Ubiquiti behind Mikrotik

dancho · December 9, 2013, 10:29pm

here is the deal.

NSM5—NSM5__Omnitik__SXT—SXT__RB1100ahx2(pppoe server)__SXT—SXT__Omnitik__NSM5—SXT

everything is in singe bridge with IP 172.16.16.1/22
from first NSM5 I can access every mikrotik in this configuration but can not access any NS after that RB1100ahx2. I can ping them tho but can not open with browser. What am I missing? I’ve read there is something with NAT? Can you please tell me what to do?

plisken · December 10, 2013, 1:03pm

Describe the situation better or make a drawing,
what will you do

Have you logged in with https on the ubiquiti’s

dancho · December 11, 2013, 7:14pm

http://picpaste.com/pics/Untitled-0LKQdBs2.1386794923.png

I can access everything that is green.
I can not access everything that is red.
I can ping everything on that picture from my NS5.
Anything else you need?

troy · December 11, 2013, 7:41pm

Green? Red? where… I don’t see a picture.

You say you can ping… what size packets? Try a 1500 byte packet and see what happens… my guess is that you have an MTU issue somewhere along the way, most likely with one of the UBNT devices, which is limited to 1500 bytes out of the box. Raise the MTU to 1600, and you should be good to go.

Good luck!

dancho · December 11, 2013, 8:52pm

now? can you see it?
I can access first nanostation but not last. both nanostations same config. and yes MTU is set to 1500. it is default.

troy · December 11, 2013, 9:26pm

heh.. yeah, I see it now. It does indeed smack of an MTU problem. Ping with full sized packets and figure out which devices will need some extra room.

dancho · December 16, 2013, 2:38pm

news on this.
I just saw that in the picture that I’ve already posted I can access all those mikrotiks because I was opening them via MAC. Now if I try to open them via IP I got the following:

I can ping everything with full sized packets.

dancho · December 19, 2013, 3:12am

bump

deejayq · December 24, 2013, 11:07am

if you connect to the rb1100 can you ping from it the sxt connected in port 3?

Petzl · December 27, 2013, 9:31am

We use WDS mode for ubiquity, if you do client and ap mode , the device wil do some sort of Natting …

dancho · December 29, 2013, 8:23pm

deejayq: yes I can ping any IP on the network.

Petzl: we are using WDS too.

plisken · December 29, 2013, 8:37pm

Have you try with https ?

dancho · December 29, 2013, 8:53pm

tried with enabled https and with disabled https on ubiquiti devices. no luck

plisken · December 29, 2013, 9:06pm

Are you sure about your subnet?

First say you:everything is in singe bridge with IP 172.16.16.1/22
Later speak you from everything is in single bridge with IP 172.16.16.1/24

Maby a mistake in subnets in the devices

dancho · December 31, 2013, 12:57am

sorry about that. it is /22 but even if it was /24 it should not be a problem. and even I made somewhere mistake and put 24 instead of 22 it should work. I guess… :S