Community discussions

MUM Europe 2020
 
borisbahes
just joined
Topic Author
Posts: 9
Joined: Sat Nov 19, 2016 1:39 pm

gateway mac 00:00:00:00:00:00 - hEX r3

Thu Nov 24, 2016 12:39 pm

HI!

Here is "diagram" of network I'm trying to setup.

EDIT1: hEX is on SITE2 to create separate subnet 192.168.126.0/24 that has to access subnet 192.168.125.0/24 on SITE1.
mikrotik_0.PNG
The only problem is that hEX does not get correct mac address for gateway when on SITE2:
mikrotik_1.PNG
However, when I connect hEX directly to Cyberoam on SITE1 it get's gateway mac address:
mikrotik_4.PNG
MikroTik support suggested I add 192.168.88.0/24 subnet to route list on hEX which I am about to test I hope on Saturday.
But until that I wonder, does anyone have any suggestions based on configurations:

hEX config:

# nov/24/2016 11:25:12 by RouterOS 6.37.2
# software id = 5I3U-8A48
#
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool1 ranges=192.168.127.100-192.168.127.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=10h name=\
dhcp1
/ip address
add address=192.168.0.10/29 interface=ether1 network=192.168.0.8
add address=192.168.127.1/24 interface=ether2 network=192.168.127.0
/ip dhcp-server network
add address=192.168.127.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.127.1 \
wins-server=192.168.125.253
/ip route
add distance=1 gateway=192.168.0.9
add distance=1 dst-address=192.168.125.0/24 gateway=192.168.0.9
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name="MT_15 (192.168.127.0)"
/system routerboard settings
set memory-frequency=1200DDR protected-routerboot=disabled


Dynadish #1 config

# nov/24/2016 11:24:00 by RouterOS 6.37.1
# software id = FHAA-G9IS
#
/interface bridge
add mtu=1500 name=bridge1
/interface pptp-client
add connect-to=78.1.53.197 disabled=no name=pptp-out1 password=BLANK user=Multinorm1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity="" wpa-pre-shared-key=BLANK wpa2-pre-shared-key=BLANK
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyac channel-width=20/40/80mhz-Ceee disabled=no frequency=5070 frequency-mode=superchannel mode=bridge nv2-cell-radius=15 radio-name=U1-Cerna scan-list=default,5000-6000 security-profile=profile1 ssid=\
OT_LNK_MULTINORM1 tdma-period-size=auto wireless-protocol=nv2 wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.88.6/24 interface=bridge1 network=192.168.88.0
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip route
add distance=1 gateway=192.168.88.254
/ip smb
set allow-guests=no
/ip upnp
set show-dummy-rule=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=M_10-U1_Cerna
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=161.53.30.104 secondary-ntp=161.53.30.170
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/system scheduler
add interval=1m name=DynVPN on-event=":local clientname \"pptp-out1\"\r\
\n:local servername \"BLANK\"\r\
\n:local servernewadd [:resolve \$servername]\r\
\n:local serveraddress [/interface pptp-client get \$clientname connect-to]\r\
\n\r\
\n:if (\$serveraddress != \$servernewadd) do={\r\
\n /interface pptp-client set [find name=\$clientname] connect-to=\$servernewadd\r\
\n :log info ( \"VPN: Server address changed to \" . \$servernewadd )\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/01/1970 start-time=00:00:00
/tool romon
set enabled=yes


Dynadish #2 config

# nov/24/2016 11:26:40 by RouterOS 6.37.1
# software id = VM96-4LJ1
#
/interface bridge
add mtu=1500 name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity="" wpa-pre-shared-key=BLANK
wpa2-pre-shared-key=BLANK
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no frequency=5075 frequency-mode=superchannel mode=station-bridge nv2-cell-radius=15 radio-name=U2-Silos_Zupanja_Cerna scan-list=default,5000-5200 \
security-profile=profile1 ssid=OT_LNK_MULTINORM1 tdma-period-size=auto wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.88.7/24 interface=bridge1 network=192.168.88.0
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip route
add distance=1 gateway=192.168.88.254
/ip smb
set allow-guests=no
/ip upnp
set show-dummy-rule=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=M_11-U2_Silos_Zupanja_Cerna
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=161.53.30.104 secondary-ntp=161.53.30.170
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool romon
set enabled=yes


Dynadish #3 config

# nov/24/2016 11:28:54 by RouterOS 6.37.1
# software id = DYKV-FRPB
#
/interface bridge
add mtu=1500 name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity="" wpa-pre-shared-key=BLANK
wpa2-pre-shared-key=BLANK
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-onlyac channel-width=20/40/80mhz-Ceee disabled=no frequency=5765 frequency-mode=superchannel mode=bridge nv2-cell-radius=10 radio-name=U1-Silos_Zupanja_Montaza scan-list=default,5600-5800 security-profile=\
profile1 ssid=OT_LNK_MULTINORM2 tdma-period-size=auto tx-power=23 tx-power-mode=all-rates-fixed wireless-protocol=nv2 wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.88.8/24 interface=bridge1 network=192.168.88.0
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip route
add distance=1 gateway=192.168.88.254
/ip smb
set allow-guests=no
/ip upnp
set show-dummy-rule=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=M_12-U3_Silos_Zupanja_Montaza
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=161.53.30.104 secondary-ntp=161.53.30.170
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool romon
set enabled=yes


Dynadish #4 config

# nov/23/2016 17:25:59 by RouterOS 6.37.1
# software id = S109-T6QV
#
/interface bridge
add mtu=1500 name=bridge1
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=profile1 supplicant-identity="" wpa-pre-shared-key=BLANK
wpa2-pre-shared-key=BLANK
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no frequency=5765 frequency-mode=superchannel mode=station-bridge nv2-cell-radius=10 radio-name=U1-Silos_Zupanja_Montaza scan-list=default,5600-5800 \
security-profile=profile1 ssid=OT_LNK_MULTINORM2 tdma-period-size=auto tx-power=23 tx-power-mode=all-rates-fixed wps-mode=disabled
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=wlan1
/ip address
add address=192.168.88.9/24 interface=bridge1 network=192.168.88.0
/ip dns
set allow-remote-requests=yes servers=192.168.88.254
/ip route
add distance=1 gateway=192.168.88.254
/ip smb
set allow-guests=no
/ip upnp
set show-dummy-rule=no
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=M_13-U4_Zupanja_Montaza
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=161.53.30.104 secondary-ntp=161.53.30.170
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool romon
set enabled=yes


Thanks!
You do not have the required permissions to view the files attached to this post.
 
killersoft
Member Candidate
Member Candidate
Posts: 135
Joined: Mon Apr 11, 2011 2:34 pm
Location: Victoria, Australia
Contact:

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Fri Nov 25, 2016 12:54 am

Not sure, I see your running ap-bride / bridge, which seems right..
Perhaps run a tunnel protocol between end points ?
MTCNA
MIT, BIT,CERT IV Electronics.
ITIL
 
borisbahes
just joined
Topic Author
Posts: 9
Joined: Sat Nov 19, 2016 1:39 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Fri Nov 25, 2016 8:18 am

Not sure, I see your running ap-bride / bridge, which seems right..
Perhaps run a tunnel protocol between end points ?
I could do that, but this is problem I'd like to solve. It should work without any problem. When I connect hEX with LAN cable directly to Cyberoam it works as designed.
One more note, on Cyberoam Neighbor Cache (ARP table) I see type Incomplete for hEX IP address if connected via Dynadish.
Some forums suggest patch cable could be problem. However If I leave Dynadish on SITE1 connected to Cyberoam port and connect Dynadish on SITE2 to switch I get full access to SITE1 subnet.
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Fri Nov 25, 2016 10:32 am

You can trace the problem by checking bridge hosts (equivalent of Cisco show mac-address-table) on each wireless device on the path and isolate the faulty connection. You are probably right that cabling on either of 3 places on the path is the problem.
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Fri Nov 25, 2016 10:38 am

Another way of checking the connection is adding IP address from the same subnet as Cyberoam on each wireless device, and pinging it, it will probably be easier than dealing with layer 2 tables.
 
borisbahes
just joined
Topic Author
Posts: 9
Joined: Sat Nov 19, 2016 1:39 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Fri Nov 25, 2016 12:54 pm

Another way of checking the connection is adding IP address from the same subnet as Cyberoam on each wireless device, and pinging it, it will probably be easier than dealing with layer 2 tables.
I will try this tomorrow and will report results.
 
borisbahes
just joined
Topic Author
Posts: 9
Joined: Sat Nov 19, 2016 1:39 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Sat Nov 26, 2016 7:44 am

Another way of checking the connection is adding IP address from the same subnet as Cyberoam on each wireless device, and pinging it, it will probably be easier than dealing with layer 2 tables.
I will try this tomorrow and will report results.
So I have tried setting IP address of Dynadish #1 and ping Cyberoam interface and results are:
mikrotik_5.PNG
Maybe it's really cabling on SITE1? Just to note, client's on SITE2 are able to access 192.168.125.0/24 subnet on SITE1. They get IP addresses from DHCP on Cyberoam.
You do not have the required permissions to view the files attached to this post.
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Sat Nov 26, 2016 10:42 am

Alright, before we dive in the digging the layer 2 I need one information: what is the exact address and subnet mask of Cyberoam and hEX? If those are fine, you need to inspect bridge on the site: delete and create bridge again. I've also noticed pptp client on that board, did you try removing it before trying this experiment?

If site works on layer 3 (IP from different subnet on remote site works), then cabling is not the problem. You could also try adding address from 192.168.125.0/24 network on dish 1 and pinging Cyberoam (192.168.125.0/24 dhcp server address, since I have no clue what that device is capable of - could be some policy on that device, wrong ethernet, ...).
 
borisbahes
just joined
Topic Author
Posts: 9
Joined: Sat Nov 19, 2016 1:39 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Sat Nov 26, 2016 10:52 am

Alright, before we dive in the digging the layer 2 I need one information: what is the exact address and subnet mask of Cyberoam and hEX? If those are fine, you need to inspect bridge on the site: delete and create bridge again. I've also noticed pptp client on that board, did you try removing it before trying this experiment?

If site works on layer 3 (IP from different subnet on remote site works), then cabling is not the problem. You could also try adding address from 192.168.125.0/24 network on dish 1 and pinging Cyberoam (192.168.125.0/24 dhcp server address, since I have no clue what that device is capable of).
pptp client is for company that looks after this link. They want to be able to access device from internet.

Cyberoam:
192.168.0.9
255.255.255.248

hEX ether1:
192.168.0.10
255.255.255.248

hEX ether2:
192.168.127.1
255.255.255.0

Dynadish #1 (as of today):
192.168.0.11
255.255.255.248

If I add 192.168.125.0/24 to Dynadish #1 and try to ping Cyberoam on 192.168.125.1 I get same result as with 192.168.0.9.
 
borisbahes
just joined
Topic Author
Posts: 9
Joined: Sat Nov 19, 2016 1:39 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Sat Nov 26, 2016 11:16 am

Alright, before we dive in the digging the layer 2 I need one information: what is the exact address and subnet mask of Cyberoam and hEX? If those are fine, you need to inspect bridge on the site: delete and create bridge again. I've also noticed pptp client on that board, did you try removing it before trying this experiment?

If site works on layer 3 (IP from different subnet on remote site works), then cabling is not the problem. You could also try adding address from 192.168.125.0/24 network on dish 1 and pinging Cyberoam (192.168.125.0/24 dhcp server address, since I have no clue what that device is capable of - could be some policy on that device, wrong ethernet, ...).
SITE2 at this moment is connected directly via Dynadish to Cyberoam. On SITE2 Dynadish is now connected to switch - no vlans.
 
User avatar
che
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Fri Oct 07, 2005 1:04 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Sat Nov 26, 2016 11:48 am

I was lead to assume your network topology is the one from original post on the topic. I have no idea what switch you are talking about, but if it works it still means physical connection on site 1 is fine. Are there any VLANS configured on any device?
 
borisbahes
just joined
Topic Author
Posts: 9
Joined: Sat Nov 19, 2016 1:39 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Sat Nov 26, 2016 11:52 am

I was lead to assume your network topology is the one from original post on the topic. I have no idea what switch you are talking about, but if it works it still means physical connection on site 1 is fine.
Diagram is only the plan.

Currently the only difference between plan is that on SITE2 in place of hEX is switch Cisco SG200-26 (default config)

So client's on SITE2 get IP address from Cyberoam DHCP 192.168.125.0/24 pool.

hEX was suppose to create separate subnet on SITE2.

And no VLANs on any device.

It's strange, because when I connect hEX to Cyberoam on SITE1 directly, everything works....
 
borisbahes
just joined
Topic Author
Posts: 9
Joined: Sat Nov 19, 2016 1:39 pm

Re: gateway mac 00:00:00:00:00:00 - hEX r3

Sun Nov 27, 2016 8:09 am

So, Sunday morning...cup of coffee, jump to server room....and what do I see? Wrong link connected to Cyberoam router... :oops:

Who is online

Users browsing this forum: petertosh and 94 guests