Hey guys,
I got my MikroTik Router hEX S today and I want to provide internet access with each separated networks to three households over one fibre modem (Genexis FibreTwist G2110).
The Modem is connected with Ether1 and my client computer is connected with Ether2.
But the DHCP client remains in status “Status: searching…” forever.
The connection works perfectly fine with my “FritzBox! 7590”. Does anyone have an idea what the problem is? I attached a few screenshots of the current configuration.
Yesterday I talked to a technician of our internet provider. He told me that this approach is correct in general and there should not be any problem with a MikroTik Routerboard
No I attached the Routerboard to the FritzBox to check, if the DHCP client works if the FritzBox is the Main Router and a DHCP server: it worked immediately. The Routerboard got an IP within the FritzBox’s IP range. But no Internet so far.
From the screenshot provided, you’re getting an IP from the same range as your LAN subnet (192.168.88.100) this is a non-working configuration.
Why are you getting 192.168.88.100 ?
This was my last try (manual configuration) after automatic connection with a DHCP client did not work. Also it was not the port for the modem, but for the client PC.
But considering the recent insights I think I have to wait after I had another phone call with the providers technicians.
Because: I have two identical FritzBox Routers. One has been delivered by the provider. The other one I ordered myself. And for some reason the provider Fritzbox works perfectly, while the other one is also not able to connect with the Modem.
Ok, after another call with a support guy right now I have learned that the delivered FritzBox Router was preconfigured. So lets forget about my initial DHCP problem for now.
I actually have so called “login data” for the internet connection that look as shown in the attached screenshot. I’ve already noticed that before but I did not find any field within the Mikrotik Configuration to use those data for a connection.
Is it possible to configure the internet connection only with those given information (“SIP-Domain / Realm”, “Proxy Server” and “Registrar”)
Ok, another approach: I figured out that the FritzBox requires a “VLAN ID” (provided by my provider) to make the internet running. This is three digit number. I never heard about VLAN’s in that context.
Unfortunately I cannot find a documentation or forum thread that describes how to configure then internet access with having the providers VLAN ID only. Is there a way to do so?
What I have tried: I added a VLAN with the given VLAN ID to Ether1 (WAN Port, attached to the ONT). But that does not change anything. Here is the current configuration:
[admin@RouterOS] >> export hide-sensitive
# jan/05/1970 04:39:28 by RouterOS 6.48.6
# software id = QXQC-WMAZ
#
# model = RB760iGS
# serial number = HD2086154BV
/interface bridge
add admin-mac=18:FD:74:8B:4F:B0 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=ether1 name=vlan1 vlan-id=132
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/system identity
set name=RouterOS
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Out of curiosity: How to access the exported data if I saved it to a file? I had to omit the file name in the end of the export command to print the output. Since there are no linux tools like “ls” or “cat”, I dont know how to find the file.
Thank you, now I got a WAN IP. The router itself has internet access, as well as my windows network adaptor, according to it’s status.
But: I’m still offline on the windows machine (cannot open any website and no other application is connecting).
Did you update the WAN interface list to include the VLAN interface but not ether1? That interface list is what configures the firewall for NAT to the internet, etc..
You just need to edit the “WAN” interface list to include your vlan interface (which is your WAN) and remove the ether1 interface (which is not). There are other firewall rules which depend on the WAN interface list correctly listing your WAN interface(s), so this is a better solution than manually adding a NAT rule for a specific interface. Specifically, you want this one to take effect:
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
