I've seen multiple posts in the forums, but I have been unable to solve my problem.

I have a fiber modem (internet) attached to a MikroTik managed router. The modem passes everything through with one port forwarded and controlled via the MikroTik. I have two UniFi APs that provide wireless access, but they are set to not act as a DHCP server. Downstream I have a MicroTik switch (unmanaged) for 10Gbe access between my main computer and an UnRaid server (this is new and might contribute to this problem. This problems started about the same time).

I have had zero problems with anything on my system, until last week. I cannot connect to the internet on my phone (Pixel 2). The last updates were three weeks ago on the Pixel, so I don't believe it is the phone. Plus I can connect to any other WiFi network (work, friends', etc). I have checked the ARP table for MAC or IP duplication (none). I have created and changed the IP address lease for the phone several times. I've made it both dynamic and static. I've checked that remote access is allowed. I thought I randomly had it fixed last night. It worked for about 4 hours but then stopped again after work.

The router says it is connected and has provided it an IP, but all pings (mobile data off) also fail. I even factory resetted my phone. Same problem. So I turned wireless on the fiber modem back on and I can easily connect to the internet (just nothing on my internal network).

Any help is EXTREMELY appreciated. I've been working on this several nights in a row. I know basics, but I'm still "new" to all of this.

Here is the output of /export compact. I can provide any other info. The router is also fully updated.

[admin@MikroTik] > /export compact

sep/03/2020 22:11:55 by RouterOS 6.47.3

software id = Y6V5-66DG

model = RouterBOARD 750G r3

serial number = 6F39079D5FFC

/interface bridge
add admin-mac=64:D1:54:54:B0:56 auto-mac=no comment="created from master port" name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.130-192.168.88.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge1 name=defconf
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether2-master
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=bridge1 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether3 network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.88.132 client-id=1:80:2a:a8:d9:fb:f comment="UniFi AP AC-Lite - 1" mac-address=80:2A:A8:D9:FB:0F server=defconf use-src-mac=yes
add address=192.168.88.131 client-id=1:0:8:9b:f6:71:96 comment="QNAP TS-251" mac-address=00:08:9B:F6:71:96 server=defconf
add address=192.168.88.133 comment="UniFi AP AC-Lite - 2" mac-address=F0:9F:C2:73:B9:27 server=defconf
add address=192.168.88.135 client-id=1:d4:5d:64:d4:c4:5a comment="Tower - UnRaid" mac-address=D4:5D:64:D4:C4:5A server=defconf
add address=192.168.88.130 client-id=1:a0:36:9f:dc:36:cc comment=Babou-TR+ mac-address=A0:36:9F:DC:36:CC server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes max-concurrent-tcp-sessions=25
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=ether1
add action=dst-nat chain=dstnat dst-address-list="" dst-port=32400 in-interface=all-ethernet protocol=tcp to-addresses=192.168.88.135 to-ports=32400
/ip upnp
set enabled=yes
/system clock
set time-zone-name=America/Indiana/Indianapolis
/system resource irq rps
set ether1 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set ether2-master disabled=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox

There is no such thing as “unamanged MikroTik switch”. So write a bit more about it: model, OS run and how it’s configured. If it’s left to default config, it may well interfere with the rest of your LAN.

You are running the latest “stable” RouterOS 6.47.3
When did you upgrade ? Because this release is only out since September 01 which seems closely related to the last date your setup worked

Revert to 6.47.2 (or 6.47.1) and I guess all will be fine again

Could you try on your phone to set IP on automatic and check if your mac address is not blacklisted on the modem

The “unmanged” model is a CRS305-1G-4S+IN. My server and desktop are connected to this device. The 1 Gbe port is connected back to the Mikrotik hEX RB750Gr3 which is where the export file came from. This is the device that should be managing everything.

If the CRS305 is creating new leases, they are not showing up. I am also port forwarding to the UnRaid server so it travels through both MikroTik devices.

I updated the firmware Sept 3 because I saw there was a new firmware. I was hoping it would fix my issue. I could roll back, it was broken on the older version as well.

So I reset my phone (entirely), the hEX RB750Gr3, wireless AP, and everything else I could think of. Still, the phone, and only the phone, will not get a wireless internet connection. I randomly just decided to unplug the ethernet (POE/ETH/Boot) from the CRS305-1G-4S+IN that links back to the hEx. The phone IMMEDIATELY got an internet connection, but now there is no network connection between the hex and CRS305 devices.

I disabled wireless, plugged in the ethernet, and no internet connection. I repeated this back and forth. This connection is what is causing my problem.


This new CRS305 network connection back to the hEX is definitely the problem. Yay-ish.

But now what?

Maybe this will help someone.

After the insight that no MikroTik is unmanaged. I downloaded winbox and accessed the CRS305-1G-4S+IN. It was set as a bridge with a fixed IP. I switched the fixed IP to DHCP.

The hEX RB750Gr3 gave the CRS305 an IP address.

I have had zero issues since then. I still am not sure why this is the case. I thought a bridge/switch would not get a unique IP. However, after like 20 hours of messing with this, I’m just glad everything works.

Any managed switch (other vendors as well) have IP address for management purpose. In Mikrotik world, all ROS devices by default have static IP address 192.168.88.1 on their LAN side (and on switches that’s all ports) while SwOS devices are by default running DHCP client. And if two devices on same LAN use ssme IP address, there sure are problems, more so if that’s default gateway’s address.