Dear All,
I’m having trouble navigating from the Ether2 interface, and failover isn’t working for me either. I would greatly appreciate your help.

Greetings

model = RB951G-2HnD

serial number =

/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xx arp=proxy-arp auto-mac=no comment=defconf
name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX
disabled=no distance=indoors frequency=auto installation=indoor mode=
ap-bridge ssid=MikroTik-334A3F wireless-protocol=802.11
/interface wireguard
add listen-port=13235 mtu=1420 name=xxxxxxx
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=Emanuel list=LAN
/interface wireguard peers
add allowed-address=10.10.10.7/32 interface=Emanuel name=peer1 public-key=
“xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=”
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=
192.168.0.0
add address=10.10.10.1/24 interface=Emanuel network=10.10.10.0
add address=190.xxx.xxxx.83/24 interface=ether2 network=190.xxx.xxx.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.0.132 client-id=1:xx:cx:ax:97:7c:48 mac-address=
30:CD:xx:xx:xx:4x server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4
gateway=192.168.0.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=
“defconf: accept to local loopback (for CAPsMAN)” dst-address=127.0.0.1
add action=accept chain=input comment=“wireguard handshake” dst-port=13235
protocol=udp
add action=drop chain=input comment=“defconf: drop all not coming from LAN”
in-interface-list=!LAN
add action=accept chain=forward comment=“defconf: accept in ipsec policy”
ipsec-policy=in,ipsec
add action=accept chain=forward comment=“defconf: accept out ipsec policy”
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=“defconf: fasttrack”
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=
“defconf: accept established,related, untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=
“defconf: drop all from WAN not DSTNATed” connection-nat-state=!dstnat
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=“defconf: masquerade”
ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=190.xxx.xxx.254 routing-table=
main suppress-hw-offload=no
add check-gateway=ping comment=“RUTA FIBERTEL” disabled=no distance=10
dst-address=0.0.0.0/0 gateway=9.9.9.9 routing-table=main scope=30
suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="RUTA IPLAN " disabled=no distance=11
dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-table=main scope=30
suppress-hw-offload=no target-scope=11
add comment=“CONTROL PING FIBERTEL” disabled=no distance=1 dst-address=
9.9.9.9/32 gateway=181.xx.xx.1 routing-table=main scope=10
suppress-hw-offload=no target-scope=10
add comment=“CONTROL PING IPLAN” disabled=no distance=1 dst-address=
8.8.8.8/32 gateway=190.xxx.xxx.254 routing-table=main scope=10
suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall address-list
add address=::/128 comment=“defconf: unspecified address” list=bad_ipv6
add address=::1/128 comment=“defconf: lo” list=bad_ipv6
add address=fec0::/10 comment=“defconf: site-local” list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment=“defconf: ipv4-mapped” list=bad_ipv6
add address=::/96 comment=“defconf: ipv4 compat” list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment=“defconf: documentation” list=bad_ipv6
add address=2001:10::/28 comment=“defconf: ORCHID” list=bad_ipv6
add address=3ffe::/16 comment=“defconf: 6bone” list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=
invalid
add action=accept chain=input comment=“defconf: accept ICMPv6” protocol=
icmpv6
add action=accept chain=input comment=“defconf: accept UDP traceroute”
dst-port=33434-33534 protocol=udp
add action=accept chain=input comment=
“defconf: accept DHCPv6-Client prefix delegation.” dst-port=546 protocol=
udp src-address=fe80::/10
add action=accept chain=input comment=“defconf: accept IKE” dst-port=500,4500
protocol=udp
add action=accept chain=input comment=“defconf: accept ipsec AH” protocol=
ipsec-ah
add action=accept chain=input comment=“defconf: accept ipsec ESP” protocol=
ipsec-esp
add action=accept chain=input comment=
“defconf: accept all that matches ipsec policy” ipsec-policy=in,ipsec
add action=drop chain=input comment=
“defconf: drop everything else not coming from LAN” in-interface-list=
!LAN
add action=accept chain=forward comment=
“defconf: accept established,related,untracked” connection-state=
established,related,untracked
add action=drop chain=forward comment=“defconf: drop invalid”
connection-state=invalid
add action=drop chain=forward comment=
“defconf: drop packets with bad src ipv6” src-address-list=bad_ipv6
add action=drop chain=forward comment=
“defconf: drop packets with bad dst ipv6” dst-address-list=bad_ipv6
add action=drop chain=forward comment=“defconf: rfc4890 drop hop-limit=1”
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment=“defconf: accept ICMPv6” protocol=
icmpv6
add action=accept chain=forward comment=“defconf: accept HIP” protocol=139
add action=accept chain=forward comment=“defconf: accept IKE” dst-port=
500,4500 protocol=udp
add action=accept chain=forward comment=“defconf: accept ipsec AH” protocol=
ipsec-ah
add action=accept chain=forward comment=“defconf: accept ipsec ESP” protocol=
ipsec-esp
add action=accept chain=forward comment=
“defconf: accept all that matches ipsec policy” ipsec-policy=in,ipsec
add action=drop chain=forward comment=
“defconf: drop everything else not coming from LAN” in-interface-list=
!LAN
/system clock
set time-zone-name=America/Argentina/Buenos_Aires
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

You have a direct route on 190.xxx.xxx.254, besides the recursive one via 8.8.8.8:

/ip route
add disabled=no > dst-address=0.0.0.0/0 gateway=190.xxx.xxx.254 > routing-table=
main suppress-hw-offload=no
add check-gateway=ping comment=“RUTA FIBERTEL” disabled=no distance=10
dst-address=0.0.0.0/0 gateway=9.9.9.9 routing-table=main scope=30
suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="RUTA IPLAN " disabled=no distance=11
dst-address=0.0.0.0/0 gateway=8.8.8.8 > routing-table=main scope=30
suppress-hw-offload=no target-scope=11
add comment=“CONTROL PING FIBERTEL” disabled=no distance=1 dst-address=
9.9.9.9/32 gateway=181.xx.xx.1 routing-table=main scope=10
suppress-hw-offload=no target-scope=10
add comment=“CONTROL PING IPLAN” disabled=no distance=1 > dst-address=
8.8.8.8/32 gateway=190.xxx.xxx.254 > routing-table=main scope=10
suppress-hw-offload=no target-scope=10

That one is likely prevalent and bypasses the recursive check, but it is not clear if you are having trouble with the "RUTA IPLAN " connection always or only when the “primary” “RUTA FIBERTEL” is down.

Post the output of:

/ip route print

The problem is recurring if only Ether2 is connected I don’t have internet through that port either.

Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC, d - DHCP; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, DISTANCE

DST-ADDRESS GATEWAY DISTANCE

DAd 0.0.0.0/0 181.xxx.xxx.1 1
;;; RUTA IPLAN
0 IsH 0.0.0.0/0 8.8.8.8 11
;;; RUTA FIBERTEL
1 s 0.0.0.0/0 9.9.9.9 10
2 IsH 0.0.0.0/0 190.xxx.xxx.254 1
;;; CONTROL PING IPLAN
3 IsH 8.8.8.8/32 190.xxx.xxx.254 1
;;; CONTROL PING FIBERTEL
4 As 9.9.9.9/32 181.xxx.xxx.1 1
DAc 10.10.10.0/24 Emanuel 0
DAc 181.29.26.0/24 ether1 0
DIcH 190.210.225.0/24 ether2 0
DAc 192.168.0.0/24 bridge 0

Yes, all your routes involving 190.xxx.xxx.254 are ISH in the /ip route print you posted.
Even the Dynamic one for that network is DIcH, even if it has distance 0, being dynamic (like your other dynamic routes) it should be DAc.
It is like you had no ethernet cable connected to ether2 (or however no link on it).
Have you checked the cable/connection and that the link led is on?

At the time of backing up the configuration, turn off the IPS modem that was connected to ether 2

I am not sure to understand what you did.
You should post the output of /ip route print at the exact time and in the exact conditions when you are having the issue you are trying to troubleshoot.
If you change some of the conditions, the output may be misleading.

The same behavior observed here. Occasionally after boot, the router has some directly-connected routes and default gateway in “HW-offloaded” and “inactive” state (/ip route print shows them with flags DIcH or IsH), effectively disabling communication on such interface(s). Observed on RB911 and RB952 (both are mipsbe) with ROS 7.14.3 and 7.15.3, interface types ether, vlan and wlan. I have doubts that HW-offloaded routing is supported on these platforms at all. Seems to me like a bug. Rebooting or simply disabling and re-enabling the affected interface solves the problem.

Ondrej