Community discussions

MikroTik App
 
kygeld
just joined
Topic Author
Posts: 3
Joined: Sun Jun 05, 2022 4:16 am

New router (fresh config), It's working, but barely. Lots of strange behavior

Sun Jun 05, 2022 4:31 am

Hello friends,

I have a new, freshly configured RB951 (Router OS 6.48.6) with a base-level config, the basics to connect to the internet. While I have internet access, I have issues with virtually every other part of my system.

Here's my symptoms:
1. I have a cloud-based application that uses web UIs to control photography equipment - this has lost connection to my cameras and printers.
2. None of my hosts are able to access any web-based speed test, any might be hyperbole but speedtest.org and fast.com just return errors. Also, ironically, the Mikrotik page behaves the same way. It will load, but every link fails (very frustrating while trying to download winbox).
3. My Unifi AP's are broadcasting SSIDs, but those WLANS don't have access to the internet.
4. DHCP is running, several devices have valid leases but there are a few devices that will grab a DHCP IP, then disconnect from the LAN. No IP conflicts, just get IP - drop off LAN. When I set them as static everything works. It's just when they get DHCP addresses.
5. I have a 100/100 fiber link from Verizon, I'm getting about about 3-4mbps and very poor upload, sub 1 meg. There's also duplex and auto negotiation errors in the log sporadically.

I have configured hundreds of RB951s over the years with my previous company and have never had these issues. I'm not an expert by any means, in fact - I mostly configure these with scripts - but I feel like I have to be missing something.

Any ideas, I'm really kinda strugglin' here :P
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2865
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Sun Jun 05, 2022 12:29 pm

Configuration please or you want us to read the tea leaves. Do not forget hide private info.
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Tue Jun 07, 2022 1:52 am

There's also duplex and auto negotiation errors in the log sporadically.
Check layer 1 first...

My suggestion is to replace all of the network cables as a first step.

Duplex and auto-negotiation errors screams hardware issue.. Defective cables or defective devices.
 
kygeld
just joined
Topic Author
Posts: 3
Joined: Sun Jun 05, 2022 4:16 am

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Tue Jun 07, 2022 6:56 pm

Thanks for taking a look, I didn't realize there were any replies here.

Here's my testing config (I've thoroughly poked holes in it in an attempt to solve some of these issues).
# jun/06/2022 23:23:15 by RouterOS 6.48.6
# software id = QCL1-AXIQ
#
# model = RB951G-2HnD
# serial number = xxxxxxxxxxx
/interface bridge
add admin-mac=x auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=\
    MikroTik-C7588D wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no speed=100Mbps
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=venue-pool ranges=192.168.2.20-192.168.2.99
/ip dhcp-server
add address-pool=venue-pool disabled=no interface=bridge lease-time=2d name=\
    sb-lan
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.2.1/24 interface=bridge network=192.168.2.0
add address=x.x.x.226/30 interface=ether1 network=x.x.x.224
/ip dhcp-server network
add address=192.168.2.0/24 dns-server=192.168.2.1,9.9.9.9 gateway=192.168.2.1 \
    ntp-server=192.168.2.1
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=9.9.9.9,8.8.4.4
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
    protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
    dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=x.x.x.225
/ip service
set telnet disabled=yes
set www-ssl disabled=no
/system clock
set time-zone-name=America/New_York
/system identity
set name=xxxx_6-48-6
/system logging
add topics=firewall
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
The cables are all new, and they've been swapped out for new cables. I don't think it's physical, unless it's the actual router or port. I'm not ruling that out completely, but, I've installed over 100 of these and I don't think I've ever had a failure out of the box.

There's a theory that our ISP (Verizon business, 100/100 fiber) maybe blocking some HTTPS traffic.
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Tue Jun 07, 2022 7:02 pm

The cables are all new, and they've been swapped out for new cables. I don't think it's physical, unless it's the actual router or port. I'm not ruling that out completely, but, I've installed over 100 of these and I don't think I've ever had a failure out of the box.

There's a theory that our ISP (Verizon business, 100/100 fiber) maybe blocking some HTTPS traffic.
I would not expect Verizon to be blocking any traffic, any ISP to be blocking some HTTPS traffic would would be rare.

Do you have a spare router you can swap it with, even temporarily?

Take this router to another location and test it there?
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Tue Jun 07, 2022 7:51 pm

But if it's not the cable, my next goto is DNS. You config has 512 packet size limit, that isn't the default AFAIK & certainly if a DNS lookup failed for a client, it look like an "HTTPS issue"...
There's a theory that our ISP (Verizon business, 100/100 fiber) maybe blocking some HTTPS traffic.
That seems like something worth exploring if not DNS. Bad, or older/incomptiable/etc ONT on the Verizon end? Do you regular use their internet service? It's possible it's some captive portal, or need some MAC/802.11/etc authentication, etc. to connect to VZ.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Tue Jun 07, 2022 7:57 pm

I guess the Layer 2 answer:

If you have switches, you might want to make sure [M/R/]STP isn't going into blocking mode someplace. That introduce a lot of weird problems (e.g. printer/other device coming online causes STP recalc, all devices would have issue while STP converges).
 
WeWiNet
Long time Member
Long time Member
Posts: 592
Joined: Thu Sep 27, 2018 4:11 pm

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Tue Jun 07, 2022 8:00 pm

/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no speed=100Mbps
Why switching off auto negotiation on internet port ?
 
kygeld
just joined
Topic Author
Posts: 3
Joined: Sun Jun 05, 2022 4:16 am

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Tue Jun 14, 2022 5:19 pm

The default MTU size and auto negotiation were specific configurations Verizon told us to make.
It's a business fiber link, they sent a configuration email with a /30 address (later changed to /29), an MTU size, as well as speed and duplex of 100 full.
 
kevinds
Long time Member
Long time Member
Posts: 638
Joined: Wed Jan 14, 2015 8:41 am

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

Thu Jun 16, 2022 1:44 am

The default MTU size and auto negotiation were specific configurations Verizon told us to make.
It's a business fiber link, they sent a configuration email with a /30 address (later changed to /29), an MTU size, as well as speed and duplex of 100 full.
They were not talking about an MTU setting.. MTU appears to be the default 1500?

They were referencing this,
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=9.9.9.9,8.8.4.4
Specifically why is "max-udp-packet-size" set.

Who is online

Users browsing this forum: Bing [Bot], cdblue, intania, tesme33 and 46 guests