Community discussions

MikroTik App

Search found 8515 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 29
by anav
Sun Sep 26, 2021 6:57 pm
Forum: General
Topic: Setting up IKEv2 VPN Server behind NAT
Replies: 21
Views: 638

Re: Setting up IKEv2 VPN Server behind NAT

https://forum.mikrotik.com/viewtopic.php?f=23&t=175656 You're welcome :) That link misses the most key points where is the direction for input chain rules If needed where is the direction for forward chain rules. But what I find hardest is..........Where is the exit/entry point of the tunnel (b...
by anav
Sun Sep 26, 2021 6:53 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

To clarify a couple of points... (1) add action = accept chain = input comment = 'allow remote config' src-address = IP of TUNNEL '' '' Thank you very much! :D That source address is on the ROUTER somewhere and is the LANIP of the tunnel exit/entry behind into the LAN side of the router (just make s...
by anav
Sun Sep 26, 2021 6:49 pm
Forum: General
Topic: Licensing question and hardware recommendations for a small home user.
Replies: 3
Views: 132

Re: Licensing question and hardware recommendations for a small home user.

I will 2nd @Anav’s suggestions … except keep the Unifi Switch and Unifi AP’s :)
My bad you already have a switch and one AP...........So mozerd is right in keeping those assets.
by anav
Sun Sep 26, 2021 6:47 pm
Forum: General
Topic: DDOS suspect ? [SOLVED]
Replies: 13
Views: 467

Re: DDOS suspect ? [SOLVED]

Sorry I can be blunt, especially after seeing the same issue with 100s of people!! In short, you need to neinstall the latest long term firmware onto the router. I wouldnt bother trying to discern where the problem is and simply be safe and cautious and assume there has been a compromise and then y...
by anav
Sun Sep 26, 2021 6:45 pm
Forum: General
Topic: Mikrotik Marketing Policy
Replies: 1
Views: 86

Re: Mikrotik Marketing Policy

zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz finished yet.
by anav
Sun Sep 26, 2021 4:02 pm
Forum: General
Topic: Licensing question and hardware recommendations for a small home user.
Replies: 3
Views: 132

Re: Licensing question and hardware recommendations for a small home user.

RB5009 for the router. ports 1,2 (reserved for current and future WAN connections) ports, 3,4,5 to access points ports 6,7 reserve port spf+ to switch for wired units. SFP port - spare One switch for all wired devices - CSS610-8G-2S+IN one SPF+ port to router ports 1-7 for wired devices port 8 spar...
by anav
Sun Sep 26, 2021 3:49 pm
Forum: RouterOS v7 BETA
Topic: Multiple WG clients(peers) per WG service
Replies: 12
Views: 2360

Re: Multiple WG clients(peers) per WG service

Nice, maybe hardware specific then...........
by anav
Sun Sep 26, 2021 3:48 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 159
Views: 12623

Re: v7.1rc4 [development] is released!

Supported v7.1rc4 Wave2 for MIPSBE?
See: https://www.qualcomm.com/products/qca9982
OMG, I spit out my coffee reading that line.
We'll get a fifth wave of covid before mipse gets wave2. ;-PP
by anav
Sun Sep 26, 2021 3:21 pm
Forum: General
Topic: RB4011 Slow Inter-VLAN Routing
Replies: 10
Views: 358

Re: RB4011 Slow Inter-VLAN Routing

I didnt look indepth but a shallow looks everything seems to be in order, for at least what I an understand... Did you try changing this to the sfp+ interface.......... /ip neighbor discovery-settings set discover-interface-list=none First time Ive ever seen this rule suggest you remove it add acti...
by anav
Sun Sep 26, 2021 3:17 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

IN summary this is the direction I would go,,,,,,,, /ip firewall filter add action=accept chain=input comment="Allow Established,Related" \ connection-state=established,related,untracked add action=drop chain=input comment="drop invalid packets" connection-state=\ invalid add act...
by anav
Sun Sep 26, 2021 2:52 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

Yes, I have used ipsec vpn in the past and currently using wireguard. I will have a look! (1) I dont quite understand this rule................. add action=accept chain=input comment="IKE IPSec" protocol=ipsec-esp in-interface-list=LAN protocol=tcp src-address-list=Admin-IP Why does anyone...
by anav
Sun Sep 26, 2021 2:51 pm
Forum: General
Topic: Wireguard Server behind different router / gateway
Replies: 1
Views: 83

Re: Wireguard Server behind different router / gateway

Yeah the explanation is more confusing then helpful.
Suggest you provided a network diagram to show what you mean
Between devices within the same network on both sides of the tunnel.
by anav
Sun Sep 26, 2021 2:48 pm
Forum: General
Topic: PPPoE does not reconnect automatically. Have to restart router everytime.
Replies: 4
Views: 189

Re: PPPoE does not reconnect automatically. Have to restart router everytime.

Sorry nescafe, if some one said to me anonymized, my eyes would glaze over. I like direct clear speech.
Many times it takes two or three or more times to ask for the export before th op actually produces it. A little reinforcement never hurt.
Not going to change my ways anytime soon. :-)
by anav
Sun Sep 26, 2021 2:43 pm
Forum: General
Topic: DDOS suspect ? [SOLVED]
Replies: 13
Views: 467

Re: DDOS suspect ? [SOLVED]

Sorry I can be blunt, especially after seeing the same issue with 100s of people!! In short, you need to neinstall the latest long term firmware onto the router. I wouldnt bother trying to discern where the problem is and simply be safe and cautious and assume there has been a compromise and then yo...
by anav
Sun Sep 26, 2021 3:41 am
Forum: Wireless Networking
Topic: Cannot access CAP AP webfig with dstnat from WAN
Replies: 1
Views: 89

Re: Cannot access CAP AP webfig with dstnat from WAN

Should not be an issue.

Post config of MT router and CAPAC..........
by anav
Sun Sep 26, 2021 3:39 am
Forum: General
Topic: DDOS suspect ? [SOLVED]
Replies: 13
Views: 467

Re: DDOS suspect ? [SOLVED]

Part of the problem of adding all these bloatware rules to a perfectly tight default firewall ruleset!! Self-inflicted damage.
by anav
Sun Sep 26, 2021 3:36 am
Forum: General
Topic: RB4011 Slow Inter-VLAN Routing
Replies: 10
Views: 358

Re: RB4011 Slow Inter-VLAN Routing

I didnt look indepth but a shallow looks everything seems to be in order, for at least what I an understand... Did you try changing this to the sfp+ interface.......... /ip neighbor discovery-settings set discover-interface-list=none First time Ive ever seen this rule suggest you remove it add actio...
by anav
Sat Sep 25, 2021 11:29 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

No I have no special rules as I dont have any open servers on my network.
Does the one user leave his computer running?
He should be warned for illegal use of company assets, lots of people want jobs.
by anav
Sat Sep 25, 2021 11:25 pm
Forum: RouterOS v7 BETA
Topic: Multiple WG clients(peers) per WG service
Replies: 12
Views: 2360

Re: Multiple WG clients(peers) per WG service

Try 5 separate WG interfaces each with its own single peer.
by anav
Sat Sep 25, 2021 8:49 pm
Forum: Wireless Networking
Topic: CubeG-5ac60adpair not working out-of-box
Replies: 13
Views: 440

Re: CubeG-5ac60adpair not working out-of-box

Okays so either
a. they were not configured properly when packaged/sent
b. the op changed some settings not necessarily on purpose preventing them from working
by anav
Sat Sep 25, 2021 8:44 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

As for jotne's rules.
I would not put them in place unless you think you have an issue.
Do you have servers you are running?? If not, then no worries you are not open to internet traffic.
The only connections coming in on the WAN are for VPN and those are not going to cause isssues.
by anav
Sat Sep 25, 2021 8:39 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

Comments: (1) Why did you delineate the WAN, I would think all malformed, invalid packets should be dropped!! add action=drop chain=input comment="drop invalid packets" connection-state=invalid in-interface-list=WAN (2) Same comment for ICMP. add action=drop chain=input comment=ICMP in-int...
by anav
Sat Sep 25, 2021 8:21 pm
Forum: General
Topic: Public AP behind p2p bridge
Replies: 5
Views: 175

Re: Public AP behind p2p bridge

All rather sounds complex to me, I would run the local hapac3 at the community centre as a router and let it do all the CPU work for local clients. Trunk port from home HAPAC2 router to hapac2 AP/Switch, Trunk port WLAN between sxt units (carrying vlan for community centre (which will be its WAN IP ...
by anav
Sat Sep 25, 2021 8:19 pm
Forum: General
Topic: Public AP behind p2p bridge
Replies: 5
Views: 175

Re: Public AP behind p2p bridge

edit duplicate
by anav
Sat Sep 25, 2021 8:08 pm
Forum: General
Topic: Connecting Private ip to a Public ip without nat [SOLVED]
Replies: 14
Views: 382

Re: Connecting Private ip to a Public ip without nat [SOLVED]

The answer is probably not You can have many to one NAT, which is typically one public IP and then one or more subnet behind it. Then you have one to one NAT which is basically one public IP mated to one Private IP (direct to server etc.) Ask your question in terms of requirements. What is it your t...
by anav
Sat Sep 25, 2021 4:08 am
Forum: Wireless Networking
Topic: CubeG-5ac60adpair not working out-of-box
Replies: 13
Views: 440

Re: CubeG-5ac60adpair not working out-of-box

bpwl are you saying the cube is transparent to any ethernet connection it is on, (or equivalent to a dumb switch?
by anav
Fri Sep 24, 2021 8:32 pm
Forum: Wireless Networking
Topic: CubeG-5ac60adpair not working out-of-box
Replies: 13
Views: 440

Re: CubeG-5ac60adpair not working out-of-box

That was my point, we dont know the lan subnet notation the NON FRIGGEN MT, Router is providing to the first Cube..........................................
or for that matter the IP address of the switch the second cube is attached too........
by anav
Fri Sep 24, 2021 8:27 pm
Forum: Beginner Basics
Topic: Hex s redirect traffic or port forwarding
Replies: 10
Views: 308

Re: Hex s redirect traffic or port forwarding

TO SOLVE THE APPLICATION DILEMMA If communication by the application is by domain name, then we can use DNS to force computers to that LANIP. Assume application searches for domain name and its www.myserver.net Pre STEP1 Work -Remove this current static rule or it will take precedence /ip dns static...
by anav
Fri Sep 24, 2021 8:14 pm
Forum: Beginner Basics
Topic: Hex s redirect traffic or port forwarding
Replies: 10
Views: 308

Re: Hex s redirect traffic or port forwarding

Starting to make sense!! (1) FROM /ip address add address=192.168.0.99/24 comment=defconf interface=ether2 network=\ 192.168.0.0 TO /ip address add address=192.168.0.99/24 comment=defconf interface= bridge network=\ 192.168.0.0 (2) Lets go back to basics on nat rules........ /ip firewall nat add act...
by anav
Fri Sep 24, 2021 7:23 pm
Forum: Wireless Networking
Topic: CubeG-5ac60adpair not working out-of-box
Replies: 13
Views: 440

Re: CubeG-5ac60adpair not working out-of-box

Interesting, doesn't the cube IP address have to be modified to be on the same LAN subnet as what the first router is providing??
by anav
Fri Sep 24, 2021 7:23 pm
Forum: Wireless Networking
Topic: CubeG-5ac60adpair not working out-of-box
Replies: 13
Views: 440

Re: CubeG-5ac60adpair not working out-of-box

Interesting, doesn't the cube IP address have to be modified to be on the same LAN subnet as what the first router is providing??
by anav
Fri Sep 24, 2021 7:18 pm
Forum: Beginner Basics
Topic: Hex s redirect traffic or port forwarding
Replies: 10
Views: 308

Re: Hex s redirect traffic or port forwarding

But of course it would LOL

My bad, it should be
/ip firewall nat add chain=srcnat action=src-nat out-interface=ether1 to-address=192.168.51.138
by anav
Fri Sep 24, 2021 5:17 pm
Forum: General
Topic: Ip cloud behind "gray" IP
Replies: 3
Views: 184

Re: Ip cloud behind "gray" IP

Try winboxremote............
by anav
Fri Sep 24, 2021 5:15 pm
Forum: Beginner Basics
Topic: Hex s redirect traffic or port forwarding
Replies: 10
Views: 308

Re: Hex s redirect traffic or port forwarding

KK, did you fix the errors in the config?

Also, if I am on a browser and am going out http or https ports 80 or 443 or for that matter
any browser entry in the form www.address.com:XXXX where port XXXX could be any port,
how is that going to come in on port 105 on the simulator???
by anav
Fri Sep 24, 2021 5:06 pm
Forum: Beginner Basics
Topic: Problem with Wireguard on 2xWAN
Replies: 3
Views: 192

Re: Problem with Wireguard on 2xWAN

Hi there, not convinced you need any mangling at this point. (1) I would have two wireguard server configs and two wireguard peer configs (one for each WAN). Name WG-WAN1 and WG-WAN2 (2) I would have two separate input chain rules for two different listening ports (udp) to accept incoming initial es...
by anav
Fri Sep 24, 2021 4:32 pm
Forum: Beginner Basics
Topic: Hex s redirect traffic or port forwarding
Replies: 10
Views: 308

Re: Hex s redirect traffic or port forwarding

The explanation is still lacking. Can you explain the use case or requirements without any mention of the config. I need person X, or Device Y to be able to ............... I am running a server and want devices or persons to ........... in relation to the server. Mixing up the config with requireme...
by anav
Fri Sep 24, 2021 4:16 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 27
Views: 2324

Re: v6.49rc [testing] is released!

Nice changelog!
I think its possible to tell your staff these things on the Mikrotik LAN vice public forum, or were
you simply trying to point out the HUGE improvement over the latest 7.1c release LOL.
I would never have noticed unless you brought it up. ;-PP
by anav
Fri Sep 24, 2021 1:06 am
Forum: General
Topic: dst-nat support for shifted portmap ranges?
Replies: 34
Views: 4945

Re: dst-nat support for shifted portmap ranges?

Hi there, Can you confirm that the router assigns the ports in a contiguous manner. Its one thing to show port selection boxes but quite another to sample the behaviour. I too am of camp tha if I port forward a range of ports 2-5 and translate 10-13, then it maps 2-10, 3-11, 4-12, 5-13 etc.... I wou...
by anav
Fri Sep 24, 2021 12:03 am
Forum: Beginner Basics
Topic: Issue with HiSense aircon
Replies: 6
Views: 334

Re: Issue with HiSense aircon

This could be as simple as the DNS settings within the HI AIRCON. if the firmware is coded to provide domain name that is not in the right format (upper case lower whatever it is), the MT device will accept the wrong domain name but when it returns traffic to the HIAIRCON it will fix the domain name...
by anav
Thu Sep 23, 2021 8:12 pm
Forum: General
Topic: Change macaddress to lte interface.
Replies: 19
Views: 694

Re: Change macaddress to lte interface.

Ahh, I thought you were trying to escape Poland by walking across the border, hidden in a Halloween Costume.
by anav
Thu Sep 23, 2021 7:53 pm
Forum: General
Topic: Mikrotik configuration for Mobile Phone Screen Share with Smart LED Television
Replies: 2
Views: 875

Re: Mikrotik configuration for Mobile Phone Screen Share with Smart LED Television

Did you try
Third party Apps options:
a. ApowerMirror
b. LetsView

Perhaps you are trying MIracast?
Miracast is peer to peer phone/laptop to tv direct is it not.
by anav
Thu Sep 23, 2021 6:53 pm
Forum: Beginner Basics
Topic: Blocking incoming DNS
Replies: 4
Views: 192

Re: Blocking incoming DNS

That is the best script you have ever written rextended. ;-)
by anav
Thu Sep 23, 2021 6:52 pm
Forum: Beginner Basics
Topic: vlan across two mikrotik devices
Replies: 6
Views: 239

Re: vlan across two mikrotik devices

Makes sense, I have my CCR1009 handling a gig fiber network (primary) and also have a cable modem (backup except primary for email as it was our primary for many years).. I have a hex router mostly configured as a plug-in back up in case the router fails. My other hex is now a switch on my desk and ...
by anav
Thu Sep 23, 2021 6:22 pm
Forum: Wireless Networking
Topic: How do I dual- and tri-band guest networks
Replies: 1
Views: 75

Re: How do I dual- and tri-band guest networks

Just add virtual networks as you need them.
Most MT wifi products come with two radios, one with 2.4 and one with 5, to get more wlans, you add virtual ones.
They share the same frequency and wifi settings but can be on different vlans and have different ssids.
by anav
Thu Sep 23, 2021 6:17 pm
Forum: Beginner Basics
Topic: vlan across two mikrotik devices
Replies: 6
Views: 239

Re: vlan across two mikrotik devices

Why?
Not just have one router wth two WAN connections??
by anav
Thu Sep 23, 2021 6:12 pm
Forum: General
Topic: Forward all http/https traffic to LAN pc?
Replies: 1
Views: 76

Re: Forward all http/https traffic to LAN pc?

So in short, YOu need a way to configure on the router to send all traffic to a local IP behind the router (a pc) which has a tunnel setup to an external PC which then accesses the internet? Not familiar with KCPTUN is a type of VPN? Sounds plausible just dont know if its a matter of Route selection...
by anav
Thu Sep 23, 2021 6:06 pm
Forum: General
Topic: New to MikroTik, only one issue...
Replies: 4
Views: 191

Re: New to MikroTik, only one issue...

What is better in terms of router access is to separate out the admin from the rest of the trusted subnet user for access to the router for config purposes. The rule in the input chain becomes add action=accept chain=input in-interface=ether2 src-address-list=adminaccess where firewall address list ...
by anav
Thu Sep 23, 2021 5:58 pm
Forum: General
Topic: New to MikroTik, only one issue...
Replies: 4
Views: 191

Re: New to MikroTik, only one issue...

Hi there. Looking at your config, interesting not useing any bridge which I suppose is fine. Also assuming that your ether2 is connected to a smart device which can read/handle the untagged traffic coming in from ether2 and the tagged traffic coming in on the three vlans ??? Where you start to go as...
by anav
Thu Sep 23, 2021 5:26 pm
Forum: General
Topic: how to remove default vlan from bridge in crs 317
Replies: 6
Views: 239

Re: how to remove default vlan from bridge in crs 317

Without a valid reason, I can only conclude the entire IT team of your organization doesnt have a clue.
Now realistically that cannot be true, which means I dont have the clue and thats why I am asking..............
by anav
Thu Sep 23, 2021 5:24 pm
Forum: General
Topic: Change macaddress to lte interface.
Replies: 19
Views: 694

Re: Change macaddress to lte interface.

The most interesting part of this thread is the origin of....... if not LTE related then........ SiB - Stuck In Back ? SiB - sibling SiB - Stabbed in back? SiB - Service integration bus? SiB- Swiss Institute of Bioinformatics &*& Found IT **** SiB - Self Injurious Behaviour ( also known as t...
by anav
Thu Sep 23, 2021 5:07 pm
Forum: Beginner Basics
Topic: Problem with Wireguard on 2xWAN
Replies: 3
Views: 192

Re: Problem with Wireguard on 2xWAN

That depends................ What is your plan with wireguard. Is the router acting as a client or a server? Is the wireguard supposed to come in on or go out one particular WAN. Posting the config is good but also need to hear you requirements/setup. As for your config, its a bloated mess. I would ...
by anav
Thu Sep 23, 2021 3:47 pm
Forum: General
Topic: how to remove default vlan from bridge in crs 317
Replies: 6
Views: 239

Re: how to remove default vlan from bridge in crs 317

Removing vlan1 seems like a rather odd practice, do you know why??
by anav
Thu Sep 23, 2021 3:45 pm
Forum: General
Topic: 2 MT routers, but one having problems with internet [SOLVED]
Replies: 9
Views: 274

Re: 2 MT routers, but one having problems with internet [SOLVED]

are they connected to each other in some way and if so provide a network diagram.
if not and just two different instances of an internet connection.
post the the non-working one
/export hide-sensitive file=anynameyouwish
by anav
Thu Sep 23, 2021 3:43 pm
Forum: Beginner Basics
Topic: vlan across two mikrotik devices
Replies: 6
Views: 239

Re: vlan across two mikrotik devices

network diagram would help
by anav
Thu Sep 23, 2021 3:27 am
Forum: Wireless Networking
Topic: Devices cannot connect to both APs
Replies: 9
Views: 490

Re: Devices cannot connect to both APs

Noted that my text was not perfect on the bridge port lines for the devices......... for a trunk port its ingress-filtering=yes frame-types= admit-only-VLAN-tagged {i forgot the word vlan} Repost the three configs so we can see what state they are in for a final tweaking........... In general: Bridg...
by anav
Thu Sep 23, 2021 3:24 am
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 640

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

Not feeling brave rexentended? Okay hypothetically if wireguard was included in a stable version............................. Sindy if I had to read the tea leaves after you drank the ipsec coolaid there, I would summarize by saying IPIP IPSEC OKAY (no gain over IPsec in tunnel mode) MT IP OVER GRE ...
by anav
Thu Sep 23, 2021 3:15 am
Forum: Beginner Basics
Topic: Access IP after WAN
Replies: 5
Views: 353

Re: Access IP after WAN

So lets see if I can understand what your are doing. You have internet coming on an the RB750 wired (normal ISP etc). You wish to share this internet with another location via LAN network. You use a pair of SXT devices to create a wifi link for the LAN network. THe second SXT is setup as a WAN devic...
by anav
Wed Sep 22, 2021 10:49 pm
Forum: General
Topic: dstnat in conflict with gre over IPsec tunnel [SOLVED]
Replies: 22
Views: 640

Re: dstnat in conflict with gre over IPsec tunnel [SOLVED]

@rextended,
when to use EoIP Ipsec (GRe) vs when to use wireguard??
by anav
Wed Sep 22, 2021 10:30 pm
Forum: Beginner Basics
Topic: Remove port 5 from the bridge
Replies: 9
Views: 496

Re: Remove port 5 from the bridge

Hint if your getting a red return on a script line, its a good practice to go to the winbox entry that corresponds.
for example

when I go to bridge ports for a particular ethernetport this is what comes up and one can check if script matches.....
bports.jpg
by anav
Wed Sep 22, 2021 10:25 pm
Forum: Beginner Basics
Topic: Remove port 5 from the bridge
Replies: 9
Views: 496

Re: Remove port 5 from the bridge

Ahhh,
okay sorry
admit-only-vlan-tagged
by anav
Wed Sep 22, 2021 9:43 pm
Forum: General
Topic: Recursive routing breaks interface-specific locally-originated traffic.
Replies: 5
Views: 212

Re: Recursive routing breaks interface-specific locally-originated traffic.

Assuming you understood all the items you copied and stuck into your config, then you will have to wait for someone else that has a much higher level of knowledge of your settings to assist. I prefer the default firewall rules and a clean config, not much else because in 98% of cases thats all that ...
by anav
Wed Sep 22, 2021 9:32 pm
Forum: Beginner Basics
Topic: Remove port 5 from the bridge
Replies: 9
Views: 496

Re: Remove port 5 from the bridge

Observations: Probably because you may be copying verbatim. The instructions here { are not part of any script but to explain to you certain points about that entry !! add bridge=bridgewon comment=defconf interface=ether1-trunk ingress-filtering=yes frame-types=admit-only-tagged {assuming trunk port...
by anav
Wed Sep 22, 2021 9:26 pm
Forum: Beginner Basics
Topic: Should WAN be part of Bridge ?
Replies: 4
Views: 250

Re: Should WAN be part of Bridge ?

Disagree, unless this is a wifi device where the choice of WISP vs AP vs something else has to be made.
If this is a router scenario, do not use quickset.
If this is a switch (no wifi) scenario no need to use quickset after selecting bridge (and even that is not really required)
by anav
Wed Sep 22, 2021 9:22 pm
Forum: Wireless Networking
Topic: Devices cannot connect to both APs
Replies: 9
Views: 490

Re: Devices cannot connect to both APs

This should be up and running in 5 minutes once you have changed the configs.
by anav
Wed Sep 22, 2021 8:48 pm
Forum: Wireless Networking
Topic: Devices cannot connect to both APs
Replies: 9
Views: 490

Re: Devices cannot connect to both APs

Phuck capsman. this is for non caps twit setups........ HA AC2 and LITE should mirror the switch in design the ONLY difference is that the WLAN are added as access bridge ports. What you need to do is REMOVE VLAN settings in wifi settings, no mode, no vlans etc. USE BRIDGE PORT settings ex ./interfa...
by anav
Wed Sep 22, 2021 8:40 pm
Forum: Wireless Networking
Topic: Devices cannot connect to both APs
Replies: 9
Views: 490

Re: Devices cannot connect to both APs

Switch next Are we to assume that the ether3 and ether5 connections to wireless devices are to SMART devices (able to read vlan tags - I will assume yes) Also assuming that vlan100 is the trusted vlan that the admin uses to configure devices!!! (1) Vlan settings - minor tweaking) /interface bridge p...
by anav
Wed Sep 22, 2021 8:25 pm
Forum: Wireless Networking
Topic: Devices cannot connect to both APs
Replies: 9
Views: 490

Re: Devices cannot connect to both APs

Okay late to the game but I will play. First 4011 (1) why is ether1 part of the bridge remove it. (2) Bridge Port: a. why is the sfp port named a trunk port but you have a pVID on it. That makes it either an access port or a hybrid port (not trunk). Remove the pvid is my suggestion b. bridge ports ,...
by anav
Wed Sep 22, 2021 8:11 pm
Forum: Beginner Basics
Topic: Access IP after WAN
Replies: 5
Views: 353

Re: Access IP after WAN

Very confusing, please draw a labelled network diagram to show your network please.
by anav
Wed Sep 22, 2021 8:06 pm
Forum: Beginner Basics
Topic: Should WAN be part of Bridge ?
Replies: 4
Views: 250

Re: Should WAN be part of Bridge ?

If the device is being used as a switch there is no WAN port, just a trunk port coming from one source and its part of the bridge yes! Just to clarify the confusing response that is not really germane because the OP noted the LAN has DHCP services etc.......... Whereas a switch does not usually prov...
by anav
Wed Sep 22, 2021 6:27 pm
Forum: General
Topic: Recursive routing breaks interface-specific locally-originated traffic.
Replies: 5
Views: 212

Re: Recursive routing breaks interface-specific locally-originated traffic.

Yeah, I find your config one big confusing mess. Probably you haveve some very legitimate and interesting things going within the router as its very complex. I am not sure so much inter router routing is required if on subnets................. but not sure why LTE is part of the bridge ports? Can it...
by anav
Wed Sep 22, 2021 5:44 pm
Forum: General
Topic: routing between VLANs
Replies: 14
Views: 744

Re: routing between VLANs

Okay so you want the users to share WAN1 and WAN3 in a load balance arrangement where roughly WAN1 is selected for 1 session while WAN3 is selected for two sessions type of ratio basis. So for every three new sessions the router handles outbound, two will go out WAN3 and one will go out WAN1. Yeah t...
by anav
Wed Sep 22, 2021 5:39 pm
Forum: General
Topic: Policy based routing using two uplinks
Replies: 13
Views: 19206

Re: Policy based routing using two uplinks

Please provide your config
/export hide-sensitive file=anynameyouwish
by anav
Wed Sep 22, 2021 5:36 pm
Forum: General
Topic: Recursive routing breaks interface-specific locally-originated traffic.
Replies: 5
Views: 212

Re: Recursive routing breaks interface-specific locally-originated traffic.

A network diagram would help.
/export hide-sensitive file=anynameyouwish
by anav
Wed Sep 22, 2021 5:33 pm
Forum: Beginner Basics
Topic: Help configuring RB260GSP, hAP ac lite & Metal 52 ac
Replies: 13
Views: 913

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

If i recall in days long gone, connect with PC then clone pC mac address on router mac address ??
by anav
Wed Sep 22, 2021 11:12 am
Forum: RouterOS v7 BETA
Topic: Routing Mark and Wireguard are not compatible (RC4)
Replies: 2
Views: 255

Re: Routing Mark and Wireguard are not compatible (RC4)

Works fine for me, perhaps its the rc version you are using.
by anav
Tue Sep 21, 2021 9:31 pm
Forum: General
Topic: routing between VLANs
Replies: 14
Views: 744

Re: routing between VLANs

Hi there.. I have attempted to give you a cleaned up rational setup that makes sense to simple me. Once we know what is desired in terms of requirements more can be done or stuff can be modified, removed added as appropriate. Note: I removed bridge from any dhcp etc and gave its work to vlan 11 (pre...
by anav
Tue Sep 21, 2021 8:39 pm
Forum: General
Topic: routing between VLANs
Replies: 14
Views: 744

Re: routing between VLANs

You still havent applied the code tags to your previous post ????

Assume then the core switch passed all the WAN Connections via vlans to the Router via ether1.
Not sure how to best address that on the router .......................
by anav
Tue Sep 21, 2021 8:38 pm
Forum: General
Topic: Looking for a recommendation on a setup
Replies: 1
Views: 167

Re: Looking for a recommendation on a setup

No need to start another thread, the diagram and discussion to date are located here.............
viewtopic.php?f=2&t=178480&p=881283#p881283
by anav
Tue Sep 21, 2021 8:36 pm
Forum: General
Topic: Anonymous user tried to log in
Replies: 7
Views: 424

Re: Anonymous user tried to log in

Login to what? Why is normal user anywhere near a login attempt?? Is this for an open server? With such sparse details, one cant make much of the post. Mikrotik server is used to manage an open network such as restaurants or hotels, but with subscriptions using hotspots and user manager Is this use...
by anav
Tue Sep 21, 2021 8:28 pm
Forum: General
Topic: Magic troubles button "Reset all counters" from MikroTik [SOLVED]
Replies: 8
Views: 655

Re: Magic troubles button "Reset all counters" from MikroTik [SOLVED]

Sure, here is what I have in my home. By the way. HOUSE Main Panel includes one CB - Surge for entire house. ****UPS For Two ISP modems, router, switches, etc (in garage) (APC Backups Pro 1000S & APC Backups 1500 & APC Backups XS 1000) all tall UPS downstairs for 2 switches and power for two...
by anav
Tue Sep 21, 2021 5:00 pm
Forum: General
Topic: Need help on rb750gr3 about maximum lan connection
Replies: 40
Views: 1389

Re: Need help on rb750gr3 about maximum lan connection

Okay, got it............... does reduce the possibilities or simplify depending upon perspective.
by anav
Tue Sep 21, 2021 4:46 pm
Forum: General
Topic: Anonymous user tried to log in
Replies: 7
Views: 424

Re: Anonymous user tried to log in

Login to what?
Why is normal user anywhere near a login attempt??
Is this for an open server?

With such sparse details, one cant make much of the post.
by anav
Tue Sep 21, 2021 4:13 pm
Forum: General
Topic: Need help on rb750gr3 about maximum lan connection
Replies: 40
Views: 1389

Re: Need help on rb750gr3 about maximum lan connection

If that is the case, what should I do? Should I upgrade my ISP plan to business type?
I personally would attempt to upgrade if they provided just a modem and you got a public IP address and more bandwidth would be nice (and not capped or shaped).
by anav
Tue Sep 21, 2021 4:10 pm
Forum: General
Topic: Need help on rb750gr3 about maximum lan connection
Replies: 40
Views: 1389

Re: Need help on rb750gr3 about maximum lan connection

With two unmanaged switches, I would not know how to distribute to all the wireless routers unless every device was on the same LAN. So my lack of knowledge would suggest you get managed switches as a starting point. What Wireless Routers are you using as (im assuming are acting as Access Point / sw...
by anav
Tue Sep 21, 2021 4:06 pm
Forum: General
Topic: Magic troubles button "Reset all counters" from MikroTik [SOLVED]
Replies: 8
Views: 655

Re: Magic troubles button "Reset all counters" from MikroTik [SOLVED]

home: power outages = UPS, no more worries.
Business: power outages = better UPS no more worries.
Business: Longer term power outages = better UPS + generator

Avoiding proper use of functionality is a temporary excuse the first time it happens, next time be prepared.
by anav
Tue Sep 21, 2021 4:00 pm
Forum: Beginner Basics
Topic: NAT Loopback (WAN NAT Redirect) Instruction [SOLVED]
Replies: 6
Views: 464

Re: NAT Loopback (WAN NAT Redirect) Instruction [SOLVED]

Did you try the DNS method yet?? For static wanip or dynamic wanip you need to add a sourcenat rule. format: server lan subnet 192.168.66.x add chain=srcnat action=masquerade dst-address=192.168.66.0/24 src-address=192.168.66.0/24 If you have a dynamic IP then your dst nat rules which should be in t...
by anav
Mon Sep 20, 2021 10:44 pm
Forum: General
Topic: Bind Webfig and ssh to a vlan
Replies: 11
Views: 476

Re: Bind Webfig and ssh to a vlan

I provided the full config on this thread to manage your hapac....... https://forum.mikrotik.com/viewtopic.php?f=7&t=178666#p880991 It also addresses the mess you made on your config post above and simplifies it down to what is required. That gets you winbox access very easily. If you want to ac...
by anav
Mon Sep 20, 2021 10:15 pm
Forum: General
Topic: routing between VLANs
Replies: 14
Views: 744

Re: routing between VLANs

Use code tags on configs, tis the black square with white square brackets to the right of the B .. I .. U in the text edit line under the title of the thread ,when in edit mode! Dont give a bridge the name of a common other used term in configurations such as LAN.............. it gets very confusing...
by anav
Mon Sep 20, 2021 9:09 pm
Forum: Wireless Networking
Topic: Signs of flaky cAP AC hardware?
Replies: 5
Views: 407

Re: Signs of flaky cAP AC hardware?

tplink eap245, get one try it, if solves issues get more. Works for me far more stable than capac.
To be fair, many iot devices and apple device are just plain ornery when it comes to wifi.
by anav
Mon Sep 20, 2021 9:01 pm
Forum: Beginner Basics
Topic: Remove port 5 from the bridge
Replies: 9
Views: 496

Re: Remove port 5 from the bridge

Interesting, ewon devices eh. Okay so the WANPORT just needs internet access and is used for the vpn hearbeat and any remote access from the cloud. Remote users with ewon software at their pc, access the ewon cloud and then a tunnel is established with the ewon, permitting remote access to the iot d...
by anav
Mon Sep 20, 2021 5:10 pm
Forum: General
Topic: Need help on rb750gr3 about maximum lan connection
Replies: 40
Views: 1389

Re: Need help on rb750gr3 about maximum lan connection

What is the brand model of the modem router?
Do you have access to this device on its router side (to set port forwarding for example)
Can you get a public IP from the ISP device or a private IP only. (contact your ISP provider to find out).

What brand and model are your switches?
by anav
Mon Sep 20, 2021 5:04 pm
Forum: General
Topic: DHCP alert every minute on all vlans
Replies: 14
Views: 611

Re: DHCP alert every minute on all vlans

What was the intent of logging dhcp alerts. What issue prompted you to set the log??
Offering without success, yes I see those two and dont know if its an MT issue, I suspect they are issues to do with IOT devices or apple devices.
by anav
Mon Sep 20, 2021 4:51 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 159
Views: 12623

Re: v7.1rc4 [development] is released!

I am not playing the c3,c4 game but if I was, I would not be upgrading based on the improvement or changes which are frugal to almost none. So for all the people complaining it still doesnt do X and Y, why do you ? They didnt state it was fixed? Something needs to change, and that clearly is a detai...
by anav
Mon Sep 20, 2021 2:59 pm
Forum: General
Topic: Bind Webfig and ssh to a vlan
Replies: 11
Views: 476

Re: Bind Webfig and ssh to a vlan

This is a really good guide to vlans
viewtopic.php?f=23&t=143620
by anav
Mon Sep 20, 2021 2:53 pm
Forum: General
Topic: Poor inter-vlan routing and High "Networking" CPU usage on RB5009
Replies: 19
Views: 845

Re: Poor inter-vlan routing and High "Networking" CPU usage on RB5009

Good to hear, I made some subtle changes to my previous post emergaccess address not being the gateway of .1, changed to .2, but very minor. Looking forward to your feedback. So it sounds like you have some devices on the same subnet as the server that need access to the server (and for some reason ...
by anav
Mon Sep 20, 2021 2:47 pm
Forum: General
Topic: LTE Bridge Vlan help.
Replies: 7
Views: 491

Re: LTE Bridge Vlan help.

Please post configs on both units.

/export hide-sensitive file=anynameyouwish
by anav
Mon Sep 20, 2021 2:46 pm
Forum: General
Topic: HELP! Mikrotik router is accessible from outside
Replies: 4
Views: 311

Re: HELP! Mikrotik router is accessible from outside

please post config
/export hide-sensitive file=anynameyouwish
by anav
Mon Sep 20, 2021 2:43 pm
Forum: Beginner Basics
Topic: Remove port 5 from the bridge
Replies: 9
Views: 496

Re: Remove port 5 from the bridge

So you have a HAPAC Lite that you want to setup as an access point / switch. What is the main router brand/model connected to the hapac lite? Did you only have the option of one cable to the device from the router. Why is it that ethernet5 should not be on the bridge.......... In ohter words the req...
by anav
Mon Sep 20, 2021 2:39 pm
Forum: Beginner Basics
Topic: NAT Loopback (WAN NAT Redirect) Instruction [SOLVED]
Replies: 6
Views: 464

Re: NAT Loopback (WAN NAT Redirect) Instruction [SOLVED]

Then there are some hairpin NAT type rules if the DNS method is not what is desired.
One should know if one has a fixed WANIP/static or a dynamic WANIP as that will dictate the design.
by anav
Mon Sep 20, 2021 2:37 pm
Forum: Beginner Basics
Topic: NAT Loopback (WAN NAT Redirect) Instruction [SOLVED]
Replies: 6
Views: 464

Re: NAT Loopback (WAN NAT Redirect) Instruction [SOLVED]

Hello guys, I bought my first Mikrotik hAP (RB962UiGS-5HacT2HnT) a week ago. I am a newbie regarding RouterOS. However I created a NAT rule for port forwarding to access internal host from the Internet and it works without problems. But I cannot access this host from the LAN using the public IP add...
by anav
Mon Sep 20, 2021 12:40 am
Forum: Wireless Networking
Topic: Accesspoint only with VLANs
Replies: 17
Views: 672

Re: Accesspoint only with VLANs

This is pretty close to what I have on my capac (same deal as hapac less ports) (1) You will note that I have removed ether5 from the bridge. I have given it an IP address of 192.168.66.2, what this will allow you to do is access the router EVEN IF THE BRIDGE IS SCREWED DURING CONFIGURATION. I call ...
by anav
Sun Sep 19, 2021 7:40 pm
Forum: General
Topic: Routing rule not working
Replies: 12
Views: 499

Re: Routing rule not working

Thanks Sindy, I did look at the pictures and I saw a horror show of ip routes.:-), Glad they looked okay to you though for the Ops sake. Yeah way over my head, pass!!. New and interesting........ using the INCLUDE rule in the interface members list!! routing table fib?? What happens to vla30 on the ...
by anav
Sun Sep 19, 2021 7:38 pm
Forum: General
Topic: Inter VLAN filtering fom VLAN A to VLAN B
Replies: 23
Views: 853

Re: Inter VLAN filtering fom VLAN A to VLAN B

So the switch is not the key, its the router that has to be able to hardware offload first??
by anav
Sun Sep 19, 2021 7:17 pm
Forum: General
Topic: Inter VLAN filtering fom VLAN A to VLAN B
Replies: 23
Views: 853

Re: Inter VLAN filtering fom VLAN A to VLAN B

What @zacharias wants to hide from @anav (by not saying it out loud) is the fact that any device running ROS can be a router. This includes switch CRS312-4C+8XG ... which can do (limited set of) L3 tasks wirespeed if running v7.1. I guess that (accompanied with a glass of Canadian rye) is making @a...
by anav
Sun Sep 19, 2021 7:14 pm
Forum: General
Topic: Routing rule not working
Replies: 12
Views: 499

Re: Routing rule not working

Not sure why you post pictures,
one should post their config
/export hide-sensitive file=anynameyouwish
by anav
Sun Sep 19, 2021 7:12 pm
Forum: Beginner Basics
Topic: Traffic to management of MikroTik switches not going through
Replies: 16
Views: 781

Re: Traffic to management of MikroTik switches not going through

Well pun intended, knowing what the router is doing and provides to the switch is key !!
by anav
Sun Sep 19, 2021 4:49 pm
Forum: Beginner Basics
Topic: Traffic to management of MikroTik switches not going through
Replies: 16
Views: 781

Re: Traffic to management of MikroTik switches not going through

What about the config of the MT router that is used to connect to the switches??
by anav
Sun Sep 19, 2021 4:45 pm
Forum: General
Topic: Inter VLAN filtering fom VLAN A to VLAN B
Replies: 23
Views: 853

Re: Inter VLAN filtering fom VLAN A to VLAN B

I see, I have to make the question simple to get a clear answer!! Easy question 1: How does one get traffic to pass from one vlan to another on a switch, without access the parent router to do so!! Easy question 2: In the above case, to what extent does the router provide any vlan interactions or se...
by anav
Sun Sep 19, 2021 4:26 pm
Forum: General
Topic: Poor inter-vlan routing and High "Networking" CPU usage on RB5009
Replies: 19
Views: 845

Re: Poor inter-vlan routing and High "Networking" CPU usage on RB5009

Okay so good to know that you have a static WANIP, as stated I thought PPPOE provide dynamic WANIPs, since none of the experts corrected me, I assumed I was on the right track. Perhaps they are half in the bag (heavy bout of drinking this weekend).. In any case, yes if static, leave the destination ...
by anav
Sun Sep 19, 2021 4:20 pm
Forum: General
Topic: Poor inter-vlan routing and High "Networking" CPU usage on RB5009
Replies: 19
Views: 845

Re: Poor inter-vlan routing and High "Networking" CPU usage on RB5009

I dont even know where you got to those Bridge Settings, I dont see that on my devices. My advice is to keep everything default! In any case the only thing you need to do is give the bridge a unique name if you dont like the word bridge. Then after the bridge port and bridge vlan settings are comple...
by anav
Sun Sep 19, 2021 4:16 pm
Forum: General
Topic: Poor inter-vlan routing and High "Networking" CPU usage on RB5009
Replies: 19
Views: 845

Re: Poor inter-vlan routing and High "Networking" CPU usage on RB5009

I am waiting for pcunite to produce a scintillating document on how to configure the RB4011 Not the vlan filtering way...... BUT back to the OP........... Okay Nick, (1) Now that I understand the intent for ether8, your original idea was better. I call this my ether8-emergaccess Where I assign an un...
by anav
Sun Sep 19, 2021 4:00 pm
Forum: Beginner Basics
Topic: Help configuring RB260GSP, hAP ac lite & Metal 52 ac
Replies: 13
Views: 913

Re: Help configuring RB260GSP, hAP ac lite & Metal 52 ac

Sounds like the metal unit should simply be an accesspoint switch antenna so to speak, no decisions required just a conduit for wifi signal to the HAPAC. On the hapac you are connected via PC to one port do to the authentication required is my guess. I dont think there is a way for the router to ans...
by anav
Sun Sep 19, 2021 4:37 am
Forum: General
Topic: Inter VLAN filtering fom VLAN A to VLAN B
Replies: 23
Views: 853

Re: Inter VLAN filtering fom VLAN A to VLAN B

So what is the router involvement in those specific VLANS, nothing?
DHCP and everything done on the switch?? What is the breakdown..........
by anav
Sat Sep 18, 2021 8:14 pm
Forum: Wireless Networking
Topic: LTE connected to cell with good signal strength but the speed is 0/0
Replies: 3
Views: 420

Re: LTE connected to cell with good signal strength but the speed is 0/0

Please post config of LTE as well
/export hide-sensitive file=anynameyouwish
by anav
Sat Sep 18, 2021 8:08 pm
Forum: General
Topic: Poor inter-vlan routing and High "Networking" CPU usage on RB5009
Replies: 19
Views: 845

Re: Poor inter-vlan routing and High "Networking" CPU usage on RB5009

IM almost done sindy, you will have wait another 5minutes and the perhaps you have multiple points to bring up LOL
Okay done now!
by anav
Sat Sep 18, 2021 7:47 pm
Forum: General
Topic: Poor inter-vlan routing and High "Networking" CPU usage on RB5009
Replies: 19
Views: 845

Re: Poor inter-vlan routing and High "Networking" CPU usage on RB5009

Assuming your server has multiple NICs? I would keep the default pvid of 1 and create a proper vlan30 You have 5/6 ip pools but only 4 vlans? How do you partition both management and access IP structure?? Ah okay I see, your using ether8 for management and using the bridge for access .............ye...
by anav
Sat Sep 18, 2021 7:44 pm
Forum: General
Topic: Inter VLAN filtering fom VLAN A to VLAN B
Replies: 23
Views: 853

Re: Inter VLAN filtering fom VLAN A to VLAN B

Depends on the requirements! If you need to move a lot of traffic between devices on a network then a powerful switch is a great idea. If you dont and most of the traffic is between device on the network and the internet you dont need a powerful switch but a honking router. In other words, IMHO, if ...
by anav
Sat Sep 18, 2021 7:36 pm
Forum: Beginner Basics
Topic: Real DMZ on second IP range
Replies: 15
Views: 892

Re: Real DMZ on second IP range

MKX charges per character.................. the forum is free LOL
We like dirty laundry!!
by anav
Sat Sep 18, 2021 7:28 pm
Forum: Beginner Basics
Topic: Home Lab, Hairpin NAT situation(?) not working (with vlans) [SOLVED]
Replies: 9
Views: 1340

Re: Home Lab, Hairpin NAT situation(?) not working (with vlans) [SOLVED]

Lets take a look at your firewall forward chain.... add action=accept chain=forward comment="ENABLE LAN to WAN" in-interface-list=LAN out-interface-list=WAN add action=accept chain=forward comment="Allow Port Forwarding" connection-nat-state=dstnat in-interface=ether1 add action=...
by anav
Sat Sep 18, 2021 7:11 pm
Forum: Beginner Basics
Topic: Home Lab, Hairpin NAT situation(?) not working (with vlans) [SOLVED]
Replies: 9
Views: 1340

Re: Home Lab, Hairpin NAT situation(?) not working (with vlans) [SOLVED]

Glad everything is up and running. If you are talking about the discussion of Interface bridge vlan settings...... Basically for access ports you define them on the bridge port settings (untagged frames pvid=XX) The router dynamically (automatically based on the bridge port settings) assigns the int...
by anav
Sat Sep 18, 2021 4:52 pm
Forum: General
Topic: Inter VLAN filtering fom VLAN A to VLAN B
Replies: 23
Views: 853

Re: Inter VLAN filtering fom VLAN A to VLAN B

Not sure what is going on here but for the router this is
an excellent guide for the router setup to get your vlans to the switch,
After that, I am out of my element wrt to switch optimization.

viewtopic.php?f=23&t=143620
by anav
Sat Sep 18, 2021 4:46 pm
Forum: General
Topic: Need help on rb750gr3 about maximum lan connection
Replies: 40
Views: 1389

Re: Need help on rb750gr3 about maximum lan connection

NM.......

How in the heck are all those users going to use the SAME IP structure.
I know squat about assigning PPPOE clients from the router where one designs a ppoe servers etc.

Wouldnt it be easier to have 8 vlans (plus one management vlan) ?????
by anav
Sat Sep 18, 2021 4:43 pm
Forum: General
Topic: Randomly resets and can't open some webpages
Replies: 6
Views: 399

Re: Randomly resets and can't open some webpages

NAT RULES (1) Dst nat format missing !!! Ex. From add action=dst-nat chain=dstnat comment=DVR dst-port=80 protocol=tcp \ to-addresses=192.168.0.11 to-ports=80 TO add action=dst-nat chain=dstnat comment=DVR dst-port=80 protocol=tcp \ to-addresses=192.168.0.11 in-interface-list=WAN (Note: To ports not...
by anav
Sat Sep 18, 2021 4:32 pm
Forum: General
Topic: Randomly resets and can't open some webpages
Replies: 6
Views: 399

Re: Randomly resets and can't open some webpages

This rule is WRONG or at least VERY DANGEROUS Do not open up winbox to the internet. From /ip firewall filter add action=accept chain=input comment="WinBox Wan Administration" dst-port=\ 8282 protocol=tcp TO /ip firewall filter add action=accept chain=input comment="WinBox Wan Adminis...
by anav
Sat Sep 18, 2021 4:30 pm
Forum: General
Topic: Randomly resets and can't open some webpages
Replies: 6
Views: 399

Re: Randomly resets and can't open some webpages

This rule in interface list members should be removed, it does nothing or at least nothing good.
add list=LAN
by anav
Sat Sep 18, 2021 4:27 pm
Forum: Beginner Basics
Topic: Load balancing
Replies: 6
Views: 456

Re: Load balancing

The 5009 is newer architecture and will be supported longer is my guess.
by anav
Sat Sep 18, 2021 4:23 pm
Forum: Beginner Basics
Topic: Very slow internet speed when using CRS326
Replies: 4
Views: 344

Re: Very slow internet speed when using CRS326

Hi. I just searched the MT website for a router called CRS326 and it was nowhere to be found. As indicated it appears its a switch. Therefore I am assuming you bought it as a switch such that ISP modem----> current router ----> new Switch ---> to network However if your ISP throughput is like 200 up...
by anav
Sat Sep 18, 2021 4:16 am
Forum: Beginner Basics
Topic: CRS317-1G-16S+RM HELP REQUESTED!
Replies: 23
Views: 1184

Re: CRS317-1G-16S+RM HELP REQUESTED!

Please post your config
/export hide-sensitive file=anynameyouwish
by anav
Sat Sep 18, 2021 4:13 am
Forum: Beginner Basics
Topic: Load balancing
Replies: 6
Views: 456

Re: Load balancing

For about the same price there is a new router the 5009!
Take a look at that one as well.
by anav
Fri Sep 17, 2021 7:10 pm
Forum: Wireless Networking
Topic: Low WiFi speeds on hAP ac²
Replies: 17
Views: 1037

Re: Low WiFi speeds on hAP ac²

Often people have expectations and their purchases do not match expectations.
What is written in the quotes should not be derived as accurate until one understands
a. the true expectations
b. the full requirements.

Communication is not making assumptions it drilling down to the truth.
by anav
Fri Sep 17, 2021 7:02 pm
Forum: General
Topic: Bridge different VLANs together [SOLVED]
Replies: 5
Views: 482

Re: Bridge different VLANs together [SOLVED]

yes, my lack of knowledge is showing LOL and of course still dont understand the bridging you speak between two vlans..........
by anav
Fri Sep 17, 2021 6:55 pm
Forum: Beginner Basics
Topic: Real DMZ on second IP range
Replies: 15
Views: 892

Re: Real DMZ on second IP range

No actually I was doing something way more fun than reading your guesses LOL (taking care of my grand daughter)!
I still smell like baby poop. :-)
by anav
Fri Sep 17, 2021 2:54 pm
Forum: Wireless Networking
Topic: Low WiFi speeds on hAP ac²
Replies: 17
Views: 1037

Re: Low WiFi speeds on hAP ac²

mkx, the op has an hapac2, why discuss hapac3 and rb4011.
so I will talk about tplink eap245 that works well for wifi5 for 5 years!
or tplink 660hd which blows audience out of the water
by anav
Fri Sep 17, 2021 2:51 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1133

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Why would use mangle. My impression from the above discussion is that one can just create a route for that as sindy indicated. add distance=1 dst-address=3.3.3.3. gateway=Selected WAN gateway (for dns traffic) (assuming 3.3.3.3 is the NTP servers all the PCs are pointing too). Did you know mangle ne...
by anav
Fri Sep 17, 2021 2:45 pm
Forum: General
Topic: Bridge different VLANs together [SOLVED]
Replies: 5
Views: 482

Re: Bridge different VLANs together [SOLVED]

The description and requirements as stated in obscure linux config talk makes no sense to me. He asked or stated wants some vlans to turn into DIFFERENT VLANS????? what the heck does that mean Where are the different vlans. Something seem missing either in the answer or initial confusing poorly word...
by anav
Fri Sep 17, 2021 2:33 pm
Forum: General
Topic: Asing hAP ac lite as access point with SXT LTE 4G Router
Replies: 2
Views: 308

Re: Asing hAP ac lite as access point with SXT LTE 4G Router

If your intent is to use vlans, here is an excellent reference you could use on setting up both,
one as a router, one as a switch/access point.
viewtopic.php?f=23&t=143620
by anav
Fri Sep 17, 2021 2:32 pm
Forum: Beginner Basics
Topic: Real DMZ on second IP range
Replies: 15
Views: 892

Re: Real DMZ on second IP range

mkx stop guessing, its driving me crazy..........
OP provide network diagram and the config
/export hide-sensitive file=anynameyouwish
by anav
Thu Sep 16, 2021 11:11 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1133

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

I am to believe one subnet will drop all that horrible crap I see on my browser ???

So it would look like

isp 1 distance =1
isp 1 distance=1 route-mark=dropcrap

Ip route rule
destination address=157.249.0.24
Action: drop
table=dropcrap
by anav
Thu Sep 16, 2021 11:06 pm
Forum: Wireless Networking
Topic: New to networking
Replies: 3
Views: 303

Re: New to networking

I would use vlans via this reference to learn how to configure routers and access Points.........
viewtopic.php?f=23&t=143620
by anav
Thu Sep 16, 2021 11:03 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1133

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

How do I do that........
their destination addresses change all the time??
Route rule?
by anav
Thu Sep 16, 2021 11:01 pm
Forum: Beginner Basics
Topic: CRS317-1G-16S+RM HELP REQUESTED!
Replies: 23
Views: 1184

Re: CRS317-1G-16S+RM HELP REQUESTED!

There are two ways to configure switches in the MT world. This is the reference for the vlan filtering method https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 This is another way to make use of switch chips but to complex for me, however it may make sense depending upon your unit. https://...
by anav
Thu Sep 16, 2021 10:57 pm
Forum: Beginner Basics
Topic: CRS317-1G-16S+RM HELP REQUESTED!
Replies: 23
Views: 1184

Re: CRS317-1G-16S+RM HELP REQUESTED!

We assign conny to all the 'special' cases;. You are in good hands!
by anav
Thu Sep 16, 2021 10:53 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1133

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Yes, its all good ( I am also allergic to mangle). Destination address is the only choice, which surgically only sends traffic down the other WAN for packets heading to NTP servers, my attempt to use source or interface was wrong as it will send ALL traffic to the other wan. We make a good team, I m...
by anav
Thu Sep 16, 2021 10:46 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1133

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Ahh yes you are quite correct, the OP is not using the NTP Server package for MT. I wonder why not? So easy. THe question remains, can I force NTP traffic for the MT provided NTP service out a specific WAN using the ruleset I provided but using rextendeds Destination address method, assuming that my...
by anav
Thu Sep 16, 2021 10:35 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1133

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Modify that accordingly your needs and paste it on terminal. Legend: 3.3.3.3 / 6.6.6.6 / 7.7.7.7 NTP servers used from computers /ip route rule add dst-address=3.3.3.3/32 table=ntp add dst-address=6.6.6.6/32 table=ntp add dst-address=7.7.7.7/32 table=ntp /ip route add distance=1 gateway=<put-lte-ga...
by anav
Thu Sep 16, 2021 10:33 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1133

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

So a routing rule that says a request from an NTP client (on IP xxxx)
Should go out WAN AB will not work??

Ex.
Route ISP3
Route ISP3 routing-mark=usewanAB
with route rule
source-address=IP xxx
lookup only in table
table=usewanAB
by anav
Thu Sep 16, 2021 10:05 pm
Forum: General
Topic: Route ALL NTP traffic over a specific WAN [SOLVED]
Replies: 30
Views: 1133

Re: Route ALL NTP traffic over a specific WAN [SOLVED]

Why do you want NTP traffic to go out a certain WAN, it cannot be using up much bandwidth??
How many devices do you have that need NTP?

Can you create and put all these devices on a vlan if numerous?
by anav
Thu Sep 16, 2021 7:54 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

Nope no output rules here.
Only output rule I ever saw was this one but not sure what its for...............
add action=drop chain=output comment="Drop Access to WebUI" protocol=tcp src-port=80
by anav
Thu Sep 16, 2021 7:46 pm
Forum: Wireless Networking
Topic: New to networking
Replies: 3
Views: 303

Re: New to networking

what have you done so far/
Config on all units and network diagram
/export hide-sensitive file=anynameyouwish
by anav
Thu Sep 16, 2021 12:41 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

Ooops, my bad, I see it now!! (fasstrack) ICMP is allowed on the router normally because its useful for troubleshooting any issues on the router. ICMP between devices on LANs like any traffic between the LANs ( subnet A to subnet B or vlan10 to vlan20) is blocked at L3 by the default rules (BLOCK AL...
by anav
Thu Sep 16, 2021 12:33 pm
Forum: General
Topic: Help... for IP address scheme with multiple router
Replies: 2
Views: 267

Re: Help... for IP address scheme with multiple router

Forget about how the routers are connected and IP addresses, this will drag on for days. Instead, State what the requirements are for groups of devices/users (or single devices/users) in terms of a. what they should be able to do b. what they should not be able to do (examples, home users, guest use...
by anav
Thu Sep 16, 2021 12:27 pm
Forum: Beginner Basics
Topic: Will separate hardware firewall make the router safer? [SOLVED]
Replies: 8
Views: 2254

Re: Will separate hardware firewall make the router safer? [SOLVED]

Feel free to post your config here before you go live for advice.

/export hide-sensitive file=anynameyouwish
by anav
Thu Sep 16, 2021 12:25 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 25
Views: 5202

Re: WinBox v3.31 released!

Awesome!
by anav
Thu Sep 16, 2021 12:59 am
Forum: Beginner Basics
Topic: Can't ping other LAN clients over bridge mode
Replies: 1
Views: 228

Re: Can't ping other LAN clients over bridge mode

/export hide-sensitive file=anynameyouwish

on the microtik device.
by anav
Thu Sep 16, 2021 12:51 am
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

/interface bridge add fast-forward=no name=bridge-VLAN Should be add fast-forward=no name=bridge-VLAN vlan-filtering=yes Remember the advice? read this refernce..................... https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 In EVERY bridge example you see the following at the start ...
by anav
Thu Sep 16, 2021 12:38 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 38
Views: 12187

Re: MikroTik Wireguard server with Road Warrior clients

Your question is to vague but if it can it would be a script............
by anav
Thu Sep 16, 2021 12:34 am
Forum: Wireless Networking
Topic: Motel internet infrastructure
Replies: 12
Views: 823

Re: Motel internet infrastructure

Concur with Replace ISP router if possible, but in any case start with an MT router followed by a required MT switch. Where I disagree with others is MT wifi. Much depends upon the quality of your ISP service throughput, if there is wire to rooms/ or in hallways (Central areas for AP placement), num...
by anav
Thu Sep 16, 2021 12:23 am
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

FORWARD CHAIN FROM add action=accept chain=forward comment="Allow Established,Related" \ connection-state=established,related,untracked add action=drop chain=forward comment="Drop Invalid Connections" \ connection-state=invalid add action=accept chain=forward comment="Allow ...
by anav
Thu Sep 16, 2021 12:05 am
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

FROM /ip firewall address-list add address=192.168.X.X/24 list=Allowed-IP /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop inv...
by anav
Wed Sep 15, 2021 11:43 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

I am in the same bed with rextended '-0 jajajaja, anything is possible if you drink enough! There is nothing dangerous or particularly wrong, it is just inefficient. I also try to avoid ! rules because sometimes they have unintended consequences and also they can make rules harder to read/comprehend...
by anav
Wed Sep 15, 2021 9:01 pm
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

I am hoping someone else chimes in because I am all outta ideas.
You seem to be bang on with your config :-((
by anav
Wed Sep 15, 2021 8:59 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

anav !disagrees with rextended.

Now can I have a docker containainer that automatically selects the right IP subnet mask please. :-)
by anav
Wed Sep 15, 2021 8:53 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

edit................. NM

the !LAN rule is replaced by a better rule. DROP ALL.
The DROP rule makes the !LAN rule redundant.
by anav
Wed Sep 15, 2021 8:19 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

I agree 100%, I should have added the rules to explain my line of thinking! the rules should be add action=accept chain=input comment="Allow DNS, UDP" dst-port=53 protocol=udp in-interface-list=LAN add action=accept chain=input comment="Allow DNS, TCP" dst-port=53 protocol=tcp in...
by anav
Wed Sep 15, 2021 7:54 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

Sorry Johnson, your muddying the waters and leaving some default rules in place the OP no longer needs. The allow services rule is just fine as it is because one delineates all those on the LAN interface have access. NO further granularity is desired by the OP for allowing or disallowing DNS from a ...
by anav
Wed Sep 15, 2021 7:52 pm
Forum: General
Topic: 2 separate networks - no internet access
Replies: 6
Views: 469

Re: 2 separate networks - no internet access

Actually in this case I will make an exception as my response was far better the second time around jajajaja
by anav
Wed Sep 15, 2021 7:45 pm
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

Well LOL, you have me stumped?
What vlan is the switch on ( meaning what is the IP address of the managed switch)?
VLAN#1 should be the default on the switch trunk port (the one the MT is connected to)
by anav
Wed Sep 15, 2021 5:42 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

Sort of LOL. The reason why you no longer need the rule. add action=drop chain=input comment="defconf: drop all else not coming from LAN" in-interface-list=!LAN Is because it ALLOWS ANY RULE COMING NOT FROM THE WAN ( lan to router, router to lan, router to WAN) and therefore any rule allow...
by anav
Wed Sep 15, 2021 5:20 pm
Forum: General
Topic: routing between VLANs
Replies: 14
Views: 744

Re: routing between VLANs

The best resource for vlans is the following...... https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 In the meantime will have a look! (1) Where is IP address of ISP 2,4? (2) Understand you have FIVE vlans on the LAN and one bridge that is also providing DHCP for ethernet2. (3) Dont have a ...
by anav
Wed Sep 15, 2021 4:51 pm
Forum: General
Topic: 2 separate networks - no internet access
Replies: 6
Views: 469

Re: 2 separate networks - no internet access

Oh suggest something like 22 will work, pulling any number out of a hat........ ;-p : And that wisdom of yours has nothing to do with OP's setting in /ip dhcp-server network ... :wink: Im assuming your alluding to the fact that the network mask should match the IP Pool? 22 seemed intuitively correc...
by anav
Wed Sep 15, 2021 4:29 pm
Forum: General
Topic: 2 separate networks - no internet access
Replies: 6
Views: 469

Re: 2 separate networks - no internet access

Oh that's obvious, clearly your IP address for ether3 is missing a mask which prevents any traffic!! :-) :-) :-)

add address=10.18.100.1/?? comment=Guest interface=ether3 network=10.18.100.0
Oh suggest something like 22 will work, pulling any number out of a hat........ ;-p :
by anav
Wed Sep 15, 2021 4:26 pm
Forum: General
Topic: Block internet traffic except some URLs
Replies: 14
Views: 655

Re: Block internet traffic except some URLs

Besides the petty squabbling, I dont see how the firewall rule would block
https: (external) IP on blocked list or IP not on allowed list

Can firewall rules see inside https URLs ??
by anav
Wed Sep 15, 2021 4:23 pm
Forum: Beginner Basics
Topic: SSTP Client and enforce traffice through VPN
Replies: 1
Views: 220

Re: SSTP Client and enforce traffice through VPN

/export hide-sensitive file=anynameyouwish
by anav
Wed Sep 15, 2021 4:19 pm
Forum: Beginner Basics
Topic: 2 separate networks - no internet access
Replies: 4
Views: 330

Re: 2 separate networks - no internet access

Im not, it is not my fault all these people (said as nicely as I can) do not stick to norms if its not .0 , .1 , .24 then you are on your own!!! Like who uses .254 or 22 or 28 or 32 or anything obscure ;-) I assume any bozo foolish enough to stray from norms in terms of IP nomenclature knows what th...
by anav
Wed Sep 15, 2021 4:06 pm
Forum: General
Topic: Audit my input firewall
Replies: 49
Views: 1783

Re: Audit my input firewall

I am confused by this line stated twice?? 1. add action=accept chain=input comment="Accept management from DHCP" dst-port=8291,443 protocol=tcp \ src-address-list="DHCP Devices " 2. add action=accept chain=input comment="Allow Remote Admin, L2TP VPN" dst-port=8291,443 p...
by anav
Wed Sep 15, 2021 3:43 pm
Forum: Beginner Basics
Topic: 2 separate networks - no internet access
Replies: 4
Views: 330

Re: 2 separate networks - no internet access

I dont see offhand why ether3 is not getting internet. The only thing I noted in the forward chain is a duplication of this rule (remove the one at the bottom of the list) add action=drop chain=input comment=" Drop Invalid connections" \ connection-state=invalid I will keep looking. You ha...
by anav
Wed Sep 15, 2021 3:26 pm
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

The config looks good! Are you a. pinging a computer in vlan20 from a computer in vlan10?? Try the following. a. from computer in vlan10 from the PC (not from the router) ping the gateway of its own gateway. b. from a computer in vlan10 ping the gateway of VLAN20 c. from a computer in vlan10 ping a ...
by anav
Tue Sep 14, 2021 11:02 pm
Forum: Beginner Basics
Topic: Devices connecting to the wireless are assigned vlan1 instead of intended VLAN
Replies: 4
Views: 390

Re: Devices connecting to the wireless are assigned vlan1 instead of intended VLAN

What I would need to see is all three configs. /export hide-sensitive file=anynameyouwish The RB4011 needs to have vlans identified as well as the four required entities Vlans are idenftified by unique name, vlan number and primary interface (usually a bridge but can be a port) - ip address -ip pool...
by anav
Tue Sep 14, 2021 7:37 pm
Forum: Beginner Basics
Topic: How do I create a package?
Replies: 2
Views: 340

Re: How do I create a package?

Cannot help.
You need to take some courses.
Suggest start here...................
https://mynetworktraining.com/
https://mynetworktraining.com/p/mikroti ... -with-labs
by anav
Tue Sep 14, 2021 6:10 pm
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2433

Re: PLEASE MikroTik made NetInstall version for Docker....

+1, I think it would be cool to be able to netinstall a router and not even be there! Some amazing reasons provided, mind blowing what you guys have to deal with (not just I am too lazy to climb a mountain LOL)
Plus rextended really really wants this bad!!
by anav
Tue Sep 14, 2021 5:55 pm
Forum: General
Topic: CRS317 Switch VLAN
Replies: 20
Views: 1114

Re: CRS317 Switch VLAN

Since you are intent on hijacking the thread......... Why on earth would you put the pvid of the birdge to 201..... Why are you assigning addresses on both switches, only the router (or switch acting as router requires address assignment). To Christian, So the router sends traffic down WHICH SUBNET ...
by anav
Tue Sep 14, 2021 5:01 pm
Forum: General
Topic: Feature Request: Firewall Rules visual grouping
Replies: 3
Views: 377

Re: Feature Request: Firewall Rules visual grouping

A good reason to keep filter rules simple and efficient.
I thought jump chains were another way of grouping that does what you ask?
by anav
Tue Sep 14, 2021 4:59 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 1634

Re: 📌 Configuration to block users that tries to access router on non open port(s)

I have this DDoS filter above my block rule. https://forum.mikrotik.com/viewtopic.php?f=2&t=54607 Never have had down time. May have not been target.... Hold the fort Jotne.......... I read that long assed thread to find that you are having issues with said DDos!! quote " But I have for su...
by anav
Tue Sep 14, 2021 4:40 pm
Forum: Beginner Basics
Topic: Newbie questions for setting up router [SOLVED]
Replies: 58
Views: 5448

Re: Newbie questions for setting up router [SOLVED]

What the heck is buggerbloat?
Is this like a gazillion firewall rules from youttube that clog up the config?
by anav
Tue Sep 14, 2021 4:38 pm
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

I cannot say it enough times, FIRST - ORDER IS IMPORTANT!! SECOND - Keep the chains separate normally Input chain followed by Forward chain This is your current config..... add action=accept chain=forward in-interface=vlan10 out-interface=vlan20 add action=drop chain=input comment="defconf: dro...
by anav
Tue Sep 14, 2021 4:29 pm
Forum: Beginner Basics
Topic: Devices connecting to the wireless are assigned vlan1 instead of intended VLAN
Replies: 4
Views: 390

Re: Devices connecting to the wireless are assigned vlan1 instead of intended VLAN

Before you dive to deep into many changes, please have a read of this reference until its mostly understood.
Come back here if you have any questions, then slogging through the config and MKX advice will make more sense!!

viewtopic.php?f=23&t=143620
by anav
Tue Sep 14, 2021 4:25 pm
Forum: Beginner Basics
Topic: Traffic to management of MikroTik switches not going through
Replies: 16
Views: 781

Re: Traffic to management of MikroTik switches not going through

Yes, until you have access to the webcongfic, CLI, winbox etc and thus have the authority to actually work on the device '-) we will wait patiently.
by anav
Tue Sep 14, 2021 4:21 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: Source Address List For Route Rule
Replies: 3
Views: 501

Re: Feature Request: Source Address List For Route Rule

+1 for interface lists, missed that the first time around!
by anav
Tue Sep 14, 2021 2:15 am
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

Oh silly me, I made an assumption about your WANIP addresses 10.0.10.1, 10.0.20.1 and 10.0.30.1 ( I put the gateway IPs by mistake) Fixed: the TO ADDRESS should be the IP address!!!! /ip address add address=10.0.10. 2 /24 interface=ether1-WAN1 network=10.0.10.0 add address=10.0.20 .2 /24 interface=e...
by anav
Tue Sep 14, 2021 2:09 am
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

(1) The latter is easy explainable. Think about the order of these two rules....... the router processes. add action=drop chain=forward comment="DROP ALL other FORWARD traffic" add action=accept chain=forward in-interface=vlan10 out-interface=vlan20 The router drops all traffic, then you a...
by anav
Mon Sep 13, 2021 11:10 pm
Forum: Beginner Basics
Topic: Traffic to management of MikroTik switches not going through
Replies: 16
Views: 781

Re: Traffic to management of MikroTik switches not going through

Please clarify
1. You are behind the main router (on a router port?) which is connected to all the switches via other ports? ( a network diagram would be nice).
2. /export hide-sensitive file=anynameyouwish

3. :You shouldnt need NAT but until 1 and 2 are published hard to tell.
by anav
Mon Sep 13, 2021 9:16 pm
Forum: General
Topic: Is this type of filtering possible?
Replies: 4
Views: 437

Re: Is this type of filtering possible?

Nice, I hadnt though there was such a think as bridge filters until now , nor do I actually see where I would/.could use them yet.
by anav
Mon Sep 13, 2021 9:11 pm
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

Changes made where applicable!!! /interface bridge add fast-forward=no name=bridge-VLAN vlan-filtering=yes (make this the last config change) /interface bridge port add bridge=bridge-VLAN hw=no interface=ether4 allow only tagged frames ingress-filtering=yes add bridge=bridge-VLAN hw=no interface=eth...
by anav
Mon Sep 13, 2021 6:12 pm
Forum: RouterOS v7 BETA
Topic: Wireguard tx errors while no traffic
Replies: 2
Views: 536

Re: Wireguard tx errors while no traffic

Thanks for the tip!
by anav
Mon Sep 13, 2021 6:09 pm
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 2433

Re: PLEASE MikroTik made NetInstall version for Docker....

rextended, you have unravelled most of the mysteries in the universe, surely one small docker container is within your skill set!
perhaps jr0dd can be convinced to do so for a bottle of red italian wine!!
by anav
Mon Sep 13, 2021 6:05 pm
Forum: General
Topic: CRS317 Switch VLAN
Replies: 20
Views: 1114

Re: CRS317 Switch VLAN

Jajajaj, Yes clear for everyone, except me. Brain fried.
Seriously, I understand what you said, it just confirms that all traffic on the bridge is tagged.
Just dont comprehend what the op is asking or stating and thus everything is muddy.
by anav
Mon Sep 13, 2021 5:58 pm
Forum: General
Topic: Is this type of filtering possible?
Replies: 4
Views: 437

Re: Is this type of filtering possible?

Hi Mkx, So it when solely using an MT device for bridging between devices, one cannot use the regular fire rule settings one has to use bridge settings? For example if using hex as a switch with bridge and vlans, to enforce any rules that would have to be done on bridge firewall settings as the main...
by anav
Mon Sep 13, 2021 5:54 pm
Forum: General
Topic: MikroTik news and rumours – Chateau 5G & cAP ac XL
Replies: 12
Views: 1414

Re: MikroTik news and rumours – Chateau 5G & cAP ac XL

You can dress up a pig...................
by anav
Mon Sep 13, 2021 5:52 pm
Forum: General
Topic: Need help creating a package
Replies: 2
Views: 388

Re: Brandwith Management

I am not sure what Brandwidth management refers to, possibly a ratio of Cisco to Microtik Devices???

Okay, maybe not the right response, but what was the question again???
by anav
Mon Sep 13, 2021 5:44 pm
Forum: Beginner Basics
Topic: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan
Replies: 17
Views: 939

Re: Port Forward doesn't work --> Sharing 3 WAN and 9 LAN by using Vlan

In summary, the internet be it youtube or blog post can be a minefield and should be ignored unless you have experience under your belt. The default rule set will start you in a good and happy place. This is a reference worth reading on vlans. https://forum.mikrotik.com/viewtopic.php?f=23&t=1436...
by anav
Mon Sep 13, 2021 5:34 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 1634

Re: 📌 Configuration to block users that tries to access router on non open port(s)

But I have none of these rules
except two
drop invalid in input chain
drop all else as last rule in input chain.

How come I am not having any issues??
Is it better not to be aware of how many hits one is getting, ignorance is bliss??
by anav
Mon Sep 13, 2021 1:49 am
Forum: Wireless Networking
Topic: Low wifi coverage in bedroom
Replies: 12
Views: 1566

Re: Low wifi coverage in bedroom

I would use the MT for the router portion and local coverage where the device is located only, and any other brand of decent wifi for the rest of the house.
by anav
Sun Sep 12, 2021 11:14 pm
Forum: General
Topic: CRS317 Switch VLAN
Replies: 20
Views: 1114

Re: CRS317 Switch VLAN

One cannot make any conclusions or helpful config due to the very incoherent and limited requirements communicated. For example how can all the traffic coming on ether one somehow untagged from the router be magically sent to all devices behind the switch but magically one device is using vlan201. I...
by anav
Sun Sep 12, 2021 9:06 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 28
Views: 9212

Re: Hairpin NAT - the easy way

Thanks!
by anav
Sun Sep 12, 2021 5:23 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 28
Views: 9212

Re: Hairpin NAT - the easy way

I never say open the internal DNS to WAN side, simply force all LAN side to use RouterBOAD internal DNS. / ip firewall nat add chain=dstnat src-address=!192.168.88.1 dst-address=!192.168.88.1 dst-port=53 protocol=udp action=dst-nat to-addresses=192.168.88.1 add chain=dstnat src-address=!192.168.88....
by anav
Sun Sep 12, 2021 3:39 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 28
Views: 9212

Re: Hairpin NAT - the easy way

Sorry Zach, old habits LOL. When I used/sold Zyxel gear they had a checkbox for hairpin nat, called loopback. As for rextended, okay, why do I need those forcing DNS rules. What do they have to do with hairpin nat solutions?? Finally WHO in heck is using DNS that is not already on the routerboard?? ...
by anav
Sun Sep 12, 2021 3:33 pm
Forum: General
Topic: CRS317 Switch VLAN
Replies: 20
Views: 1114

Re: CRS317 Switch VLAN

Clearly, the OP needs to read this resource first https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 Providing the correct setup is useless if the OP isnt learning anything along the way. In addition the gross errors in one part of the config begs for a review of the whole config. One learns...
by anav
Sun Sep 12, 2021 2:27 pm
Forum: Beginner Basics
Topic: PC Gaming, unable to connect to servers [SOLVED]
Replies: 8
Views: 616

Re: PC Gaming, unable to connect to servers [SOLVED]

The learning will continue as they keep adding functionality!!
by anav
Sun Sep 12, 2021 3:52 am
Forum: Beginner Basics
Topic: PC Gaming, unable to connect to servers [SOLVED]
Replies: 8
Views: 616

Re: PC Gaming, unable to connect to servers [SOLVED]

Yes, port forwarding will not work if you dont put any dst-nat rules.
Yes typically you do not need to port forward to connect to gaming servers or stream or anything else......
One will need port forwarding if one is hosting servers of any ilk.
by anav
Sun Sep 12, 2021 3:49 am
Forum: Beginner Basics
Topic: PC Gaming, unable to connect to servers [SOLVED]
Replies: 8
Views: 616

Re: PC Gaming, unable to connect to servers [SOLVED]

The point of the exercise was to demonstrate to you that you dont know what you are doing yet. The right answer is that the second rule does the same thing as the first rule (allows vlan_lan to the router) but also allows all lan subnets to the router plus also stops wan to router traffic Hence a de...
by anav
Sun Sep 12, 2021 12:09 am
Forum: General
Topic: Reject the connection to a local machine from outside.
Replies: 28
Views: 1121

Re: Reject the connection to a local machine from outside.

I will concur that using the Mikrotik application on the smartphone with VPN (in my case IKEv2) was very challenging. I then decided to use wireguard and i put another MT router (RB450G) behind my main router (using normal firmware), so that I could play with wireguard (beta on RB450G). I connected ...
by anav
Sun Sep 12, 2021 12:01 am
Forum: General
Topic: PureVPN Protocol-discontinuation, Mikrotik router useless?!
Replies: 21
Views: 940

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

To be honest, your best bet is to select a third party vpn provider (if you really must) that uses wireguard implementation.
by anav
Sat Sep 11, 2021 11:58 pm
Forum: General
Topic: UPnP security questions
Replies: 1
Views: 321

Re: UPnP security questions

Dont enable UPNP!
by anav
Sat Sep 11, 2021 11:56 pm
Forum: Beginner Basics
Topic: PC Gaming, unable to connect to servers [SOLVED]
Replies: 8
Views: 616

Re: PC Gaming, unable to connect to servers [SOLVED]

Hi there, two items. (1) Primary issue is that you have no port forwarding rules. There are no DST nat rules on your config ??? (2) Describe the purpose of each of these rules please!! For educational learning purposes add action=accept chain=input comment="Allow Vlan" in-interface=vlan_la...
by anav
Sat Sep 11, 2021 3:56 pm
Forum: General
Topic: ?? How to renew SIP registration / connection from PBX after WAN failover ??
Replies: 5
Views: 432

Re: ?? How to renew SIP registration / connection from PBX after WAN failover ??

Something funky also happens on my VOIP obihai modem when the WANs change or go down and come back up. The old address is stuck in the system and take awhile to reset and sometimes I have to manually unplug the modem from power to reset it. So Im not sure if the issue is RESETTABLE on the Mikrotik, ...
by anav
Sat Sep 11, 2021 3:49 pm
Forum: General
Topic: Hairpin Nat
Replies: 2
Views: 407

Re: Hairpin Nat

For future issues, a one jpeg or snipped is rarely enough information. Ideally, one provides a. network diagram b. full set of use case requirements (what users/devices should be able and should not be able to do, without noting any networking equipment or configuration words). and finally if nothin...
by anav
Sat Sep 11, 2021 3:48 pm
Forum: Useful user articles
Topic: Hairpin NAT - the easy way
Replies: 28
Views: 9212

Re: Hairpin NAT - the easy way

/ip dns static add address=192.168.88.68 regexp="(^|www\\.)vattelappesca\\.rex\$" ttl=5m /ip firewall nat add chain=dstnat src-address=!192.168.88.1 dst-address=!192.168.88.1 dst-port=53 protocol=udp action=dst-nat to-addresses=192.168.88.1 add chain=dstnat src-address=!192.168.88.1 dst-a...
by anav
Sat Sep 11, 2021 3:17 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 6417

Re: WinBox v3.30 released!

In other words 3.31 is not far around the corner!!
by anav
Sat Sep 11, 2021 3:15 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 20831

Re: Mēris botnet information

Based on my experience installing MOAB for many users .. 100% had very poor firewall security measures due to ignorance and or lack of diligence ... once a router has been compromised the ONLY recourse is to netinstall and manually configure ... MikroTik should make the Netinstall procedure much mo...
by anav
Fri Sep 10, 2021 11:29 pm
Forum: General
Topic: Reject the connection to a local machine from outside.
Replies: 28
Views: 1121

Re: Reject the connection to a local machine from outside.

(1) These look like port forwarding rules that should in the IP NAT settings, not Forward Chain Filter rules. /ip firewall filter add action=accept chain=forward comment="NAS MOBILE ACCESS" dst-address=\ 192.168.2.113 dst-port=53200,21 in-interface=ether1 in-interface-list=all \ log=yes lo...
by anav
Fri Sep 10, 2021 11:17 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 6417

Re: WinBox v3.30 released!

What is interesting to me is introducing new software changes, often breaks existing code or introduces a whole new set of bugs................. Good lesson for any testers out there...
by anav
Fri Sep 10, 2021 11:14 pm
Forum: General
Topic: Reject the connection to a local machine from outside.
Replies: 28
Views: 1121

Re: Reject the connection to a local machine from outside.

Its still 1m long on my screen??
by anav
Fri Sep 10, 2021 11:12 pm
Forum: General
Topic: Ip cloud/ddns problems
Replies: 8
Views: 737

Re: Ip cloud/ddns problems

Thank you for the responses. The ddns started working soon after I made this post without me making any changes. I have port knocking set up so I can access the router via winbox. I also have a port forward to a prtg server I have set up for testing purposes. Check out winbox remote for another way...
by anav
Fri Sep 10, 2021 11:08 pm
Forum: General
Topic: How is default config allowing Winbox access?
Replies: 8
Views: 677

Re: How is default config allowing Winbox access?

My observations....... (1) There should only be one address for the bridge interface!! You have it THREE PLACES WTF?? . Keep the blue one get rid of the red ones. /ip address add address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0 add address=192.168.201.1/24 interface=et...
by anav
Fri Sep 10, 2021 8:40 pm
Forum: General
Topic: How is default config allowing Winbox access?
Replies: 8
Views: 677

Re: How is default config allowing Winbox access?

please post the latest config, talk is cheap the config is where the rubber meets the road!!
/export hide-sensitive file=anynameyouwish
by anav
Fri Sep 10, 2021 8:38 pm
Forum: General
Topic: Drop all rule blocking PPTP
Replies: 5
Views: 416

Re: Drop all rule blocking PPTP

Firewall rules........ FORWARD CHAIN DEFAULT RULES sort of........ add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward connection-state=established,related,untracked add action=drop chain=input co...
by anav
Fri Sep 10, 2021 8:36 pm
Forum: General
Topic: Drop all rule blocking PPTP
Replies: 5
Views: 416

Re: Drop all rule blocking PPTP

Firewall rules INPUT Chain. +++++YOUR VPN RULES GO HERE++++++ add action=accept chain=input comment="defconf: accept established,related,untracked"\ connection-state=established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid...
by anav
Fri Sep 10, 2021 8:28 pm
Forum: General
Topic: Drop all rule blocking PPTP
Replies: 5
Views: 416

Re: Drop all rule blocking PPTP

I will give you some advice. Repost the list such that a. all the INPUT chain are in one grouping b. all the forward chain are in one grouping. The order of the rules should reflect the actual order in the configuration as well. \ Finally, most of your rules are not planned in a coherent manner and ...
by anav
Fri Sep 10, 2021 6:31 pm
Forum: General
Topic: Mikrotik RB3011 with Ubiquiti switch For AVOIP and Control4 system
Replies: 1
Views: 309

Re: Mikrotik RB3011 with Ubiquiti switch For AVOIP and Control4 system

probably not as it sounds obscure.
best bet is to detail the requirements here along with a network diagram
and then post an initial config of your attempts to get it working.

/export hide-sensitive file=anynameyouwish
by anav
Fri Sep 10, 2021 5:53 pm
Forum: General
Topic: How is default config allowing Winbox access?
Replies: 8
Views: 677

Re: How is default config allowing Winbox access?

Without seeing the complete config one would be guessing although MKX is 99.999 probably on the money.
by anav
Fri Sep 10, 2021 5:51 pm
Forum: General
Topic: Reject the connection to a local machine from outside.
Replies: 28
Views: 1121

Re: Reject the connection to a local machine from outside.

Post your lastest config please a fresh pair of eyes may help.

/export hide-sensitive file=anynameyouwish
by anav
Fri Sep 10, 2021 5:49 pm
Forum: General
Topic: Error connecting Mikrotik hex RB750Gr3 via Winbox
Replies: 3
Views: 379

Re: Error connecting Mikrotik hex RB750Gr3 via Winbox

Recommend upgrading winbox to latest 3.30
by anav
Fri Sep 10, 2021 5:47 pm
Forum: General
Topic: Ip cloud/ddns problems
Replies: 8
Views: 737

Re: Ip cloud/ddns problems

1. Are you attempting to access LAN devices (servers behind your router)? 2. Are you attempting to reach the router directly for configuration purposes? 3. If the answer to 2. is YES. a. are you using VPN to connect to the router b. are you using port knocking to connect to the router. As stated any...
by anav
Fri Sep 10, 2021 5:43 pm
Forum: General
Topic: BTest blocked - any alternative
Replies: 5
Views: 489

Re: BTest blocked - any alternative

Do you mean external BTest servers that other people are running?
Why would your ISP block random ports for outgoing traffic??
by anav
Fri Sep 10, 2021 5:42 pm
Forum: Beginner Basics
Topic: Port forward setup wrong OR I might have a NATed IP address from my mobile broadband provider (Telia)? [SOLVED]
Replies: 1
Views: 316

Re: Port forward setup wrong OR I might have a NATed IP address from my mobile broadband provider (Telia)?

Good work!
Typically selecting what is my IP is a good way to see if it matches your WANIP in IP DHCP client etc.
Also one can look at their IP cloud settings as well!!
by anav
Fri Sep 10, 2021 5:39 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 6417

Re: WinBox v3.30 released!

Just switched over to 3.30 TY, TY , TY , TY. I can now /export my config in terminal and it is fully visible scrolls well and doesnt not get overlapped on lines. TY, TY
(note: reg firmware not beta)
by anav
Fri Sep 10, 2021 5:37 pm
Forum: RouterOS v7 BETA
Topic: Wireguard mynetname usage confirmation?????
Replies: 0
Views: 474

Wireguard mynetname usage confirmation?????

Wireguard works great for me, the WG server behind my main MT router and at the remote client location, the WG server (mt router) behind an ISPs router (that doesnt allow icmp boo!). I make extensive use of both Server and Client mynetname in rules. ENDPOINT-ADDRESS etc. Can Mikrotik confirm that th...
by anav
Fri Sep 10, 2021 5:23 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: Source Address List For Route Rule
Replies: 3
Views: 501

Feature Request: Source Address List For Route Rule

Seems like a simple request. ;-)
Would like more flexibility in Route Rule (or new version of such in 7.X) to allow Source Address List as
a valid parameter to identify traffic (besides subnet, interface etc..)

This would help avoid the complexity of full mangling and loss of fasttrack for example.
by anav
Thu Sep 09, 2021 11:32 pm
Forum: General
Topic: Automatically filter a rogue public IP
Replies: 6
Views: 584

Re: Automatically filter a rogue public IP

Use anydesk!
by anav
Thu Sep 09, 2021 11:28 pm
Forum: General
Topic: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]
Replies: 17
Views: 1305

Re: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]

Okay, well I can spare them the trouble as I have too much free time. I will only post if I have questions from now on. MKX needs more work to hone his support skills anyway ;-)
Its a private forum so one must abide by the rules but the lack of courtesy to provide some sort of advisory is not on.
by anav
Thu Sep 09, 2021 10:18 pm
Forum: General
Topic: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]
Replies: 17
Views: 1305

Re: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]

Yes it should have been
"due avvertenze"

Never seen those either where did you find, them??
If you have two, I bet I have three!
by anav
Thu Sep 09, 2021 6:50 pm
Forum: General
Topic: Something must be really wrong on my configuration. Needs real help here! [SOLVED]
Replies: 23
Views: 1197

Re: Something must be really wrong on my configuration. Needs real help here! [SOLVED]

Like I said, Please list a full set of requirements and then useful suggestions can be made. Individual devices (ex server) (use cases) Individual users (ex PC user) (use cases) Group users (on same vlan) (subnet, home lan, guest wifi) (use cases) Group Devices (on same vlan) (Iot devices media, cct...
by anav
Thu Sep 09, 2021 6:46 pm
Forum: General
Topic: Client isolation within VLAN and fast roaming
Replies: 30
Views: 1493

Re: Client isolation within VLAN and fast roaming

This is actually a very useful thread. So I have finally discerned possibly a useful capsman functionality or two to be exact. a. the ability to isolate clients on the same capac on the same vlan b. the ability to isolate clients on different capacs but on the same vlan. Questions (1) Can I assume t...
by anav
Thu Sep 09, 2021 6:39 pm
Forum: General
Topic: 200k Mikrotik devices involved in DDoS botnet
Replies: 10
Views: 1240

Re: 200k Mikrotik devices involved in DDoS botnet

Perhaps related to the recent blocking of the MT cloud service??
by anav
Thu Sep 09, 2021 6:37 pm
Forum: Announcements
Topic: Newsletter 101
Replies: 43
Views: 7877

Re: Newsletter 101

What does the RB5009 give you that the RB4011 doesnt ?? and only for few more bucks $$ CCR1009
by anav
Thu Sep 09, 2021 4:14 pm
Forum: Wireless Networking
Topic: Using Mikrotik hAP Lite as a WLAN AP und WLAN Client
Replies: 4
Views: 445

Re: Using Mikrotik hAP Lite as a WLAN AP und WLAN Client

In other words the haplite was not the right purchase if the intent was this functionality.
Suggest the hapac lite is the cheapest option that can do what mkx noted.
by anav
Thu Sep 09, 2021 4:10 pm
Forum: General
Topic: Mikrotik and a firewall
Replies: 3
Views: 367

Re: Mikrotik and a firewall

I am confused by the responses, the OP appears to be talking about LAN access where you have responded with router (input chain) access??? To the OP. Post your config /export hide-sensitive file=anynameyouwish and a network diagram so we can see the components and their relationship via ethernet/wif...
by anav
Thu Sep 09, 2021 4:03 pm
Forum: General
Topic: Something must be really wrong on my configuration. Needs real help here! [SOLVED]
Replies: 23
Views: 1197

Re: Something must be really wrong on my configuration. Needs real help here! [SOLVED]

Nope, not willing to chase tails. You keep chanigng the requirements and that may impact the overall design.......... Thus I go back to 'a. network diagram b. latest config and the most important of all. c. set of requirements listing what you want users/device to be able to do, and what they should...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 29