Community discussions

MikroTik App
 
justarankamateur
just joined
Topic Author
Posts: 9
Joined: Sat Oct 03, 2020 4:22 pm

RB4011iGS+ and 960PGS returning duplicate replies (DUP!) - Four responses to ping

Sun Jan 31, 2021 2:23 am

I have an odd scenario that I've not seen before and I don't even know if it is a problem, but I suspect it is. If I ping a device I am mostly getting four replies back from the destination client but sometimes it will return three reponses. A sample of what I getting:
64 bytes from 192.168.2.6: icmp_seq=2 ttl=64 time=59.911 ms (DUP!)
64 bytes from 192.168.2.6: icmp_seq=2 ttl=64 time=72.295 ms (DUP!)
64 bytes from 192.168.2.6: icmp_seq=3 ttl=64 time=4.257 ms
64 bytes from 192.168.2.6: icmp_seq=3 ttl=64 time=5.120 ms (DUP!)
64 bytes from 192.168.2.6: icmp_seq=3 ttl=64 time=8.634 ms (DUP!)
64 bytes from 192.168.2.6: icmp_seq=3 ttl=64 time=8.777 ms (DUP!)
My set up is

Image

If I am at Point A wired into the RB4011iGS+, I can ping any of the clients (e.g 192.168.2.7 and 192.168.2.45) and get a normal single ping reply, but if I ping a device on the 960PGS I will get the four ping replies. If I move to point B and plug into the 960GS, same deal but the other way round - I get a normal single ping reply from a device on the same box (e.g 192.168.2.27) but if I now ping either 192.168.2.7 or 192.168.2.45 I will get 4xping responses.

At first I thought it was a either a Ubiquiti AP issue, but I then realised it wasn't. I eliminated the basic duplicate IP issues and I have taken a trace via wireshark and the responses appear to be coming from the one mac / ip address. I then thought this was a VLAN config issue, but it doesn't just happen on the the native VLAN (which I know I should not use for management, but hey :), but also my other VLANs.

Why is the happening? Here is my RB4011iGS and 960PGS configs:
# jan/30/2021 23:53:01 by RouterOS 6.48
# model = RB4011iGS+
/interface bridge
add admin-mac=48:8F:5A:D4:A8:BE auto-mac=no comment=defconf igmp-snooping=yes igmp-version=3 ingress-filtering=yes \
    name=LanBridge protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment=WAN
set [ find default-name=ether2 ] comment="EMPTY"
set [ find default-name=ether3 ] comment="NAS1 - VLAN30"
set [ find default-name=ether4 ] comment="FR - VLAN30"
set [ find default-name=ether5 ] comment=DebianServer
set [ find default-name=ether6 ] comment="NAS1"
set [ find default-name=ether7 ] comment="Server Room AP"
set [ find default-name=ether8 ] comment=ORRoom Switch
set [ find default-name=ether9 ] comment="ZRS Switch"
set [ find default-name=ether10 ] comment="SR AP"
/interface vlan
add interface=LanBridge name=VLAN10 vlan-id=10
add interface=LanBridge name=VLAN20 vlan-id=20
add interface=LanBridge name=VLAN30 vlan-id=30
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment="VLAN list" name=vlan
add include=LAN,vlan name=all-vlan-lan
add name="Management VLAN"
add include=vlan name=all-vlan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.2.2-192.168.2.254
add name=dhcp_pool10 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool20 ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool30 ranges=192.168.30.2-192.168.30.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LanBridge name=defconf
add address-pool=dhcp_pool10 disabled=no interface=VLAN10 lease-time=3d name=dhcp10
add address-pool=dhcp_pool20 disabled=no interface=VLAN20 lease-time=3d name=dhcp20
add address-pool=dhcp_pool30 disabled=no interface=VLAN30 lease-time=3d name=dhcp30
/user group
set full policy=\
    local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=LanBridge comment=defconf ingress-filtering=yes interface=ether2
add bridge=LanBridge comment="NAS - VLAN30" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether3 pvid=30
add bridge=LanBridge comment="Front room - VLAN30" frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether4 pvid=30
add bridge=LanBridge comment="Debian Linux - VLAN1" frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=ether5
add bridge=LanBridge comment="NAS1 - VLAN1" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether6
add bridge=LanBridge comment=ServerRoomAp ingress-filtering=yes interface=ether7
add bridge=LanBridge comment=OakRoomSwitch ingress-filtering=yes interface=ether8
add bridge=LanBridge comment=ZaksRoomSwitch ingress-filtering=yes interface=ether9
add bridge=LanBridge comment=SpareRoomAP ingress-filtering=yes interface=ether10
add bridge=LanBridge comment=defconf disabled=yes interface=sfp-sfpplus1
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=LanBridge tagged=ether7,ether8,ether9,ether10,LanBridge untagged=ether3,ether4 vlan-ids=30
add bridge=LanBridge tagged=ether7,ether8,ether9,ether10,LanBridge vlan-ids=10
add bridge=LanBridge tagged=ether7,ether8,ether9,ether10,LanBridge vlan-ids=20
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=LanBridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=VLAN10 list=vlan
add interface=VLAN20 list=vlan
add interface=VLAN30 list=vlan
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add interface=VLAN10 list=all-vlan
add interface=VLAN20 list=all-vlan
add interface=VLAN30 list=all-vlan
/ip address
add address=192.168.2.1/24 interface=LanBridge network=192.168.2.0
add address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0
add address=192.168.20.1/24 interface=VLAN20 network=192.168.20.0
add address=192.168.30.1/24 interface=VLAN30 network=192.168.30.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.2.11 mac-address=00:23:24:3C:69:EF server=defconf
add address=192.168.2.45 client-id=1:0:11:32:52:85:55 mac-address=00:11:32:52:85:55 server=defconf
add address=192.168.30.65 client-id=1:7c:dd:90:ae:8d:7b mac-address=7C:DD:90:AE:8D:7B server=dhcp30
add address=192.168.30.45 client-id=1:0:11:32:52:85:56 mac-address=00:11:32:52:85:56 server=dhcp30
add address=192.168.2.21 client-id=1:cc:2d:e0:b8:8:71 mac-address=CC:2D:E0:B8:08:71 server=defconf
add address=192.168.2.3 client-id=1:b8:69:f4:a:a1:fb mac-address=B8:69:F4:0A:A1:FB server=defconf
add address=192.168.2.2 mac-address=F0:9F:C2:08:B8:85 server=defconf
add address=192.168.2.13 client-id=1:f4:39:9:4b:58:1c mac-address=F4:39:09:4B:58:1C server=defconf
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1 netmask=24
add address=192.168.5.0/24 dns-server=192.168.5.1 gateway=192.168.5.1 netmask=24
add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 netmask=24
add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1 netmask=24
add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=3d cache-size=1024KiB max-concurrent-queries=100000 \
    max-concurrent-tcp-sessions=200000
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
add address=192.168.2.1 comment="Server Room Switch 0" name=srs0.marlow
add address=192.168.2.45 comment="NAS1 - VLAN1" name=nas1.marlow
add address=192.168.2.13 comment=NAS2 name=nas2.marlow
add address=192.168.2.11 comment="Server room server 0 - debian-marlow-linux" name=server0.marlow
add address=192.168.30.25 name=docscan.marlow
add address=192.168.2.3 comment=OakRoomSwitch name=ors.marlow
add address=192.168.2.21 name=zrs.marlow
add address=192.168.2.1 name=router.lan
add address=192.168.2.2 comment=BriansHouseSwitch name=bhs.marlow
/ip firewall address-list
add address=192.168.2.0/24 list=192.168.2.0/24
add address=192.168.10.0/24 list=192.168.10.0/24
add address=192.168.20.0/24 list=192.168.20.0/24
add address=192.168.30.0/24 list=192.168.30.0/24
add address=192.168.2.1-192.168.2.254 comment="Admin access subnet" list=adminAccess
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid log-prefix=drop-invalid_
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allow DNS from LAN/VLAN" dst-port=53 in-interface-list=all-vlan-lan protocol=\
    tcp
add action=accept chain=input comment="Allow DNS from LAN/VLAN" dst-port=53 in-interface-list=all-vlan-lan protocol=\
    udp
add action=accept chain=input comment="Allow admin access to router (Webfig)" in-interface-list=LAN log-prefix=\
    admin-access_ src-address-list=adminAccess
add action=drop chain=input comment="drop all else"
add action=drop chain=forward comment=Blacklists connection-nat-state="" dst-address=192.168.0.10 log=yes log-prefix=\
    BLACKLIST- src-address-list=drop-list
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established, related, untracked" connection-state=\
    established,related,untracked
add action=accept chain=forward comment="Allow dstnat for forwarded ports, established, related" \
    connection-nat-state=dstnat log=yes log-prefix=DSTNAT_FW_
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1
add action=drop chain=forward comment="Drop all inter vlan traffic\
    \n" in-interface-list=all-vlan log-prefix=INTER-VLAN-DROP out-interface-list=all-vlan
add action=drop chain=forward comment="Drop all traffic to native VLAN not from native VLAN" dst-address=\
    192.168.2.0/24 dst-address-list="" src-address=!192.168.2.0/24
add action=accept chain=forward comment="VLAN30" out-interface-list=WAN src-address=192.168.30.0/24
add action=accept chain=forward comment="VLAN20" out-interface-list=WAN src-address=192.168.20.0/24
add action=accept chain=forward comment="VLAN10" out-interface-list=WAN src-address=192.168.10.0/24
add action=accept chain=forward comment="Allow internet access for native VLAN " out-interface-list=WAN src-address=\
    192.168.2.0/24
add action=drop chain=forward comment="drop all else" log=yes log-prefix=DROP-ALL_
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.0.10 dst-port=1194 in-interface-list=WAN log=yes \
    log-prefix=dstnat_ protocol=udp to-addresses=192.168.2.45 to-ports=1194
/ip ipsec policy
set 0 disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl address=192.168.2.0/24,192.168.5.0/24 certificate=Webfig disabled=no tls-version=only-1.2
set api disabled=yes
set api-ssl disabled=yes
/snmp
set enabled=yes trap-target=192.168.2.11 trap-version=2
/system clock
set time-zone-name=Europe/London
/system identity
set name=SRS
/system ntp client
set enabled=yes server-dns-names=time.cloudflare.com
/tool bandwidth-server
set authenticate=no
/tool graphing interface
add store-on-disk=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool sniffer
set filter-interface=LanBridge filter-ip-address=192.168.2.0/24
and
# model = 960PGS
/interface bridge
add admin-mac=CC:2D:E0:B8:08:71 auto-mac=no comment=defconf fast-forward=no igmp-snooping=yes igmp-version=3 name=\
    bridge protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] poe-out=forced-on
set [ find default-name=ether3 ] poe-out=off
set [ find default-name=ether4 ] poe-out=off
set [ find default-name=ether5 ] poe-out=off
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add disabled=yes interface=bridge name=VLAN1 vlan-id=1
/interface ethernet switch
set 0 mirror-source=ether1
/interface ethernet switch port
set 0 default-vlan-id=1 vlan-mode=fallback
set 1 default-vlan-id=1 vlan-mode=secure
set 2 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=1 vlan-mode=secure
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf disabled=yes interface=sfp1
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface ethernet switch vlan
add independent-learning=no ports=switch1-cpu,ether1,ether2,ether3,ether4,ether5 switch=switch1 vlan-id=30
add independent-learning=no ports=switch1-cpu,ether1,ether2 switch=switch1 vlan-id=10
add independent-learning=no ports=switch1-cpu,ether1,ether2 switch=switch1 vlan-id=20
add independent-learning=no ports=switch1-cpu,ether1,ether2 switch=switch1 vlan-id=1
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
/ip dhcp-client
add disabled=no interface=bridge
/ip dns
set allow-remote-requests=yes cache-max-ttl=3d max-concurrent-queries=1000 max-concurrent-tcp-sessions=2000
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip ipsec policy
set 0 disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl certificate=Webfig disabled=no tls-version=only-1.2
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/snmp
set enabled=yes trap-generators=temp-exception,interfaces,start-trap trap-interfaces=all trap-target=192.168.2.11 \
    trap-version=2
/system clock
set time-zone-name=Europe/London
/system identity
set name=ZaksRoomSwitch
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Why am I getting this and how can I resolve this?
 
justarankamateur
just joined
Topic Author
Posts: 9
Joined: Sat Oct 03, 2020 4:22 pm

Re: RB4011iGS+ and 960PGS returning duplicate replies (DUP!) - Four responses to ping  [SOLVED]

Thu Feb 04, 2021 1:36 am

I found the solution to my own problem. I had turned on IGMP snooping on both router and switch.I turned this off on the 960 and the duplicate pings stopped. I hope it helps someone.

Who is online

Users browsing this forum: Baidu [Spider] and 80 guests