Community discussions

MikroTik App

Search found 7395 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 25
by anav
Sat Jun 19, 2021 8:25 pm
Forum: General
Topic: Home IoT Vlan setup
Replies: 13
Views: 443

Re: Home IoT Vlan setup

kk and resend the config as there may be some small items to address!!
by anav
Sat Jun 19, 2021 5:06 pm
Forum: General
Topic: blocking 10.10.0.1 from 10.20.0.1 [SOLVED]
Replies: 3
Views: 120

Re: blocking 10.10.0.1 from 10.20.0.1 [SOLVED]

Lets be clear mkx, a. you are stating that even though subnets are blocked at the forward chain, a device can always access another subnets gateway aka ping it? b. this seems to be consistent in that and please confirm, one can use any subnet gateway for DNS aka vlan20 can use vlan30 gateway IP for ...
by anav
Sat Jun 19, 2021 4:56 pm
Forum: General
Topic: Home IoT Vlan setup
Replies: 13
Views: 443

Re: Home IoT Vlan setup

(7) THE BIGGEST ISSUE IS THE MISSING BR VLAN FILTERING SETUP???? Based on your bridge port setup ....... However, once we sort our your unifi issues this may change.......... add bridge=BR1 tagged=BR1,ether4,ether5, untagged=ether2 vlan-ids=20 add bridge=BR1 tagged=BR1,ether4,ether5 vlan-ids=10,30,4...
by anav
Sat Jun 19, 2021 4:41 pm
Forum: General
Topic: Home IoT Vlan setup
Replies: 13
Views: 443

Re: Home IoT Vlan setup

Heads up if Unifi needs to be fed from a hybrid port from the router because it needs the base vlan untagged. Then simply allow all frames on the port pvid it to the base vlan (as though it was an ACCESS port). In the bridge vlan setup just tag the same port with other vlans as if it was a trunk por...
by anav
Sat Jun 19, 2021 4:25 pm
Forum: RouterOS v7 BETA
Topic: Configuring RouterOS as a wireguard client
Replies: 5
Views: 193

Re: Configuring RouterOS as a wireguard client

viewtopic.php?f=23&t=174417&p=861477&hi ... rd#p861477
Check out the thread all your answers are in there.
by anav
Sat Jun 19, 2021 2:57 am
Forum: Wireless Networking
Topic: CAPsMAN on layer2 + vlans
Replies: 13
Views: 408

Re: CAPsMAN on layer2 + vlans

I avoid all that by simply configuring my capacs as normal access points. Also works great, didnt lose sleep time or hair and my wifi will not crash if capsman burps :-)
by anav
Sat Jun 19, 2021 2:53 am
Forum: General
Topic: Automatic login through SSH?
Replies: 2
Views: 131

Re: Automatic login through SSH?

If you want to gain access to your MT router from an external net connection, the best method is VPN. Port knocking is also done as fall back method.
Havent heard of people using SSH.
by anav
Sat Jun 19, 2021 2:52 am
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 23
Views: 724

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

Pray tell fill in the gaps. I have only done netinstall using the given version file.
How does one create a file for custom netinstall............. or is this a special license not for mere mortals........
by anav
Sat Jun 19, 2021 2:49 am
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 14
Views: 1564

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

Good news, if you want a review of your config thus far
/export hide-sensitive file=anynameyouwish
by anav
Fri Jun 18, 2021 10:30 pm
Forum: Forwarding Protocols
Topic: Networking Education
Replies: 13
Views: 3385

Re: Networking Education

Perhaps you should spend more time on convincing Normis to actually make posting here not so easy for bots or posters with no intent but to cause spam. I read all kinds of posts, and don't really care if its quoted or quoted again, but it provides me with great amusement when some get their knickers...
by anav
Fri Jun 18, 2021 10:12 pm
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 23
Views: 724

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

Nice mducharme, that seems a very reasonable compromise.
Its a model some should aspire too.
by anav
Fri Jun 18, 2021 7:45 pm
Forum: General
Topic: PCC Load balancing and https connection issues
Replies: 26
Views: 16809

Re: PCC Load balancing and https connection issues

DarkNate has been posting some good info on this.....
viewtopic.php?f=2&t=176030&p=863245#p862412
by anav
Fri Jun 18, 2021 7:44 pm
Forum: Beginner Basics
Topic: help me in load balancing with pcc
Replies: 3
Views: 127

Re: help me in load balancing with pcc

Darknate has been posting lots of good stuff on this........
viewtopic.php?f=2&t=176030&p=863245#p862412
by anav
Fri Jun 18, 2021 7:42 pm
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 23
Views: 724

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

Who cares what you think about my question.
I am curious as to how these setups work, because it appears many folks seem to use that sort of thing and then I understand better the config when assisting.
The llama has no off button, we can go all day and night :-)
by anav
Fri Jun 18, 2021 7:37 pm
Forum: General
Topic: Cant Open Ports
Replies: 9
Views: 242

Re: Cant Open Ports

Thats why you are here Bartoz......... I am not the patient llama unless the person provides a decent networking diagram, has shown the config, and has zero arrogance......... Besides, in general I dont help folks who want to access their router from the internet over www and likewise I dont help pe...
by anav
Fri Jun 18, 2021 7:33 pm
Forum: Beginner Basics
Topic: Three same-distance routes
Replies: 2
Views: 98

Re: Three same-distance routes

The router will decide which has the shortest route and yes it may change randomly.
In any case your question is baseless without context.
Its not what you think the router will do that counts.
Its what you want the router to do.

So state your requirements and will assist.
by anav
Fri Jun 18, 2021 6:09 pm
Forum: General
Topic: Joining two different network interfaces together
Replies: 1
Views: 63

Re: Joining two different network interfaces together

Read all the literature first.
If you dont understand anything suggest returning the unit and buying a linksys.
So far I see no effort on your part to do some of the work.

Start here.
https://help.mikrotik.com/docs/
by anav
Fri Jun 18, 2021 6:06 pm
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 23
Views: 724

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

Hey wilogic, So If I use your router and not mine that is preconfigured, and I use IPCLOUD will it show me the same public IP as I am getting on the supplied router? Or is the supplied device already getting a private IP (behind another wilogic router and then attached to a mode,). What I am getting...
by anav
Fri Jun 18, 2021 6:03 pm
Forum: General
Topic: redirect whole traffic from WAN to LAN
Replies: 13
Views: 365

Re: redirect whole traffic from WAN to LAN

No worries, someone else will help you out...............
by anav
Fri Jun 18, 2021 6:00 pm
Forum: General
Topic: Cant Open Ports
Replies: 9
Views: 242

Re: Cant Open Ports

Yeah no firewall rules and connected to the internet........ just plain dumb if thats the case, will assume you are just using it in a lab. As for Ive done this configuration 1000 times doesnt mean you have clue Take this for example. /interface list member add interface=ether1 list=WAN add list=LAN...
by anav
Fri Jun 18, 2021 5:55 pm
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 14
Views: 1564

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

Hey IPANet, how do you compare audience to previous wifi like on capac etc.... Also do you have to run the beta software to gain the advantages? I dont see anything extraordinary about them except the high price for just a wifi5 AP. Call me a sceptic but where it the gain in using these.......... Do...
by anav
Fri Jun 18, 2021 5:49 pm
Forum: Beginner Basics
Topic: On RouterOS how do I make one port dedicated WAN Port
Replies: 1
Views: 78

Re: On RouterOS how do I make one port dedicated WAN Port

dynamic IP use IP DHCP client
Static IP add the address provided and gateway in IP address and make the interface the port you desire.
In either case ensure etherX is part of the WAN interface list.
by anav
Fri Jun 18, 2021 3:03 am
Forum: General
Topic: redirect whole traffic from WAN to LAN
Replies: 13
Views: 365

Re: redirect whole traffic from LAN1 to LAN2

It is still not clear to me where the ISP modem or modem/router is located in this picture..........
by anav
Fri Jun 18, 2021 3:02 am
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 23
Views: 724

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

Nope well explained and reasonable. For some people this seems to be a good option, I just cant fathom it, but thats my issue.
by anav
Thu Jun 17, 2021 11:08 pm
Forum: Beginner Basics
Topic: RouterOS v7.2 (beta) and routing marks
Replies: 3
Views: 341

Re: RouterOS v7.2 (beta) and routing marks

The right response was simply link to the beta forum :-)
by anav
Thu Jun 17, 2021 8:05 pm
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 23
Views: 724

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

CPE, Im gonna be sick!!
Dont you offer the option for the OP to use his own router - provide an IP address etc............
I mean Europeans are naturally friendly (mediterranean ones at least) but holding on to your customers testicles is a step to far.
by anav
Thu Jun 17, 2021 8:03 pm
Forum: General
Topic: redirect whole traffic from WAN to LAN
Replies: 13
Views: 365

Re: redirect whole traffic from LAN1 to LAN2

So the mikrotiks connection to the internet is through another router? and not a modem?
So the mikkrotik is not directly connected to the TP LInk switch?
What router is the TPLINK switch connected to?
by anav
Thu Jun 17, 2021 8:01 pm
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 14
Views: 1564

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

Good article how to setup the RB4011 device for vlans etc.......
I too would stick with other vendors wifi and get the wired only RB4011.

viewtopic.php?f=23&t=143620
by anav
Thu Jun 17, 2021 7:57 pm
Forum: Beginner Basics
Topic: I would like to ask for your help for me to implement the following on my two ISPs (share lines). Both has 30+30= 60 Mbp
Replies: 3
Views: 130

Re: I would like to ask for your help for me to implement the following on my two ISPs (share lines). Both has 30+30= 60

To make it clear, you will have a TOTAL of 60Mbps for users to have access to but the max any one session can grab is 30mbps. What I think you are getting at is that you want to use the WAN resources equally amongst all the users. In other words if you have 120 users you want them to be able to acce...
by anav
Thu Jun 17, 2021 3:17 pm
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 23
Views: 724

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

Call the Police if its a criminal matter.
by anav
Thu Jun 17, 2021 3:09 pm
Forum: General
Topic: redirect whole traffic from WAN to LAN
Replies: 13
Views: 365

Re: redirect whole traffic from LAN1 to LAN2

Provide a network diagram and a config, otherwise unable to assist.
by anav
Thu Jun 17, 2021 2:07 pm
Forum: General
Topic: Intervlan RB4011
Replies: 5
Views: 313

Re: Intervlan RB4011

Have you read the article, I think not.
You have a mess that the article will help clear up.
Hint, one bridge
Hint, every vlan needs four things, ip address, pool, dhcp server, dhcp server network.
by anav
Thu Jun 17, 2021 1:57 pm
Forum: General
Topic: Double NAT + Firewall forward block => no internet access
Replies: 3
Views: 118

Re: Double NAT + Firewall forward block => no internet access

/export hide-sensitive file=anynameyouwish
by anav
Thu Jun 17, 2021 1:56 pm
Forum: General
Topic: Home IoT Vlan setup
Replies: 13
Views: 443

Re: Home IoT Vlan setup

Without seeing your config cannot be of much help
/export hide-sensitive file=anynameyouwish
by anav
Thu Jun 17, 2021 1:53 pm
Forum: General
Topic: redirect whole traffic from WAN to LAN
Replies: 13
Views: 365

Re: redirect whole traffic from LAN1 to LAN2

So you have one router, with one wan connection.
Behind the router two separate LANS.

You dont want LAN1 to have internet access but just access to LAN2 for example..........
How will they access LAN2??
by anav
Thu Jun 17, 2021 4:15 am
Forum: General
Topic: Home IoT Vlan setup
Replies: 13
Views: 443

Re: Home IoT Vlan setup

by anav
Thu Jun 17, 2021 4:14 am
Forum: General
Topic: Hardware recommendation for routing up to 2Gb/s
Replies: 6
Views: 296

Re: Hardware recommendation for routing up to 2Gb/s

What are you too friggen lazy to look up the routers yourself.
It took me 30 seconds to find a 1036 model that has two SFP+ ports......

or the CCR2004

Take your pick...........
by anav
Thu Jun 17, 2021 12:37 am
Forum: Beginner Basics
Topic: Reaching Wireguard from a different subnet
Replies: 1
Views: 97

Re: Reaching Wireguard from a different subnet

I think its the current positions of the moon in relation to plutos distance to the sun/ In other words, WTF are we supposed to do with such little information. At least /export hide-sensitive file=anynameyouwish a network diagram always helps as well. Looking forward to helping with more info provi...
by anav
Wed Jun 16, 2021 12:30 am
Forum: Wireless Networking
Topic: Wiki: Connect to a Wireless Network but use 2 GHz versus 5 GHz for External access
Replies: 1
Views: 173

Re: Wiki: Connect to a Wireless Network but use 2 GHz versus 5 GHz for External access

So use 2ghz to connect to hotspot and 5ghz to connect to users is the only good possibility.
THe fact that 5ghz range is limited is just reality.
by anav
Wed Jun 16, 2021 12:28 am
Forum: Wireless Networking
Topic: Wifi between concrete walls
Replies: 10
Views: 970

Re: Wifi between concrete walls

What you need to do is run cable to achieve a LOS between the two panel antennas. That is how WIFI works in the pt to pt scenario.
There are places where pipes wires, and other items get passed between floors FIND it, use it.
If you cannot do that, why are you wasting your money??
by anav
Wed Jun 16, 2021 12:24 am
Forum: Beginner Basics
Topic: Accessing clients / servers across different VLANs (printer, USB server, NAS, ...)
Replies: 6
Views: 572

Re: Accessing clients / servers across different VLANs (printer, USB server, NAS, ...)

In my opinion you dont need to delineate ports or protocols of that access as I dont think the printer can do much harm. Printers make a great jumping-off point for network infiltration - printers and their network interface cards are often long-lived and are either no longer supported by the manuf...
by anav
Wed Jun 16, 2021 12:22 am
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 490

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Moderna, maybe you got a placebo ;-P or are unable to make anti-bodies...........
by anav
Wed Jun 16, 2021 12:21 am
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 932

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Thats it in a nutshell, LOL.
by anav
Tue Jun 15, 2021 7:54 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 932

Re: Setting Up small home network with MikroTik hEX RB750Gr3

under the wx today, maybe tomorrow :-(
by anav
Tue Jun 15, 2021 6:50 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 932

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Its all fixable without much fuss.........
I started with a hex router, now have two, one is a backup and the other is a switch.
Quite capable devices for up to 800 up and down service
by anav
Tue Jun 15, 2021 4:51 pm
Forum: General
Topic: Dual WAN failover using recursive routing
Replies: 18
Views: 1497

Re: Dual WAN failover using recursive routing

Edit: Thanks!
by anav
Tue Jun 15, 2021 4:47 pm
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 336

Re: Howto use HAP AC2 as switch+AP on vlan(s)

Yup all in the article linked...... literacy is the key!!
by anav
Tue Jun 15, 2021 4:45 pm
Forum: General
Topic: Intervlan RB4011
Replies: 5
Views: 313

Re: Intervlan RB4011

IF you need your vlans to communicate (everybody to everybody) then you dont need separate vlans LOL.

Typically a vlan will share a printer with other vlans for example. SO there are good cases for targetted sharing.
by anav
Tue Jun 15, 2021 4:44 pm
Forum: General
Topic: help with firewall "drop" forward
Replies: 7
Views: 307

Re: help with firewall "drop" forward

Way overthinking this and SSH is not recommended to access router from external sites.
Use VPN at best or port knocking at worst.

Get rid of all the junk and go back to default rules,
Once posted will show you the few changes you need to lock it down very reasonably.
by anav
Tue Jun 15, 2021 4:36 pm
Forum: General
Topic: Single WAN PPPoE, multiple WAN IPs distribution
Replies: 2
Views: 123

Re: Single WAN PPPoE, multiple WAN IPs distribution

Not knowing anything about PPOE I would guess that Router A needs to be a PPPOE server and Routers B,C need to be PPPOE clients.
by anav
Tue Jun 15, 2021 4:31 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 10
Views: 631

Re: trying to isolate ether5 from bridge on ether2-4

Thank You! I think I have implemented everything other than the additional firewall rules, not sure whats going on, went to /ip firewall filter and attempted to enter: add action=accept chain=input in-interface=bridge source-address-list=admin_access but I keep getting a "expected end of comma...
by anav
Tue Jun 15, 2021 4:29 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 490

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

RIght now I just wish the sore arm and achy feeling (second covid dose) would go away. If this is like 1/100 of the real thing,,,,,,,frig dont wish this thing on anybody.
by anav
Tue Jun 15, 2021 4:27 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 932

Re: Setting Up small home network with MikroTik hEX RB750Gr3

What is the point of this............. add name=dhcp_pool8 ranges=10.0.0.22-10.0.0.254 add name=dhcp_pool9 ranges=10.0.0.10-10.0.0.254 missing dns-server on the first address /ip dhcp-server network add address=10.0.0.0/24 gateway=10.0.0.1 add address=192.168.2.0/24 dns-server=195.170.0.1,212.205.21...
by anav
Mon Jun 14, 2021 11:23 pm
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 336

Re: Howto use HAP AC2 as switch+AP on vlan(s)

This is true, what I realize I dont know...... GROWS every day!!
by anav
Mon Jun 14, 2021 11:22 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 490

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Hahaha, I am waiting to win the lottery.
by anav
Mon Jun 14, 2021 11:07 pm
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 336

Re: Howto use HAP AC2 as switch+AP on vlan(s)

mkx is getting forgetful in his old age bhwahahaha

Read this link it tells all........
viewtopic.php?f=23&t=143620
by anav
Mon Jun 14, 2021 11:05 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 480

Re: No internet connection on VLAN [SOLVED]

Well I did have an ulterior motive..........
I wanted to hear .......... INDIANA WANTS ME ...... ;-)))))))
by anav
Mon Jun 14, 2021 11:03 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 490

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Its an excellent router you just got the wrong model, you need the RB4011 just wired. Not sure where you heard it was recommended to get the wifi model. In any case, attaching wifi to a router is IMHO not the smart move, a. because wifi technology changes more rapidly and cannot be upgraded in firmw...
by anav
Mon Jun 14, 2021 5:59 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 480

Re: No internet connection on VLAN [SOLVED]

On your config some changes required Add DNS server on the DHCP network settings AND REMOVE WHAT YOU HAVE DONE FOR adding DNS servers under IP DNS. /ip dhcp-server network add address=10.2.2.0/24 gateway=10.2.2.1 dns-server=10.2.2.1 do this for all of them - should match the gateway!! add address=10...
by anav
Mon Jun 14, 2021 5:51 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 480

Re: No internet connection on VLAN [SOLVED]

Start with rextended default settings as listed at the below link. This is what you need to get started. https://forum.mikrotik.com/viewtopic.php?f=13&t=175129&p=856824#p856824 Then I would recommend moving from an allow concept of the default settings. to a block everything concept and only...
by anav
Mon Jun 14, 2021 4:36 pm
Forum: General
Topic: help with firewall "drop" forward
Replies: 7
Views: 307

Re: help with firewall "drop" forward

Sorry David,
Cannot makes heads or tails of your config, hoping someone else will drop by and give you better feedback.
by anav
Mon Jun 14, 2021 3:48 pm
Forum: General
Topic: help with firewall "drop" forward
Replies: 7
Views: 307

Re: help with firewall "drop" forward

Post your config, snippets are useless

/export hide-sensitive file=anynameyouwish

and for easy reading and troubleshooting you should not mix match forward and input chain rules.......
by anav
Mon Jun 14, 2021 3:44 pm
Forum: Beginner Basics
Topic: Initial Internet configuration ( via SFP port)
Replies: 21
Views: 588

Re: Initial Internet configuration ( via SFP port)

Sounds like a PPPOE setup?

So its mostly done in the PPP menu settings instead of mostly IP DHCP CLient.
If there is no PPP you have to download extra packages to find it and load it.
Choose the PPPOE-client settings.
ppp.JPG
by anav
Mon Jun 14, 2021 3:34 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 490

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Yes turn off the wifi and get a real access point.

Try
Band: 5GHz-N/AC
Channel Width: 20/40MHz Ce
by anav
Mon Jun 14, 2021 3:33 pm
Forum: Beginner Basics
Topic: Is it possible to set up NTP Server using name address instead of IP address?
Replies: 9
Views: 360

Re: Is it possible to set up NTP Server using name address instead of IP address?

Not sure what you mean.

At the NTP server settings there is really not a spot for name you just enable the service.
At the NTP client setting you can put in domain names or IPs for national or international ntp servers?
by anav
Mon Jun 14, 2021 3:29 pm
Forum: Beginner Basics
Topic: DEFAULT CONFIG CANT GET INTERNET hEX rb750gr3
Replies: 6
Views: 182

Re: DEFAULT CONFIG CANT GET INTERNET hEX rb750gr3

/export hide-sensitive file=anynameyouwish

So we can see whats going on.........
by anav
Sun Jun 13, 2021 11:12 pm
Forum: General
Topic: HexS - does thiis configuration looks ok [SOLVED]
Replies: 5
Views: 314

Re: HexS - does thiis configuration looks ok [SOLVED]

Yup............ lucky find LOL
Although you dont really need a vlan for bridge vlan filtering if you ONLY HAVE ONE VLAN on one port.
Vlans come into play when you have more than one subnet required on a single port.
by anav
Sun Jun 13, 2021 11:11 pm
Forum: General
Topic: CCR1009 + Single Bridge + 40Vlan's
Replies: 1
Views: 184

Re: CCR1009 + Single Bridge + 40Vlan's

2x Cr1009s?
by anav
Sun Jun 13, 2021 5:21 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 480

Re: No internet connection on VLAN [SOLVED]

This can be set to NONE, known to cause issues........ /interface detect-internet set detect-interface-list=WAN Still dont see your DNS server settings.......... /ip dhcp-server network add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1 add address=100.100.12.0/24 gateway=100.1...
by anav
Sun Jun 13, 2021 4:04 pm
Forum: Useful user articles
Topic: Which VPN protocol is best?
Replies: 29
Views: 14081

Re: Which VPN protocol is best?

NSA approval = they can can crack it you silly bird. SO YESTERDAY!!!
by anav
Sun Jun 13, 2021 4:00 pm
Forum: General
Topic: Help troubleshooting IP Camera access
Replies: 1
Views: 316

Re: Help troubleshooting IP Camera access

Sorry this is not a networking site this is a Mikrotik user support site.. Furthermore this particular forum is for useful articles, and so if you have questions ask them in the beginner forum and provide details of which MT devices you are using and their config ./export hide-sensitive file=anyname...
by anav
Sun Jun 13, 2021 3:59 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 480

Re: No internet connection on VLAN [SOLVED]

Oh in that case,
please read this excellent reference.
viewtopic.php?f=23&t=143620
I personally use vlans for all subnets and the only thing the bridge does is bridging.
by anav
Sun Jun 13, 2021 3:36 pm
Forum: General
Topic: mikrotik used as a spoof ddns
Replies: 5
Views: 295

Re: mikrotik used as a spoof ddns

Without seeing the config, hard to say.

/export hide-sensitive file=anynameyouwish
by anav
Sun Jun 13, 2021 2:35 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 528

Re: Issue with DST-NAT (RouterOS 6.47.10)

Parenting is the solution.
You can cut off internet during certain hours but then they will use their cellphones and data to connect.
by anav
Sun Jun 13, 2021 1:21 pm
Forum: General
Topic: VLAN across bridges
Replies: 10
Views: 367

Re: VLAN across bridges

No i cannot help stubborn horse that refuses to drink clean good water.
by anav
Sun Jun 13, 2021 1:20 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 480

Re: No internet connection on VLAN [SOLVED]

Why is your WAN connection setup with DHCP and pool, and even on bridge etc.................. ?? It is dhcp client only........ DHCP server networks are missing dns-server= add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1 Interface list members is missing all the vlans list=LAN
by anav
Sun Jun 13, 2021 1:03 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 10
Views: 631

Re: trying to isolate ether5 from bridge on ether2-4

Yes, you should, and definitely change the admin name and password and also the winbox port number. (1) this can be set to NONE /tool mac-server set allowed-interface-list=LAN (2) Add management interface to cut off ether5 from access to the router via winbox as follows: /interface list add comment=...
by anav
Sun Jun 13, 2021 12:54 pm
Forum: RouterOS v7 BETA
Topic: Wireguard ipv6 ::/0
Replies: 3
Views: 312

Re: Wireguard ipv6 ::/0

I hope they get this fixed and any other wg bugs. The one RoS7 functionality that I can actually use now!! Whaddya want Normis, Cdn Beer, Maple Syrup, what can get you to put this out in the next 6 update?? I will even wear a T-shirt that says I luv MT Wifi and capsman.........err no thats too far, ...
by anav
Sun Jun 13, 2021 3:39 am
Forum: General
Topic: HexS - does thiis configuration looks ok [SOLVED]
Replies: 5
Views: 314

Re: HexS - does thiis configuration looks ok [SOLVED]

the one I am talking about is located when you double click (left) on the bridge itself.
Brings up a popup menu look under VLAN, and the box next to VLAN filtering.
by anav
Sun Jun 13, 2021 3:36 am
Forum: General
Topic: VLAN across bridges
Replies: 10
Views: 367

Re: VLAN across bridges

Why not use all vlans for subnets, and that way one bridge is much easier to deal with.
Also use firewall rules properly and fewer rules are actually needed.
I am trying to simplify .............
by anav
Sat Jun 12, 2021 11:52 pm
Forum: General
Topic: VLAN across bridges
Replies: 10
Views: 367

Re: VLAN across bridges

No, use one bridge.
by anav
Sat Jun 12, 2021 10:45 pm
Forum: General
Topic: HexS - does thiis configuration looks ok [SOLVED]
Replies: 5
Views: 314

Re: HexS - does thiis configuration looks ok [SOLVED]

(1) ERROR /ip pool add name=dhcp ranges=192.168.4.20-192.168. 88. 200 (2) to access winbox set this to safe subnet......... /tool mac-server mac-winbox set allowed-interface-list= MNGMT Where /interface list add comment=defconf name=WAN add comment=defconf name=LAN add name=MNGMT /interface list mem...
by anav
Sat Jun 12, 2021 4:54 pm
Forum: General
Topic: Redirect LAN traffic to external proxy server
Replies: 1
Views: 211

Re: Redirect LAN traffic to external proxy server

Please do not multi-post same issue.
For those following the thread is here.........
viewtopic.php?f=2&t=176028
by anav
Sat Jun 12, 2021 4:51 pm
Forum: General
Topic: What is the best practice for setting load-balancing and failover for two WANs
Replies: 8
Views: 462

Re: What is the best practice for setting load-balancing and failover for two WANs

Well - simply stating failover is not enough detail. -simply stating load balancing is not enough What is primary, what is secondary. What do you want to have happen if primary or secondary faiils. Why say failover and then load balancing> Do you mean both are roughly equal interfaces Not a primary ...
by anav
Sat Jun 12, 2021 4:47 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 528

Re: Issue with DST-NAT (RouterOS 6.47.10)

Well I dont know how to handle that,
I am hoping those more expert than me can help.
My guess is that if it was me I would put the proxy server behind the ROUTER but on its own IP address, vice completely separate like you have.
However I do not know what is better. :-(
by anav
Sat Jun 12, 2021 4:11 pm
Forum: General
Topic: need guidance to setup 2 groups of failover with 2 ISPs?
Replies: 5
Views: 304

Re: need guidance to setup 2 groups of failover with 2 ISPs?

I amended my route rules, interface entries removed, subnet identifier was accurate and needed..
by anav
Sat Jun 12, 2021 4:04 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 528

Re: Issue with DST-NAT (RouterOS 6.47.10)

So the mikrotik and proxy server are not behind the same modem? Sounds like forward chain rules............and IP routes.... add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN dst-port=80,443 IP Route /ip route add distance=1 gateway=ISP_Gaterway add distance=1 gateway=ISP_...
by anav
Sat Jun 12, 2021 3:35 pm
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 569

Re: dhcp on vlan trunk not working

Okay, first important point. Leave Bridge alone in terms of extra setting, meaning default pvid and enabled is all that you need to do. Apply the vlan frame allowing and filtering on the bridge ports.............. I think the difference compared to "standard" managed swittch jargon is as f...
by anav
Sat Jun 12, 2021 3:21 pm
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 766

Re: Port Forwarding Problem [SOLVED]

Lots of ways to skin the cat for hairpin nat. The issue is caused when your server is on the same subnet as your LAN users. The solutions are abundant. The two easiest ones are: (1) Quite simply get LAN users to use LANIP (2) Move the server to its own subnet and quite frankly if you dont want your ...
by anav
Sat Jun 12, 2021 3:16 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 528

Re: Issue with DST-NAT (RouterOS 6.47.10)

a network diagram will help as I have no idea what you mean by external
by anav
Sat Jun 12, 2021 12:44 am
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 569

Re: dhcp on vlan trunk not working

Switch Comments. (1) I rename the ports to where they are from./to with the access ports also with pvid indicated. So mine is like: FromRouter / ToSwitch-44 / ToCAM-77 / ToVOIP-55 / ToAccPoint (2) VLAN SETTINGS INGRESS ON PORT FROM ROUTER vlanmode=enabled vlan receive=any default vlanid=1 EGRESS Vla...
by anav
Sat Jun 12, 2021 12:02 am
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 569

Re: dhcp on vlan trunk not working

(1) Minor point but if all bridge ports are identical can be written as. /interface bridge vlan add bridge=BR1 tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=10,20,30,99 (2) Missing blue network settings......... /ip dhcp-server network add address=10.19.20.0/24 dns-server=192.168.19.254 gateway=10...
by anav
Fri Jun 11, 2021 10:36 pm
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 569

Re: dhcp on vlan trunk not working

/export hide-sensitive file=anynameyouwish and I will have a look at the entire config
by anav
Fri Jun 11, 2021 8:38 pm
Forum: General
Topic: need guidance to setup 2 groups of failover with 2 ISPs?
Replies: 5
Views: 304

Re: need guidance to setup 2 groups of failover with 2 ISPs?

gobblity gook means BGP discussion is over my head LOL too complex............
I am just a simple man who grew up using a rotary dial telephone ;-)
by anav
Fri Jun 11, 2021 8:36 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 713

Re: Confused about chains

If you come on Italy close to my city, I'm pleased to offer a Pizza :))
Maybe I will one day :)
Coming from the cold north a pizza is always welcome and I will bring the Ice Vino...
Rewritten for accuracy!!
by anav
Fri Jun 11, 2021 7:24 pm
Forum: Beginner Basics
Topic: VPN accesspoint/gateway ? connect to remote location and Mikrotik after NAT
Replies: 2
Views: 253

Re: VPN accesspoint/gateway ? connect to remote location and Mikrotik after NAT

Suggesting that wireguard VPN is the way to go. Using beta6 firmware I am able to connect devices if the edge router is my own (MIKROTIK) or the ISPs router (ONLY CAN PORT FORWARD). Works great, easy to implement. The only thing is to wait for wireguard to move out of beta. WHich is taking far too l...
by anav
Fri Jun 11, 2021 7:05 pm
Forum: General
Topic: need guidance to setup 2 groups of failover with 2 ISPs?
Replies: 5
Views: 304

Re: need guidance to setup 2 groups of failover with 2 ISPs?

I was able to provide advice until you added the gobblity gook stuff at the bottom, In general where ISP_interface= etherport name, PPPOE-out name, or vlan name /ip route add distance=5 gateway=ISP1_interface check ping-gateway add distance=5 gateway=ISP2_interface check ping-gateway add distance=5 ...
by anav
Fri Jun 11, 2021 4:32 pm
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 766

Re: Port Forwarding Problem [SOLVED]

Working top to bottom dont see much yet but need to add servers, allow DNS and get rid of the default static entry....... /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 dns-server=192.168.88.1 add address=192.168.178.0/24 gateway=192.168.178.1 dns-server=192...
by anav
Fri Jun 11, 2021 4:20 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 694

Re: Preserve client IP when dst-nat to other server

Yes, I am thoroughly confused as I have no idea what the OP actually has and what Rextended was suggesting. If the NTP server is hosted on a device on a subnet on the router, two things have to be true: (and assuming that the device is not an atomic clock but one, like the router NTP server, that ju...
by anav
Fri Jun 11, 2021 12:52 am
Forum: Wireless Networking
Topic: hAp ac2 - large number of packet retransmissions on 2ghz-g/n and 5ghz-n/ac
Replies: 11
Views: 677

Re: hAp ac2 - large number of packet retransmissions on 2ghz-g/n and 5ghz-n/ac

I think the wifi on MT is perfect and its the clients that are the problems.
by anav
Fri Jun 11, 2021 12:44 am
Forum: Beginner Basics
Topic: Just want to say Hi.
Replies: 1
Views: 203

Re: Just want to say Hi.

No problem welcome anytime as long as Normis and company refuse to have standards for posting LOL........
We will continue to get this spam.......
by anav
Fri Jun 11, 2021 12:41 am
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 713

Re: Confused about chains

Without seeing your whole config, no one here can help you playing guessing games.......
/export hide-sensitive file=anynameyouwish
by anav
Thu Jun 10, 2021 10:10 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 694

Re: Preserve client IP when dst-nat to other server

Yes, the top half is clean and uncluttered and easy on my 60yr old eyes. The bottom half seems like its full of noise and information I dont really need. In other words, you are 100% right in terms of performance and usage fidelity. I just never thought that level of granularity was required as it w...
by anav
Thu Jun 10, 2021 9:02 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 694

Re: Preserve client IP when dst-nat to other server

Gluck, if its the first dose, should be okay. Its the second shot that gives you issues.
I know two doctors with 4000 adult patients each family has approx 4 kids = 16000 devices, with the same results ;-)
by anav
Thu Jun 10, 2021 9:01 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 694

Re: Preserve client IP when dst-nat to other server

Ahh Okay I see that but find the syntax the OP used VERY VERY confusing on the dst nat rule he uses "!list" and on the other he uses "list" Both being between the quotes are just text and not functioning items. In fact if NTP_Server is a list of those that should use the local NT...
by anav
Thu Jun 10, 2021 8:30 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 694

Re: Preserve client IP when dst-nat to other server

Well, I was basing my profound knowledge on one router and three devices over several months............ but cannot hold a candle to that IN UR FACE comment.
MKX-0 Rextended-1
by anav
Thu Jun 10, 2021 8:18 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 694

Re: Preserve client IP when dst-nat to other server

Sorry I didnt know ROS NTP server was so unstable, non-functioning and unreliable. ;-) I really do need to invest in a better atomic clock for my bitcoin transactions!! hi rextended /ip fire nat add action=dst-nat chain=dstnat comment="Force using local NTP Server" dst-address-list="!...
by anav
Thu Jun 10, 2021 8:15 pm
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 569

Re: dhcp on vlan trunk not working

As stated read the link that will solve any router vlan issues. The barebones switches from MT are a biatch to work with. Do not limit any access connectivity within the menus available (keep it wide open). Okay I have seen you have that in place, good! They cannot be accessed by winbox but by IP an...
by anav
Thu Jun 10, 2021 6:59 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 372

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

Sounds like you need to talk to the people who are IN CHARGE/RESPONSIBLE for the network as it now appears you are attempting to bypass the current design. If that design does not meet the rigor of bona fide legitimate requirements suggesting that a new design needs to be developed and then integrat...
by anav
Thu Jun 10, 2021 6:55 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 182
Views: 128370

Re: Using RouterOS to VLAN your network

This is NOT a wifi thread, nor a capsman thread, its a vlan thread and vlan security is covered in terms of best security practices which is the same as per any other vendor! For WIFI, the standard is WPA2 (or whatever comes next) and if you want can add a radius server for additional security and f...
by anav
Thu Jun 10, 2021 6:52 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 694

Re: Preserve client IP when dst-nat to other server

Not sure what you mean by own NTP server? Time servers are actually on the internet or do you have an atomic clock in your house? ;-)
The MT router has its own capability to be an NTP server, so on my network I just point the devices to the subnet gateway they are on and done!!
by anav
Thu Jun 10, 2021 6:29 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 372

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

So then set up connectivity on your other parent devices, solved!!
by anav
Thu Jun 10, 2021 5:52 pm
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 766

Re: Port Forwarding Problem [SOLVED]

Please post your latest complete config.

/export hide-sensitive file=anynameyouwish
by anav
Thu Jun 10, 2021 5:38 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 372

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

Well what are the device ahead of the MT device.
I see one attached to the internet CLOUD and I See one just to its left. what are those??
by anav
Thu Jun 10, 2021 4:31 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 701

Re: /ip firewall filter drop not dropping IP

@vercernik87, as long as you had at least one dose of the vaccine, you will be protected from both mine and rextended's toxic nature! ;-P As for the 'princess' (op), there are probably 10s of thousands of configs on this site by now, and the sky has not fallen. There is nothing also preventing one f...
by anav
Thu Jun 10, 2021 4:17 pm
Forum: Beginner Basics
Topic: Capsman, Guest SSID, simple VLANs - Basics
Replies: 3
Views: 258

Re: Capsman, Guest SSID, simple VLANs - Basics

In general I dont recommend using the bridge for anything but bridging and thus recommend removing the subnet from it and just putting it on another vlan.
Then it becomes much clearer what is going on............
by anav
Thu Jun 10, 2021 2:51 pm
Forum: Beginner Basics
Topic: Capsman, Guest SSID, simple VLANs - Basics
Replies: 3
Views: 258

Re: Capsman, Guest SSID, simple VLANs - Basics

Capsman when just starting out is not a good idea IMHO. First learn how to configure the router and also learn how to configure WIFI on its own. Learn how to handle vlans on its own. Capsman is another layer of configuration on top that will slow you down, frustrate you and take much longer than nee...
by anav
Thu Jun 10, 2021 2:25 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 10
Views: 631

Re: trying to isolate ether5 from bridge on ether2-4

Quick answer, yes! The one rule drops all traffic coming from the WAN except for port forwarded traffic (assumes you will be doing port forwarding). I prefer the drop all rule that drops ALL unwanted traffic not just WAN to LAN but LAN to LAN and LAN to WAN (better security). Separates the port forw...
by anav
Wed Jun 09, 2021 10:05 pm
Forum: Beginner Basics
Topic: Problem routing traffic from one lan to another
Replies: 6
Views: 539

Re: Problem routing traffic from one lan to another

So in other words, there is a router attached to all the computers on one subnet and another router attached to all the computers on the other subnet and you want to add a third router in between to get the LANS to see each other for some purposes not clearly defined. In other words, your network di...
by anav
Wed Jun 09, 2021 8:23 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 932

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Without seeing your config..... hard to say
/export hide-sensitive file=anynameyouwish
by anav
Wed Jun 09, 2021 7:27 pm
Forum: General
Topic: Hardware based secured virtual connexion
Replies: 5
Views: 372

Re: Hardware based secured virtual connexion

Good advice!! Eoip is Mikrotiks proprietary method of sharing LANs across the net so as long as you have two MT routers at either end, good to go.
However you should put a layer of encryption on it.
https://help.mikrotik.com/docs/display/ROS/EoIP
by anav
Wed Jun 09, 2021 4:59 pm
Forum: General
Topic: Hardware based secured virtual connexion
Replies: 5
Views: 372

Re: Hardware based secured virtual connexion

What I would recommend is Wireguard but thats in beta only so not available as its doable/ easy enough / to get you where you need to be ........ DONT RECOMMEND using beta firmware for work, or even stable (prefer long term version).
Anything else I agree you need professional help.
by anav
Wed Jun 09, 2021 4:56 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 701

Re: /ip firewall filter drop not dropping IP

...thinking it will change your DNA too... Yes it can happen. And it can happen even without getting the vaccine and you are infected with covid ... or any other virus ... Since the dawn of time, it can happen to some people that viruses alter the DNA of the infected (eggs, sperm), the proof is the...
by anav
Wed Jun 09, 2021 4:52 pm
Forum: Beginner Basics
Topic: Minecraft server
Replies: 6
Views: 842

Re: Minecraft server

@Crimitic start your own thread.........
Or at least post your config
/export hide-sensitive file=anynameyouwish
by anav
Wed Jun 09, 2021 4:47 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

No need to remove the rule just the part that was blocking.........

As for the other items,
a. does a tagged vlan99 reach the smart devices?
b. do the smart devices have IP addresses on the base vlan?
by anav
Wed Jun 09, 2021 2:30 pm
Forum: Scripting
Topic: Some Music
Replies: 16
Views: 24511

Re: Some Music

Well now thats almost criminal LOL. Okay, thanks good to know so I dont waste anymore time on that!
by anav
Wed Jun 09, 2021 1:53 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 701

Re: /ip firewall filter drop not dropping IP

So you really are that special .................
Suit yourself LOL,
I have better things to do than argue with someone that doesnt have a clue about configs................ prolly refused the vaccine thinking it will change your DNA too,,,,,,,,,,
by anav
Wed Jun 09, 2021 1:49 pm
Forum: Scripting
Topic: send MikroTik Notification via WhatsApp
Replies: 19
Views: 13548

Re: send MikroTik Notification via WhatsApp

None of my friends or family use Matrix. We only watch the movies.
On the other hand everyone I know has whatsapp or signal (hence rexetended's link to callmebot was exactly what Dr Neo ordered)
by anav
Wed Jun 09, 2021 1:42 pm
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 491

Re: port forwarding restrictions

Well between the mass exodus of people,, the covid fiasco, the vagrants pooping all over downtown, the opioid crisis mass shootings, droughts, wildfires, cosmetic surgery, the occasional earthquake.........yes you should be crazy and should move up to Canada ;-) Far saner here and besides, you can s...
by anav
Wed Jun 09, 2021 1:38 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 701

Re: /ip firewall filter drop not dropping IP

What you should do is post the complete config as you dont know the problem.
/export hide-sensitive file=anynameyouwish
by anav
Wed Jun 09, 2021 1:34 pm
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 766

Re: Port Forwarding Problem [SOLVED]

The way I understand it, ISP2 is pppoe with a fixed static IP address. ISP1 is a dynamic WANIP which does not come into play for this. In terms of NAT settings , couple of changes but not sure will make a difference....... The first one reflects a more accurate sourcenat rule for Static/Fixed WANIPs...
by anav
Wed Jun 09, 2021 4:09 am
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 491

Re: port forwarding restrictions

Good point I should clarify Ive only tested with a source-address-list.
I suspect you are right that with a source-address entry the result would be the same.
by anav
Wed Jun 09, 2021 4:07 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

Well the source-address-list entry on the input chain for base vlan interface access to the router was optional. If you have that added and no source address list entries, yeah no way . So drop the firewall address list or populate it....... Also I have no idea what vlan you are on when trying to ge...
by anav
Wed Jun 09, 2021 2:48 am
Forum: Scripting
Topic: Some Music
Replies: 16
Views: 24511

Re: Some Music

This is weird I played the same script copy paste into my hex, an RB450Gx4 and the music worked like a charm.
I ran the script on an RB4011 and the other end heard nothing???

Is there anything special about an RB4011 to get tunes playing??
by anav
Tue Jun 08, 2021 10:59 pm
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 491

Re: port forwarding restrictions

Yes, setting the source address in the Dst NAT rule is the way to go. Clearly for a list then one uses a source-address-list entry (aka make a firewall address list). This is good because as soon as you add a source address list, when one does a scan of their ports, the port does not appear at all. ...
by anav
Tue Jun 08, 2021 10:55 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 932

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Agree for simplicity if you dont need two subnets going over the same port, on any port, then one doesnt really need vlans or bridges. However it is good practice if you think you will eventually need mutiple LANs over a single port. With a smart Access point and a smart switch guaranteed this is th...
by anav
Tue Jun 08, 2021 2:57 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 135
Views: 10089

Re: v6.47.10 [long-term] is released!

Well IV&V is system test after all, assuming the FQT proved that the firmware functions as designed, you need to ensure that the design meets the user requirements and finally, the firmware can be fielded to all the platforms, in the ways it will be delivered and propagated.
by anav
Tue Jun 08, 2021 2:54 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 523

Re: VLAN1 is not working with Cisco Switch

No not at all.............. All good on your end!!
by anav
Tue Jun 08, 2021 2:32 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 523

Re: VLAN1 is not working with Cisco Switch

jajajaja it figures the I cant use code tags guy would drive without a seatbelt too. Sorry jotne you have me in a giddy mood this morning.
by anav
Tue Jun 08, 2021 2:31 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 135
Views: 10089

Re: v6.47.10 [long-term] is released!

Thanks emils, ensure you add smips remote update to the test cards for next time around! ;-)
by anav
Tue Jun 08, 2021 2:00 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 523

Re: VLAN1 is not working with Cisco Switch

Only in the world of tdw, yes you can drive your car without seatbelts one too.................. Some people go looking for trouble, others are wiser....................... What next............. tdw implementation of vlan0 and vlan4095 for data ;-PP I will give you an icecream cone if you refrain f...
by anav
Tue Jun 08, 2021 1:54 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1087

Re: Dual External IPs, multiple subnets

Correct, the second route on the main table will be in Blue as the router only chooses one route on the main table as being reachable at a time. If that route became unreachable, then the other route would turn black. However thats the main table, you are using different tables and the traffic shoul...
by anav
Tue Jun 08, 2021 1:50 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 523

Re: VLAN1 is not working with Cisco Switch

Then cisco is the problem. I use MT with every other brand of switch where vlan1 us untagged on every port by default and it is only removed for access ports (or hybrid ports) where one needs to change the default pvid of 1 to whatever the access port is. For tagged ports one leaves the pvid of 1 in...
by anav
Tue Jun 08, 2021 1:43 pm
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 522

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

awwww, you fixed it. I was going to go back throughout the day for a chuckle or two LOL
by anav
Tue Jun 08, 2021 1:25 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

As for the config as noted by mkx (1) /interface list member add interface=ether1 list=WAN add interface=pppoe-1out list=WAN or whatever its called is require. (2) Issues with bridge port. Ethe6 iif untagged requires a PVID. Ether9 if an access port and pvid is correct, change frame types!!. /interf...
by anav
Tue Jun 08, 2021 1:21 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

Thanks MKX, I missed that pppoe-1 out thing all this time, not ever using it for anger I thought that if it was the type that was assigned a vlan like my bell fibre it was the vlan that was the client. My apologies to the OP for not picking up on that...... Where I disagree with my esteemed colleagu...
by anav
Tue Jun 08, 2021 1:11 pm
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 522

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

The value in this thread, has to be comedic value, Im still laughing my hole out, reading first how Jotne informed the OP to use code tags and then FAILS to do it seconds later.
Thank you Jotne for making my day !!
by anav
Tue Jun 08, 2021 1:06 pm
Forum: RouterOS v7 BETA
Topic: Wireguard - tunnel all traffic by VPN tunnel
Replies: 2
Views: 423

Re: Wireguard - tunnel all traffic by VPN tunnel

Why no firewall rules?
I normally dont help those with unsafe connections to the internet.

/export hide-sensitive file=anynameyouwish
by anav
Mon Jun 07, 2021 9:27 pm
Forum: RouterOS v7 BETA
Topic: Feature request: Wildcard DNS on Address Lists
Replies: 14
Views: 763

Re: Feature request: Wildcard DNS on Address Lists

Geez rextended, Pirelli needs you to fix their F1 tire issues!!
Your talents are wasted in the MT help forums ;-)
by anav
Mon Jun 07, 2021 8:59 pm
Forum: Beginner Basics
Topic: Need help! Forwarding incoming 443 to 8123
Replies: 2
Views: 293

Re: Need help! Forwarding incoming 443 to 8123

Post your config to see what is blocking connectivity
/export hide-sensitive file=anynameyouwish
by anav
Mon Jun 07, 2021 3:38 pm
Forum: Beginner Basics
Topic: Port Forwarding again!
Replies: 2
Views: 304

Re: Port Forwarding again!

add action=dst-nat chain=dstnat dst-address=217.33.xx.xxx log=yes log-prefix=\
VM protocol=tcp src-port=3389 to-addresses=10.20.18.99 to-ports=3389

should be dst
by anav
Mon Jun 07, 2021 2:04 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 3
Views: 392

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

Config comments: (1) get rid of two bridges ONLY NEED ONE!! all you need to do is assign the subnet to ether5, no need of bridge and same for address. Remove from Bridge setup!!! (2) Since ether ports 3,4 are identical change this /interface bridge vlan add bridge=BR1 tagged=BR1,ether3,ether4 vlan-i...
by anav
Mon Jun 07, 2021 1:56 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 3
Views: 392

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

I have something similar except not UNIFI products. The key is to have a trusted LAN or a managment LAN, and in either case all your smart devices get assigned an IP address from that vlan. TPLINK is straightfoward. Vlan1 is the default vlan for every interface and is only removed if the PVID of the...
by anav
Mon Jun 07, 2021 1:45 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1087

Re: Dual External IPs, multiple subnets

Yes but you keep going back to incorrect configs instead of keeping what I give you, for instance this is wrong. /ip route add distance=1 gateway=192.168.88.1 routing-mark=wan2 add distance=1 gateway=10.0.0.1 routing-mark=wan1 /ip route rule add src-address=10.3.4.0/23 table=wan1 add src-address=10....
by anav
Mon Jun 07, 2021 4:29 am
Forum: General
Topic: Let MikroTik support access my router
Replies: 18
Views: 985

Re: Let MikroTik support access my router

Agreed this post has gone to the toilet.
Do whatever you want, but it sounds like it has nothing to do with MT, I gave you my opinion on what to use.
by anav
Mon Jun 07, 2021 4:25 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

Sticking with standard config change this /ip dhcp-server network add address=10.0.10.0/24 dns-server= 192.168.0.1 gateway=10.0.10.1 add address=10.0.20.0/24 dns-server= 192.168.0.1 gateway=10.0.20.1 add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 To this And when we get a work...
by anav
Mon Jun 07, 2021 2:10 am
Forum: Beginner Basics
Topic: Wireguard VPN and to the Internet
Replies: 1
Views: 265

Re: Wireguard VPN and to the Internet

Suggest you to to the beta forum its not a released main firmware function yet.
There are some examples there.
by anav
Mon Jun 07, 2021 12:47 am
Forum: Scripting
Topic: send MikroTik Notification via WhatsApp
Replies: 19
Views: 13548

Re: send MikroTik Notification via WhatsApp

Yes but I dont have dude so is that needed............
can be used everywhere, is simple ros script :)
done thanks!!
my wife and I did 65Km road and trail ride, to practice conquering the roads and trails of italy of course.
by anav
Sun Jun 06, 2021 11:34 pm
Forum: Scripting
Topic: send MikroTik Notification via WhatsApp
Replies: 19
Views: 13548

Re: send MikroTik Notification via WhatsApp

Yes but I dont have dude so is that needed............
by anav
Sun Jun 06, 2021 10:38 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

Post the regular complete router config, not the vlan document style
/export hide-sensitive file=anynameyouwish
by anav
Sun Jun 06, 2021 6:10 pm
Forum: Wireless Networking
Topic: Questions about TKIP
Replies: 10
Views: 682

Re: Questions about TKIP

bpwl, the cost of ink for a printer these days is the cost of a printer so dont cry me a river on not replacing a budget printer with one that has basic security requirements.
by anav
Sun Jun 06, 2021 6:07 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

Yes of course, as per the link, its the last step LOL
by anav
Sun Jun 06, 2021 5:36 pm
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 15
Views: 1241

Re: someone hack my routrs - can someone help?

If you are paid to support these routers you need to give the money back!!!!!!!!!
by anav
Sun Jun 06, 2021 5:32 pm
Forum: RouterOS v7 BETA
Topic: Routing marks / mangle
Replies: 9
Views: 1513

Re: Routing marks / mangle

Why do you need any mangling? Not sure why you want to differentiate internet traffic from VPN traffic as the initial connection is very brief and then the tunnel is created. I gather the issue is you then want the tunnel users to use the other WAN for normal internet access. [note on my wireguard s...
by anav
Sun Jun 06, 2021 3:04 pm
Forum: General
Topic: [Solved] Unexpectedly tricky VLAN setup
Replies: 4
Views: 370

Re: Unexpectedly tricky VLAN setup

There is no reason to assign vlans on switch, they should be assigned via DHCP from the router. On the switch one needs to solely assign the vlan-ids, that they exist and on which ports they do their magic.

Read this article.
viewtopic.php?f=23&t=143620
by anav
Sun Jun 06, 2021 2:58 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1087

Re: Dual External IPs, multiple subnets

e.g. 10.3.4.5 cannot ping 10.3.4.1 You mean 10.3.4.5 cannot ping 10.3.6.8 for example ( the one above was within the same subnet LOL ) The fact of the mattter is that it should and the issue is that you are using a fake environment which is causing the issue or you have pc firewalls blocking traffi...
by anav
Sun Jun 06, 2021 2:50 pm
Forum: Beginner Basics
Topic: (silly) question how does DNS query forwarded / DCHP DNS settings
Replies: 4
Views: 473

Re: (silly) question how does DNS query forwarded / DCHP DNS settings

The question could be framed what is the hierarchy breakdown of DNS by the MT router when: a. peer DNS is enabled (aka from ISP) b. peer DNS is disabled c. dhcp-server-network is the gateway of the subnet (aka from the router) d. dynamic servers are assigned e. dhcp-server network is assigned a know...
by anav
Sun Jun 06, 2021 2:43 pm
Forum: Beginner Basics
Topic: I have a dedicated FW that I wish to keep, but demote from being the Gateway placing a Mikrotik Router there in stead
Replies: 11
Views: 653

Re: I have a dedicated FW that I wish to keep, but demote from being the Gateway placing a Mikrotik Router there in stea

I got rid of my zyxel stuff awhile ago, no need for the inferior z40......... an RB4011 kicks butt.......
If you paid extra for services then I can see you wanting to use it until they expire though.
by anav
Sun Jun 06, 2021 2:40 pm
Forum: RouterOS v7 BETA
Topic: RouterOSv7 first look – MLAG on CRS 3xx switches
Replies: 9
Views: 990

Re: RouterOSv7 first look – MLAG on CRS 3xx switches

I have no idea what that does but your input and work are incredible!!
All that talent in MS, but really its too hot or too wet or to windy(tornadoes), why dont you move up to the promised land (Canada).
by anav
Sun Jun 06, 2021 3:26 am
Forum: General
Topic: DNS Forwarding is not working anymore
Replies: 4
Views: 415

Re: DNS Forwarding is not working anymore

The point being get out of your own way, and post your complete config.
/export hide-sensitive file=anynameyouwish
by anav
Sun Jun 06, 2021 12:34 am
Forum: General
Topic: kid control
Replies: 3
Views: 382

Re: kid control

Ehi, se rextended ti sta dando un momento difficile, paga la mia tariffa aerea per l'Italia e farò incazzare sul suo prato. ;-)
oh e aiutarti con la tua configurazione, naturalmente.
by anav
Sat Jun 05, 2021 10:57 pm
Forum: General
Topic: Let MikroTik support access my router
Replies: 18
Views: 985

Re: Let MikroTik support access my router

Do not open up your router on the internet without any protection, port knocking or vpn etc.
As stated just use TeamViewer temporarily.
by anav
Sat Jun 05, 2021 9:53 pm
Forum: General
Topic: DNS stops working with Bridge use IP Firewall & IP VLAN with NAT redirect?
Replies: 15
Views: 2660

Re: DNS stops working with Bridge use IP Firewall & IP VLAN with NAT redirect?

Racking please post your latest complete config and I will have a look.
by anav
Sat Jun 05, 2021 9:48 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1357

Re: Netwatch failover wont work because route to external ip gets bypassed

Yes you may have to play with scopes, something I dont understand either. In any case, you completely understood well what I do which is very basic recursive where the connectivity to the first ISP is checked via two different DNS and if truly not available then the router switches to the second IS...
by anav
Sat Jun 05, 2021 7:26 pm
Forum: Beginner Basics
Topic: 2 ISP >> 2LAN [SOLVED]
Replies: 42
Views: 1704

Re: 2 ISP >> 2LAN [SOLVED]

For your network settings change from /ip dhcp-server network add address=192.168.20.0/24 gateway=192.168.20.1 add address=192.168.30.0/24 gateway=192.168.30.1 /ip dhcp-server network add address=192.168.20.0/24 gateway=192.168.20.1 dns-server=192.168.20.1 add address=192.168.30.0/24 gateway=192.168...
by anav
Sat Jun 05, 2021 7:14 pm
Forum: Wireless Networking
Topic: Questions about TKIP
Replies: 10
Views: 682

Re: Questions about TKIP

Ask your customers if their cell phones are as old as their printers......... If a printer is not AES capable explain to your customers that for security obsolescence they need to be life cycled. Now if you went last year and found a whole bunch of unsold OLD printers and pawned them off on your cus...
by anav
Sat Jun 05, 2021 7:07 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

Yes you need a separate vlan with dhcp, pool, ip address, dhcp-server-network settings for each group of users.
or group of like devices etc. whatever you think hey, person A or device P should not talk to others, then you have a vlan requirement
by anav
Sat Jun 05, 2021 3:49 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1357

Re: Netwatch failover wont work because route to external ip gets bypassed

Yes you may have to play with scopes, something I dont understand either. In any case, you completely understood well what I do which is very basic recursive where the connectivity to the first ISP is checked via two different DNS and if truly not available then the router switches to the second ISP...
by anav
Sat Jun 05, 2021 4:03 am
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1357

Re: Netwatch failover wont work because route to external ip gets bypassed

So is the question how to setup failover for the router with two modems. In basic terms 0.0.0.0/0 gwy=ISP1 gateway IP check-gateway=ping distance=5 0.0.0.0/0 gwy=ISP2 gateway IP distance =10 In this scenario all traffic will go out isp1 and if it goes down ISP2 will take over. Normally this would be...
by anav
Sat Jun 05, 2021 3:32 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

Hi ian, the config looks real good, (1) The only thing I noticed was the untagged vlan. /interface bridge port set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether2] set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether...
by anav
Sat Jun 05, 2021 2:37 am
Forum: General
Topic: Problems with updating firmware on smips devices
Replies: 5
Views: 437

Re: Problems with updating firmware on smips devices

You can post as many posts as you think are necessary but we are trying to help folks with all issues. This is one is known and I am sure MT is working on it. So dont clog up the threads with the same crap. What they should work on is their FQT or their test processes because clearly they forgot to ...
by anav
Fri Jun 04, 2021 11:00 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

No but I have approx 4-5 smart switches on the go, about 4 access points and 15 or so vlans. So my home vlanXX provides dhcp for all the attached smart devices and basically its a trusted LAN. So no need for a management vlan if you are happy to use your trusted VLAN. I could and will think about us...
by anav
Fri Jun 04, 2021 9:40 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

I dont have a base VLAN because I use my trusted HOME VLAN to assign IPs to any attached smart devices (switches and access points) and limite access to my router only to certain IPs. So the quick answer if you have a trusted LAN at home you dont really need a management vlan. For a business yes you...
by anav
Fri Jun 04, 2021 7:05 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1357

Re: Netwatch failover wont work because route to external ip gets bypassed

Not what I would call a beginner network LOL. That is some major work you have!! Bravo, I would be running away LOL What i was really asking was, are the two routers sharing a subnet, as I am not conversant on how to best connect two devices as such. Assuming you need to route Layer 3 some users or ...
by anav
Fri Jun 04, 2021 7:02 pm
Forum: Wireless Networking
Topic: hAP ac2 can't connect 5Ghz -N/AC mode
Replies: 15
Views: 8507

Re: hAP ac2 can't connect 5Ghz -N/AC mode

Also, other suckers like me may actually look at the thread with geniune 5Ghz issues and could benefit from my unique and amazing settings . Indeed. Sometimes I have a feeling that you use this forum as a scratchpad to scrabble your settings only to come back at some later time to find them to re-a...
by anav
Fri Jun 04, 2021 6:57 pm
Forum: General
Topic: Let MikroTik support access my router
Replies: 18
Views: 985

Re: Let MikroTik support access my router

You do not want to expose winbox port to the internet. What you do is allow a vpn tunnel to your router for configuration purposes and not much else. I wouldnt use SSH either. My recommendation is that you setup team viewer on a PC with access to the router. Then you run a team viewer sessions where...
by anav
Fri Jun 04, 2021 6:54 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1357

Re: Netwatch failover wont work because route to external ip gets bypassed

Are the two main routers physically connected by ethernet? If so how have you decided to connect them??
by anav
Fri Jun 04, 2021 6:34 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1357

Re: Netwatch failover wont work because route to external ip gets bypassed

I dont quite get the network diagram, Just to confirm you are showing two instances of the same router, to differentiate between the one dynamic WANIP (not natted - Cosmote top bubble) and the two dynamic WANIPs that are natted lower two COSMOTE bubbles. OR Do you have two routers one for COSMOTE1 a...
by anav
Fri Jun 04, 2021 6:30 pm
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 548

Re: Guest network doesn't have internet

Disagree with the 2 toads................... you should not need any firewall rules on the capac as you should not use it as a router when you have the RB3011.
by anav
Fri Jun 04, 2021 6:28 pm
Forum: General
Topic: VLAN Routing is slow on hex S
Replies: 10
Views: 553

Re: VLAN Routing is slow on hex S

Get rid of vlan1 for data it should only be used as the default bridge vlan!!! (use vlan10) and use this reference..... https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 Do you mean I should place my computer and server and everything else into VLAN10 instead of 1? That is one option, I do...
by anav
Fri Jun 04, 2021 6:26 pm
Forum: Beginner Basics
Topic: Internet fiber on switch to router
Replies: 8
Views: 455

Re: Internet fiber on switch to router

Well, I would hook up vlans and devices on the SWITCH where you anticpate the heaviest SUBNET TO SUBNET traffic (or traffic within a subnet but on different switch ports) and dont worry about users going to the internet.
The rest if small can be where you want them, router or switch.
by anav
Fri Jun 04, 2021 6:17 pm
Forum: Announcements
Topic: WinBox v3.28 released!
Replies: 25
Views: 5210

Re: WinBox v3.28 released!

Some people are happy waking up to the smell of napalm in the morning!
Me, I like waking up and installing a fresh brand new Winbox!!!

@Pe1chi, sounds like you have a really good point, but who is listening??
by anav
Fri Jun 04, 2021 5:16 pm
Forum: General
Topic: VLAN Routing is slow on hex S
Replies: 10
Views: 553

Re: VLAN Routing is slow on hex S

Get rid of vlan1 for data it should only be used as the default bridge vlan!!! (use vlan10) and use this reference.....
viewtopic.php?f=23&t=143620
by anav
Fri Jun 04, 2021 5:14 pm
Forum: Beginner Basics
Topic: Internet fiber on switch to router
Replies: 8
Views: 455

Re: Internet fiber on switch to router

Well the purpose of a high powered switch is because you have huge gobs of traffic between devices behind the switch, be it database accesses, servers, streaming etc, that have nothing to do with the internet. Going out to the internet and back to a device is something that is not avoidable and the ...
by anav
Fri Jun 04, 2021 4:25 pm
Forum: Beginner Basics
Topic: Internet fiber on switch to router
Replies: 8
Views: 455

Re: Internet fiber on switch to router

MKX is spot on, as usual! I would keep at least one ethernet on the RB4011 as a separate different subnet, for the purposes of easy access to the router for config purposes. I suppose by removing the 200 vlan from any bridge it keeps the RB4011 out of any extra flow altogether and the RB4011 is most...
by anav
Fri Jun 04, 2021 4:11 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1357

Re: Netwatch failover wont work because route to external ip gets bypassed

Okay post your latest complete config to compare to the diagram etc...........
/export hide-sensitive file=anynameyouwish
by anav
Fri Jun 04, 2021 2:25 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1087

Re: Dual External IPs, multiple subnets

Yes you forgot the basic rule, that all routes must exist in main table in addition to specialized rules. Thus this /ip route add distance=1 gateway=192.168.88.1 routing-mark=wan2 add distance=1 gateway=10.0.0.1 routing-mark=wan1 should look like this /ip route add distance=1 gateway=192.168.88.1 ad...
by anav
Fri Jun 04, 2021 2:17 pm
Forum: Beginner Basics
Topic: Access Webserver inside Lan - Hairpin NAT [SOLVED]
Replies: 3
Views: 454

Re: Access Webserver inside Lan - Hairpin NAT [SOLVED]

Read through this post and see if it helps.................
viewtopic.php?f=13&t=175064&p=856786&hi ... at#p856786
by anav
Fri Jun 04, 2021 2:13 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 10
Views: 631

Re: trying to isolate ether5 from bridge on ether2-4

tdw captured the glaring ether5 errors. To answer your requirement, the last thing left to do is block traffic between the the bridge and eth5 at L3 (Firewall rules). What we are going to do is take this rule, that allows port forwarding and stops all other WAN traffic and make it far clearer to rea...
by anav
Fri Jun 04, 2021 6:23 am
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 548

Re: Guest network doesn't have internet

Hmm good question. I always use vlans when using multiple subnets. How were you proposing to send wifi to a CAPAC and yet have the capac IP address (control of it) not in the guest network?? Were you intending to use a home wifi on the capac and a guest wifi? what about IOT devices ? You also have a...
by anav
Fri Jun 04, 2021 6:19 am
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1087

Re: Dual External IPs, multiple subnets

Well my thoughts are let us know how your ISP actually handles it, no use setting up lab environment that is not accurate.
by anav
Fri Jun 04, 2021 5:54 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

Its gettng late here but will have a quick look at RB4011 config (1) You are missing the POOL, address, DHCP etc, for the BASE vlan. (2) If ether2-5 are the same vlan why does ether2 not have the other settings of vlan filtering tagged frames only?? (3) ON bridge port settings; If ether6 is going to...
by anav
Fri Jun 04, 2021 4:18 am
Forum: RouterOS v7 BETA
Topic: Vlan on switch vs Vlan on interface
Replies: 5
Views: 482

Re: Vlan on switch vs Vlan on interface

Just to confirm. You do not need more than one subnet per port (like two or more vlans on a single port). If not then you dont really need vlans. You can assign three bridges (each with its own dhcp settings etc.) OR You can assign one bridge and use vlans (each vlan has its own dhcp settings) [my p...
by anav
Fri Jun 04, 2021 4:09 am
Forum: RouterOS v7 BETA
Topic: Vlan on switch vs Vlan on interface
Replies: 5
Views: 482

Re: Vlan on switch vs Vlan on interface

I am only familiar with vlan filtering on bridges which the best reference is here. https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 A decent reference for switch chip vlans can be found here https://help.mikrotik.com/docs/display/ROS/Switch+Chip+Features#SwitchChipFeatures https://www.you...
by anav
Fri Jun 04, 2021 3:31 am
Forum: Wireless Networking
Topic: hAP ac2 can't connect 5Ghz -N/AC mode
Replies: 15
Views: 8507

Re: hAP ac2 can't connect 5Ghz -N/AC mode

That may be true, but I have already asked NORMIS to institute a better sign in process for making posts. It is getting real stupid in here with fake posters.

Also, other suckers like me may actually look at the thread with geniune 5Ghz issues and could benefit from my unique and amazing settings.
by anav
Fri Jun 04, 2021 3:29 am
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 135
Views: 10089

Re: v6.47.10 [long-term] is released!


1) Please do not consider me such an idiot... I'm not English but I understand of what device are talking about...
More importantly he has sharp claws and can draw text with 1s and 0s, very intimidating!!!
by anav
Fri Jun 04, 2021 3:25 am
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 607

Re: PPPOE Hang up

Damn, rextended I did a terrible thing. I just googled Capalbio on google maps........ I am already tasting the wine, am I too old (at 60) to be adopted LOL. (Okay cafe con leche in the morning, maybe a beer after the bike ride but definitely wine with supper) (lets not forget fresh breads and chees...
by anav
Fri Jun 04, 2021 3:21 am
Forum: Useful user articles
Topic: Which VPN protocol is best?
Replies: 29
Views: 14081

Re: Which VPN protocol is best?

OpenConnect would be a great addition to Mikrotik. Mikrotik should support all VPN protocols without regard to which network religion originally developed the VPN. First it was OpenVPN. Then it was Wireguard. Now it is OpenConnect. You people will NEVER be satisfied with ANY VPN technology!!! Belch...
by anav
Fri Jun 04, 2021 3:20 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 25
Views: 3615

Re: MikroTik Wireguard server with Road Warrior clients

I do the same ping troubleshooting without IP address :-) I know you do, but I am thinking more about what is easiest to understand for people who are not as technically proficient. If Wireguard does not seem to be working, it could be harder for them to trace down the issue if you do not have an a...
by anav
Fri Jun 04, 2021 3:13 am
Forum: Scripting
Topic: Netwatch Email contents script help [SOLVED]
Replies: 3
Views: 439

Re: Netwatch Email contents script help [SOLVED]

Simply add this to the end of the netwatch script after the email :log info "My Connection is now UP" Also my script is similar but not quite the same. :local sub1 ([/system clock get time]) /tool e-mail send from="myemail@addresss.ca" body="At $sub1 WAN Link is Up[" su...
by anav
Fri Jun 04, 2021 3:09 am
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 607

Re: PPPOE Hang up

Perhaps they should not hire Police to do networking ;-)
by anav
Fri Jun 04, 2021 3:07 am
Forum: Wireless Networking
Topic: hAP ac2 can't connect 5Ghz -N/AC mode
Replies: 15
Views: 8507

Re: hAP ac2 can't connect 5Ghz -N/AC mode

My settings are:
5GHz-N/AC
20/40MHz Ce
Freq: 5540

WPS mode: disabled
Installation: Any
WMM support enabled
Multicast buffering checked
KeepAlive frames checked
by anav
Fri Jun 04, 2021 3:01 am
Forum: Wireless Networking
Topic: Simple "extention" type wifi station, how?
Replies: 8
Views: 526

Re: Simple "extention" type wifi station, how?

Do not expect great results as using wifi to extend traffic often leads to disappointment. Give it a try but please keep expectations reasonable. BPWL will do his darndest to get you up and running and may provide tweaks to optimize. At the end of the day, our best bet regardless of the wifi setting...
by anav
Fri Jun 04, 2021 2:55 am
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 607

Re: PPPOE Hang up

In summary, and I am by no means an expert, it appears you really do not know what you are doing and have bundled together youtube solutions in very unsafe and incorrect manner. So no tasering, or arrest warrants........... I hope I am wrong, so please let us know if you are a professional IT person...
by anav
Fri Jun 04, 2021 2:52 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 25
Views: 3615

Re: MikroTik Wireguard server with Road Warrior clients

There is another reason I can see for having IP addresses on the Wireguard interfaces themselves - easy troubleshooting. If Wireguard is not working and you don't know why, having the IPs on both sides on that interface, and using those to do ping tests, allows you eliminate certain kinds of routin...
by anav
Fri Jun 04, 2021 2:44 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

If I have PVID set on a bridge port on the switch, should I be able to see that anywhere on router (maybe packet sniffing/vlan field) if its actually being assigned? For the specific question, YES, if you look at bridge vlan settings you will see what has been entered by you as the admin or dynamic...
by anav
Fri Jun 04, 2021 2:41 am
Forum: Beginner Basics
Topic: For all you Mikrotik Geeks out there
Replies: 3
Views: 385

Re: For all you Mikrotik Geeks out there

Sure I know just the person(s) to do this for you!!
https://mikrotik.com/consultants
by anav
Fri Jun 04, 2021 2:39 am
Forum: General
Topic: Cloudflare allow ip in mikrotik
Replies: 4
Views: 459

Re: Cloudflare allow ip in mikrotik

Go to subnet settings (dhcp server-network) and for dns servers put in cloudfare IPs.............
by anav
Fri Jun 04, 2021 2:31 am
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 607

Re: PPPOE Hang up

I dont know if I can help you. The config is a mess. I would start by ONLY configuring the PPPOE wan interfaces required before adding anything else. I would get rid of all firewall rules except the defaults and what you need for ipsec. I would get rid of source address entries in all sourcenat rule...
by anav
Fri Jun 04, 2021 1:49 am
Forum: RouterOS v7 BETA
Topic: Wireguard PBR routing-mark with dst-address-list
Replies: 7
Views: 455

Re: Wireguard PBR routing-mark with dst-address-list

No worries, Ive reached the extent of what I know to help LOL. By the way I use the IP cloud dyndns name of the MT routers as endpoints and in firewall address lists. What bugs me and what NORMIS still has to answer, is if the IP mynetname I put in wireguard settings will update if the far endpoint ...
by anav
Thu Jun 03, 2021 10:45 pm
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 607

Re: PPPOE Hang up

Hi guy,
A good start would be to post your config.

/export hide-sensitive file=anynameyouwish
by anav
Thu Jun 03, 2021 7:59 pm
Forum: Scripting
Topic: send MikroTik Notification via WhatsApp
Replies: 19
Views: 13548

Re: send MikroTik Notification via WhatsApp

I use telegram bot, but this seems interesting.
by anav
Thu Jun 03, 2021 7:43 pm
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 1054

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

That makes sense in terms of transferring from ipsec to wireguard in your scenario!! Gluck in testing.
by anav
Thu Jun 03, 2021 7:41 pm
Forum: General
Topic: Weighted load balancing
Replies: 1
Views: 278

Re: Weighted load balancing

The bible for PCC IMHO,
https://mum.mikrotik.com/presentations/US12/steve.pdf

Check out the second last slide................
by anav
Thu Jun 03, 2021 7:11 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1087

Re: Dual External IPs, multiple subnets

Simplify. ONly need one bridge you have two different subnets on two different ports. So put both on the bridge. I am not 100% sure if putting both on the bridge will allow layer 2 access between them. If that is an issue only put one subnet on the bridge. Use firewall rules to separate the two subn...
by anav
Thu Jun 03, 2021 7:04 pm
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 548

Re: Guest network doesn't have internet

Quicklook on capac.

Two bridges, wrong only need one
You dont need any DHCP service on the capac, should be done on RB3011
Why is ether 1 from the RB3011 not on the bridge??
The address associated with the Capac should be an address on the management vlan.
by anav
Thu Jun 03, 2021 6:59 pm
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 548

Re: Guest network doesn't have internet

Why do you thing both configs are not necessary.
Please post RB3011 as well.
by anav
Thu Jun 03, 2021 6:55 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1423

Re: ISP PPPOE with VLAN filtering [SOLVED]

/export hide-sensitive file=anynameyouwish to see whats going on.
by anav
Thu Jun 03, 2021 6:52 pm
Forum: Beginner Basics
Topic: Port forwarding 443...
Replies: 3
Views: 326

Re: Port forwarding 443...

/export hide-sensitive file=anynameyouwish to see whats going on.
by anav
Thu Jun 03, 2021 5:42 pm
Forum: RouterOS v7 BETA
Topic: Wireguard PBR routing-mark with dst-address-list
Replies: 7
Views: 455

Re: Wireguard PBR routing-mark with dst-address-list

Here is what I would do..... cause just like capsman I hate mangling LOL. 1x IP Route: dst=0.0.0.0/0 gwy=wireguardinterface Routing Table=HideMyIP 4x Route Rules: source-address=applicable subnet dst-address=5.2.128.0/19 Action=Lookup Only in Table Table=HideMyIP source-address=applicable subnet dst...
by anav
Thu Jun 03, 2021 5:19 pm
Forum: RouterOS v7 BETA
Topic: Wireguard PBR routing-mark with dst-address-list
Replies: 7
Views: 455

Re: Wireguard PBR routing-mark with dst-address-list

Makes sense. So to me the only difference from routing all traffic from a subnet on the client dst- 0.0.0.0/0 gwy=wireguard_interface Routing Table - HideMyIP / Action - Lookup only in table Table - HideMyIP source-address - client subnet To what you are asking seems to be the addition on the RULE p...
by anav
Thu Jun 03, 2021 4:03 pm
Forum: RouterOS v7 BETA
Topic: Wireguard PBR routing-mark with dst-address-list
Replies: 7
Views: 455

Re: Wireguard PBR routing-mark with dst-address-list

Can you clarify if the router here is at the server end or the client end. I am assuming you are doing wireguard from MT router to MT router is that the case? OR are you doing MT router as client to 3 party VPN provider?? (reason I ask is I only see one MT router here and it seem set up to be the cl...
by anav
Thu Jun 03, 2021 3:43 pm
Forum: RouterOS v7 BETA
Topic: Vlan on switch vs Vlan on interface
Replies: 5
Views: 482

Re: Vlan on switch vs Vlan on interface

You first statement is not helpful. Is the device acting as a router or NOT? Is it attached to your ISPs modem. If so its not really a switch but a router with switching capabilities like most routers. If its purely acting as a switch then you can do what you want with setup but there are preferred ...
by anav
Thu Jun 03, 2021 3:40 pm
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 1054

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

Concur with your last statement. However the first comment was wishy washy (" if you want to use an IP in the same subnet and have wireguard be outside your router's subnets, I think you need to assign an IP to the router though it mit not be needed in most scenarios as one intends to forward t...
by anav
Thu Jun 03, 2021 1:42 am
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 1054

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

Yes. At least that is my guess. As long as you only need to access devices inside the network and not the router itself, it most likely is enough to not assign an IP address. Cannot be sure, of course, but I might test this later on. But first I need to get it working in general but I think I know ...
by anav
Wed Jun 02, 2021 7:41 pm
Forum: Wireless Networking
Topic: add Hybrid-Port (wired VLAN) to CAP [SOLVED]
Replies: 6
Views: 571

Re: add Hybrid-Port (wired VLAN) to CAP [SOLVED]

hahah, yes well the challenge is when to make changes as 2am one shouldnt be making changes to the config, living the same nightmare.
by anav
Wed Jun 02, 2021 7:40 pm
Forum: General
Topic: Network Design Help
Replies: 1
Views: 256

Re: Network Design Help

What is confusing is your company bought equipment before planning the network?
Did they consult you?
When you say new at this what do you mean. Mikrotik equipment, networking in general, etc. ????
by anav
Wed Jun 02, 2021 6:30 pm
Forum: General
Topic: Home Network Design
Replies: 8
Views: 509

Re: Home Network Design

Now for the forward chain. The problem is you do not understand how the firewall rules work. Is there any rule for layer 3 routing to prevent the two subnets from talking, the answer is NO. THey cannot see each at other at layer as physically separated by ports and one subnet is on a bridge the othe...
by anav
Wed Jun 02, 2021 6:20 pm
Forum: General
Topic: Home Network Design
Replies: 8
Views: 509

Re: Home Network Design

(1) Remove the vlan /interface vlan add interface=ether1 name=vlan500 vlan-id=500 (2) Enable the interface list member /interface list member add interface=unifi list=WAN add interface=bridge1 list=LAN add disabled=yes i nterface=ether5 list=LAN (3) Why is this set to ether 2 should be bridge. /ip a...
by anav
Wed Jun 02, 2021 5:58 pm
Forum: General
Topic: Home Network Design
Replies: 8
Views: 509

Re: Home Network Design

Sorry for that, forget the vlan link itself https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 As I stated you dont nee the vlan in your simple config. Ether 5 just gets its own ethernet setup, pool, address etc, and is NOT on the bridge The ether ports 2-4 are on teh bridge and assign the b...
by anav
Wed Jun 02, 2021 5:41 pm
Forum: Beginner Basics
Topic: After applied filter rule internet connect not stable
Replies: 6
Views: 554

Re: After applied filter rule internet connect not stable

Yes, if one is using mangling one needs to turn fastrack off I believe.......... This could be the culprit add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack" From other posts...... Why do you look at fasttrack as global feature f...
by anav
Wed Jun 02, 2021 4:58 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: Custom skin CSS
Replies: 7
Views: 624

Re: Feature Request: Custom skin CSS

Id like the MT router to make hot chocolate and give me botox injections........................ ....we are talking cosmetics here right!! ;-)
  • 1
  • 2
  • 3
  • 4
  • 5
  • 25