Community discussions

MikroTik App
 
Eduardo25
just joined
Topic Author
Posts: 18
Joined: Fri Mar 12, 2021 11:49 pm

ISP to Mikrotik Router RB4011 Bridging

Fri Apr 16, 2021 1:18 pm

I have my ISP PPPOE credentials to use to bridge the ISP router to Mikrotik using PPOE Client Interface in ethernet 2 with different settings but can't connect properly it disconnecting.

Anyone know what proper way to connect it?

Image
Image
Image
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 132
Joined: Thu Oct 19, 2017 12:50 am

Re: ISP to Mikrotik Router RB4011 Bridging

Fri Apr 16, 2021 2:02 pm

...most ISP connections I know of, that use PPPOE require to use a seperate VLAN (i.e. German Telekom, VLAN-ID = 7)
 
mkx
Forum Guru
Forum Guru
Posts: 6558
Joined: Thu Mar 03, 2016 10:23 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Fri Apr 16, 2021 5:14 pm

...most ISP connections I know of, that use PPPOE require to use a seperate VLAN (i.e. German Telekom, VLAN-ID = 7)

But not all. Log entries (connecting ... authenticated, connected, terminating ... disconnected) actually show that VLAN is (probably) not a problem since PPPoE client can talk to ISP's PPPoE server. Some other problem is more likely. OP should increase verbosity of pppoe logging, perhaps something useful will pop out.
BR,
Metod
 
User avatar
Znevna
Member
Member
Posts: 345
Joined: Mon Sep 23, 2019 1:04 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Fri Apr 16, 2021 6:36 pm

In the screenshot posted, ether2 (in italic) means there's no link on that interface. How can it work?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 8393
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ISP to Mikrotik Router RB4011 Bridging

Fri Apr 16, 2021 10:28 pm

In other words, is ether 2 the right physical port the traffic is coming in on??
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
Eduardo25
just joined
Topic Author
Posts: 18
Joined: Fri Mar 12, 2021 11:49 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Sat Apr 17, 2021 4:19 am

In the screenshot posted, ether2 (in italic) means there's no link on that interface. How can it work?
sorry I disconnected the physical link after it won't work right away because I move it to old router because I'm in a production environment xD. sorry for confusion
 
Eduardo25
just joined
Topic Author
Posts: 18
Joined: Fri Mar 12, 2021 11:49 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Sat Apr 17, 2021 4:35 am

I manage it somehow to connect with the following settings as the port keep trying to connect.
Image

and now the problem is how should I redirect the traffic and internet connection in my LAN2 network. I already set the out interface WAN2 and the IProute automatically assigned and it has 1 distance same as the WAN1 does it make it conflict?

Image
 
Eduardo25
just joined
Topic Author
Posts: 18
Joined: Fri Mar 12, 2021 11:49 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Sat Apr 17, 2021 4:56 am

...most ISP connections I know of, that use PPPOE require to use a seperate VLAN (i.e. German Telekom, VLAN-ID = 7)

But not all. Log entries (connecting ... authenticated, connected, terminating ... disconnected) actually show that VLAN is (probably) not a problem since PPPoE client can talk to ISP's PPPoE server. Some other problem is more likely. OP should increase verbosity of pppoe logging, perhaps something useful will pop out.

how can I achieve that logging? sorry just starting Mikrotik tho
 
Eduardo25
just joined
Topic Author
Posts: 18
Joined: Fri Mar 12, 2021 11:49 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Sat Apr 17, 2021 4:57 am

...most ISP connections I know of, that use PPPOE require to use a seperate VLAN (i.e. German Telekom, VLAN-ID = 7)
Hi I already manage to connect it yet and another problem arise I posted a reply above, I really appreciate your reply
 
JelleM
just joined
Posts: 10
Joined: Fri Aug 31, 2018 1:33 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Sat Apr 17, 2021 2:34 pm

...most ISP connections I know of, that use PPPOE require to use a seperate VLAN (i.e. German Telekom, VLAN-ID = 7)

But not all. Log entries (connecting ... authenticated, connected, terminating ... disconnected) actually show that VLAN is (probably) not a problem since PPPoE client can talk to ISP's PPPoE server. Some other problem is more likely. OP should increase verbosity of pppoe logging, perhaps something useful will pop out.

how can I achieve that logging? sorry just starting Mikrotik tho
You can add the pppoe debug logging topic using
/system logging add topics=pppoe,debug
. (Or when using winbox: Go to the system>logging menu. Rules tab. Click "+" and add the topics pppoe and debug with action memory).


With regards to your issue with sending the traffic over the second link:
First of all you have to use the pppoe interface as your out-interface in your src-nat rule, not the WAN2(ether2) address-list. Also add your pppoe interface to the WAN2 address list (presumably for firewall reasons). Second of all is that you now have two equal default routes, and only one will be active. One through ether1 and one through the pppoe interface. The selection of which route (and therefore interface out to the internet) is active is thus either ether1 or the pppoe interface. I see that you have tried to fix that using the src. address list in the src-nat, however src nat happens AFTER the route/interface selection. What happens now is that a packet from the 178_network might decided to go out of ether1 (if that route is active) and it will not get src-natted (private ip leak. probably blocked by your isp). Or it might decide to go out of the pppoe interface (if that one is active), in which case it will be correctly src-natted and work correctly (if you change the src-rule to use the pppoe interface and add the interface to the list). If the pppoe route is active, all traffic from the 88_network will fail, if the ether1 route is active the 178_network traffic will fail.


To fix this you need to remove the src address list parts from your src nat (thats only making it worse for now) and configure policy routing. See https://wiki.mikrotik.com/wiki/PCC. Basically you have to mark traffic coming from, for example the 88_network, with a routing mark for WAN1 and for the 178_network for WAN2 using mangle rules in the output and prerouting chain. This is hard to do with PPPoE though since you cannot create a marked route dynamically from pppoe if I recall correctly. You might need some scripting in the ppp profile for that or check out viewtopic.php?p=814682#p814682.
 
Eduardo25
just joined
Topic Author
Posts: 18
Joined: Fri Mar 12, 2021 11:49 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Mon Apr 19, 2021 4:39 am

...most ISP connections I know of, that use PPPOE require to use a seperate VLAN (i.e. German Telekom, VLAN-ID = 7)

But not all. Log entries (connecting ... authenticated, connected, terminating ... disconnected) actually show that VLAN is (probably) not a problem since PPPoE client can talk to ISP's PPPoE server. Some other problem is more likely. OP should increase verbosity of pppoe logging, perhaps something useful will pop out.

note and Thanks.






how can I achieve that logging? sorry just starting Mikrotik tho
You can add the pppoe debug logging topic using
/system logging add topics=pppoe,debug
. (Or when using winbox: Go to the system>logging menu. Rules tab. Click "+" and add the topics pppoe and debug with action memory).


With regards to your issue with sending the traffic over the second link:
First of all you have to use the pppoe interface as your out-interface in your src-nat rule, not the WAN2(ether2) address-list. Also add your pppoe interface to the WAN2 address list (presumably for firewall reasons). Second of all is that you now have two equal default routes, and only one will be active. One through ether1 and one through the pppoe interface. The selection of which route (and therefore interface out to the internet) is active is thus either ether1 or the pppoe interface. I see that you have tried to fix that using the src. address list in the src-nat, however src nat happens AFTER the route/interface selection. What happens now is that a packet from the 178_network might decided to go out of ether1 (if that route is active) and it will not get src-natted (private ip leak. probably blocked by your isp). Or it might decide to go out of the pppoe interface (if that one is active), in which case it will be correctly src-natted and work correctly (if you change the src-rule to use the pppoe interface and add the interface to the list). If the pppoe route is active, all traffic from the 88_network will fail, if the ether1 route is active the 178_network traffic will fail.


To fix this you need to remove the src address list parts from your src nat (thats only making it worse for now) and configure policy routing. See https://wiki.mikrotik.com/wiki/PCC. Basically you have to mark traffic coming from, for example the 88_network, with a routing mark for WAN1 and for the 178_network for WAN2 using mangle rules in the output and prerouting chain. This is hard to do with PPPoE though since you cannot create a marked route dynamically from pppoe if I recall correctly. You might need some scripting in the ppp profile for that or check out viewtopic.php?p=814682#p814682.



for somehow I get disconnected it might be the ISP wont allow me to connect because once I get the the name and addresses assigned i get dc

Image
 
Eduardo25
just joined
Topic Author
Posts: 18
Joined: Fri Mar 12, 2021 11:49 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Mon Apr 19, 2021 4:44 am

I've wondered if it is a bug, it successfully authenticated yet it dropping the connection
 
User avatar
Znevna
Member
Member
Posts: 345
Joined: Mon Sep 23, 2019 1:04 pm

Re: ISP to Mikrotik Router RB4011 Bridging

Mon Apr 19, 2021 12:39 pm

That printscreen doesn't contain enough data to show the problem.
Post a more complete log, attach the log file, edited.
MTKEK Certified by IRC

Who is online

Users browsing this forum: Baidu [Spider], npeca75 and 227 guests