I am using a RB1100 to route Internet from our service provider to our WISP customers. Port 1 on the RB1100 is hooked to the Internet. Ports 2 - 10 route it to various sector AP's and backhauls. I have a couple of customers that have static IP addresses. At times they are unable to access the Internet. From the browser they get a page not found message. They run small business servers so their e-mail and website doesn't work when this problem occurs. Both users use MikroTik equipment for the CPE's. I can log into their CPE's but can't ping anywhere on the internet, using the /tools/ping command. I have tried rebooting the RB1100 and all the backhaul's, AP's and CPE's inline but that doesn't fix anything either. The strange thing is if I go into to the Radius server and give them a different static IP address, or if I change the username and password on their CPE to something different, the Internet starts working. Problem with doing this is that they need their static IP address to not change. I have run a trace route from their CPE when this happens and it seems to die at the RB1100. If we just wait some time it will eventually cure itself. This may be a few hours to a day or two. Waiting in unacceptable as they are not able to work while this problem occurs. Has anyone encountered this problem before? If so what did you do to fix it? Not sure what to do next. The RB1100 is running v5.26 as is the backhaul, AP and CPE involved. Let me know if I need to provide anything else to help troubleshoot this problem.
Thanks .. Jay
Re: No Internet on Some IP Addresses
I've never heard of such a problem ever! ..I would however love! to know the fix for your problem when you fix it
Re: No Internet on Some IP Addresses
look for netmask/prefix issues in the firewall / NAT rules and/or dynamic firewall rules which add IPs to access-lists and/or multiple users trying to use the same IP address at those times and/or routing issues between the RB1100 and the various sector APs and backhauls.I am using a RB1100 to route Internet from our service provider to our WISP customers. Port 1 on the RB1100 is hooked to the Internet. Ports 2 - 10 route it to various sector AP's and backhauls. I have a couple of customers that have static IP addresses. At times they are unable to access the Internet. From the browser they get a page not found message. They run small business servers so their e-mail and website doesn't work when this problem occurs. Both users use MikroTik equipment for the CPE's. I can log into their CPE's but can't ping anywhere on the internet, using the /tools/ping command. I have tried rebooting the RB1100 and all the backhaul's, AP's and CPE's inline but that doesn't fix anything either. The strange thing is if I go into to the Radius server and give them a different static IP address, or if I change the username and password on their CPE to something different, the Internet starts working. Problem with doing this is that they need their static IP address to not change. I have run a trace route from their CPE when this happens and it seems to die at the RB1100. If we just wait some time it will eventually cure itself. This may be a few hours to a day or two. Waiting in unacceptable as they are not able to work while this problem occurs. Has anyone encountered this problem before? If so what did you do to fix it? Not sure what to do next. The RB1100 is running v5.26 as is the backhaul, AP and CPE involved. Let me know if I need to provide anything else to help troubleshoot this problem.
Thanks .. Jay
When all of that fails, you might want to actually give us some details. Things such as:
What access method the static IP customers use to get their static IPs, pppoe, pptp, dhcp, hotspot, statically configured IPs on the customer equipment, whatever.
Gather up all of the IPs, Routes, Firewall Rules, Firewall Mangle Rules, Firewall NAT rules, Firewall Address-lists and a network diagram.
Traceroutes from the customer toward the Internet.
Traceroutes from outside the RB1100 (traceroute.org is helpful) toward the customer's IP.
Traceroutes from other locations on your network toward the customer's IP.
Traceroutes from the Customer toward other locations on your network other than the RB1100.
Then make a detailed help request.
By the time you gather the data, you will probably have your answer.
Re: No Internet on Some IP Addresses
I need help in figuring out why one of my Internet customers with a static IP address doesn't have any Internet access while my others do. Below is the information, I hope, that was requested earlier. I have included a trace to and from the customer without Internet as well as to a customer that has Internet. Both have static IP addresses and are on the same AP/Backhaul/RB1100. If any more information is needed please let me know.
Thanks
/ip address> pri
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; NW Sector Default Gateway
10.10.1.1/24 10.10.1.0 vlan1010
1 ;;; Radius
172.16.1.9/29 172.16.1.8 ether1
2 ;;; Cherokee Backhaul
172.16.1.29/30 172.16.1.28 ether9
3 ;;; Avard
172.16.1.37/30 172.16.1.36 ether5
4 ;;; Jet
172.16.1.53/30 172.16.1.52 ether8
5 ;;; Dacoma/Carmen
172.16.1.61/30 172.16.1.60 ether7
6 ;;; Capron
172.16.1.77/30 172.16.1.76 ether6
7 ;;; West Sector Bcc
172.16.1.85/30 172.16.1.84 ether10
8 ;;; Gerber
172.16.1.113/29 172.16.1.112 ether2
9 ;;; S Sector Default Gateway
10.11.2.1/24 10.11.2.0 vlan1011
10 2.2.2.1/32 2.2.2.1 lobridge
11 X 10.90.1.1/30 10.90.1.0 ether2
12 10.31.1.16/24 10.31.1.0 ether11
13 X 172.16.7.2/30 172.16.7.0 ether1
14 63.97.254.2/24 63.97.254.0 ether1
15 ;;; NE Sector Default Gateway
10.10.3.1/24 10.10.3.0 vlan1003
16 172.16.6.10/24 172.16.6.0 ether3
] /ip route> pri
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 63.97.254.1 1
1 ADC 2.2.2.1/32 2.2.2.1 lobridge 0
2 ADo 2.2.2.4/32 172.16.1.54 110
3 ADo 2.2.2.5/32 172.16.1.62 110
4 ADo 2.2.2.10/32 172.16.1.62 110
5 ADo 2.2.2.11/32 172.16.1.62 110
6 ADo 2.2.2.15/32 172.16.1.12 110
7 ADo 2.2.2.16/32 172.16.1.12 110
8 ADo 2.2.2.17/32 172.16.1.12 110
9 ADo 2.2.2.18/32 172.16.1.86 110
10 ADo 2.2.2.19/32 172.16.1.86 110
11 ADo 2.2.2.20/32 172.16.1.54 110
12 ADo 2.2.2.22/32 172.16.1.38 110
13 ADo 2.2.2.23/32 172.16.1.78 110
14 ADo 2.2.2.26/32 172.16.1.78 110
15 ADo 2.2.2.27/32 172.16.1.12 110
16 ADC 10.10.1.0/24 10.10.1.1 vlan1010 0
17 ADC 10.10.3.0/24 10.10.3.1 vlan1003 0
18 ADC 10.11.2.0/24 10.11.2.1 vlan1011 0
19 ADo 10.12.2.0/24 172.16.1.86 110
20 ADo 10.13.1.0/24 172.16.1.12 110
21 ADo 10.14.2.0/24 172.16.1.38 110
22 ADo 10.16.2.0/24 172.16.1.78 110
23 ADo 10.17.2.0/24 172.16.1.62 110
24 ADo 10.17.3.0/24 172.16.1.62 110
25 ADo 10.17.4.0/30 172.16.1.62 110
26 ADo 10.20.1.0/24 172.16.1.12 110
27 ADo 10.21.2.0/24 172.16.1.116 110
28 ADo 10.23.1.0/24 172.16.1.12 110
29 ADo 10.24.1.0/24 172.16.1.54 110
30 ADo 10.25.1.0/24 172.16.1.12 110
31 ADo 10.27.1.0/24 172.16.1.12 110
32 ADo 10.29.1.0/24 172.16.1.12 110
33 ADo 10.30.1.0/24 172.16.1.12 110
34 ADC 10.31.1.0/24 10.31.1.16 ether11 0
35 ADo 10.32.1.0/24 172.16.1.12 110
36 ADo 10.33.1.0/24 172.16.1.78 110
37 ADo 10.40.1.0/24 172.16.1.116 110
38 ADC 63.97.254.0/24 63.97.254.2 ether1 0
39 Do 63.97.254.0/24 172.16.1.10 110
172.16.1.11
40 ADC 63.97.254.25/32 63.97.254.2 <pppoe-regalsup... 0
41 ADo 63.97.254.27/32 172.16.1.12 110
42 ADo 63.97.254.28/32 172.16.1.12 110
43 ADo 63.97.254.29/32 172.16.1.12 110
44 ADo 63.97.254.30/32 172.16.1.12 110
45 ADo 63.97.254.31/32 172.16.1.12 110
46 ADo 63.97.254.34/32 172.16.1.12 110
47 ADo 63.97.254.35/32 172.16.1.12 110
48 ADo 63.97.254.40/32 172.16.1.12 110
49 ADo 63.97.254.46/32 172.16.1.12 110
50 ADo 63.97.254.49/32 172.16.1.12 110
51 ADo 63.97.254.53/32 172.16.1.11 110
52 ADo 63.97.254.54/32 172.16.1.12 110
53 ADo 63.97.254.56/32 172.16.1.12 110
54 ADo 63.97.254.57/32 172.16.1.12 110
55 ADo 63.97.254.60/32 172.16.1.12 110
56 ADo 63.97.254.78/32 172.16.1.12 110
57 ADo 63.97.254.102/32 172.16.1.12 110
58 ADo 63.97.254.103/32 172.16.1.12 110
59 ADC 63.97.254.199/32 63.97.254.2 <pppoe-ksretread> 0
60 ADo 63.97.254.211/32 172.16.1.86 110
61 ADo 63.97.254.249/32 172.16.1.12 110
62 ADo 63.97.254.250/32 172.16.1.86 110
63 ADo 172.14.1.33/32 172.16.1.78 110
64 ADo 172.14.1.128/28 172.16.1.86 110
65 ADo 172.16.1.0/30 172.16.1.12 110
66 ADC 172.16.1.8/29 172.16.1.9 ether1 0
67 ADC 172.16.1.28/30 172.16.1.29 ether9 0
68 ADC 172.16.1.36/30 172.16.1.37 ether5 0
69 ADo 172.16.1.38/32 172.16.1.38 110
70 ADo 172.16.1.41/32 172.16.1.38 110
71 ADo 172.16.1.42/32 172.16.1.38 110
72 ADo 172.16.1.44/30 172.16.1.38 110
73 ADC 172.16.1.52/30 172.16.1.53 ether8 0
74 ADo 172.16.1.54/32 172.16.1.54 110
75 ADo 172.16.1.57/32 172.16.1.54 110
76 ADo 172.16.1.58/32 172.16.1.54 110
77 ADC 172.16.1.60/30 172.16.1.61 ether7 0
78 ADo 172.16.1.62/32 172.16.1.62 110
79 ADo 172.16.1.65/32 172.16.1.62 110
80 ADo 172.16.1.66/32 172.16.1.62 110
81 ADo 172.16.1.69/32 172.16.1.62 110
82 ADo 172.16.1.70/32 172.16.1.62 110
83 ADo 172.16.1.72/30 172.16.1.62 110
84 ADC 172.16.1.76/30 172.16.1.77 ether6 0
85 ADo 172.16.1.78/32 172.16.1.78 110
86 ADo 172.16.1.81/32 172.16.1.78 110
87 ADo 172.16.1.82/32 172.16.1.78 110
88 ADC 172.16.1.84/30 172.16.1.85 ether10 0
89 ADo 172.16.1.86/32 172.16.1.86 110
90 ADo 172.16.1.89/32 172.16.1.86 110
91 ADo 172.16.1.90/32 172.16.1.86 110
92 ADo 172.16.1.101/32 172.16.1.12 110
93 ADo 172.16.1.102/32 172.16.1.12 110
94 ADo 172.16.1.105/32 172.16.1.12 110
95 ADo 172.16.1.106/32 172.16.1.12 110
96 ADo 172.16.1.109/32 172.16.1.12 110
97 ADo 172.16.1.110/32 172.16.1.12 110
98 ADC 172.16.1.112/29 172.16.1.113 ether2 0
99 ADo 172.16.1.116/32 172.16.1.116 110
100 ADo 172.16.1.124/30 172.16.1.12 110
101 ADo 172.16.1.128/30 172.16.1.12 110
102 ADo 172.16.1.136/29 172.16.1.12 110
103 ADo 172.16.2.0/26 172.16.1.12 110
104 ADo 172.16.2.64/26 172.16.1.12 110
105 ADo 172.16.3.64/26 172.16.1.38 110
106 ADo 172.16.3.128/26 172.16.1.38 110
107 ADo 172.16.3.203/32 172.16.1.54 110
108 ADo 172.16.3.204/32 172.16.1.54 110
109 ADo 172.16.4.55/32 172.16.1.62 110
110 ADo 172.16.4.56/32 172.16.1.62 110
111 ADo 172.16.4.58/32 172.16.1.62 110
112 ADo 172.16.4.59/32 172.16.1.62 110
113 ADo 172.16.4.61/32 172.16.1.62 110
114 ADo 172.16.4.62/32 172.16.1.62 110
115 ADo 172.16.4.123/32 172.16.1.62 110
116 ADo 172.16.4.124/32 172.16.1.62 110
117 ADo 172.16.4.125/32 172.16.1.62 110
118 ADo 172.16.4.126/32 172.16.1.62 110
119 ADo 172.16.4.192/26 172.16.1.78 110
120 ADo 172.16.5.0/26 172.16.1.86 110
121 ADo 172.16.5.237/32 172.16.1.116 110
122 ADo 172.16.5.238/32 172.16.1.116 110
123 ADo 172.16.5.240/32 172.16.1.116 110
124 ADo 172.16.5.241/32 172.16.1.116 110
125 ADo 172.16.5.242/32 172.16.1.116 110
126 ADo 172.16.5.244/32 172.16.1.116 110
127 ADo 172.16.5.245/32 172.16.1.116 110
128 ADo 172.16.5.246/32 172.16.1.116 110
129 ADo 172.16.5.247/32 172.16.1.116 110
130 ADo 172.16.5.248/32 172.16.1.116 110
131 ADo 172.16.5.249/32 172.16.1.116 110
132 ADo 172.16.5.250/32 172.16.1.116 110
133 ADo 172.16.5.251/32 172.16.1.116 110
134 ADo 172.16.5.252/32 172.16.1.116 110
135 ADo 172.16.5.253/32 172.16.1.116 110
136 ADo 172.16.5.254/32 172.16.1.116 110
137 ADC 172.16.6.0/24 172.16.6.10 ether3 0
138 ADC 172.16.6.102/32 63.97.254.2 <pppoe-njbradt> 0
139 ADC 172.16.6.103/32 63.97.254.2 <pppoe-wjl1> 0
140 ADC 172.16.6.104/32 63.97.254.2 <pppoe-pamurry> 0
141 ADC 172.16.6.105/32 63.97.254.2 <pppoe-traviseg... 0
142 ADC 172.16.6.106/32 63.97.254.2 <pppoe-dgoll> 0
143 ADC 172.16.6.107/32 63.97.254.2 <pppoe-kschoeling> 0
144 ADC 172.16.6.108/32 63.97.254.2 <pppoe-willson> 0
145 ADC 172.16.6.109/32 63.97.254.2 <pppoe-kellyt> 0
146 ADC 172.16.6.110/32 63.97.254.2 <pppoe-bbqman> 0
147 ADC 172.16.6.111/32 63.97.254.2 <pppoe-jgarnett> 0
148 ADC 172.16.6.112/32 63.97.254.2 <pppoe-ddschoel... 0
149 ADC 172.16.6.113/32 63.97.254.2 <pppoe-athomason> 0
150 ADC 172.16.6.114/32 63.97.254.2 <pppoe-julie.wren> 0
151 ADC 172.16.6.115/32 63.97.254.2 <pppoe-jkphillips> 0
152 ADC 172.16.6.116/32 63.97.254.2 <pppoe-trekell> 0
153 ADC 172.16.6.117/32 63.97.254.2 <pppoe-shirleytom> 0
154 ADC 172.16.6.118/32 63.97.254.2 <pppoe-davekoontz> 0
155 ADC 172.16.6.119/32 63.97.254.2 <pppoe-nighswon... 0
156 ADC 172.16.6.120/32 63.97.254.2 <pppoe-jwardrop> 0
157 ADC 172.16.6.121/32 63.97.254.2 <pppoe-limicatt... 0
158 ADC 172.16.6.122/32 63.97.254.2 <pppoe-cwdavis94> 0
159 ADC 172.16.6.123/32 63.97.254.2 <pppoe-ggpinegar> 0
160 ADC 172.16.6.124/32 63.97.254.2 <pppoe-foxden> 0
161 ADC 172.16.6.125/32 63.97.254.2 <pppoe-willyard8> 0
162 ADC 172.16.6.126/32 63.97.254.2 <pppoe-kjgardner> 0
163 ADo 172.16.7.0/29 172.16.1.38 110
164 ADo 172.16.7.1/32 172.16.1.38 110
165 ADo 172.16.7.2/32 172.16.1.38 110
166 ADo 172.16.7.3/32 172.16.1.38 110
167 ADo 172.16.7.4/32 172.16.1.38 110
/ip firewall filter> pri
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Invalid Connections
chain=input action=drop connection-state=invalid
1 ;;; Detect Peer to Peer traffic
chain=forward action=log p2p=all-p2p log-prefix="P2P"
2 ;;; Accept Input from the Following Networks
chain=input action=accept src-address=63.97.254.0/24
3 chain=input action=accept src-address=172.16.0.0/16
4 chain=input action=accept src-address=10.0.0.0/8
5 ;;; Accept Input from IP Address Not Listed Above only if this Router Ini>
ted the Connection
chain=input action=accept connection-state=established
6 ;;; Drop Pings
chain=input action=log protocol=icmp src-address-list=!Allow List
log-prefix="Ping"
7 chain=input action=drop protocol=icmp src-address-list=!Allow List
8 ;;; Drop FTP
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=21 log-prefix="Drop FTP"
9 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=21
10 ;;; Drop SSH/SCP
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=22 log-prefix="Drop SSH"
11 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=22
12 ;;; Drop Telnet
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=23 log-prefix="Drop Telnet"
13 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=23
14 ;;; Drop Web Interface Connections
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=80 log-prefix="Drop Web Interface Connections"
15 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=80
16 ;;; Drop HTTPS
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=443 log-prefix="Drop HTTPS"
17 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=443
/ip firewall nat> pri
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; 240 Sector
chain=srcnat action=masquerade src-address=172.16.2.0/26
1 ;;; 120 Sector
chain=srcnat action=masquerade src-address=172.16.2.64/26
2 ;;; Wheeler 900
chain=srcnat action=masquerade src-address=172.16.2.128/26
3 ;;; RB1100 Orion tower
chain=srcnat action=masquerade src-address=172.16.2.192/26
4 ;;; Cherokee
chain=srcnat action=masquerade src-address=172.16.3.0/26
5 ;;; Avard
chain=srcnat action=masquerade src-address=172.16.3.64/26
6 ;;; Waynoka
chain=srcnat action=masquerade src-address=172.16.3.128/26
7 ;;; Jet
chain=srcnat action=masquerade src-address=172.16.3.192/26
8 ;;; Dacoma
chain=srcnat action=masquerade src-address=172.16.4.0/26
9 ;;; Bhofen AP
chain=srcnat action=masquerade src-address=172.16.4.64/26
10 ;;; Carmen
chain=srcnat action=masquerade src-address=172.16.4.128/26
11 ;;; Capron
chain=srcnat action=masquerade src-address=172.16.4.192/26
12 ;;; West Sector BCC
chain=srcnat action=masquerade src-address=172.16.5.0/26
13 ;;; South Sector BCC
chain=srcnat action=masquerade src-address=172.16.5.64/26
14 ;;; CNB RB493AH
chain=srcnat action=masquerade src-address=172.16.5.128/26
15 ;;; RB450 Gerber
chain=srcnat action=masquerade src-address=172.16.5.192/26
16 ;;; Ne NW Sector
chain=srcnat action=masquerade src-address=172.16.6.64/26
17 ;;; Wheeler 5N
chain=srcnat action=masquerade src-address=172.16.6.128/26
18 ;;; CNB UNIFI
chain=srcnat action=masquerade src-address=172.16.6.0/25
/ip firewall mangle> pri
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Mark Bronze
chain=forward action=mark-connection new-connection-mark=Bronze
passthrough=yes src-address-list=Bronze
1 chain=forward action=mark-packet new-packet-mark=Bronze passthrough=no
connection-mark=Bronze
2 ;;; Mark Silver
chain=forward action=mark-connection new-connection-mark=Silver
passthrough=yes src-address-list=Silver
3 chain=forward action=mark-packet new-packet-mark=Silver passthrough=no
connection-mark=Silver
4 ;;; Mark Gold
chain=forward action=mark-connection new-connection-mark=Gold
passthrough=yes connection-state=new src-address-list=Gold
5 chain=forward action=mark-packet new-packet-mark=Gold passthrough=no
connection-mark=Gold
6 ;;; Mark Gold Business
chain=forward action=mark-connection new-connection-mark=Gold Business
passthrough=yes connection-state=new src-address-list=Gold Business
7 chain=forward action=mark-packet new-packet-mark=Gold Business
passthrough=no connection-mark=Gold Business
8 ;;; Mark 3 MB
chain=forward action=mark-connection new-connection-mark=3 MB
passthrough=yes connection-state=new src-address-list=3 MB
9 chain=forward action=mark-packet new-packet-mark=3 MB passthrough=no
connection-mark=3 MB
10 ;;; Mark 6 MB
chain=forward action=mark-connection new-connection-mark=3 MB
passthrough=yes connection-state=new src-address-list=6 MB
11 chain=forward action=mark-packet new-packet-mark=6 MB passthrough=no
connection-mark=6 MB
/ip firewall address-list> pri
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 ;;; Dude Server - Alva
Allow List 63.97.254.54
1 X management 64.250.193.0/24
2 ;;; Dude Server - Woodward
Allow List 216.207.94.25
3 management 172.16.6.0/26
4 ;;; Bank Network
Allow List 64.250.193.94
Tracert from customer unit to 8.8.8.8
admin@SU: [hwchurch]] /tool> trace <--- No Internet
address: 8.8.8.8
# ADDRESS RT1 RT2 RT3 STATUS
1 172.16.1.90 7ms 8ms 11ms
2 172.16.1.89 3ms 11ms 12ms
3 172.16.1.85 4ms 7ms 3ms
4 0.0.0.0 0ms 0ms 0ms
5 0.0.0.0 0ms 0ms 0ms
[admin@Saulsbury Industries (Chesapeak)] > tool <--- Working Customer On Same AP using same backhaul
[admin@Saulsbury Industries (Chesapeak)] /tool> trace
address: 8.8.8.8
# ADDRESS RT1 RT2
1 172.16.1.90 1ms 2ms
2 172.16.1.89 3ms 3ms
3 172.16.1.85 4ms 3ms
4 63.97.254.1 6ms 11ms
5 152.179.74.121 20ms 16ms
6 152.63.101.134 20ms 18ms
7 152.63.84.14 39ms 39ms
8 152.179.241.10 39ms 45ms
9 72.14.239.100 39ms 40ms
10 66.249.94.24 41ms 40ms
11 209.85.243.254 41ms 41ms
12 0.0.0.0 0ms 0ms
13 8.8.8.8 41ms 41ms
tracert to customer unit with no Internet
C:\Users\Administrator>tracert 63.97.254.211
Tracing route to host211.iamigo.com [63.97.254.211]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.16.6.1
2 <1 ms <1 ms <1 ms 172.16.1.110
3 <1 ms <1 ms <1 ms 172.16.1.109
4 1 ms 1 ms 1 ms 172.16.1.105
5 17 ms 20 ms 20 ms 172.16.1.101
6 2 ms 21 ms 19 ms 172.16.1.1
7 9 ms 18 ms 18 ms 172.16.1.9
8 3 ms 13 ms 5 ms 172.16.1.86
9 6 ms 20 ms 17 ms 172.16.1.90
10 5 ms 19 ms 21 ms host211.iamigo.com [63.97.254.211]
Trace complete.
tracert to customer unit with Internet
C:\Users\Administrator>tracert 63.97.254.211 > traceche.txt
C:\Users\Administrator>tracert 63.97.254.250
Tracing route to host250.iamigo.com [63.97.254.250]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.16.6.1
2 <1 ms <1 ms <1 ms 172.16.1.110
3 <1 ms <1 ms <1 ms 172.16.1.109
4 4 ms 1 ms 2 ms 172.16.1.105
5 2 ms 19 ms 20 ms 172.16.1.101
6 3 ms 19 ms 20 ms 172.16.1.1
7 13 ms 3 ms 19 ms 172.16.1.9
8 6 ms 20 ms 3 ms 172.16.1.86
9 7 ms 17 ms 10 ms 172.16.1.90
10 10 ms 15 ms 61 ms host250.iamigo.com [63.97.254.250]
Trace complete.
63.97.254.211 static IP
Working Customer
|
|
|
AP / Bridged Backhaul
172.16.1.90 wlan1 <------> 172.16.1.88 wlan <-----> 172.16.1.85 ether10 <---> 63.97.254.1
| 172.16.1.84 ether1 RB1100 in question Internet
|
|
63.97.254.250 static IP
Non-Internet Customer
Customers without a static IP address are given an address from a private IP pool
Thanks
/ip address> pri
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; NW Sector Default Gateway
10.10.1.1/24 10.10.1.0 vlan1010
1 ;;; Radius
172.16.1.9/29 172.16.1.8 ether1
2 ;;; Cherokee Backhaul
172.16.1.29/30 172.16.1.28 ether9
3 ;;; Avard
172.16.1.37/30 172.16.1.36 ether5
4 ;;; Jet
172.16.1.53/30 172.16.1.52 ether8
5 ;;; Dacoma/Carmen
172.16.1.61/30 172.16.1.60 ether7
6 ;;; Capron
172.16.1.77/30 172.16.1.76 ether6
7 ;;; West Sector Bcc
172.16.1.85/30 172.16.1.84 ether10
8 ;;; Gerber
172.16.1.113/29 172.16.1.112 ether2
9 ;;; S Sector Default Gateway
10.11.2.1/24 10.11.2.0 vlan1011
10 2.2.2.1/32 2.2.2.1 lobridge
11 X 10.90.1.1/30 10.90.1.0 ether2
12 10.31.1.16/24 10.31.1.0 ether11
13 X 172.16.7.2/30 172.16.7.0 ether1
14 63.97.254.2/24 63.97.254.0 ether1
15 ;;; NE Sector Default Gateway
10.10.3.1/24 10.10.3.0 vlan1003
16 172.16.6.10/24 172.16.6.0 ether3
] /ip route> pri
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 63.97.254.1 1
1 ADC 2.2.2.1/32 2.2.2.1 lobridge 0
2 ADo 2.2.2.4/32 172.16.1.54 110
3 ADo 2.2.2.5/32 172.16.1.62 110
4 ADo 2.2.2.10/32 172.16.1.62 110
5 ADo 2.2.2.11/32 172.16.1.62 110
6 ADo 2.2.2.15/32 172.16.1.12 110
7 ADo 2.2.2.16/32 172.16.1.12 110
8 ADo 2.2.2.17/32 172.16.1.12 110
9 ADo 2.2.2.18/32 172.16.1.86 110
10 ADo 2.2.2.19/32 172.16.1.86 110
11 ADo 2.2.2.20/32 172.16.1.54 110
12 ADo 2.2.2.22/32 172.16.1.38 110
13 ADo 2.2.2.23/32 172.16.1.78 110
14 ADo 2.2.2.26/32 172.16.1.78 110
15 ADo 2.2.2.27/32 172.16.1.12 110
16 ADC 10.10.1.0/24 10.10.1.1 vlan1010 0
17 ADC 10.10.3.0/24 10.10.3.1 vlan1003 0
18 ADC 10.11.2.0/24 10.11.2.1 vlan1011 0
19 ADo 10.12.2.0/24 172.16.1.86 110
20 ADo 10.13.1.0/24 172.16.1.12 110
21 ADo 10.14.2.0/24 172.16.1.38 110
22 ADo 10.16.2.0/24 172.16.1.78 110
23 ADo 10.17.2.0/24 172.16.1.62 110
24 ADo 10.17.3.0/24 172.16.1.62 110
25 ADo 10.17.4.0/30 172.16.1.62 110
26 ADo 10.20.1.0/24 172.16.1.12 110
27 ADo 10.21.2.0/24 172.16.1.116 110
28 ADo 10.23.1.0/24 172.16.1.12 110
29 ADo 10.24.1.0/24 172.16.1.54 110
30 ADo 10.25.1.0/24 172.16.1.12 110
31 ADo 10.27.1.0/24 172.16.1.12 110
32 ADo 10.29.1.0/24 172.16.1.12 110
33 ADo 10.30.1.0/24 172.16.1.12 110
34 ADC 10.31.1.0/24 10.31.1.16 ether11 0
35 ADo 10.32.1.0/24 172.16.1.12 110
36 ADo 10.33.1.0/24 172.16.1.78 110
37 ADo 10.40.1.0/24 172.16.1.116 110
38 ADC 63.97.254.0/24 63.97.254.2 ether1 0
39 Do 63.97.254.0/24 172.16.1.10 110
172.16.1.11
40 ADC 63.97.254.25/32 63.97.254.2 <pppoe-regalsup... 0
41 ADo 63.97.254.27/32 172.16.1.12 110
42 ADo 63.97.254.28/32 172.16.1.12 110
43 ADo 63.97.254.29/32 172.16.1.12 110
44 ADo 63.97.254.30/32 172.16.1.12 110
45 ADo 63.97.254.31/32 172.16.1.12 110
46 ADo 63.97.254.34/32 172.16.1.12 110
47 ADo 63.97.254.35/32 172.16.1.12 110
48 ADo 63.97.254.40/32 172.16.1.12 110
49 ADo 63.97.254.46/32 172.16.1.12 110
50 ADo 63.97.254.49/32 172.16.1.12 110
51 ADo 63.97.254.53/32 172.16.1.11 110
52 ADo 63.97.254.54/32 172.16.1.12 110
53 ADo 63.97.254.56/32 172.16.1.12 110
54 ADo 63.97.254.57/32 172.16.1.12 110
55 ADo 63.97.254.60/32 172.16.1.12 110
56 ADo 63.97.254.78/32 172.16.1.12 110
57 ADo 63.97.254.102/32 172.16.1.12 110
58 ADo 63.97.254.103/32 172.16.1.12 110
59 ADC 63.97.254.199/32 63.97.254.2 <pppoe-ksretread> 0
60 ADo 63.97.254.211/32 172.16.1.86 110
61 ADo 63.97.254.249/32 172.16.1.12 110
62 ADo 63.97.254.250/32 172.16.1.86 110
63 ADo 172.14.1.33/32 172.16.1.78 110
64 ADo 172.14.1.128/28 172.16.1.86 110
65 ADo 172.16.1.0/30 172.16.1.12 110
66 ADC 172.16.1.8/29 172.16.1.9 ether1 0
67 ADC 172.16.1.28/30 172.16.1.29 ether9 0
68 ADC 172.16.1.36/30 172.16.1.37 ether5 0
69 ADo 172.16.1.38/32 172.16.1.38 110
70 ADo 172.16.1.41/32 172.16.1.38 110
71 ADo 172.16.1.42/32 172.16.1.38 110
72 ADo 172.16.1.44/30 172.16.1.38 110
73 ADC 172.16.1.52/30 172.16.1.53 ether8 0
74 ADo 172.16.1.54/32 172.16.1.54 110
75 ADo 172.16.1.57/32 172.16.1.54 110
76 ADo 172.16.1.58/32 172.16.1.54 110
77 ADC 172.16.1.60/30 172.16.1.61 ether7 0
78 ADo 172.16.1.62/32 172.16.1.62 110
79 ADo 172.16.1.65/32 172.16.1.62 110
80 ADo 172.16.1.66/32 172.16.1.62 110
81 ADo 172.16.1.69/32 172.16.1.62 110
82 ADo 172.16.1.70/32 172.16.1.62 110
83 ADo 172.16.1.72/30 172.16.1.62 110
84 ADC 172.16.1.76/30 172.16.1.77 ether6 0
85 ADo 172.16.1.78/32 172.16.1.78 110
86 ADo 172.16.1.81/32 172.16.1.78 110
87 ADo 172.16.1.82/32 172.16.1.78 110
88 ADC 172.16.1.84/30 172.16.1.85 ether10 0
89 ADo 172.16.1.86/32 172.16.1.86 110
90 ADo 172.16.1.89/32 172.16.1.86 110
91 ADo 172.16.1.90/32 172.16.1.86 110
92 ADo 172.16.1.101/32 172.16.1.12 110
93 ADo 172.16.1.102/32 172.16.1.12 110
94 ADo 172.16.1.105/32 172.16.1.12 110
95 ADo 172.16.1.106/32 172.16.1.12 110
96 ADo 172.16.1.109/32 172.16.1.12 110
97 ADo 172.16.1.110/32 172.16.1.12 110
98 ADC 172.16.1.112/29 172.16.1.113 ether2 0
99 ADo 172.16.1.116/32 172.16.1.116 110
100 ADo 172.16.1.124/30 172.16.1.12 110
101 ADo 172.16.1.128/30 172.16.1.12 110
102 ADo 172.16.1.136/29 172.16.1.12 110
103 ADo 172.16.2.0/26 172.16.1.12 110
104 ADo 172.16.2.64/26 172.16.1.12 110
105 ADo 172.16.3.64/26 172.16.1.38 110
106 ADo 172.16.3.128/26 172.16.1.38 110
107 ADo 172.16.3.203/32 172.16.1.54 110
108 ADo 172.16.3.204/32 172.16.1.54 110
109 ADo 172.16.4.55/32 172.16.1.62 110
110 ADo 172.16.4.56/32 172.16.1.62 110
111 ADo 172.16.4.58/32 172.16.1.62 110
112 ADo 172.16.4.59/32 172.16.1.62 110
113 ADo 172.16.4.61/32 172.16.1.62 110
114 ADo 172.16.4.62/32 172.16.1.62 110
115 ADo 172.16.4.123/32 172.16.1.62 110
116 ADo 172.16.4.124/32 172.16.1.62 110
117 ADo 172.16.4.125/32 172.16.1.62 110
118 ADo 172.16.4.126/32 172.16.1.62 110
119 ADo 172.16.4.192/26 172.16.1.78 110
120 ADo 172.16.5.0/26 172.16.1.86 110
121 ADo 172.16.5.237/32 172.16.1.116 110
122 ADo 172.16.5.238/32 172.16.1.116 110
123 ADo 172.16.5.240/32 172.16.1.116 110
124 ADo 172.16.5.241/32 172.16.1.116 110
125 ADo 172.16.5.242/32 172.16.1.116 110
126 ADo 172.16.5.244/32 172.16.1.116 110
127 ADo 172.16.5.245/32 172.16.1.116 110
128 ADo 172.16.5.246/32 172.16.1.116 110
129 ADo 172.16.5.247/32 172.16.1.116 110
130 ADo 172.16.5.248/32 172.16.1.116 110
131 ADo 172.16.5.249/32 172.16.1.116 110
132 ADo 172.16.5.250/32 172.16.1.116 110
133 ADo 172.16.5.251/32 172.16.1.116 110
134 ADo 172.16.5.252/32 172.16.1.116 110
135 ADo 172.16.5.253/32 172.16.1.116 110
136 ADo 172.16.5.254/32 172.16.1.116 110
137 ADC 172.16.6.0/24 172.16.6.10 ether3 0
138 ADC 172.16.6.102/32 63.97.254.2 <pppoe-njbradt> 0
139 ADC 172.16.6.103/32 63.97.254.2 <pppoe-wjl1> 0
140 ADC 172.16.6.104/32 63.97.254.2 <pppoe-pamurry> 0
141 ADC 172.16.6.105/32 63.97.254.2 <pppoe-traviseg... 0
142 ADC 172.16.6.106/32 63.97.254.2 <pppoe-dgoll> 0
143 ADC 172.16.6.107/32 63.97.254.2 <pppoe-kschoeling> 0
144 ADC 172.16.6.108/32 63.97.254.2 <pppoe-willson> 0
145 ADC 172.16.6.109/32 63.97.254.2 <pppoe-kellyt> 0
146 ADC 172.16.6.110/32 63.97.254.2 <pppoe-bbqman> 0
147 ADC 172.16.6.111/32 63.97.254.2 <pppoe-jgarnett> 0
148 ADC 172.16.6.112/32 63.97.254.2 <pppoe-ddschoel... 0
149 ADC 172.16.6.113/32 63.97.254.2 <pppoe-athomason> 0
150 ADC 172.16.6.114/32 63.97.254.2 <pppoe-julie.wren> 0
151 ADC 172.16.6.115/32 63.97.254.2 <pppoe-jkphillips> 0
152 ADC 172.16.6.116/32 63.97.254.2 <pppoe-trekell> 0
153 ADC 172.16.6.117/32 63.97.254.2 <pppoe-shirleytom> 0
154 ADC 172.16.6.118/32 63.97.254.2 <pppoe-davekoontz> 0
155 ADC 172.16.6.119/32 63.97.254.2 <pppoe-nighswon... 0
156 ADC 172.16.6.120/32 63.97.254.2 <pppoe-jwardrop> 0
157 ADC 172.16.6.121/32 63.97.254.2 <pppoe-limicatt... 0
158 ADC 172.16.6.122/32 63.97.254.2 <pppoe-cwdavis94> 0
159 ADC 172.16.6.123/32 63.97.254.2 <pppoe-ggpinegar> 0
160 ADC 172.16.6.124/32 63.97.254.2 <pppoe-foxden> 0
161 ADC 172.16.6.125/32 63.97.254.2 <pppoe-willyard8> 0
162 ADC 172.16.6.126/32 63.97.254.2 <pppoe-kjgardner> 0
163 ADo 172.16.7.0/29 172.16.1.38 110
164 ADo 172.16.7.1/32 172.16.1.38 110
165 ADo 172.16.7.2/32 172.16.1.38 110
166 ADo 172.16.7.3/32 172.16.1.38 110
167 ADo 172.16.7.4/32 172.16.1.38 110
/ip firewall filter> pri
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Invalid Connections
chain=input action=drop connection-state=invalid
1 ;;; Detect Peer to Peer traffic
chain=forward action=log p2p=all-p2p log-prefix="P2P"
2 ;;; Accept Input from the Following Networks
chain=input action=accept src-address=63.97.254.0/24
3 chain=input action=accept src-address=172.16.0.0/16
4 chain=input action=accept src-address=10.0.0.0/8
5 ;;; Accept Input from IP Address Not Listed Above only if this Router Ini>
ted the Connection
chain=input action=accept connection-state=established
6 ;;; Drop Pings
chain=input action=log protocol=icmp src-address-list=!Allow List
log-prefix="Ping"
7 chain=input action=drop protocol=icmp src-address-list=!Allow List
8 ;;; Drop FTP
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=21 log-prefix="Drop FTP"
9 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=21
10 ;;; Drop SSH/SCP
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=22 log-prefix="Drop SSH"
11 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=22
12 ;;; Drop Telnet
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=23 log-prefix="Drop Telnet"
13 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=23
14 ;;; Drop Web Interface Connections
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=80 log-prefix="Drop Web Interface Connections"
15 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=80
16 ;;; Drop HTTPS
chain=input action=log protocol=tcp src-address-list=!Allow List
dst-port=443 log-prefix="Drop HTTPS"
17 chain=input action=drop protocol=tcp src-address-list=!Allow List
dst-port=443
/ip firewall nat> pri
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; 240 Sector
chain=srcnat action=masquerade src-address=172.16.2.0/26
1 ;;; 120 Sector
chain=srcnat action=masquerade src-address=172.16.2.64/26
2 ;;; Wheeler 900
chain=srcnat action=masquerade src-address=172.16.2.128/26
3 ;;; RB1100 Orion tower
chain=srcnat action=masquerade src-address=172.16.2.192/26
4 ;;; Cherokee
chain=srcnat action=masquerade src-address=172.16.3.0/26
5 ;;; Avard
chain=srcnat action=masquerade src-address=172.16.3.64/26
6 ;;; Waynoka
chain=srcnat action=masquerade src-address=172.16.3.128/26
7 ;;; Jet
chain=srcnat action=masquerade src-address=172.16.3.192/26
8 ;;; Dacoma
chain=srcnat action=masquerade src-address=172.16.4.0/26
9 ;;; Bhofen AP
chain=srcnat action=masquerade src-address=172.16.4.64/26
10 ;;; Carmen
chain=srcnat action=masquerade src-address=172.16.4.128/26
11 ;;; Capron
chain=srcnat action=masquerade src-address=172.16.4.192/26
12 ;;; West Sector BCC
chain=srcnat action=masquerade src-address=172.16.5.0/26
13 ;;; South Sector BCC
chain=srcnat action=masquerade src-address=172.16.5.64/26
14 ;;; CNB RB493AH
chain=srcnat action=masquerade src-address=172.16.5.128/26
15 ;;; RB450 Gerber
chain=srcnat action=masquerade src-address=172.16.5.192/26
16 ;;; Ne NW Sector
chain=srcnat action=masquerade src-address=172.16.6.64/26
17 ;;; Wheeler 5N
chain=srcnat action=masquerade src-address=172.16.6.128/26
18 ;;; CNB UNIFI
chain=srcnat action=masquerade src-address=172.16.6.0/25
/ip firewall mangle> pri
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Mark Bronze
chain=forward action=mark-connection new-connection-mark=Bronze
passthrough=yes src-address-list=Bronze
1 chain=forward action=mark-packet new-packet-mark=Bronze passthrough=no
connection-mark=Bronze
2 ;;; Mark Silver
chain=forward action=mark-connection new-connection-mark=Silver
passthrough=yes src-address-list=Silver
3 chain=forward action=mark-packet new-packet-mark=Silver passthrough=no
connection-mark=Silver
4 ;;; Mark Gold
chain=forward action=mark-connection new-connection-mark=Gold
passthrough=yes connection-state=new src-address-list=Gold
5 chain=forward action=mark-packet new-packet-mark=Gold passthrough=no
connection-mark=Gold
6 ;;; Mark Gold Business
chain=forward action=mark-connection new-connection-mark=Gold Business
passthrough=yes connection-state=new src-address-list=Gold Business
7 chain=forward action=mark-packet new-packet-mark=Gold Business
passthrough=no connection-mark=Gold Business
8 ;;; Mark 3 MB
chain=forward action=mark-connection new-connection-mark=3 MB
passthrough=yes connection-state=new src-address-list=3 MB
9 chain=forward action=mark-packet new-packet-mark=3 MB passthrough=no
connection-mark=3 MB
10 ;;; Mark 6 MB
chain=forward action=mark-connection new-connection-mark=3 MB
passthrough=yes connection-state=new src-address-list=6 MB
11 chain=forward action=mark-packet new-packet-mark=6 MB passthrough=no
connection-mark=6 MB
/ip firewall address-list> pri
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 ;;; Dude Server - Alva
Allow List 63.97.254.54
1 X management 64.250.193.0/24
2 ;;; Dude Server - Woodward
Allow List 216.207.94.25
3 management 172.16.6.0/26
4 ;;; Bank Network
Allow List 64.250.193.94
Tracert from customer unit to 8.8.8.8
admin@SU: [hwchurch]] /tool> trace <--- No Internet
address: 8.8.8.8
# ADDRESS RT1 RT2 RT3 STATUS
1 172.16.1.90 7ms 8ms 11ms
2 172.16.1.89 3ms 11ms 12ms
3 172.16.1.85 4ms 7ms 3ms
4 0.0.0.0 0ms 0ms 0ms
5 0.0.0.0 0ms 0ms 0ms
[admin@Saulsbury Industries (Chesapeak)] > tool <--- Working Customer On Same AP using same backhaul
[admin@Saulsbury Industries (Chesapeak)] /tool> trace
address: 8.8.8.8
# ADDRESS RT1 RT2
1 172.16.1.90 1ms 2ms
2 172.16.1.89 3ms 3ms
3 172.16.1.85 4ms 3ms
4 63.97.254.1 6ms 11ms
5 152.179.74.121 20ms 16ms
6 152.63.101.134 20ms 18ms
7 152.63.84.14 39ms 39ms
8 152.179.241.10 39ms 45ms
9 72.14.239.100 39ms 40ms
10 66.249.94.24 41ms 40ms
11 209.85.243.254 41ms 41ms
12 0.0.0.0 0ms 0ms
13 8.8.8.8 41ms 41ms
tracert to customer unit with no Internet
C:\Users\Administrator>tracert 63.97.254.211
Tracing route to host211.iamigo.com [63.97.254.211]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.16.6.1
2 <1 ms <1 ms <1 ms 172.16.1.110
3 <1 ms <1 ms <1 ms 172.16.1.109
4 1 ms 1 ms 1 ms 172.16.1.105
5 17 ms 20 ms 20 ms 172.16.1.101
6 2 ms 21 ms 19 ms 172.16.1.1
7 9 ms 18 ms 18 ms 172.16.1.9
8 3 ms 13 ms 5 ms 172.16.1.86
9 6 ms 20 ms 17 ms 172.16.1.90
10 5 ms 19 ms 21 ms host211.iamigo.com [63.97.254.211]
Trace complete.
tracert to customer unit with Internet
C:\Users\Administrator>tracert 63.97.254.211 > traceche.txt
C:\Users\Administrator>tracert 63.97.254.250
Tracing route to host250.iamigo.com [63.97.254.250]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.16.6.1
2 <1 ms <1 ms <1 ms 172.16.1.110
3 <1 ms <1 ms <1 ms 172.16.1.109
4 4 ms 1 ms 2 ms 172.16.1.105
5 2 ms 19 ms 20 ms 172.16.1.101
6 3 ms 19 ms 20 ms 172.16.1.1
7 13 ms 3 ms 19 ms 172.16.1.9
8 6 ms 20 ms 3 ms 172.16.1.86
9 7 ms 17 ms 10 ms 172.16.1.90
10 10 ms 15 ms 61 ms host250.iamigo.com [63.97.254.250]
Trace complete.
63.97.254.211 static IP
Working Customer
|
|
|
AP / Bridged Backhaul
172.16.1.90 wlan1 <------> 172.16.1.88 wlan <-----> 172.16.1.85 ether10 <---> 63.97.254.1
| 172.16.1.84 ether1 RB1100 in question Internet
|
|
63.97.254.250 static IP
Non-Internet Customer
Customers without a static IP address are given an address from a private IP pool
Re: No Internet on Some IP Addresses
I'm going to try to thin this down to relevant info...
I don't see 63.97.254.0/24 in the "Allow List" how do you get traceroute responses?
We need the relevant information, like what I left above, for the other three routers which are involved. Anything that references an IP in the traceroutes.
In the below traceroutes, does 63.97.254.211 and 250 live on these MikroTiks from which you are running the trace?
I'm very busy at work. It may be another month before I get back into the forums to look at follow-up. If you do your part of the homework, someone else may have the patience to review the relevant info sooner.
When did Oklahoma move to France?/ip address> pri
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
1 ;;; Radius
172.16.1.9/29 172.16.1.8 ether1
7 ;;; West Sector Bcc
172.16.1.85/30 172.16.1.84 ether10
10 2.2.2.1/32 2.2.2.1 lobridge
Code: Select all
inetnum: 2.0.0.0 - 2.15.255.255
netname: FR-TELECOM-20100712
descr: Orange S.A.
country: FR
WHY???!!! It only breaks troubleshooting. Of course, so does having routed hops without public IP spaces on the links. Burn a /30 on each backhaul which is visible to the customer/ someone troubleshooting connectivity to the customer. Life is too short for non-functional network addressing.
14 63.97.254.2/24 63.97.254.0 ether1
16 172.16.6.10/24 172.16.6.0 ether3
] /ip route> pri
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 63.97.254.1 1
9 ADo 2.2.2.18/32 172.16.1.86 110
10 ADo 2.2.2.19/32 172.16.1.86 110
...
38 ADC 63.97.254.0/24 63.97.254.2 ether1 0
39 Do 63.97.254.0/24 172.16.1.10 110
172.16.1.11
...
60 ADo 63.97.254.211/32 172.16.1.86 110
62 ADo 63.97.254.250/32 172.16.1.86 110
...
89 ADo 172.16.1.86/32 172.16.1.86 110
90 ADo 172.16.1.89/32 172.16.1.86 110
91 ADo 172.16.1.90/32 172.16.1.86 110
/ip firewall filter> pri
Flags: X - disabled, I - invalid, D - dynamic
6 ;;; Drop Pings
chain=input action=log protocol=icmp src-address-list=!Allow List
log-prefix="Ping"
7 chain=input action=drop protocol=icmp src-address-list=!Allow List
Code: Select all
00:43:11 Mon Dec 30 $ traceroute 63.97.254.211
traceroute to 63.97.254.211 (63.97.254.211), 64 hops max, 52 byte packets
...
6 cr2.dlstx.ip.att.net (12.122.157.97) 36.516 ms 30.348 ms 31.854 ms
7 12.122.212.13 (12.122.212.13) 31.402 ms 25.718 ms 35.289 ms
8 192.205.37.126 (192.205.37.126) 32.492 ms 33.848 ms 25.758 ms
9 0.xe-5-1-6.xt4.dfw9.alter.net (152.63.96.29) 31.578 ms
0.xe-5-1-4.xt3.dfw9.alter.net (152.63.96.25) 26.968 ms
0.xe-5-1-6.xt4.dfw9.alter.net (152.63.96.29) 26.537 ms
10 pos6-0.gw10.dfw9.alter.net (152.63.101.129) 20.194 ms 19.785 ms 20.001 ms
11 airespring-gw.customer.alter.net (152.179.74.122) 35.586 ms 34.375 ms 34.716 ms
12 host2.iamigo.com (63.97.254.2) 45.100 ms 44.517 ms 52.703 ms
13 * * *
14 * *^C
01:00:07 Mon Dec 30 $ traceroute 63.97.254.250
traceroute to 63.97.254.250 (63.97.254.250), 64 hops max, 52 byte packets
...
6 cr2.dlstx.ip.att.net (12.122.157.97) 34.685 ms 37.973 ms 31.170 ms
7 12.122.212.13 (12.122.212.13) 38.345 ms 68.697 ms 63.759 ms
8 192.205.37.126 (192.205.37.126) 28.944 ms 25.497 ms 26.671 ms
9 0.xe-5-1-4.xt3.dfw9.alter.net (152.63.96.25) 47.669 ms
0.xe-5-1-6.xt4.dfw9.alter.net (152.63.96.29) 96.193 ms 34.422 ms
10 pos7-0.gw10.dfw9.alter.net (152.63.101.133) 31.476 ms 31.334 ms
pos6-0.gw10.dfw9.alter.net (152.63.101.129) 19.742 ms
11 airespring-gw.customer.alter.net (152.179.74.122) 33.993 ms 35.802 ms 34.912 ms
12 host2.iamigo.com (63.97.254.2) 44.630 ms 45.125 ms 47.713 ms
13 * * *
14 * * *
Nothing to do with our host IP ranges, looks okay.
/ip firewall nat> pri
Flags: X - disabled, I - invalid, D - dynamic
So, "Allow List" is your only address list on any of the routers?/ip firewall address-list> pri
Flags: X - disabled, D - dynamic
# LIST ADDRESS
0 ;;; Dude Server - Alva
Allow List 63.97.254.54
1 X management 64.250.193.0/24
2 ;;; Dude Server - Woodward
Allow List 216.207.94.25
3 management 172.16.6.0/26
4 ;;; Bank Network
Allow List 64.250.193.94
I don't see 63.97.254.0/24 in the "Allow List" how do you get traceroute responses?
We need the relevant information, like what I left above, for the other three routers which are involved. Anything that references an IP in the traceroutes.
In the below traceroutes, does 63.97.254.211 and 250 live on these MikroTiks from which you are running the trace?
We're going to have to see the RADIUS attributes for each customer.Tracert from customer unit to 8.8.8.8
admin@SU: [hwchurch]] /tool> trace <--- No Internet
address: 8.8.8.8
# ADDRESS RT1 RT2 RT3 STATUS
1 172.16.1.90 7ms 8ms 11ms
2 172.16.1.89 3ms 11ms 12ms
3 172.16.1.85 4ms 7ms 3ms
4 0.0.0.0 0ms 0ms 0ms
5 0.0.0.0 0ms 0ms 0ms
[admin@Saulsbury Industries (Chesapeak)] > tool <--- Working Customer On Same AP using same backhaul
[admin@Saulsbury Industries (Chesapeak)] /tool> trace
address: 8.8.8.8
# ADDRESS RT1 RT2
1 172.16.1.90 1ms 2ms
2 172.16.1.89 3ms 3ms
3 172.16.1.85 4ms 3ms
4 63.97.254.1 6ms 11ms
5 152.179.74.121 20ms 16ms
6 152.63.101.134 20ms 18ms
7 152.63.84.14 39ms 39ms
8 152.179.241.10 39ms 45ms
9 72.14.239.100 39ms 40ms
10 66.249.94.24 41ms 40ms
11 209.85.243.254 41ms 41ms
12 0.0.0.0 0ms 0ms
13 8.8.8.8 41ms 41ms
tracert to customer unit with no Internet
C:\Users\Administrator>tracert 63.97.254.211
Tracing route to host211.iamigo.com [63.97.254.211]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.16.6.1
2 <1 ms <1 ms <1 ms 172.16.1.110
3 <1 ms <1 ms <1 ms 172.16.1.109
4 1 ms 1 ms 1 ms 172.16.1.105
5 17 ms 20 ms 20 ms 172.16.1.101
6 2 ms 21 ms 19 ms 172.16.1.1
7 9 ms 18 ms 18 ms 172.16.1.9
8 3 ms 13 ms 5 ms 172.16.1.86
9 6 ms 20 ms 17 ms 172.16.1.90
10 5 ms 19 ms 21 ms host211.iamigo.com [63.97.254.211]
Trace complete.
tracert to customer unit with Internet
C:\Users\Administrator>tracert 63.97.254.211 > traceche.txt
C:\Users\Administrator>tracert 63.97.254.250
Tracing route to host250.iamigo.com [63.97.254.250]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 172.16.6.1
2 <1 ms <1 ms <1 ms 172.16.1.110
3 <1 ms <1 ms <1 ms 172.16.1.109
4 4 ms 1 ms 2 ms 172.16.1.105
5 2 ms 19 ms 20 ms 172.16.1.101
6 3 ms 19 ms 20 ms 172.16.1.1
7 13 ms 3 ms 19 ms 172.16.1.9
8 6 ms 20 ms 3 ms 172.16.1.86
9 7 ms 17 ms 10 ms 172.16.1.90
10 10 ms 15 ms 61 ms host250.iamigo.com [63.97.254.250]
Trace complete
You need to follow the packet through each hop looking at the firewall/nat rules and comparing them to the source address of the customer's packet. There is something, most likely in your other routers, which is doing something with packets from your customer to {not your IP space}. The problem customer may be in a dynamic address list which is used in a firewall or nat rule. The RADIUS attributes may be hosed for the problem customer and creating dynamic firewall rules for them which block their traffic to the Internet. You showed us 5% of the relevant data.
63.97.254.211 static IP
Working Customer
|
|
|
AP / Bridged Backhaul
172.16.1.90 wlan1 <------> 172.16.1.88 wlan <-----> 172.16.1.85 ether10 <---> 63.97.254.1
| 172.16.1.84 ether1 RB1100 in question Internet
|
|
63.97.254.250 static IP
Non-Internet Customer
Customers without a static IP address are given an address from a private IP pool
I'm very busy at work. It may be another month before I get back into the forums to look at follow-up. If you do your part of the homework, someone else may have the patience to review the relevant info sooner.
Re: No Internet on Some IP Addresses
Thanks for the help. Putting the subnet in the Allow List seemed to help.
Who is online
Users browsing this forum: arifhahim, Bing [Bot], Gadulowaty, Google [Bot], GoogleOther [Bot], hazem, jaclaz, McSee and 218 guests