I am have been in this for about a year now so kinda new, I have looked on forum and just cant seem to find the answer I am looking for, SO I am asking for help. I have 2 routers set up to DHCP to my CPE locations (RB600 12...194) and(RB433AH 12...196) with a radius server on 12...195. I use only Ubiquiti Nano,AirGrid and Bullet for CPE equipment (UBNT). I have been experiancing problems were one router (RB433AH) may have about 15 customers logged on system and one or two (UBNT) customers just drop out and loose connection and cant get logged back on. The customer will have valid IP address from the DHCP Server but can not get a login page from the mikrotik, just will say internet explore can display the page, and will not have any internet connectivity. Now all the rest on this ap will have it just fine. I can look at hotspot settings ( I use a radius server) and I cant see them active on the router board, as they are not, but I can see them on the DHCP server lease? the only way to get this customer back on line is to reboot the router board, and this drops out all the rest of the customers that were logged in. I dont know really what settings to post to get the help I need, but I will sure try. The RB433AH has 2 5Ghz cards with sectors and a Xr9 card with omni, while the RB600 has 3 2Ghz cards with 3 sectors and a 5Ghz card for a backhaul. All running in AP mode. This problem has just started to happen with NO changes made in ANY settings on the routers boards since installed new with the RB600 being almost 2 years old.
I wonder were you go to get help on here,
I have 2 routers set up to DHCP to my CPE locations (RB600 > 12...194> ) and(RB433AH 12...196) with a radius server on > 12...194> .
This is a typo, correct? One of those is 12...195?
HINT: Check your posts for typos. You CAN edit them after you post them. That way you won’t get responses like:
You have two identical ips on the same subnet. Change one.
Since you have a typo in the subject (RB4600), and a typo in the message (duplicate ips), you probably have a typo in your router setup. Check carefully!
EDIT: Check your dns servers also. My ISP just changed the dns server ips, and failed to tell me. That will cause the same fail.
yes it was a typo sorry to all. I have corrected it, So are you saying that the dns will cause the UBNT products to drop internet connection? I have other UBNT products running off same sectors on mikrotik and they never go out or have problems, so I am a little skeptical of that.
Have you checked the log on the hotspot router for any clues to the disconnect? If the log doesn’t show enough to help you, you can enable hotspot logging. That will give you more detailed info.
/system logging
add topics=hotspot action=memory
Check your CPE equipment connection. Is it dropping the connection or anything like that?
Does the radius server data show the reason for the client logout?
Thanks SurferTim, I have updated all mikrotims to latest firmware, I have took some screen shots and will put them on here.
Mac 00:15:6D:F8:25:12 is the UBNT device, now it is connected and has internet as you will see in the next screenshots. How can this UBNT have a 192.168.1.20 default fallback address and still have internet. This is only one of the problems I am having and I think it is related to the issue I started this thread with. were are having some kinda DHCP issue, as if I reboot the Mikrotik it will allow the UBNT (not this one on screenshot) cpe to connect and pass internet. When we go out to customers location on a complaint that they get connected to the internet, we check cables, signal and everything we can. Signals are great, it will get a IP from mikrotik but it will just not pass the internet untill we reboot the main mikrotik.
Now this above screen shot and the ones below are from a AP set up using (2) UBNT Bullets, the station side(backhaul) is a M5 and is set to station WDS and is locked on with a weak signal but it is doing close to 3 meg down with a 54 ping time as seen in screenshots. The other M2 is set up as AP WDS and this is were the problems started. I can lock on the AP but I cant get a IP from the DHCP and it will not pass internet. The M5 and M2 are connected with a jumper cable into the lans. I can take the jumper from the M5 and connect to my laptop and I can get a log in page and log into the server (12.238..) and get auth. to get on the internet. BUT I have a IP of the default 192.168.1.20 were the DHCP of the mikrotik should be handing out 10.1.1.***???
Also, notice in the winbox scan how I am seeing a mac address with a 0.0.0.0 address? That is the main mikrotik running the internet for this subnet. But I see another mac that is close to this one and it is named the same also???
Mac 00:15:6D:55:BA:6B with a IP of 0.0.0.0 has same name as Mac 00:15:6D:94:53:1F with a IP of 10.1.1.1 ???
What is up with this?? could this be what is causing the dropping of the internet
I was playing with the settings on the M2 AP and I clicked the Airmax option and now I cant get back into the unit, and I mean with cable not trying to access wireless with laptop as I know it does not have 40Mhz card option.. But I cant even see the MS with a UBNT scan?? How do you reset it back to factory default??? the standard hold reset for 8 sec???
Here is the latest screenshot, Looks like someone is trying to hack into the mikrotik, bastards..
The most likely cause is simply a compromised machine brute forcing anything it finds with an open port for SSH. You should implement some firewall filter rules to only accept SSH access from admin networks.
It is very unlikely someone is actively targeting you, and very likely that the “attacker” is a victim himself.
Could I get a example of what kinda rules to put in place and were should they be placed in the rules?
The wiki has excellent examples.
If you only have one admin network you can edit “/ip services” and assign the network to the SSH item. If there’s more, make an address list and refer to it permitting traffic, then drop the rest. Where it goes in your ruleset is impossible to answer without knowing what your ruleset is. Put it where it makes sense, I guess.
/ip firewall address-list
add list=admin address=1.1.1.1/24
add list=admin address=2.2.2.2/24
/ip firewall filter
add chain=input protocol=tcp src-address-list=admin dst-port=22 action=accept
add chain=input protocol=tcp dst-port=22 action=drop
Again, the wiki has all of this information. As you can imagine it’s pretty much a FAQ.
I use winbox and have never have used the telnet side. And understand Wiki has ALL the answers, but when i search I can not find tha answers I am looking for because I guess lack of vocabulary or terminolgy. That is why newbies come to forum to learn by asking questions from the smart??/ But seems all we get is Read the Wiki, I have tried to pay 3 different consultants and all I get is I will call you back and never hear from them, So I am set to learn I will read and I will play with all this equipment till I get it, Maybe I will take a fuew classes and do some consulting as seems all of them are way busy at 100.00 per hour.. Thanks for your reply and direction and support to this forum.
Why is it that my Money Backhaul Bullet set as station WDS cant get a IP address from the mikrotik? Here is screenshot of this, I know the signal is bad, but I can do a speedtest and get 51 pings with 2.9 meg up and down on a 3.0 meg line.
I have included the screenshots otf the setup in previous post. Any help in the direction of things to check would be greatly appreciated.
