The /24 vs. /0 Mistake: A MikroTik Routing Lesson

Alex NyamburaAlex Nyambura
5 min read

Module 2 of my MikroTik Zero to Hero Challenge

After getting familiar with MikroTik in the morning, I thought the afternoon would be easy - just set up some IP addresses and get online. I was so wrong.

The Big Problem I Discovered

Remember that bridgeLocal from Module 1? Well, it was causing a huge mess:

  • All 4 Ethernet ports were acting like one big switch

  • My internet connection (WAN) was mixed with my local network (LAN)

  • My laptop was getting a weird IP address: 169.254.86.20

That 169.254.x.x address is what Windows gives itself when it can't find a DHCP server. Not good!

Separating WAN and LAN (The Right Way)

First thing I had to do was separate the internet connection from my local network:

The Problem: Everything was on one bridge
The Solution: Create proper separation

Here's what I did:

# Delete the messy bridge
/interface bridge remove bridgeLocal

# Create a new bridge for LAN only
/interface bridge add name=Bridge-LAN

# Put only the local ports in the LAN bridge
/interface bridge port add interface=ether2 bridge=Bridge-LAN
/interface bridge port add interface=ether3 bridge=Bridge-LAN
/interface bridge port add interface=ether4 bridge=Bridge-LAN

# Leave ether1 separate for internet connection
# Rename interfaces to make sense
/interface set ether1 name=ISP
/interface set ether2 name=Laptop

Now I had a clean separation:

  • ISP (ether1) = Internet connection

  • Bridge-LAN (ether2-4) = Local network

Setting Up IP Addresses

Time to give everything proper IP addresses:

WAN Side (Internet): Use DHCP to get an IP from my ISP router

/ip dhcp-client add interface=ISP

LAN Side (Local Network): Use static IP

/ip address add address=192.168.88.1/24 interface=Bridge-LAN

The /24 means the first 24 bits are the network part. So 192.168.88.1/24 means:

  • Router IP: 192.168.88.1

  • Network: 192.168.88.0 to 192.168.88.255

The Big Mistake That Taught Me Everything

After setting up IP addresses, I tried to ping Google:

/ping 8.8.8.8

FAILED!

I could ping my ISP router (192.168.100.1), but not the internet. What was wrong?

I checked my routing table:

/ip route print

And there it was - the problem:

0 A S  0.0.0.0/24     192.168.100.1

Do you see it? 0.0.0.0/24 instead of 0.0.0.0/0

The /24 vs /0 Lesson

This was my biggest learning moment:

  • 0.0.0.0/24 = Only route traffic for 0.0.0.1 to 0.0.0.255 (useless!)

  • 0.0.0.0/0 = Route ALL unknown traffic to this gateway (what we want!)

The fix:

# Remove the wrong route
/ip route remove [find dst-address=0.0.0.0/24]

# Add the correct default route
/ip route add dst-address=0.0.0.0/0 gateway=192.168.100.1

SUCCESS! Now I could ping 8.8.8.8!

Another Mistake I Made

I accidentally added a DHCP client to my LAN bridge:

/ip dhcp-client add interface=Bridge-LAN  # WRONG!

This made no sense because:

  • WAN interfaces should GET IP addresses (be DHCP clients)

  • LAN interfaces should GIVE IP addresses (be DHCP servers)

I was asking my LAN to search for a DHCP server that didn't exist!

Understanding My Network Layout

By the end of Module 2, my network looked like this:

Internet → ISP Router → ether1(ISP) → MikroTik → Bridge-LAN → ether2-4
           192.168.100.1  192.168.100.40  192.168.88.1

Clean and logical!

What I Learned About Routing

The routing table shows how traffic gets around:

/ip route print
# Results:
# 0 A S  0.0.0.0/0       192.168.100.1  (send everything unknown here)
# 1 ADC  192.168.88.0/24 Bridge-LAN     (local network is directly connected)  
# 2 ADC  192.168.100.0/24 ISP           (ISP network is directly connected)

The flags mean:

  • A = Active (route is working)

  • D = Dynamic (created automatically)

  • C = Connected (directly attached network)

  • S = Static (I created this manually)

My Troubleshooting Method

When things don't work, I learned to check in this order:

  1. Symptoms: Can't reach 8.8.8.8

  2. Check routing: /ip route print

  3. Check interfaces: /ip address print

  4. Test step by step: Local → Gateway → Internet

  5. Fix the root cause: Correct the subnet mask

What I Accomplished

By the end of Module 2:

Proper WAN/LAN separation - No more mixed networks
Internet connectivity working - Can ping 8.8.8.8
Clean routing table - Correct default route
Logical interface naming - ISP and Laptop instead of ether1/ether2
Understanding traffic flow - Know how packets move around

The One Thing Still Not Working

My laptop was still getting that 169.254.x.x address. I could manually set a static IP and everything worked, but automatic assignment wasn't happening yet.

Next challenge: Set up a DHCP server so devices get IP addresses automatically.

Key Commands I Mastered

# IP address management
/ip address add address=192.168.88.1/24 interface=Bridge-LAN
/ip address print

# DHCP client management  
/ip dhcp-client add interface=ISP
/ip dhcp-client print

# Routing
/ip route print
/ip route add dst-address=0.0.0.0/0 gateway=192.168.100.1

# Testing connectivity
/ping 8.8.8.8 count=3
/ping 192.168.100.1

The Real Learning

Module 2 taught me that networking is all about logical separation. Just because ports are physically next to each other doesn't mean they should be on the same network.

The /24 vs /0 mistake was embarrassing but incredibly valuable. Now I'll never forget that subnet masks completely change how routing works.

This is part of my MikroTik Zero to Hero challenge. The journey from confusion to clarity continues!

Next up: Module 3 - DHCP Server & Basic Services (Finally getting automatic IP addresses working!)

10
Subscribe to my newsletter

Read articles from Alex Nyambura directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#Mikrotiknetworkingsubnettingroutingdhcp

Written by

Alex Nyambura
Alex Nyambura