Community discussions

MikroTik App
 
kiharapet
just joined
Topic Author
Posts: 20
Joined: Wed Apr 15, 2020 2:30 pm

Wireless cant connect to LAN on ROS7.1

Thu Dec 09, 2021 7:40 am

Hello
I upgraded my Router(RB2011) Yesterday to 7.1 Yesterday and everything seemed ok everything was working but in the evening when i tried switching off some of my servers from my Android Phone I realized I could not reach anything on LAN.
Looking for anyone who has had this issue to assist resolve it seems to be related to Wireless on the router I have an AP in the other rooms and from there it works only the wireless on the router.
is there a privacy setting somewhere that could cause this?
ADD:
Internet is Okay
All was well on 6.49
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: Wireless cant connect to LAN on ROS7.1

Thu Dec 09, 2021 9:18 am

Is it posible to post the config of the Mikrotik device ?
(/export hide-sensitive file=anynameyouwish)
 
kiharapet
just joined
Topic Author
Posts: 20
Joined: Wed Apr 15, 2020 2:30 pm

Re: Wireless cant connect to LAN on ROS7.1

Thu Dec 09, 2021 9:36 am

Below
# dec/09/2021 10:31:28 by RouterOS 7.1
# software id = 82QS-JV7P
#
# model = 2011UiAS-2HnD
# serial number = 762D0733BACB
/interface bridge
add comment="LAN Bridge" name=home protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] comment="Switch LAN"
set [ find default-name=ether4 ] comment="Desk Cable LAN"
set [ find default-name=ether5 ] comment=LAN-Homelab
set [ find default-name=ether6 ] advertise="10M-half,10M-full,100M-half,100M-f\
    ull,1000M-half,1000M-full,10000M-full,2500M-full" disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] comment=WANURSA name=ether8-URSA
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
    GPONCPE name=ether9-Faiba
set [ find default-name=ether10 ] disabled=yes poe-out=off poe-priority=5
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add comment="GPON Faiba" disabled=no interface=ether9-Faiba max-mtu=1500 \
    name=JTLFaiba user=
/interface ethernet switch port
set 6 vlan-mode=fallback
set 7 vlan-mode=fallback
set 8 vlan-mode=fallback
set 9 vlan-mode=fallback
set 10 vlan-mode=fallback
set 12 vlan-mode=fallback
/interface list
add comment=WAN name=WAN
add comment=LAN name=LAN
add comment=Phone name=LTE
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=home \
    supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] allow-sharedkey=yes area=1 band=2ghz-b/g/n \
    channel-width=20/40mhz-XX comment=LAN country=kenya disabled=no distance=\
    1 frequency=2417 installation=indoor max-station-count=50 mode=ap-bridge \
    multicast-helper=dhcp name=wireless security-profile=home ssid=twitwi \
    wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface wireless nstreme
set wireless comment=LAN
/interface wireless manual-tx-power-table
set wireless comment=LAN
/ip pool
add name=home ranges=172.20.100.30-172.20.100.60
/ip dhcp-server
add address-pool=home interface=home lease-time=10h name=home
/port
set 0 name=serial0
/queue simple
add burst-limit=10M/20M burst-threshold=10M/20M burst-time=5s/5s disabled=yes \
    max-limit=10M/20M name=queue1 target=ether5
/snmp community
set [ find default=yes ] addresses=172.20.100.0/25 name=
/interface bridge port
add bridge=home ingress-filtering=no interface=wireless
add bridge=home ingress-filtering=no interface=ether4
add bridge=home ingress-filtering=no interface=ether5
add bridge=home ingress-filtering=no interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=!none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether8-URSA list=WAN
add interface=home list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wireless list=LAN
add interface=ether9-Faiba list=WAN
add interface=ether3 list=LAN
add interface=JTLFaiba list=WAN
add list=WAN
/ip address
add address=172.20.100.1/26 comment=Home interface=home network=172.20.100.0
/ip cloud
set ddns-update-interval=3h update-time=no
/ip dhcp-client
add add-default-route=no comment=GPONFaibaCPE interface=ether9-Faiba \
    use-peer-dns=no use-peer-ntp=no
add add-default-route=no comment=URSALink interface=ether8-URSA script="/ip dn\
    s static remove [find where name=cellrouter.lan]\r\
    \n:if (\$bound=1) do={\r\
    \n  /ip dns static add name=cellrouter.lan address=\$\"gateway-address\"\r\
    \n}\r\
    \n" use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=172.20.100.39 client-id=1:ee:15:2e:6b:e8:8a comment=" Phone" \
    mac-address=EE:15:2E:6B:E8:8A server=home
add address=172.20.100.34 client-id=1:b4:47:f5:85:e1:12 comment=Telly \
    mac-address=B4:47:F5:85:E1:12 server=home
add address=172.20.100.32 client-id=1:a4:50:46:56:13:ab comment="redmi job" \
    mac-address=A4:50:46:56:13:AB server=home
add address=172.20.100.37 client-id=1:24:ee:9a:a8:a6:c4 comment=\
    "Work Laptop Wireless" mac-address=24:EE:9A:A8:A6:C4 server=home
add address=172.20.100.38 client-id=1:0:68:eb:62:1f:83 comment=\
    "Work Laptop Cable" mac-address=00:68:EB:62:1F:83 server=home
add address=172.20.100.30 client-id=1:0:c:29:f9:69:d2 comment=NewPlex \
    mac-address=00:0C:29:F9:69:D2 server=home
add address=172.20.100.42 client-id=1:74:de:2b:10:2b:b4 commentLaptop \
    mac-address=74:DE:2B:10:2B:B4 server=home
add address=172.20.100.43 client-id=1:8c:a9:82:99:b3:6a comment=KidsLaptop \
    mac-address=8C:A9:82:99:B3:6A server=home
add address=172.20.100.40 client-id=1:0:c:29:ab:40:97 comment=HomeAssistant \
    mac-address=00:0C:29:AB:40:97 server=home
add address=172.20.100.41 client-id=1:d2:62:8:cb:9e:9 comment=WorkPhone \
    mac-address=D2:62:08:CB:9E:09 server=home
add address=172.20.100.44 client-id=1:32:6a:5f:3:92:15 comment=\
    " New Phone" mac-address=32:6A:5F:03:92:15 server=home
add address=172.20.100.31 client-id=1:0:c:29:2c:26:a2 comment=VPNPC \
    mac-address=00:0C:29:2C:26:A2 server=home
add address=172.20.100.35 client-id=\
    ff:29:26:c6:1:0:1:0:1:28:fa:de:4:0:c:29:26:c6:1 comment=OpenMediaVault \
    mac-address=00:0C:29:26:C6:01 server=home
add address=172.20.100.48 client-id=1:0:c:29:53:44:61 comment=\
    DomainControler/CertServer mac-address=00:0C:29:53:44:61 server=home
/ip dhcp-server network
add address=172.20.100.0/26 dns-server=172.20.100.1 gateway=172.20.100.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=2d max-concurrent-queries=1000 \
    max-concurrent-tcp-sessions=200 max-udp-packet-size=1024 \
    query-server-timeout=3s servers=\
    8.8.8.8,8.8.4.4,208.67.220.220,208.67.222.222,1.1.1.1

/ip firewall address-list
add address=172.20.100.2-172.20.100.254 list=allowed_to_router
add address=762d0733bacb.sn.mynetname.net disabled=yes list=MyDDNS
add address=139.162.40.38 disabled=yes list=plex
/ip firewall filter
add action=accept chain=input comment="default configuration" \
    connection-state=established,related,untracked
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input connection-state=invalid
add action=fasttrack-connection chain=forward comment=FastTrack \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log=yes log-prefix=invalid
add action=accept chain=forward disabled=yes dst-address-list=plex dst-port=\
    80,443 protocol=tcp
add action=drop chain=forward disabled=yes out-interface-list=WAN \
    src-address=172.20.100.34
add action=drop chain=input comment=winboxdrop dst-port=8291 \
    in-interface-list=WAN protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment=WAN out-interface-list=WAN
add action=masquerade chain=srcnat comment=GPON disabled=yes out-interface=\
    JTLFaiba
add action=masquerade chain=srcnat comment=Faiba disabled=yes out-interface=\
    *E
add action=src-nat chain=srcnat disabled=yes out-interface=*E to-addresses=\
    192.168.0.10
add action=dst-nat chain=dstnat disabled=yes dst-address=197.232.121.32 \
    dst-port=4040 protocol=tcp to-addresses=172.20.100.30 to-ports=32400
/ip firewall service-port
set ftp disabled=yes
/ip route
add comment=Faiba disabled=no dst-address=0.0.0.0/0 gateway=JTLFaiba
add comment=Cellular disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    ether8-URSA
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=172.20.100.0/26 disabled=yes port=2200
set www-ssl certificate=home tls-version=only-1.2
set api disabled=yes
set winbox address=172.20.100.0/26
set api-ssl address=172.20.100.0/26 certificate=home tls-version=only-1.2
/ip traffic-flow
set enabled=yes
/lcd
set default-screen=interfaces enabled=no time-interval=daily touch-screen=\
    disabled
/lcd interface
set sfp1 disabled=yes
set ether1 disabled=yes
set ether2 disabled=yes
set ether3 disabled=yes
set ether4 disabled=yes
set ether5 disabled=yes
set ether6 disabled=yes
set ether7 disabled=yes
set ether10 disabled=yes
set wireless disabled=yes
/lcd interface pages
set 0 interfaces=ether8-URSA,ether9-Faiba
/lcd screen
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 4 disabled=yes
set 5 disabled=yes
/snmp
set enabled=yes trap-generators=""
/system clock
set time-zone-autodetect=no time-zone-name=Africa/Nairobi
/system identity
set name=home
/system logging
add action=disk prefix=critical topics=critical
add action=disk prefix=warning topics=warning
add action=disk prefix=error topics=error
add action=disk prefix=info topics=info
add action=disk prefix=debug topics=debug
add action=disk prefix=poe topics=poe-out
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.0
add address=162.159.200.123
add address=time.google.com
add address=2.ke.pool.ntp.org
/tool bandwidth-server
set enabled=no
/tool graphing interface
add
/tool mac-server
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: Wireless cant connect to LAN on ROS7.1

Thu Dec 09, 2021 10:00 am

Maybe one of the following Paramters is the Problem on the Wireless-Interface...
Can you maybe temperary deactivate them and Test ?

wmm-support=enabled
multicast-helper=dhcp
 
kiharapet
just joined
Topic Author
Posts: 20
Joined: Wed Apr 15, 2020 2:30 pm

Re: Wireless cant connect to LAN on ROS7.1

Thu Dec 09, 2021 10:13 am

not sure will check
I removed the wireless from the bridge then returned it and now everything works

any idea what this would be?
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: Wireless cant connect to LAN on ROS7.1

Thu Dec 09, 2021 3:21 pm

The export looks like the wireless isn't in the bridge.
 
kiharapet
just joined
Topic Author
Posts: 20
Joined: Wed Apr 15, 2020 2:30 pm

Re: Wireless cant connect to LAN on ROS7.1

Thu Dec 09, 2021 4:39 pm

it was
/snmp community
set [ find default=yes ] addresses=172.20.100.0/25 name=
/interface bridge port
add bridge=home ingress-filtering=no interface=wireless
add bridge=home ingress-filtering=no interface=ether4
add bridge=home ingress-filtering=no interface=ether5
add bridge=home ingress-filtering=no interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=!none
 
gotsprings
Forum Guru
Forum Guru
Posts: 2102
Joined: Mon May 14, 2012 9:30 pm

Re: Wireless cant connect to LAN on ROS7.1

Fri Dec 10, 2021 10:26 pm

it was
/snmp community
set [ find default=yes ] addresses=172.20.100.0/25 name=
/interface bridge port
add bridge=home ingress-filtering=no interface=wireless
add bridge=home ingress-filtering=no interface=ether4
add bridge=home ingress-filtering=no interface=ether5
add bridge=home ingress-filtering=no interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=!none
Yup... Missed it on my phone.
 
kiharapet
just joined
Topic Author
Posts: 20
Joined: Wed Apr 15, 2020 2:30 pm

Re: Wireless cant connect to LAN on ROS7.1

Tue Mar 29, 2022 11:38 am

Sorry to reopen but issue is Back.
Had a situation where my router was booting ok but it was not offering any service and so i did a reset. restored from the last backup. The issue came back the "solution" did not resolve.
It presents as devices connected to the mikrotik wireless iinterface cant connect to LAN Devices include SMB RDP and web consoles.
RB version is 7.1.5
# mar/29/2022 08:00:14 by RouterOS 7.1.5
# software id = 82QS-JV7P
#
# model = 2011UiAS-2HnD
# serial number = 
/interface bridge
add comment="LAN Bridge" name=home protocol-mode=stp
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] comment="Switch LAN"
set [ find default-name=ether4 ] comment="Desk Cable LAN"
set [ find default-name=ether5 ] comment=LAN-Homelab
set [ find default-name=ether6 ] advertise="10M-half,10M-full,100M-half,100M-f\
    ull,1000M-half,1000M-full,10000M-full,2500M-full" disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] comment=WANURSALink
set [ find default-name=ether9 ] advertise=\
    10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
    GPONCPE
set [ find default-name=ether10 ] disabled=yes poe-out=off poe-priority=5
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add comment="GPON Faiba" disabled=no interface=ether9 max-mtu=1500 name=\
    JTLFaiba user=P
/interface ethernet switch port
set 6 vlan-mode=fallback
set 7 vlan-mode=fallback
set 8 vlan-mode=fallback
set 9 vlan-mode=fallback
set 10 vlan-mode=fallback
set 12 vlan-mode=fallback
/interface list
add comment=WAN name=WAN
add comment=LAN name=LAN
add comment=Phone name=LTE
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] comment=Default eap-methods="" \
    management-protection=required mode=static-keys-required \
    supplicant-identity=MikroTik
add authentication-types=wpa2-psk comment=DefaultHome disable-pmkid=yes \
    eap-methods="" mode=dynamic-keys name=Home supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n bridge-mode=disabled \
    channel-width=20/40mhz-XX comment="LAN Bridge" country=kenya disabled=no \
    distance=indoors frequency=2452 hw-retries=10 installation=indoor \
    max-station-count=100 mode=ap-bridge name=wireless security-profile=Home \
    ssid=twitwi tx-power=7 tx-power-mode=all-rates-fixed wireless-protocol=\
    802.11 wps-mode=disabled
/interface wireless nstreme
set wireless comment="LAN Bridge"
/interface wireless manual-tx-power-table
set wireless comment="LAN Bridge"
/ip pool
add name=home ranges=
/ip dhcp-server
add address-pool=home interface=home lease-time=1d name=home
/port
set 0 name=serial0
/queue simple
add burst-limit=10M/20M burst-threshold=10M/20M burst-time=5s/5s disabled=yes \
    max-limit=10M/20M name=queue1 target=ether5
/snmp community
set [ find default=yes ] addresses=25 name=pablo
/user group
add name=group1 policy="local,reboot,read,test,winbox,password,web,!telnet,!ss\
    h,!ftp,!write,!policy,!sniff,!sensitive,!api,!romon,!dude,!tikapp,!rest-ap\
    i"
/interface bridge port
add bridge=home ingress-filtering=no interface=ether4
add bridge=home ingress-filtering=no interface=ether5
add bridge=home ingress-filtering=no interface=ether3
add bridge=home fast-leave=yes interface=wireless
/ip neighbor discovery-settings
set discover-interface-list=!none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether8 list=WAN
add interface=home list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wireless list=LAN
add interface=ether9 list=WAN
add interface=ether3 list=LAN
add interface=JTLFaiba list=WAN
add list=WAN
/ip address
add address=LAN.1/26 comment=Home interface=home network=LAN.0
/ip cloud
set ddns-update-interval=3h
/ip dhcp-client
add add-default-route=no comment=GPONFaibaCPE interface=ether9 use-peer-dns=\
    no use-peer-ntp=no
add add-default-route=no comment=URSALink interface=ether8 script="/ip dns sta\
    tic remove [find where name=cellrouter.lan]\r\
    \n:if (\$bound=1) do={/ip dns static add name=cellrouter.lan address=\$\"g\
    ateway-address\"}" use-peer-dns=no use-peer-ntp=no

/ip dhcp-server network
add address=LAN.0/26 dns-server=LAN.1 gateway=LAN.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=2d max-concurrent-queries=1000 \
    max-concurrent-tcp-sessions=200 max-udp-packet-size=1024 \
    query-server-timeout=3s servers=\
    1.1.1.1,208.67.222.222,8.8.8.8,8.8.4.4,208.67.220.220

/ip firewall address-list
add address=LAN.2-LAN.254 list=allowed_to_router
add address=139.162.40.38 list=plex
/ip firewall filter
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=accept chain=input comment="default configuration" \
    connection-state=established,related,untracked
add action=accept chain=input disabled=yes src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input connection-state=invalid
add action=fasttrack-connection chain=forward comment=FastTrack \
    connection-state=established,related hw-offload=yes
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    disabled=yes log=yes log-prefix=invalid
add action=accept chain=forward disabled=yes dst-address-list=plex dst-port=\
    80,443 protocol=tcp
add action=drop chain=forward disabled=yes out-interface-list=WAN \
    src-address=LAN.34
add action=drop chain=input comment=winboxdrop dst-port=8291 \
    in-interface-list=WAN protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment=WAN out-interface-list=WAN
add action=masquerade chain=srcnat comment=GPON disabled=yes out-interface=\
    JTLFaiba
add action=masquerade chain=srcnat comment=Faiba disabled=yes out-interface=\
    *E
add action=src-nat chain=srcnat disabled=yes out-interface=*E to-addresses=\
    192.168.0.10
/ip route
add comment=Faiba disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    JTLFaiba pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add comment=Cellular disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    ether8
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=LAN.0/26 disabled=yes port=2200
set www-ssl certificate=home disabled=no port= tls-version=only-1.2
set api disabled=yes
set winbox address=LAN.0/26
set api-ssl address=LAN.0/26 certificate=home disabled=yes \
    tls-version=only-1.2
/ip traffic-flow
set enabled=yes
/lcd
set enabled=no touch-screen=disabled
/snmp
set enabled=yes trap-generators=""
/system clock
set time-zone-autodetect=no time-zone-name=Africa/Nairobi
/system identity
set name=home
/system logging
add action=disk prefix=critical topics=critical
add action=disk prefix=warning topics=warning
add action=disk prefix=error topics=error
add action=disk prefix=info topics=info
add action=disk prefix=debug topics=debug
add action=disk prefix=poe topics=poe-out
/system ntp client
set enabled=yes

/tool bandwidth-server
set enabled=no

add
/tool mac-server
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

Who is online

Users browsing this forum: hapi, neki and 20 guests