My QUESTION: Why does RouterOS insist on setting Ether1 as a WAN port?
The RouterOS performs this conversation behind the scenes and doesn’t update the GUI after this automatic dynamic change which kills the management IP connection. There is NO GUI update of this dynamic behind the scenes change.

I have 2 MikroTik routers (CHR) setup in a virtual environment - mostly for learning research of RouterOS.

I start with System, Reset configuration, No Default Configuration and Do Not Backup.
I set these 2 devices -(SW-1 and SW-2) in Bridge-Mode, created Access vlans and a Trunk port between them. Oracle VB GUI -by default- only allows 4 interfaces within the GUI.

• Management is setup on Ether1
• Access Vlan20 is on Ether2
• Access Vlan30 is on Ether3
• Trunk (vlan 20 and 30) on Ether4

Layer-2 bridging initially works until the RouterOS makes a dynamic behind the scenes change (about 5 minutes).
I change Ether1 to LAN. If I assign the management IP address to the Ether1 LAN port RouterOS will dynamically change it to Ether2 and Ether1 to WAN. Hello, this is Layer-2.
To Fix: On the CLI create a new bridge to Ether1 and set the IP address to the new bridge but even then Interfaces, Interface List tab still insists Ether1 is WAN.

Juniper_Router1----MikroTik_SW-1------MikroTik_SW-2----Juniper_Router2

If you really reset configuration without keep old config and without set defaults, WAN group on interface list do not exist,
If you really reset configuration without keep old config and without set defaults, “detect internet” is disabled
If you really reset configuration without keep old config and without set defaults, the subsequent errors can be caused only from your settings.

Post
/export hide-sensitive
on forum
and let’s us to see the config.

From the Winbox client, followed MikroTik First Time Configuration for reset and Configure IP Access.- Nothing more as I did not progress past DHCP bla bla bla.

https://help.mikrotik.com/docs/display/ROS/First+Time+Configuration

See attachment of results

Notice even though I assigned the IP management address to Ether1, RouterOS assigned it to Ether2. Yikeeeeesssssss.

Thank you for your assistance
Frank

Short answer: because you configured it to do so.
And yes, post a config export.
That’s not how a clean config looks like.
You had https://wiki.mikrotik.com/wiki/Manual:Detect_internet enabled at some point.

L e t m e s p e l l i t o u t s l o w l y!!!

/export hide-sensitive file=anynameyouwish

It appears even though I clicked on the No Default Configuration and Do Not Backup and did not select the box for Keep User Configuration these built-in options do not actually work. Or perhaps the wording does not actually mean start from scratch with NO Configuration.

???

Thanks again
Frank

OK, so I reinstalled the OS again and the basic out of the box config is this:

[admin@MikroTik] > /export hide-sensitive

aug/04/2021 17:11:39 by RouterOS 6.47.10

software id =

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add disable=no interface=ether1
[admin@MikroTik] >

I guess the public MikroTik document that instructs the user on how to enable IP access is possible creating the failures. (url link provided previously).

Thanks
Frank

AFAIR CHR does not come with the default configuration that RouterBoards come with.
It only has a dhcp-client configured on ether1 and that’s it (as shown on your latest export).

The default configuration on RouterBoards, does indeed consider ether1 as the ‘WAN’ port.
But there is nothing stopping you from making whatever port you want as the ‘WAN’ port.
It doesn’t mean anything anyway. RouterOS just routes packets between ports. From its point of view there is no WAN or LAN. Just ports.

There is an earlier statement on this issue (well.. slightly related issue) from staff:


http://forum.mikrotik.com/t/chr-problem-with-dhcp-client-after-reboot/116337/18

DHCP client is required on CHR installations since most of cloud services provide only access through IP address and you do not have direct access to console.

In order to make it happen, CHR checks if there is an IP address on ether1 interface or on bridge if ether1 is in it. If there is no IP address or DHCP client, then one is created automatically.

If client is disabled, then still new one will be created in case it was disabled by accident.

If there is a static IP address on ether1 (or bridge) new DHCP client will not be added.

In your config, you have set no IP on ether1. So adding a (bogus) IP on ether1 should fix this behavior.

Only the SoHo models. The CCR, RBxxxx (does RB4011 do this?) and CRS lines don’t do this. I think CHR doesn’t do it too.

Here’s what’s happening
Within Oracle VB, I assigned management PC to Adapter1 to MikroTik Ether1 via a Bridged connection
Start MikroTik CHR with base-line factory default configuration
On MikroTik:
Create a bridge (SW-1) and assign Ether1 to this bridge (SW-1)
Assign my management IP to the bridge SW-1 and interface Ether1.
IP, Routes, Add a route to next-hop of inside router, which MikroTik reports as reachable. (here I mistakenly referred to this route a STATIC route but clearly this is not STATIC as RouterOS has a behind the scenes dynamic feature about these statically added entries).

When I assign the gateway IP address within the Quick Set dialog box - (I guess a CLI command is also available) - for the next hop router which happens to be off of Ether2, it changes my configuration of bridge SW-1 to Ether2 (CLI ip address print) and assigns Ether1 as WAN (GUI). Additionally HOWEVER RouterOS does not update the GUI dialog boxes of the SW-1 to Ether2. There seems to be a disconnect between the CLI and GUI at this point.

It appears the software is designed to think it knows better and I guess to overcome user misconfigurations without any warning or notice just changes the configuration and fails to update GUI. Very Interesting.

Maybe it’s just me -
Thanks
Frank

Do not, I repeat, DO NOT use Quick Set. THIS is the source of your problems. It will assume several things, and WILL steamroll over any config You already have.

Ahhhh THANK YOU. Noted!!!

Any other tips???

I guess to set a gateway I should use the cli and in fact I guess I should just use the CLI for all configurations.
Thank you
Frank

Yes, when you ask for help, explain everything in the first post, so that it is not necessary to do an "interview with users"®

You can use the CLI to set the gateway. Winbox and webfig work too.

Ok I think I have it figured out!!!


MGT PC---------------------Bridged----------MikroTik Ether1
:
Router------192.18.10.0/24------------------MikroTik Ether2

Using the GUI
Ether1 connected as Bridged Adapter 1 within Oracle Virtual Box (The intent is to change this interface to the up streams router where Ether2 is currently sitting)
Ether2 is sitting on the upstream routers subnet
Ether3 is down
Ether4 is down

Reset config via GUI
System, Reset Configuration, check box: No Default Configuration, check box: Do Not Backup, Click on: Reset Configuration button

Reset config via CLI
/system reset-configuration no-defaults=yes skip-backup=yes

Setup IP Management of bridge (switch)
Bridge, Bridge tab, +, Enter bridge name (I used SW-1)
Bridge, Ports tab, +, Select interface ether1, bridge SW-1
IP, Addresses, +, 192.168.10.252/24 interface SW-1

IP, Routes, +, Dst. Address 192.168.2.0/24, Gateway 192.168.10.1, ok button

Ok here is where things go wrong.
Because RouterOS is able to communicate with the upstream router on Ether2 and not on Ether1, RouterOS dynamically modifies the configuration and as I pointed out before, NO NOTICE and NO GUI UP DATES. RouterOS sets the gateway address to Ether2. This change can be seen in the CLI output only- ip address print or also with the export command. The Changes are not updated within the GUI.

ip address print
Flags: X - disable, I - invalid, D - dynamic

ADDRESS NETWORK INTERFACE

0 192.168.10.252 192.168.10.0 ether2

–or–
export
…
/ip address
add address=192.168.10.252/24 interface=ether2 network=192.168.10.0

Once Ether2 is able to communicate with the up stream router you cannot change this route unless you create an alternate interface that can communicate with the up stream router. After you add the new interface and the new interface is able to communicate with the up stream router, you can remove Ether2 from your configuration. You can successfully ping this MikroTik CHR bridge from the up stream router. However, the MikroTik cannot ping anything nor can you connect to it.

I setup a 2nd MikroTik CHR with my new CLI commands (shown below) and it worked as expected. I compared both configurations (working and broken) and the only differences were IP addresses of the management IP. Once I reset the configuration on the broken box and reset via CLI, all worked as expected but I spent most of today figuring this out. Keep in mind this is only to allow you to connect to the remote MikroTik bridge and start configurations which I have sadly not figured out yet. Hope this help you!!

And ol yea, I did reboot and power off multiple times, but to no avail.

#######################################

Name your MikroTik bridge

#######################################
/system identity set name=SW-2

#######################################

Bridge, create bridge and assign interface

#######################################
/interface bridge add name=SW-2
/interface bridge port add bridge=SW-2 interface=ether3

#######################################

IP Addressing & Routing

#######################################
/ip address add address=192.168.10.252/24 interface=SW-2

Up stream router IP address

/ip route add distance=1 gateway=192.168.10.1

Hope you have a great day!!
Frank

You are correct.

RB4011 does have the standard default configuration as other SoHo models.

Questions arise:

1. What is the real problem with Eth1 as default WAN?
2. Should the router ask “What interface you want to be WAN”?
3. If the answer for 2 is “yes” what are pros for such a solution?
4. Does it really matter what port you connect WAN cable to? Except aesthetic reasons.

It is not “insisting”. IMHO It was just naturally chosen for uniformity as most routers have Eth1 but not all have Eth2, Eth3 and more ports.

Well, actually on some models it is not the best to use port 1 for WAN, e.g. the older CCR1009 series (with switch on port 1-4) and the RB1100.
However, those models do not come with that default config that assumes ether1 is for WAN.

The only thing I have seen in those and in CHR is the DHCP client on ether1 that keeps coming back. Probably done to help newbies to access a completely new router without having to use console port or MAC access, but it is a bit of a drag when you want to /import a saved configuration on a completely cleared router.
Always have to remember to remove that and then quickly do the import.

I know that you know that I know but there is no win-win choice when it comes to SOHO-like market.
Pros are aware how to manage such a situation.
Newbies/SOHOs look for the second bottom/hidden agenda instead of changing setting to their needs.

P.S.
Why some models have particular port described as “Internet”?
Why Mikrotik “insist” on serving PoE-out on the last port of a switch?
Why PoE-in usually works on Eth1 not on e.g. Eth3?
And so on …