gateway mac 00:00:00:00:00:00 - hEX r3

RouterOS General
1

HI!

Here is "diagram" of network I'm trying to setup.

EDIT1: hEX is on SITE2 to create separate subnet 192.168.126.0/24 that has to access subnet 192.168.125.0/24 on SITE1.

mikrotik_0.PNG
mikrotik_0.PNG976×443 33.7 KB

The only problem is that hEX does not get correct mac address for gateway when on SITE2:
mikrotik_1.PNG
mikrotik_1.PNG517×159 18.8 KB

However, when I connect hEX directly to Cyberoam on SITE1 it get's gateway mac address:
mikrotik_4.PNG
mikrotik_4.PNG410×134 3.21 KB

MikroTik support suggested I add 192.168.88.0/24 subnet to route list on hEX which I am about to test I hope on Saturday.
But until that I wonder, does anyone have any suggestions based on configurations:

hEX config:

_# nov/24/2016 11:25:12 by RouterOS 6.37.2

software id = 5I3U-8A48

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool1 ranges=192.168.127.100-192.168.127.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=10h name=
dhcp1
/ip address
add address=192.168.0.10/29 interface=ether1 network=192.168.0.8
add address=192.168.127.1/24 interface=ether2 network=192.168.127.0
/ip dhcp-server network
add address=192.168.127.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.127.1
wins-server=192.168.125.253
/ip route
add distance=1 gateway=192.168.0.9
add distance=1 dst-address=192.168.125.0/24 gateway=192.168.0.9
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name="MT_15 (192.168.127.0)"
/system routerboard settings
set memory-frequency=1200DDR protected-routerboot=disabled_

Dynadish #1 config

_# nov/24/2016 11:24:00 by RouterOS 6.37.1

software id = FHAA-G9IS

/interface bridge
add mtu=1500 name=bridge1
/interface pptp-client
add connect-to=78.1.53.197 disabled=no name=pptp-out1 password=BLANK user=Multinorm1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity="" wpa-pre-shared-key=BLANK wpa2-pre-shared-key=BLANK
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyac channel-width=20/40/80mhz-Ceee disabled=no frequency=5070 frequency-mode=superchannel mode=bridge nv2-cell-radius=15 radio-name=U1-Cerna scan-list=default,5000-6000 security-profile=profile1 ssid=
OT_LNK_MULTINORM1 tdma-period-size=auto wireless-protocol=nv2 wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.88.6/24 interface=bridge1 network=192.168.88.0
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip route
add distance=1 gateway=192.168.88.254
/ip smb
set allow-guests=no
/ip upnp
set show-dummy-rule=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=M_10-U1_Cerna
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=161.53.30.104 secondary-ntp=161.53.30.170
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/system scheduler
add interval=1m name=DynVPN on-event=":local clientname "pptp-out1"\r
\n:local servername "BLANK"\r
\n:local servernewadd [:resolve $servername]\r
\n:local serveraddress [/interface pptp-client get $clientname connect-to]\r
\n\r
\n:if ($serveraddress != $servernewadd) do={\r
\n /interface pptp-client set [find name=$clientname] connect-to=$servernewadd\r
\n :log info ( "VPN: Server address changed to " . $servernewadd )\r
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/01/1970 start-time=00:00:00
/tool romon
set enabled=yes_

Dynadish #2 config

_# nov/24/2016 11:26:40 by RouterOS 6.37.1

software id = VM96-4LJ1

/interface bridge
add mtu=1500 name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity="" wpa-pre-shared-key=BLANK
wpa2-pre-shared-key=BLANK
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no frequency=5075 frequency-mode=superchannel mode=station-bridge nv2-cell-radius=15 radio-name=U2-Silos_Zupanja_Cerna scan-list=default,5000-5200
security-profile=profile1 ssid=OT_LNK_MULTINORM1 tdma-period-size=auto wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.88.7/24 interface=bridge1 network=192.168.88.0
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip route
add distance=1 gateway=192.168.88.254
/ip smb
set allow-guests=no
/ip upnp
set show-dummy-rule=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=M_11-U2_Silos_Zupanja_Cerna
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=161.53.30.104 secondary-ntp=161.53.30.170
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool romon
set enabled=yes_

Dynadish #3 config

_# nov/24/2016 11:28:54 by RouterOS 6.37.1

software id = DYKV-FRPB

/interface bridge
add mtu=1500 name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity="" wpa-pre-shared-key=BLANK
wpa2-pre-shared-key=BLANK
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyac channel-width=20/40/80mhz-Ceee disabled=no frequency=5765 frequency-mode=superchannel mode=bridge nv2-cell-radius=10 radio-name=U1-Silos_Zupanja_Montaza scan-list=default,5600-5800 security-profile=
profile1 ssid=OT_LNK_MULTINORM2 tdma-period-size=auto tx-power=23 tx-power-mode=all-rates-fixed wireless-protocol=nv2 wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.88.8/24 interface=bridge1 network=192.168.88.0
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip route
add distance=1 gateway=192.168.88.254
/ip smb
set allow-guests=no
/ip upnp
set show-dummy-rule=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=M_12-U3_Silos_Zupanja_Montaza
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=161.53.30.104 secondary-ntp=161.53.30.170
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool romon
set enabled=yes_

Dynadish #4 config

_# nov/23/2016 17:25:59 by RouterOS 6.37.1

software id = S109-T6QV

/interface bridge
add mtu=1500 name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity="" wpa-pre-shared-key=BLANK
wpa2-pre-shared-key=BLANK
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no frequency=5765 frequency-mode=superchannel mode=station-bridge nv2-cell-radius=10 radio-name=U1-Silos_Zupanja_Montaza scan-list=default,5600-5800
security-profile=profile1 ssid=OT_LNK_MULTINORM2 tdma-period-size=auto tx-power=23 tx-power-mode=all-rates-fixed wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.88.9/24 interface=bridge1 network=192.168.88.0
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip route
add distance=1 gateway=192.168.88.254
/ip smb
set allow-guests=no
/ip upnp
set show-dummy-rule=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=M_13-U4_Zupanja_Montaza
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=161.53.30.104 secondary-ntp=161.53.30.170
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool romon
set enabled=yes_

Thanks!

2

Not sure, I see your running ap-bride / bridge, which seems right..
Perhaps run a tunnel protocol between end points ?

3

I could do that, but this is problem I’d like to solve. It should work without any problem. When I connect hEX with LAN cable directly to Cyberoam it works as designed.
One more note, on Cyberoam Neighbor Cache (ARP table) I see type Incomplete for hEX IP address if connected via Dynadish.
Some forums suggest patch cable could be problem. However If I leave Dynadish on SITE1 connected to Cyberoam port and connect Dynadish on SITE2 to switch I get full access to SITE1 subnet.

4

You can trace the problem by checking bridge hosts (equivalent of Cisco show mac-address-table) on each wireless device on the path and isolate the faulty connection. You are probably right that cabling on either of 3 places on the path is the problem.

5

Another way of checking the connection is adding IP address from the same subnet as Cyberoam on each wireless device, and pinging it, it will probably be easier than dealing with layer 2 tables.

6

I will try this tomorrow and will report results.

7

So I have tried setting IP address of Dynadish #1 and ping Cyberoam interface and results are:
mikrotik_5.PNG
Maybe it’s really cabling on SITE1? Just to note, client’s on SITE2 are able to access 192.168.125.0/24 subnet on SITE1. They get IP addresses from DHCP on Cyberoam.

8

Alright, before we dive in the digging the layer 2 I need one information: what is the exact address and subnet mask of Cyberoam and hEX? If those are fine, you need to inspect bridge on the site: delete and create bridge again. I’ve also noticed pptp client on that board, did you try removing it before trying this experiment?

If site works on layer 3 (IP from different subnet on remote site works), then cabling is not the problem. You could also try adding address from 192.168.125.0/24 network on dish 1 and pinging Cyberoam (192.168.125.0/24 dhcp server address, since I have no clue what that device is capable of - could be some policy on that device, wrong ethernet, …).

9

pptp client is for company that looks after this link. They want to be able to access device from internet.

Cyberoam:
192.168.0.9
255.255.255.248

hEX ether1:
192.168.0.10
255.255.255.248

hEX ether2:
192.168.127.1
255.255.255.0

Dynadish #1 (as of today):
192.168.0.11
255.255.255.248

If I add 192.168.125.0/24 to Dynadish #1 and try to ping Cyberoam on 192.168.125.1 I get same result as with 192.168.0.9.

10

SITE2 at this moment is connected directly via Dynadish to Cyberoam. On SITE2 Dynadish is now connected to switch - no vlans.

11

I was lead to assume your network topology is the one from original post on the topic. I have no idea what switch you are talking about, but if it works it still means physical connection on site 1 is fine. Are there any VLANS configured on any device?

12

Diagram is only the plan.

Currently the only difference between plan is that on SITE2 in place of hEX is switch Cisco SG200-26 (default config)

So client’s on SITE2 get IP address from Cyberoam DHCP 192.168.125.0/24 pool.

hEX was suppose to create separate subnet on SITE2.

And no VLANs on any device.

It’s strange, because when I connect hEX to Cyberoam on SITE1 directly, everything works…

13

So, Sunday morning…cup of coffee, jump to server room…and what do I see? Wrong link connected to Cyberoam router… :blush: