Getting Started: MikroTik Troubleshooting (Basics to Advanced)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up everybody the networkberg here hope you've been doing well in this video we're going to be covering something freaking amazing and that is troubleshooting on my critique routers now this is probably also one of the biggest fundamentals and important things that i can try and hope to teach you and it is really really an important lesson so please try and come with a keen mind ready to learn something so that if maybe i show you something new i can earn your subscribe your like your re-share of the video whatever it takes so let's jump into properly troubleshooting on mikrotik routers all right so now that we're in the video we first need to figure out what is troubleshooting how can i teach you troubleshooting the thing about troubleshooting is it is not just a set carbon copy thing that i can say if this goes wrong do this and it will fix the issue troubleshooting in itself is a methodology so i can point you in the right direction and we can kind of see what's happening on the network as a whole to try and find the issue and fix it but every network in this world is very different from each other people configure things differently they do things differently on their interfaces on their routing on their scripts there's so many mad things happening so it's really not something that i can just tell you if you can't ping google do this and it's going to fix the issue but i can at least show you or give you some tips with the methodology of what we can follow so that we can eventually get to a point where we maybe find the issue and fix it so let's actually dive into that alrighty so let's look at our topology it is a eve topology that i've been working on for a while we've been labbing a few cool things on here but specifically let's figure out troubleshooting so before we do any troubleshooting let's think about our tools what can we use to troubleshoot so one of the best tools that you will ever get in your life is a ping it sounds silly but a simple ping test can identify so many things on the network whether a interface is up or down or if the traffic can get to the destination or not pinging is always going to be mandatory and i recommend that as a first step whenever you troubleshoot anything ping see if you can get to the other end does it work or not so let's quickly do a few things let's jump on to unbox and from one winbox i'm on pe1 so it's this router on the left hand side it connects directly to the internet so pe1 also connects to router 2 rather three router 4. so let's do some things let's imagine we want to test some things to router 2. so router 2 has an ip address of 10.1.0.2 is rather to use address so if i want to do a ping there's a few ways that i can do it the first way is i could click on this tools button and i can go to ping and then ask you what do you want to ping to so i can say i want to ping 10.1.0.2 and if i hit start cool how awesome is that it's showing me it is able to ping router to what the response time is the time to live and the reply size i can also just stop the ping by clicking on stop and there's a few extra cool things that we can look at like on the advanced tab there's a packet size so you could increase this packet size to also test for things like maybe an mtu issue so let's say we wanted to bring it 1472 and let's ping 10 1 0 2 and i can still get a response but if i may be pinged at let's say 1800 and i started it's still able to respond but let's do a don't fragment and there we see there's fragmentation that's happening because the packet is too big but if i think at 1472 the packets go through without any issue so i know that a 1500 mtu will be working just fine on this link and again it's important i can see the communication works so router 2 is responding to my icmp and saying hey yes hello i'm doing an echo and i'm telling you i am up and there's no issue here so what would happen if this link was down between pe1 and r2 so let's quickly emulate that by going into router 2 and i'll just quickly do this from the command line so on router 2 what i'm going to do is i'm going to go let's just do an intro face print and then ether one is what's connecting to my pe1 so let's just shut that then let's disable ether one so to do that i can just do an interface disable 0 and now my link to router 2 has been broken so i should not be able to ping anymore so let's quickly go back into router and let's try and run a ping again and now my ping is failing so the reason is obviously because the link is down and that's very important to me because now i know i can't get to my next hop i can't get to that router so there's some issue between router 2 and pe 1 so now i can localize the fault between the two devices and then now i need to look at the link or maybe the switches or maybe the path between these two routers to see what is going on why is this not working so this is why ping is a very very important thing to start your process of troubleshooting check and see if you can ping the remote and if you can ping it then if you still have issues then there's something else then then it could be a firewall issue or a few other things but if your ping's not working then there's definitely a problem and you need to start looking at the network and see what's going on so let me just jump back onto router 2 and let me just re-enable that interface so interface enable 0 let's go back onto inbox and then my ping starts working again so i've sorted out the issue i plugged in that loose cable and everything is fixed now so please pinging super important while we're on the subject of ping let's also just do that from the command line so let me go back onto router 2 and from router 2 let's say i want to do the same type of test but let's ping google's dns server so let's do a ping 8.8.8.8 hit enter and that's as easy as it is if you want to specify a few additional things and you can do this from one box as well you can also specify a source address so you can say exactly where the traffic's coming from so let's say in this case let's do router 2's lan address which is 10.0.0.1 and i still get a response so i know this network this lan subnet can actually break out to the internet as well you can do the same stuff here by specifying size for the mtu so 1472 and if you have any type of vrf then you can also do a routing table and specify your routing table so that is really cool so let's take a look at our next tool and that is traceroute or trace route now let's jump onto inbox and if we want to do a traceroute from one box it's quite easy you just go to tools trace route and it opens up this little box and now we can fill in the information so a traceroute works very similar to icmp or to a ping where it is sending a packet and it's looking for a response to tell you it's able to get to its next destination the very cool thing about traceroute is it keeps a record of all the hops in between to show you which routers the traffic gets to until it actually gets to its end destination so why is this useful well it can identify if there's an issue along the path and where the issue starts occurring so let's run a basic trace route to 8.8.8.8 and we can just hit the start button and it will show us all these hops so how cool is that so this where you see a timeout is where there's basically a mask happening so somebody doesn't want you to see what the the network is which is quite normal but in our topology i'm able to get from router or pe1 to my next hop which is my virtual lab and then i get to my actual router and then i follow down a path until i eventually get to 8.8.8.8 so why is this useful well let's say for argument's sake between hop 7 and 8 hop 7 was the last hop to respond everything after this is blank or it's timing out so it doesn't show you that anything's working so that would actually tell me that i need to look at the connectivity between hop 7 and hop 8 so there's probably then something happening on this 4.9 router to 4.22 that's not allowing us to communicate effectively so traceroute lets you see the path through the network until it gets to this ends destination and then you can figure out kind of what's happening what's wrong and then if you can identify where a hop might be having a lot of packet loss or is just timing out completely then you know this is where i can start to investigate so traceroute there's a few extra things we can do we can also specify our interface so where do you want to be pinging from what is your source address going to be the routing table if you have more vrf's on the router so that's how you can do a trace route from winbox so let's just quickly do one from the command line so let's go into router 2 and for other two i should have one more additional hop which will be by pe one so to do a trace round we just type tool trace route then we can just type in the address if we want to but you can say address equals and then www.google.com and let's also do a source address and that will be the lan address of router 2 and let's do a traceroute and there we see so the router sees itself or no sorry the 10 101 is pe one's address so it gets to pe one and then to pe one it goes out to my net and then it breaks out to the actual internet so how cool is that we we can actually see what's happening with the traffic so that is how we can use a trace route to try and find where issues are on the network as well now let's get into a very cool cool cool troubleshooting place and this is not going to be a tool you're not going to open up traceroute ping to see if communication is working this is going to be somewhere we can actually see if errors are occurring so we can do this from winbox so go into inbox and then in web box you get this cool log log section so we're going to log and what does log do well log is logging any type of information that you specify in a either on the memory or the hard disk of the router if it has a hard disk you can also set it up for syslogging so it exports all these logs to a syslog server but generally if you leave your micro tick on its defaults it's mainly just logging everything to memory so you can set that to disk as well and i'll show you how to do that just now but i wanted to show you in log there's a ton of information that's happening here but this information can become very useful very quickly as well because you can find out what is happening on the network if a link goes down it will show you that it's down here if bgp reconnects it will tell you it reconnects if ospf does something it will tell you that as well so this log section is pretty important so we can tweak the logs by going to our system and then logging and then in logging you'll see by default these four should be enabled on your router and it will show you similar to other vendors cisco juniper whatnot these are like your notification messages what's happening on the system so there's a critical error info warning and you can even add additional rules by just clicking on the plus and then you can look at specific topics so we could look specifically at bfd or bgp or ospf lttp whatever our hearts desire we can drill down specifically for those logs so the router catches that information as well and puts it in a format here so let's quickly tweak this to see if we can actually pick up issues with the logs so i'm just going to increase this log bar and then from this log bar let's go back into router 2 via the command line let's just stop this trace route that's running and then what we can do is open up winbox again and then i want you to keep a look on this log file you see there's 69 items at the moment so what i'm going to do is i'm going to disable my interface 0 again or ether one and let's see does it pick anything up it should actually pick something up though i think the interface will still be showing up and that's ether2 but that's because of the emulator so let's just disable ether2 here and there we see it actually picked up immediately that i made a change on the interface okay so on this emulator it's not really showing me the what i want because you would be able to see if the link ether whatever goes down or up but let me just re-enable that and then we'll do a better test one that i know for a fact will work so let's enable this interface again and then what we're going to do is we're going to cause a bit of havoc with our ospf running on this network so what i want us to do is from the router let's just go into our routing into our ospf there we see the bgp came up as well but anyways let's go into ospf instances our writer id is 1.1.1.1 now if i go back in my topology this p1 that you see connected to pe1 it also has a router id but the router id is 9.9.9.9 so let's call some havoc on pe1 let's make our router id 9.9.9.9 and let's see what happens to our logs so i'm applying that and there we see it's been changed now i'm getting all types of errors now i'm getting all types of errors my router's freaking out so if you are seeing that your logs are freaking out like this there is probably a pretty big issue happening and it's a valid issue because the ospf it's it's trying to establish that neighborship but it can't because it has the same id so in the logs if you see it is like spamming you with logs you can just click on freeze as well so it gives you time to actually go through the logs and see what's happening so let's quickly read here it's telling me ospf v2 neighbor 9999 stay changed from exchange to 2a then it does a few extra thingies and it says local and remote router id are the same and that's an issue because on ospf you can't have the same router id between devices it has to be different for each router on the network so i already now okay cool this 9999 it's already being used on the network so i can just change this back to 1.1.1.1 let's open up our logs so we can see it in real time as well so we stopped getting spammed i just want to see if i can do it a bit better okay let's just apply that and it stopped and very quickly it picked up okay everything's changed and now it says the the router id is this and that and everything's actually connected the way it's supposed to so if i go to my interfaces they're all back if i go to my neighbors they're all working the way that they should be working so let's just change that again back to 9.9.9.9 so i want to show you something in the neighbors as well so we know there's definitely a fault if i go to my neighbor there's some state changes there's 26 state changes there's 44 so if you see stuff like that you definitely know there's some kind of issue with ospf happening if the state keeps changing like that and in our case it was just because the router ids were the same and that is such a rookie mistake but it does happen for many many network admins so let's apply that back see my neighbors come back up and they should just be a pretty solid number the whole time cool so besides causing some havoc on the network let's actually take a deeper look at some of the stuff and this is where you'll get your equivalent of people talking about debugging on like a cisco or juniper or whatnot so we're going to be going back into our logging and then in our rules when we hit the plus and i've already showed you we can put in different things but let's specify ospf and then i'm going to apply this and if i go to my logging now or my logs you'll see a ton more information that the router is recording regarding the ospf it can see the hello packets that it's receiving it can see the options you can see the data that's in the packet so that is what happens when we put in a specific thing in the logging and it doesn't just have to be ospf it can be really anything anything that you saw there we can turn on so if you just want to disable it we can hit the disable button or we can just delete that and let's maybe add something else so for interest sake let's maybe add because i know i'm running bgp so let's do some bgp and now i should start seeing some bgp things happening so to quickly there we go there's some keeper live messages that i'm receiving and what i can do is i can also just maybe disable some of my peers and re-enable and then i get a ton of information so that is the nifty thing about logging you can really get pretty deep in the information of what you're receiving on the network as long as you specify the details that you're looking for cool now we're going to be looking at something that let's say a peer made in a recent video and i actually laughed at his thumbnail because it's the guy and he's sitting there he's sniffing he's sniffing an ethernet cable and this is something you can do on my critique as well it is called packet sniffing or you're going to be deep diving and seeing what's happening in the packet so think of this as the the creme de la creme if you if you're really struggling and you're really troubleshooting fairly hard and you want to see everything that's happening with the network then this is what you're going to be using and it is packet sniffing so to do a packet sniff all you're going to do is go to your tools and you'll find packet sniffer so packet sniffer allows us to get a complete insight from the moment the data turns into all kinds of signals on the wire or the wireless up until the point it it becomes layer two layer three layer four all that stuff you can see the whole process by doing a packet sniff and if you're familiar with fireshark then i don't need to explain too much to you but i'll show you this in wireshark as well and why it's cool and how scary it can be as well especially if somebody can get access on your router and they can start doing packet sniffs so this is why you need to make sure your router is also pretty secure don't just allow anybody in on the device okay so back to our packet sniffer so here you can set some limits the memory limits you could increase that make it less make more your file limit so how big the file can get so this file can get up to meg and we can give it a name so i'll just make this pcap test and then the cool bit is you can go into your filter and here you can specify certain things but before we do any type of thing with the filter let's just run run a packet capture and see what's happening so let's start it and let's maybe generate some traffic so from router 2 again i might just do another ping to www.google.com i get a response let's maybe run a ping to 8.8.8.8 and let's do the same thing from pe one from winbox so let's ping www.google.com let's ping here's a popular website in my country www.cars.co.js so this is some site that you can look up at some second hand vehicles maybe that you want to buy cool so i get a response and let's stop it let's stop our packet capture and now it's been saved onto the files of the mikrotik so if i go to my files i'll find a pcap test it's already almost well it's over half a meg already so let's just download this i'll put this in my downloads folders on my computer so downloads and now my packet capture is downloading so what i'm going to do now is i'm just going to open this up in my downloads folder and there's a pcapp test file but it's just a file so what i can do is i can just rename this as a dot pcapp whoa and now wireshark can actually open that you can also find online packet capture things where you can upload a pcap file and it will also show you the same results as wireshark would but i really dislike putting packet captures on there because you're making that information available on a place that is public so people that are malicious might be able to extract some information not that they necessarily will just do that but it might happen but okay here we've got a wireshark file so i'm just going to open this just going to double click it and it opens up my wireshark and holy smokes look at all this information if i scroll down isn't that amazing it's telling me everything that that router was doing every last bit of communication where it was communicating to how it was communicating what it was doing you see these are ethernet two frames that's being sent here are our packets the hcp bfd all kinds of amazing things that we can pick up from this information and we could drill down on stuff with this uh pcap by looking at specific eyepiece so maybe i wanted to look at anything from or let's say we want to see anything that's going to eight or eight or eight today whoa how cool is that so there we can see 10.1.0.2 was doing a dns resolution to find out who is www.google and if i just click on this line i can see everything from the signal to the layer 2 to the layer 3 to the layer 4 to the application which was dns in this event here i can see the pings that i was running from 10 102. how freaking cool is that so i can see all of this information with a packet capture i could also maybe just type here [Music] let's say ospf because i know ospf is running on the device and there i see all my ospf packets all the halo packets what they were doing what they are sending what the neighbors are what the router ids or everything is in here so packet capture very powerful tool because it will give you that complete breakdown of everything that was happening on your network so if you are having massive massive issues and you're not coming right if you understand what you're doing with the packet capture this is probably the best tool you'll ever use to figure out what's happening on the network so i can highly recommend using that alright so we've done pings we've done trace routes we've fiddled around with logging and looked at packet sniffing but let's say we're at our wit's end we've been troubleshooting and we can't figure out what's happening or how to fix the issue that we're having so what do we do now well there's a few things that i would recommend that i would do if i'm having a rough time figuring something out and the first thing is google there's really no shame in you opening up your browser going to google and googling the issue that you're having and what you're trying to do and see if there's maybe some result where somebody also had a similar issue and they fixed it by doing something and then maybe you can apply that same knowledge to your situation because that does happen there is really no shame i don't understand why there is a i i'm gonna say stigma almost against people that google for answers because yeah you can you can be a mtc ini i'm an mtc and i and e and i also sometimes forget how to do something and then google is your friend it will help you find what you're looking for so maybe i'm trying to do route reflector micro tick and i want to just get a refresh on how to do that you see it will show me there's a wiki page for it there's a mom document for it there's some more forum posts for it there's some videos there's information that's available for me to go over if i'm just willing to look for it so don't be shy to use google it will save you time at the end of the day next thing the forums so let's just go to the forums so with mikrotik there is a pretty open forum you just register to it and then whatever you're having an issue with you can also search for it to try and find if somebody had a similar issue or you can drill down specifically in what you're having an issue with so maybe i'm having issues in i'm a beginner and i want to ask a question so i could just post the topic here and i could ask if i was registered somebody how how do i do something and there's a good chance that on the forum your question is already there so don't be shy to go to the forums either and try and find your issue because here we can look at when and maybe i'll find a ton of results for the wan amazing next thing that i can recommend is the micro tick wiki so from the wiki there's more than just router os even though i primarily just use router os there is stuff for the switches the dude or there's a switch sorry um i don't know what that is even but pretty cool so generally i would just go into the microtech router os and this is the mikritik toc and there's examples here for anything on the micro tick that you can think of doing it is here so if i wanted to maybe do something with eoip i could go in here and it will show you some commands that you can use for the eoip how it works possible matches some notes here's some setup examples everything that i possibly want is on this wiki so this is also a great place to try and find information if you're struggling and you're troubleshooting something and you want to do something and then the last place if you can't come right with anything you've done everything that you can think of and your issue is still happening then your last step is also your base step and that is to reach out to the micro tech support guys but this means don't just send them an email and tell them hey i cannot get to google because that is not a great way to start a relationship or try and troubleshoot an issue so if you're going to escalate an issue to mikrotik and you've already tried the forums you've googled you've tried setting up everything yourself and it just doesn't want to work then what you can do is actually create what they call a support.rift file on your microtic so if we open up our micro t you can see a sub out dot riff makes up out dot riff so this is basically a file that will contain some very useful information that micro tick will be able to use so i'm just going to start that it's creating the file and then this file you can actually attach onto a mail that you can send to support mikrotik.com and you can tell them guys this is my issue here's my support file here's maybe a diagram like the network topology like on my even g tell them this is my topology this is what i'm trying to do show them how you're trying to route the traffic or what isn't working the way that you're expecting it to work but with that file attached and then there's a good chance they will look at the file and they will be able to give you some pretty solid advice it's happened to me before where i was having some issues with an eoip tunnel i was running and because of some weird duplicate mac addressing that i wasn't even aware of it was bringing my network down consistently and i i googled and i couldn't find the issue and i showed this to the mikriti guys and they were so helpful and quick to also just address the issue and we could get to a point of resolution where i removed this static mac address binding that was on this eoip and i created a new one and then my network ran perfectly fine again so please if you've tried everything mail the support guys and they will be able to assist you as well okay so that is going to wrap up my video about troubleshooting on my critique devices i hope i really hope it has been informative that you've learned something new if you have again please feel free to like share subscribe all that stuff and i'd like to thank you guys again for watching i appreciate it so much see you in the next video

Info

Channel: The Network Berg

Views: 3,274

Rating: undefined out of 5

Keywords: #Routers, #CCNA, #CCNP, #MTCNA, #MTCRE, #MTCINE, #Networking, #Computers, #Ethernet, #DHCP, #Configuration, #Troubleshooting, #Ping, #Traceroute, #Logging, #Debugging, #Packet Sniffing, #Support

Id: Mo06OcIvB9E

Channel Id: undefined

Length: 32min 20sec (1940 seconds)

Published: Mon Nov 23 2020