Community discussions

MikroTik App

Search found 2360 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 8
by Zacharias
Mon Jun 21, 2021 9:44 pm
Forum: RouterOS v7 BETA
Topic: Reset to Factory Default on every reboot
Replies: 9
Views: 1008

Re: Reset to Factory Default on every reboot

I can add another RB2011 ...
I have the same problem as you how did you solve it?
Perform a Netinstall and then check again...
https://wiki.mikrotik.com/wiki/Manual:Netinstall
by Zacharias
Mon May 31, 2021 8:29 pm
Forum: Beginner Basics
Topic: Limit a particular client to only communicate with another client on LAN
Replies: 3
Views: 284

Re: Limit a particular client to only communicate with another client on LAN

Access to the Internet will be blocked using the Firewall (Layer 3 Traffic)...
As for the LAN (Layer 2 Traffic) filtering, either use Bridge Firewall or VLANs...
by Zacharias
Mon May 31, 2021 8:17 pm
Forum: Beginner Basics
Topic: Trying to setup a guest WiFi with 2 RBs
Replies: 8
Views: 507

Re: Trying to setup a guest WiFi with 2 RBs

I agree with @tdw.. I don't see the reason as to why use multiple Bridges along with VLANs... I Would use Capsman with VLANs to setup both my local and Guest Wireless networks... Both examples here https://wiki.mikrotik.com/wiki/Manual:CAPsMAN_with_VLANs can help you understand how it works... OR Go...
by Zacharias
Mon May 31, 2021 10:42 am
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 849

Re: Point to Point Addressing /32 or /31 Default Route [SOLVED]

...But i ve seen other posts too with problems configuring a /31 subnet between two Mirkotiks official word from MT Support is that ROS does not support /31, have to use /30 or alternatively ptp addressing /32 Exactly, when i used /31 on the remote end and /30 on the first router it worked... on /3...
by Zacharias
Sun May 30, 2021 11:10 pm
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 849

Re: Point to Point Addressing /32 or /31 Default Route [SOLVED]

Ok, i repeated the test but now i did enable proxy-arp on the interface that points to the router at the remote end... So, two Mikrotik Routers, both on /31 networks and proxy-arp enabled on the first one's p2p interface ... Stil it didn't work... As soon as i expanded the network size of the first ...
by Zacharias
Sun May 30, 2021 7:25 pm
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 849

Re: Point to Point Addressing /32 or /31 Default Route [SOLVED]

The Network parameter is x.y.z.(w-1) ...
by Zacharias
Sun May 30, 2021 5:03 pm
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 849

Re: Point to Point Addressing /32 or /31 Default Route [SOLVED]

The IP address is x.y.z.w/31 assigned to ether1... The default route uses ether1 as Gateway...
RouterOS version is 6.45.6...
by Zacharias
Sun May 30, 2021 4:04 pm
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 849

Re: Point to Point Addressing /32 or /31 Default Route [SOLVED]

@sindy i did run the packet sniffer tool, the physical interface connecting both routers was set to the interface field, IP Protocol was set to ICMP and direction to any. I created the .pcap file... I did run the same test 3 times, first for 5 minutes then 10 and finally 15 minutes... I opened the ....
by Zacharias
Sat May 29, 2021 10:10 pm
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 849

Re: Point to Point Addressing /32 or /31 Default Route [SOLVED]

Ok thanks @sindy and @mkx ...
by Zacharias
Sat May 29, 2021 7:10 pm
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 849

Re: Point to Point Addressing /32 or /31 Default Route [SOLVED]

Thank you Sindy ... So, it doesnt matter if it is a /32 or /31 subnet as long as it is a point to point connection right? ( what do you mean by point to multi point ? Connecting a router directly to another one is a point to point one, so ptmp means ? ) Ok, then it doesn't work unless it is a PPP in...
by Zacharias
Sat May 29, 2021 2:15 pm
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 849

Point to Point Addressing /32 or /31 Default Route [SOLVED]

What are the cases where interface name can be used as Gateway on a default route ? I know on PPP interfaces, interface name can be used successfully as a Gateway... Does the same happen for point to point addressing between two routers? If i setup a /32 or /31 network between two Mikrotik routers a...
by Zacharias
Mon May 10, 2021 6:34 pm
Forum: General
Topic: Queue
Replies: 1
Views: 233

Re: Queue

Export your queue configuration and post it in code tags...
by Zacharias
Fri May 07, 2021 7:53 pm
Forum: General
Topic: wAP LTE kit loosing LTE connection
Replies: 4
Views: 538

Re: wAP LTE kit loosing LTE connection

RSRP, RSRQ and SINR are Good...
by Zacharias
Fri Apr 30, 2021 11:37 pm
Forum: Wireless Networking
Topic: Co-locate wAP 60G AP / wAP 60Gx3 AP
Replies: 12
Views: 983

Re: Co-locate wAP 60G AP / wAP 60Gx3 AP

You can not ping the device from the APs side or the clients side ?
- PSE Omni side.
I would test the device for a couple of days at home and see how it behaves...
Just update and maybe reset-configure again...
by Zacharias
Fri Apr 30, 2021 11:30 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1725

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

nstreme OTOH is detected by 802.11 devices Yes since CSMA/CA by default is not disabled on the nstreme protocol... https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#Nstreme But will it still be detected if i do disable it ? Is it detected because of any other reason ? nstreme uses the pollin...
by Zacharias
Fri Apr 30, 2021 8:53 pm
Forum: Wireless Networking
Topic: Co-locate wAP 60G AP / wAP 60Gx3 AP
Replies: 12
Views: 983

Re: Co-locate wAP 60G AP / wAP 60Gx3 AP

Electricity is supplied but the ping does not go.
You can not ping the device from the APs side or the clients side ?
by Zacharias
Fri Apr 30, 2021 1:37 pm
Forum: General
Topic: wAP LTE kit loosing LTE connection
Replies: 4
Views: 538

Re: wAP LTE kit loosing LTE connection

What are the RSRP, RSRQ and SINR values under Cellular tab?
Is the SIM inserted correctly ?

Ros Version ?
Is the LTE modem updated ?
by Zacharias
Fri Apr 30, 2021 1:17 pm
Forum: RouterBOARD hardware
Topic: RB760iGS - when using SFP ethernet interfaces get locked
Replies: 5
Views: 918

Re: RB760iGS - when using SFP ethernet interfaces get locked

Is the SFP module a compatible one ?
Network diagram ?
by Zacharias
Fri Apr 30, 2021 1:12 pm
Forum: Wireless Networking
Topic: Co-locate wAP 60G AP / wAP 60Gx3 AP
Replies: 12
Views: 983

Re: Co-locate wAP 60G AP / wAP 60Gx3 AP

but tends to disconnect by itself
What do you mean by that ?

So you have 3 WAP APs, what about the Clients ? Models ?
by Zacharias
Fri Apr 30, 2021 1:07 pm
Forum: RouterOS v7 BETA
Topic: Reset to Factory Default on every reboot
Replies: 9
Views: 1008

Re: Reset to Factory Default on every reboot

Go to /system packages and proceed to installation check... what is the result ?
Most problably you should perform a net install on your device...

Is there anything unusual on system shceduler ?
by Zacharias
Fri Apr 30, 2021 12:39 am
Forum: General
Topic: VPN OPTIONS @ HELP with MUDI
Replies: 3
Views: 387

Re: VPN OPTIONS @ HELP with MUDI

Looks nice...
There is no wireguard support as far as i know...
by Zacharias
Fri Apr 30, 2021 12:34 am
Forum: General
Topic: User Manager - Address-List
Replies: 6
Views: 442

Re: User Manager - Address-List

ok, because i've not seen this type of menu on hotspot users before...
by Zacharias
Fri Apr 30, 2021 12:23 am
Forum: General
Topic: User Manager - Address-List
Replies: 6
Views: 442

Re: User Manager - Address-List

What is your ROS version ?
by Zacharias
Tue Apr 27, 2021 3:20 pm
Forum: RouterBOARD hardware
Topic: LHGG LTE6 kit dying after a few minutes
Replies: 3
Views: 706

Re: LHGG LTE6 kit dying after a few minutes

On a POE switch you mean.. i guess...
by Zacharias
Sun Apr 25, 2021 7:26 pm
Forum: RouterBOARD hardware
Topic: LHGG LTE6 kit dying after a few minutes
Replies: 3
Views: 706

Re: LHGG LTE6 kit dying after a few minutes

What is the status of the LTE modem when this happens?
Is it running? "R" flag...
What does the status tab of the LTE interface indicate ?
What does the log say ?
by Zacharias
Sun Apr 25, 2021 1:22 pm
Forum: Forwarding Protocols
Topic: Load balancing 75/25 - ECMP
Replies: 2
Views: 559

Re: Load balancing 75/25 - ECMP

From a quick search i found this article on the Wiki... https://wiki.mikrotik.com/wiki/ECMP_load_balancing_with_masquerade According to this article: You can use asymmetric bandwidth links also - for example one link is 2Mbps other 10Mbps. Just use this command to make load balancing 1:5 / ip route ...
by Zacharias
Sun Apr 25, 2021 1:00 pm
Forum: Wireless Networking
Topic: WAP LTE kit Performance [SOLVED]
Replies: 5
Views: 941

Re: WAP LTE kit Performance [SOLVED]

I just replaced the R11e Lte with the R11e LTE6 modem and everything is perfect now...
With CA the speeds are almost twice than before...
by Zacharias
Sat Apr 24, 2021 10:02 am
Forum: General
Topic: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)
Replies: 26
Views: 1733

Re: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)

Just a simple search will provide you with many examples on the wiki on how to do that...
Like the one here: https://wiki.mikrotik.com/wiki/Manual:B ... _switching where Vlan 99 is the management VLAN...
by Zacharias
Thu Apr 22, 2021 8:32 pm
Forum: General
Topic: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)
Replies: 26
Views: 1733

Re: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)

Nice to see that you do not use Bridge Vlan Filtering since it was not a must for your Vlan implementation... ( on the Router's side ) As far as the switch is concerned, did you setup a management Vlan for your Switch? Under /interface Vlan configure your management Vlan for the Bridge interface... ...
by Zacharias
Wed Apr 21, 2021 4:58 pm
Forum: General
Topic: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)
Replies: 26
Views: 1733

Re: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)

Interesting but of no interest to me as I dont use capsman nor any of its functionality. When and If Do (aka when hell freezes over) it would mean MT has useful WIFI products. :-) Unless I have more than 3 wifi devices, I have no use for capsman as an xtra layer of extra config hassles and CPU over...
by Zacharias
Tue Apr 20, 2021 11:41 pm
Forum: General
Topic: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)
Replies: 26
Views: 1733

Re: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)

The link shows exactly what i ve posted earlier... if you look again under the CapsMAN router configuration there is no Bridge configuration at all... Just the trunk port, ether1, configured with VLANs as a trunk port... No, nothing is missing... check again... I would setup a Router with Bridge Vla...
by Zacharias
Tue Apr 20, 2021 9:47 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1918

Re: Port forwarding not working from Public IP ranges [SOLVED]

It seems that sometimes there's some configuration burried somewhere and not shown in UI.
Not shown on configuration export as well ?
How is that actually possible ?
by Zacharias
Tue Apr 20, 2021 9:43 pm
Forum: General
Topic: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed [SOLVED]
Replies: 8
Views: 562

Re: hEX PoE RB960PGS, getting 2 VLANs via SFP, routing within the RouterOS - help needed [SOLVED]

As @anav posted, should the hEX act as a Router only or not ?
A network diagram is always helpful...
by Zacharias
Tue Apr 20, 2021 9:17 pm
Forum: General
Topic: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)
Replies: 26
Views: 1733

Re: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)

No, i am referring to the router... There are many examples, one is here https://wiki.mikrotik.com/wiki/Manual:CAPsMAN_with_VLANs#CAPsMAN_Router If you take a look there, the Trunk port on the router is simply configured without any need of Bridge VLAN filtering or Switch configuration...Just softwa...
by Zacharias
Mon Apr 19, 2021 11:05 pm
Forum: General
Topic: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)
Replies: 26
Views: 1733

Re: Config VLan and trunk between RB4011 router and CRS328 Switch (Running RouteOS)

Why use Bridge VLAN filtering on your router ? A. because it works B. because its easy to implement. C. because there is no letter z in Bridge Vlan filtering ;-P A. Without bridge Vlan filtering it would work as well... just using software Vlans (/interface Vlan) would be enough...if there is only ...
by Zacharias
Wed Apr 14, 2021 8:52 pm
Forum: Wireless Networking
Topic: LHGG LTE - loosing LTE connection
Replies: 10
Views: 1418

Re: LHGG LTE - loosing LTE connection

sometimes after 2-3h lost connection with LTE
What does that mean ?
The LTE interface goes down?

Did you enable the Log for the LTE interface and check what does the log say ?
by Zacharias
Mon Apr 12, 2021 9:47 pm
Forum: RouterBOARD hardware
Topic: CRS112 - Passive 48v?
Replies: 2
Views: 664

Re: CRS112 - Passive 48v?

MikroTik devices which support af/at standard can also switch to Passive PoE-Out mode. (e.g. hEX PoE, CRS112-8P-4S-IN, CRS328-24P-4S+RM.

Source: https://wiki.mikrotik.com/wiki/Manual:PoE-Out

You should however use the 48V power adapter...
by Zacharias
Mon Apr 12, 2021 3:54 pm
Forum: Wireless Networking
Topic: WAP LTE kit Performance [SOLVED]
Replies: 5
Views: 941

Re: WAP LTE kit Performance [SOLVED]

ok thanks @mkx...

I' ve ordered a R11e LTE6 modem, i will let you know of the results as soon as i replace the old modem...
by Zacharias
Mon Apr 12, 2021 1:07 pm
Forum: Wireless Networking
Topic: WAP LTE kit Performance [SOLVED]
Replies: 5
Views: 941

Re: WAP LTE kit Performance [SOLVED]

Beware that on B20, where RSRP is likely highest, channel bandwidth is likely lower (most EU operators have 10MHz wide frequency channels on B20). Yes you are right on that... I get better speeds on Bands 3 and 7 on my Phone as well as on the WAP... So, nothing it can be done? Maybe i should have c...
by Zacharias
Mon Apr 12, 2021 10:45 am
Forum: Wireless Networking
Topic: WAP LTE kit Performance [SOLVED]
Replies: 5
Views: 941

WAP LTE kit Performance [SOLVED]

Hey all, I just installed WAP LTE kit (RBwAPR-2nD&R11e-LTE) outdoors... The speed was not the expected one, i can reach a maximum download speed of about 30 Mbp/s and 20 Mbp/s upload... Test has been done on all available Bands (3, 7, 20) but always the results are approximatelly the same... RSR...
by Zacharias
Sun Apr 04, 2021 10:19 pm
Forum: General
Topic: RB4011 InterVLAN Routing
Replies: 3
Views: 639

Re: RB4011 InterVLAN Routing

Thanks @mkx... Both SFP leds on RB4011 and CRS where on... I dont remember seeing anything in the logs, but ofcorse i might missed something... This has happened 2 random times out of about 20 times i ve powered on the devices and worked with this particular lab... SFPs is what it came to my mind as...
by Zacharias
Sun Apr 04, 2021 9:31 pm
Forum: Beginner Basics
Topic: A little help with VLANs - CRS328
Replies: 10
Views: 992

Re: A little help with VLANs - CRS328

Why use Bridge VLAN filtering on your RB4011 ?
I ve recently configured VLANs on an RB4011, you can see here how viewtopic.php?f=2&t=174057.. I would appreciate if @mkx you could as well take a look at my post and tell me your opinion...
by Zacharias
Sun Apr 04, 2021 9:21 pm
Forum: Beginner Basics
Topic: Yet another VLAN issues topic...
Replies: 22
Views: 1773

Re: Yet another VLAN issues topic...

You can use ether2 on your 2011 as your Trunk port (ether2 must be not be a slave interface)... No need to configure Bridge VLAN filtering on your router... Just create your VLANs under /interface VLAN (on ether2 port), set addresses on each vlan, create your DHCP server and you are almost done... Y...
by Zacharias
Sun Apr 04, 2021 8:55 pm
Forum: Beginner Basics
Topic: Point to Point with upload greater than download
Replies: 4
Views: 361

Re: Point to Point with upload greater than download

Yes, your signal strength is great...
It could be anything to interference or aligment problem...
by Zacharias
Sun Apr 04, 2021 8:44 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 935

Re: Multiple Trunk setup performance issues

You can create all your VLANs on the SFP port of your CCR under /interface Vlan and connect it to your CRS317... That would be your Trunk port...
Then connect your CRS326s on your CRS317.. The latest (CRS models) will be configured using Bridge VLAN filtering...
by Zacharias
Sun Apr 04, 2021 8:37 pm
Forum: General
Topic: vlan problem on hEX [SOLVED]
Replies: 20
Views: 1605

Re: vlan problem on hEX [SOLVED]

Why do you use Bridge vlan filtering ?
You can just use ether2 as your trunk port without using any Bridge....
by Zacharias
Sun Apr 04, 2021 8:33 pm
Forum: Beginner Basics
Topic: Point to Point with upload greater than download
Replies: 4
Views: 361

Re: Point to Point with upload greater than download

CCQ is low on Rx...
I would suggest you try different frequency and or test with different wireless protocol...
by Zacharias
Thu Apr 01, 2021 9:42 pm
Forum: General
Topic: RB4011 InterVLAN Routing
Replies: 3
Views: 639

RB4011 InterVLAN Routing

Hey all, In a test lab i configured an RB4011 for interVLAN routing as flollows: /interface vlan add interface=sfp-sfpplus1 name=Vlan-10 vlan-id=10 add interface=sfp-sfpplus1 name=Vlan-11 vlan-id=11 add interface=sfp-sfpplus1 name=Vlan-12 vlan-id=12 add interface=sfp-sfpplus1 name=Vlan-13 vlan-id=13...
by Zacharias
Fri Jul 03, 2020 10:42 pm
Forum: General
Topic: POE Issues with ubiquiti AP
Replies: 13
Views: 2914

Re: POE Issues with ubiquiti AP

Ok so the auto feature, since as you say Tests are performed, it takes into account the power classification of the Powered Device and it does supply Power accordingly, right ? Or can you be more specific on the Tests that do take place ? What are those Tests in specific ? A source would be apprecia...
by Zacharias
Fri Jul 03, 2020 9:12 pm
Forum: General
Topic: POE Issues with ubiquiti AP
Replies: 13
Views: 2914

Re: POE Issues with ubiquiti AP

I am not offended... ofcorse you can disagree with me...
But i clearly compared the POE's handshake with the Passive POE... And you say that i am wrong because there is the auto feature...
If that seems relevant with the comparison i did well then sorry @xvo... maybe its my mistake...
by Zacharias
Fri Jul 03, 2020 8:51 pm
Forum: General
Topic: POE Issues with ubiquiti AP
Replies: 13
Views: 2914

Re: POE Issues with ubiquiti AP

So? I simply pointed, that what you wrote is not true. It is obvious that you do not know how the handshake on non passive POE works... so its ok with me... I did compare this with how passive POE works... what you are saying is irrelevant because you keep comparing an auto feature with a whole POE...
by Zacharias
Fri Jul 03, 2020 8:23 pm
Forum: General
Topic: POE Issues with ubiquiti AP
Replies: 13
Views: 2914

Re: POE Issues with ubiquiti AP

@xvo that is an auto sense feature and has nothing to do with any protocol or can be compared with the handshake between a PSE and PD like on POE af/at/bt... auto-on - the board will attempt to detect if power can be applied on the port. For power-on to happen there should be resistance on spare pai...
by Zacharias
Fri Jul 03, 2020 8:16 pm
Forum: RouterBOARD hardware
Topic: SFP Running, but does not receice pakets
Replies: 7
Views: 2004

Re: SFP Running, but does not receice pakets

Am not sure what might be the problem...
Why didn't you just use Mikrotik compatible SFPs ? Am not saying that this is the problem, but we would be more sure...
by Zacharias
Fri Jul 03, 2020 7:53 pm
Forum: General
Topic: POE Issues with ubiquiti AP
Replies: 13
Views: 2914

Re: POE Issues with ubiquiti AP

@anav i don't understand the theory of af/at POE standard, we are talking about passive POE here... Mikrotik uses power on Pins 4,5 and 7,8 ... Also, what do you mean 57V is not standard ? Since the Hex can take a DC input of 57V according to the specs then it can as well supply with the same voltag...
by Zacharias
Thu Jul 02, 2020 8:13 pm
Forum: RouterBOARD hardware
Topic: SFP Running, but does not receice pakets
Replies: 7
Views: 2004

Re: SFP Running, but does not receice pakets

What equipment do you use on the Client side ?
What is the model of the SFPs ?
by Zacharias
Thu Jul 02, 2020 8:08 pm
Forum: Beginner Basics
Topic: Turn off internet at night whitelist vs Kid Control [SOLVED]
Replies: 10
Views: 1959

Re: Turn off internet at night whitelist vs Kid Control [SOLVED]

The end result will be the same in either case... so no worries...
by Zacharias
Thu Jul 02, 2020 8:06 pm
Forum: General
Topic: VPN to Router
Replies: 10
Views: 1703

Re: VPN to Router

2. With the proxy-arp it works fine :-)
That is why proxy-arp exists... So if it works where is the problem ?
https://wiki.mikrotik.com/wiki/Manual:IP/ARP#Proxy_ARP
by Zacharias
Thu Jul 02, 2020 7:58 pm
Forum: Beginner Basics
Topic: Turn off internet at night whitelist vs Kid Control [SOLVED]
Replies: 10
Views: 1959

Re: Turn off internet at night whitelist vs Kid Control [SOLVED]

src-address-list not src-address...
It looks fine...
You could as well create a list with the rest of the addresses in case you do not like the ! (not)
by Zacharias
Thu Jul 02, 2020 7:46 pm
Forum: RouterBOARD hardware
Topic: Powerbox Pro overload detection
Replies: 9
Views: 4555

Re: Powerbox Pro overload detection

I wish it could just be fixed with ether1-long-poe-in like in the old days : )
This only work on PowerBox and not PowerBox Pro model...
by Zacharias
Thu Jul 02, 2020 7:41 pm
Forum: General
Topic: mAP lite seems dead
Replies: 1
Views: 471

Re: mAP lite seems dead

Did you just try a reset to default configuration ?

https://wiki.mikrotik.com/wiki/Manual:R ... m_RouterOS
by Zacharias
Thu Jul 02, 2020 7:26 pm
Forum: General
Topic: Port Bridging Between Firewall/Modem
Replies: 7
Views: 1314

Re: Port Bridging Between Firewall/Modem

Reset the CCR to no-default config, create the Bridge with ports ether1 and ether2 and nothing else ... then test again... I would have to disagree with you slightly regarding the mikrotik being the dedicated router/gateway for my network. I am able to do passive inspection with traditional switches...
by Zacharias
Thu Jul 02, 2020 7:21 pm
Forum: General
Topic: POE Issues with ubiquiti AP
Replies: 13
Views: 2914

Re: POE Issues with ubiquiti AP

I got a feeling that the issue here is that the POE port doesn't deliver enough power to the AC
It has a max power consumption of 6.5 W that the Hex can handle...so that is not the problem...
by Zacharias
Thu Jul 02, 2020 6:51 pm
Forum: General
Topic: Port Bridging Between Firewall/Modem
Replies: 7
Views: 1314

Re: Port Bridging Between Firewall/Modem

Did you try to connect a computer in the place of your Asus router and see if the result is the same ?
My ultimate goal is to monitor the traffic real-time and apply firewall rules to prevent access to and from specific ip destinations.
Then the CCR must do the Routing...
by Zacharias
Thu Jul 02, 2020 6:31 pm
Forum: General
Topic: hAC Lite POE on Port 5 - Max Wattage?
Replies: 3
Views: 749

Re: hAC Lite POE on Port 5 - Max Wattage?

A 24V 1.2A PSU is (24 x 1.2) 28.8W
HAP AC lite has a max total out (A) 500mA

You can do the calculations...
by Zacharias
Thu Jul 02, 2020 6:19 pm
Forum: Beginner Basics
Topic: Turn off internet at night whitelist vs Kid Control [SOLVED]
Replies: 10
Views: 1959

Re: Turn off internet at night whitelist vs Kid Control [SOLVED]

The only devices I care about being on are in this list
Create an address list with these addresses and with the help of firewall time parameter block everyone except that list...
by Zacharias
Thu Jul 02, 2020 6:11 pm
Forum: General
Topic: VPN to Router
Replies: 10
Views: 1703

Re: VPN to Router

Is the address assigned to your VPN Client through the VPN in the same address space as the computer you want to reach ?
If not, you will need to add a peristent route on your Computer.
by Zacharias
Thu Jul 02, 2020 10:02 am
Forum: General
Topic: VPN to Router
Replies: 10
Views: 1703

Re: VPN to Router

Could you add a Network Diagram on your post ? It would help...
by Zacharias
Wed Jul 01, 2020 5:44 pm
Forum: General
Topic: Pihole DNS hairpin NAT rule help [SOLVED]
Replies: 14
Views: 3917

Re: Pihole DNS hairpin NAT rule help [SOLVED]

Sure, am just curious why it does not work... there must be a mistake... but anyways it's great you found another working solution for you...
by Zacharias
Wed Jul 01, 2020 11:26 am
Forum: RouterBOARD hardware
Topic: Can't Upload any file to Mikrotik Router
Replies: 4
Views: 1541

Re: Can't Upload any file to Mikrotik Router

Just click on the upload button and browse to the file you want to upload in your router.
by Zacharias
Wed Jul 01, 2020 11:16 am
Forum: Wireless Networking
Topic: Lhg 5 in repeater mode
Replies: 2
Views: 829

Re: Lhg 5 in repeater mode

LHG5 is a high Gain directional Antenna...
So, by configuring it in a repeater mode you would just repeat a signal towards the source you received it from... Does that make sense ?
by Zacharias
Wed Jul 01, 2020 11:10 am
Forum: Wireless Networking
Topic: hAP router mode
Replies: 8
Views: 1795

Re: hAP router mode

@anav made some accurate considerations...
wow, anav you sound like a pro... :D
by Zacharias
Wed Jul 01, 2020 10:50 am
Forum: General
Topic: ASK [reset-button]
Replies: 8
Views: 1907

Re: ASK [reset-button]

I don't understand, what should the script do ?
by Zacharias
Wed Jul 01, 2020 10:47 am
Forum: General
Topic: ROS cant reach the internet, Local clients can
Replies: 5
Views: 1449

Re: ROS cant reach the internet, Local clients can

Sorry for the late reply. I could solve it by supplying a default route without a routing mark. With the routing mark, the error is still there. Yes, because the Router had no default Route for its main Routing Table... You could otherwise create a Mangle Rule and choose/set the Routing Table the R...
by Zacharias
Wed Jul 01, 2020 10:42 am
Forum: General
Topic: Pihole DNS hairpin NAT rule help [SOLVED]
Replies: 14
Views: 3917

Re: Pihole DNS hairpin NAT rule help [SOLVED]

You can always post your NAT rules, maybe something is not right...
by Zacharias
Tue Jun 30, 2020 6:54 pm
Forum: Beginner Basics
Topic: Firewall rules not persisting across reboot
Replies: 3
Views: 953

Re: Firewall rules not persisting across reboot

Is is Safe Mode not Save Mode...
Otherwise i agree with the previous post...
by Zacharias
Tue Jun 30, 2020 6:45 pm
Forum: General
Topic: Pihole DNS hairpin NAT rule help [SOLVED]
Replies: 14
Views: 3917

Re: Pihole DNS hairpin NAT rule help [SOLVED]

@xvo is right, The client was receiving an answer from your DNS server 192.168.1.20 while it was expecting an answer from 8.8.8.8... So you were getting a time out... Adding the Hair Pin NAT rules, the DNS request is dst-Nated to your DNS server and at the same time the source IP is source Nated wit...
by Zacharias
Tue Jun 30, 2020 9:58 am
Forum: General
Topic: CRS305 not negotiating properly
Replies: 1
Views: 506

Re: CRS305 not negotiating properly

Is it a Mikrotik SFP Module ?
by Zacharias
Tue Jun 30, 2020 9:45 am
Forum: General
Topic: How many concurrent users(hotspot and ethernet) can CCR1072 handle theoritically?
Replies: 1
Views: 629

Re: How many concurrent users(hotspot and ethernet) can CCR1072 handle theoritically?

CCR1072 has a Level 6 License, so there is no limitation on the active hotspot users...
So i would say a lot...
by Zacharias
Mon Jun 29, 2020 8:51 pm
Forum: Wireless Networking
Topic: Regarding Mantbox Radios
Replies: 1
Views: 788

Re: Regarding Mantbox Radios

Will there be any complications using different model antennas
I don't know your network setup but in general no...
https://i.mt.lv/cdn/rb_files/antenas-ma ... 123306.pdf
by Zacharias
Mon Jun 29, 2020 8:41 pm
Forum: Wireless Networking
Topic: CAPSMAN issue with new CAP [SOLVED]
Replies: 3
Views: 1317

Re: CAPSMAN issue with new CAP [SOLVED]

You could just reprovision the radio instead of rebooting...
You can mark the post as solved...
by Zacharias
Mon Jun 29, 2020 8:28 pm
Forum: General
Topic: LAN to LAN forwarding [SOLVED]
Replies: 63
Views: 11321

Re: LAN to LAN forwarding [SOLVED]

ATTN everybody!
I now have found a solution. Will post it shortly. But it works only if no bridge is configured in RouterOS :-( Could be a ROS bug...
Then how exactly did you create a Layer 2 Broadcast Domain if you configured no Bridge ?
by Zacharias
Mon Jun 29, 2020 8:11 pm
Forum: Wireless Networking
Topic: CAPSMAN issue with new CAP [SOLVED]
Replies: 3
Views: 1317

Re: CAPSMAN issue with new CAP [SOLVED]

On the provisioning tab under action field instead of Create-dynamic-enabled you should select create-enabled....
by Zacharias
Mon Jun 29, 2020 7:12 pm
Forum: General
Topic: Port Forwarding / NAT
Replies: 7
Views: 1571

Re: Port Forwarding / NAT

Hi Zach. Shouldn't you be spending time paying off the Greek debt instead of posting so much. Not so much of free time anymore, too much work i guess... Well, as for the Local address type we mean the same, i just use more strict words e.g. "assigned to routers interface" instead of "...
by Zacharias
Mon Jun 29, 2020 2:48 pm
Forum: General
Topic: LAN to LAN forwarding [SOLVED]
Replies: 63
Views: 11321

Re: LAN to LAN forwarding [SOLVED]

Traffic inside your LAN is a Layer 2 traffic that will not go through The Firewall !!! Firewall filters Layer 3 Traffic... So either you enable the bridge filter so that the traffic is forced to pass through the prerouting, forward and postrouting chains, as @xvo suggested or you use a whole differe...
by Zacharias
Mon Jun 29, 2020 2:41 pm
Forum: General
Topic: missed up my firewall filter rules
Replies: 9
Views: 1728

Re: missed up my firewall filter rules

Rules 19 and 20 are wrong anyways...
Input Chain captures traffic destined to the router itself...

A good starting point is the default firewall, so i ll aggree with anav.
The next step is to study how the firewall works, about chains etc....
by Zacharias
Mon Jun 29, 2020 1:20 pm
Forum: General
Topic: Port Forwarding / NAT
Replies: 7
Views: 1571

Re: Port Forwarding / NAT

@anav a local address is an address assigned to a routers interface specifically and not in general any local address under the same subnet...
https://wiki.mikrotik.com/wiki/Manual:I ... all/Mangle
by Zacharias
Mon May 18, 2020 9:25 pm
Forum: General
Topic: How to limit upload while downloading is at its maximum?
Replies: 15
Views: 3167

Re: How to limit upload while downloading is at its maximum?

The queues in RouterOS only limit egress traffic
And i' ve seen the packet flow diagram a hundred times... but i missed it... why why ....
Thanks @sindy...

So it is better to use the Global Parent, meaning all the Interfaces and mark egress packets accordingly for Download and Upload, right ?
by Zacharias
Mon May 18, 2020 12:22 pm
Forum: General
Topic: Help with hotspot
Replies: 1
Views: 521

Re: Help with hotspot

Try login with MAC...
by Zacharias
Mon May 18, 2020 10:23 am
Forum: General
Topic: How to limit upload while downloading is at its maximum?
Replies: 15
Views: 3167

Re: How to limit upload while downloading is at its maximum?

That's the whole point - the line is not 50/50 symmetric
Ok my mistake...
We did not choose an interface but global - that's not an interface
Yes i know, am asking in general, how do we make the choice of an interface to be the upload or download one...
by Zacharias
Sun May 17, 2020 8:27 pm
Forum: General
Topic: How to limit upload while downloading is at its maximum?
Replies: 15
Views: 3167

Re: How to limit upload while downloading is at its maximum?

But any of the child queues is free to use that bandwidth completely if there is no traffic in the other child queues, This is what i mean, if the Download child uses the whole 50Mbits, what will then happen with the Upload? Since the Parent is limited to 50Mbit.. The Upload child will get the guar...
by Zacharias
Sat May 16, 2020 2:36 pm
Forum: General
Topic: No internet via non-main routing tables if missing default route on main [SOLVED]
Replies: 21
Views: 3707

Re: No internet via non-main routing tables if missing default route on main [SOLVED]

I did disable/enable and again i do get the expected result...
What is your ROS versions?
by Zacharias
Sat May 16, 2020 2:19 pm
Forum: General
Topic: No internet via non-main routing tables if missing default route on main [SOLVED]
Replies: 21
Views: 3707

Re: No internet via non-main routing tables if missing default route on main [SOLVED]

I have just reproduced the error again. i will post details in a moment please bear with me. i am not going insane after all
I reproduced it as well and it gave me the expected result...
by Zacharias
Sat May 16, 2020 2:15 pm
Forum: General
Topic: No internet via non-main routing tables if missing default route on main [SOLVED]
Replies: 21
Views: 3707

Re: No internet via non-main routing tables if missing default route on main [SOLVED]

why does creating a bogus default route on the main routing table otherwise solve my issue?
No it does not solve the issue...
by Zacharias
Sat May 16, 2020 1:58 pm
Forum: General
Topic: No internet via non-main routing tables if missing default route on main [SOLVED]
Replies: 21
Views: 3707

Re: No internet via non-main routing tables if missing default route on main [SOLVED]

You ve set Routing Marks, so there is no Main Routing Table...
It is actually your mistake...
Tell the Router to use the Table named "foo" and everything will work just fine...
by Zacharias
Sat May 16, 2020 1:50 pm
Forum: General
Topic: How to limit upload while downloading is at its maximum?
Replies: 15
Views: 3167

Re: How to limit upload while downloading is at its maximum?

@sindy shouldn't the max limit of the Parent be the sum of the Child's max limit? If the Upload is 50Mbit and the Download 50Mbit as well then the Max limit of the Parent must be the sum of it... Also something i have difficulty understanding, if we do not use Global as parent, then for the Upload s...
by Zacharias
Fri May 15, 2020 8:56 pm
Forum: Useful user articles
Topic: Using RouterOS to QoS your network - 2020 Edition
Replies: 217
Views: 290716

Re: Using RouterOS to QoS your network - 2020 Edition

I ve used Queue Trees mostly with Global Parent.
My question is, why do we use as Parent the Lan Interface for the Download Traffic and the WAN for the Upload Traffic ?
by Zacharias
Sun May 10, 2020 7:32 pm
Forum: Beginner Basics
Topic: Admin access via the internet
Replies: 14
Views: 2742

Re: Admin access via the internet

Where is this super simple magical VPN tick box.
I wonder that too...
by Zacharias
Sun May 10, 2020 7:30 pm
Forum: General
Topic: IPsec between two RB behind NAT
Replies: 18
Views: 2709

Re: IPsec between two RB behind NAT

ok @sindy thanks for reminding me :D
by Zacharias
Sun May 10, 2020 5:35 pm
Forum: General
Topic: IPsec between two RB behind NAT
Replies: 18
Views: 2709

Re: IPsec between two RB behind NAT

ESP need not be forwarded as if there is NAT at at least one end, it cannot be used.
Isn't ESP encapsulated inside the UDP packet ?
by Zacharias
Sun May 10, 2020 4:33 pm
Forum: General
Topic: IPsec between two RB behind NAT
Replies: 18
Views: 2709

Re: IPsec between two RB behind NAT

it will work with IKEv2 (for IKE(v1), you would need to forward also UDP port 500).
@sindy could you remind me why this happens ?
by Zacharias
Sun May 10, 2020 4:29 pm
Forum: Wireless Networking
Topic: CapsMan with mikrotik Vs Wireless mikrotik only?
Replies: 21
Views: 3771

Re: CapsMan with mikrotik Vs Wireless mikrotik only?

2404-2408-2412-2417-2422 for C
It is 2402-2407-2412 ...etc...
by Zacharias
Sun May 10, 2020 4:03 pm
Forum: Beginner Basics
Topic: Router Speed 1/3 of Direct Connection to Modem
Replies: 12
Views: 2327

Re: Router Speed 1/3 of Direct Connection to Modem

You ll get great performance results with this model...
by Zacharias
Sat May 09, 2020 10:42 pm
Forum: General
Topic: Access to server from internal LAN
Replies: 2
Views: 796

Re: Access to server from internal LAN

Example of Hairpin NAT here https://wiki.mikrotik.com/wiki/Hairpin_NAT
by Zacharias
Sat May 09, 2020 10:32 pm
Forum: General
Topic: Bidirectional Load Balancing for 2 LANs using 2 WANs
Replies: 8
Views: 1804

Re: Bidirectional Load Balancing for 2 LANs using 2 WANs

Where exactly would that help ?
by Zacharias
Sat May 09, 2020 9:31 pm
Forum: Beginner Basics
Topic: Failed to connect to internet
Replies: 16
Views: 2798

Re: Failed to connect to internet

/ip address
add address=192.168.2.1/24 comment=defconf interface=bridge network=\
    192.168.2.0
Set the address on your Bridge Interface and not on the ether2 slave Interface...
by Zacharias
Sat May 09, 2020 9:19 pm
Forum: Beginner Basics
Topic: Admin access via the internet
Replies: 14
Views: 2742

Re: Admin access via the internet

What is the VPN you mention about ?
by Zacharias
Sat May 09, 2020 9:07 pm
Forum: Beginner Basics
Topic: Router Speed 1/3 of Direct Connection to Modem
Replies: 12
Views: 2327

Re: Router Speed 1/3 of Direct Connection to Modem

I ll agree with @anav, RB4011 would be a good choice...
by Zacharias
Sat May 09, 2020 8:51 pm
Forum: Wireless Networking
Topic: CapsMan with mikrotik Vs Wireless mikrotik only?
Replies: 21
Views: 3771

Re: CapsMan with mikrotik Vs Wireless mikrotik only?

Set control channel width to 20Mhz and extention channel either disabled, in case you only want to use 20Mhz as channel width, or Ce, eC, XX in case you want to support 40 Mhz channel width as well...
by Zacharias
Sat May 09, 2020 1:06 pm
Forum: Wireless Networking
Topic: CapsMan with mikrotik Vs Wireless mikrotik only?
Replies: 21
Views: 3771

Re: CapsMan with mikrotik Vs Wireless mikrotik only?

Your question is already answered...
If you leave the Tx Power empty, the MAX allowed by interface is used...!
However, you must use the Tx Power allowed in your Country... That is why we select the Country...
by Zacharias
Sat May 09, 2020 12:54 pm
Forum: RouterBOARD hardware
Topic: VoIP POE Switch Recommendation [SOLVED]
Replies: 1
Views: 1636

Re: VoIP POE Switch Recommendation [SOLVED]

I would suggest the CRS112... and don't forget the 48V Power supply...
by Zacharias
Sat May 09, 2020 12:48 pm
Forum: Announcements
Topic: Updated btest.exe available for download
Replies: 17
Views: 15009

Re: Updated btest.exe available for download

I guess most of you have already noticed that <TAB> key does not move focus from one input field to another.
And double click on an input field does not select the text.
I can confirm that as well...
by Zacharias
Sat May 09, 2020 12:44 pm
Forum: Wireless Networking
Topic: CapsMan with mikrotik Vs Wireless mikrotik only?
Replies: 21
Views: 3771

Re: CapsMan with mikrotik Vs Wireless mikrotik only?

If under Capsman -> Configurations -> Wireless you did set your Country (as you should) then the Tx Power will be the maximum allowed for you Country...
Only in case you want to lower the Tx Power you do use the Tx Power paramater field...
by Zacharias
Sat May 09, 2020 11:03 am
Forum: Wireless Networking
Topic: CapsMan with mikrotik Vs Wireless mikrotik only?
Replies: 21
Views: 3771

Re: CapsMan with mikrotik Vs Wireless mikrotik only?

The signal strength will be the same as long as your configuration is correct....
by Zacharias
Sat May 09, 2020 10:58 am
Forum: Wireless Networking
Topic: Band steering Mikrotik Audience and other aps [SOLVED]
Replies: 2
Views: 1873

Re: Band steering Mikrotik Audience and other aps [SOLVED]

has anyone heard anything from Mikrotik yet, shell we hope for ROS 7?
Not really...
by Zacharias
Sat May 09, 2020 10:47 am
Forum: Announcements
Topic: Updated btest.exe available for download
Replies: 17
Views: 15009

Re: Updated btest.exe available for download

I guess most of you have already noticed that <TAB> key does not move focus from one input field to another.
Yes...
by Zacharias
Fri May 08, 2020 8:52 pm
Forum: General
Topic: router randomly drops WAN connection
Replies: 9
Views: 3343

Re: router randomly drops WAN connection

so even if the cable works with the PC, it may not with the Mikrotik
Am not really sure how that would make sense...
by Zacharias
Fri May 08, 2020 8:48 pm
Forum: Beginner Basics
Topic: CRS125 - PPPoE - NAT
Replies: 11
Views: 2150

Re: CRS125 - PPPoE - NAT

in-interface=PPPoE
You do not need to specify destination address... At least when accessing your Devices from outside the Local Network...
However you do not provide any information enough so that someone can actually help...
by Zacharias
Fri May 08, 2020 5:04 pm
Forum: General
Topic: Load balancing same gateway
Replies: 3
Views: 942

Re: Load balancing same gateway

by Zacharias
Fri May 08, 2020 5:00 pm
Forum: General
Topic: IPsec between two RB behind NAT
Replies: 18
Views: 2709

Re: IPsec between two RB behind NAT

Make sure only one will be behind NAT and make sure under /ip ipsec peer passive is enabled fo the RB that is not behind NAT...
The other RB must have send-initial-contact to yes
by Zacharias
Fri May 08, 2020 4:51 pm
Forum: General
Topic: IPsec between two RB behind NAT
Replies: 18
Views: 2709

Re: IPsec between two RB behind NAT

Are they both behind NAT ?
If yes, it will not work...
by Zacharias
Fri May 08, 2020 4:29 pm
Forum: Announcements
Topic: Updated btest.exe available for download
Replies: 17
Views: 15009

Re: Updated btest.exe available for download

Maybe the Local Tx Size and Remote Tx size would be best if they were renamed to MTU and MRU size ?
by Zacharias
Fri May 08, 2020 4:17 pm
Forum: Beginner Basics
Topic: How to access network from internet for some IP [SOLVED]
Replies: 4
Views: 83340

Re: How to access network from internet for some IP [SOLVED]

Add that specific IP in the src-address parameter of your Firewall rule...
by Zacharias
Fri May 08, 2020 4:08 pm
Forum: Beginner Basics
Topic: CRS125 - PPPoE - NAT
Replies: 11
Views: 2150

Re: CRS125 - PPPoE - NAT

Does the PPPoE client get a Dynamic Public IP or not?
If it is a Dynamic you can use the cloud DNS of your Router...
by Zacharias
Sat May 02, 2020 5:05 pm
Forum: Beginner Basics
Topic: Idea for 2 routers and avoiding Double NAT while running srcnat on second router?
Replies: 2
Views: 1138

Re: Idea for 2 routers and avoiding Double NAT while running srcnat on second router?

Yes you can remove the NAT from the 4011, but then you will have to create a route on your ISPs Modem-Router for the RB's 4011 Local Subnet...
by Zacharias
Sat May 02, 2020 4:54 pm
Forum: General
Topic: Problem Hardware Offload on CRS326-24G-2S+
Replies: 6
Views: 1742

Re: Problem Hardware Offload on CRS326-24G-2S+

In case you want to segment your network, VLANs is what you should choose...
by Zacharias
Sat May 02, 2020 12:59 pm
Forum: RouterBOARD hardware
Topic: CCR2004-1G-12S+2XS with more RAM ?
Replies: 15
Views: 5523

Re: CCR2004-1G-12S+2XS with more RAM ?

I think you should better contact Mikrotik support for that question...
by Zacharias
Fri May 01, 2020 11:12 pm
Forum: General
Topic: can't connect to hEX S after factory reset / netinstall
Replies: 8
Views: 2512

Re: can't connect to hEX S after factory reset / netinstall

/system interface
How sure are you of that command ?
by Zacharias
Fri May 01, 2020 11:09 pm
Forum: General
Topic: Trying to duplicate a SwOS feature on ROS...
Replies: 15
Views: 2535

Re: Trying to duplicate a SwOS feature on ROS...

But, this "lock on first" feature does not seem to be possible with ROS nor does another similar solution. Something similar i do not think you will find in ROS... But it is possible with many other ways... Bridge Firewall as suggested earlier, with Bridge Reply-Only etc..., VLANs, PPPoE ...
by Zacharias
Fri May 01, 2020 9:08 pm
Forum: General
Topic: Trying to duplicate a SwOS feature on ROS...
Replies: 15
Views: 2535

Re: Trying to duplicate a SwOS feature on ROS...

You can make use of the Bridge Firewall under Bridge Settings...
Then you could restrict access to your Network only to a Specific MAC address...
by Zacharias
Fri May 01, 2020 8:55 pm
Forum: Wireless Networking
Topic: hap ac lite can't connect to another AP
Replies: 21
Views: 4812

Re: hap ac lite can't connect to another AP

the dhcp client went red
If you did let the DHCP-Client on the slave interface (wlan) obviously it did...
My simple suggestion, is unless you need Layer 2 connectivity, forget about any Bridge Mode and use Station Mode...
Then configure the Hap as a Router...
by Zacharias
Fri May 01, 2020 8:37 pm
Forum: General
Topic: Trying to duplicate a SwOS feature on ROS...
Replies: 15
Views: 2535

Re: Trying to duplicate a SwOS feature on ROS...

Yes but the Client might have 2 different laptops and in some cases work with one or the other... So, if you limit the MAC address that can access the network, simply you deny him the use of any other equipment might have... So does the client know that can only use 1 specific device and nothing els...
by Zacharias
Fri May 01, 2020 8:29 pm
Forum: General
Topic: convert QoS CISCO to Mikrotik
Replies: 3
Views: 3185

Re: convert QoS CISCO to Mikrotik

I am not really familiar with Cisco, so trying to translate its configuration might not be the best thing...
But, if you give us the Network Topology of your equipment and what does your Device should do we can as well help on that easily :D
by Zacharias
Fri May 01, 2020 8:26 pm
Forum: SwOS
Topic: LACP not work correct with Windows Server
Replies: 2
Views: 2056

Re: LACP not work correct with Windows Server

The mode used is Active on the Server by default : When you configure a Teaming mode of LACP, NIC Teaming always operates in LACP's Active mode with a short timer So you can let it to Passive on the Switch which is the default mode as well... What is the Loading Balancing Mode you use on the Server ...
by Zacharias
Fri May 01, 2020 8:14 pm
Forum: General
Topic: Trying to duplicate a SwOS feature on ROS...
Replies: 15
Views: 2535

Re: Trying to duplicate a SwOS feature on ROS...

May i ask a little more details about the topology ?
Does the Client have an equipment managed by you ? No ?
by Zacharias
Fri May 01, 2020 12:51 am
Forum: Wireless Networking
Topic: hap ac lite can't connect to another AP
Replies: 21
Views: 4812

Re: hap ac lite can't connect to another AP

Have a look at the screenshots posted- DHCP client is on the bridge interface, so (provided DHCP server is only accessible over wireless) there's no way it will work. Sorry but you are wrong on that... :D Yes the DHCP Client is on the Bridge Interface and that Bridge Interface has a slave Interface...
by Zacharias
Thu Apr 30, 2020 11:50 pm
Forum: Wireless Networking
Topic: hap ac lite can't connect to another AP
Replies: 21
Views: 4812

Re: hap ac lite can't connect to another AP

You can configure that, obviously, but it won't work. This does not change the fact that the DHCP Client should get an IP address without problems... As for the station-pseudobridge, should always be avoided !!! We should either create a Station mode and configure our Station to act as a router... ...
by Zacharias
Thu Apr 30, 2020 11:06 pm
Forum: Wireless Networking
Topic: hap ac lite can't connect to another AP
Replies: 21
Views: 4812

Re: hap ac lite can't connect to another AP

Are you sure you are connected to a network with an active and working DHCP server ?
You should be able to get an IP address and as i can see you do not...

After that, next question is, do you want to be on the same Layer 2 (same LAN) network as the AP you connect to ?
by Zacharias
Thu Apr 30, 2020 8:58 pm
Forum: Wireless Networking
Topic: hap ac lite can't connect to another AP
Replies: 21
Views: 4812

Re: hap ac lite can't connect to another AP

What is the Wireless Mode you use on your Mikrotik Station Device ?
I won't guess this time :lol:
by Zacharias
Thu Apr 30, 2020 8:55 pm
Forum: Wireless Networking
Topic: hAP ac lite router will not connect wifi printer to network
Replies: 6
Views: 3180

Re: hAP ac lite router will not connect wifi printer to network

another poster blaming the equipment and not the admin LOL. Isn't that what happens most of the times ? I guess you did connect your printer to your ADSL Router using the WPS Function of the Router's... So, you can either do it in two ways, your Hap AC has a physical WPS button, so either press thi...
by Zacharias
Thu Apr 30, 2020 8:40 pm
Forum: General
Topic: Can't update - could not resolve DNS name error [SOLVED]
Replies: 15
Views: 17113

Re: Can't update - could not resolve DNS name error [SOLVED]

I've never found any issue to be actually fixed by moving the IP settings from the slave port to the bridge.
Wrong is only something that makes our configuration not to work ?
by Zacharias
Thu Apr 30, 2020 7:24 pm
Forum: General
Topic: Can't update - could not resolve DNS name error [SOLVED]
Replies: 15
Views: 17113

Re: Can't update - could not resolve DNS name error [SOLVED]

What ROS Version your 2011 has?
Your router has its LAN IP address configured on a slave Interface, which is wrong... :D
by Zacharias
Thu Apr 30, 2020 7:03 pm
Forum: General
Topic: Bricked RB951G-2HnD
Replies: 8
Views: 2026

Re: Bricked RB951G-2HnD

protected-routerboot property ofcorse can be the reason you can not netinstall... RouterBOARD that has the protected RouterBOOT setting enabled will blink the LED every second, to make counting easier. Do you see this behavior ? https://wiki.mikrotik.com/wiki/Manual:RouterBOARD_settings#Protected_b...
by Zacharias
Thu Apr 30, 2020 6:47 pm
Forum: Beginner Basics
Topic: 2 LAN Cables from Mikrotik to Switch
Replies: 24
Views: 4515

Re: 2 LAN Cables from Mikrotik to Switch

BUT, I can only get 98Mps udp between the two when using 802.3ad when testing with udp, 140Mbps TCP 802.3ad does not double the bandwidth nor i ever said it does... If you do not care about the misordering of the Frames as far as TCP connections are concerned and the negative effects of that do not...
by Zacharias
Thu Apr 30, 2020 6:37 pm
Forum: Wireless Networking
Topic: 160MHz support for US RB4011
Replies: 13
Views: 6494

Re: 160MHz support for US RB4011

On a RB4011...
by Zacharias
Thu Apr 30, 2020 4:19 pm
Forum: Beginner Basics
Topic: 2 LAN Cables from Mikrotik to Switch
Replies: 24
Views: 4515

Re: 2 LAN Cables from Mikrotik to Switch

I just made a comment on TCP connections and 802.3ad...
The OP can choose the Mode that betters fits to his needs and ofcorse the mode that is supported by his equpment...
by Zacharias
Thu Apr 30, 2020 4:00 pm
Forum: Beginner Basics
Topic: 2 LAN Cables from Mikrotik to Switch
Replies: 24
Views: 4515

Re: 2 LAN Cables from Mikrotik to Switch

@pe1chl i do not see the point on what you said... The balancing modes are: 802.3ad, balance-rr, active-backup, balance-xor etc... So according to what you said: It depends on how you configure it the answer is simple, 802.3ad is a Bodning Mode and not a variation of the Balance-rr mode... So you ca...
by Zacharias
Thu Apr 30, 2020 3:37 pm
Forum: General
Topic: CRS354-48G-4S+2Q+ VLANs over bonding interface
Replies: 5
Views: 2384

Re: CRS354-48G-4S+2Q+ VLANs over bonding interface

I already have a setup on GNS3 for such a scenario, so i wil give you an example with working and tested code... I ll give you the basic parts of the configuration... Main Router R1: Create Interface VLAN for every VID: /interface vlan add interface=bridge1 name=vlan10 vlan-id=10 add interface=bridg...
by Zacharias
Thu Apr 30, 2020 12:59 pm
Forum: General
Topic: CRS354-48G-4S+2Q+ VLANs over bonding interface
Replies: 5
Views: 2384

Re: CRS354-48G-4S+2Q+ VLANs over bonding interface

Do you use any VLAN as management VLAN ? Since i do not see the whole config, What i would do is, have a management VLAN e.g. 99 setup on my router and then on the Switch, i would: Set an IP Address on the VLAN 99 e.g. 192.168.99.2 Set DNS 192.168.99.1 (Router's MGMT Vlan) Add the Bridge as Tagged M...
by Zacharias
Thu Apr 30, 2020 12:42 pm
Forum: Beginner Basics
Topic: 2 LAN Cables from Mikrotik to Switch
Replies: 24
Views: 4515

Re: 2 LAN Cables from Mikrotik to Switch

802.3ad (LACP) bonding does not have any negative effect on TCP connections...
Every existing connection always chooses the same link, they never get split between links... So there is no misordering...
by Zacharias
Thu Apr 30, 2020 12:20 pm
Forum: Wireless Networking
Topic: 160MHz support for US RB4011
Replies: 13
Views: 6494

Re: 160MHz support for US RB4011

For testing purposes i did try Regulatory Domain for Canada and United States 3. They both did work when setting Channel Width to 80Mhz and Secondary Frequency to Auto...
by Zacharias
Thu Apr 30, 2020 12:00 pm
Forum: General
Topic: PPPoE client connected but no internet [SOLVED]
Replies: 10
Views: 4805

Re: PPPoE client connected but no internet [SOLVED]

On your first post you had: add action=masquerade chain=srcnat comment="default configuration" disabled=no out-interface=ether1-gateway \ Which obviously is wrong, your out interface is not eth1 but the PPPoE client... This wrong rule does not keep the router from having access to the Inte...
by Zacharias
Thu Apr 30, 2020 12:30 am
Forum: Wireless Networking
Topic: 160MHz support for US RB4011
Replies: 13
Views: 6494

Re: 160MHz support for US RB4011

What error are you getting?
Also sorry but my test was not for US (U-NII-2)... So my question is, you can not make it work for any country and or frequency ?
by Zacharias
Thu Apr 30, 2020 12:07 am
Forum: General
Topic: PPPoE client connected but no internet [SOLVED]
Replies: 10
Views: 4805

Re: PPPoE client connected but no internet [SOLVED]

How do I upgrade to 6.x? Net install?
System -> Packages -> Check for Updates -> Download and Install
by Zacharias
Wed Apr 29, 2020 11:46 pm
Forum: Wireless Networking
Topic: 160MHz support for US RB4011
Replies: 13
Views: 6494

Re: 160MHz support for US RB4011

Changelog of 6.45.1 shows: *) wireless - improved 160MHz channel width stability on rb4011; So i guess it works... But... I ll make a test on a RB4011 right now and let you know if it works... Edit: You can effectively set 160Mhz channel width...it works... The secondary Frequency parameter though.....
by Zacharias
Wed Apr 29, 2020 9:04 pm
Forum: General
Topic: CRS354-48P-4S+2Q+ traffic problem on ports 1 to 8
Replies: 299
Views: 50432

Re: CRS354-48P-4S+2Q+ traffic problem on ports 1 to 8

I can't take a look at your config right now...
Since it is new, in case you have no important config on it, just reset it to its default settings...
Or make a backup and then reset...
After that, remove all cables from every ethernet port and test them one by one ...
by Zacharias
Wed Apr 29, 2020 9:02 pm
Forum: Wireless Networking
Topic: LHG 60g no internet from the antenna interface [SOLVED]
Replies: 4
Views: 1560

Re: LHG 60g no internet from the antenna interface

You can add a little more details of what did you change upon my suggestion so that we can help others who meet the same problem ?
Also please mark the post as solved :D
by Zacharias
Wed Apr 29, 2020 8:07 pm
Forum: Beginner Basics
Topic: Firewall: Locked out myself. What was the reason? [SOLVED]
Replies: 23
Views: 4317

Re: Firewall: Locked out myself. What was the reason? [SOLVED]

Changing the Public port of a Nat Rule or in general the port of a specific service does not provide a great security...
by Zacharias
Wed Apr 29, 2020 7:58 pm
Forum: General
Topic: CRS354-48P-4S+2Q+ traffic problem on ports 1 to 8
Replies: 299
Views: 50432

Re: CRS354-48P-4S+2Q+ traffic problem on ports 1 to 8

I don't think it would harm your device trying the update.
Ports 1-8 is the first Group of ports and since those specific ports do not work maybe you have made any changes in the Switch menu or anything ?
by Zacharias
Wed Apr 29, 2020 7:43 pm
Forum: Beginner Basics
Topic: Firewall: Locked out myself. What was the reason? [SOLVED]
Replies: 23
Views: 4317

Re: Firewall: Locked out myself. What was the reason? [SOLVED]

I had disabled all the MAC things as is recommended in the MT wiki page titled "Securing your router" or something that... Yes indeed is a good practice in case there is an actual risk of someone discovering your device through your Lan Network and trying to access it... If there is no su...
by Zacharias
Wed Apr 29, 2020 7:35 pm
Forum: Beginner Basics
Topic: Firewall: Locked out myself. What was the reason? [SOLVED]
Replies: 23
Views: 4317

Re: Firewall: Locked out myself. What was the reason? [SOLVED]

Firewall unless told otherwise, will block Layer 3 Activity...
So instead of spending 3 hours with that laptop you could as well login by MAC in less that 1 minute...

@anav a pencil works better...
by Zacharias
Wed Apr 29, 2020 7:23 pm
Forum: General
Topic: Auto updating ROS - yeah or nay?
Replies: 7
Views: 1782

Re: Auto updating ROS - yeah or nay?

It is good and recommended to keep your Device up to date. But i do not think that this means that we should update to every single new release that comes out unless it Fixes a Security issue or a Bug that was causing problems to our setup... But this is just my opinion...
by Zacharias
Wed Apr 29, 2020 7:06 pm
Forum: General
Topic: CRS354-48P-4S+2Q+ traffic problem on ports 1 to 8
Replies: 299
Views: 50432

Re: CRS354-48P-4S+2Q+ traffic problem on ports 1 to 8

Here is a related problem with CRS354, you can check the solution viewtopic.php?f=3&t=159176&p=787552&hil ... 54#p788593 and let us know if it fixes your problem...
by Zacharias
Wed Apr 29, 2020 6:58 pm
Forum: Beginner Basics
Topic: Port range not working in mangle rules
Replies: 6
Views: 1580

Re: Port range not working in mangle rules

Then only one question remains, how sure are you that indeed it was matched by the Rule because of that specific port ?
by Zacharias
Wed Apr 29, 2020 6:56 pm
Forum: General
Topic: Ip Route Rule vs Firewall Mangle on Cpu Load
Replies: 2
Views: 947

Re: Ip Route Rule vs Firewall Mangle on Cpu Load

Indeed, rules for Firewall Filter, Queues and Mangles are not applied for Fasttracked Traffic...
If you do not need the extra features that Mangles facility offers then just go with IP Route Rules...
by Zacharias
Wed Apr 29, 2020 6:10 pm
Forum: Wireless Networking
Topic: LHG 60g no internet from the antenna interface [SOLVED]
Replies: 4
Views: 1560

Re: LHG 60g no internet from the antenna interface

Well, to start with, whatever you ve added inside the Interface Bridge VLAN does not work unless Bridge VLAN Filtering is enabled... But you do not as well need any Bridge VLAN Filtering on your Antennas... What i would do is create a seperate VLAN for my management purposes on my Router, eg VLAN 99...
by Zacharias
Wed Apr 29, 2020 5:52 pm
Forum: General
Topic: Fasttrack not working.
Replies: 18
Views: 4048

Re: Fasttrack not working.

Fasttrack wiki page lacks real world example with filter and/or mangle rules https://forum.mikrotik.com/viewtopic.php?f=13&t=160510&p=789313#p789313 Also here https://forum.mikrotik.com/viewtopic.php?f=13&t=160433&p=789209#p789209 Configuring the Firewall in RouterOS again there is ...
by Zacharias
Wed Apr 29, 2020 5:46 pm
Forum: Virtualization
Topic: License rent for CHR
Replies: 8
Views: 2573

Re: License rent for CHR

At post #2 that i posted the link with the Wiki, clearly mentions It is possible to transfer a perpetual license to another CHR instance
by Zacharias
Wed Apr 29, 2020 5:44 pm
Forum: Beginner Basics
Topic: Port range not working in mangle rules
Replies: 6
Views: 1580

Re: Port range not working in mangle rules

I can't be sure or guess as to why the first rule was matched by that port although it does not exist in the ports field.
What is your ROS Version ?
Is it updated to latest Version ?
by Zacharias
Wed Apr 29, 2020 5:29 pm
Forum: Beginner Basics
Topic: pleas help me [SOLVED]
Replies: 5
Views: 2270

Re: pleas help me [SOLVED]

@vania902 with the only point of reference my experience, since i do not know all the details of your setup etc... you talk about a Public IP that is in a whole different subnet than the /30 block that your ISP gave you. So the first Public IP you mentioned, is most probably the IP that your ISPs mo...
by Zacharias
Wed Apr 29, 2020 5:16 pm
Forum: General
Topic: Queue at-rate not honoured
Replies: 5
Views: 1626

Re: Queue at-rate not honoured

Well, the HTB Interface as you will see from the Packet flow Diagram https://help.mikrotik.com/docs/display/ROS/Packet+Flow+in+RouterOS#PacketFlowinRouterOS-Example1 is just before the exit of the Physical Interface and more specifically in the Postrouting Chain... Also, as for the limit-at we discu...
by Zacharias
Wed Apr 29, 2020 4:51 pm
Forum: General
Topic: Need advice on firewall rules
Replies: 10
Views: 2405

Re: Need advice on firewall rules

If a Server has services available on the Internet without a VPN then there is always a security Risk... One suggestion would be to use the PSD value on the Firewall, which actually detects TCP and/or UDP Scans... A nice explanation is here: https://forum.mikrotik.com/viewtopic.php?t=108749#p539590 ...
by Zacharias
Tue Apr 28, 2020 11:53 pm
Forum: General
Topic: Fasttrack not working.
Replies: 18
Views: 4048

Re: Fasttrack not working.

At least 2... :D
by Zacharias
Tue Apr 28, 2020 8:54 pm
Forum: Beginner Basics
Topic: Bridge VLAN VRRP
Replies: 2
Views: 1357

Re: Bridge VLAN VRRP

1. No it does not seem correct... I would setup VRRP on SFP1, on SFP2 and on SFP3 (Three different VRRPs) for CCR1 and CCR2... CCR1 would be set with higher Priority in order to be the Master and in case something happened to SFP1 of the CCR1 then SFP1 of CCR2 would start... 2. When working with VLA...
by Zacharias
Tue Apr 28, 2020 8:42 pm
Forum: Virtualization
Topic: License rent for CHR
Replies: 8
Views: 2573

Re: License rent for CHR

by Zacharias
Tue Apr 28, 2020 8:38 pm
Forum: General
Topic: Fasttrack not working.
Replies: 18
Views: 4048

Re: Fasttrack not working.

@mutluit how many posts have you opened for Fasttrack ? :lol:
by Zacharias
Tue Apr 28, 2020 5:26 pm
Forum: Beginner Basics
Topic: pleas help me [SOLVED]
Replies: 5
Views: 2270

Re: pleas help me [SOLVED]

It is always Best practice not to use your real Public IPs as an example... Your ISP gave you a /30 Subnet Block, lets say X.Y.Z.136/30 ... One of there addresses, usually the first one, so the 176.74.123.137 will be used by your ISP. The second one 176.74.123.138 must be used by you and setup on th...
by Zacharias
Tue Apr 28, 2020 4:25 pm
Forum: Beginner Basics
Topic: Multiple pptp clients on one mikrotik
Replies: 2
Views: 1312

Re: Multiple pptp clients on one mikrotik

Sure you can create more that 1 PPTP Clients...

This is called Policy Based Routing. You can achieve it either with the use of Mangles, example here https://wiki.mikrotik.com/wiki/Policy_Base_Routing
or with IP Route Rules...
by Zacharias
Tue Apr 28, 2020 4:08 pm
Forum: Scripting
Topic: VPN Wake On LAN without DHCP
Replies: 2
Views: 1385

Re: VPN Wake On LAN without DHCP

Why not instead use a WOL software, there are many and free, wake your Computer, get Informed as soon as it is active and then do your RDP Session ?

What is the practical reason for waking a Computer up on the first attempt of an RDP Session ? Just wondering...
by Zacharias
Tue Apr 28, 2020 4:02 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

I'll remove fasttrack from the input chain when I see a verification in an official MT document.
Did you click the Link i posted ? That answer is from Mikrotik Support member...
But sure, you know...
by Zacharias
Tue Apr 28, 2020 3:54 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

viewtopic.php?t=123251#p606537
FastTrack works only for forwarded traffic over the router, so there is no point adding fasttrack-connection in input chain.

Ofcorse you have your experience but that does not change the way things work... :D
by Zacharias
Tue Apr 28, 2020 3:51 pm
Forum: General
Topic: Bricked RB951G-2HnD
Replies: 8
Views: 2026

Re: Bricked RB951G-2HnD

Well @normis personally i ve had cases where the reset button did nothing during the booting process... Neither Reset, etherBoot Mode nor anything else...
And it wasn't physically damaged...
I ve had such a problem on a 951Ui-2hnd...
After NetInstall the button was working again as expected...
by Zacharias
Tue Apr 28, 2020 3:21 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

This is just the beginning, not the end :-)
Exactly, i did not go any further, i stopped when i saw that rule...
No it does not make sense...
by Zacharias
Tue Apr 28, 2020 3:15 pm
Forum: General
Topic: Bricked RB951G-2HnD
Replies: 8
Views: 2026

Re: Bricked RB951G-2HnD

does not have one. Checked the board carefully
It is on the back side i think...
by Zacharias
Tue Apr 28, 2020 2:20 pm
Forum: Wireless Networking
Topic: Rural p2p link advice required [SOLVED]
Replies: 14
Views: 3750

Re: Rural p2p link advice required [SOLVED]

I think it will work although i do not like that obstacle there... You should certainly use a higher pole for that Antenna and avoid that obstacle as much as you can (Better Performance)... I ve used both SXTs and LHGs (maybe every model available) on harsh enviroments with a great combination of Wi...
by Zacharias
Tue Apr 28, 2020 2:08 pm
Forum: Beginner Basics
Topic: Port range not working in mangle rules
Replies: 6
Views: 1580

Re: Port range not working in mangle rules

Am not sure if it is correct to add ports and port-ranges at the same line... According to the Manual it should be Ports or Port Ranges...
You can just move your last rules on top and you will be fine...

Edit, both ports and ports ranges can be used without a problem...
by Zacharias
Tue Apr 28, 2020 2:01 pm
Forum: Wireless Networking
Topic: Rural p2p link advice required [SOLVED]
Replies: 14
Views: 3750

Re: Rural p2p link advice required [SOLVED]

I agree with @pukkita and his suggestions...
Nice view as well...
by Zacharias
Tue Apr 28, 2020 1:48 pm
Forum: General
Topic: Bricked RB951G-2HnD
Replies: 8
Views: 2026

Re: Bricked RB951G-2HnD

Sometimes when the reset button does not work, the onboard reset pin does...
by Zacharias
Tue Apr 28, 2020 1:40 pm
Forum: The Dude
Topic: Dude SD failed - unable to recover
Replies: 4
Views: 1884

Re: Dude SD failed - unable to recover

To me it seems your SD card just failed on a hardware level...
by Zacharias
Tue Apr 28, 2020 1:26 pm
Forum: General
Topic: L2TP FastPath not working.
Replies: 9
Views: 2563

Re: L2TP FastPath not working.

Please read carefully before reply.
Chill out @acidsas, people here dedicate some of their time to help you...
:D :D
by Zacharias
Tue Apr 28, 2020 1:23 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

No one can test your rules through a picture since not all parameters are visible...
But i did stop at the very first rule anyways, where did you find a fasttrack rule on the Input Chain ? :-?
by Zacharias
Tue Apr 28, 2020 1:15 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 4792

Re: Failover not working [SOLVED]

I did a packet sniff, the request goes out from the other line to reach 8.8.8.8, but i guess that was obvious...
The unreachability is simulated through firewall or broken link on GNS3...

I also did test the simpler setup and the result remains the same... The DNS requests are always served...
by Zacharias
Tue Apr 28, 2020 2:55 am
Forum: Beginner Basics
Topic: Basic VLAN Setup
Replies: 22
Views: 4347

Re: Basic VLAN Setup

Trying to understand a little more i took a look again at the wiki... https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples So, it says that when we give access to the CPU e.g from eth2 for management purposes or whatever other reason we would do it like: /interface ethernet swit...
by Zacharias
Tue Apr 28, 2020 1:57 am
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 4792

Re: Failover not working [SOLVED]

No @sindy it does not work as it should, i doubled checked... So if you don't mind taking a look in case i dont see something obvious... 0 S dst-address=0.0.0.0/0 gateway=10.10.10.1 gateway-status=10.10.10.1 unreachable distance=1 scope=30 target-scope=10 1 A S dst-address=0.0.0.0/0 gateway=10.10.11...
by Zacharias
Tue Apr 28, 2020 12:05 am
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

Mikrotik default firewall uses Lists, to make things easier... Also it is a good practice the use of Lists because the less firewall rules the better performance we have and it is easier to "read" as well... So, list LAN consists of your Local Networks, your Bridge or Bridges in simple wor...
by Zacharias
Mon Apr 27, 2020 11:51 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 4792

Re: Failover not working [SOLVED]

@sindy yes that is what i meant... However, since i had never tested that the DNS would indeed not work i thought giving it a try on GNS3... So i created a recursive failover with 8.8.8.8 for the first line and 8.8.4.4 for the second one... When the 1st line was off and the 8.8.8.8 was listed as unr...
by Zacharias
Mon Apr 27, 2020 8:46 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

IM posts are temporarily ON,,,,,, just click on the users name on the left hand margin to send message
Why are they ON? And why temporarily?
by Zacharias
Mon Apr 27, 2020 8:33 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

If that's the case then configure your CRS as a Router-Switch... That means, all the important facilities must be running on the CRS, DHCP, DNS, Firewall, Routing etc... Ofcrorse the above is not important... You can enable IP Firewall in the Bridge Settings and Filter the Traffic passing through th...
by Zacharias
Mon Apr 27, 2020 8:22 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

But as said earlier, if you use it as a switch you do not need any Firewall...

Fastrack handler helps packets bypass some procedures that would otherwise slowdown the Routing Process...
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
by Zacharias
Mon Apr 27, 2020 8:16 pm
Forum: General
Topic: making sure the main router manage all connection?
Replies: 25
Views: 4680

Re: making sure the main router manage all connection?

@sindy i was thinking of VLAN Filtering on the Main Router...
But now that you said that, the example here https://wiki.mikrotik.com/wiki/Manual:C ... rding_Mode suits perfectly in the situation...
by Zacharias
Mon Apr 27, 2020 7:53 pm
Forum: General
Topic: Failover not working [SOLVED]
Replies: 19
Views: 4792

Re: Failover not working [SOLVED]

I think it should be mentioned, in case your recursive failover uses some known DNS Servers like 8.8.8.8 then if that DNS is used by your Router as well it won't work...
So make sure you use DNS Servers on your Router more than the ones that are used on your recursive failover as well...
by Zacharias
Mon Apr 27, 2020 7:22 pm
Forum: General
Topic: L2TP FastPath not working.
Replies: 9
Views: 2563

Re: L2TP FastPath not working.

if you play with ipsec you can't use FP That is correct... . IPv4 fast path is automatically used if following conditions are met: . . IpSec policies are not configured (ROS v6.8 ) . . https://wiki.mikrotik.com/wiki/Manual:Fast_Path But you don't mention that you use IPsec, so that might not be you...
by Zacharias
Mon Apr 27, 2020 7:20 pm
Forum: Beginner Basics
Topic: Basic VLAN Setup
Replies: 22
Views: 4347

Re: Basic VLAN Setup

As others mentioned, switch shouldn't be doing that.
Nice to clarify that @mkx...
My logic was saying that this could not be causing a problem but i also had my doubts...
by Zacharias
Mon Apr 27, 2020 7:17 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

Exactly... All the CRS Series models are Router-Switches, you might use it as a Switch only or a Router or both... It is up to you... So in case you choose to use it as a Routing Device you must setup a Firewall... Here you can see the performance results of the Device either for Switching or Routin...
by Zacharias
Mon Apr 27, 2020 7:09 pm
Forum: General
Topic: making sure the main router manage all connection?
Replies: 25
Views: 4680

Re: making sure the main router manage all connection?

What would you suggest here @mkx, Bridge VLAN filtering thus losing the HW Offload or SW Filtering ?
by Zacharias
Mon Apr 27, 2020 6:59 pm
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

This is the Default Firewall a Mikrotik Router has configured... Your CRS does not have it because it is intended to be used as a switch, that is the reason... I just informed you of the Mikrotik's suggested firewall.. which ofcorse you can make it more strict... The Link that @mozerd posted has the...
by Zacharias
Mon Apr 27, 2020 6:56 pm
Forum: Beginner Basics
Topic: Can't ping between subnets
Replies: 11
Views: 2274

Re: Can't ping between subnets

The point is your guessing again Zach. @anav i really try not to guess... :lol: However i just mentioned some basics that could lead to such a problem, nothing more nothing less... Since no extra configuration is needed for 2 or more Subnets to communicate through the same Routing device when they ...
by Zacharias
Mon Apr 27, 2020 6:48 pm
Forum: Wireless Networking
Topic: capsman 2.4Ghz 40Mhz Turbo hAP lite?
Replies: 11
Views: 3693

Re: capsman 2.4Ghz 40Mhz Turbo hAP lite?

@mkx on your first post i see no explanation as to why use of 40Mhz Channel width is good or not... You just gave the configuration and thats it... At least i explained why i do think 40Mhz is not a good Choice for this Band, and ofcorse the OP can follow my suggestion or not... Also you missed the ...
by Zacharias
Mon Apr 27, 2020 4:12 am
Forum: Beginner Basics
Topic: Configuring the Firewall in RouterOS [SOLVED]
Replies: 38
Views: 8063

Re: Configuring the Firewall in RouterOS [SOLVED]

This is the default Firewall Filter: /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid...
by Zacharias
Mon Apr 27, 2020 3:50 am
Forum: General
Topic: L2TP FastPath not working.
Replies: 9
Views: 2563

Re: L2TP FastPath not working.

Is Allow Fast Path enabled on the Client and Server ?
by Zacharias
Mon Apr 27, 2020 3:22 am
Forum: General
Topic: MikroTik L2TP/IPSec client
Replies: 12
Views: 3050

Re: MikroTik L2TP/IPSec client

Go to PPP Profiles, double click the Profile used on your L2TP Client and you will find those attributes on the 1st and 2nd Tab...
Also, you could just try and remove the IPsecret from the L2TP Client and try without it... The server might be configured to allow the connection even without IPsec...
by Zacharias
Mon Apr 27, 2020 1:58 am
Forum: Beginner Basics
Topic: Can't ping between subnets
Replies: 11
Views: 2274

Re: Can't ping between subnets

Unless you block them with your Firewall Filter, you should be able to reach each subnet from your hosts...
Or you have not properly configured Mangles / Policy Route Rules...
by Zacharias
Mon Apr 27, 2020 1:52 am
Forum: General
Topic: making sure the main router manage all connection?
Replies: 25
Views: 4680

Re: making sure the main router manage all connection?

Yes, that would be an option too...
CapsMan to Forwarding Mode so that he makes use of the Bridge Filtering on the HAP...
However the Best certainly not...

A proper segmentation of the Network would consist of VLAN configuration and proper Firewall configured...
by Zacharias
Mon Apr 27, 2020 1:49 am
Forum: Wireless Networking
Topic: capsman 2.4Ghz 40Mhz Turbo hAP lite?
Replies: 11
Views: 3693

Re: capsman 2.4Ghz 40Mhz Turbo hAP lite?

and that enables the auto 20/40 mode.
Correct...
by Zacharias
Mon Apr 27, 2020 1:21 am
Forum: General
Topic: MikroTik L2TP/IPSec client
Replies: 12
Views: 3050

Re: MikroTik L2TP/IPSec client

Your Firewall is fine...
When you try to connect to the Server, make sure there is no other L2TP Client active on your Network...
Also, check the profile for your L2TP Client, make sure Change TCP mss is set to yes. Also try without encryption in case it is enabled...
by Zacharias
Mon Apr 27, 2020 1:17 am
Forum: Beginner Basics
Topic: 2 WANs possible with CRS326-24G-2S+ with RouterOS ? [SOLVED]
Replies: 8
Views: 3285

Re: 2 WANs possible with CRS326-24G-2S+ with RouterOS ? [SOLVED]

Yes, Multi-layer-switches can route at wire speed - MLS ....
A multi Layer switch is just a Switch with Layer 3 capabilities...
And am sure their traffic passes the CPU before reaching the Switch...
by Zacharias
Mon Apr 27, 2020 1:13 am
Forum: Beginner Basics
Topic: Basic VLAN Setup
Replies: 22
Views: 4347

Re: Basic VLAN Setup

I removed switch1-cpu from switch vlan and everything is working as expected.
I am not sure why this was the problem, switch1-cpu just gives access to CPU, needed or not i don't see why it caused a problem...
by Zacharias
Mon Apr 27, 2020 1:08 am
Forum: General
Topic: MikroTik L2TP/IPSec client
Replies: 12
Views: 3050

Re: MikroTik L2TP/IPSec client

Please export your firelwall settings with hide-sensitive...
by Zacharias
Mon Apr 27, 2020 1:03 am
Forum: General
Topic: making sure the main router manage all connection?
Replies: 25
Views: 4680

Re: making sure the main router manage all connection?

i'm able to use the ip firewall to block since i removed the hardware offloading (i have tested it) Then you have enabled the Bridge Firewall under Bridge Settings... Again, the Firewall does not capture Layer 2 traffic.... The only way to achieve that is to enable the Bridge Firewall and force tha...
by Zacharias
Mon Apr 27, 2020 12:45 am
Forum: General
Topic: MikroTik L2TP/IPSec client
Replies: 12
Views: 3050

Re: MikroTik L2TP/IPSec client

Your computer is not handled by the Input chain...
by Zacharias
Mon Apr 27, 2020 12:25 am
Forum: General
Topic: MikroTik L2TP/IPSec client
Replies: 12
Views: 3050

Re: MikroTik L2TP/IPSec client

On the server or client side? A non properly configured firewall could be a reason for that... On the Client, since you ve tested with another device and the server works... If for example on your firewall you have any strange rules on top blocking in the Input chain ports essential for the L2TP/IP...
by Zacharias
Mon Apr 27, 2020 12:15 am
Forum: General
Topic: MikroTik L2TP/IPSec client
Replies: 12
Views: 3050

Re: MikroTik L2TP/IPSec client

A non properly configured firewall could be a reason for that...
by Zacharias
Mon Apr 27, 2020 12:05 am
Forum: Beginner Basics
Topic: Basic VLAN Setup
Replies: 22
Views: 4347

Re: Basic VLAN Setup

Check my #2 post and use the sa-learning and learn values...
by Zacharias
Mon Apr 27, 2020 12:00 am
Forum: General
Topic: making sure the main router manage all connection?
Replies: 25
Views: 4680

Re: making sure the main router manage all connection?

So, you re telling that up to now you were using a Dynamic Address List to block Wireless clients accessing Local Resources (Layer 2 Traffic )using the Firewall... And now you want to extend that on CAP... You know that this is possible only by using Bridge Firewall right ? Otherwise you blocked not...
by Zacharias
Sun Apr 26, 2020 11:44 pm
Forum: General
Topic: making sure the main router manage all connection?
Replies: 25
Views: 4680

Re: making sure the main router manage all connection?

Blocking other based on dynamic address list
Blocking others from doing what ?
Accessing the Internet ? Some local hosts ?
by Zacharias
Sun Apr 26, 2020 11:31 pm
Forum: General
Topic: making sure the main router manage all connection?
Replies: 25
Views: 4680

Re: making sure the main router manage all connection?

i want all traffic to go through the hAP The traffic anyways will go through the HAP when it must go through the HAP... HAP is your Router, when traffic needs to be routed will go through it... Other than that, HAP can handle Layer 2 traffic and CAP can do it as well... For example, when 2 wireless...
by Zacharias
Sun Apr 26, 2020 11:17 pm
Forum: General
Topic: Router is suddenly dropping connections.
Replies: 10
Views: 2695

Re: Router is suddenly dropping connections.

I also faced this issue. Maybe last messages of the following post can help you.
There are hundreds of reasons why a port could go Down/Up or a Router Reboots...
by Zacharias
Sun Apr 26, 2020 11:11 pm
Forum: Wireless Networking
Topic: capsman 2.4Ghz 40Mhz Turbo hAP lite?
Replies: 11
Views: 3693

Re: capsman 2.4Ghz 40Mhz Turbo hAP lite?

@mkx personally i will never use 40Mhz channel width to any CapsMan setup in the 2.4Ghz Band...
by Zacharias
Sun Apr 26, 2020 10:55 pm
Forum: General
Topic: making sure the main router manage all connection?
Replies: 25
Views: 4680

Re: making sure the main router manage all connection?

I have removed hardware offload on both I don't see the reason to do that... You miss one important thing, the devices within the same Broadcast Domain are communicating to each other in the Layer 2, using MAC addresses. Layer 2 Traffic, does not pass through the Firewall. Layer 3 Traffic on the ot...
by Zacharias
Sun Apr 26, 2020 10:42 pm
Forum: Beginner Basics
Topic: 2 WANs possible with CRS326-24G-2S+ with RouterOS ? [SOLVED]
Replies: 8
Views: 3285

Re: 2 WANs possible with CRS326-24G-2S+ with RouterOS ? [SOLVED]

If you want to route at wire speed on the switch YOU will need to look at other brands.
Route at wire speed on the Switch ? :?
What is that supposed to mean? A switch is a switch, it does not route Traffic...
The CPU takes part in the Routing Process...
by Zacharias
Sun Apr 26, 2020 9:53 pm
Forum: Wireless Networking
Topic: capsman 2.4Ghz 40Mhz Turbo hAP lite?
Replies: 11
Views: 3693

Re: capsman 2.4Ghz 40Mhz Turbo hAP lite?

To @syadnom's question: it works if set like this: Code: Select all /caps-man channel add band=2ghz-g/n control-channel-width=20mhz extension-channel=XX <the rest of settings> Nothing guarantees that the client will connect using 40Mhz channel width... but nice try @mkx... It can be either 20Mhz or...
by Zacharias
Sun Apr 26, 2020 7:58 pm
Forum: Wireless Networking
Topic: capsman 2.4Ghz 40Mhz Turbo hAP lite?
Replies: 11
Views: 3693

Re: capsman 2.4Ghz 40Mhz Turbo hAP lite?

Why would you use 40Mhz Channel on the over crowded 2.4Ghz Band that has only 3 non-overlapping channels? No way... :D Besides that, i do not think that there is ANY client on the 2.4Ghz band that supports a 40Mhz Channel width... And, if i remember right, it is not even supported... So, you will se...
by Zacharias
Sun Apr 26, 2020 7:15 pm
Forum: General
Topic: Need advice on firewall rules
Replies: 10
Views: 2405

Re: Need advice on firewall rules

I agee as well...
Best source for studying is always the wiki and not random tutorials around...
by Zacharias
Sun Apr 26, 2020 7:05 pm
Forum: RouterBOARD hardware
Topic: CRS354 not full gigabit on ethernet ports [SOLVED]
Replies: 14
Views: 6949

Re: CRS354 not full gigabit on ethernet ports [SOLVED]

You should mark as solved the actual post that shows the solution, so others can eaily find it without reading all the posts...
by Zacharias
Sun Apr 26, 2020 6:48 pm
Forum: Beginner Basics
Topic: 2 WANs possible with CRS326-24G-2S+ with RouterOS ? [SOLVED]
Replies: 8
Views: 3285

Re: 2 WANs possible with CRS326-24G-2S+ with RouterOS ? [SOLVED]

All Mikrotiks run the same Software, either swOS or RouterOS... swOS can be used on Devices that will do Switching, and thats it...! For routing purposes you use RouterOS... If you want the device to load balance multiple WAN interfaces you must notice that CRS Series are Router-Switches that have l...
by Zacharias
Sun Apr 26, 2020 6:41 pm
Forum: General
Topic: Queue at-rate not honoured
Replies: 5
Views: 1626

Re: Queue at-rate not honoured

One obvious cause may be that we do not get the 1 Gbps from our provider
Well, exactly, if you are not sure of the Bandwidth the ISP gave you at the moment you can't blame the queues...
by Zacharias
Sun Apr 26, 2020 6:37 pm
Forum: SwOS
Topic: RB260GS limitations
Replies: 9
Views: 3166

Re: RB260GS limitations

Sounds ok...
by Zacharias
Sun Apr 26, 2020 5:36 pm
Forum: General
Topic: LACP Active/Passive on RouterOS
Replies: 3
Views: 1714

Re: LACP Active/Passive on RouterOS

Ok i ll check again later in the day :)
Edit: Can't see any LACP Frames neither with Packet Sniffer not With Wireshark, so to me it does not work on CHR's...
by Zacharias
Sun Apr 26, 2020 5:32 pm
Forum: General
Topic: Router is suddenly dropping connections.
Replies: 10
Views: 2695

Re: Router is suddenly dropping connections.

Is your power supply good ? Did you test with another one ?
How often are the Reboots?
by Zacharias
Sun Apr 26, 2020 3:42 am
Forum: General
Topic: Router is suddenly dropping connections.
Replies: 10
Views: 2695

Re: Router is suddenly dropping connections.

Check Log, CPU, Temperatures, any recent changes etc...
by Zacharias
Sun Apr 26, 2020 3:20 am
Forum: General
Topic: LACP Active/Passive on RouterOS
Replies: 3
Views: 1714

Re: LACP Active/Passive on RouterOS

The default seems to be Active...
With a quick capture using Wireshark and GNS3 the 802.3ad Bonding sends LLDP Frames without any 802.3ad Bond on the other Side...
by Zacharias
Sun Apr 26, 2020 3:11 am
Forum: Beginner Basics
Topic: Dual WAN Mangle routing
Replies: 1
Views: 1296

Re: Dual WAN Mangle routing

There are 2 ways... First in your Routing Table you mark your 2 WAN connections... e.g. /ip route add distance=1 gateway=192.168.1.1 routing-mark=ISP1 add distance=1 gateway=192.168.75.2 routing-mark=ISP2 Then if i want a host with address 192.168.20.254 to use ISP1 and host with address 192.168.20....
by Zacharias
Sun Apr 26, 2020 2:27 am
Forum: General
Topic: Can't Access Several Website
Replies: 5
Views: 1644

Re: Can't Access Several Website

- change MTU to 1492 both in PPOE connection and in Bridge
The Bridge MTU must be set to 1500Byte...
by Zacharias
Sun Apr 26, 2020 2:23 am
Forum: General
Topic: Simple routing..not so simple for me
Replies: 2
Views: 1304

Re: Simple routing..not so simple for me

I think it will be easier to understand if you make a network diagram...
by Zacharias
Sun Apr 26, 2020 1:58 am
Forum: General
Topic: Router is suddenly dropping connections.
Replies: 10
Views: 2695

Re: Router is suddenly dropping connections.

RouterOS version and model ?
Is Watchdog to default settings ? if yes then a reboot means that the Router was unresponsive for 1 minute...
by Zacharias
Sun Apr 26, 2020 1:51 am
Forum: Beginner Basics
Topic: Lease Expiry Causing DHCP Critical Error [SOLVED]
Replies: 23
Views: 5559

Re: Lease Expiry Causing DHCP Critical Error [SOLVED]

@anav you never provided details of the debug log...
Also if there is no access to the modem from anyone, you don't need an engineer, you need a better modem/Router...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 8