Community discussions

MikroTik App
 
a13antichrist
just joined
Topic Author
Posts: 17
Joined: Fri Dec 25, 2020 9:21 pm

Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 3:45 am

Hi friends,

Have set up a LUN & target on my QNAP but Windows refuses to connect - says always 'Connection failed' no matter what I try.
My SwOS is a CRS326 and I have enabled the iSCSI topic in System->Log, set to 'memory'. So far haven't seen any log come up in it though.
QNAP log also hasn't reported any connection, failed or otherwise.
However Windows FW is open and configured to allow iSCSI service outbound so I'm unsure exactly where to look now for the issue.

Am using dedicated NICs on isolated, non-routed VLAN on the Mikrotik on xg1/xg2 and can pass SMB plus non-fragmented jumbo-frame ping between the Windows host and QNAP - so the link itself is up and alive, that much I'm sure of.
What can I run/configure/verify on the CRS to be -sure- there's no complication from the SwOS side? It does --seem-- like nothing even leaves the Windows OS to start with but I can't see where that is happening so want to rule out the SwOS too.
NICs are Intel X520-DA1 Windows-side and Mellanox mcx312a QNAP-side, if that helps anything. Any help appreciated... :thumbsup:
 
mkx
Forum Guru
Forum Guru
Posts: 6558
Joined: Thu Mar 03, 2016 10:23 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 11:07 am

iSCSI uses TCP for transport. Which means iSCSI initiator (client) has to be able to connect to iSCSI target (server) via IP. Typically both devices use usual IP routing information.

QNAP only supports using TCP port number 3260 so verify that iSCSI initiator (windows) uses that port as destination port.
BR,
Metod
 
a13antichrist
just joined
Topic Author
Posts: 17
Joined: Fri Dec 25, 2020 9:21 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 1:58 pm

Well yes, as I mentioned I can reach the host over ICMP.

However I did find that for some reason IPv4 is entirely blocked on this adapter from the Windows host. 'Get-NetConnectionProfile' shows 'NoTraffic' for IPv4 on that NIC. I was able to connect the iSCSI target using ipv6 finally. (Realised previously I had used the wrong auto-configuration address for ipv6 in the target discovery.)

So now the question is: is it possible that the CRS is responsible for the host showing 'IPV4 NoTraffic'? I'm happy enough to use IPv6 here so it's not the end of the world but would like to nail out this bug nevertheless obviously...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5702
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 2:08 pm

My SwOS is a CRS326 and I have enabled the iSCSI topic in System->Log, set to 'memory'. So far haven't seen any log come up in it though.

SwOS do not have any firewall inside, or I'm wrong?

ONE MOMENT... iscsi log INSIDE SwOS???
SwOS do not log any iSCSI traffic...
The log facility is generic for all RouterOS devices, not for iSCSI traffic pass over the switch chip...

You can find also gps on list, but the CRS do not have any GPS inside...
 
a13antichrist
just joined
Topic Author
Posts: 17
Joined: Fri Dec 25, 2020 9:21 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 2:41 pm

Ohhhh sorry. I'm not using SwOS.. It's RouterOS heh. My bad... was just using that as shorthand for the switch config as opposed to the external hosts..
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5702
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 2:51 pm

Is the same, you can not log iSCSI traffic on RouterOS log facility.
 
mkx
Forum Guru
Forum Guru
Posts: 6558
Joined: Thu Mar 03, 2016 10:23 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 2:59 pm

It's RouterOS heh.

So you can post full config (run /export hide-sensitive from terminal window and copy-paste output into [code] [/code] environment) for review.
BR,
Metod
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5702
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 3:02 pm

@mkx, I suggest you to add also:
NEVER POST ON FORUM until you have open the file and censored (not deleted) all sensible parts.

Because hide-sensitive do not hide all the sensitive data...
Public IP, e-mail, IPsec passwords, for example, are not removed...
 
mkx
Forum Guru
Forum Guru
Posts: 6558
Joined: Thu Mar 03, 2016 10:23 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 3:08 pm

I was thinking of adding the "redact remaining sensitive data" sentence but then decided not to ... I assumed there wouldn't be much of sensitive data when device is configured as switch.
BR,
Metod
 
mkx
Forum Guru
Forum Guru
Posts: 6558
Joined: Thu Mar 03, 2016 10:23 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 3:09 pm

@OP: since we're now talking about RouterOS problem, start a new thread in appropriate subforum (e.g. Beginner Basics).
BR,
Metod
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5702
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 3:10 pm

eheh... true... but every time the exports always have some surprises, like a script that sends e-mails with mail, password and server written inside...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5702
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Mon Sep 13, 2021 3:11 pm

I ask a moderator to move the topic, better than start new, not?
 
a13antichrist
just joined
Topic Author
Posts: 17
Joined: Fri Dec 25, 2020 9:21 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Wed Sep 15, 2021 2:18 am

I ask a moderator to move the topic, better than start new, not?
Yes, please. Actually quite surprised to see it in the SwOS topic.. must have been having a brain-freeze.
  
[myfoot@Swikros] > /export hide-sensitive 
# sep/15/2021 01:09:55 by RouterOS 6.45.9
# software id = 3CUT-9K2L
#
# model = CRS326-24G-2S+
# serial number = ************
/interface bridge
add admin-mac=48:8F:5A:91:4E:D8 auto-mac=no comment=HomeLocal \
    ingress-filtering=yes name=br01-Core vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=10218 mtu=10218 name=gi1
set [ find default-name=ether2 ] l2mtu=10218 mac-address=48:8F:5A:91:4E:D8 \
    mtu=10218 name=gi2
set [ find default-name=ether3 ] l2mtu=10218 mtu=10218 name=gi3
set [ find default-name=ether4 ] l2mtu=10218 mtu=10218 name=gi4
set [ find default-name=ether5 ] l2mtu=10218 mtu=10218 name=gi5
set [ find default-name=ether6 ] l2mtu=10218 mtu=10218 name=gi6
set [ find default-name=ether7 ] l2mtu=10218 mtu=10218 name=gi7
set [ find default-name=ether8 ] l2mtu=10218 mtu=10218 name=gi8
set [ find default-name=ether9 ] l2mtu=10218 mtu=10218 name=gi9
set [ find default-name=ether10 ] l2mtu=10218 mtu=10218 name=gi10
set [ find default-name=ether11 ] l2mtu=10218 mac-address=48:8F:5A:91:4E:E3 \
    mtu=10218 name=gi11
set [ find default-name=ether12 ] l2mtu=10218 mtu=10218 name=gi12
set [ find default-name=ether13 ] l2mtu=10218 mtu=10218 name=gi13
set [ find default-name=ether14 ] l2mtu=10218 mtu=10218 name=gi14
set [ find default-name=ether15 ] l2mtu=10218 mtu=10218 name=gi15
set [ find default-name=ether16 ] l2mtu=10218 mtu=10218 name=gi16
set [ find default-name=ether17 ] l2mtu=10218 mtu=10218 name=gi17
set [ find default-name=ether18 ] l2mtu=10218 mtu=10218 name=gi18
set [ find default-name=ether19 ] l2mtu=10218 mtu=10218 name=gi19
set [ find default-name=ether20 ] l2mtu=10218 mtu=10218 name=gi20
set [ find default-name=ether21 ] l2mtu=10218 mtu=10218 name=gi21
set [ find default-name=ether22 ] l2mtu=10218 mtu=10218 name=gi22
set [ find default-name=ether23 ] l2mtu=10218 mtu=10218 name=gi23
set [ find default-name=ether24 ] l2mtu=10218 mac-address=48:8F:5A:91:4E:EE \
    mtu=10218 name=gi24
set [ find default-name=sfp-sfpplus1 ] l2mtu=10218 mtu=10218 name=xg1
set [ find default-name=sfp-sfpplus2 ] l2mtu=10218 mtu=10218 name=xg2
/interface vlan
add interface=br01-Core name=VL10-InsideRouting vlan-id=10
add interface=br01-Core mtu=10214 name=VL13-Home vlan-id=13
add interface=br01-Core mtu=10214 name=VL22-Secure vlan-id=22
add interface=br01-Core mtu=10214 name=VL25-Smart vlan-id=25
add interface=br01-Core mtu=10214 name=VL77-CoreLocal vlan-id=77
add interface=br01-Core mtu=10214 name=VL99-Mgmt vlan-id=99
add interface=br01-Core mtu=10214 name=VL200-Spare vlan-id=200
add interface=br01-Core mtu=10214 name=VL202-iSCSI vlan-id=202
/interface bonding
add mode=802.3ad mtu=10218 name=bo01-CoreUplink slaves=gi1,gi2
add mode=802.3ad mtu=10218 name=bo02-Trunk slaves=gi23,gi24
add mode=802.3ad mtu=10218 name=bo10-Brontos slaves=gi12,gi11
/interface list
add name=WAN
add name=LAN
add name=VPNtraffic
add name=VPNexcluded
add name=Private
add name=routed
add name=Management
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.13.20-192.168.13.199
add name=dhcp_pool1 ranges=172.22.22.40-172.22.22.199
add name=dhcp_pool2 ranges=172.25.25.40-172.25.25.199
add name=dhcp_pool3 ranges=192.168.99.100-192.168.99.120
add name=dhcp_pool4 ranges=192.168.200.50-192.168.200.200
add name=dhcp_pool5 ranges=10.202.202.20-10.202.202.219
/ip dhcp-server
add address-pool=dhcp_pool0 interface=VL13-Home lease-time=1d name=dhcp-VL13
add address-pool=dhcp_pool1 disabled=no interface=VL22-Secure lease-time=1d \
    name=dhcp-VL22
add address-pool=dhcp_pool2 disabled=no interface=VL25-Smart lease-time=1d \
    name=dhcp-VL25
add address-pool=dhcp_pool3 disabled=no interface=VL99-Mgmt lease-time=30m \
    name=dhcp-VL99
add address-pool=dhcp_pool4 disabled=no interface=VL200-Spare name=\
    dhcp-VL200
add address-pool=dhcp_pool5 disabled=no interface=VL202-iSCSI lease-time=1d \
    name=dhcp-VL202
/interface bridge port
add bridge=br01-Core comment=VL99-Mgmt interface=gi3 pvid=99
add bridge=br01-Core comment="static mgmt - VL99-Mgmt" frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi18 pvid=13
add bridge=br01-Core comment=Alloce-10Gbe frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    xg1 pvid=202
add bridge=br01-Core comment=Brontos-10Gbe frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    xg2 pvid=202
add bridge=br01-Core comment=TrunkUplink-1Gbe-LACP frame-types=\
    admit-only-vlan-tagged interface=bo02-Trunk
add bridge=br01-Core comment=Brontos-1Gbe-LACP frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    bo10-Brontos pvid=13
add bridge=br01-Core comment=VL10-WAN frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi4 pvid=10
add bridge=br01-Core comment=VL13-Home frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi5 pvid=13
add bridge=br01-Core comment=VL13-Home frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi6 pvid=13
add bridge=br01-Core comment=VL13-CabletoDesk frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi7 pvid=13
add bridge=br01-Core comment=VL13-Home frame-types=\
    admit-only-untagged-and-priority-tagged interface=gi8 pvid=13
add bridge=br01-Core comment=VL13-Home frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi9 pvid=13
add bridge=br01-Core comment=VL13-Home frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi10 pvid=13
add bridge=br01-Core comment=VL13-Home interface=gi14 pvid=13
add bridge=br01-Core comment=VL25-Smart-Dlink interface=gi15 pvid=25
add bridge=br01-Core comment=VL77-CoreLocal frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi16 pvid=77
add bridge=br01-Core comment=VL22-Secure frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi17 pvid=22
add bridge=br01-Core comment=VL13-Home frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi19 internal-path-cost=8 path-cost=8 priority=0x60 pvid=13
add bridge=br01-Core comment=VL13-Home frame-types=\
    admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
    gi20 priority=0x70 pvid=13
add bridge=br01-Core comment=TrunkUplink ingress-filtering=yes interface=\
    gi21 priority=0x70 pvid=13
add bridge=br01-Core comment=TrunkUplink frame-types=admit-only-vlan-tagged \
    ingress-filtering=yes interface=gi22 priority=0x70
add bridge=br01-Core comment=Trunk-WANUplink frame-types=\
    admit-only-vlan-tagged ingress-filtering=yes interface=bo01-CoreUplink \
    internal-path-cost=5 path-cost=5 priority=0x20
add bridge=br01-Core comment=VL13-Home frame-types=\
    admit-only-untagged-and-priority-tagged interface=gi13 pvid=13
/interface bridge vlan
add bridge=br01-Core tagged=bo02-Trunk,bo01-CoreUplink,br01-Core,gi19 \
    untagged=gi3 vlan-ids=99
add bridge=br01-Core tagged=\
    bo02-Trunk,br01-Core,bo01-CoreUplink,bo10-Brontos untagged=gi5,gi6 \
    vlan-ids=10
add bridge=br01-Core tagged=bo02-Trunk,bo01-CoreUplink,br01-Core,gi21,gi22 \
    untagged=\
    gi3,gi9,gi10,gi11,gi12,gi13,gi14,gi15,gi16,gi17,gi19,gi20,bo10-Brontos \
    vlan-ids=13
add bridge=br01-Core tagged=\
    bo02-Trunk,bo01-CoreUplink,br01-Core,gi19,gi20,gi21,gi22 vlan-ids=22
add bridge=br01-Core tagged=\
    bo02-Trunk,br01-Core,bo01-CoreUplink,gi19,gi20,gi21,gi22 vlan-ids=25
add bridge=br01-Core tagged=br01-Core,bo01-CoreUplink,gi19,gi20,gi21,gi22 \
    vlan-ids=200
add bridge=br01-Core tagged=br01-Core,bo01-CoreUplink,gi21,gi22 vlan-ids=77
add bridge=br01-Core untagged=gi7,gi8 vlan-ids=222
add bridge=br01-Core tagged=br01-Core untagged=xg1,xg2 vlan-ids=202
/interface list member
add interface=VL13-Home list=LAN
add interface=VL22-Secure list=LAN
add interface=VL10-InsideRouting list=WAN
add interface=VL99-Mgmt list=LAN
add interface=VL25-Smart list=LAN
add interface=br01-Core list=LAN
add interface=VL22-Secure list=VPNexcluded
add interface=VL10-InsideRouting list=VPNexcluded
add interface=VL13-Home list=VPNtraffic
add interface=VL200-Spare list=VPNtraffic
add interface=VL13-Home list=routed
add interface=VL22-Secure list=routed
add interface=VL25-Smart list=routed
add interface=VL77-CoreLocal list=LAN
add interface=VL99-Mgmt list=Management
/ip address
add address=192.168.200.5/24 interface=VL200-Spare network=192.168.200.0
add address=192.168.13.5/24 interface=VL13-Home network=192.168.13.0
add address=172.22.22.5/24 interface=VL22-Secure network=172.22.22.0
add address=172.25.25.5/24 interface=VL25-Smart network=172.25.25.0
add address=192.168.99.5/24 interface=VL99-Mgmt network=192.168.99.0
add address=192.168.178.5/24 interface=VL10-InsideRouting network=\
    192.168.178.0
add address=10.202.202.5/24 comment=VL202-iSCSI interface=VL202-iSCSI \
    network=10.202.202.0
/ip dhcp-client
add default-route-distance=2 dhcp-options=clientid_duid,hostname interface=\
    VL10-InsideRouting use-peer-dns=no
/ip dhcp-server lease
add address=10.202.202.200 client-id=1:0:2:c9:ea:80:f1 mac-address=\
    00:02:C9:EA:80:F1 server=dhcp-VL202
add address=10.202.202.199 client-id=1:9c:69:b4:61:b6:59 mac-address=\
    9C:69:B4:61:B6:59 server=dhcp-VL202
/ip dhcp-server network
add address=10.202.202.0/24 dns-none=yes gateway=10.202.202.1
add address=172.22.22.0/24 dns-none=yes gateway=172.22.22.1
add address=172.25.25.0/24 dns-server=94.140.14.14,94.140.15.15 gateway=\
    172.25.25.1
add address=192.168.13.0/24 gateway=192.168.13.1
add address=192.168.99.0/24 dns-server=192.168.99.1
add address=192.168.200.0/24 gateway=192.168.200.1
/ip dns
set servers=94.140.14.14,94.140.15.15,2a10:50c0::ad1:ff,2a10:50c0::ad2:ff
/ip route
add distance=1 gateway=192.168.178.1
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=Swikros
/system logging
add topics=iscsi
/system routerboard settings
set boot-os=router-os
[myfoot@Swikros] > 
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5702
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Wed Sep 15, 2021 2:29 am

Too complex,
I just notice this:

is wanted this .99.x without provide a gateway?
/ip dhcp-server network
add address=192.168.99.0/24 dns-server=192.168.99.1

paste this on terminal
/system logging
remove [find where topics=iscsi]
 
a13antichrist
just joined
Topic Author
Posts: 17
Joined: Fri Dec 25, 2020 9:21 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Thu Sep 16, 2021 10:16 pm

is wanted this .99.x without provide a gateway?
/ip dhcp-server network
add address=192.168.99.0/24 dns-server=192.168.99.1


Yes, it's the management network, doens't need a gateway.
Yo, you think that's complex? You should see what I had to do to get my DDWRT & OpenWRT boxes to pipe multiple Wifi SSIDs each over unique VLANs which are trunked to the Uplink ports you can see.


[myfoot@Swikros] > /system logging
[myfoot@Swikros] /system logging> remove [find where topics=iscsi]
[myfoot@Swikros] /system logging> 

It's in System -> Logging -> Rules: Added iscsi : memory.

/system logging
add topics=iscsi
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 5702
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Thu Sep 16, 2021 10:22 pm

I do not understand if you have understanded or not that you can not log iSCSI traffic passing through RouterBOARD,
but this is only for log iSCSI traffic on RouterOS installed on x86 (also x86_64) machine than phisically have iSCSI...
 
a13antichrist
just joined
Topic Author
Posts: 17
Joined: Fri Dec 25, 2020 9:21 pm

Re: Configuration needed to pass iSCSI? Windows says 'connection failed'

Thu Sep 16, 2021 11:11 pm

I do not understand if you have understanded or not that you can not log iSCSI traffic passing through RouterBOARD,
but this is only for log iSCSI traffic on RouterOS installed on x86 (also x86_64) machine than phisically have iSCSI...
Ok.. so what? I get it. It's not hurting anything though is it? So that's irrelevant..

Who is online

Users browsing this forum: No registered users and 19 guests