Mikrotik V7.15.2 Vlan error

miankamran7100 · July 7, 2024, 10:11am

Dear all,
I hope you will be fine.
Mikrotik V7.15.2 Vlan error. how to fix it. But in the older version, it works fine. PLease help me.

Thanks

Guscht · July 7, 2024, 10:30am

remove the loop

seriquiti · July 7, 2024, 10:30am

Pretty sure it’s a config error. I’m running all VLAN’s on all my installs and yet to see this.

Post config and people can assist.

miankamran7100 · July 7, 2024, 5:57pm

/interface bridge
add admin-mac=B8:69:F4:AE:BC:FD auto-mac=no name=Bridge_WAN-1 port-cost-mode=
short
add admin-mac=14:46:58:BC:18:1E auto-mac=no name=Bridge_WAN-2 port-cost-mode=
short
add admin-mac=50:D4:F7:ED:0A:8E auto-mac=no name=Bridge_WAN-3 port-cost-mode=
short
add disabled=yes name=Bridge_WAN-4 port-cost-mode=short
add disabled=yes name=Bridge_WAN-5 port-cost-mode=short
add name=Bridge_ether2 port-cost-mode=short
/interface ethernet
set [ find default-name=ether2 ] name=ether2_WAN
set [ find default-name=ether3 ] name=ether3_Loop
set [ find default-name=ether4 ] name=ether4_Loop
set [ find default-name=ether8 ] name=ether8_LAN
/interface pppoe-client
add disabled=no interface=Bridge_WAN-1 name=User1 user=asad
add disabled=no interface=Bridge_WAN-2 name=User2
user=mubasharahmad01
add disabled=no interface=Bridge_WAN-3 name=User3
user=mubasharahmad02
add interface=Bridge_WAN-4 name=4_pppoe-out1
add interface=Bridge_WAN-5 name=5_pppoe-out1
/interface vlan
add interface=ether3_Loop name=vlan1011_ether3 vlan-id=1011
add interface=ether4_Loop name=vlan1011_ether4 vlan-id=1011
add interface=ether3_Loop name=vlan1012_ether3 vlan-id=1012
add interface=ether4_Loop name=vlan1012_ether4 vlan-id=1012
add interface=ether3_Loop name=vlan1013_ether3 vlan-id=1013
add interface=ether4_Loop name=vlan1013_ether4 vlan-id=1013
add disabled=yes interface=ether3_Loop name=vlan1014_ether3 vlan-id=1014
add disabled=yes interface=ether4_Loop name=vlan1014_ether4 vlan-id=1014
add disabled=yes interface=ether3_Loop name=vlan1015_ether3 vlan-id=1015
add disabled=yes interface=ether4_Loop name=vlan1015_ether4 vlan-id=1015
/interface list
add include=none name=“WAN Interface”
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing table
add disabled=no fib name=to_wan1
add disabled=no fib name=to_wan2
add disabled=no fib name=to_wan3
add disabled=no fib name=to_wan4
add disabled=no fib name=to_wan5
/interface bridge port
add bridge=Bridge_ether2 interface=ether2_WAN internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan1011_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan1012_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan1013_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 disabled=yes interface=vlan1014_ether3
internal-path-cost=10 path-cost=10
add bridge=Bridge_ether2 disabled=yes interface=vlan1015_ether3
internal-path-cost=10 path-cost=10
add bridge=Bridge_WAN-1 interface=vlan1011_ether4 internal-path-cost=10
path-cost=10
add bridge=Bridge_WAN-2 interface=vlan1012_ether4 internal-path-cost=10
path-cost=10
add bridge=Bridge_WAN-3 interface=vlan1013_ether4 internal-path-cost=10
path-cost=10
add bridge=Bridge_WAN-4 disabled=yes interface=vlan1014_ether4
internal-path-cost=10 path-cost=10
add bridge=Bridge_WAN-5 disabled=yes interface=vlan1015_ether4
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/interface l2tp-server server
set one-session-per-host=yes use-ipsec=required
/interface list member
add interface=User1 list=“WAN Interface”
add interface=User2 list=“WAN Interface”
add interface=User3 list=“WAN Interface”
add interface=4_pppoe-out1 list=“WAN Interface”
add interface=5_pppoe-out1 list=“WAN Interface”
/interface pppoe-server server
add authentication=pap disabled=no interface=ether8_LAN max-mtu=1500
one-session-per-host=yes service-name=service_one
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dns
set allow-remote-requests=yes cache-size=10000KiB servers=
8.8.8.8,1.1.1.1,8.8.4.4
/ip firewall filter
add action=accept chain=input comment=“Router Access Remotely” dst-port=
8295,8296 protocol=tcp
add action=drop chain=input comment=“Block Ping” in-interface-list=
“WAN Interface” protocol=icmp
add action=drop chain=input comment=“Block Attack” dst-port=
25,53,87,512-515,543,544,7547,8080 protocol=tcp
add action=drop chain=input comment=“Block Attack” dst-port=
53,80,87,161,162,1900,4520-4524,8080 protocol=udp
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
"Port Scanners to Address List " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-NMAP FIN Stealth scan” protocol=tcp tcp-flags=
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-FIN/SYN scan” protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-RST/SYN scan” protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-FIN/PSH/URG scan” protocol=tcp tcp-flags=
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-ALL/ALL scan” protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-NMAP NULL scan” protocol=tcp tcp-flags=
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment=“Dropping Port Scanners”
src-address-list=“Port Scanners”
/ip firewall mangle
add action=mark-connection chain=input in-interface=User1
new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input in-interface=
User2 new-connection-mark=wan2_conn passthrough=
yes
add action=mark-connection chain=input in-interface=
User3 new-connection-mark=wan3_conn passthrough=
yes
add action=mark-routing chain=output connection-mark=wan1_conn
new-routing-mark=to_wan1 passthrough=no
add action=mark-routing chain=output connection-mark=wan2_conn
new-routing-mark=to_wan2 passthrough=no
add action=mark-routing chain=output connection-mark=wan3_conn
new-routing-mark=to_wan3 passthrough=no
add action=accept chain=prerouting in-interface=User1
add action=accept chain=prerouting in-interface=User2
add action=accept chain=prerouting in-interface=User3
add action=mark-connection chain=prerouting dst-address-type=!local
new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:3/0 src-address=172.30.30.10-172.30.30.250
add action=mark-connection chain=prerouting dst-address-type=!local
new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:3/1 src-address=172.30.30.10-172.30.30.250
add action=mark-connection chain=prerouting dst-address-type=!local
new-connection-mark=wan3_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:3/2 src-address=172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan1_conn
new-routing-mark=to_wan1 passthrough=yes src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan2_conn
new-routing-mark=to_wan2 passthrough=yes src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan3_conn
new-routing-mark=to_wan3 passthrough=yes src-address=
172.30.30.10-172.30.30.250
/ip firewall nat
add action=masquerade chain=srcnat out-interface=User1
src-address=172.30.30.10-172.30.30.250
add action=masquerade chain=srcnat out-interface=
User2 src-address=172.30.30.10-172.30.30.250
add action=masquerade chain=srcnat out-interface=
User3 src-address=172.30.30.10-172.30.30.250
add action=dst-nat chain=dstnat comment=“Port Forward For Switch” disabled=
yes dst-address=101.50.74.234 dst-port=8297 protocol=tcp to-addresses=
172.20.20.200 to-ports=80
add action=dst-nat chain=dstnat comment=“Port Forward For Switch” disabled=
yes dst-address-list=“Switch Port forward” dst-port=8297 protocol=tcp
to-addresses=172.20.20.200 to-ports=80
/ip route
add comment=“Cloud Main” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=User1 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=
User2 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=
User3 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add comment=to_wan1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
User1 routing-table=to_wan1 scope=30 suppress-hw-offload=
no target-scope=10
add comment=to_wan2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
User2 routing-table=to_wan2 scope=30
suppress-hw-offload=no target-scope=10
add comment=to_wan3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
User3 routing-table=to_wan3 scope=30
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8296
set ssh disabled=yes
set api disabled=yes
set winbox port=8295
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Karachi
/system identity
set name=“RoshanNet PPPoE Server”
/system note
set show-at-login=no

miankamran7100 · July 7, 2024, 5:58pm

/interface bridge
add admin-mac=B8:69:F4:AE:BC:FD auto-mac=no name=Bridge_WAN-1 port-cost-mode=
short
add admin-mac=14:46:58:BC:18:1E auto-mac=no name=Bridge_WAN-2 port-cost-mode=
short
add admin-mac=50:D4:F7:ED:0A:8E auto-mac=no name=Bridge_WAN-3 port-cost-mode=
short
add disabled=yes name=Bridge_WAN-4 port-cost-mode=short
add disabled=yes name=Bridge_WAN-5 port-cost-mode=short
add name=Bridge_ether2 port-cost-mode=short
/interface ethernet
set [ find default-name=ether2 ] name=ether2_WAN
set [ find default-name=ether3 ] name=ether3_Loop
set [ find default-name=ether4 ] name=ether4_Loop
set [ find default-name=ether8 ] name=ether8_LAN
/interface pppoe-client
add disabled=no interface=Bridge_WAN-1 name=User1 user=asad
add disabled=no interface=Bridge_WAN-2 name=User2
user=mubasharahmad01
add disabled=no interface=Bridge_WAN-3 name=User3
user=mubasharahmad02
add interface=Bridge_WAN-4 name=4_pppoe-out1
add interface=Bridge_WAN-5 name=5_pppoe-out1
/interface vlan
add interface=ether3_Loop name=vlan1011_ether3 vlan-id=1011
add interface=ether4_Loop name=vlan1011_ether4 vlan-id=1011
add interface=ether3_Loop name=vlan1012_ether3 vlan-id=1012
add interface=ether4_Loop name=vlan1012_ether4 vlan-id=1012
add interface=ether3_Loop name=vlan1013_ether3 vlan-id=1013
add interface=ether4_Loop name=vlan1013_ether4 vlan-id=1013
add disabled=yes interface=ether3_Loop name=vlan1014_ether3 vlan-id=1014
add disabled=yes interface=ether4_Loop name=vlan1014_ether4 vlan-id=1014
add disabled=yes interface=ether3_Loop name=vlan1015_ether3 vlan-id=1015
add disabled=yes interface=ether4_Loop name=vlan1015_ether4 vlan-id=1015
/interface list
add include=none name=“WAN Interface”
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/routing table
add disabled=no fib name=to_wan1
add disabled=no fib name=to_wan2
add disabled=no fib name=to_wan3
add disabled=no fib name=to_wan4
add disabled=no fib name=to_wan5
/interface bridge port
add bridge=Bridge_ether2 interface=ether2_WAN internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan1011_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan1012_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 interface=vlan1013_ether3 internal-path-cost=10
path-cost=10
add bridge=Bridge_ether2 disabled=yes interface=vlan1014_ether3
internal-path-cost=10 path-cost=10
add bridge=Bridge_ether2 disabled=yes interface=vlan1015_ether3
internal-path-cost=10 path-cost=10
add bridge=Bridge_WAN-1 interface=vlan1011_ether4 internal-path-cost=10
path-cost=10
add bridge=Bridge_WAN-2 interface=vlan1012_ether4 internal-path-cost=10
path-cost=10
add bridge=Bridge_WAN-3 interface=vlan1013_ether4 internal-path-cost=10
path-cost=10
add bridge=Bridge_WAN-4 disabled=yes interface=vlan1014_ether4
internal-path-cost=10 path-cost=10
add bridge=Bridge_WAN-5 disabled=yes interface=vlan1015_ether4
internal-path-cost=10 path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/interface l2tp-server server
set one-session-per-host=yes use-ipsec=required
/interface list member
add interface=User1 list=“WAN Interface”
add interface=User2 list=“WAN Interface”
add interface=User3 list=“WAN Interface”
add interface=4_pppoe-out1 list=“WAN Interface”
add interface=5_pppoe-out1 list=“WAN Interface”
/interface pppoe-server server
add authentication=pap disabled=no interface=ether8_LAN max-mtu=1500
one-session-per-host=yes service-name=service_one
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dns
set allow-remote-requests=yes cache-size=10000KiB servers=
8.8.8.8,1.1.1.1,8.8.4.4
/ip firewall filter
add action=accept chain=input comment=“Router Access Remotely” dst-port=
8295,8296 protocol=tcp
add action=drop chain=input comment=“Block Ping” in-interface-list=
“WAN Interface” protocol=icmp
add action=drop chain=input comment=“Block Attack” dst-port=
25,53,87,512-515,543,544,7547,8080 protocol=tcp
add action=drop chain=input comment=“Block Attack” dst-port=
53,80,87,161,162,1900,4520-4524,8080 protocol=udp
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
"Port Scanners to Address List " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-NMAP FIN Stealth scan” protocol=tcp tcp-flags=
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-FIN/SYN scan” protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-RST/SYN scan” protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-FIN/PSH/URG scan” protocol=tcp tcp-flags=
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-ALL/ALL scan” protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=“Port Scanners”
address-list-timeout=none-dynamic chain=input comment=
“TCP Flag-NMAP NULL scan” protocol=tcp tcp-flags=
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment=“Dropping Port Scanners”
src-address-list=“Port Scanners”
/ip firewall mangle
add action=mark-connection chain=input in-interface=User1
new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input in-interface=
User2 new-connection-mark=wan2_conn passthrough=
yes
add action=mark-connection chain=input in-interface=
User3 new-connection-mark=wan3_conn passthrough=
yes
add action=mark-routing chain=output connection-mark=wan1_conn
new-routing-mark=to_wan1 passthrough=no
add action=mark-routing chain=output connection-mark=wan2_conn
new-routing-mark=to_wan2 passthrough=no
add action=mark-routing chain=output connection-mark=wan3_conn
new-routing-mark=to_wan3 passthrough=no
add action=accept chain=prerouting in-interface=User1
add action=accept chain=prerouting in-interface=User2
add action=accept chain=prerouting in-interface=User3
add action=mark-connection chain=prerouting dst-address-type=!local
new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:3/0 src-address=172.30.30.10-172.30.30.250
add action=mark-connection chain=prerouting dst-address-type=!local
new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:3/1 src-address=172.30.30.10-172.30.30.250
add action=mark-connection chain=prerouting dst-address-type=!local
new-connection-mark=wan3_conn passthrough=yes per-connection-classifier=
both-addresses-and-ports:3/2 src-address=172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan1_conn
new-routing-mark=to_wan1 passthrough=yes src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan2_conn
new-routing-mark=to_wan2 passthrough=yes src-address=
172.30.30.10-172.30.30.250
add action=mark-routing chain=prerouting connection-mark=wan3_conn
new-routing-mark=to_wan3 passthrough=yes src-address=
172.30.30.10-172.30.30.250
/ip firewall nat
add action=masquerade chain=srcnat out-interface=User1
src-address=172.30.30.10-172.30.30.250
add action=masquerade chain=srcnat out-interface=
User2 src-address=172.30.30.10-172.30.30.250
add action=masquerade chain=srcnat out-interface=
User3 src-address=172.30.30.10-172.30.30.250
add action=dst-nat chain=dstnat comment=“Port Forward For Switch” disabled=
yes dst-address=101.50.74.234 dst-port=8297 protocol=tcp to-addresses=
172.20.20.200 to-ports=80
add action=dst-nat chain=dstnat comment=“Port Forward For Switch” disabled=
yes dst-address-list=“Switch Port forward” dst-port=8297 protocol=tcp
to-addresses=172.20.20.200 to-ports=80
/ip route
add comment=“Cloud Main” disabled=no distance=1 dst-address=0.0.0.0/0
gateway=User1 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=
User2 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=
User3 routing-table=main scope=30
suppress-hw-offload=no target-scope=10
add comment=to_wan1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
User1 routing-table=to_wan1 scope=30 suppress-hw-offload=
no target-scope=10
add comment=to_wan2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
User2 routing-table=to_wan2 scope=30
suppress-hw-offload=no target-scope=10
add comment=to_wan3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=
User3 routing-table=to_wan3 scope=30
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8296
set ssh disabled=yes
set api disabled=yes
set winbox port=8295
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Karachi
/system identity
set name=“RoshanNet PPPoE Server”
/system note
set show-at-login=no

anav · July 7, 2024, 6:55pm

To recap you use SIX bridges, 5, for 5 diffferent pppoe WANS and 1 for ethernet 2.
add name=Bridge_ether2 port-cost-mode=short

Thats why I find this line so confusing.
/interface ethernet
set [ find default-name=ether2 ] name=ether2_WAN

Then you have 3 vlans, identified and each one is identified twice with the same ID number, me thinks this is wrong.
Then you assign vlans to a bridge but the vlan interfaces when defined belong to etherports

In other words this config is so hosed its not worth looking at.

A. Do you need brigdes for WAN connections, if so WHY?
B. Suggestion for LAN side, use one bridge and all vlans and assign vlans to bridge when defining them.
Use bridge ports to assign vlans to appropriate ports.
C. Suggest a detailed diagram to help make sense of the scenario.

miankamran7100 · July 8, 2024, 8:29am

I have plunged wire from ISP in ether2 and ether3 & ether4 connected with one wire. (mean make a loop) and I want to dial multiple pppoe connections from 1 ISP. If I want to daily 5 ppoe connection I need 5 physical ports. So in this way, I can dial 100 pppoe connection from 1 ISP in MIkrotik.
but in this ROS firmware, it shows a loop warning in logs. But before this ROS V 6.45.9 was working perfectly. I have just changed the router and installed RB5009UG

miankamran7100 · July 12, 2024, 5:52am

To recap you use SIX bridges, 5, for 5 diffferent pppoe WANS and 1 for ethernet 2.
add name=Bridge_ether2 port-cost-mode=short

Thats why I find this line so confusing.
/interface ethernet
set [ find default-name=ether2 ] name=ether2_WAN

Then you have 3 vlans, identified and each one is identified twice with the same ID number, me thinks this is wrong.
Then you assign vlans to a bridge but the vlan interfaces when defined belong to etherports

In other words, this config is so hosed its not worth looking at.

A. Do you need bridges for WAN connections, if so WHY?
B. Suggestion for LAN side, use one bridge and all vlans and assign vlans to bridge when defining them.
Use bridge ports to assign vlans to appropriate ports.
C. Suggest a detailed diagram to help make sense of the scenario.

I have plunged wire from ISP in ether2 and ether3 & ether4 connected with one wire. (mean make a loop) and I want to dial multiple pppoe connections from 1 ISP. If I want to daily 5 ppoe connection I need 5 physical ports. So in this way, I can dial 100 pppoe connection from 1 ISP in MIkrotik.
but in this ROS firmware, it shows a loop warning in logs. But before this ROS V 6.45.9 was working perfectly. I have just changed the router and installed RB5009UG

no response?