I have a router that when connected via ethernet, i can not connect some sites like a health insurance site or AOL but when i disconnect ethernet port and connect to the same router via WiFi, i can connect to everything just fine. Upgraded router OS to version 6.49 and had same issue. Replaced router with brand new one running 7.7 running RB2011UiAS-2HnD, r3 firmware 7.7 (from factory) restored settings and have exactly the same issue.
Their dental program requires a security company to monitor and test ports. We pretty much had to disable everything to pass but were still functioning fine. Included is an attachment of the error when we attempt to login into a site which blocks us. I can put a temp tp-link router with default settings and link fine. I can link to our mikrotik router via wireless from the same computer and it works fine. But if I connect via Ethernet it fails every time. Same Router, Same PC, Same websites will not access.
Lost, can anyone give me a clue....or a direct "You're doing this, don't or do, you screwed this up". I'm beyond pride, just humble.
Thanks, Rob.
[admin@DR LEA R1] > export /
expected end of command (line 1 column![8)]( "Cool")
[admin@DR LEA R1] > export
# feb/12/2024 14:27:03 by RouterOS 6.49.10
# software id = 85XW-13LD
#
# model = 2011UiAS-2HnD
# serial number = 762C0702EB2E
/interface bridge
add admin-mac=64:D1:54:3C:37:65 auto-mac=no comment=defconf fast-forward=no \
name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether6-master
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=ether1 \
keepalive-timeout=60 name=pppoe-out1 password=97757 user=ddslea@aol.com
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=general supplicant-identity="" \
wpa-pre-shared-key=9039627328 wpa2-pre-shared-key=9039627328
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=no_country_set disabled=no distance=indoors frequency=\
auto frequency-mode=manual-txpower mode=ap-bridge name="DR LEA" \
security-profile=general ssid=DRLea wireless-protocol=802.11
/ip pool
add name=default-dhcp ranges=192.168.0.100-192.168.0.200
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no \
interface=bridge name=defconf
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge comment=defconf interface="DR LEA"
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface="DR LEA" list=discover
add interface=bridge list=discover
add interface=pppoe-out1 list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
add address=161.38.218.109/24 disabled=yes interface=ether1 network=\
161.38.218.0
/ip dhcp-client
add comment=defconf default-route-distance=20 interface=ether1
/ip dhcp-server lease
add address=192.168.0.215 client-id=1:c0:cb:38:97:d1:58 mac-address=\
C0:CB:38:97:D1:58 server=defconf
add address=192.168.0.199 client-id=1:ac:18:26:32:23:aa mac-address=\
AC:18:26:32:23:AA server=defconf
add address=192.168.0.198 always-broadcast=yes client-id=1:bc:a9:20:88:65:48 \
mac-address=BC:A9:20:88:65:48 server=defconf
add address=192.168.0.104 always-broadcast=yes client-id=1:34:23:87:dd:9d:49 \
mac-address=34:23:87:DD:9D:49 server=defconf
add address=192.168.0.200 always-broadcast=yes client-id=1:78:2b:cb:8b:47:8e \
mac-address=78:2B:CB:8B:47:8E server=defconf
add address=192.168.0.10 client-id=1:0:11:32:ac:9f:34 mac-address=\
00:11:32:AC:9F:34 server=defconf
add address=192.168.0.197 client-id=1:9c:ae:d3:bf:4c:14 mac-address=\
9C:AE:D3:BF:4C:14 server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=\
192.168.0.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=192.198.80.147 list=whitelist
add address=104.17.25.26 list=whitelist
add address=104.17.39.81 list=whitelist
add address=104.18.223.66 list=whitelist
add address=104.18.213.60 list=whitelist
add address=104.16.242.18 list=whitelist
add address=74.120.157.10 list=whitelist
add address=74.120.156.17 list=whitelist
add address=74.120.157.19 list=whitelist
add address=74.120.156.22 list=whitelist
/ip firewall filter
add action=drop chain=input disabled=yes in-interface=ether1 protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
ether1
add action=masquerade chain=srcnat src-address=192.168.0.0/24
/ip route
add check-gateway=ping distance=1 gateway=72.34.178.1
add check-gateway=ping disabled=yes distance=2 gateway=161.38.218.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd
set time-interval=hour
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2-master,ether3,ether4,ether5,ether6-master,e\
ther7,ether8,ether9,ether10"
/system clock
set time-zone-name=America/Chicago
/system identity
set name="DR LEA R1"
/system ntp client
set enabled=yes primary-ntp=96.226.242.9 secondary-ntp=216.171.120.36
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
[admin@DR LEA R1] >
Their dental program requires a security company to monitor and test ports. We pretty much had to disable everything to pass but were still functioning fine. Included is an attachment of the error when we attempt to login into a site which blocks us. I can put a temp tp-link router with default settings and link fine. I can link to our mikrotik router via wireless from the same computer and it works fine. But if I connect via Ethernet it fails every time. Same Router, Same PC, Same websites will not access.
Lost, can anyone give me a clue....or a direct "You're doing this, don't or do, you screwed this up". I'm beyond pride, just humble.
Thanks, Rob.
[admin@DR LEA R1] > export /
expected end of command (line 1 column
[admin@DR LEA R1] > export
# feb/12/2024 14:27:03 by RouterOS 6.49.10
# software id = 85XW-13LD
#
# model = 2011UiAS-2HnD
# serial number = 762C0702EB2E
/interface bridge
add admin-mac=64:D1:54:3C:37:65 auto-mac=no comment=defconf fast-forward=no \
name=bridge
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] name=ether2-master speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether6-master
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether8 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether9 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether10 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=ether1 \
keepalive-timeout=60 name=pppoe-out1 password=97757 user=ddslea@aol.com
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=general supplicant-identity="" \
wpa-pre-shared-key=9039627328 wpa2-pre-shared-key=9039627328
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n channel-width=\
20/40mhz-Ce country=no_country_set disabled=no distance=indoors frequency=\
auto frequency-mode=manual-txpower mode=ap-bridge name="DR LEA" \
security-profile=general ssid=DRLea wireless-protocol=802.11
/ip pool
add name=default-dhcp ranges=192.168.0.100-192.168.0.200
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay disabled=no \
interface=bridge name=defconf
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=ether6-master
add bridge=bridge comment=defconf hw=no interface=sfp1
add bridge=bridge comment=defconf interface="DR LEA"
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=ether9
add bridge=bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=sfp1 list=discover
add interface=ether2-master list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=ether6-master list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface="DR LEA" list=discover
add interface=bridge list=discover
add interface=pppoe-out1 list=discover
add interface=bridge list=mactel
add interface=bridge list=mac-winbox
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
add address=161.38.218.109/24 disabled=yes interface=ether1 network=\
161.38.218.0
/ip dhcp-client
add comment=defconf default-route-distance=20 interface=ether1
/ip dhcp-server lease
add address=192.168.0.215 client-id=1:c0:cb:38:97:d1:58 mac-address=\
C0:CB:38:97:D1:58 server=defconf
add address=192.168.0.199 client-id=1:ac:18:26:32:23:aa mac-address=\
AC:18:26:32:23:AA server=defconf
add address=192.168.0.198 always-broadcast=yes client-id=1:bc:a9:20:88:65:48 \
mac-address=BC:A9:20:88:65:48 server=defconf
add address=192.168.0.104 always-broadcast=yes client-id=1:34:23:87:dd:9d:49 \
mac-address=34:23:87:DD:9D:49 server=defconf
add address=192.168.0.200 always-broadcast=yes client-id=1:78:2b:cb:8b:47:8e \
mac-address=78:2B:CB:8B:47:8E server=defconf
add address=192.168.0.10 client-id=1:0:11:32:ac:9f:34 mac-address=\
00:11:32:AC:9F:34 server=defconf
add address=192.168.0.197 client-id=1:9c:ae:d3:bf:4c:14 mac-address=\
9C:AE:D3:BF:4C:14 server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8,8.8.4.4 gateway=\
192.168.0.1 netmask=24
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router
/ip firewall address-list
add address=192.198.80.147 list=whitelist
add address=104.17.25.26 list=whitelist
add address=104.17.39.81 list=whitelist
add address=104.18.223.66 list=whitelist
add address=104.18.213.60 list=whitelist
add address=104.16.242.18 list=whitelist
add address=74.120.157.10 list=whitelist
add address=74.120.156.17 list=whitelist
add address=74.120.157.19 list=whitelist
add address=74.120.156.22 list=whitelist
/ip firewall filter
add action=drop chain=input disabled=yes in-interface=ether1 protocol=icmp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=\
ether1
add action=masquerade chain=srcnat src-address=192.168.0.0/24
/ip route
add check-gateway=ping distance=1 gateway=72.34.178.1
add check-gateway=ping disabled=yes distance=2 gateway=161.38.218.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd
set time-interval=hour
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2-master,ether3,ether4,ether5,ether6-master,e\
ther7,ether8,ether9,ether10"
/system clock
set time-zone-name=America/Chicago
/system identity
set name="DR LEA R1"
/system ntp client
set enabled=yes primary-ntp=96.226.242.9 secondary-ntp=216.171.120.36
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
[admin@DR LEA R1] >
Statistics: Posted by robelder — Tue Feb 13, 2024 4:03 am