PLEASE HELP - no luck getting it to work / CCR1009-7G-1C-1S+

martin4030 · August 5, 2019, 6:00pm

Hi everyone,

I been trying all day to get my new router to work, model: (CCR1009-7G-1C-1S+) i been trying quickset, i been following guides, looking at the manual, looking at youtube.

I can’t even get the router to ping the outside, on it’s own. I even looked at my old config, using a CRS as router and that one had no issues, looked at its backup file.
I’m new to Mikrotik routers, so hope someone has the golden key, as i’m blind and cant find the error.

The unit is setup, to get DHCP on its WAN port Ether1. / Ether2 goes to the LAN switch.

I have set up DNS/NAT/Default Route/NAT/DHCP server etc - but it never got to a point where to router can ping the outside world from its terminal. (It is getting a WAN ip from my ISP) and i have not setup any VLAN on the WAN side, i have not done this with my Unifi Router that i changed from.

[martin@MikroTik] > export compact hide-sensitive
# jan/02/1970 00:48:03 by RouterOS 6.45.3
# software id = XXXXXXXX
#
# model = CCR1009-7G-1C-1S+
# serial number = XXXXXXXX
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.50-192.168.1.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2 name=dhcp1
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
add address=87.104.X.X/25 interface=ether1 network=87.104.X.X
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24
/ip dns
set servers=1.1.1.1,1.0.0.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=ether1
[martin@MikroTik] >

Sob · August 5, 2019, 6:08pm

You need (the exact address is what ISP gave you):

/ip route
add distance=1 gateway=87.104.X.???

martin4030 · August 5, 2019, 6:12pm

Hi Sob,

It’s just me hiding my WAN IP

So i need to put this in

/ip route
add distance=1 gateway=WAN IP

Is it not possible to make it dynamic as my IP could change, as its dynamic ? i will still try it.

Sob · August 5, 2019, 6:29pm

No, there are two distinct things, one is your WAN address and the other is ISP’s gateway address. But if you say it’s dynamic, you’re wrong from the start, because in addition to wrong gateway, you now have static address assigned to ether1. Maybe you need to add DHCP client on ether1?

flynno · August 5, 2019, 6:33pm

Add a dhcp client on ether1 in IP >DHCP Client

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

/ip dns
set servers=8.8.8.8,8.8.4.4

martin4030 · August 5, 2019, 6:39pm

DHCP is set on Ether1

[admin@MikroTik] > export compact hide-sensitive
# jan/02/1970 00:19:22 by RouterOS 6.45.3
# software id = WVIR-4QDS
#
# model = CCR1009-7G-1C-1S+
# serial number = 914F0A6D66B4
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=no use-peer-ntp=no
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip route
add distance=1 gateway=ether1

Still can’t ping or make the router update packages or check.

[admin@MikroTik] > ping 8.8.8.8
  SEQ HOST                                     SIZE TTL TIME  STATUS                                                                                                                                                                 
    0 8.8.8.8                                                 timeout                                                                                                                                                                
    1 8.8.8.8                                                 timeout                                                                                                                                                                
    2 8.8.8.8                                                 timeout                                                                                                                                                                
    3 8.8.8.8                                                 timeout

Sob · August 5, 2019, 6:46pm

Also remove the wrong route:

/ip route
add distance=1 gateway=ether1

A correct one (dynamic) should be added by DHCP client.

flynno · August 5, 2019, 6:47pm

In DHCP Client have you set ‘Add Default Route:’ to yes along with use peer dns

martin4030 · August 5, 2019, 6:56pm

I change to your recommandations, and i did now also add under DHCP to use ‘Add Default Route:’ to yes along with use peer dns.

Still no internet.

[admin@MikroTik] > export compact hide-sensitive
# jan/02/1970 00:33:54 by RouterOS 6.45.3
# software id = WVIR-4QDS
#
# model = CCR1009-7G-1C-1S+
# serial number = 914F0A6D66B4
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-ntp=no
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
[admin@MikroTik] >

Sob · August 5, 2019, 7:06pm

And did DHCP client succeed?

You can run:

/ip dhcp-client print
/ip address print 
/ip route print

martin4030 · August 5, 2019, 7:18pm

Thanks for helping out everyone: XX is just me hiding

/ip dhcp-client print

[admin@MikroTik] > /ip dhcp-client print
Flags: X - disabled, I - invalid, D - dynamic 
 #   INTERFACE                                                                                                                                               USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS        ADDRESS           
 0   ether1                                                                                                                                                  yes          yes               bound         87.104.8.1XX/25

/ip address print 

[admin@MikroTik] > /ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.1.1/24     192.168.1.0     ether2
 1 D 87.104.8.X    87.104.8.1XX    ether1

/ip route print

[admin@MikroTik] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          87.104.8.1XX              1
 1 ADC  87.104.8.1XX/25    87.104.8.1XX    ether1                    0
 2 ADC  192.168.1.0/24     192.168.1.1     ether2                    0
[admin@MikroTik] >

Sob · August 5, 2019, 9:24pm

You don’t seem to be very good at hiding addresses.

What I see should be working config. But if you didn’t leave out some parts (firewall for example), I should be able to ping your address, but it doesn’t work.

If you try to ping gateway, does it work? Or traceroute to some numeric address in internet (e.g. 8.8.8., does it get anywhere? Both from router.

sebastia · August 5, 2019, 9:29pm

lol

martin4030 · August 6, 2019, 7:39am

I been in contact with my ISP to be safe, and everything is fine in there ned. They could see the router taking a WAN ip etc.

I dont know what to do, so i did reset it all - setup using quick conf and as a (try) i have now change my MAC adresse on the WAN interface. I now need to wait another hour for my ISP to give the new mac a WAN ip.

I also upgraded software + routerbord firmware to testing release.

Anyone else owner a 1009-7g-1c-1s+ that could share a working config/backup?

martin4030 · August 6, 2019, 10:58am

Here is my config backup!

I have not internet still, and router cant still not ping internet from it self.

Could it be the routerbord firmware? Mine says 6.45.3 but on download page it says tilegx_3.41.fwf or is that someting else.

Just thinking of what it can be as i think Routerbord follows Router OS version numbers.

# jan/02/1970 00:23:14 by RouterOS 6.45.3
# software id = WVIR-4QDS
#
# model = CCR1009-7G-1C-1S+
# serial number = 914F0A6D66B4
/interface ethernet
set [ find default-name=combo1 ] comment="ADMIN LAN"
set [ find default-name=ether1 ] comment="WAN from ISP"
set [ find default-name=ether2 ] comment="DHCP LAN"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.1.100-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether2 name=dhcp1
/ip address
add address=192.168.88.1/24 comment="Admin LAN" interface=combo1 network=\
    192.168.88.0
add address=192.168.1.1/24 comment="DHCP LAN" interface=ether2 network=\
    192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

xvo · August 6, 2019, 11:21am

Look at:

/system routerboard print

Current-firmware has to be the same as RouterOS version.
If it’s not - upgrade it, and reboot.

/system routerboard upgrade

The config looks like it should work ok.

martin4030 · August 6, 2019, 11:50am

Hi, looks like that is okay.

[admin@MikroTik] > /system routerboard print
routerboard: yes
model: CCR1009-7G-1C-1S+
serial-number: 914F0A6D66B4
firmware-type: tilegx
factory-firmware: 6.42.12
current-firmware: 6.45.3
upgrade-firmware: 6.45.3
[admin@MikroTik] >

Sob · August 6, 2019, 12:43pm

Once more:

martin4030 · August 6, 2019, 1:44pm

I tryid yesterday to ping - NO responce. Doing Traceroute - It never left the router. I will look more at it when i return home.

martin4030 · August 6, 2019, 2:41pm

Hi all,

thanks for your time.

after testing and testing, i contacted my ISP again and told them somethings very wrong, even that i get a wan ip there must be a error.

he said, it does not look wrong but as a safety they restarted the fiberbox that im hooked up to in the road, and also restarted my fiber bridge.

Boom / 500 - 500 with the config we all made doing this little test

It all pointed at the ISP after testing a Unifi Router that had the same issue.

Thanks a million everyone.

Now comes the funny part, tuning my new mikrotik routers firewall and performance.

First speedtest, shows 486,68 down and 463,25 up - my line is a Fiber 500/500

Any recommandations on firewall rules anyone ? I could use some good help here also.