Hey folks apologies for the newb questions but i think i did enough from my side and now its a step to ask guru.
i have Mikrotik hAP mini (RB931-2nD)
i turn it on instead of main big router in times of blackout here due to war. it is very helpful because i can run it with powerbank
so few days ago i turned it ON and... it stopped to giving away internet.
what i did:
- reset and checked settings, all was good and same as before, when it worked previously
- changed MAC to match mac of another router that works, to see if may be ISP now hard-link connection to mac-address - not helped.
(Address Acquisition from my ISP was and is always "Automatic" = ethernet)
- updated RouterOS via netinstall to latest version, issue not fixed
- downgraded RouterOS to oldest i found - same result
- found out as a Bridge between main router and PC it still working, just can not work in Router mode anymore
- in some cases i even can not access it by ip address, and must use WinBox to connect by MAC
- it is because if in my PC network adapter IP address set as "receive automatically" Microtik router do not giving correct address, and need to be entered manually, ie 192.168.88.2 and gateway 192.168.88.1, etc.
soo... can this be may be hardware issue of the router? help me to troubleshoot
thanks in advance, Tony
Re: Help please, router working only as a bridge.
It sounds very strange, as you say the management access is still possible and you could upgrade and downgrade it even using netinstall. Since netinstall is not exactly user friendly, I suppose you did check after netinstall what the version was using a normal management connection (winbox, webfig, ssh...). If it wasn't for a working Netinstall, I would assume your ether1 to be broken and suggest to configure some other port as WAN, but that way you would end up with a single LAN port, so even if that helps restore the routing functionality, the result may not be sufficient for your needs. Do you use it as a WiFi AP, and does that work (in bridge mode)? And when you say it works in bridge mode, so you use the WAN port (ether1) to connect to the other router or one of the LAN ones (ether2,ether3)?
-
-
QuadroTony
just joined
- Posts: 5
- Joined:
Re: Help please, router working only as a bridge.
as a bridge i use WAN port to connect main router and then any LAN port to connect to laptop/PCIt sounds very strange, as you say the management access is still possible and you could upgrade and downgrade it even using netinstall. Since netinstall is not exactly user friendly, I suppose you did check after netinstall what the version was using a normal management connection (winbox, webfig, ssh...). If it wasn't for a working Netinstall, I would assume your ether1 to be broken and suggest to configure some other port as WAN, but that way you would end up with a single LAN port, so even if that helps restore the routing functionality, the result may not be sufficient for your needs. Do you use it as a WiFi AP, and does that work (in bridge mode)? And when you say it works in bridge mode, so you use the WAN port (ether1) to connect to the other router or one of the LAN ones (ether2,ether3)?
in PTP Bridge AP mode all working good including Wi-fi, just tested
P.S. routerOS right now 6.49
downgraded from 7.15+ because i read it recommended to have 64 ram for newest versions, while this router has 32
Re: Help please, router working only as a bridge.
You can use it as a bridge or as a router.
Difference is:
bridge mode:
- all ethernet and wifi interfaces as ports connected to the bridge
- all IP addresses do come from uplink internet router (which has the DHCP server and gives IP adresses to MT and clients)
- management access is always possible with WinBox using the MAC address in Winbox "Neighbors" tab
router mode
- one ethernet is NOT connected to the bridge
- that ethernet has DHCP client enabled, and is part of the "WAN" interface list (because the default firewall has security rules and has NAT masquerade rule for outgoing WAN traffic)
- that ethernet interface gets IP address and default route and DNS pointer from the uplink internet router
- all other interfaces (ethernet and wifi) are set as ports of the bridge
- the bridge interface is added to the "LAN" interface list (allowing access by the clients via all ports of the bridge)
- the bridge runs a DHCP server, with default route defined to itself. It also gives a DNS server address to the clients
- normally there is a "masquerade" firewall rule for WAN outgoing traffic in the firewall
- clients can reach internet and uplink router. Clients can answer but cannot be connected from internet or internet router.
I don't like the confusing "Quick set" method, but yhis router mode is close to "Home AP Dual" , not bridged!
You have to define the internet network and the local network when using as router.
Difference is:
bridge mode:
- all ethernet and wifi interfaces as ports connected to the bridge
- all IP addresses do come from uplink internet router (which has the DHCP server and gives IP adresses to MT and clients)
- management access is always possible with WinBox using the MAC address in Winbox "Neighbors" tab
router mode
- one ethernet is NOT connected to the bridge
- that ethernet has DHCP client enabled, and is part of the "WAN" interface list (because the default firewall has security rules and has NAT masquerade rule for outgoing WAN traffic)
- that ethernet interface gets IP address and default route and DNS pointer from the uplink internet router
- all other interfaces (ethernet and wifi) are set as ports of the bridge
- the bridge interface is added to the "LAN" interface list (allowing access by the clients via all ports of the bridge)
- the bridge runs a DHCP server, with default route defined to itself. It also gives a DNS server address to the clients
- normally there is a "masquerade" firewall rule for WAN outgoing traffic in the firewall
- clients can reach internet and uplink router. Clients can answer but cannot be connected from internet or internet router.
I don't like the confusing "Quick set" method, but yhis router mode is close to "Home AP Dual" , not bridged!
You have to define the internet network and the local network when using as router.
-
-
QuadroTony
just joined
- Posts: 5
- Joined:
Re: Help please, router working only as a bridge.
as a bridge i can use it without issues, yesYou can use it as a bridge or as a router.
Difference is:
bridge mode:
- all ethernet and wifi interfaces as ports connected to the bridge
- all IP addresses do come from uplink internet router (which has the DHCP server and gives IP adresses to MT and clients)
- management access is always possible with WinBox using the MAC address in Winbox "Neighbors" tab
router mode
- one ethernet is NOT connected to the bridge
- that ethernet has DHCP client enabled, and is part of the "WAN" interface list (because the default firewall has security rules and has NAT masquerade rule for outgoing WAN traffic)
- that ethernet interface gets IP address and default route and DNS pointer from the uplink internet router
- all other interfaces (ethernet and wifi) are set as ports of the bridge
- the bridge interface is added to the "LAN" interface list (allowing access by the clients via all ports of the bridge)
- the bridge runs a DHCP server, with default route defined to itself. It also gives a DNS server address to the clients
- normally there is a "masquerade" firewall rule for WAN outgoing traffic in the firewall
- clients can reach internet and uplink router. Clients can answer but cannot be connected from internet or internet router.
I don't like the confusing "Quick set" method, but yhis router mode is close to "Home AP Dual" , not bridged!
You have to define the internet network and the local network when using as router.
problems comes when i trying to use it as a router, as explained before, it just refuse to give away internet in this mode, both by LAN or Wi-fi
during blackouts i can not use it as a bridge because i need to turn off main router, its too power consumption and thats the reason i bought 5v Microtic
Re: Help please, router working only as a bridge.
Please post the export of the configuration:as a bridge i use WAN port to connect main router and then any LAN port to connect to laptop/PC
in PTP Bridge AP mode all working good including Wi-fi, just tested
- run /export hide-sensitive file=somenicename in terminal
- download somenicename.rsc to your PC
- obfuscate any items that might identify you (usernames to external services, e-mail addresses, public/global IPs, ...)
- post the result here between [code] and [/code] tags
-
-
QuadroTony
just joined
- Posts: 5
- Joined:
Re: Help please, router working only as a bridge.
sorry for delay, here it is. Weird but zip file can not be extracted or opened, errors invalid file etc. downloaded by WinBox. Only was able to view file if open it without extraction inside WinRarPlease post the export of the configuration:as a bridge i use WAN port to connect main router and then any LAN port to connect to laptop/PC
in PTP Bridge AP mode all working good including Wi-fi, just testedIf it bridges between LAN ports and the WAN one and there is no misconfiguration, it seems as if the internal upload of configuration into the swicth chip fails for some reason.
- run /export hide-sensitive file=somenicename in terminal
- download somenicename.rsc to your PC
- obfuscate any items that might identify you (usernames to external services, e-mail addresses, public/global IPs, ...)
- post the result here between [code] and [/code] tags
Code: Select all
# sep/01/2024 11:38:46 by RouterOS 6.49.11
# software id = RGXP-593J
#
# model = RB931-2nD
# serial number = HCY087XW6VG
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] country=ukraine disabled=no mode=ap-bridge \
ssid=MikroTik wireless-protocol=802.11
/interface wireless nstreme
set wlan1 framer-policy=best-fit
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=0.0.0.1-0.0.0.254
/ip dhcp-server
add address-pool=dhcp interface=ether2 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=wlan1
add bridge=bridge1 hw=no interface=ether1
/interface list member
add interface=ether1 list=WAN
add list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=wlan1 list=LAN
/ip address
add address=192.168.88.1/24 disabled=yes interface=bridge1 network=\
192.168.88.0
/ip dhcp-client
add disabled=no interface=bridge1
/ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN
/system clock
set time-zone-name=Europe/Kiev
Re: Help please, router working only as a bridge.
Nothing weird about that - it indeed is a plain text file. .rsc probably stands for RouterOS Script or so.Weird but zip file can not be extracted or opened, errors invalid file etc. downloaded by WinBox. Only was able to view file if open it without extraction inside WinRar
There are several weird bits in your configuration:
/ip pool
add name=dhcp ranges=0.0.0.1-0.0.0.254
/ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
Is this a result of obfuscation or these are the actual settings? IP addresses in the range 192.168.0.0-192.168.255.255 (and also 172.16.0.0-172.31.255.255 and 10.0.0.0-10.255.255.255) are private ones and need not be obfuscated.
But then, where do these ones come from?
/ip address
add address=192.168.88.1/24 disabled=yes interface=bridge1 network=192.168.88.0
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN
/ip dhcp-client
add disabled=no interface=bridge1
I mean, none of the above explains why the device bridges between ether1 and the other two ports, but it explains quite well why it does not route. So please be more specific on the first two items (reality/obfuscation) and then we may move further to fixing the rest and eventually testing the mysterious bridging.
Re: Help please, router working only as a bridge.
Oops, I have missed this one:
/interface bridge port
add bridge=bridge1 hw=no interface=ether1
So this one does explain why ether1 is bridged with the remaining ports.
But it places a big question mark over the presumed "reset to defaults", it seems it has never actually happened.
/interface bridge port
add bridge=bridge1 hw=no interface=ether1
So this one does explain why ether1 is bridged with the remaining ports.
But it places a big question mark over the presumed "reset to defaults", it seems it has never actually happened.
-
-
QuadroTony
just joined
- Posts: 5
- Joined:
Re: Help please, router working only as a bridge.
hey, i did not edit/obfuscate anything, this was full text from the fileOops, I have missed this one:
/interface bridge port
add bridge=bridge1 hw=no interface=ether1
So this one does explain why ether1 is bridged with the remaining ports.
But it places a big question mark over the presumed "reset to defaults", it seems it has never actually happened.
Re: Help please, router working only as a bridge.
Let's list the usual settings when the device is set as a router, the ether1 is "self-standing" (not part of a bridge) has a DHCP client active (it gets its IP address from the ISP router to which is connected) a DHCP server is running on the bridge (to which all othe rinterfaces are added) giving out addresses in the range 192.168.88.10-192.168.88.254.
These are the normal, default "defconf" settings (used your "bridge1" instead of the default "bridge" name):
Ip pool:
Then there is the firewall nat, to route, you need a nat:
These are the normal, default "defconf" settings (used your "bridge1" instead of the default "bridge" name):
Ip pool:
Ip dhcp server:/ip pool
add name=dhcp ranges=0.0.0.1-0.0.0.254
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
Interface bridge port:/ip dhcp-server
add address-pool=dhcp interface=ether2 name=dhcp1
add address-pool=default-dhcp interface=bridge1 name=defconf
ip address:/interface bridge port
add bridge=bridge1 comment=defconf interface=ether2
add bridge=bridge1 comment=defconf interface=ether3
add bridge=bridge1 comment=defconf interface=wlan1
add bridge=bridge1 hw=no interface=ether1
ip dhcp client:/ip address
add address=192.168.88.1/24 disabled=yes interface=bridge1 network=192.168.88.0
add address=192.168.88.1/24 comment=defconf interface=bridge1 network=192.168.88.0
ip dhcp-server network/ip dhcp-client
add disabled=no interface=bridge1
add comment=defconf interface=ether1
It is IMHO very important to add a comment, such as "defconf", to easily see what entries are the default ones, and of course if you change or remove them you should change the comment to represent the change./ip dhcp-server network
add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
Then there is the firewall nat, to route, you need a nat:
And (hopefully finally) your firewall filter rules seem incomplete/not adequate for a device that is connected to the internet, it would be better if you would set the default rules:/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface-list=WAN
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
Edit: fixed a typo/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
Last edited by jaclaz on Sun Sep 01, 2024 2:50 pm, edited 1 time in total.
Re: Help please, router working only as a bridge.
The above may be confusing, so if you haven't changed anything yet as compared to the configuration you have posted, copy-paste the following rows into a terminal window one by one:
Code: Select all
/ip pool set [find name=dhcp] ranges=192.168.88.10-192.168.88.254
/ip dhcp-server set [find name=dhcp1] interface=bridge1 disabled=no
/interface bridge port remove [find interface=ether1]
/ip address enable [find interface=bridge1]
/ip dhcp-client set [find interface=bridge1] interface=ether1
/ip dhcp-server network set [find] address=192.168.88.0/24 gateway=192.168.88.1
/ip firewall nat set [find] disabled=no
Who is online
Users browsing this forum: No registered users and 43 guests