Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladimir Kivva2018-06-09 15:51:04
Computer networks
Vladimir Kivva, 2018-06-09 15:51:04

How does PPPoE work for Rostelecom? Mikrotik hangs ports, why can't he get the Internet?

When trying to connect Zyxel Keenetic 4G - no link . It does not appear at all, in any way, on any port.
When I try to start it on a Tenda router , it gets addresses, works a little, then something incomprehensible, looks like a storm / loop .
Now rb951G-2Hnd is connected . Its settings are:
DHCP client on eth1 - off.
PPPoE client eth1, get address and DNS
1) With a simple setup through QuckSetup or a bare addition to the PPPoE client router, a loop is obtained and the Rostelecom port drops, the link disappears. First I called technical support, they unblocked it in half an hour, then I noticed that I had Advertise 10M-half / 10M-full on eth1, then the port comes to life, then you can connect to 100M.
2) I found on the forums that the port drop is solved by adding a rule

/ip firewall filter
add action=drop chain=input  in-interface=pppoe-RTK

At the same time, in the Advertise 100M mode, the port still does not recover itself every few days, and if you set it to 10M / 100M, it sometimes connects and works in 10M. I consider writing the script "jerking" in this case blasphemy, I want to understand the reasons.
3) Mikrotik itself can't get internet to update or bring up third party VPN, always ERROR: Could not resolve DNS name
Simple ping:
 > ping ya.ru
invalid value for argument address:
    invalid value of mac-address, mac address required
    invalid value for argument ipv6-address
    while resolving ip-address: could not get answer from dns server

Routes:
#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          pppoe-RTK                 1
 1 ADC  178.34.128.50/32   100.116.111.92  pppoe-RTK                 0
 2 ADC  192.168.88.0/24    192.168.88.1    bridge                    0

Firewall:
/ip firewall filter
add action=drop chain=input comment="RTK anti-loop" in-interface=pppoe-RTK
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-RTK

Interfaces:
/interface bridge
add admin-mac=D4:CA:6D:DD:A4:61 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=habr wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full name=ether1-gw rx-flow-control=auto tx-flow-control=auto
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1-gw name=pppoe-RTK password=habr use-peer-dns=yes user=habr
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik  wpa2-pre-shared-key=habr
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add interface=*9
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=pppoe-RTK list=WAN

  1. How is the traffic in general? Why do clients still receive Internet with the "Deny traffic from PPPoE-out" rule? Or is it "input", but not "forward", so the tick does not receive anything, but the clients receive?
  2. Why does the Internet not work on the piece of iron itself? Why does DNS not work on it? tried adding accept output/input/forward for 53/udp - nothing changes
  3. How does the RTK itself solve these problems? In the Rostov support they told me: " Mikrotik is not reliable equipment and we do not recommend it"
  4. Ideologically, is it right to put PPPoE-out in interface-list = WAN and then make a masquerade on WAN, and not put eth1 anywhere?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
A
athacker, 2018-06-10
@athacker

You "hear a ringing, but you don't know where it is." Why did you decide that there is a "storm / loop"? Based on what criteria?
1. Because the INPUT and OUTPUT chains refer only to the device itself. That is, traffic gets there, the source or destination of which is your router. For transit traffic that must be routed by the device, the FORWARD chain is used.
2. If the Internet does not work at all, then there is no point in asking why DNS or HTTP or any other protocol does not work. Your transport network does not work, so no services will work either.
4. PPPoE interface is not just ideologically configured for masquerading - it's generally the only way to get Internet on clients :-) Because the ether1 physical interface will be used only for PPP traffic. All other traffic (the so-called "Internet") will be wrapped in the PPPoE interface.
Judging by the fact that the link works on 10M, there is a problem with the cable. Either it is badly crimped, or it is badly plugged into one of the sides (the provider's switch or your Mikrotik), or it is damaged somewhere along the way from you to the switch.
Colleagues correctly speak - all over again configure on a computer. If the computer is OK, then the provider and its network have nothing to do with it.

Report
O
Oleg Nerwin, 2018-06-09
@Nerwin

And does ONT stand before Mikrotik or has RT already started a twisted pair cable?
prohibits only incoming traffic for mikrotik, nat works earlier, so client traffic is already in forward.
If Mikrotik works as a caching dns, because of this rule, he will not be able to receive a response from the dns forward, it must be added after
It is correct to place the pppoe interface in wan, eth1 is not necessary in principle, if you have an ONT, you can hang up ip on this interface to access the ONT.
I also have a RT, in an ONT apartment. Instead of Mikrotik x86, a computer with 2 network cards. ONT is connected to 1 and the ip of the ONT internal network is on it, there are no rules for this interface.
2 setevukha in the bridge with wlan'ami. The connection is stable.
Maybe you have something with a cable, if it starts up at 10M?

Report
L
Ltonid, 2018-06-10
@AtaZ

In general, the diagnosis of this should always be started from the basic one:
1) Turn on the cable in the computer and configure everything according to the instructions from the site. If it works, then we move on to the router, if not, then we call the provider's specialists.
2) In the case of stable operation on the computer, we try to divide the setup process into stages:
a) Reset the router to default, apply the default settings.
b) We insert the provider's cable, we see that the link is stable and there are no physical interruptions. In the case of rt, it is necessary to disable the dhcp client
. c) Set up the pppo-e client, specify the physical port, login and password. If everything is correct, then the link should go up. Temporarily turn off the default route and dns checkboxes. If the link is stable, turn on the checkboxes of the default route and dns, look at the stability.
d) We check the work of the Internet on Mikrotik without connecting more than one subscriber, if everything is fine, then we connect the local network. If the locale is configured correctly, then everything should work.
If there is no stability at some stage, then name the stage. Honestly, I was able to master your entire story, it is too emotional.
Mikrotik + rt itself and everything works fine, the most stable of the three connected Internets.

Report
B
bogena, 2018-06-13
@bogena

I will add that when you connect the computer, watch at what speed the network card works. But the problem 10M / 100M is most likely in the cable

Report
R
Ruslan, 2020-05-04
@msHack

Most likely Rostelecom violates RFC standards

Similar questions
D
DonorOfLove2021-05-07 22:50:15
How to align an icon to the bottom right corner? 4Reply
B
belihor2014-04-12 23:21:26
Where should a web programmer start? 3Reply
I
Igor Krivintsov2016-06-01 20:13:43
How to increase the speed of the Internet in a multi-storey building? 3Reply
I
iSize1ce2014-04-15 19:44:21
How to make vertical stripes fatter? 6Reply
S
SilvioMD2014-04-16 10:18:59
What settings are needed to install a router inside a working network? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question