Mikrotik cannot redial PPPoE

Forums › Spark New Zealand (including Skinny and BigPipe) › Mikrotik cannot redial PPPoE

1 | 2 | 3 | 4

StNick

88 posts

Master Geek

#2216419 13-Apr-2019 12:09

MadEngineer: FWIW one of my MikroTiks that use a pppoe connection via chorus ont has a disabled dhcp client sitting there doing nothing with no issue.

Thanks. That rules that out.

I'm trying to think of what I might have done differently to break it.

The Android mikrotik app was updated not so long ago and with it came this "internet Detect" feature. I believe I used the app to turn it on. Could that be the culprit? It's off now after my config reset. Haven't tried turning it on as yet.

A few people have asked for my old config. I've got quite a few static entries and rules I need to remove but I plan on doing that soon. Will post it then.

RunningMan

8956 posts

Uber Geek

#2216424 13-Apr-2019 12:19

StNick: [snip]The Android mikrotik app was updated not so long ago and with it came this "internet Detect" feature. I believe I used the app to turn it on. Could that be the culprit? .

Could well be. https://wiki.mikrotik.com/wiki/Manual:Detect_internet suggests it checks if an address can obtain an address by DHCP, but isn't clear whether it will drop it's own client on to the interface. Try enabling it, and see if the issue returns

StNick

88 posts

Master Geek

#2217415 15-Apr-2019 13:38

Here is my router config from right before I reset it. Sorry for the delay; we have house guests at the moment and I haven't had much time to fiddle. I also haven't turned on "Detect Internet" as yet as I don't want to drop the connection for an extended period of time whilst we have guests and it's looking increasingly likely that this is the culprit.

There's really not much to see here; the only thing I've stripped out is my static DHCP leases and my dst-nat rules.

# apr/12/2019 18:58:26 by RouterOS 6.44.2
# software id = ####-####
#
# model = RouterBOARD 3011UiAS
# serial number = ############
/interface bridge
add admin-mac=##:##:##:##:##:## auto-mac=no comment=defconf fast-forward=no \
name=bridge
/interface ethernet
set [ find default-name=ether1 ] mtu=1508 speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] name=ether6-master speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mtu=1500 name=\
BigPipe password=bigpipe use-peer-dns=yes user=ppp
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des name=nord
/ip ipsec proposal
set [ find default=yes ] enc-algorithms="aes-256-cbc,aes-256-ctr,aes-256-gcm,c\
amellia-256,aes-128-cbc,aes-128-ctr,aes-128-gcm,camellia-128,3des" \
pfs-group=none
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=sfp1 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=bridge list=discover
add interface=BigPipe list=discover
add list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
add interface=BigPipe list=WAN
/ip address
add address=192.168.0.1/24 comment=defconf interface=ether2-master network=\
192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.1 gateway=\
192.168.0.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=8.8.8.8 list="Google DNS"
add address=8.8.4.4 list="Google DNS"
/ip firewall filter
add action=drop chain=forward comment="Drop Google DNS" disabled=yes \
dst-address-list="Google DNS"
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input dst-port=8089 protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=BigPipe
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=BigPipe
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
out-interface=ether1
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=BigPipe
add action=masquerade chain=srcnat dst-address=192.168.0.7 dst-port=80 \
out-interface=bridge protocol=tcp src-address=192.168.0.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8089
set ssh disabled=yes
/ip ssh
set allow-none-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=BigPipe type=external
add interface=bridge type=internal
/system clock
set time-zone-name=Pacific/Auckland
/tool graphing interface
add interface=ether1
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox

RunningMan

8956 posts

Uber Geek

#2217453 15-Apr-2019 14:32

StNick:[snip]
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1

There's the problem. There is a DHCP client on ether1.

pohutukawa

197 posts

Master Geek

#2217455 15-Apr-2019 14:35

RunningMan:
StNick:[snip]
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1

There's the problem. There is a DHCP client on ether1.

Plain as day.

However, I have no such client anywhere and the issue was present.

Different situation!

RunningMan

8956 posts

Uber Geek

#2217459 15-Apr-2019 14:41

StNick:[snip]

Although my DHCP Client is most definitely disabled, I can't help but wonder if it is still somehow to blame.

Seems this isn't quite the case 😉

StNick

88 posts

Master Geek

#2217462 15-Apr-2019 15:03

RunningMan:

StNick:[snip]

Although my DHCP Client is most definitely disabled, I can't help but wonder if it is still somehow to blame.

Seems this isn't quite the case 😉

Don't be so sure! You almost had me thinking I was going crazy, but I just added a new DHCP client now and disabled it. See for yourself... 😉

So I'm standing by my assertion that it was disabled, but I cannot rule out the possibility that a disabled DHCP client is still misbehaving.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

RunningMan

8956 posts

Uber Geek

#2217470 15-Apr-2019 15:26

But the one in the config posted above isn't disabled. Presumably your one on ether8 is disabled because it's also invalid. As soon as the port is live, it's not disabled.

EDIT: My apologies, you're correct. it will have disabled=no if enabled. Default is disabled.

StNick

88 posts

Master Geek

#2217475 15-Apr-2019 15:34

RunningMan:

But the one in the config posted above isn't disabled. Presumably your one on ether8 is disabled because it's also invalid. As soon as the port is live, it's not disabled.

EDIT: My apologies, you're correct. it will have disabled=no if enabled. Default is disabled.

I would say that this is likely a bug with disabled DHCP clients, if pohutukawa wasn't experiencing the same issue without a DHCP client at all. I still plan on testing the "Detect Internet" theory, but pohutukawa doesn't have this on either!

RunningMan

8956 posts

Uber Geek

#2217499 15-Apr-2019 15:48

As a troubleshooting exercise perhaps add a dummy MAC address to the disabled client and see what happens. If it's the MAC that's being blacklisted, then the PPPoE client should still be OK.

pohutukawa

197 posts

Master Geek

#2217501 15-Apr-2019 15:51

RunningMan:
As a troubleshooting exercise perhaps add a dummy MAC address to the disabled client and see what happens. If it's the MAC that's being blacklisted, then the PPPoE client should still be OK.

I think somehow it's the connection (ASID maybe) being blocked. I guess this will tell us!

RunningMan

8956 posts

Uber Geek

#2217507 15-Apr-2019 16:07

@cbrpilot may be able to confirm

1 | 2 | 3 | 4