Community discussions

MikroTik App
 
rscott78
just joined
Topic Author
Posts: 11
Joined: Tue Jan 04, 2022 5:55 pm

Unable to assign static IP and route it out

Sat Dec 03, 2022 5:31 pm

I have a CCR2216 handling my routing and a CRS312 switch where VLAN tagging happens. I have a laptop plugged into ETH5 on the switch (which is one of the VLAN access ports). When set to DHCP, this laptop is happily assigned a private IP and can reach the internet just fine. However, I want to assign it a public static IP, but when I do, I can't seem to reach the router, nor the internet.

For the sake of this post, assume that my public IP range is 1.2.3.0/24

My trunk port to the Mikrotik router is combo2.

To attempt this, I've tried:

1) On my router, creating a bridge to act as a loop back interface, then assigned it an ip in my public range of 1.2.3.1/26 (I am trying to only use part of the /24 range here)
1a) set a static ip on my laptop of 1.2.3.14, with subnet of 255.255.255.192 and a gateway of 1.2.3.1

Result: Unable to ping gateway address of 1.2.3.1

2) On my router, assigning the incoming trunk port from the switch to the public ip of 1.2.3.1/26
2a) set a static ip on my laptop of 1.2.3.14, with subnet of 255.255.255.192 and a gateway of 1.2.3.1

Result: Unable to ping gateway address of 1.2.3.1

Any suggestions on what else to try?

Here's my configuration, though it doesn't show my various attempts outlined above:

Switch Config
# nov/27/2022 15:11:40 by RouterOS 6.49.7
# software id = 
#
# model = CRS312-4C+8XG
# serial number = 
/interface bridge
add admin-mac=DC:2C:6E:28:C4:4F auto-mac=no comment=defconf ingress-filtering=yes name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=combo1 ] comment="Garage Switch"
set [ find default-name=combo2 ] comment="to Dell QoE"
set [ find default-name=combo3 ] comment="Attic switch"
set [ find default-name=combo4 ] comment="Tower Switch"
set [ find default-name=ether1 ] comment="Emergency / Empty"
set [ find default-name=ether2 ] comment="Port 1 - office"
set [ find default-name=ether3 ] comment="Port 2 wire - Garage 60LR Quinton"
set [ find default-name=ether4 ] comment="Home Office - Port 3 Wire"
set [ find default-name=ether8 ] comment="QoE Management 10.0.1.5"
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4-ipv6
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge comment="Garage Switch Mikrotik" edge=yes frame-types=admit-only-untagged-and-priority-tagged \
    ingress-filtering=yes interface=combo1 pvid=50
add bridge=bridge comment="Going to Mikrotik Router (via Dell QoE)" frame-types=admit-only-vlan-tagged \
    ingress-filtering=yes interface=combo2
add bridge=bridge comment="Attic Switch" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=combo3 pvid=40
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=combo4 pvid=9
add bridge=bridge comment=defconf ingress-filtering=yes interface=ether1
add bridge=bridge comment="Office - VL78" interface=ether2 pvid=78
add bridge=bridge comment="VL20- Quinton" frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether3 pvid=20
add bridge=bridge comment="VL78 Home Connection" edge=yes interface=ether4 pvid=78
add bridge=bridge comment=defconf edge=yes frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether5 pvid=78
add bridge=bridge comment=defconf frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes \
    interface=ether6 pvid=78
add bridge=bridge comment="VL78: UISP / UNMS" ingress-filtering=yes interface=ether7 pvid=78
add bridge=bridge comment="VL78: QoE" ingress-filtering=yes interface=ether8 pvid=78
add bridge=bridge comment=defconf ingress-filtering=yes interface=ether9
/ip settings
set max-neighbor-entries=2048
/interface bridge vlan
add bridge=bridge tagged=combo2 untagged=ether4,ether6,ether5 vlan-ids=78
add bridge=bridge tagged=combo2 vlan-ids=20
add bridge=bridge tagged=combo2 vlan-ids=10
add bridge=bridge tagged=combo2 vlan-ids=30
add bridge=bridge tagged=combo2 vlan-ids=40
add bridge=bridge tagged=combo2 vlan-ids=50
add bridge=bridge tagged=combo2 untagged=ether6 vlan-ids=9
add bridge=bridge tagged=combo2 vlan-ids=1
add bridge=bridge comment="vlan 100 will be used when we need an ip from the public pool" tagged=combo2 vlan-ids=100
/interface list member
add interface=ether9 list=WAN
add interface=ether1 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=combo1 list=LAN
add interface=combo2 list=LAN
add interface=combo3 list=LAN
add interface=combo4 list=LAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=10.0.1.6/24 comment=defconf interface=ether1 network=10.0.1.0
add address=10.10.10.12 interface=bridge network=10.10.10.12
add address=10.10.78.2 interface=bridge network=10.10.78.2
add address=10.255.1.2/30 interface=ether1 network=10.255.1.0
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip route
add distance=1 gateway=10.255.1.1
/system clock
set time-zone-name=America/Denver
/system identity
set name=MikroTik-CRS
/system routerboard settings
set boot-os=router-os
Router Config
# nov/27/2022 15:38:01 by RouterOS 7.6
# software id = 
#
# model = CCR2216-1G-12XS-2XQ
# serial number = 
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=sfp28-1 ] comment="ISP1"
set [ find default-name=sfp28-2 ] auto-negotiation=no comment="ISP2"
set [ find default-name=sfp28-10 ] comment="Port to Switch (management)"
set [ find default-name=sfp28-12 ] comment="Mikrotik Switch (access ports)"
/interface vlan
add interface=sfp28-12 name=vlan-1 vlan-id=1
add comment="" interface=sfp28-12 name=vlan-9 vlan-id=9
add comment="Quinton" interface=sfp28-12 name=vlan-20 vlan-id=20
add comment="Office (af60 ptp)" interface=sfp28-12 name=vlan-30 vlan-id=30
add comment="Attic Switch" interface=sfp28-12 name=vlan-40 vlan-id=40
add comment="Garage Switch" interface=sfp28-12 name=vlan-50 vlan-id=50
add comment="Home office" interface=sfp28-12 name=vlan-78 vlan-id=78
add comment="Gets assigned static IPs" interface=sfp28-12 name=vlan-100 vlan-id=100
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=Vlan-78 ranges=10.10.78.10-10.10.78.250
add name=dhcp ranges=10.10.10.10-10.10.10.250
add name=vlan-30 ranges=10.10.30.10-10.10.30.250
add name=vlan-10 ranges=10.10.10.10-10.10.10.250
add name=vlan-40 ranges=10.10.40.10-10.10.40.250
add name=vlan-20 ranges=10.10.20.10-10.10.20.250
add name=vlan-50 ranges=10.10.50.10-10.10.50.250
add name=vlan-9 ranges=10.10.9.20-10.10.9.250
# public ip range
add name=vlan-100 ranges=#########
/ip dhcp-server
add address-pool=Vlan-78 always-broadcast=yes interface=vlan-78 lease-time=5m name=dhcp-vl78 server-address=\
    10.10.78.1
add address-pool=dhcp interface=bridge1 name=dhcp1
add address-pool=vlan-30 interface=vlan-30 lease-time=5m name=dhcp-vl30
add address-pool=vlan-20 interface=vlan-20 lease-time=5m10s name=dhcp-vl20
add address-pool=vlan-40 interface=vlan-40 lease-time=5m name=dhcp-vl40
add address-pool=vlan-50 interface=vlan-50 lease-time=5m name=dhcp-vl50
add address-pool=vlan-9 interface=vlan-9 lease-time=5m name=dhcp-vl9
add address-pool=vlan-100 interface=vlan-100 lease-time=5m name=dhcp-vl100
/port
set 0 name=serial0
/routing table
add fib name=to_ISP1
add fib name=to_ISP2
add disabled=no fib name=isp1_bgp
/routing bgp template
set default address-families=ip as=xxxxxx disabled=no nexthop-choice=default routing-table=main
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 disabled=yes interface=qsfp28-1-2
add bridge=bridge1 disabled=yes interface=qsfp28-1-3
add bridge=bridge1 disabled=yes interface=qsfp28-1-4
add bridge=bridge1 disabled=yes interface=qsfp28-2-1
add bridge=bridge1 disabled=yes interface=qsfp28-2-2
add bridge=bridge1 disabled=yes interface=qsfp28-2-3
add bridge=bridge1 disabled=yes interface=qsfp28-2-4
add bridge=bridge1 disabled=yes interface=sfp28-1
add bridge=bridge1 disabled=yes interface=sfp28-2
add bridge=bridge1 disabled=yes interface=sfp28-3
add bridge=bridge1 disabled=yes interface=sfp28-4
add bridge=bridge1 disabled=yes interface=sfp28-5
add bridge=bridge1 disabled=yes interface=sfp28-6
add bridge=bridge1 disabled=yes interface=sfp28-7
add bridge=bridge1 disabled=yes interface=sfp28-8
add bridge=bridge1 disabled=yes interface=sfp28-9
add bridge=bridge1 disabled=yes interface=sfp28-10
add bridge=bridge1 disabled=yes interface=sfp28-11
add bridge=bridge1 disabled=yes interface=sfp28-12
/interface list member
add interface=sfp28-1 list=WAN
add interface=vlan-78 list=LAN
add interface=sfp28-2 list=WAN
/ip address
add address=x.xx.xxx.126/30 comment=ISP1 interface=sfp28-1 network=x.xx.xxx.124
add address=yy.yyy.yyy.1/24 interface=vlan-100 network=yy.yyy.yyy.0
add address=10.0.1.1/24 comment="Dell QoE" interface=vlan-78 network=10.0.1.0
add address=10.255.3.1/30 interface=sfp28-12 network=10.255.3.0
add address=10.10.10.1/24 interface=bridge1 network=10.10.10.0
add address=10.10.78.1/24 interface=vlan-78 network=10.10.78.0
add address=10.10.1.1/24 interface=vlan-1 network=10.10.1.0
add address=10.10.20.1/24 interface=vlan-20 network=10.10.20.0
add address=10.10.30.1/24 interface=vlan-30 network=10.10.30.0
add address=10.10.40.1/24 interface=vlan-40 network=10.10.40.0
add address=10.10.50.1/24 interface=vlan-50 network=10.10.50.0
add address=10.10.9.1/24 interface=vlan-9 network=10.10.9.0
add address=zz.zzz.zz.210/30 comment="ISP2" interface=sfp28-2 network=zz.zzz.zz.208
add address=10.255.1.1/30 interface=sfp28-10 network=10.255.1.0
/ip dhcp-client
add disabled=yes interface=qsfp28-1-1
/ip dhcp-server network
add address=10.10.9.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.9.1 netmask=24
add address=10.10.10.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.10.1 netmask=24
add address=10.10.20.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.20.1 netmask=24
add address=10.10.30.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.30.1 netmask=24
add address=10.10.40.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.40.1 netmask=24
add address=10.10.50.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.50.1 netmask=24
add address=10.10.78.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=10.10.78.1 netmask=24
add address=10.255.3.0/30 gateway=10.255.3.1 netmask=30
add address=yy.yyy.yyy.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=yy.yyy.yyy.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,1.1.1.1
/ip dns static
add address=10.10.10.1 name=www.somewhere.com ttl=1d5s
add address=10.10.78.9 name=unms.rimrockwireless.net
/ip firewall address-list
add address=yy.yyy.yyy.0/24 list=bgp-networks
add address=10.4.3.0/24 list=allow_to_router
add address=10.0.1.0/24 list=allow_to_router
add address=10.4.3.1-10.4.3.255 list=allow_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=not_in_internet
add address=10.10.10.0/24 list=allow_to_router
add address=174.230.207.251 list=allow_to_router
add address=10.0.3.0/24 list=allow_to_router
add address=10.255.3.0/24 list=allow_to_router
add address=10.10.78.0/24 list=allow_to_router
add address=10.10.30.0/24 list=allow_to_router
/ip firewall filter
add action=accept chain=input comment="default configuration" connection-state=established,related
add action=accept chain=input src-address-list=allow_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input log-prefix=test
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="Established, Related" connection-state=established,related
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp protocol=icmp
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types"
add action=drop chain=forward comment="Drop invalid" connection-state=invalid log-prefix=invalid
/ip firewall mangle
add action=mark-connection chain=output connection-mark=no-mark connection-state=new new-connection-mark=ISP1_conn \
    out-interface=sfp28-1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=to_ISP1 out-interface=sfp28-1 \
    passthrough=yes
add action=mark-connection chain=output connection-mark=no-mark connection-state=new new-connection-mark=ISP2_conn \
    out-interface=sfp28-2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_ISP2 out-interface=sfp28-2 \
    passthrough=yes
/ip firewall nat
add action=src-nat chain=srcnat comment="Home Office Outgoing IP over ISP1" out-interface=sfp28-1 src-address=\
    10.10.78.0/24 to-addresses=yy.yyy.yyy.11
add action=dst-nat chain=dstnat comment="Required for Incoming to hit khootz web server" dst-address=yy.yyy.yyy.11 \
    log=yes to-addresses=10.10.78.249
add action=dst-nat chain=dstnat comment="Incoming to Office" dst-address=yy.yyy.yyy.20 log=yes log-prefix=TED \
    to-addresses=10.10.78.136
add action=src-nat chain=srcnat comment="VLAN 9 Outgoing IP ISP1" out-interface=sfp28-1 src-address=\
    10.10.9.0/24 to-addresses=yy.yyy.yyy.209
add action=src-nat chain=srcnat out-interface=sfp28-1 src-address=10.10.20.0/24 to-addresses=yy.yyy.yyy.220
add action=src-nat chain=srcnat comment="Office Outgoing IP over ISP1" out-interface=sfp28-1 src-address=\
    10.10.30.0/24 to-addresses=yy.yyy.yyy.20
add action=src-nat chain=srcnat comment="VLAN 40 Outgoing IP over ISP1" out-interface=sfp28-1 src-address=\
    10.10.40.0/24 to-addresses=yy.yyy.yyy.240
add action=src-nat chain=srcnat out-interface=sfp28-1 src-address=10.10.50.0/24 to-addresses=yy.yyy.yyy.50
add action=masquerade chain=srcnat comment="Hairpin NAT for internal traffic to hit khootz" dst-address=10.10.78.249 \
    out-interface-list=LAN src-address=10.10.78.0/24
add action=masquerade chain=srcnat comment="Hairpin NAT for internal traffic to hit UISP" dst-address=10.10.78.9 \
    out-interface-list=LAN src-address=10.0.0.0/8
add action=masquerade chain=srcnat comment="Regular masqerade out" disabled=yes out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=sfp28-1
add action=masquerade chain=srcnat out-interface=sfp28-2
add action=redirect chain=dstnat comment="THIS BREAKS UI CUSTOMERS!! Redirect all DNS to internal server" disabled=\
    yes dst-port=53 protocol=udp to-addresses=10.10.10.1 to-ports=53
/ip route
add comment="Legit default route with no failover (disable this for failover logic to work)" disabled=yes distance=1 \
    dst-address=0.0.0.0/0 gateway=x.xx.xxx.125 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add blackhole disabled=no dst-address=yy.yyy.yyy.0/24 gateway="" routing-table=main suppress-hw-offload=no
add disabled=yes distance=5 dst-address=0.0.0.0/0 gateway=10.255.2.2 pref-src=0.0.0.0 routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=10
add comment="Monitor host via ISP 1 ()" disabled=no distance=1 dst-address=1.0.0.1/32 gateway=x.xx.xxx.125 \
    pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add comment="Monitor host via ISP 2 ()" disabled=no distance=1 dst-address=4.2.2.2/32 gateway=zz.zzz.zz.209 \
    pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Default Route Main / ISP1 ()" disabled=no distance=1 dst-address=0.0.0.0/0 \
    gateway=1.0.0.1 pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Default Route Backup / ISP2 ()" disabled=no distance=2 dst-address=0.0.0.0/0 \
    gateway=4.2.2.2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add disabled=yes distance=1 dst-address=zz.zzz.zz.208/30 gateway=zz.zzz.zz.209 pref-src="" routing-table=main scope=\
    30 suppress-hw-offload=no target-scope=10
/ipv6 firewall filter
add action=drop chain=input
/routing bgp connection
add as=399525 disabled=no input.accept-nlri=bgp_accept local.role=ebgp name=ToISP1 output.network=bgp-networks \
    remote.address=x.xx.xxx.125/32 .as=3356 router-id=x.xx.xxx.126 routing-table=main
add as=399525 disabled=no input.accept-nlri=bgp_accept local.role=ebgp .ttl=2 multihop=no name=ToISP2 \
    remote.address=zz.zzz.zz.209/32 .as=209 .ttl=2 router-id=x.xx.xxx.126 routing-table=main
/routing filter community-list
add comment="Used to set ISP2 to 90% affinity (use as a backup)" communities=208:90 disabled=no list=isp2-secondary
/routing filter rule
add chain=BGP-ISP1-In disabled=no rule=reject
/system clock
set time-zone-name=America/Boise
/system identity
set name=MikroTik-Core-Router
/system ntp client
set enabled=yes
/system ntp client servers
add address=pool.ntp.org

Who is online

Users browsing this forum: baragoon, Knapek, menyarito and 80 guests