Community discussions

MikroTik App

Search found 15 matches

by nradu
Mon Aug 12, 2019 8:44 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

Hello again, I think I've reached my technical limitations, as I don't understand some things, like... 1. I made some extra tests and configuration changes regarding Manager Forwarding and I reach the following conclusion: there is a single configuration of CAP and Manager certificates possible that...
by nradu
Wed Aug 07, 2019 6:36 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

@andriys, I did basic tests using speedtest app on Android phone on 5G WiFi, changing only from Local Forwarding to Manager Forwarding on Data Path between the 2 tests (nothing else): For manager forwarding I have in average: - 100Mbps on speedtest - wAP CPU usage @ 85% on cpu0 / 45% on wireless in ...
by nradu
Tue Aug 06, 2019 4:58 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

Yes, it will only work if CAPsMAN manager forwarding is used. Why do you think 5G speed will suffer? In my previous tests with current setup (hEX as router and CAPs Manager + 2 wAP AC as CAPs) I cannot get above 40-50Mbps download/upload speed no matter how I test and what band I use if manager for...
by nradu
Tue Aug 06, 2019 4:31 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

Consider ether3-5 trusted and ether2 untrusted. Remove ether2 from bridge. Do not add IP. Just connect WAP and use certificates. Add managed CAPsMAN interfaces to trusted network. LAN devices on ether3-5 can communicate with wireless devices via bridge. Port ether2 is secured (nothing else but WAP ...
by nradu
Tue Aug 06, 2019 3:48 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

Will try and let you know :)
Thanks :)

Radu.
by nradu
Tue Aug 06, 2019 3:25 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

thanks Nescafe. Idea is that I cannot isolate WiFi devices from LAN devices and vice-versa. But in the same time I need to protect some LAN devices from being accessible by an unauthorized device that might plug into LAN using the exposed Ethernet cable used by external wAP. It seems to be quite a c...
by nradu
Tue Aug 06, 2019 2:52 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

the wAP is Mikrotik (wAP AC) and it will be managed by CAPsMAN together with other 2 wAP AC.
maybe this can help to implement some extra checks in the scripts (sorry, I'm really a noob regarding Mikrotik scripting).

Radu
by nradu
Tue Aug 06, 2019 2:21 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

:( not good, as all MAC addresses of WiFi clients connected to the wAP will be visible on this Ethernet interface.
Still searching for solution :)

Radu
by nradu
Tue Aug 06, 2019 12:07 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Re: Restrict access to hEX Ethernet port only for wAP

Thank you everybody for your answers. I'll try to implement some scripts, starting from Jotne proposals. I'm wondering what happens if someone plugs a switch between the wAP and hEX: will router see the MAC of the switch? If there are any other ideas, fell free to share them here, any improvement is...
by nradu
Mon Aug 05, 2019 4:25 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2745

Restrict access to hEX Ethernet port only for wAP

Guys, I need to install an additional wAP device in my yard and I'd like to secure as much as possible the physical connection between it and the router (hEX RB750G3). As no matter how secure I run the Ethernet cable, one might still physical access the wAP, disconnect it and connect an unauthorized...
by nradu
Mon Dec 31, 2018 4:19 pm
Forum: Beginner Basics
Topic: Advanced configuration for a home network
Replies: 6
Views: 1816

Re: Advanced configuration for a home network

the rules you marked with green are for hairpin - without them I couldn't access the NAS from LAN using the external name & I couldn't access any LAN device when connected via VPN.
by nradu
Sun Dec 30, 2018 9:20 pm
Forum: Beginner Basics
Topic: Advanced configuration for a home network
Replies: 6
Views: 1816

Re: Advanced configuration for a home network

Thanks Anav.

I do the port forwarding in NAT, not via Filter Rules - that's why I miss IP Firewall Filter rules for port forwarding and that's why I have more dstnat rules (one for each port forwarding opened for NAS). Is it better to implement firewall rules for this instead of NAT?

Regards,
Radu
by nradu
Sat Dec 29, 2018 1:29 pm
Forum: Beginner Basics
Topic: Advanced configuration for a home network
Replies: 6
Views: 1816

Advanced configuration for a home network

Guys, I'm still a beginner user of Mikrotik, I have basically setup my home network using one 750G r3 hEX router & 2 wAP AC access points; router is CAPsMAN for the 2 APs. I would need some expert advice on my current configuration as I have 3 major open points: - Is my firewall configuration safe e...
by nradu
Sat Feb 24, 2018 10:15 pm
Forum: Beginner Basics
Topic: Capsman and Virtual AP - how to setup?
Replies: 6
Views: 6250

Re: Capsman and Virtual AP - how to setup?

Thank you! It's clear now.

Radu
by nradu
Tue Feb 20, 2018 10:19 pm
Forum: Beginner Basics
Topic: Capsman and Virtual AP - how to setup?
Replies: 6
Views: 6250

Capsman and Virtual AP - how to setup?

Hello everybody, I'm a beginner in Mikrotik devices and I need your help how to setup Virtual AP (Guest WiFi) in the following setup: 1 hEX router (with DHCP server, firewall, NAT etc running) and 2 wAPs connected via Ethernet to the hEX, both CAPs controlled by CAPsMAN running on hEX (local forward...