Community discussions

MikroTik App
 
zenkokagami
just joined
Topic Author
Posts: 1
Joined: Tue Sep 29, 2020 11:30 pm

[problem] Router doesn't connect to ISP network

Wed Sep 30, 2020 1:59 am

Hello!

I have a problem connecting my new MikroTik hAP ac2 to an ISP network.
My ISP provides static settings to use: IP address, subnet mask, gateway address and 2 DNS addresses. I have an optic cable coming to my house that is plugged into media converter that has a 100mbps RJ45 output. It is supposed to be connected to a home router. Also, my ISP supports DHCP connection, but this type of connection can't be used to reach the Internet, you can only get to the ISP help and payment page. Nevertheless, DHCP is there and a router should receive DHCP settings. My ISP doesn't have MAC binding (and I confirm this). When I connect my old TP-Link router or my laptop directly to the media converter I have no problems at all, everything works flawlessly. However MikroTik device is unable to route traffic outside of LAN. I can't ping anything (even ISP gateway) apart from LAN hosts both from local devices and from the router itself (it says "timeout" or sometimes "host unreachable"). However it says that link is up and the led is blinking. I've tried using both "Quick Set" and "WebFig" setup with no success. DHCP mode just doesn't get any settings (infinite "searching...") and static setup doesn't work as well. I can't see any errors, it seems like it should be working, but it doesn't. Cable test is "ok", but to be sure I changed the cable. No success. Of course I have double checked all ISP settings and everything is right.

My temporary solution is this. I connected my old TP-Link router to the media converter, disabled it's wi-fi and then connected MikroTik device to it. Both devices run DHCP server and have NAT enabled. TP-Link subnet is 192.168.1.0/24 and MikroTik is 192.168.88.0/24. In this scenario everything works perfectly, I have access to the internet from my MikroTik router and all the devices connected to it. MikroTik is the only device connected to the old router. My TP-Link configuration page / telnet (192.168.1.1) are accessible from MikroTik subnet as well.

So...
Desired setup (not working):
Fiber optic cable ---> [ Media Converter ] --- Cat. 5 Cable ---> [ MikroTik router ] ---> Clients
...and it's "export compact" output:
/interface bridge
add admin-mac=48:8F:5A:71:BC:97 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=russia4 disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik \
    wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=russia4 disabled=no distance=indoors frequency=auto frequency-mode=superchannel installation=indoor mode=\
    ap-bridge ssid=MikroTik tx-power=40 tx-power-mode=all-rates-fixed wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=*** wpa2-pre-shared-key=***
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=10.34.0.113/24 interface=ether1 network=10.34.0.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=10.10.10.3,10.10.10.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=10.34.0.1
/system clock
set time-zone-name=Europe/Moscow
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
My current setup (working):
Fiber optic cable ---> [ Medial Converter ] --- Cat. 5 Cable ---> [TP-Link router ] --- Cat. 5 Cable ---> [ MikroTik router ] ---> Local hosts

...and it's "export compact" output:
/interface bridge
add admin-mac=48:8F:5A:71:BC:97 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=russia4 disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik \
    wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=russia4 disabled=no distance=indoors frequency=auto frequency-mode=superchannel installation=indoor mode=\
    ap-bridge ssid=MikroTik tx-power=40 tx-power-mode=all-rates-fixed wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=*** wpa2-pre-shared-key=***
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=10.10.10.3,10.10.10.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=10.34.0.1
/system clock
set time-zone-name=Europe/Moscow
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
I tried to contact my ISP support with no luck. They just said that MikroTik routers are just too difficult to setup so they can't help : )
Sorry for mistakes if there are any, English is my second language. Any help would be appreciated.

Who is online

Users browsing this forum: Bing [Bot], erlinden and 47 guests