Community discussions

MikroTik App
 
User avatar
Sky18
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Sat Jan 13, 2018 9:21 am
Location: Germany

No Internet on Wlan bridge

Wed Mar 17, 2021 12:37 pm

Hello,

I cannot access internet from my Wlan devices on Bridge2.
Setup is a follows:
(Bridge1 and Bridge2 are MikroTik devices)
IMG_20210317_111100sm.jpg
From my smartphone 192.168.177.189 I can ping 192.168.177.188, 192.168.177.1 and 192.168.176.1
From 192.168.177.188 and 192.168.177.1 I can ping my smartphone 192.168.177.189.
(192.168.176.1 is the router from the ISP and does not support any tools like Ping)
Ping time is sometimes up to 180ms (which is pretty much from my feeling)

From Bridge2 I can execute a traceroute to e.g. goolge.com successfully.

But I cannot access the internet from my e.g. smartphone connected to the Wifi of Bridge2

Any proposals how to solve this issue are very appreciated!

Bridge2 (192.168.177.188) Config
# mar/17/2021 11:08:35 by RouterOS 6.48.1
# software id = L533-7MSK
#
# model = RouterBOARD 941-2nD
# serial number = xxxx
/interface bridge add name=bridge1
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/interface wireless security-profiles add authentication-types=wpa2-psk comment=password eap-methods="" management-protection=allowed mode=dynamic-keys name=sec-profile supplicant-identity="" wpa2-pre-shared-key=password
/interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=germany disabled=no frequency=auto installation=indoor mode=ap-bridge security-profile=sec-profile ssid=testWiFi wireless-protocol=802.11
/interface bridge port add bridge=bridge1 interface=wlan1
/interface bridge port add bridge=bridge1 interface=ether1
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=ether3
/interface bridge port add bridge=bridge1 interface=ether4
/ip dhcp-client add disabled=no interface=bridge1
/system clock set time-zone-name=Europe/Berlin
/system identity set name=APxxx
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11440
Joined: Thu Mar 03, 2016 10:23 pm

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 1:06 pm

I can't say anything about devices on bridge2 ... but since you can ping bridge1 from your phone, then I guess bridge2 is pretty much transparent for communication between phones and bridge1.

Since bridge2 is getting its IP config via DHCP, you have to verify that DHCP server also sets default gateway for 192.168.177.0/24 subnet (it should be 192.168.177.1) ... you can check by executing command /ip route print.

If DHCP server (presumably running on bridge1) indeed does set default gateway for client devices, then the problem is configuration of bridge1. Post full config of that device so we can see what might be missing.
 
User avatar
Sky18
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Sat Jan 13, 2018 9:21 am
Location: Germany

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 1:49 pm

I can't say anything about devices on bridge2 ... but since you can ping bridge1 from your phone, then I guess bridge2 is pretty much transparent for communication between phones and bridge1.

Since bridge2 is getting its IP config via DHCP, you have to verify that DHCP server also sets default gateway for 192.168.177.0/24 subnet (it should be 192.168.177.1) ... you can check by executing command /ip route print.

If DHCP server (presumably running on bridge1) indeed does set default gateway for client devices, then the problem is configuration of bridge1. Post full config of that device so we can see what might be missing.

Thanks for your quick response, Metod.
Outpit from /ip route print is:
[admin@APxxx] > /ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.177.1             1
 1 ADC  192.168.177.0/24   192.168.177.188 bridge1                   0

Config of Bridge1 will follow asap.
 
User avatar
Sky18
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Sat Jan 13, 2018 9:21 am
Location: Germany

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 2:00 pm

Config of Bridge1 (removed ~2000 lines of script code and other things not network related like scheduler entries and so on)
# mar/14/2021 07:00:00 by RouterOS 6.48.1
# software id = D5X3-81PB
#
# model = RouterBOARD 750G r3
# serial number = xxx
/interface bridge add fast-forward=no name=bridge_192.168.176.0
/interface bridge add fast-forward=no name=bridge_192.168.177.0
/interface ethernet set [ find default-name=ether1 ] name=ether1_LAN speed=100Mbps
/interface ethernet set [ find default-name=ether2 ] name=ether2_basement speed=100Mbps
/interface ethernet set [ find default-name=ether3 ] name=ether3_lounge speed=100Mbps
/interface ethernet set [ find default-name=ether4 ] name=ether4_Kids speed=100Mbps
/interface ethernet set [ find default-name=ether5 ] name=ether5_WiFi speed=100Mbps
/interface list add name=LAN
/interface list add name=LAN-via-FB
/ip firewall layer7-protocol add name=Youtube regexp="^..+\\.(youtube.com|googlevideo.com|akamaihd.net).*\$"
/ip firewall layer7-protocol add name=streaming---test regexp="^..+\\.(3gp|mov|mpe|mpeg|mpeg2|mpeg3|mpeg4|mkv|avi|flv|f4v|f4p|f4a|f4b|x-flv|msi|wmv|mp2|mp3|mp4|swf|rm|rmvb|vcd|pdf|dat|iso|nrg|bin|cab|vcd|ogg|wma|divx|d2v|qt|0[0-9][0-9]).*\$"
/ip pool add name=dhcp_pool0 ranges=192.168.177.100-192.168.177.254
/ip dhcp-server add address-pool=dhcp_pool0 disabled=no interface=bridge_192.168.177.0 lease-time=1000w name=dhcp1
/queue simple add limit-at=1M/20M max-limit=10M/60M name=PS3-WZ+PS4WZ_Limit-At priority=1/1 queue=default/default target=192.168.177.244/32,192.168.177.189/32
/queue simple add comment=PCBT2015 limit-at=25M/80M max-limit=25M/80M name=PCBT2015-Night priority=2/2 queue=default/default target=192.168.177.254/32
/queue simple add comment=PCLS2019 limit-at=25M/80M max-limit=25M/80M name=PCLS2019 priority=2/2 queue=default/default target=192.168.177.192/32
/queue simple add comment=PCAS2015 limit-at=15M/60M max-limit=20M/75M name=PCAS2015 priority=2/2 queue=default/default target=192.168.177.232/32
/queue simple add limit-at=10M/20M max-limit=20M/80M name=PS4-Bandwidth-Monitoring priority=3/3 queue=default/default target=192.168.177.231/32
/queue simple add comment=PCBT2015 disabled=yes limit-at=384k/1M max-limit=384k/1M name=PCBT2015-Day priority=2/2 queue=default/default target=192.168.177.254/32
/queue tree add max-limit=92M name=total-traffic parent=global queue=default
/queue tree add max-limit=38M name=upload packet-mark=upload parent=total-traffic queue=default
/queue tree add max-limit=92M name=download packet-mark=download parent=total-traffic queue=default
/system logging action set 1 disk-file-count=25 disk-file-name=disk1/log disk-lines-per-file=4096
/user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/user group add comment="dircreate group" name=dircreate policy=ftp,!local,!telnet,!ssh,!reboot,!read,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp
/interface bridge port add bridge=bridge_192.168.176.0 interface=ether1_LAN
/interface bridge port add bridge=bridge_192.168.177.0 interface=ether4_Kids
/interface bridge port add bridge=bridge_192.168.177.0 interface=ether2_basement
/interface bridge port add bridge=bridge_192.168.177.0 interface=ether3_lounge
/interface bridge port add bridge=bridge_192.168.177.0 interface=ether5_WiFi
/ip neighbor discovery-settings set discover-interface-list=!LAN
/ip settings set allow-fast-path=no route-cache=no send-redirects=no
/interface list member add interface=ether2_basement list=LAN
/interface list member add interface=ether3_lounge list=LAN
/interface list member add interface=ether5_WiFi list=LAN
/interface list member add interface=ether4_Kids list=LAN-via-FB
/interface list member add interface=ether1_LAN list=LAN-via-FB
/ip address add address=192.168.176.20/24 interface=bridge_192.168.176.0 network=192.168.176.0
/ip address add address=192.168.177.1/24 interface=ether2_basement network=192.168.177.0
/ip address add address=192.168.177.4/24 interface=ether5_WiFi network=192.168.177.0
/ip address add address=192.168.177.2/24 interface=ether3_lounge network=192.168.177.0
/ip address add address=192.168.177.3/24 interface=ether4_Kids network=192.168.177.0
/ip dhcp-server lease add address=192.168.177.244 client-id=1:70:9e:29:7:f9:39 comment=PS3-WZ mac-address=70:9E:29:07:F9:39 server=dhcp1
/ip dhcp-server lease add address=192.168.177.243 comment=Kathrein-UFS800-Receiver mac-address=0C:F0:B4:AA:28:24 server=dhcp1
/ip dhcp-server lease add address=192.168.177.235 always-broadcast=yes client-id=1:bc:ae:c5:91:e:80 comment=PCLS2011 mac-address=BC:AE:C5:91:0E:80 server=dhcp1
/ip dhcp-server lease add address=192.168.177.233 client-id=1:50:56:bf:6:d4:f8 comment=TV-LS mac-address=50:56:BF:06:D4:F8 server=dhcp1
/ip dhcp-server lease add address=192.168.177.77 client-id=1:64:d1:54:33:60:e9 comment=MikroTik-RB951G-2HnD mac-address=64:D1:54:33:60:E9 server=dhcp1
/ip dhcp-server network add address=192.168.177.0/24 gateway=192.168.177.1
/ip dns set allow-remote-requests=yes servers=192.168.176.1,8.8.8.8
/ip firewall address-list add address=192.168.177.254 list=pi-hole_DNS
/ip firewall filter add action=accept chain=forward comment=host_mikrotik dst-address-list=host_mikrotik src-address=192.168.177.254
/ip firewall filter add action=accept chain=forward comment=host_lernen dst-address-list=host_lernen src-address=192.168.177.254
/ip firewall filter add action=drop chain=forward comment="Block all for PCBT2015 except Studienkreis" disabled=yes dst-port=80,443 protocol=tcp src-address=192.168.177.254 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
/ip firewall filter add action=drop chain=forward comment="block chromium internal DNS 8.8.8.8+8.8.4.4 when \"transparent Proxy Pi-hole\" is active" disabled=yes dst-address=8.8.8.8 src-address=192.168.177.254 src-address-list=""
/ip firewall filter add action=drop chain=forward comment="block chromium internal DNS 8.8.8.8+8.8.4.4 when \"transparent Proxy Pi-hole\" is active" disabled=yes dst-address=8.8.4.4 src-address=192.168.177.254 src-address-list=""
/ip firewall mangle add action=mark-packet chain=prerouting comment=download in-interface=bridge_192.168.176.0 new-packet-mark=download passthrough=yes
/ip firewall mangle add action=mark-packet chain=postrouting comment=upload new-packet-mark=upload out-interface=bridge_192.168.176.0 passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward comment=Youtube layer7-protocol=Youtube new-connection-mark=youtube_conn passthrough=yes
/ip firewall mangle add action=mark-packet chain=prerouting comment=download in-interface=bridge_192.168.176.0 new-packet-mark=download passthrough=yes
/ip firewall mangle add action=mark-packet chain=postrouting comment=upload new-packet-mark=upload out-interface=bridge_192.168.176.0 passthrough=yes
/ip firewall mangle add action=mark-connection chain=forward comment=Youtube layer7-protocol=Youtube new-connection-mark=youtube_conn passthrough=yes
/ip firewall nat add action=masquerade chain=srcnat comment=nat-internet-access out-interface=bridge_192.168.176.0
/ip firewall nat add action=masquerade chain=srcnat comment=nat-internet-access out-interface=bridge_192.168.176.0
/ip firewall nat add action=dst-nat chain=dstnat comment="transparent Proxy Pi-hole" disabled=yes dst-address=!192.168.177.185 dst-port=53 protocol=udp src-address=192.168.177.254 to-addresses=192.168.177.185
/ip firewall nat add action=dst-nat chain=dstnat comment="transparent Proxy Pi-hole" disabled=yes dst-address=!192.168.177.185 dst-port=53 protocol=tcp src-address=192.168.177.254 to-addresses=192.168.177.185
/ip firewall nat add action=masquerade chain=srcnat comment="transparent Proxy Pi-hole" disabled=yes dst-address=192.168.177.185 dst-port=53 protocol=udp src-address=192.168.177.254
/ip firewall nat add action=masquerade chain=srcnat comment="transparent Proxy Pi-hole" disabled=yes dst-address=192.168.177.185 dst-port=53 protocol=tcp src-address=192.168.177.254
/ip firewall nat add action=dst-nat chain=dstnat comment="transparent Proxy Pi-hole [for all clients]" disabled=yes dst-address=!192.168.177.185 dst-port=53 protocol=udp src-address=!192.168.177.185 to-addresses=192.168.177.185
/ip firewall nat add action=dst-nat chain=dstnat comment="transparent Proxy Pi-hole [for all clients]" disabled=yes dst-address=!192.168.177.185 dst-port=53 protocol=tcp src-address=!192.168.177.185 to-addresses=192.168.177.185
/ip proxy access add action=deny
/ip route add distance=1 gateway=192.168.176.1
/ip route add disabled=yes distance=1 dst-address=192.168.176.172/32 gateway=bridge_192.168.177.0
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set ssh disabled=yes
/ip ssh set allow-none-crypto=yes forwarding-enabled=remote
/system clock set time-zone-name=Europe/Berlin
/system identity set name=MikroTik-Base
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 2:27 pm

I have no clue what you mean by MT device and no clue what you mean by bridge.
Which devices (models) and are they acting as switches only, or as switch/ Access Point Switches, or Routers for example.
Are they wired ?
 
User avatar
Sky18
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Sat Jan 13, 2018 9:21 am
Location: Germany

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 2:49 pm

I have no clue what you mean by MT device and no clue what you mean by bridge.
Which devices (models) and are they acting as switches only, or as switch/ Access Point Switches, or Routers for example.
Are they wired ?
Both are configured as Bridges and connected with a network cable.
From ether2_basement in Bridge1 to ether2 in Bridge2.
ether1_LAN in Bridge1 is connected to the ISP Router.

Bridge1 has RouterBOARD 750G r3.
Bridge2 has RouterBOARD 941-2nD.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 3:24 pm

Well, again I find that confusing, a bridge is functionality within the device, its either a switch or a router etc.
So I will take it as switches.
Suggest you read this guidance on how to use vlans and switches.
Having two bridges is also confusing, all one needs is ONE bridge.
Change your subnets to vlan77 and vlan78 for example.
The bridges have then no DHCP responsibility etc......

viewtopic.php?f=13&t=143620
 
User avatar
Sky18
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Sat Jan 13, 2018 9:21 am
Location: Germany

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 3:44 pm

... no clue what you mean by bridge.
...
Bridge Mode:
MikroTik-Bridge Mode.jpg
You do not have the required permissions to view the files attached to this post.
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 4:14 pm

On your Bridge1 configuration you have the address 192.168.177.1 set to interface=ether2, this should be set to the Bridge that port salved to, interface=bridge_192.168.177.0.

Also the other IP's for the other ports also slaved to that bridge will also not work.
 
User avatar
Sky18
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Sat Jan 13, 2018 9:21 am
Location: Germany

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 5:41 pm

Well, again I find that confusing, a bridge is functionality within the device, its either a switch or a router etc.
So I will take it as switches.
Suggest you read this guidance on how to use vlans and switches.
Having two bridges is also confusing, all one needs is ONE bridge.
Change your subnets to vlan77 and vlan78 for example.
The bridges have then no DHCP responsibility etc......

viewtopic.php?f=13&t=143620
...when thinking again, yes, in this basis config it seems to be a switch.
When this is working as expected, config will become more complex and then, at least in my understanding, it has to be a bridge because of multiple IP address segments.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11440
Joined: Thu Mar 03, 2016 10:23 pm

Re: No Internet on Wlan bridge

Wed Mar 17, 2021 6:06 pm

Configuration on bridge1 seems overly complicated to me. From a quick glance nothing is sticking out as wrong to me, but frankly I don't want to delve into config. There are quite a few mis-configs (which don't necessarily break the whole config, such as assignment of IP addresses to each of bridge slave ports, but one never knows).
You may want to torch traffic on both sides of bridge1 while pinging IDP modem to verify that packets are properly SRC-NATed.
 
User avatar
Sky18
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 57
Joined: Sat Jan 13, 2018 9:21 am
Location: Germany

Re: No Internet on Wlan bridge  [SOLVED]

Wed Mar 17, 2021 7:59 pm

Thanks for your support, guys! The switch hint was the push into the right direction.

Finally topic "Using MikroTik hAP as simple switch plus wireless AP" viewtopic.php?p=717591#p716182 from vecernik87 saved the day.

Who is online

Users browsing this forum: Bing [Bot] and 37 guests