Community discussions

MikroTik App
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

WHY RouterOS insists on making ether1 a WAN port

Wed Aug 04, 2021 6:43 pm

My QUESTION: Why does RouterOS insist on setting Ether1 as a WAN port?
The RouterOS performs this conversation behind the scenes and doesn't update the GUI after this automatic dynamic change which kills the management IP connection. There is NO GUI update of this dynamic behind the scenes change.

I have 2 MikroTik routers (CHR) setup in a virtual environment - mostly for learning research of RouterOS.

I start with System, Reset configuration, No Default Configuration and Do Not Backup.
I set these 2 devices -(SW-1 and SW-2) in Bridge-Mode, created Access vlans and a Trunk port between them. Oracle VB GUI -by default- only allows 4 interfaces within the GUI.
* Management is setup on Ether1
* Access Vlan20 is on Ether2
* Access Vlan30 is on Ether3
* Trunk (vlan 20 and 30) on Ether4

Layer-2 bridging initially works until the RouterOS makes a dynamic behind the scenes change (about 5 minutes).
I change Ether1 to LAN. If I assign the management IP address to the Ether1 LAN port RouterOS will dynamically change it to Ether2 and Ether1 to WAN. Hello, this is Layer-2.
To Fix: On the CLI create a new bridge to Ether1 and set the IP address to the new bridge but even then Interfaces, Interface List tab still insists Ether1 is WAN.

Juniper_Router1----MikroTik_SW-1------MikroTik_SW-2----Juniper_Router2
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: WHY RouterOS insists on making ether1 a WAN port

Wed Aug 04, 2021 6:53 pm

If you really reset configuration without keep old config and without set defaults, WAN group on interface list do not exist,
If you really reset configuration without keep old config and without set defaults, "detect internet" is disabled
If you really reset configuration without keep old config and without set defaults, the subsequent errors can be caused only from your settings.

Post
/export hide-sensitive
on forum
and let's us to see the config.
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Wed Aug 04, 2021 7:28 pm

From the Winbox client, followed MikroTik First Time Configuration for reset and Configure IP Access.- Nothing more as I did not progress past DHCP bla bla bla.

https://help.mikrotik.com/docs/display/ ... figuration

See attachment of results

Notice even though I assigned the IP management address to Ether1, RouterOS assigned it to Ether2. Yikeeeeesssssss.

Thank you for your assistance
Frank
You do not have the required permissions to view the files attached to this post.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Wed Aug 04, 2021 7:30 pm

Short answer: because you configured it to do so.
And yes, post a config export.
That's not how a clean config looks like.
You had https://wiki.mikrotik.com/wiki/Manual:Detect_internet enabled at some point.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WHY RouterOS insists on making ether1 a WAN port

Wed Aug 04, 2021 7:50 pm

L e t m e s p e l l i t o u t s l o w l y!!!

/export hide-sensitive file=anynameyouwish
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Wed Aug 04, 2021 8:07 pm

It appears even though I clicked on the No Default Configuration and Do Not Backup and did not select the box for Keep User Configuration these built-in options do not actually work. Or perhaps the wording does not actually mean start from scratch with NO Configuration.

????

Thanks again
Frank
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Wed Aug 04, 2021 8:17 pm

OK, so I reinstalled the OS again and the basic out of the box config is this:

[admin@MikroTik] > /export hide-sensitive
# aug/04/2021 17:11:39 by RouterOS 6.47.10
# software id =
#
#
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client
add disable=no interface=ether1
[admin@MikroTik] >

I guess the public MikroTik document that instructs the user on how to enable IP access is possible creating the failures. (url link provided previously).

Thanks
Frank
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 10:24 am

AFAIR CHR does not come with the default configuration that RouterBoards come with.
It only has a dhcp-client configured on ether1 and that's it (as shown on your latest export).

The default configuration on RouterBoards, does indeed consider ether1 as the 'WAN' port.
But there is nothing stopping you from making whatever port you want as the 'WAN' port.
It doesn't mean anything anyway. RouterOS just routes packets between ports. From its point of view there is no WAN or LAN. Just ports.
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 897
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 11:43 am

There is an earlier statement on this issue (well.. slightly related issue) from staff:


viewtopic.php?p=646067#p646067

DHCP client is required on CHR installations since most of cloud services provide only access through IP address and you do not have direct access to console.

In order to make it happen, CHR checks if there is an IP address on ether1 interface or on bridge if ether1 is in it. If there is no IP address or DHCP client, then one is created automatically.

If client is disabled, then still new one will be created in case it was disabled by accident.

If there is a static IP address on ether1 (or bridge) new DHCP client will not be added.

In your config, you have set no IP on ether1. So adding a (bogus) IP on ether1 should fix this behavior.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 3:50 pm

The default configuration on RouterBoards, does indeed consider ether1 as the 'WAN' port.
Only the SoHo models. The CCR, RBxxxx (does RB4011 do this?) and CRS lines don't do this. I think CHR doesn't do it too.
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 7:09 pm

Here's what's happening
Within Oracle VB, I assigned management PC to Adapter1 to MikroTik Ether1 via a Bridged connection
Start MikroTik CHR with base-line factory default configuration
On MikroTik:
Create a bridge (SW-1) and assign Ether1 to this bridge (SW-1)
Assign my management IP to the bridge SW-1 and interface Ether1.
IP, Routes, Add a route to next-hop of inside router, which MikroTik reports as reachable. (here I mistakenly referred to this route a STATIC route but clearly this is not STATIC as RouterOS has a behind the scenes dynamic feature about these statically added entries).

When I assign the gateway IP address within the Quick Set dialog box - (I guess a CLI command is also available) - for the next hop router which happens to be off of Ether2, it changes my configuration of bridge SW-1 to Ether2 (CLI ip address print) and assigns Ether1 as WAN (GUI). Additionally HOWEVER RouterOS does not update the GUI dialog boxes of the SW-1 to Ether2. There seems to be a disconnect between the CLI and GUI at this point.

It appears the software is designed to think it knows better and I guess to overcome user misconfigurations without any warning or notice just changes the configuration and fails to update GUI. Very Interesting.

Maybe it's just me - :)
Thanks
Frank
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 7:12 pm

Do not, I repeat, DO NOT use Quick Set. THIS is the source of your problems. It will assume several things, and WILL steamroll over any config You already have.
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 7:42 pm

Ahhhh THANK YOU. Noted!!!

Any other tips??? :)

I guess to set a gateway I should use the cli and in fact I guess I should just use the CLI for all configurations.
Thank you
Frank
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 7:43 pm

Yes, when you ask for help, explain everything in the first post, so that it is not necessary to do an "interview with users"®
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 8:05 pm

You can use the CLI to set the gateway. Winbox and webfig work too.
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 10:22 pm

Ok I think I have it figured out!!!!


MGT PC---------------------Bridged----------MikroTik Ether1
:
Router------192.18.10.0/24------------------MikroTik Ether2

Using the GUI
Ether1 connected as Bridged Adapter 1 within Oracle Virtual Box (The intent is to change this interface to the up streams router where Ether2 is currently sitting)
Ether2 is sitting on the upstream routers subnet
Ether3 is down
Ether4 is down

Reset config via GUI
System, Reset Configuration, check box: No Default Configuration, check box: Do Not Backup, Click on: Reset Configuration button

Reset config via CLI
/system reset-configuration no-defaults=yes skip-backup=yes

Setup IP Management of bridge (switch)
Bridge,  Bridge tab,   +,   Enter bridge name (I used SW-1)
Bridge,  Ports tab,     +,   Select interface ether1, bridge SW-1
IP,   Addresses,         +,   192.168.10.252/24 interface SW-1

IP,   Routes,              +,    Dst. Address 192.168.2.0/24, Gateway 192.168.10.1, ok button

Ok here is where things go wrong.
Because RouterOS is able to communicate with the upstream router on Ether2 and not on Ether1, RouterOS dynamically modifies the configuration and as I pointed out before, NO NOTICE and NO GUI UP DATES. RouterOS sets the gateway address to Ether2. This change can be seen in the CLI output only- ip address print or also with the export command. The Changes are not updated within the GUI.

ip address print
Flags:  X - disable,  I - invalid,  D - dynamic
#     ADDRESS             NETWORK        INTERFACE
0     192.168.10.252      192.168.10.0     ether2

--or--
export
....
/ip address
add   address=192.168.10.252/24   interface=ether2   network=192.168.10.0

Once Ether2 is able to communicate with the up stream router you cannot change this route unless you create an alternate interface that can communicate with the up stream router. After you add the new interface and the new interface is able to communicate with the up stream router, you can remove Ether2 from your configuration. You can successfully ping this MikroTik CHR bridge from the up stream router. However, the MikroTik cannot ping anything nor can you connect to it.

I setup a 2nd MikroTik CHR with my new CLI commands (shown below) and it worked as expected. I compared both configurations (working and broken) and the only differences were IP addresses of the management IP. Once I reset the configuration on the broken box and reset via CLI, all worked as expected but I spent most of today figuring this out. Keep in mind this is only to allow you to connect to the remote MikroTik bridge and start configurations which I have sadly not figured out yet. Hope this help you!!

And ol yea, I did reboot and power off multiple times, but to no avail.

#######################################
# Name your MikroTik bridge
#######################################
/system identity set name=SW-2

#######################################
# Bridge, create bridge and assign interface
#######################################
/interface bridge add name=SW-2
/interface bridge port add bridge=SW-2 interface=ether3

#######################################
# IP Addressing & Routing
#######################################
/ip address add address=192.168.10.252/24 interface=SW-2

# Up stream router IP address
/ip route add distance=1 gateway=192.168.10.1

Hope you have a great day!!
Frank
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Thu Aug 05, 2021 11:26 pm

The default configuration on RouterBoards, does indeed consider ether1 as the 'WAN' port.
Only the SoHo models. The CCR, RBxxxx (does RB4011 do this?) and CRS lines don't do this. I think CHR doesn't do it too.
You are correct.

RB4011 does have the standard default configuration as other SoHo models.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: WHY RouterOS insists on making ether1 a WAN port

Fri Aug 06, 2021 8:29 am

My QUESTION: Why does RouterOS insist on setting Ether1 as a WAN port? ...
Questions arise:

1. What is the real problem with Eth1 as default WAN?
2. Should the router ask "What interface you want to be WAN"?
3. If the answer for 2 is "yes" what are pros for such a solution?
4. Does it really matter what port you connect WAN cable to? Except aesthetic reasons.

It is not "insisting". IMHO It was just naturally chosen for uniformity as most routers have Eth1 but not all have Eth2, Eth3 and more ports.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Fri Aug 06, 2021 11:10 am

Well, actually on some models it is not the best to use port 1 for WAN, e.g. the older CCR1009 series (with switch on port 1-4) and the RB1100.
However, those models do not come with that default config that assumes ether1 is for WAN.

The only thing I have seen in those and in CHR is the DHCP client on ether1 that keeps coming back. Probably done to help newbies to access a completely new router without having to use console port or MAC access, but it is a bit of a drag when you want to /import a saved configuration on a completely cleared router.
Always have to remember to remove that and then quickly do the import.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: WHY RouterOS insists on making ether1 a WAN port

Fri Aug 06, 2021 11:26 am

I know that you know that I know :) but there is no win-win choice when it comes to SOHO-like market.
Pros are aware how to manage such a situation.
Newbies/SOHOs look for the second bottom/hidden agenda instead of changing setting to their needs.

P.S.
Why some models have particular port described as "Internet"?
Why Mikrotik "insist" on serving PoE-out on the last port of a switch?
Why PoE-in usually works on Eth1 not on e.g. Eth3?
And so on ....
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WHY RouterOS insists on making ether1 a WAN port

Fri Aug 06, 2021 1:21 pm

As Bartoz says, this thread is whole lotta bout nothing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Fri Aug 06, 2021 2:50 pm

In MikroTik routers it is even more about nothing than usual.
With the typical home router, the "WAN port" is hardwired in the whole router to be the internet port.
But in RouterOS this is not at all the case. You can use any port as the WAN port, and adapt to hardware circumstances like PoE capabilities, speed, being on a switch, etc etc.
Many other routers do not have that flexibility.

In fact on the CCR1009 at work I have chosen to put a bridge on every functional interface. So I have two bridges for the two internet connections, ether7 is member of one and ether8 of the other.
And also a bridge for the LAN, the guest network, an IoT network, all with only a single ethernet port as member.
All configuration (IP address, routes, firewall rules, queues, etc etc) is applied to the bridge interface, and I can easily move the internet connection to another physical port by just making another port member of that bridge.
With the simple case of a bridge with a single port, it can even use a more efficient bridge mode (fast forward) and I have not detected any performance impact of this change.
However, it makes me a lot more flexible. The type of router (CCR1009-8G-1S-1S+) is no longer available, and when it should die I can get another router with different physical port numbers or layout and I can quickly adapt the configuration to the new situation.
I can also keep a synchronized configuration for for a CHR instance which I can use to quickly recover from hardware issues, which is connected to the network via some tagged VLANs instead of direct connections. Easy to make a "router on a stick" with VLANs and keep the whole configuration the same except for the bridge ports.
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Fri Aug 06, 2021 2:51 pm

The issue isn't which port is designated as LAN or WAN or Mommy. The REAL issue is the RouterOS making dynamic changes without notice.
I'd honestly be fine with dynamic changes if they were helpful and saved me from myself but not providing ANY notice or failing to update the viewers configuration (CLI, GUI, Web etc.) is IMHO ..... reckless.
It's amazing how many engineers think they understand networking when all they did was physically connect a cable and "plug and play" did everything for them. Amazing.
 
fsebera
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Thu Jun 03, 2021 6:19 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Fri Aug 06, 2021 3:02 pm

Hey pe1chl

Thanks for providing helpful and useful information. Your flexible environment is what I am attempting to setup. I'm new to MikroTik but years with Cisco and Juniper. In my role I am REQUIRED to understand the ins and outs of technology no mater the vendor; much of my day is spent in RFCs, Tech manuals and Wireshark analysis. Some vendors do a good job with technology and some just don't. Thanks for sharing.
Frank
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: WHY RouterOS insists on making ether1 a WAN port

Fri Aug 06, 2021 3:39 pm

The issue isn't which port is designated as LAN or WAN or Mommy. The REAL issue is the RouterOS making dynamic changes without notice.
But that is not really happening! You may feel that it is, but then it is probably caused by you misunderstanding things, or maybe you have put the router on internet without firewall and without password, so you have invited a fellow admin who is changing things.

There are a few things that may confuse you:
- RouterOS tends to add a DHCP client on the first interface when you have not configured any IP address in a completely reset router (without default config). It will stop doing that when you have configured an IP address somewhere.
- There is a QuickSet feature that changes a lot of things. You should not use it except to quickly set a router for a standard operation mode (e.g. NAT router). You should NEVER touch it after doing other configuration. MikroTik has been requested MANY MANY times to make a feature available to remove or at least disable the quickset, but unfortunately they refuse to do so.
- There are some features to help the clueless, like "Detect Internet", but they are disabled by default. Do not enable such things unless you know what you are doing.

Who is online

Users browsing this forum: ccrsxx, GoogleOther [Bot] and 42 guests