Community discussions

MikroTik App
 
myrddin
just joined
Topic Author
Posts: 3
Joined: Thu Jan 12, 2023 6:13 pm

Configuration help

Thu Jan 12, 2023 9:19 pm

Network Diagram

https://drive.google.com/file/d/1cqJSt3 ... sp=sharing
I hope the image goes through. tinypic is no more, and it wouldn't load as an attachment to this post.


Export
# jan/12/2023 10:15:27 by RouterOS 7.5
# software id = HJND-FS5T
#
# model = CCR2004-1G-12S+2XS
# serial number = XXXXXXXXXXX
/interface bridge
add name=lan_bridge protocol-mode=none
add disabled=yes name=wan_bridge
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=1_faerun rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=sfp-sfpplus2 ] name=2_magetower rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=sfp-sfpplus11 ] auto-negotiation=no name=\
    11_wap_upstairs rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp-sfpplus12 ] auto-negotiation=no name=12_isp \
    rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether1 ] name=management rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=sfp-sfpplus3 ] disabled=yes
set [ find default-name=sfp-sfpplus4 ] disabled=yes
set [ find default-name=sfp-sfpplus5 ] disabled=yes
set [ find default-name=sfp-sfpplus6 ] disabled=yes
set [ find default-name=sfp-sfpplus7 ] disabled=yes
set [ find default-name=sfp-sfpplus8 ] disabled=yes
set [ find default-name=sfp-sfpplus9 ] disabled=yes
set [ find default-name=sfp-sfpplus10 ] disabled=yes
set [ find default-name=sfp28-1 ] disabled=yes
set [ find default-name=sfp28-2 ] disabled=yes
/interface list
add name=lan
add name=wan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=lan_pool ranges=192.168.5.10-192.168.5.254
/ip dhcp-server
add address-pool=lan_pool interface=lan_bridge lease-time=1d name=lan_dhcp
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=wan_bridge disabled=yes interface=12_isp
add bridge=lan_bridge interface=1_faerun
add bridge=lan_bridge interface=2_magetower
add bridge=lan_bridge interface=11_wap_upstairs
/ip settings
set accept-source-route=yes ip-forward=no rp-filter=strict
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=lan_bridge list=lan
add interface=12_isp list=wan
/ip address
add address=192.168.5.1/24 interface=lan_bridge network=192.168.5.0
/ip dhcp-client
add interface=12_isp use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.5.100 client-id=1:98:b7:85:0:2a:cd mac-address=\
    98:B7:85:00:2A:CD server=lan_dhcp
/ip dhcp-server network
add address=192.168.5.0/24 gateway=192.168.5.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=wan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/system clock
set time-zone-name=America/New_York

What I'm trying to do
I'm trying to set up a LAN consisting of a server, desktop, and a wAP.

My problem
I can connect all the server, desktop, and wAP to the LAN DHCP and get valid IPv4 addresses for each device. However, when I ping 8.8.8.8 from the desktop I am unable to receive any packets back. I get the same result if I ping www.ibm.com. When I go into WinBox and ping from the terminal everything works as expected. I am able to ping other devices on the LAN, like the server, and receive a response. Can someone help me figure out what I am missing in my configuration that will let my LAN devices see out to the WAN.

Thank you in advance for any help you can give.
 
tomislav91
Member
Member
Posts: 303
Joined: Fri May 26, 2017 12:47 pm

Re: Configuration help

Thu Jan 12, 2023 10:50 pm

Network Diagram

https://drive.google.com/file/d/1cqJSt3 ... sp=sharing
I hope the image goes through. tinypic is no more, and it wouldn't load as an attachment to this post.


Export
# jan/12/2023 10:15:27 by RouterOS 7.5
# software id = HJND-FS5T
#
# model = CCR2004-1G-12S+2XS
# serial number = XXXXXXXXXXX
/interface bridge
add name=lan_bridge protocol-mode=none
add disabled=yes name=wan_bridge
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=1_faerun rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=sfp-sfpplus2 ] name=2_magetower rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=sfp-sfpplus11 ] auto-negotiation=no name=\
    11_wap_upstairs rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp-sfpplus12 ] auto-negotiation=no name=12_isp \
    rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether1 ] name=management rx-flow-control=auto \
    tx-flow-control=auto
set [ find default-name=sfp-sfpplus3 ] disabled=yes
set [ find default-name=sfp-sfpplus4 ] disabled=yes
set [ find default-name=sfp-sfpplus5 ] disabled=yes
set [ find default-name=sfp-sfpplus6 ] disabled=yes
set [ find default-name=sfp-sfpplus7 ] disabled=yes
set [ find default-name=sfp-sfpplus8 ] disabled=yes
set [ find default-name=sfp-sfpplus9 ] disabled=yes
set [ find default-name=sfp-sfpplus10 ] disabled=yes
set [ find default-name=sfp28-1 ] disabled=yes
set [ find default-name=sfp28-2 ] disabled=yes
/interface list
add name=lan
add name=wan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=lan_pool ranges=192.168.5.10-192.168.5.254
/ip dhcp-server
add address-pool=lan_pool interface=lan_bridge lease-time=1d name=lan_dhcp
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=wan_bridge disabled=yes interface=12_isp
add bridge=lan_bridge interface=1_faerun
add bridge=lan_bridge interface=2_magetower
add bridge=lan_bridge interface=11_wap_upstairs
/ip settings
set accept-source-route=yes ip-forward=no rp-filter=strict
/ipv6 settings
set disable-ipv6=yes
/interface list member
add interface=lan_bridge list=lan
add interface=12_isp list=wan
/ip address
add address=192.168.5.1/24 interface=lan_bridge network=192.168.5.0
/ip dhcp-client
add interface=12_isp use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=192.168.5.100 client-id=1:98:b7:85:0:2a:cd mac-address=\
    98:B7:85:00:2A:CD server=lan_dhcp
/ip dhcp-server network
add address=192.168.5.0/24 gateway=192.168.5.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=wan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/system clock
set time-zone-name=America/New_York

What I'm trying to do
I'm trying to set up a LAN consisting of a server, desktop, and a wAP.

My problem
I can connect all the server, desktop, and wAP to the LAN DHCP and get valid IPv4 addresses for each device. However, when I ping 8.8.8.8 from the desktop I am unable to receive any packets back. I get the same result if I ping www.ibm.com. When I go into WinBox and ping from the terminal everything works as expected. I am able to ping other devices on the LAN, like the server, and receive a response. Can someone help me figure out what I am missing in my configuration that will let my LAN devices see out to the WAN.

Thank you in advance for any help you can give.

i can't see ip route export?
 
myrddin
just joined
Topic Author
Posts: 3
Joined: Thu Jan 12, 2023 6:13 pm

Re: Configuration help

Thu Jan 12, 2023 11:35 pm

I generated the export with:
   export hide-sensitive file=ccr2004.export
Perhaps IP routes are what I am missing. I'll check tonight when I get home.
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Configuration help  [SOLVED]

Fri Jan 13, 2023 1:38 pm

Under /ip settings you have ip-forward=no. If you want the router to route packets between networks that needs to be set to yes.
 
myrddin
just joined
Topic Author
Posts: 3
Joined: Thu Jan 12, 2023 6:13 pm

Re: Configuration help

Sat Jan 14, 2023 6:36 am

Thank you both for your help! The extra sets of eyes were incredibly useful.

I checked the IP routes and they were there, having been generated by the DHCP server and client. I have no idea why they didn't get exported though.

It came down to me having missed that the "ip-forward" in the "ip -> settings" was set to "no". Once I toggled that, everything worked great.

Thank you again for the help!
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11444
Joined: Thu Mar 03, 2016 10:23 pm

Re: Configuration help

Sat Jan 14, 2023 11:34 am

I have no idea why they didn't get exported though.

Export command shows things that were explicitly configured (so it's really handy when troubleshooting problems with configuration). Dynamic stuff (such as IP address and routes, obtained by DHCP client, or leases of DHCP server) are not though. So when assessing router's state, it's vital to use also print command which displays running values (as opposed to configured values) - output format is different and to many it's less readable. Generally it has two verbosity levels, to get additional details run print detail.

There's third command which sometimes comes handy: monitor. Not every object in ROS has it though.

Who is online

Users browsing this forum: erlinden and 36 guests