Community discussions

MikroTik App
 
Drageir
just joined
Topic Author
Posts: 4
Joined: Fri May 15, 2020 5:45 pm

Mikrotik + Movistar Fusión Empresas

Fri May 22, 2020 6:09 pm

Hello everyone.
First of all, I'm a noob at networking. I'm an electrician and I've been forced to take care of the company network because our technician recenly got corona, so I'm sorry if I can't understand you perfectly or I make a mistake trying to explain my case.

Recently in my workplace we changed to Movistar Fusión Empresas (I'm from Spain). Before that, we worked with a ONT + Mikrotik (RB750GL) and a static IP. Now the internet provider installed a new ONT, a Teldat and a Switch and changed the Static IP (for example: 54.87.19.52). The structure stay as follows: ONT - Teldat - Switch Movistar - Mikrotik - Local network. When I plug in the MikroTik to the switch we don't have connection. I've tried to factory reset the device (we have backups saved), changing the vlan 3/6 to 20/21 (data and VoIP) and trying several ports, but I cannot make it work.

Mikrotik's configuration:
WAN 192.168.100.0
LAN 192.168.10.0

Again, I'm sorry if I missed any crucial information. I didn't study networking, I just have to deal with my boss decisions.
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikrotik + Movistar Fusión Empresas

Sat May 23, 2020 12:32 pm

Since no one familiar with Movistar's habits seems to wander around, let me ask you a question, because to debug a blackbox is not easy even for a network specialist, leaving aside regular users.

Should the static public IP be used to access some server in your premises remotely (web server, VPN connection, anything where you set up the public IP of your connection to a web browser or anything else on a remote PC or mobile)?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
msatter
Forum Guru
Forum Guru
Posts: 1603
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Mikrotik + Movistar Fusión Empresas

Sat May 23, 2020 2:11 pm

You should have put VLAN 20 at the ethernet port connected to the switch and the PPPoE connects to VLAN 20. Is the Teldat/switch in bridge mode then you can use PPPoE and if not you let the stuff from Moviestar do the work.

I assume that VOIP is handled by the Teldat/Moviestar switch itself.
One RB4011 and a RB760iGS (hEX S) in series. 4011 Does PPPoE/IKEv2-500/600 Mb/s.
Running:
RouterOS 6.47.beta.x / Winbox 3.23 / MikroTik APP 1.3.12
NordVPN viewtopic.php?f=2&t=158439&p=781009 for multiple connections.
 
Drageir
just joined
Topic Author
Posts: 4
Joined: Fri May 15, 2020 5:45 pm

Re: Mikrotik + Movistar Fusión Empresas

Mon May 25, 2020 4:27 pm

Since no one familiar with Movistar's habits seems to wander around, let me ask you a question, because to debug a blackbox is not easy even for a network specialist, leaving aside regular users.

Should the static public IP be used to access some server in your premises remotely (web server, VPN connection, anything where you set up the public IP of your connection to a web browser or anything else on a remote PC or mobile)?
Yes, we have a VPN for some employees and a Exchange server too. We have the outsorced DNS and we will change it to the new public IP after we get conection.
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikrotik + Movistar Fusión Empresas

Mon May 25, 2020 4:54 pm

Yes, we have a VPN for some employees and a Exchange server too. We have the outsorced DNS and we will change it to the new public IP after we get conection.
OK. In that case:
  • configure one of the VPN clients to connect to the new public IP (rather than to the domain name if set like that),
  • open a command line window to the Mikrotik (ssh, [Terminal] button in Winbox/WebFig) and make it as wide as your screen allows
  • run /tool sniffer quick interface=ether1 in that window (if you know the IP address of the client, add ip-address=ip.of.that.client to the command)
  • let the client (which must not be on your LAN) attempt to connect
You should see either the IP packets carrying the VPN initial request trying to reach your device, or ARP packets trying to determine some IP address, or nothing at all.
If only ARP requests are coming, you should see the VLAN ID which is used for internet connection (I don't expect VoIP traffic to be arriving spontaneously, except if you have a specifically configured PBX). If nothing is coming at all, the forwarding of traffic which arrives to the public IP further to the private WAN IP of the Mikrotik is not configured on the Movistar gear.

So post the result of this test and your configuration export in anonymized text form, following the hint in my automatic signature right below.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
nostromog
Member Candidate
Member Candidate
Posts: 173
Joined: Wed Jul 18, 2018 3:39 pm

Re: Mikrotik + Movistar Fusión Empresas

Mon May 25, 2020 5:27 pm

Hello everyone.
First of all, I'm a noob at networking. I'm an electrician and I've been forced to take care of the company network because our technician recenly got corona, so I'm sorry if I can't understand you perfectly or I make a mistake trying to explain my case.

Recently in my workplace we changed to Movistar Fusión Empresas (I'm from Spain). Before that, we worked with a ONT + Mikrotik (RB750GL) and a static IP. Now the internet provider installed a new ONT, a Teldat and a Switch and changed the Static IP (for example: 54.87.19.52). The structure stay as follows: ONT - Teldat - Switch Movistar - Mikrotik - Local network. When I plug in the MikroTik to the switch we don't have connection. I've tried to factory reset the device (we have backups saved), changing the vlan 3/6 to 20/21 (data and VoIP) and trying several ports, but I cannot make it work.

Mikrotik's configuration:
WAN 192.168.100.0
LAN 192.168.10.0

Again, I'm sorry if I missed any crucial information. I didn't study networking, I just have to deal with my boss decisions.
I am familiar with the configuration. The problem is that the movistar fiber uses VLANs after the ONT. If your previous configuration is as you said (ONT<->Mikrotik) the configuration of the Mikrotik is using VLANs and it gets the public ip directly. If now you have a new hardware interconnections the Teldat removes the VLAN tags, gets the IP and does NAT. The configuration for the Mikrotik has to be different unless you remove Teldat+Switch Movistar.

If the "Switch Movistar" (I don't know what this is) is just a switch, you might have a working configuration by setting up ONT<->Mikrotik<->Switch using the same ethernet (probably 1) that was used before.
 
Drageir
just joined
Topic Author
Posts: 4
Joined: Fri May 15, 2020 5:45 pm

Re: Mikrotik + Movistar Fusión Empresas

Mon May 25, 2020 5:50 pm

You should have put VLAN 20 at the ethernet port connected to the switch and the PPPoE connects to VLAN 20. Is the Teldat/switch in bridge mode then you can use PPPoE and if not you let the stuff from Moviestar do the work.

I assume that VOIP is handled by the Teldat/Moviestar switch itself.
I don't think the Teldat is in bridge mode. When I plug in a laptop directly to the Movistar' Switch I get the address 192.168.1.X, so it must be in router mode.
 
sindy
Forum Guru
Forum Guru
Posts: 5007
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikrotik + Movistar Fusión Empresas

Mon May 25, 2020 5:54 pm

When I plug in a laptop directly to the Movistar' Switch I get the address 192.168.1.X, so it must be in router mode.
So what happens if you attach a DHCP client directly (no /interface vlan in between) to Mikrotik's ether1 rather than a fixed address? Does it get a dynamic one too?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
Drageir
just joined
Topic Author
Posts: 4
Joined: Fri May 15, 2020 5:45 pm

Re: Mikrotik + Movistar Fusión Empresas

Mon May 25, 2020 6:39 pm

First of all, thank you all for your help.
Sadly I can't try your solutions untill tomorrow (I have my own work as electrician and the company doesn't stop until 22:00). The only moment I can touch the network without being yelled is at lunch break. Tomorrow I'll tell you, every idea is welcomed.

Clarification: while the new configuration is fixed, Movistar kept the old ONT still running so we don't loose functionality. When everyone stops working I go to the comunications room, plug the Mikrotik to the Teldat and the new ONT, and try to solve the puzzle.
 
nostromog
Member Candidate
Member Candidate
Posts: 173
Joined: Wed Jul 18, 2018 3:39 pm

Re: Mikrotik + Movistar Fusión Empresas

Mon May 25, 2020 7:53 pm

First of all, thank you all for your help.
Sadly I can't try your solutions untill tomorrow (I have my own work as electrician and the company doesn't stop until 22:00). The only moment I can touch the network without being yelled is at lunch break. Tomorrow I'll tell you, every idea is welcomed.
My guess would be that if you disconnect/unplug the Teldat router and connect straight away the ONT to port 1 of the Mikrotik (which is how I guess things were installed before), things will work:

* mikrotik will get the public IP address
* internet will work
* if you plug the switch to any of the remaining ports of the mikrotik, all the network will work.

This is assuming that before the connection was as you reported, and that the Movistar person only changed a standard consumer fiber by a enterprise fiber, no extra config.

Who is online

Users browsing this forum: Bing [Bot], enshem, erlinden, fandrit, Google [Bot], karlisi, kswong, Majestic-12 [Bot], panosmen, seriosha, Tarak and 96 guests