Community discussions

MikroTik App
 
vlada92
just joined
Topic Author
Posts: 3
Joined: Fri Mar 10, 2017 1:04 pm

CRS354-48g RouterOS connectivity problems

Thu Jan 19, 2023 1:18 pm

Hi, We have strange issues in our network where we have Mikrotik CRS354-48g RouterOS so I need opinion from you guys.
In our topology we have Comcast modem in bridge mode which is passing static Public IP address and behind it we added Mikrotik CRS354-48g with public IP uplink.

CRS354 is running routerOS mode and it's configured with vlans. Problem is when we add new devices to the network, or make any changes with interfaces (plug, unplug devices) etc, LAN clients (windows PCs) lost internet access. At first I was thinking that there was some problem with Comcast edge security, but this is happening 2-3 times in the last month, whenever we add new device to the switch. At that moment:

1. Clients can't ping google and can't browse
2. Clients can ping Mikrotik gateway
3. I can ping LAN devices and google DNS from Mikrotik,
4. I can access Mikrotik from WAN with public IP
5. I can also connect to client VPN (wireguard) from outside with full connectivity and internet access

Last time i had this problem, configuration contained about 35 interfaces with bridge mode and access vlan(untagged) but only 7-8 of them were used and attached to PCs, other interfaces were hanging there unused but prepared just in case if we need them. With the problem still running, I tried to remove unused interfaces from bridge/vlan and viola, client PCs were back online again.

# jan/19/2023 by RouterOS 7.7
# software id = 38QZ-JPVN
#
# model = CRS354-48G-4S+2Q+
/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name="ether1-UpLInk static"
set [ find default-name=ether2 ] name="ether2-UpLink dynamic"
set [ find default-name=ether5 ] name="ether5-LAN"
set [ find default-name=ether6 ] name="ether6-LAN"
set [ find default-name=ether7 ] name=ether7-LAN
set [ find default-name=ether8 ] name=ether8-LAN
set [ find default-name=ether9 ] name="ether9-LAN"
set [ find default-name=ether10 ] name=ether10-LAN
set [ find default-name=ether11 ] name="ether11-LAN"
set [ find default-name=ether12 ] name=ether12-LAN
set [ find default-name=ether13 ] name="ether13-WiFi"
set [ find default-name=ether14 ] name=ether14-LAN
set [ find default-name=ether15 ] name=ether15-LAN
set [ find default-name=ether16 ] name=ether16-LAN
set [ find default-name=ether17 ] name=ether17-LAN
set [ find default-name=ether18 ] name=ether18-LAN
set [ find default-name=ether19 ] name=ether19-LAN
set [ find default-name=ether20 ] name=ether20-LAN
set [ find default-name=ether21 ] name=ether21-LAN
set [ find default-name=ether22 ] name=ether22-LAN
set [ find default-name=ether23 ] name=ether23-LAN
set [ find default-name=ether24 ] name=ether24-LAN
set [ find default-name=ether25 ] name=ether25-LAN
set [ find default-name=ether26 ] name=ether26-LAN
set [ find default-name=ether27 ] name=ether27-LAN
set [ find default-name=ether28 ] name=ether28-LAN
set [ find default-name=ether29 ] name=ether29-LAN
set [ find default-name=ether30 ] name=ether30-LAN
set [ find default-name=ether31 ] name=ether31-LAN
set [ find default-name=ether32 ] name=ether32-LAN
set [ find default-name=ether33 ] name=ether33-LAN
set [ find default-name=ether34 ] name=ether34-LAN
set [ find default-name=ether35 ] name=ether35-LAN
set [ find default-name=qsfpplus1-1 ] disabled=yes
set [ find default-name=qsfpplus1-2 ] disabled=yes
set [ find default-name=qsfpplus1-3 ] disabled=yes
set [ find default-name=qsfpplus1-4 ] disabled=yes
set [ find default-name=qsfpplus2-1 ] disabled=yes
set [ find default-name=qsfpplus2-2 ] disabled=yes
set [ find default-name=qsfpplus2-3 ] disabled=yes
set [ find default-name=qsfpplus2-4 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] disabled=yes
set [ find default-name=sfp-sfpplus2 ] disabled=yes
set [ find default-name=sfp-sfpplus3 ] disabled=yes
set [ find default-name=sfp-sfpplus4 ] disabled=yes
/interface wireguard
add listen-port=13231 mtu=1450 name=wireguard1
/interface vlan
add interface=bridge1 name=vlan10-Local vlan-id=10
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface ethernet switch port
set 10 l3-hw-offloading=no
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.23.50-192.168.23.254
add name=dhcp_pool1 ranges=192.168.31.40-192.168.31.200
/ip dhcp-server
add address-pool=dhcp_pool0 interface=vlan10-Local name=dhcp1
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=bridge1 interface="ether9-LAN" pvid=10
add bridge=bridge1 interface="ether5-LAN" pvid=10
add bridge=bridge1 interface="ether6-LAN" pvid=10
add bridge=bridge1 interface=ether7-LAN pvid=10
add bridge=bridge1 interface=ether8-LAN pvid=10
add bridge=bridge1 interface=ether10-LAN pvid=10
add bridge=bridge1 interface="ether11-LAN" pvid=10
add bridge=bridge1 interface=ether12-LAN pvid=10
add bridge=bridge1 interface="ether13-WiFi" pvid=10
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set accept-redirects=no max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged="ether9-LAN,ether5-LAN,ether6-LAN,ether7-LAN,ether8-LAN,ether10-LAN,ether11-LAN,ether12-LAN,ether13-WiFi" vlan-ids=10
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=192.168.100.3/32 comment="x" interface=wireguard1 public-key="x"
add allowed-address=192.168.100.4/32 comment="x" interface=wireguard1 public-key="x"
/ip address
add address=192.168.23.1/24 interface=vlan10-Local network=192.168.23.0
add address=x.x.x.x/29 interface="ether1-UpLInk static" network=x.x.x.x "Public IP"
add address=192.168.100.1/24 interface=wireguard1 network=192.168.100.0
/ip dhcp-server network
add address=192.168.23.0/24 dns-server=75.75.75.75,75.75.76.76,8.8.8.8 gateway=192.168.23.1
add address=192.168.31.0/24 dns-server=75.75.75.75,75.75.76.76,8.8.8.8 gateway=192.168.31.1
/ip dns
set servers=75.75.75.75,75.75.76.76,8.8.8.8
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related,untracked
add action=accept chain=forward protocol=icmp
add action=drop chain=forward connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat out-interface="ether1-UpLInk static"
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=x.x.x.x routing-table=main suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ipv6 firewall raw
add action=drop chain=prerouting
/system routerboard settings
set boot-os=router-os
 
vlada92
just joined
Topic Author
Posts: 3
Joined: Fri Mar 10, 2017 1:04 pm

Re: CRS354-48g RouterOS connectivity problems

Tue Jan 24, 2023 1:41 pm

Anyone? :)
 
User avatar
gamerxp
just joined
Posts: 10
Joined: Fri Dec 09, 2016 2:54 am
Location: Thailand
Contact:

Re: CRS354-48g RouterOS connectivity problems

Thu Feb 16, 2023 5:15 pm

Who is online

Users browsing this forum: NxtGen [Bot], RobertsN, Rox169 and 75 guests