maybe is my Switch configuration wrong ?

aeroxr1 · September 24, 2017, 10:46pm

Hi !
I have a new question for you

This is my configuration :

_ ISP ROUTER 
|
|__  RB750Gr3 
    |
    |__ Ubiquiti Unifi Lite Ap
    |
    |__ Sony Ps4
    |
    |__ Nas
    |
    |__ Switch A Dlink Unmanaged 100/1000 
         |__Switch B Dlink Unmanaged 100/1000
              |_ Pc Desktop

My question is : why the led on the port on the switch A ans on the switch B blinking also with the pc desktop turned off ? Seems that the Mikrotik router continue to send packet on those port also without devices linked on that.. why ?

Maybe I have configured the switch interface on the RG750Gr3 in wrong way.

I configured the interface in this way :
interface 1 → gateway
interface 2 → master
interface 3,4,5 → slave of interface 2

interface 1 → linked to ISP router
interface 2 → linked to ubiquiti AP
interface 3 → linked to Synology Nas
interface 4 → linked to ps4
interface 5 → linked to switch A

I expected that without devices that request data the switch does not distribute data on that port.

EDIT : Moreover I can’t set up the upnp only on the ps4 interface.

This is my settings exported :

[admin@HomeRouter] > /export hide-sensitive 
# sep/28/2017 21:15:30 by RouterOS 6.40.3
# software id = ######
#
# model = RouterBOARD 750G r3
# serial number = ####
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] comment="ps4 interface" master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1-gateway discover=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.0.30-192.168.0.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2-master name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface l2tp-server server
set authentication=mschap1,mschap2 use-ipsec=yes
/interface list member
add comment=defconf interface=ether2-master list=LAN
add comment=defconf interface=ether1-gateway list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.0.1/24 comment=defconf interface=ether2-master network=192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip service
set www port=8980
set www-ssl disabled=no port=8981
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1-gateway type=external
add interface=ether2-master type=internal
/ppp secret
add local-address=192.168.0.1 name=vpn profile=default-encryption remote-address=192.168.1.4 service=l2tp
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=HomeRouter
/system routerboard mode-button
set enabled=no on-event=""
/tool bandwidth-server
set enabled=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master
[admin@HomeRouter] >

Do you see something wrong ?

pcunite · September 25, 2017, 3:04am

Why is the led on switch A and the led on switch B blinking with the PC desktop turned off?

What happens when you unplug everything, but the two switches? Slowly add things back.

Paternot · September 25, 2017, 1:17pm

Take a look at /ip neighbor discovery. The Mikrotiks, by default, probe the network to find neighbors. This may be the activity you are seeing. You can disable it, by interface.

aeroxr1 · September 25, 2017, 6:12pm

As soon as i arrive at home i Will check. But what is this for ? Find the neightbors is useful and do you suggest to me keep It active ?

The leds on the two switches continue to blink also without devices linked

Inviato dal mio SM-G925F utilizzando Tapatalk

Paternot · September 25, 2017, 7:03pm

It gives some information about the system. There are other possibilities too. I would turn it off on public networks, and weight the risks and benefits of having it on on my internal ones.

aeroxr1 · September 26, 2017, 7:20pm

Ok thanks

Another two little question

if I want apply a upnp I have to choose the switch master interface or can I select one other slaves interfaces ???
I have done a throughput test Test between my pc and router mikrotik with direction both but the result is only :
TX/RX 195.9 Mbps/542.7 Mbps

is it normal ???

Paternot · September 26, 2017, 9:53pm

I don’t know. Never though about that.

The throughput test uses a lot of CPU. If you are running the server/client on the router being tested, some degradation in performance is to be expected - the weaker routers are more affected. It is better to use a client and a server, and route them through the router you are testing.

aeroxr1 · September 28, 2017, 7:22pm

For the upnp doubt and slow throughput. This is my settings configuration:

[admin@HomeRouter] > /export hide-sensitive 
# sep/28/2017 21:15:30 by RouterOS 6.40.3
# software id = ####
#
# model = RouterBOARD 750G r3
# serial number = ####
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] comment="ps4 interface" master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1-gateway discover=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.0.30-192.168.0.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2-master name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface l2tp-server server
set authentication=mschap1,mschap2 use-ipsec=yes
/interface list member
add comment=defconf interface=ether2-master list=LAN
add comment=defconf interface=ether1-gateway list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.0.1/24 comment=defconf interface=ether2-master network=192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
    in-interface-list=WAN
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input in-interface=ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip service
set www port=8980
set www-ssl disabled=no port=8981
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1-gateway type=external
add interface=ether2-master type=internal
/ppp secret
add local-address=192.168.0.1 name=vpn profile=default-encryption remote-address=192.168.1.4 service=l2tp
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=HomeRouter
/system routerboard mode-button
set enabled=no on-event=""
/tool bandwidth-server
set enabled=no
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master
[admin@HomeRouter] >

Do you see something wrong ?

However I have to study firewall and mangle rules, because I want create a qos for the ps4 .