I already have setup MikroTik router setup as static on FIOS too. Here is the image that shows MikroTik Router is showing as inactive.
.
Not sure of fios settings is there something else on that thing that needs to be enabled?
Did you try a different connecting cable?
Next step is trying different ports maybe…
Changing cable did not help. There are other computers connected to FIOS with no issues. So FIOS DHCP is working fine. When i check the route list in MikroTik, it shows 192.168.188.1 as reachable through ether1. I expect to see unreachable if there was some cable issue(image below).When i ping FIOS router from PC on MikroTik router, i get timeouts but sometimes even the Mikrotik Router shows up as unreachable(image 2). Is there any logs i can check to see whats happening on ether1?
Image showing Route to FIOS is reachable
,
Image showing ping to FIOS is failing and sometimes Mikrotik router is showing as unreachable
.
.
Does the fios require a vlan to pass its internet? Highly unlikely but grasping at straws here.
Tools: Packet sniffer
https://help.mikrotik.com/docs/display/ROS/Packet+Sniffer
Tools: Torch
https://help.mikrotik.com/docs/display/ROS/Torch
https://wiki.mikrotik.com/wiki/Manual:Troubleshooting_tools
wireshark may be needed to read the traffic from packet sniffer in greater detail.
No VLAN needed. i updated my post above with images. See if it points to some issue.
I do see another issue, when i reload back the original configuration (which worked but was very slow) it doesnt work anymore. I typically follow these steps to reload my configuration let me know if i am missing something
- Reset configuration
- Connect to Winbox
- After logging in i remove the default configuration
- Import my new configuration.
I would rest to defaults and start clean…
anav,
Can you provide some more details on the steps to start clean? I would think resetting the configuration and removing the default when i first login would be a clean start.
Good question not having done it before, but I do suggest going to the
System Menu and selecting Configuration and select the checkbox next to NO DEFAULT CONFIGURATION if you fancy starting from zero/scratch
otherwise
go to new terminal windows and type
/system reset-configuration
This should reset the router to defaults as if though you got it for the first time.
The choice is yours, personally I would use the terminal window.
In the mysetup, you have entered:
/interface ethernet
set [ find default-name=ether1 ] mac-address=48:5D:36:38:CE:E9
The MAC-address for ether1 you set belongs to Verizon, is that the cable-modem/router?
Remove it and reboot.
Also check the lines:
/interface bridge
add admin-mac=CC:2D:E0:4C:0D:B2 auto-mac=no comment=defconf name=bridge
The Admin-MAC should be the same as one of the interfaces from the LAN bridge (ether2).
The MAC-address for ether1 you set belongs to Verizon, is that the cable-modem/router?
Yes its my cable router MAC address. To setup FIOS router as a bridge I need to setup ether1 port with MAC of FIOS router
To make it work i reset Mikrotik ether1 MAC to the original value. With this change I am able to
- Successfully ping “google.com” from MikroTik router terminal window.
- Unable to Ping “google.com” from a PC connected to MikroTik (192.168.166.x)
myUpdatedSetup.rsc (1.93 KB)
No, you cannot use a MAC that still is in use on the FIOS bridge.
In your config file you have removed it, thats good.
I can’t see any srcnat rule for outgoing traffic, add this:
/ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade
Thanks Peson that fixed it. For some reason my configuration file did not import properly and the NAT setting got dropped.
I am happy now that my setup works
Thanks Anav and Peson for helping me resolve this issue.
To summarize my mistake was changing the MAC Address of interface ether1 . I understand even though MikroTik provides capability to change MAC address of ether1 i should not change it.
With this restriction i cannot setup FIOS router in bridge mode as I understand Verizon checks MAC address of router.
I am attaching my final configuration with firewall rules that Anav suggested. Somebody with similar setup can use this.
Note: I added rules to allow Winbox and SSH
myConfig.rsc (3.46 KB)
First of all.
Are you planning to use the CRS112 as switch or a router?
It looks like you are using it as a router and software bridgeing. Expect very low performance with this setup.
Yes i am using CRS112 as a router. FIOS is also a router for now as i look out for options to change that.
Is your suggestion to use FIOS as router and keep CRS112 as switch for better performance?
I tried with one device connected to CRS112 and i dont see any degrade but its possible that CRS112 might slow down as i connect more devices.
Bad idea, since when does anyone want an ISP to be fondling your jewels.
Always use your own router if possible, the only thing the ISP should be doing is providing a public IP.
Bad idea, since when does anyone want an ISP to be fondling your jewels.
Always use your own router if possible, the only thing the ISP should be doing is providing a public IP.
With my setup ISP can see just the CRS-112 router as I connect all my devices to CRS-112. I cannot get rid of FIOS router as it converts coxial to ethernet and ISP also check the MAC address of the device directly connecting to it.
I would like to better understand the reasoning for slow performance with this setup.
The performance must relate to something, If you get the performance that the cablemodem delivers, then fine, if you want to route traffic between local subnets, it will be slow.
CRS1xx/2xx has a slow CPU when it comes to software bridging and routing. For switching traffic in L2 network it works allright, so it all depends of how it is used.
You kan read about this on the product page. https://mikrotik.com/product/CRS112-8G-4S-IN#fndtn-testresults
The CRS112 maxes out ~70-90Mbps as a router/firewall without any fancy features, maybe that enough for you.
It’s also important that you verify that the “LAN” ports has the H flag, or else the traffic will be pushed via the CPU. It’s the main pitfall with Mikrotik switches that it can do anything, but if you do it wrong it will revert to software and use the CPU.
This is very good information. I have the hardware offload flag checked so this should reduce CPU use. I will check the bandwidth again once i connect additional devices to CRS112
If you need to use a specific MAC-adress for the WAN-side/DHCP-client, then create an additional bridge with the physical port.
Example:
/interface bridge
add admin-mac=CC:2D:E0:4C:0D:B2 auto-mac=no comment=defconf name=bridge
add admin-mac=11:22:33:44:55:66 auto-mac=no comment=WAN name=bridge-wan
/interface list
add name=WAN
add name=LAN
/interface bridge port
add bridge=bridge-wan interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=sfp9
add bridge=bridge comment=defconf interface=sfp10
add bridge=bridge comment=defconf interface=sfp11
add bridge=bridge comment=defconf interface=sfp12
/interface list member
add interface=bridge-wan list=WAN
add interface=bridge list=LAN
/ip dhcp-client
add disabled=no interface=bridge-wan