# jan/12/2023 10:15:27 by RouterOS 7.5
# software id = HJND-FS5T
#
# model = CCR2004-1G-12S+2XS
# serial number = XXXXXXXXXXX
/interface bridge
add name=lan_bridge protocol-mode=none
add disabled=yes name=wan_bridge
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=1_faerun rx-flow-control=auto \
tx-flow-control=auto
set [ find default-name=sfp-sfpplus2 ] name=2_magetower rx-flow-control=auto \
tx-flow-control=auto
set [ find default-name=sfp-sfpplus11 ] auto-negotiation=no name=\
11_wap_upstairs rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp-sfpplus12 ] auto-negotiation=no name=12_isp \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether1 ] name=management rx-flow-control=auto \
tx-flow-control=auto
set [ find default-name=sfp-sfpplus3 ] disabled=yes
set [ find default-name=sfp-sfpplus4 ] disabled=yes
set [ find default-name=sfp-sfpplus5 ] disabled=yes
set [ find default-name=sfp-sfpplus6 ] disabled=yes
set [ find default-name=sfp-sfpplus7 ] disabled=yes
set [ find default-name=sfp-sfpplus8 ] disabled=yes
set [ find default-name=sfp-sfpplus9 ] disabled=yes
set [ find default-name=sfp-sfpplus10 ] disabled=yes
set [ find default-name=sfp28-1 ] disabled=yes
set [ find default-name=sfp28-2 ] disabled=yes
/interface list
add name=lan
add name=wan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=lan_pool ranges=192.168.5.10-192.168.5.254
/ip dhcp-server
add address-pool=lan_pool interface=lan_bridge lease-time=1d name=lan_dhcp
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=wan_bridge disabled=yes interface=12_isp
add bridge=lan_bridge interface=1_faerun
add bridge=lan_bridge interface=2_magetower
add bridge=lan_bridge interface=11_wap_upstairs
/ip settings
set accept-source-route=yes ip-forward=no rp-filter=strict
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=lan_bridge list=lan
add interface=12_isp list=wan
/ip address
add address=192.168.5.1/24 interface=lan_bridge network=192.168.5.0
/ip dhcp-client
add interface=12_isp use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.5.100 client-id=1:98:b7:85:0:2a:cd mac-address=\
98:B7:85:00:2A:CD server=lan_dhcp
/ip dhcp-server network
add address=192.168.5.0/24 gateway=192.168.5.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=wan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/system clock
set time-zone-name=America/New_York
What I’m trying to do
I’m trying to set up a LAN consisting of a server, desktop, and a wAP.
My problem
I can connect all the server, desktop, and wAP to the LAN DHCP and get valid IPv4 addresses for each device. However, when I ping 8.8.8.8 from the desktop I am unable to receive any packets back. I get the same result if I ping www.ibm.com. When I go into WinBox and ping from the terminal everything works as expected. I am able to ping other devices on the LAN, like the server, and receive a response. Can someone help me figure out what I am missing in my configuration that will let my LAN devices see out to the WAN.
Export command shows things that were explicitly configured (so it’s really handy when troubleshooting problems with configuration). Dynamic stuff (such as IP address and routes, obtained by DHCP client, or leases of DHCP server) are not though. So when assessing router’s state, it’s vital to use also print command which displays running values (as opposed to configured values) - output format is different and to many it’s less readable. Generally it has two verbosity levels, to get additional details run print detail.
There’s third command which sometimes comes handy: monitor. Not every object in ROS has it though.