Community discussions

MikroTik App
 
ivan123
just joined
Topic Author
Posts: 3
Joined: Tue Jul 20, 2021 8:50 am

Routing different networks unstable

Tue Jul 20, 2021 8:58 am

Hi,

A little while ago i bought myself a routerboard. My home is full of smart devices (lightbulbs etc) that i want on a separate network so i can block internet access.
In my home i now have 3 networks:
192.168.2.0/24 - network from ISP router
192.168.100.0/24 - network behind Mikrotik for open internet
192.168.101.0/24 - network behind Mikrotik with limited/no internet access.

I notice that sometimes the routing between all of the networks is slow or it's like the connections are blocked.
For example: i have a device in the 192.168.100.0 network that controls the lightbulbs (that are in the 101 network), but they don't respond.
Also when i have my laptop connected via wireless in the 101 network, sometimes my connection is dead for a few seconds.

Below is my config, i hope anyone can help me and can tell me what i have done wrong.
# software id = NAGW-J6E6
#
# model = RB2011UiAS-2HnD
# serial number = xxxx
/interface bridge
add name=IOT-Devices
add name=PortBridge
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" group-ciphers=tkip group-key-update=1h mode=dynamic-keys name=WLAN0 supplicant-identity="" unicast-ciphers=tkip wpa-pre-shared-key=xxxx wpa2-pre-shared-key=xxx
/interface wireless
set [ find default-name=wlan1 ] amsdu-limit=2048 band=2ghz-b/g/n disabled=no frequency=auto installation=indoor mode=ap-bridge security-profile=WLAN0 ssid=WLAN-IOT wireless-protocol=802.11 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=192.168.100.50-192.168.100.200
add name=dhcp_SmartDevices ranges=192.168.101.50-192.168.101.150
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=IOT-Devices lease-time=1h name=dhcp1
/interface bridge port
add bridge=IOT-Devices interface=ether2
add bridge=IOT-Devices interface=wlan1
add bridge=PortBridge interface=ether3
add bridge=PortBridge interface=ether4
add bridge=PortBridge interface=ether5
add bridge=PortBridge interface=ether6
add bridge=PortBridge interface=ether7
add bridge=PortBridge interface=ether8
add bridge=PortBridge interface=ether9
add bridge=PortBridge interface=ether10
add bridge=PortBridge interface=ether1
/interface detect-internet
set detect-interface-list=all
/ip address
add address=192.168.100.254/24 interface=IOT-Devices network=192.168.100.0
add address=192.168.2.201/24 interface=PortBridge network=192.168.2.0
add address=192.168.101.254/24 interface=IOT-Devices network=192.168.101.0
/ip dhcp-server config
set store-leases-disk=1h
/ip dhcp-server lease
add address=192.168.100.199 comment=xxx mac-address=xx:xx:xx:xx:xx:xx server=dhcp1
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=192.168.2.254,8.8.8.8 gateway=192.168.100.254
/ip firewall filter
add action=accept chain=forward comment="Home Assistant" disabled=yes dst-address=192.168.100.0/24 src-mac-address=DC:A6:32:FB:D2:9C
add action=drop chain=forward comment="Block Internet Access Hal01" disabled=yes src-mac-address=xx:xx:xx:xx:xx
add action=accept chain=forward dst-address=192.168.101.0/24 src-address=192.168.100.100
add action=accept chain=forward dst-address=192.168.101.0/24 src-address=192.168.100.200
add action=drop chain=forward dst-address=0.0.0.0 src-address=192.168.101.50-192.168.101.150
add action=drop chain=forward dst-address=192.168.101.50-192.168.101.150
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping distance=1 gateway=192.168.2.254 pref-src=192.168.2.201
add distance=1 dst-address=192.168.2.0/24 gateway=PortBridge pref-src=192.168.2.201
/lcd interface pages
set 0 interfaces=sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Routing different networks unstable

Thu Jul 22, 2021 7:38 pm

Hi there,
Your setup is very confusing.

Which port on the mikrotik is assigned to the WAN connection to your ISP router.
In other words you state your ISP router gives you a private IP of 192.168.2.x as a private WANIP and not a public IP.
Hence your ISP probably has a modem/router combo putting you on the MODEM ROUTER LAN of 192.168.2.0/24

You seem to be confusing this one with your home lan behind the mikrotik router using the PortBridge??

Finally the IOT devices is confusing, do you mean that all wifi iot devices get a separate subnet assignment from all the wired iot devices?
OR
do you mean you have a group of IOT devices (some on wired connection some on wifi connection) that should not have internet but the others should??

Until the requirements are well understood delving into the config is meaningless.

As well the config is incomplete in other respects and wrong in others....... but will wait for requirements answer.
 
ivan123
just joined
Topic Author
Posts: 3
Joined: Tue Jul 20, 2021 8:50 am

Re: Routing different networks unstable

Sat Jul 24, 2021 12:08 am

Normaly i build Citirx environments, networking is rather unknown to me ;)

Ethernet 1 is connected to internet, got a private 192.168.2.x addres from the ISP router.
Most of the IOT devices (tuya) are wireless, they are controlled by a Raspberry pi installed with Home assistant. The Raspberry is connected on Ethernet 2 an has a fixed ip (192.168.100.100)

The tuya devices need a internet connection for the initial configuration, for that period they get a lease in the 192.168.100.x range. After device configuration i change from a dynamic IP in the 192.168.100 range to a reserved IP adress in the 192.168.101 range, the firewall blocked the internet for all this whole range.
 
ivan123
just joined
Topic Author
Posts: 3
Joined: Tue Jul 20, 2021 8:50 am

Re: Routing different networks unstable

Mon Jul 26, 2021 9:57 am

Ok, after having done a lot of searches i tried a few solutions.

1. Set the wireless to a fixed frequency instead of auto.
2. Disable STP (RSTP) on the interfaces (if bridged ports on the bridge)
3. Added firewall rule to allow all 192.168.100.0/24 to 0.0.0.0/0 (one of the last rules)

It was an hour ago since i made those modifications, the network seems more stable now.I will keep monitoring to see if the issue is solved now.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Routing different networks unstable

Mon Jul 26, 2021 10:04 am

Setting wireless frequency manually is sometimes a good thing.

Disabling RTSP is good when you know there can't be any loops in your network. But the underlying problem one might see with RSTP in conjunction with wireless is the following: when there are no active clients of wireless, by default wireless port becomes "not running" which in turn makes it inactive member of bridge. When a client connects to wireless, state transits to "running". At that moment xSTP mechanisms kick in checking if there's a loop. Depending on type of STP it can take anything between a second and few tens of seconds (for RTSP with "R" meaning rapid it's rather a few seconds) for mechanism to determine there's no loop before finally enabling port on bridge. It is possible to prevent wireless interface from getting inactive by setting disable-running-check=yes property of wireless interface.

Why don't you put rPI (the one controlling IoT devices) into same subnet? Most IoT gadgets, designed to have local control centre (as opposed to cloud-controlled ones), work best if controlling device is member of same subnet.

Who is online

Users browsing this forum: GoogleOther [Bot], tangent and 43 guests