Community discussions

MikroTik App
  4. RouterOS
  5. General

FAILED SETUP: Internet works only on wifi  [SOLVED]

Post Reply
 
jdupak
just joined
Topic Author
Posts: 3
Joined: Tue Sep 01, 2020 5:39 pm

FAILED SETUP: Internet works only on wifi

Tue Sep 01, 2020 5:54 pm

Hello,
I would like to ask you for help, I already spend 2 days googling and trying to solve myself.

I have reseted the router (Home AP Lite), configured it with quick configure to "Home AP". Now I have perfectly working wifi but devices on ethernet cannot even ping the gateway. Linux refuses to connect. Windows 10 connects (saying no internet) it gets IP from DHCP (the same address is on device and in leases on the router + I have seen DHCP ack in wireshark) but it canot even ping the gateway. Windows diagnostics says gateway not available.
  • I have tried all ethernet ports.
    I have already tried turning off all blocking rule in firewall, and all rule in firewall.
    I beliveve that NAT and masquerade are correct.
    I tried this: viewtopic.php?t=116073 (the ultimate solution) (attempt, not present in bellow config). I have tried to add relay for bridge and ether-2 (the one i am trying) to my providers DNS.
I strongly suspect subnet ranges to separate wlan1 and other ethers. But I found nothing.
Here is my dump of "expor hide-sensitive":
Code: Select all
# sep/01/2020 16:38:01 by RouterOS 6.47.2
# software id = UPHK-RN73
#
# model = RouterBOARD 941-2nD
# serial number = 80A7070FDFDC
/interface bridge
add admin-mac=64:D1:54:F6:FB:6A auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="czech republic" disabled=no mode=ap-bridge ssid=dupakovi wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf hw=no interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=10.9.68.254/30 interface=ether1 network=10.9.68.252
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=10.255.255.10,10.255.255.20
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=10.9.68.253
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Thanks for any suggestions.
Top
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: FAILED SETUP: Internet works only on wifi  [SOLVED]

Tue Sep 01, 2020 6:43 pm

Move ip address from ether2 to bridge.
Make sure the administrative mac address of the bridge is not equal to ether1 mac address (should be like of ether2 for example).
Switching off the hw acceleration of all bridge members could help too.

Never return to quickset back once you set whatever outside the quickset.

Don't use any higher version than latest long term unless you have real reason for it.

... and welcome to mikrotik world.



Top
 
jdupak
just joined
Topic Author
Posts: 3
Joined: Tue Sep 01, 2020 5:39 pm

Re: FAILED SETUP: Internet works only on wifi

Tue Sep 01, 2020 7:57 pm

SOLVED
jarda, thank you so much, especially for the warm welcome.

Moving address space to bridge and disabling HW switching worked.
MACs were right already.

I might later try which one did it (and update this post) but now I am too happy that it finally works.
EDIT: --> both are needed
Top
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: FAILED SETUP: Internet works only on wifi

Wed Sep 02, 2020 7:05 pm

Your welcome.
Top
 
docboy
newbie
Posts: 27
Joined: Wed Sep 02, 2020 6:58 pm

Re: FAILED SETUP: Internet works only on wifi

Wed Sep 09, 2020 10:15 pm

SOLVED
jarda, thank you so much, especially for the warm welcome.

Moving address space to bridge and disabling HW switching worked.
MACs were right already.

I might later try which one did it (and update this post) but now I am too happy that it finally works.
EDIT: --> both are needed
Can you share how did you disable the HW switching?

Also, for moving the address space to bridge, did you do this under IP -> Addresses? Delete one and add the IP address to "bridge?" I tried this and suddenly the router became disabled and I couldn't access it.
Top
 
jdupak
just joined
Topic Author
Posts: 3
Joined: Tue Sep 01, 2020 5:39 pm

Re: FAILED SETUP: Internet works only on wifi

Wed Sep 09, 2020 10:53 pm

Sure, I assume you are using web interface of winbox as I am not yet used to cli interface.
Can you share how did you disable the HW switching?
Go Bridge > Ports > Detail of the interface > uncheck the "Hardware offload" checkbox.
Also, for moving the address space to bridge, did you do this under IP -> Addresses? Delete one and add the IP address to "bridge?" I tried this and suddenly the router became disabled and I couldn't access it.
I kept the value and just changed the interface from ether2 to bridge. If you delete it, you lose a way to communicate.
If you still cannot access it, try connect directly to the router via cable and connect with winbox via MAC address (there is search button to find out the MAC). Make sure you do click on the MAC address and not the IP. IP will not work. If this does not work, I guess you have to reset it. For next time read about "safe mode" feature - it is quite cool and saves a lot of trouble.

Good luck
Top
Post Reply

Who is online

Users browsing this forum: GoogleOther [Bot], seinale and 107 guests
  4. RouterOS
  5. General