Community discussions

MikroTik App
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Issue with my network setup

Tue Mar 23, 2021 6:55 pm

Newbie here. I have CRS112-8P-4S-IN and am using 48V input for PoE out. I am having few issues with my network after installing the switch.

My setup on Switch Port 1→ FIOS Router (192.168.188.X) Remaining ports -> home network (192.168.166.X)

The issues I see are
1> When I do a ping to MicroTik switch I consistently see ping drops after 10-20 pings.
2> Winbox keep getting disconnected every few minutes when I connect through 192.168.166.X subnet. I suspect bother these issues are related.
3> When I test network speed using speednet.net I get around 26Mbps while I get 100Mbps when connecting directly through FIOS router.

Can somebody help me identify whats wrong with my setting?

My configuration is attached
You do not have the required permissions to view the files attached to this post.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Wed Mar 24, 2021 1:10 pm

For Moderators: My posting hasnt been approved yet. Is there any issue with my posting? I could not find an option to reach the moderators so posting a reply.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Thu Mar 25, 2021 4:23 pm

CONFUSED as there is no network diagram.
Is this supposed to be acting as a switch or a router.
The reason I ask is you seem to want to state there is a higher order device (router or something) that is of a different subnet??
But then your firewall rules are very incomplete and not really safe for a firewall ......


Remove the following"
(1) add disabled=yes name=WAN-bridge1

(2) add name=dhcp_166dym_pool0 ranges=192.168.166.25-192.168.166.254
add name=dhcp ranges=192.168.166.3-192.168.166.254

(3) add bridge=WAN-bridge1 interface=ether1

(4) add interface=WAN-bridge1 list=LAN

(5) From
/ip address
add address=192.168.166.1/24 comment="IP address for LAN Bridge (x.x.166.2)" \
interface=ether2 network=192.168.166.0
TO
/ip address
add address=192.168.166.1/24 comment="IP address for LAN Bridge (x.x.166.2)" \
interface=LAN-bridge network=192.168.166.0

(6) From
add address=192.168.188.2/24 comment="IP address for WAN Bridge" interface=\
ether1 network=192.168.188.0
TO
add address=192.168.188.2/24 comment="IP address for WAN" interface=\
ether1 network=192.168.188.0



(7) Firewall Rules are very incomplete, suggest installing default firewall rules until its clear what you need.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Thu Mar 25, 2021 6:59 pm

Thanks Anav for your response,
Here is the diagram. For now I cannot remove the cable router so this is how i have setup my network. Let me know if the changes you suggested will resolve the issue.
For now i would like to resolve my network issues first, I will work on the firewall setup next.
Network.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Thu Mar 25, 2021 7:32 pm

Do you have access to the cable router
(from an ISP provider, or is this like someone giving you an IP on their personal router)??

If its a FIOS router presuming ISP, then, if not shared with others..........
a. do you have access to it?
b. can you forward all the ports to you
c. can you put it in passthru mode so you get a public iP.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Fri Mar 26, 2021 2:20 am

If its a FIOS router presuming ISP, then, if not shared with others..........
Yes its a FIOS router which i need to convert coaxial to ethernet. I plan to replace coaxial in future

a. do you have access to it? Yes
b. can you forward all the ports to you Yes
c. can you put it in passthru mode so you get a public iP.: No I am unable to put this router in pass through (tried multiple options)

You make a good point i could forward all FIOS port traffic to Mikrotik router and setup different vlan there. It would be much simpler
This would need me to setup proper firewall which as you mentioned are incomplete. Where can i find information on default firewall rules?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Fri Mar 26, 2021 2:46 am

Okay first I will show you the default ones that come from the router and then I will put my variation on them which is similar just a tad more secure.
DEFAULT
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 (if not using capsman this rule can be removed)
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN

MODIFIED

/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)" {remove if not using capsman}
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allow ADMIN to Router" in-interface-list=allowedsubnets\
src-address-list=adminaccess
add action=accept chain=input comment="Allow LAN DNS queries - TCP" \
connection-state=new dst-port=53 in-interface-list=LAN protocol=tcp
add action=accept chain=input comment="Allow LAN DNS queries-UDP" \
connection-state=new dst-port=53 in-interface-list=LAN protocol=udp
add action=drop chain=input comment="Drop anything else! # ONLY ENABLE WHEN ADMIN RULE ABOVE IN PLACE
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=forward comment="ENABLE Internet traffic" \
in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="Allow Port Forwarding" \ {you can disable this rule until you need it}
connection-nat-state=dstnat connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="DROP ALL other FORWARD traffic"
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Sun Mar 28, 2021 5:07 am

I redid my Mikrotik configuration. As per the suggestion I planned to setup router as bridge (i failed before but wanted to try it again) . But before i set it as bridge i wanted to ensure my Mikrotik configuration is good to handle LAN traffic. For some reason i continue to have issues, there is something i am doing wrong.

With Winbox I am able to connect to the Mikrotik router with MAC id but not the IP. I am also not able to get to internet

Your help is greatly appreciated.

Here is my network setup and configuration

My network diagram
My Network Diagram.png
----------------------------------------------------------------------------------
My QuickSetup
MikroTik QuickSetup.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Sun Mar 28, 2021 7:38 am

Quickset=quicksand, avoid
Will write up something tomorrow.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Sun Mar 28, 2021 9:20 pm

As stated dont use quickset to enter in parameters.

(1) Okay I see you have ether1 on bridge ports disabled as its not on the bridge being the dhcp client, thats fine.

(2) You need at least two IP addresses recognized, the one you have for the Bridge (lan) but also (and missing) the eth1 address.
Also not sure why you use DOTFIVE which is probably fine but I am used to DOTONE.

/ip address
add address=192.168.166.1/24 interface=bridge network=192.168.166.0
add address=192.168.188.165/32 interface=ether1 network=192.168.188.0

(3) YOu can get rid of funky entry in dhcp server.
/ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
add address=192.168.166.0/24 dns-server=9.9.9.9 gateway=192.168.166.1 \
netmask=24

(4) Fixed wanip so best to use sourcenat chain and action.
add chain=srcnat action=src=nat to-addresses=192.168.188.165 out-interface=ether1

(5) firewall rules are missing, so not sure if any traffic will move or all traffic moves (no security).

(6) No IP Routes so traffic can not exit the device to get to the upper router.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Issue with my network setup

Sun Mar 28, 2021 9:31 pm

add address=192.168.188.165/24 interface=ether1 network=192.168.188.0

Fixed WAN IP for you ...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Sun Mar 28, 2021 11:14 pm

Thanks but why /24, its a single IP only?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Issue with my network setup

Mon Mar 29, 2021 3:54 pm

Because device with IP address 192.168.188.165 needs to communicate with gateway at 192.168.188.1 ... the longest netmask covering both addresses is 24-bit long. Because, believe it or not, the link between RB and FIOS router is an entire subnet (because it's running on top of ethernet which is typical many-to-many L2 technology).
Sure it would be possible to construct a /32 point-to-point addressing, but in that case network address would have to be exactly the address of PtP peer (gateway) ... and probably peer would need similar setup on its NIC.

All of the above is a tad too complicated (and in SOHO environment typically unnecessary) so it's best just to follow the usual /24 addressing.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Tue Mar 30, 2021 5:40 am

I made some progress. I made the changes and added firewall rules you suggested. Please let me know if the rules are good. After all the changes, I can now can ping 192.168.166.X but not 192.168.188.1 (FIOS router) or internet. So there is something wrong with my route setup.

mysetup.rsc
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Issue with my network setup

Tue Mar 30, 2021 8:59 am

Is router successfull in obtaining DHCP lease from FIOS router? Check by running command /ip address print and verify that there's a dynamic address bound to ether1_WAN.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Tue Mar 30, 2021 1:53 pm

I could only find one item but dont think it would block traffic?

(1) You should only have one sourcenat rule so get rid of the first one as the second one captures the fixed wanip address.
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=src-nat chain=srcnat out-interface=ether1 to-addresses=\
192.168.188.2

(2) The firewall rules are almost there......... The forward chain rules have the excellent block all else rule at the bottom and you should do the same with the input chain rules BUT BUT, only after adding a rule to allow you the admin to access the router. If you dont, putting a block all else rule will lock you out as well.
So suggesting

AFTER accept ICMP rule in input chain put this........

add action=accept chain=input comment="Allow ADMIN to Router" in-interface-list=LAN src-address-list=adminaccess

where adminaccess is a firewall address list, and assumes these are static LANIP addresses
/ip firewall address-list
add address=LANIP of admin desktop list=adminaccess
add address=LANIP of admin laptop list=adminaccess
add address=LANIP of admin Ipad/smartphone list=adminaccess

After this rule is in place then put a drop all at the end of the INPUT chain.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Tue Mar 30, 2021 2:36 pm

Is router successfull in obtaining DHCP lease from FIOS router? Check by running command /ip address print and verify that there's a dynamic address bound to ether1_WAN.
There is no dynamic IP bound to ether1. I also checked FIOS router and i dont see any IP assigned to MikroTik router.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Tue Mar 30, 2021 2:46 pm

You should not have a dynamic IP assigned. I thought you were applying a static WANIP.
Follow this tutorial!!

https://www.bing.com/videos/search?q=ho ... &FORM=VIRE
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Tue Mar 30, 2021 9:50 pm

Yes MikroTik router has static IP (192.168.188.2). Settings suggested in the video matches my router setting, no changes were needed.
Some more details on my issue
  1. When i ping 192.168.188.2 from 192.168.166.X subnet i see a response
  2. Ping to 192.168.188.2 or any internet connection fail
  3. Route list in the image below shows 192.168.188.1 as reachable.
  4. When i check Fios router i dont see 192.168.188.2 assigned to MikroTik. This suggests Mikrotik router is not talking with FIOS router
.
Thanks in advance.
Router setting.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Tue Mar 30, 2021 10:04 pm

The fios didnt give out dhcp and thus it would not be visible, you statically assigned it from the MT side.
Suggest you enter the fios and also statically assign the iP to the router.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Tue Mar 30, 2021 11:17 pm

I already have setup MikroTik router setup as static on FIOS too. Here is the image that shows MikroTik Router is showing as inactive.


.
Fios Router.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Tue Mar 30, 2021 11:45 pm

Not sure of fios settings is there something else on that thing that needs to be enabled?
Did you try a different connecting cable?
Next step is trying different ports maybe.....
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Wed Mar 31, 2021 5:19 am

Changing cable did not help. There are other computers connected to FIOS with no issues. So FIOS DHCP is working fine. When i check the route list in MikroTik, it shows 192.168.188.1 as reachable through ether1. I expect to see unreachable if there was some cable issue(image below).When i ping FIOS router from PC on MikroTik router, i get timeouts but sometimes even the Mikrotik Router shows up as unreachable(image 2). Is there any logs i can check to see whats happening on ether1?

Image showing Route to FIOS is reachable
Route.png
,
Image showing ping to FIOS is failing and sometimes Mikrotik router is showing as unreachable
.
.
Ping.png
You do not have the required permissions to view the files attached to this post.
Last edited by Tom2255 on Wed Mar 31, 2021 2:47 pm, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Wed Mar 31, 2021 2:33 pm

Does the fios require a vlan to pass its internet? Highly unlikely but grasping at straws here.

Tools: Packet sniffer
https://help.mikrotik.com/docs/display/ ... et+Sniffer
Tools: Torch
https://help.mikrotik.com/docs/display/ROS/Torch


https://wiki.mikrotik.com/wiki/Manual:T ... ting_tools

wireshark may be needed to read the traffic from packet sniffer in greater detail.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Wed Mar 31, 2021 2:56 pm

No VLAN needed. i updated my post above with images. See if it points to some issue.
I do see another issue, when i reload back the original configuration (which worked but was very slow) it doesnt work anymore. I typically follow these steps to reload my configuration let me know if i am missing something
1. Reset configuration
2. Connect to Winbox
3. After logging in i remove the default configuration
4. Import my new configuration.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Wed Mar 31, 2021 3:17 pm

I would rest to defaults and start clean...........
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Wed Mar 31, 2021 5:19 pm

anav,
Can you provide some more details on the steps to start clean? I would think resetting the configuration and removing the default when i first login would be a clean start.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Wed Mar 31, 2021 5:37 pm

Good question not having done it before, but I do suggest going to the
System Menu and selecting Configuration and select the checkbox next to NO DEFAULT CONFIGURATION if you fancy starting from zero/scratch
otherwise
go to new terminal windows and type
/system reset-configuration

This should reset the router to defaults as if though you got it for the first time.
The choice is yours, personally I would use the terminal window.
 
peson
Trainer
Trainer
Posts: 202
Joined: Tue Jul 20, 2004 10:33 am
Location: Sweden

Re: Issue with my network setup

Fri Apr 02, 2021 9:59 pm

I made some progress. I made the changes and added firewall rules you suggested. Please let me know if the rules are good. After all the changes, I can now can ping 192.168.166.X but not 192.168.188.1 (FIOS router) or internet. So there is something wrong with my route setup.


mysetup.rsc
In the mysetup, you have entered:
/interface ethernet
set [ find default-name=ether1 ] mac-address=48:5D:36:38:CE:E9
The MAC-address for ether1 you set belongs to Verizon, is that the cable-modem/router?
Remove it and reboot.
Also check the lines:
/interface bridge
add admin-mac=CC:2D:E0:4C:0D:B2 auto-mac=no comment=defconf name=bridge
The Admin-MAC should be the same as one of the interfaces from the LAN bridge (ether2).
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Wed Apr 07, 2021 4:58 am

The MAC-address for ether1 you set belongs to Verizon, is that the cable-modem/router?
Yes its my cable router MAC address. To setup FIOS router as a bridge I need to setup ether1 port with MAC of FIOS router
To make it work i reset Mikrotik ether1 MAC to the original value. With this change I am able to
  • Successfully ping "google.com" from MikroTik router terminal window.
  • Unable to Ping "google.com" from a PC connected to MikroTik (192.168.166.x)
myUpdatedSetup.rsc
You do not have the required permissions to view the files attached to this post.
 
peson
Trainer
Trainer
Posts: 202
Joined: Tue Jul 20, 2004 10:33 am
Location: Sweden

Re: Issue with my network setup

Wed Apr 07, 2021 1:13 pm

The MAC-address for ether1 you set belongs to Verizon, is that the cable-modem/router?
Yes its my cable router MAC address. To setup FIOS router as a bridge I need to setup ether1 port with MAC of FIOS router
To make it work i reset Mikrotik ether1 MAC to the original value. With this change I am able to
  • Successfully ping "google.com" from MikroTik router terminal window.
  • Unable to Ping "google.com" from a PC connected to MikroTik (192.168.166.x)
myUpdatedSetup.rsc
No, you cannot use a MAC that still is in use on the FIOS bridge.

In your config file you have removed it, thats good.
I can't see any srcnat rule for outgoing traffic, add this:
/ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade 
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Thu Apr 08, 2021 4:44 am

Thanks Peson that fixed it. For some reason my configuration file did not import properly and the NAT setting got dropped.

I am happy now that my setup works
Thanks Anav and Peson for helping me resolve this issue.

To summarize my mistake was changing the MAC Address of interface ether1 . I understand even though MikroTik provides capability to change MAC address of ether1 i should not change it.
With this restriction i cannot setup FIOS router in bridge mode as I understand Verizon checks MAC address of router.

I am attaching my final configuration with firewall rules that Anav suggested. Somebody with similar setup can use this.
Note: I added rules to allow Winbox and SSH
myConfig.rsc
You do not have the required permissions to view the files attached to this post.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Issue with my network setup

Thu Apr 08, 2021 9:55 pm

First of all.
Are you planning to use the CRS112 as switch or a router?

It looks like you are using it as a router and software bridgeing. Expect very low performance with this setup.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Fri Apr 09, 2021 4:10 am

Yes i am using CRS112 as a router. FIOS is also a router for now as i look out for options to change that.
Is your suggestion to use FIOS as router and keep CRS112 as switch for better performance?
I tried with one device connected to CRS112 and i dont see any degrade but its possible that CRS112 might slow down as i connect more devices.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Fri Apr 09, 2021 1:51 pm

Yes i am using CRS112 as a router. FIOS is also a router for now as i look out for options to change that.
Is your suggestion to use FIOS as router and keep CRS112 as switch for better performance?
I tried with one device connected to CRS112 and i dont see any degrade but its possible that CRS112 might slow down as i connect more devices.
Bad idea, since when does anyone want an ISP to be fondling your jewels.
Always use your own router if possible, the only thing the ISP should be doing is providing a public IP.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Fri Apr 09, 2021 2:53 pm

Bad idea, since when does anyone want an ISP to be fondling your jewels.
Always use your own router if possible, the only thing the ISP should be doing is providing a public IP.
With my setup ISP can see just the CRS-112 router as I connect all my devices to CRS-112. I cannot get rid of FIOS router as it converts coxial to ethernet and ISP also check the MAC address of the device directly connecting to it.
I would like to better understand the reasoning for slow performance with this setup.
 
peson
Trainer
Trainer
Posts: 202
Joined: Tue Jul 20, 2004 10:33 am
Location: Sweden

Re: Issue with my network setup

Fri Apr 09, 2021 4:43 pm

The performance must relate to something, If you get the performance that the cablemodem delivers, then fine, if you want to route traffic between local subnets, it will be slow.

CRS1xx/2xx has a slow CPU when it comes to software bridging and routing. For switching traffic in L2 network it works allright, so it all depends of how it is used.
You kan read about this on the product page. https://mikrotik.com/product/CRS112-8G- ... estresults
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Issue with my network setup

Fri Apr 09, 2021 9:56 pm

The CRS112 maxes out ~70-90Mbps as a router/firewall without any fancy features, maybe that enough for you.

It's also important that you verify that the "LAN" ports has the H flag, or else the traffic will be pushed via the CPU. It's the main pitfall with Mikrotik switches that it can do anything, but if you do it wrong it will revert to software and use the CPU.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Sat Apr 10, 2021 2:06 am

This is very good information. I have the hardware offload flag checked so this should reduce CPU use. I will check the bandwidth again once i connect additional devices to CRS112
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Issue with my network setup

Sat Apr 10, 2021 10:17 am

If you need to use a specific MAC-adress for the WAN-side/DHCP-client, then create an additional bridge with the physical port.

Example:
/interface bridge
add admin-mac=CC:2D:E0:4C:0D:B2 auto-mac=no comment=defconf name=bridge
add admin-mac=11:22:33:44:55:66 auto-mac=no comment=WAN name=bridge-wan

/interface list
add name=WAN
add name=LAN

/interface bridge port
add bridge=bridge-wan interface=ether1
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=sfp9
add bridge=bridge comment=defconf interface=sfp10
add bridge=bridge comment=defconf interface=sfp11
add bridge=bridge comment=defconf interface=sfp12

/interface list member
add interface=bridge-wan list=WAN
add interface=bridge list=LAN

/ip dhcp-client
add disabled=no interface=bridge-wan
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Sat Apr 10, 2021 4:08 pm

As you had warned CRS112 became unstable when i connected multiple devices with frequent connections drops. As some of you had recommended I am planning to use CRS112 as a PoE switch and buy another router. Need your advice on the router , will a hEX router suffice for me? This is for a home setup with 4 adults with each doing online school or remote work plus everyone streaming or playing online games later in the evening.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Issue with my network setup

Sat Apr 10, 2021 4:53 pm

As you had warned CRS112 became unstable when i connected multiple devices with frequent connections drops. As some of you had recommended I am planning to use CRS112 as a PoE switch and buy another router. Need your advice on the router , will a hEX router suffice for me? This is for a home setup with 4 adults with each doing online school or remote work plus everyone streaming or playing online games later in the evening.
Hi Tom, looking for trouble, youve come to the right place...
Sorry felt like quoting one of my fav Jimi Henrix lines.

The hex units are quite capable but the real question is what are the speeds of your internet connections now and likely to be in the next five years.
If they are like 200/200 then stick with the hex, if they are now or going to be 1gig fiber then go with the RB4011 wired.
I am similar boat as you and have the CCR1009 model only because I was sponsored by the poker player in the house when my RB450Gx4 started acting freaky.
If not my next move was the RB4011 wired. I use the two hexes I have as a switch and backup router.
The hexes are dirt cheap and its not a bad idea to get one as a backup and to play with on the side.
 
Tom2255
just joined
Topic Author
Posts: 19
Joined: Tue Mar 23, 2021 5:37 pm

Re: Issue with my network setup

Sun Apr 11, 2021 4:26 pm

Unfortunately my problem continues even with CRS112 setup as a switch. In the new setup IP for FIOS router is IP 192.168.188.1 and CRS112 is 192.168.188.2. If I connect just one PC to CRS112 everything is OK. But when I connect multiple devices the switch breaks down. I see the below issues with multiple connections. These are my original issues that i started with when CRS112 was setup as a router. Please let me know if there is something wrong with this setup or my device itself is bad.

1. When I ping CRS112 (192.168.188.2) continuously from PC connected to the switch, I see pings timing out (after every 7-10 pings)
2. I am unable to connect to CRS112 using Winbox as I get disconnected within 3 secs of logging in.

I also have issues when I set the device in PoE setup (48V power) but that I will tackle that once I fix this simple setup.
mySwitchSeup.rsc
You do not have the required permissions to view the files attached to this post.
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Issue with my network setup

Mon Apr 12, 2021 6:27 pm

Do you have 192.168.188.2 reserved in the DHCP-server on the FIOS so it's not handed out to some other device (causing IP collision) ?
/ip address
add address=192.168.188.2/24 interface=ether2 network=192.168.188.0
You can't set an IP-adress on a switchport on a switch. You have to set in on bridge1 interface
/interface bridge filter
add action=drop chain=input dst-port=68 in-interface=!ether1 ip-protocol=udp mac-protocol=ip
What?
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=LAN
Why? You are using as a LAN switch now, right?
/ip dhcp-client
add interface=bridge1
Now you will get an additional IP-adress fromt the FIOS here, causing mutiple adresses on the Mikrotik.

Who is online

Users browsing this forum: Bing [Bot] and 31 guests