Community discussions

Search found 2968 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 10
by anav
Fri Oct 18, 2019 11:21 pm
Forum: Announcements
Topic: SwOS version 2.10 released!
Replies: 38
Views: 12830

Re: SwOS version 2.10 released!

Just upgraded to 2.10 and it upgraded and now states version 2.0p, which is not 2.10???
new260gs model.

What the heck is 2.0p ?????
I tried manually loading 2.10 again but still stuck on 2.0p?
Afraid to upgrade my other unit from 2.9
by anav
Mon Oct 14, 2019 8:34 pm
Forum: Wireless Networking
Topic: What MikroTik solution works for a home multiple 5G repeater Wifi network
Replies: 2
Views: 246

Re: What MikroTik solution works for a home multiple 5G repeater Wifi network

Check out their new Audience lineup.... (mesh of some sort)
by anav
Mon Oct 14, 2019 6:20 pm
Forum: Beginner Basics
Topic: Philips Hue Stopped Working
Replies: 7
Views: 428

Re: Philips Hue Stopped Working

This is a bit confusing..... /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN add action=dst-nat chain=dstnat disabled=yes dst-address=xxxxxxxxx dst-port=xxxx protocol=udp to-addresses=192.168.1.xx to-ports=xxx add action=...
by anav
Mon Oct 14, 2019 6:10 pm
Forum: Beginner Basics
Topic: Philips Hue Stopped Working
Replies: 7
Views: 428

Re: Philips Hue Stopped Working

This...............
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0

Change interface to bridge (not ether2).
by anav
Sun Oct 13, 2019 3:03 am
Forum: General
Topic: bridge1 dynamically being added as an untagged port.
Replies: 6
Views: 420

Re: bridge1 dynamically being added as an untagged port.

In other words, its normal behaviour.
Good idea to let vlan1 and its defaults to remain as things just work well.
Also helps when connecting to other vlan capable devices, switches capac etc, that also have vlan1 defaults.
by anav
Sat Oct 12, 2019 11:33 pm
Forum: Beginner Basics
Topic: Help separating vlans for iot and smart-tvs
Replies: 14
Views: 1007

Re: Help separating vlans for iot and smart-tvs

Suggest you post a working config for review.
/export hide-sensitive file=yourconfig

(also delete any WANIPs and gateway addresses, and any WIFI passwords etc.......)
by anav
Sat Oct 12, 2019 11:32 pm
Forum: Beginner Basics
Topic: VLAN with Router - Basic Setup [SOLVED]
Replies: 11
Views: 1373

Re: VLAN with Router - Basic Setup [SOLVED]

highly recommend not using vlan1 for any purpose, just leave it in defaults where it exists.
you will notice the examples in the excellent dont use it either.
by anav
Sat Oct 12, 2019 5:37 am
Forum: Beginner Basics
Topic: Help separating vlans for iot and smart-tvs
Replies: 14
Views: 1007

Re: Help separating vlans for iot and smart-tvs

I have a similar setup with capACs, works fine. Will try to post something tomorrow that should help.
Just to be clear your hapacs have four available networks, or two available networks and the second 2.4 and second 5hz wifi networks are actual virtual??
by anav
Sat Oct 12, 2019 5:30 am
Forum: Beginner Basics
Topic: Using RouterOS to VLAN your network
Replies: 90
Views: 22991

Re: Using RouterOS to VLAN your network

@foraster, it should work, please start a new thread and include your config.
/export hide-sensitive file=yourconfig
by anav
Tue Oct 08, 2019 6:28 pm
Forum: Wireless Networking
Topic: CAP AC - splitting 2.4 and 5G neworks.
Replies: 4
Views: 803

Re: CAP AC - splitting 2.4 and 5G neworks.

Interesting I have two capacs in my house. Upstairs capac has four VLANS (default vlan1 settings kept), vlan12 (house LAN), vlanXX guest wifi, vlanYY smart devices homelan - 5ghz guest wifi- virtual WLAN 5ghz smart devices - 2ghz. I use the capac as a bridge and dont do anything funky other than cha...
by anav
Tue Oct 08, 2019 2:35 pm
Forum: Beginner Basics
Topic: Can't make VLANs to work with RB30011 (cant get PI addres from dhcp)
Replies: 16
Views: 2693

Re: Can't make VLANs to work with RB30011 (cant get PI addres from dhcp)

VLAN1 is the default, it is assumed by the router. The DHCP on the VLAN is all setup on the MT, it does give out IP addresses to any device connected on vlan10. The ubiquities are advanced access points, they have VLAN capabilities similar to the CapACs I use which assign VLAN tags to incoming data....
by anav
Tue Oct 08, 2019 3:09 am
Forum: Beginner Basics
Topic: Can't make VLANs to work with RB30011 (cant get PI addres from dhcp)
Replies: 16
Views: 2693

Re: Can't make VLANs to work with RB30011 (cant get PI addres from dhcp)

Please untag ether2 and try again.... /interface bridge vlan add bridge=bridge-lan tagged=bridge-lan untagged=ether2 vlan-ids=10 Hi complex, the reason I didnt untag ether 2 is due to two reasons, first because its acting as a trunk port for vlan10 and the default vlan1. I am assuming his ubiquiti ...
by anav
Mon Oct 07, 2019 7:59 pm
Forum: General
Topic: how to allow pop3 from WAN1 and others from WAN 2
Replies: 4
Views: 583

Re: how to allow pop3 from WAN1 and others from WAN 2

Hmm I did mine a little differently using IP routing. WAN1 is primary (distance 2) WAN2 is secondary (only used on failover) distance 10 However for all traffic with destination of IP address of email server, (which smtp traffic resolves to via DNS) I have IP route rule that gives highest priority t...
by anav
Mon Oct 07, 2019 7:55 pm
Forum: General
Topic: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?
Replies: 77
Views: 8924

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

My Bell gig fibre does not automatically connect either, when it gets a new Gateway/IP address.
It connects from a DHCP client perpsective but NOT from the routing perpspective.
I have to go into DHPC Clienty Status, pull the new gateway IP and then put that gateway IP into my IP route rules.
by anav
Sun Oct 06, 2019 2:59 am
Forum: Beginner Basics
Topic: Simple Question - IP routes/DHCP Client
Replies: 0
Views: 662

Simple Question - IP routes/DHCP Client

Why is it on my recursive routes (fail over only, no load balancing), and more specifically in DHCP Client in combo with IP routes, that my primary WAN will switch to a secondary with no problem but cannot get back to the Primary when it comes back online. Both are dynamic IPs. THe secondary is cabl...
by anav
Sat Oct 05, 2019 9:29 pm
Forum: Beginner Basics
Topic: Can't make VLANs to work with RB30011 (cant get PI addres from dhcp)
Replies: 16
Views: 2693

Re: Can't make VLANs to work with RB30011 (cant get PI addres from dhcp)

1. I think you have a static DNS setting left over from the default quick setup (should be removed). 2. Not sure why you have a VLAN BRIDGE setting for ether1 and vlan1? (it serves no purpose that I can see) 3. What is the purpose of identifying all the bridge ports 3-sfp1 (what is on those ports an...
by anav
Mon Sep 30, 2019 6:03 pm
Forum: General
Topic: Cameras behind 2 mikrotiks and home router
Replies: 15
Views: 1437

Re: Cameras behind 2 mikrotiks and home router

Ask in the forum that covers that brand of router??/
by anav
Mon Sep 30, 2019 6:01 pm
Forum: General
Topic: Can RouterOS do throttling ?
Replies: 4
Views: 651

Re: Can RouterOS do throttling ?

Concur with Stevo, otherwise you would have to limit everyones bandwidth not just the culprits to discourage streaming or heavy downloading. Doing the control on the type of traffic is best if you cannot pinpoint the abusers.
by anav
Mon Sep 30, 2019 5:59 pm
Forum: Beginner Basics
Topic: IP firewall rules wihen default chain action is DROP [SOLVED]
Replies: 6
Views: 1586

Re: IP firewall rules wihen default chain action is DROP [SOLVED]

hi. i am trying something..not allowing my clients to enter youtube.I blocked all other websites but they can enter youtube.i think i need to close the https port for youtube. but how can i do that ?! Two points a. this thread is about a different topic, so start a new one and b. before you start a...
by anav
Fri Sep 27, 2019 6:37 am
Forum: General
Topic: VLANs for wifi and guest on router as AP
Replies: 2
Views: 321

Re: VLANs for wifi and guest on router as AP

a better resource with examples is here....... https://forum.mikrotik.com/viewtopic.php?t=143620 I have an MT router smart switches and capacs in my house and use on each unit capac upstairs -5hz wlan for family wifi (separate vlan for family). -5ghz virtual wlan for guests (separate vlan for guests...
by anav
Wed Sep 25, 2019 8:26 pm
Forum: Beginner Basics
Topic: Bridge, VLAN best practice on RB4011iGS+
Replies: 2
Views: 367

Re: Bridge, VLAN best practice on RB4011iGS+

Hi there, Your best bet is to review decent documentation. This thread is excellent and has examples....... Once digested and a plan formulates, dont hesitate to come back for questions. (also dont use VLAN1, its a default VLAN setting that causes issues IMHO when attempting to use it for anything o...
by anav
Wed Sep 25, 2019 3:45 am
Forum: General
Topic: Temporary Filter Rules
Replies: 2
Views: 256

Re: Temporary Filter Rules

Hmmm well, not quite so fast.
There is under the filter rules tab of "EXTRA", a time setting.
This shows the Days of the Week and an initial time setting and in effect to a second setting which default is 24 hours.
Not sure what you need but there is at least this......
by anav
Wed Sep 25, 2019 1:00 am
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1951

Re: Better VLAN?

Thats what counts and I learned something new about how to segregate vlans on a single wifi radio (or to use multiple vlans on the same wifi link).
by anav
Tue Sep 24, 2019 9:14 pm
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1951

Re: Better VLAN?

Haha, okay, i have no problem giving out guest passwords for wifi. Its acceptable etiquette. Simple rule, no DNA related to me or my wife, you get guest password LOL.
by anav
Tue Sep 24, 2019 8:45 pm
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1951

Re: Better VLAN?

Ahhh okay, good my instincts were correct. I didnt like the way you were heading. Not KISS, in that keeping track of mac addresses is a headache I dont need. Too much overhead. Cellphones turn over like leafs in the wind. It is also inefficient in that one is already giving out passwords to connect ...
by anav
Tue Sep 24, 2019 7:23 pm
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1951

Re: Better VLAN?

Oh I am sure it works, but I haven't sold my soul to the devil either! ;-) Frustratingly, I do not understand the link nor the two configs. It is not clear to me how the router or AP magically knows which VLAN to send traffic down. The only thing I see is the use of forwarding somehow equates to kno...
by anav
Tue Sep 24, 2019 2:01 am
Forum: General
Topic: Audience Tri-band mesh
Replies: 14
Views: 1273

Re: Audience Tri-band mesh

Chechito,
Could you please do not quote full previous posts in your answers if there is no need for that.
Just use big button "Post replay"
download/file.php?id=38079
BartozP, I fail to see how babysitting Chechito does anything to help the OP answer his questions LOL.
by anav
Tue Sep 24, 2019 1:54 am
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1951

Re: Better VLAN?

The issue or limitation is that the radio set cannot assign two different PVIDs to incoming wifi traffic and thus can handle one VLAN only. That is totally untrue. It can and it does. I know you are a bright chap and exponentially more experienced in networking/IT/MT and I am a relative simpleton s...
by anav
Mon Sep 23, 2019 5:29 pm
Forum: General
Topic: Audience Tri-band mesh
Replies: 14
Views: 1273

Re: Audience Tri-band mesh

Hi Mozerd, whenever you ask questions, I sit up and take notice as I know you only use setups that work for your clients!! Are you saying that current wifi products from MT, using the latest routerOS, have some deficiency in regard to Ipv6 clients? As the angry red bird is saying, it will act as any...
by anav
Mon Sep 23, 2019 5:23 pm
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1951

Re: Better VLAN?

The issue or limitation is that the radio set cannot assign two different PVIDs to incoming wifi traffic and thus can handle one VLAN only. That was my basic premise when starting with my APs. That is the reason I use a combination of stock radio frequencies (in your case two stock 5ghz and two stoc...
by anav
Sat Sep 21, 2019 7:24 pm
Forum: Beginner Basics
Topic: Isolated Network
Replies: 10
Views: 1016

Re: Isolated Network

One approach...... VLAN managment - 99 (for the person(s) managing the router). Interface = Bridge-Shared VLAN AA - Company A Interface = Bridge-Shared VLAN BB - Company B Interface = Bridge-Shared VLAN CC - Company C Interface = Bridge-Shared VLAN DD - Company D Interface = Bridge-Shared Bridge = B...
by anav
Sat Sep 21, 2019 7:02 pm
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1951

Re: Better VLAN?

Since MKX said it was fine I will state its not fine. :-) Well the technical setup is fine LOL. I am more interested in requirements. Why is ether9 called power line? Which ports are connected only too LOT devices (ethr 9 only?) What is the purpose of guest wifi? Why is it on the LOT VLAN? Does LOT ...
by anav
Sun Sep 15, 2019 1:59 am
Forum: Beginner Basics
Topic: Access port to tagged vlan
Replies: 4
Views: 573

Re: Access port to tagged vlan

A good reference is this one has examples and when you understand it you are ready to configure!! https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 This may also be useful to read as well. https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 ( I do not know what a ZTE is?? where is your ISP.....
by anav
Sun Sep 15, 2019 1:53 am
Forum: Beginner Basics
Topic: First config
Replies: 7
Views: 987

Re: First config

I feel dirty just looking at that OS..............
by anav
Thu Sep 12, 2019 3:13 pm
Forum: Beginner Basics
Topic: Access port to tagged vlan
Replies: 4
Views: 573

Re: Access port to tagged vlan

I would add a diagram to help the reader as your explanation is lacking.

I would also state the problem in requirements. What would you like to accomplish for users, without talking about networks, or equipment.
by anav
Mon Sep 09, 2019 10:11 pm
Forum: General
Topic: PWR-LINE PRO
Replies: 9
Views: 810

Re: PWR-LINE PRO

Are they plugged directly into the wall (not via power bars etc)??
by anav
Fri Sep 06, 2019 11:32 pm
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3419

Re: NAT problems - Xbox One and Nintendo Switch

So upnp is enabled on the router?? (wondering as you have no special fw rules for it) Can you post your UPNP settings........ there seems to be interfaces and type that are configurable. Assuming on first page you select enabled vice show dummy rule (how do you narrow it down and what is minimum req...
by anav
Fri Sep 06, 2019 11:27 pm
Forum: Beginner Basics
Topic: Where do you report a bug?
Replies: 12
Views: 1191

Re: Where do you report a bug?

In other words, its working as designed and we want an enhancement ( to better control dhcp behaviour)?
by anav
Wed Sep 04, 2019 11:39 pm
Forum: General
Topic: Two RB2011 with extra LAN
Replies: 6
Views: 689

Re: Two RB2011 with extra LAN

Concur thats why a networking diagram helps and then some written requirements based on users needs without any mention of devices and solutions.
Otherwise we play MKXs favourite game whackamole. :-)
by anav
Wed Sep 04, 2019 11:33 pm
Forum: Beginner Basics
Topic: 1 interface, 2 vlans, prioritize Vlan2 95%
Replies: 8
Views: 956

Re: 1 interface, 2 vlans, prioritize Vlan2 95%

Good question, I believe want you want to look into is queues!
by anav
Wed Sep 04, 2019 5:34 am
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3419

Re: NAT problems - Xbox One and Nintendo Switch

My son plays xbox with other players on www, only have Mikrotik in my house :-)

The OPs problem is all the NATs along the path
Can you post your settings for xbox as I cannot get my guest to play games against others over the internet :-(
Also can you list which games specifically work?
by anav
Wed Sep 04, 2019 5:32 am
Forum: Beginner Basics
Topic: Two routers two WANs (WAN and LTE) failover help needed
Replies: 4
Views: 572

Re: Two routers two WANs (WAN and LTE) failover help needed

Okay so I didnt understand why the USB stick was plugged into the hex and not the RB4............... lack of USB port. So you have one option but there is a big assumption*** If you want backup for both routers......... HEX isp1 = Main router (wanip of hex = lanip on Main given to hex - static) HEX ...
by anav
Wed Sep 04, 2019 5:25 am
Forum: Beginner Basics
Topic: Dual dynamic ISP WAN, dual LAN setup
Replies: 13
Views: 1230

Re: Dual dynamic ISP WAN, dual LAN setup

All sounds reasonable!
I understand now also that the script was to detect a lost connection and a second part is needed to reboot the ISP and a third part to grab the new gatewayip and fourth part to insert that new gateway IP into the pertinent route rules.

Can all that be done in script?
by anav
Tue Sep 03, 2019 11:01 pm
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3419

Re: NAT problems - Xbox One and Nintendo Switch

One thing to consider has anyone on the forums actually stated they have a working LIVE XBOX or NINTENDO with MIKROTIK??? By that I mean interactive gaming. I use NINTENDO myself for games and there is another user of XBOX in the house. That person can also play games. These are purchased games with...
by anav
Tue Sep 03, 2019 10:54 pm
Forum: Beginner Basics
Topic: Two routers two WANs (WAN and LTE) failover help needed
Replies: 4
Views: 572

Re: Two routers two WANs (WAN and LTE) failover help needed

Well you have no backup on the primary router? So you only need backup up for the hex router? If you wanted backup for the whole system you would put the LTE on the first router and then apply rules as necessary the hex could remain as a router or not depending on what the actual purpose of that in ...
by anav
Tue Sep 03, 2019 10:45 pm
Forum: Beginner Basics
Topic: Can Routers Get Infected?
Replies: 5
Views: 611

Re: Can Routers Get Infected?

Not sure how avast knows this but i will assume its legit for now (many scam popups will claim your computer is infected etc etc.......)
As noted by the previous poster, get a fresh copy of the latest stable version from the Mikrotik website and use NETINSTALL do install.
Any other way is risky.
by anav
Tue Sep 03, 2019 10:41 pm
Forum: Beginner Basics
Topic: Dual dynamic ISP WAN, dual LAN setup
Replies: 13
Views: 1230

Re: Dual dynamic ISP WAN, dual LAN setup

This is an important topic and one that is not properly documented or easy to do. In my estimation the router OS should already be designed to deal with dynamic ISPs and not force us knowledge peons to attempt to write scripts. In other words, I should be able to check a box that says dynamic IP (YE...
by anav
Tue Sep 03, 2019 10:35 pm
Forum: Beginner Basics
Topic: Best VPN for Mikrotik / RouterOS
Replies: 12
Views: 1748

Re: Best VPN for Mikrotik / RouterOS

Good to know. I use third party VPNs on the client side devices themselves (pc- works on most browsers, and many streaming type devices aka Firestick). I am waiting for wireguard on the router and then life will be so much easier.
by anav
Mon Sep 02, 2019 4:50 pm
Forum: Wireless Networking
Topic: Need help with WiFi in Apartments/Flats
Replies: 7
Views: 886

Re: Need help with WiFi in Apartments/Flats

Sounds like one is screwed to provide a decent service per room at least wirelessly.
Wired is easy. Perhaps a general building wifi with internet access only so that all can use smart phones but not networked at all.
by anav
Mon Sep 02, 2019 4:42 pm
Forum: Beginner Basics
Topic: Firewall
Replies: 3
Views: 474

Re: Firewall

The firewall in default settings is good to go.
Why do you want to add more rules. What is the requirement or what is the fear?
What are you trying to avoid??
by anav
Sun Sep 01, 2019 8:55 pm
Forum: Beginner Basics
Topic: How to configure the VLANs - two trunk and one access port
Replies: 4
Views: 681

Re: How to configure the VLANs - two trunk and one access port

You got that half right, according to my signif other....... smart ass!
by anav
Sat Aug 31, 2019 9:48 pm
Forum: General
Topic: Quick Set
Replies: 6
Views: 904

Re: Quick Set

Being a more novice user I dont agree to remove any functionality, but do concur that quickset is only designed to ensure a novice user can have a basic config up and running with no fuss no muss. After that, as noted do not rely on quickset. Later on with more experience you will understand what qu...
by anav
Sat Aug 31, 2019 9:39 pm
Forum: Beginner Basics
Topic: How to configure the VLANs - two trunk and one access port
Replies: 4
Views: 681

Re: How to configure the VLANs - two trunk and one access port

I sympathize with your endeavour. I have a similar setup and it took some time to get there. The article noted is excellent. Once you have a start on a config for the router you can post the config for us to have a look at. /export hide-sensitive file=yourconfigsep31 just make sure you put in fake I...
by anav
Sat Aug 31, 2019 9:34 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15813

Re: v6.45.5 [stable] is released!

Upgraded Hap AC2 to 6.45.5 and getting ssh auth messages in log I did not get before 14:39:22 ssh,info auth timeout 14:39:23 ssh,info auth timeout 14:45:45 ssh,info auth timeout 14:46:37 ssh,info auth timeout 14:53:13 ssh,info auth timeout 14:53:13 ssh,info auth timeout 14:56:28 ssh,info auth timeo...
by anav
Thu Aug 29, 2019 10:55 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1997

Re: Bridge VLAN Filtering help [SOLVED]

Thank you Sir, for the pat on the back, the acknowledgment of my attention to detail, wisdom, vlan acumen etc etc etc....... ;-P

I just wanted to make sure I am not stark raving mad wrt vlan understanding (for the consumer router and CCR devices - dont ask me about actual chip driven devices).
by anav
Thu Aug 29, 2019 2:12 pm
Forum: Wireless Networking
Topic: Bridged vlan on physical interfaces to the new (vlan bridge filtering)
Replies: 9
Views: 963

Re: Bridged vlan on physical interfaces to the new (vlan bridge filtering)

I dont recall seeing vlans being assigned subnets by the bridge vice having their own specific DHCP settings?
Which example in the VLAN thread/reference shows that??
by anav
Thu Aug 29, 2019 2:06 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1997

Re: Bridge VLAN Filtering help [SOLVED]

All kidding aside MKX, I think there was a possible error/omission in the config and that was what I was pointing out or at least asking.
by anav
Thu Aug 29, 2019 1:19 am
Forum: General
Topic: VLAN configuration approach, correct or not ?
Replies: 5
Views: 656

Re: VLAN configuration approach, correct or not ?

Here is a decent thread with examples............
viewtopic.php?f=13&t=143620

Also some good stuff after digesting that, here
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
by anav
Thu Aug 29, 2019 1:17 am
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1997

Re: Bridge VLAN Filtering help [SOLVED]

Focus mkx! ;-) See my germane question above the fluffy D-stink post.
by anav
Wed Aug 28, 2019 7:20 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1997

Re: Bridge VLAN Filtering help [SOLVED]

From previous articles. - Bridge port is INGRESS behaviour. - Interface Bridge Vlan is EGRESS behaviour. - on bridge ports, - Trunk ports do not require identification of pvid setting but access ports do! - bridge port pvid setting tells router to tag incoming frames with vlan tag associated - secur...
by anav
Wed Aug 28, 2019 6:50 pm
Forum: Beginner Basics
Topic: Using RouterOS to VLAN your network
Replies: 90
Views: 22991

Re: Using RouterOS to VLAN your network

start a new thread if you wish help on your configuration.
by anav
Wed Aug 28, 2019 6:49 pm
Forum: Beginner Basics
Topic: tag all untagged traffic - can't get it working
Replies: 12
Views: 978

Re: tag all untagged traffic - can't get it working

I concur with MKX always best to have clean breaks (port is trunk and tagged) or port is access and incoming is untagged and stripped of any tag going back to device etc.. However there is one reference that attempts to discuss the hybrid setup. I have not tried it though. Scroll down to image 4. ht...
by anav
Wed Aug 28, 2019 6:45 pm
Forum: Beginner Basics
Topic: 6 VLAN 1 WAN
Replies: 4
Views: 656

Re: 6 VLAN 1 WAN

Denmark? Copenhagen?
Hi Jimmy, what mikrotik product are you using?
Can you provide a diagram of your network (always helpful to clear up requirements).
Also post a complete config (just need to change public IP facing addresses)

/export hide-sensitive file=yourconfigaug28
by anav
Sat Aug 24, 2019 12:07 am
Forum: General
Topic: Test for leaking VLAN's
Replies: 4
Views: 525

Re: Test for leaking VLAN's

Yes, vlans wont leak unless you have misconfigured your router.
Suggest you post your config for evaluation.
by anav
Sat Aug 24, 2019 12:05 am
Forum: General
Topic: New RB450G☓4 Breaks Google and its Services (Solved)
Replies: 13
Views: 1123

Re: New RB450G☓4 Breaks Google and its Services (Solved)

My apologies for writing the export command incorrectly.
You are in charge of the router, whip that netmask into shape!!!
by anav
Sat Aug 24, 2019 12:03 am
Forum: General
Topic: ICMP Firewall Potential Bug
Replies: 13
Views: 1165

Re: ICMP Firewall Potential Bug

Logic, - firewall off: works - firewall rule that allows external user: works - otherwise blocked what by magic??????? Answer, its your firewall st_p_d! Clearly you have a rule that blocks external access to the router which is a good thing LOL, but if you have an allow ICMP rule I will guess its af...
by anav
Fri Aug 23, 2019 11:56 pm
Forum: Beginner Basics
Topic: Network Making for (almost) Beginners
Replies: 10
Views: 1214

Re: Network Making for (almost) Beginners

Some youtube information is out of date so be wary. If in doubt ask here.
by anav
Thu Aug 22, 2019 7:02 pm
Forum: General
Topic: pcc and failover configuration not working on wlan
Replies: 9
Views: 986

Re: pcc and failover configuration not working on wlan

yeah VOIP is a funny beast during failover scenarios. I have experienced it first hand. A past thread on this very topic that is the best. https://forum.mikrotik.com/viewtopic.php?t=129048 good thread on voip in general https://forum.mikrotik.com/viewtopic.php?f=13&t=73214 Other interesting MUM pres...
by anav
Thu Aug 22, 2019 4:56 pm
Forum: General
Topic: New RB450G☓4 Breaks Google and its Services (Solved)
Replies: 13
Views: 1123

Re: New RB450G☓4 Breaks Google and its Services

Posting part of settings is not all that helpful.
/export config hide-sensitive file=yourconfigaug22
by anav
Thu Aug 22, 2019 4:32 pm
Forum: Beginner Basics
Topic: Bridge untagged ether1 with tagged vlan3 on ether1.
Replies: 10
Views: 1205

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Would have to concur with Sebastia!! Also, I am currently unavailable to work as consultant, due to the impending lawsuit from the VLAN consortium which has the gall to accuse me of abusing VLAN usage.
by anav
Thu Aug 22, 2019 4:27 pm
Forum: Beginner Basics
Topic: How to dumb bridge (?) using hAP ac lite
Replies: 11
Views: 1035

Re: How to dumb bridge (?) using hAP ac lite

In summary, you wish the hap ac lite to act as a combo AP/switch. This is extremely common for wifi routers that are replaced by newer ones and people use them on their network as an AP/switch. This is an under utilization of the hap ac lite but very doable as indicated by mkx. I use capACs in WISP ...
by anav
Thu Aug 22, 2019 4:22 pm
Forum: Beginner Basics
Topic: Loab Balance Failover
Replies: 8
Views: 833

Re: Loab Balance Failover

I would wait on calling the forum amazing until you have experienced it more fully in all its glory. The good news is that you are in good hands with Sob.
by anav
Thu Aug 22, 2019 4:21 pm
Forum: Beginner Basics
Topic: Block access to winbox on eth 1
Replies: 4
Views: 520

Re: Block access to winbox on eth 1

The input chain is a good place to start. Dont need to make any rules to block, simply make your last rule block all. I personally prefer NOT to identify my winbox port in my firewall rules. a. change winbox port to something non-standard b. ensure you have a drop all last rule in input chain c. onl...
by anav
Wed Aug 21, 2019 5:28 pm
Forum: General
Topic: New to mikrotik, forward chain help needed
Replies: 3
Views: 449

Re: New to mikrotik, forward chain help needed

Concur, if you want advice, suggest start with the default and then ask advice on specific additions as you go along. A telling example of the flaw in your I know everything process is the fact that you think the entire LAN should have access to your router. WRONG!. The only person that needs access...
by anav
Wed Aug 21, 2019 5:25 pm
Forum: Beginner Basics
Topic: Simple NAT between networks
Replies: 5
Views: 732

Re: Simple NAT between networks

start with posting your config
Hey thats my line ;-)

/export hide-sensitive file=yourconfigaug21
by anav
Wed Aug 21, 2019 5:23 pm
Forum: Beginner Basics
Topic: Bridge untagged ether1 with tagged vlan3 on ether1.
Replies: 10
Views: 1205

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Your requirements are not clearly stated and are at the least confusing. First there is no indication of what MT unit you are discussing. did you read the articles presented. In generall there are trunk ports and access ports. Ether 1 is clearly a trunk port. Although hybrid ports are possible secon...
by anav
Wed Aug 21, 2019 5:09 pm
Forum: Beginner Basics
Topic: Network Making for (almost) Beginners
Replies: 10
Views: 1214

Re: Network Making for (almost) Beginners

Your explanation makes zero sense. Perhap in the UK (steve), nobody is qualified or trained and is thrown into highly technical jobs and thats why Europe want the UK to get the hell out of the Union LOL. This sounds more like, a family member is being given an opportunity outside the normal hiring p...
by anav
Tue Aug 20, 2019 9:32 pm
Forum: General
Topic: Bridge VLAN Configuration not being applied
Replies: 4
Views: 594

Re: Bridge VLAN Configuration not being applied

Recommending you first read this excellent resource with examples..........
viewtopic.php?f=13&t=143620

This one is not to bad either.
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
by anav
Tue Aug 20, 2019 9:24 pm
Forum: Beginner Basics
Topic: Bridge untagged ether1 with tagged vlan3 on ether1.
Replies: 10
Views: 1205

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Recommend reading this resource and the examples.........
viewtopic.php?f=13&t=143620

This one may help as well.........
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
by anav
Tue Aug 20, 2019 4:54 pm
Forum: Beginner Basics
Topic: Dual Wan configuration on same switch
Replies: 5
Views: 584

Re: Dual Wan configuration on same switch

That is not all that unusual. The router from defaults should be good to go for your purposes for one LAN.
You simply need to add the second WAN.
Post a config when you have progressed.
/export hide-sensitive file=yourconfig20Aug
by anav
Tue Aug 20, 2019 4:51 pm
Forum: Beginner Basics
Topic: Simple NAT between networks
Replies: 5
Views: 732

Re: Simple NAT between networks

I would think you would only need a firewall rule one way (forward chain) (subnet of users to specific IP of lan printer).
by anav
Sun Aug 18, 2019 2:34 am
Forum: Beginner Basics
Topic: Remote Access from the WAN
Replies: 12
Views: 896

Re: Remote Access from the WAN

Are you connecting via a VPN? If not, I would suggest checking your sanity. ;-)
by anav
Sun Aug 18, 2019 2:32 am
Forum: Beginner Basics
Topic: First Attempt at VLANs; Need Help!
Replies: 10
Views: 935

Re: First Attempt at VLANs; Need Help!

exactly it will be far easier to start from fresh defaults using the linked resource to guide you. First ensure routing and access to ISP is established. Ensure basic internet access working for the basic lan connected PC. Then setup up the vlans and lans etc............ Ensure all APs are working. ...
by anav
Sat Aug 17, 2019 5:18 pm
Forum: Beginner Basics
Topic: Default firewall config query [SOLVED]
Replies: 4
Views: 577

Re: Default firewall config query [SOLVED]

I prefer.
Drop all as a last rule and if I need port forwarding on the LAN side I make a specific rule for that.
much clearer for all.
by anav
Sat Aug 17, 2019 5:14 pm
Forum: Beginner Basics
Topic: First Attempt at VLANs; Need Help!
Replies: 10
Views: 935

Re: First Attempt at VLANs; Need Help!

Suggest clear whatever you have and start fresh from defaults. Then using the below resource (has great examples) you should be good to go! https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 There is one decent Wiki Reference to read.......if not already have... https://wiki.mikrotik.com/wiki/Ma...
by anav
Wed Aug 14, 2019 6:19 pm
Forum: Beginner Basics
Topic: Vlan first setup - help
Replies: 6
Views: 971

Re: Vlan first setup - help

Your best bet is to read this resource, it provides excellent examples and should get you 99.9% of the way.
viewtopic.php?f=13&t=143620
by anav
Wed Aug 14, 2019 5:19 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3601

Re: vlan bridge (new way) HW offload and performance

RB4011 and RB450Gx4 have different switch chips, see here . According to that page, switch chip in your RB450Gx4 does support HW VLANs, while the one in RB4011 doesn't (although that might not be entirely true ). Not quite......... I dont have HW offloading in my setup as the router is incapable of...
by anav
Wed Aug 14, 2019 3:37 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3601

Re: vlan bridge (new way) HW offload and performance

Sindy, is that true for the RB4011 and I think my RB450Gx4? I thought the issue was that Mikrotik has not programmed such capbility into the OS for specific modern routers. The RB450Gx4 has great specs and should be able to do such neat tricks. :-(
by anav
Wed Aug 14, 2019 3:35 am
Forum: General
Topic: RB450G failing need to replace
Replies: 8
Views: 1394

Re: RB450G failing need to replace

Not sure why you wouldn't want to use the RGB450Gx4. A very nice upgrade!
As for the vb script, its obsolete if it means you have to use older firmwares of OS which are vulnerable to exploits.
by anav
Wed Aug 07, 2019 6:52 pm
Forum: Beginner Basics
Topic: Router for 1Gbit Wan from Mikrotik (What model?)
Replies: 4
Views: 744

Re: Router for 1Gbit Wan from Mikrotik (What model?)

I have the RB450Gx4 for my 1gig internet service and use separate APs for wifi.
by anav
Wed Aug 07, 2019 6:34 pm
Forum: Beginner Basics
Topic: connectivity between ports
Replies: 1
Views: 337

Re: connectivity between ports

What version of firmware are you running?
Please post config
/export hide-sensitive file=yourconfig8aug
by anav
Thu Aug 01, 2019 8:02 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1446

Re: Very simple VLAN

The first part of the post is excellent, detailing requirements of what you are trying to accomplish however its still too intertwined with the solution space of the router and configuration. Divorce yourself from both the configuration and the equipment and describe what you wish to accomplish perh...
by anav
Thu Aug 01, 2019 7:55 pm
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 1167

Re: No internet on LAN - hex rb750gr3 with E3372

Glad it worked out for you!
by anav
Thu Aug 01, 2019 7:53 pm
Forum: Beginner Basics
Topic: Plex port forwarding
Replies: 7
Views: 2315

Re: Plex port forwarding

Probably because communication is a two way street!!

There is also this thread.........
viewtopic.php?f=13&t=148425
by anav
Thu Aug 01, 2019 7:49 pm
Forum: Beginner Basics
Topic: Anyone for hire?
Replies: 5
Views: 546

Re: Anyone for hire?

I think your thread turned him/her on............ ;-P
Is the request for one night or open ended...... jajajajajaja
https://mikrotik.com/consultants
by anav
Thu Aug 01, 2019 2:16 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1446

Re: Very simple VLAN

Draw diagrams and use this link and examples as a starting point.........
viewtopic.php?t=143620
by anav
Thu Aug 01, 2019 2:15 pm
Forum: General
Topic: DNS setting via DHCP being ingnored on Vlan
Replies: 8
Views: 698

Re: DNS setting via DHCP being ingnored on Vlan

Use vlans for all LANs, assign them to the bridge, attach subnets to vlans, dont use vlan1, thats it in a nutshell.
Apply the logic using the examples in the vlan link provided and you should be off and running.......... to the pub for fish and chips vice monkeying with your MT.........
by anav
Thu Aug 01, 2019 3:17 am
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 1167

Re: No internet on LAN - hex rb750gr3 with E3372

Such confidence!
Well mkx and CZFan know far more than most here, thus your level of knowledge must be beyond me then so I am not able to provide any further assistance.....
by anav
Wed Jul 31, 2019 9:48 pm
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 1167

Re: No internet on LAN - hex rb750gr3 with E3372

None of your routing information/config is there??
by anav
Wed Jul 31, 2019 6:03 pm
Forum: General
Topic: EOIP and Portforward
Replies: 7
Views: 758

Re: EOIP and Portforward

If wan1 is your uplink, then you don't need to mark stuff there, because everything will go there by default anyway. What you do need to mark is what's coming in via tunnel (connection marks) and then route reponses back (routing marks). So what you have should be correct, only it's on wrong interf...
by anav
Wed Jul 31, 2019 6:01 pm
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 1252

Re: port forwarding Source DDNS [SOLVED]

it's nothing that serious just a bunch of punch in and out logs but I'm looking into VPN That depends...... If the information is valuable in of itself it should be protected. If fingerprints are involved and they were mine I would be really keen on better security. If the logging information was v...
by anav
Wed Jul 31, 2019 5:51 pm
Forum: General
Topic: DNS setting via DHCP being ingnored on Vlan
Replies: 8
Views: 698

Re: DNS setting via DHCP being ingnored on Vlan

your config is confusing and not correct............ suggest drawing a diagram with boxes and where traffic is going and how dhcp is being assigned and dns allotted and i think you will see the errors. Overall I recommend this thread (the examples) for anyone using vlans. Finally suggest put all sub...
by anav
Wed Jul 31, 2019 5:43 pm
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 1167

Re: No internet on LAN - hex rb750gr3 with E3372

Ahh so you realized your friend is really your enemy LOL. He gave you a gift that is giving you headaches. Mikrotik is not a plugNplay device for the IT illiterate crowd but does take some work. Stick through the initial tough beginning and you will enjoy working in RouterOS................. Suggest...
by anav
Wed Jul 31, 2019 4:13 am
Forum: General
Topic: EOIP and Portforward
Replies: 7
Views: 758

Re: EOIP and Portforward

I am not sure the configuration mess you have started is necessary.............' In other words I am still stuck at understanding your first post! You have a webservice behind a MT router and it works for Port forwarding. Assuming its on a LAN subnet of 192.168.10.0/24 and lets say its lanip is 192....
by anav
Wed Jul 31, 2019 4:08 am
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 1252

Re: port forwarding Source DDNS [SOLVED]

Nice feature if the source address changes (not static)!
Best to have outside sources vpn in but not always possible.
by anav
Tue Jul 30, 2019 11:11 pm
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 1252

Re: port forwarding Source DDNS [SOLVED]

Hmm, I restrict by IP address, not sure about FQDN?.
I believe exact hostnames are allowed in address lists.
by anav
Tue Jul 30, 2019 7:40 pm
Forum: General
Topic: port forwarding Source DDNS [SOLVED]
Replies: 18
Views: 1252

Re: port forwarding Source DDNS [SOLVED]

I think its very possible if you use the mikrotik cloud version, not sure how to accomplish via dyndns org or similar???
by anav
Tue Jul 30, 2019 7:37 pm
Forum: General
Topic: PWR-Line AP
Replies: 48
Views: 8505

Re: PWR-Line AP

Okay, can I first say, - this angry bloated bird thing is OUTTA control!! :-) Yes, thanks finally joining this decade on power line LOL. Now just mate it with decent wifi and routerOS and you will find the promised land! I BELIEVE................ I like what Devolo (a german company) is doing on the...
by anav
Tue Jul 30, 2019 7:29 pm
Forum: General
Topic: Link 2 different lan
Replies: 2
Views: 392

Re: Link 2 different lan

So you are attempting to do double nat. The first router from the ISP, is connected directly to the internet and modem and gives out lan addresses of 192.168.1.XX You then connect the mikrotik router to one of the LAN ports on the ISP router and it receives a LANIP of 192.168.1.55 (for example). 192...
by anav
Tue Jul 30, 2019 7:11 pm
Forum: General
Topic: Group Create for user
Replies: 2
Views: 397

Re: Group Create for user

There are at least three things I can think of but not sure what you are asking!! 1. There are winbox settings where you allow only certain **IP addresses to access winbox. 2. In the firewall filter rules on the input chain, one can only allow **certain IP addresses access to the router itself (inpu...
by anav
Mon Jul 29, 2019 5:10 pm
Forum: General
Topic: PWR-Line AP
Replies: 48
Views: 8505

Re: PWR-Line AP

What I don't understand is why they didn't update the powerline chipset from circa 2012 to at least circa 2015 as already noted by several 10/100/1000. Adding a more recent av2 standard or H.gn standard with the wifi on many mikrotik units the QCA9533 chip and ROUTEROS, would result in a much more a...
by anav
Mon Jul 29, 2019 4:23 pm
Forum: Beginner Basics
Topic: Vlan config and bridging
Replies: 3
Views: 572

Re: Vlan config and bridging

Step one: Read this informative and excellent post on the topic of Vlans https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Step two: Draw a diagram of your network Step three: Post your config: /export hide-sensitive file=yourconfig29Jul If you don't want to post a config then your simply wasti...
by anav
Thu Jul 25, 2019 7:18 pm
Forum: General
Topic: Firewall filter when port forwarded
Replies: 4
Views: 557

Re: Firewall filter when port forwarded

I prefer to use NEW because its an accurate reflection of what is intended. As stated by K6ccc, only the first packet is handled by the "generic dst nat forward filter rule" and the rest of the packets are handled by the established rule. The new distinguishes this, as leaving out the NEW will not h...
by anav
Thu Jul 25, 2019 1:50 pm
Forum: Beginner Basics
Topic: How to configure Vlan and switch
Replies: 1
Views: 291

Re: How to configure Vlan and switch

Suggest you read this reference first.......................
viewtopic.php?t=143620
by anav
Thu Jul 25, 2019 4:45 am
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 8
Views: 760

Re: Q: src.port <> dst.port

Thanks thats very useful info!
by anav
Wed Jul 24, 2019 10:38 pm
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 8
Views: 760

Re: Q: src.port <> dst.port

Lots of options, but prefer to only allow dstnat from wan interface if no intentions to nat internally. In fact due to my limited experience I cannot even contemplate a nat scenario within ones network?? I thought internally one would simply use routing rules if there was some complex scenario.
by anav
Wed Jul 24, 2019 5:26 pm
Forum: General
Topic: Getting a configuration suggestion
Replies: 5
Views: 351

Re: Getting a configuration suggestion

If the internet service is for a hotel, why would you even consider allowing one guest to hog all the bandwidth MKX. There are times to get off your neutral fence and admit the obvious. The more relevant question is if the router is also supplying internet for staff or VIPs where you might want to g...
by anav
Wed Jul 24, 2019 5:19 pm
Forum: General
Topic: RB4011, Ubiquiti devices, VLANs and IPSEC
Replies: 4
Views: 345

Re: RB4011, Ubiquiti devices, VLANs and IPSEC

I have a similar home setup in that I have two wifi devices and managed switches and have -main network, wired and wireless -special computer wired (wanted it separated from all else) -streaming devices -smart devices. -external access to home services (septic and solar panel) Devices: RB450Gx4, two...
by anav
Wed Jul 24, 2019 5:05 pm
Forum: General
Topic: Port 80 redirect [SOLVED]
Replies: 14
Views: 730

Re: Port 80 redirect [SOLVED]

@mkx: Or you can use ... I know there are plenty of ways to "skin the sheep" ... I was just pointing out potential side effect if OP followed advice by @sindy as it was originally written. After one is aware of the problem, it's quite easy to find the way around ... I think the quote is "skin the c...
by anav
Wed Jul 24, 2019 5:01 pm
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 8
Views: 760

Re: Q: src.port <> dst.port

Hi Sob I find !rules (negative based rules) to be very tricky and often affect traffic not necessarily intended or understood (probably my lack of acumen). So I prefer a clear rule just for dstnat alone and in general clearly delineate what is allowed traffic. As you know I follow my forward filter ...
by anav
Tue Jul 23, 2019 6:12 pm
Forum: Wireless Networking
Topic: Wifi equipment for 70m distance behind windows
Replies: 14
Views: 1200

Re: Wifi equipment for 70m distance behind windows

I would look at their 60G product line. This would be the lowest cost option and it can be a window to window solution however, they do provide the following caution: "This device penetrates some windows depending on material." https://mikrotik.com/product/wap_60g They come as a pre-setup connected ...
by anav
Tue Jul 23, 2019 6:00 pm
Forum: General
Topic: Why Mikrotik ???
Replies: 32
Views: 6281

Re: Why Mikrotik ???

Latvia sure does seem to be progressive!! https://eng.lsm.lv/article/features/features/breaking-stereotypes-record-number-of-women-in-latvias-13th-saeima.a299351/ After doing some more poking around......... I wonder if there are any rowing or biking tours........... https://www.travelsewhere.net/vi...
by anav
Tue Jul 23, 2019 5:52 pm
Forum: General
Topic: How to allow an URL for a specific port
Replies: 7
Views: 492

Re: How to allow an URL for a specific port

Not quite sure what you mean. A diagram would help.
Did you want to port forward to a specific LANIP?

More info is required.
by anav
Tue Jul 23, 2019 5:49 pm
Forum: Beginner Basics
Topic: New filter rules ?
Replies: 6
Views: 734

Re: New filter rules ?

Seeing your comment in 6.45.2 thread, I'm not sure if your devices should be more affraid of buggy RouterOS or you. Or maybe I'm misinterpreting a totally innocent comment. ;) Oh no doubt, when MT products see me coming they shiver and not in a happy excited way. Bull in a china shop comes to mind....
by anav
Tue Jul 23, 2019 5:46 pm
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 8
Views: 760

Re: Q: src.port <> dst.port

A bit more info. In the dst nat rules is where you can also add source address list, to specify or limit which external WANIPs are allowed to access the server. When one attaches an address source list the outcome is that the ports appear NOT visible from an external port scan. Without an address li...
by anav
Tue Jul 23, 2019 12:10 am
Forum: Beginner Basics
Topic: New filter rules ?
Replies: 6
Views: 734

Re: New filter rules ?

You know what CAPsMAN is and that client devices need to connect to controller. But what if both are same device? Previous firewall for input chain dropped packets from WAN, but current drops packets from "not LAN". CAPsMAN connection in above case comes from loopback interface, but you can't add i...
by anav
Tue Jul 23, 2019 12:07 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4456

Re: 1wan + 2 lan isolated from each other

I stepped back a long time ago on this thread MKX because you are more patient and more thorough and there was no point in confusing the OP with my fixation on vlans............
Don't let humour get in the way of a solution LoL.
by anav
Mon Jul 22, 2019 9:48 pm
Forum: Beginner Basics
Topic: New filter rules ?
Replies: 6
Views: 734

Re: New filter rules ?

Concur, #4 is a new default rule, the rest have, as has been stated, been around for a while. What would the effect of rule 4 be mkx. An obvious question not answered ......................... An environmentally friendly post would have included the obvious negating the need for a question and the s...
by anav
Mon Jul 22, 2019 9:46 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4456

Re: 1wan + 2 lan isolated from each other

Ahhh, Luka you have discovered what I like to call the mkx infinite loop. Its a phenomena that often occurs. The Op slowly goes mad and ends up throwing his device against the wall at high velocity. It doesn't fix the configuration at all but it feels really really good at the time.
by anav
Mon Jul 22, 2019 9:42 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 35924

Re: v6.45.2 [stable] is released!

I am glad to report that due to the "real beta testers" (the unsuspecting public) having noted the issues has allowed me to avoid the latest "stable" version, - not coming near 6.45.2 with a 10 foot pole (okay 6 inches ;-) ) Now would the so called beta testers (the folks that frequent this forum: h...
by anav
Sat Jul 20, 2019 4:32 pm
Forum: General
Topic: Firewall killing NAT rule
Replies: 3
Views: 448

Re: Firewall killing NAT rule

If indeed the filter forward rule is applied after NAT, then port redirection wont work (higher port to lower port) and thus one should just put the allow dstnat rule before the kill all ports rule in the forward chain order and it should work.
by anav
Thu Jul 18, 2019 8:01 pm
Forum: Beginner Basics
Topic: old hardware market
Replies: 3
Views: 478

Re: old hardware market

hi Root, no issues on my units but I use a proper UPS for electrical shenanigans.
by anav
Thu Jul 18, 2019 8:00 pm
Forum: Beginner Basics
Topic: Access to server inside Lan behind the MikroTik
Replies: 2
Views: 354

Re: Access to server inside Lan behind the MikroTik

Provide a diagram at least of the networking involved.
by anav
Thu Jul 18, 2019 2:25 pm
Forum: General
Topic: Why Mikrotik ???
Replies: 32
Views: 6281

Re: Why Mikrotik ???

People seem extra sensitive these days. The point I was making that buying IT equipment based on brand and fear of spying is delusional. None of you are aware of the extent of the issue or who is doing what but everybody seems to be an effing expert. If there is a concerted effort by any entity to c...
by anav
Thu Jul 18, 2019 1:23 am
Forum: Beginner Basics
Topic: Rate Limiting new connections
Replies: 4
Views: 622

Re: Rate Limiting new connections

Awesome so on a closed system, its not really required.
If I have port forwarding selected then it may be smart for me to rate limit the traffic/access to those devices (currently limited by access list and the devices required password login etc).
by anav
Thu Jul 18, 2019 1:23 am
Forum: Beginner Basics
Topic: VLAN Bridge Filtering ALternative
Replies: 9
Views: 993

Re: VLAN Bridge Filtering ALternative

Okay mkx, thanks for muddying the waters with that last post. Not smart enough to really make sense of your wisdom. I have the RB450Gx4. Would that unit be capable of using the switch chip approach and retain HW offloading advantage without any serious drawbacks? Concur that sticking to vlan bridge ...
by anav
Thu Jul 18, 2019 1:18 am
Forum: Beginner Basics
Topic: Redirecting to another port [SOLVED]
Replies: 6
Views: 625

Re: Redirecting to another port [SOLVED]

The problem I see is that you use port 500 for all machine device traffic so intercepting port 500 traffic to send to the printer would block all other machine device traffic? At least that seems the logical issue. In other words, how does the router know when to direct the traffic from the machine ...
by anav
Wed Jul 17, 2019 3:19 am
Forum: Beginner Basics
Topic: VLAN Bridge Filtering ALternative
Replies: 9
Views: 993

Re: VLAN Bridge Filtering ALternative

Life is a circle LOL. So there is no downside and I am an idiot for using bridge vlan filtering when I could be doing via switch chip
by anav
Wed Jul 17, 2019 3:17 am
Forum: Beginner Basics
Topic: Rate Limiting new connections
Replies: 4
Views: 622

Re: Rate Limiting new connections

Let me rephrase the question. If the advice was solid and logical then it would be in everyones config! Its not on the basic firewall config from the vendor and I have not really seen much interest expressed in this approach, so does it have limited scope?
by anav
Tue Jul 16, 2019 7:13 pm
Forum: Beginner Basics
Topic: Rate Limiting new connections
Replies: 4
Views: 622

Rate Limiting new connections

• Rate-limiting for each new TCP connection
• Rate-limiting for each new UDP connection

How do these configuration setups prevent attacks on ones Router?
What are the drawbacks?
by anav
Tue Jul 16, 2019 6:45 pm
Forum: Beginner Basics
Topic: VLAN Bridge Filtering ALternative
Replies: 9
Views: 993

VLAN Bridge Filtering ALternative

https://mum.mikrotik.com/presentations/HU19/presentation_6775_1559545769.pdf I was interested on this presentation because it shows how to use VLANs but with the emphasis on using the switch CHIP and thus using hardware offloading. (vice using the more CPU intensive method of vlan bridge filtering)....
by anav
Tue Jul 16, 2019 6:33 pm
Forum: General
Topic: Why Mikrotik ???
Replies: 32
Views: 6281

Re: Why Mikrotik ???

So you prefer Latvian (aka Russian) backdoors?
Plus don't forget all the equipment is actually assembled in China so they put in their backdoor chips as well.
Excuse me while I change my tinfoil clothes, they get very sweaty.
by anav
Tue Jul 16, 2019 6:31 pm
Forum: General
Topic: RB450Gx4 and hAPac spanning tree problem
Replies: 11
Views: 1110

Re: RB450Gx4 and hAPac spanning tree problem

What version of OS are you running on both?
Please post config on both
/export hide-sensitive file=yourconfig16Jul
by anav
Tue Jul 16, 2019 6:24 pm
Forum: General
Topic: Why Mikrotik ???
Replies: 32
Views: 6281

Re: Why Mikrotik ???

I prefer not to do the homework for the student. ;-P Perhaps I am just not as gullible as the rest of you. This is typical for a University Level Course or typical of an analytical firm asking its stable of advisers to provide input for clients. This is not someone configuring their own equipment an...
by anav
Tue Jul 16, 2019 6:17 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4456

Re: 1wan + 2 lan isolated from each other

Looks good to me, keeping it simple as mkx suggested but i would combine them.......... and iunclude both the interfaces and source, dest addresses. /ip firewall filter add action=drop chain=forward dst-address=176.16.24.1/24 src-address=192.168.1.0/24 in-interface=bridge2 out-interface=bridge1 add ...
by anav
Tue Jul 16, 2019 2:27 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4456

Re: 1wan + 2 lan isolated from each other

Sure thing!
by anav
Tue Jul 16, 2019 5:05 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4456

Re: 1wan + 2 lan isolated from each other

I have my internet coming in on vlanxx on my ether1 (bell fiber). IT HAS NOTHING TO DO WITH MY BRIDGES OR VLANS ON MY NETWORK.
You may have a more complicated setup?
by anav
Tue Jul 16, 2019 12:08 am
Forum: General
Topic: VLAN and filtering on non-CRS3xx devices
Replies: 11
Views: 909

Re: VLAN and filtering on non-CRS3xx devices

Everyone has their niche area of interest or expertise! Its always fun seeing what pretzel configurations you all come up with!!
by anav
Mon Jul 15, 2019 11:42 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4456

Re: 1wan + 2 lan isolated from each other

Sigh.................. one can lead a horse to water......... A 'sob' story for sure!! ;-P I started off using bridges and quickly discovered that one was limited in that the bridge could only be assigned one subnet. In addition one starts loading the bridge to do everything and it just gets in the ...
by anav
Mon Jul 15, 2019 6:25 pm
Forum: Wireless Networking
Topic: Single VLAN Bridge to Bridge [SOLVED]
Replies: 3
Views: 587

Re: Single VLAN Bridge to Bridge [SOLVED]

Another excellent reference.........
viewtopic.php?f=13&t=143620
by anav
Mon Jul 15, 2019 6:09 pm
Forum: General
Topic: VLAN and filtering on non-CRS3xx devices
Replies: 11
Views: 909

Re: VLAN and filtering on non-CRS3xx devices

This is why I would like to clone Sindy's brain and then somehow figure out how to siphon the knowledge into mine directly.
I just get giddy when MKX is schooled. ;-)
by anav
Mon Jul 15, 2019 6:04 pm
Forum: Beginner Basics
Topic: 2 x Lan, 2 x DVR, 1 Problem
Replies: 9
Views: 682

Re: 2 x Lan, 2 x DVR, 1 Problem

Well that was thorough, no crumbs for me. Off I go in search of for food. Excellent support as usual from Yoda
by anav
Mon Jul 15, 2019 6:02 pm
Forum: Beginner Basics
Topic: Access devices in one VLAN from other VLAN
Replies: 3
Views: 392

Re: Access devices in one VLAN from other VLAN

Well the good news is that the OS is somewhat up to date but I would update it to the latest current stable release. I am not a fan of using vlan01 as that can get confusing and would change the numbering to vlan10. But before doing that I would have a good read of an excellent resource to help you ...
by anav
Sun Jul 14, 2019 11:24 pm
Forum: General
Topic: VLAN VRRP
Replies: 18
Views: 1461

Re: VLAN VRRP

Sorry to hear about your injury. :-(
Having recently had a hand injury, understand the loss to some degree. Hoping you recover soonest!
I w i l l t y p e s l o w l y f o r y o u r p o s t s. ;-)
by anav
Sun Jul 14, 2019 11:19 pm
Forum: General
Topic: Port Forwarding Not Working but Shows Packets
Replies: 11
Views: 889

Re: Port Forwarding Not Working but Shows Packets

I would echo 2frogs recommendation for dst-nat rules. /ip firewall nat add action=dst-nat chain=dstnat comment="ALA USG VPN" dst-port=500 in-interface=ether1-gateway log=yes protocol=udp to-addresses=10.0.1.89 add action=dst-nat chain=dstnat comment="ALA USG VPN" dst-port=1701 in-interface=ether1-ga...
by anav
Sun Jul 14, 2019 11:06 pm
Forum: General
Topic: VLAN and filtering on non-CRS3xx devices
Replies: 11
Views: 909

Re: VLAN and filtering on non-CRS3xx devices

I personally think that peoples angst, about vlan filtering affect on CPU as something evils is too broad brush an approach. For most home owners the ease and convenience of vlan setups as per https://forum.mikrotik.com/viewtopic.php?t=143620 Is a great way to go. I am sure for enterprise scenarios ...
by anav
Sun Jul 14, 2019 11:02 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4456

Re: 1wan + 2 lan isolated from each other

Haha MKX, you know vlans are like catheters, you may not think you need them now but just wait a bit longer!!
by anav
Fri Jul 12, 2019 11:32 pm
Forum: Beginner Basics
Topic: Network isolation using VRF?
Replies: 8
Views: 762

Re: Network isolation using VRF?

Nice try but I went over the diagrams and nothing is clear in terms of order.
by anav
Fri Jul 12, 2019 11:27 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4456

Re: 1wan + 2 lan isolated from each other

I use vlans for all subnets.
By their nature all vlans do not talk on layer 2
Thus all I do in the forward chain is state what I wish to allow, ie LAN to WAN for whatever vlans,
then Drop ALL as the last rule which kills any L3 routing between the vlans.
Done!
by anav
Thu Jul 11, 2019 6:57 pm
Forum: Beginner Basics
Topic: Network isolation using VRF?
Replies: 8
Views: 762

Re: Network isolation using VRF?

1. what is the difference wrt the load on the CPU for both methods.
2. if i basically in my forward chain simply allow lan to wan traffic and have a generic drop all rule last,
- does that stop traffic between bridges and thus don't need many rules just one!
by anav
Mon Jul 08, 2019 8:39 pm
Forum: Beginner Basics
Topic: Port Forwarding RB2011UiAS
Replies: 10
Views: 841

Re: Port Forwarding RB2011UiAS

I am not interested in providing any assistance if OS is not updated. :-)
by anav
Mon Jul 08, 2019 2:30 pm
Forum: General
Topic: Redundant WAN links checking beyond the gateway
Replies: 4
Views: 340

Re: Redundant WAN links checking beyond the gateway

Couldnt agree with you more. I personally think you should write a book on MT & Everything you wanted to know about VPNs!
I would be the first in line to buy it! The other option is kidnapping and the vulcan mind meld.
by anav
Mon Jul 08, 2019 2:27 pm
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1486

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

@Bartoz, whats your address will send you tissues also for the cryin!! Perhaps a puke bucket too LOL.
As for @mkx, since when are you from the hood? "staight" LOL
by anav
Mon Jul 08, 2019 3:29 am
Forum: General
Topic: DST NAT Rules Work for some connections.
Replies: 12
Views: 685

Re: DST NAT Rules Work for some connections.

Lets try to narrow this down first to the facts of one wan, 3 services duplicated but with different external incoming ports. After we figure out the config errors we can talk about RDP or anything else. Best to post your config so we can see the setup. /export hide-sensitive file=yourconfigjul07 In...
by anav
Mon Jul 08, 2019 3:23 am
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1486

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

anav: maybe my toilet paper has just more layers than your? I think we need to explore this in philosophical terms........ but yes I am your basic one ply and you probably have at least 2 or 3 ;-P Seriously though, are you telling me that all my vlans can talk to each other on layer 3 because I spe...
by anav
Mon Jul 08, 2019 3:19 am
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 868

Re: RULE for BANKS

You guys are spoiling all the fun. I was going to suggest wrapping the router in tin foil next!! ;-)
by anav
Mon Jul 08, 2019 3:17 am
Forum: General
Topic: How do I allow DNS traffic from one VLAN to another? [SOLVED]
Replies: 9
Views: 671

Re: How do I allow DNS traffic from one VLAN to another? [SOLVED]

Haha Zeekay, I wish I could remove the nick addendum, it only reflects the number of posts not the quality of posts. ;-)
by anav
Sun Jul 07, 2019 11:31 pm
Forum: General
Topic: SFP RB4011
Replies: 19
Views: 1557

Re: SFP RB4011

So David, are you saying that in the near future we may be able to connect the RB4011 directly to the incoming fibre line from the street and bypass the ONT? I know the technician spent some time configuring the ONT to the account settings on their database (so they talk to each other). How would yo...
by anav
Sun Jul 07, 2019 11:25 pm
Forum: General
Topic: How do I allow DNS traffic from one VLAN to another? [SOLVED]
Replies: 9
Views: 671

Re: How do I allow DNS traffic from one VLAN to another? [SOLVED]

Word of caution, using pi-hole and DNS is tricky business. I tried doing it and ended up removing it due to the amount of weird scenarios where family members internet worked sporadically. Now I am a complete noob at RouterOS and there are so many ways to frig a setup that it should work just fine, ...
by anav
Sun Jul 07, 2019 11:21 pm
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 868

Re: RULE for BANKS

That is a great improvement!! Thanks. Let me see if I understand...... You want the router to be given a script (set of commands) that say Scan all the IPs in the world (ipv4 and ipv6?) Figure out which of those IPs belong to banks. Figure out which of the bank IPs belong to a specific country Write...
by anav
Sun Jul 07, 2019 11:11 pm
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1486

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

@Bartoz, explain to me how devices from one bridge are going to magically access devices on a second bridge when the last forward rule in the forward chain is drop all?? (I know your knowledge far outstrips my few scribbles of notes on toilet paper that make up my imaginary expertise LOL, so please ...
by anav
Sun Jul 07, 2019 11:08 pm
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 868

Re: RULE for BANKS

I just did. Provide much more detail on your requirements.
by anav
Sun Jul 07, 2019 11:07 pm
Forum: General
Topic: Redundant WAN links checking beyond the gateway
Replies: 4
Views: 340

Re: Redundant WAN links checking beyond the gateway

Why Sindy would send you to a non approved MT site is beyond me. I suspect he has been drinking all afternoon. ;-)
What you seem to be asking is for recursive routing. Search the forum for those keywords and hopefully you will get some starting points.
(Search found 325 matches: recursive routing)
by anav
Sun Jul 07, 2019 11:04 pm
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 868

Re: RULE for BANKS

Your requirement is lacking too many details to sufficiently address...........
For example. Do you mean writing the banks name on toilet paper in a bar??
by anav
Sun Jul 07, 2019 11:03 pm
Forum: Beginner Basics
Topic: /ip firewall NAT on bridge with use-ip-firewall not working
Replies: 4
Views: 464

Re: /ip firewall NAT on bridge with use-ip-firewall not working

Concur with the approach of simply stating the requirements in terms of desired functionality users will experience without mention of config/settings. I have users x and users y, I want to ensure that users X access the internet with the following limitations...................., I want to ensure u...
by anav
Sun Jul 07, 2019 4:09 pm
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1486

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

I am not sure what the fuss is about....... Bridges are already separated at layer2, vlans are separated at layer 2.
The only thing need be done is FW rules and mainly no FW rules.

established related
{any allow rules like lan to wan}
Last rule
add chain=forward action=drop.


Done!
by anav
Sat Jul 06, 2019 1:21 am
Forum: Wireless Networking
Topic: Problems with setting up AP's with VLAN
Replies: 6
Views: 581

Re: Problems with setting up AP's with VLAN

Good plan, do come back and let us know how it goes. The "A" team comprised of Jekkyl (me) and the evil My Hyde (mkx) are here to help! ;-)
by anav
Sat Jul 06, 2019 1:18 am
Forum: General
Topic: SFP RB4011
Replies: 19
Views: 1557

Re: SFP RB4011

This is what happens when you dont regulate industry and companies play these stupid games.
Make a standard and follow it.
by anav
Fri Jul 05, 2019 8:26 pm
Forum: Wireless Networking
Topic: Problems with setting up AP's with VLAN
Replies: 6
Views: 581

Re: Problems with setting up AP's with VLAN

Not sure why you need two bridges as vlans are vlans and dont need extra bridge separation. However the bigger issue may be that you dont use the bridge interface when defining the vlans. How bout you have a good review of this resource, change your config accordingly and then post back with further...
by anav
Thu Jul 04, 2019 7:34 pm
Forum: Beginner Basics
Topic: 5 port switch + wlan + guest wlan using rb951
Replies: 3
Views: 276

Re: 5 port switch + wlan + guest wlan using rb951

All that you have stated is very doable.
However one cannot guess at your current setup.
Please post your config for anal ysis.
/export hide=sensitive file=yourconfig4july
by anav
Thu Jul 04, 2019 7:32 pm
Forum: Beginner Basics
Topic: Guest wifi on multiple APs
Replies: 9
Views: 759

Re: Guest wifi on multiple APs

Of course you have a modem, in this case a Cable modem. A router does not work independent of a modem either by landline or wisp.
But understand your test router is really just being used for testing setup planning.
by anav
Thu Jul 04, 2019 7:30 pm
Forum: Beginner Basics
Topic: Advice | Recommendation for new router
Replies: 10
Views: 758

Re: Advice | Recommendation for new router

Services - PPPoE, SQM QoS cake?, ipv6 tunnelbroker, upnp and ability to add/ customize further. What to consider? Option 1: New router with built in wifi? Option 2: New router only + Tenda AC18 as wifi access point? Option 3: New router + new wifi access point? Some are suggesting the RB4011 and Ye...
by anav
Thu Jul 04, 2019 7:28 pm
Forum: Beginner Basics
Topic: Help needed with config
Replies: 9
Views: 722

Re: Help needed with config

Thanks guys... I'm head over to the link you sent anav..... via my ever deepening rabbit hole :) Hands on learning is definitely the way for me (with you guys help). Thanks again for the patience! No worries, you are doing better than I already. I completely ignored mkx at the beginning LOL. ( it w...
by anav
Thu Jul 04, 2019 2:43 pm
Forum: General
Topic: Need recommendations for wireless solution
Replies: 1
Views: 186

Re: Need recommendations for wireless solution

I would consider the 60HZ series, Pair up a set of these from the tower to a spot that has LOS with all the cottages. https://mikrotik.com/product/wireless_wire_dish Then connect the cottage side dish by ethernet ....... to this unit for example..... https://mikrotik.com/product/wap_60gx3_ap which c...
by anav
Thu Jul 04, 2019 2:30 pm
Forum: General
Topic: untagged vlan [SOLVED]
Replies: 9
Views: 681

Re: untagged vlan [SOLVED]

The link mkx provided is your best resource period.
Another good one is useful if you want to tackle a hybrid port (diagram 4 I believe).
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
by anav
Thu Jul 04, 2019 2:27 pm
Forum: Beginner Basics
Topic: Advice | Recommendation for new router
Replies: 10
Views: 758

Re: Advice | Recommendation for new router

The RB4011 is a monster router.........
by anav
Thu Jul 04, 2019 2:26 pm
Forum: Beginner Basics
Topic: Help needed with config
Replies: 9
Views: 722

Re: Help needed with config

@mkx the effing comedian. Thanks for my morning chuckle mate!! As for the OP, see how quickly one can go down a rabbit hole.............. you have to watch out for these experts, they usually work in thin air and find it hard to relate to normal people. As for future plans the best thing is to provi...
by anav
Thu Jul 04, 2019 2:22 pm
Forum: Beginner Basics
Topic: 5 port switch + wlan + guest wlan using rb951
Replies: 3
Views: 276

Re: 5 port switch + wlan + guest wlan using rb951

Did you do any research before buying the routerboard of unknown type/name?
This is not a consumer off the shelf plugnplay device except for the default settings that allow it to be used out of the box but then
needs configuring beyond that.
by anav
Thu Jul 04, 2019 2:21 pm
Forum: Beginner Basics
Topic: Guest wifi on multiple APs
Replies: 9
Views: 759

Re: Guest wifi on multiple APs

So your router is not connected directly to a modem?
by anav
Thu Jul 04, 2019 4:45 am
Forum: Beginner Basics
Topic: How to choose proper Mikrotik hardware
Replies: 4
Views: 393

Re: How to choose proper Mikrotik hardware

Well I would look at something that has ipsec in the hardware so anything like a routerboard RGB450Gx4 or an RB4011 should be models to start considering.
by anav
Thu Jul 04, 2019 4:43 am
Forum: Beginner Basics
Topic: Help needed with config
Replies: 9
Views: 722

Re: Help needed with config

No worries sometimes I think I am only one config step ahead of you LOL. The point being is that do not even consider different designs on the other ethers until you understand what you are doing with one ether. So, that being said you decided to make the BRIDGE responsible for DHCP networking but t...
by anav
Thu Jul 04, 2019 4:37 am
Forum: Beginner Basics
Topic: Help with VLAN and separate WLAN's [SOLVED]
Replies: 8
Views: 650

Re: Help with VLAN and separate WLAN's [SOLVED]

Sure thing....
This is your best resource!!
viewtopic.php?t=143620

This has some useful info as well.
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
by anav
Wed Jul 03, 2019 10:55 pm
Forum: Beginner Basics
Topic: Help needed with config
Replies: 9
Views: 722

Re: Help needed with config

I am curious why you elected to have /ip dhcp-server set to the bridge , but then, assign /ip address to ether2 I am just curious as how assigning it to ether2 is going to magically translate to all the other ether ports?? ;-) /ip neighbor discovery-settings set discover-interface-list=LAN I have se...
by anav
Wed Jul 03, 2019 8:51 pm
Forum: Wireless Networking
Topic: free wifi
Replies: 7
Views: 708

Re: free wifi

i believe dawood is working for the PRC ;-)
by anav
Wed Jul 03, 2019 8:48 pm
Forum: Wireless Networking
Topic: Connect Mikrotik Device to Ubiquiti AP via 802.1x [SOLVED]
Replies: 6
Views: 942

Re: Connect Mikrotik Device to Ubiquiti AP via 802.1x [SOLVED]

Hmm I believe the latest firmware update may include something that helps........ ??

RouterOS version 6.45.1 has been released in public "stable" channel!
MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
by anav
Wed Jul 03, 2019 8:43 pm
Forum: Wireless Networking
Topic: Which mode do I need?
Replies: 15
Views: 1142

Re: Which mode do I need?

How does your PC get internet now? If it is in another room, presumably it is wired to the current router? Your entire logic is faulty if the PC is getting wifi now as its main supply. If the wireless signal to the PC is poor due to construction/walls etc, what makes you think that the reverse path ...
by anav
Wed Jul 03, 2019 8:31 pm
Forum: Beginner Basics
Topic: Help needed with config
Replies: 9
Views: 722

Re: Help needed with config

This is not a factory refresh, where are all the default firewall rules??
I hope you realize that the default rules are there to protect your router from being hacked!!
by anav
Wed Jul 03, 2019 5:23 am
Forum: Beginner Basics
Topic: Port Forwarding (AND MORE) Still Not Working [SOLVED]
Replies: 4
Views: 487

Re: Port Forwarding (AND MORE) Still Not Working [SOLVED]

What you should start fresh with is the default setup as that is safe and a good place to start.
by anav
Tue Jul 02, 2019 4:32 pm
Forum: General
Topic: EoIP - tunnel drops after 60 secs [SOLVED]
Replies: 19
Views: 1179

Re: EoIP - tunnel drops after 60 secs [SOLVED]

Type really fast.............. ;-)
by anav
Tue Jul 02, 2019 4:30 pm
Forum: General
Topic: have a two WAN ports in RB951 Router
Replies: 2
Views: 254

Re: have a two WAN ports in RB951 Router

post your config
/export hide=sensitive file=yourconfigjul2
by anav
Tue Jul 02, 2019 4:27 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 22
Views: 4166

Re: NordVpn and mikrotik?

ementat.......... Is that new info based on the latest firmware release? I remember seeing something about VPN improvements!
Can one extrapolate that any VPN provider that uses a similar setup can also be used with RouterOS now?
by anav
Tue Jul 02, 2019 4:23 pm
Forum: Beginner Basics
Topic: Port Forwarding (AND MORE) Still Not Working [SOLVED]
Replies: 4
Views: 487

Re: Port Forwarding (AND MORE) Still Not Working [SOLVED]

add action=accept chain=input port=69 protocol=udp add action=accept chain=forward port=69 protocol=udp What are those for? The only ports you should be allowing to or across your router is NONE!! (well maybe DNS to your router but only from the LAN side + admin access on the lan side to the router ...
by anav
Tue Jul 02, 2019 4:12 pm
Forum: Beginner Basics
Topic: How to switch immediately after a failover ?
Replies: 7
Views: 952

Re: How to switch immediately after a failover ?

I think I have RP filter loose, because my router has no morals LOL. Seriously its set to loose for some reason but heck i cant remember LOL.
by anav
Tue Jul 02, 2019 4:10 pm
Forum: Beginner Basics
Topic: hEX (RB750Gr3) Serial Console
Replies: 8
Views: 966

Re: hEX (RB750Gr3) Serial Console

Is this a requirement that could be well served by the raspberry pi?
by anav
Tue Jul 02, 2019 5:21 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4279

Re: single IP constantly trying to log to my Mikrotik

Well there is additional functionality onion layers now to the question do you use raw rules or filter rules to block things. I simply thought raw was better because there was less load on the CPU. Apparently wrong headed thinking. Apparently connection tracking makes filter rules more efficient. Wh...
by anav
Mon Jul 01, 2019 11:31 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70052

Re: v6.45.1 [stable] is released!

No issues in upgrading two CapAC and one RB450Gx4.
by anav
Mon Jul 01, 2019 9:27 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70052

Re: v6.45.1 [stable] is released!

I am using capAC in AP WISP Mode and for some reason it does not have access to the internet (probably how I setup my vlans). Two questions. (1) What method can I use to manually upload the package (dont see a selection in packages)?? and (2) Should I change the capAC mode to home AP from AP Wisp mo...
by anav
Mon Jul 01, 2019 3:40 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4279

Re: single IP constantly trying to log to my Mikrotik

THis in the 6.45 release looks like it may apply to parts of this discussion......
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;

This is the area where I am lost.........
by anav
Sat Jun 29, 2019 4:45 pm
Forum: General
Topic: vlan on a bridge in a bridge
Replies: 17
Views: 1562

Re: vlan on a bridge in a bridge

Perhaps you don't like the management network on vlan id=1, but in large networks I prefer this metod because 1) if I put my computer in the trunk network, I can easily see all devices with both winbox (for mikrotiks) and other vendors applications; 2) if my wolrkers put on the network some new dev...
by anav
Sat Jun 29, 2019 4:41 pm
Forum: General
Topic: Native VLAN
Replies: 25
Views: 1990

Re: Native VLAN

What's missing from your posted config is root section of /interface bridge with definition of bridges themselves. And that I was talking about: you removed what you thought was unnecessary. If you knew what's necessary to show us, you probably wouldn't need advice in the first place ... @Young stu...
by anav
Sat Jun 29, 2019 4:38 pm
Forum: Beginner Basics
Topic: How to switch immediately after a failover ?
Replies: 7
Views: 952

Re: How to switch immediately after a failover ?

I can see this happen on my browser when I switch from vpn to non-vpn scenario. Causes confusion LOL.
So Sebastia, this seems to be a safe and useful rule to have in place in general (like part of a default). Is there any danger or potential security risk to this rule??
by anav
Fri Jun 28, 2019 2:12 pm
Forum: General
Topic: [Feature request] Wireguard
Replies: 94
Views: 22752

Re: [Feature request] Wireguard

I bought a Raspberry Pi4 and use that for wireguard, it gives me wirespeed vpn on a 500Mbit connection
Is all your internet traffic done via wireguard through the Raspberry PI or are you talking a specific tunnel??
by anav
Thu Jun 27, 2019 6:15 pm
Forum: SwOS
Topic: CSS106 (RB260) VLANs between multiples swicthes and Hybrid port [SOLVED]
Replies: 3
Views: 1013

Re: CSS106 (RB260) VLANs between multiples swicthes and Hybrid port [SOLVED]

I have to wonder how it is that the Switch can use ALWAYS STRIP for an untagged vlan on a particular port (first example on provided link), and when in hybrid mode instead of ALWAYS STRIP, it says to use LEAVE AS IS (second example) ???? This does not seem to be a consistent approach!
by anav
Thu Jun 27, 2019 5:55 pm
Forum: Wireless Networking
Topic: Number of Wi-Fi connections on hAP mini
Replies: 8
Views: 1138

Re: Number of Wi-Fi connections on hAP mini

Your initial post tells me all I need to know. You install crappy TP Link wifi routers in small cafes and this is how you treat your customers LOL.
Suggest you install the RB4011 from now on and give your customers (and their clients) a decent product! ;-)
by anav
Thu Jun 27, 2019 5:52 pm
Forum: Wireless Networking
Topic: User manager wireless VLAN
Replies: 4
Views: 821

Re: User manager wireless VLAN

What is user manager??
by anav
Thu Jun 27, 2019 5:51 pm
Forum: General
Topic: Forum reliability
Replies: 18
Views: 2686

Re: Forum reliability

Suggest medication or get some exercise for whatever is troubling you.
by anav
Thu Jun 27, 2019 4:31 pm
Forum: General
Topic: Forum reliability
Replies: 18
Views: 2686

Re: Forum reliability

Have some coffee mtk, it helps me from taking MT forums too seriously LOL. You are correct Sebastia, over the past month I have noticed the forums being inaccessible numerous times. I thought it may be due to MT using their "NEW" powerline adapters in the server room and every time someone walks in ...
by anav
Thu Jun 27, 2019 4:18 pm
Forum: General
Topic: How to deny the all access from "wan" to "lan" in forward chain ?
Replies: 4
Views: 637

Re: How to deny the all access from "wan" to "lan" in forward chain ?

Sorry i will not give any advice for someone using old firmware. After you have upgraded to the latest stable firmware I would be happy to help.
by anav
Wed Jun 26, 2019 7:04 pm
Forum: General
Topic: Failover with email
Replies: 4
Views: 522

Re: Failover with email

I am a bit confused what is the difference between the check ping in your IP ROUTES, and the script check ping? If the route check ping is in the order of every few seconds, then the router will switch to the backup and nobody will know until the next script time check? Further the router could swit...
by anav
Wed Jun 26, 2019 6:56 pm
Forum: General
Topic: Redirect
Replies: 3
Views: 496

Re: Redirect

Suggest using a consultant in your area! It will save much time.
https://mikrotik.com/consultants
by anav
Wed Jun 26, 2019 6:53 pm
Forum: General
Topic: How to deny the all access from "wan" to "lan" in forward chain ?
Replies: 4
Views: 637

Re: How to deny the all access from "wan" to "lan" in forward chain ?

Please state your requirement in terms of use cases vice equipment functionality or specific router settings. In other words describe what you want users of your network to be able to do or not do. MT default the firewall rules that come with the latest versions are 'safe' out of the box and you nee...
by anav
Wed Jun 26, 2019 6:48 pm
Forum: Beginner Basics
Topic: make order in firewall rules
Replies: 7
Views: 603

Re: make order in firewall rules

I like that, nice and simple
just like
Europe drop all for UK
UK drop all for Europe ;-P

Perhaps soon when landing in the UK, Canadian Citizens will join the quick colonials line at customs....... while the europeans wait in long peon lines!!
by anav
Wed Jun 26, 2019 4:52 pm
Forum: General
Topic: Mikrotik vs Cisco advice
Replies: 12
Views: 33929

Re: Mikrotik vs Cisco advice

@kerberos2023

Your post sounds like an infomercial and has no basis in facts.. Zerobyte clearly laid out how OSPF is flawed and provided examples and yet your opinion is that it is fine.
Suggest you edit/delete your post or actually provide refuting evidence.
by anav
Wed Jun 26, 2019 4:33 pm
Forum: Beginner Basics
Topic: make order in firewall rules
Replies: 7
Views: 603

Re: make order in firewall rules

The best thing to do is to start with the default firewall rules that come with the latest firmware for RouterOS. Before adding rules, describe your network (a diagram works best). Describe what you wish to accomplish in terms of users (not by equipment) For example I ....... I have X groups of user...
by anav
Wed Jun 26, 2019 4:21 pm
Forum: Beginner Basics
Topic: Mikrotik App - Connection refused
Replies: 2
Views: 526

Re: Mikrotik App - Connection refused

Assuming you are trying to connect to the router from within your wifi network at home and not externally like at the coffee shop???
by anav
Wed Jun 26, 2019 4:19 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4279

Re: single IP constantly trying to log to my Mikrotik

MKX for this beginner. Please elucidate the trodden masses on how to use (practical applications) of this new information on how to control connection tracking when using filter rules and raw rules. There have been some really eye opening statments and facts presented in this thread and its really d...
by anav
Wed Jun 26, 2019 4:13 pm
Forum: Beginner Basics
Topic: Guest wifi on multiple APs
Replies: 9
Views: 759

Re: Guest wifi on multiple APs

Hi there I have very much the same setup in my house. I have my main mikrotik router (previously a hex router and now the RB450Gx4). It is connected to a managed 24 port switch from one port which connects to one capac and another managed switch in an entertainment area. The Router is also connected...
by anav
Tue Jun 25, 2019 8:33 pm
Forum: General
Topic: vlan on a bridge in a bridge
Replies: 17
Views: 1562

Re: vlan on a bridge in a bridge

Good day. Why be frustrated, you have access to the most amazing cheap but high quality vino, delicious coffee etc.. Let MT wait and enjoy life! While sipping,either liquid suggest you read this most excellent reference on setting up vlans......... https://forum.mikrotik.com/viewtopic.php?f=13&t=143...
by anav
Tue Jun 25, 2019 8:15 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4279

Re: single IP constantly trying to log to my Mikrotik

Translation please (Belgian to English)! The Belgian Alfa-Rome driver showed that french fries were actually invented by Belgians. Uhmm, no, hold it. @sebastia showed that global firewall setting /ip firewall connection tracking set enabled=no actually introduces two raw firewall rules, shown in hi...
by anav
Tue Jun 25, 2019 8:14 pm
Forum: Beginner Basics
Topic: Firewall rule for accessing winbox
Replies: 7
Views: 479

Re: Firewall rule for accessing winbox

Will echo the sentiments being made here, that external access to your router BUT NOT via VPN is not a recommended security practice. As for others giving you advice without even seeing your config makes me shake my head. Not that the learning bits provided are not stuff of gold, but basing advice o...
by anav
Sat Jun 22, 2019 4:38 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4279

Re: single IP constantly trying to log to my Mikrotik

Translation please (Belgian to English)!
by anav
Fri Jun 21, 2019 6:06 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4279

Re: single IP constantly trying to log to my Mikrotik

Ha, you think your confused. I will wait for the dust to settle on this one.
by anav
Thu Jun 20, 2019 11:22 pm
Forum: General
Topic: US ban on some products from China ( is there a possible effect to Mikrotik ?)
Replies: 6
Views: 796

Re: US ban on some products from China ( is there a possible effect to Mikrotik ?)

anav & huntermic - I like your thinking . If you don't see it or check it , then the future of your business & products & services looks bright. There is no need to keep alert towards any future potential issues. I am actually very concerned.......... with the supply of potatoes from Idaho! ;-P The...
by anav
Thu Jun 20, 2019 6:22 pm
Forum: Wireless Networking
Topic: About to purchase hAP AC/AC^2 router
Replies: 4
Views: 494

Re: About to purchase hAP AC/AC^2 router

What is your ISP wan connection rated at? Do you have coax to any rooms in the house? I am thinking of two ideas. a. hapac2 and using the asus via (coax adapter or electrical powerline adapter) in another section of the house. b. hapac only for better wifi coverage by itself but unless centrally pla...
by anav
Thu Jun 20, 2019 6:01 pm
Forum: Wireless Networking
Topic: About to purchase hAP AC/AC^2 router
Replies: 4
Views: 494

Re: About to purchase hAP AC/AC^2 router

All wired or a mix of wired and wireless? how big is the house, how many floors? do you currently have any access points just the asus wifi router? is you house wired for ethernet or coax at all? In general i would say the hap ac2 is the more powerful router in that it has ipsec hardware built in (b...
by anav
Thu Jun 20, 2019 4:58 pm
Forum: General
Topic: Linux vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
Replies: 15
Views: 3018

Re: Linux vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

I do not see any particular rule, similar to the ones posted in this thread, referenced in the blog (standard IPV4 or input chain traffic) that would specifically target the CVEs?
( I mean as an interim mod, until new vers' are out).
by anav
Thu Jun 20, 2019 4:39 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4279

Re: single IP constantly trying to log to my Mikrotik

Aha! I drive an old shitbox and i have the same questions as the Alfa Romeo driver (lucky dog) which proves that he has better taste for inanimate objects LOL ( and less frugal - no Catalan blood at all ).
by anav
Wed Jun 19, 2019 10:18 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4279

Re: single IP constantly trying to log to my Mikrotik

Very interesting update Sir. @vecernik87 can you boil that down into simple english. It seems to this poor befuddled brain that he is saying, it doesn't really matter which way the question is solved unless one is hitting 100% load. He seems to pass on that if load is an issue, then established rela...
by anav
Wed Jun 19, 2019 3:12 am
Forum: General
Topic: US ban on some products from China ( is there a possible effect to Mikrotik ?)
Replies: 6
Views: 796

Re: US ban on some products from China ( is there a possible effect to Mikrotik ?)

Why not whine about your impending inability to shop at the dollar store where all the products come from China. Every IT manufacturer from Cisco to no name iptv remote controls come from China. Get over yourselves. The supply of products will be sourced to an appropriate vendor of an appropriate co...
by anav
Tue Jun 18, 2019 5:45 pm
Forum: General
Topic: Problem forcing specific DNS server
Replies: 1
Views: 221

Re: Problem forcing specific DNS server

Would have to see the configs to pick out the source of the issue.
by anav
Tue Jun 18, 2019 5:43 pm
Forum: General
Topic: Linux vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
Replies: 15
Views: 3018

Re: Linux vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

None of these CVE-s are noted in the MT Security Blog and thus they are not real! ;-) On the other hand Rich1 is not a Trump kinda guy and thus the concerns are probably on the up and up. Is the thinking that its not MT config that is vulnerable but the linux kernel and thus not their problem???? Ju...
by anav
Tue Jun 18, 2019 5:29 pm
Forum: General
Topic: No routing to external network
Replies: 8
Views: 583

Re: No routing to external network

Why people insist on not showing their firewall rules is beyond me as its often key as to why some items are blocked you know as in filter rules. Shall we assume you have no filter rules?? Can one assume ether ports 2,3,4,5 connect to ports on the Cisco??? I am assuming the bridg10 traffic works bec...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10