Connecting server to Mikrotik

RouterOS Beginner Basics
1

Hey guys, need a little help here; still new to all this so it’s probably something stupid that i just can’t see. So I have mikrotik configurated, WAN and couple other ports, all on different networks. I’ve connected the server (HP) through ILO port and assigned a static IP address. Can’t access ILO interface through browser…as I said, missing something here(probably something with the network) so any help is appreciated. Thanks in advance

2

First test would be to ping hosts on different LAN subnets from RB itself using ping <remote_IP>. If that part works, then you probably should look at two things: 1) firewall settings on RB and 2) routes set up on client devices … and don’t forget 3) firewall settings on client devices, many detect change of network (and consequently change FW settings) by change of gateway’s MAC address.

3

Thank you for your help, ping doesn’t work between different LAN subnets, is it something with routes or bridges perhaps? How can I handle that or find the solution in documentation somewhere…

4

If I understand you right, if you run ping on the Routerboard device itself, ping doesn’t work? If that’s the case, then this points at some major mis-configuration indeed.

Can you open terminal window and run command /export hide-sensitive … then copy-paste the output here for us to see what exactly you have configured?

5

[admin@MikroTik] > export

mar/02/2020 12:54:49 by RouterOS 6.46.2

model = CRS125-24G-1S

/interface bridge
add admin-mac= auto-mac=no comment=defconf name=bridge
add name=bridge_deploy
add name=bridge_local
add name=bridge_server
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=“ether2 - Local”
set [ find default-name=ether3 ] name=“ether3 - Deploy”
set [ find default-name=ether4 ] name=“ether4 - Server”
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=Local ranges=10.180.2.10-10.180.2.20
add name=Deploy ranges=10.180.3.10-10.180.3.20
add name=Server ranges=10.180.8.10-10.180.8.20
/ip dhcp-server
add address-pool=Local disabled=no interface=bridge_local name=local
add address-pool=Deploy disabled=no interface=bridge_deploy name=deploy
add address-pool=Server disabled=no interface=bridge_server name=server
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1-WAN
add bridge=bridge_local comment=defconf interface=“ether2 - Local”
add bridge=bridge_deploy comment=defconf interface=“ether3 - Deploy”
add bridge=bridge_server comment=defconf interface=“ether4 - Server”
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=ether11
add bridge=bridge comment=defconf interface=ether12
add bridge=bridge comment=defconf interface=ether13
add bridge=bridge comment=defconf interface=ether14
add bridge=bridge comment=defconf interface=ether15
add bridge=bridge comment=defconf interface=ether16
add bridge=bridge comment=defconf interface=ether17
add bridge=bridge comment=defconf interface=ether18
add bridge=bridge comment=defconf interface=ether19
add bridge=bridge comment=defconf interface=ether20
add bridge=bridge comment=defconf interface=ether21
add bridge=bridge comment=defconf interface=ether22
add bridge=bridge comment=defconf interface=ether23
add bridge=bridge comment=defconf interface=ether24
add bridge=bridge comment=defconf interface=sfp1
/interface list member
add interface=ether1-WAN list=WAN
add interface=“ether2 - Local” list=LAN
add interface=bridge list=LAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=10.180.2.1/24 comment=defconf interface=“ether2 - Local” network=10.180.2.0
add address=192.168.0.221/24 interface=ether1-WAN network=192.168.0.0
add address=10.180.3.1/24 interface=“ether3 - Deploy” network=10.180.3.0
add address=10.180.8.1/24 interface=“ether4 - Server” network=10.180.8.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add interface=ether1-WAN
/ip dhcp-server network
add address=10.180.2.0/24 dns-server=10.180.2.1 gateway=10.180.2.1 netmask=24
add address=10.180.3.0/24 dns-server=10.180.3.1 gateway=10.180.3.1 netmask=24
add address=10.180.8.0/24 dns-server=10.180.8.1 gateway=10.180.8.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=83.139.103.3,83.139.121.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=bridge_deploy
/ip route
add distance=1 gateway=192.168.0.1
/lcd
set time-interval=hour

Currently connected to local, can go online and ping works, but between LAN no no, totally lost since it’s been three days of learning :confused:

6

There are a few things not quite right:

/ip address
add address=10.180.2.1/24 comment=defconf interface="ether2 - Local" network=10.180.2.0
add address=192.168.0.221/24 interface=ether1-WAN network=192.168.0.0
add address=10.180.3.1/24 interface="ether3 - Deploy" network=10.180.3.0
add address=10.180.8.1/24 interface="ether4 - Server" network=10.180.8.0

When interfaces are bridged, then any L3 config should go to correspodning bridge interface. In your case


/ip address
add address=10.180.2.1/24 interface=bridge_local network=10.180.2.0
add address=10.180.3.1/24 interface=bridge_deploy network=10.180.3.0
add address=10.180.8.1/24 interface=bridge_server network=10.180.8.0

In addition to that:

/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1-WAN
/ip address
add address=192.168.0.221/24 interface=ether1-WAN network=192.168.0.0

The same thing: interface ether1 is bridged, but this time bridge is disabled altogether.

BTW: if only single interface is part of same L2 domain (i.e. ethernet broadcast domain a.k.a. IP subdomain), you don’t have to use bridge at all, you can set IP config directly to interface.

It does puzzle me why you can use local (presumably ether2) to connect internet, but you can’t use others.

BTW2: any good reason for having this:

/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge_deploy
7

I’ve read about your last advice but was advised to join ports to bridge; this is all just a “lab” of sorts and as you see I’m lost. My field is Linux, not networking. So pardon me for stupid question but what should I do so i could ping betweens LANs and that i could connect to static IP address assigned to server? If you answered then i do not understand and in need of simplified version. I can connect to internet from every interface but can’t ping between networks (between 10.180.2.0 and 3.0 for example). Ignore the rule, i’m trying out everything i stumble upon :confused:

8

First move IP setup from member interfaces to bridge interfaces as I described in my previous post (first part, config in the part starting with “In your case”).

And only then do the test (and let me know of the outcome) … run ping command on RB itself[*] and ping some LAN device … And/or the other way around, on LAN device try to ping router’s IP address.

9

That’s correct advice when ports are in plural. Which is not the case in your current config (but might change when you get out of lab, that’s why I mentioned that in BTW section).

10

Did what you sugested…currently connected to ether2 and can’t ping device on ether3, from RB itself can only ping GW, but not the asigned address through DHCP

11

Again: test between device on ether2 and router. Then test between device on ether3 and router. Do both pings work fine? Does ping work regardless the direction (i.e. device on ether2 pings router versus router pings device on ether2)? Further investigation depends on whether all 4 ping tests work out fine or not.

12

Why do people insist on multiple bridges when its much easier to configure one bridge and instead a bunch of vlans??
I fail to see the attraction (hard on my eyes LOL).

\

  1. As mkx noted the thing that popped out… as wrong, the interfaces should be the associated bridge not the port.
    /ip address
    add address=10.180.2.1/24 comment=defconf interface=“ether2 - Local” network=10.180.2.0
    add address=192.168.0.221/24 interface=ether1-WAN network=192.168.0.0
    add address=10.180.3.1/24 interface=“ether3 - Deploy” network=10.180.3.0
    add address=10.180.8.1/24 interface=“ether4 - Server” network=10.180.8.0

2.The other item seemingly incongruent is
/interface list member
add interface=ether1-WAN list=WAN
add interface=“ether2 - Local” list=LAN
add interface=bridge list=LAN

I don’t see any definition anywhere of this Bridge List?? Either I am blind and missed it or it is indeed missing.
In any case, assuming ethe2 is part of a bridge list, the eth2 line could be removed…

  1. Lastly the first source nat rule seems okay but why did you add the second rule??
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface-list=WAN
    add action=masquerade chain=srcnat out-interface=bridge_deploy**???**
13

Thanks for all suggestions and help provided :slight_smile:,as I said earlier this is all new to me since i work with linux not networking but managed to make it work at the end. Changed everything you said and ping works in every direction from every device(stupid problem was the windows firewall on end devices in different LANs). But will for sure work more with MT, got my VMs now so i could understand it finally. All advices appreciated…the last thing i have is a server with static IP 192.168.x.x plugged into ether 4 with assigned 10.180.8.0 network?! Totally abstract for me and i don’t even know what to google anymore to make it ping at least

14

Thanks for all of your suggestions guys because i am facing this problem.