Answer the question
In order to leave comments, you need to log in
Mikrotik blocks some PCs from accessing the Internet after rebooting the PC, has anyone encountered this?
Good afternoon, I got into this situation:
There is a company with 6 computers (all Windows 7 prof) and one server with AD raised on it.
A couple of days ago I installed mikrotik RB951Ui-2HnD with it, the settings are almost standard, DHCP distributes the server as it is a CD. ). And there are only 3 such computers (well, half more precisely). From a DameWare server, I connect to them easily, ping mikrotik, and in response, silence, external sites are also not available. And the Internet will not appear until I send from the router ping on the PC, then immediately starts working. I thought it was a d-link switch, but it wasn’t there. I replaced the switch, changed the ports, the cable also, nothing helps. There is no such problem with other computers. Restarting the d-link switch By the way, I solved the problem. Last night I installed a 24-port tp-link, but the problem recurred in the morning. There are no rules prohibiting it at all, I turned it off for tests.Who can though prompt in what party to dig?
I can also add that a person set it up before me, raised a bridge on it for voice, vlan on the first ethernet, and huffed into the bridge vlan and port 5.
Answer the question
In order to leave comments, you need to log in
Well, why did you stick to the DNS and DHTsP, that's how they were not connected with this problem (and could not be).
The problem is solved. I took the same Mikrotik, and uploaded the config from the failed one to it. Everything works now without problems. The Mikrotik returned to the store. Thank you all.
you forgot to post the configs.
ps: in general, on switches from d-link, it’s better not to configure anything other than vlan at all and turn off all features if possible
Yes, of course, according to such scribbles, it’s impossible to understand where it runs, I’ll try to guess:
1. Ether1 = WAN
2. Ether2-Ether5 = Local (ihh it’s better to link by making the 2nd port the master of the rest as a slave, the bridge works slower
3. Transfer DHCP to Mikrotik, lifespan 3 days to install
4. Configure DHCP to issue the default gateway, Mikrotik address, dns server address of Mikrotik (for local, of course)
5. On Mikrotik dns, register 1 your domain controller 1, 2 controller 2 if any, etc., add Google last to the list dns 8.8.8.8
6. Configure nat
In this configuration, Mikrotik will distribute addresses, the default gateway is also a dns server (it will cache requests) plus you can register statics for your own purposes or tests without touching the domain dns at all, it will first send all requests to the domain controller, and if there is such if he doesn’t find an answer, then he will look for them on Google, your CDs probably also run to the Internet via Mikrotik, so from the workstation, the mail.ru resolve will look like this: request for Mikrotik - request for CD - traffic from CD via Mikrotik to DNS global ( if a forwarder is configured) if not, then we say no and Mikrotik asks the next dns in the list until it sorts everyone in order - then the answer is Mikrotik - after the answer to the client
If you want to allocate telephony to a separate wealan, then on Ether 2 he raises the VLAN with us, we say that we accept tagged and non-tagged traffic, because if we have a LAN without a vlan on port 2, then traffic from it will not go through, we configure our subnet with with our DHCP server, we tag the equipment to the desired wealan and everything is according to the same scheme ... You can set up an access list, and prohibit grids from resolving into each other.
All this is strange. I would stream all the traffic that comes to the port where the computer with the idle Internet is connected to the computer that works fine. Well, there he already began to sort out what comes from this computer to the MT, and what is sent in response.
Also, at the time of the absence of a ping, it would not be bad to look.
You can also enable the debug log in the MT and monitor the logs.
/ip dns
set allow-remote-requests=yes cache-max-ttl=2d cache-size=4096KiB query-server-timeout=5s servers=192.168.0.5,192.168.0.1
/ip firewall nat
add action=redirect chain=dstnat dst-port=53 protocol=tcp src-address=192.168.0.0/24 to-ports=53
add action=redirect chain=dstnat dst-port=53 protocol=udp src-address=192.168.0.0/24 to-ports= 53
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question