Community discussions

MikroTik App
 
User avatar
cybernet
newbie
Topic Author
Posts: 25
Joined: Wed Jan 23, 2008 6:48 pm
Location: Jakarta, Indonesia

ROS > 4.5 bug? Cannot Access IP management

Sun Jul 25, 2010 11:33 pm

Hi All,
I have a problem with ROS4.5-ROS4.10, ip management device can not be accessed via the management VLAN. The device has two vlans (one management, one data) and has a ip address for each VLAN. Management VLAN static ip address (10.10.10.x/24). PPPoE (dynamic IP) in the data VLAN.

The problem is when the "ip route print":
# DST-ADDRESS GATEWAY Distance pref-SRC
1 S 10.0.0.0/8 10.10.10.1 1
"Gateway 10.10.10.1 not ACTIVE",
because network 10.10.10.0/24 does not appear on the ip route list.

To enable ip management, I delete ip management and then make it again, but when the system reboot, it's can not be accessed again. Before ROS4.5-ROS4.10 no problem (ROS 2.9.x, 3.x, 4.x-4.4 OK).

We downgrade ROS4.5 devices to the older version, of course, is inefficient/risky and have difficulty if the device has been installed at the customer. Is there a solution to this problem? :? :? :? :?

Configuration:
WLAN: mode=station-WDS, wds-mode=dynamic default-bridge = bridge1

BRIDGE: name="bridge1" protocol-mode=none
BRIDGE PORT: interface=wlan1 bridge=bridge1

VLAN:
VLAN-DATA: vlan-id=241 name=vlan-data interface=bridge1
VLAN-MANAGEMENT: vlan-id = 220 name=vlan-mgmt interface=bridge1

IP ADDRESS:
IP Management: address=10.10.10.29/24 interface=vlan-mgmt
IP Ether1: address=192.168.1.1/24 interface=ether1

IP ROUTE
GATEWAY: dst-address=10.0.0.0/8 gateway=10.10.10.1

PPPoE Client
Dial: name="pppoe-out1" interface=vlan-data user="xxxx" password="xxxx" add-default-route=yes use-peer-dns=yes

NAT firewall
NAT: chain=srcnat action=masquerade src-address=192.168.1.0/24 interface-out=pppoe-out1
 
xxiii
Member Candidate
Member Candidate
Posts: 230
Joined: Wed May 31, 2006 12:55 am

Re: ROS > 4.5 bug? Cannot Access IP management

Mon Jul 26, 2010 11:28 pm

What are the states of the vlan interfaces and the ip addresses when its not working? does anything show invalid (have an i in the leftmost column in winbox, or possibly be colored red)?

What about the bridge?

Can you ping the 10.10.10.29 address from the routerboard itself?
 
User avatar
cybernet
newbie
Topic Author
Posts: 25
Joined: Wed Jan 23, 2008 6:48 pm
Location: Jakarta, Indonesia

Re: ROS > 4.5 bug? Cannot Access IP management

Tue Jul 27, 2010 3:19 am

Hi xxiii,

"VLAN-data" and "VLAN-MGMT" are running (R) at the interface = bridge1

There are no invalid or disabled status at the IP address, there are three IP address (192.168.1.1/24 at the interface = ether1, 10.10.10.29/24 at the interface = "VLAN-MGMT" and an IP address dynamically (D) at the interface = pppoe -out1)

Bridge1 status is Running.

yes, I can ping the 10.10.10.29 address from the routerboard itself.
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: ROS > 4.5 bug? Cannot Access IP management

Tue Jul 27, 2010 3:44 am

Can you please post the exact output of "/interface export", "/interface print", "/ip address export" and "/ip route print"?
 
User avatar
cybernet
newbie
Topic Author
Posts: 25
Joined: Wed Jan 23, 2008 6:48 pm
Location: Jakarta, Indonesia

Re: ROS > 4.5 bug? Cannot Access IP management

Tue Jul 27, 2010 2:24 pm

Hi fewi,
(sorry some of the contents are edited for confidentiality)
==========================
/interface export
# jan/03/1970 06:34:43 by RouterOS 4.10
# software id = ELRV-XXXX
#
/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=2290 max-message-age=20s \
mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes comment="" disabled=no full-duplex=yes \
l2mtu=1526 mac-address=00:0C:42:13:E5:56 mtu=1500 name=ether1 speed=\
100Mbps
/interface vlan
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=2286 mtu=1500 \
name=vlan-mgmt use-service-tag=no vlan-id=220
add arp=enabled comment="" disabled=no interface=bridge1 l2mtu=2286 mtu=1500 \
name=vlan-data use-service-tag=no vlan-id=241
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=\
"" dial-on-demand=no disabled=no interface=vlan-data max-mru=1480 max-mtu=\
1480 mrru=disabled name=pppoe-out1 password=xxxxx profile=default \
service-name="" use-peer-dns=yes user=xxxxx
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
group-key-update=5m interim-update=0s management-protection=disabled \
management-protection-key="" mode=none name=default \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
wpa2-pre-shared-key=""
/interface wireless
set 0 ack-timeout=dynamic adaptive-noise-immunity=none allow-sharedkey=no \
antenna-gain=0 antenna-mode=ant-a area="" arp=enabled band=5ghz \
basic-rates-a/g=6Mbps basic-rates-b=1Mbps burst-time=disabled comment="" \
compression=no country=no_country_set default-ap-tx-limit=0 \
default-authentication=yes default-client-tx-limit=0 default-forwarding=\
yes dfs-mode=none disable-running-check=no disabled=no \
disconnect-timeout=3s frame-lifetime=0 frequency=5100 frequency-mode=\
superchannel frequency-offset=0 hide-ssid=no hw-fragmentation-threshold=\
disabled hw-protection-mode=none hw-protection-threshold=0 hw-retries=4 \
l2mtu=2290 mac-address=00:80:48:7F:F2:92 max-station-count=2007 mode=\
station-wds mtu=1500 name=wlan1 noise-floor-threshold=default \
on-fail-retry-time=100ms periodic-calibration=default \
periodic-calibration-interval=60 preamble-mode=both \
proprietary-extensions=post-2.9.25 radio-name=CPE100 rate-set=\
configured scan-list=5100-5500 security-profile=default ssid=LOG1 \
station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=\
6Mbps,9Mbps supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=\
default update-stats-interval=disabled wds-cost-range=50-150 \
wds-default-bridge=bridge1 wds-default-cost=100 wds-ignore-ssid=no \
wds-mode=dynamic wmm-support=disabled
/interface wireless nstreme
set wlan1 comment="" disable-csma=no enable-nstreme=yes enable-polling=yes \
framer-limit=3200 framer-policy=none
/interface wireless manual-tx-power-table
set wlan1 comment="" manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,\
6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps\
:17,HT20-0:0,HT20-1:0,HT20-2:0,HT20-3:0,HT20-4:0,HT20-5:0,HT20-6:0,HT20-7:\
0,HT40-0:0,HT40-1:0,HT40-2:0,HT40-3:0,HT40-4:0,HT40-5:0,HT40-6:0,HT40-7:0"
/interface bridge port
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=wlan1 path-cost=10 point-to-point=auto priority=\
0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:FD:89:4C:C3:9F \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no

==========================
/interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU
0 R ether1 ether 1500 1526
1 R wlan1 wlan 1500 2290
2 R bridge1 bridge 1500 2290
3 R vlan-data vlan 1500 2286
4 R vlan-mgmt vlan 1500 2286
5 R pppoe-out1 pppoe-out 1480

========================
/ip add export
# jan/03/1970 06:46:44 by RouterOS 4.10
# software id = ELRV-XXXX
#
/ip address
add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no interface=ether1 network=192.168.1.0
add address=10.10.10.29/24 broadcast=10.10.10.255 comment="" disabled=no interface=vlan-mgmt network=10.10.10.0

========================
/ip rou pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 202.xxx.xxx.xxx 1
1 S 10.0.0.0/8 10.10.10.1 1
2 ADC 192.168.1.0/24 192.168.1.1 ether1 0
3 ADC 202.xxx.xxx.xxx/32 202.xxx.xxx.xxx pppoe-out1 0
 
xxiii
Member Candidate
Member Candidate
Posts: 230
Joined: Wed May 31, 2006 12:55 am

Re: ROS > 4.5 bug? Cannot Access IP management

Thu Jul 29, 2010 7:34 pm

Can you try assigning an administrative mac address to bridge1, and see what happens (particularly if DAC entry(s) appears for your vlans in /ip route)
 
User avatar
cybernet
newbie
Topic Author
Posts: 25
Joined: Wed Jan 23, 2008 6:48 pm
Location: Jakarta, Indonesia

Re: ROS > 4.5 bug? Cannot Access IP management

Sun Aug 01, 2010 7:04 pm

Hi xxiii,
The result is still the same.
===========================================
/in br export
# jan/02/1970 07:01:37 by RouterOS 4.11
# software id = ELRV-XXXX
#
/interface bridge
add admin-mac=00:80:48:7F:F2:9F ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=2290 max-message-age=20s \
mtu=1500 name=bridge1 priority=0x8000 protocol-mode=none \
transmit-hold-count=6
/interface bridge port
add bridge=bridge1 comment="" disabled=no edge=auto external-fdb=auto \
horizon=none interface=wlan1 path-cost=10 point-to-point=auto priority=\
0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
==========================================
/in br pr
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 l2mtu=2290 arp=enabled
mac-address=00:80:48:7F:F2:92 protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:80:48:7F:F2:9F max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m
==========================================
/ip rou pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 202.xxx.xxx.xxx 1
1 S 10.0.0.0/8 10.10.10.1 1
2 ADC 192.168.1.0/24 192.168.1.1 ether1 0
3 ADC 202.xxx.xxx.xxx/32 202.xxx.xxx.xxx pppoe-out1 0
 
User avatar
cybernet
newbie
Topic Author
Posts: 25
Joined: Wed Jan 23, 2008 6:48 pm
Location: Jakarta, Indonesia

Re: ROS > 4.5 bug? Cannot Access IP management

Mon Aug 02, 2010 5:21 am

if anything to do with

What's new in 4.5:

*) IPSec - added Blowfish, Twofish, and camellia encryption algorithms;
*) Fixed removing static route;
*) Fixed compatibility with DHCP client Some DHCP servers;
*) Added static route support multi-cast;
*) Fixed RB800 and temperature monitors on RB450G;
*) User manager - payment bug fix - Able to buy now
without extending credits specified price;

since ROS4.5 associated with default routing problems.
 
User avatar
cybernet
newbie
Topic Author
Posts: 25
Joined: Wed Jan 23, 2008 6:48 pm
Location: Jakarta, Indonesia

Re: ROS > 4.5 bug? Cannot Access IP management

Fri Aug 20, 2010 4:35 am

Hi All,
I searched on the wiki, I get this article. :)
http://wiki.mikrotik.com/wiki/Manual:Us ... attributes
But after I try is not successful. :?

Who is online

Users browsing this forum: No registered users and 8 guests