I’m slowly learning more and more about RouterOS, my hap ac2, and networking in general (with much thanks to this forum).
I currently have everything up and running with the default IP address (192.168.88.0/24). I would prefer to set this to something custom (within the reserved private IP address range) and from what I understand could potentially save me some conflicts down the road, and will just get more complicated to change as I add to and customize my network.
Should I pause now and and try to make the change, possibly starting setup from scratch if I must, or is this less of an issue than I believe?
It depends.
There´s basically nothing speaking against using the default range - but when it becomes likely that you interconnect with other networks that may be in the same subnet (i.e. deploy a MikroTik network for a friend of yours and set up tunnels between them and your network to service them), it might be wise to have a subnetting plan ready. It might also help when you keep adding MikroTik gear to your local network - 192.168.88.1 can´t cause mac address conflicts in your existing network.
To make sure your transition to another subnet runs smoothly, I recommend doing it this way:
First, add the new IP to your LAN-facing interface (Let´s say 172.17.100.1/24 for example)
Then add 172.17.100.0/24 with the appropriate new info to dhcp/networks
Add a fresh pool to /ip/pool, probably 172.17.100.50-172.17.100.200
change your default dhcp-server pool from “default” to the new pool.
Make sure to check your firewall rules, especially NAT, to cover both networks.
Go ahead with your local devices having a static IP configured and change it to the new range.
Wait until all old dhcp leases in 192.168.88.0/24 have expired
Remove 192.168.88.1 from your LAN-facing interface.
Remove 192.168.88.0/24 from your firewall rules.
Finally getting around to this and had two more question I believe:
My firewall rules are the ones set in place by the Quick Set configuration and looking through them (including NAT) the local IP address are not listed anywhere. I’m pretty sure this means that none of these need to be changed?
My IP>Routes do have a route from 192.168.88.0/24 to my bridge. I would need to create a bridge for the new address, correct?
Nevermind, the route was created automatically after adding the addresses.
I’ve basically gone through everything looking for anywhere it referenced 192.168.88.* and I think the list Chris made, plus the Route is everything.
Very slowly this is starting to make more sense…Thanks a lot!
Yes, worth it because I have multiple MT routers connected. Did change the DHCP subnet several times, years ago, but am missing something this time because when the leases run out, and all the clients are on the new subnet, winbox closes. When it opens again the devices are on the former IP subnet. Is there a time when Safe Mode must be off? I operate a lot in Safe Mode after being forced to revert to factory defaults many times.
Safe mode must be off whenever management connection, which enabled safe mode, breaks for legitimate reason. E.g. when you manually close connection (winbox might ask you about disabling safe mode before that, I don’t know about that) or when connection breaks due to planned changes in ROS device configuration.
When IP address of client machine (e.g. the one where winbox is running) changes, this inevitably causes winbox connection to break. And similarly when IP address of router changes. I guess that if one uses MAC connection from winbox to router, then connection might survive (but it might not, client’s network interface needs IP address for winbox to work even in MAC address, it just doesn’t matter what the IP address is … and I don’t know what change of IP address means for ongoing MAC connection).
Well, it happened again. With Safe Mode off I followed the three steps to change the IP subnet, after the leases updated (visible in winbox) to the new subnet, winbox lost contact with the router and the router lost connectivity to the Internet. For the umpteenth time I rebooted to factory defaults because I couldn’t reach the router over the LAN.
Some details: after I lost contact with the router it gave out DHCP IPs in the new subnet, visible on my notebook as I disconnected and connected eth0 and wlan with openSuse network manager. Firefox reported “no route” to the router (connected directly via Enet cable at 1 Gbit/s) on either the old or new subnet.
There seems to be some step or condition that I’m missing. Any precautions to take for the firewall? What more information can I provide?
And thanks.
Use winbox and connect using MAC address. I do it all the time like that when needing to change IP related stuff. Especially a device like mAP Lite with only 1 ether port is pretty sensitive for that. MAC access only for me when I set up such a little bugger.
Never got locked out (correction: not for that reason )
Or remove one ether port from bridge, assign IP address and small DHCP server/pool for your computer and use that connection to configure device.
Tried to set up eth3 as 10.10.10.0 with a DHCP server, subnet address added to address list, and router eth3 removed from bridge. Net manager on notebook says IP config not available on eth0, which is cabled to eth3 of the router. Notebook fails to ping 10.10.10.1. Is there an “everyone knows” assumption that I don’t know here?
Could not connect from notebook to router using router’s MAC address.
Thank you in advance.
This was one of the best earliest tips I came across. First thing I usually do with new configuration is export the configuration, use Notepad++ to change every 192.168.88 to something else, upload again and reset with no configuration but run the modified. script.
One should note that neighbour discovery is the helpful key to making this work really well across multiple MT devices on the trusted Subnet ( aka ensure that trusted subnet is in interface list and that interface list is in neighours discovery). I believe the default is LAN, but as soon as multiple users and subnets get added, its best to only use the trusted subnet and make that subnet into its own interface list.
Still missing something. Following suggestions:
Set up eth3 on hap ac lite (g/w router) with DHCP server for 10.10.10.0/24. Added 10.10.10.0/24 to the Address List for eth3. Wired that port directly to a notebook (openSuse 15.5) where I started WinBox. Notebook also connected via its wlan0 to router. Notebook shows IP 10.10.10.124 on eth0, but ping from notebook to 10.10.10.1 says Destination Host Unreachable. Notebook can ping 10.10.10.124, its own address.
WinBox does not see Neighbor, after clicking on Refresh, but g/w router can ping back to notebook on 10.10.10.124. New WinBox on notebook can’t connect to router using MAC address of eth3. Torch on eth3 shows discovery packets and constant stream from notebook to 10.10.10.255:20561 with no response from 10.10.10.1.
If I disconnect wlan0 on the notebook, leaving only eth0 between notebook and g/w router, WinBox quits, then times out when trying connection to 10.10.10.1 or the default ..88.1. Can’t ping from notebook to ..88.1. Internet connectivity is lost.
Connecting wlan0 restores internet connectivity and WinBox opens on ..88.1.
Thanks again for sticking with me. Hope you can point out what I’m missing.
Mea culpa.
Found a typo in the address range for one of the IP pools. With that corrected and lease hold time set to one minute, transition to new subnet completed quickly.
)