Community discussions

MikroTik App
 
brusuillis
just joined
Topic Author
Posts: 11
Joined: Tue Jul 19, 2022 8:11 pm

Issues with EOLO ISP

Sun Aug 07, 2022 7:57 pm

Good sunday.
I've an RB2011 that thanks to your supporto I managed to configure as I needed.
After a couple of day of good working behaviour, it started showing problems with the pppoe dial up (EOLO).
Looking at log, it tries to initiate the connection but terminate and disconnect every 10 seconds. If I switch the cable back to the ISP router, it gets a steady connection in less than 15".
I think I should revert to "bridge" configuration and use the ISP router as a modem, but I would like to spare a device...
This is the last working config:
# aug/05/2022 11:41:47 by RouterOS 7.4
# software id = EBV1-UKWG
#
# model = RB2011UiAS-2HnD
# serial number = HCJ087SPZEY
/interface bridge
add name=BR1 protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] comment="Connessione Eolo"
set [ find default-name=ether10 ] name=ether10-safe
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto hide-ssid=yes \
    mode=ap-bridge ssid=theFarmSvc
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface vlan
add interface=BR1 name=BASE_VLAN vlan-id=99
add interface=BR1 name=BLUE_VLAN vlan-id=10
add interface=ether1 name=EOLO_VLAN vlan-id=100
add interface=BR1 name=GREEN_VLAN vlan-id=20
/interface pppoe-client
add add-default-route=yes disabled=no interface=EOLO_VLAN name=pppoe-out1 \
    user=WB3611188119
/interface list
add name=WAN
add name=VLAN
add name=BASE
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik
/ip pool
add name=BLUE_POOL ranges=192.168.3.2-192.168.3.254
add name=GREEN_POOL ranges=192.168.203.2-192.168.203.254
add name=BASE_POOL ranges=192.168.0.10-192.168.0.20
/ip dhcp-server
add address-pool=BLUE_POOL interface=BLUE_VLAN lease-time=1d name=BLUE_DHCP
add address-pool=GREEN_POOL interface=GREEN_VLAN name=GREEN_DHCP
add address-pool=BASE_POOL interface=BASE_VLAN lease-time=1d name=BASE_DHCP
/port
set 0 name=serial0
/interface bridge port
add bridge=BR1 interface=ether2 pvid=10
add bridge=BR1 interface=ether3 pvid=10
add bridge=BR1 interface=wlan1 pvid=20
add bridge=BR1 interface=ether4 pvid=20
add bridge=BR1 interface=ether5 pvid=20
add bridge=BR1 interface=ether9 pvid=99
/ip neighbor discovery-settings
set discover-interface-list=BASE
/interface bridge vlan
add bridge=BR1 tagged=BR1 untagged=ether4,ether5 vlan-ids=20
add bridge=BR1 tagged=BR1 untagged=ether2,ether3,wlan1 vlan-ids=10
add bridge=BR1 tagged=BR1 untagged=ether9 vlan-ids=99
/interface list member
add interface=BLUE_VLAN list=VLAN
add interface=GREEN_VLAN list=VLAN
add interface=BASE_VLAN list=BASE
add interface=ether10-safe list=BASE
add interface=BR1 list=LAN
add interface=pppoe-out1 list=WAN
/interface wireguard peers
add allowed-address=192.168.103.254/32 comment=homerPhone interface=\
    wireguard1 public-key="pubKeyA"
/ip address
add address=10.10.0.1/24 interface=BR1 network=10.10.0.0
add address=192.168.3.1/24 interface=BLUE_VLAN network=192.168.3.0
add address=192.168.203.1/24 interface=GREEN_VLAN network=192.168.203.0
add address=192.168.0.1/24 interface=BASE_VLAN network=192.168.0.0
add address=192.168.103.1/24 interface=wireguard1 network=192.168.103.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=yes interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
add address=192.168.3.0/24 dns-server=192.168.0.1 gateway=192.168.3.1
add address=192.168.203.0/24 dns-server=192.168.0.1 gateway=192.168.203.1
/ip dns
set allow-remote-requests=yes servers=9.9.9.9
/ip firewall filter
add action=accept chain=input comment="allow WireGuard" dst-port=13231 \
    protocol=udp
add action=accept chain=input comment="allow WireGuard traffic" src-address=\
    192.168.103.0/24
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input in-interface-list=BASE
add action=accept chain=input dst-port=53 in-interface-list=VLAN protocol=tcp
add action=accept chain=input dst-port=53 in-interface-list=VLAN protocol=udp
add action=drop chain=input comment="drop everything else"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=accept chain=forward comment="allow internet traffic" \
    in-interface-list=VLAN out-interface-list=WAN
add action=accept chain=forward in-interface-list=BASE out-interface-list=WAN
add action=accept chain=forward comment="allow wireguard to VLAN" \
    in-interface=wireguard1 out-interface-list=VLAN
add action=accept chain=forward comment="enable homerPhone to BLUE" \
    out-interface=BLUE_VLAN src-mac-address=xxxxxx
add action=accept chain=forward comment="enable BASE control everywhere" \
    in-interface-list=BASE out-interface-list=VLAN
add action=accept chain=forward comment="allow port forwarding" \
    connection-nat-state=dstnat
add action=drop chain=forward
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface-list=WAN
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=MTtheFarm
/tool mac-server mac-winbox
set allowed-interface-list=BASE
Thanks for any suggestion
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Issues with EOLO ISP

Mon Aug 08, 2022 2:08 pm

There is no magic pill - you have to find out whether there's a bug at RouterOS side or a bug at ISP side. If I were to analyse this, I would sniff how the PPPoE connection establishment looks when you start it for the first time, and then sniff what is going on when the PPPoE keeps trying in vain.

So the steps would be the following:
  • /tool sniffer set file-name=pppoe-initial.pcap file-limit=2000
    /interface pppoe-client disable pppoe-out1
  • reboot the router and log in again
  • /tool sniffer quick interface=ether1
  • in another command line window, or using Winbox, enable the PPPoE client interface, and wait until it gets up. Then stop the /tool sniffer quick ... and download the file pppoe-initial.pcap
  • /tool sniffer set file-name=pppoe-trouble
  • wait until it breaks (which may take days as you wrote)
  • /tool sniffer quick interface=ether1
    let it run for 60 seconds, then stop the /tool sniffer quick ... and download the file pppoe-trouble.pcap
Then open each file using Wireshark; if you don't know what to look for, you may want to post the file from the troublesome time here, chances are quite high that there will be no sensitive information in it (except your MAC address which is not much useful), but theoretically there may be the authentication exchange if the problem appears in a later stage of PPPoE session establishment.

Or you can reorder the steps if a significant amount of time has already elapsed since last outage - first capture the struggle, and then capture the successful start.
 
brusuillis
just joined
Topic Author
Posts: 11
Joined: Tue Jul 19, 2022 8:11 pm

Re: Issues with EOLO ISP

Sun Aug 14, 2022 7:08 pm

Short update.. the issue was related to the cable toward the antenna.
Now they fixed it (IPS ownership...) and it works.
The strange thing is that the connection initialization is longer, with MT, and the performance are lower...

The solution seems to be using the MT as router and their as a "modem"
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: Issues with EOLO ISP

Mon Aug 15, 2022 5:04 am

@sindy

quick one , that is only question for my information.
If the pppoe is on et1==>vl100, why u getting him to snif the traffic on eth1? it would be logically if he is doing sniffing on pppoe.

im not saying that you are doing that wrong , just i need that for my info.

Thanks brate
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: Issues with EOLO ISP

Mon Aug 15, 2022 8:00 am

why u getting him to snif the traffic on eth1
Because I don't care about the contents of the IP packets in the ongoing PPPoE session but about the process of PPPoE session setup, and because even the proces of tagging the PPPoE(D) frames could be wrong. If you capture at ether1 while the PPPoE session is up and running, you can see the complete ether(vlan(pppoe(ip))) hierarchy in Wireshark; if you capture at the PPPoE interface, you can see only the IP part.
 
brusuillis
just joined
Topic Author
Posts: 11
Joined: Tue Jul 19, 2022 8:11 pm

Re: Issues with EOLO ISP  [SOLVED]

Mon Aug 29, 2022 8:11 pm

UPDATE: (sorry for being late, I was on holyday..)
It sorted out to be an antenna problem. Fixed by the technician...

Who is online

Users browsing this forum: Bing [Bot], freemannnn and 71 guests