Mikrotik help, anyone?

Sinbad

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
88,686
Reaction score
41,232
So before I do what was predicted before it arrived (smash it against the wall), can anyone enlighten me?

I have an RB2011.
It connects to the ISP via pppoe, no problem.
Wifi clients can access the internet, and the router management interface, no problem.
Machines plugged into the 100meg ports can access the internet and management interface, no problem

Machines plugged into the gig ports CANNOT see internet, management interface or machines plugged into 100mb ports, or machines plugged into other gig ports


The 100mb ports are slaves of the first 100mb port
The gig ports are all standalone
local-bridge contains wlan, the 100mb master, and all the 1gb ports.

If I set all the gig ports as slaves of the first one, then machines on the various gig ports can see each other, but still cannot see outside the gig switchchip's network.

So it smells to me like the CPU isn't forwarding packets from the gig switch chip.
What have I done wrong? Or do I have a hardware fault?
 
My guess would be that the router's IP address and network is configured on the 100mb master port. It should be configured on the bridge instead.

Also best to keep the gb ports configured to a master port as the CPU's switching speed is only 250mb (If I remember correctly)
 
pojo2 said:
My guess would be that the router's IP address and network is configured on the 100mb master port. It should be configured on the bridge instead.

Also best to keep the gb ports configured to a master port as the CPU's switching speed is only 250mb (If I remember correctly)
Click to expand...

Nope, the router's IP is on the bridge.
Yes, I plan to set the ports up as slaves as soon as I get it working properly

/interface bridge
add admin-mac=4C:5E:0C:67:FB:A8 auto-mac=no name=bridge-local
/ip address
add address=10.0.0.250/24 comment="default configuration" interface=bridge-local network=10.0.0.0

The wifi clients can see the router's IP...
 
If it's local, packets will switch and not route.
Switching only changes mac addresses to forward the packets.

How do clients on the 1gbe and 100mbe get their IP allocations?

Edit: Also, try inspecting some NIC and look for ARPs. Are there any?
If all ports are bridged, you should see the ARPs going out of every port (just flush arp table beforehand).
 
Last edited:
nand said:
If it's local, packets will switch and not route.
Switching only changes mac addresses to forward the packets.

How do clients on the 1gbe and 100mbe get their IP allocations?
Click to expand...

100mbe = static addresses
wlan = dhcp (working fine)
gbe = static addresses

Not sure what you're saying with switching vs routing?
I want everything (except the pppoe uplink port - eth10) to be part of the same broadcast domain. I understand that bridging is necessary between the gig chip and the 100mb chip - but it seems like that bridging isn't working correctly.
 
Sinbad said:
100mbe = static addresses
wlan = dhcp (working fine)
gbe = static addresses

Not sure what you're saying with switching vs routing?
I want everything (except the pppoe uplink port - eth10) to be part of the same broadcast domain. I understand that bridging is necessary between the gig chip and the 100mb chip - but it seems like that bridging isn't working correctly.
Click to expand...

Sorry, clarified with an edit.
 
When I run a torch on the gig ports, I only see tx traffic, no rx traffic
 
Have you tried putting the master port from the 100mb ports and the master port from the 1gbe ports in the same bridge?

Edit: Is your ROS up to date? Should be 6.18.

Can you give us the output of "interface export" in the terminal or SSH?
 
Last edited:
Clarotech said:
Have you tried putting the master port from the 100mb ports and the master port from the 1gbe ports in the same bridge?

Edit: Is your ROS up to date? Should be 6.18.

Can you give us the output of "interface export" in the terminal or SSH?
Click to expand...

1) Yes
2) 6.19 ...

/interface bridge
add admin-mac=4C:5E:0C:67:FB:A8 auto-mac=no name=bridge-local

/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=ether9-slave-local
set [ find default-name=ether10 ] advertise=10M-half,10M-full,100M-half,100M-full name=ether10-gateway poe-out=off
/interface bridge port
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether1-gateway
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=4 band=2ghz-b/g/n disabled=no distance=indoors l2mtu=2290 mode=ap-bridge ssid=test2 wireless-protocol=\
802.11
/ip address
add address=10.0.0.250/24 comment="default configuration" interface=bridge-local network=10.0.0.0
 
ADSL modem is in eth10

When I had 2-5 set as slaves to 1, and 1 in the bridge, the gig ports could talk to each other, but still not to the cpu or 100mb ports.
 
Strange, docs suggests that should work. Can you post the output of:
interface ethernet print
interface ethernet switch print
interface ethernet switch port print
 
Clarotech said:
Strange, docs suggests that should work. Can you post the output of:
interface ethernet print
interface ethernet switch print
interface ethernet switch port print
Click to expand...

Is that more detailed than an export would provide? I have the export here, but not the router :p

thanks :)
 
The output is different yes.

Sadly the 2011's I had went into production last week, so I can't test.
 
I just got a reply from mikrotik support.
They have no idea, and suggest I reload the firmware with netinstall, reconfigure and try again.

:/
 
Maybe downgrade to 6.18 if you are going to do that. Changelog for 6.19 says there was a change to bridge, maybe they inadvertently broke something.

I'd still be interested to see the other output before you go that route.
 
Clarotech said:
Maybe downgrade to 6.18 if you are going to do that. Changelog for 6.19 says there was a change to bridge, maybe they inadvertently broke something.

I'd still be interested to see the other output before you go that route.
Click to expand...

I'll be sure to keep you posted - thanks for your input :)

They did specify 6.19 in the instructions to netinstall...
 
Clarotech said:
Strange, docs suggests that should work. Can you post the output of:
interface ethernet print
interface ethernet switch print
interface ethernet switch port print
Click to expand...











MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK

MikroTik RouterOS 6.19 (c) 1999-2014 http://www.mikrotik.com/

[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments

[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options

/ Move up to base level
.. Move up one level
/command Use command at the base level
(142 messages not shown)
aug/28/2014 13:09:25 system,error,critical login failure for user admin from 112.6
6.190.249 via telnet
aug/28/2014 13:09:50 system,error,critical login failure for user support from 112
.66.190.249 via telnet
aug/28/2014 13:10:15 system,error,critical login failure for user support from 112
.66.190.249 via telnet
aug/28/2014 13:10:39 system,error,critical login failure for user support from 112
.66.190.249 via telnet
aug/28/2014 13:11:03 system,error,critical login failure for user support from 112
.66.190.249 via telnet
aug/28/2014 13:11:26 system,error,critical login failure for user support from 112
.66.190.249 via telnet
aug/28/2014 13:11:49 system,error,critical login failure for user support from 112
.66.190.249 via telnet
aug/28/2014 13:12:12 system,error,critical login failure for user support from 112
.66.190.249 via telnet
[admin@MikroTik] > interface ethernet print
Flags: X - disabled, R - running, S - slave
# NAME MTU MAC-ADDRESS ARP MASTER-PORT SWITCH
0 S ether1... 1500 4C:5E:0C:67:FB:A7 enabled none switch1
1 S ether2 1500 4C:5E:0C:67:FB:A8 enabled ether1-gateway switch1
2 S ether3 1500 4C:5E:0C:67:FB:A9 enabled ether1-gateway switch1
3 S ether4 1500 4C:5E:0C:67:FB:AA enabled ether1-gateway switch1
4 S ether5 1500 4C:5E:0C:67:FB:AB enabled ether1-gateway switch1
5 RS ether6... 1500 4C:5E:0C:67:FB:AC enabled none switch2
6 S ether7... 1500 4C:5E:0C:67:FB:AD enabled ether6-master... switch2
7 S ether8... 1500 4C:5E:0C:67:FB:AE enabled ether6-master... switch2
8 S ether9... 1500 4C:5E:0C:67:FB:AF enabled ether6-master... switch2
9 R ether1... 1500 4C:5E:0C:67:FB:B0 enabled none switch2
10 sfp1-g... 1500 4C:5E:0C:67:FB:A6 enabled none switch1
[admin@MikroTik] > interface ethernet switch print
Flags: I - invalid
# NAME TYPE MIRROR-SOURCE MIRROR-TARGET SWITCH-ALL-PORTS
0 switch1 Atheros-8327 none none
1 switch2 Atheros-8227 none none
[admin@MikroTik] > interface ethernet switch port print
Flags: I - invalid
# NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID
0 sfp1-gateway switch1 disabled leave-as-is auto
1 ether1-gateway switch1 disabled leave-as-is auto
2 ether2 switch1 disabled leave-as-is auto
3 ether3 switch1 disabled leave-as-is auto
4 ether4 switch1 disabled leave-as-is auto
5 ether5 switch1 disabled leave-as-is auto
6 ether6-maste... switch2 disabled leave-as-is 0
7 ether7-slave... switch2 disabled leave-as-is 0
8 ether8-slave... switch2 disabled leave-as-is 0
9 ether9-slave... switch2 disabled leave-as-is 0
10 ether10-gateway switch2 disabled leave-as-is 0
11 switch1-cpu switch1 disabled leave-as-is auto
12 switch2-cpu switch2 disabled leave-as-is 0
[admin@MikroTik] >
[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running
0 R name="bridge-local" mtu=1500 l2mtu=65535 arp=enabled
mac-address=4C:5E:0C:67:FB:A8 protocol-mode=rstp priority=0x8000
auto-mac=no admin-mac=4C:5E:0C:67:FB:A8 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m

[admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 ether6-master-local bridge-local 0x80 10 none
1 wlan1 bridge-local 0x80 10 none
2 I ether1-gateway bridge-local 0x80 10 none
[admin@MikroTik] >
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X