MikroTik

Zacharias

But i can see traffic in both ether1 and ether2...

Zacharias

Note that not all packets in a connection can be FastTracked, so it is likely to see some packets going through slow path even though connection is marked for FastTrack
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

Zacharias

It looks like a DHCP starvation attack to me...

Zacharias

Well there is a better solution. Instead of using repeating, since it is not a good technique in our days and you have a significant loss in bandwidth, you can either use one of the bands of the cap ac (2.4 or 5 GHz) to create a PTP link between the two caps or you can create a station mode ( in any...

Zacharias

Well queue trees are a very very good choice for QOS for non simple setups.
Maybe there are some faults in your mangle rules thats why you think they stop to work ?

Zacharias

You connected them using what mode? One simple thing you can do is on the map lite create a bridge, put the ethernet and wifi interfaces inside the bridge and then enable dhcp client for the bridge interface it self. So when the map connects to the hap, the bridge will get an IP address from the dhc...

Zacharias

Thanks. Netinstall made it.

Great... you can mark the post as solved.

Zacharias

@Zacharias, the bold part in what you wrote below when an arp request is sent, IF no other host responds to that ARP request AND IF that host is known from the router, then the router responds to that arp request with its own mac address. means to me exactly the same as the bold part in what you "n...

Zacharias

As for the router with arp=proxy-arp responding only if there is no other response to the ARP request, I have to disagree with you, as the router has no way to notice an absence of an ARP response to a request As i said erlier, when an arp request is sent, IF no other host responds to that ARP requ...

Zacharias

Wow... first time i see that...
Well try to netinstall your device...

Zacharias

Nice video...
So it seems Audience is performing well...

Zacharias

This is a MikroTik forum and you don't even mention the MikroTik model, how you ve setup it etc while you give as the other brand's model ?

Zacharias

I think that's exactly what I wrote there... No, before that you say that: when the client sends a packet to a device in 10.0.0.0/24, the packet is delivered to the Mikrotik client doesn't send any ARP request as the destination IP matching the server's LAN subnet is (hopefully!) in none of its loc...

Zacharias

@sindy i just read your other Post. Well if for example i have host A with IP 10.0.0.2 in one side of the tunnel and i want to lets say ping host B with IP of 10.0.0.3 on the other side of the tunnel, according to your Post that goes directly to the router. Generally speaking yes, but what happens i...

Zacharias

one example, connection-state=established,related or connection-state=established,related,untracked I would suggest you study about firewall a little more. From your question here it is obvious you miss a lot of basic things about firewall. Also the default firewall it is a basic firewall. This doe...

Zacharias

What type of video is that?
For example iphones do not support flash videos.

Zacharias

For 30-80m it seems like a total overkill. https://mikrotik.com/product/wireless_wire For 30-80m it seems like a total overkill. https://mikrotik.com/product/wireless_wire It will work like a charm...! XVO you can have a look at this post https://forum.mikrotik.com/viewtopic.php?t=128251 ... This p...

Zacharias

What is the client? There were some changes in authentication, so for example MAC telnet from old RouterOS can't connect to new one.

He already said its a new router trying to connect to with telent... so to my understanding the client is the router mentioned.

Zacharias

No never seen that...
I would say either you login to a wrong device or your username/password is indeed wrong...

Zacharias

Netinstall your device...
You can find more information on what netinstall is and how to use it in the wiki....

Zacharias

For that distance i would use a 60GHz product...
Probably this one https://mikrotik.com/product/wireless_wire_dish

Zacharias

Mikrotik has a compatibility list for Mikrotik SFPs only...
So no one can tell you unless he has used the specific SFPs with a CRS309...

Zacharias

Are you sure ? If it was the firewall then when you tried to access Lan 2/3 from Lan 1 you would still get blocked when Lan 2/3 replied and there would be no communication.
But you said you could access Lan 2/3 from Lan 1...!

Zacharias

Your configuration export ?

Zacharias

yes it is possible.
What is your configuration?

Zacharias

My opinion is yes, without problems.

Zacharias

I never said anything different @pe1chl...! You said, generally speaking, in your previous post : note that this is completely unrelated to communicating with other systems on the LAN - an ARP entry is not required or created for that So yes it is not required in the router, but yes it is required i...

Zacharias

So you added the routes and what else?

Zacharias

note that this is completely unrelated to communicating with other systems on the LAN - an ARP entry is not required or created for that What? Lets say i want to access / communicate with another computer in the same LAN using it's IP adress, how do you think that MAC is being learned from my compu...

Zacharias

Where do you get this error?
Give more details please...

Zacharias

Remove the src-nat for subnets 192.168.2.0/24 and 192.168.3.0/24 when those subnets are the destinations.
Sorry, I didn’t understand how to do this?

I can not help you on how to configure an Edge router...

Zacharias

You ve tried with other devices with static IPs except your server and still no arp entry? Or just with your server? Did you turn your server to DHCP and there was an ARP entry or you just assume that this happens because of the static address ? Excuse me @mkx but the DHCP Server has as default valu...

Zacharias

@overseerua did read me previous post ?
Remove the src-nat for subnets 192.168.2.0/24 and 192.168.3.0/24 when those subnets are the destinations.
You can try this and let us know...

Zacharias

No valid profile found means that the profile has been either expired because of reached uptime limit or because profile validity has ended.
So what are the limitations you ve added in the specific user profile?

Zacharias

I ve not tested in an MQS to be honest but i don't see why it should not work...

Zacharias

Sorry but what is your question?

Zacharias

Your configuration export would help...

Zacharias

Why is your default authenticate disabled? Post your Access List Settings...

Zacharias

Is ARP enabled inside your Bridge Interface ?
Is the device directly plugged to the Hap ?

Zacharias

When in AP mode, is PSK encryption enabled ?

Zacharias

have dynamic rules created for each client from DHCP server leases Requires the lease to be static... Are you sure about that: all the needed settings are in dhcp-server config? There is no rate limit setting under dhcp server... The only rate limit can be applied for a static lease... So yes unles...

Zacharias

have dynamic rules created for each client from DHCP server leases

Requires the lease to be static...

Zacharias

You could try some other frequencies and also play a little with the channel width and central frequency...

Other than that since you have a slow download it seems like a transmit problem from the wifi perspective...

Try my suggestion and see how it goes...

Zacharias

Why you are so sure that 802.11 does not work for you?
Yes it does not use TDMA as Nv2 and also Nv2 has the benefits of applying QOS as mkx correctly says but is it so bad with 802.11 that makes it impossible to work right?

Zacharias

In the download section of the product's page there is the brochure and the quick guide...

Zacharias

I think i found the problem... When PC1 tries to reach PC2 then the trafiic gets src-nated with the routers Wan 1 address.So 192.168.1.11 (PC1) -> src-nat to routers address lets say 192.168.2.1 -> 192.168.2.22 (PC2) When the packet returns from PC2 it will go to 192.168.2.1 the router wiill remove ...

Zacharias

It can be anything...
High CPU on the 433, no QOS, the NAT between two routers etc...
So, what is the CPU load the time of the lag?
Can you use a PPoE client on the router instead of a DHCP client?

Zacharias

No and No...
You must use MikroTik devices only..!

Zacharias

Router model?
Yes you could apply some QOS, but what makes you believe that this half a second lag is because of the MikroTik router?

Zacharias

From wiki: The backup RouterBOOT version can not be older than v3.24 version. A special package is provided to upgrade the backup RouterBOOT (DANGEROUS). And: Newer devices will have this new backup loader already installed at the factory. https://wiki.mikrotik.com/wiki/Manual:RouterBOARD_settings#P...

Zacharias

NV2 is a MikroTik protocol and used only between MikroTik devices.
No other device can connect using nv2.

Zacharias

The matching of DHCP networks is like matching of routes, it will use the most specific network that matches the IP being handed out

Nice, that makes it totally clear to me...

Zacharias

Great...!

Zacharias

Yes but how will you define that inside the static lease?
You can only select the DHCP server to use...!

Zacharias

The Bridge's actual MTU just changed to the value of it's lowest member.
However we can correct it by changing the Bridge's MTU to 1500 again...
Most sites indeed won't load, not all, because of fragmentation problems caused by the smaller MTU...

Zacharias

Oh i forgot you want to route the traffic through specific line...
Remove the first mangle rule and in the second mangle rule add dst-adress !192.168.1.0/24

Zacharias

Did you try to netinstall ?

Zacharias

The VLANS are configured on your switches, right?
No need to change antything to your PTP link...

Zacharias

Target of the parent must be changed to 192.168.1.0/24 and the algorithm used should be PCQ upload/download default.
After that it will work just perfect.!

Agree as well with xvo on 1 and 2

Zacharias

Go to your Bridge interface and change the Bridge's MTU to 1500 Byte...

Zacharias

I agree with pe1chl.
Also yes do not use pptp, instead use L2TP/IPsec...

Zacharias

What is considered a high amount of caps?

Zacharias

mkx i missed that... but yes it does not change much...

Zacharias

for me it is important that works!
any help on the port isolation?

Am confused.. you said it does not work on your first post!

Zacharias

Only CRS3xy support hardware DHCP snooping... am not really sure what happens with other models...

Zacharias

If @zuku tells us why he does not want a specific PC to have DNS we might find a better solution...
As i said earlier even if no DNS is passed to the PC again the user can manually enter a DNS. So?

Zacharias

Sure. But to get a response back without manually configured routes on mikrotik, there has to be NAT involved.

You re right on that...

Zacharias

From what device ?

Zacharias

Edge router does not know where 2.0 and 3.0 are...
So since it communicated with them someone has manually configured it.. Thats why there is a one direction communication...
Ofcorse there might be other reasons too...
But i don't see your suggestions XVO

Zacharias

Add a route in each mikrotik for the 192.168.1.0/24 and gateway the WAN IP of the Edge rourer...

Zacharias

ROS version?
How does the cap see the Capsman? Through L2? L3? Capsman name?
Equipment used?

Zacharias

You should post in english...!

Zacharias

VPN type ?
Can you provide a simple diagram of the network?

Zacharias

When do I need to use 'Rebuild' database? After erasing users? Whenever I add new users? . 2. Is it really needed to reboot after rebuild?

Interesting question indeed...

Zacharias

You keep being funny and only spamming the post!!! You play the smart and perfect not me.. you are the one who keeps correcting me, being ironic, critisizing, judging my way of thinking, being totally rude by telling me arrogant, talking about my motivation while you dont know me and stuff... You kn...

Zacharias

Use the main routing table for the 192.168.1.0/24 subnet by adding an accept rule for that in a prerouting chain...
Where is that PLDT route?

Zacharias

I dont think that this is what he talks about...
Inside the DHCP server network there is the DNS field where you specify the DNS server that will be sent to the dhcp client.
So my understanding is that he does not want the DNS to be sent to a specific client, thus leaving him with no DNS...

Zacharias

Ridiculous and funny is that you post more about me than for the actual post! Other than that i do not care about what you say..

Zacharias

Even if you could, still a DNS can be manually assigned to the computer.
So why exactly you do not want a DNS on that computer ?

Zacharias

Guessing is fun, if you like hitting your head against a wall.

I don't hit my head to any wall...!
I believe i can tell my opinion and guess as much as i want...

Zacharias

The client device should request an IP from the DHCP Server... if there is already a lease for a specific client then in order to get a new different IP the client must release the one it has and then renew to a new one... Your DHCP server has nothing to do with that... The proccess is ( How DHCP Se...

Zacharias

What kind of TCP window issues ? Can you give an example ?

Zacharias

What do you mean 12v ? Hap comes with a 24V adapter.
Also, why 2 cables coming out of the router ?

Zacharias

Blue led means the device is powered on and the blinking Red that the device scans for radar (DFS)
https://mikrotik.com/product/audience#fndtn-downloads

So the leds do not indicate any problem...

Zacharias

Well there are many ways you can implement this... Personally i wouldnt use PPTP and probably not EoIP too... Either i would setup an SSTP server to my home router and configure the remote routers to connect to my SSTP server or in case Layer2 connectivity is important i would implement SSTP with BC...

Zacharias

You can achieve 40 Mhz channel width with the use of extention channel 20+20Mhz ( channel bonding )... When channel width is 20/40 (20+20)Mhz then both can be used, when channel width is 40 (20+20)Mhz then only 40 Mhz are used...That is the difference... There is no 40Mhz channel in real, it is alwa...

Zacharias

OP stated in the first post that he wants to connect hAP ac2 to Cisco 2960s, which is a gigabit switch. And that's all that matters. If i connect a device to a switch that means that the device it self must be used as a switch? Really? Who assumes things now? Also he calls hap ac2 a ROUTER, read th...

Zacharias

I do not think that by adjusting the high throughput (HT) rates you can force the use of only 40 Mhz channel width since all rates work on both 20Mhz and 40Mhz as well...
So any rate can give you 20 and 40 Mhz as well...
Also 40Mhz width means 2x20Mhz channels...!

Zacharias

Just buy a MikroTik 100Mbit POE injector, no need to get the gigabit one and a 24V 0.8 A power supply... Oh please, OP's got a gigabit device and now you're suggesting him to cripple one ethernet link by using inappropriate PoE injector? With difference in suggested price of astronomic 3 bucks ($8 ...

Zacharias

In your map lite create a bridge with all the available interfaces.. Then assign a static IP to the Bridge interface in the same subnet as the gopro, for example if gopro has an address of 10.5.5.1 then you can use 10.5.5.2/24 assigned to your bridge. After that go to the wireless interface, use as ...

Zacharias

Cap lite has a 1.5 dbi antenna... if you set it to 16 dbi then you increased the Gain and as a result the Tx power was decreased...

Zacharias

Try to netinstall your cap...

Zacharias

How do you know it crashes / stops working ?

Zacharias

Let me guess... Is eth5 inside a Bridge? (If yes it'swrong)
Second guess, does eth5 have an IP address ?( if no then assing one )

Zacharias

Just buy a MikroTik 100Mbit POE injector, no need to get the gigabit one and a 24V 0.8 A power supply...

Zacharias

Did I understand correctly that only 20/40 MHz can be set in RouterOS even if all my clients are 802.11n ?

802.11n does not mean channel width of 40 Mhz only...!
802.11n operates at 20Mhz as well...

Zacharias

I do not use swOS... really there is no telnet under tools?

What do you mean you have to reboot to get a new address from DHCP server?

Zacharias

Have you changed anything inside the ipsec configuration ?
It seems the problem is with the ipsec encryption algorithm...

Zacharias

Yes you can set an interval of 15 minutes...
Create a channel list and the selection will be according to the list...

No you can not set a width of 40 Mhz only...

Zacharias

Or you can setup capsman manager and configure reselect interval parameter...

Zacharias

I don't think any algorithm is used. Probably the less crowded frequency is used... Also in case you select channel widths with XX and XXXX extensions automatically scan for a less crowded control channel frequency based on the number of concurrent devices running in every frequency and chooses the ...

Zacharias

Go to system packages and click on check installation button... Does it say OK?

If yes then download the 6.45.6 version, upload it to your CRS, go to system packages and click downgrade... does the problem persists on 6.45.6 ?

If yes the next thing you can do is netinstall your device...

Zacharias

I ve used netinstall many times... it does not select any package by it self...
I have not tested what it does in case you have a mipsbe architecture device and you browse to a path with smips package, does it show them in the list or not???!!!!

Zacharias

When looking in packages there is empty my suggested packaged will not be visable. Ofcorse it is empty.. you should browse to the path where your packages are and then they will be listed. Also you could try with a different netinstall version... If the problem persists then obviously there is a ha...

Zacharias

OP stated
They will connect through outdoor access points.
So I gather he's asking if hAP ac2 is capable of firewalling/queuing/shaping/... that many users. It's not a question about WiFi part after all.

I missed that...

Well personally i would suggest you to use the RB4011...

Zacharias

mode=ap-bridge allows 2007 clients
https://wiki.mikrotik.com/wiki/Manual:W ... _AP_Client

However if you want good results you should use 2-3 Access points for your 100 clients...

Zacharias

If reset doesn't work go for netinstall...
What is your ROS version ?
In case protected-routerboot is on netinstall won't work.

In case it is on it can be disabled

Write permissions will work just fine...

Zacharias

If there are no other SFP listed it simply means you should try and see...

Zacharias

Maybe bridge ports are set to dynamic?
I guess it is a configuration error, double check all your config...

After that you could do a netinstall...
ROS version ?

Zacharias

If reset doesn't work go for netinstall...
What is your ROS version ?

Zacharias

Mikrotik has a compatibility list for the SFPs...

Zacharias

Am waiting for the results...

Zacharias

You have to manually add the firewall rules now...
You will find some example in the mikrotik wiki page...

Zacharias

donsergio you would use all rates fixed ofcourse.... What is the distance of your farthest point antenna ? You can not have all your clients happy.. just try for the best... Having two antennas so close increases the noise, causes interference and so on... you can not make it perfect...! Increase th...

Zacharias

Exactly mkx... it uses broadcast thats why there is no access to another subnet... mkx what do you think about setting dns domain in the dhcp ? Do you think that would work ?

Zacharias

You can not access a computer by host name because it is on a different subnet...

I guess if you specify the domain name inside your dhcp server, then if you type the domain name.hostname from any subnet you will have a successfull communication.. you can try that...

Zacharias

No...
Just lower the Tx power by using either the 1st or 2nd technique... lower by 1 dbm at a time and you will see that -35dbm will start slowly getting close to -40...-50 and so on...

Zacharias

Lower the Tx power of the Access Point... In the wireless menu click advanced then go to Tx power tab and start lowering the Tx power till the -35 goes at least -50... Another way is to increase the Gain of the AP and then the EIRP will be calculated accordingly. As a result the Tx power will be aut...

Zacharias

You do not need to disable a whole firewall so that you can accept ping in your computer... just enable the icmpv4 echo request in your incoming rules of your windows firewall...

Disabling a firewall means that you just don't know what blocks you...

Zacharias

In your firewall place all the accept rules of forward chain first and then add the drop rules...

The logic is first we accept and then we drop...

Zacharias

Check your log... what does it say ?

Zacharias

If it worked after a reset with remove configuration then it is obvious there was something wrong with your previous configuration...

Zacharias

First and most important, does your ISP give you a second static IP ?

You can use Mangles and PCC to load balance your WAN interfaces https://wiki.mikrotik.com/wiki/Manual:PCC

Zacharias

In 5GHz AC you can set data rates from default to configured and then go to VHT rates tab, very high throughput tab, and remove some basic and supported rates... This way your rate will not fall to low speeds... However you might have disconnections etc.. Your rate goes low for a reason... Did you t...

Zacharias

Honestly i understood nothing....

Zacharias

A diagram would help...

Zacharias

As i can see you use default security profile that makes me guess you do not have any encryption used. However for some reason the clients are trying to connect with a password either because you had an encryption before for the same SSID or some other reason i am missing ( different password than b...

Zacharias

Voltage drop 5V ?
How exactly did you calculate that?
Again, you don't know the voltage drop when the quality of the cable is not known...! You say it like it is a rule or something, but it is not..!

Zacharias

You will have to enable client forwarding. Since this will affect all clients and because every device is in the same Layer2 network, you can use Bridge Firewall... Through the Bridge firewall you can accept all forward traffic from the device you want and block all others... I think that should wor...

Zacharias

You suggest an active device although there is a whole new product designed exactly so you dont have to add an active device in order to extend your cable... I ve used and tested GPeR, works perfect.. Just add one at about half your distance, 70m, and you will be ok... There is no need of a poe calc...

Zacharias

Definitely it will not work at all or if it will connection between nodes will be unreliable.... This dimitris is just in theory... sorry to dissapoint you but in practice is not exactly like that...! At least you can not be certain... I ve seen UTP CAT5e cables with length of 60-70m perform poorly...

Zacharias

Probably yes if the quality of the cable is good, but just to be sure use the GPER
https://mikrotik.com/product/gper#fndtn-specifications

Zacharias

Why does the HUAWEI MA5671A SFP module WORK in the MikroTik RB2011 SFP port but does not work in the same way on the MikroTik hEX S SFP port? What is the same way? Is that a technical description of a problem? How can someone possibly understand the problem if you never explain it? Also why don't y...

Zacharias

Well, you can read it again

I made it as usual.

There is no configuration named "usual" so i do not know what that is...

You should provide an export of capsman and cap...

Zacharias

Is that ether2 inside a bridge? If yes what is the Actual MTU of your Bridge interface? From your other post the PPPoE client uses 1492 Byte of MTU just fine... So the problem is not in your PPPoE client... Also try to ping from your router with DF enabled, not your computer, and check if you can pa...

Zacharias

I suppose what you want is two wireless clients to communicate with each other right?

Client forwarding is for that.. not local forwarding, this is something else...

Is the printer in the same subnet as your wireless clients?

Zacharias

What is the configuration of the security profile on your AP ?

Zacharias

Since your MikroTik shows 1492 Byte of MTU, then the only reason you cant pass more than 1480 should be your ISP...

Zacharias

What do you mean you have 1480? How do you test that?
Where is the PPPoE server? Your ISP?

Zacharias

You do not provide any details at all...!
You just say i did a configuration and it didn't work, then i made another configuration and it worked...

How can possibly someone tell you what is wrong ?

Zacharias

Try not to use discovery interfaces and instead use the capsman address field...
Also just for testing do not request any certificate...

Zacharias

I don't understand....!
As i can see your MTU is changed to 1492... so?

Zacharias

Are you trying to access your router through LAN ?
Can you ping the router?

Zacharias

Is your MikroTik router behind NAT or you have PPPoE client configured? In simple words, does your MikroTik router have a public IP ?

Are ports UDP 500, 4500, 1701 accepted in firewall ?

Zacharias

You can not set max MTU?
If you create a new PPPoE client, before saving, can you type in the max MTU field?

Zacharias

Do you have accept rules for ports UDP 500, 4500 and 1701 ?

/ip firewall filter
add chain=input protocol=udp port=1701,500,4500
add chain=input protocol=ipsec-esp

Zacharias

Well i can just confirm that windows 10 can connect just fine to a MikroTik L2TP/IPsec server...
I ve setup it many many times...

Zacharias

As you can see Artes i was right that it can work using the connection limit parameter and adress lists...

Msatter the manual clearly states that the rule works after matching value is reached....!

Zacharias

You can always have failover links...

Zacharias

The easiest thing you can do is setup simple queues on your router in order to limit the upload of those devices...

Zacharias

Use PTP or PTMP links...

Zacharias

Works just fine on a CCR1009-7G-1C-1S+ v6.45.6

Zacharias

Why the connection with your PC is not full duplex ?

Zacharias

That's why there is a manual... connection-limit: Matches connections per address or address block after given value is reached. Should be used together with connection-state=new and/or with tcp-flags=syn because matcher is very resource intensive. Source: https://wiki.mikrotik.com/wiki/Manual:IP/Fi...

Zacharias

Maybe CPU is high when you loose those pings ?

Zacharias

Check the connection limit parameter in firewall...
Add the addresses in a list and then with scripts you can use those address lists as you want...

So yes, it seems possible...

Zacharias

I would not use MESH...!
MESH works by repeating the signal and you have significant loss of Bandwidth...

Also for a new user, setting up a MESH network is not that easy...

That's my personal opinion...

Zacharias

In general, do not let port 8291 open to any public IP...Use VPN to access your devices and allow access to 8291 only from your VPN interface... But in case you do not want to use VPN, then allow access to your device from your public IPs but also use port knocking technique... The safest you can do...

Zacharias

You really don't want your router to communicate with mikrotik ? Why?

Zacharias

So you did put your real public addresses, that may not even be Static, inside your mangle rules?

I Never, never, in all the networks i ve setup, i had to do this configuration... But anyways if it works what can i say...!

Zacharias

It is related to the cloud DNS...
The device checks according to the manual every 60 seconds for change in the public IP...

So if lets say it informs their server every 60 seconds then we have 60 queries per hour, 1440 in 24 hours per device...

Zacharias

Yes you can.
Use station mode on your HAP AC and connect wlan2 to your wifi managed by Capsman...
Then enable CAP on wlan1 and set your Capsman address...

Zacharias

Go to system logging and select debug, DHCP...
Then you will get debug information in your log for the DHCP...

Zacharias

Well mkx is right on that.. Although that has no terrible effect to the other clients..but anyway There are the Basic rates and the Supported rates. The basic rates are those that the client device must support in order for a connection to happen. The supported rates on the other hand are those that...

Zacharias

I fixed the problem. NAT Configuration is OK, the problem is on the Mangle. No it is not ok..! You do not masquerade your whole192.168.100.0/24, only one part of it... You will have no internet access from the "subnet" you do not masquerade... Is Necessary to configure the MANGLE like in the pictur...

Zacharias

Right, i forgot that...

Zacharias

This is the current max Tx and Rx values for the client. No it wont affect other clients... The Tx and Rx values have to do with so many factors like distance of the client, interference, wireless protocol used, wireless frequency and channel width, HT and VHT MCS rates, CCQ, SNR etc... You will fin...

Zacharias

It is not a functionality of a specific product... It is a feature of the RouterOS in the Wireless facility...
I don't see why it won't work if its either 2.4GHz, 5GHz or 60 GHz...

Zacharias

Go to services and tell me what service is down...

Zacharias

The same 2M DAC cable didn't work from the MikroTik to the SFP+ Is that SFP in the compatibility list of SFPs ? Setting to swos makes the system unusable It seems wrong configuration from your side... Only 6 ports init on boot. I do not understand what you mean... An unbelievable amount of "bugs" L...

Zacharias

That was already mentioned in the quick guide of the product...

This will only work if "PoE in" is served by passive PoE source, as 802.3af/at switches will not be able to power the GPeR itself.

https://mikrotik.com/product/gper#fndtn-downloads

Zacharias

Use Hairpin NAT https://wiki.mikrotik.com/wiki/Hairpin_NAT

Zacharias

How do you see these devices? Through VPN?
Are those devices in your local network ?
Provide more details.. It's really easy to add a device in Dude...

Zacharias

This rule has as source address the second "subnet" ( there is no real subnetting here)...

There is no masquerade for your other subnet...

Zacharias

Either wrong configuration or you trace route a non existing IP...

You were already missing a masquerade rule for your first "subnet" , i don't even know how you could reach the Internet through that subnet with that rule missing...

That's why i believe there are mistakes in your configuration...

Zacharias

Are you sure that this is the correct public IP ?

Zacharias

What do you mean by static and dynamic server?

Zacharias

You have no masquerade rule for 192.168.100.1-20...

Also i would make the masquerade rules more strict, i would use source address and out interface at the same time...

Zacharias

You dont mention the version of netinstall you used. However, i ve netinstalled a couple of routers over time and from my experience i would tell you to try 2-3 different versions of netinstall and see if any of them works... Also do not release the reset button even if the usr goes off, keep pressi...

Zacharias

I monitor over 1000 devices without a single problem...
So the number of your devices you monitor is not a problem...

Zacharias

Do you connect hap ac2 as a client to a Mikrotik AP or some 3rd party AP?

To a MikroTik AP...

Could it be that "station" implementation on Hap AC2 has issues?

No

Zacharias

Export your NAT configuration...

Zacharias

and with all the downsides of hairpin NAT

What are the downsides ?

Zacharias

What you are looking for is called Hairpin NAT. But i remember from other posts you don't like Hair Pin NAT... :lol: If you want to access just your router from inside the LAN you can just add a static DNS entry... In case you want to access more then as xvo suggested you should use Hair Pin NAT...

Zacharias

Tx rate is the speed the data are being transmitted from the Access Point.

Rx rate is the speed the data are being received from the Access Point.

If hardware frames > frames then simply there are retransmissions...

Zacharias

Even though you use queue trees, as i can see an average of 50% is constantly consumed by the queues...

How are you giving internet to your 1000 clients? Using tunnels?

Zacharias

I guess you use Simple queues right? They cosume a lot CPU...

Go to tools Profiles check all and click start, then see where the most CPU usage is...

Zacharias

Yes, an email can be sent..
https://wiki.mikrotik.com/wiki/Manual:T ... ifications

Zacharias

Did you use a multimeter and there was no voltage on the pins ?

Zacharias

This is for an off-grid application where batteries power the application So what you need is the overall consumption... Open a terminal and type system health print oid There you will see if there is an oid for the power consumption for your device which you can use with snmp later.... For example...

Zacharias

You can use the "area" value at the AP side and then match that area using the connect-list "area-prefix" value on the Station Side...

This way you actually select to what Access Point each client will connect to...

Zacharias

You have to setup a management port
https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering
https://wiki.mikrotik.com/wiki/Manual:B ... _switching

Zacharias

DHCP works in Layer2, however Station mode does not...
https://wiki.mikrotik.com/wiki/Manual:W ... de_station

Assign static IP to wlan1...

Edit:
I did a test and DHCP client works fine on station mode....

Zacharias

I have not tested it to see if in a situation like this would work but did you try the undo button ?

Zacharias

I have two NetBox 5's set up as WDS bridge. Working fine. The STA side shows signal strength on the LEDs just fine, the AP does not. That is corect..! The Station shows the signal quality level that has achieved with the AP connection... default behavior of a station device... On the AP by default ...

Zacharias

Znevna, since you found a bug ( at least thats what you think ) you can contact mikrotik support...!

Also since you know too much, i dont think we can help...you found all answers off topic!!!

Zacharias

Am totally sure for what i write... If you are assigned a static IP, YES you can use it statically to your Interface and then configure your routes, NAT etc... Besides that, you said your IP is provided through a DHCP server, you gave no more details... If your IP is given through a tunnel, which yo...

Zacharias

Only Hotspot comes to my mind in order to accomplish this setup...

Zacharias

Even if i request static ip address from ISP, the static ip is also delivered thru DHCP.

No...!
Ofcorse you can assign that static IP to an interface without the need of a dhcp client...

Also, are you sure the IP given to you by your ISPs router through DHCP is a Public IP address?

Zacharias

Why do you need quickset ? Just configure your wireless interfaces by hand and add them inside your bridge... it's really easy... Mode: ap bridge SSID: your ssid name Frequency: auto Protocol: 802.11 Frequency mode: Regulatory domain Country: your country Gain: 3 Security: the security profile creat...

Search found 760 matches