Unable to update Router OS

akshark · Thu Apr 13, 2023 6:07 pm

Hi All,

We have the MicroTik CRS328-4C-20S-4S+RM 20x SFP + 4xSFP+ switch met 4x combo and have set it up and see that we are able to get internet connectivity working and computers connected to the router also have internet.

However, we are having issues when updating the Router, we see an error message which says "ERROR: could not resolve dns name"

# jan/03/1970 02:31:05 by RouterOS 6.48.6
# software id = KUH3-URPS
#
# model = CRS328-4C-20S-4S+
# serial number = HEsWN
/interface bridge
add admin-mac=48:A9:s:x:x:x auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=sfp-sfpplus1 name=vlan4011_uplink1 vlan-id=4011
add interface=sfp-sfpplus2 name=vlan4022_uplink2 vlan-id=4022
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=combo1
add bridge=bridge comment=defconf interface=combo2
add bridge=bridge comment=defconf interface=combo3
add bridge=bridge comment=defconf interface=combo4
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=sfp-sfpplus2
add bridge=bridge comment=defconf interface=sfp-sfpplus3
add bridge=bridge comment=defconf interface=sfp-sfpplus4
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=sfp2
add bridge=bridge comment=defconf interface=sfp3
add bridge=bridge comment=defconf interface=sfp4
add bridge=bridge comment=defconf interface=sfp5
add bridge=bridge comment=defconf interface=sfp6
add bridge=bridge comment=defconf interface=sfp7
add bridge=bridge comment=defconf interface=sfp8
add bridge=bridge comment=defconf interface=sfp9
add bridge=bridge comment=defconf interface=sfp10
add bridge=bridge comment=defconf interface=sfp11
add bridge=bridge comment=defconf interface=sfp12
add bridge=bridge comment=defconf interface=sfp13
add bridge=bridge comment=defconf interface=sfp14
add bridge=bridge comment=defconf interface=sfp15
add bridge=bridge comment=defconf interface=sfp16
add bridge=bridge comment=defconf interface=sfp17
add bridge=bridge comment=defconf interface=sfp18
add bridge=bridge comment=defconf interface=sfp19
add bridge=bridge comment=defconf interface=sfp20
/interface list member
add interface=sfp1 list=WAN
add interface=sfp2 list=LAN
add interface=sfp3 list=LAN
add interface=sfp4 list=LAN
add interface=sfp5 list=LAN
add interface=sfp6 list=LAN
add interface=sfp7 list=LAN
add interface=sfp8 list=LAN
add interface=sfp9 list=LAN
add interface=sfp10 list=LAN
add interface=sfp11 list=LAN
add interface=sfp12 list=LAN
add interface=sfp13 list=LAN
add interface=sfp14 list=LAN
add interface=sfp15 list=LAN
add interface=sfp16 list=LAN
add interface=sfp17 list=LAN
add interface=sfp18 list=LAN
add interface=sfp19 list=LAN
add interface=sfp20 list=LAN
add interface=combo1 list=LAN
add interface=combo2 list=LAN
add interface=combo3 list=LAN
add interface=combo4 list=LAN
add interface=sfp-sfpplus1 list=LAN
add interface=sfp-sfpplus2 list=LAN
add interface=sfp-sfpplus3 list=LAN
add interface=sfp-sfpplus4 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=sfp2 network=\
    192.168.88.0
add address=192.168.110.42/30 interface=vlan4011_uplink1 network=\
    192.168.110.40
add address=192.168.210.42/30 interface=vlan4022_uplink2 network=\
    192.168.210.40
add address=x.y.z.a/27 interface=combo2 network=x.y.z.b
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,10.0.0.1
/ip firewall filter
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge
/ip route
add distance=1 gateway=192.168.110.41
add distance=1 gateway=192.168.210.41
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system identity
set name=RouterOS
/system routerboard settings
set boot-os=router-os

Any help on what we are missing would be great to know, Thanks.

erlinden · Thu Apr 13, 2023 6:15 pm

My best guess would be a DNS problem...is this correct (does the MikroTik resolve anything)?

For the time being, you might want to upgrade manually (copy the file upgrade file) and reboot.
Why do you want to upgrade?

Ah...had a second look...your switch is missing a DHCP client on the bridge. Or is missing gateway information. As soon as you add it (and get/have proper IP configuration) you will be able to upgrade.

pe1chl · Thu Apr 13, 2023 7:12 pm

You have this:

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,10.0.0.1

Is that 10.0.0.1 a valid DNS resolver that can lookup internet DNS names? If not, remove it. Make it 1.0.0.1 or 1.1.1.1 or 9.9.9.9 or whatever.

akshark · Thu Apr 13, 2023 9:58 pm

My best guess would be a DNS problem...is this correct (does the MikroTik resolve anything)?

For the time being, you might want to upgrade manually (copy the file upgrade file) and reboot.
Why do you want to upgrade?

Ah...had a second look...your switch is missing a DHCP client on the bridge. Or is missing gateway information. As soon as you add it (and get/have proper IP configuration) you will be able to upgrade.

Thanks for your reply.

On MicroTik terminal if i execute

ping 8.8.8.8 src-address=x.y.z.65

this works

but

ping google.com src-address=x.y.z.65

does not work.

We do have a gateway configured like below

/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1

is the DHCP Client necessary for DNS to work?

akshark · Thu Apr 13, 2023 9:58 pm

You have this:

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,10.0.0.1

Is that 10.0.0.1 a valid DNS resolver that can lookup internet DNS names? If not, remove it. Make it 1.0.0.1 or 1.1.1.1 or 9.9.9.9 or whatever.

Thanks for your reply. ok i will remove it but should 8.8.8.8 not handle DNS?

pe1chl · Thu Apr 13, 2023 10:12 pm

When there is a server 10.0.0.1 that does DNS but not for the internet, the above setup will fail.
There is no "when server 1 says NO let's ask server 2" function in DNS.

akshark · Fri Apr 14, 2023 12:27 am

When there is a server 10.0.0.1 that does DNS but not for the internet, the above setup will fail.
There is no "when server 1 says NO let's ask server 2" function in DNS.

I just updated the DNS servers to 8.8.8.8 and 8.8.4.4 but i still see the same error "could not resolve DNS name"

anav · Fri Apr 14, 2023 12:33 am

Your router is misbehaving because the admin is confused.

The admin doesnt know whether he has a bridge and what function the bridge has in the config.
What IP address do you give the bridge for example.......

akshark · Fri Apr 14, 2023 12:35 am

Your router is misbehaving because the admin is confused.

The admin doesnt know whether he has a bridge and what function the bridge has in the config.
What IP address do you give the bridge for example.......

its x.y.z.65

anav · Fri Apr 14, 2023 12:40 am

Like I said, you dont have a clue of what you have configged.

/ip address
add address=192.168.88.1/24 comment=defconf interface=sfp2 network=\
192.168.88.0
add address=192.168.110.42/30 interface=vlan4011_uplink1 network=\
192.168.110.40
add address=192.168.210.42/30 interface=vlan4022_uplink2 network=\
192.168.210.40
add address=x.y.z.a/27 interface=combo2 network=x.y.z.b
/ip dhcp-server network

There is no bridge address its missing............. the dchp-server identifies a bridge, you have bridge ports too......

Why do you masquerade bridge traffic.........??
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge

akshark · Fri Apr 14, 2023 1:03 am

Like I said, you dont have a clue of what you have configged.

/ip address
add address=192.168.88.1/24 comment=defconf interface=sfp2 network=\
192.168.88.0
add address=192.168.110.42/30 interface=vlan4011_uplink1 network=\
192.168.110.40
add address=192.168.210.42/30 interface=vlan4022_uplink2 network=\
192.168.210.40
add address=x.y.z.a/27 interface=combo2 network=x.y.z.b
/ip dhcp-server network

There is no bridge address its missing............. the dchp-server identifies a bridge, you have bridge ports too......

Why do you masquerade bridge traffic.........??
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge

sorry, I am new to configuring switch / router and learning everyday.

I the quick set config i see the Mode is set to "Bridge" and IP is set to "x.y.z.65". Please see the attached image for your reference.

bridge_config.png

if you could point me what i am missing it would be great.

Unable to update Router OS

Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Re: Unable to update Router OS

Who is online