Community discussions

MUM Europe 2020
 
horuszp
just joined
Topic Author
Posts: 3
Joined: Mon Jan 13, 2020 9:47 pm

Router hapLite clients can't access other router in network

Mon Jan 13, 2020 10:04 pm

Image



I have such network architecture.
Printer and 3 routers located at same subnet 192.168.88.0/24. all connected via Ethernet to HEX.
HEX connected to Internet.

Problem that clients of hap Lite can't access any of ip's at image. neither printer or any other router. But internet works ok on clients.
hap Lite by itself can ping each router and printer without any problems.

All other clients of each other router can access each router and even hap Lite router accessible from them.
both TPlink configured by default, without any changes.

hap Lite and it clients have access to Internet via NAT masquerade.

I need that hap Lite clients can access each router and printer same as it accessible from other routers.
 
techlord
newbie
Posts: 28
Joined: Mon Nov 18, 2019 4:33 pm

Re: Router hapLite clients can't access other router in network

Tue Jan 14, 2020 8:41 pm

Hi!

You are giving very little info on what you set up. I suspect you are missing forwarding firewall rules in the hap lite but post the full configuration (without sensitive data) so we can help.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1386
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Router hapLite clients can't access other router in network

Wed Jan 15, 2020 12:31 am

More information needed...
 
horuszp
just joined
Topic Author
Posts: 3
Joined: Mon Jan 13, 2020 9:47 pm

Re: Router hapLite clients can't access other router in network

Wed Jan 15, 2020 11:56 am

Was wrong its not hapLite, it is 951Ui-2nD but anyway here is config
# jan/15/2020 11:50:33 by RouterOS 6.40.4
# software id = K3D1-G58F
#
# model = 951Ui-2nD
# serial number = 
/interface bridge
add admin-mac=CC:2D:E0:A5:CD:C1 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
    "MikroTik" wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
    dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=11111111 \
    wpa2-pre-shared-key=11111111
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.89.10-192.168.89.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge nat
add action=dst-nat chain=dstnat dst-address=192.168.88.0/24 mac-protocol=ip
/interface bridge port
add bridge=bridge comment=defconf disabled=yes interface=ether1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge interface=ether2
/interface l2tp-server server
set use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.89.1/24 comment=defconf interface=ether2 network=\
    192.168.89.0
add address=192.168.88.233/24 disabled=yes interface=ether2 network=\
    192.168.88.0
add address=192.168.88.121/8 interface=ether2 network=192.0.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
    bridge
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.0.0.0/8 gateway=192.168.88.121 netmask=8
add address=192.168.89.0/24 comment=defconf gateway=192.168.89.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=212.109.32.5,212.109.32.9
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=yes \
    src-address=192.168.89.0/24
/ip route rule
add action=lookup-only-in-table dst-address=192.168.89.0/24 table=main
add action=lookup-only-in-table dst-address=192.168.88.0/24 table=main
add action=lookup-only-in-table dst-address=192.168.89.0/24 table=main
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/ppp secret
add name=vpn
/system clock
set time-zone-name=Europe/Kiev
It is only second mikrotik config, I don't think that problem in another mikrotik because both tplink works ok, and even this mikrotik by itself see all ip's and can ping them.
 
Zacharias
Forum Guru
Forum Guru
Posts: 1386
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Router hapLite clients can't access other router in network  [SOLVED]

Fri Jan 17, 2020 12:23 am

Your config is really really bad... just reset it to defaults and only change the IP address parts where needed...
Then it will work just fine...
 
horuszp
just joined
Topic Author
Posts: 3
Joined: Mon Jan 13, 2020 9:47 pm

Re: Router hapLite clients can't access other router in network

Fri Jan 17, 2020 12:11 pm

Your config is really really bad... just reset it to defaults and only change the IP address parts where needed...
Then it will work just fine...
Hmm, it's really worked, reset it, enabled NAT, and it's working.
Strange, I am sure that I tried it before and it didn't working, but anyway Thank you for help!
 
Zacharias
Forum Guru
Forum Guru
Posts: 1386
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Router hapLite clients can't access other router in network

Sun Jan 19, 2020 4:56 pm

You are welcome... you can mark the post as solved...

Who is online

Users browsing this forum: Delete and 62 guests