I have a question and I’m a bit of a newbie, I’m setting up in my home network the CCR2004-16G-2S+ which I can see in my WinBox 4 application, I created two bridges one for my WAN which is attached to my router via SPF1 port and then my LAN Bridge which is attached to all the rest of my Ethernets ports and my SPF2. When I log out of WinBox, and rescan for devices I can’t see the CSR328-24P-4S+. I can only see it when I add the SPF1 on my router to the LAN bridge, which feels wrong to me. I’m hoping someone can give me some understanding as to why this is happening. Any help would be appreciated, if you need more information then let me know and I’ll be happy to provide that information.
There should be no need to use a bridge on the router for the WAN connection on a single port.
Also assuming your using vlans did you read this guide… ------> http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
Post your confiig for both devices.
/export file=anynameyouwish ( minus device serial number, any public WANIP information, keys etc. )
Hello @Anav,
I haven’t read that guide but I will take a look at it. While I’m not using VLAN’s at the moment, if you believe that will solve this issue, then I’d be really glad to do that. I’ve deleted the WAN Bridge and I still get the same thing - once I remove the SFP+ 1 port from the LAN Bridge, the connectivity to the CSR328 (which is connected from the CCR2004 in the SPF+ 2 port to the CSR328 in it’s SPF+ 1 port) it disappears from the Neighbors in WinBox 4.0
Here is the exported information from the CCR2004-16G-2S+:
# 2024-11-05 17:11:58 by RouterOS 7.16
#
# model = CCR2004-16G-2S+
/interface bridge
add name="LAN Bridge"
/interface ethernet
set [ find default-name=ether1 ] name="ether1 - LAN"
set [ find default-name=ether2 ] name="ether2 - LAN"
set [ find default-name=ether3 ] name="ether3 - LAN"
set [ find default-name=ether4 ] name="ether4 - LAN"
set [ find default-name=ether5 ] name="ether5 - LAN"
set [ find default-name=ether6 ] name="ether6 - LAN"
set [ find default-name=ether7 ] name="ether7 - LAN"
set [ find default-name=ether8 ] name="ether8 - LAN"
set [ find default-name=ether9 ] name="ether9 - LAN"
set [ find default-name=ether10 ] name="ether10 - LAN"
set [ find default-name=ether11 ] name="ether11 - LAN"
set [ find default-name=ether12 ] name="ether12 - LAN"
set [ find default-name=ether13 ] name="ether13 - LAN"
set [ find default-name=ether14 ] name="ether14 - LAN"
set [ find default-name=ether15 ] name="ether15 - LAN"
set [ find default-name=ether16 ] name="ether16 - LAN"
set [ find default-name=sfp-sfpplus1 ] name="sfp-sfpplus1 - WAN"
set [ find default-name=sfp-sfpplus2 ] name="sfp-sfpplus2 - LAN"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name="DHCP Pool" ranges=192.168.10.50-192.168.10.240
/port
set 0 name=serial0
/interface bridge port
add bridge="LAN Bridge" interface="ether1 - LAN"
add bridge="LAN Bridge" interface="ether2 - LAN"
add bridge="LAN Bridge" interface="ether3 - LAN"
add bridge="LAN Bridge" interface="ether4 - LAN"
add bridge="LAN Bridge" interface="ether5 - LAN"
add bridge="LAN Bridge" interface="ether6 - LAN"
add bridge="LAN Bridge" interface="ether7 - LAN"
add bridge="LAN Bridge" interface="ether8 - LAN"
add bridge="LAN Bridge" interface="ether9 - LAN"
add bridge="LAN Bridge" interface="ether10 - LAN"
add bridge="LAN Bridge" interface="ether11 - LAN"
add bridge="LAN Bridge" interface="ether13 - LAN"
add bridge="LAN Bridge" interface="ether14 - LAN"
add bridge="LAN Bridge" interface="ether12 - LAN"
add bridge="LAN Bridge" interface="ether15 - LAN"
add bridge="LAN Bridge" interface="ether16 - LAN"
add bridge="LAN Bridge" interface="sfp-sfpplus2 - LAN"
add bridge="LAN Bridge" interface="sfp-sfpplus1 - WAN"
/ip address
add address=192.168.10.1/24 interface="LAN Bridge" network=\
192.168.10.0
add address=192.168.1.223/24 comment="From Router" interface=\
"sfp-sfpplus1 - WAN" network=192.168.1.0
/ip dhcp-server
add address-pool="DHCP Pool" interface=\
"LAN Bridge" lease-time=1d name="LAN DHCP"
/ip dhcp-server network
add address=192.168.10.0/24 dns-server=1.1.1.2,1.0.0.2 gateway=192.168.10.1
/ip dns
set servers=1.1.1.3,1.0.0.3
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add comment="Route to Modem" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=192.168.1.254 routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
/system clock
set time-zone-name=America/Vancouver
/system identity
set name="Mikrotik"
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
/system routerboard settings
set enter-setup-on=delete-key
Here is the exported information from the CSR328-24P-4S+:
# 1970-01-02 00:01:32 by RouterOS 7.16
#
# model = CRS328-24P-4S+
/port
set 0 name=serial0
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
If you are not using vlans why do you need a ccr2004 and a csr328 ??? Its like buying a ferrari, to simply drive your kids to school in a 15mph zone.
I’m just trying to understand Networking better so I wanted to set this up for fun, and to be honest I had the budget to spend on this. Really I want to build a very through network and I best understand through doing. I read the article on VLAN’s and it seems to make sense. Although, I still don’t really understand why I need to add my sfp-sfpplus1 port to my bridge in order for my CRS328 to show up in my neighbors, as it’s not connected to the sfp-sfpplus1 on my CCR.
First, a suggestion: winbox4 is still a beta software and has quite a few teething problems … so try using winbox3 and see if it works better for you.
Next: CCR config has quite a few problems, but a few are pretty grave:
- try to set MAC address to “LAN Bridge” manually. Principle is to take MAC address of one of bridge ports (ether1 seems fine) and change second numeral (there are 12 numerals: XY:XX:XX:XX:XX:XX) to one of: 2 6 A E
By default bridge uses MAC address of first port, so it can change (e.g. if port is removed from bridge or if aster reboot order of adding ports changes). And if MAC address of a network devices, traffic gets disturbed (i.e. stops) for quite a long time (up to a minute or two). - change NAT address so that it actually affects only traffic towards WAN, e.g.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=“sfp-sfpplus1 - WAN”
A (slightly) related remark: when using winbox to connect to router, it’s possible to use router’s IP address or MAC address (on the list of detected ROS devices, click on MAC address). The later can help if IP setup gets somehow broken.
I’m not saying that this would help in your particular case though.
To add to mkx.
On each device, take an unused port. Remove if from the bridge ( aka not on /interface bridge ports ). Add an address and ensure its on your TRUSTED or LAN interface list as a member
/interface ethernet
set [ find default-name=ether5 ] name=OffBridge5
/ip address
add address=192.168.55.1/30 interface=OffBridge5 network=192.168.55.0
/interface list members
add interface=OffBridge5 list=LAN ( or TRUSTED or MGMG )
Then plug in pc/laptop to ether5, change pc IPV4 settings to an ip address 0f 192.168.55.2 and you should be able to access the router and do all the configuration SAFELY!!!