Community discussions

MikroTik App
 
sniper88
just joined
Topic Author
Posts: 10
Joined: Fri Apr 13, 2018 5:17 pm

RoMON function

Mon Mar 11, 2019 12:52 pm

Hello,
someone can help me about a RoMON config in Mikrotik?
I have a Mikrotik as firewall linked to a another Mikotik Access Point with a switch HPE OfficeConnect Switch 1920S 24G 2SFP JL381A. The firewall has a dhcp server on ether2 and is linked in he switch. Also the fw has the ether4 with 1 vlan linked in another port in the switch with another dhcp server (for vlan). Al dhcp server and vlan are managed with the bridge config, so for example i have created a vlan (on ether4) and then a bridge called bridge-vlan with the vlan created before into.
The AP has 2 dhcp client and receive the ip from the lan (ether2) and the vlan net (ether4 from fw).
I configured the switch to manage the vlan, and the AP have the 2 ips correctly.
My question is... why the RoMON service doesn't work?
PS: If I connect directly the AP for example at the ether3 of the fw the romon works.
Someone have any idea?
Seem that the switch doesn't pass the romon packets, but all networks work great.
Thanks.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RoMON function

Mon Mar 11, 2019 2:16 pm

Wow, that description begs for a clarifying diagram!!
What are your romon settings so far?
on the router and on the access point (dont use real entries just replace them with others)

my assumption is that one puts an ID of your choice on the router, creates a secret word.
then go to access point put in an ID or accept the default and put in the SAME secret word.

On the router block wan connections, (external interface) enable lan connections
on access point block external connections wan enable lan connections
 
User avatar
nickshore
Long time Member
Long time Member
Posts: 520
Joined: Thu Mar 03, 2005 4:14 pm
Location: Suffolk, UK.
Contact:

Re: RoMON function

Mon Mar 11, 2019 2:31 pm

You may need to check any filtering settings on the switch.

It sounds like the switch is filtering all packets in 01:80:c2:00 rather than just the range which is supposed to be excluded.

Only this part should be filtered 01-80-C2-00-00-00 to 01-80-C2-00-00-0F

Regards
Nick
 
glat
just joined
Posts: 11
Joined: Mon Oct 06, 2014 6:45 pm

Re: RoMON function

Tue Jun 18, 2019 6:29 pm

Same here by using an HP switch 1920S. They filters wrong, but there's no settings about filtering. Anyone knows a workaround?
 
ovidiu
just joined
Posts: 14
Joined: Sun Jan 15, 2017 9:28 am

Re: RoMON function

Thu Nov 19, 2020 1:49 pm

Same problem, tested on 2 switches 1920s 24 port, both with same problem blocking ROMON. Older 1920 pass OK.
 
ovidiu
just joined
Posts: 14
Joined: Sun Jan 15, 2017 9:28 am

Re: RoMON function

Tue Dec 28, 2021 11:07 pm

Problem solved!
In the beginning I had only one 1920s in the net but in time we got other 3 so the problem could not be avoided. I had to do something.
Starting from nickshore's remark and manual I start digging on how to allow other protocols on the switch.
We have to allow EtherType 0x88bf and dst-MAC 01:80:c2:00:88:bf. For some reason by default the 1920s and 1820s is blocking it.
So in the graphical interface we go to QoS, Access Control List, Summary, add a new ACL Type = Extended MAC. Write a name, for example RoMON.
On the Configuration tab add a new rule, Sequence Number = 10 or something bigger, Action = Permit, Match Criteria checked. Rules are evaluated in order and only the first match will count. For example if you put an allow rule and then a deny rule, only the allow will be executed. If we don't add a rule to allow all the necessary protocols, then no traffic will pass. I locked out myself adding only the RoMON protocol.
For test only, I added also a new rule Sequence = 1 with EtherType 88bf and dst-MAC 01:80:c2:00:88:bf / ff:ff:ff:ff:ff:ff, showing in the Statistics tab that such packets are identified by the switch.
Of course if you need to deny some packets or to allow specific protocols, further research is required for the necessary rules, check here and here.
At this point I didn't saved the configuration because if something goes wrong, powering off the switch will revert the changes.
Last step: On the Interfaces tab, add the necessary interfaces, use ctrl to select multiple.
 
User avatar
fabiopera
just joined
Posts: 1
Joined: Fri Jun 02, 2023 8:42 pm
Location: Brazil
Contact:

Re: RoMON function

Fri Jun 02, 2023 9:00 pm

Friends, I have a SW HP1910-JE009A, I also had the problem of not being able to connect to ROMON through the TRUNK ports.
My RB3011 did not communicate with the RB2011, when connected to the TRUNK ports on the HP. The VLANs were all OK and passing data.
I managed to make the ROMON connect, placing the TRUNK ports on the HP SW with default VLAN 1 (Untagged Membership).
It worked right away.
Hope this helps.
Good luck.

Pera, Fabio...
https://www.linkedin.com/in/perafabio/

Who is online

Users browsing this forum: aoravent, ofatieiev, stevencameron16 and 77 guests