Repeated disconnects on WAN (ether1)

RouterOS General
1

I’ve got a hEX (RB750Gr3) running 7.17.2 (routerboard and firmware) with ether1 (WAN) connected to a Spectrum Cable Internet modem and I believe the connection has problems.

I’ve had Spectrum’s tech out twice and they tested and swear that there is no problem on their side.

Symptoms that I see include:

  1. Frequent Winbox disconnects
  2. Logs show frequent (even more than the Winbox disconnected) logout/logins
  3. Netwatch shows dropped connections (down and up) to another site with a known good/solid Internet connection
  4. Pings from multiple other locations to the hEX show between a 3 and 6% packet loss

Other than a hardware failure (hEX or cable between hEX and and modem or power problem), could something in the config possibly impact ether1’s performance?

I checked the CPU and memory usage and they’re both pretty low.

Here is a paired-down export (removed the wireguard peers, firewall rules, disabled items). Anything that could cause this?

# 2025-03-18 16:48:25 by RouterOS 7.17.2
# software id = 9QHQ-45Y2
#
# model = RB750Gr3
# serial number = CC220
/interface bridge
add admin-mac=DC:2C:6E:E1:65:A7 auto-mac=no comment=defconf name=bridge \
    port-cost-mode=short
/interface ethernet
set [ find default-name=ether2 ] comment=OffBridge
set [ find default-name=ether3 ] comment="AP 192.168.40.90"
set [ find default-name=ether4 ] comment="AP 192.168.40.91"
set [ find default-name=ether5 ] comment="2 CAMERAS .40 .41"
/interface wireguard
add listen-port=52820 mtu=1420 name=wireguard1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=DHCPdisabled
add name=TRUSTED
/ip pool
add name=192.168.40.x ranges=192.168.40.100-192.168.40.254
add comment=offbridge-dhcp-server name=offbridge-dhcp-server ranges=\
    192.168.88.2-192.168.88.200
/ip dhcp-server
add address-pool=192.168.40.x interface=bridge 
add address-pool=offbridge-dhcp-server comment=offbridge-dhcp-server \
    interface=ether2 name=offbridge-dhcp-server
/ip smb users
set [ find default=yes ] disabled=yes
/port
set 0 name=serial0
/ppp profile
set *FFFFFFFE dns-server=8.8.8.8
/system logging action
set 0 memory-lines=2000
set 3 remote=192.168.0.13
add name=logserver remote=192.168.0.112 remote-port=51400 target=remote
/interface bridge port
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \
    path-cost=10
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=all
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=16384
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=wireguard1 list=LAN
add interface=wireguard1 list=DHCPdisabled
add interface=bridge list=TRUSTED
add interface=wireguard1 list=TRUSTED
add comment=OffBridge interface=ether2 list=LAN
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.40.1/24 comment=defconf interface=bridge network=\
    192.168.40.0
add address=10.10.100.40/24 interface=wireguard1 network=10.10.100.0
add address=192.168.88.1/24 comment="Management 192.168.88.1" interface=\
    ether2 network=192.168.88.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1d
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server alert
add disabled=no interface=bridge
/ip dhcp-server network
add address=192.168.40.0/24 dns-server=192.168.40.1 gateway=192.168.40.1
add address=192.168.88.0/24 dns-server=1.1.1.1 gateway=192.168.88.1 netmask=\
    24
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d12h servers=\
    1.1.1.1,8.8.8.8,9.9.9.9,8.8.4.4
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip kid-control
add fri=0s-1d mon=0s-1d name=Monitor sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d \
    wed=0s-1d
/ip service
set www-ssl certificate=XXXXX.dyndns.org disabled=no
/ip smb shares
set [ find default=yes ] directory=/flash/pub
/ip ssh
set forwarding-enabled=both
/snmp
set enabled=yes trap-version=2
/system clock
set time-zone-name=America/New_York
/system identity
set name=371hEX
/system logging
add topics=account
add topics=event
add topics=firewall
add topics=mqtt
add topics=watchdog
add action=logserver prefix="XXXXX15 MikroTik" topics=hotspot
add topics=info,!wireguard
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=0.north-america.pool.ntp.org
/system ups
add name=ups1 port=usbhid1
/system watchdog
set auto-send-supout=yes ping-start-after-boot=10m ping-timeout=5m \
    send-email-from=jXXXXX@domain.com send-email-to=\
    jXXXXX@domain.com watch-address=1.1.1.1
/tool e-mail
set from=jXXXXX@domain.com port=587 server=smtp.gmail.com tls=starttls \
    user=jXXXXX@domain.com
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=TRUSTED
/tool netwatch
add comment=Netwatch-8.8.4.4 disabled=no down-script=":local thisBox [/system \
    identity get name];\
    \n\
    \n:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox DOWN to \
    8.8.4.4\" body=( [ :system clock get date ] . \" \" . [ :system clock get \
    time ] . \"\$thisBox DOWN to 8.8.4.4\" )" host=8.8.4.4 http-codes="" \
    interval=5m name=Netwatch-8.8.4.4 test-script="" type=simple up-script=":l\
    ocal thisBox [/system identity get name];\
    \n\
    \n:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox UP to 8.\
    8.4.4\" body=( [ :system clock get date ] . \" \" . [ :system clock get ti\
    me ] . \"\$thisBox UP to 8.8.4.4\" )"
add disabled=no down-script=Netwatch host=192.168.0.11 http-codes="" \
    interval=5m name=Netwatch-192.168.0.11 test-script="" type=simple \
    up-script=Netwatch
/tool romon
set enabled=yes
/tool sniffer
set file-limit=20000KiB file-name=sniffed filter-mac-address="44:61:32:2B:9F:D\
    4/FF:FF:FF:FF:FF:FF,44:61:32:7E:3E:53/FF:FF:FF:FF:FF:FF,44:61:32:C9:26:A5/\
    FF:FF:FF:FF:FF:FF" memory-limit=20000KiB only-headers=yes
/tool traffic-monitor
add interface=ether1 name=tmon1 threshold=1000
add interface=wireguard1 name=tmon2
2

So they have confirmed connectivity from the street to their modem is solid? If thats the case sounds like the connection fro the modem to the router is the problem. Try a different cable.

3

Yep, if I were there (which is 100 miles away), I would definetly have done that before posting. Probably would have swapped in a backup hEX also.

It will have to wait until I’m in that area.

Thanks.

4

You need to buy a car, that scooter just doesnt cut it and you cannot carry much. :stuck_out_tongue_winking_eye:

5

Perhaps you haven’t heard: Owning a private vehicle, let along driving one, is a capital offense in NYC.

6

It sure is capital offense … since NYC is capital of republic of NY … ummm, what? No republic of NY and NYC is not a capital of anything? In what weird place do you live? :wink:

7

Yes, indeed: Capital has multiple meanings, hence it’s ripe for humor.

Capital: Center of government
Capital: Asset (currency)
Capital: When used in “capital offense” means a crime for which the punishment is death

So, when I say (jokingly) that owning or driving a car is a capital offense, I am indeed making a joke.

Nonetheless, yes, NYC is indeed a weird place – and that’s no joke!

8

Well I have driven to NYC many a time, and the rules of thumb are carry a gazillion one dollar bills for tolls, get a toll pass when it makes sense, park the car and take the ferry, get a multi-day transport pass ( subway and bus) if there for any length of time. I guess what has changed is this new FEE for even driving downtown. It might even make sense to become a uber driver just to avoid the downtown fee LOL. I listen to NPR national news and then it jumps to NPR New York News, and every day there are delays in L-Trains LOL, its almost comical.

9

As a lifelong NYC’er, I self-declare myself guru.

NYC has been engaged in a massive anti-vehicle war for a couple of decades. The merits of it have been and continue to be debated, but the war is undeniable. Cost and difficulty are the strategies being very effectively employed by the anti-vehicle side.

Anav is 100% correct: If anyone wants to come to NYC, don’t bring (or in any way plan to use) a vehicle. Public transportation works, except when it doesn’t or when very bad things happen.

10

UPDATE:

I had someone (non-tech) go the site with a new ethernet cable and instructions to replace the cable between Spectrum’s modem and the hEX.

When he got there (as instructed) he sent me pictures of what he found and it seems the Spectrum tech left (for no discernable reason) a Spectrum wifi “router” plugged in (i.e., powered up) within a couple of inches of my equipment. The data cable was not connected to anything.

I had my guy replace the data cable and pull the power cable from the Spectrum router/AP.

The packet loss seems to have stopped.

I know the most likely explanation was somehow the data cable was the problem.

But, I’m wondering if the existance of Spectrum’s modem, powered up, in close proximity to the Spectrum’s modem and my hEX, was the cause. Maybe the RF on 2.4 and 5ghz was somehow leaking in to the hEX?

11

Nope:

Replacing the cable and removing the nearby Spectrum router/AP did not solve the problem.

Ran a ping for a while and have 18% packet loss.

Other than the hEX hardware failing, anything else it could be?

I recently upgraded to 7.17.2.

CPU holds steady at ~5%. Memory used at less than 70MB (out of 256).