Community discussions

MikroTik App
 
User avatar
thanpolas
just joined
Topic Author
Posts: 13
Joined: Wed May 11, 2022 9:22 pm
Location: Greece
Contact:

Unifi WiFi Clients losing local subnet routing

Wed Jan 25, 2023 12:37 pm

Hello everyone,

I've been having an very disrupting problem since this morning, all my WiFi clients lose routing to their local subnets...

My main router is Mikrotik (CCR2004-16G-2S+). I have 3 WANs configured with PBR and have created 4 VLANS.

At the Mikrotik router, my Unifi USW-16-PoE switch is connected, which manages 3 U6-LR Access Points.

On the unifi side, I have 4 WiFi networks configured, each on their own VLAN as provided by Mikrotik. DHCP is provided by Mikrotik.

Sample Network configuration:

* 192.168.0.0/24: Core network for routers
* 192.168.30.0/24: Network to one of the WAN routes (to DSL router)
* 192.168.50.0/24: One of the WiFi networks.
* 192.168.20.0/24: Another of the WiFi networks.

This setup has been working without problem for over 6 months now... Until today...

Today the WiFi clients started having "no internet"... upon further investigation I was not able to ping anything that was routed through mikrotik...

For example, from my WiFi client IP 192.168.50.x, I could not ping the 192.168.30.x subnet, which is one of the paths to the internet... I was able to ping other clients on other WiFi subnets on the 192.168.20.x network...

After about 10-15 minutes connectivity will be restored... If I restart the mikrotik router, connectivity will be restored as soon as Mikrotik reboots.

I am completely baffled by this severe and disrupting issue, I don't even know where to start troubleshooting the issue... I don't even know if the issue lies with the Mikrotik or Unifi hardware... I'll be posting this on both forums.

I've enabled verbose logs on Mikrotik, the only thing that stands out at the moment connectivity is lost is the following:
vlan-cameras: bridge RX looped packet - MAC 2c:c8:1b:d3:44:f5 -> ff:ff:ff:ff:ff:ff ETHERTYPE 0x0800 IP UDP 192.168.40.1:5678 -> 255.255.255.255:5678
That is my reolink camera, which is pluged on a PoE port of the Unifi switch, configured to be on the "cameras" VLAN (192.168.40.0 network).

The other possibly suspect log is this:
host 4C:20:B8:F0:81:38 changed ports: ether10-UniFi-Switch to ether9-Polas
Which I do not know if it's normal, pre-existed the issues or it's related... A Google search on "changed ports" did not reveal much...

I am attaching a screenshot of the logs right before connectivity was lost (I hope I am doing this right, if not, I'll post a reply).

My `/export hide-sensitive` with some sensitive info redacted:
[admin@Polas Core] > /export hide-sensitive
# jan/25/2023 12:32:59 by RouterOS 7.7
# software id = 122G-66AK
#
# model = CCR2004-16G-2S+
# serial number = HAV072JXDKM
/interface bridge
add name=bridge-vlan-IoT
add name=bridge-vlan-cameras
add name=bridge-vlan-guests-wifi
add name=bridge-vlan-home-wifi
add name=bridge1-LAN
/interface ethernet
set [ find default-name=ether1 ] name=ether1-Cosmote
set [ find default-name=ether2 ] name=ether2-5G-Modem
set [ find default-name=ether3 ] name=ether3-Starlink
set [ find default-name=ether8 ] name=ether8-Lina
set [ find default-name=ether9 ] name=ether9-Polas
set [ find default-name=ether10 ] name=ether10-UniFi-Switch
set [ find default-name=ether11 ] name=ether11-Markos
set [ find default-name=ether13 ] name=ether13-reolink
set [ find default-name=sfp-sfpplus1 ] disabled=yes
set [ find default-name=sfp-sfpplus2 ] disabled=yes
/interface l2tp-server
add name=l2tp-in-polas user=thanpolas-pptp
/interface pppoe-client
add allow=pap,chap interface=ether1-Cosmote name=pppoe-out-cosmote use-peer-dns=yes user=ozxph6@otenet.gr
/interface vlan
add interface=ether10-UniFi-Switch name=vlan-IoT vlan-id=30
add interface=ether10-UniFi-Switch name=vlan-cameras vlan-id=40
add interface=ether10-UniFi-Switch name=vlan-guests-wifi vlan-id=20
add interface=ether10-UniFi-Switch name=vlan-home-wifi vlan-id=10
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.0.50-192.168.0.254
add name=pptp-clients-polas ranges=192.168.5.10-192.168.5.100
add comment="Home WiFi VLAN Pool" name=pool-dhcp-vlan-home ranges=192.168.50.20-192.168.50.254
add comment="Guests WiFi VLAN Pool" name=pool-dhcp-vlan-guests ranges=192.168.10.20-192.168.10.254
add comment="IoT VLAN Pool" name=pool-dhcp-vlan-iot ranges=192.168.20.20-192.168.20.254
add comment="Cameras VLAN Pool" name=pool-dhcp-vlan-cameras ranges=192.168.40.20-192.168.40.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1-LAN lease-time=4d4h40m39s name=dhcp-core
add add-arp=yes address-pool=pool-dhcp-vlan-home interface=bridge-vlan-home-wifi lease-time=4d1h40m39s name=dhcp-home-wifi
add add-arp=yes address-pool=pool-dhcp-vlan-guests interface=bridge-vlan-guests-wifi lease-time=4d1h40m39s name=dhcp-guests-wifi
add add-arp=yes address-pool=pool-dhcp-vlan-iot interface=bridge-vlan-IoT lease-time=4d1h40m39s name=dhcp-iot
add add-arp=yes address-pool=pool-dhcp-vlan-cameras interface=bridge-vlan-cameras lease-time=4d1h40m39s name=dhcp-cameras
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add bridge=bridge1-LAN local-address=192.168.5.20 name=polas-l2tp remote-address=pptp-clients-polas
/routing table
add disabled=no fib name=to-wan-cosmote
add disabled=no fib name=to-wan-5g
add disabled=no fib name=to-wan-starlink
add disabled=no fib name=to-wan-starlink-no-resursive
/interface bridge port
add bridge=bridge1-LAN ingress-filtering=no interface=ether15
add bridge=bridge1-LAN ingress-filtering=no interface=ether14
add bridge=bridge1-LAN ingress-filtering=no interface=ether13-reolink
add bridge=bridge1-LAN ingress-filtering=no interface=ether12
add bridge=bridge1-LAN ingress-filtering=no interface=ether11-Markos
add bridge=bridge1-LAN ingress-filtering=no interface=ether10-UniFi-Switch
add bridge=bridge1-LAN ingress-filtering=no interface=ether9-Polas
add bridge=bridge1-LAN ingress-filtering=no interface=ether8-Lina
add bridge=bridge1-LAN ingress-filtering=no interface=ether7
add bridge=bridge1-LAN ingress-filtering=no interface=ether6
add bridge=bridge1-LAN ingress-filtering=no interface=ether5
add bridge=bridge1-LAN ingress-filtering=no interface=ether4
add bridge=bridge1-LAN ingress-filtering=no interface=ether16
add bridge=bridge1-LAN ingress-filtering=no interface=ether2-5G-Modem
add bridge=bridge-vlan-home-wifi interface=vlan-home-wifi
add bridge=bridge-vlan-guests-wifi interface=vlan-guests-wifi
add bridge=bridge-vlan-IoT interface=vlan-IoT
add bridge=bridge-vlan-cameras interface=vlan-cameras
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set max-neighbor-entries=8192
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=ether1-Cosmote list=WAN
add interface=ether2-5G-Modem list=WAN
add interface=ether3-Starlink list=WAN
add interface=bridge1-LAN list=LAN
add interface=ether13-reolink list=LAN
add interface=l2tp-in-polas list=LAN
add interface=ether10-UniFi-Switch list=LAN
add interface=bridge-vlan-IoT list=LAN
add interface=bridge-vlan-guests-wifi list=LAN
add interface=bridge-vlan-home-wifi list=LAN
add interface=bridge-vlan-cameras list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set default-profile=*1
/ip address
add address=192.168.0.1/24 comment=LAN interface=bridge1-LAN network=192.168.0.0
add address=192.168.30.1/24 comment="Cosmote Model Subnet" interface=ether1-Cosmote network=192.168.30.0
add address=192.168.1.10/24 comment="Starlink Subnet" interface=ether3-Starlink network=192.168.1.0
add address=192.168.50.1/24 comment="Home WiFi VLAN" interface=bridge-vlan-home-wifi network=192.168.50.0
add address=192.168.20.1/24 comment="IoT VLAN" interface=bridge-vlan-IoT network=192.168.20.0
add address=192.168.10.1/24 comment="Guests WiFi VLAN" interface=bridge-vlan-guests-wifi network=192.168.10.0
add address=192.168.40.1/24 comment="Cameras VLAN" interface=bridge-vlan-cameras network=192.168.40.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1h
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1,8.8.8.8,1.1.1.1 gateway=192.168.0.1 netmask=24
add address=192.168.10.0/24 dns-server=192.168.0.1,8.8.8.8,1.1.1.1 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=192.168.0.1,8.8.8.8,1.1.1.1 gateway=192.168.20.1
add address=192.168.40.0/24 dns-server=192.168.0.1,8.8.8.8,1.1.1.1 gateway=192.168.40.1
add address=192.168.50.0/24 dns-server=192.168.0.1,8.8.8.8,1.1.1.1 gateway=192.168.50.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip firewall address-list
add address=192.168.0.0/16 list="Private IP Addresses"
add address=172.16.0.0/12 list="Private IP Addresses"
add address=10.0.0.0/8 list="Private IP Addresses"
add address=cloud.mikrotik.com list="Mikrotik Cloud"
add address=cloud2.mikrotik.com list="Mikrotik Cloud"
/ip firewall mangle
add action=mark-routing chain=prerouting comment="PBR Force certain destinations to go through Cosmote" dst-address-list="Dst Addresses for Cosmote" in-interface-list=LAN new-routing-mark=to-wan-cosmote \
    passthrough=no
add action=mark-routing chain=prerouting comment="L2TP direct through cosmote" disabled=yes new-routing-mark=to-wan-cosmote passthrough=no protocol=l2tp
add action=mark-routing chain=prerouting comment="PBR Mikrotik Cloud (MT itself, used for self-DDNS ip/cloud)" disabled=yes dst-address-list="Mikrotik Cloud" new-routing-mark=to-wan-cosmote passthrough=no
add action=mark-routing chain=prerouting comment="PBR to Cosmote" dst-address-list="!Private IP Addresses" in-interface-list=LAN new-routing-mark=to-wan-cosmote passthrough=no src-address-list=\
    clients-to-cosmote
add action=mark-routing chain=prerouting comment="PBR to Starlink" dst-address-list="!Private IP Addresses" in-interface-list=LAN new-routing-mark=to-wan-starlink passthrough=no src-address-list=\
    clients-to-starlink
add action=mark-routing chain=prerouting comment="PBR to 5G" dst-address-list="!Private IP Addresses" in-interface-list=LAN new-routing-mark=to-wan-5g passthrough=no src-address-list=clients-to-5g
add action=mark-routing chain=prerouting comment="PBR to Starlink - WITHOUT Recursive Route" dst-address-list="!Private IP Addresses" in-interface-list=LAN new-routing-mark=to-wan-starlink-no-resursive \
    passthrough=no src-address-list=clients-without-recursive-routes
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT Internet" out-interface-list=WAN
/ip route
add comment="Monitor Cosmote" disabled=no distance=5 dst-address=1.0.0.1/32 gateway=192.168.30.2 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Catch-all route to Starlink" disabled=no distance=20 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="Catch-all Backup route to Cosmote" disabled=no distance=30 dst-address=0.0.0.0/0 gateway=1.0.0.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add comment="Catch-all 2nd Backup to 5g Cellular" disabled=no distance=50 dst-address=0.0.0.0/0 gateway=192.168.0.3 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="PBR Starlink 1st Route" disabled=no distance=8 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to-wan-starlink scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="PBR Cosmote 1st Route" disabled=no distance=8 dst-address=0.0.0.0/0 gateway=1.0.0.1 pref-src="" routing-table=to-wan-cosmote scope=30 suppress-hw-offload=no target-scope=11
add check-gateway=ping comment="PBR Starlink 2nd Route(Cosmote)" disabled=no distance=9 dst-address=0.0.0.0/0 gateway=1.0.0.1 pref-src="" routing-table=to-wan-starlink scope=30 suppress-hw-offload=no \
    target-scope=11
add check-gateway=ping comment="PBR Cosmote 2nd Route (Starlink)" disabled=no distance=10 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=to-wan-cosmote scope=30 suppress-hw-offload=no \
    target-scope=11
add comment="Monitor Starlink" disabled=no distance=5 dst-address=8.8.4.4/32 gateway=192.168.1.1 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="PBR 5G 1st Route" disabled=no distance=8 dst-address=0.0.0.0/0 gateway=1.0.0.2 pref-src="" routing-table=to-wan-5g scope=30 suppress-hw-offload=no target-scope=11
add comment="Monitor 5G" disabled=no distance=5 dst-address=1.0.0.2/32 gateway=192.168.0.3 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
/ppp secret
add local-address=192.168.5.20 name=thanpolas-pptp profile=polas-l2tp remote-address=192.168.5.21
/system clock
set time-zone-name=Europe/Athens
/system identity
set name="Polas Core"
/system logging
add topics=!dns
/tool bandwidth-server
set authenticate=no

any pointers would be appreciated.
 
User avatar
thanpolas
just joined
Topic Author
Posts: 13
Joined: Wed May 11, 2022 9:22 pm
Location: Greece
Contact:

Re: Unifi WiFi Clients losing local subnet routing

Wed Jan 25, 2023 12:41 pm

attaching the logs didn't work, let's see if imgur will help:

Image
 
User avatar
thanpolas
just joined
Topic Author
Posts: 13
Joined: Wed May 11, 2022 9:22 pm
Location: Greece
Contact:

Re: Unifi WiFi Clients losing local subnet routing

Wed Jan 25, 2023 12:48 pm

Linking my unifi post for cross-reference: https://community.ui.com/questions/WiFi ... eb9e68401a
 
User avatar
thanpolas
just joined
Topic Author
Posts: 13
Joined: Wed May 11, 2022 9:22 pm
Location: Greece
Contact:

Re: Unifi WiFi Clients losing local subnet routing

Thu Jan 26, 2023 2:54 pm

Once I restarted the USW-16-PoE switch the problem resolved itself... 🤷

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], sinisa and 98 guests