ID Verified
Trusted
Hi
The ISP that I use for fibre uses PPPoE that is untagged.
Username and Password are changed below, but the correct password is required to connect.
I can get it working on an old Spark router but on my CCR2116-12G-4S+ it does not appear to route correctly.
The script I am using is as follows.
# RouterOS 7.6
# model = CCR2116-12G-4S+
/interface bridge
add name=local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
use-peer-dns=yes user=username@ISP password=password
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=local name=dhcp1
/port
set 0 name=serial0
/interface bridge port
add bridge=local interface=ether2
/interface list member
add interface=ether2 list=LAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.88.1/24 interface=local network=192.168.88.0
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip firewall filter
add action=accept chain=input comment="accept established,related,untracked" \
connection-state=established,related,untracked
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=fasttrack \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
"accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment=masquerade ipsec-policy=out,none \
out-interface-list=WAN
As per the address list below I get an address
/ip address print
Flags: D - DYNAMIC
Columns: ADDRESS, NETWORK, INTERFACE
# ADDRESS NETWORK INTERFACE
0 192.168.88.1/24 192.168.88.0 local
1 D 202.27.197.66/32 10.1.1.2 pppoe-out1
Routes are as follows
[admin@MikroTik] > /routing route print
Flags: A - ACTIVE; c, v, y - COPY; H - HW-OFFLOADED
Columns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TARGET-SCOPE, IMMEDIATE-GW
DST-ADDRESS GATEWAY AFI DISTANCE SCOPE TA IMMEDIATE-GW
Av 0.0.0.0/0 pppoe-out1 ip4 1 30 10 pppoe-out1
Ac 10.1.1.2/32 pppoe-out1 ip4 0 10 pppoe-out1
Ac 192.168.88.0/24 local ip4 0 10 local
Av ::/0 pppoe-out1 ip6 1 30 10 pppoe-out1
Ac fe80::%ether1/64 ether1 ip6 0 10 ether1
Ac fe80::%local/64 local ip6 0 10 local
Ac fe80::%pppoe-out1/64 pppoe-out1 ip6 0 10 pppoe-out1
A H ether1 link 0
A H ether2 link 0
A H local link 0
A H pppoe-out1 link 0
Traceroute stops at the 10.1.1.2 address
[admin@MikroTik] > tool/traceroute 8.8.8.8
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV
1 10.1.1.2 0% 1 3.5ms 3.5 3.5 3.5 0
2 100% 1 timeout
3 100% 1 timeout
4 100% 1 timeout
5 0% 1 0ms
From Windows tracert reports the router IP 192.168.88.1 and 10.1.1.2
>tracert 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 2 ms 4 ms 2 ms 192.168.88.1
2 7 ms 5 ms 9 ms 10.1.1.2
3 * * * Request timed out.
Am guessing something is wrong but I am out of ideas.
@nztim you mentioned "I have Tagged/Untagged and PPPoE/DHCP scripts (all four combinations)" Would you be willing to share or advise me of the error in my script?
Many Thanks
