Community discussions

MikroTik App
 
nicobar
just joined
Topic Author
Posts: 13
Joined: Wed Jun 24, 2020 3:27 pm

SXT-LTE6 bridge configuration help

Fri Jun 10, 2022 10:11 pm

Hello,

3 years ago I got this router for a remote second house installation, a location that I need to monitor remotely having several IP cams and other smart home devices.
Back then I somewhat managed to make it work in bridge mode with a dual WAN Linksys LRT224, and a mediocre DSL as failover on WAN2. With a strong 800m-away TIM repeater in Italy, I got 3-4 notches of signal and 15Mbit/3Mbit at its worst, 25/7 at its best depending on the days and times. I called it a day back then and moved along.
During the last year this setup started malfunctioning sporadically with frequent disconnections of the SXT LTE6 and resulting switches to the failover wan, than back again after a couple of minute and so on, totally sporadically, multiple times a day. I have Uptime Robot on every device to monitor these events. The LRT224 log just says "connection lost, switching to WAN2".

I did some reading and in many places I saw suggestions about updating the LTE firmware. I realized there are actually three things to update in this Microtik: the router OS, now running 7.3 via file update, the routerboard firmware, and the LTE firmware, which is still 020 and, for what I read, the first thing to update before troubleshooting these disconnections any further.
Just updating the RouterOS to 7.3 may have made it better already, but it could be a coincidence.

Problem 1: I cannot update the LTE firmware because "DNS cannot be resolved" when trying to do any over the air updates. For all I read, I tried to stick 8.8.8.8 in various places to no success.
Problem 2: I would love for somebody expert to review in general my entire configuration file and spot if I did any mistake that may impact the performances (LTE bands, things like that)

After all I don't have any "crazy configuration" in the LAN, which can be summarized like this:

- SXT-LTE6 as primary WAN, on 192.168.0.x IP, connected to WAN 1 of the router LRT224
- Asus DSL modem in bridge mode, on 192.168.0.y IP, connected to WAN 2 on the router LRT224
- LRT224 is in 'fail over' mode with WAN 1 priority, and DHCP on the 192.168.1.x group
- bunch of devices behind LRT224 via various switches, no further firewalls or anything special
- very important requirement which I have in place: I have several ports open in the router, one for each camera, so both the Microtik and the Asus DSL modem are absolutely transparent to outside requests through these port (is it called pass-through bridge I think?) . There are two different dyndns addresses one per connection ( I know this is not safe but there are practical reasons for this like not having older parents having to mess with openVPN clients)

All of the above works fairly well, with the router switching to WAN 2 when WAN 1 is not available.

The first question is then: how do I dump the entire configuration of the Microtik on a file to upload here, and,
second question: would there be anyone so kind to give it a review? For some post I read, there were other users with grossly misconfigured routers that were still working somewhat, but far away from their target performances, and I am afraid I may be one of those cases.

Thank you so much to everyone who may help, sorry I am kind of a noob here :-)
 
nicobar
just joined
Topic Author
Posts: 13
Joined: Wed Jun 24, 2020 3:27 pm

Re: SXT-LTE6 bridge configuration help

Sat Jun 18, 2022 1:24 am

Hi all,

I am pasting my configuration (I just masked serial and MAC). Does anybody know what may be preventing the SXT to resolve the DNS ? It's like it transfer the internet right through my router as a bridge is suppoused to do, but it does not resolve DNS itself and cannot perform OTA updates and NTP updates.


# jun/13/2022 20:01:33 by RouterOS 7.3
# software id = M5FR-KTFY
#
# model = RBSXTR
# serial number = xxxxxxxx
/interface bridge
add admin-mac=xx:xx:xx:xx:xx:xxauto-mac=no comment=defconf name=bridge
/interface lte
# A newer version of modem firmware is available!
set [ find ] allow-roaming=no band="" name=lte1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] apn=ibox.tim.it ip-type=ipv4 passthrough-interface=\
ether2 passthrough-mac=auto use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=yes interface=bridge name=defconf
/interface ppp-client
add apn=internet name=ppp-out1 port=usb1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether1
add bridge=bridge comment=defconf disabled=yes ingress-filtering=no \
interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=\
all wan-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=lte1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.0.3/24 comment=defconf interface=ether1 network=\
192.168.0.0
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8 gateway=\
192.168.0.3 netmask=24
/ip dns
set servers=8.8.8.8
/ip dns static
add address=192.168.0.3 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface-list=WAN
/system clock
set time-zone-name=Europe/Rome
/system ntp client
set enabled=yes mode=broadcast
/system ntp client servers
add address=193.204.114.232
/system package update
set channel=long-term
/tool e-mail
set address=smtp.gmail.com from=Microtik tls=starttls user=\
xyz@gmail.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
 
hecatae
Member Candidate
Member Candidate
Posts: 244
Joined: Thu May 21, 2020 2:34 pm

Re: SXT-LTE6 bridge configuration help

Sun Jun 19, 2022 12:30 am

Here's a few solutions:

1. Email support at mikrotik and ask for the modem firmware, support can offer a particular RouterOS7 version that allows modem firmware update from files.

2. Make a backup of your current configuration and export it. As soon as you have the exported configuration, reset the sxt with default configuration, perform modem firmware update.
After modem firmware update completes, reset sxt without default configuration and import the backup configuration.

Hope the above helps
 
nicobar
just joined
Topic Author
Posts: 13
Joined: Wed Jun 24, 2020 3:27 pm

Re: SXT-LTE6 bridge configuration help

Tue Jun 21, 2022 12:26 am

I was able to update the modem OTA by switching configuration back to router mode. In this configuration also NTP works.
Then I switched back to bridge mode, and indeed it seems the connection remains more stable.
However, I still have the problem that DNS cannot be resolved in the SXT, therefore NTP does not work either. It seems the SXT passes the internet through to the LRT221 router (which has internet and so does all the LAN behind) , "but it does not have internet itself".
I am surprised nobody has seen this problem, am I the only one using the SXT as a passthrough my modem?

Who is online

Users browsing this forum: morphema and 25 guests