Community discussions

MikroTik App
 
xman
just joined
Topic Author
Posts: 13
Joined: Tue Mar 02, 2021 2:30 am

Two mikrotik routers conflict in same network, why???

Tue Mar 02, 2021 3:18 am

I have hAP Lite and RB2011UIAS-2HnD-IN, hAP Lite working few months without problems and now I need one more router for other location and I want to use RB2011UIAS-2HnD-IN for that location, both locations have own adsl/vdsl connections to same ISP and also I have own wireless link between this two locations for my local network (for high speed link between this locations )...

New router RB2011UIAS-2HnD-IN also working fine but when I try to join this two networks using my wireless link that port on RB2011UIAS-2HnD-IN look like simple stop to work, if I on other end restart hAP Lite all start to work until hAP Lite boot up and than again I can`t ping any device on that ethernet port of RB2011UIAS-2HnD-IN!

All look like this:
Image

As you can see one router IP is 192.168.0.1 and other is 192.168.1.1, if I unplug hap lite I have access to all devices on hap lite side but if I plug hap lite all stop to work, I can`t ping switch 192.168.1.100 and also wireless devices with IPs 192.168.1.23 and .22!
Both routers working in almost default setup, home AP and wisp AP (RB2011UIAS-2HnD-IN)!

Where is problem, why this routers don`t want to work in same network? Where can be conflict?

Thanks.
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 279
Joined: Mon Oct 02, 2006 11:47 am

Re: Two mikrotik routers conflict in same network, why???

Tue Mar 02, 2021 9:57 am

Without seeing router configs, I can speculate about the cause of your problem, but I am about 99,99% sure that you have misconfigured something.
My advice would be: reset both routers to the factory settings and start from scratch.
 
xman
just joined
Topic Author
Posts: 13
Joined: Tue Mar 02, 2021 2:30 am

Re: Two mikrotik routers conflict in same network, why???

Tue Mar 02, 2021 7:59 pm

Config for hAP Lite:
/interface bridge
add admin-mac=E4:8D:8C:CA:CE:0B auto-mac=no comment=defconf dhcp-snooping=yes name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=******@adsl
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-CACE0E station-roaming=enabled wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.150-192.168.0.170
add name=pptp_vpn_pool ranges=192.168.3.2-192.168.3.10
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=12h name=defconf
/ppp profile
add dns-server=208.67.222.222,8.8.8.8 local-address=192.168.0.1 name=pptp_vpn_profili remote-address=pptp_vpn_pool
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge disabled=yes interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=wlan1 list=LAN
add interface=bridge list=LAN
/interface pptp-server server
set enabled=yes
/interface wireless cap
set bridge=bridge interfaces=wlan1
/ip address
add address=192.168.0.1/24 comment=defconf interface=ether2 network=192.168.0.0
add address=192.168.2.2/24 interface=ether1 network=192.168.2.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.1.60 client-id=ups-kuca mac-address=00:C0:B7:2B:27:93 server=defconf
add address=192.168.1.61 client-id=ups-market mac-address=00:C0:B7:69:87:F7 server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="Dozvoli PPTP-VPN konekciju" dst-port=1723 protocol=tcp
add action=accept chain=input comment="Dozvoli GRE protokol ID 47" protocol=gre
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat src-address=192.168.3.0/24 src-address-list=""
/ppp secret
add name=vpn profile=pptp_vpn_profili service=pptp
/system clock
set time-zone-name=Europe/Sarajevo
/system scheduler
add interval=1d name=pppoe_reset_scheduler on-event=pppoe_reset_script policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=may/10/2020 start-time=05:00:00
/system script
add dont-require-permissions=yes name=pppoe_reset_script owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
"/interface pppoe-client disable pppoe-out1\r\
\n:delay 4000ms;\r\
\n/interface pppoe-client enable pppoe-out1"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Config for RB2011UIAS-2HnD-IN:
/interface bridge
add admin-mac=D4:CA:6D:87:20:F5 auto-mac=no fast-forward=no name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=20/40mhz-Ce country=no_country_set disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower mode=ap-bridge ssid=MikroTik-8720FE \
wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master-local speed=100Mbps
set [ find default-name=ether3 ] name=ether3-slave-local speed=100Mbps
set [ find default-name=ether4 ] name=ether4-slave-local speed=100Mbps
set [ find default-name=ether5 ] name=ether5-slave-local speed=100Mbps
set [ find default-name=ether6 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether6-master-local
set [ find default-name=ether7 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether7-slave-local
set [ find default-name=ether8 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether8-slave-local
set [ find default-name=ether9 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether9-slave-local
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=ether10-slave-local
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=ether1-gateway keepalive-timeout=60 name=pppoe-out1 use-peer-dns=yes user=*******@adsl
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.171-192.168.1.189
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local hw=no interface=sfp1
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=ether5-slave-local
add bridge=bridge-local interface=ether7-slave-local
add bridge=bridge-local interface=ether8-slave-local
add bridge=bridge-local interface=ether9-slave-local
add bridge=bridge-local interface=ether10-slave-local
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master-local list=discover
add interface=ether3-slave-local list=discover
add interface=ether4-slave-local list=discover
add interface=ether5-slave-local list=discover
add interface=ether6-master-local list=discover
add interface=ether7-slave-local list=discover
add interface=ether8-slave-local list=discover
add interface=ether9-slave-local list=discover
add interface=ether10-slave-local list=discover
add interface=wlan1 list=discover
add interface=bridge-local list=discover
add interface=pppoe-out1 list=discover
add interface=ether2-master-local list=mactel
add interface=ether3-slave-local list=mactel
add interface=ether2-master-local list=mac-winbox
add interface=ether4-slave-local list=mactel
add interface=ether3-slave-local list=mac-winbox
add interface=ether5-slave-local list=mactel
add interface=ether4-slave-local list=mac-winbox
add interface=ether6-master-local list=mactel
add interface=ether5-slave-local list=mac-winbox
add interface=ether7-slave-local list=mactel
add interface=ether6-master-local list=mac-winbox
add interface=ether8-slave-local list=mactel
add interface=ether7-slave-local list=mac-winbox
add interface=ether9-slave-local list=mactel
add interface=ether8-slave-local list=mac-winbox
add interface=ether10-slave-local list=mactel
add interface=ether9-slave-local list=mac-winbox
add interface=sfp1 list=mactel
add interface=ether10-slave-local list=mac-winbox
add interface=wlan1 list=mactel
add interface=sfp1 list=mac-winbox
add interface=bridge-local list=mactel
add interface=wlan1 list=mac-winbox
add interface=bridge-local list=mac-winbox
/ip address
add address=192.168.1.2/24 comment="default configuration" interface=ether2-master-local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" interface=ether1-gateway
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.2 name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" connection-state=established,related
add action=accept chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
add action=drop chain=input disabled=yes dst-port=22 protocol=tcp
/ip firewall nat
# no interface
add action=masquerade chain=srcnat comment="default configuration" out-interface=pppoe-out1
/system clock
set time-zone-name=Europe/Sarajevo
/system identity
set name=DakMar
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
 
xman
just joined
Topic Author
Posts: 13
Joined: Tue Mar 02, 2021 2:30 am

Re: Two mikrotik routers conflict in same network, why???

Thu Mar 04, 2021 8:27 pm

I still can`t find where is problem, for some reason this two mikrotik routers can`t work in same network even if I reset config on RB2011UIAS-2HnD-IN and use default config....

Access to RB2011UIAS-2HnD-IN is not possible from same network (main switch) and from RB2011UIAS-2HnD-IN to same network where is hap lite, look like ethernet port on RB2011UIAS-2HnD-IN simple stop to work when it connected to same network, all rest working normal if I use main switch in this network and I have access to hap lite but not to RB2011UIAS-2HnD-IN, look like RB2011UIAS-2HnD-IN block all traffic from network on that ethernet port...but if I unplug hAP lite look like RB2011UIAS-2HnD-IN un-block traffic from network and all look good...

Any idea why?
 
sarah
newbie
Posts: 27
Joined: Mon Feb 29, 2016 1:41 am

Re: Two mikrotik routers conflict in same network, why???

Fri Mar 05, 2021 3:29 am

Without looking too much into your configuration, the issue you are describing sounds like stp, try setting protocol-mode to none at 2011.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Two mikrotik routers conflict in same network, why???

Fri Mar 05, 2021 10:34 am

couple other things incorrect, you have IPs assigned to slave interfaces on both sides, i.e on ether 2 which should be on the bridge interface
 
xman
just joined
Topic Author
Posts: 13
Joined: Tue Mar 02, 2021 2:30 am

Re: Two mikrotik routers conflict in same network, why???

Fri Mar 05, 2021 2:25 pm

Without looking too much into your configuration, the issue you are describing sounds like stp, try setting protocol-mode to none at 2011.
Ok, I`ll try to disable stp on 2011, I hope that this will fix problem...
couple other things incorrect, you have IPs assigned to slave interfaces on both sides, i.e on ether 2 which should be on the bridge interface
This is default config! Better option is to set IP to bridge?

Thanks.
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Two mikrotik routers conflict in same network, why???

Fri Mar 05, 2021 2:50 pm

...
This is default config! Better option is to set IP to bridge?

Thanks.
If that is "default", then you have very old ROS version, then better you upgrade, then reset config to default and start again

Yes, IP should not be attached to slave interface, should be on master, i.e. bridge interface
 
xman
just joined
Topic Author
Posts: 13
Joined: Tue Mar 02, 2021 2:30 am

Re: Two mikrotik routers conflict in same network, why???

Mon Mar 15, 2021 12:15 am

Without looking too much into your configuration, the issue you are describing sounds like stp, try setting protocol-mode to none at 2011.
Yes, problem was with stp! Somebody can elaborate why stp was problem and is only solution to disable it?

Thanks.
 
kalamaja
Member Candidate
Member Candidate
Posts: 112
Joined: Wed May 23, 2018 3:13 pm

Re: Two mikrotik routers conflict in same network, why???

Mon Mar 15, 2021 7:25 am

If that is "default", then you have very old ROS version, then better you upgrade, then reset config to default and start again

Yes, IP should not be attached to slave interface, should be on master, i.e. bridge interface
Even with fresh versions of ROS, reset configuration sets internal IP to bridge, BUT QuickSet sets internal IP to ether2. I have never figured out the real reason.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3296
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Two mikrotik routers conflict in same network, why???

Mon Mar 15, 2021 11:04 am

Next time, you should export complete config with this command:
/export hide-sensitive
Also use code tags </> button above the post.

With full config, we could have seen what version of Router OS you are running and what type of hardware you have.
/export hide-sensitive 
# mar/15/2021 10:03:19 by RouterOS 6.48
# software id = E4B6-94N8
#
# model = RouterBOARD 750G r3
# serial number = 6F38AAAAZZZ
 
tdw
Forum Guru
Forum Guru
Posts: 1845
Joined: Sat May 05, 2018 11:55 am

Re: Two mikrotik routers conflict in same network, why???

Mon Mar 15, 2021 4:25 pm

Even with fresh versions of ROS, reset configuration sets internal IP to bridge, BUT QuickSet sets internal IP to ether2. I have never figured out the real reason.
Supposedly fixed in 6.48, from the changelog
*) quickset - fixed local IP address setting on master interface;
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Two mikrotik routers conflict in same network, why???

Mon Mar 15, 2021 10:00 pm


Yes, problem was with stp! Somebody can elaborate why stp was problem and is only solution to disable it?
I don't think the problem is STP, I rather think you have a loop in your network
 
xman
just joined
Topic Author
Posts: 13
Joined: Tue Mar 02, 2021 2:30 am

Re: Two mikrotik routers conflict in same network, why???

Tue Mar 16, 2021 1:36 am

STP disabled just on 2011 and now all working without problems...you can see config on both routers...
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Two mikrotik routers conflict in same network, why???

Tue Mar 16, 2021 8:22 pm

STP is the symptom, and is behaving as per design, i.e. block/disable ports where there are network loops.

This is more to do with physical connections than config...
 
xman
just joined
Topic Author
Posts: 13
Joined: Tue Mar 02, 2021 2:30 am

Re: Two mikrotik routers conflict in same network, why???

Wed Mar 17, 2021 4:16 am

Ok, I will try to find network loops, thanks.
 
sarah
newbie
Posts: 27
Joined: Mon Feb 29, 2016 1:41 am

Re: Two mikrotik routers conflict in same network, why???

Wed Mar 17, 2021 7:07 am

I am not 100% sure, but I think the problem lies in your wireless bridge.
My second guess is that your wireless bridge is not using Mikrotik devices nor it is configured as wds, this can cause problem if you are bridging on L2.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3296
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Two mikrotik routers conflict in same network, why???

Wed Mar 17, 2021 9:20 am

Post all you config and an exactly setup with all cables.
This is most likely a loop problem.
 
WeWiNet
Long time Member
Long time Member
Posts: 594
Joined: Thu Sep 27, 2018 4:11 pm

Re: Two mikrotik routers conflict in same network, why???

Wed Mar 17, 2021 11:36 am

I guess you have an IP problem.

For instance:
Why is haplite DHCP server giving leases in 192.168.1.x out (your diagram do not show this)
As previously asked, what is your bridge set up exactly? a transparent bridge (IP for control only ?) or something else (WDS?)

Also when you say "I remove haplite, I can reach the haplite clients", how do you do that? Do you replace haplite with a switch?

Have you enabled neighbourhood discovering protocol on your devices? If so you might be able to see each other device at L2 (which again would point towards
IP problem)
 
xman
just joined
Topic Author
Posts: 13
Joined: Tue Mar 02, 2021 2:30 am

Re: Two mikrotik routers conflict in same network, why???

Wed Mar 17, 2021 1:03 pm

For wireless bridge I using ubiquiti 2x nanostation m5 and LiteBeam 5AC and they are in WDS mode and I don`t know how it can generate problem...

Haplite and 192.168.1.x leases was old setup and this is not in use, that is now deleted...

fo "I remove haplite, I can reach the haplite clients" answer is, hallite is on one end of network and before haplite I have few devices in same subnet and same line like this wireless bridge devices...

Who is online

Users browsing this forum: anav, Bing [Bot] and 32 guests