Hi everyone, I’m having issues with connecting to the internet. I can connect using another router but can’t with my MikroTik so something must be off in the configuration. Sorry if the issue is evident but I’ve no networking knowledge.
Here is what happens when I ping google:
[admin@MikroTik] > ping google.com
invalid value for argument address:
invalid value of mac-address, mac address required
invalid value for argument ipv6-address
while resolving ip-address: could not get answer from dns server
And this is my configuration:
# software id = BNZ3-95YC
#
# model = RB952Ui-5ac2nD
# serial number = C5600BF6996F
/interface bridge
add admin-mac=C4:AD:34:A2:65:5E auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n channel-width=20/40mhz-XX country=italy disabled=no distance=indoors frequency=auto frequency-mode=regulatory-domain installation=\
indoor mode=ap-bridge ssid=MikroTik-A26563 wireless-protocol=802.11
set [ find default-name=wlan2 ] antenna-gain=2 band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=italy disabled=no distance=indoors frequency=auto frequency-mode=regulatory-domain \
installation=indoor mode=ap-bridge ssid=MikroTik-A26562 wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
your router has assigned IP address 192.168.88.1 on interface Ether2 (this is where you should connect your wired internal network) and at the same time, your DNS configuration shows the same 192.168.88.1 IP address as DNS server. Nothing else.
What happens is your router asks your router “hey, what is the IP address of www.google.com”. Because your router doesn’t know what is the address, you see the result. Try to do this :
/ip dns set servers=8.8.8.8,8.8.4.4
this will set primary DNS server to 8.8.8.8 and secondary to 8.8.4.4, those are public DNS servers provided by google. At that moment, you should be able to resolve names on internet from your router if you are connected to internet via Ether1 interface (that seems to have the configuration) and if your Mikrotik router properly received DHCP configuration as client.
we need to verify if your router is correctly configured by DHCP. Note : Mikrotik software is very powerful, but at the same time it simply requires some learning curve and skills. In our life, nothing “too complicated and feature rich” can be “too simple”.
Your external connection should go to ether1 port because that is where DHCP client is hooked to ; your internal network (if you will be using Ethernet cables to connect notebook for example) should go to ether2. I see all Ethernet ports bridged together into single logical bridge together with both wireless interfaces, but the address 192.168.88.1 is assigned to Ethernet2 only. Correct way to configure it so that you would be able to connect any device to any Ethernet port would be
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0 [in current configuration, you have ether2 there instead of the bridge]
I see nothing wrong with the subnet setup, nothing wrong with using .88!
What I Do see.
(1) The interface should be the bridge.
/ip address
add address=192.168.88.1/24 comment=defconf interface**=ether2** network=192.168.88.0 TO
/ip address
add address=192.168.88.1/24 comment=defconf interface**=bridge** network=192.168.88.0
(2) Add dns server to your network config here.
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 dns-server=192.168.88.1
(3) As noted in the above post by mp3turbo, in the winbox selection add servers 9.9.9.9, 1.1.1.1, 8.8.8.8
Do this by going into [menu b]IP DNS [/b]and entering them at the top of the page. See pic.
…
That configuration is fairly correct (can be improved a little (IP address on bridge, no “auto” freq on wifi) , but that is not the problem here)
Problem cannot be seen from the configuration. It’s in the operation status. It seems that you just have no connection on ether1.
Ether1 is your path to the internet. The state of the interface should be “R” running. In the status you should see the negotiated interface rate.
The DHCP client should have received an IP address for ether1, status “bound”. That DHCP entry should have set your DNS server and Gateway (ip route), this information is coming from the ISP.
Is your other router using a username/password login to PPPoE ???
If you don’t see this interface status or DHCP Client information , then your cabled connection is not working (plugged in? good cable? …).
Or your ISP is limiting your line to 1 device only (doing DHCP for only one MAC address for several hours.)
I’ve managed to solve the problem by changing the local network IP address to 192.168.2.1 and the DHCP server range to 192.168.2.10-192.168.2.254.
I’ve also added the DNS server as 192.168.88.1.
I’ve left everything else unchanged. Here is the current configuration:
[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.2.1/24 192.168.2.0 ether2
1 192.168.88.196/24 192.168.88.0 ether1
[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.88.1 1
1 ADC 192.168.2.0/24 192.168.2.1 bridge 0
2 ADC 192.168.88.0/24 192.168.88.196 ether1 0
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none
From my understanding the problem was that the local network had the same IP address as the gateway while instead I needed to separate the two networks?
All works now but if something doesn’t make sense I’m happy to know to learn and avoid other issues in the future.
Yes, correct. Well done.
Having the same IP address on both sides (LAN and WAN) will block any communication with the WAN (ether1) link.
192.168.88.0/24 is typical for Mikrotik. I didn’t expect to have that IP range on the ISP (WAN) side.
“hey, what is the IP address of 