By looking at the config below can anyone please advise why the bridge is unreachable?
Redacted Config:
Code: Select all
# apr/13/2020 12:06:07 by RouterOS 6.46.5
# software id = URZF-KQ5I
#
# model = RouterBOARD D52G-5HacD2HnD-TC
# serial number = RRRRRRRRRRRRR
/interface bridge add admin-mac=CC:2D:E0:EB:61:0F auto-mac=no comment=defconf name=bridge
/interface ethernet set [ find default-name=ether1 ] speed=100Mbps
/interface ethernet set [ find default-name=ether2 ] speed=100Mbps
/interface ethernet set [ find default-name=ether3 ] speed=100Mbps
/interface ethernet set [ find default-name=ether4 ] speed=100Mbps
/interface ethernet set [ find default-name=ether5 ] speed=100Mbps
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa2-pre-shared-key=zzzzzzzzzzzzzzzzzzzz
/interface wireless security-profiles add authentication-types=wpa2-psk eap-methods="" management-protection=allowed management-protection-key=raven........ mode=dynamic-keys name=UplandsDen supplicant-identity="" wpa-pre-shared-key=ghghghghghghghg. wpa2-pre-shared-key=qqqqqqqqqqqqqqqqqqqq
/interface wireless set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-g/n channel-width=20/40mhz-Ce country=canada disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower mode=ap-bridge name=wlanA security-profile=UplandsDen ssid=UplandsDen wireless-protocol=802.11
/interface wireless set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country=canada disabled=no distance=indoors frequency=auto frequency-mode=manual-txpower mode=ap-bridge name=wlanB security-profile=UplandsDen ssid=UplandsDen-5G wireless-protocol=802.11
/ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge lease-time=1d name=defconf
/system logging action set 1 disk-file-name=disk2/log
/user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port add bridge=bridge comment=defconf interface=ether2
/interface bridge port add bridge=bridge comment=defconf interface=wlanA
/interface bridge port add bridge=bridge comment=defconf interface=wlanB
/interface bridge port add bridge=bridge interface=ether3
/interface bridge port add bridge=bridge interface=ether4
/interface bridge port add bridge=bridge interface=ether5
/ip neighbor discovery-settings set discover-interface-list=LAN
/ipv6 settings set accept-router-advertisements=yes
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add comment=defconf interface=ether1 list=WAN
/interface wireless connect-list add interface=wlanA security-profile=UplandsDen
/interface wireless connect-list add interface=wlanB security-profile=UplandsDen
/ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
/ip cloud set update-time=no
/ip dhcp-client add comment=defconf disabled=no interface=ether1
/ip dhcp-server lease add address=192.168.88.230 client-id=1:0:24:d6:9b:b5:ec comment="J Lap" mac-address=00:24:D6:9B:B5:EC server=defconf
/ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001
/ip dns static add address=192.168.88.1 name=router.lan
/ip firewall address-list add address=224.0.0.0/3 list=blacklist
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=input comment="INPUT DROP FireHOL Blacklist" in-interface=ether1 log-prefix="FireHOL Blacklist" src-address-list=blacklist
/ip firewall filter add action=add-src-to-address-list address-list="Port Scanners" address-list-timeout=2d chain=input comment="INPUT Telnet Port Scans" dst-port=23 in-interface=ether1 protocol=tcp
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip firewall raw add action=drop chain=prerouting comment="Drop TELNET port scaners" in-interface=ether1 src-address-list="Port Scanners"
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set ssh port=2200
/ip service set api disabled=yes
/ip service set winbox address=192.168.88.0/24
/ip service set api-ssl disabled=yes
/ip ssh set allow-none-crypto=yes forwarding-enabled=remote
/ipv6 address add from-pool=rogers-ipv6 interface=bridge
/ipv6 dhcp-client add add-default-route=yes interface=ether1 pool-name=rogers-ipv6 request=address,prefix use-peer-dns=no
/ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
/ipv6 firewall address-list add address=::1/128 comment="defconf: lo" list=bad_ipv6
/ipv6 firewall address-list add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
/ipv6 firewall address-list add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
/ipv6 firewall address-list add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
/ipv6 firewall address-list add address=100::/64 comment="defconf: discard only " list=bad_ipv6
/ipv6 firewall address-list add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
/ipv6 firewall address-list add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
/ipv6 firewall address-list add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall address-list add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
/ipv6 firewall address-list add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall address-list add address=::/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall address-list add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=accept chain=input comment=" defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
/ipv6 firewall filter add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
/ipv6 firewall filter add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
/ipv6 firewall filter add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd set [ find default=yes ] advertise-dns=no interface=ether1 mtu=1500 ra-lifetime=none reachable-time=5m
/ipv6 nd add advertise-dns=no hop-limit=64 interface=bridge
/ipv6 nd prefix default set preferred-lifetime=4h valid-lifetime=4h
/system clock set time-zone-name=America/Toronto
/system clock manual set time-zone=-04:00
/system identity set name=ravensden
/system logging set 0 action=disk
/system logging set 1 action=disk
/system logging set 2 action=disk
/system logging set 3 action=disk
/system ntp client set enabled=yes server-dns-names=time.google.com,0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN
/tool sniffer set filter-mac-address=00:00:00:00:00:00/00:00:00:00:00:00 memory-limit=10KiB