Hi there,
I need some help on configuring my RB2011 19" Mikrotik device.
Software is 5.22
I would connect my All IP Broadband Internet to my local lan, but this woulnd work proberly.
So what I have/Specials:
T-Home All IP VDSL 50/10. Special on that is, that pppoe dial in is vlan 7 tagged and the is a vlan 8 interface for IPTV traffic.
I have setup the router, after successfully login I have used the standart configuration and have expandet this.
my VDSL Model (IP 192.168.16.250) is connectet to Lan Port 1 and the Port is configured with 192.168.16.1/24. This is for administration access for the Modem. On the Lan Interface 1 I have set up 2 vlan, 7&8, on top. Vlan 8 is DHCP client.
As I setup the pppoe connection Dial In succeed successfully and it get optained a IP adress of my provider. Vlan 8 gets his IP via dhcp, is bondet correctly. From Terminal i can ping domains on the web, also the router gets ntp information and the clock is set correctly.
on the switchport my computer is connected and get optained its IP 192.168.1.25 correctly from the router.
I can connect to router with winbox.
So, my problem is now: I coulnd reach google oder other pages from my browser. I tried at least all I have in mind, but no chance. From Winbox Terminal I can ping everything, from my PC it just won´t work.
Any Idea, how I can get this fixed?
Thanks in advance for your help
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
It would help if you could upload the config - output from /export compact.
It is not clear from the description if you are using NAT for clients or if the relevant outbound interfaces are masqueraded.
It is not clear from the description if you are using NAT for clients or if the relevant outbound interfaces are masqueraded.
Re: RB2011 19" Problems with routing
I see... will post the output tommorow, ´cause the router is not locate on my site.
Also I have forgot some explanations:
IPTV (vlan8) is routed with IGMP Proxy and should be from there be routet to wlan and 2 Interfaces on device in a other vlan, ´cause otherwise there could occour multicast storms on the normal net.
Then there are just a few other things which should be set up, but first there need to be Internet access
Also I have forgot some explanations:
IPTV (vlan8) is routed with IGMP Proxy and should be from there be routet to wlan and 2 Interfaces on device in a other vlan, ´cause otherwise there could occour multicast storms on the normal net.
Then there are just a few other things which should be set up, but first there need to be Internet access
Re: RB2011 19" Problems with routing
So, now there is my config export:
OK, so what I need is:
Ethernet (gB)1: Up to VDSL Modem, IP 192.168.10.1 (used for backward admin access)
on this Interface, there must be vlan 7 with pppoe dial IN (for Internet and VoIP) and also vlan 8 as a dhcp client, to receive multicast IPTV traffic. This traffic should be routet to 2 Ports at its own, that Multicaststorms coulnd occour. Also the IPTV traffic needs to be routed to seperate wlan to broadcast signal for wlan adapter on set top box. Also this net needs a dhcp server for deliver the SetTop boxes the correct IP to use IPTV.
Ethernet (gB) 2: Up to VoIP - here is my asterisk appliance, this should reach internet
Ethernet (gB) 3: Up to Wlan: self descriping
This is the basis. Now, internal lan should reach admin interface of vdsl modem, internet,voip but no Multicast access for IPTV. 2 Ports - on fe - should be seperated for serve the IPTV Set Top boxes and also (i.e. vlan on wlan) should be toghether for IPTV. So that IPTV (vlan
route to part of wlan and 2 ethernet ports seperately, also with its own subnet.
Could you help?
Thanks in advance for Help
Code: Select all
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 5.22 (c) 1999-2012 http://www.mikrotik.com/
[admin@TKGN01LTB01R01] > /export compact
# jan/01/2002 02:00:52 by RouterOS 5.22
# software id = 26CV-WFXI
#
/interface bridge
add admin-mac=hidden auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
add name="IPTV Network"
/interface ethernet
set 0 disabled=yes name=sfp1-gateway
set 1 name="VDSL Modem Uplink"
set 2 name="VoIP PBX Net" speed=1Gbps
set 3 name="Uplink GB Backbone"
set 4 name="Up WiFi"
set 6 name=ether6-master-local
set 7 master-port=ether6-master-local name=ether7-slave-local
set 8 master-port=ether6-master-local name=ether8-slave-local
set 9 master-port=ether6-master-local name=ether9-slave-local
set 10 name=MnGNet
/interface vlan
add disabled=yes interface="VDSL Modem Uplink" name="T-Online DialIn V7" \
vlan-id=7
add disabled=yes interface="VDSL Modem Uplink" name="IPTV Net" vlan-id=8
/interface pppoe-client
add add-default-route=yes disabled=no interface="T-Online DialIn V7" name=\
"VDSL MediaNet Dial" password=hidden user=\
UserID@t-online.de
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=TKGN01LTB01 ranges=192.168.1.10-192.168.1.150
add name=TKGN01IPTV01 ranges=192.168.10.10-192.168.10.20
/ip dhcp-server
add address-pool=TKGN01LTB01 disabled=no interface=bridge-local lease-time=12h \
name=TKGN01LTB01
add address-pool=TKGN01IPTV01 disabled=no interface="IPTV Network" lease-time=\
1w name=TKGN01IPTV01
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=bridge-local interface="VoIP PBX Net"
add bridge=bridge-local interface="Uplink GB Backbone"
add bridge=bridge-local interface="Up WiFi"
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
/interface ethernet switch port
set 6 vlan-mode=check
set 7 vlan-mode=check
/interface ethernet switch vlan
add ports=ether6-master-local,ether7-slave-local switch=switch2 vlan-id=10
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
bridge-local
add address=192.168.16.1/24 interface="VDSL Modem Uplink"
/ip dhcp-client
add comment="default configuration" interface=sfp1-gateway
add comment="default configuration" interface="VDSL Modem Uplink"
add default-route-distance=0 disabled=no interface="IPTV Net" use-peer-ntp=no
add default-route-distance=0 interface="T-Online DialIn V7" use-peer-dns=no \
use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 comment="TKGN01LTB01 Local Net LTB Main" dns-server=\
192.168.1.1 gateway=192.168.1.1
add address=192.168.10.0/24 comment="IPTV Network on LTB01 Site" dns-server=\
192.168.10.1 gateway=192.168.10.1 ntp-server=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-size=8192KiB servers=\
208.67.220.220,208.67.222.222
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=\
"VDSL Modem Uplink"
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=sfp1-gateway
add action=masquerade chain=srcnat comment="default configuration" \
out-interface="VDSL Modem Uplink" to-addresses=0.0.0.0
/ip neighbor discovery
set "VDSL Modem Uplink" disabled=yes
/ip service
set www-ssl disabled=no
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add interface="IPTV Net" upstream=yes
add interface="IPTV Network"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=TKGN01LTB01R01
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set "IPTV Network" disabled=yes display-time=5s
set "VDSL MediaNet Dial" disabled=yes display-time=5s
set "IPTV Net" disabled=yes display-time=5s
set "T-Online DialIn V7" disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set MnGNet disabled=yes display-time=5s
set ether9-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether6-master-local disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set "Up WiFi" disabled=yes display-time=5s
set "Uplink GB Backbone" disabled=yes display-time=5s
set "VoIP PBX Net" disabled=yes display-time=5s
set "VDSL Modem Uplink" disabled=yes display-time=5s
set sfp1-gateway disabled=yes display-time=5s
/system leds
set 0 interface="VDSL Modem Uplink" leds="(unknown)" type=interface-activity
add interface="VoIP PBX Net" type=interface-activity
/system ntp client
set enabled=yes primary-ntp=192.53.103.104 secondary-ntp=192.53.103.103
/system ntp server
set broadcast=yes broadcast-addresses=192.168.1.1 enabled=yes multicast=yes
/system routerboard settings
set cpu-frequency=750MHz
/tool mac-server
add disabled=no interface="VoIP PBX Net"
add disabled=no interface="Uplink GB Backbone"
add disabled=no interface="Up WiFi"
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface=ether9-slave-local
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface="VoIP PBX Net"
add interface="Uplink GB Backbone"
add interface="Up WiFi"
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=bridge-local
[admin@TKGN01LTB01R01] >
Ethernet (gB)1: Up to VDSL Modem, IP 192.168.10.1 (used for backward admin access)
on this Interface, there must be vlan 7 with pppoe dial IN (for Internet and VoIP) and also vlan 8 as a dhcp client, to receive multicast IPTV traffic. This traffic should be routet to 2 Ports at its own, that Multicaststorms coulnd occour. Also the IPTV traffic needs to be routed to seperate wlan to broadcast signal for wlan adapter on set top box. Also this net needs a dhcp server for deliver the SetTop boxes the correct IP to use IPTV.
Ethernet (gB) 2: Up to VoIP - here is my asterisk appliance, this should reach internet
Ethernet (gB) 3: Up to Wlan: self descriping
This is the basis. Now, internal lan should reach admin interface of vdsl modem, internet,voip but no Multicast access for IPTV. 2 Ports - on fe - should be seperated for serve the IPTV Set Top boxes and also (i.e. vlan on wlan) should be toghether for IPTV. So that IPTV (vlan
route to part of wlan and 2 ethernet ports seperately, also with its own subnet. Could you help?
Thanks in advance for Help
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
Before looking at anything else could you get rid of the 0.0.0.0 . 0.0.0.0/0 and 0.0.0 are not the same thing. Note that your other masquerade has no to-addresses limitation.add action=masquerade chain=srcnat comment="default configuration" \
out-interface="VDSL Modem Uplink" to-addresses=0.0.0.0
Re: RB2011 19" Problems with routing
does it mean, that I have to chance the 0.0.0.0 to 0.0.0.0/0 or what is the deal?add action=masquerade chain=srcnat comment="default configuration" \
out-interface="VDSL Modem Uplink" to-addresses=0.0.0.0
Before looking at anything else could you get rid of the 0.0.0.0 . 0.0.0.0/0 and 0.0.0 are not the same thing. Note that your other masquerade has no to-addresses limitation.
The other Masquerade is for fibre connector, I have no sfp, so I have deaktivated the port.
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
I think that you must have selected source NAT on that rule at some point thus the to-addresses setting appeared. I don't think it is actually causing problems because the action is masquerade.
does it mean, that I have to chance the 0.0.0.0 to 0.0.0.0/0 or what is the deal?
The other Masquerade is for fibre connector, I have no sfp, so I have deaktivated the port.
However, having read through the config it looks to me as if you are not masquerading the PPPoE client interface "VDSL MediaNet Dial" , so you need a rule to masquerade outbound traffic on that interface.
Re: RB2011 19" Problems with routing
A I See...I think that you must have selected source NAT on that rule at some point thus the to-addresses setting appeared. I don't think it is actually causing problems because the action is masquerade.
does it mean, that I have to chance the 0.0.0.0 to 0.0.0.0/0 or what is the deal?
The other Masquerade is for fibre connector, I have no sfp, so I have deaktivated the port.
However, having read through the config it looks to me as if you are not masquerading the PPPoE client interface "VDSL MediaNet Dial" , so you need a rule to masquerade outbound traffic on that interface.
need to tell the router that it must masquerate traffic not for eth1, but for vlan 7, because vlan 7 is logically an independant interface. Then I have to tell him to route traffic for 192.168.10.0/24 to eth1 as it is the management traffic and for vlan 8 to eth 6&7 and vlan on wlan for IPTV.
right?
so this is the first step before configuring other thinks, does I got it?
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
From your config it looks as if the PPPoE client "VDSL MediaNet Dial" uses VLAN7. The VLAN is just defining the broadcast domain for the PPPoE connection. It is the PPPoE client which will ultimately carry your local LAN subnet traffic to the ISP so it is the PPPoE client interface "VDSL MediaNet Dial" which needs to have masquerade set.
Re: RB2011 19" Problems with routing
Got it! The Masquerade setting have to be changed and the Internetaccess was grandet...From your config it looks as if the PPPoE client "VDSL MediaNet Dial" uses VLAN7. The VLAN is just defining the broadcast domain for the PPPoE connection. It is the PPPoE client which will ultimately carry your local LAN subnet traffic to the ISP so it is the PPPoE client interface "VDSL MediaNet Dial" which needs to have masquerade set.
Now, I only have to setup the IPTV net correctly, and the other things mentioned above... any ideas?
Thanks a lot and thanks in advance
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
On the IGMP proxy upstream interface temporarily add 0.0.0.0/0 under alternate subnets since there is a good chance that the servers are not on the same subnet. Once you see where the traffic comes from you can provide suitable limits.
Re: RB2011 19" Problems with routing
adding subnet on the igmp proxy?On the IGMP proxy upstream interface temporarily add 0.0.0.0/0 under alternate subnets since there is a good chance that the servers are not on the same subnet. Once you see where the traffic comes from you can provide suitable limits.
as configured on eth1 the vlan 8 is dhcp client which will get als routes from there. But I will separate the 2 IPTV boxes from normal net, so I configured them in a seperate vlan as shown in config above.
Is that correct and will work?
Thanks alot for the fast and qualified replys!
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
Look in the IGMP Proxy settings under interfaces. On that upstream interface add 0.0.0.0/0 as an alternative subnet - you will see a place for that entry. I am suggesting this because you don't know what addresses the IPTV provider will be streaming from yet...
Re: RB2011 19" Problems with routing
Look in the IGMP Proxy settings under interfaces. On that upstream interface add 0.0.0.0/0 as an alternative subnet - you will see a place for that entry. I am suggesting this because you don't know what addresses the IPTV provider will be streaming from yet...
OK, done. This will work. But what about the Set Top Boxes? I will do them on Eth 6-7, so I have gone to "Switch" and have set Port 6&7 to vlan 10 "Check"
So I guess that this will be in their own "Lan", also they should use 192.168.10.0/24 instead of 192.168.1.0/24 ´cause otherwise there could occour Multicast Storms in the Network. For that, I have Set Up an DHCP Server for serving also this network, but it shows up red and won´t work. So what have to be done to get this thing realized?
Thanks in advance
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
Make sure that the interface has a valid IP number on it. If it doesn't the DHCP server will be flagged invalid................. For that, I have Set Up an DHCP Server for serving also this network, but it shows up red and won´t work. So what have to be done to get this thing realized?
Thanks in advance
Re: RB2011 19" Problems with routing
Oh man, I got it: the same ip is on eth1 for management...Make sure that the interface has a valid IP number on it. If it doesn't the DHCP server will be flagged invalid................. For that, I have Set Up an DHCP Server for serving also this network, but it shows up red and won´t work. So what have to be done to get this thing realized?
Thanks in advance
ok, so i set up vlan as a interface, give him a valid ip, create a valid pool and set it as a new dhcp server. On switch I set up eth 6&7 as vlan according to above as "check" and the thing should be done?
Also: If I will have management access on eth 1 connected modem, I have to set up a nat route or a arp entry to reach this network?
thanks in advance
-
-
ytuxedo002
Frequent Visitor
- Posts: 62
- Joined:
Re: RB2011 19" Problems with routing
Also, i have had an issue when changing the default lan to something different, i get no internet. Found out that i needed to get rid of the static DNS which stays as 192.168.88.1.. Once i remove that i get internet access.
Hope this helps
Hope this helps
Re: RB2011 19" Problems with routing
yeah, same at me. Also the DHCP Server has served that DNS IP... But I´m not using the DNS of my provider, I use OpenDNS and that are the servers the cache gets its information.Also, i have had an issue when changing the default lan to something different, i get no internet. Found out that i needed to get rid of the static DNS which stays as 192.168.88.1.. Once i remove that i get internet access.
Hope this helps
After a long search, I found an seperate underpoint on which I could get rid of the false entry and this have solved the first problem.
Now I can access the Internet, but need to configure IPTV IGMP settings to watch TV and also have to configure configuration access, on which my mentioning above belongs to...
So any ideas?
thanks
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
Can you confirm whether your VDSL modem is in bridge mode - or are you double NATing?
Re: RB2011 19" Problems with routing
Ja, the VDSL Modem is in bridge mode, without NAT. It´s management Interface is reachable through 192.168.10.250, connected to eth1 which is configured as 192.168.10.1/24 and provide vlan 7&8 also for internet and iptv. On eth1 the pppoe interconnects internet through vlan 7 and as dhcp client on vlan 8 for IPTV. I need management access because to see the dampings and so of the xDSL interconnection.Can you confirm whether your VDSL modem is in bridge mode - or are you double NATing?
Re: RB2011 19" Problems with routing
Now, here is my actual config:
The device is a RB2011 19" Rack Mount
Eth 1 is connected to VDSL Modem
Eth 2 is connected to Asterisk
Eth 9&10 are connected to the IPTV Set Top Boxes
For now, the Internetconnection works (but if dialer is stopped, you have to reboot device in order to dial in again=!?!?!?!), From device I can ping discovery.iptv.t-online.de so I can reach IGMP Network, I can ping from device tel.telekom.de for telephony, but the discovery.iptv.t-online.de is not reachable from my laptop, but I guess this is ok, because I Set Up a new bridge and added eth 9&10 so that the media receivers could work for their own.
Is my config correct? And how about management access to my vdsl modem on eth1?
Should this config work with IPTV?
Some improvements, suggestions?
When I receive my ATA, ´cause my tilgin 322 won´t work with asterisk - anyone know them? - I will send the router to "Live"... also I need to receive a mikrotik wlan device, so that I can accomplish the network here...
Could you help??
Thanks in advance
Code: Select all
[admin@TKGN01LTB01R01] > /export compact
# jan/01/2002 02:22:35 by RouterOS 6.0rc7
# software id = 26CV-WFXI
#
/interface bridge
add name="IPTV Network" protocol-mode=rstp
add admin-mac=D4:CA:6D:85:9A:D1 auto-mac=no l2mtu=1598 name=bridge-local \
protocol-mode=rstp
/interface ethernet
set 0 name="Media Receiver 1 - Port 9"
set 1 name="Media Receiver 2 - Port 10"
set 2 name="Up WiFi"
set 3 name="Uplink GB Backbone"
set 4 name="VDSL Modem Uplink"
set 5 name="VoIP PBX Net" speed=1Gbps
set 7 name=ether6-master-local
set 8 master-port=ether6-master-local name=ether7-slave-local
set 9 master-port=ether6-master-local name=ether8-slave-local
set 10 disabled=yes name=sfp1-gateway speed=100Mbps
/ip neighbor discovery
set "IPTV Net" discover=no
set "T-Online DialIn V7" discover=no
/interface vlan
add interface="VDSL Modem Uplink" l2mtu=1594 name="IPTV Net" vlan-id=8
add arp=disabled disabled=yes interface="IPTV Network" name=IPTV_Wlan_Int \
vlan-id=100
add interface="VDSL Modem Uplink" l2mtu=1594 name="T-Online DialIn V7" \
vlan-id=7
/interface pppoe-client
add add-default-route=yes disabled=no interface="T-Online DialIn V7" name=\
"VDSL MediaNet Dial" password=passwd user=\
uid
/ip neighbor discovery
set "VDSL MediaNet Dial" discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=TKGN01LTB01 ranges=192.168.1.10-192.168.1.150
add name=TKGN01IPTV01 ranges=192.168.10.10-192.168.10.20
/ip dhcp-server
add address-pool=TKGN01LTB01 disabled=no interface=bridge-local lease-time=\
12h name=TKGN01LTB01
add address-pool=TKGN01IPTV01 interface="IPTV Network" lease-time=1w name=\
TKGN01IPTV01
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=bridge-local interface="VoIP PBX Net"
add bridge=bridge-local interface="Uplink GB Backbone"
add bridge=bridge-local interface="Up WiFi"
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge="IPTV Network" interface="Media Receiver 2 - Port 10"
add bridge="IPTV Network" interface="Media Receiver 1 - Port 9"
/interface ethernet switch port
set 9 vlan-mode=check
set 10 vlan-mode=check
/interface ethernet switch vlan
add ports="Media Receiver 1 - Port 9,Media Receiver 2 - Port 10" switch=\
switch2 vlan-id=10
/interface l2tp-server server
set max-mru=1450 max-mtu=1450
/interface pptp-server server
set max-mru=1450 max-mtu=1450
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
bridge-local network=192.168.1.0
add address=192.168.16.1/24 interface="VDSL Modem Uplink" network=\
192.168.16.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
sfp1-gateway
add comment="default configuration" dhcp-options=hostname,clientid interface=\
"VDSL Modem Uplink"
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no \
interface="IPTV Net" use-peer-ntp=no
add default-route-distance=0 dhcp-options=hostname,clientid interface=\
"T-Online DialIn V7" use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 comment="TKGN01LTB01 Local Net LTB Main" \
dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.10.0/24 comment="IPTV Network on LTB01 Site" dns-server=\
192.168.10.1 gateway=192.168.10.1 ntp-server=192.168.1.1
/ip dns
set allow-remote-requests=yes cache-size=16284KiB max-udp-packet-size=8192 \
servers=208.67.220.220,208.67.222.222
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
"VDSL Modem Uplink"
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface="VDSL MediaNet Dial" to-addresses=0.0.0.0 !to-ports
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set www-ssl disabled=no
/lcd
set current-interface="Media Receiver 1 - Port 9"
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface="IPTV Net" upstream=yes
add interface="IPTV Network"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=TKGN01LTB01R01
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set "T-Online DialIn V7" disabled=yes display-time=5s
set "IPTV Net" disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set "IPTV Network" disabled=yes display-time=5s
set "VDSL MediaNet Dial" disabled=yes display-time=5s
set sfp1-gateway disabled=yes display-time=5s
set "VDSL Modem Uplink" disabled=yes display-time=5s
set "VoIP PBX Net" disabled=yes display-time=5s
set "Uplink GB Backbone" disabled=yes display-time=5s
set "Up WiFi" disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6-master-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set "Media Receiver 1 - Port 9" disabled=yes display-time=5s
set "Media Receiver 2 - Port 10" disabled=yes display-time=5s
set IPTV_Wlan_Int disabled=yes display-time=5s
/system leds
add interface="VDSL Modem Uplink" leds="(unknown)" type=interface-activity
add interface="VoIP PBX Net" type=interface-activity
/system ntp client
set enabled=yes primary-ntp=192.53.103.104 secondary-ntp=192.53.103.103
/system ntp server
set broadcast=yes broadcast-addresses=192.168.1.1 enabled=yes multicast=yes
/system routerboard settings
set cpu-frequency=750MHz
/tool mac-server
add disabled=no interface="VoIP PBX Net"
add disabled=no interface="Uplink GB Backbone"
add disabled=no interface="Up WiFi"
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface="Media Receiver 1 - Port 9"
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface="VoIP PBX Net"
add interface="Uplink GB Backbone"
add interface="Up WiFi"
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface="Media Receiver 1 - Port 9"
add interface=bridge-local
[admin@TKGN01LTB01R01] > Eth 1 is connected to VDSL Modem
Eth 2 is connected to Asterisk
Eth 9&10 are connected to the IPTV Set Top Boxes
For now, the Internetconnection works (but if dialer is stopped, you have to reboot device in order to dial in again=!?!?!?!), From device I can ping discovery.iptv.t-online.de so I can reach IGMP Network, I can ping from device tel.telekom.de for telephony, but the discovery.iptv.t-online.de is not reachable from my laptop, but I guess this is ok, because I Set Up a new bridge and added eth 9&10 so that the media receivers could work for their own.
Is my config correct? And how about management access to my vdsl modem on eth1?
Should this config work with IPTV?
Some improvements, suggestions?
When I receive my ATA, ´cause my tilgin 322 won´t work with asterisk - anyone know them? - I will send the router to "Live"... also I need to receive a mikrotik wlan device, so that I can accomplish the network here...
Could you help??
Thanks in advance
Re: RB2011 19" Problems with routing
So, now I really get grey hairs...
I have tried at least everything I found on Forum and on the Wiki, but the things I want to realize just doesn´t work. But first, look at my actual config:
Now I can access the Internet, can reach the VDSL Modem for Maintanance and my Laptop get it´s IP via DHCP.
What doesn´t work? VoIP and also IPTV. Last is a main thing.
The SetTop boxes doesn´t get their IP Adresses "192.168.10.0/24" from the second dhcp server with second dhcp pool. The second dhcp Server also always stand red on the winbox.
The thing is, that the two media receivers should be on their own network, connected to port 9&10, so that the multicast coulnd stress my other network components. For IPTV following things for the boxes must be qualified to work: They need access to VDSL Interface for Keys of encryption (stored movies), access to ntp for time synchronisation and then access to the IPTV network via IGMP proxy. But none of them work.
Second: My IPTam connects to the voip servers, but it is not possible to establish calls, don´t know why...
The rule set of the firewall is at the moment only bond to VDSL V7 dial in interface.
VDSL V7 interface is also for VoIP.
So what is wrong? Could anybody please help me, to get this thing done?
Thank you in advance for help.
I have tried at least everything I found on Forum and on the Wiki, but the things I want to realize just doesn´t work. But first, look at my actual config:
Code: Select all
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.0rc7 (c) 1999-2013 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambigous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@TKGN01LTB01R01] > /export compact
# feb/03/2013 15:13:25 by RouterOS 6.0rc7
# software id = 26CV-WFXI
#
/interface bridge
add l2mtu=1598 name="IPTV Network" protocol-mode=rstp
add admin-mac=D4:CA:6D:85:9A:D1 auto-mac=no l2mtu=1598 name=bridge-local protocol-mode=rstp
/interface ethernet
set 0 name="Media Receiver 1 - Port 9"
set 1 name="Media Receiver 2 - Port 10"
set 2 name="Up WiFi"
set 3 name="Uplink GB Backbone"
set 4 name="VDSL Modem Uplink"
set 5 name="VoIP PBX Net" speed=1Gbps
set 7 name=ether6-master-local
set 8 master-port=ether6-master-local name=ether7-slave-local
set 9 master-port=ether6-master-local name=ether8-slave-local
set 10 disabled=yes name=sfp1-gateway speed=100Mbps
/ip neighbor discovery
set "IPTV Net" discover=no
set "T-Online DialIn V7" discover=no
/interface vlan
add interface="VDSL Modem Uplink" l2mtu=1594 name="IPTV Net" vlan-id=8
add arp=disabled disabled=yes interface="IPTV Network" name=IPTV_Wlan_Int vlan-id=100
add interface="VDSL Modem Uplink" l2mtu=1594 name="T-Online DialIn V7" vlan-id=7
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=TKGN01LTB01 ranges=192.168.1.10-192.168.1.150
add name=TKGN01IPTV01 ranges=192.168.10.10-192.168.10.20
/ip dhcp-server
add address-pool=TKGN01LTB01 disabled=no interface=bridge-local lease-time=12h name=TKGN01LTB01
add address-pool=TKGN01IPTV01 always-broadcast=yes disabled=no interface="IPTV Network" lease-time=30m name=TKGN01IPTV01
/interface pppoe-client
add add-default-route=yes disabled=no interface="T-Online DialIn V7" name="VDSL MediaNet Dial" password=passwd profile=\
default-encryption user=userID
/ip neighbor discovery
set "VDSL MediaNet Dial" discover=no
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" paypal-accept-pending=no paypal-allowed=no \
paypal-secure-response=no permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=bridge-local interface="VoIP PBX Net"
add bridge=bridge-local interface="Uplink GB Backbone"
add bridge=bridge-local interface="Up WiFi"
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge="IPTV Network" interface="Media Receiver 2 - Port 10"
add bridge="IPTV Network" interface="Media Receiver 1 - Port 9"
/interface ethernet switch vlan
add disabled=yes ports="Media Receiver 1 - Port 9,Media Receiver 2 - Port 10" switch=switch2 vlan-id=10
/interface l2tp-server server
set max-mru=1450 max-mtu=1450
/interface pptp-server server
set max-mru=1450 max-mtu=1450
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=bridge-local network=192.168.1.0
add address=192.168.16.1/24 interface="VDSL Modem Uplink" network=192.168.16.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=sfp1-gateway
add comment="default configuration" dhcp-options=hostname,clientid interface="VDSL Modem Uplink"
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface="IPTV Net" use-peer-ntp=no
add default-route-distance=0 dhcp-options=hostname,clientid interface="T-Online DialIn V7" use-peer-dns=no use-peer-ntp=\
no
/ip dhcp-server network
add address=192.168.1.0/24 comment="TKGN01LTB01 Local Net LTB Main" dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.10.0/24 comment="IPTV Network on LTB01 Site" dns-server=192.168.10.1 gateway=192.168.10.1 ntp-server=\
192.168.1.1
/ip dns
set allow-remote-requests=yes cache-size=16284KiB max-udp-packet-size=8192 servers=208.67.220.220,208.67.222.222
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add chain=input comment="VDSL V7 Dial In FW" in-interface="VDSL MediaNet Dial" protocol=icmp
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=20
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=25
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=53
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=80
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=110
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=123
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=143
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=194
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=443
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=496
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=554
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=563
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=580
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=989
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=990
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=993
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=995
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=1689
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5004
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5005
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5059
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5060
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5061
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=20
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=25
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=53
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=110
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=123
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=143
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=194
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=443
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=465
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=496
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=554
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=563
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=580
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=989
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=990
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=993
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=995
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=1689
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5004
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5005
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5059
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5060
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5061
add chain=input connection-state=related disabled=yes
add chain=input connection-state=established disabled=yes in-interface="VDSL MediaNet Dial"
add action=log chain=input in-interface="VDSL MediaNet Dial" log-prefix=FW
add action=drop chain=input in-interface="VDSL MediaNet Dial"
/ip firewall nat
add action=masquerade chain=srcnat comment="Mask of external net -> PPPoE Dial in through vlan 7" out-interface=\
"VDSL MediaNet Dial" to-addresses=0.0.0.0 !to-ports
add action=masquerade chain=srcnat comment="Admin access to VDSL Modem" dst-address=192.168.16.0/24 out-interface=\
"VDSL Modem Uplink" src-address=192.168.1.0/24 src-address-list="" !to-addresses !to-ports
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set www-ssl disabled=no
/lcd
set backlight-timeout=2h current-interface=ether8-slave-local time-interval=hour
/lcd pin
set hide-pin-number=yes pin-number=0367
/lcd screen
set 0 timeout=30s
set 3 timeout=30s
set 5 timeout=1m
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface="IPTV Net" upstream=yes
add interface="IPTV Network"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=TKGN01LTB01R01
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set "T-Online DialIn V7" disabled=yes display-time=5s
set IPTV_Wlan_Int disabled=yes display-time=5s
set "IPTV Net" disabled=yes display-time=5s
set "IPTV Network" disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set sfp1-gateway disabled=yes display-time=5s
set "VDSL Modem Uplink" disabled=yes display-time=5s
set "VoIP PBX Net" disabled=yes display-time=5s
set "Uplink GB Backbone" disabled=yes display-time=5s
set "Up WiFi" disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6-master-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set "Media Receiver 1 - Port 9" disabled=yes display-time=5s
set "VDSL MediaNet Dial" disabled=yes display-time=5s
set "Media Receiver 2 - Port 10" disabled=yes display-time=5s
/system leds
add interface="VDSL Modem Uplink" leds="(unknown)" type=interface-activity
add interface="VoIP PBX Net" type=interface-activity
/system ntp client
set enabled=yes primary-ntp=192.53.103.104 secondary-ntp=192.53.103.103
/system ntp server
set broadcast=yes broadcast-addresses=192.168.1.1 enabled=yes multicast=yes
/system routerboard settings
set cpu-frequency=750MHz
/tool mac-server
add disabled=no interface="VoIP PBX Net"
add disabled=no interface="Uplink GB Backbone"
add disabled=no interface="Up WiFi"
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface="Media Receiver 1 - Port 9"
add disabled=no interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface="VoIP PBX Net"
add interface="Uplink GB Backbone"
add interface="Up WiFi"
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface="Media Receiver 1 - Port 9"
add interface=bridge-local
What doesn´t work? VoIP and also IPTV. Last is a main thing.
The SetTop boxes doesn´t get their IP Adresses "192.168.10.0/24" from the second dhcp server with second dhcp pool. The second dhcp Server also always stand red on the winbox.
The thing is, that the two media receivers should be on their own network, connected to port 9&10, so that the multicast coulnd stress my other network components. For IPTV following things for the boxes must be qualified to work: They need access to VDSL Interface for Keys of encryption (stored movies), access to ntp for time synchronisation and then access to the IPTV network via IGMP proxy. But none of them work.
Second: My IPTam connects to the voip servers, but it is not possible to establish calls, don´t know why...
The rule set of the firewall is at the moment only bond to VDSL V7 dial in interface.
VDSL V7 interface is also for VoIP.
So what is wrong? Could anybody please help me, to get this thing done?
Thank you in advance for help.
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
It looks as if you do not have a valid IP on the interface that the second DHCP server is attached to thus the DHCP server will show invalid.
Re: RB2011 19" Problems with routing
so where i´m wrong in the config?It looks as if you do not have a valid IP on the interface that the second DHCP server is attached to thus the DHCP server will show invalid.
What have to be configured, that the things I listet above will work? i´m driving crazy, ´cause I can´t see what´s wrong...
nothing but Internet works with this config...
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
I see a DHCP Server assigned to interface "IPTV Network" but no sign of an IP address assigned to that interface which is most likely why the DHCP Server is flagged invalid. Solution - add a valid IP address to interface "IPTV Network"!
Re: RB2011 19" Problems with routing
Thanks, now, the DHCP Server works great, but now there are some problems left like: VoIP and IPTV.I see a DHCP Server assigned to interface "IPTV Network" but no sign of an IP address assigned to that interface which is most likely why the DHCP Server is flagged invalid. Solution - add a valid IP address to interface "IPTV Network"!
First IPTV: Here is a page, where a linux config for my case is http://www.projectiwear.org/~plasmahh/t_home.html
for that, my config is now following:
Code: Select all
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.0rc9 (c) 1999-2013 http://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambigous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
[admin@TKGN01LTB01R01] > /export compact
# feb/09/2013 16:53:48 by RouterOS 6.0rc9
# software id = 26CV-WFXI
#
/interface bridge
add l2mtu=1598 name="IPTV Network" protocol-mode=rstp
add admin-mac=D4:CA:6D:85:9A:D1 auto-mac=no l2mtu=1598 name=Mainnet-Local protocol-mode=rstp
/interface ethernet
set 0 name="Media Receiver 1 - Port 9"
set 1 name="Media Receiver 2 - Port 10"
set 2 name="Up WiFi"
set 3 name="Uplink GB Backbone"
set 4 name="VDSL Modem Uplink"
set 5 name="VoIP PBX Net" speed=1Gbps
set 7 name=ether6-master-local
set 8 name=ether7-slave-local
set 9 name=ether8-slave-local
set 10 disabled=yes name=sfp1-gateway speed=100Mbps
/ip neighbor discovery
set "IPTV Net" discover=no
set "T-Online DialIn V7" discover=no
/interface vlan
add interface="VDSL Modem Uplink" l2mtu=1594 name="IPTV Net" vlan-id=8
add arp=disabled disabled=yes interface="IPTV Network" name=IPTV_Wlan_Int vlan-id=100
add interface="VDSL Modem Uplink" l2mtu=1594 name="T-Online DialIn V7" vlan-id=7
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-client option
add code=121 name="Option Classless"
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m
/ip pool
add name=TKGN01LTB01 ranges=192.168.1.10-192.168.1.150
add name=TKGN01IPTV01 ranges=192.168.10.10-192.168.10.20
/ip dhcp-server
add address-pool=TKGN01LTB01 disabled=no interface=Mainnet-Local lease-time=12h name=TKGN01LTB01
add address-pool=TKGN01IPTV01 always-broadcast=yes disabled=no interface="IPTV Network" lease-time=30m name=TKGN01IPTV01
/interface pppoe-client
add add-default-route=yes disabled=no interface="T-Online DialIn V7" name="VDSL MediaNet Dial" password=passwd profile=\
default-encryption user=uid
/ip neighbor discovery
set "VDSL MediaNet Dial" discover=no
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" paypal-accept-pending=no paypal-allowed=no \
paypal-secure-response=no permissions=owner signup-allowed=no time-zone=-00:00
/interface bridge port
add bridge=Mainnet-Local interface="VoIP PBX Net"
add bridge=Mainnet-Local interface="Uplink GB Backbone"
add bridge=Mainnet-Local interface="Up WiFi"
add bridge=Mainnet-Local interface=ether5
add bridge=Mainnet-Local interface=ether6-master-local
add bridge="IPTV Network" interface="Media Receiver 2 - Port 10"
add bridge="IPTV Network" interface="Media Receiver 1 - Port 9"
/interface ethernet switch vlan
add disabled=yes ports="Media Receiver 1 - Port 9,Media Receiver 2 - Port 10" switch=switch2 vlan-id=10
/ip address
add address=192.168.1.1/24 comment="Primary Config - Main" interface=Mainnet-Local network=192.168.1.0
add address=192.168.16.1/24 interface="VDSL Modem Uplink" network=192.168.16.0
add address=192.168.10.1/24 interface="IPTV Network" network=192.168.10.0
/ip dhcp-client
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface="IPTV Net" use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 comment="TKGN01LTB01 Local Net LTB Main" dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.10.0/24 comment="IPTV Network on LTB01 Site" dns-server=192.168.10.1 gateway=192.168.10.1 ntp-server=\
192.168.1.1
/ip dns
set allow-remote-requests=yes cache-size=16284KiB max-udp-packet-size=8192 servers=208.67.220.220,208.67.222.222
/ip dns static
add address=192.168.1.1 name=TKGN01LTB01R01
add address=192.168.10.1 name=TKGN01LTB01IPTV01 ttl=1w
/ip firewall filter
add chain=input comment="VDSL V7 Dial In FW" in-interface="VDSL MediaNet Dial" protocol=icmp
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=20
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=25
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=53
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=110
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=123
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=143
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=194
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=443
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=465
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=496
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=554
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=563
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=580
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=989
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=990
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=993
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=995
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=1689
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5004
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5005
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5059
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5060
add chain=input in-interface="VDSL MediaNet Dial" protocol=udp src-port=5061
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=20
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=25
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=53
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=80
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=110
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=123
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=143
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=194
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=443
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=496
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=554
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=563
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=580
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=989
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=990
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=993
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=995
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=1689
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5004
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5005
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5059
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5060
add chain=input in-interface="VDSL MediaNet Dial" protocol=tcp src-port=5061
add chain=input connection-state=related disabled=yes
add chain=input connection-state=established disabled=yes in-interface="VDSL MediaNet Dial"
add action=log chain=input in-interface="VDSL MediaNet Dial" log-prefix=FW
add action=drop chain=input in-interface="VDSL MediaNet Dial"
/ip firewall nat
add action=masquerade chain=srcnat comment="Mask of external net -> PPPoE Dial in through vlan 7" out-interface=\
"VDSL MediaNet Dial" to-addresses=0.0.0.0 !to-ports
add action=masquerade chain=srcnat comment="Admin access to VDSL Modem" dst-address=192.168.16.0/24 out-interface=\
"VDSL Modem Uplink" src-address=192.168.1.0/24 src-address-list="" !to-addresses !to-ports
add action=masquerade chain=srcnat comment="Internet for IPTV" dst-address=192.168.1.0/24 src-address=192.168.10.0/24 \
!to-addresses !to-ports
/ip service
set telnet address=192.168.1.0/24
set ftp address=192.168.1.0/24
set www address=192.168.1.0/24
set www-ssl disabled=no
/lcd
set backlight-timeout=never current-interface=Mainnet-Local time-interval=daily
/lcd pin
set hide-pin-number=yes pin-number=0367
/lcd screen
set 0 timeout=30s
set 3 timeout=30s
set 5 timeout=1m
/routing igmp-proxy
set query-interval=30s quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=239.35.0.0/16,193.158.35.0/24,217.0.119.0/24 comment="IPTV Upstream to T-Home" interface=\
"IPTV Net" upstream=yes
add comment="IPTV Local Network for MediaReceivers" interface="IPTV Network"
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=TKGN01LTB01R01
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set "T-Online DialIn V7" disabled=yes display-time=5s
set IPTV_Wlan_Int disabled=yes display-time=5s
set "IPTV Net" disabled=yes display-time=5s
set "IPTV Network" disabled=yes display-time=5s
set Mainnet-Local disabled=yes display-time=5s
set sfp1-gateway disabled=yes display-time=5s
set "VDSL Modem Uplink" disabled=yes display-time=5s
set "VoIP PBX Net" disabled=yes display-time=5s
set "Uplink GB Backbone" disabled=yes display-time=5s
set "Up WiFi" disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6-master-local disabled=yes display-time=5s
set ether7-slave-local disabled=yes display-time=5s
set ether8-slave-local disabled=yes display-time=5s
set "Media Receiver 1 - Port 9" disabled=yes display-time=5s
set "VDSL MediaNet Dial" disabled=yes display-time=5s
set "Media Receiver 2 - Port 10" disabled=yes display-time=5s
/system leds
add interface="VDSL Modem Uplink" leds="(unknown)" type=interface-activity
add interface="VoIP PBX Net" type=interface-activity
/system ntp client
set enabled=yes primary-ntp=192.53.103.104 secondary-ntp=192.53.103.103
/system ntp server
set broadcast=yes broadcast-addresses=192.168.1.1 enabled=yes multicast=yes
/system routerboard settings
set cpu-frequency=750MHz
/tool mac-server
add disabled=no interface="VoIP PBX Net"
add disabled=no interface="Uplink GB Backbone"
add disabled=no interface="Up WiFi"
add disabled=no interface=ether5
add disabled=no interface=ether6-master-local
add disabled=no interface=ether7-slave-local
add disabled=no interface=ether8-slave-local
add disabled=no interface="Media Receiver 1 - Port 9"
add disabled=no interface=Mainnet-Local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface="VoIP PBX Net"
add interface="Uplink GB Backbone"
add interface="Up WiFi"
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface="Media Receiver 1 - Port 9"
add interface=Mainnet-Local
[admin@TKGN01LTB01R01] >
Also there is the need to request via dhcp client option 121, so I tried to configure, but it don´t work.
Finally the interface needs also connection to internet for some other services but it still won´t work.
Second problem is VoIP: Coulnd establish access to tel.telekom.de which delivers my VoIP
Any Ideas how this could be finally solved?
Thanks in advance for your help
Re: RB2011 19" Problems with routing
I forgot to tell: Because the RouterOS rely to linux, I guessed that it could be programmed - in the most things - like linux.
I tried many things the whole night, so I see the following things as a problem:
So first I can´t understand/see, why IGMP Proxy won´t work as suggested.
With alternate subnet or with the correct sub, there is no difference. I can see that the traffic flow through the router, MediaReceiver gets it´s IP and boots up. U can zap and also u hear good sound but the picture is disgusting. The picture is multiplexed in at least 6 row horizontal and I can´t see, why this happens. My Old cheap dump router done and do the job well, so it is not the receiver which is the root case, it have to do with the router.
Also I have a rule, that the media receiver could reach internet (for some functions this is needed) but never - at least when I try - this rule is affected what results in not functioning.
Second: VoIP. I have an IAD for VoIP. All setup correct, the IAD could not reach the VoIP server in Internet and it coulnd establish a connection to phone. In Firewall log I could not find any things relying to this, but it looks like, that the router would not forward any VoIP things.
So what is wrong, could u please help?
Thanks in advance
I tried many things the whole night, so I see the following things as a problem:
So first I can´t understand/see, why IGMP Proxy won´t work as suggested.
With alternate subnet or with the correct sub, there is no difference. I can see that the traffic flow through the router, MediaReceiver gets it´s IP and boots up. U can zap and also u hear good sound but the picture is disgusting. The picture is multiplexed in at least 6 row horizontal and I can´t see, why this happens. My Old cheap dump router done and do the job well, so it is not the receiver which is the root case, it have to do with the router.
Also I have a rule, that the media receiver could reach internet (for some functions this is needed) but never - at least when I try - this rule is affected what results in not functioning.
Second: VoIP. I have an IAD for VoIP. All setup correct, the IAD could not reach the VoIP server in Internet and it coulnd establish a connection to phone. In Firewall log I could not find any things relying to this, but it looks like, that the router would not forward any VoIP things.
So what is wrong, could u please help?
Thanks in advance
-
-
CelticComms
Forum Guru
- Posts: 1765
- Joined:
Re: RB2011 19" Problems with routing
I suggest that you install ROS 5.23 rather than any of the ROS 6 versions since there is more experience of IGMP on ROS 5 available at this point.
Then you need to be prepared to do some detective work.....
Then you need to be prepared to do some detective work.....
Re: RB2011 19" Problems with routing
Ok, I will install it later and try - it seems new is not even better - so what on VoIP. Do I need to forward traffic from outside to sip appliance, i.e. some DMZ work? Tried it, but it didn´t solved the VoIP problem.
- so what on VoIP. Do I need to forward traffic from outside to sip appliance, i.e. some DMZ work? Tried it, but it didn´t solved the VoIP problem.Re: RB2011 19" Problems with routing
@DannyRock
Hallo,
auch ich habe einen RB 2011UAS-RM erworben und möchte ihn hinter mein FTTH-Modem einsetzen.
Er soll meinen Speedport W921V an meinem Telekom Entertain 200/100 IP ersetzen.
Ich blicke nur noch nicht ganz bei der Konfiguration durch
Hast du vorher die Basis-Konfiguration gelöscht und ganz neu konfiguriert ?
Ich hätte gern bei mir ip-tv sowie Internet gleichzeitig auf eth2 - eth5,
konnte aber bis jetzt noch keine vernünftige Doku finden.
Bin für jeden Hinweis dankbar.
Hallo,
auch ich habe einen RB 2011UAS-RM erworben und möchte ihn hinter mein FTTH-Modem einsetzen.
Er soll meinen Speedport W921V an meinem Telekom Entertain 200/100 IP ersetzen.
Ich blicke nur noch nicht ganz bei der Konfiguration durch
Hast du vorher die Basis-Konfiguration gelöscht und ganz neu konfiguriert ?
Ich hätte gern bei mir ip-tv sowie Internet gleichzeitig auf eth2 - eth5,
konnte aber bis jetzt noch keine vernünftige Doku finden.
Bin für jeden Hinweis dankbar.
Re: RB2011 19" Problems with routing
Schreibe mir sehr gerne in ner Privatmail, da die Forumsprache leider Englisch ist.
Ich helfe auf Deutsch und schreibe auch rel. zügig zurück
VG
Ich helfe auf Deutsch und schreibe auch rel. zügig zurück
VG