MikroTik

xvo

The only thought to consider: hEX S have a very weak switch chip implementation - it can't do vlan's in hardware, only in software. It is not a real problem for small loads, but depending of the intra-vlan/inter-vlan ratio it can be a good idea to put a more decent switch between hEX and the rest o...

xvo

Here is my config backup! I have not internet still, and router cant still not ping internet from it self. Could it be the routerbord firmware? Mine says 6.45.3 but on download page it says tilegx_3.41.fwf or is that someting else. Just thinking of what it can be as i think Routerbord follows Route...

xvo

The only thought to consider: hEX S have a very weak switch chip implementation - it can't do vlan's in hardware, only in software. It is not a real problem for small loads, but depending of the intra-vlan/inter-vlan ratio it can be a good idea to put a more decent switch between hEX and the rest of...

xvo

Uh, wait. You said you wanted to use it as an AP only. Then you should have no WAN interface at all, it should be just bridging (wifi is LAN, ethernet is LAN)... right? Or am I missing something? At this point all real WAN/LAN distinctions are already removed from configuration. That's just names o...

xvo

Thanks! I got my device today and had it configured in minutes, thanks to you guys. Quick question though, I'm using the WinBox GUI to connect and configure, which works fine from any device actually connected to the hAP wirelessly. However I have a hard-wired machine on the same LAN as the hAP (it...

xvo

The lamest way to do it is to use the quick-set menu, select the "Home AP Dual" template, and then in the template: - configure a static LAN IP address of your router, that is free in your network. - and remove the check from the DHCP server option. This way eth1 will still be your WAN interface me...

xvo

Hi, I know that it can be configured as router, but if you look at the links my configuration is only as l2 switch no routing no fw no vlans and still if i copy file from computers in same subnet so routing is not required I got this performance drop. It looks like for some reason it is hitting cpu...

xvo

It's not "just L2 switch", but also a router at the same time.
Not a powerful one, so when it routes instead of switching, you see a huge performance drop.
Keep that in mind configuring your network.

xvo

If it bothers you, just set it 1Gbps for all gigabit ethernet ports and it will disappear from export. It does not bother me, but can easy be misunderstand. On Cisco speed 100 settes the interface 100MB/s fixed. ...and on mikrotik auto-negotiation on/off and speed when auto-negotiation is set to of...

xvo

Running 6.43.4 I do see this as well. /interface ethernet set [ find default-name=ether1 ] name=ether1-Wan speed=100Mbps set [ find default-name=ether2 ] name=ether2 speed=100Mbps set [ find default-name=ether3 ] speed=100Mbps set [ find default-name=ether4 ] name=ether4 speed=100Mbps set [ find de...

xvo

1-5: You need to advertise dns for your deviced: IPv6 --> ND 6: Yes, that is normal. DHCPv6 is ROS is currently incapable of handing addresses - only prefixes. All the addresses on another RB have to be configured manually, got by SLAAC, or picked from prefix pool. So you can: 1) assign the address...

xvo

Would be nice if CRS112 was half rack width with option to join 2 together to make 16 port full width.

And it doesn't look like having 16G and 1-2SFP+ in CRS112 size is something impossible either.

xvo

Hello. Well i've the same problem here. No ADSL or Fiber...that's why i'm using LTE connection. So...3Unlimited and Vodafone Red+ must have linked to a landline contract? Thanks in advance. Maurizio True for 3Unlimited, but haven't seen such limitation for Red+, only that it is obligatory to stay o...

xvo

I guess no need to further explain the difference between static DNS servers settings and static DNS entries?

xvo

Well, if you have four entries there, how is it blank?!
Remove these four entries, and that would be blank

xvo

I am talking about the IP DNS settings that show up at the top of the frigging page IN WHITE BOXES............ These are set by the ADMIN. What do you call those then???? FIXED DNS settings ;;--))))) In any case, I was stating that using PEER DNS setting overides the manual FIXED entries on the IP ...

xvo

I think my Use Peer DNS, 'trumps" your IP DNS reference. In any case, I imagine you like warm beers, which is like stale cigarettes to a smoker OR moldy cheese to John Cleese in the cheese shop, ie gross but it will do pig. Use-peer-DNS adds dynamic entries, so the static ones will be preferred (if...

xvo

Thanks for the info, but Unlimited Red+ seems to be smartphone only, and I have no luck to find any info on 3Unlimited. For Italian law, you can use the GB of any mobile plan as you want. You can use sim for smartphone for tethering and modem without problems. https://www.ilsole24ore.com/art/tecnol...

xvo

https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

"firewall filter and mangle rules will not be applied for FastTracked traffic"

xvo

There's no real difference. You'll just get a public ip instead of some private one on your WAN interface. When you purchase public ip from you provider, I'm sure they will explain the method, how they deliver it - do you need to assign it manually, or you will just get it by DHCP client of from PPP...

xvo

thank you very much for your information God bless you You are welcome. Just keep in mind that having a public IP means you need to pay more attention to security, i.e.: - properly configured firewall - access to services on the router not exposed to the outside - and the ones that you don't use - ...

xvo

It does not matter if I set it to passthrough :/
Also in Wiki there are not passthrough enabled..
https://wiki.mikrotik.com/wiki/Manual:PCC
As I said it works on hAP-lite just not hAP-AC2.
Have you tried it on hAP-AC2.. has anyone?

Passthrough=yes is the default setting.

xvo

The best way is public IP + any kind of VPN server running on your RB. thank you for your speedy replay lets say you get puplic ip for example = 37.230.130.95 what are the next steps , what are the settings in mikrotik system to using this puplic ip address for remotely accessing my routerboard? an...

xvo

But that goes to my point about nothing specific in the redirect rule. How would I exclude the VLAN from that rule in NAT when no source or destination is identified? Just add source to the rule ( in-interface or src-address ) :) Also I am not quite sure if you answered the question, where does the...

xvo

Hello. Well you'll not find any unlimited from our major carriers (vodafone..tim..TRE/ Wind). But there are some company which are selling internet service using our carriers nets. It's not true! Only TIM don't have unlimited data plan. Vodafone have Unlimited Red + WindTre have 3Unlimited Both the...

xvo

You can either remove all current connections to the cam manually (IP --> Firewall --> Connections). Or you can move you rule higher then established/related one, but that can result an additional CPU load (because all traffic will be checked by this rule, even the connections that were already esta...

xvo

The best way is public IP + any kind of VPN server running on your RB.

xvo

Just kidding, inside joke with xvo, he has helped through the same process held my hand, heck practically changed my diapers LOL. You are in good hands, but plug your nose, dont like his aftershave (who am I kidding I'm convinced he doesn't know what a razor looks like must be his perfume errr colo...

xvo

Okay so a user manual setting on a computer will override the DHCP network setting and thus the redirect rule is required (for the office setting) Yes. For office internal network it makes more sense. Especially if you need everybody to use some special dns service - with security and content filte...

xvo

I also find such measures unnecessary in home environment. Someone can always set it manually on the device's network settings. But who cares?! It's a guest network anyway. If someone among your guest have set his laptop/phone to always use google dns, so let it use it - less load and unneeded cache...

xvo

1. Redirect is like dst-nat to the router itself. So if you redirect all DNS requests it means that the will be served by you router, without the client knowing it. Even if it will try to use some external DNS. 2. use-peer-dns only means that you will get the addresses of DNS servers from remote pee...

xvo

Not separate, the "dns" topic in logging section.

I meant that you can use action=redirect in /ip firewall nat for DNS requests - that will force the use of your DNS even if a client attempts to connect to any other DNS server.

xvo

Good to know, now I can add the other vlans I have been planning;

Much thanks!
Forget the Ghost Busters, call XVO!!

You are welcome!
I'll try not to forget about the beer you mentioned

xvo

Okay, it worked but I am confused. I added the guest vlan to the interface list for LAN and voila magic it worked. BUT........... I already had. a. homebridge on the lan interface list b. ether2 on the lan interface list c. ether3 on the lan interface list d. ether4 on the lan interface list Since ...

xvo

Thanks - hadn't spotted that. Now got that enabled, and getting some DNS info in the syslog file. It's not very useful info though: <14>1 2018-11-03T17:27:46+00:00 MikroTik forward - - - forward: in:bridge1_LAN out:EE Broadband, src-mac 24:5e:be:1d:09:9f, proto UDP, 192.168.1.98:54957->8.8.8.8:53, ...

xvo

/interface 6to4
add disabled=no !keepalive local-address=1.2.3.4 name=6to4-tunnel1 remote-address=192.88.99.1
Code: Select all
local-address = wan IP
remote-address = address of the tunnel end

That's right and 192.88.99.1 is the right remote-address for 6to4

xvo

xvo

To make firewall logging work you need not only to set log=yes in the rule but also add logging for the firewall topic (or a part of it):

/system logging
add action=remote topics=firewall

(Of course you need to get a syslog server running on your NAS beforehand).

xvo

Well &^%^ me! Awesome pickup. When you come to Canada, I will have a cold beer waiting for you, heck a whole case for all the trouble I have put your through for one little typo. I will fix and try right away! Okay, partial success!!! I now get an IP and connect to the router through the capAC. How...

xvo

1-5: You need to advertise dns for your deviced: IPv6 --> ND 6: Yes, that is normal. DHCPv6 is ROS is currently incapable of handing addresses - only prefixes. All the addresses on another RB have to be configured manually, got by SLAAC, or picked from prefix pool. So you can: 1) assign the address ...

xvo

Found this: /ip address add address=192.168.0.1/24 interface=HomeBridge network=192.168.0.0 add address=192.168.2.1/24 interface=ether4 network=192.168.2.0 add address=192.168.100.0/24 interface=GuestWifi_T&B_V100 network=\ 192.168.100.0 Unless it's a typo in the post, looks like a reason to me :)

xvo

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab

Are you sure they aren't just sorted?

xvo

Hello. Well you'll not find any unlimited from our major carriers (vodafone..tim..TRE/ Wind). But there are some company which are selling internet service using our carriers nets. For unlimited service : OGilink - Works with Vodafone..but is quite expensive. 69 for unlimited - or..39 Euros to have...

xvo

Thanks a lot..!!! Ang greetings from Italy Maurizio Hi again. It turns out, I might need a little advice from you too, if you don't mind: Can you suggest me any mobile carrier in Italy, with unlimited LTE traffic plan, that won't cost me a fortune? :) I might end up having to install a setup very s...

xvo

It shouldn't change on its own.

xvo

I think the answer in your use is to simply get a CRS328 which is a little more expensive but has some "growing room". https://mikrotik.com/product/crs328_24p_4s_rm I hope that dedicated PoE and non-PoE ports will not be a thing in the future and they adopt the standard they are currently setting a...

xvo

Thanks a lot..!!!

Ang greetings from Italy

Maurizio

You are welcome!

xvo

When using L2TP + ipsec you can't be sure, that the packet is not fragmented, even if you specifically restrict fragmentation of the original packet. The original packet first packed into l2tp (that can, by the way, also perform fragmentation and defragmentation, but only if asked to), then it is pr...

xvo

Hello. I don't have any free ports in the router, so i have no choice but to connect them to the switch runnings SwOS. Also i want maximum performance so i don't want to do any filtering/routing/bridging in the CPU, i want to use something that my devices have hardware support for. Thank you for yo...

xvo

I guess it has to do something with that data lanes XOR logic - either SFP or one more lane to the switch chip. You are right - looks like most possible cause. Despite you say the problem is solved, I think this behaviour should be described somewhere (on a wiki? in quick start guide?) in a form of...

Search found 329 matches