I run a wisp and I am trying to figure out what is going on with my public subnets routed to my customers.

I have a x,x,x,226/30 connected to my ISP.
I have a x.x.x.0 /23 set next hop from my ISP.
I have another x.x.x.0/24 set next hop from my ISP. (not in use yet, until I get this issue fixed.)

I CANNOT ping nor connect to any device on any of my public internal subnets even when on the LAN, BUT I CAN ping all gateways on the mikrotik from both internal and external interfaces.

When I traceroute to a one of the public subnet interfaces, I get a full traceroute as expected. When I traceroute to any DEVICE connected to any of the public subnet interfaces, the trace drops at my mikrotik wan. The strange thing is and this is what makes no sense at all to me, or anyone I have asked is… THE CONNECTED DEVICES CAN BE ACCESSED FROM INTERNET AND ARE PASSING TRAFFIC TO MY SUBSCRIBERS.

All of my private IP addresses are fine, I can access them as expected.

Are you sure there’s nothing in firewall that might block the traffic?

I don’t see anything that would block it in the firewall.
Im passing traffic, just can’t ping or run traceroutes either internally or externally.

The internal has me really confused.

First of all you should make interfaces as arp=proxy-arp, next one you should exclude those IP from NAT

What will proxy-arp do to remedy that? Not sure I follow you there. They are not in the nat. That is what makes no sense.

The only subnet I nat is 10.0.0.0/8

If your ISP is routing the /23 and /24 to the x.x.x.226/30 address then proxy-arp is inappropriate. Are these used as actual subnets, or are you handing out individual /32 with PPPoE? Post the output of /export hide-sensitive with any public IPs redacted.

I am using dhcp with hotspot authentication with queues.
I will get an export here in a little while.

Here is the export. All X.X.X are publics. I haven’t finished setting up all subnets for the publics until I get them working.
Ideally, I would like to have Customer Public Ip to show up as their IP address instead of my WAN address.

\

aug/02/2020 08:11:46 by RouterOS 6.46.4

software id = 037D-5V1G

model = CCR1009-7G-1C-1S+

/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=combo1 ] advertise=“10M-half,10M-full,100M-half,100M-f
ull,1000M-half,1000M-full,2500M-full,5000M-full,10000M-full”
auto-negotiation=no
set [ find default-name=sfp-sfpplus1 ] advertise=
1000M-half,1000M-full,10000M-full mtu=1580
/interface vlan
add interface=sfp-sfpplus1 name=“sfp-sfpplus1-VLAN 110” vlan-id=110
add interface=sfp-sfpplus1 name=“sfp-sfpplus1-VLAN 2” vlan-id=2
add interface=sfp-sfpplus1 name=“sfp-sfpplus1-VLAN 201” vlan-id=201
add interface=sfp-sfpplus1 name=“sfp-sfpplus1-VLAN 202” vlan-id=202
add interface=sfp-sfpplus1 name=“sfp-sfpplus1-VLAN 203” vlan-id=203
add interface=sfp-sfpplus1 name=“sfp-sfpplus1-VLAN 204” vlan-id=204
add interface=sfp-sfpplus1 name=“sfp-sfpplus1-VLAN 205” vlan-id=205
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add hotspot-address=x.x.x.1 login-by=mac,http-chap,http-pap
mac-auth-password=visp name=hsprof101 use-radius=yes
add hotspot-address=10.0.11.1 login-by=mac,http-chap,http-pap
mac-auth-password=visp name=hsprof110 use-radius=yes
add hotspot-address=x.x.x.1 login-by=mac,http-chap,http-pap
mac-auth-password=visp name=“hsprof 50” use-radius=yes
/ip hotspot
add disabled=no interface=bridge1 login-timeout=5m name=“hotspot UI” profile=
hsprof101
add disabled=no interface=“sfp-sfpplus1-VLAN 110” login-timeout=5m name=
“hotspot LTE” profile=hsprof110
add disabled=no idle-timeout=none interface=ether5 name=“ETH 5” profile=
“hsprof 50”
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=no idle-timeout=5m on-logout="/ip hots
pot host remove [find where address=\94$address\94 and !authorized and !b
ypassed] "
/ip pool
add name=VLAN101 ranges=x.x.x.5-x.x.x.30
add name=VLAN201 ranges=10.0.201.3-10.0.201.62
add name=VLAN202 ranges=10.0.202.3-10.0.202.62
add name=VLAN203 ranges=10.0.203.3-10.0.203.62
add name=VLAN204 ranges=10.0.204.3-10.0.204.62
add name=VLAN205 ranges=10.0.205.3-10.0.205.62
add name=“VLAN 110” ranges=10.0.11.2-10.0.11.253
add name=eth5 ranges=x.x.x.2-x.x.x.253
/ip dhcp-server

DHCP server can not run on slave interface!

add address-pool=VLAN101 disabled=no interface=sfp-sfpplus1 name=VLAN101
add address-pool=VLAN201 disabled=no interface=“sfp-sfpplus1-VLAN 201” name=
VLAN201
add address-pool=VLAN202 disabled=no interface=“sfp-sfpplus1-VLAN 202” name=
VLAN202
add address-pool=VLAN203 disabled=no interface=“sfp-sfpplus1-VLAN 203” name=
VLAN203
add address-pool=VLAN204 disabled=no interface=“sfp-sfpplus1-VLAN 204” name=
VLAN204
add address-pool=VLAN205 disabled=no interface=“sfp-sfpplus1-VLAN 205” name=
VLAN205
add address-pool=“VLAN 110” disabled=no interface=“sfp-sfpplus1-VLAN 110”
name=“VLAN 111”
add address-pool=eth5 disabled=no interface=ether5 name=eth5
/queue type
set 9 kind=sfq
/routing ospf instance
set [ find default=yes ] distribute-default=always-as-type-1 name=“CORE CCR”
router-id=10.0.2.1
/interface bridge port
add bridge=bridge1 interface=sfp-sfpplus1
/ip address
add address=x.x.x.226/30 comment=“WAN TO AT&T” interface=combo1 network=
x.x.x.224
add address=x.x.x.1/27 comment=“CLIENT ACCESS POOL” interface=sfp-sfpplus1
network=x.x.x.0
add address=10.0.0.1/28 comment=“CRS and Netonix management” interface=
sfp-sfpplus1 network=10.0.0.0
add address=10.0.201.1/26 comment=“MANAGEMENT CPE DEVICES” interface=
“sfp-sfpplus1-VLAN 201” network=10.0.201.0
add address=10.0.202.1/26 comment=“MANAGEMENT CPE DEVICES” interface=
“sfp-sfpplus1-VLAN 202” network=10.0.202.0
add address=10.0.203.1/26 comment=“MANAGEMENT CPE DEVICES” interface=
“sfp-sfpplus1-VLAN 203” network=10.0.203.0
add address=10.0.204.1/26 comment=“MANAGEMENT CPE DEVICES” interface=
“sfp-sfpplus1-VLAN 204” network=10.0.204.0
add address=10.0.205.1/26 comment=“MANAGEMENT CPE DEVICES” interface=
“sfp-sfpplus1-VLAN 205” network=10.0.205.0
add address=10.0.2.1/28 comment=“HOLMES HOLLOW CCR/CRS MANAGEMENT” interface=
“sfp-sfpplus1-VLAN 2” network=10.0.2.0
add address=10.0.0.237/30 comment=“EPC SGW” interface=ether6 network=
10.0.0.236
add address=10.0.10.1/24 comment=“ENB MANAGEMENT ALL ENBS” interface=
“sfp-sfpplus1-VLAN 110” network=10.0.10.0
add address=10.0.11.1/24 comment=“ENB CLIENT ACCES” interface=
“sfp-sfpplus1-VLAN 110” network=10.0.11.0
add address=x.x.x.1/24 comment=“Towercom Baicells DHCP” interface=ether5
network=x.x.x.0
add address=10.0.0.233/30 comment=“EPC SGW” interface=ether7 network=
10.0.0.232
/ip dhcp-client
add interface=sfp-sfpplus1
/ip dhcp-server network
add address=10.0.11.0/24 dns-server=10.0.11.1,1.1.1.1 gateway=10.0.11.1
netmask=24 ntp-server=208.81.1.244
add address=10.0.201.0/26 dns-server=10.0.201.1,1.1.1.1 gateway=10.0.201.1
netmask=26 ntp-server=208.81.1.244,208.115.126.70
add address=10.0.202.0/26 dns-server=10.0.202.1,1.1.1.1 gateway=10.0.202.1
netmask=26 ntp-server=208.81.1.244,208.115.126.70
add address=10.0.203.0/26 dns-server=10.0.203.1,1.1.1.1 gateway=10.0.203.1
netmask=26 ntp-server=208.81.1.244,208.115.126.70
add address=10.0.204.0/26 dns-server=10.0.204.1,1.1.1.1 gateway=10.0.204.1
netmask=26 ntp-server=208.81.1.244,208.115.126.70
add address=10.0.205.0/26 dns-server=10.0.205.1,1.1.1.1 gateway=10.0.205.1
netmask=26 ntp-server=208.81.1.244,208.115.126.70
add address=x.x.x.0/27 dns-server=x.x.x.1,1.1.1.1 gateway=x.x.x.1
netmask=27 ntp-server=208.81.1.244,208.115.126.70
add address=x.x.x.0/24 dns-server=x.x.x.1,8.8.8.8 gateway=x.x.x.1
netmask=24 ntp-server=208.81.1.244,208.115.126.70
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1,9.9.9.9
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=accept chain=input comment=“Blocks DNS from WAN” dst-port=53
in-interface=combo1 protocol=tcp
add action=accept chain=input comment=“Blocks DNS from WAN” dst-port=53
in-interface=combo1 protocol=udp
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=
“place hotspot rules here” disabled=yes
add action=masquerade chain=srcnat out-interface=combo1 src-address=
10.0.0.0/8
/ip hotspot ip-binding
add address=10.0.10.0/24 type=bypassed
add address=10.0.203.0/26 type=bypassed
add address=10.0.204.0/26 type=bypassed
add address=10.0.205.0/26 type=bypassed
add address=10.0.208.0/26 type=bypassed
add address=10.0.209.0/26 type=bypassed
add address=10.0.201.0/26 type=bypassed
add address=10.0.202.0/26 type=bypassed
add address=10.0.0.240/30 type=bypassed
add address=10.0.0.232/30 type=bypassed
add address=10.0.0.236/30 type=bypassed
add address=x.x.x.2 type=bypassed
add mac-address=C4:04:15:4A:34:D2 type=bypassed
add address=x.x.x.0/24 type=bypassed
add address=x.x.x.0/27 server=“hotspot UI”
add address=10.0.11.0/24 server=“hotspot LTE”
add address=0.0.0.0/0 type=blocked
/ip hotspot user
add disabled=yes name=xxxxxxxs password=xxxxxxxx6
/ip hotspot walled-garden
add comment=“place hotspot rules here” disabled=yes
/ip hotspot walled-garden ip
add action=accept disabled=no !dst-address !dst-address-list dst-host=
ocsp.godaddy.com !dst-port !protocol !src-address !src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=
vportal.visp.net !dst-port !protocol !src-address !src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=
wlogin.userservices.net !dst-port !protocol !src-address
!src-address-list
add action=accept disabled=no !dst-address !dst-address-list dst-host=
xxxxxxxxxx.com !dst-port !protocol !src-address !src-address-list
/ip route
add distance=1 gateway=x.x.x.225
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api port=x.x.x3
set api-ssl disabled=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/radius
add accounting-port=1646 address=x.x.100.186 authentication-port=1645
realm=xxxxxxxxxx.com secret=xEg9kYymFX service=hotspot src-address=
x.x.x.226 timeout=3s
add accounting-port=1646 address=x.x.139.28 authentication-port=1645 realm=
xxxxxxxxxx.com secret=xEg9kYymFX service=hotspot src-address=
x.x.x.226 timeout=3s
add accounting-port=1646 address=x.x.200.62 authentication-port=1645
secret=VISP service=hotspot timeout=5s
/radius incoming
set accept=yes
/routing ospf interface
add interface=“sfp-sfpplus1-VLAN 2” network-type=broadcast
/routing ospf network
add area=backbone network=10.0.2.0/28
add area=backbone network=10.0.0.0/28
add area=backbone network=x.x.x.0/23
/system clock
set time-zone-name=America/Los_Angeles
/system identity
set name=xxxxxxxxxx
/system logging
set 3 action=memory
add topics=critical
/system ntp client
set enabled=yes server-dns-names=
0.north-america.pool.ntp.org,1.north-america.pool.ntp.org
/system scheduler
add comment=“WinboxMobile push stats v1, DO NOT CHANGE” interval=5m name=
WinboxMobile-push-stats on-event=WinboxMobile-push-stats policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
start-date=sep/29/2019 start-time=16:36:02
/system script
add comment=“WinboxMobile push stats v1, DO NOT CHANGE”
dont-require-permissions=no name=WinboxMobile-push-stats owner=xxxxxxxxxx
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon
source=“# WinboxMobile push stats v1\r
\n\r
\n:global wmUrlEncode do={\r
\n :local Chars {" "="%20";"!"="%21";"\""="%22";"#"="%23
";"$"="%24";"%"="%25";"&"="%26";"'"="%27";"("="%28";
")"="%29";"*"="%2A";"+"="%2B";","="%2C";"-"="%2D";".
"="%2E";"/"="%2F";":"="%3A";";"="%3B";"<"="%3C";"="=
"%3D";">"="%3E";"?"="%3F";"@"="%40";"["="%5B";"\\"=
"%5C";"]"="%5D";"^"="%5E";"`"="%60";"{"="%7B";"|"="%7
C";"}"="%7D";"~"="%7E"}\r
\n :local URLEncodeStr\r
\n :local Char\r
\n :local EncChar\r
\n :for i from=0 to=([:len $1]-1) do={\r
\n :set Char [:pick $1 $i]\r
\n :set EncChar ($Chars->$Char)\r
\n :if (any $EncChar) do={\r
\n :set URLEncodeStr ($URLEncodeStr . $EncChar)\r
\n } else={\r
\n :set URLEncodeStr ($URLEncodeStr . $Char)\r
\n }\r
\n }\r
\n :return $URLEncodeStr\r
\n}\r
\n\r
\n:global wmInterfaceMonit do={\r
\n :global wmUrlEncode;\r
\n\r
\n :local data; :local item; :local encodedName;\r
\n :foreach i in=[/interface find type=$1 disabled=no] do={\r
\n /interface monitor-traffic $i once do={\r
\n :set encodedName [$wmUrlEncode $name];\r
\n :set item "traffic=$1||$i||$encodedName||$"tx-bits-per-sec
ond"||$"rx-bits-per-second"||$"tx-packets-per-second"||$"rx-packe
ts-per-second""\r
\n :set data ( $data . "&" . $item);\r
\n }\r
\n }\r
\n :return $data\r
\n}\r
\n\r
\n:local dataParams;\r
\n:set dataParams "push_stats_version=2&did=674134F1-2E82-4E6A-B550-E49CA
2E39AFC&pid=190000669965718";\r
\n\r
\n:put "Collecting Board data…"\r
\n:do {\r
\n :local serialNumber [/system routerboard get serial-number];\r
\n :set dataParams ( $dataParams . "&" . "serial_number=$serialNum
ber");\r
\n} on-error={ :put "Collecting Board data 1 error"};\r
\n:do {\r
\n :local systemId [/system license get system-id];\r
\n :set dataParams ( $dataParams . "&" . "system_id=$systemId");
\r
\n} on-error={ :put "Collecting Board data 2 error"};\r
\n:do {\r
\n :local softwareId [/system license get software-id];\r
\n :set dataParams ( $dataParams . "&" . "software_id=$softwareId
");\r
\n} on-error={ :put "Collecting Board data 3 error"};\r
\n:do {\r
\n :local identity [$wmUrlEncode [/system identity get name]];\r
\n :set dataParams ( $dataParams . "&" . "identity=$identity");\r
\n} on-error={ :put "Collecting Board data 4 error"};\r
\n:do {\r
\n :local model [$wmUrlEncode [/system routerboard get model]];\r
\n :set dataParams ( $dataParams . "&" . "model=$model");\r
\n} on-error={ :put "Collecting Board data 5 error"};\r
\n\r
\n:put "Collecting Performance data…"\r
\n:do {\r
\n :local cpuLoad [/system resource get cpu-load];\r
\n :local memFree [/system resource get free-memory];\r
\n :local memTotal [/system resource get total-memory];\r
\n :local hddFree [/system resource get free-hdd-space];\r
\n :local hddTotal [/system resource get total-hdd-space];\r
\n :local version [$wmUrlEncode [/system resource get version]];\r
\n :local uptime [$wmUrlEncode [/system resource get uptime]];\r
\n :local userActive [/user active print count-only];\r
\n :local perfData "version=$version&cpu_load=$cpuLoad&uptime=$upti
me&mem_free=$memFree&mem_total=$memTotal&hdd_free=$hddFree&hdd_total=$
hddTotal&user_active_count=$userActive"\r
\n :set dataParams ( $dataParams . "&" . $perfData);\r
\n} on-error={ :put "Collecting Performance error"};\r
\n\r
\n:put "Collecting Health data…"\r
\n:do {\r
\n :local voltage [/system health get voltage];\r
\n :local current [/system health get current];\r
\n :local powerCons [/system health get power-consumption];\r
\n :local temp [/system health get temperature];\r
\n :local cpuTemp [/system health get cpu-temperature];\r
\n :local fanSpeed [/system health get fan1-speed];\r
\n :local healthData "voltage=$voltage&current=$current&power_consumpt
ion=$powerCons&temperature=$temp&cpu_temperature=$cpuTemp&fan_speed=$f
anSpeed"\r
\n :set dataParams ( $dataParams . "&" . $healthData);\r
\n} on-error={ :put "Collecting Health error"};\r
\n\r
\n:put "Collecting Bridge data…"\r
\n:local bridgeData; :local bridgeHostCount; :local bridgeDataItem;\r
\n:do {\r
\n :set bridgeHostCount [/interface bridge host print count-only];\r
\n :set bridgeData "bridge_host[bridge]=ALL&bridge_host[count]
=$bridgeHostCount"\r
\n\r
\n :foreach i in=[/interface bridge find] do={\r
\n :local bridgeName [/interface bridge get $i name];\r
\n :local bridgeNameEncoded [$wmUrlEncode $bridgeName];\r
\n :set bridgeHostCount [/interface bridge host print count-only w
here bridge="$bridgeName"];\r
\n :local bridgeDataItem "bridge_host[bridge]=$bridgeNameEncode
d&bridge_host[count]=$bridgeHostCount"\r
\n :set bridgeData ( $bridgeData . "&" . $bridgeDataItem);\r
\n }\r
\n :set dataParams ($dataParams . "&" . $bridgeData);\r
\n} on-error={ :put "Collecting Bridge error"};\r
\n\r
\n:put "Collecting IP data…"\r
\n:local routerData; :local ipRouteCount; :local ipARPCount; :local ipPool
UsedCount; :local ipFwCount;\r
\n:do {\r
\n :set ipRouteCount [/ip route print count-only];\r
\n :set ipARPCount [/ip arp print count-only];\r
\n :set ipPoolUsedCount [/ip pool used print count-only];\r
\n :set ipFwCount [/ip firewall connection print count-only];\r
\n :set routerData "ip_route_count=$ipRouteCount&ip_arp_count=$i
pARPCount&ip_pool_used_count=$ipPoolUsedCount&firewall_connection_count=
$ipFwCount"\r
\n :set dataParams ($dataParams . "&" . $routerData);\r
\n} on-error={ :put "Collecting IP error"};\r
\n\r
\n:put "Collecting Routing data…"\r
\n:local routingData; :local bgpPeerCount; :local ospfNeighborCount;\r
\n:do {\r
\n :set bgpPeerCount [/routing bgp peer print count-only];\r
\n :set ospfNeighborCount [/routing ospf neighbor print count-only];\r
\n :set routingData "bgp_peer_count=$bgpPeerCount&ospf_neighbor_
count=$ospfNeighborCount"\r
\n :set dataParams ($dataParams . "&" . $routingData);\r
\n} on-error={ :put "Collecting Routing error"};\r
\n\r
\n:put "Collecting VPN data…";\r
\n:local vpnData; :local vpnPppCount; :local vpnIpsecPeerCount; :local vpn
IpsecPolicyCount;\r
\n:do {\r
\n :set vpnPppCount [/ppp active print count-only];\r
\n :set vpnIpsecPeerCount [/ip ipsec remote-peers print count-only];
\r
\n :set vpnIpsecPolicyCount [/ip ipsec policy print count-only];\r
\n :set vpnData "ppp_active_count=$vpnPppCount&ipsec_rem
ote_peer_count=$vpnIpsecPeerCount&ipsec_policy_count=$vpnIpsecPolicyCoun
t";\r
\n :set dataParams ( $dataParams . "&" . $vpnData);\r
\n} on-error={ :put "Collecting VPN error"};\r
\n\r
\n:put "Collecting DHCP data…";\r
\n:local dhcpData;\r
\n:do {\r
\n :local leaseCount [/ip dhcp-server lease print count-only];\r
\n :set dhcpData "dhcp_server_lease[server]=ALL&dhcp_server_leas
e[count]=$leaseCount";\r
\n\r
\n :foreach i in=[/ip dhcp-server find] do={\r
\n :local serverName [/ip dhcp-server get $i name];\r
\n :local serverNameEncoded [$wmUrlEncode $serverName];\r
\n :local leaseCount [/ip dhcp-server lease print count-only wh
ere server="$serverName"]\r
\n :local dhcpDataItem "dhcp_server_lease[server]=$serverName
Encoded&dhcp_server_lease[count]=$leaseCount"\r
\n :set dhcpData ( $dhcpData . "&" . $dhcpDataItem);\r
\n }\r
\n\r
\n :set dataParams ( $dataParams . "&" . $dhcpData);\r
\n} on-error={ :put "Collecting DHCP error"};\r
\n\r
\n:put "Collecting Wireless data…";\r
\n:local wirelessData; :local wirelessDataItem;\r
\n:do {\r
\n :local wirelessCount [/interface wireless registration-table print
count-only];\r
\n :set wirelessData "wireless_registration[interface]=ALL&wirel
ess_registration[count]=$wirelessCount";\r
\n\r
\n :foreach i in=[/interface find type=wlan] do={\r
\n :local wirelessName [/interface get $i name];\r
\n :local wirelessNameEncoded [$wmUrlEncode $wirelessName];\r
\n :local wirelessCount [/interface wireless registration-table
print count-only where interface="$wirelessName"]\r
\n :set wirelessDataItem "wireless_registration[interface]=$wireles
sNameEncoded&wireless_registration[count]=$wirelessCount";\r
\n :set wirelessData ( $wirelessData . "&" . $wirelessDataItem);\r
\n }\r
\n :set dataParams ( $dataParams . "&" . $wirelessData);\r
\n} on-error={ :put "Collecting Wireless error"};\r
\n\r
\n:put "Collecting CAPsMan data…";\r
\n:local capsmanData; :local capsmanDataItem;\r
\n:do {\r
\n :local capsmanCAPCount [/caps-man remote-cap print count-only];\r
\n :local capsmanRegisCount [/caps-man registration-table print count-
only];\r
\n :local capsmanRadioCount [/caps-man radio print count-only];\r
\n :set capsmanData "capsman_remote_cap_count=$capsmanCAPCou
nt&capsman_registration[interface]=ALL&capsman_registration[count]=$c
apsmanRegisCount&capsman_radio[interface]=ALL&capsman_radio[count]=$c
apsmanRadioCount";\r
\n\r
\n :foreach i in=[/interface find type=cap] do={\r
\n :local capsmanName [/interface get $i name];\r
\n :local capsmanNameEncoded [$wmUrlEncode $capsmanName];\r
\n :local capsmanRegisCount [/caps-man registration-table print count
-only where interface="$capsmanName"]\r
\n :local capsmanRadioCount [/caps-man radio print count-only where i
nterface="$capsmanName"]\r
\n :set capsmanDataItem "capsman_registration[interface]=$capsmanNa
meEncoded&capsman_registration[count]=$capsmanRegisCount&capsman_radio[
][interface]=$capsmanNameEncoded&capsman_radio[count]=$capsmanRadioCou
nt";\r
\n :set capsmanData ( $capsmanData . "&" . $capsmanDataItem);\r
\n }\r
\n :set dataParams ( $dataParams . "&" . $capsmanData);\r
\n} on-error={ :put "Collecting CAPsMan error"};\r
\n\r
\n:put "Collecting Hotspot data…";\r
\n:local hotspotData; :local hotspotDataItem;\r
\n:do {\r
\n :local cookieCount [/ip hotspot cookie print count-only]\r
\n :local activeCount [/ip hotspot active print count-only]\r
\n :local hostCount [/ip hotspot host print count-only]\r
\n :set hotspotData "hotspot_cookie_count=$cookieCount&hotspot
_active[server]=ALL&hotspot_active[count]=$activeCount&hotspot_host
[server]=ALL&hotspot_host[count]=$hostCount";\r
\n\r
\n :foreach i in=[/ip hotspot find] do={\r
\n :local serverName [/ip hotspot get $i name];\r
\n :local serverNameEncoded [$wmUrlEncode $serverName];\r
\n :local activeCount [/ip hotspot active print count-only where
_server="$serverName"]\r
\n :local hostCount [/ip hotspot host print count-only where s
erver="$serverName"]\r
\n :set hotspotDataItem "hotspot_active[server]=$serverNameEnc
oded&hotspot_active[count]=$activeCount&hotspot_host[server]=$server
NameEncoded&hotspot_host[count]=$hostCount"\r
\n :set hotspotData ( $hotspotData . "&" . $hotspotDataItem);\r
\n }\r
\n\r
\n :set dataParams ( $dataParams . "&" . $hotspotData);\r
\n} on-error={ :put "Collecting Hotspot error"};\r
\n\r
\n:put "Collecting Interface data…";\r
\n:do {\r
\n /interface monitor-traffic aggregate once do={\r
\n :local aggregateData "traffic=aggregate||0||aggregate||$"tx-bit
s-per-second"||$"rx-bits-per-second"||$"tx-packets-per-second"||$
"rx-packets-per-second""\r
\n :set dataParams ( $dataParams . "&" . $aggregateData);\r
\n }\r
\n\r
\n :set dataParams ( $dataParams . "&" . [$wmInterfaceMonit "ether"
]);\r
\n :set dataParams ( $dataParams . "&" . [$wmInterfaceMonit "wlan"]
);\r
\n :set dataParams ( $dataParams . "&" . [$wmInterfaceMonit "cap"])
;\r
\n} on-error={ :put "Collecting Interface error"};\r
\n\r
\n:put $dataParams;\r
\n\r
\n:local finalURL "https://septudio.com/mik_push_stats"\r
\n/tool fetch url="$finalURL" http-method=post http-data="$dataParams
" mode=https keep-result=no\r
\n”
/tool graphing interface
add interface=combo1
add interface=sfp-sfpplus1
add
add
/tool traffic-monitor
add interface=combo1 name=tmon1 threshold=0 traffic=received

The “# DHCP server can not run on slave interface!” is a hint that the configuration is incorrect - you shouldn’t assign IP addresses / connect services to members of a bridge, some things work and some things do not in random ways. There is also a dhcp client attached the interface you have a dhcp server on (it may be disabled, offhand I can’t remember if the non-verbose export doesn’t display disabled=yes or disabled=no).

Other than that, possibly the hotspot firewall rules as you don’t appear to have any forward allow established,related rules, and also specifically block all addresses at the end of /ip hotspot ip-binding. You could add some firewall logging rules for specific packets, e.g. ICMP from a particular external IP you can send pings from, at various points in the firewall chain to see what is capturing the traffic.