrator=“webmaster”
max-disk-cache-size=none max-ram-cache-size=unlimited cache-only-on-disk=no
maximal-client-connections=1000 maximal-server-connections=1000 max-object-size=4096KiB
max-fresh-time=3d
/ ip proxy access
add dst-port=23-25 action=deny comment=“block telnet & spam e-mail relaying” disabled=no
/ ip accounting
set enabled=no account-local-traffic=no threshold=256
/ ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ ip service
set telnet port=23 address=0.0.0.0/0 disabled=no
set ftp port=21 address=0.0.0.0/0 disabled=no
set www port=80 address=0.0.0.0/0 disabled=no
set ssh port=22 address=0.0.0.0/0 disabled=no
set www-ssl port=443 address=0.0.0.0/0 certificate=none disabled=yes
/ ip upnp
set enabled=no allow-disable-external-interface=yes show-dummy-rule=yes
/ ip arp
/ ip socks
set enabled=no port=1080 connection-idle-timeout=2m max-connections=200
/ ip dns
set primary-dns=192.168.2.2 secondary-dns=0.0.0.0 allow-remote-requests=no cache-size=2048KiB
cache-max-ttl=1w
/ ip traffic-flow
set enabled=no interfaces=all cache-entries=4k active-flow-timeout=30m inactive-flow-timeout=15s
/ ip address
add address=192.168.2.30/24 network=192.168.2.0 broadcast=192.168.2.255 interface=bridge1 comment=“”
disabled=no
add address=10.5.50.1/24 network=10.5.50.0 broadcast=10.5.50.255 interface=wlan1 comment=“”
disabled=no
/ ip neighbor discovery
set ether1 discover=yes
set ether2 discover=yes
set ether3 discover=yes
set ether4 discover=yes
set ether5 discover=yes
set bridge1 discover=yes
set wlan1 discover=yes
/ ip firewall nat
add chain=srcnat src-address=10.0.50.1 action=masquerade comment=“” disabled=yes
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s udp-stream-timeout=3m
icmp-timeout=10s generic-timeout=10m tcp-syncookie=no
/ ip firewall service-port
set ftp ports=21 disabled=no
set tftp ports=69 disabled=no
set irc ports=6667 disabled=no
set h323 disabled=yes
set quake3 disabled=no
set gre disabled=yes
set pptp disabled=yes
/ system ntp server
set enabled=no broadcast=no multicast=no manycast=yes
/ system ntp client
set enabled=no mode=unicast primary-ntp=0.0.0.0 secondary-ntp=0.0.0.0
/ system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet enter-setup-on=any-key
cpu-mode=power-save memory-test=no cpu-frequency=175MHz boot-protocol=bootp
enable-jumper-reset=yes
/ system logging
add topics=info prefix=“” action=memory disabled=no
add topics=error prefix=“” action=memory disabled=no
add topics=warning prefix=“” action=memory disabled=no
add topics=critical prefix=“” action=echo disabled=no
add topics=info prefix=“” action=memory disabled=no
add topics=error prefix=“” action=memory disabled=no
add topics=warning prefix=“” action=memory disabled=no
add topics=critical prefix=“” action=echo disabled=no
/ system logging action
set memory name=“memory” target=memory memory-lines=100 memory-stop-on-full=no
set disk name=“disk” target=disk disk-lines=100 disk-stop-on-full=no
set echo name=“echo” target=echo remember=yes
set remote name=“remote” target=remote remote=0.0.0.0:514
/ system upgrade upgrade-package-source
add address=192.168.2.40 user=“” password=“”
/ system upgrade mirror
set enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 check-interval=1d user=“”
/ system clock manual
set time-zone=+00:00 dst-delta=+00:00 dst-start=“jan/01/1970 00:00:00” dst-end=“jan/01/1970
00:00:00”
/ system watchdog
set reboot-on-failure=yes watch-address=none watchdog-timer=yes no-ping-delay=5m
automatic-supout=yes auto-send-supout=no
/ system console
add port=serial0 term=“” disabled=no
/ system identity
set name=“MikroTik”
/ system note
set show-at-login=yes note=“”
/ port
set serial0 name=“serial0” baud-rate=115200 data-bits=8 parity=none stop-bits=1 flow-control=none
/ ppp profile
set default name=“default” use-compression=default use-vj-compression=default use-encryption=default
only-one=default change-tcp-mss=yes comment=“”
set default-encryption name=“default-encryption” use-compression=default use-vj-compression=default
use-encryption=yes only-one=default change-tcp-mss=yes comment=“”
/ ppp aaa
set use-radius=no accounting=yes interim-update=0s
/ queue type
set default name=“default” kind=pfifo pfifo-limit=50
set ethernet-default name=“ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=“wireless-default” kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name=“synchronous-default” kind=red red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=“hotspot-default” kind=sfq sfq-perturb=5 sfq-allot=1514
add name=“PCQ” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name=“default-small” kind=pfifo pfifo-limit=10
/ queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set bridge1 queue=default
set wlan1 queue=wireless-default
/ queue tree
add name=“queue1” parent=global-in packet-mark=“” limit-at=0 queue=PCQ priority=8 max-limit=0
burst-limit=0 burst-threshold=0 burst-time=0s disabled=no
/ tool user-manager customer
add subscriber=admin login=“admin” password=“” time-zone=+00:00 permissions=owner parent=admin
comment=“” disabled=no
add subscriber=mikrotik login=“mikrotik” password=“” time-zone=+00:00 permissions=owner
parent=mikrotik comment=“” disabled=no
/ tool user-manager user
add subscriber=admin name=“joe” password=“xxxxxx” comment=“” disabled=no
add subscriber=admin name=“00:09:7C:31:xx:xx” password=“xxxxxx” ip-address=10.5.50.253 comment=“”
disabled=no
/ tool user-manager router
add subscriber=admin name=“admin” ip-address=192.168.2.30 shared-secret=“xxxxxx”
log=auth-ok,auth-fail,acct-fail comment=“” disabled=no
/ tool bandwidth-server
set enabled=yes authenticate=yes allocate-udp-ports-from=2000 max-sessions=10
/ tool mac-server ping
set enabled=yes
/ tool e-mail
set server=0.0.0.0 from=“<>”
/ tool sniffer
set interface=ether2 only-headers=no memory-limit=100 file-name=“” file-limit=100
streaming-enabled=no streaming-server=0.0.0.0 filter-stream=yes filter-protocol=all-frames
filter-address1=0.0.0.0/0:0-65535 filter-address2=0.0.0.0/0:0-65535
/ tool graphing
set store-every=5min
/ user
add name=“admin” group=full address=0.0.0.0/0 comment=“system default user” disabled=no
/ user group
add name=“read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,!ftp,!write,!policy
add name=“write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,!ftp,!policy
add name=“full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web
/ user aaa
set use-radius=no accounting=yes interim-update=0s default-group=read
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=no redistribute-static=no
redistribute-rip=no redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20
metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none
disabled=no
/ routing bgp instance
set default name=“default” as=1 router-id=0.0.0.0 redistribute-connected=no redistribute-static=no
redistribute-rip=no redistribute-ospf=no redistribute-other-bgp=no out-filter=“”
client-to-client-reflection=yes ignore-as-path-len=no comment=“” disabled=yes
/ routing rip
set distribute-default=never redistribute-static=no redistribute-connected=no redistribute-ospf=no
redistribute-bgp=no metric-default=1 metric-static=1 metric-connected=1 metric-ospf=1
metric-bgp=1 update-timer=30s timeout-timer=3m garbage-timer=2m
/ routing rip interface
add interface=all receive=v2 send=v2 authentication=none authentication-key=“” key-chain=“”
in-filter=“” out-filter=“” disabled=yes
/ radius
add service=wireless called-id=“” domain=“” address=192.168.2.30 secret=“xxxxxx”
authentication-port=1812 accounting-port=1813 timeout=300ms accounting-backup=no realm=“”
comment=“” disabled=no
/ radius incoming
set accept=yes port=1700
/ snmp
set enabled=yes contact=“” location=“”
/ snmp community
set public name=“public” address=0.0.0.0/0 read-access=yes
[admin@MikroTik] >
You are right. Not sure what I was thinking. The NATing on the outgoing interface (birdge) which is on the same subset as the cable modem perplexed me a bit as the bridgeinterface didn’t need any NAT. I went ahead and configured it and all is working OK. Thanks for the help. 