MiniPC with Proxmox and Mikrotik

Good day everyone.
I have Chatreey NAS (N150, 2x Intel Corporation controller i226-v (rev 04)). After a fresh installation of Proxmox 8.4 I cannot access network by plugging in an ethernet cable. I plug in the cable to Mikrotik AX3. I tried 2 different cables, both work with a different device. Once plugged in, ethernet ports on Mikrotik and NAS blink for a few seconds then stop.
I cannot ping NAS from Mikrotik but I can ping NAS from another PC in my network. I cannot ssh or telnet to NAS and I cannot access web UI of Proxmox.

Info from Mikrotik:

[root@MikroTik] > log print
2025-04-20 11:05:31 interface,info ether5 link up (speed 10M, full duplex)
2025-04-20 11:05:31 interface,info ether5 detect LAN
2025-04-20 11:05:34 interface,info ether5 link down
2025-04-20 11:05:36 interface,info ether5 link up (speed 1G, full duplex)
2025-04-20 11:05:36 interface,info ether5 detect LAN
2025-04-20 11:05:44 interface,info ether5 link down

[root@MikroTik] > /export hide-sensitive terse                                                                                                                                                    
# 2025-04-21 08:28:06 by RouterOS 7.18.2                                         
# model = C53UiG+5HPaxD2HPaxD
/interface bridge add name=bridge-localnet
/interface ethernet set [ find default-name=ether5 ] l2mtu=1598 mac-address=48:8F:5A:8F:1D:49 name=WAN
/interface ethernet set [ find default-name=ether4 ] l2mtu=1598 mac-address=48:8F:5A:8F:1D:4A name=ether2
/interface ethernet set [ find default-name=ether3 ] l2mtu=1598 mac-address=48:8F:5A:8F:1D:4B
/interface ethernet set [ find default-name=ether2 ] l2mtu=1598 mac-address=48:8F:5A:8F:1D:4C name=ether4
/interface ethernet set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full l2mtu=1598 mac-address=48:8F:5A:8F:1D:4D name=ether5
/interface wifi set [ find default-name=wifi2 ] channel.band=2ghz-ax .frequency=2472 .skip-dfs-channels=disabled .width=20/40mhz-eC configuration.chains=0,1 .country=<xxx> .mode=ap .multicast-enhance=disabled .ssid=Sheidu .tx-chains=0,1 disabled=no name=WiFi-2.4-localnet security.authentication-types=wpa2-psk .disable-pmkid=yes .wps=disable
/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5150-5350,5650-5825 .skip-dfs-channels=all .width=20/40/80mhz configuration.chains=0,1 .country=<xxx>.mode=ap .multicast-enhance=disabled .ssid=Sheidu_5 .tx-chains=0,1 disabled=no mtu=1500 name=WiFi-5-localnet security.authentication-types=wpa2-psk,wpa3-psk .disable-pmkid=yes .encryption="" .group-key-update=30m .wps=disable
/interface pppoe-client add add-default-route=yes disabled=no interface=WAN name=Rostelekom user=<xxxx>
/interface ethernet switch port set 0 default-vlan-id=auto
/interface ethernet switch port set 1 default-vlan-id=auto
/interface ethernet switch port set 2 default-vlan-id=auto
/interface ethernet switch port set 3 default-vlan-id=auto
/interface ethernet switch port set 4 default-vlan-id=auto
/interface ethernet switch port set 5 default-vlan-id=auto
/interface list add name=list-discovery
/interface list add name=LAN
/ip pool add name=dhcp_pool0 ranges=10.20.30.200-10.20.30.253
/ip dhcp-server add address-pool=dhcp_pool0 interface=bridge-localnet lease-time=1d name=dhcp-localnet
/ip smb set enabled=no
/interface bridge port add bridge=bridge-localnet interface=WiFi-2.4-localnet
/interface bridge port add bridge=bridge-localnet interface=WiFi-5-localnet
/interface bridge port add bridge=*E interface=*D
/interface bridge port add bridge=bridge-localnet hw=no interface=ether2
/interface bridge port add bridge=bridge-localnet hw=no interface=ether3
/interface bridge port add bridge=bridge-localnet hw=no interface=ether4
/interface bridge port add bridge=bridge-localnet hw=no interface=ether5
/interface detect-internet set detect-interface-list=all
/interface list member add interface=bridge-localnet list=list-discovery
/interface ovpn-server server add mac-address=FE:55:3D:3A:1B:F5 name=ovpn-server1
/ip address add address=10.20.30.254/24 interface=bridge-localnet network=10.20.30.0
/ip arp add address=10.20.30.201 interface=bridge-localnet mac-address=C8:FF:BF:04:E2:22
/ip dhcp-client add interface=WAN use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease add address=10.20.30.201 mac-address=C8:FF:BF:04:E2:22 server=dhcp-localnet
/ip dhcp-server network add address=10.20.30.0/24 dns-server=10.20.30.254 gateway=10.20.30.254 ntp-server=10.20.30.254
/ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 use-doh-server=https://dns.google/dns-query verify-doh-cert=yes
/ip firewall address-list add address=10.20.30.0/24 comment="Main LAN" list=LOCAL_SUBNETS
/ip firewall address-list add address=127.0.0.0/8 comment=Loopback list=LOCAL_SUBNETS
/ip firewall filter add action=accept chain=output comment="allow ICMP to MiniPC" dst-address=10.20.30.201 protocol=icmp
/ip firewall filter add action=accept chain=input comment="accept establish & related" connection-state=established,related
/ip firewall filter add action=drop chain=input comment="drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="allow ICMP to MiniPC" in-interface=bridge-localnet protocol=icmp src-address=10.20.30.0/24
/ip firewall filter add action=drop chain=input comment="drop ICMP" protocol=icmp
/ip firewall filter add action=drop chain=input comment="drop all not from lan" in-interface=!bridge-localnet
/ip firewall filter add action=accept chain=forward comment="accept established,related" connection-state=established,related
/ip firewall filter add action=accept chain=forward comment="allow ICMP to MiniPC" dst-address=10.20.30.201 in-interface=bridge-localnet out-interface=bridge-localnet protocol=icmp src-address=10.20.30.0/24
/ip firewall filter add action=accept chain=forward comment="allow SSH to MiniPC" dst-address=10.20.30.201 dst-port=22 in-interface=bridge-localnet out-interface=bridge-localnet protocol=tcp src-address=10.20.30.0/24
/ip firewall filter add action=accept chain=forward comment="allow access to Proxmox on MiniPC" dst-address=10.20.30.201 dst-port=8006 in-interface=bridge-localnet protocol=tcp src-address=10.20.30.0/24
/ip firewall filter add action=drop chain=forward comment="drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="drop all from WAN to LAN" connection-nat-state=!dstnat connection-state=new in-interface=Rostelekom
/ip firewall nat add action=src-nat chain=srcnat out-interface=Rostelekom src-address=10.20.30.0/24 to-addresses=<xxxxxxx>
/ip service set telnet disabled=yes
/ip service set ftp address=127.0.0.1/32,10.20.30.0/24
/ip service set www disabled=yes
/ip service set ssh address=10.20.30.0/24,127.0.0.1/32
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
/system clock set time-zone-autodetect=no time-zone-name=<xxx>
/system note set show-at-login=no
/system ntp client set enabled=yes
/system ntp server set enabled=yes manycast=yes multicast=yes
/system ntp client servers add address=time.google.com
/system ntp client servers add address=pool.ntp.org
/system resource irq rps set WAN disabled=no
/system resource irq rps set ether2 disabled=no
/system resource irq rps set ether3 disabled=no
/system resource irq rps set ether4 disabled=no
/system resource irq rps set ether5 disabled=no
/tool bandwidth-server set enabled=no
/tool mac-server set allowed-interface-list=list-discovery
/tool mac-server mac-winbox set allowed-interface-list=list-discovery
/tool mac-server ping set enabled=no

Info from Proxmox:

root@pve: ip a
lo: <loopback, up, lower_up> mtu 65536 qdisc no queue state unknown group default qlen 1000 link/loop back 00:00:00:00:00:00 brd 00:00:00:00:00:00
    Inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever
    Inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever
enp2s0: <no-Carrier, broadcast, multicast, up> mtu 1500 qdisc mq master vmbr0 state down group default qlen 1000
    Link/ether c8:ff:bf:04:e2:22 brd ff:ff:ff:ff:ff:ff
enp3s0: <broadcast, multicast> mtu 1500 qdisc noop state down group default qlen 1000
    Link/ether c8:ff:bf:04:e2:23 brd ff:ff:ff:ff:ff:ff
wlp4s0: <BROADCAST, MULTICAST> MTU 1500 QDISC NOOP state down group default qlen 1000
    Link/ether 6c:05:d3:d5:1e:cf brd ff:ff:ff:ff:ff:ff
vmbr0: <no-Carrier, broadcast, multicast, up> mtu 1500 qdisc no queue state down group default qlen 1000
    Link/ether c8:ff:bf:04:e2:22 brd ff:ff:ff:ff:ff:ff
inet 10.20.30.201/24 scope global vmbr0 valid_lft forever preferred_lft forever

root@pve: cat /etc/network/interfaces
auto lo
    iface lo inet loopback
auto enp2s0
    iface enp2s0 inet manual
auto vmbr0
    iface vmbr0 inet static
        address 10.20.30.201/24
        gateway 10.20.30.254
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0

iface wlp4s0 inet manual

source /etc/network/interfaces.d/*

root@pve: lsmod | grep igc
igc 180224 0

root@pve: lspci | grep -i ethernet
Intel Corporation controller i226-v (rev 04)

root@pve: uname - r
6.8.12-9-pve

root@pve: dmesg | grep eth
1.131845J igc 0000:02:00.0 eth0: MAC: c8:ff:bf:04:e2:22
2.207113J igc 0000:03:00.0 eth0: MAC: c8:ff:bf:04:e2:23
3.404135J igc 0000:03:00.0 enp3s0: renamed from eth1
4.424059J igc 0000:02:00.0 enp2s0: renamed from eth0

Do I need to update drivers on Proxmox or is it an issue with Mikrotik? I just need a direction to move on.

First, unless you know exactly what you use the “detect internet” feature for, I’d suggest to disable it:
/interface/detect-internet/set detect-interface-list=none
Second, as you’ve chosen the only interface that is physically capable to support 2.5 Gbps speed to connect the N150, why have you changed he default negotiation settings to prevent the interface from negotiating that speed?

That’s hard to say. If it did work before upgrading Proxmox, I’d assume the updated driver on Proxmox side has issues; if it never worked before, it is hard to say. I did see a mechanical incompatibility between a plug on an Ethernet cable and the receptacle on hAP ac lite in the past, whilst other cable worked fine in the same receptacle and the same cable worked fine with other devices. But it wasn’t this “works for 10 seconds and then stops” case, the port simply never came up with the “wrong” cable. Do both ports of the N150 behave the same? What if you test with a plain gigabit port on the hAP ax³? Do you have some USB to Ethernet adapter you could try? Also, what is the firmware version on the hAP ax³?

Thank you for you reply.

Where did you find it? In Mikrotik or Proxmox info? In Mikrotik, it is set auto-negotiation=yes for ether5 if you meant it.

I just bought the NAS and installed Proxmox.

What if you test with a plain gigabit port on the hAP ax³?

Tried different ports in Mikrotik. Same result.

Do you have some USB to Ethernet adapter you could try?

No.

Also, what is the firmware version on the hAP ax³?

7.18.2

Here:

Also, since the export shows mac addresses to be explicitly set, have you copied the configuration to the hAP ac³ from an older device by saving a backup on the old one and loading it on the hAP ax³?

That’s not helpful. Do you happen to have a dumb switch (even a 100 Mbps one) you could put between the hAP ax³ and the NAS just to check whether it is indeed an L1 issue or something even more complicated?

Here:
/interface ethernet set [ find default-name=ether1 ] name=ether5 advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full mac-address=…

I don’t know why export shows it like that but on UI all ports have the same settings (auto-negotiation=yes). Anyway, I added “2.5G base T” to ether5.

Also, since the export shows mac addresses to be explicitly set, have you copied the configuration to the hAP ac³ from an older device by saving a backup on the old one and loading it on the hAP ax³?

What do you mean by the old device? Old router (I had RB951Ui-2HnD)? I haven’t used my old router for several months and I surely didn’t use it with Proxmox. And why did you mention hAP ac³?

That’s not helpful. Do you happen to have a dumb switch (even a 100 Mbps one) you could put between the hAP ax³ and the NAS just to check whether it is indeed an L1 issue or something even more complicated?

As I just mentioned, I have RB951Ui-2HnD. Can I use it as a switch?

Unless something has changed recently, export shows only non-default settings (unless you use the verbose keyword). So if mac address=xx::xx is shown in the export, it normally indicates that the MAC address has been set manually and differs from the one assigned to the interface during manufacturing. Seeing this on a single interface usually indicates that the owner had replaced an older device by the Mikrotik and the ISP assigns a public address based on MAC address; seeing this on all interfaces typically indicates that the owner has replaced one MIkrotik by another and took the easy but wrong path to migrate the configuration, i.e. to save a backup on the old one and load it on the new one. These manually configured MAC addresses are the most visible indication, but there may be other side effect, especially if the old and new device were not the same model or even CPU architecture. And missing 2.5GbaseT option on a 2.5GbaseT port further reinforces that assumption. But all this is just previous experience, your case may be completely different.

Just fat fingers, C and X are next to each other on the keyboard.

Yes, if you bridge any of its two interfaces together and make sure there is no IP configuration attached to the bridge or any of the interfaces, that will be enough for the test.

Unless something has changed recently, export shows only non-default settings (unless you use the verbose keyword). So if mac address=xx::xx is shown in the export, it normally indicates that the MAC address has been set manually and differs from the one assigned to the interface during manufacturing. Seeing this on a single interface usually indicates that the owner had replaced an older device by the Mikrotik and the ISP assigns a public address based on MAC address; seeing this on all interfaces typically indicates that the owner has replaced one MIkrotik by another and took the easy but wrong path to migrate the configuration, i.e. to save a backup on the old one and load it on the new one. These manually configured MAC addresses are the most visible indication, but there may be other side effect, especially if the old and new device were not the same model or even CPU architecture. And missing 2.5GbaseT option on a 2.5GbaseT port further reinforces that assumption. But all this is just previous experience, your case may be completely different.

No, I didn’t migrate the config. I set MAC manually because of the connection issue. Thought it might help to identify N150. I don’t usually do that.
Regarding the 2.5GbaseT option, I was just testing different solutions and it might be taken by the export command.

Yes, if you bridge any of its two interfaces together and make sure there is no IP configuration attached to the bridge or any of the interfaces, that will be enough for the test.

Will give it a try.

Apart from that, is there anything else in Mikrotik’s config which might be an issue to my case?

I could not spot anything that would explain the negotiation to behave the way the log in the initial post shows. Since you say the other ports of the hAP ax³ behave the same, it cannot be related to PoE out on the 2.5 Gbit/s port either. And, although you haven’t confirmed that explicitly, I assume that the other port of the PC also behaves the same.

There is that funny /interface bridge port add bridge=*E interface=*D row but it has nothing to do with this behavior.

If the hAP ax³ has no problem to communicate with any other device except the PC and the PC has no problem to communicate with any other device except the hAP ax³, there is no way to determine which of the two behaves incorrect without a specialized measurement equipment.

There is that funny /interface bridge port add bridge=*E interface=*D row but it has nothing to do with this behavior.

Yeah, I wonder where this came from as well.

And, although you haven’t confirmed that explicitly, I assume that the other port of the PC also behaves the same.

I haven’t checked it yet. I don’t have a separate monitor for testing so I used an old TV to look at Proxmox console. It’s quite a pain because it doesn’t support a proper screen resolution and it cuts borders.
I ordered a separate monitor for testing and it will come in a few days so after that I will try all the options.

There used to be a bridge and some L2 tunnel interface in the configuration in the past. You have removed both but haven’t removed this row which was making the latter a member port of the former.

I can recommend those HDMI-to-USB converters that act as monitors on the HDMI side and as cameras on the USB one. So instead of carrying a monitor around, you just add a small gadget to your laptop backpack. Even VGA to HDMI converters exist (irrelevant for your case, just might become useful elsewhere).

Right now you can restrict the negotiable speeds to 10 Mbps (HD/FD) and 100 Mbps (HD/FD) in the Mikrotik configuration to limit the number of used pairs in the cable to just two (1,2 & 3,6), or you can insert the switch (made of the RB951) between them. But even if that makes it work, it won’t answer the question which end is responsible for the failure when 4-pair operation (gigabit of 2.5 gigabit) is allowed. Which brings me to a question whether those “other devices” that do work with both the hAP ax³ and the PC have gigabit interfaces?

But even without reconfiguring anything, it should be possible to connect the other port of the PC to the Mikrotik and see whether it stays up. You may also set up a serial console for the Proxmox if you have an USB to serial converter. And 2.5 Gbps USB to Ethernet converters are not that expensive (relatively, for someone who could afford the NAS PC) so it could be a way to circumvent an eventual broken hardware.

It seems it was the Proxmox config issue. The cut borders of the old TV affected it.
The line with >> was missed.

root@pve: cat /etc/network/interfaces
auto lo
    iface lo inet loopback
>> auto enp2s0
    iface enp2s0 inet manual
auto vmbr0
    iface vmbr0 inet static
        address 10.20.30.201/24
        gateway 10.20.30.254
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0

iface wlp4s0 inet manual

source /etc/network/interfaces.d/*

Now the link between Mikrotik and N150 exists.

1. Mikrotik sees N150 without setting MAC manually.

[root@MikroTik] > log print
ether5 link down
ether5 link up (speed 10M, full duplex)
ether5 detect LAN

But still, no arp response from N150 when I ping it from Mikrotik. The link is marked as failed.

If the speed wasn’t shown as “full duplex”, I would assume the negotiation has failed, but that normally means that “10M, half duplex” as a resulting status. Have you changed anything in the advertise list?

What is worse is that on the same version of Proxmox, the following is sufficient for it to work:

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.12.34.123/24
        gateway 10.12.34.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

I.e. no auto eno1 is required - auto vmbr0 and bridge-ports eno1 under iface vmbr0 are enough.

If you keep the current settings on Proxmox and connect your PC to it, you will not be affected by the TV screen limitations. So you can then configure the other Ethernet interface with its own address and subnet, and then use the RB951 to connect to both the hAP ax³ and the Proxmox machine and have SSH access to both at the same time. And you can even swap the roles of the two Ethernet interfaces in later step with a decent chance you won’t cut yourself out.

Have you changed anything in the advertise list?

No, haven’t changed anything.

If you keep the current settings on Proxmox and connect your PC to it

That is strange but when I tried to do that, I wasn’t able to connect to Proxmox. Ping from my PC to Proxmox worked but not web UI.

I.e. no auto eno1 is required - auto vmbr0 and bridge-ports eno1 under iface vmbr0 are enough.

Wasn’t naming convention for Proxmox interfaces changed? I have enp2s0 (automatically renamed from eno1) and you have eno1.

If so, it looks like an electromechanical issue to me, as the negotiation results apparently depend on weather in western Australia and the exchange rate between Ugandan Shilling and Bolívar.

And SSH? (I don’t expect you to not know that the Proxmox UI listens at port 8006 and uses https).

It hasn’t, these “stable names” or how they are called are based on the details of the hardware connection of each NIC. So since I took this example configuration from a different computer than your Chatreey N150 NAS, the interface name is different, but that doesn’t change the fact that the auto ifname for a member interface of a bridge is not necessary. It is also nothing Proxmox specific, all main Linux distributions have adopted this approach already a few years ago.

I received my separate monitor 7" today.
Having decided, I completely reinstall Proxmox with the same parameters via Terminal Console option (I also used it when I was installing Proxmox for the first time).
Happily, everything works fine now. The only difference I noticed is that Proxmox uses enp3s0 instead of enp2s0 (I used the same port as before).

мистика…