MikroTik

halacs

I agree that it would be very good to have some kind of control on the fans. I think we don't really need to have so detailed control but at least some profiles would be really appreciated. Profile like "silent" would keep the fans off as long as possible then turn them on with a much higher speed a...

halacs

Actually the dst-nat rules were there. I disabled the eoip tunnel for a couple of minutes then enabled it back.

halacs

Thank you so much for your help and the detailed explanations! I checked that end where the issue happened and the rules were in different order: first accept gre, then the two dst-nat and finally the default masquarade. I moved default masquarade rule at the 2nd place right after the accept gre and...

halacs

Magic :) It started to work now. I have configured both end now at the same way. Very cool! Thanks! :) One more question what I don't understand now: at both end, I can see a 'responder' and an 'initiator' in the ipsec remote peers. The strange thing is the two ends are different, meaning that at on...

halacs

[admin@zoldmali.intra.example.com] > /ip firewall connection print detail where src-address~":4\?500" or dst-address~":4\?500" Flags: E - expected, S - seen-reply, A - assured, C - confirmed, D - dying, F - fasttrack, s - srcnat, d - dstnat 0 SAC protocol=udp src-address=x.y.5.107:500 dst-address=a...

halacs

I'm just wondering loudly what could be the problem. I have PPTP and L2TP VPN servers on this end. Can it be the problem? Fast forward should be on or off on the bridge where 172.20.0.1 IP is?

halacs

Sure! I disabled the manually created peer (under IPsec/Peers in winbox) but nothing changed. [admin@router.intra.example.com] > /ip ipsec remote-peers print Flags: R - responder, N - natt-peer # ID STATE REMOTE-ADDRESS DYNAMIC-ADDRESS UPTIME 0 message-1-sent x.x.5.107 [admin@router.intra.example.co...

halacs

But I've understood from what you wrote earlier that both ends have dynamic public IP so both need to be configured the other one's domain name, is that true? Yes, that's true. Both end are with dynamic IP changed quite rarely. Initial state is a EoIP tunnel with manually configured local IP addres...

halacs

You are right, sorry. Here are the both end of the tunnel. Router A (where I have set NAT because of dynamic IP) [admin@router.local.example.com] > /ip ipsec peer print Flags: X - disabled, D - dynamic, R - responder 0 D ;;; eoip-tunnel-Zoldmali name="peer17" address=a.b.5.107/32 local-address=172.2...

halacs

Hi, today I had some time to understand a bit more the configuration you suggested but it still not working somehow. When I set local IP as my real IP on the WAN interface (ppoe now actually) my EoIP is working but in case of the private IP hack, it's not. Here is my configuration hopefully without ...

halacs

Sounds interesting! It's a bit much for the first glance now so give me some time to process what you wrote then I'll be back with the outcome.

halacs

It works now, thanks! I have set the EoIP tunnel used by the public IPs of the routers and turned off the L2TP site-to-site VPN. It seems all fine with tagged L2 connection. Local endpoint can be only an IP at the EoIP settings. My WAN IP assigned dynamically via DHCP. You meant that this IP will be...

halacs

Okay, thanks! I the meanwhile, I managed EoIP on top of L2TP, but then it is secure enough if I set IPsec secret at the tunnel config. I hope I can set domain name for the remote host instead of the IP, but this is what I will check only tomorrow. WAN side firewall will be interesting, what I have t...

halacs

One more maybe a bit more advanced question: I have site-to-site VPN between two mikrotik router. I have a same VLAN config on them with same IDs. With my previous VLAN settings when I had separated bridges for all VLANs, I could set a bridge in the PPP profile to create a layer 2 VPN connection. No...

halacs

Finally I took the risk and bought one. For others who will be in similar situations, below are the row data as well. There's no much load on it until now just 5 pieces Hikvision security cameras. Regarding the noise: okay, not fully silent because of the 2 fans, but good enough with this load, mean...

halacs

Suggest reading this source if your keen to do the vlan router method.........
viewtopic.php?f=13&t=143620

Thank you so much for the link! It helped a lot! Very good tutorial!

halacs

Thanks for the link! It has an example with proper comments what seems very useful. I tried to do my setup in a very similar way but based on this one I will try it again and come back.

Thanks & br,
Halacs

halacs

Hi, First my question, then my environment. What is the best way to define these VLAN trunks and access point? What is the most flexible way? I will have a new switch what I want to add with the same VLANs but a new trunk cable. I'm not sure I did my configuration the best/easiest way. So about my e...

halacs

I got the following answer from the support regarding the fan control. I share it as it is. It might be useful for others too. Yes, this device has 2 fans, you cannot control them. Fan speed depends on CPU and SFP temperatures. At full speed, they are louder than ambient noise. When CPU/SFP or PoE c...

halacs

Sounds good! One more question: does this also mean that if I have only a limited POE power request (8 devices with max 7 Watt/port) then my device won't turn on the fans? How it goes in your case? I only have 4 PoE devices connected to mine: ether1 ether2 ether11 ether24 poe-out: auto-on auto-on a...

halacs

Sounds good!
One more question: does this also mean that if I have only a limited POE power request (8 devices with max 7 Watt/port) then my device won't turn on the fans? How it goes in your case?

halacs

That's bad. Then this device is not fit into my environment unfortunately.
There is no any device with passive cooling from any vendor, right?

halacs

Hi,

I see this topic is several month old already. I'm wondering if fan control is already solved.

I also want to buy want into my home office to feed my 8 POE security cameras (roughly 7W / camera). All the other devices would be non-POE.

Thanks!

halacs

Thanks all the help. Now it works. I made a stupid mistake first why the package wasn't installed after reboot: forget to check the architecture.
Now I have a working radius server tested with MAC authentication on my WiFi. Next step would be to configure it with a DD-WRT WiFi AP too.

halacs

It is part of the extra packages, right? I have downloaded these files but how to install?

halacs

Hi, I have two Mikrotik router and a DD-WRT too. Would it be possible to use one of them as a radius server for the WiFi authentication at least? I have WPA2-PSK with MAC filtering. It would be nice to configure WiFi users only one place and other APs use that central authentication device. Radius l...

halacs

Thanks! This helped me a lot!

halacs

In case of RB951G-2HnD device, "Routing, 25 ip filter rules, 689.8 Mbps" is shown under the test results for 1518 byte packet size. Does this mean, that if I have just 25 IP filter rules (under IP / Firewall / Filter Rules) , then I should be able to reach this throughput without fast track rules? W...

halacs

Great, thanks, I will check that one! Do you have any hint where I can find these performance related parameters? Where do you know these from?

halacs

I have just added the above two fasttrack firewall rules and my connection immediately because 2 times faster then before so this was definitely the problem. Big thanks! Just to make sure I understand correctly: they should be at the top of my firewall rules, right? Mkx, you mentioned 500Mbps is the...

halacs

Hi, I have a Mikrotik 951G-2HnD router. I suspect it is the bottleneck of my network why I cannot reach Internet with 500Mbps/20Mbps what my ISP should provide. I would like to know what can cause this: configuration of my device or hardware failure. I can measure maximum 100-120Mbps download speed ...

halacs

Hi, I noticed that my ISP (UPC Hungary) provides IPv6 address but my Mikrotik router didn't get it. If I directly connect my Windows 7 PC into the ISP's modem, I get IPv6 tunnel IP. This is how I noticed that IPv6 provisioning. I tried to use DHCPv6 and 4to6 tunnel too to get IPv6 address from my IS...

halacs

Is this the so called "MAC Protocol-Num" in winbox in the "New Bridge Filter Rule"? If yes, how can I filter only the inter-VPN advertisements? I cannot select VPN interface. UPDATE: my problem seems to be solved with the above hint I got. I added a bridge filter for ipv6 MAC protocol plus the MAC a...

halacs

Hi, I have 2 mikrotik routers interconnected with a layer 2 VPN. Layer 2 because I need to use broadcast messages between the sites because of a DLNA server in use. Is it possible somehow to block IPv6 IP address advertisements via the VPN? I want to avoid somehow to get IPv6 address from the other ...

halacs

Hi, I have a site-to-site L2 VPN. How can I disable to get IPv6 address via VPN? When I turn on IPv6 address advertisement on the Site1, Site2 also get IPv6 address automatically what I want to prevent. I tried with iptables6 rules but I could drop only ping packages while machine on the other site ...

Search found 35 matches

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Re: Radus server in my Mikrotik router

Re: Radus server in my Mikrotik router

Radus server in my Mikrotik router

Re: Performance of Mikrotik 951G-2HnD

Re: Performance of Mikrotik 951G-2HnD

Re: Performance of Mikrotik 951G-2HnD

Re: Performance of Mikrotik 951G-2HnD

Performance of Mikrotik 951G-2HnD

How to get IPv6 from my ISP

Re: Layer2 VPN packet filtering [SOLVED]

Layer2 VPN packet filtering [SOLVED]

How to disable IPv6 address advertisements on L2 VPN