Hello, I am attempting at configuring a Static IP provided by an internet service provider on a RouterBoard 2011Ui AS-RM. This is my first attempt at this configuration, Ive exhausted all efforts and have searched forums and videos to no resolve. I was provided the following information by the ISP

Static IP: XX.XX.XXX.110
Subnet: 255.255.255.252
Gateway: XX.XX.XXX.109

DNS 1: XX.XX.XX.35
DNS 2: XX.XX.XX.36

------------------------------------

This is my current basic configuration, If someone can be kind enough to point out where my error/s may be?
*NOTE: When I input the Static IP address as provided, along with the /30 subnet, it does not want to take a .109 for the gateway and continuously converts it to .108 no matter what I do. I would assume it has to do with the subnet calc considering it is a .252 (/30)

[admin@MikroTik] > export
# dec/28/2015 23:22:44 by RouterOS 6.33.3
# software id = 1CJK-0VUQ
#
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:34 auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=\
ether10-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
/ip address
add address=10.0.0.1/24 comment="default configuration" interface=\
ether2-master-local network=10.0.0.0
add address=XX.XX.XXX.110/30 interface=ether1-gateway network=XX.XX.XXX.108
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server network
add address=10.0.0.0/24 comment="default configuration" gateway=10.0.0.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=XX.XX.XX.35,XX.XX.XX.36
/ip dns static
add address=10.0.0.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\
established,related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add chain=forward comment="default configuration" connection-state=\
established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
/ip route
add distance=1 gateway=XX.XX.XXX.109
/system clock
set time-zone-name=America/New_York
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=bridge-local
[admin@MikroTik] >

Could you bold the place in the config where you expect .109 instead of .108 ?
When you assign IP to ether1-gateway then the mask .252 (/30) makes the subnet to start from XX.XX.XX.108 and end with XX.XX.XX.111 so you have XX.XX.XX.110 for you and the only one "free" address is XX.XX.XX.109 which you have specified as gateway in the IP/Routes as default gateway.
In the ROS "world" there is no one dialog box like Windows' one where you specify all IP information.

[admin@MikroTik] > export
# dec/28/2015 23:22:44 by RouterOS 6.33.3
# software id = 1CJK-0VUQ
#
/interface bridge
add admin-mac=XX:XX:XX:XX:XX:34 auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=\
ether10-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/ip pool
add name=dhcp ranges=10.0.0.10-10.0.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/interface bridge port
add bridge=bridge-local interface=ether2-master-local
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
/ip address
add address=10.0.0.1/24 comment="default configuration" interface=\
ether2-master-local network=10.0.0.0
add address=XX.XX.XXX.110/30 interface=ether1-gateway network=XX.XX.XXX.108
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=\
ether1-gateway
/ip dhcp-server network
add address=10.0.0.0/24 comment="default configuration" gateway=10.0.0.1 \
netmask=24
/ip dns
set allow-remote-requests=yes servers=XX.XX.XX.35,XX.XX.XX.36
/ip dns static
add address=10.0.0.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=\
established,related
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=fasttrack-connection chain=forward comment="default configuration" \
connection-state=established,related
add chain=forward comment="default configuration" connection-state=\
established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=ether1-gateway
/ip route
add distance=1 gateway=XX.XX.XXX.109
/system clock
set time-zone-name=America/New_York
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=ether10-slave-local
add interface=sfp1
add interface=bridge-local
[admin@MikroTik] >

Your configuration looks correct. I suspect that the link to your ISP's device is not working right.

Check the ARP cache. In winbox, go to IP > ARP
You should see a MAC address for xx.xx.xxx.109
If not, then you've got a communication problem on ether1-gateway

My 2011 wouldn't link to my cablemodem on the gigabit ports, so I had to move my wan connection to ether6.

Check to see that you've got a link on ether1.
Check to see that the Mikrotik shows R flag next to ether1 in the ethernet interfaces list.
Double-click the ether1-gateway interface and move to the Status tab.
It should show Rate = 100Mbps (or 1Gbps / 1000Mbps) and have a check in "Full Duplex"

If the status doesn't look right, then try moving your link to the ISP onto ether10:
Remove the slave configuration on ether10 - in the General tab, set Master Port to none.

Then move the IP address from ether1-gateway to ether10.

Test it by opening the ping tool and trying to ping something well known like 8.8.8.8
If it works, then your gigabit interface is giving you the problem. You could try to troubleshoot it further, or you could be like me and just be lazy. To finish being lazy, go through your firewall NAT and Filter rules and change everything that says ether1-gateway to say ether10.

Clean up by re-naming ether10 -> ether10-gateway (all rules will update automatically when you rename it), rename ether1-gateway to ether1-slave-local, and finally, configure master-port for ether1-slave-local to be ether2-master-local

Your configuration looks correct. I suspect that the link to your ISP's device is not working right.

Check the ARP cache. In winbox, go to IP > ARP
You should see a MAC address for xx.xx.xxx.109
If not, then you've got a communication problem on ether1-gateway

My 2011 wouldn't link to my cablemodem on the gigabit ports, so I had to move my wan connection to ether6.

Check to see that you've got a link on ether1.
Check to see that the Mikrotik shows R flag next to ether1 in the ethernet interfaces list.
Double-click the ether1-gateway interface and move to the Status tab.
It should show Rate = 100Mbps (or 1Gbps / 1000Mbps) and have a check in "Full Duplex"

If the status doesn't look right, then try moving your link to the ISP onto ether10:
Remove the slave configuration on ether10 - in the General tab, set Master Port to none.

Then move the IP address from ether1-gateway to ether10.

Test it by opening the ping tool and trying to ping something well known like 8.8.8.8
If it works, then your gigabit interface is giving you the problem. You could try to troubleshoot it further, or you could be like me and just be lazy. To finish being lazy, go through your firewall NAT and Filter rules and change everything that says ether1-gateway to say ether10.

Clean up by re-naming ether10 -> ether10-gateway (all rules will update automatically when you rename it), rename ether1-gateway to ether1-slave-local, and finally, configure master-port for ether1-slave-local to be ether2-master-local

Thank you! I will look into everything you have explained and report back!

hello! I tried to perform a ping through terminal within mikrotik and it cannot resolve, I do see an "R" (gateway1) while in interface list and it is acquiring an ARP from the .109
looks like it could be a DNS issue I cannot seem to figure out. I am as well receiving m traffic to a device (laptop) but unable to resolve a DNS.

Your configuration looks correct. I suspect that the link to your ISP's device is not working right.

Check the ARP cache. In winbox, go to IP > ARP
You should see a MAC address for xx.xx.xxx.109
If not, then you've got a communication problem on ether1-gateway

My 2011 wouldn't link to my cablemodem on the gigabit ports, so I had to move my wan connection to ether6.

Check to see that you've got a link on ether1.
Check to see that the Mikrotik shows R flag next to ether1 in the ethernet interfaces list.
Double-click the ether1-gateway interface and move to the Status tab.
It should show Rate = 100Mbps (or 1Gbps / 1000Mbps) and have a check in "Full Duplex"

If the status doesn't look right, then try moving your link to the ISP onto ether10:
Remove the slave configuration on ether10 - in the General tab, set Master Port to none.

Then move the IP address from ether1-gateway to ether10.

Test it by opening the ping tool and trying to ping something well known like 8.8.8.8
If it works, then your gigabit interface is giving you the problem. You could try to troubleshoot it further, or you could be like me and just be lazy. To finish being lazy, go through your firewall NAT and Filter rules and change everything that says ether1-gateway to say ether10.

Clean up by re-naming ether10 -> ether10-gateway (all rules will update automatically when you rename it), rename ether1-gateway to ether1-slave-local, and finally, configure master-port for ether1-slave-local to be ether2-master-local

It's DNS.
Go into IP > DNS and specify some servers there - either the ones your ISP gave you to use, or just put 8.8.8.8 and 4.2.2.2 in there.

It's DNS.
Go into IP > DNS and specify some servers there - either the ones your ISP gave you to use, or just put 8.8.8.8 and 4.2.2.2 in there.

ZeroByte, I apologize for the delayed response, I was able to trace the issue to the modem, for some particular reason it was experiencing DNS resolution issues right out of the modem but when plugged into the old router it seem to work just fine which leads me to believe the modem had some sort of a static feature or ARP/MAC list, but either how I was able to get the provider to replace that old docsis 2.0 modem for a 3.0 and glad to inform that we are up and running!

Now my only issue is I cannot figure out why the mobile devices can not gain access to the CCTV DVR. I applied all the appropriate DST NAT configs / port settings in "NAT settings" and under connections I clearly see the IP trying to access the port "8000" but TCP State shows it immediately "Close"

Other than this, EVERYTHING else is golden. Thank you again for the tips!

Now my only issue is I cannot figure out why the mobile devices can not gain access to the CCTV DVR. I applied all the appropriate DST NAT configs / port settings in "NAT settings" and under connections I clearly see the IP trying to access the port "8000" but TCP State shows it immediately "Close"

This means that something is refusing the connection - either the DVR itself or else the Mikrotik. I presume that you're doing a NAT pinhole to forward port 8000 on the Mikrotik's wan interface inward to the DVR. Does the DVR use port 8000 or just port 80? If the DVR is using some other port than 8000, then you need to modify the "inside" port number in the action tab of the nat rule. To Ports=xxxx (whatever port you use when talking to the DVR directly while inside your LAN)

If this setting is correct, then you might have an issue with your forwarding chain in the filter table.
Be sure that it allows packets whose destination is the LAN IP of the DVR with port 8000 (or whatever the inside port number is) and make sure this rule comes before any "Default drop all" rule.