We currently have a Netgear WiFi Router that connects to a Comcast Internet with a Static IP and then to our Netgear Switch. I have added a Mikrotik CRS as another switch and that is working fine. I have purchased a Routerboard 1100AHx2 which I would like to use to replace the Netgear as our main Internet router.

Using the QuickSet, I setup the WAN side with the exact same static IP, Subnet, GW and DNS servers as the Netgear and gave it the same IP address on the LAN side. I checked to bridge all ports and checked NAT. I removed the Netgear and replaced it with the RB and I could access it via the MAC or IP using Winbox just fine. Using the tools, I could ping from the RB to anything on the LAN side and on the WAN port of the RB. However, it will not route anything over the Internet. DNS servers do not resolve and I cannot ping the DNS server.

If I remove the RB and put back the Netgear, I'm able to ping the DNS servers, Google and etc.

QUESTION: After setting up with QUICKSET, is there something else I must do to enable basic routing over the Internet Connection?

Hi ,
i don't recommend QuickSet , configure your router manually , go to IP/Addresses , IP/DNS and IP/Routes see what happens ! add some DNS server manually

Hi ,
i don't recommend QuickSet , configure your router manually , go to IP/Addresses , IP/DNS and IP/Routes see what happens ! add some DNS server manually

Thx! I'll try that next.

For more detail, I will use the following fictitious IP scheme:

Internet Static IP: 1.1.1.1
Internet Subnet: 255.255.255.252
Internet GW IP: 1.1.1.2
DNS: 4.4.4.4 | 5.5.5.5

LAN Static IP: 192.168.1.1
Subnet: 255.255.255.0
GW: 192.168.1.2 (File/Print/DHCP/DNS server)
DNS: 192.168.1.2


To initially setup, I use QuickSet and set it up with:

Internet (Our Current LAN Network)
IP: 192.168.1.3
SN: 255.255.255.0
GW: 192.168.1.10
DNS: 192.168.1.10

LAN (A new network)
IP: 192.168.2.1
SN: 255.255.255.0
GW: 192.168.2.1
DNS:

Check DHCP (192.168.2.100-192.168.2.199)
Check Bridge All Ports
Check NAT


When I do this, I connect my laptop to one of the router ports and I get 192.168.2.100 and am able to ping all assets on the 192.168.2.x and 192.168.1.x networks. Also, I am able to browse the web and perform ping/traceroute to google.com. All is good.


I then turn off the Internet modem and current WiFi/Router. Using Quickset, I change the Routerboard to:
Internet Static IP: 1.1.1.1
Internet Subnet: 255.255.255.252
Internet GW IP: 1.1.1.2
DNS: 4.4.4.4 | 5.5.5.5

LAN Static IP: 192.168.1.1
Subnet: 255.255.255.0
GW: 192.168.1.2
DNS: 192.168.1.2
Uncheck DHCP
Leave NAT checked


I then save and shutdown the Routerboard. I connect the Routerboard to the modem and to the switch. I turn on the modem and let it boot. Then I boot the routerboard. I can ping all local assets (192.168.1.x) and I can ping the public side of the router (1.1.1.1). However, I cannot ping the PUBLIC gateway, DNS servers nor can I resolve any domain names. I cannot ping or traceroute to google.com.

I'm thinking there is just something not quite right in the Routerboard. To test, I'm going to connect an Apple Airport this evening with the public/private settings I'm trying to use to make sure it works. If it does, then I know the ISP is fine but it is just my Routerboard.

Quickset is only intended to be used from a blank router setup.

Setup it as how you think it should be for Internet router role, then open a new terminal and issue:
then post the output here (edit out public IPs network bit with letters).

some points to check:

You cannot bridge all ports, the WAN port should be unbridged. that could be the problem on your first try.

Other things being right, most probable cause for this (the router itself pings internet but the lan behind it doesn't) is NAT doing masquerade on the wrong interface, or the nat rule having other parameters wrong.

Quickset is only intended to be used from a blank router setup.

Setup it as how you think it should be for Internet router role, then open a new terminal and issue:

Code: Select all

/export hide-sensitive

then post the output here (edit out public IPs network bit with letters).

some points to check:

You cannot bridge all ports, the WAN port should be unbridged. that could be the problem on your first try.

Other things being right, most probable cause for this (the router itself pings internet but the lan behind it doesn't) is NAT doing masquerade on the wrong interface, or the nat rule having other parameters wrong.

Thank you for the response and the suggestions. This evening when the office closes, I will try your suggestions. I'm leaning towards the bridge possibility you mentioned. Thank you!

Hi FirstTech,

not sure if this helps, but you could try and clone the MAC of your old router to the WAN interface of the MikroTik. This way you'll go around possible ARP issues, plus if the provider locks onto the MAC address, they'll think you are still using the old router..

Just my 2cts.. worth a try

Menno

Quickset is only intended to be used from a blank router setup.

Setup it as how you think it should be for Internet router role, then open a new terminal and issue:

Code: Select all

/export hide-sensitive

then post the output here (edit out public IPs network bit with letters).

some points to check:

You cannot bridge all ports, the WAN port should be unbridged. that could be the problem on your first try.

Other things being right, most probable cause for this (the router itself pings internet but the lan behind it doesn't) is NAT doing masquerade on the wrong interface, or the nat rule having other parameters wrong.

Thank you for the response and the suggestions. This evening when the office closes, I will try your suggestions. I'm leaning towards the bridge possibility you mentioned. Thank you!

Quickset is only intended to be used from a blank router setup.

Setup it as how you think it should be for Internet router role, then open a new terminal and issue:

Code: Select all

/export hide-sensitive

then post the output here (edit out public IPs network bit with letters).

some points to check:

You cannot bridge all ports, the WAN port should be unbridged. that could be the problem on your first try.

Other things being right, most probable cause for this (the router itself pings internet but the lan behind it doesn't) is NAT doing masquerade on the wrong interface, or the nat rule having other parameters wrong.

Thank you for the response and the suggestions. This evening when the office closes, I will try your suggestions. I'm leaning towards the bridge possibility you mentioned. Thank you!

I set it up and I noticed that under Routes, the route to 0.0.0.0 going through my Internet GW (1.1.1.2) is unreachable. I imagine this is the issue. To be safe, I spoofed the MAC address to match the Netgear device, just in case my ISP required a certain MAC (even though they told me they do not.)

Since I'm setting the Internet IP to static, why would it say, "add dhcp-options=hostname,clientid interface=ether1" in the config below? I would think it would either not be there at all.

Below is what I get, edited with my fictitious IP info I outlined earlier:
[admin@MikroTik] > /export hide-sensitive
# jan/02/1970 00:13:33 by RouterOS 6.34.3
# software id = A1FS-JK82
#
/interface bridge
add name=bridge1
/interface ethernet
set [ find default-name=ether1 ] mac-address=20:4E:7F:16:C8:F5
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
add bridge=bridge1 interface=ether9
add bridge=bridge1 interface=ether10
add bridge=bridge1 interface=ether11
add bridge=bridge1 interface=ether12
add bridge=bridge1 interface=ether13
/ip address
add address=1.1.1.1/30 interface=ether1 network=1.1.1.120
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dns
set servers=8.8.8.8,4.2.2.2,75.75.75.75
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip route
add distance=1 gateway=1.1.1.2

Any help would be greatly appreciated!

I have tried everything I can think of to get this to work. However, the route for 0.0.0.0/0 over the Internet GW is always unreachable. My ISP is Comcast, so I think I'll look on their forums. Anyone know of any funky things with setting up a static public IP and connecting to their business modem? (Not a router)

that's wrong... should be
Can fix that by editing directly the IP in IP > address; that should fix the 1.1.1.2 unreachability.

Use http://jodies.de/ipcalc if your IP is completely different (not ending in .1) to check for proper addresses and network address.

Code: Select all

/ip address
add address=1.1.1.1/30 interface=ether1 network=1.1.1.120

that's wrong... should be

Code: Select all

/ip address
add address=1.1.1.1/30 interface=ether1 network=1.1.1.0

Can fix that by editing directly the IP in IP > address; that should fix the 1.1.1.2 unreachability.

Use http://jodies.de/ipcalc if your IP is completely different (not ending in .1) to check for proper addresses and network address.

Thank you. I'll take a look at that when I go in next (out of the office today) and see if that works.

Code: Select all

/ip address
add address=1.1.1.1/30 interface=ether1 network=1.1.1.120

that's wrong... should be

Code: Select all

/ip address
add address=1.1.1.1/30 interface=ether1 network=1.1.1.0

Can fix that by editing directly the IP in IP > address; that should fix the 1.1.1.2 unreachability.

Use http://jodies.de/ipcalc if your IP is completely different (not ending in .1) to check for proper addresses and network address.

After further review of your suggestion, this will not work. The 1.1.1.120 network (NOT 1.1.1.0 as you suggest) is because the subnet for ether1 is 255.255.255.252, not 255.255.255.0. So, when I go into the IP address, I cannot change the network to 1.1.1.0 as the it automatically changes it back. I did try changing my subnet to 255.255.255.0 and I tried 255.255.0.0. In both cases, the rout then said it was reachable, however, I still could not ping google.com, 75.75.75.75 and etc.

/30 == 255.255.255.252 if the original ip ends in .1, the network address would be .0 and broadcast address .3 leaving .2 for the other end.

What's the number your real ip ends in? .1 or .121?

/30 == 255.255.255.252 if the original ip ends in .1, the network address would be .0 and broadcast address .3 leaving .2 for the other end.

What's the number your real ip ends in? .1 or .121?

Thank you, again, for your response and help. Sorry for the confusion when I put fake IPs in. I mislead you. I will show the last two octets of the real IP addresses so that might be better:

Internet IP: x.x.9.121
Subnet: 255.255.255.252
Internet GW: x.x.69.122

I will try to re-export and post with only hiding the first 2 octets.

Oh, geez...I'M SO STUPID!!!!!!!!!!!!!!!!!!!!!!!!!!!!

So, after getting totally frustrated I decided to look at the netgear for the 1billionth time to find something that I was missing. That's when my eyes saw something I had overlooked so many times....my ip is supposed to be x.x.69.121, not x.x.9.121. UGH! I looked at that line by line so many times.

Thank you for your help, though. I totally sent you down the wrong rabbit hole.

so that was the problem? everything working fine now?

Well, I knew the problem had to be with WAN <-> ISP gateway communication

so that was the problem? everything working fine now?

Well, I knew the problem had to be with WAN <-> ISP gateway communication

Yes, working great now!