Hey Everyone,
I am a very experienced network engineer, who works primarily with Dell N-Series switches and Fortigate firewalls. The absolute only reason I bought this Microtik switch is because it will power Ubiquiti products, while most other switches do not do it easily (I am no expert on POE), I am attempting to use it as a flat, unmanaged switch. Moving forward, I recently implemented a nice setup of Ubiquiti AP’s and a Mikrotik switch to advertise my network down a mall concourse to a security and customer service desk (Picture for reference). Works absolutely amazing from a productivity standpoint (didn’t have to run fiber 
), management side of this could not be worse. Let me explain:
Problem 1: This is a remote site. I can hit the web interface and ping all of the Ubiquiti station’s from my desk. However, I cannot ping the Mikrotik switch or hit the web interface from my desk. This is usually easy, I just need to add a default gateway to the switch. I can safely hit the device with ICMP and HTTP from a physical server onsite. How do I add the default gateway?
Problem 2: I start clicking through the tabs in the web interface, the second I click the “Hosts” tab, I lose access to the switch. It is still forwarding frames and traffic because everything on both ends still works without question, however I cannot access the web interface or ping it (remotely or onsite). If I click the “Hosts” tab I lose all access to the switch for about 15 minutes, or I unplug it and plug it back in. Is this is normal? I hope not. I checked my firmware and I am on 2.0? Advice?
Problem 3: It appears there is some sort of CLI interface available but I can’t get to it, if there is one? Onsite, or remotely, I can’t SSH, Telnet, or create a WinBox session to it. Ideas?
RB260GSP is a SwitchOS device. It doesn’t run RouterOS, so no SSH neither winbox, only management interface is the web one.
From that same source:
Note: SwOS uses a simple algorithm to ensure TCP/IP communication - it just replies to the same IP and MAC address packet came from. This way there is no need for Default Gateway on the device itself.
So to be able to access it, you’ll need not only to forward a port to be able to externally connect to it via WAN->LAN, but actually masquerade (source nat) traffic going from wan router to it so that the 260GSP thinks is “talking” with the LAN side of the WAN router and not directly to an Internet IP.
If you are happy with nanostations, you will be astonished by using a RouterOS device along CAPsMAN with SXTs as CAPs and Winbox management 
For example, you could use either mac-winbox or RoMON and be able to manage even unconfigured, or devices without L3 access, and a plethora of features only available on hardware/OS costing 10 to 100 times more.
Hey, appreciate the feedback so quick! I am trying hitting it over a IPsec tunnel so there is no need for any forwarding. My policy will allow, I can hit everything else, leading me to believe it is the switch. Good tips. Any more ideas for this? It’s not a HUGE issue, I just RDP to my physical and work from there. Really just annoying..
Any ideas on the crashing on clicking “Hosts”?
You may not need any WAN → Switch port forwarding, but you’ll need to masquerade so that the RB260GSP “thinks” incoming traffic to him comes from the LAN side of your WAN router, as it isn’t possible to set a gateway.
Regarding the hosts tab hang, have you tried different browsers? your RB260GSP version is different from previous versions (your fw is 2.0)
That’s not true, no masquerade is required. It works just fine without masquerade. When it receives an incoming packet it sees IP of the original sender and MAC of your gateway, so it simply replies to the same original sender’s IP via the learned gateway MAC. This approach won’t work with asymmetric local routing and also does not allow for the locally originated connections (from the switch itself) to the outside of the local network, but should anyways cover the absolute vast majority of the situations.