Community discussions

MikroTik App
 
yerzhl
newbie
Topic Author
Posts: 39
Joined: Thu Sep 22, 2016 9:37 am

Route reachable but timeout??

Thu Jun 10, 2021 6:46 am

Hi, I have hAP ac2 running version 6.48.3.

I have route configuration like below
# jun/10/2021 10:09:39 by RouterOS 6.48.3
# software id = 3N2H-SZVC
#
# model = RBD52G-5HacD2HnD
# serial number = 
/ip route
add check-gateway=ping comment="ISP 1" distance=1 gateway=8.8.8.8 \
    target-scope=30
add comment="To local and ISP 2, if fail internet automatically switch" \
    distance=2 gateway=192.168.0.1
add check-gateway=ping comment=\
    "If ping to google fail, automatically run ISP 2" distance=1 \
    dst-address=8.8.8.8/32 gateway=192.168.1.1
add comment="Route to local only" disabled=yes distance=1 dst-address=\
    192.168.0.0/24 gateway=192.168.0.1
    
Flags: X - disabled, I - invalid, D - dynamic 
 0  D chain=dstnat action=jump jump-target=hotspot hotspot=from-client 

 1  D chain=hotspot action=jump jump-target=pre-hotspot 

 2  D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53 

 3  D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53 

 4  D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-ds>
      dst-port=80 

 5  D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-ds>
      dst-port=443 

 6  D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth 

 7  D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth 

 8  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80 

 9  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128 

10  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080 

11  D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 

12  D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http 

13  D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 

14 X  ;;; place hotspot rules here
      chain=unused-hs-chain action=passthrough 

15    ;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN 
      ipsec-policy=out,none 

16    ;;; masquerade local [DHCP Server from CISCO and ISP 2]
      chain=srcnat action=masquerade out-interface=ether2 log=no log-prefix="" 
      ipsec-policy=out,none 

17    ;;; masquerade hotspot network
      chain=srcnat action=masquerade src-address=10.X.X.X/24 

18    CONFIDENTIAL

19 X  CONFIDENTIAL

20 X  CONFIDENTIAL

21  D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp 
      in-interface=ether4 dst-port=443 

Image

So this Mikrotik is located in Building B which the main internet source come from ISP 1, distributed to connected devices via WiFi.
In the same time, I also have the main network using LAN from Building A which the main internet source come from ISP 2, go through firewall CISCO (which I don't have access as it was setup by HQ and not possible for me to access it), go to switch and distributed to connected devices via LAN.
The color BLUE represent DHCP IP (192.168.0.X) from CISCO and BROWN represent DHCP IP from hAP AC2 (172.17.1.X).

As you can see the setup above, I use the ISP 1 for the main source of the internet and if it was down, it will automatically switch to ISP 2 which come from building A network.

Now the problem I have, in May the network run normal. My devices with IP range 172.17.1.X can access server which has IP range 192.168.0.X (for example 192.168.0.100), and I can switch the internet source using ISP 2 by disable setup route with distance=1. But recently when I tried to disable route with distance=1, I lost access to both local 192.168.0.X and internet access from ISP 2. And today is getting worse. It said reachable but I tried to ping by command prompt (Windows) and terminal (WinBox) both get request time out.

Please help if this is a bug or I did some mistake in the config but got lucky to have them running well.

Update: I tried change ether 2 to ether 5 can run well. Any idea how this happen? I also have tried to change the MAC Address of ether 2 just in case it got blocked from CISCO, but still can't work
You do not have the required permissions to view the files attached to this post.
Last edited by yerzhl on Fri Jun 11, 2021 5:34 am, edited 1 time in total.
 
yerzhl
newbie
Topic Author
Posts: 39
Joined: Thu Sep 22, 2016 9:37 am

Re: Route reachable but timeout??

Fri Jun 11, 2021 5:03 am

Hello anyone can help?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Route reachable but timeout??

Fri Jun 11, 2021 8:41 am

Sorry, crystal ball is defunct currently. What I want to write: it's impossible to tell why something stopped working while nothing supposedly changed. In this case it's only possible to find the reason by extensively debugging the whole setup. And you're the only one able to do it.
 
yerzhl
newbie
Topic Author
Posts: 39
Joined: Thu Sep 22, 2016 9:37 am

Re: Route reachable but timeout??

Fri Jun 11, 2021 8:52 am

Sorry, crystal ball is defunct currently. What I want to write: it's impossible to tell why something stopped working while nothing supposedly changed. In this case it's only possible to find the reason by extensively debugging the whole setup. And you're the only one able to do it.
Thank you for the response.
Could you give me guide for debugging?
I even have tried to do netinstall, reset, and restore from some backup but nothing work. And the strange thing, it can run if I switch the function from ether 2 to ether 5.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Route reachable but timeout??

Fri Jun 11, 2021 9:15 am

And the strange thing, it can run if I switch the function from ether 2 to ether 5.
If that's the case then you might want to thoroughly check potential differences in configuration of those two ports. Next thing would be doing some elaborate tests to try to pinpoint the device where stuff breaks. This might involve sniffing the traffic (using wireshark) which is not easy task to do because you have to somehow get full traffic between two network nodes without disturbing the connection between them.

Another possibility is physical damage to ether2 ... you can quite easily rule that out if you reconfigure ether2 to be a simple LAN port ... if it doesn't work as such, then it's probably damaged.
 
yerzhl
newbie
Topic Author
Posts: 39
Joined: Thu Sep 22, 2016 9:37 am

Re: Route reachable but timeout??

Fri Jun 11, 2021 10:38 am

If that's the case then you might want to thoroughly check potential differences in configuration of those two ports. Next thing would be doing some elaborate tests to try to pinpoint the device where stuff breaks. This might involve sniffing the traffic (using wireshark) which is not easy task to do because you have to somehow get full traffic between two network nodes without disturbing the connection between them.
Can I use the torch feature? As I can see it have connection to the correct IP range.
Another possibility is physical damage to ether2 ... you can quite easily rule that out if you reconfigure ether2 to be a simple LAN port ... if it doesn't work as such, then it's probably damaged.
If ether2 was damaged, does the counter still count in interface list? Because the counter is still counting like it receive connection there.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Route reachable but timeout??

Fri Jun 11, 2021 10:22 pm

Torch is one of tools that can help you. And no, couter increasing in one direction doesn't mean the port is not dammaged.
 
yerzhl
newbie
Topic Author
Posts: 39
Joined: Thu Sep 22, 2016 9:37 am

Re: Route reachable but timeout??

Mon Jun 21, 2021 6:23 am

Torch is one of tools that can help you. And no, couter increasing in one direction doesn't mean the port is not dammaged.
It is solved but I don't know why. It was solved after I switched from CISCO > unmanaged switch to CISCO > RB9xx > unmanaged switch

Who is online

Users browsing this forum: ccrsxx, Google [Bot] and 71 guests