Hello everyone,
I started having issues with IPv6 connectivy dropouts after updating ROS 7.20.8 to 7.21.3. I know there are a lot of news in IPv6 area, I read numerous threads and posts about it to narrow down what is going on, but I don’t know where else to seek for asistance further. My ISP is providing me DS-Lite connectivity. I know it’s horrible, but I live with it and adapt myself to it.
It’s PPPoE, prefix requested through DHCPv6 client and for IPv4 it’s IPiPv6 tunnel to ISP’s AFTR. Prefix expiration I get from ISP is 24hours. On ROS 7.20.8 I coud live with same prefix for weeks/months. It was automatically renewed with no issues. Now on ROS 7.21.3 I do get IPv6 connectivity cut-out for unknown reason. It’s twice a day around same time so it has to be realted to something, but I don’t know yet to what. Around 7:00 morning and 19:00 evening. If I manually hit Renew button in DHCPv6 client windows, nothing happens. When I hit Renew button while internet is normally working, it cuts me out immediatelly. It shoudn’t be doing it right? It should only extend expiry. When I hit Release, I got new prefix and everything start working until next cut-out. Found nothing in debug logs, I’m clueless. There are another Mikrotik devices involved in my home network topology but same configuration is rock solid on 7.20.8.
I paste you here simple sketch of my network and also configs frm my main router and switch.
RB5009 config
2026-03-03 09:28:14 by RouterOS 7.21.3
model = RB5009UPr+S+
/interface bridge
add admin-mac=48:A9:8A:62:E0:EC auto-mac=no comment=defconf name=bridge port-cost-mode=short
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1514 poe-out=off
set [ find default-name=ether2 ] l2mtu=1514
set [ find default-name=ether3 ] l2mtu=1514
set [ find default-name=ether4 ] l2mtu=1514
set [ find default-name=ether5 ] l2mtu=1514
set [ find default-name=ether6 ] l2mtu=1514 poe-out=off
set [ find default-name=ether7 ] l2mtu=1514 poe-out=off
set [ find default-name=ether8 ] comment="Management access" l2mtu=1514 poe-out=off
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no l2mtu=1514 speed=10G-baseT
/interface ipipv6
add !keepalive local-address=:: name=ipipv6-tunnel1 remote-address=aftr2.auro.orange.sk
/interface wireguard
add listen-port=26111 mtu=1420 name=wg-home
/interface vlan
add interface=sfp-sfpplus1 name=vlan-lan vlan-id=50
add interface=sfp-sfpplus1 name=vlan-mgmt vlan-id=99
add interface=sfp-sfpplus1 name=vlan-wan vlan-id=10
/interface pppoe-client
add dial-on-demand=yes disabled=no interface=vlan-wan keepalive-timeout=disabled name=pppoe-out1 user=number@orangenet.sk
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=MGMT
/interface wifi datapath
add bridge=bridge disabled=no name=datapath1
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no ft=yes ft-over-ds=yes name=sec1 wps=disable
/interface wifi configuration
add channel.band=5ghz-ax country=Slovakia datapath=datapath1 disabled=no name=5ghz security=sec1 security.ft=yes .ft-over-ds=yes ssid="Wireless Network"
add channel.band=2ghz-ax country=Slovakia datapath=datapath1 disabled=no name=2ghz security=sec1 security.ft=yes .ft-over-ds=yes ssid="Wireless Network"
/interface wifi
operated by CAP 48:A9:8A:39:3F:DE%bridge, traffic processing on CAP
add channel.band=2ghz-n .frequency=2412 .width=20mhz configuration=2ghz configuration.mode=ap .tx-power=9 disabled=no name=cap-wifi2.4_kuchyna radio-mac=48:A9:8A:39:3F:E0
operated by CAP F4:1E:57:88:4A:07%bridge, traffic processing on CAP
add channel.frequency=2437 .width=20mhz configuration=2ghz configuration.mode=ap disabled=no mtu=1500 name=cap-wifi2.4_obyv radio-mac=F4:1E:57:88:4A:0A
operated by CAP 78:9A:18:4E:59:FB%bridge, traffic processing on CAP
add channel.frequency=2412 .width=20mhz configuration=2ghz configuration.mode=ap .tx-power=10 disabled=no name=cap-wifi2.4_poschodie radio-mac=78:9A:18:4E:59:FE
operated by CAP F4:1E:57:EC:E7:EF%bridge, traffic processing on CAP
add channel.frequency=2462 .width=20mhz configuration=2ghz configuration.mode=ap disabled=no name=cap-wifi2.4_zahrada radio-mac=F4:1E:57:EC:E7:F1
operated by CAP 48:A9:8A:39:3F:DE%bridge, traffic processing on CAP
add channel.band=5ghz-ac .frequency=5300 .width=20/40/80mhz configuration=5ghz configuration.mode=ap .tx-power=13 disabled=no mtu=1500 name=cap-wifi5_kuchyna radio-mac=48:A9:8A:39:3F:E1
operated by CAP F4:1E:57:88:4A:07%bridge, traffic processing on CAP
add channel.frequency=5700 .width=20/40/80mhz configuration=5ghz configuration.mode=ap disabled=no mtu=1500 name=cap-wifi5_obyv radio-mac=F4:1E:57:88:4A:09
operated by CAP 78:9A:18:4E:59:FB%bridge, traffic processing on CAP
add channel.frequency=5500 .width=20/40/80mhz configuration=5ghz configuration.mode=ap .tx-power=20 disabled=no mtu=1500 name=cap-wifi5_poschodie radio-mac=78:9A:18:4E:59:FD
operated by CAP F4:1E:57:EC:E7:EF%bridge, traffic processing on CAP
add channel.frequency=5180 .width=20/40/80mhz configuration=5ghz configuration.mode=ap disabled=no name=cap-wifi5_zahrada radio-mac=F4:1E:57:EC:E7:F2
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.5.2.2-10.5.2.250
add name=dhcp-mgmt ranges=10.5.99.100-10.5.99.200
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=DhcpSrv-Lan
add address-pool=dhcp-mgmt interface=vlan-mgmt lease-time=10m name=DhcpSrv-Mgmt
/ip smb users
set [ find default=yes ] disabled=yes
/ipv6 dhcp-client option
add code=6 name=isp_aftr value=0x001100170040
/ipv6 dhcp-server option
add code=23 name=custom-dns value="'fe80::4014:1eb4:54ed:ec0'"
/ipv6 dhcp-server option sets
add name=set1 options=custom-dns
/routing table
add disabled=no fib name=vps
/system logging action
set 0 memory-lines=2000
set 1 disk-lines-per-file=2000
/user group
add name=homeassistant policy="reboot,read,write,policy,test,api,!local,!telne
t,!ssh,!ftp,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api"
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path=/ upgrade-policy=suggest-same-version
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/ip smb
set enabled=no
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether6 internal-path-cost=10 path-cost=10
add bridge=bridge interface=ether7
add bridge=bridge interface=vlan-lan
/ip firewall connection tracking
set udp-stream-timeout=10m udp-timeout=10m
/ip neighbor discovery-settings
set discover-interface-list=LAN lldp-mac-phy-config=yes lldp-max-frame-size=yes lldp-vlan-info=yes
/ipv6 settings
set accept-router-advertisements=no accept-router-advertisements-on=none
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=bridge list=LAN
add interface=ether8 list=LAN
add disabled=yes interface=vlan-wan list=WAN
add interface=wg-home list=WAN
add interface=ipipv6-tunnel1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=vlan-wan list=WAN
add interface=vlan-mgmt list=MGMT
/interface wifi capsman
set ca-certificate=auto enabled=yes package-path=/packages require-peer-certificate=no upgrade-policy=suggest-same-version
/interface wireguard peers
add allowed-address=0.0.0.0/0,10.10.10.1/32 endpoint-address= endpoint-port=51820 interface=wg-home name=peer2 persistent-keepalive=25s public-key="pub-key="
/ip address
add address=10.5.2.1/24 comment=LAN interface=bridge network=10.5.2.0
add address=192.0.0.2/29 comment="Orange DS-Lite" interface=ipipv6-tunnel1 network=192.0.0.0
add address=192.168.1.1/24 comment="SFP module management access" interface=vlan-wan network=192.168.1.0
add address=192.168.10.1/24 comment="Fallback port" interface=ether8 network=192.168.10.0
add address=10.10.10.2/24 comment=Wireguard interface=wg-home network=10.10.10.0
add address=10.5.99.1/24 comment=Mgmt interface=vlan-mgmt network=10.5.99.0
/ip cloud
set ddns-update-interval=1h
/ip dhcp-server network
add address=10.5.2.0/24 caps-manager=10.5.2.1 comment=defconf dns-server=10.5.2.50 gateway=10.5.2.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.5.2.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Winbox (enable on WAN)" disabled=yes dst-port=8291 protocol=tcp
add action=accept chain=input comment="Wireguard listen port" dst-port=51820 protocol=udp
add action=drop chain=input comment="defconf: drop all coming from WAN" in-interface-list=WAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="Wireguard forward" disabled=yes out-interface-list=WAN src-address=10.5.2.0/24
add action=accept chain=forward comment="Allow mgmt VLAN to specific IP" dst-address=10.5.99.0/24 src-address=10.5.2.2
add action=drop chain=forward comment="Drop everything accessing mgmt VLAN" dst-address=10.5.99.0/24
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=prerouting comment="VPS connection mark" connection-mark=no-mark in-interface=wg-home new-connection-mark=vps_conn
add action=mark-routing chain=prerouting comment="VPS mark routing" connection-mark=vps_conn new-routing-mark=vps passthrough=no
/ip firewall nat
add action=src-nat chain=srcnat comment="To VPS NAT" out-interface=wg-home to-addresses=10.10.10.2
add action=dst-nat chain=dstnat comment=Tailscale in-interface=wg-home protocol=udp to-addresses=10.5.2.15 to-ports=41641
add action=dst-nat chain=dstnat comment=Tailscale dst-port=41641 in-interface=wg-home protocol=udp to-addresses=10.5.2.2-10.5.2.200 to-ports=0-65535
add action=dst-nat chain=dstnat comment="Traefik " dst-port=443 in-interface=wg-home protocol=tcp to-addresses=10.5.2.20 to-ports=443
add action=dst-nat chain=dstnat comment=nasdrive disabled=yes dst-port=445 in-interface=wg-home protocol=tcp to-addresses=10.5.2.10 to-ports=445
add action=dst-nat chain=dstnat comment=iperf disabled=yes dst-port=5201 in-interface=wg-home protocol=tcp to-addresses=10.5.2.10 to-ports=5201
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip route
add comment=Wireguard disabled=no distance=2 dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-table=vps scope=30 target-scope=10
add disabled=no distance=1 dst-address=10.10.10.0/24 gateway=wg-home routing-table=vps scope=30 target-scope=10
add disabled=no distance=1 dst-address=10.5.2.0/24 gateway=bridge routing-table=vps scope=30 target-scope=10
add comment="ipipv6-tunnel1 (enable IP in Address List)" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ipipv6-tunnel1 routing-table=main scope=30 target-scope=10
/ipv6 route
add disabled=no distance=1 dst-address=::/0 gateway=pppoe-out1 pref-src="" routing-table=main scope=30 target-scope=10
/ip service
set api-ssl certificate=CAPsMAN-48A98A62E0EB
/ip ssh
set host-key-type=ed25519
/ip upnp interfaces
add disabled=yes interface=bridge type=internal
add disabled=yes interface=wg-home type=external
add disabled=yes interface=D type=external
/ipv6 address
add from-pool=pool6 interface=bridge
/ipv6 dhcp-client
add custom-iapd-id=0 default-route-tables=main dhcp-options=isp_aftr dhcp-options=isp_aftr interface=pppoe-out1 pool-name=pool6 rapid-commit=no request=prefix script="# String to HEX
\n:global str2base16 do={
\n :local input [:tostr "$1"]
\n :local options [:tostr "$2"]
\n
\n :local charsString ""
\n :for x from=0 to=15 step=1 do={ :for y from=0 to=15 step=1 do={
\n :local tmpHex "$[:pick "0123456789ABCDEF" $x ($x+1)]$[:pi
ck "0123456789ABCDEF" $y ($y+1)]"
\n :set $charsString "$charsString$[[:parse "(\"\\$tmpHex
\")"]]"
\n } }
\n
\n :local hexchars "0123456789ABCDEF"
\n :if ($options~"lowercase") do={
\n :set hexchars "0123456789abcdef"
\n }
\n :local chr2hex do={
\n :local input [:find $2 $1 -1]
\n :local convert [:pick $3 (($input >> 4) & 0xF)]
\n :set convert ($convert.[:pick $3 ($input & 0xF)])
\n :return $convert
\n }
\n
\n :local position 0
\n :local output "" ; :local work ""
\n :while ($position < [:len $input]) do={
\n :set work [$chr2hex [:pick $input $position ($position + 1)]
_$charsString $hexchars]
\n :set output "$output$work"
\n :set position ($position + 1)
\n }
\n :return $output
\n}
\n# HEX to string (modified to get AFTR name)
\n:global base16dec do={
\n :local input [:tostr "$1"]
\n :local options [:tostr "$2"]
\n
\n :local hex2chr do={:return [[:parse "(\"\\$1\")"]]}
\n :local lowerarray {"a"="A";"b"="B";"c"="C";"d"="D";
"e"="E";"f"="F"}
\n\t:local allowedhex "30;31;32;33;34;35;36;37;38;39;41;42;43;44;45;46;47
;49;4A;4B;4C;4D;4E;4F;50;51;52;53;54;55;56;57;58;59;5A;61;62;63;64;65;66;6
7;68;69;6A;6B;6C;6D;6E;6F;70;71;72;73;74;75;76;77;78;79;7A"
\n\t:local maxlength [:len $input]
\n\t:set maxlength ($maxlength - 2)
\n
\n :if (!($input~"[1]\$")) do={
\n :error "invalid characters: only 0-9, A-F and a-f are valid Bas
e16 values"
\n }
\n
\n :if (!($options~"ignoreodd")) do={
\n :if (([:len $input] % 2) != 0) do={:error "Invalid length, is
odd."}
\n }
\n
\n :local position 0
\n :local output "" ; :local work "" ; :local chk1 "" ; :local
chk2 ""
\n :while ($position < [:len $input]) do={
\n :set chk1 [:pick $input $position ($position + 1)]
\n :set chk2 [:pick $input ($position + 1) ($position + 2)]
\n :if ($chk1~"[a-f]") do={:set chk1 ($lowerarray->$chk1)}
\n :if ($chk2~"[a-f]") do={:set chk2 ($lowerarray->$chk2)}
\n :set work "$chk1$chk2"
\n :if ([:len $work] = 2) do={
\n\t\t\t:if ($allowedhex~"$work(;|\$)") do={
\n\t\t\t\t:set work [$hex2chr $work]
\n\t\t\t} else={
\n\t\t\t\tif ($position = 0 || $position = $maxlength) do={
\n\t\t\t\t\t:set work ""
\n\t\t\t\t} else={
\n\t\t\t\t\t:set work "."
\n\t\t\t\t}
\n\t\t\t}
\n } else={
\n\t\t\t:set work ""
\n }
\n :set output "$output$work"
\n :set position ($position + 2)
\n }
\n :return $output
\n}
\n:local aftrhex [$str2base16 ($"options"->"64")]
\n:local aftr [$base16dec $aftrhex]
\n:local aftrchck [$str2base16 $aftr]
\n
\n:log info ($"options"->"64")
\n:log info ($"aftrhex")
\n:log info ($"aftr")
\n:log info ($"aftrchck")
\n:if ([/interface/ipipv6/find name=ipipv6-tunnel1]="") do={
\n\t/interface/ipipv6/add !keepalive name=ipipv6-tunnel1 remote-address=$
aftr local-address=::
\n\t:log info "IPIPv6 interface created"
\n} else {
\n\t/interface/ipipv6/set [find name=ipipv6-tunnel1] remote-address=$aftr
\n\t:log info "IPIPv6 interface updated"
\n}"
/ipv6 dhcp-server
add dhcp-option=set1 interface=bridge lease-time=1h name=dhcpv6-dns
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else coming from WAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=forward comment="Allow HTTPS to Traefik " disabled=yes dst-address=2a01:c844:250b:6200:1907:1358:a05:214/128 dst-port=443 in-interface-list=WAN protocol=tcp
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else coming from WAN" in-interface-list=!LAN
add action=accept chain=input disabled=yes
add action=accept chain=forward disabled=yes
add action=accept chain=output disabled=yes
/ipv6 nd
set [ find default=yes ] disabled=yes other-configuration=yes ra-interval=30s-1m ra-lifetime=5m
add hop-limit=64 interface=bridge other-configuration=yes
/ipv6 nd prefix
add interface=bridge preferred-lifetime=5m prefix=fd27:aa10:defc:bb20::/64 valid-lifetime=10m
/ipv6 nd prefix default
set preferred-lifetime=5m valid-lifetime=10m
/system clock
set time-zone-name=Europe/Bratislava
/system identity
set name=router_main
/system logging
add disabled=yes topics=debug
add action=disk topics=pppoe,debug
add action=disk topics=radvd,debug
add action=disk topics=route,debug
add action=disk topics=interface,debug
add action=disk topics=system,debug
add action=disk topics=wireguard,debug
add action=disk topics=debug,!netwatch,!dhcp,!wireless,!stp
/system routerboard settings
set auto-upgrade=yes
/system scheduler
add interval=1w name=Backup on-event=BackupOS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-10-30 start-time=23:55:00
add interval=1d name=DisableWi-Fi on-event=DisableWi-Fi policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-02-16 start-time=23:00:00
add interval=1d name=EnableWi-Fi on-event=EnableWi-Fi policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-02-17 start-time=06:00:00
add disabled=yes interval=1m name="Get new IPv6 prefix" on-event=GetIpv6Prefix policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-01-14 start-time=13:00:00
add interval=1m name="IPv6 DHCP client release" on-event=IPv6_dhcp-client_release policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-01-14 start-time=13:00:00
add disabled=yes interval=30m name=CheckTemperature on-event=CheckTemperature policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-01-14 start-time=13:00:00
/tool bandwidth-server
set enabled=no
/tool graphing interface
add
/tool graphing resource
add
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add comment="Watching Orange IPv6 connectivity" disabled=no
down-script=":loca
l file "netdown_v6.txt"
\n:foreach f in=[/file find name=$file] do={
\n /file remove $file
\n}
\n:local nowTime ([/system clock get date] . " " . [/system clock get ti
me])
\n/file add name=$file contents=$nowTime
\n/ipv6 dhcp-client renew [/ipv6 dhcp-client find]
\n:log info "Netwatch - IPv6 DHCP client attempted renewal due to IPv6 ti
meout""
host=2001:4860:4860::8888 http-codes="" interval=3s name="IPv6 ping" packet-count=5 packet-interval=200ms test-script="" thr-loss-percent=100% timeout=500ms type=icmp
up-script=":delay 10000ms
\n/tool e-mail send to="robert.rudik@proton.me" subject="Internet resto
red - IPv6" body="Orange IPv6 internet connection restored.""
add comment="AdGuard Home DNS" disabled=no
down-script="/system script run [/s
ystem script find where name="DnsChange-ToPublic"]"
host=10.5.2.50 http-codes="" interval=3s name="Private DNS ping" packet-count=10 packet-interval=200ms test-script="" thr-loss-percent=100% timeout=500ms type=icmp
up-script="/system script run [/system script find where name="
DnsChange-ToPrivate"]"
add comment="Watching Orange IPv4 connectivity" disabled=no
down-script=":loca
l file "netdown_v4.txt"\r
\n:foreach f in=[/file find name=$file] do={\r
\n /file remove $file\r
\n}\r
\n:local nowTime ([/system clock get date] . " " . [/system clock get ti
me])\r
\n/file add name=$file contents=$nowTime"
host=1.1.1.1 http-codes="" interval=3s name="IPv4 ping" packet-count=5 packet-interval=200ms test-script="" thr-loss-percent=100% timeout=500ms type=icmp
up-script=":d
elay 10000ms\r
\n/tool e-mail send to="robert.rudik@proton.me" subject="Internet resto
red - IPv4" body="Orange IPv4 internet connection restored.""
CRS309 config
2026-03-03 09:32:38 by RouterOS 7.21.3
model = CRS309-1G-8S+
/interface bridge
add admin-mac=04:F4:1C:58:35:D1 auto-mac=no comment=defconf name=bridge pvid=4094 vlan-filtering=yes
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no comment=Orange sfp-ignore-rx-los=yes speed=1G-baseX
set [ find default-name=sfp-sfpplus2 ] comment="Main router (RB5009)"
set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no comment="Test router (CHR)" disabled=yes
set [ find default-name=sfp-sfpplus4 ] comment="Main switch (CSS326)"
set [ find default-name=sfp-sfpplus5 ] comment=Server
set [ find default-name=sfp-sfpplus6 ] comment=Workstation
/interface vlan
add interface=bridge l3-hw-offloading=no name=vlan-lan vlan-id=50
add interface=bridge l3-hw-offloading=no name=vlan-mgmt vlan-id=99
add interface=bridge l3-hw-offloading=no name=vlan-wan vlan-id=10
/interface list
add name=MGMT
add name=LAN
add name=WAN
/interface bridge port
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus1 pvid=10
add bridge=bridge frame-types=admit-only-vlan-tagged interface=sfp-sfpplus2 pvid=4094
add bridge=bridge frame-types=admit-only-vlan-tagged interface=sfp-sfpplus3 pvid=4094
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus4 pvid=50
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus5 pvid=50
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus6 pvid=50
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus7 pvid=50
add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface=sfp-sfpplus8 pvid=99
/interface ethernet switch l3hw-settings
set autorestart=yes ipv6-hw=yes
/ip neighbor discovery-settings
set discover-interface-list=MGMT
/ipv6 settings
set accept-router-advertisements=no accept-router-advertisements-on=none
/interface bridge vlan
add bridge=bridge tagged=bridge,sfp-sfpplus2,sfp-sfpplus3 untagged=sfp-sfpplus4,sfp-sfpplus5,sfp-sfpplus6,sfp-sfpplus7 vlan-ids=50
add bridge=bridge tagged=bridge,sfp-sfpplus2,sfp-sfpplus3 untagged=sfp-sfpplus1 vlan-ids=10
add bridge=bridge tagged=bridge,sfp-sfpplus2,sfp-sfpplus3 untagged=sfp-sfpplus8 vlan-ids=99
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface list member
add interface=vlan-mgmt list=MGMT
add interface=vlan-lan list=LAN
add interface=vlan-wan list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf disabled=yes interface=bridge network=192.168.88.0
add address=192.168.10.2/24 comment="Fallback port" interface=ether1 network=192.168.10.0
add address=192.168.1.2/24 comment="SFP module management access" interface=vlan-wan network=192.168.1.0
add address=10.5.99.2/24 comment=Mgmt interface=vlan-mgmt network=10.5.99.0
/ip dhcp-client
add disabled=yes interface=ether1
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.5.99.1 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set www address=10.5.2.0/24
set winbox address=10.5.2.0/24
set api disabled=yes
set api-ssl disabled=yes
/ipv6 nd
set [ find default=yes ] disabled=yes
/ipv6 nd prefix default
set preferred-lifetime=5m valid-lifetime=10m
/system clock
set time-zone-name=Europe/Bratislava
/system identity
set name=switch_8sfp
/system logging
add disabled=yes topics=debug
/system routerboard settings
set auto-upgrade=yes enter-setup-on=delete-key
/system swos
set identity=switch_8sfp
/tool mac-server
set allowed-interface-list=MGMT
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
I can't upload attachments as new user so I paste it into hide details. I removed scripts not related to configuration but I have to note that I have scripts turning ON and OFF the Wi-Fi. It turn OFF all cAPs at 23:00 evening and turn back ON at 7:00 morning right where cut-out happen. I don't think it's related, just to know about it.
I would be very greatful for any tip or advice.
Thank you in advance.
0-9A-Fa-f ↩︎