Community discussions

MUM Europe 2020

Search found 40 matches

by Chiverel
Sat Jul 27, 2019 6:52 pm
Forum: Beginner Basics
Topic: Fixed IP using VLANs. How?
Replies: 1
Views: 372

Fixed IP using VLANs. How?

Hi, I have issues with assigning fixed IPs using static entries in DHCP lease table for my device. Setup is following: - MT border router (with DHCP server) has a trunk port carrying 3 vlans to the other MT device acting as AP + providing access port to the one vlan. - AP has 3 vlans with dhcp clien...
by Chiverel
Mon Jun 24, 2019 10:39 am
Forum: Forwarding Protocols
Topic: Multicast [SOLVED]
Replies: 9
Views: 1222

Re: Multicast [SOLVED]

There's a chance that you have packets with TTL=1. If you have them, you can increase TTL using mangle.

I recall it was explicitly mentioned for VLC when tried to configure my setup.

Check this example as well, it has nearly yours case.
by Chiverel
Wed Jul 11, 2018 2:00 pm
Forum: General
Topic: VPN attacks? Blocking?
Replies: 8
Views: 2786

Re: VPN attacks? Blocking?

Think of port-knocking implementation (it's really flexible and it's only you who decide how paranoid you are to complicate the procedure) or similar techniques. Router would automatically add your IP into white list and you'll be able to connect afterwards. Other attempts for the direct connection ...
by Chiverel
Sat Jul 07, 2018 11:49 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

You're right that that rule does nothing, except adding entries in the log. I added that to see whether mcast packets are actually hitting the forward chain and that's all. That dirty solution is a bit easier that traffic sniffing and basically did what I wanted. I tested VLC solution some time ago ...
by Chiverel
Sat Jul 07, 2018 2:53 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

Get ready for the next long read without the happy end :( We're stepping into the area where I’m really a noob. And the discussion doesn’t really match a Basic setup as mentioned in the topic. I didn’t expect this kind of details here. We clarified how discovery is done, but I’ll repeat again briefl...
by Chiverel
Sat Jul 07, 2018 12:23 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

An update from my side. I just was curious that we both face discovery delays with QNAP devices. Mine is an entry level TS-253A btw. So I decided to postpone deep packet inspection and add another DLNA server on my network that is equivalent of your VLAN10. So I just enabled DLNA server on Win10 hos...
by Chiverel
Thu Jul 05, 2018 9:25 pm
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

And the negative impact of decreasing polling periods (if that's the deal) would lead to increasing traffic in your network that is quite unwanted in many cases. It shouldn't be an issue when you have a small amount of devices, but is worth to mention.
by Chiverel
Thu Jul 05, 2018 9:16 pm
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

I have the same issue with timing. When I'm connected via VPN on Android or Windows, then there is a significant delay in DLNA discovery in 75% of cases I'd say. It takes from about 10 seconds up to 2 minutes or so. This is why I wanted you to check network packets, rather then just running "network...
by Chiverel
Thu Jul 05, 2018 5:06 pm
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

This is damn tricky part. Here how I do it: - vlan10 has 192.168.10.58 that is my QNAP - Ovpn-Bridge has Android device connected over OpenVPN-TAP adapter (L2) and has active IP address 192.168.11.14 - Start packet sniffer on vlan10 /tool sniffer set filter-interface=vid10-home-1G filter-ip-protocol...
by Chiverel
Thu Jul 05, 2018 2:06 pm
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

I'm not really sure, but it could be a TTL issue on some packets. Sonos could send packets with higher TTL than other devices, thus it's packets are really forwarded. Not the mangle rules I've posted in my first posts. Adjust these and ensure it covers only required interface lists /ip firewall mang...
by Chiverel
Thu Jul 05, 2018 9:42 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

Ok, now I can see your 172.16.40.100 device connected to the same RP and group 239.255.255.250 that your media server and other working clients use. Upstream and downstream are also detected properly. This makes me think PIM is configured fine and the problem could be elsewhere, except the log would...
by Chiverel
Thu Jul 05, 2018 12:25 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

Btw, when I'm connected over vpn, i don't see my nas in the network environment as well. But it appears in windows media player after some time when refresh period completes. It could be up to couple of minutes. The same thing with vlc. It's important to set connection as private in order to use DLN...
by Chiverel
Thu Jul 05, 2018 12:20 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

You can use "slick upnp" app an android to see DLNA devices. It works awesome. I have the opposite question. When you run that sniffer tool in vlan10, do you see messages from vlan40? Are there any errors or warnings in mikrotik log with PIM topic? Could you share your PIM details again after those ...
by Chiverel
Wed Jul 04, 2018 9:52 pm
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

Nice input. When you connect your windows host to VLAN40, can it see your Qnap NAS? For example you launch standard windows media player, can you see Twonky? It usually appears like the "HDHome..." entry on the image below https://blogs.serioustek.net/wp-content/uploads/2013/06/hdhr3.PNG I'm just wo...
by Chiverel
Wed Jul 04, 2018 3:47 pm
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

I'm not a specialist as well. But have been investigating PIM a bit. I do see that you have 2 RPs configured. I assume that in your setup there should be only 1 RP which is 172.16.30.1. Could you post your /routing pim export In addition you need to allow SSDP traffic from your VLAN40 similar to wha...
by Chiverel
Wed Jul 04, 2018 2:20 pm
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example (basic)

Hi, what does following command say? /routing pim mfc print detail There should be an entry with following values: - proper group (I suppose it should be 239.255.255.250) - VLAN10 as upstream interface - VLAN40 as downstream interface Do you have an RP defined? Can you see your devices IPs joined th...
by Chiverel
Sat Jun 30, 2018 10:06 pm
Forum: Beginner Basics
Topic: PIM warnings, but setup is working
Replies: 1
Views: 642

Re: PIM warnings, but setup is working

The answer for the 1st question was my stupid mistake. OpenVPN interface had the same local address as the Bridge, to what it is connected. It seems like that IP is removed from PIM upon tunnel disconnect, this is why route to Bridge was removed and did not appear in MFC. I've changed local address ...
by Chiverel
Fri Jun 22, 2018 4:49 pm
Forum: Beginner Basics
Topic: PIM warnings, but setup is working
Replies: 1
Views: 642

PIM warnings, but setup is working

Hi, next test scenario from me (image is clickable). http://i.piccy.info/i9/e0ff43d642682aa5eec73977cf43fe7f/1529675599/9564/1245766/PIM_setup_500.jpg http://i.piccy.info/a3/2018-06-22-13-53/i9-12432911/500x171-r/i.gif Router A is a wireless bridge. All ports and wireless adapter are bridged. Bridge...
by Chiverel
Tue Jun 19, 2018 6:03 pm
Forum: Beginner Basics
Topic: Forward multicast UDP
Replies: 1
Views: 471

Re: Forward multicast UDP

Igmp-proxy or PIM may be helpful. wiki
by Chiverel
Fri Jun 15, 2018 1:48 pm
Forum: Beginner Basics
Topic: Incorrect Upnp entries when using VLANs in a bridge. What's missing?
Replies: 5
Views: 598

Re: Incorrect Upnp entries when using VLANs in a bridge. What's missing?

There was some glitch with that RB. I've checked upnp replies from router even when disabled external interface or upnp completely. Reply contained information about 2 WANConnectionDevices. One of those had that vlan address as an external IP. It seems like some process got stuck and haven't receive...
by Chiverel
Mon Jun 11, 2018 4:51 pm
Forum: Beginner Basics
Topic: Incorrect Upnp entries when using VLANs in a bridge. What's missing?
Replies: 5
Views: 598

Re: Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Ok, thanks for the hint. I'll try to reproduce the case on another device and provide supout from that box. I'm a bit unsure to send such data from my main router.
by Chiverel
Mon Jun 11, 2018 4:02 pm
Forum: Beginner Basics
Topic: Incorrect Upnp entries when using VLANs in a bridge. What's missing?
Replies: 5
Views: 598

Re: Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Thanks for a quick reply.
Rules are created exactly the same way. Using vlan IP and in-interface. Basically I was going the opposite way: I had both bridge and vlan in the Upnp -> internal interfaces; then disabled bridge there and that didn't improve the situation.
by Chiverel
Mon Jun 11, 2018 2:50 pm
Forum: Beginner Basics
Topic: Incorrect Upnp entries when using VLANs in a bridge. What's missing?
Replies: 5
Views: 598

Incorrect Upnp entries when using VLANs in a bridge. What's missing?

Hi, I face a problem with dynamic Upnp rules created by my RB2011 running Ros6.42.3. Setup is following: Upnp is on eth2 is a wan port; it is the only external inteface in upnp settings there is a bridge, containing VLAN and a number of ports. Setup is working properly (lan, internet access etc), 19...
by Chiverel
Fri Jun 08, 2018 12:55 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example

Improvements Distribute static multicast routes to the networks where you suppose to have media servers. Thus, you don’t need to add routes manually. This can be done using DHCP option 121 and the following helper . /ip dhcp-server option add code=121 name=cons-mcast-routes value=0x04e0c0a80001 add...
by Chiverel
Fri Jun 08, 2018 12:54 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Re: Working DLNA routing example

Please skip this message if you’re not interested in some kind of TLDR manual. We start from a scenario where nothing must be done. Map device has 1 bridge with 2 interfaces, DHCP server and that’s it. Just to ensure that there are no problems on the producer and consumer devices. Schema (clickable)...
by Chiverel
Fri Jun 08, 2018 12:44 am
Forum: Beginner Basics
Topic: Working DLNA routing example (basic)
Replies: 27
Views: 7338

Working DLNA routing example (basic)

Hi there. This time I’m trying to understand PIM-SM implementation on Mikrotik device. I post the basic working configuration right here. And for those who is curious, I’ll share more details in the further posts. Hopefully this config would save somebody time. I wasn’t able to directly find answers...
by Chiverel
Mon Jun 04, 2018 6:28 am
Forum: General
Topic: VLAN SWITCH
Replies: 38
Views: 2292

Re: VLAN SWITCH

As long as you use one or the other, they will be hardware switched. But you can use a software bridge and it would be fine as long as you're not expecting maximum bandwidth.
Exactly
by Chiverel
Mon Jun 04, 2018 5:55 am
Forum: General
Topic: VLAN SWITCH
Replies: 38
Views: 2292

Re: VLAN SWITCH

You won't be able to fully switch your 8 remaining ports, because there are 2 physical switches in this RB. There are for sure some workarounds. I've written recently some investigations here . And regarding gateways. I assume it should be possible to add default routes via different interfaces usin...
by Chiverel
Tue May 29, 2018 8:48 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 34
Views: 3991

Re: Several isolated networks

I am not sure why it is not accepting the dhcp-server rules for office_server and POS_server ?????????????? Because your ports are added into bridge. /interface ethernet set [ find default-name=ether1 ] name=eth1_WAN set [ find default-name=ether2 ] name=eth2_kontor set [ find default-name=ether3 ]...
by Chiverel
Mon May 28, 2018 5:35 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 34
Views: 3991

Re: Several isolated networks

It looks like you've assigned several IP networks to the same WorkBridge. /ip dhcp-server add address-pool=dhcp-WorkLAN disabled=no interface=WorkBridge name=Work_Server add address-pool=dhcp-GuestLAN disabled=no interface=eth3_gjest name=Guest_Server #failure: server or relay with such interface al...
by Chiverel
Sat May 26, 2018 8:43 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 34
Views: 3991

Re: Several isolated networks

You could also implement a port-knocking that adds your current IP address in the VPN white list for some time, and thus even VPN connection could be allowed to a certain addresses within predefined amount of time.
by Chiverel
Sat May 26, 2018 8:32 pm
Forum: Beginner Basics
Topic: How to block IP-range
Replies: 8
Views: 7155

Re: How to block IP-range

You could use "ip firewall raw" in the prerouting chain instead of "ip firewall filter". In this case packets are not processed by connection tracking and then unwanted traffic would consume less CPU. And instead of creating 2 rules for src and dst port, you can use Any port and only single rule. An...
by Chiverel
Mon May 21, 2018 11:38 pm
Forum: General
Topic: vLAN with Switch chips _ scenario-based solutions
Replies: 33
Views: 6854

Re: vLAN with Switch chips _ scenario-based solutions

@CZFan, Thanks for your comments. 1. If you plan to Switch all ports, then yes. Since I'm planning to use eth2 as WAN, eth9 as Management and eth1+eth10 as reserved so far, and those ports won't be a part of a Home bridge. I don't see the point of enabling HW offload there. With the current setup I ...
by Chiverel
Mon May 21, 2018 8:10 pm
Forum: General
Topic: vLAN with Switch chips _ scenario-based solutions
Replies: 33
Views: 6854

Re: vLAN with Switch chips _ scenario-based solutions

Maybe my experience would help someone, since topic is not really active. Summary of testing VLANs with HW offloading with the following config: VLAN 10: access ports eth3, eth4; trunk eth5; DHCP 192.168.10.0/27 VLAN 20: access ports eth7, eth8; trunk eth6; DHCP 192.168.20.0/27 Here’s a picture (cli...
by Chiverel
Sat May 19, 2018 11:57 pm
Forum: General
Topic: vLAN with Switch chips _ scenario-based solutions
Replies: 33
Views: 6854

Re: vLAN with Switch chips _ scenario-based solutions

And the last one . Let's imagine: I have a named Bridge-1G with DHCP with ether3-5 VLAN 10 are is assigned on a switch VLANs just like above ( ether3-5, sw1-cpu ) I decide to extend my VLAN=10 on the switch2. So my actions are either: Add Bridge-100M without DHCP, add ether6-ether10; Add same ports...
by Chiverel
Fri May 18, 2018 6:34 pm
Forum: General
Topic: vLAN with Switch chips _ scenario-based solutions
Replies: 33
Views: 6854

Re: vLAN with Switch chips _ scenario-based solutions

I'll dare to bump this old thread. I'm trying to understand vlans and essential topic seems to be just a right place. There's a bunch of information on older ROS configuration. But I don't have solid knowledge for that and have problems in adjusting those configs into hew HW offload bridges/vlan/swi...
by Chiverel
Wed Jan 17, 2018 9:54 pm
Forum: Beginner Basics
Topic: QoS and interfaces
Replies: 4
Views: 605

Re: QoS and interfaces

Thanks, I'm already moving this direction. I've splitted up LAN and WLAN from the single bridge and assigned IP addresses from different segments today. That caused adding static routes between segments to ensure clients will be able to communicate from LAN to WLAN and vice versa. Additional trick w...
by Chiverel
Wed Jan 17, 2018 8:28 am
Forum: Beginner Basics
Topic: QoS and interfaces
Replies: 4
Views: 605

Re: QoS and interfaces

Thank you for reply. Yes, I thought about that, but I don't like that idea, since DHCP server is attached to Bridge and I don't know what addresses are assigned to Wi-Fi, wired or even VPN users. Such situation spawns the problem with new devices. I'd like to avoid adjusting IP address lists constan...
by Chiverel
Mon Jan 15, 2018 10:04 pm
Forum: Beginner Basics
Topic: QoS and interfaces
Replies: 4
Views: 605

QoS and interfaces

Hi, I'm using RB2011 and I'm quite satisfied with it. I'd like to get a bit more of the router and try to implement QoS, but the whole picture doesn't appear in my head yet. I'd be happy in case you could share your experience here. I have several bridges currently: - Home network: ether1—ether7 + w...