Community discussions

MikroTik App
 
MrHae
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Wed May 26, 2021 7:40 pm

Routing Problem Wireless Bridge

Thu Mar 24, 2022 12:18 pm

Hey Guys,

at first my Setup:

192.168.80.0/24 Network
192.168.80.1 - wAP AC LTE with o2 LTE Connected (all Ports eth and WLAN Bridged)
192.168.80.3 CRS 8 Port POE Switch (all Ports except eth8 Bridged)
--> eth8 has his own Bridge with DHCP Client running on it --> in Port8 there is an UNIFI MESH AP connected to my Neighbours House WLAN MESH AP with full 300MBps an -62 Signal so its good
my Bridge get an IP from my Neigbours Network (192.168.18.0/24) and the Route is correctly (0.0.0.0/0 --> 192.168.18.1)
If i do my traces its ok i think.

So my 192.168.80.1 ist Gateway for alle my Clients in my Network.
I told my LTE a Routing Distance of 20.
If i manually add an Route at my Gateway 0.0.0.0/0 --> 192.168.80.3 with Distance 1 all my clients are runnig through my Neigbours Network BUT sooo slow that i cant open any Site, But if i do traces on some Client it looks good i think.

Routenverfolgung zu one.one.one.one [1.1.1.1]
über maximal 30 Hops:

1 <1 ms 1 ms <1 ms 192.168.80.1
2 2 ms 2 ms 2 ms 192.168.80.3
3 * 7 ms 4 ms 192.168.18.1
4 10 ms 14 ms 11 ms ip4d15a1fe.dynamic.kabel-deutschland.de [77.21.161.254]
5 18 ms 12 ms 12 ms 83-169-181-86-isp.superkabel.de [83.169.181.86]
6 16 ms 21 ms 19 ms ip5886c164.static.kabel-deutschland.de [88.134.193.100]
7 17 ms 17 ms 15 ms 145.254.3.96
8 20 ms * * 145.254.2.51
9 24 ms 21 ms 21 ms 145.254.2.51
10 18 ms 23 ms 40 ms cloudflare.bcix.de [193.178.185.17]
11 25 ms 20 ms 21 ms one.one.one.one [1.1.1.1]

Ablaufverfolgung beendet.

Whats my Problem? Why i cant go out over my Neighbours Network?

LTE Gateway:

# mar/24/2022 11:15:09 by RouterOS 7.1.5
# software id = 51EG-NUES
#
# model = RBwAPGR-5HacD2HnD
# serial number = B7380B0904B5
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=disabled \
frequency=5180,5200,5220,5240 name=CH-5-AUTO tx-power=25
add band=2ghz-g/n control-channel-width=20mhz extension-channel=disabled \
frequency=2412,2437,2462 name=CH-24-AUTO tx-power=9
/interface bridge
add admin-mac=C4:AD:34:70:EE:2C auto-mac=no comment=defconf igmp-snooping=yes \
name=bridge
/interface lte
set [ find ] allow-roaming=yes band="" name=lte1
/interface ethernet
set [ find default-name=ether1 ] name=ether1_POE-Switch
set [ find default-name=ether2 ] name=ether2_24er_Switch
/interface wireless
# managed by CAPsMAN
# channel: 2437/20/gn(9dBm), SSID: H162, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n distance=indoors frequency=\
2437 installation=outdoor ssid=SMN2 wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5680/20-eeCe/ac/DP(27dBm), SSID: H162, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-eCee distance=indoors frequency=5520 installation=outdoor \
ssid=SMN2 wireless-protocol=802.11
/interface wireguard
add listen-port=13231 mtu=1420 name=WG-CHR
/caps-man configuration
add country=germany datapath.bridge=bridge .client-to-client-forwarding=yes \
installation=outdoor name=H162_5 security.authentication-types=wpa2-psk \
ssid=H162
add channel=CH-24-AUTO country=germany datapath.bridge=bridge \
.client-to-client-forwarding=yes .local-forwarding=no installation=indoor \
name=H162_24 security.authentication-types=wpa2-psk ssid=H162
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=5GHZ
add name=2.4GHZ
/interface lte apn
set [ find default=yes ] apn=default default-route-distance=20 ip-type=ipv4 \
use-peer-dns=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip dhcp-server option
add code=3 name=VODAFONEGW value="'192.168.80.1'"
/ip pool
add name=dhcp ranges=192.168.80.100-192.168.80.199
/ip dhcp-server
add address-pool=dhcp interface=bridge name=INTERN
/caps-man access-list
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
-75..120 ssid-regexp="" time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add action=reject allow-signal-out-of-range=10s disabled=no signal-range=\
-120..120 ssid-regexp="" time=0s-1d,sun,mon,tue,wed,thu,fri,sat
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
add disabled=no
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\
H162_5 name-format=prefix-identity name-prefix=5
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
H162_24 name-format=prefix-identity name-prefix=24
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=\
ether1_POE-Switch
add bridge=bridge ingress-filtering=no interface=wlan1 multicast-router=\
disabled
add bridge=bridge interface=ether2_24er_Switch
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=3.69.167.66 endpoint-port=\
13231 interface=WG-CHR persistent-keepalive=10s public-key=\
"XXX"
/interface wireless cap
#
set bridge=bridge certificate=request discovery-interfaces=bridge enabled=yes \
interfaces=wlan1,wlan2 lock-to-caps-man=yes
/ip address
add address=192.168.80.1/24 interface=bridge network=192.168.80.0
add address=10.255.255.2/24 interface=WG-CHR network=10.255.255.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add default-route-distance=30 interface=wlan2
/ip dhcp-server lease
add address=192.168.80.171 client-id=1:d4:3b:4:35:a1:b5 dhcp-option=\
VODAFONEGW mac-address=D4:3B:04:35:A1:B5 server=INTERN
add address=192.168.80.175 client-id=1:dc:a6:32:4e:6:e7 mac-address=\
DC:A6:32:4E:06:E7 server=INTERN
add address=192.168.80.133 client-id=1:7e:bf:e7:cf:ce:ad mac-address=\
7E:BF:E7:CF:CE:AD server=INTERN
add address=192.168.80.132 client-id=1:dc:e9:94:ba:d4:9a mac-address=\
DC:E9:94:BA:D4:9A server=INTERN
add address=192.168.80.2 client-id=1:8:55:31:75:cd:e1 mac-address=\
08:55:31:75:CD:E1 server=INTERN
add address=192.168.80.3 client-id=1:8:55:31:e:75:f8 mac-address=\
08:55:31:0E:75:F8 server=INTERN
add address=192.168.80.108 client-id=1:3c:a6:f6:43:5:6c dhcp-option=\
VODAFONEGW mac-address=3C:A6:F6:43:05:6C server=INTERN
add address=192.168.80.4 client-id=1:48:8f:5a:35:86:33 mac-address=\
48:8F:5A:35:86:33 server=INTERN
add address=192.168.80.5 client-id=1:48:8f:5a:ce:4a:a4 mac-address=\
48:8F:5A:CE:4A:A4 server=INTERN
add address=192.168.80.6 client-id=1:48:8f:5a:35:d:be mac-address=\
48:8F:5A:35:0D:BE server=INTERN
add address=192.168.80.7 client-id=1:74:4d:28:99:12:63 mac-address=\
74:4D:28:99:12:63 server=INTERN
add address=192.168.80.102 client-id=1:cc:44:63:8e:24:8b mac-address=\
CC:44:63:8E:24:8B server=INTERN
add address=192.168.80.118 mac-address=C8:2B:96:52:05:AA server=INTERN
add address=192.168.80.123 mac-address=D8:F1:5B:D5:97:7C server=INTERN
add address=192.168.80.8 client-id=1:dc:2c:6e:5:b0:fe mac-address=\
DC:2C:6E:05:B0:FE server=INTERN
add address=192.168.80.103 client-id=1:e8:6a:64:b2:15:30 dhcp-option=\
VODAFONEGW mac-address=E8:6A:64:B2:15:30 server=INTERN
add address=192.168.80.125 client-id=1:14:4f:d7:c0:30:94 dhcp-option=\
VODAFONEGW mac-address=14:4F:D7:C0:30:94 server=INTERN
/ip dhcp-server network
add address=192.168.80.0/24 comment=INTERN dns-server=1.1.1.1,1.0.0.1 domain=\
Janson.lan gateway=192.168.80.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.80.1 comment=defconf name=router.lan
add address=192.168.80.6 comment=#DHCP name=Bienenhaus.Janson.lan ttl=10m
add address=192.168.80.3 comment=#DHCP name=POE.Janson.lan ttl=10m
add address=192.168.80.7 comment=#DHCP name=Waschhaus.Janson.lan ttl=10m
add address=192.168.80.8 comment=#DHCP name=Stube.Janson.lan ttl=10m
add address=192.168.80.2 comment=#DHCP name=Switch.Janson.lan ttl=10m
add address=192.168.80.173 comment=#DHCP name=00003DBE98D2D42.Janson.lan ttl=\
10m
add address=192.168.80.162 comment=#DHCP name=Aussen.Janson.lan ttl=10m
add address=192.168.80.4 comment=#DHCP name=Schlafzimm.Janson.lan ttl=10m
add address=192.168.80.123 comment=#DHCP name=Nordstern-6012.Janson.lan ttl=\
10m
add address=192.168.80.105 comment=#DHCP name=ERZ-Kreis.Janson.lan ttl=10m
add address=192.168.80.106 comment=#DHCP name=A1A-EU-MNB0697A.Janson.lan ttl=\
10m
add address=192.168.80.114 comment=#DHCP name=amazon-02f9cb235.Janson.lan \
ttl=10m
add address=192.168.80.119 comment=#DHCP name="Stube oben.Janson.lan" ttl=10m
add address=192.168.80.175 comment=#DHCP name=homeassistant.Janson.lan ttl=\
10m
add address=192.168.80.115 comment=#DHCP name=Ring-1f4873.Janson.lan ttl=10m
add address=192.168.80.108 comment=#DHCP name=AirvonMatthias.Janson.lan ttl=\
10m
add address=192.168.80.113 comment=#DHCP name=Stepsels-iPad.Janson.lan ttl=\
10m
add address=192.168.80.102 comment=#DHCP name=iPadvonMatthias.Janson.lan ttl=\
10m
add address=192.168.80.5 comment=#DHCP name=HWR.Janson.lan ttl=10m
/ip firewall address-list
add address=192.168.80.0/24 list=WG-VPN
add address=192.168.81.0/24 list=WG-VPN
add address=192.168.19.0/24 list=WG-VPN
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
dst-address=!192.168.80.0/24 in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward dst-address-list=WG-VPN src-address-list=\
WG-VPN
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=no dst-address=192.168.19.0/24 gateway=WG-CHR routing-table=main \
suppress-hw-offload=no
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.80.3 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=LTE-GW
/system routerboard settings
# Firmware upgraded successfully, please reboot for changes to take effect!
set auto-upgrade=yes cpu-frequency=auto
/system script
add dont-require-permissions=no name=dhcp-dns owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
local DHCPtag\
\n:set DHCPtag \"#DHCP\"\
\n\
\n:if ( [ :len \$leaseActIP ] <= 0 ) do={ :error \"empty lease address\" }\
\n\
\n:if ( \$leaseBound = 1 ) do=\\\
\n{\
\n :local ttl\
\n :local domain\
\n :local hostname\
\n :local fqdn\
\n :local leaseId\
\n :local comment\
\n\
\n /ip dhcp-server\
\n :set ttl [ get [ find name=\$leaseServerName ] lease-time ]\
\n network \
\n :set domain [ get [ find \$leaseActIP in address ] domain ]\
\n\
\n .. lease\
\n :set leaseId [ find address=\$leaseActIP ]\
\n\
\n # Check for multiple active leases for the same IP address. It's wei\
rd and it shouldn't be, but just in case.\
\n\
\n :if ( [ :len \$leaseId ] != 1) do={\
\n :log info \"DHCP2DNS: not registering domain name for address \$\
leaseActIP because of multiple active leases for \$leaseActIP\"\
\n :error \"multiple active leases for \$leaseActIP\"\
\n } \
\n\
\n :set hostname [ get \$leaseId host-name ]\
\n :set comment [ get \$leaseId comment ]\
\n /\
\n\
\n :if ( [ :len \$hostname ] <= 0 ) do={ :set hostname \$comment }\
\n\
\n :if ( [ :len \$hostname ] <= 0 ) do={\
\n :log error \"DHCP2DNS: not registering domain name for address \
\$leaseActIP because of empty lease host-name or comment\"\
\n :error \"empty lease host-name or comment\"\
\n }\
\n :if ( [ :len \$domain ] <= 0 ) do={\
\n :log error \"DHCP2DNS: not registering domain name for address \
\$leaseActIP because of empty network domain name\"\
\n :error \"empty network domain name\"\
\n }\
\n\
\n :set fqdn \"\$hostname.\$domain\"\
\n\
\n /ip dns static\
\n :if ( [ :len [ find name=\$fqdn and address=\$leaseActIP and disable\
d=no ] ] = 0 ) do={\
\n :log info \"DHCP2DNS: registering static domain name \$fqdn for \
address \$leaseActIP with ttl \$ttl\"\
\n add address=\$leaseActIP name=\$fqdn ttl=\$ttl comment=\$DHCPtag\
\_disabled=no\
\n } else={\
\n :log error \"DHCP2DNS: not registering domain name \$fqdn for ad\
dress \$leaseActIP because of existing active static DNS entry with this n\
ame or address\"\
\n }\
\n /\
\n} else={\
\n /ip dns static\
\n :local dnsDhcpId\
\n :set dnsDhcpId [ find address=\$leaseActIP and comment=\$DHCPtag ]\
\n :if ( [ :len \$dnsDhcpId ] > 0 ) do={\
\n :log info \"DHCP2DNS: removing static domain name(s) for address\
\_\$leaseActIP\"\
\n remove \$dnsDhcpId\
\n }\
\n /\
\n}"
/tool graphing interface
add interface=lte1
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add comment="CHECK CHR" host=192.168.81.1


POE Switch:

# mar/24/2022 11:17:39 by RouterOS 7.1.5
# software id = Y189-278R
#
# model = CRS112-8P-4S
# serial number = D25F0DA1A7B5
/interface bridge
add name=BrVodafone
add admin-mac=08:55:31:0E:75:F8 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] name=ether1_LTE_wAP
set [ find default-name=ether2 ] name=ether2_Uplink_Waschhaus-Bienenhaus
set [ find default-name=ether3 ] name=ether3_Uplink_Stube
set [ find default-name=ether4 ] name=ether4_Uplink_Schlafzimmer
set [ find default-name=ether8 ] name=ether8_UNIFI_Bridge
/interface list
add name=LAN
add name=WAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=\
ether1_LTE_wAP
add bridge=bridge comment=defconf ingress-filtering=no interface=\
ether2_Uplink_Waschhaus-Bienenhaus
add bridge=bridge comment=defconf ingress-filtering=no interface=\
ether3_Uplink_Stube
add bridge=bridge comment=defconf ingress-filtering=no interface=\
ether4_Uplink_Schlafzimmer
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5
add bridge=bridge comment=defconf ingress-filtering=no interface=ether6
add bridge=bridge comment=defconf ingress-filtering=no interface=ether7
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp9
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp10
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp11
add bridge=bridge comment=defconf ingress-filtering=no interface=sfp12
add bridge=BrVodafone interface=ether8_UNIFI_Bridge
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=bridge list=LAN
add disabled=yes interface=ether8_UNIFI_Bridge list=WAN
add interface=BrVodafone list=WAN
/ip dhcp-client
add default-route-distance=2 interface=bridge
add interface=BrVodafone
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=POE
/system routerboard settings
# Firmware upgraded successfully, please reboot for changes to take effect!
set auto-upgrade=yes

Who is online

Users browsing this forum: Amazon [Bot], eworm and 50 guests