Clients can't connect on ether, wlan fine. Erratic behaviour

jeremyh · October 11, 2012, 4:48pm

Hello

I’m trying to set up a RB2011 for home use. The router seems to work fine, with the exception that the ethernet ports are not behaving normally. I must admit that I am quite clueless on how port switching, slaving, and bridging works, or rather, what is the appropriate and ‘best practice’ solution with port switching and bridging.

Wireless clients connect fine, no worries there. The problem is that ethernet clients either connect after a brief delay, work for anywhere from a few seconds to a few minutes, and then stop - or don’t connect at all. When I say ‘don’t connect’, I mean aren’t issued an IP. In the case of one machine here (OS X), it will eventually be issued an IP, but still won’t work.

I’ve tried purging the ARP cache, and I’ve tried every port on the router with the same erratic response.

I’m quite sure it has to do with my lousy understanding of bridging and switching groups, and that I’m doing something wrong.

My config is below; it would be great if someone could give it a quick eyeball.

Many thanks

[admin@MikroTik] > export compact
# oct/12/2012 00:42:51 by RouterOS 5.20
# software id = PX2A-XXXX
#
/interface bridge
add admin-mac=D4:CA:6D:32:00:6A auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface ethernet
set 0 disabled=yes name=sfp1-gateway
set 1 name=ether1-gateway
set 3 name=ether3-slave-local
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 master-port=ether6-master-local name=ether10-slave-local
/interface pppoe-client
add add-default-route=yes allow=chap disabled=no interface=bridge-local \
    max-mru=1492 max-mtu=1492 name=pppoe-amnet password=XXXXXX \
    use-peer-dns=yes user=XXXXXX
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=\
    tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \
    wpa-pre-shared-key=XXXXXX wpa2-pre-shared-key=XXXXXX
add authentication-types=wpa2-psk eap-methods=passthrough group-ciphers=\
    tkip,aes-ccm management-protection=allowed mode=dynamic-keys name=\
    lake supplicant-identity="" unicast-ciphers=tkip,aes-ccm \
    wpa2-pre-shared-key=XXXXXX
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no \
    distance=indoors ht-rxchains=0,1 ht-txchains=0,1 l2mtu=2290 mode=\
    ap-bridge security-profile=lake ssid=lake wireless-protocol=802.11
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=yes disabled=no interface=\
    bridge-local lease-time=12h name=dhcp1
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether1-gateway
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    bridge-local
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
    192.168.88.1 gateway=192.168.88.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=XXXXXX
/ip dns static
add address=192.168.88.1 name=lake-router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\
    established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" \
    in-interface=sfp1-gateway
add action=drop chain=input comment="default configuration" \
    in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default NAT" out-interface=\
    pppoe-amnet to-addresses=0.0.0.0
/ip neighbor discovery
set ether1-gateway disabled=yes
set wlan1 disabled=yes
/tool mac-server
add disabled=no interface=ether2
add disabled=no interface=ether3-slave-local
add disabled=no interface=ether4
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=wlan1
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3-slave-local
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local

jandafields · October 15, 2012, 2:36am

You have put ALL of your ports (including your WAN) in the same bridge! That won’t work.

ONLY put the lan and wireless in the bridge. Keep the wan OUT of the bridge.

jeremyh · October 15, 2012, 2:49pm

OK, thanks for that. It definitely seems dumb now. I’d had a few beers and was getting quite frustrated..

The RB2011 has 10 ethernet ports, in two switch groups. So I assume that I need to designate one port from each as the master and the others as slaves, which I’ve done:

/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wireless-network

Ether 3-5 and 7-10 are designated as slaves of ether2 and ether6 respectively. Ether1 is my gateway.
Below is the rest of my initial config. I would be very grateful if you could have a look and point out any errors.

Interestingly I was able to get 1.6MB/s before (from my ISP’s repo) with the wacky config I had, but now top out at around a third of that. Everything else seems great.

Cheers
J

Full config:

#
/interface bridge
add l2mtu=1598 name=bridge-local
/interface wireless
set 0 band=2ghz-b/g/n disabled=no frequency=2462 ht-rxchains=0,1 ht-txchains=\
    0,1 l2mtu=2290 mode=ap-bridge name=XXXXXX ssid=XXXXXX wireless-protocol=\
    802.11
/interface ethernet
set 0 name=ether1-gateway
set 1 name=ether2-master-local
set 2 master-port=ether2-master-local name=ether3-slave-local
set 3 master-port=ether2-master-local name=ether4-slave-local
set 4 master-port=ether2-master-local name=ether5-slave-local
set 5 name=ether6-master-local
set 6 master-port=ether6-master-local name=ether7-slave-local
set 7 master-port=ether6-master-local name=ether8-slave-local
set 8 master-port=ether6-master-local name=ether9-slave-local
set 9 master-port=ether6-master-local name=ether10-slave-local
/interface pppoe-client
add add-default-route=yes allow=chap disabled=no interface=ether1-gateway \
    name=ppp-amnet password=XXXXXX use-peer-dns=yes user=XXXXXX
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool1 authoritative=yes disabled=no interface=\
    bridge-local lease-time=12h name=dhcp1
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=lake
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
    ether2-master-local network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=XXXX,XXXX
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ppp-amnet

jeremyh · October 15, 2012, 6:55pm

I think this is all sorted out now.