No internet wifi / Unidentified network ethernet

JackFat · December 22, 2021, 11:18pm

Router MikroTik hAP ac3 (RBD53IG-5HACD2HND) - all in one

I don’t have access to the internet I believe that I’m missing something obvious because I have ‘No network’ in all wifi (connected but can’t visit websites) and also the internet is not working by ethernet (3 - ‘Unidentified network’).

The main idea of this config is to have few networks with some rules:

BLUE should see devices from GREEN, RED, but shouldn’t see devices from BLACK
GREEN should see devices from RED, but shouldn’t see devices from BLUE, BLACK
RED shouldn’t have access to outside world and shouldn’t see devices from BLUE, GREEN, BLACK
BLACK shouldn’t see devices from BLUE, GREEN, RED and shouldn’t see other devices in BLACK

I will tune up firewall rules in the future, but first I would like to fix the internet connection.
Could someone take a look at my config and help me to make it work?
JK.rsc (6.49 KB)

Sob · December 23, 2021, 12:30am

You believe correctly, you’re missing something obvious, whole “/interface bridge vlan” config. You’ll have some dynamic entries there, but you need to configure tagged ports, mainly you need interface “bridge” as tagged member of each vlan which has interface in “/interface vlan”.

anav · December 23, 2021, 1:22am

Hmm, so the access ports interface bridge vlan untagged settings are not created dynamically??

I suppose if they are then all that is required is something like,

/interface bridge vlan
add bridge=bridge tagged=bridge vlan-ids=10
add bridge=bridge tagged=bridge vlan-ids=20
add bridge=bridge tagged=bridge vlan-ids=30
add bridge=bridge tagged=bridge vlan-ids=40

or The manual equivalent… (which shows the mapping to bridge ports, even when not dynamically created)

/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether2,ether4-emerg,ether5-access,wlan1 vlan-ids=10
add bridge=bridge tagged=bridge untagged=wlan4 vlan-ids=20
add bridge=bridge tagged=bridge untagged=wlan5 vlan-ids=30
add bridge=bridge tagged=bridge untagged=wlan6 vlan-ids=40

ALSO I see that if you had added ether3 as an interface list member of LAN, you should have internet through that as it has no relationship to the bridge settings.

anav · December 23, 2021, 8:48pm

Im surprized this one got by Sob…

/ip dhcp-server network
add address=10.0.10.0/24 dns-server=192.168.0.1 gateway=10.0.10.1
add address=10.0.20.0/24 dns-server=192.168.0.1 gateway=10.0.20.1
add address=10.0.30.0/24 dns-server=192.168.0.1 gateway=10.0.30.1
add address=10.0.40.0/24 dns-server=192.168.0.1 gateway=10.0.40.1

Perhaps this is getting in the way of getting DNS results and thus no internet seeing as that subnet/gateway doesnt exist on the router anywhere…

Sob · December 23, 2021, 9:08pm

While I do agree that it looks suspicious, it’s not necessarily wrong, there could be upstream network where this DNS server exists.

JackFat · December 23, 2021, 9:27pm

Thanks a lot anav again, you are the best!

anav · December 24, 2021, 12:49am

I am tolerated by the best LOL

rextended · May 23, 2022, 7:21pm

What make this topic so attractive to spam bots???

I lock this topic, if for some reason someone want open it again, simply report this post and ask to reopen it.
Thanks to all.