Simple setup but it doesn't work

pingu · Thu Oct 12, 2023 12:34 pm

Hi, I have mikrotik for years but now I'm changing setup and have issues connecting to new DSL Router.

I have reset mikrotik and basically done few steps:

1. Add DHCP client on ether1
- after this step I can from MT terminal ping 8.8.8.8 so Internet at this point is accessible
2. Created bridge and added LAN and WLAN ports
3. Created DHCP server and pool
4. Created NAT masq. in fw

Client gets IP but traffic is not forwarded to ether1 as I expect. From client side I can't ping 8.8.8.8 which is working from MT terminal:

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
559 packets transmitted, 0 received, 100% packet loss, time 559724ms

Below is my config export. Do I need to configure anything on my Internet router? To my understanding it should be working as is as long I have NAT setup and ether1 gets IP from the router.

[admin@MikroTik] > /export
# oct/11/2023 23:30:31 by RouterOS 6.49.10
# software id = YK1C-QSJ9
#
# model = 751U-2HnD

/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge ssid=coon wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=<redacted> wpa2-pre-shared-key=<redacted>
/ip pool
add name=pool1 ranges=192.168.9.160-192.168.9.190
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge1 name=server1
/interface bridge port
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=ether1 list=WAN
add list=LAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.9.1/24 interface=bridge1 network=192.168.9.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set servers=1.1.1.1
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=Europe/Zagreb
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

pingu · Thu Oct 12, 2023 12:49 pm

This line looks weird to me so I would try to change it. I think a network is not needed here and possible messing things up.

add address=192.168.9.1/24 interface=bridge1 network=192.168.9.0

Also, I don't see routing in the config export but with

/ip dhcp-client
add disabled=no interface=ether1

I see routes created and `0.0.0.0` is routed to ether1 which is reachable. Also `192.168.1.1` is routed through ether1. So routing should be fine.

In any case, if someone has an idea what is the exact culprit it would be nice to learn. Also, a working config is appreciated.

broderick · Thu Oct 12, 2023 3:43 pm

I ran your setup in a virtual environment and there was something wrong with your dhcp server/pool setup.
The VM I connected to the bridge got an invalid address like 192.168.9.190/0

I deleted it, and ran a new DHCP setup and got a right ip address like 192.168.9.189/24 gateway 192.168.9.1, and everything works now.

Make sure that the dhcp setup has an address space like the one you see in the image below

w32pamela · Thu Oct 12, 2023 4:16 pm

Edit: I missed the above post. It sounds like he found the problem

I would do a factory reset of the router and see if your laptop gets internet using the default settings. If it works then you can make the basic changes to convert the default settings to the IP range, security settings etc. that you want. If it doesn't work at the default settings then you should start looking at the DSL router/modem.

If you have a computer with an ethernet port then plug the modem into it and see if you get internet.

pingu · Thu Oct 12, 2023 4:59 pm

I ran your setup in a virtual environment and there was something wrong with your dhcp server/pool setup.
The VM I connected to the bridge got an invalid address like 192.168.9.190/0

I deleted it, and ran a new DHCP setup and got a right ip address like 192.168.9.189/24 gateway 192.168.9.1, and everything works now.

Make sure that the dhcp setup has an address space like the one you see in the image below

Thank you for the test. I will try it and let you know.

pingu · Thu Oct 12, 2023 5:05 pm

Edit: I missed the above post. It sounds like he found the problem

I would do a factory reset of the router and see if your laptop gets internet using the default settings. If it works then you can make the basic changes to convert the default settings to the IP range, security settings etc. that you want. If it doesn't work at the default settings then you should start looking at the DSL router/modem.

If you have a computer with an ethernet port then plug the modem into it and see if you get internet.

So basically to use Quickset like Home AP? I could try it again. It should work as you say. It is really simple home setup .

pingu · Thu Oct 12, 2023 11:59 pm

Thanks, broderick. It was indeed a problem with the DHCP setup.

I believe I've configured DHCP by hand and in DHCP Server -> Address it is the expected IP address and not a CIDR. So

192.168.9.0

is OK but

192.168.9.0/24

is not.

With the DHCP setup I generated the config as below which works now.

/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    country=croatia disabled=no frequency=2442 mode=ap-bridge ssid=coon \
    wireless-protocol=802.11
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
    supplicant-identity=MikroTik wpa-pre-shared-key=<redacted> \
    wpa2-pre-shared-key=<redacted>
/ip pool
add name=dhcp_pool2 ranges=192.168.9.160-192.168.9.254
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
/interface list member
add interface=ether1 list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.9.1/24 interface=bridge1 network=192.168.9.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.9.0/24 gateway=192.168.9.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/system clock
set time-zone-name=Europe/Zagreb
/system identity
set name=<redacted>
/system ntp client
set enabled=yes primary-ntp=161.53.78.71

Thanks!

Simple setup but it doesn't work [SOLVED]

Simple setup but it doesn't work

Re: Simple setup but it doesn't work

Re: Simple setup but it doesn't work [SOLVED]

Re: Simple setup but it doesn't work

Re: Simple setup but it doesn't work

Re: Simple setup but it doesn't work

Re: Simple setup but it doesn't work