Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group
|
|
 Jan 1 2024, 07:21 PM
Return to original view | Post
#21
|
 
Junior Member
379 posts Joined: Jan 2003 
|
Nope, doesn't work connecting through LAN cable to mikrotik as well.
It has been function well all this while and I notice this after I update to ROS 7 only, perhaps it happen before but I never pay attention to it. |
|
|
|
|
|
Jan 2 2024, 08:58 PM
Return to original view | Post
#22
|
|
Junior Member
379 posts Joined: Jan 2003
|
Hey, no worry. I understand you trying to figure out as well. I'm clueless now as well.
QUOTE(kwss @ Jan 2 2024, 09:31 AM) Hi, Sorry if you have to repeat the following check IPv6 > DHCP Client. Note the prefix. Verify status is "bound". IPv6 > ND > Prefixes. Note the prefix. There must be only 1 entry and it is "Dynamic". IPv6 > Addresses. Note the IPv6 address for your bridge. Are the prefix all the same? Yes, all the same. If they are the same, do the following: Go to Tools > Ping Ping To: 2606:4700:f1::1 Interface: <Your dialer> Did you get a echo reply? Yes, all get echo reply When you upgrade your RouterOS, did you also upgrade the matching firmware? Check via: System > RouterBOARD Current Firmware == Upgrade Firmware Yes, both firmware show 7.12.  |
|
|
Jan 2 2024, 09:06 PM
Return to original view | Post
#23
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(soonwai @ Jan 2 2024, 10:43 AM) maxiscool Last time I have the same problem with Mikrotik & ipv6. It works for awhile then it stops working. Could be hours or days. Yes, I only see one prefix, 2001:e68:xxxxThe problem was because when Routeros gets a new ipv6 prefix, it doesn't deprecate the previous one. I solved this with a script which sets the previous prefix to a lifetime of 0 whenever there's a new prefix. You can verify if this is your problem by checking to see if you have multiple active Unifi ipv6 prefixes on your devices. This was fixed in one of routeros7 releases last year. I forgot which and I don't know if it works since I'm still using the script. |
|
|
Jan 3 2024, 06:59 PM
Return to original view | IPv6 | Post
#24
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 3 2024, 02:46 AM) Can you take a screenshot of: Hei, I think you have resolved my issue. My IGMP Snooping was unchecked. Now have it checked, the IPv6 is on my client devices.Bridge > Ports Also in the setting of your bridge: 1. Is IGMP Snooping is checked? 2. Screenshot of IGMP Snooping setting further down ahlong liked this post
|
|
|
Jan 4 2024, 08:46 AM
Return to original view | IPv6 | Post
#25
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 3 2024, 11:32 PM) Something in your Layer 2 is broken. I see. No wonder it was working without this previously. Hmm, how do I start checking on this ?IGMP Snooping just provides the containment. You need to find out why. IGMP Snooping might or might not be the best solution. |
|
|
Jan 4 2024, 07:05 PM
Return to original view | IPv6 | Post
#26
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 4 2024, 09:12 AM) For RouterOS, this feature is documented here: Something I noticed also, if I reboot the router, it won't get IPv6 automatically on client device. I have to perform the IGMP Snooping on and off to get on client devices.https://help.mikrotik.com/docs/pages/viewpa...pageId=59277403 There is a Monitoring and troubleshooting section. I have to say Mikrotik documentation is very bad but that's where you start. Ok, let me try to read up on this. But seems hard for me to fully understanding it as well You need a hypothesis first. In this case I suspect one of your device is flooding your Layer 2 with multicast packet until it triggered storm control. Hence you get dropped multicast packet. When IGMP Snooping is enabled, Mikrotik stop broadcasting those packet. You did not post your IGMP Snooping configuration, so I assume it's the default. By default RouterOS will forward unknown multicast, even when IGMP Snooping is enabled, so you can rule that out already. Yeah I believed is default as well, but I attached for reference. See if there is any good here There are several factor to look at, any IP address or MAC that show up is doing multicast and they should all be suspect. That's the starting point. The strategy: Most accurate is to mirror the port and start packet capture to see if they are multicasting. How do I start with this? Least accurate is just unplug anything that shows up in the list one by one until it works without IGMP Snooping. The usual trigger: Slow device. Example: Your access port is 1Gbps but have slower device like 100mbps or even 10mbps. The usual suspect: Ghost server, media server, multi function printer. Literally anything that's not your typical corporate laptop, PC, server. Anything that offers plug and play network discovery is also a suspect. I do not know your network at all. If you have a detailed network diagram that would be helpful for me to give you hint on where to look first. This post has been edited by maxiscool: Jan 4 2024, 08:09 PM Attached thumbnail(s) 
|
|
|
|
|
|
Jan 5 2024, 11:38 PM
Return to original view | IPv6 | Post
#27
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 5 2024, 12:15 AM) For the packet capture, it depends on where you want to capture. You can do it on your switch if it supports port mirroring. Ok, let me trying to research this and on how to perform packet sniffer. Don't quite get you on how to stream it to PC and wireshark it.On RouterOS it's in Tool > Packet Sniffer. I always use Streaming and stream it to my PC / laptop connected via LAN. Then just Wireshark it. From here onward it is up to you to decide what constitute normal or abnormal in your network. Like I said, I don't know your network. I think when you reboot your router, you just need to disconnect / disable your network adapter and enable it again. On phone, just disconnect / reconnect wifi. This is a known problem for TM because they did not follow best practice for IPv6 deployment. Their mindset is stuck in dial-up era. Actually many people in this forum has the exact same mindset and seems to have a distinction for business vs home user when it comes to IPv6. This is the root cause of all the issues. If anyone is interested in IPv6 best practice for service provider, there is an article here: https://www.ripe.net/publications/docs/ripe-690 I tried after reboot then disconnect and connect client, it doesn't work. So I have to turn off IGMP Snooping to make it work, so my conclusion is that i just need to toggle igmp snooping to get IPv6 for now. |
|
|
Jan 6 2024, 03:12 PM
Return to original view | Post
#28
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 6 2024, 12:57 AM) What's the model of your Mikrotik? RB962UiGS. I think it's better we do it the easy way. Unplug everything from your Mikrotik, plug in just one computer and see if the problem occur. Plug in more stuff and repeat the test. Sadly, still occur. Perhaps I should consider upgrade and try on another model. |
|
|
Jan 6 2024, 08:56 PM
Return to original view | Post
#29
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 6 2024, 08:37 PM) When you said still occurring, it's with everything disconnected, including all wifi devices? Yes, cause I disabled the WiFi on the Mikrotik and using external AP for this. So this a pretty quick test actually. Unplug all the LAN port left PC and reboot. I even swap PC to rule out the possibility of that PC causing the issue. |
|
|
Jan 7 2024, 09:04 AM
Return to original view | Post
#30
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 6 2024, 09:23 PM) I am gonna suggest something you hate. Can you netinstall your RouterOS and reconfigure again?  Probably that the option, the last I did was just factory reset, perhaps can give this a try when I have more free time to do this.QUOTE(soonwai @ Jan 7 2024, 03:59 AM) Thanks but why the question mark? I did not test speed in particular but I have no issue for 500Mbps on default Speedtest,believedjust using IPv4.maxiscool Is this how you tested yours? This post has been edited by maxiscool: Jan 7 2024, 09:09 AM |
|
|
Jan 7 2024, 10:58 AM
Return to original view | Post
#31
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 7 2024, 09:14 AM) You can try this first: Here you go, I have even try disable all the bridge to test it out.System > Packages > Check Installation If it says no error I am not really sure if netinstall will solve it. I am just suggesting it as nuclear option as I have no idea why toggling IGMP Snooping will give you an IPv6 prefix even with nothing connected to the router. It just sounds impossible. Did you remember anything you changed manually the last time you factory reset it? Also can you screenshot me Bridge > Ports? Attached image(s)  |
|
|
Jan 7 2024, 08:13 PM
Return to original view | IPv6 | Post
#32
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 7 2024, 11:03 AM) Hi, it's Bridge > Ports I see. Attached.Second tab on top ya Attached thumbnail(s) 
|
|
|
Jan 7 2024, 09:43 PM
Return to original view | Post
#33
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 7 2024, 09:27 PM) Can you explain more about your iptv and vlan10 why they are done like that? iptv basically following this guide for Unifi IPTV 600Vlan 10 for "guest" network, no LAN access. This post has been edited by maxiscool: Jan 7 2024, 09:47 PM |
|
|
|
|
|
Jan 7 2024, 10:10 PM
Return to original view | Post
#34
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 7 2024, 09:54 PM) OK, I am quite sure you duplicated them and did it wrong. Maybe that triggered a bug in RouterOS. See if this can see the settingsExample: You bridge vlan500 into your main bridge. So yes, something broken in Layer 2 like I said earlier. Can you make the column wider and screenshot again? I want to see the whole thing. And if you don't mind, each of the bridge setting. This part need to redo and I think your Layer 2 problem will be solved, no need to netinstall CODE /interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether2-master internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf hw=no ingress-filtering=no interface=sfp1 internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV ingress-filtering=no interface=vlan.600-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV hw=no ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=vlan.500-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV ingress-filtering=no interface=vlan.600 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=wlan3 internal-path-cost=10 path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=vlan.10-TrunkPort5 internal-path-cost=10 multicast-router=disabled path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=vlan.10-Guest internal-path-cost=10 multicast-router=disabled path-cost=10 add bridge=bridge.vlan10 interface=vlan.10-TrunkPort4 internal-path-cost=10 path-cost=10 |
|
|
Jan 8 2024, 07:43 AM
Return to original view | Post
#35
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 8 2024, 12:57 AM) Yea this is useful. However I am still missing some context. Can please export me the whole /interface ? I will share the export later.I need to know how your port is physically connected as well as your vlan mapping This is how it is connected. This post has been edited by maxiscool: Jan 8 2024, 07:30 PM |
|
|
Jan 8 2024, 07:40 PM
Return to original view | Post
#36
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 8 2024, 10:14 AM) Can I have the export of /interface? Update the diagram. The 500 actually is just for trunk the Internet to the switch, Unifi TV box is connected to the switch that is why 500 & 600 is trunkI am trying to make sense of your diagram. Where you connect your IPTV? Can I have the reason why you want to trunk 500 and 600 into your switch if your Unifi comes in from Port 1 and your router actually does the PPPoE and all? See if this is what you looking for? CODE /interface bridge add name=UniFi-IPTV port-cost-mode=short add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge \ port-cost-mode=short add name=bridge.vlan10 port-cost-mode=short /interface ethernet set [ find default-name=ether2 ] name=ether2-master /interface vlan add interface=ether4 name=vlan.10-TrunkPort4 vlan-id=10 add interface=ether5 name=vlan.10-TrunkPort5 vlan-id=10 add interface=ether1 name=vlan.500 vlan-id=500 add interface=ether5 name=vlan.500-TrunkPort5 vlan-id=500 add interface=ether1 name=vlan.600 vlan-id=600 add interface=ether5 name=vlan.600-TrunkPort5 vlan-id=600 /interface pppoe-client add add-default-route=yes default-route-distance=0 disabled=no interface=vlan.500 name=UniFi-Internet user=username@unifi Attached thumbnail(s) 
|
|
|
Jan 9 2024, 06:16 AM
Return to original view | Post
#37
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 9 2024, 03:28 AM) OK, I have to give you the credit for hacking things together when what you described won't work in the first place. Yeah, could you please help to change things for the right way?I also want to rant how shitty Mikrotik config is. They are a hard to read and untangle. Nokia and Juniper are great. Cisco is already kind of bad but Mikrotik is at the bottom of all. Let's go into the errors you made. You bridge IPTV into the native VLAN on port 5. You also bridge it to VLAN 600 on port 5. So all the BUM traffic flow twice into port 5 to your switch. Since IPTV hijaack your native VLAN on the port to your switch, you will never get Internet... ever! On top of that you have traffic flooding twice into the port towards your switch. You proceed to hack around the situation by bridging VLAN 500 into your main bridge. Now you trunk VLAN 500 into your switch and you get Internet. But what you just did is bridge the interface meant for PPPoE into your main VLAN. Now everything meant for your local network get sent to TM. All the traffic end up in the PPPoE interface, get sent to VLAN 500, and loopback into your LAN, get sent to PPPoE interface again. Over and over again. So from here onward, do you want to take this as an exercise and fix it yourself? Or I point to you what to modify? |
|
|
Jan 9 2024, 07:23 PM
Return to original view | Post
#38
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(kwss @ Jan 9 2024, 09:51 AM) In Bridge > Ports, remove "UniFi-IPTV" bridge with interface "ether5". /interface bridge portIn Bridge > Ports, remove "bridge" with interface "vlan.500-TrunkPort5". Add bridge=bridge with interface=ether5. In Interfaces > VLAN. Remove "vlan.500-TrunkPort5". In your switch, remove vlan 500. You Internet now should works on untagged interface. Finally review all your "bridge.vlan10". I don't know if they are intended but some have changed ingress-filtering and multicast-router disabled. I did not lab this out but it should work. add bridge=bridge comment=defconf ingress-filtering=no interface=ether2-master internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf hw=no ingress-filtering=no interface=sfp1 internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV ingress-filtering=no interface=vlan.600-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=bridge hw=no ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10 add bridge=bridge disabled=yes ingress-filtering=no interface=vlan.500-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV ingress-filtering=no interface=vlan.600 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=vlan.10-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=vlan.10-TrunkPort4 internal-path-cost=10 path-cost=10 Ok, does this looks correct. I've remove the VLAN on switch, a quick test looks ok. Now does that mean I do no need to trunk 500 for vlan , only need the trunk 600 for IPTV? Sadly, my IPv6 still does not appear. This post has been edited by maxiscool: Jan 16 2024, 07:32 AM |
|
|
Jan 9 2024, 07:25 PM
Return to original view | Post
#39
|
|
Junior Member
379 posts Joined: Jan 2003
|
QUOTE(soonwai @ Jan 9 2024, 01:00 PM) Cool. Your setup same as mine. Except I use number 50 for LAN. Had to trunk UnifiTV cause I only put in one cable to the living room. That what getting started with mikrotik. Just like kwss said, I like "hack" it to works and starting to tinker from there, if I understand VLAN that time, probably I will do same as you with 50. But now with kwss trick, seems do no need the vlan for trunk already. Btw, does your IPv6 configuration works properly? |
|
|
Jan 9 2024, 11:09 PM
Return to original view | Post
#40
|
|
Junior Member
379 posts Joined: Jan 2003
|
Do you mean factory restore and restore configuration?
This post has been edited by maxiscool: Jan 9 2024, 11:09 PM |
| Change to: |  0.0210sec
 0.67
 7 queries
 GZIP Disabled
Time is now: 30th November 2025 - 09:06 PM |
Quote