I have been suffering with the weirdest issue on my network.
Equipment
Mikrotik 2011 Router with wireless
Dlink Switch
Tenda AP connected to Switch
Various Applications
Setup
i have a Bridge in that bridge i have the wireless and port 3 that is connected to the switch and the AP is connected to this Switch
the router is near my home office so when at my desk my phone connects to the Mikrotik wireless.
Issue
when connected to the mikrotik wireless i cant reach any of my LAN services(cant ping too). If i disconnect then connect i can access for like 2 minutes then back to the issue
internet access not affected
issue not present if i connect to the AP
seems something is dropping the packets destined for LAN devices
I would appreciate tips on how to resolve
Code: Select all
# apr/06/2022 21:46:54 by RouterOS 7.2
# software id = 82QS-JV7P
#
# model = 2011UiAS-2HnD
# serial number = 762D0733BACB
/interface bridge
add comment="Home Bridge" name=twitwi
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] disabled=yes
set [ find default-name=ether3 ] comment="POE Switch LAN"
set [ find default-name=ether4 ] comment="Desk Cable LAN"
set [ find default-name=ether5 ] comment=LAN-Homelab
set [ find default-name=ether6 ] advertise="10M-half,10M-full,100M-half,100M-f\
ull,1000M-half,1000M-full,10000M-full,2500M-full" disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] comment=WANURSALink
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
GPONCPE
set [ find default-name=ether10 ] disabled=yes poe-out=off poe-priority=5
set [ find default-name=sfp1 ] disabled=yes
/interface pppoe-client
add comment="GPON Faiba" disabled=no interface=ether9 max-mtu=1500 name=\
JTLFaiba user=
/interface ethernet switch port
set 6 vlan-mode=fallback
set 7 vlan-mode=fallback
set 8 vlan-mode=fallback
set 9 vlan-mode=fallback
set 10 vlan-mode=fallback
set 12 vlan-mode=fallback
/interface list
add comment=WAN name=WAN
add comment=LAN name=LAN
add comment=Phone name=LTE
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] comment=Default eap-methods="" supplicant-identity=\
MikroTik
add authentication-types=wpa2-psk comment=DefaultHome disable-pmkid=yes \
eap-methods="" mode=dynamic-keys name=Home supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
comment="LAN Wireless" country=kenya disabled=no distance=indoors \
frequency=2452 frequency-mode=manual-txpower hw-retries=10 installation=\
indoor max-station-count=100 mode=ap-bridge multicast-helper=disabled \
name=wireless preamble-mode=long security-profile=Home ssid=twitwi \
tx-power=7 tx-power-mode=all-rates-fixed wireless-protocol=802.11 \
wps-mode=disabled
/interface wireless nstreme
set wireless comment="LAN Wireless"
/interface wireless manual-tx-power-table
set wireless comment="LAN Wireless"
/ip pool
add name=home ranges=iprange.20-iprange.60
add name=pool1 ranges=10.100.111.20-10.100.111.60
/ip dhcp-server
add add-arp=yes address-pool=home interface=twitwi lease-time=1d name=home
/port
set 0 name=serial0
/queue simple
add burst-limit=10M/20M burst-threshold=10M/20M burst-time=5s/5s disabled=yes \
max-limit=10M/20M name=queue1 target=ether5
/snmp community
set [ find default=yes ] addresses=iprange.0/25 name=pablo
/user group
add name=group1 policy="local,reboot,read,test,winbox,password,web,!telnet,!ss\
h,!ftp,!write,!policy,!sniff,!sensitive,!api,!romon,!dude,!rest-api"
/interface bridge port
add bridge=twitwi interface=ether3
add bridge=twitwi interface=ether4
add bridge=twitwi interface=ether5
add bridge=twitwi interface=wireless
/ip neighbor discovery-settings
set discover-interface-list=!none
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether8 list=WAN
add interface=twitwi list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wireless list=LAN
add interface=ether9 list=WAN
add interface=ether3 list=LAN
add interface=JTLFaiba list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=iprange.1/26 comment=Home interface=twitwi network=\
iprange.0
/ip cloud
set ddns-update-interval=3h
/ip dhcp-client
add add-default-route=no comment=GPONFaibaCPE interface=ether9 use-peer-dns=\
no use-peer-ntp=no
add add-default-route=no comment=URSALink interface=ether8 script="/ip dns sta\
tic remove [find where name=cellrouter.lan]\r\
\n:if (\$bound=1) do={/ip dns static add name=cellrouter.lan address=\$\"g\
ateway-address\"}" use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=iprange.25 client-id=1:0:68:eb:62:1f:83 comment=WorkLaptopWire \
mac-address=00:68:EB:62:1F:83 server=home
add address=iprange.58 comment=Bench_Power_IOT mac-address=\
8C:AA:B5:5C:86:D1 server=home
add address=iprange.20 client-id=1:24:ee:9a:a8:a6:c4 comment=\
WorkLaptopWiFi mac-address=24:EE:9A:A8:A6:C4 server=home
add address=iprange.36 client-id=1:a4:50:46:56:13:ab comment=\
XiaomiWorkPhone mac-address=A4:50:46:56:13:AB server=home
add address=iprange.30 client-id=1:0:c:29:f9:69:d2 comment=WinPlex \
mac-address=00:0C:29:F9:69:D2 server=home
add address=iprange.35 client-id=\
ff:2d:1a:a1:33:0:2:0:0:ab:11:79:f6:ba:f4:28:91:12:2a comment=OMV \
mac-address=00:0C:29:26:C6:01 server=home
add address=iprange.31 client-id=1:0:c:29:2c:26:a2 comment=VPNPCVM \
mac-address=00:0C:29:2C:26:A2 server=home
add address=iprange.21 comment=TabletXtigi mac-address=00:0A:00:63:8D:6A \
server=home
add address=iprange.23 client-id=1:ee:15:2e:6b:e8:8a comment=ZenPhone \
mac-address=EE:15:2E:6B:E8:8A server=home
add address=iprange.22 client-id=1:0:23:24:6f:48:6c comment=LenoBB \
mac-address=00:23:24:6F:48:6C server=home
add address=iprange.44 client-id=1:0:c:29:53:44:61 comment=\
"Domain Controler" mac-address=00:0C:29:53:44:61 server=home
add address=iprange.24 client-id=\
ff:9f:6e:85:24:0:2:0:0:ab:11:b4:38:a:19:e7:df:d5:32 comment=Docker_VM \
mac-address=00:0C:29:DB:A6:F5 server=home
add address=iprange.27 client-id=1:b4:47:f5:85:e1:12 comment=Sitto_TV \
mac-address=B4:47:F5:85:E1:12 server=home
add address=iprange.26 client-id=1:c:ec:84:4d:99:49 comment=RaelPhone \
mac-address=0C:EC:84:4D:99:49 server=home
add address=iprange.29 client-id=1:d2:62:8:cb:9e:9 comment=TessWorkPhone \
mac-address=D2:62:08:CB:9E:09 server=home
add address=iprange.32 client-id=1:32:6a:5f:3:92:15 comment=TessPhone \
mac-address=32:6A:5F:03:92:15 server=home
add address=iprange.33 comment=SquarePlug_IOT mac-address=\
B4:E6:2D:62:16:EB server=home
add address=iprange.28 comment=UPSBreaker_IOT mac-address=\
70:89:76:B3:DB:E1 server=home
add address=iprange.34 client-id=1:a0:88:69:29:2d:4f comment=TessLaptop \
mac-address=A0:88:69:29:2D:4F server=home
add address=iprange.37 comment=Camera_IOT mac-address=F4:37:73:0F:09:6E \
server=home
add address=iprange.40 client-id=1:74:de:2b:10:2b:b4 comment=TWorkPC \
mac-address=74:DE:2B:10:2B:B4 server=home
/ip dhcp-server network
add address=iprange.0/26 dns-server=iprange.1 gateway=iprange.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=2d max-concurrent-queries=1000 \
max-concurrent-tcp-sessions=200 max-udp-packet-size=1024 \
query-server-timeout=3s servers=\
208.67.222.222,8.8.8.8,8.8.4.4,208.67.220.220,1.1.1.1
/ip dns static
add address=iprange.1 name=router.lan
add address=172.28.100.25 name=ursalink.lan
add address=iprange.5 name=homelab01
add address=iprange.50 name=homeassistant.home
add address=iprange.47 name=test003.pablo.home
add address=iprange.44 name=pablo.home
add address=iprange.44 name=pablo
add address=iprange.44 name=_ldap._tcp.dc._msdcs.pablo.home
add address=iprange.35 name=netstore.lan
add address=iprange.30 name=jelly.lan
add address=10.235.6.97 name=cellrouter.lan
/ip firewall address-list
add address=iprange.2-iprange.254 list=allowed_to_router
add address=139.162.40.38 list=plex
/ip firewall filter
add action=accept chain=forward comment="Established, Related" \
connection-state=established,related
add action=accept chain=input comment="default configuration" \
connection-state=established,related,untracked
add action=accept chain=input disabled=yes src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input connection-state=invalid
add action=fasttrack-connection chain=forward comment=FastTrack \
connection-state=established,related hw-offload=yes
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
disabled=yes log=yes log-prefix=invalid
add action=accept chain=forward disabled=yes dst-address-list=plex dst-port=\
80,443 protocol=tcp
add action=drop chain=forward disabled=yes out-interface-list=WAN \
src-address=iprange.34
add action=drop chain=input comment=winboxdrop dst-port=8291 \
in-interface-list=WAN protocol=tcp
add action=drop chain=forward comment="Block TV " src-address=iprange.27
/ip firewall nat
add action=masquerade chain=srcnat comment=WAN out-interface-list=WAN
add action=masquerade chain=srcnat comment=GPON disabled=yes out-interface=\
JTLFaiba
add action=masquerade chain=srcnat comment=Faiba disabled=yes out-interface=\
*E
add action=src-nat chain=srcnat disabled=yes out-interface=*E to-addresses=\
192.168.0.10
add action=dst-nat chain=dstnat disabled=yes dst-address= \
dst-port=4040 protocol=tcp to-addresses=iprange.30 to-ports=32400
/ip route
add comment=Faiba disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
JTLFaiba pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
target-scope=10
add comment=Cellular disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
ether8
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=iprange.0/26 disabled=yes port=2200
set www-ssl address=iprange.0/26 certificate=home disabled=no port=4433 \
tls-version=only-1.2
set api disabled=yes
set winbox address=iprange.0/26
set api-ssl address=iprange.0/26 certificate=home disabled=yes \
tls-version=only-1.2
/ip traffic-flow
set enabled=yes
/lcd
set enabled=no touch-screen=disabled
/snmp
set enabled=yes trap-generators=""
/system clock
set time-zone-autodetect=no time-zone-name=Africa/Nairobi
/system identity
set name=home
/system logging
add action=disk prefix=critical topics=critical
add action=disk prefix=warning topics=warning
add action=disk prefix=error topics=error
add action=disk prefix=info topics=info
add action=disk prefix=debug topics=debug
add action=disk prefix=poe topics=poe-out
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.0
add address=162.159.200.123
add address=time.google.com
add address=2.ke.pool.ntp.org
/tool bandwidth-server
set enabled=no
/tool e-mail
set address=smtp.mail.yahoo.com from=@yahoo.com port=587 tls=starttls \
user=@yahoo.com
/tool graphing interface
add
/tool mac-server
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
