Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 


25 posts

Geek
+1 received by user: 2


  # 2216419 13-Apr-2019 12:09
Send private message quote this post

MadEngineer: FWIW one of my MikroTiks that use a pppoe connection via chorus ont has a disabled dhcp client sitting there doing nothing with no issue.


Thanks. That rules that out.

I'm trying to think of what I might have done differently to break it.

The Android mikrotik app was updated not so long ago and with it came this "internet Detect" feature. I believe I used the app to turn it on. Could that be the culprit? It's off now after my config reset. Haven't tried turning it on as yet.

A few people have asked for my old config. I've got quite a few static entries and rules I need to remove but I plan on doing that soon. Will post it then.

5421 posts

Uber Geek
+1 received by user: 1876


  # 2216424 13-Apr-2019 12:19
One person supports this post
Send private message quote this post

StNick: [snip]The Android mikrotik app was updated not so long ago and with it came this "internet Detect" feature. I believe I used the app to turn it on. Could that be the culprit? .

 

Could well be. https://wiki.mikrotik.com/wiki/Manual:Detect_internet suggests it checks if an address can obtain an address by DHCP, but isn't clear whether it will drop it's own client on to the interface. Try enabling it, and see if the issue returns


 
 
 
 




25 posts

Geek
+1 received by user: 2


  # 2217415 15-Apr-2019 13:38
Send private message quote this post

Here is my router config from right before I reset it.  Sorry for the delay; we have house guests at the moment and I haven't had much time to fiddle.  I also haven't turned on "Detect Internet" as yet as I don't want to drop the connection for an extended period of time whilst we have guests and it's looking increasingly likely that this is the culprit.

 

There's really not much to see here; the only thing I've stripped out is my static DHCP leases and my dst-nat rules.

 


# apr/12/2019 18:58:26 by RouterOS 6.44.2
# software id = ####-####
#
# model = RouterBOARD 3011UiAS
# serial number = ############
/interface bridge
add admin-mac=##:##:##:##:##:## auto-mac=no comment=defconf fast-forward=no \
name=bridge
/interface ethernet
set [ find default-name=ether1 ] mtu=1508 speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] name=ether6-master speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mtu=1500 name=\
BigPipe password=bigpipe use-peer-dns=yes user=ppp
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des name=nord
/ip ipsec proposal
set [ find default=yes ] enc-algorithms="aes-256-cbc,aes-256-ctr,aes-256-gcm,c\
amellia-256,aes-128-cbc,aes-128-ctr,aes-128-gcm,camellia-128,3des" \
pfs-group=none
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=sfp1 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=bridge list=discover
add interface=BigPipe list=discover
add list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
add interface=BigPipe list=WAN
/ip address
add address=192.168.0.1/24 comment=defconf interface=ether2-master network=\
192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.1 gateway=\
192.168.0.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=8.8.8.8 list="Google DNS"
add address=8.8.4.4 list="Google DNS"
/ip firewall filter
add action=drop chain=forward comment="Drop Google DNS" disabled=yes \
dst-address-list="Google DNS"
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input dst-port=8089 protocol=tcp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" \
in-interface=BigPipe
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=BigPipe
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
out-interface=ether1
add action=masquerade chain=srcnat comment="defconf: masquerade" \
out-interface=BigPipe
add action=masquerade chain=srcnat dst-address=192.168.0.7 dst-port=80 \
out-interface=bridge protocol=tcp src-address=192.168.0.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www port=8089
set ssh disabled=yes
/ip ssh
set allow-none-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=BigPipe type=external
add interface=bridge type=internal
/system clock
set time-zone-name=Pacific/Auckland
/tool graphing interface
add interface=ether1
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox


5421 posts

Uber Geek
+1 received by user: 1876


  # 2217453 15-Apr-2019 14:32
Send private message quote this post

StNick:[snip]
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1

 

 

There's the problem. There is a DHCP client on ether1.


189 posts

Master Geek
+1 received by user: 9


  # 2217455 15-Apr-2019 14:35
Send private message quote this post

RunningMan:

StNick:[snip]
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1



There's the problem. There is a DHCP client on ether1.



Plain as day.

However, I have no such client anywhere and the issue was present.

Different situation!

5421 posts

Uber Geek
+1 received by user: 1876


  # 2217459 15-Apr-2019 14:41
Send private message quote this post

StNick:[snip]

 

Although my DHCP Client is most definitely disabled, I can't help but wonder if it is still somehow to blame. 

 

 

Seems this isn't quite the case 😉




25 posts

Geek
+1 received by user: 2


  # 2217462 15-Apr-2019 15:03
Send private message quote this post

RunningMan:

 

StNick:[snip]

 

Although my DHCP Client is most definitely disabled, I can't help but wonder if it is still somehow to blame. 

 

 

Seems this isn't quite the case 😉

 

 

 

 

Don't be so sure!  You almost had me thinking I was going crazy, but I just added a new DHCP client now and disabled it.  See for yourself...  😉

 

 

 

 

 

 

 

 

 

 

So I'm standing by my assertion that it was disabled, but I cannot rule out the possibility that a disabled DHCP client is still misbehaving.

 

 

 

 


5421 posts

Uber Geek
+1 received by user: 1876


  # 2217470 15-Apr-2019 15:26
Send private message quote this post

But the one in the config posted above isn't disabled. Presumably your one on ether8 is disabled because it's also invalid. As soon as the port is live, it's not disabled.

 

EDIT: My apologies, you're correct. it will have disabled=no if enabled. Default is disabled.




25 posts

Geek
+1 received by user: 2


  # 2217475 15-Apr-2019 15:34
Send private message quote this post

RunningMan:

 

But the one in the config posted above isn't disabled. Presumably your one on ether8 is disabled because it's also invalid. As soon as the port is live, it's not disabled.

 

EDIT: My apologies, you're correct. it will have disabled=no if enabled. Default is disabled.

 

 

 

 

I would say that this is likely a bug with disabled DHCP clients, if pohutukawa wasn't experiencing the same issue without a DHCP client at all.   I still plan on testing the "Detect Internet" theory, but pohutukawa doesn't have this on either!


5421 posts

Uber Geek
+1 received by user: 1876


  # 2217499 15-Apr-2019 15:48
One person supports this post
Send private message quote this post

As a troubleshooting exercise perhaps add a dummy MAC address to the disabled client and see what happens. If it's the MAC that's being blacklisted, then the PPPoE client should still be OK.


189 posts

Master Geek
+1 received by user: 9


  # 2217501 15-Apr-2019 15:51
Send private message quote this post

RunningMan:

As a troubleshooting exercise perhaps add a dummy MAC address to the disabled client and see what happens. If it's the MAC that's being blacklisted, then the PPPoE client should still be OK.



I think somehow it's the connection (ASID maybe) being blocked. I guess this will tell us!

5421 posts

Uber Geek
+1 received by user: 1876


  # 2217507 15-Apr-2019 16:07
Send private message quote this post

@cbrpilot may be able to confirm


1 | 2 | 3 | 4 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.