Community discussions

MikroTik App

Search found 7354 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 25
by anav
Wed Jun 16, 2021 12:30 am
Forum: Wireless Networking
Topic: Wiki: Connect to a Wireless Network but use 2 GHz versus 5 GHz for External access
Replies: 1
Views: 105

Re: Wiki: Connect to a Wireless Network but use 2 GHz versus 5 GHz for External access

So use 2ghz to connect to hotspot and 5ghz to connect to users is the only good possibility.
THe fact that 5ghz range is limited is just reality.
by anav
Wed Jun 16, 2021 12:28 am
Forum: Wireless Networking
Topic: Wifi between concrete walls
Replies: 10
Views: 897

Re: Wifi between concrete walls

What you need to do is run cable to achieve a LOS between the two panel antennas. That is how WIFI works in the pt to pt scenario.
There are places where pipes wires, and other items get passed between floors FIND it, use it.
If you cannot do that, why are you wasting your money??
by anav
Wed Jun 16, 2021 12:24 am
Forum: Beginner Basics
Topic: Accessing clients / servers across different VLANs (printer, USB server, NAS, ...)
Replies: 6
Views: 521

Re: Accessing clients / servers across different VLANs (printer, USB server, NAS, ...)

In my opinion you dont need to delineate ports or protocols of that access as I dont think the printer can do much harm. Printers make a great jumping-off point for network infiltration - printers and their network interface cards are often long-lived and are either no longer supported by the manuf...
by anav
Wed Jun 16, 2021 12:22 am
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 391

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Moderna, maybe you got a placebo ;-P or are unable to make anti-bodies...........
by anav
Wed Jun 16, 2021 12:21 am
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 815

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Thats it in a nutshell, LOL.
by anav
Tue Jun 15, 2021 7:54 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 815

Re: Setting Up small home network with MikroTik hEX RB750Gr3

under the wx today, maybe tomorrow :-(
by anav
Tue Jun 15, 2021 6:50 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 815

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Its all fixable without much fuss.........
I started with a hex router, now have two, one is a backup and the other is a switch.
Quite capable devices for up to 800 up and down service
by anav
Tue Jun 15, 2021 4:51 pm
Forum: General
Topic: Dual WAN failover using recursive routing
Replies: 18
Views: 1459

Re: Dual WAN failover using recursive routing

Edit: Thanks!
by anav
Tue Jun 15, 2021 4:47 pm
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 296

Re: Howto use HAP AC2 as switch+AP on vlan(s)

Yup all in the article linked...... literacy is the key!!
by anav
Tue Jun 15, 2021 4:45 pm
Forum: General
Topic: Intervlan RB4011
Replies: 4
Views: 186

Re: Intervlan RB4011

IF you need your vlans to communicate (everybody to everybody) then you dont need separate vlans LOL.

Typically a vlan will share a printer with other vlans for example. SO there are good cases for targetted sharing.
by anav
Tue Jun 15, 2021 4:44 pm
Forum: General
Topic: help with firewall "drop" forward
Replies: 7
Views: 252

Re: help with firewall "drop" forward

Way overthinking this and SSH is not recommended to access router from external sites.
Use VPN at best or port knocking at worst.

Get rid of all the junk and go back to default rules,
Once posted will show you the few changes you need to lock it down very reasonably.
by anav
Tue Jun 15, 2021 4:36 pm
Forum: General
Topic: Single WAN PPPoE, multiple WAN IPs distribution
Replies: 2
Views: 87

Re: Single WAN PPPoE, multiple WAN IPs distribution

Not knowing anything about PPOE I would guess that Router A needs to be a PPPOE server and Routers B,C need to be PPPOE clients.
by anav
Tue Jun 15, 2021 4:31 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 10
Views: 555

Re: trying to isolate ether5 from bridge on ether2-4

Thank You! I think I have implemented everything other than the additional firewall rules, not sure whats going on, went to /ip firewall filter and attempted to enter: add action=accept chain=input in-interface=bridge source-address-list=admin_access but I keep getting a "expected end of comma...
by anav
Tue Jun 15, 2021 4:29 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 391

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

RIght now I just wish the sore arm and achy feeling (second covid dose) would go away. If this is like 1/100 of the real thing,,,,,,,frig dont wish this thing on anybody.
by anav
Tue Jun 15, 2021 4:27 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 815

Re: Setting Up small home network with MikroTik hEX RB750Gr3

What is the point of this............. add name=dhcp_pool8 ranges=10.0.0.22-10.0.0.254 add name=dhcp_pool9 ranges=10.0.0.10-10.0.0.254 missing dns-server on the first address /ip dhcp-server network add address=10.0.0.0/24 gateway=10.0.0.1 add address=192.168.2.0/24 dns-server=195.170.0.1,212.205.21...
by anav
Mon Jun 14, 2021 11:23 pm
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 296

Re: Howto use HAP AC2 as switch+AP on vlan(s)

This is true, what I realize I dont know...... GROWS every day!!
by anav
Mon Jun 14, 2021 11:22 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 391

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Hahaha, I am waiting to win the lottery.
by anav
Mon Jun 14, 2021 11:07 pm
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 296

Re: Howto use HAP AC2 as switch+AP on vlan(s)

mkx is getting forgetful in his old age bhwahahaha

Read this link it tells all........
viewtopic.php?f=23&t=143620
by anav
Mon Jun 14, 2021 11:05 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 409

Re: No internet connection on VLAN [SOLVED]

Well I did have an ulterior motive..........
I wanted to hear .......... INDIANA WANTS ME ...... ;-)))))))
by anav
Mon Jun 14, 2021 11:03 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 391

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Its an excellent router you just got the wrong model, you need the RB4011 just wired. Not sure where you heard it was recommended to get the wifi model. In any case, attaching wifi to a router is IMHO not the smart move, a. because wifi technology changes more rapidly and cannot be upgraded in firmw...
by anav
Mon Jun 14, 2021 5:59 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 409

Re: No internet connection on VLAN [SOLVED]

On your config some changes required Add DNS server on the DHCP network settings AND REMOVE WHAT YOU HAVE DONE FOR adding DNS servers under IP DNS. /ip dhcp-server network add address=10.2.2.0/24 gateway=10.2.2.1 dns-server=10.2.2.1 do this for all of them - should match the gateway!! add address=10...
by anav
Mon Jun 14, 2021 5:51 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 409

Re: No internet connection on VLAN [SOLVED]

Start with rextended default settings as listed at the below link. This is what you need to get started. https://forum.mikrotik.com/viewtopic.php?f=13&t=175129&p=856824#p856824 Then I would recommend moving from an allow concept of the default settings. to a block everything concept and only...
by anav
Mon Jun 14, 2021 4:36 pm
Forum: General
Topic: help with firewall "drop" forward
Replies: 7
Views: 252

Re: help with firewall "drop" forward

Sorry David,
Cannot makes heads or tails of your config, hoping someone else will drop by and give you better feedback.
by anav
Mon Jun 14, 2021 3:48 pm
Forum: General
Topic: help with firewall "drop" forward
Replies: 7
Views: 252

Re: help with firewall "drop" forward

Post your config, snippets are useless

/export hide-sensitive file=anynameyouwish

and for easy reading and troubleshooting you should not mix match forward and input chain rules.......
by anav
Mon Jun 14, 2021 3:44 pm
Forum: Beginner Basics
Topic: Initial Internet configuration ( via SFP port)
Replies: 11
Views: 266

Re: Initial Internet configuration ( via SFP port)

Sounds like a PPPOE setup?

So its mostly done in the PPP menu settings instead of mostly IP DHCP CLient.
If there is no PPP you have to download extra packages to find it and load it.
Choose the PPPOE-client settings.
ppp.JPG
by anav
Mon Jun 14, 2021 3:34 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 12
Views: 391

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Yes turn off the wifi and get a real access point.

Try
Band: 5GHz-N/AC
Channel Width: 20/40MHz Ce
by anav
Mon Jun 14, 2021 3:33 pm
Forum: Beginner Basics
Topic: Is it possible to set up NTP Server using name address instead of IP address?
Replies: 3
Views: 127

Re: Is it possible to set up NTP Server using name address instead of IP address?

Not sure what you mean.

At the NTP server settings there is really not a spot for name you just enable the service.
At the NTP client setting you can put in domain names or IPs for national or international ntp servers?
by anav
Mon Jun 14, 2021 3:29 pm
Forum: Beginner Basics
Topic: DEFAULT CONFIG CANT GET INTERNET hEX rb750gr3
Replies: 6
Views: 139

Re: DEFAULT CONFIG CANT GET INTERNET hEX rb750gr3

/export hide-sensitive file=anynameyouwish

So we can see whats going on.........
by anav
Sun Jun 13, 2021 11:12 pm
Forum: General
Topic: HexS - does thiis configuration looks ok [SOLVED]
Replies: 5
Views: 224

Re: HexS - does thiis configuration looks ok [SOLVED]

Yup............ lucky find LOL
Although you dont really need a vlan for bridge vlan filtering if you ONLY HAVE ONE VLAN on one port.
Vlans come into play when you have more than one subnet required on a single port.
by anav
Sun Jun 13, 2021 11:11 pm
Forum: General
Topic: CCR1009 + Single Bridge + 40Vlan's
Replies: 1
Views: 123

Re: CCR1009 + Single Bridge + 40Vlan's

2x Cr1009s?
by anav
Sun Jun 13, 2021 5:21 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 409

Re: No internet connection on VLAN [SOLVED]

This can be set to NONE, known to cause issues........ /interface detect-internet set detect-interface-list=WAN Still dont see your DNS server settings.......... /ip dhcp-server network add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1 add address=100.100.12.0/24 gateway=100.1...
by anav
Sun Jun 13, 2021 4:04 pm
Forum: Useful user articles
Topic: Which VPN protocol is best?
Replies: 29
Views: 13949

Re: Which VPN protocol is best?

NSA approval = they can can crack it you silly bird. SO YESTERDAY!!!
by anav
Sun Jun 13, 2021 4:00 pm
Forum: General
Topic: Help troubleshooting IP Camera access
Replies: 1
Views: 247

Re: Help troubleshooting IP Camera access

Sorry this is not a networking site this is a Mikrotik user support site.. Furthermore this particular forum is for useful articles, and so if you have questions ask them in the beginner forum and provide details of which MT devices you are using and their config ./export hide-sensitive file=anyname...
by anav
Sun Jun 13, 2021 3:59 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 409

Re: No internet connection on VLAN [SOLVED]

Oh in that case,
please read this excellent reference.
viewtopic.php?f=23&t=143620
I personally use vlans for all subnets and the only thing the bridge does is bridging.
by anav
Sun Jun 13, 2021 3:36 pm
Forum: General
Topic: mikrotik used as a spoof ddns
Replies: 5
Views: 252

Re: mikrotik used as a spoof ddns

Without seeing the config, hard to say.

/export hide-sensitive file=anynameyouwish
by anav
Sun Jun 13, 2021 2:35 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 446

Re: Issue with DST-NAT (RouterOS 6.47.10)

Parenting is the solution.
You can cut off internet during certain hours but then they will use their cellphones and data to connect.
by anav
Sun Jun 13, 2021 1:21 pm
Forum: General
Topic: VLAN across bridges
Replies: 10
Views: 305

Re: VLAN across bridges

No i cannot help stubborn horse that refuses to drink clean good water.
by anav
Sun Jun 13, 2021 1:20 pm
Forum: Beginner Basics
Topic: No internet connection on VLAN [SOLVED]
Replies: 15
Views: 409

Re: No internet connection on VLAN [SOLVED]

Why is your WAN connection setup with DHCP and pool, and even on bridge etc.................. ?? It is dhcp client only........ DHCP server networks are missing dns-server= add address=100.100.11.0/24 gateway=100.100.11.1 dns-server=100.100.11.1 Interface list members is missing all the vlans list=LAN
by anav
Sun Jun 13, 2021 1:03 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 10
Views: 555

Re: trying to isolate ether5 from bridge on ether2-4

Yes, you should, and definitely change the admin name and password and also the winbox port number. (1) this can be set to NONE /tool mac-server set allowed-interface-list=LAN (2) Add management interface to cut off ether5 from access to the router via winbox as follows: /interface list add comment=...
by anav
Sun Jun 13, 2021 12:54 pm
Forum: RouterOS v7 BETA
Topic: Wireguard ipv6 ::/0
Replies: 3
Views: 214

Re: Wireguard ipv6 ::/0

I hope they get this fixed and any other wg bugs. The one RoS7 functionality that I can actually use now!! Whaddya want Normis, Cdn Beer, Maple Syrup, what can get you to put this out in the next 6 update?? I will even wear a T-shirt that says I luv MT Wifi and capsman.........err no thats too far, ...
by anav
Sun Jun 13, 2021 3:39 am
Forum: General
Topic: HexS - does thiis configuration looks ok [SOLVED]
Replies: 5
Views: 224

Re: HexS - does thiis configuration looks ok [SOLVED]

the one I am talking about is located when you double click (left) on the bridge itself.
Brings up a popup menu look under VLAN, and the box next to VLAN filtering.
by anav
Sun Jun 13, 2021 3:36 am
Forum: General
Topic: VLAN across bridges
Replies: 10
Views: 305

Re: VLAN across bridges

Why not use all vlans for subnets, and that way one bridge is much easier to deal with.
Also use firewall rules properly and fewer rules are actually needed.
I am trying to simplify .............
by anav
Sat Jun 12, 2021 11:52 pm
Forum: General
Topic: VLAN across bridges
Replies: 10
Views: 305

Re: VLAN across bridges

No, use one bridge.
by anav
Sat Jun 12, 2021 10:45 pm
Forum: General
Topic: HexS - does thiis configuration looks ok [SOLVED]
Replies: 5
Views: 224

Re: HexS - does thiis configuration looks ok [SOLVED]

(1) ERROR /ip pool add name=dhcp ranges=192.168.4.20-192.168. 88. 200 (2) to access winbox set this to safe subnet......... /tool mac-server mac-winbox set allowed-interface-list= MNGMT Where /interface list add comment=defconf name=WAN add comment=defconf name=LAN add name=MNGMT /interface list mem...
by anav
Sat Jun 12, 2021 4:54 pm
Forum: General
Topic: Redirect LAN traffic to external proxy server
Replies: 1
Views: 142

Re: Redirect LAN traffic to external proxy server

Please do not multi-post same issue.
For those following the thread is here.........
viewtopic.php?f=2&t=176028
by anav
Sat Jun 12, 2021 4:51 pm
Forum: General
Topic: What is the best practice for setting load-balancing and failover for two WANs
Replies: 6
Views: 285

Re: What is the best practice for setting load-balancing and failover for two WANs

Well - simply stating failover is not enough detail. -simply stating load balancing is not enough What is primary, what is secondary. What do you want to have happen if primary or secondary faiils. Why say failover and then load balancing> Do you mean both are roughly equal interfaces Not a primary ...
by anav
Sat Jun 12, 2021 4:47 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 446

Re: Issue with DST-NAT (RouterOS 6.47.10)

Well I dont know how to handle that,
I am hoping those more expert than me can help.
My guess is that if it was me I would put the proxy server behind the ROUTER but on its own IP address, vice completely separate like you have.
However I do not know what is better. :-(
by anav
Sat Jun 12, 2021 4:11 pm
Forum: General
Topic: need guidance to setup 2 groups of failover with 2 ISPs?
Replies: 5
Views: 243

Re: need guidance to setup 2 groups of failover with 2 ISPs?

I amended my route rules, interface entries removed, subnet identifier was accurate and needed..
by anav
Sat Jun 12, 2021 4:04 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 446

Re: Issue with DST-NAT (RouterOS 6.47.10)

So the mikrotik and proxy server are not behind the same modem? Sounds like forward chain rules............and IP routes.... add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN dst-port=80,443 IP Route /ip route add distance=1 gateway=ISP_Gaterway add distance=1 gateway=ISP_...
by anav
Sat Jun 12, 2021 3:35 pm
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 484

Re: dhcp on vlan trunk not working

Okay, first important point. Leave Bridge alone in terms of extra setting, meaning default pvid and enabled is all that you need to do. Apply the vlan frame allowing and filtering on the bridge ports.............. I think the difference compared to "standard" managed swittch jargon is as f...
by anav
Sat Jun 12, 2021 3:21 pm
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 656

Re: Port Forwarding Problem [SOLVED]

Lots of ways to skin the cat for hairpin nat. The issue is caused when your server is on the same subnet as your LAN users. The solutions are abundant. The two easiest ones are: (1) Quite simply get LAN users to use LANIP (2) Move the server to its own subnet and quite frankly if you dont want your ...
by anav
Sat Jun 12, 2021 3:16 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 446

Re: Issue with DST-NAT (RouterOS 6.47.10)

a network diagram will help as I have no idea what you mean by external
by anav
Sat Jun 12, 2021 12:44 am
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 484

Re: dhcp on vlan trunk not working

Switch Comments. (1) I rename the ports to where they are from./to with the access ports also with pvid indicated. So mine is like: FromRouter / ToSwitch-44 / ToCAM-77 / ToVOIP-55 / ToAccPoint (2) VLAN SETTINGS INGRESS ON PORT FROM ROUTER vlanmode=enabled vlan receive=any default vlanid=1 EGRESS Vla...
by anav
Sat Jun 12, 2021 12:02 am
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 484

Re: dhcp on vlan trunk not working

(1) Minor point but if all bridge ports are identical can be written as. /interface bridge vlan add bridge=BR1 tagged=BR1,ether1,ether2,ether3,ether4 vlan-ids=10,20,30,99 (2) Missing blue network settings......... /ip dhcp-server network add address=10.19.20.0/24 dns-server=192.168.19.254 gateway=10...
by anav
Fri Jun 11, 2021 10:36 pm
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 484

Re: dhcp on vlan trunk not working

/export hide-sensitive file=anynameyouwish and I will have a look at the entire config
by anav
Fri Jun 11, 2021 8:38 pm
Forum: General
Topic: need guidance to setup 2 groups of failover with 2 ISPs?
Replies: 5
Views: 243

Re: need guidance to setup 2 groups of failover with 2 ISPs?

gobblity gook means BGP discussion is over my head LOL too complex............
I am just a simple man who grew up using a rotary dial telephone ;-)
by anav
Fri Jun 11, 2021 8:36 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 622

Re: Confused about chains

If you come on Italy close to my city, I'm pleased to offer a Pizza :))
Maybe I will one day :)
Coming from the cold north a pizza is always welcome and I will bring the Ice Vino...
Rewritten for accuracy!!
by anav
Fri Jun 11, 2021 7:24 pm
Forum: Beginner Basics
Topic: VPN accesspoint/gateway ? connect to remote location and Mikrotik after NAT
Replies: 2
Views: 189

Re: VPN accesspoint/gateway ? connect to remote location and Mikrotik after NAT

Suggesting that wireguard VPN is the way to go. Using beta6 firmware I am able to connect devices if the edge router is my own (MIKROTIK) or the ISPs router (ONLY CAN PORT FORWARD). Works great, easy to implement. The only thing is to wait for wireguard to move out of beta. WHich is taking far too l...
by anav
Fri Jun 11, 2021 7:05 pm
Forum: General
Topic: need guidance to setup 2 groups of failover with 2 ISPs?
Replies: 5
Views: 243

Re: need guidance to setup 2 groups of failover with 2 ISPs?

I was able to provide advice until you added the gobblity gook stuff at the bottom, In general where ISP_interface= etherport name, PPPOE-out name, or vlan name /ip route add distance=5 gateway=ISP1_interface check ping-gateway add distance=5 gateway=ISP2_interface check ping-gateway add distance=5 ...
by anav
Fri Jun 11, 2021 4:32 pm
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 656

Re: Port Forwarding Problem [SOLVED]

Working top to bottom dont see much yet but need to add servers, allow DNS and get rid of the default static entry....... /ip dhcp-server network add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1 dns-server=192.168.88.1 add address=192.168.178.0/24 gateway=192.168.178.1 dns-server=192...
by anav
Fri Jun 11, 2021 4:20 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 625

Re: Preserve client IP when dst-nat to other server

Yes, I am thoroughly confused as I have no idea what the OP actually has and what Rextended was suggesting. If the NTP server is hosted on a device on a subnet on the router, two things have to be true: (and assuming that the device is not an atomic clock but one, like the router NTP server, that ju...
by anav
Fri Jun 11, 2021 12:52 am
Forum: Wireless Networking
Topic: hAp ac2 - large number of packet retransmissions on 2ghz-g/n and 5ghz-n/ac
Replies: 10
Views: 534

Re: hAp ac2 - large number of packet retransmissions on 2ghz-g/n and 5ghz-n/ac

I think the wifi on MT is perfect and its the clients that are the problems.
by anav
Fri Jun 11, 2021 12:44 am
Forum: Beginner Basics
Topic: Just want to say Hi.
Replies: 1
Views: 153

Re: Just want to say Hi.

No problem welcome anytime as long as Normis and company refuse to have standards for posting LOL........
We will continue to get this spam.......
by anav
Fri Jun 11, 2021 12:41 am
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 622

Re: Confused about chains

Without seeing your whole config, no one here can help you playing guessing games.......
/export hide-sensitive file=anynameyouwish
by anav
Thu Jun 10, 2021 10:10 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 625

Re: Preserve client IP when dst-nat to other server

Yes, the top half is clean and uncluttered and easy on my 60yr old eyes. The bottom half seems like its full of noise and information I dont really need. In other words, you are 100% right in terms of performance and usage fidelity. I just never thought that level of granularity was required as it w...
by anav
Thu Jun 10, 2021 9:02 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 625

Re: Preserve client IP when dst-nat to other server

Gluck, if its the first dose, should be okay. Its the second shot that gives you issues.
I know two doctors with 4000 adult patients each family has approx 4 kids = 16000 devices, with the same results ;-)
by anav
Thu Jun 10, 2021 9:01 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 625

Re: Preserve client IP when dst-nat to other server

Ahh Okay I see that but find the syntax the OP used VERY VERY confusing on the dst nat rule he uses "!list" and on the other he uses "list" Both being between the quotes are just text and not functioning items. In fact if NTP_Server is a list of those that should use the local NT...
by anav
Thu Jun 10, 2021 8:30 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 625

Re: Preserve client IP when dst-nat to other server

Well, I was basing my profound knowledge on one router and three devices over several months............ but cannot hold a candle to that IN UR FACE comment.
MKX-0 Rextended-1
by anav
Thu Jun 10, 2021 8:18 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 625

Re: Preserve client IP when dst-nat to other server

Sorry I didnt know ROS NTP server was so unstable, non-functioning and unreliable. ;-) I really do need to invest in a better atomic clock for my bitcoin transactions!! hi rextended /ip fire nat add action=dst-nat chain=dstnat comment="Force using local NTP Server" dst-address-list="!...
by anav
Thu Jun 10, 2021 8:15 pm
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 484

Re: dhcp on vlan trunk not working

As stated read the link that will solve any router vlan issues. The barebones switches from MT are a biatch to work with. Do not limit any access connectivity within the menus available (keep it wide open). Okay I have seen you have that in place, good! They cannot be accessed by winbox but by IP an...
by anav
Thu Jun 10, 2021 6:59 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 310

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

Sounds like you need to talk to the people who are IN CHARGE/RESPONSIBLE for the network as it now appears you are attempting to bypass the current design. If that design does not meet the rigor of bona fide legitimate requirements suggesting that a new design needs to be developed and then integrat...
by anav
Thu Jun 10, 2021 6:55 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 182
Views: 127690

Re: Using RouterOS to VLAN your network

This is NOT a wifi thread, nor a capsman thread, its a vlan thread and vlan security is covered in terms of best security practices which is the same as per any other vendor! For WIFI, the standard is WPA2 (or whatever comes next) and if you want can add a radius server for additional security and f...
by anav
Thu Jun 10, 2021 6:52 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 625

Re: Preserve client IP when dst-nat to other server

Not sure what you mean by own NTP server? Time servers are actually on the internet or do you have an atomic clock in your house? ;-)
The MT router has its own capability to be an NTP server, so on my network I just point the devices to the subnet gateway they are on and done!!
by anav
Thu Jun 10, 2021 6:29 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 310

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

So then set up connectivity on your other parent devices, solved!!
by anav
Thu Jun 10, 2021 5:52 pm
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 656

Re: Port Forwarding Problem [SOLVED]

Please post your latest complete config.

/export hide-sensitive file=anynameyouwish
by anav
Thu Jun 10, 2021 5:38 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 310

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

Well what are the device ahead of the MT device.
I see one attached to the internet CLOUD and I See one just to its left. what are those??
by anav
Thu Jun 10, 2021 4:31 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 621

Re: /ip firewall filter drop not dropping IP

@vercernik87, as long as you had at least one dose of the vaccine, you will be protected from both mine and rextended's toxic nature! ;-P As for the 'princess' (op), there are probably 10s of thousands of configs on this site by now, and the sky has not fallen. There is nothing also preventing one f...
by anav
Thu Jun 10, 2021 4:17 pm
Forum: Beginner Basics
Topic: Capsman, Guest SSID, simple VLANs - Basics
Replies: 2
Views: 138

Re: Capsman, Guest SSID, simple VLANs - Basics

In general I dont recommend using the bridge for anything but bridging and thus recommend removing the subnet from it and just putting it on another vlan.
Then it becomes much clearer what is going on............
by anav
Thu Jun 10, 2021 2:51 pm
Forum: Beginner Basics
Topic: Capsman, Guest SSID, simple VLANs - Basics
Replies: 2
Views: 138

Re: Capsman, Guest SSID, simple VLANs - Basics

Capsman when just starting out is not a good idea IMHO. First learn how to configure the router and also learn how to configure WIFI on its own. Learn how to handle vlans on its own. Capsman is another layer of configuration on top that will slow you down, frustrate you and take much longer than nee...
by anav
Thu Jun 10, 2021 2:25 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 10
Views: 555

Re: trying to isolate ether5 from bridge on ether2-4

Quick answer, yes! The one rule drops all traffic coming from the WAN except for port forwarded traffic (assumes you will be doing port forwarding). I prefer the drop all rule that drops ALL unwanted traffic not just WAN to LAN but LAN to LAN and LAN to WAN (better security). Separates the port forw...
by anav
Wed Jun 09, 2021 10:05 pm
Forum: Beginner Basics
Topic: Problem routing traffic from one lan to another
Replies: 6
Views: 468

Re: Problem routing traffic from one lan to another

So in other words, there is a router attached to all the computers on one subnet and another router attached to all the computers on the other subnet and you want to add a third router in between to get the LANS to see each other for some purposes not clearly defined. In other words, your network di...
by anav
Wed Jun 09, 2021 8:23 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 815

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Without seeing your config..... hard to say
/export hide-sensitive file=anynameyouwish
by anav
Wed Jun 09, 2021 7:27 pm
Forum: General
Topic: Hardware based secured virtual connexion
Replies: 5
Views: 304

Re: Hardware based secured virtual connexion

Good advice!! Eoip is Mikrotiks proprietary method of sharing LANs across the net so as long as you have two MT routers at either end, good to go.
However you should put a layer of encryption on it.
https://help.mikrotik.com/docs/display/ROS/EoIP
by anav
Wed Jun 09, 2021 4:59 pm
Forum: General
Topic: Hardware based secured virtual connexion
Replies: 5
Views: 304

Re: Hardware based secured virtual connexion

What I would recommend is Wireguard but thats in beta only so not available as its doable/ easy enough / to get you where you need to be ........ DONT RECOMMEND using beta firmware for work, or even stable (prefer long term version).
Anything else I agree you need professional help.
by anav
Wed Jun 09, 2021 4:56 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 621

Re: /ip firewall filter drop not dropping IP

...thinking it will change your DNA too... Yes it can happen. And it can happen even without getting the vaccine and you are infected with covid ... or any other virus ... Since the dawn of time, it can happen to some people that viruses alter the DNA of the infected (eggs, sperm), the proof is the...
by anav
Wed Jun 09, 2021 4:52 pm
Forum: Beginner Basics
Topic: Minecraft server
Replies: 6
Views: 749

Re: Minecraft server

@Crimitic start your own thread.........
Or at least post your config
/export hide-sensitive file=anynameyouwish
by anav
Wed Jun 09, 2021 4:47 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

No need to remove the rule just the part that was blocking.........

As for the other items,
a. does a tagged vlan99 reach the smart devices?
b. do the smart devices have IP addresses on the base vlan?
by anav
Wed Jun 09, 2021 2:30 pm
Forum: Scripting
Topic: Some Music
Replies: 16
Views: 24405

Re: Some Music

Well now thats almost criminal LOL. Okay, thanks good to know so I dont waste anymore time on that!
by anav
Wed Jun 09, 2021 1:53 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 621

Re: /ip firewall filter drop not dropping IP

So you really are that special .................
Suit yourself LOL,
I have better things to do than argue with someone that doesnt have a clue about configs................ prolly refused the vaccine thinking it will change your DNA too,,,,,,,,,,
by anav
Wed Jun 09, 2021 1:49 pm
Forum: Scripting
Topic: send MikroTik Notification via WhatsApp
Replies: 19
Views: 13427

Re: send MikroTik Notification via WhatsApp

None of my friends or family use Matrix. We only watch the movies.
On the other hand everyone I know has whatsapp or signal (hence rexetended's link to callmebot was exactly what Dr Neo ordered)
by anav
Wed Jun 09, 2021 1:42 pm
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 426

Re: port forwarding restrictions

Well between the mass exodus of people,, the covid fiasco, the vagrants pooping all over downtown, the opioid crisis mass shootings, droughts, wildfires, cosmetic surgery, the occasional earthquake.........yes you should be crazy and should move up to Canada ;-) Far saner here and besides, you can s...
by anav
Wed Jun 09, 2021 1:38 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 621

Re: /ip firewall filter drop not dropping IP

What you should do is post the complete config as you dont know the problem.
/export hide-sensitive file=anynameyouwish
by anav
Wed Jun 09, 2021 1:34 pm
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 656

Re: Port Forwarding Problem [SOLVED]

The way I understand it, ISP2 is pppoe with a fixed static IP address. ISP1 is a dynamic WANIP which does not come into play for this. In terms of NAT settings , couple of changes but not sure will make a difference....... The first one reflects a more accurate sourcenat rule for Static/Fixed WANIPs...
by anav
Wed Jun 09, 2021 4:09 am
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 426

Re: port forwarding restrictions

Good point I should clarify Ive only tested with a source-address-list.
I suspect you are right that with a source-address entry the result would be the same.
by anav
Wed Jun 09, 2021 4:07 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

Well the source-address-list entry on the input chain for base vlan interface access to the router was optional. If you have that added and no source address list entries, yeah no way . So drop the firewall address list or populate it....... Also I have no idea what vlan you are on when trying to ge...
by anav
Wed Jun 09, 2021 2:48 am
Forum: Scripting
Topic: Some Music
Replies: 16
Views: 24405

Re: Some Music

This is weird I played the same script copy paste into my hex, an RB450Gx4 and the music worked like a charm.
I ran the script on an RB4011 and the other end heard nothing???

Is there anything special about an RB4011 to get tunes playing??
by anav
Tue Jun 08, 2021 10:59 pm
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 426

Re: port forwarding restrictions

Yes, setting the source address in the Dst NAT rule is the way to go. Clearly for a list then one uses a source-address-list entry (aka make a firewall address list). This is good because as soon as you add a source address list, when one does a scan of their ports, the port does not appear at all. ...
by anav
Tue Jun 08, 2021 10:55 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 19
Views: 815

Re: Setting Up small home network with MikroTik hEX RB750Gr3

Agree for simplicity if you dont need two subnets going over the same port, on any port, then one doesnt really need vlans or bridges. However it is good practice if you think you will eventually need mutiple LANs over a single port. With a smart Access point and a smart switch guaranteed this is th...
by anav
Tue Jun 08, 2021 2:57 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 134
Views: 9315

Re: v6.47.10 [long-term] is released!

Well IV&V is system test after all, assuming the FQT proved that the firmware functions as designed, you need to ensure that the design meets the user requirements and finally, the firmware can be fielded to all the platforms, in the ways it will be delivered and propagated.
by anav
Tue Jun 08, 2021 2:54 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 490

Re: VLAN1 is not working with Cisco Switch

No not at all.............. All good on your end!!
by anav
Tue Jun 08, 2021 2:32 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 490

Re: VLAN1 is not working with Cisco Switch

jajajaja it figures the I cant use code tags guy would drive without a seatbelt too. Sorry jotne you have me in a giddy mood this morning.
by anav
Tue Jun 08, 2021 2:31 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 134
Views: 9315

Re: v6.47.10 [long-term] is released!

Thanks emils, ensure you add smips remote update to the test cards for next time around! ;-)
by anav
Tue Jun 08, 2021 2:00 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 490

Re: VLAN1 is not working with Cisco Switch

Only in the world of tdw, yes you can drive your car without seatbelts one too.................. Some people go looking for trouble, others are wiser....................... What next............. tdw implementation of vlan0 and vlan4095 for data ;-PP I will give you an icecream cone if you refrain f...
by anav
Tue Jun 08, 2021 1:54 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1029

Re: Dual External IPs, multiple subnets

Correct, the second route on the main table will be in Blue as the router only chooses one route on the main table as being reachable at a time. If that route became unreachable, then the other route would turn black. However thats the main table, you are using different tables and the traffic shoul...
by anav
Tue Jun 08, 2021 1:50 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 490

Re: VLAN1 is not working with Cisco Switch

Then cisco is the problem. I use MT with every other brand of switch where vlan1 us untagged on every port by default and it is only removed for access ports (or hybrid ports) where one needs to change the default pvid of 1 to whatever the access port is. For tagged ports one leaves the pvid of 1 in...
by anav
Tue Jun 08, 2021 1:43 pm
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 457

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

awwww, you fixed it. I was going to go back throughout the day for a chuckle or two LOL
by anav
Tue Jun 08, 2021 1:25 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

As for the config as noted by mkx (1) /interface list member add interface=ether1 list=WAN add interface=pppoe-1out list=WAN or whatever its called is require. (2) Issues with bridge port. Ethe6 iif untagged requires a PVID. Ether9 if an access port and pvid is correct, change frame types!!. /interf...
by anav
Tue Jun 08, 2021 1:21 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

Thanks MKX, I missed that pppoe-1 out thing all this time, not ever using it for anger I thought that if it was the type that was assigned a vlan like my bell fibre it was the vlan that was the client. My apologies to the OP for not picking up on that...... Where I disagree with my esteemed colleagu...
by anav
Tue Jun 08, 2021 1:11 pm
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 457

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

The value in this thread, has to be comedic value, Im still laughing my hole out, reading first how Jotne informed the OP to use code tags and then FAILS to do it seconds later.
Thank you Jotne for making my day !!
by anav
Tue Jun 08, 2021 1:06 pm
Forum: RouterOS v7 BETA
Topic: Wireguard - tunnel all traffic by VPN tunnel
Replies: 2
Views: 346

Re: Wireguard - tunnel all traffic by VPN tunnel

Why no firewall rules?
I normally dont help those with unsafe connections to the internet.

/export hide-sensitive file=anynameyouwish
by anav
Mon Jun 07, 2021 9:27 pm
Forum: RouterOS v7 BETA
Topic: Feature request: Wildcard DNS on Address Lists
Replies: 14
Views: 677

Re: Feature request: Wildcard DNS on Address Lists

Geez rextended, Pirelli needs you to fix their F1 tire issues!!
Your talents are wasted in the MT help forums ;-)
by anav
Mon Jun 07, 2021 8:59 pm
Forum: Beginner Basics
Topic: Need help! Forwarding incoming 443 to 8123
Replies: 2
Views: 245

Re: Need help! Forwarding incoming 443 to 8123

Post your config to see what is blocking connectivity
/export hide-sensitive file=anynameyouwish
by anav
Mon Jun 07, 2021 3:38 pm
Forum: Beginner Basics
Topic: Port Forwarding again!
Replies: 2
Views: 269

Re: Port Forwarding again!

add action=dst-nat chain=dstnat dst-address=217.33.xx.xxx log=yes log-prefix=\
VM protocol=tcp src-port=3389 to-addresses=10.20.18.99 to-ports=3389

should be dst
by anav
Mon Jun 07, 2021 2:04 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 3
Views: 355

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

Config comments: (1) get rid of two bridges ONLY NEED ONE!! all you need to do is assign the subnet to ether5, no need of bridge and same for address. Remove from Bridge setup!!! (2) Since ether ports 3,4 are identical change this /interface bridge vlan add bridge=BR1 tagged=BR1,ether3,ether4 vlan-i...
by anav
Mon Jun 07, 2021 1:56 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 3
Views: 355

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

I have something similar except not UNIFI products. The key is to have a trusted LAN or a managment LAN, and in either case all your smart devices get assigned an IP address from that vlan. TPLINK is straightfoward. Vlan1 is the default vlan for every interface and is only removed if the PVID of the...
by anav
Mon Jun 07, 2021 1:45 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1029

Re: Dual External IPs, multiple subnets

Yes but you keep going back to incorrect configs instead of keeping what I give you, for instance this is wrong. /ip route add distance=1 gateway=192.168.88.1 routing-mark=wan2 add distance=1 gateway=10.0.0.1 routing-mark=wan1 /ip route rule add src-address=10.3.4.0/23 table=wan1 add src-address=10....
by anav
Mon Jun 07, 2021 4:29 am
Forum: General
Topic: Let MikroTik support access my router
Replies: 18
Views: 903

Re: Let MikroTik support access my router

Agreed this post has gone to the toilet.
Do whatever you want, but it sounds like it has nothing to do with MT, I gave you my opinion on what to use.
by anav
Mon Jun 07, 2021 4:25 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

Sticking with standard config change this /ip dhcp-server network add address=10.0.10.0/24 dns-server= 192.168.0.1 gateway=10.0.10.1 add address=10.0.20.0/24 dns-server= 192.168.0.1 gateway=10.0.20.1 add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 To this And when we get a work...
by anav
Mon Jun 07, 2021 2:10 am
Forum: Beginner Basics
Topic: Wireguard VPN and to the Internet
Replies: 1
Views: 229

Re: Wireguard VPN and to the Internet

Suggest you to to the beta forum its not a released main firmware function yet.
There are some examples there.
by anav
Mon Jun 07, 2021 12:47 am
Forum: Scripting
Topic: send MikroTik Notification via WhatsApp
Replies: 19
Views: 13427

Re: send MikroTik Notification via WhatsApp

Yes but I dont have dude so is that needed............
can be used everywhere, is simple ros script :)
done thanks!!
my wife and I did 65Km road and trail ride, to practice conquering the roads and trails of italy of course.
by anav
Sun Jun 06, 2021 11:34 pm
Forum: Scripting
Topic: send MikroTik Notification via WhatsApp
Replies: 19
Views: 13427

Re: send MikroTik Notification via WhatsApp

Yes but I dont have dude so is that needed............
by anav
Sun Jun 06, 2021 10:38 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

Post the regular complete router config, not the vlan document style
/export hide-sensitive file=anynameyouwish
by anav
Sun Jun 06, 2021 6:10 pm
Forum: Wireless Networking
Topic: Questions about TKIP
Replies: 10
Views: 634

Re: Questions about TKIP

bpwl, the cost of ink for a printer these days is the cost of a printer so dont cry me a river on not replacing a budget printer with one that has basic security requirements.
by anav
Sun Jun 06, 2021 6:07 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

Yes of course, as per the link, its the last step LOL
by anav
Sun Jun 06, 2021 5:36 pm
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 15
Views: 1132

Re: someone hack my routrs - can someone help?

If you are paid to support these routers you need to give the money back!!!!!!!!!
by anav
Sun Jun 06, 2021 5:32 pm
Forum: RouterOS v7 BETA
Topic: Routing marks / mangle
Replies: 9
Views: 1471

Re: Routing marks / mangle

Why do you need any mangling? Not sure why you want to differentiate internet traffic from VPN traffic as the initial connection is very brief and then the tunnel is created. I gather the issue is you then want the tunnel users to use the other WAN for normal internet access. [note on my wireguard s...
by anav
Sun Jun 06, 2021 3:04 pm
Forum: General
Topic: [Solved] Unexpectedly tricky VLAN setup
Replies: 4
Views: 334

Re: Unexpectedly tricky VLAN setup

There is no reason to assign vlans on switch, they should be assigned via DHCP from the router. On the switch one needs to solely assign the vlan-ids, that they exist and on which ports they do their magic.

Read this article.
viewtopic.php?f=23&t=143620
by anav
Sun Jun 06, 2021 2:58 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1029

Re: Dual External IPs, multiple subnets

e.g. 10.3.4.5 cannot ping 10.3.4.1 You mean 10.3.4.5 cannot ping 10.3.6.8 for example ( the one above was within the same subnet LOL ) The fact of the mattter is that it should and the issue is that you are using a fake environment which is causing the issue or you have pc firewalls blocking traffi...
by anav
Sun Jun 06, 2021 2:50 pm
Forum: Beginner Basics
Topic: (silly) question how does DNS query forwarded / DCHP DNS settings
Replies: 4
Views: 409

Re: (silly) question how does DNS query forwarded / DCHP DNS settings

The question could be framed what is the hierarchy breakdown of DNS by the MT router when: a. peer DNS is enabled (aka from ISP) b. peer DNS is disabled c. dhcp-server-network is the gateway of the subnet (aka from the router) d. dynamic servers are assigned e. dhcp-server network is assigned a know...
by anav
Sun Jun 06, 2021 2:43 pm
Forum: Beginner Basics
Topic: I have a dedicated FW that I wish to keep, but demote from being the Gateway placing a Mikrotik Router there in stead
Replies: 11
Views: 610

Re: I have a dedicated FW that I wish to keep, but demote from being the Gateway placing a Mikrotik Router there in stea

I got rid of my zyxel stuff awhile ago, no need for the inferior z40......... an RB4011 kicks butt.......
If you paid extra for services then I can see you wanting to use it until they expire though.
by anav
Sun Jun 06, 2021 2:40 pm
Forum: RouterOS v7 BETA
Topic: RouterOSv7 first look – MLAG on CRS 3xx switches
Replies: 9
Views: 887

Re: RouterOSv7 first look – MLAG on CRS 3xx switches

I have no idea what that does but your input and work are incredible!!
All that talent in MS, but really its too hot or too wet or to windy(tornadoes), why dont you move up to the promised land (Canada).
by anav
Sun Jun 06, 2021 3:26 am
Forum: General
Topic: DNS Forwarding is not working anymore
Replies: 4
Views: 380

Re: DNS Forwarding is not working anymore

The point being get out of your own way, and post your complete config.
/export hide-sensitive file=anynameyouwish
by anav
Sun Jun 06, 2021 12:34 am
Forum: General
Topic: kid control
Replies: 3
Views: 357

Re: kid control

Ehi, se rextended ti sta dando un momento difficile, paga la mia tariffa aerea per l'Italia e farò incazzare sul suo prato. ;-)
oh e aiutarti con la tua configurazione, naturalmente.
by anav
Sat Jun 05, 2021 10:57 pm
Forum: General
Topic: Let MikroTik support access my router
Replies: 18
Views: 903

Re: Let MikroTik support access my router

Do not open up your router on the internet without any protection, port knocking or vpn etc.
As stated just use TeamViewer temporarily.
by anav
Sat Jun 05, 2021 9:53 pm
Forum: General
Topic: DNS stops working with Bridge use IP Firewall & IP VLAN with NAT redirect?
Replies: 15
Views: 2617

Re: DNS stops working with Bridge use IP Firewall & IP VLAN with NAT redirect?

Racking please post your latest complete config and I will have a look.
by anav
Sat Jun 05, 2021 9:48 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1311

Re: Netwatch failover wont work because route to external ip gets bypassed

Yes you may have to play with scopes, something I dont understand either. In any case, you completely understood well what I do which is very basic recursive where the connectivity to the first ISP is checked via two different DNS and if truly not available then the router switches to the second IS...
by anav
Sat Jun 05, 2021 7:26 pm
Forum: Beginner Basics
Topic: 2 ISP >> 2LAN [SOLVED]
Replies: 42
Views: 1592

Re: 2 ISP >> 2LAN [SOLVED]

For your network settings change from /ip dhcp-server network add address=192.168.20.0/24 gateway=192.168.20.1 add address=192.168.30.0/24 gateway=192.168.30.1 /ip dhcp-server network add address=192.168.20.0/24 gateway=192.168.20.1 dns-server=192.168.20.1 add address=192.168.30.0/24 gateway=192.168...
by anav
Sat Jun 05, 2021 7:14 pm
Forum: Wireless Networking
Topic: Questions about TKIP
Replies: 10
Views: 634

Re: Questions about TKIP

Ask your customers if their cell phones are as old as their printers......... If a printer is not AES capable explain to your customers that for security obsolescence they need to be life cycled. Now if you went last year and found a whole bunch of unsold OLD printers and pawned them off on your cus...
by anav
Sat Jun 05, 2021 7:07 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

Yes you need a separate vlan with dhcp, pool, ip address, dhcp-server-network settings for each group of users.
or group of like devices etc. whatever you think hey, person A or device P should not talk to others, then you have a vlan requirement
by anav
Sat Jun 05, 2021 3:49 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1311

Re: Netwatch failover wont work because route to external ip gets bypassed

Yes you may have to play with scopes, something I dont understand either. In any case, you completely understood well what I do which is very basic recursive where the connectivity to the first ISP is checked via two different DNS and if truly not available then the router switches to the second ISP...
by anav
Sat Jun 05, 2021 4:03 am
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1311

Re: Netwatch failover wont work because route to external ip gets bypassed

So is the question how to setup failover for the router with two modems. In basic terms 0.0.0.0/0 gwy=ISP1 gateway IP check-gateway=ping distance=5 0.0.0.0/0 gwy=ISP2 gateway IP distance =10 In this scenario all traffic will go out isp1 and if it goes down ISP2 will take over. Normally this would be...
by anav
Sat Jun 05, 2021 3:32 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

Hi ian, the config looks real good, (1) The only thing I noticed was the untagged vlan. /interface bridge port set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether2] set bridge=BR1 ingress-filtering=yes frame-types=admit-only-vlan-tagged [find interface=ether...
by anav
Sat Jun 05, 2021 2:37 am
Forum: General
Topic: Problems with updating firmware on smips devices
Replies: 5
Views: 399

Re: Problems with updating firmware on smips devices

You can post as many posts as you think are necessary but we are trying to help folks with all issues. This is one is known and I am sure MT is working on it. So dont clog up the threads with the same crap. What they should work on is their FQT or their test processes because clearly they forgot to ...
by anav
Fri Jun 04, 2021 11:00 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

No but I have approx 4-5 smart switches on the go, about 4 access points and 15 or so vlans. So my home vlanXX provides dhcp for all the attached smart devices and basically its a trusted LAN. So no need for a management vlan if you are happy to use your trusted VLAN. I could and will think about us...
by anav
Fri Jun 04, 2021 9:40 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

I dont have a base VLAN because I use my trusted HOME VLAN to assign IPs to any attached smart devices (switches and access points) and limite access to my router only to certain IPs. So the quick answer if you have a trusted LAN at home you dont really need a management vlan. For a business yes you...
by anav
Fri Jun 04, 2021 7:05 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1311

Re: Netwatch failover wont work because route to external ip gets bypassed

Not what I would call a beginner network LOL. That is some major work you have!! Bravo, I would be running away LOL What i was really asking was, are the two routers sharing a subnet, as I am not conversant on how to best connect two devices as such. Assuming you need to route Layer 3 some users or ...
by anav
Fri Jun 04, 2021 7:02 pm
Forum: Wireless Networking
Topic: hAP ac2 can't connect 5Ghz -N/AC mode
Replies: 15
Views: 8436

Re: hAP ac2 can't connect 5Ghz -N/AC mode

Also, other suckers like me may actually look at the thread with geniune 5Ghz issues and could benefit from my unique and amazing settings . Indeed. Sometimes I have a feeling that you use this forum as a scratchpad to scrabble your settings only to come back at some later time to find them to re-a...
by anav
Fri Jun 04, 2021 6:57 pm
Forum: General
Topic: Let MikroTik support access my router
Replies: 18
Views: 903

Re: Let MikroTik support access my router

You do not want to expose winbox port to the internet. What you do is allow a vpn tunnel to your router for configuration purposes and not much else. I wouldnt use SSH either. My recommendation is that you setup team viewer on a PC with access to the router. Then you run a team viewer sessions where...
by anav
Fri Jun 04, 2021 6:54 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1311

Re: Netwatch failover wont work because route to external ip gets bypassed

Are the two main routers physically connected by ethernet? If so how have you decided to connect them??
by anav
Fri Jun 04, 2021 6:34 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1311

Re: Netwatch failover wont work because route to external ip gets bypassed

I dont quite get the network diagram, Just to confirm you are showing two instances of the same router, to differentiate between the one dynamic WANIP (not natted - Cosmote top bubble) and the two dynamic WANIPs that are natted lower two COSMOTE bubbles. OR Do you have two routers one for COSMOTE1 a...
by anav
Fri Jun 04, 2021 6:30 pm
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 509

Re: Guest network doesn't have internet

Disagree with the 2 toads................... you should not need any firewall rules on the capac as you should not use it as a router when you have the RB3011.
by anav
Fri Jun 04, 2021 6:28 pm
Forum: General
Topic: VLAN Routing is slow on hex S
Replies: 10
Views: 515

Re: VLAN Routing is slow on hex S

Get rid of vlan1 for data it should only be used as the default bridge vlan!!! (use vlan10) and use this reference..... https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 Do you mean I should place my computer and server and everything else into VLAN10 instead of 1? That is one option, I do...
by anav
Fri Jun 04, 2021 6:26 pm
Forum: Beginner Basics
Topic: Internet fiber on switch to router
Replies: 8
Views: 418

Re: Internet fiber on switch to router

Well, I would hook up vlans and devices on the SWITCH where you anticpate the heaviest SUBNET TO SUBNET traffic (or traffic within a subnet but on different switch ports) and dont worry about users going to the internet.
The rest if small can be where you want them, router or switch.
by anav
Fri Jun 04, 2021 6:17 pm
Forum: Announcements
Topic: WinBox v3.28 released!
Replies: 25
Views: 4582

Re: WinBox v3.28 released!

Some people are happy waking up to the smell of napalm in the morning!
Me, I like waking up and installing a fresh brand new Winbox!!!

@Pe1chi, sounds like you have a really good point, but who is listening??
by anav
Fri Jun 04, 2021 5:16 pm
Forum: General
Topic: VLAN Routing is slow on hex S
Replies: 10
Views: 515

Re: VLAN Routing is slow on hex S

Get rid of vlan1 for data it should only be used as the default bridge vlan!!! (use vlan10) and use this reference.....
viewtopic.php?f=23&t=143620
by anav
Fri Jun 04, 2021 5:14 pm
Forum: Beginner Basics
Topic: Internet fiber on switch to router
Replies: 8
Views: 418

Re: Internet fiber on switch to router

Well the purpose of a high powered switch is because you have huge gobs of traffic between devices behind the switch, be it database accesses, servers, streaming etc, that have nothing to do with the internet. Going out to the internet and back to a device is something that is not avoidable and the ...
by anav
Fri Jun 04, 2021 4:25 pm
Forum: Beginner Basics
Topic: Internet fiber on switch to router
Replies: 8
Views: 418

Re: Internet fiber on switch to router

MKX is spot on, as usual! I would keep at least one ethernet on the RB4011 as a separate different subnet, for the purposes of easy access to the router for config purposes. I suppose by removing the 200 vlan from any bridge it keeps the RB4011 out of any extra flow altogether and the RB4011 is most...
by anav
Fri Jun 04, 2021 4:11 pm
Forum: Beginner Basics
Topic: Netwatch failover wont work because route to external ip gets bypassed
Replies: 23
Views: 1311

Re: Netwatch failover wont work because route to external ip gets bypassed

Okay post your latest complete config to compare to the diagram etc...........
/export hide-sensitive file=anynameyouwish
by anav
Fri Jun 04, 2021 2:25 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1029

Re: Dual External IPs, multiple subnets

Yes you forgot the basic rule, that all routes must exist in main table in addition to specialized rules. Thus this /ip route add distance=1 gateway=192.168.88.1 routing-mark=wan2 add distance=1 gateway=10.0.0.1 routing-mark=wan1 should look like this /ip route add distance=1 gateway=192.168.88.1 ad...
by anav
Fri Jun 04, 2021 2:17 pm
Forum: Beginner Basics
Topic: Access Webserver inside Lan - Hairpin NAT [SOLVED]
Replies: 3
Views: 412

Re: Access Webserver inside Lan - Hairpin NAT [SOLVED]

Read through this post and see if it helps.................
viewtopic.php?f=13&t=175064&p=856786&hi ... at#p856786
by anav
Fri Jun 04, 2021 2:13 pm
Forum: Beginner Basics
Topic: trying to isolate ether5 from bridge on ether2-4
Replies: 10
Views: 555

Re: trying to isolate ether5 from bridge on ether2-4

tdw captured the glaring ether5 errors. To answer your requirement, the last thing left to do is block traffic between the the bridge and eth5 at L3 (Firewall rules). What we are going to do is take this rule, that allows port forwarding and stops all other WAN traffic and make it far clearer to rea...
by anav
Fri Jun 04, 2021 6:23 am
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 509

Re: Guest network doesn't have internet

Hmm good question. I always use vlans when using multiple subnets. How were you proposing to send wifi to a CAPAC and yet have the capac IP address (control of it) not in the guest network?? Were you intending to use a home wifi on the capac and a guest wifi? what about IOT devices ? You also have a...
by anav
Fri Jun 04, 2021 6:19 am
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1029

Re: Dual External IPs, multiple subnets

Well my thoughts are let us know how your ISP actually handles it, no use setting up lab environment that is not accurate.
by anav
Fri Jun 04, 2021 5:54 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

Its gettng late here but will have a quick look at RB4011 config (1) You are missing the POOL, address, DHCP etc, for the BASE vlan. (2) If ether2-5 are the same vlan why does ether2 not have the other settings of vlan filtering tagged frames only?? (3) ON bridge port settings; If ether6 is going to...
by anav
Fri Jun 04, 2021 4:18 am
Forum: RouterOS v7 BETA
Topic: Vlan on switch vs Vlan on interface
Replies: 5
Views: 435

Re: Vlan on switch vs Vlan on interface

Just to confirm. You do not need more than one subnet per port (like two or more vlans on a single port). If not then you dont really need vlans. You can assign three bridges (each with its own dhcp settings etc.) OR You can assign one bridge and use vlans (each vlan has its own dhcp settings) [my p...
by anav
Fri Jun 04, 2021 4:09 am
Forum: RouterOS v7 BETA
Topic: Vlan on switch vs Vlan on interface
Replies: 5
Views: 435

Re: Vlan on switch vs Vlan on interface

I am only familiar with vlan filtering on bridges which the best reference is here. https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 A decent reference for switch chip vlans can be found here https://help.mikrotik.com/docs/display/ROS/Switch+Chip+Features#SwitchChipFeatures https://www.you...
by anav
Fri Jun 04, 2021 3:31 am
Forum: Wireless Networking
Topic: hAP ac2 can't connect 5Ghz -N/AC mode
Replies: 15
Views: 8436

Re: hAP ac2 can't connect 5Ghz -N/AC mode

That may be true, but I have already asked NORMIS to institute a better sign in process for making posts. It is getting real stupid in here with fake posters.

Also, other suckers like me may actually look at the thread with geniune 5Ghz issues and could benefit from my unique and amazing settings.
by anav
Fri Jun 04, 2021 3:29 am
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 134
Views: 9315

Re: v6.47.10 [long-term] is released!


1) Please do not consider me such an idiot... I'm not English but I understand of what device are talking about...
More importantly he has sharp claws and can draw text with 1s and 0s, very intimidating!!!
by anav
Fri Jun 04, 2021 3:25 am
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 569

Re: PPPOE Hang up

Damn, rextended I did a terrible thing. I just googled Capalbio on google maps........ I am already tasting the wine, am I too old (at 60) to be adopted LOL. (Okay cafe con leche in the morning, maybe a beer after the bike ride but definitely wine with supper) (lets not forget fresh breads and chees...
by anav
Fri Jun 04, 2021 3:21 am
Forum: Useful user articles
Topic: Which VPN protocol is best?
Replies: 29
Views: 13949

Re: Which VPN protocol is best?

OpenConnect would be a great addition to Mikrotik. Mikrotik should support all VPN protocols without regard to which network religion originally developed the VPN. First it was OpenVPN. Then it was Wireguard. Now it is OpenConnect. You people will NEVER be satisfied with ANY VPN technology!!! Belch...
by anav
Fri Jun 04, 2021 3:20 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 25
Views: 3363

Re: MikroTik Wireguard server with Road Warrior clients

I do the same ping troubleshooting without IP address :-) I know you do, but I am thinking more about what is easiest to understand for people who are not as technically proficient. If Wireguard does not seem to be working, it could be harder for them to trace down the issue if you do not have an a...
by anav
Fri Jun 04, 2021 3:13 am
Forum: Scripting
Topic: Netwatch Email contents script help
Replies: 3
Views: 379

Re: Netwatch Email contents script help

Simply add this to the end of the netwatch script after the email :log info "My Connection is now UP" Also my script is similar but not quite the same. :local sub1 ([/system clock get time]) /tool e-mail send from="myemail@addresss.ca" body="At $sub1 WAN Link is Up[" su...
by anav
Fri Jun 04, 2021 3:09 am
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 569

Re: PPPOE Hang up

Perhaps they should not hire Police to do networking ;-)
by anav
Fri Jun 04, 2021 3:07 am
Forum: Wireless Networking
Topic: hAP ac2 can't connect 5Ghz -N/AC mode
Replies: 15
Views: 8436

Re: hAP ac2 can't connect 5Ghz -N/AC mode

My settings are:
5GHz-N/AC
20/40MHz Ce
Freq: 5540

WPS mode: disabled
Installation: Any
WMM support enabled
Multicast buffering checked
KeepAlive frames checked
by anav
Fri Jun 04, 2021 3:01 am
Forum: Wireless Networking
Topic: Simple "extention" type wifi station, how?
Replies: 8
Views: 490

Re: Simple "extention" type wifi station, how?

Do not expect great results as using wifi to extend traffic often leads to disappointment. Give it a try but please keep expectations reasonable. BPWL will do his darndest to get you up and running and may provide tweaks to optimize. At the end of the day, our best bet regardless of the wifi setting...
by anav
Fri Jun 04, 2021 2:55 am
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 569

Re: PPPOE Hang up

In summary, and I am by no means an expert, it appears you really do not know what you are doing and have bundled together youtube solutions in very unsafe and incorrect manner. So no tasering, or arrest warrants........... I hope I am wrong, so please let us know if you are a professional IT person...
by anav
Fri Jun 04, 2021 2:52 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 25
Views: 3363

Re: MikroTik Wireguard server with Road Warrior clients

There is another reason I can see for having IP addresses on the Wireguard interfaces themselves - easy troubleshooting. If Wireguard is not working and you don't know why, having the IPs on both sides on that interface, and using those to do ping tests, allows you eliminate certain kinds of routin...
by anav
Fri Jun 04, 2021 2:44 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

If I have PVID set on a bridge port on the switch, should I be able to see that anywhere on router (maybe packet sniffing/vlan field) if its actually being assigned? For the specific question, YES, if you look at bridge vlan settings you will see what has been entered by you as the admin or dynamic...
by anav
Fri Jun 04, 2021 2:41 am
Forum: Beginner Basics
Topic: For all you Mikrotik Geeks out there
Replies: 3
Views: 354

Re: For all you Mikrotik Geeks out there

Sure I know just the person(s) to do this for you!!
https://mikrotik.com/consultants
by anav
Fri Jun 04, 2021 2:39 am
Forum: General
Topic: Cloudflare allow ip in mikrotik
Replies: 4
Views: 406

Re: Cloudflare allow ip in mikrotik

Go to subnet settings (dhcp server-network) and for dns servers put in cloudfare IPs.............
by anav
Fri Jun 04, 2021 2:31 am
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 569

Re: PPPOE Hang up

I dont know if I can help you. The config is a mess. I would start by ONLY configuring the PPPOE wan interfaces required before adding anything else. I would get rid of all firewall rules except the defaults and what you need for ipsec. I would get rid of source address entries in all sourcenat rule...
by anav
Fri Jun 04, 2021 1:49 am
Forum: RouterOS v7 BETA
Topic: Wireguard PBR routing-mark with dst-address-list
Replies: 7
Views: 420

Re: Wireguard PBR routing-mark with dst-address-list

No worries, Ive reached the extent of what I know to help LOL. By the way I use the IP cloud dyndns name of the MT routers as endpoints and in firewall address lists. What bugs me and what NORMIS still has to answer, is if the IP mynetname I put in wireguard settings will update if the far endpoint ...
by anav
Thu Jun 03, 2021 10:45 pm
Forum: General
Topic: PPPOE Hang up
Replies: 14
Views: 569

Re: PPPOE Hang up

Hi guy,
A good start would be to post your config.

/export hide-sensitive file=anynameyouwish
by anav
Thu Jun 03, 2021 7:59 pm
Forum: Scripting
Topic: send MikroTik Notification via WhatsApp
Replies: 19
Views: 13427

Re: send MikroTik Notification via WhatsApp

I use telegram bot, but this seems interesting.
by anav
Thu Jun 03, 2021 7:43 pm
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 984

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

That makes sense in terms of transferring from ipsec to wireguard in your scenario!! Gluck in testing.
by anav
Thu Jun 03, 2021 7:41 pm
Forum: General
Topic: Weighted load balancing
Replies: 1
Views: 253

Re: Weighted load balancing

The bible for PCC IMHO,
https://mum.mikrotik.com/presentations/US12/steve.pdf

Check out the second last slide................
by anav
Thu Jun 03, 2021 7:11 pm
Forum: General
Topic: Dual External IPs, multiple subnets
Replies: 18
Views: 1029

Re: Dual External IPs, multiple subnets

Simplify. ONly need one bridge you have two different subnets on two different ports. So put both on the bridge. I am not 100% sure if putting both on the bridge will allow layer 2 access between them. If that is an issue only put one subnet on the bridge. Use firewall rules to separate the two subn...
by anav
Thu Jun 03, 2021 7:04 pm
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 509

Re: Guest network doesn't have internet

Quicklook on capac.

Two bridges, wrong only need one
You dont need any DHCP service on the capac, should be done on RB3011
Why is ether 1 from the RB3011 not on the bridge??
The address associated with the Capac should be an address on the management vlan.
by anav
Thu Jun 03, 2021 6:59 pm
Forum: General
Topic: Guest network doesn't have internet
Replies: 8
Views: 509

Re: Guest network doesn't have internet

Why do you thing both configs are not necessary.
Please post RB3011 as well.
by anav
Thu Jun 03, 2021 6:55 pm
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1306

Re: ISP PPPOE with VLAN filtering [SOLVED]

/export hide-sensitive file=anynameyouwish to see whats going on.
by anav
Thu Jun 03, 2021 6:52 pm
Forum: Beginner Basics
Topic: Port forwarding 443...
Replies: 3
Views: 308

Re: Port forwarding 443...

/export hide-sensitive file=anynameyouwish to see whats going on.
by anav
Thu Jun 03, 2021 5:42 pm
Forum: RouterOS v7 BETA
Topic: Wireguard PBR routing-mark with dst-address-list
Replies: 7
Views: 420

Re: Wireguard PBR routing-mark with dst-address-list

Here is what I would do..... cause just like capsman I hate mangling LOL. 1x IP Route: dst=0.0.0.0/0 gwy=wireguardinterface Routing Table=HideMyIP 4x Route Rules: source-address=applicable subnet dst-address=5.2.128.0/19 Action=Lookup Only in Table Table=HideMyIP source-address=applicable subnet dst...
by anav
Thu Jun 03, 2021 5:19 pm
Forum: RouterOS v7 BETA
Topic: Wireguard PBR routing-mark with dst-address-list
Replies: 7
Views: 420

Re: Wireguard PBR routing-mark with dst-address-list

Makes sense. So to me the only difference from routing all traffic from a subnet on the client dst- 0.0.0.0/0 gwy=wireguard_interface Routing Table - HideMyIP / Action - Lookup only in table Table - HideMyIP source-address - client subnet To what you are asking seems to be the addition on the RULE p...
by anav
Thu Jun 03, 2021 4:03 pm
Forum: RouterOS v7 BETA
Topic: Wireguard PBR routing-mark with dst-address-list
Replies: 7
Views: 420

Re: Wireguard PBR routing-mark with dst-address-list

Can you clarify if the router here is at the server end or the client end. I am assuming you are doing wireguard from MT router to MT router is that the case? OR are you doing MT router as client to 3 party VPN provider?? (reason I ask is I only see one MT router here and it seem set up to be the cl...
by anav
Thu Jun 03, 2021 3:43 pm
Forum: RouterOS v7 BETA
Topic: Vlan on switch vs Vlan on interface
Replies: 5
Views: 435

Re: Vlan on switch vs Vlan on interface

You first statement is not helpful. Is the device acting as a router or NOT? Is it attached to your ISPs modem. If so its not really a switch but a router with switching capabilities like most routers. If its purely acting as a switch then you can do what you want with setup but there are preferred ...
by anav
Thu Jun 03, 2021 3:40 pm
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 984

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

Concur with your last statement. However the first comment was wishy washy (" if you want to use an IP in the same subnet and have wireguard be outside your router's subnets, I think you need to assign an IP to the router though it mit not be needed in most scenarios as one intends to forward t...
by anav
Thu Jun 03, 2021 1:42 am
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 984

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

Yes. At least that is my guess. As long as you only need to access devices inside the network and not the router itself, it most likely is enough to not assign an IP address. Cannot be sure, of course, but I might test this later on. But first I need to get it working in general but I think I know ...
by anav
Wed Jun 02, 2021 7:41 pm
Forum: Wireless Networking
Topic: add Hybrid-Port (wired VLAN) to CAP [SOLVED]
Replies: 6
Views: 525

Re: add Hybrid-Port (wired VLAN) to CAP [SOLVED]

hahah, yes well the challenge is when to make changes as 2am one shouldnt be making changes to the config, living the same nightmare.
by anav
Wed Jun 02, 2021 7:40 pm
Forum: General
Topic: Network Design Help
Replies: 1
Views: 236

Re: Network Design Help

What is confusing is your company bought equipment before planning the network?
Did they consult you?
When you say new at this what do you mean. Mikrotik equipment, networking in general, etc. ????
by anav
Wed Jun 02, 2021 6:30 pm
Forum: General
Topic: Home Network Design
Replies: 8
Views: 478

Re: Home Network Design

Now for the forward chain. The problem is you do not understand how the firewall rules work. Is there any rule for layer 3 routing to prevent the two subnets from talking, the answer is NO. THey cannot see each at other at layer as physically separated by ports and one subnet is on a bridge the othe...
by anav
Wed Jun 02, 2021 6:20 pm
Forum: General
Topic: Home Network Design
Replies: 8
Views: 478

Re: Home Network Design

(1) Remove the vlan /interface vlan add interface=ether1 name=vlan500 vlan-id=500 (2) Enable the interface list member /interface list member add interface=unifi list=WAN add interface=bridge1 list=LAN add disabled=yes i nterface=ether5 list=LAN (3) Why is this set to ether 2 should be bridge. /ip a...
by anav
Wed Jun 02, 2021 5:58 pm
Forum: General
Topic: Home Network Design
Replies: 8
Views: 478

Re: Home Network Design

Sorry for that, forget the vlan link itself https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 As I stated you dont nee the vlan in your simple config. Ether 5 just gets its own ethernet setup, pool, address etc, and is NOT on the bridge The ether ports 2-4 are on teh bridge and assign the b...
by anav
Wed Jun 02, 2021 5:41 pm
Forum: Beginner Basics
Topic: After applied filter rule internet connect not stable
Replies: 6
Views: 515

Re: After applied filter rule internet connect not stable

Yes, if one is using mangling one needs to turn fastrack off I believe.......... This could be the culprit add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack" From other posts...... Why do you look at fasttrack as global feature f...
by anav
Wed Jun 02, 2021 4:58 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: Custom skin CSS
Replies: 7
Views: 587

Re: Feature Request: Custom skin CSS

Id like the MT router to make hot chocolate and give me botox injections........................ ....we are talking cosmetics here right!! ;-)
by anav
Wed Jun 02, 2021 4:56 pm
Forum: RouterOS v7 BETA
Topic: Router switch Firewall
Replies: 2
Views: 291

Re: Router switch Firewall

This sounds like a port forwarding issue in terms of router speak, where the user wants to allow incoming requests on the internet reach a server within the LAN. Note default firewall rules automatically block all WAN to LAN traffic but allow Destination NAT as you described. It is up to the admin t...
by anav
Wed Jun 02, 2021 4:53 pm
Forum: RouterOS v7 BETA
Topic: Interface list VS VLAN
Replies: 1
Views: 261

Re: Interface list VS VLAN

an interface list (there are two by default LAN and WAN) are useful constructs to use in various parts of the MT config, most notably in firewall rules, to identify one or more interfaces for directing/blocking packets. a vlan is a virtual lan, think of it as a another LAN subnet that runs on top of...
by anav
Wed Jun 02, 2021 2:16 pm
Forum: General
Topic: DHCP Over Multiple VLANS
Replies: 5
Views: 467

Re: DHCP Over Multiple VLANS

The purpose of vlans is to separate traffic between subnets.
If you dont need separate subnets dont create so many vlans. Lump groups together for example.
Yes, you need to have all the pools addresses etc. but tis a one time setup.
by anav
Wed Jun 02, 2021 2:12 pm
Forum: General
Topic: Home Network Design
Replies: 8
Views: 478

Re: Home Network Design

THis is the best guide for setting up vlans........ However in your case vlans are not really required because you do not have multiple subnets running over a single port. Therefore suggest you create a bridge and run etheports 2-4 on the bridge The bridge can do the dhcp, pool, address etc. Ether 5...
by anav
Wed Jun 02, 2021 2:07 pm
Forum: General
Topic: Bridge not getting IP address.
Replies: 7
Views: 401

Re: Bridge not getting IP address.

If you have only two devices why are you using capsman?
by anav
Wed Jun 02, 2021 2:03 pm
Forum: Beginner Basics
Topic: Complete Beginner - setting up a second subnet
Replies: 1
Views: 255

Re: Complete Beginner - setting up a second subnet

Sure, please post your config so that we can see what is going on. /export hide-sensitive file=anynameyouwish Go to the terminal window in winbox (left hand menu) and type the above in at the prompt and hit enter. Then GO go FILES on the left hand menu and file the name of the file you created. Righ...
by anav
Wed Jun 02, 2021 5:32 am
Forum: Wireless Networking
Topic: RB4011 WIFI + Audience
Replies: 6
Views: 534

Re: RB4011 WIFI + Audience

I think your saying that the Audience is PnPHO
Plug and Pull Hair Out. :-)
by anav
Wed Jun 02, 2021 5:28 am
Forum: General
Topic: Bridge not getting IP address.
Replies: 7
Views: 401

Re: Bridge not getting IP address.

Draw a labelled network diagram your explanation is not clear.
by anav
Wed Jun 02, 2021 12:25 am
Forum: Beginner Basics
Topic: Dual WAN with dual dhcp and classic switch
Replies: 1
Views: 186

Re: Dual WAN with dual dhcp and classic switch

Quick answer no.......... Recommend picking up some cheap managed switches to provide the required functionality. TPLINK TL-SG105E (five ports) TPLINK TL-SG108E (eight ports). They both handle vlans! https://static.tp-link.com/2021/202102/20210205/TL-SG116E(UN)1.2&TL-SG108E(UN)6.0&TL-SG105E(...
by anav
Tue Jun 01, 2021 11:58 pm
Forum: Beginner Basics
Topic: 2 ISP >> 2LAN [SOLVED]
Replies: 42
Views: 1592

Re: 2 ISP >> 2LAN [SOLVED]

The routes rules have nothing to do with being unable to ping one LAN from the other.
I wish they were because I too want you to find the source of the issue.
by anav
Tue Jun 01, 2021 11:57 pm
Forum: Beginner Basics
Topic: Trying to setup a guest WiFi with 2 RBs
Replies: 8
Views: 443

Re: Trying to setup a guest WiFi with 2 RBs

IF you only have 2 or 3 wifi devices I would avoid capsman for now. Its another layer of config to avoid until you get the basics working.
by anav
Tue Jun 01, 2021 11:33 pm
Forum: Wireless Networking
Topic: add Hybrid-Port (wired VLAN) to CAP [SOLVED]
Replies: 6
Views: 525

Re: add Hybrid-Port (wired VLAN) to CAP [SOLVED]

Using VLAN1 is insanity, after you have completed the config, both you and tdw should check into the funny farm for therapy. ;-)
by anav
Tue Jun 01, 2021 11:26 pm
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 984

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

Interesting, my guess is that for internal service within the router, you dont need DNS, you need forward chain firewall rules.
by anav
Tue Jun 01, 2021 11:24 pm
Forum: General
Topic: RAW filter: Drop from a network IPs [SOLVED]
Replies: 11
Views: 673

Re: RAW filter: Drop from a network IPs [SOLVED]

Raw is a useful/powerful tool, in the right hands, in the wrongs hands DISASTER.

Unless you understand the packet diagrams inside out, I would refrain from using RAW.
https://help.mikrotik.com/docs/display/ ... n+RouterOS
by anav
Tue Jun 01, 2021 11:20 pm
Forum: General
Topic: Connection to wifi
Replies: 8
Views: 400

Re: Connection to wifi

establish a wireless connection between my hAP lite and my home wifi in order to connect devices to hAP's ethernet ports This is not a (half speed) repeater setup, but a simple station setup. I expect the speed to be as for any other 2S client wifi connection. Interface rate (and 1S versus 2S) can ...
by anav
Tue Jun 01, 2021 11:18 pm
Forum: General
Topic: WLAN SSIDs attached to VLANs
Replies: 16
Views: 699

Re: WLAN SSIDs attached to VLANs

yeah well thats the stupid method of mixing vlans in wifi settings. I dont like it cant help you...........
by anav
Tue Jun 01, 2021 11:16 pm
Forum: Beginner Basics
Topic: 2 ISP >> 2LAN [SOLVED]
Replies: 42
Views: 1592

Re: 2 ISP >> 2LAN [SOLVED]

Glad its working what did you figure out was the issue as it was not clear in your posts????
by anav
Tue Jun 01, 2021 11:14 pm
Forum: Beginner Basics
Topic: Is this possible? [SOLVED]
Replies: 9
Views: 626

Re: Is this possible? [SOLVED]

It is quite common to setup up bridges on microtik devices for everything but the wan etherport. In this case you want to include the wan etherport for the purposes of carrying vlan-voice to the second router. The internet vlan is NOT associated not with the bridge but to the port itself and just ne...
by anav
Tue Jun 01, 2021 10:57 pm
Forum: Beginner Basics
Topic: No internet access from second birdge/vLan
Replies: 1
Views: 210

Re: No internet access from second birdge/vLan

Sure, (1) My first question is why bother with vlan100, since you are using two bridges, you dont need a vlan. However I would only use one bridge and then the vlan for separation purposes makes sense. (2) In any case I think one of your issue is with IP addresses. Change ether2 to the bridge. /ip a...
by anav
Tue Jun 01, 2021 10:35 pm
Forum: Beginner Basics
Topic: Trying to setup a guest WiFi with 2 RBs
Replies: 8
Views: 443

Re: Trying to setup a guest WiFi with 2 RBs

A VLAN is not a bridge port!
by anav
Tue Jun 01, 2021 10:33 pm
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 984

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

Hi ghost, one of my clients is my iphone so if you need help with the dynamic scenario let me know.
Hmm well considering my client devices use my router for internet, they are using my router for DNS services already??
by anav
Tue Jun 01, 2021 8:20 pm
Forum: Beginner Basics
Topic: 2 ISP >> 2LAN [SOLVED]
Replies: 42
Views: 1592

Re: 2 ISP >> 2LAN [SOLVED]

Then I suspect a firewall on the PC or server that you are trying to ping.
There is nothing I see on the MT that is blocking that traffic??
by anav
Tue Jun 01, 2021 6:56 pm
Forum: Wireless Networking
Topic: Help with Setup
Replies: 5
Views: 391

Re: Help with Setup

Dude you should use the linksy for wifi and get a real router, a small hexS is great or if you are a power user the RB4011.
by anav
Tue Jun 01, 2021 6:54 pm
Forum: Wireless Networking
Topic: add Hybrid-Port (wired VLAN) to CAP [SOLVED]
Replies: 6
Views: 525

Re: add Hybrid-Port (wired VLAN) to CAP [SOLVED]

Hi there, dont use CAP and thus unable to help on that front. What I am getting is that you have a physical port on the CAP that you wish to use as a hybrid VLAN port. Thus you have some sort of device wired to the cap, lets say on etherport2 that is capable of receiving both tagged and untagged fra...
by anav
Tue Jun 01, 2021 6:47 pm
Forum: General
Topic: WLAN SSIDs attached to VLANs
Replies: 16
Views: 699

Re: WLAN SSIDs attached to VLANs

The reference link works great, feel free to pursue other methods. Its dirt simple and it makes not sense to me to do anything different.. all lans/subnets get vlans assign vlans to bridge assign vlans dhcp, pool, server-network and address Configure bridge ports settings appropriately Configure bri...
by anav
Tue Jun 01, 2021 6:42 pm
Forum: General
Topic: Connect devices in different VLANs
Replies: 9
Views: 653

Re: Connect devices in different VLANs

I still think the setup is overly complex but without a network diagram to demonstrate what equipment is used and what subnets are at play its difficult to guess and make suggestions.
by anav
Tue Jun 01, 2021 6:39 pm
Forum: General
Topic: Connection to wifi
Replies: 8
Views: 400

Re: Connection to wifi

I hope to god you are not expecting any significant throughput like streaming videos gaming etc.
Basic email and browsing is a realistic expectation.
by anav
Tue Jun 01, 2021 6:37 pm
Forum: Beginner Basics
Topic: Is this possible? [SOLVED]
Replies: 9
Views: 626

Re: Is this possible? [SOLVED]

Well not quite sure, but I would start with the following (and by no means necessarily correct or the best way)!! I would create two VLANS ISP-Data - vlan ID matches the vlan that the ISP provides for internet INTERFACE=ETHER1 ISP-Voice - vlan ID matches the vlan that the ISP uses for voice. INTERFA...
by anav
Tue Jun 01, 2021 6:22 pm
Forum: Beginner Basics
Topic: 2 ISP >> 2LAN [SOLVED]
Replies: 42
Views: 1592

Re: 2 ISP >> 2LAN [SOLVED]

So far looking just fine. (1) Remove this meaningless gateway entry /ip dhcp-server network add gateway=0.0.0.1 add address=192.168.20.0/24 dns-server=192.1 68.2.81 gateway=192.168.20.1 add address=192.168.30.0/24 dns-server=192.168. 2.81 gateway=192.168.30.1 add address=192.168.88.0/24 comment=defc...
by anav
Tue Jun 01, 2021 4:12 pm
Forum: General
Topic: Combo port with 4G on CCR1009
Replies: 6
Views: 373

Re: Combo port with 4G on CCR1009

Thanks rextended, I reread the literature and its more than I thought. Combo-port - a single 1Gbit software interface that has two hardware interfaces - an SFP cage and a Gigabit Ethernet port, allowing you to use any type of connection available to you. It is also possible to switch between both ph...
by anav
Tue Jun 01, 2021 4:10 pm
Forum: General
Topic: HexS - Need help with setup an IoT VLAN
Replies: 1
Views: 221

Re: HexS - Need help with setup an IoT VLAN

Your config gets confusing as you want to mix and match items.
Suggest
a. read this vlan reference.
viewtopic.php?f=23&t=143620

b. use vlans for all lan subnets, no need to have a non-vlan subnet.
by anav
Tue Jun 01, 2021 4:04 pm
Forum: Beginner Basics
Topic: 2 ISP >> 2LAN [SOLVED]
Replies: 42
Views: 1592

Re: 2 ISP >> 2LAN [SOLVED]

There are no firewall rules blocking lan1 to lan2 or lan2 to lan1 traffic. The router will route between them just fine.
by anav
Tue Jun 01, 2021 2:29 pm
Forum: RouterOS v7 BETA
Topic: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?
Replies: 15
Views: 984

Re: WireGuard - 7.1beta6 - Can't get it to work - Howto setup?

@Normis some observations/questions: (1) Why is it necessary to assign an IP address to the wireguard interface. For example in my wireguard setup between two MT routers and an iphone and MT router I do no such thing? (2) I am using IP cloud addresses from MT devices as endpoint address and source a...
by anav
Tue Jun 01, 2021 2:12 pm
Forum: General
Topic: Combo port with 4G on CCR1009
Replies: 6
Views: 373

Re: Combo port with 4G on CCR1009

No my understanding on the combo port is that you can only use one of them at a time. Its not two ports its an either or port. I may be wrong but that is my understanding
by anav
Mon May 31, 2021 11:45 pm
Forum: Beginner Basics
Topic: Is this possible? [SOLVED]
Replies: 9
Views: 626

Re: Is this possible? [SOLVED]

Sure its possible then. Many ways to do it. Also do you have one cable coming from the modem or are there two or at least options for more than one? Basically the idea is that you want to terminate the internet vlan on the HAPAC for the network and then pass the wan phone vlan data onto the ISP rout...
by anav
Mon May 31, 2021 9:55 pm
Forum: General
Topic: Multiple concurrent PPPoE over single ethernet [SOLVED]
Replies: 28
Views: 5393

Re: Multiple concurrent PPPoE over single ethernet [SOLVED]

Was looking at this thread for fw issues but its a great example of a multiple WAN PPPOE with load balancing etc.......
viewtopic.php?f=13&t=175630&p=860056#p860056
by anav
Mon May 31, 2021 9:40 pm
Forum: Beginner Basics
Topic: Is this possible? [SOLVED]
Replies: 9
Views: 626

Re: Is this possible? [SOLVED]

Probably not enough information to make a determination.
How are the internet and voice handled by the ISP, both coming in on separate vlans??
by anav
Mon May 31, 2021 7:56 pm
Forum: Beginner Basics
Topic: Trying to setup a guest WiFi with 2 RBs
Replies: 8
Views: 443

Re: Trying to setup a guest WiFi with 2 RBs

Is the hapac acting as a wifi+switch or router+wifi+switch
by anav
Mon May 31, 2021 4:05 pm
Forum: Beginner Basics
Topic: After applied filter rule internet connect not stable
Replies: 6
Views: 515

Re: After applied filter rule internet connect not stable

The first thing to do is to stick to the default firewall rules to start. (how did I guess you used some 'other resource' to make this mess LOL.) (1) Get rid of all those firewall address lists (2) Remove all firewall rules and replace in the order prescribed below. Order is important always in fire...
by anav
Mon May 31, 2021 3:54 pm
Forum: Beginner Basics
Topic: Default firewall config
Replies: 15
Views: 17081

Re: Default firewall config

Okay I see in another thread that your actually providing PPPOE ISP accounts on all your etherports at the other thread so its more than just a simple home invasion.
I will move to the other thread for further dialogue.
viewtopic.php?f=13&t=175630
by anav
Mon May 31, 2021 2:17 pm
Forum: Beginner Basics
Topic: Limit a particular client to only communicate with another client on LAN
Replies: 3
Views: 224

Re: Limit a particular client to only communicate with another client on LAN

/export hide-sensitive file=anynameyouwish

lan or vlan ip of device?
lan or vlan ip of user?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 25