Community discussions

MikroTik App
 
logocomune
just joined
Topic Author
Posts: 4
Joined: Thu Dec 12, 2013 10:35 am

951G-2HnD v6.7 interfaces strange problem

Thu Dec 12, 2013 1:27 pm

Hi All,
I have a 951G-2HnD with this interfaces configuration:
/interface print 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                TYPE               MTU L2MTU  MAX-L2MTU
 0  R  ether1-gateway      ether          1500  1598       4074
 1  R  ether2-master-local ether          1500  1598       4074
 2     ether3-slave-local  ether          1500  1598       4074
 3     ether4-slave-local  ether          1500  1598       4074
 4  R  ether5-slave-local  ether          1500  1598       4074
 5  R  wlan1               wlan           1500  2290
 6  R  bridge-local	   bridge	  1500  1598
Where ether1 and ether2 are master and ether3/4/5 are slave of ether2.
ether1,ether2 and wlan1 are bridged with bridge-local.

This configuration works fine with 5.26 but when I upgrade to 6.7 (also with 6.5 and 6.6) with a high traffic between ether1 and ether5 system stop working properly eg:

Pc connect on ether5 can only ping routerboard.
Wlan doesn't show any problem.
From routerboard I can ping pc on ether1 and ether5.

After few minutes or disable/enable again ether5 interface system works fine until reach high traffic between ether1/ether5.

Please, can you help me to find where is the problem?


thank you.
 
aaronhun22
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Fri Nov 15, 2013 2:15 am
Location: Las Vegas, Nevada, USA

Re: 951G-2HnD v6.7 interfaces strange problem

Thu Dec 12, 2013 8:43 pm

What is your export?
 
logocomune
just joined
Topic Author
Posts: 4
Joined: Thu Dec 12, 2013 10:35 am

Re: 951G-2HnD v6.7 interfaces strange problem

Fri Dec 13, 2013 2:28 pm

What is your export?
/interface bridge
add admin-mac=D4:CA:6D:A8:A3:C2 auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
    ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
    ether4-slave-local
set [ find default-name=ether5 ] auto-negotiation=no master-port=\
    ether2-master-local name=ether5-slave-local
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
    123123123123123 wpa2-pre-shared-key=123123123123123
add authentication-types=wpa2-psk mode=dynamic-keys name=wpa2 \
    wpa-pre-shared-key=123123123123123123 wpa2-pre-shared-key=\
    123123123123123123
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=\
    20/40mhz-ht-above country=italy disabled=no distance=indoors frequency=\
    2472 l2mtu=2290 mode=ap-bridge security-profile=wpa2 ssid=first \
    wireless-protocol=802.11
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=default-dhcp ranges=192.168.1.100-192.168.1.254
add name=virtual ranges=192.168.2.0/24
/ip dhcp-server
add address-pool=default-dhcp authoritative=yes interface=bridge-local name=\
    default
add address-pool=virtual name=server1
/queue simple
add comment="Upload/Download inverted (ADSL)" max-limit=55M/55M name=\
    Wireless_bridge target=ether1-gateway total-max-limit=60M
add name=high_priority packet-marks=high_priority parent=Wireless_bridge \
    priority=1/1 target=ether1-gateway
add max-limit=20M/1M name=internet packet-marks=internet parent=\
    Wireless_bridge priority=4/4 target=ether1-gateway
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether1-gateway
add bridge=bridge-local disabled=yes
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes
/ip address
add address=192.168.1.3/24 interface=wlan1 network=192.168.1.0
add address=192.168.2.3/24 disabled=yes network=192.168.2.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
    bridge-local
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.1.3,8.8.8.8 gateway=192.168.1.1 netmask=24
add address=192.168.2.0/24 dns-server=192.168.2.3 gateway=192.168.2.3 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall connection tracking
set enabled=yes
/ip firewall filter
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
/ip firewall mangle
add action=mark-packet chain=postrouting comment="to DNS" dst-port=53 \
    new-packet-mark=high_priority out-interface=bridge-local passthrough=no \
    protocol=udp
add action=mark-packet chain=postrouting comment="from DNS" new-packet-mark=\
    high_priority out-interface=bridge-local protocol=udp src-port=53
add action=mark-packet chain=postrouting comment="Upload internet" \
    dst-address=!192.168.1.0/24 new-packet-mark=internet out-interface=\
    bridge-local protocol=tcp src-address=192.168.1.0/24 tcp-flags=""
add action=mark-packet chain=postrouting comment="Download internet" \
    dst-address=192.168.1.0/24 new-packet-mark=internet out-interface=\
    bridge-local protocol=tcp src-address=!192.168.1.0/24
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=\
    yes out-interface=ether1-gateway
add action=masquerade chain=srcnat disabled=yes out-interface=bridge-local \
    src-address=192.168.2.0/24
/ip proxy
set parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=192.168.1.1
/ip service
set telnet disabled=yes
set ssh port=2222
/ip smb
set domain=WORKGROUP
/system clock
set time-zone-name=Europe/Rome
/system identity
set name=stormy
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge-local disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set ether1-gateway disabled=yes display-time=5s
set ether2-master-local disabled=yes display-time=5s
set ether3-slave-local disabled=yes display-time=5s
set ether4-slave-local disabled=yes display-time=5s
set ether5-slave-local disabled=yes display-time=5s
/system leds
set 0 interface=wlan1
 
aaronhun22
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Fri Nov 15, 2013 2:15 am
Location: Las Vegas, Nevada, USA

Re: 951G-2HnD v6.7 interfaces strange problem

Tue Dec 17, 2013 2:19 am

From what I can see you have your WAN port in your Bridge which it shouldn't be. All you need is 1 masquerading rule on the WAN interface and remove it from the bridge. Then put your dhcp-client on the WAN as well.
 
logocomune
just joined
Topic Author
Posts: 4
Joined: Thu Dec 12, 2013 10:35 am

Re: 951G-2HnD v6.7 interfaces strange problem

Tue Dec 17, 2013 10:46 am

From what I can see you have your WAN port in your Bridge which it shouldn't be. All you need is 1 masquerading rule on the WAN interface and remove it from the bridge. Then put your dhcp-client on the WAN as well.
At the moment my configuration is:
192.168.1.0/24 <-->(eth1) Mikotik 951 (eth2/3/4/5,wlan) <--> 192.168.1.0/24

I choose default bridge mode because I need that all ports are on the same subnet.

So is my only solution fall back to V5.26 ?
 
Rudios
Forum Veteran
Forum Veteran
Posts: 977
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: 951G-2HnD v6.7 interfaces strange problem

Tue Dec 17, 2013 1:59 pm

You actually need a switch instead of a router :)
What I see is you have disabled auto-negotiation on port ether5.
Did you also force the speed/duplex on the connected device. Failure to do so will result in unwanted behaviour
 
logocomune
just joined
Topic Author
Posts: 4
Joined: Thu Dec 12, 2013 10:35 am

Re: 951G-2HnD v6.7 interfaces strange problem

Tue Dec 17, 2013 5:45 pm

You actually need a switch instead of a router :)
What I see is you have disabled auto-negotiation on port ether5.
Did you also force the speed/duplex on the connected device. Failure to do so will result in unwanted behaviour
Yes a switch give me less problem :)
But when all will be stable I plan to add qos and filter between eth2/3/4/5/wlan and eth1.

I disabled auto-negotiation only for test. But ethernet connection is good. When comunication between eth1 and eth5 stops I have no problem between wlan <--> eth5 and wlan <--> eth1.
 
Rudios
Forum Veteran
Forum Veteran
Posts: 977
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: 951G-2HnD v6.7 interfaces strange problem

Tue Dec 17, 2013 6:32 pm

What are your exact needs?