Hello!
I’m a brand new Mikrotik user and this is my first post. I hope I’m not breaking any rules here!
I set up my Hex S last Thursday (5 days ago) and everything has been smooth sailing so far. Connectivity has been rock-solid and I’ve had no issues. What an amazing little box 
However, this morning I woke up to no internet.
After some investigation, I found my client devices reported a loss of internet connectivity at around 1:30 at night. So I went to the Hex S logs, and just found this lonely entry there:
As soon as I rebooted my Hex S, internet connectivity came back.
My understanding is that the “internet detect” feature basically demoted my pppoe-out1 connection from “internet” to “WAN” at that point, which indicates that internet connectivity was likely lost for whatever reason (maybe my ISP had a small outage). However, I would’ve expected the Hex S to automatically reestablish the link on its own rather than waiting for me to reboot it manually.
I’ve been using a different router for almost a year now (NOT my ISP router, but a Google Nest Router), and I never had a single outage that required a manual reboot. So I don’t think it’s a coincidence that this has happened just 5 days after switching to the Mikrotik. I’d bet my previous router probably faced this same situation many times in the past, but was able to recover the connection by itself without any action from my side.
My setup is pretty simple, with most settings left to their defaults:
- My ISP ONT connected to eth1 of the Hex S
- PPPoE and VLAN100 interface configured on eth1 (both required by my ISP)
- Bunch of devices connected on eth 2-5, including two Wi-Fi access points (Nest Router and Google Wi-Fi)
- I also have DNS over HTTPS enabled, but I don’t think that’s related as I couldn’t even ping 8.8.8.8 from the Mikrotik this morning. Switching to regular DNS made no diffrence either.
Any ideas of why this may have happened? Any settings I can tweak to make sure the Hex S will automatically re-establish connectivity if my ISP link goes down for whatever reason?
Here’s my export:
# feb/21/2022 11:02:56 by RouterOS 7.1.2
# software id = 9A99-M04C
#
# model = RB760iGS
# serial number = F94B0F3D9A36
/interface bridge
add admin-mac=DC:2C:6E:80:3C:E8 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=ether1 name=Internet vlan-id=100
/interface pppoe-client
add add-default-route=yes disabled=no interface=Internet keepalive-timeout=\
disabled name=pppoe-out1 use-peer-dns=yes user=**********
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip kid-control
add fri=0s-1d mon=0s-1d name=system-dummy sat=0s-1d sun=0s-1d thu=0s-1d tue=\
0s-1d tur-fri=0s-1d tur-mon=0s-1d tur-sat=0s-1d tur-sun=0s-1d tur-thu=\
0s-1d tur-tue=0s-1d tur-wed=0s-1d wed=0s-1d
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=yes interface=Internet
/ip dhcp-server lease
add address=192.168.88.10 comment="Desktop PC" mac-address=D0:50:99:2F:33:71
add address=192.168.88.81 comment="Google Wi-Fi" mac-address=\
3C:28:6D:7C:AE:D3
add address=192.168.88.80 comment="Nest Router" mac-address=CC:F4:11:63:E0:37
add address=192.168.88.11 comment="Shield TV" mac-address=00:04:4B:55:67:44
add address=192.168.88.12 comment="LG C7" mac-address=78:5D:C8:66:51:43
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=1.1.1.1,1.0.0.1 \
gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1 use-doh-server=\
https://cloudflare-dns.com/dns-query verify-doh-cert=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=1.1.1.1 name=cloudflare-dns.com
add address=1.0.0.1 name=cloudflare-dns.com
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface-list=LAN
/ip kid-control device
add mac-address=CC:F4:11:63:E0:37 name="Nest Router;-2"
add mac-address=3C:28:6D:7C:AE:D3 name="Google Wi-Fi;-2"
add mac-address=D0:50:99:2F:33:71 name="Desktop PC;1"
add mac-address=1A:F2:50:4C:6F:8F name="Pixel 4;2"
add mac-address=A0:78:17:96:0E:AA name="MacBook Pro;1"
add mac-address=04:4E:AF:2E:97:7C name=";-1"
add mac-address=00:04:4B:55:67:44 name="Shield TV;7"
add mac-address=78:5D:C8:66:51:43 name="LG C7;3"
add mac-address=7E:5F:A8:2B:88:0D name="Pixel 3a;2"
/system clock
set time-zone-name=Europe/Madrid
/system ntp client
set enabled=yes
/system ntp client servers
add address=130.206.3.166
add address=130.206.0.1
add address=150.214.94.5
add address=150.214.94.10
add address=193.147.107.33
add address=185.179.104.7
add address=185.179.104.12
add address=150.214.5.121
add address=158.227.98.15
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN