Community discussions

 
49er
Member
Member
Topic Author
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

ether1: Probably look (How to solve?)

Mon Jun 19, 2017 10:57 am

Hi,

I have an Omnitik 5AC and use it for Point 2 Multipoint connection.
Masterport is ether1 (slave ports ether2-5)
WDS for Multipoint links (SXT)

Now I see every minute a log error about probably loop on ether1.
WDS is add to bridge.

If it make more sens I can also post my config that I have on the Omnitik.
Please let me know.

Now If I try tp ping -t the omnitik I see a lot of packet lost.
 
gbudny
just joined
Posts: 12
Joined: Tue Feb 09, 2016 10:57 am
Location: Poland, Katowice

Re: ether1: Probably look (How to solve?)

Wed Jun 21, 2017 1:33 pm

Hi,

Could you please provide a config ?

It means that loop exists in the network.
Packet data loss is caused due to broadcast storms.
Loop may be caused by physical short ports connection or something is wrong with config.

Regards
Grzegorz
Best Regards
Grzegorz Budny
 
49er
Member
Member
Topic Author
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

Re: ether1: Probably look (How to solve?)

Wed Jun 21, 2017 2:13 pm

Thanks for your reply.
Below the config of the device.

Ether1 is connected to a CRS125 switch
Ether 1 is a trunk port on the CRS125 switch.
On ether2 of the Ominitik AC there is a printer connected.
WiFi is voor P2MP links to other sites.
I noticed that if I bind VLAN-LAN_MGMT to ether1 instead of BRIDGE01 than the Loop is gone but than I can't also not reach the other ends of the P2MP connections.

Here is the config of the Omnitik.

# Installation SW07 (RB-OMNITIK 5 AC)
# AP BRIDGE
# Set the identity
/system identity set name="SW07 - Ring 225"

# Create a group of switch ports (Switch chip 1)
/interface ethernet
set numbers=1,2,3,4 master-port=ether1

# Create a bridge
/interface bridge
add name=BRIDGE01

# Create the needed VLANs
/interface vlan
add name=VLAN_LAN_MGMT interface=BRIDGE01 vlan-id=9
add name=VLAN_LAN_DATA interface=BRIDGE01 vlan-id=10
add name=VLAN_WLAN_DATA interface=BRIDGE01 vlan-id=12
add name=VLAN_WLAN_GUEST interface=BRIDGE01 vlan-id=14
add name=VLAN_LAN_MFP interface=BRIDGE01 vlan-id=15
add name=VLAN_LAN_GAME interface=BRIDGE01 vlan-id=16
add name=VLAN_LAN_CAMERA interface=BRIDGE01 vlan-id=17
add name=VLAN_LAN_TVMM interface=BRIDGE01 vlan-id=18
add name=VLAN_WLAN_SP interface=BRIDGE01 vlan-id=19

# Comment the used interfaces
/interface ethernet set ether1 comment="Trunk SW06"
/interface ethernet set ether2 comment="Dell Printer"

# Add an IP address for management
/ip address add address=172.16.8/25 network=172.16.0.0 interface=VLAN_LAN_MGMT

# Add VLAN table entries
/interface ethernet switch vlan
add port=switch1-cpu,ether1 switch=switch1 vlan-id=9
add port=ether1 switch=switch1 vlan-id=10
add port=switch1-cpu,ether1 switch=switch1 vlan-id=12
add port=switch1-cpu,ether1 switch=switch1 vlan-id=14
add port=switch1-cpu,ether1,ether2 switch=switch1 vlan-id=15
add port=switch1-cpu,ether1 switch=switch1 vlan-id=16
add port=switch1-cpu,ether1 switch=switch1 vlan-id=17
add port=switch1-cpu,ether1 switch=switch1 vlan-id=18
add port=switch1-cpu,ether1 switch=switch1 vlan-id=19

# Assign "vlan-mode" and "vlan-header" mode for each port and also "default-vlan-id" on ingress for each access port.
## Setting "vlan-mode=secure" ensures strict use of VLAN table.
## Setting "vlan-header=always-strip" for access ports removes VLAN header from frame when it leaves the switch chip.
## Setting "vlan-header=add-if-missing" for trunk port adds VLAN header to untagged frames.
## "Default-vlan-id" specifies what VLAN ID is added for untagged ingress traffic of the access port.
/interface ethernet switch port
set switch1-cpu vlan-mode secure vlan-header=leave-as-is
set ether1 vlan-mode=secure vlan-header=leave-as-is
set ether2 vlan-mode=secure vlan-header=always-strip default-vlan-id=15

# Bridge the switch ports and Wlan
/interface bridge port
add bridge=BRIDGE01 interface=ether1
add bridge=BRIDGE01 interface=wlan1

# Add a Security Profile
/interface wireless security-profile add name=BRIDGE-2 authentication-type=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="PASSWORD"

# Create an Access List
/interface wireless access-list add mac-address=6C:3B:6B:45:66:DF interface=wlan1 comment="SW08 SXT 5 AC Ring 223"
/interface wireless access-list add mac-address=6C:3B:6B:47:DA:C6 interface=wlan1 comment="SW09 SXT 5 AC Ring 227"

# Set Wlan mode
/interface wireless set wlan1 ssid=Bridge2 frequency=auto mode=ap-bridge band=2ghz-onlyn default-authentication=no disabled=no
/interface wireless set wlan1 security-profile=BRIDGE-2 wmm-support=enabled
/interface wireless set wlan1 channel-width=20/40mhz-Ce

# Create WDS-Interface and add the interface to the bridge
/interface wireless set wlan1 wds-mode=dynamic wds-default-bridge=BRIDGE01

# Globele settings
# SNTP Client configureren
/system ntp client set primary-ntp=172.16.0.130 secondary-ntp=172.16.0.131 enabled=yes

# DNS settings
/ip dns set server=172.16.0.130

# Add a default route
/ip route add dst-address=0.0.0.0/0 gateway=172.16.0.1

# Add route for local network
/ip route add dst-address=172.16.0.0/21 gateway=172.16.0.1

# SNMP Server configuration
/snmp community
set [ find default=yes ] addresses=172.16.0.60/32
add addresses=172.16.0.60/32 authentication-password=O7ac6eV0TnpLJ155 authentication-protocol=SHA1 \
encryption-password=hHWhgw91Hed6s4S5 encryption-protocol=AES name=SNMPuser1 security=private
/snmp
set contact=ronald.verheij@skiffkick.nl.nl enabled=yes engine-id=SNMPuser1 location="Ring 225, Pernis, The Netherlands" \
trap-generators=interfaces trap-interfaces=all trap-target=172.16.0.60 trap-version=3 trap-community=SNMPuser1
/snmp community set [find name=public] read-access=no

# IP SERVICES configuration
/ip service set api disabled=yes
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set api-ssl disabled=yes
/ip service set www address=172.16.0.0/21 disabled=yes
/ip service set www-ssl certificate=WEB_CONF port=4443 disabled=no

# SYSLOG Server configuration
/system logging action
set 3 remote=172.16.0.20

/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=wireless

# Timezone settings
/system clock set time-zone-name=Europe/Amsterdam

# Set admin password
/password old-password="" new-password="PASSWORD" confirm-new-password="PASSWORD"

# SW10 Bridge toevoegen (MAC addres en RB naam
# Syslog aanpassen
 
49er
Member
Member
Topic Author
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

Re: ether1: Probably look (How to solve?)

Thu Jun 22, 2017 1:44 pm

gbudny,

You asked me for the configuration.
I post it,
So can look at it and hopefully you see the issue.
 
nescafe2002
Long time Member
Long time Member
Posts: 617
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: ether1: Probably look (How to solve?)

Thu Jun 22, 2017 2:40 pm

The script you posted is not an actual export but rather an initial setup script. For next time, create a new export for every support question using:
/export file=config hide-sensitive
Then copy config.rsc from router and paste contents in
-tags.

Next, this guide: https://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks mentions that you shouldn't include wlan1 in the bridge configuration of the AP:
[code]
[admin@AP]> interface bridge add name=wds-bridge
[admin@AP]> interface bridge port add interface=ether1 bridge=wds-bridge
(wlan1 is not added to bridge configuration)

So, try removing wlan1 from bridge. It is already added via wds-default-bridge=BRIDGE01 instruction.


Edit:
Please review your posted configuration. It is not wise to post management passwords together with physical addresses..
 
49er
Member
Member
Topic Author
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

Re: ether1: Probably look (How to solve?)

Sun Jun 25, 2017 5:58 pm

Hi, Thanks for your reply and your recommadation about posting my config.

I removed the WLAN1 to the bridge but the problem is still there.
 
idlemind
Forum Guru
Forum Guru
Posts: 1101
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: ether1: Probably look (How to solve?)

Mon Jun 26, 2017 5:40 am

I thoroughly enjoy when the people that help ask for a configuration to be posted but the ops keep on trucking, asking questions and no configuration.

#bittersunday
 
49er
Member
Member
Topic Author
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

Re: ether1: Probably look (How to solve?)

Mon Jun 26, 2017 1:28 pm

I ask for a solution.
In Mikrotik it is not clear where the problem is.
In Cisco you see exactly where the problem is if you have a loop.
But in Mikrotik not.
And in mikrotik you have bridges, switch-cpu and so on. It is complicated.
 
idlemind
Forum Guru
Forum Guru
Posts: 1101
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: ether1: Probably look (How to solve?)

Mon Jun 26, 2017 3:31 pm

... and still no config. #miracle
 
49er
Member
Member
Topic Author
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

Re: ether1: Probably look (How to solve?)

Mon Jun 26, 2017 3:42 pm

This is the config of the CRS125. later this day I will post the config of the Omnitik.

CRS125:
# jun/26/2017 14:40:50 by RouterOS 6.38.5
# software id = E3Q0-ENNN
#
/interface bridge
add name=BR_LAN_MGMT
/interface wireless
# managed by CAPsMAN
# channel: 2462/20-eC/gn(30dBm), SSID: WLAN_DATA, local forwarding
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
/interface ethernet
set [ find default-name=ether24 ] comment="Trunk SW07"
/interface vlan
add interface=ether24 name=VLAN_LAN_CAMERA vlan-id=17
add interface=ether24 name=VLAN_LAN_DATA vlan-id=10
add interface=ether24 name=VLAN_LAN_GAME vlan-id=16
add interface=ether24 name=VLAN_LAN_MFP vlan-id=15
add interface=ether24 name=VLAN_LAN_MGMT vlan-id=9
add interface=ether24 name=VLAN_LAN_SERVER vlan-id=900
add interface=ether24 name=VLAN_LAN_TVMM vlan-id=18
add interface=ether24 name=VLAN_WLAN_DATA vlan-id=12
add interface=ether24 name=VLAN_WLAN_GUEST vlan-id=14
add interface=ether24 name=VLAN_WLAN_SP vlan-id=19
/interface ethernet
set [ find default-name=ether1 ] comment="Trunk SW05" master-port=ether24
set [ find default-name=ether2 ] master-port=ether24
set [ find default-name=ether3 ] master-port=ether24
set [ find default-name=ether4 ] master-port=ether24
set [ find default-name=ether5 ] master-port=ether24
set [ find default-name=ether6 ] master-port=ether24
set [ find default-name=ether7 ] master-port=ether24
set [ find default-name=ether8 ] master-port=ether24
set [ find default-name=ether9 ] master-port=ether24
set [ find default-name=ether10 ] comment="NAS01 - Ether1" master-port=\
    ether24
set [ find default-name=ether11 ] comment="NAS02 - Ether1" master-port=\
    ether24
set [ find default-name=ether12 ] master-port=ether24
set [ find default-name=ether13 ] master-port=ether24
set [ find default-name=ether14 ] master-port=ether24
set [ find default-name=ether15 ] master-port=ether24
set [ find default-name=ether16 ] comment=PC015 master-port=ether24
set [ find default-name=ether17 ] master-port=ether24
set [ find default-name=ether18 ] master-port=ether24
set [ find default-name=ether19 ] master-port=ether24
set [ find default-name=ether20 ] master-port=ether24
set [ find default-name=ether21 ] comment="ESXi02 - Ether-Internal" \
    master-port=ether24
set [ find default-name=ether22 ] comment=\
    "ESXi02 - Ether-External - R02 Mikrotik X86" master-port=ether24
set [ find default-name=ether23 ] comment="Trunk SW17" master-port=ether24
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/snmp community
set [ find default=yes ] addresses=172.16.0.60/32 read-access=no
add addresses=172.16.0.60/32 authentication-protocol=SHA1 \
    encryption-protocol=AES name=SNMPuser1 security=private
/system logging action
set 3 remote=172.16.0.20
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1,ether21,ether22,ether23,ether24,switch1-cpu vlan-id=9
add tagged-ports=ether1,ether21,ether22,ether23,ether24 vlan-id=10
add tagged-ports=ether1,ether22,ether23,ether24 vlan-id=12
add tagged-ports=ether1,ether22,ether23,ether24 vlan-id=14
add tagged-ports=ether1,ether22,ether23,ether24 vlan-id=15
add tagged-ports=ether1,ether22,ether23,ether24 vlan-id=16
add tagged-ports=ether1,ether22,ether23,ether24 vlan-id=17
add tagged-ports=ether1,ether22,ether23,ether24 vlan-id=18
add tagged-ports=ether1,ether22,ether23,ether24 vlan-id=19
add tagged-ports=ether1,ether21,ether22,ether23,ether24 vlan-id=900
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=900 ports=ether10
add customer-vid=0 new-customer-vid=900 ports=ether11
add customer-vid=0 new-customer-vid=10 ports=ether16
add customer-vid=0 new-customer-vid=10 ports=ether17
add customer-vid=0 new-customer-vid=10 ports=ether18
add customer-vid=0 new-customer-vid=10 ports=ether19
add customer-vid=0 new-customer-vid=10 ports=ether20
add customer-vid=0 new-customer-vid=900 ports=ether12
/interface ethernet switch vlan
add ports=ether1,ether21,ether22,ether23,ether24,switch1-cpu vlan-id=9
add ports="ether1,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ethe\
    r23,ether24" vlan-id=10
add ports=ether1,ether22,ether23,ether24 vlan-id=12
add ports=ether1,ether22,ether23,ether24 vlan-id=14
add ports=ether1,ether22,ether23,ether24 vlan-id=15
add ports=ether1,ether22,ether23,ether24 vlan-id=16
add ports=ether1,ether22,ether23,ether24 vlan-id=17
add ports=ether1,ether22,ether23,ether24 vlan-id=18
add ports=ether1,ether22,ether23,ether24 vlan-id=19
add ports=ether1,ether10,ether11,ether12,ether21,ether22,ether23,ether24 \
    vlan-id=900
/interface wireless cap
# 
set bridge=BR_LAN_MGMT caps-man-addresses=172.16.0.1,172.16.0.126 \
    certificate=request discovery-interfaces=ether1 enabled=yes interfaces=\
    wlan1
/ip address
add address=172.16.0.7/25 interface=ether24 network=172.16.0.0
/ip dns
set servers=172.16.0.130
/ip route
add distance=1 gateway=172.16.0.1
add distance=1 dst-address=172.16.0.0/21 gateway=172.16.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=172.16.0.0/21 disabled=yes
set www-ssl certificate=WEB_CONF disabled=no port=4443
set api disabled=yes
set api-ssl disabled=yes
/snmp
set contact=ronald.verheij@skiffkick.nl.nl enabled=yes engine-id=SNMPuser1 \
    location="Ring 225,  Pernis, The Netherlands" trap-community=SNMPuser1 \
    trap-generators=interfaces trap-interfaces=all trap-target=172.16.0.60 \
    trap-version=3
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name="SW06 - Ring 225"
/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=wireless
/system ntp client
set enabled=yes primary-ntp=172.16.0.130 secondary-ntp=172.16.0.131
 
idlemind
Forum Guru
Forum Guru
Posts: 1101
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: ether1: Probably look (How to solve?)

Mon Jun 26, 2017 7:11 pm

In your "/interface ethernet switch ingress-vlan-translation" section. Why are you not using sa-learning? It likely isn't the cause of your issues. The way I understand it is that the CRS will learn the MAC into the VLAN set in new-customer-vid when sa-learning is set to yes. I think that'd be ideal for performance to prevent flooding all frames in order to get to the hosts on those ports.

... still need to see that OmniTik as well as what port it plugs into. Also, do you have a CHR on an ESXi host attached to this CRS?
 
49er
Member
Member
Topic Author
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

Re: ether1: Probably look (How to solve?)

Tue Jun 27, 2017 10:26 am

Hi, thanks for your reply.
I reviewed the settings on the CRS125. sa-learning is enabled by default I thought.

Yes ther is a CHR on ESXi connected to the CRS switch.
The Config of the Omnitik wil will upload as well but I can't connect to the omnitik now because it is instable due to the loop
 
49er
Member
Member
Topic Author
Posts: 401
Joined: Tue Sep 27, 2011 7:55 am

Re: ether1: Probably look (How to solve?)

Tue Jun 27, 2017 11:00 am

Here is the config of the Omnitik:
# jun/27/2017 09:58:09 by RouterOS 6.39.2
# software id = 22T6-298V
#
/interface bridge
add name=BRIDGE01
/interface ethernet
set [ find default-name=ether1 ] comment="Trunk SW06"
set [ find default-name=ether2 ] comment="Dell Printer" master-port=ether1
set [ find default-name=ether3 ] master-port=ether1
set [ find default-name=ether4 ] master-port=ether1
set [ find default-name=ether5 ] master-port=ether1
/interface vlan
add interface=BRIDGE01 name=VLAN_LAN_CAMERA vlan-id=17
add interface=BRIDGE01 name=VLAN_LAN_DATA vlan-id=10
add interface=BRIDGE01 name=VLAN_LAN_GAME vlan-id=16
add interface=BRIDGE01 name=VLAN_LAN_MFP vlan-id=15
add interface=BRIDGE01 name=VLAN_LAN_MGMT vlan-id=9
add interface=BRIDGE01 name=VLAN_LAN_TVMM vlan-id=18
add interface=BRIDGE01 name=VLAN_WLAN_DATA vlan-id=12
add interface=BRIDGE01 name=VLAN_WLAN_GUEST vlan-id=14
add interface=BRIDGE01 name=VLAN_WLAN_SP vlan-id=19
/interface ethernet switch port
set 0 vlan-mode=secure
set 1 default-vlan-id=15 vlan-header=always-strip vlan-mode=secure
set 5 vlan-mode=secure
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=BRIDGE-2
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyac channel-width=\
    20/40/80mhz-eeeC default-authentication=no disabled=no frequency=auto \
    mode=ap-bridge security-profile=BRIDGE-2 ssid=Bridge2 wds-default-bridge=\
    BRIDGE01 wds-mode=dynamic wmm-support=enabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/snmp community
set [ find default=yes ] addresses=172.16.0.60/32 read-access=no
add addresses=172.16.0.60/32 authentication-protocol=SHA1 \
    encryption-protocol=AES name=SNMPuser1 security=private
/system logging action
set 3 remote=172.16.0.20
/interface bridge port
add bridge=BRIDGE01 interface=ether1
add bridge=BRIDGE01 interface=VLAN_LAN_MGMT
/interface ethernet switch vlan
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=\
    9
add independent-learning=yes ports=ether1 switch=switch1 vlan-id=10
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=\
    12
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=\
    14
add independent-learning=yes ports=switch1-cpu,ether1,ether2 switch=switch1 \
    vlan-id=15
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=\
    16
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=\
    17
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=\
    18
add independent-learning=yes ports=switch1-cpu,ether1 switch=switch1 vlan-id=\
    19
/interface wireless access-list
add comment="SW08 SXT 5 AC Ring 223" interface=wlan1 mac-address=\
    6C:3B:6B:45:66:DF
add comment="SW09 SXT 5 AC Ring 227" interface=wlan1 mac-address=\
    6C:3B:6B:47:DA:C6
/ip address
add address=172.16.0.8/25 interface=VLAN_LAN_MGMT network=172.16.0.0
/ip dns
set servers=172.16.0.130
/ip route
add distance=1 gateway=172.16.0.1
add distance=1 dst-address=172.16.0.0/21 gateway=172.16.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=172.16.0.0/21 disabled=yes
set www-ssl certificate=WEB_CONF disabled=no port=4443
set api disabled=yes
set api-ssl disabled=yes
/snmp
set contact=ronald.verheij@skiffkick.nl.nl enabled=yes engine-id=SNMPuser1 \
    location="Ring 225,  Pernis, The Netherlands" trap-community=SNMPuser1 \
    trap-generators=interfaces trap-interfaces=all trap-target=172.16.0.60 \
    trap-version=3
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name="SW07 - Ring 225"
/system logging
add action=remote topics=warning
add action=remote topics=info
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=wireless
/system ntp client
set enabled=yes primary-ntp=172.16.0.130 secondary-ntp=172.16.0.131
 
ramesht
just joined
Posts: 1
Joined: Tue Jan 22, 2019 7:37 pm

3.5km point to point link using OmniTIK 5 ac

Tue Jan 22, 2019 7:51 pm

Hello,

I want to know how much throughput can I get from 3.5km point to point link using OmniTIK 5 ac device? The devices will be in line of sight in 3.5KM distance but the devices will be in different heights.


Regards,
RT
 
solar77
Member
Member
Posts: 437
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: ether1: Probably look (How to solve?)

Thu Jan 24, 2019 12:07 pm

when we had similar issue on a wireless point to multi point link, it turned out to be someone copied the config between routers, thinking to chagne the IP of each router only. what he didn't realise is the MAC address of each interface were also in the config.....so all station routers ended up having identical MAC address.
just a thought.
MTCNA MTCTCE UEWA

Who is online

Users browsing this forum: No registered users and 24 guests