CCR1036-8G-2S+ all pppoe disconect every 3-4 days

lodilodilodi · February 17, 2022, 3:00pm

I have a CCR1036-8G-2S+ 500pppoe clients , no bridge configuration on it , but every 3-4 days all pppoe get disconnected . Traffic 800-900mbps

Zacharias · February 17, 2022, 5:55pm

All at the same time ?
So your CCR acts as a PPPoE server ?

lodilodilodi · February 17, 2022, 7:18pm

Yes all at the same time .

and then reconnect in 3-5 min . and crazy think is dosn’t do always on peak hours , yesterday was done on 07:30AM bot most of the time 19:00-23:00 pm

Zacharias · February 17, 2022, 7:26pm

Anything in the Log ?
Did you try enabling debug && PPPoE in the logs to see if you get any information ?
Or maybe it would be best if you monitored your router with an SNMP Software and collect valuable info such as CPU, Memory utilization etc. so that you can see the Router’s status at the time the problem appears…

lodilodilodi · February 17, 2022, 7:36pm

i have enable cpu graphing but nothing show there …

i have add log with 10 000 lines and no error show there just x pppoe disconnected for all pppoe clients than connected

How to debug the pppoe please ?

Zacharias · February 18, 2022, 4:56pm

My suggestion is an external SNMP monitor…

It is better to use a remote syslog server to collect your logs…

system logging add topics=pppoe,debug action=remote

lodilodilodi · February 18, 2022, 7:52pm

pppoe get disconnected right now again …

nothing show on log , just hang up /disconnected and then connected again …

chechito · February 19, 2022, 4:29pm

make an export of your configuration, then remove any private info on it and share it with us to try an assessment

lodilodilodi · February 19, 2022, 6:02pm

CODE

chechito · February 19, 2022, 8:18pm

i see a possible Layer 2 misconfiguration case like those documented by MikroTik:

follow recommended configuration guidelines on following articles

https://help.mikrotik.com/docs/display/ROS/Layer2+misconfiguration#Layer2misconfiguration-VLANinabridgewithaphysicalinterface

https://help.mikrotik.com/docs/display/ROS/Layer2+misconfiguration#Layer2misconfiguration-BridgedVLAN

Since v6.41 this kind of bridge configuration is no longer valid

First of all Disable STP, RSTP on bridge interface, that can help a little with some flapping

is very important to reconfigure your VLAN and bridge using bridge VLAN filtering

ingdaka · February 19, 2022, 10:53pm

# feb/18/2022 21:01:09 by RouterOS 6.49.3
# software id = JTTU-4HZJ
#
# model = CCR1036-8G-2S+
# serial number = D8370D266F46
/interface bridge
add name=BRV724
/interface ethernet
set [ find default-name=ether1 ] comment=TV speed=100Mbps
set [ find default-name=ether2 ] comment=DLINK speed=100Mbps
set [ find default-name=ether3 ] disabled=yes speed=100Mbps
set [ find default-name=ether4 ] disabled=yes speed=100Mbps
set [ find default-name=ether5 ] comment=zyra speed=100Mbps
set [ find default-name=ether6 ] disabled=yes speed=100Mbps
set [ find default-name=ether7 ] disabled=yes speed=100Mbps
set [ find default-name=ether8 ] comment="k"
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=WAN \
    mac-address=B8:69:F4:BA:0F:B7 speed=1Gbps
set [ find default-name=sfp-sfpplus2 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full \
    comment=OLT
/interface vlan
add interface=sfp-sfpplus2 name=V2 vlan-id=2
add interface=sfp-sfpplus1 name=V724 vlan-id=724
add interface=sfp-sfpplus2 name=V724-OLT vlan-id=724
/interface list
add name=wan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pppoe-expired ranges=172.16.172.1-172.16.172.254
add name=pppoe-mikrotik ranges=10.2.2.2-10.2.2.254
add name=dhcp_pool8 ranges=192.168.50.10-192.168.50.254
add name=vpn ranges=10.254.10.2-10.254.10.254
add name=pppoe-tv ranges=10.100.101.1-10.100.101.254
add name=pppoe-net ranges=\
    10.1.0.1-10.1.0.254,10.1.1.1-10.1.1.254,10.1.2.1-10.1.2.254
add name=dhcp_pool14 ranges=192.168.99.2-192.168.99.254
/ip dhcp-server
add address-pool=dhcp_pool8 disabled=no interface=ether5 name=dhcp1
add address-pool=dhcp_pool14 disabled=no interface=ether1 name=dhcp2

    pppoe-mikrotik
/queue simple
add max-limit=10M/20M name=queue4pl target=192.192.1.2/32
/snmp community
set [ find default=yes ] addresses=192.168.50.0/24
/system logging action
set 0 memory-lines=10000
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=BRV724 interface=V724
add bridge=BRV724 interface=V724-OLT
/ip neighbor discovery-settings
set discover-interface-list=!wan
/interface detect-internet
set wan-interface-list=wan
/interface l2tp-server server
set default-profile=vpn enabled=yes ipsec-secret=user123456 use-ipsec=\
    required
/interface list member
add interface=sfp-sfpplus1 list=wan
/interface pppoe-server server
add disabled=no interface=ether2 keepalive-timeout=30 service-name=ether2
add interface=ether4 keepalive-timeout=60 one-session-per-host=yes \
    service-name=service3
add disabled=no interface=ether8 keepalive-timeout=30 service-name=\
    "ether8-kulla "
add disabled=no interface=sfp-sfpplus2 keepalive-timeout=30 service-name=\
    service2
add disabled=no interface=V2 keepalive-timeout=30 service-name=Vlan2
/ip address
add address=192.168.4.1/24 comment="kulla " interface=ether8 network=\
    192.168.4.0
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0
add address=192.168.5.1/24 interface=V2 network=192.168.5.0
add address=192.168.50.1/24 interface=ether5 network=192.168.50.0
add address=192.168.8.1/24 interface=ether2 network=192.168.8.0
add address=10.10.10.1/30 interface=ether2 network=10.10.10.0
add address=192.168.3.1/24 interface=ether2 network=192.168.3.0
add address=192.168.99.1/24 interface=ether1 network=192.168.99.0
add address=(public IP).145.4/29 interface=sfp-sfpplus1 network=(public IP).145.0
add address=192.168.74.1/24 interface=sfp-sfpplus2 network=192.168.74.0
add address=(public IP).145.196 interface=sfp-sfpplus1 network=(public IP).145.196
add address=192.192.1.1/24 interface=sfp-sfpplus2 network=192.192.1.0
/ip arp
add address=10.13.37.254 comment="degert " interface=ether4 mac-address=\
    74:4D:28:4E:D8:EB
/ip dhcp-client
add disabled=no interface=ether8
/ip dhcp-server lease
add address=192.168.99.2 client-id=\
    ff:b6:22:f:eb:0:2:0:0:ab:11:dc:32:3e:5e:6b:95:a4:76 mac-address=\
    00:23:24:A6:90:FF server=dhcp2
/ip dhcp-server network
add address=192.168.50.0/24 gateway=192.168.50.1
add address=192.168.99.0/24 gateway=192.168.99.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=2h cache-size=20048KiB servers=\
    (public IP).145.4,8.8.8.8
/ip dns static
add address=192.168.77.2 name=pup.mine.nu ttl=30m
/ip firewall address-list
add address=(public IP).145.0/24 list=tt
add address=(public IP).146.0/23 list=tt
add address=192.168.77.2 list=prxy
add address=(public IP).145.40 list=prxy
add address=192.168.99.2 list=ts
add address=(public IP).146.71 list=ts
add address=(public IP).147.109 list=ts
add address=(public IP).144.10 list=ts
add address=(public IP).147.91 list=ts
add address=(public IP).146.1 list=ts
add address=(public IP).145.66 list=ts
add address=(public ip).32.0/20 list=145
add address=(public ip).64.0/20 list=145
add address=(public ip).172.0/22 list=145
add address=(public ip).0.0/21 list=145
add address=(public ip).128.0/20 list=145
add address=(public ip).48.0/21 list=145
add address=(public ip).96.0/20 list=145
add address=(public ip).32.0/22 list=145
add address=(public IP).146.0/24 list=145
add address=(public ip).76.121 list=145
add address=(public IP).146.71 list=tt
add address=(public IP).144.8 list=tt
add address=(public IP).147.109 list=tt
/ip firewall filter
add action=drop chain=forward comment="porte qe perdoret vetem nga viruset()" \
    dst-port=445 protocol=tcp
add action=drop chain=forward comment="porte qe perdoret vetem nga viruset()" \
    dst-port=135,137-139,27374,1080,3127-3128 protocol=tcp
add action=drop chain=forward comment="porte qe perdoret vetem nga viruset()" \
    dst-port=135,137-139,69,514,161-162,6660-6669 protocol=tcp
add action=drop chain=forward comment="()" dst-port=22,2222 in-interface=\
    sfp-sfpplus1 protocol=tcp src-address=!(public IP).144.0/22
add action=drop chain=forward comment="()" dst-port=21-25 out-interface=\
    sfp-sfpplus1 protocol=tcp
add action=drop chain=input comment="()" dst-port=8000 in-interface=\
    sfp-sfpplus1 protocol=tcp
add action=drop chain=input comment="()" dst-port=53 in-interface=\
    sfp-sfpplus1 protocol=udp
add action=drop chain=input comment="()" dst-port=53 in-interface=\
    sfp-sfpplus1 protocol=tcp
add action=drop chain=input comment=\
    "mos e fshi, ndal abuzimin me web proxy nga bota()" dst-port=8080 \
    in-interface=sfp-sfpplus1 protocol=tcp
add action=accept chain=forward comment="()" dst-address=(public IP).145.17
add action=fasttrack-connection chain=forward comment="tv " \
    src-address-list=ts
add action=fasttrack-connection chain=forward comment="tv " \
    dst-address-list=ts
add action=drop chain=forward comment="drop kliente" out-interface=\
    sfp-sfpplus1 src-address=172.16.172.0/24
add action=drop chain=forward comment="jo internet per antenat()" \
    out-interface=sfp-sfpplus1 src-address=192.168.3.0/24
add action=drop chain=forward comment="kliente" dst-address-list=ts \
    log=yes src-address=10.0.0.0-10.1.2.255
add action=fasttrack-connection chain=forward dst-port=53 protocol=tcp
add action=fasttrack-connection chain=forward dst-port=53 protocol=udp
/ip firewall nat
add action=src-nat chain=srcnat out-interface=ether1 to-addresses=\
    192.168.99.1
add action=src-nat chain=srcnat comment="nat 2" dst-address=(public IP).144.0/22 \
    out-interface=sfp-sfpplus1 to-addresses=(public IP).145.72/29
add action=src-nat chain=srcnat comment="nat 2" out-interface=sfp-sfpplus1 \
    src-address=10.0.0.0/8 to-addresses=(public IP).145.72/29
add action=src-nat chain=srcnat comment="nat 2" out-interface=sfp-sfpplus1 \
    src-address=192.168.0.0/16 to-addresses=(public IP).145.72/29
add action=src-nat chain=srcnat comment="nat 2" out-interface=sfp-sfpplus1 \
    src-address=172.16.0.0/12 to-addresses=(public IP).145.72/29
add action=src-nat chain=srcnat comment="nat 2" out-interface=sfp-sfpplus1 \
    src-address=192.192.1.0/24 to-addresses=(public IP).145.72/29
add action=dst-nat chain=dstnat comment="kalim" dst-address=\
    (public Ip).116.250 dst-port=3000,25461 protocol=tcp to-addresses=\
    (public IP).146.72 to-ports=8000
add action=dst-nat chain=dstnat dst-address=(public IP).145.4 dst-port=25461 \
    protocol=tcp src-address-list=tt to-addresses=192.168.99.2 to-ports=25461
add action=dst-nat chain=dstnat comment=vps dst-address=(public IP).145.4 \
    dst-port=3389 protocol=tcp to-addresses=192.168.50.3 to-ports=3389
add action=dst-nat chain=dstnat comment=vps dst-address=(public IP).145.4 \
    dst-port=86 protocol=tcp to-addresses=192.168.50.3 to-ports=85
add action=dst-nat chain=dstnat dst-address=(public IP).145.4 dst-port=4033 \
    protocol=tcp src-address-list=tt to-addresses=192.168.99.2 to-ports=4033
add action=redirect chain=dstnat dst-address-list=prxy dst-port=85 protocol=\
    tcp to-ports=8080
add action=dst-nat chain=dstnat comment=Kamera. dst-address=(public IP).145.4 \
    dst-port=34568 protocol=tcp to-addresses=192.168.50.29 to-ports=34567
add action=dst-nat chain=dstnat comment="The Dude" dst-address=(public IP).145.4 \
    dst-port=81 protocol=tcp to-addresses=192.168.50.3 to-ports=81
add action=dst-nat chain=dstnat comment="user" dst-address=\
    (public IP).145.4 dst-port=8099 protocol=tcp to-addresses=10.200.200.2 \
    to-ports=8000
add action=dst-nat chain=dstnat comment="user" dst-address=\
    (public IP).145.4 dst-port=8014 protocol=tcp to-addresses=10.200.200.14 \
    to-ports=8014
add action=dst-nat chain=dstnat comment="user" dst-address=\
    (public IP).145.4 dst-port=37777 protocol=tcp to-addresses=10.200.200.3 \
    to-ports=37777
add action=dst-nat chain=dstnat comment="user" dst-address=\
    (public IP).145.4 dst-port=8001 protocol=tcp to-addresses=10.200.200.4 \
    to-ports=8001
add action=dst-nat chain=dstnat comment="user " dst-address=\
    (public IP).145.4 dst-port=8009 protocol=tcp to-addresses=10.200.200.5 \
    to-ports=8009
add action=dst-nat chain=dstnat comment="user" \
    dst-address=(public IP).145.4 dst-port=8007 protocol=tcp to-addresses=\
    10.200.200.7 to-ports=8000
add action=dst-nat chain=dstnat comment="user" dst-address=\
    (public IP).145.4 dst-port=8008 protocol=tcp to-addresses=10.200.200.8 \
    to-ports=8008
add action=dst-nat chain=dstnat comment="user" dst-address=\
    (public IP).145.4 dst-port=8006 protocol=tcp to-addresses=10.200.200.10 \
    to-ports=8000
add action=dst-nat chain=dstnat comment="user" dst-address=(public IP).145.4 \
    dst-port=8012 protocol=tcp to-addresses=10.200.200.12 to-ports=8012
add action=dst-nat chain=dstnat comment="user" dst-address=(public IP).145.4 \
    dst-port=82 protocol=tcp to-addresses=192.168.8.100 to-ports=80
add action=dst-nat chain=dstnat comment="user" dst-address=(public IP).145.4 \
    dst-port=443 protocol=tcp to-addresses=192.168.8.100 to-ports=443
add action=masquerade chain=srcnat dst-address=192.168.8.100
add action=dst-nat chain=dstnat comment="user" \
    dst-address=(public IP).145.4 dst-port=8081 protocol=tcp to-addresses=\
    10.200.200.13 to-ports=8081
/ip proxy
set enabled=yes
/ip proxy access
add action=deny dst-address=(public IP).145.40 dst-port=85 path=/digi/c/ \
    redirect-to=xtv.anondns.net:8000/c/
add action=deny dst-address=192.168.77.2 dst-port=85 redirect-to=\
    xtv.anondns.net:8000/c/
/ip route
add distance=1 gateway=(public IP).145.6
add distance=1 dst-address=(public IP).144.1/32 gateway=(public IP).145.6 scope=10
add distance=1 dst-address=(public IP).145.72/29 type=blackhole
add check-gateway=ping distance=1 dst-address=192.168.77.2/32 gateway=\
    (public IP).145.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=34
set ssh disabled=yes
set api disabled=yes
set winbox port=32
set api-ssl disabled=yes
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/lcd
set time-interval=hour
/ppp aaa
set interim-update=9m use-radius=yes
/ppp l2tp-secret
add address=30.0.0.0/24 secret=user321

/radius
add address=(Public IP).76.121 comment=ndize secret=user1 service=ppp src-address=\
    (public IP).145.4 timeout=3s
add address=144.91.76.121 comment=ndize secret=user1 service=ppp src-address=\
    (public IP).144.231 timeout=3s
/radius incoming
set accept=yes port=1700
/snmp
set contact=user location=tr trap-generators=interfaces trap-interfaces=\
    all
/system clock
set time-zone-name=Europe/Tirane
/system identity
set name=BOX
/system resource irq rps
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
/system scheduler
add interval=30m name=schedule1 on-event=\
    "/ip firewall filter remove [find action=jump]" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=feb/18/2021 start-time=18:05:39
add interval=14w2d name=schedule2 on-event="/system reboot\r\
    \n" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=feb/25/2021 start-time=05:00:00
/tool graphing interface
add allow-address=192.168.50.0/24 interface=sfp-sfpplus1
add allow-address=192.168.50.0/24 interface=ether1

If someone can help me i can give access with teamviwer or anydesk … lodi.artimg@gmail.com , thank you .

1st of all export should be done without password. Do we need to say thank you for giving us your L2TP Preshared Key…

lodilodilodi · February 20, 2022, 4:06pm

thank you i test it , lets hope it will work .

lodilodilodi · February 20, 2022, 4:07pm

Thank you , they are not real i randomly edited them before posting

chechito · February 20, 2022, 4:11pm

ok, please confirm if that resolves the issue or not

lodilodilodi · February 23, 2022, 8:49pm

they just disconnected right now , i have submit ticket to mikrotik support 6 days now no response from them , i am thinking its hardware problem ..

chechito · February 23, 2022, 9:05pm

i suppose you have double checked access network and any other network element, passive or active between the CCR and PPPoE Client

i have many scenarios with CCR and many PPPoE Clientes working ok in a variety of scenarios:
Bras PPPoE + connection tracking off + fast-path mode
Bras PPPoE + connection tracking on + NAT + Fast-track mode
Bras PPPoE + connection tracking on + simple queues
Bras PPPoE + connection tracking on + simple queues + QoS per customer
Bras PPPoE + connection tracking on + simple queues + QoS per customer + NAT

I find very difficult faulty router having this kind of failure without leaving a trace of some problem on it or other equipment or totally crashing

at the same time not leaving a trace on other equipment

i think you need more monitoring on the rest of the network to prove is a CCR problem

maybe you are chasing the simptom, without knowing or finding the root cause of the problem, this is very common in PPPoE scenarios

lodilodilodi · February 23, 2022, 9:20pm

they just disconnected right now , i have submit ticket to mikrotik support 6 days now no response from them , i am thinking its hardware problem ..

i suppose you have double checked access network and any other network element, passive or active between the CCR and PPPoE Client

i have many scenarios with CCR and many PPPoE Clientes working ok in a variety of scenarios:
Bras PPPoE + connection tracking off + fast-path mode
Bras PPPoE + connection tracking on + NAT + Fast-track mode
Bras PPPoE + connection tracking on + simple queues
Bras PPPoE + connection tracking on + simple queues + QoS per customer
Bras PPPoE + connection tracking on + simple queues + QoS per customer + NAT

I find very difficult faulty router having this kind of failure without leaving a trace of some problem on it or other equipment or totally crashing

at the same time not leaving a trace on other equipment

i think you need more monitoring on the rest of the network to prove is a CCR problem

maybe you are chasing the simptom, without knowing or finding the root cause of the problem, this is very common in PPPoE scenarios

i have two other ccr one with 700 clients and other one with 350 . they are working fine .

i had a ccr1009 and changed with this one 2 month ago .. 1009 was working completely fine . 1036 from the time we power on till today same thing . nothin else is changed on infrastructure only ccr . migration was done with export import command …if you have time i can give you access …

lodilodilodi · February 26, 2022, 7:26pm

i have installed ccr 1009 day 2 everything seems to work fine (cpu 60%)

Mikrotik support claim that i have package losses but that’s not true because i have good ping with all devices on my network (0-1ms)

I am sure now that is a hardware problem , they just don’t want to admit.

Zacharias · February 26, 2022, 7:41pm

Did you try to netinstall the device and configure again ?

lodilodilodi · February 26, 2022, 8:33pm

No , do you think that will do any change ?

I don’t think so coz i have downgraded to max and updated to 7.1.2 still the same think …