Mikrotik PPPOE Help

[acidrain]

Hi All,

I seem to be having an issue with my Mikrotik dialing out the internet, where it connects but traffic just doesn't run over. Pinging from the rb goes fine until the slightest traffic hits and then it dies ( I don't know if it is related ).

Network config:
PC <> 16 Port GB Switch <ether3> RB750R2 <ether1> TPLink TD-W8970.

Things I have done:
Replaced RB, Replaced switch, Replaced ADSL Modem.
Dialed account from adsl modem and all seems to go fine so can't be the line or the account itself, so has to be a config issue somewhere.
Used alternative adsl account with same result.

Configs:

[admin@MikroTik] > interface ethernet print
Flags: X - disabled, R - running, S - slave 
 #    NAME        MTU MAC-ADDRESS       ARP        MASTER-PORT      SWITCH     
 0 RS ether1     1500 4C:5E:0C:0D:80:45 enabled    none             switch1    
 1  S ether2     1500 4C:5E:0C:0D:80:46 enabled    none             switch1    
 2 RS ether3     1500 4C:5E:0C:0D:80:47 enabled    none             switch1    
 3 RS ether4     1500 4C:5E:0C:0D:80:48 enabled    none             switch1    
 4 RS ether5     1500 4C:5E:0C:0D:80:49 enabled    none             switch1

[admin@MikroTik] > interface bridge print
Flags: X - disabled, R - running 
 0  R name="LAN" mtu=auto actual-mtu=1500 l2mtu=1598 arp=enabled 
      mac-address=4C:5E:0C:0D:80:49 protocol-mode=rstp priority=0x8000 
      auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s 
      forward-delay=15s transmit-hold-count=6 ageing-time=5m 


[admin@MikroTik] > interface bridge port print
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE               BRIDGE               PRIORITY  PATH-COST    HORIZON
 0 I  ether2                  LAN                      0x80         10       none
 1    ether3                  LAN                      0x80         10       none
 2    ether4                  LAN                      0x80         10       none
 3    ether5                  LAN                      0x80         10       none
 4    ether1                  LAN                      0x80         10       none

 1 X  name="Uncapped" max-mtu=1480 max-mru=1480 mrru=1600 
      interface=LAN user="connect10....@*********.co.za" password="*********" 
      profile=default keepalive-timeout=60 service-name="" ac-name="" 
      add-default-route=yes default-route-distance=1 dial-on-demand=no 
      use-peer-dns=no allow=pap,chap,mschap1,mschap2

 1 I  ;;; Uncapped not ready
      chain=srcnat action=masquerade src-address=172.18.150.64-172.18.150.94 
      out-interface=Uncapped log=no log-prefix=""

Uncapped is not ready as I am currently dialing via the modem to achieve internet.

Basically I just need confirmation whether the settings currently should work or if there is something I am missing. I'm pretty sure I've done everything correctly but with the amount of struggle I am having, I am starting to doubt my capabilities.

As an addition, the only log entry I find is:
06:22:30 pppoe,ppp,info Uncapped: terminating... - peer is not responding ( Must be a communication problem between the mikrotik and internet?



Any Help would be greatly appreciated.

 

[nahoR]

I am assuming you have some other firewall rules set up aswell?

Disable all of them and add 2 new rules
chain: input, action: accept
chain: forward, action: accept
NOTE: this is not secure, its just to make sure your firewall is not blocking the traffic

I usually try and avoid specifying the out interface in the masquerade rule,
I set the dst. address to 0.0.0.0/0

Can you maybe do a /ip route print

My setup is almost the same, except the ether port that goes to the modem is not part of the bridge/switch config. It is setup to be an independent port. Setting an IP for this port is also optional as PPPoE does not require it, it is however necessary to get to the config webpage of the modem

Also as far as I understand adding the ports to the switch matrix (set the master port on the interface), rather than a bridge, results in better through put as the processor does not have to do the switching itself rather there is a dedicated switch chip that does that

PM me, I might be able to help you with configuring it if you haven't worked with this kind of stuff before

 

[Grasmuis]

Make sure you have a default route to the PPPOE connection.

/ip route add dst-address=0.0.0.0/0 gateway=Uncapped

 

[pojo2]

I would guess that ether1 should not be on the bridge and that the PPPOE connection should then be configured to use: interface=ether1

 

[acidrain]

Make sure you have a default route to the PPPOE connection.

/ip route add dst-address=0.0.0.0/0 gateway=Uncapped

No need to add it, RB adds it by default as soon as the interface is connected.

I am assuming you have some other firewall rules set up aswell?

Nope, reset configuration with no defaults. It's the first thing I do with any new tik.

Disable all of them and add 2 new rules
chain: input, action: accept
chain: forward, action: accept
NOTE: this is not secure, its just to make sure your firewall is not blocking the traffic

Will add rules and report back

I usually try and avoid specifying the out interface in the masquerade rule,
I set the dst. address to 0.0.0.0/0

Can you maybe do a /ip route print

I would normally specify the dst address however I have other routes which I don't want natted hence specifying the interface.

Route print won't show the PPPOE client as it's added automatically only when the interface connects which right now it doesn't but anyways.

[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  ;;; Internet
        0.0.0.0/0                          172.18.150.90             1
 1 ADC  10.0.0.3/32        10.0.0.1        <pptp-stoff>              0
 2 A S  ;;; WUG Route
        172.16.0.0/12                      172.18.150.94             1
 3 ADC  172.18.150.64/27   172.18.150.93   LAN                       0

Also as far as I understand adding the ports to the switch matrix (set the master port on the interface), rather than a bridge, results in better through put as the processor does not have to do the switching itself rather there is a dedicated switch chip that does that

Not sure I follow you? Do you mean set ports to have a master port i.e ether1

I would guess that ether1 should not be on the bridge and that the PPPOE connection should then be configured to use: interface=ether1

I'm pretty sure I tried this and the result was the same.

I will however attempt it again just for safe measure.

 

[Grasmuis]

You can also try and set the PPP profile to automatically set the MTU settings.

/ppp profile set default change-tcp-mss=yes

If you connect the ADSL modem directly to your computer, can you dial the PPPOE connection from your computer?

 

[Grasmuis]

Also run the following and paste the results

/ip firewall filter pr

/ip firewall nat pr

/ip firewall mangle pr