My network is running perfectly with all my devices on the 192.168.1.*.
Unfortuanately I now have 1 important device that cannot run on anu other IP then 192.168.2.254.
What would be the best way to do this ?
I have tried adding the address to the bridge setup: Add 192.168.2.250/24 / Network 192.168.2.0. This does not seem to work
I have tried creating a different bridge, and adding the eth8 port to it (That has the device attached). This does not seem to work.
Conceptually I know something about this stuff but have nother done this, I would appreciate some help.
If your current subnet is on ethernet1, just connect the “device” to ethernet2 and give it an address from 192.168.2.0/24 and make it a default gateway for the subnet
Thanks, that sounds a lot easier then I thought it would be…
What I did now:
I added eth8 to bridge-local (to make sure the port works at all)
The device is using 192.168.2.254 so that should be good.
I think I am missing something with respect to your last sentence:
and make it a default gateway for the subnet
What do you mean here? I know what a default gateway is, is this something I need to setup in the router or do you mean on the device side ?
anav
February 14, 2023, 12:44pm
4
You dont even need a new bridge…
(1) Take it off the original bridge.
(2) Make the following entries:
/interface ethernet
(2) Go into dhcp leases and enter the mac address of your device and assign it to 192.168.2.254 ( set as static )
(3) Whatever firewall rules and interfaces list changes are required should be made if any.
Thanks, that sounds a lot easier then I thought it would be…
What I did now:
I added eth8 to bridge-local (to make sure the port works at all)
The device is using 192.168.2.254 so that should be good.
I think I am missing something with respect to your last sentence:
and make it a default gateway for the subnet
What do you mean here? I know what a default gateway is, is this something I need to setup in the router or do you mean on the device side ?
the IP address that you will give to ethernet2 is 192.168.2.1/24 then it has to be default gateway for your “device” at 192.168.2.254
The device is not using dhcp (and I am not using dhcp server of mikrotik at all), does that mean all I need to do is:
(1) Take it off the original bridge (meaning: the device is no longer part of a bridge)
(2) Make the following entry
If thats it then something is not working yet, so I should look at:
(3) Whatever firewall rules and interfaces list changes are required should be made if any.
I have nothing in interface list, which means the issue would lie in the firewall rules… I do not think I am doing anyther particular here to block something..
anav
February 14, 2023, 1:08pm
7
Then it looks like all you need is the IP address assignment to the subnet =192.168.2.1/24 interface=FixedDevice-eth4 network=192.168.2.0 and it should work.
The device is not using dhcp (and I am not using dhcp server of mikrotik at all), does that mean all I need to do is:
(1) Take it off the original bridge (meaning: the device is no longer part of a bridge)
(2) Make the following entry
If thats it then something is not working yet, so I should look at:
(3) Whatever firewall rules and interfaces list changes are required should be made if any.
I have nothing in interface list, which means the issue would lie in the firewall rules… I do not think I am doing anyther particular here to block something..
as I said, give the IP address to the interface, connect your “device” and be sure that it has correctly set DG
I do not understand what you mean by “FixedDevice-eth4”. I do not see an option to create this…
What I did was:
/ip address
Is that not correct ?
If it is… then there must be something in the firewall blocking something, because it is not working…
anav
February 14, 2023, 1:15pm
10
sorry satman you were bang on… i was focused on why second bridge…@OP , you really dont have a clue about MT configurations do you.
ex.
Not required just a suggestion.
@OP we are not mind readers, regarding other possible config issues. You didnt provide the full config!~~
Actually I halfly wrote some lines in my previous message stating that that “fixed” device sounded like some kind of alias ? And why that was necessary… I removed it to avoid sounding disrespectfull..
But you are correct, this is my first try doing something like this… have done various stuff in mikrotik and have always found my way using forums and manual, bit at a loss here..
I basically did what was advised (And some other things) but it is not working, leading me to thinking there must be something in the firewall rules.. Cannot locate it though..
Thanks for the help on this, and any tips are appreciated !
anav
February 14, 2023, 1:20pm
12
yup
/export file=anynameyouwish ( minus router serial number and any public WANIP information )
Actually I halfly wrote some lines in my previous message stating that that “fixed” device sounded like some kind of alias ? And why that was necessary… I removed it to avoid sounding disrespectfull..
But you are correct, this is my first try doing something like this… have done various stuff in mikrotik and have always found my way using forums and manual, bit at a loss here..
I basically did what was advised (And some other things) but it is not working, leading me to thinking there must be something in the firewall rules.. Cannot locate it though..
Thanks for the help on this, and any tips are appreciated !
“it does not work” means nothing !!!
sit behind your “device” on 192.168.2.254 and try to ping 192.168.2.1… then try to ping 192.168.1.x (whatever is the router address on the first subnet)
O.K.?
btw, you are answering the wrong guy… I did not comment on your experience at all…
Satman: woud love to do some diagnostics, but the only thing I can do is see if I get a webpage back, unfortunately I cannot sit behind it and ping. I am not getting the page, hence my “it does not work”. Thanks for the tips though !
Anav: thanks for the help, config below !
feb/14/2023 14:54:41 by RouterOS 6.49.7
software id = 0B7Q-V6ZW
model = RB4011iGS+5HacQ2HnD
serial number = B8E00A9775F8
/interface bridge@internet
<REMOVED OLD ADDRESSES (NO LONGER USED, DHCP SERVER IS DISABLED>
/ip dhcp-server network
anav
February 14, 2023, 2:39pm
15
Very confusing…
DO you have quadruple play? —> internet/IPTV/VOIP/UNK OTHER
you have four vlans associated to ether1 ???
pppoe is related to vlan6
Dont get why two identical pools…add name=dhcp_pool2 ranges=172.16.0.2-172.16.0.254
This interface on /interface bridge port settings has NO BRIDGE assignmentadd interface=Guest
You have assigned vlans to Bridge-tel and not etherports or wlans, may be incorrect!!!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
As to the device in question… lets look/ip addressadd address=192.168.2.1/24 interface=ether8 network=192.168.2.0 { good! }
The firewall rules are horrible, at least the input chain…convoluted messy and not in any particular order.ZERO forward chain rules ??? UNSAFE .
Also, your device is not noted in any sourcenat rules…if applicable add action=masquerade chain=srcnat comment=
Actually I halfly wrote some lines in my previous message stating that that “fixed” device sounded like some kind of alias ? And why that was necessary… I removed it to avoid sounding disrespectfull..
But you are correct, this is my first try doing something like this… have done various stuff in mikrotik and have always found my way using forums and manual, bit at a loss here..
I basically did what was advised (And some other things) but it is not working, leading me to thinking there must be something in the firewall rules.. Cannot locate it though..
Thanks for the help on this, and any tips are appreciated !
“it does not work” means nothing !!!
sit behind your “device” on 192.168.2.254 and try to ping 192.168.2.1… then try to ping 192.168.1.x (whatever is the router address on the first subnet)
O.K.?
btw, you are answering the wrong guy… I did not comment on your experience at all…
It would be mush easier if you set the context earlier and give us more details..
Thanks for your time, I really appreciate it.
It is indeed television, internet and telephony, all working fine (the duplicate ip range however is indeed wrong)
Everything inside is open bit from the outside all is closed (fully stealth in tools like shields-up by GRC), so no worries there. Basically nothing from outside in is allowed but for a very few specific ports.
I will dive into the documentation again and try to work things out, not to good an experience but it has worked before and hey, I might learn something.
Thanks again !
Make sure you set 192.168.2.1 as the default gateway on the device. This will allow that device to know where to look to find all your other clients. Just like how all your other clients will look at the default gateway (the IP address of this Mikrotik) and will be able to see the 192.168.2.0 network and the rest of the internet.
Can you ping 192.168.2.1 from one of your clients?
In the firewall I am basically:
accepting port 161 (snmp)
dropping icmp from the wan side
allowing outside traffic from existing sessions
allowing outside raffic from related sessions
then dropping all other tcp and udp
The block was doubled though… Correct that that was not nice (second block was not doing anything, but thanks, I will clean that up..)
anav
February 14, 2023, 3:18pm
20
That explains 3 of the four vlans, what is the fourth one for ( VLAN4, VLAN5, VLAN6, VLAN7 )
