If this is a Mikrotik switch, reboot it before you waste a lot of time. I've seen weird stuff too many times. I had a CRS317 the other day where we got 98% packet loss to one specific host. Watching the switch hosts table it seemed like it kept changing it's mind as to which interface that MAC address was on. Reboot cleared it right up.
-Adam -----Original Message----- From: AF <af-boun...@af.afmug.com> On Behalf Of Larry Smith Sent: Wednesday, May 04, 2022 12:50 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Subject: Re: [AFMUG] Weird IP issue To verify that, drop the firewall and then test again. If its firewall related it will start working. -- Larry Smith lesm...@ecsis.net On Wed May 4 2022 11:18, Christopher Tyler wrote: > Very minimal, really just basic input rules, nothing that would block > the IP addresses from getting through. No NAT or Mangle rules on this router. > > /ip firewall filter > add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \ > connection-state=established,related > add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf add > action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp > add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 > protocol=\ udp add action=accept chain=input comment="ACCEPT DHCP" > dst-port=67 protocol=udp add action=accept chain=input comment="Allow > MTIK Bandwidth Test" dst-port=\ 2000-3000 protocol=tcp add > action=accept chain=input comment="Allow MTIK Bandwidth Test" > dst-port=\ 2000-3000 protocol=udp > add action=accept chain=input dst-port=5678 protocol=tcp add > action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\ > THIS_ADMIN > add action=accept chain=output comment="ACCEPT ALL OUTBOUND" > add action=drop chain=input comment="DROP ALL OTHER INPUT" > > > -- > Christopher Tyler > Senior Network Engineer > MTCRE/MTCNA/MTCTCE/MTCWE > > Total Highspeed Internet Solutions > 1091 W. Kathryn Street > Nixa, MO 65714 > (417) 851-1107 x. 9002 > www.totalhighspeed.com > > This institution is an equal opportunity provider and employer. > Esta instituciĆ³n es un proveedor de servicios con igualdad de > oportunidades. > > ----- Original Message ----- > > > From: "Josh Luthman" <j...@imaginenetworksllc.com> > > To: "AnimalFarm Microwave Users Group" <af@af.afmug.com> > > Sent: Wednesday, May 4, 2022 11:12:55 AM > > Subject: Re: [AFMUG] Weird IP issue > > > > Firewall filter rules? > > > > Double check the gateway and subnet on the server. > > > > On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [ > > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote: > > > > > > We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running > > RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. > > I have two servers on that switch both in the the same public IP > > block. I can ping both servers from the router, and they can ping > > each other. One server is globally reachable and the other is not > > reachable other than from the router or switch itself. I plugged in > > my laptop and assigned it an IP in that same range and cannot reach > > it extrenally either. The router is using OSPF and I can see the > > route for that IP block from both sides of the router, but > > traceroutes/pings to anything other than the server that is working > > stop at the router. No vlans or special configuration between the > > router and the switch, just basic IP, all ports on the switch are > > bridged. Forwarded ports (dstnat) don't appear to work from the router > > either. > > > > I'm stumped, so I figured I would ask if anyone else has seen > > anything like this and have a solution, or am I looking at a > > possible RouterOS 7 issue? > > > > -- > > Christopher Tyler > > Senior Network Engineer > > MTCRE/MTCNA/MTCTCE/MTCWE > > > > Total Highspeed Internet Solutions > > 1091 W. Kathryn Street > > Nixa, MO 65714 > > (417) 851-1107 x. 9002 > > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ] > > > > This institution is an equal opportunity provider and employer. > > Esta instituciĆ³n es un proveedor de servicios con igualdad de > > oportunidades. > > > > -- > > AF mailing list > > [ mailto:AF@af.afmug.com | AF@af.afmug.com ] [ > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com | > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com ] > > > > -- > > AF mailing list > > AF@af.afmug.com > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
