Community discussions

MikroTik App
 
Matta
Member Candidate
Member Candidate
Topic Author
Posts: 103
Joined: Sat Sep 04, 2010 3:13 pm

Router change - no internet access on APs

Wed Oct 12, 2022 6:00 pm

Greetings !

My RB1100AHx4 died, swaped to old 3011, everthing was working fine.
Just got CCR2116, configured it same as other two before (same OS version, 7.5). At the moment, I don't have internet access on all APs and all subnets. Devices are getting IP adresses but no internet access. Internet on LAN connections is working fine.
I don't know if I'm tired or what, but I cannot find where's the error. I hope that you can help me:
# oct/12/2022 17:05:09 by RouterOS 7.5
# software id = 0BRD-IBTV
#
# model = CCR2116-12G-4S+
/interface bridge
add name=Bridge-local
/interface ethernet
set [ find default-name=ether1 ] comment=WAN-288-vDSL name="WAN1 (vDSL)-ether1"
set [ find default-name=ether2 ] comment=WAN-434-optics name=\
    "WAN2 (Optics)-ether2"
set [ find default-name=ether3 ] comment=WAN-LTE/5G name=\
    "WAN3 (LTE-5G))-ether3"
set [ find default-name=sfp-sfpplus1 ] advertise=\
    1000M-full,10000M-full,2500M-full,5000M-full
/interface vlan
add interface=Bridge-local name=guest-vlan vlan-id=100
add interface=Bridge-local name=private-guest-vlan vlan-id=200
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.0.159-192.168.0.254
add name=guest-pool ranges=192.168.4.40-192.168.4.254
add name=private-guest-pool ranges=192.168.6.101-192.168.6.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay interface=\
    Bridge-local lease-time=1d name=DHCP-private
add address-pool=guest-pool authoritative=after-2sec-delay interface=guest-vlan \
    lease-time=1h name=DHCP-guest
add address-pool=private-guest-pool interface=private-guest-vlan lease-time=8h \
    name=DHCP-private-guest
/port
set 0 name=serial0
/queue type
add kind=pcq name=PCQ_download pcq-classifier=dst-address pcq-rate=15M
add kind=pcq name=PCQ_download_Tele2 pcq-classifier=dst-address pcq-rate=15M
add kind=pcq name=PCQ_download_private_guest pcq-classifier=dst-address \
    pcq-rate=20M
add kind=pcq name=PCQ_upload pcq-classifier=src-address pcq-rate=2M
add kind=pcq name=PCQ_upload_Tele2 pcq-classifier=src-address pcq-rate=2M
add kind=pcq name=PCQ_upload_private_guest pcq-classifier=src-address pcq-rate=\
    2M
/queue simple
add name=Guest_Network queue=PCQ_upload_Tele2/PCQ_download_Tele2 target=\
    guest-vlan
add name=Private_Guest queue=\
    PCQ_upload_private_guest/PCQ_download_private_guest target=\
    private-guest-vlan
/routing table
add disabled=no fib name=to_WAN1
add disabled=no fib name=to_WAN2
add disabled=no fib name=to_WAN3
add disabled=no fib name=WAN_1_ONLY
add disabled=no fib name=WAN_3_ONLY
/interface bridge port
add bridge=Bridge-local interface=ether4
add bridge=Bridge-local interface=ether5
add bridge=Bridge-local interface=ether6
add bridge=Bridge-local interface=ether7
add bridge=Bridge-local interface=ether8
add bridge=Bridge-local interface=ether9
add bridge=Bridge-local interface=ether10
add bridge=Bridge-local interface=ether11
add bridge=Bridge-local interface=ether12
add bridge=Bridge-local interface=ether13
add bridge=Bridge-local interface=sfp-sfpplus1
add bridge=Bridge-local interface=sfp-sfpplus2
add bridge=Bridge-local interface=sfp-sfpplus3
add bridge=Bridge-local interface=sfp-sfpplus4
/ip address
add address=192.168.0.1/24 interface=Bridge-local network=192.168.0.0
add address=192.168.2.2/24 interface="WAN1 (vDSL)-ether1" network=192.168.2.0
add address=192.168.3.2/24 disabled=yes interface="WAN3 (LTE-5G))-ether3" \
    network=192.168.3.0
add address=192.168.4.1/24 interface=guest-vlan network=192.168.4.0
add address=192.168.5.2/24 interface="WAN2 (Optics)-ether2" network=192.168.5.0
add address=192.168.6.1/24 interface=private-guest-vlan network=192.168.6.0
/ip dns
set servers=212.39.98.162,212.39.98.161
/ip firewall address-list
add address=192.168.0.36 list=WAN_1_ONLY
add address=192.168.0.37 list=WAN_1_ONLY
add address=192.168.0.33 list=WAN_1_ONLY
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=fasttrack-connection chain=forward connection-state=\
    established,related disabled=yes hw-offload=yes
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=forward dst-address=192.168.0.0/16 in-interface=\
    private-guest-vlan
add action=drop chain=forward dst-address=192.168.0.0/16 in-interface=\
    guest-vlan
/ip firewall mangle
add action=mark-connection chain=input comment="WAN_1 (288)" in-interface=\
    "WAN1 (vDSL)-ether1" new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input comment="WAN_2 (434)" in-interface=\
    "WAN2 (Optics)-ether2" new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=input comment="WAN_3 (TELE2)" disabled=yes \
    in-interface="WAN3 (LTE-5G))-ether3" new-connection-mark=WAN3_conn \
    passthrough=yes
add action=mark-routing chain=output comment="WAN_1 (288)" connection-mark=\
    WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment="WAN_2 (434)" connection-mark=\
    WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output comment="WAN_3 (TELE2)" connection-mark=\
    WAN3_conn disabled=yes new-routing-mark=to_WAN3 passthrough=yes
add action=mark-connection chain=prerouting comment=VLAN@288-vdsl \
    dst-address-type=!local in-interface=guest-vlan new-connection-mark=\
    WAN1_conn passthrough=yes
add action=mark-routing chain=prerouting comment=VLAN@288-vdsl connection-mark=\
    WAN1_conn in-interface=guest-vlan new-routing-mark=to_WAN1 passthrough=yes
add action=mark-connection chain=prerouting comment=PRIVATE-GUEST-VLAN@288-vdsl \
    dst-address-type=!local in-interface=private-guest-vlan \
    new-connection-mark=WAN1_conn passthrough=yes
add action=mark-routing chain=prerouting comment=PRIVATE-GUEST-VLAN@288-vdsl \
    connection-mark=WAN1_conn in-interface=private-guest-vlan new-routing-mark=\
    to_WAN1 passthrough=yes
add action=mark-connection chain=prerouting comment="BRIDGE@(434-optics)" \
    dst-address-type=!local in-interface=Bridge-local new-connection-mark=\
    WAN2_conn passthrough=yes
add action=mark-routing chain=prerouting comment="BRIDGE@(434-optics)" \
    connection-mark=WAN2_conn in-interface=Bridge-local new-routing-mark=\
    to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment=WAN@288 out-interface=\
    "WAN1 (vDSL)-ether1"
add action=masquerade chain=srcnat comment=WAN@434 out-interface=\
    "WAN2 (Optics)-ether2"
add action=masquerade chain=srcnat comment=WAN@TELE2 disabled=yes \
    out-interface="WAN3 (LTE-5G))-ether3"
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.2.1 pref-src="" routing-table=to_WAN1 scope=30 suppress-hw-offload=\
    no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 pref-src=\
    "" routing-table=WAN_1_ONLY scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.2.1 \
    routing-table=main suppress-hw-offload=no
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.3.1 pref-src="" routing-table=to_WAN3 scope=30 suppress-hw-offload=\
    no target-scope=10
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.3.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 pref-src=\
    "" routing-table=WAN_3_ONLY scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.5.1 pref-src="" routing-table=to_WAN2 scope=30 suppress-hw-offload=\
    no target-scope=10
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.5.1 \
    routing-table=main suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/routing rule
add action=lookup-only-in-table disabled=no dst-address=192.168.0.0/16 table=\
    main
/system clock
set time-zone-name=Europe/Sarajevo
/system identity
set name=CCR2116-12G-4S+
/system ntp client
set enabled=yes
/system ntp client servers
add address=192.168.0.50
/system scheduler
add interval=1d name="Reboot Router Daily at 4AM" on-event="/system reboot" \
    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
    start-date=jan/01/1970 start-time=04:00:00
Thanks in advance !
 
erlinden
Forum Guru
Forum Guru
Posts: 1292
Joined: Wed Jun 12, 2013 1:59 pm

Re: Router change - no internet access on APs

Wed Oct 12, 2022 6:19 pm

What does a tracert www.mikrotik.com do an a noot-working device (or any non Windows equivalent)?
Why the daily reboot?
 
Matta
Member Candidate
Member Candidate
Topic Author
Posts: 103
Joined: Sat Sep 04, 2010 3:13 pm

Re: Router change - no internet access on APs  [SOLVED]

Wed Oct 12, 2022 6:21 pm

I was tired, forgot to set networks under /ip dhcp-server network.


.
Why the daily reboot?
Just my thing, I guess. :)
Same as I restart my Android phone before I go to bed. :D

Who is online

Users browsing this forum: e3acf43dcd074d7884d, Musti and 45 guests