ROMON Troubleshooting

RouterOS Beginner Basics
1

I have 2 kinds of MTIK devices behind my main MTIK router.

  1. MTIK device that is in the default VLAN, ROMON works.
  2. MTIK device that is in VLAN 03, ROMON does not work.

For device #2, mac-ping from TOOLS > ROMON results in timeout, but mac-ping from IP > NEIGHBORS works but shows a -200% packet loss (odd). See following image.

How would you attack this issue? Where do I begin to troubleshoot why devices in VL03 does not show up in ROMON. Could it be a firewall issue on the main router or in the device? Romon is enabled on all devices.

zz1.jpg

2

Anyone? No one has ever had issues with not seeing devices in ROMON?

Researching further, it seems to be related to this thread
http://forum.mikrotik.com/t/romon-packets-not-passed-by-edgeswitch-24/90191/1

And this thread in the ub forums
https://community.ubnt.com/t5/EdgeSwitch/ES-24-250W-and-Mikrotik-RoMON-failure/td-p/1313979

“This is known issue caused by UBNT. They block frames with unusual ethernet frame type, which are being used by ROMON.”
https://community.ubnt.com/t5/UniFi-Feature-Requests/Passing-RoMON-packets/idi-p/1976558

Be forewarned, ubiquiti switches and ROMON does not seem to work together.

3

That is true. ROMON frames are not forwarded by UNIFI.

In terms of your magical “-200% packet loss” i have really simple explanation:
You are pinging MAC address. Since you did not specify which interface you want to transmit, it will transmit on ALL interfaces. including bridged ethernets or vlans. (therefore one request gets actually transmitted multiple times)
In addition, anything what has this address will respond. If there are multiple interfaces or devices with the same mac address, they will respond at the same time.
In your case, it is clear that each Seq # is repeated 3 times. That means 3 replies are received per each request.
0 reply per each request = 100% loss
1 reply per each request = 0% loss
2 replies per each request = -100% loss
3 replies per each request = -200% loss
I know the number like this does not make sense, however, there is no other way to summarize packet loss based on amount of transmited requests and received replies.

I tested the same on couple of routers which all had Ether1 in Bridge1 (no VLANs/VRRP etc..) and all interfaces had different MAC. Therefore I had guarantee, that there is only one interface with destination MAC available. When I sent the request without specified source interface, I always received 2 replies. When I specified source interface, I always got only one reply (or none, if I intentionally selected interface which was not connected)
Due to that, I am sure that in my example, request was transmitted by Ether and also by Bridge, which was connected to Ether, so there were actually 2 request frames sent via Ether…

4

Thank you, that makes perfect sense and is indeed the case.

When I picked the physical interface for the mac ping, it is 0% loss (1 reply). In my case, I assume the 3 replies would come from the (1) physical interface, (2) bridge and (3) vlan interface.