Community discussions

MikroTik App

Search found 1239 matches

by xvo
Fri Sep 17, 2021 11:43 pm
Forum: RouterBOARD hardware
Topic: Another Hardware Idea.. [SOLVED]
Replies: 6
Views: 4782

Re: Another Hardware Idea.. [SOLVED]

One can dream, right?
So NanoPi R4s with PoE In/Out and ROS onboard? :)
by xvo
Tue Sep 14, 2021 5:15 pm
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Re: Feature requests: improve dot1x and others

Got it, thanks!
by xvo
Tue Sep 14, 2021 3:31 pm
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Re: Feature requests: improve dot1x and others

Next edit: dot1x: guest vlan for clients unsupporting dot1x - founded workaround
Which is..? :)
by xvo
Sat Sep 11, 2021 10:42 pm
Forum: RouterOS beta
Topic: New User Manager in RouterOS v7
Replies: 210
Views: 80139

Re: New User Manager in RouterOS v7

Is there any workaround to access accept non-existent users into some special group (and this way into specific vlan), rather than access reject them? I want to move some of my installations to non-mikrotik access points, but save the existing approach of single SSID with mac-based vlan tagging. And...
by xvo
Thu Sep 09, 2021 8:01 pm
Forum: RouterOS beta
Topic: Feature request: MQTT Broker and pub/sub
Replies: 6
Views: 9972

Re: Feature request: MQTT Broker and pub/sub

With docker support there should be no problem to run mosquitto.
by xvo
Wed Sep 08, 2021 3:24 pm
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 161558

Re: v7.1rc3 adds Docker (TM) compatible container support

That is simply awesome!
by xvo
Mon Sep 06, 2021 10:52 pm
Forum: General
Topic: MikroTik RB4011iGS+RM
Replies: 7
Views: 1021

Re: MikroTik RB4011iGS+RM

thanks you, what value should i use for L2 MTU? While theoretically GRE (as protocol) can carry many different types of payload (as we see for example in case of EoIP), but on Mikrotik interface type "GRE tunnel" can carry only IP or IPv6, so there is no L2 there, and existence of L2MTU f...
by xvo
Mon Sep 06, 2021 9:29 pm
Forum: General
Topic: MikroTik RB4011iGS+RM
Replies: 7
Views: 1021

Re: MikroTik RB4011iGS+RM

If I remember right the MTU for GRE IPv4 interfaces should be 1436
1476: -20 IP -4 GRE
by xvo
Fri Aug 27, 2021 12:13 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 76849

Re: v7.1rc1 [development] is released!

You can tag wifiwave2 wireless traffic by following the generic bridge vlan configuration example shown here . The vlan tagging settings in the regular wireless package were redundant and so have not been ported to wifiwave2. What about conditional vlan tagging based on ACL? We will no longer have ...
by xvo
Thu Aug 26, 2021 5:19 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35347

Re: WinBox v3.29 released!

Why do not fix that?
I guess that's intentionally made for people who miss playing minesweeper :)
by xvo
Mon Aug 23, 2021 6:38 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 76849

Re: v7.1rc1 [development] is released!

Yep, I had to recreate backbone area and interface-templates.
Same here.
Yes, WinBox adds networks="" to them, needs to be unset via CLI.
You can set networks=0.0.0.0/0 (in winbox as well) instead of unsetting it.
by xvo
Wed Aug 18, 2021 4:32 pm
Forum: General
Topic: CCR2004-16G-2S+ shipped with 7.0.4 STABLE is that for real?
Replies: 11
Views: 2235

Re: CCR2004-16G-2S+ shipped with 7.0.4 STABLE is that for real?

is it stable enough to keep it for the customer? that is the real question !!!
You tell us :)
I believe you are the first one here to report that you have device on hand :)
by xvo
Sat Aug 14, 2021 5:04 pm
Forum: General
Topic: Meshnetwork with Mikrotik Audience
Replies: 8
Views: 2055

Re: Meshnetwork with Mikrotik Audience

You need to do it manually if you want more sophisticated config.
And if you have only two units, there is no actual need for mesh at all - a wireless bridge on third radios will do.
by xvo
Tue Aug 10, 2021 10:58 am
Forum: General
Topic: Is it possible to set WinBox defaults?
Replies: 8
Views: 1444

Re: Is it possible to set WinBox defaults?

Set as the default. Not set as the only session I use.
That's exactly what you are asking for: you load the default session first, then save it as another one intended for this particular device.
by xvo
Mon Aug 09, 2021 7:10 pm
Forum: General
Topic: Rack Mount Options? slim to none! [SOLVED]
Replies: 2
Views: 978

Re: Rack Mount Options? slim to none! [SOLVED]

CCR1009-7G-1C-1S+PC ships with appropriate rack ears.
by xvo
Mon Aug 09, 2021 2:56 pm
Forum: General
Topic: Did I miss something? New 4011
Replies: 30
Views: 5007

Re: Did I miss something? New 4011

The 4011 can saturate a 500 Mbit/s connection eith IKEv2 with ease.
Easily 700+ with GRE+IPSec on single tunnel.
And I've seen close to 1,2Gb on two tunnels combined for all destinations.
by xvo
Mon Aug 09, 2021 1:46 pm
Forum: Beginner Basics
Topic: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]
Replies: 18
Views: 9623

Re: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]

With several l2tp to the same l2tp-server you can actually do load balancing much easier, as there is no NAT involved for traffic going into the tunnels - all you need is an ECMP route(s) on both sides to the needed destinations. For example iа first tunnel is 172.16.1.1 <-> 172.16.1.100, second 172...
by xvo
Sun Aug 08, 2021 7:27 pm
Forum: Beginner Basics
Topic: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]
Replies: 18
Views: 9623

Re: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]

Specify src-address in l2tp-out interfaces and use /ip route rule action=lookup-only-in-table (for these src-addresses) to force each of l2tp-out interfaces to use appropriate WAN.
by xvo
Tue Aug 03, 2021 11:43 pm
Forum: Beginner Basics
Topic: Winbox for M1 [SOLVED]
Replies: 31
Views: 23484

Re: Winbox for M1 [SOLVED]

by xvo
Thu Jul 29, 2021 9:11 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

You can say about any network device that “it has one connection for some subset of devices, and some connections to the rest”. :)))
by xvo
Thu Jul 29, 2021 8:49 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

Technically it is
Well, no, it's not: ROAS concept implies that router has only single physical connection to the rest of the network.
by xvo
Thu Jul 29, 2021 7:30 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

I use ROAS where the gigabit ports are used for gigabit devices and the SFP+ is connected to a 10G switch for only 10G devices.
Then it is not a ROAS :)
by xvo
Thu Jul 29, 2021 5:35 pm
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

Hmmm ... you know that by heart? I have to check if bridge port still shows "H" among status flags all the time ;-) Sure thing. But when you don't see an "H", your heart starts running faster, palms begin to sweat and you are like "what have I done wrong this time?!" t...
by xvo
Thu Jul 29, 2021 5:30 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

That RB5009 block diagram makes me think it was oriented around router-on-a-stick because the SFP+ is switched with all the other ports How would it matter in ROAS scenario, as SFP+ will be the only populated port then? But the ability to do some of inter-vlan routing on switch-chip would be good a...
by xvo
Thu Jul 29, 2021 3:17 pm
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

I would expect that the switch menu would be deprecated and everything done from the bridge level. The characteristics of the device would determine what HW offload can be done. Yes, that would be close to ideal. But not really possible until CRS1XX/2XX are long gone too - their switch menu is far ...
by xvo
Thu Jul 29, 2021 1:30 pm
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

And then the code for HW offload would become quite heavy running all the checking whether some functionality can be offloaded to a particular switch chip in use or not (currently the check for most bridge functions is simple: is the board in use CRS3xx or not? The exact same check would be needed ...
by xvo
Thu Jul 29, 2021 11:30 am
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

Well, one could also ask "why on earth does RouterOS not map the simple case of bridg-with-vlan-filtering to switch chip programming, when there are no features configured the swich chip cannot handle". Yes, something like the checkbox "translate vlan config to switch-chip" come...
by xvo
Wed Jul 28, 2021 7:42 pm
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

all comes down to how configured. using switch chip vs bridge-vlan. Why on earth would anyone configure bridge vlan filtering on a device that have a single switch-chip but no hw-offloading for vlans? Only the need the use of IP firewall or something like that, but "regular" switch can't ...
by xvo
Wed Jul 28, 2021 6:45 pm
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

Why are you using a hap AC to connect your plex server. Use a regular network L2 switch for better performance?
What is wrong with hAP ac's switching performance, so "regular" switch should be somehow better?
by xvo
Wed Jul 28, 2021 3:47 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

This is a router after all. Then why do it need to have more than 9 ports at all? There were a lot of cases when people wanted to use RBx011 as router+switch in one device. And this nonsense with two switch chips was always a limitation. So RB5009 is clearly a step in the right direction having thi...
by xvo
Wed Jul 28, 2021 3:10 pm
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

Any 2.4 APs will do.
They don't even need to be from the same vendor or anything.
Not if sensors or wifi light bulbs need roaming or anything like that.

cAP lite is an example.
by xvo
Wed Jul 28, 2021 3:08 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

BTW, pages on the website for both RB5009 and CCR2004 are now available.
With official pricing etc.
by xvo
Wed Jul 28, 2021 1:53 pm
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

I should use virtual network or cheap wifi ap only for domotic stuff?
Virtual interfaces can't work on different channels than its masters, so I meant additional cheap 2.4Ghz AP(s).
by xvo
Wed Jul 28, 2021 12:57 pm
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

I need a system that can handle
You can create a separate wifi 2.4 network working on different channels than your main network.
Although as you already have multiple AP's that can be a challenge.
by xvo
Wed Jul 28, 2021 11:35 am
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5814

Re: Wifi net work for home with Iot (50 devices)

Consider changing at least some of your IoT devices to zigbee ones.
by xvo
Wed Jul 28, 2021 10:14 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

That would break the concept of all ports being processed by a single switch chip.
by xvo
Wed Jul 28, 2021 12:13 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

That means there could be a 10 port version to properly replace the RB4011.
If I'm not mistaken, there is only one 1G port left unused on the switch-chip, so theoretically it could be RB5010 if not the width limitations, but still not RB5011.
by xvo
Tue Jul 27, 2021 2:16 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

Ок, it is more clear now.
Except why is 4011 performs so badly in ROS7 compared to ROS6.
But at least that gives us some hope that in the release version of ROS7 both boards will perform actually better than these numbers.
by xvo
Mon Jul 26, 2021 1:24 pm
Forum: Beginner Basics
Topic: Hex vs Hex S [SOLVED]
Replies: 22
Views: 11012

Re: Hex vs Hex S [SOLVED]

it can route at around 1Gbps (full duplex) And that's with fasttrack enabled for all traffic. While dual WAN might need disabling it, if we are talking about combining the bandwidth somehow, and not only switching between active and backup links. So yes, it is better to look for more powerful devic...
by xvo
Mon Jul 26, 2021 10:13 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

I suspect that the 5009 results could actually be underestimated.
That is not really a question here - the question is why 4011 "test results" in the video are not anywhere near what the official 4011 product page/brochure always stated.
by xvo
Sun Jul 25, 2021 10:09 pm
Forum: Beginner Basics
Topic: Subnet issues
Replies: 5
Views: 1254

Re: Subnet issues

which doesn't let me add a new route Are you sure about that? Pretty basic stuff that even most of the dumbest ISP boxes are capable of. But if your's really can't these options come to mind: - you can flatten your network by making mikrotik work as switch + wifi AP: all devices will get IP's from ...
by xvo
Sun Jul 25, 2021 8:17 pm
Forum: Beginner Basics
Topic: Subnet issues
Replies: 5
Views: 1254

Re: Subnet issues

You need to add a route to 192.168.88.0/24 on your main router with 10.0.0.100 as a gateway and disable NAT (masquerade) on mikrotik.
by xvo
Fri Jul 23, 2021 2:53 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

The routing performance increase compared to RB4011, as indicated in RB5009 propaganda, is not true.
That is just marketing, nothing personal :)
But probably it's old 4011 numbers that were always untrue, not the new 5009 ones.
Which still is... unethical at the very least.
by xvo
Fri Jul 23, 2021 1:14 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

They can easily add an additional SFP+ with the Marvell 88F8125.

This would obviously cost a bit more and require a larger footprint.
Adding a second 10G interface will cannibalise the sales of CCR2004, so I believe "single 10G port for non-CCR routers" policy is intentional.
by xvo
Thu Jul 22, 2021 5:54 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

Will there be a +WiFi Version of this?
I guess that looks like an answer to the initial question:
RB5009.jpg
by xvo
Thu Jul 22, 2021 3:31 pm
Forum: Beginner Basics
Topic: Can't get over 1G on CRS309 10G ports
Replies: 5
Views: 1725

Re: Can't get over 1G on CRS309 10G ports

if you're right and it's actually a 1G router falsely advertised as 10G with 80G throughput
And yes - it is L2 (soon to be L3) 10G switch with 80G throughput and an 1G router in one device, and it's not advertised as anything more than that.
by xvo
Thu Jul 22, 2021 3:26 pm
Forum: Beginner Basics
Topic: Can't get over 1G on CRS309 10G ports
Replies: 5
Views: 1725

Re: Can't get over 1G on CRS309 10G ports

It's not a router, it's a switch, and it has non-blocking switching throughput of 81 Gbps. On it's CPU with ROS6 it can route something a little less than 1Gbit: https://mikrotik.com/product/crs309_1g_8s_in#fndtn-testresults When ROS7 will be out, this switch will support L3-hw-offoading, so it will...
by xvo
Thu Jul 22, 2021 2:03 pm
Forum: Beginner Basics
Topic: Can't get over 1G on CRS309 10G ports
Replies: 5
Views: 1725

Re: Can't get over 1G on CRS309 10G ports

The bond interfaces are set to balanced-rr on both ends (the servers run Linux).
Balance-rr can't be hw-offloaded, so it is procesed by switch's CPU - hence the bottleneck.
Use LACP or balance-xor.
by xvo
Thu Jul 22, 2021 12:12 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

Looks like the A72 is actually faster than the A57, so that's bad. https://en.wikipedia.org/wiki/ARM_Cortex-A72?wprov=sfla1 A72 in RB5009 is clocked at 1.4Ghz, while A57 in CCR2004 runs at 1.7Ghz. And I don't know how, but according to PDFs CCR is still far more powerful. What's also sad is that it...
by xvo
Wed Jul 21, 2021 11:44 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

Does anyone know what processor the 2004 uses?
Annapurna Labs AL32400: 4x1.7Ghz Cortex A57.
by xvo
Wed Jul 21, 2021 3:01 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

But if there was a RB5018UG+S+RM ... I'd be in the line for one already ;-)
Actually, google for CCR2004-16G-2S+

;)
by xvo
Wed Jul 21, 2021 1:22 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

I guess that enclosure as it is is to offer enough cooling surface ...
Sure, but there can be other cooling solutions - for example like on CCR1009 PC version.
But if there was a RB5018UG+S+RM ... I'd be in the line for one already ;-)
Yes, please! :)
by xvo
Wed Jul 21, 2021 11:49 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91906

Re: MikroTik RB5009UG+S+IN

They are moving in the right direction.
Although I would prefer ethernet ports in 2x4 block and an enclosure similar to CRS112/CSS610.
by xvo
Tue Jul 20, 2021 5:05 pm
Forum: Wireless Networking
Topic: Feature Request - Zigbee
Replies: 9
Views: 5644

Re: Feature Request - Zigbee

Why not just use a Raspberry Pi with a ZZH! and zigbee2mqtt? Isn'r RPi a little overkill for a zigbee coordinator only? It is ok if you host an automation server on it at the same time, but that's not always the case. There are even better all-in-one solutions for that purpose, but I would definite...
by xvo
Tue Jul 20, 2021 11:41 am
Forum: Wireless Networking
Topic: Feature Request - Zigbee
Replies: 9
Views: 5644

Re: Feature Request - Zigbee

Yes, I would also like to see a zigbee gateway/router from Mikrotik - for example, wAP R with a zigbee module, just the same as for LoRa.
With both PoE-in and power jack it could work either wired or wireless, depending on current installation.
by xvo
Tue Jul 13, 2021 7:54 pm
Forum: RouterBOARD hardware
Topic: new AP - cAP XL ac - spotted on fcc site
Replies: 19
Views: 9936

Re: new AP - cAP XL ac - spotted on fcc site

2x2? What's XL about that? :)

And as it is named RBcAPGi-5acD2nD-XL, It is definitely not an AX device.

if it is IPQ6018 (2x2+2x2) or IPQ8074 (8x8+4x4) based...
Same IPQ4018 according to the photos.
by xvo
Mon Jul 12, 2021 4:14 pm
Forum: General
Topic: pi hole after mikrotik router - get remote IP?
Replies: 8
Views: 1896

Re: pi hole after mikrotik router - get remote IP?

Ok. Now I get it. And there is absolutely no way for pi-hole to see local addresses of the devices behind mikrotik#2 if it performs src-nat for such connections. Establish a tunnel between two mikrotik routers (with no nat performed on both sides) and let dns requests go through this tunnel. That wo...
by xvo
Mon Jul 12, 2021 2:47 pm
Forum: General
Topic: pi hole after mikrotik router - get remote IP?
Replies: 8
Views: 1896

Re: pi hole after mikrotik router - get remote IP?

Probably you have an another improperly configured src-nat/maquerade rule as well.
For example for hairpin nat.
by xvo
Sun Jul 11, 2021 12:27 pm
Forum: RouterBOARD hardware
Topic: Uncertainty before buying equipment (MikroTik CRS112-8P-4S-IN) [SOLVED]
Replies: 7
Views: 3433

Re: Uncertainty before buying equipment (MikroTik CRS112-8P-4S-IN) [SOLVED]

that the switch would be very bad (throughput performance) if you enable some basic features (like: VLAN). Depending on what you call "basic features". If that's L3 (routing) features: routing, firewall, NAT, then yes, it's not a powerful router at all, although it can do all that. Talkin...
by xvo
Thu Jul 08, 2021 8:36 pm
Forum: RouterOS beta
Topic: mDNS repeater feature
Replies: 330
Views: 99473

Re: mDNS repeater feature

Of course, you can configure the firewall to allow traffic only from VLAN ID 10 to 20, but backward - only within the established connections (btw, it won't work in case of mDNS due to multicast), but IMHO that's overcomplicated. Surely that is one of the necessary precautions. And that's where mDN...
by xvo
Thu Jul 08, 2021 3:27 pm
Forum: RouterOS beta
Topic: mDNS repeater feature
Replies: 330
Views: 99473

Re: mDNS repeater feature

@normis, basically some users, like me, want to isolate IoT devices by the L2 domain. but still allowing some connections to start from the trusted side.
some times all this Ch***** crap you will never know...
Perfectly valid point.
by xvo
Tue Jul 06, 2021 8:10 pm
Forum: RouterBOARD hardware
Topic: RB4011iGS+RM POE port only for power ? [SOLVED]
Replies: 2
Views: 2385

Re: RB4011iGS+RM POE port only for power ? [SOLVED]

Of course it can be used for both data and power.
And it is also true for PoE-out port.
by xvo
Tue Jun 29, 2021 3:43 pm
Forum: General
Topic: Allow IPIP from any address in network
Replies: 6
Views: 1098

Re: Allow IPIP from any address in network

Probably it would be better to create a script that will look for incoming GRE packets and create an IPIP tunnel for that address, and another one that will remove unused tunnels once in a while.
by xvo
Mon Jun 28, 2021 7:06 pm
Forum: General
Topic: Resolve domain name with local DNS
Replies: 10
Views: 11320

Re: Resolve domain name with local DNS

I tried and I added a static DNS entry in IP/DNS/ :
  • Name: mydomain.com
  • Address: 192.168.0.100

But the problem wasn't resolved.
That means your PC doesn't use your mikrotik as DNS server.
by xvo
Fri Jun 25, 2021 4:34 pm
Forum: Beginner Basics
Topic: Serial console connection to M33G won't work
Replies: 6
Views: 1586

Re: Serial console connection to M33G won't work

It can't be a pinout problem as I'm getting console output over serial during the boot process That don't mean anything, if your input pin is misplaced you won't get any output either if the device is just working normally. You can check the output by triggering some log entries that have "ech...
by xvo
Tue Jun 22, 2021 9:30 pm
Forum: General
Topic: ip fireall nat and filter question [SOLVED]
Replies: 6
Views: 1176

Re: ip fireall nat and filter question [SOLVED]

1. It will make a difference only if you use plain ipsec with policies that involve not only the routers own addresses.

2. By chain. However single packet can't be processed by both input and forward chain, so it will be either 1,3 or 2, but not 1,3,2.
by xvo
Fri May 28, 2021 8:13 pm
Forum: Forwarding Protocols
Topic: Summarization of OSPF routes
Replies: 8
Views: 3016

Re: Summarization of OSPF routes

By "stretch" - I mean exactly stretch - make it thinner, but longer. :)

Backbone should be exactly what it is named - some high-bandwidth links between high-capacity routers that serve only to interconnect other areas.
by xvo
Fri May 28, 2021 6:44 pm
Forum: Forwarding Protocols
Topic: Summarization of OSPF routes
Replies: 8
Views: 3016

Re: Summarization of OSPF routes

Well, looking at you picture: indeed, you can use virtual link for additional area on the pppoe server in area 1, but not the one on area 2. So you might need to redesign your network somehow - to “stretch” your backbone. Probably have a partitioned backbone. This might be even more true, having you...
by xvo
Fri May 28, 2021 2:02 pm
Forum: Forwarding Protocols
Topic: Summarization of OSPF routes
Replies: 8
Views: 3016

Re: Summarization of OSPF routes

Use separate area for PPPoE server only.
by xvo
Thu May 27, 2021 5:47 pm
Forum: Beginner Basics
Topic: Serial console connection to M33G won't work
Replies: 6
Views: 1586

Re: Serial console connection to M33G won't work

IIRC when I was trying to make my own db9 to rj45 adapter for CCRs I ended up with only 3 pins connected - TX, RX and GND and it worked fine with the same usb to rj45 serial, that works with other mikrotiks with rj45 port. But don’t have it at hand at the moment, so can’t help you with exact pinout....
by xvo
Thu May 27, 2021 12:45 pm
Forum: Beginner Basics
Topic: Serial console connection to M33G won't work
Replies: 6
Views: 1586

Re: Serial console connection to M33G won't work

At least console should run on the port in question.
by xvo
Wed May 26, 2021 12:25 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 111
Views: 69439

Re: v6.48.3 [stable] is released!

Are you planning to add the ability to subscribe and not only publish?
by xvo
Tue May 25, 2021 6:21 pm
Forum: RouterBOARD hardware
Topic: Looking for router recommendations
Replies: 3
Views: 1392

Re: Looking for router recommendations

RB760iGS (hEX S) can do close to 900mbit with fasttrack, but that's about its max and will highly depend on the config.
So i'd say RB4011 is a better choice.
by xvo
Tue May 25, 2021 2:14 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 242079

Re: v7.1beta6 [development] is released!

For anyone struggling with OSPF interface-templates. Setting interfaces=all (instead of unset interfaces ) works too if you want to specify only networks. And vice versa - setting networks=0.0.0.0/0 (instead of unset networks ) works if you want to specify interfaces directly. This way it won't rese...
by xvo
Tue May 25, 2021 1:53 pm
Forum: RouterOS beta
Topic: 7.0beta6 OSPFv3 CPU hog
Replies: 5
Views: 1805

Re: 7.0beta6 OSPFv3 CPU hog

All the above works for v2, so I guess there is something else that stops v3 from working.

So I should probably duplicate that info into the beta6 thread, as it is not quite relevant here.
by xvo
Tue May 25, 2021 1:39 pm
Forum: RouterOS beta
Topic: 7.0beta6 OSPFv3 CPU hog
Replies: 5
Views: 1805

Re: 7.0beta6 OSPFv3 CPU hog

BTW, all of the below works: 1) Specifying an interface and manually unsetting networks. 2) Specifying networks and manually unsetting interfaces. 3) Specifying both valid networks and interfaces (that fall into that network). So I guess the problem with choosing if a template can be applied to an i...
by xvo
Mon May 24, 2021 9:08 am
Forum: RouterBOARD hardware
Topic: Add +1 here if you liked "white brick" mikrotik design
Replies: 10
Views: 2242

Re: Add +1 here if you liked "white brick" mikrotik design

+1

I also prefer the “old” design to the “new” one.
by xvo
Sun May 23, 2021 7:06 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 242079

Re: v7.1beta6 [development] is released!

Thanks for clarification!
by xvo
Sat May 22, 2021 3:04 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 242079

Re: v7.1beta6 [development] is released!

I'd guess this setting will just be silently ignored on other-than-CRS3xx devices. That's what I thought too. And that is how that should be. But given the beta state there is still a possibility, that it currently might break something if set on the improper device and not handled properly by os. ...
by xvo
Sat May 22, 2021 1:41 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 242079

Re: v7.1beta6 [development] is released!

I wonder what exactly the new option hw-offload=yes in firewall action=fasttrack rule do?
I guess it is added so we can choose which of fasttracked connection to be L3 HW Offloaded on CRS3XX.
But does setting it to yes/no change anything on other devices, that don't have L3 HW Offloading?
by xvo
Fri May 21, 2021 12:22 am
Forum: General
Topic: Router OS higher than Long Term Release!
Replies: 14
Views: 1433

Re: Router OS higher than Long Term Release!

The factory firmware is higher than long term. I've tried to downgrade it, but it does not allow it. Then I think it won't let you downgrade the software lower than factory software as well. But if it does, just use factory firmware - it is probably the same firmware anyway, with only the number ch...
by xvo
Thu May 20, 2021 10:46 pm
Forum: General
Topic: Router OS higher than Long Term Release!
Replies: 14
Views: 1433

Re: Router OS higher than Long Term Release!

To clear this out: is it factory firmware/software or current firmware/software higher then long-term version?
by xvo
Wed May 19, 2021 1:27 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 242079

Re: v7.1beta6 [development] is released!

The fallback to CPU applies only to a situation when the total number of routes exceeds the maximum. Otherwise, everything can be routed by the hardware, including the default gateway(-s). Great, thanks! That makes the huge new field of how to use the mentioned switches. Probably you should rephras...
by xvo
Wed May 19, 2021 12:51 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 242079

Re: v7.1beta6 [development] is released!

From newly added part about L3 HW offloading on Marvell DX3000/2000 Series chips: https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading *1 Since total amount of routes that can be offloaded is very limited, prefixes with higher netmask are preferred to be forwarded by hardware (e.g /32 /...
by xvo
Wed May 19, 2021 10:52 am
Forum: RouterBOARD hardware
Topic: RB750Gr2 block diagram (AKA old HEX) [SOLVED]
Replies: 3
Views: 2439

Re: RB750Gr2 block diagram (AKA old HEX) [SOLVED]

First result of RB750Gr2 on Google...

https://mikrotik.com/product/RB750r2#fndtn-downloads
And the link points to RB750r2 (hEX lite) not RB750Gr2 ("old" hEX)...
by xvo
Mon May 17, 2021 5:46 pm
Forum: RouterBOARD hardware
Topic: CRS112 PoE out will not power SXTsq w/48v power
Replies: 3
Views: 1336

Re: CRS112 PoE out will not power SXTsq w/48v power

All of the SXTsq require 10-28V or 10-30V Passive PoE, so in order to be powered by CRS112 you need to use the stock 28V PSU with it as well, not only the 48V one.
by xvo
Mon May 17, 2021 4:41 pm
Forum: General
Topic: ISP says that I can't connect my ONT device [SOLVED]
Replies: 2
Views: 1503

Re: ISP says that I can't connect my ONT device [SOLVED]

There is a possibility, that you can overcome it, but not with mikrotik ONT for sure. Try searching the forum - there is a large thread about suitable ONTs in SFP form-factor and the overall procedure. Might be possible with your ISP, might be not. Keep in mind that you will still need to get a devi...
by xvo
Fri May 14, 2021 8:30 pm
Forum: General
Topic: Option "!" Does not work in rules with a drop action. [SOLVED]
Replies: 11
Views: 2252

Re: Option "!" Does not work in rules with a drop action. [SOLVED]

Meant this: +(3) (1) add action=accept chain=forward connection-state=established,related (2) add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN (3) add action=drop chain=forward in-interface-list=WAN As I already said, no surprise it won't work - ...
by xvo
Fri May 14, 2021 8:19 pm
Forum: General
Topic: Option "!" Does not work in rules with a drop action. [SOLVED]
Replies: 11
Views: 2252

Re: Option "!" Does not work in rules with a drop action. [SOLVED]

Port forwarding won't work! Sure it will. That's the part of the default config, and it works perfectly fine. But the second rule is not needed for port forwarding to work. Yes, it is not needed for port forwarding, but it bears part of the "meaning" of the initial rule (2) (with !dstnat).
by xvo
Fri May 14, 2021 7:52 pm
Forum: General
Topic: Option "!" Does not work in rules with a drop action. [SOLVED]
Replies: 11
Views: 2252

Re: Option "!" Does not work in rules with a drop action. [SOLVED]

This symbol (!) Means not .. (1) add action=accept chain=forward connection-state=established,related (2) add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN (3) add action=drop chain=forward in-interface-list=WAN comment="drop all else" S...
by xvo
Fri May 14, 2021 7:36 pm
Forum: General
Topic: Option "!" Does not work in rules with a drop action. [SOLVED]
Replies: 11
Views: 2252

Re: Option "!" Does not work in rules with a drop action. [SOLVED]

This: (1) add action=accept chain=forward connection-state=established,related (2) add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN Is more or less equal to this: (1) add action=accept chain=forward connection-state=established,related (2) add act...
by xvo
Fri May 14, 2021 7:20 pm
Forum: General
Topic: Option "!" Does not work in rules with a drop action. [SOLVED]
Replies: 11
Views: 2252

Re: Option "!" Does not work in rules with a drop action. [SOLVED]

This symbol (!) Means not .. (1) add action=accept chain=forward connection-state=established,related (2) add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN (3) add action=drop chain=forward comment="drop all else" Should this work in you...
by xvo
Wed May 05, 2021 10:14 pm
Forum: RouterBOARD hardware
Topic: SFP+ between HEXS and CSS610-8G-2S+
Replies: 4
Views: 1769

Re: SFP+ between HEXS and CSS610-8G-2S+

Passive (copper) DAC will not work if the two sides mismatch in speed.
Mikrotik's DAC works perfectly fine from CCR1009's SFP+ to CRS112's SFP if autoneg is disabled and speed set to 1gbit.
So even if it is not the case here, it is still not an universal rule.
by xvo
Tue Apr 13, 2021 8:55 am
Forum: Wireless Networking
Topic: Why is CAP AC wifi speed always lower than half of spec? [SOLVED]
Replies: 5
Views: 2816

Re: Why is CAP AC wifi speed always lower than half of spec? [SOLVED]

What specs?

350-400mbit is actually very good performance as for cAP ac, as for PHY rate of 866Mbps in general.
by xvo
Mon Apr 12, 2021 10:02 am
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 5313

Re: RB5011?

The main problem is, If there is switch in CCR2004 people won't buy CRS309 or such devices. There is absolutely no need to combine router with the switch for devices of this grade. For routing you buy a router, for switching - a switch (or multiple ones). CCR2004 is capable of routing the network w...
by xvo
Fri Apr 09, 2021 7:11 pm
Forum: General
Topic: Slow speed for marked traffic through WAN2
Replies: 4
Views: 2744

Re: Slow speed for marked traffic through WAN2

Fasttrack has to be disabled for traffic that need to go through mangle - in your case it is enough to add condition routing-table=main to fasttrack rule. Or as the conditions you use in your mangle rules are as simple as a single src-address you could follow @anav's advice and replace mangle with r...
by xvo
Thu Apr 08, 2021 2:17 am
Forum: Beginner Basics
Topic: Mikrotik Switch - it is not a switch?
Replies: 30
Views: 7059

Re: Mikrotik Switch - it is not a switch?

If it's like most Mikrotik routers, with the default configuration, port 1 will be configured as the WAN port and everything else connected in a bridge.
CRS switches has different default configuration.
All ports bridged, and, if I remember correctly, a static IP assigned to that bridge.
by xvo
Thu Apr 08, 2021 2:10 am
Forum: RouterBOARD hardware
Topic: What exactly is the "RJ11 passthrough" in wsAP?
Replies: 3
Views: 1646

Re: What exactly is the "RJ11 passthrough" in wsAP?

It is exactly what it is named: a passthrough - one port on one side, and one on the other.
With no connection to the rest.
by xvo
Tue Apr 06, 2021 12:10 am
Forum: Wireless Networking
Topic: How to enable Bridge VLAN Filtering on a wireless access-list rule?
Replies: 15
Views: 4917

Re: How to enable Bridge VLAN Filtering on a wireless access-list rule?

/interface bridge vlan add bridge=bridge-local untagged=wlan1 vlan-ids=10 set bridge=bridge-local tagged=bridge-local [find vlan-ids=10] /interface bridge port set bridge=bridge-local ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged [find interface=wlan1] These two parts ar...
by xvo
Mon Apr 05, 2021 9:41 pm
Forum: Wireless Networking
Topic: How to enable Bridge VLAN Filtering on a wireless access-list rule?
Replies: 15
Views: 4917

Re: How to enable Bridge VLAN Filtering on a wireless access-list rule?

The question is how Bridge VLAN filtering works in such configuration, how can I enable it if needed?
Same as in any other situation.
In scenario you describe you should treat your wlan-interface as just another trunk port: tagged for all the needed vlans.
by xvo
Sun Apr 04, 2021 7:44 pm
Forum: General
Topic: Dude and winbox port
Replies: 6
Views: 1097

Re: Dude and winbox port

It's a long known limitation and the only reason it is still not fixed is that at least for few years now mikrotik don't develop dude at all.
We all wait for it to change, but that's how it is at the moment.
by xvo
Sun Apr 04, 2021 6:56 pm
Forum: General
Topic: Dude and winbox port
Replies: 6
Views: 1097

Re: Dude and winbox port

You can create shortcuts to run external applications from the dude map or device properties, but that won't help the dude itself to connect to the device.
by xvo
Sun Apr 04, 2021 6:29 pm
Forum: General
Topic: Dude and winbox port
Replies: 6
Views: 1097

Re: Dude and winbox port

Use dstnat on the target device.
by xvo
Thu Apr 01, 2021 12:07 pm
Forum: General
Topic: 10Gbe DAC on CRS326-24G-2S+
Replies: 2
Views: 628

Re: 10Gbe DAC on CRS326-24G-2S+

Bandwidth test itself is a resource-intensive operation, while CRS326 is not very powerful CPU-wise - try testing through the devices, not from one to another.
by xvo
Wed Jan 20, 2021 1:31 pm
Forum: Beginner Basics
Topic: Dividing one routerboard making it two separate wan routers
Replies: 6
Views: 2710

Re: Dividing one routerboard making it two separate wan routers

What you need is VRF.
Divide your ports into two separate VRF instances and each one will use it's own routing table.
by xvo
Wed Jan 20, 2021 1:27 pm
Forum: General
Topic: ASK {switch chip}
Replies: 13
Views: 2269

Re: ASK {switch chip}

You are welcome!
by xvo
Tue Jan 19, 2021 10:44 pm
Forum: General
Topic: ASK {switch chip}
Replies: 13
Views: 2269

Re: ASK {switch chip}

A 5-port switch chip kind of is a 6-port switch chip actually, with one of the ports leading to CPU. And the access to the router itself, router's wifi, another switch chip, possibly firewall (if needed) - all this is behind this port. In most of the cases if you need to send a packet from ethernet ...
by xvo
Tue Jan 19, 2021 8:07 pm
Forum: Wireless Networking
Topic: Russia regulatory domain + UNII-3 channels
Replies: 6
Views: 2125

Re: Russia regulatory domain + UNII-3 channels

Yes, I've read the document. Mikrotik's definitions of indoor/outdoor don't correlate with it (leaving the fact that they are weird by nature) - but overall frequency range is right. Which is the most important part, anyway. You can choose both standard and non-standard center frequencies. No surpri...
by xvo
Tue Jan 19, 2021 4:41 pm
Forum: Wireless Networking
Topic: Russia regulatory domain + UNII-3 channels
Replies: 6
Views: 2125

Re: Russia regulatory domain + UNII-3 channels

Actually 6425 is right: https://digital.gov.ru/ru/appeals/faq/366/

And for indoors/outdoors there is definitely some misunderstanding, not only for "russia4" region: either on mikrotik's side, or on how mikrotik treats the whole thing, so just use "any".
by xvo
Tue Jan 19, 2021 12:24 pm
Forum: General
Topic: ASK {switch chip}
Replies: 13
Views: 2269

Re: ASK {switch chip}

Depends on whether you expect vlan 99 packets reach the cpu tagged or tagless (this way they get there tagged): do you have a vlan interface, or the address is attached directly to the bridge? Also config of 8227 is also relevant (the one on the other side, not on 2011), for probably it’s the one th...
by xvo
Tue Jan 19, 2021 11:02 am
Forum: General
Topic: ASK {switch chip}
Replies: 13
Views: 2269

Re: ASK {switch chip}

That doesn't look right to me: in case of 8227 default-vlan-id should be set for ether6 and ether10 too. However, for 8327 that would be the right way (except setting vlan-header to anything other than leave-as-is won't take effect). Also I see settings for switch2 cpu are missing, which also can't ...
by xvo
Tue Jan 19, 2021 10:30 am
Forum: General
Topic: ASK {switch chip}
Replies: 13
Views: 2269

Re: ASK {switch chip}

@xvo from your last can i get conclusion that we can't play around with different switch chips. It must to be same, on both ends, and also how you mind differently? Nope. Of course there can be different switch chips. One device does't care what is other device's switch chip. It's just you don't co...
by xvo
Tue Jan 19, 2021 10:27 am
Forum: Wireless Networking
Topic: Russia regulatory domain + UNII-3 channels
Replies: 6
Views: 2125

Re: Russia regulatory domain + UNII-3 channels

What about the latest "russia4"?
by xvo
Tue Jan 19, 2021 8:30 am
Forum: General
Topic: ASK {switch chip}
Replies: 13
Views: 2269

Re: ASK {switch chip}

Surely not, but vlans on Atheros8327 and Atheros8227 are configured a little bit differently.
by xvo
Tue Jan 12, 2021 2:26 pm
Forum: SwOS
Topic: 260GSP vs. CSS106-1G-4P-1S
Replies: 12
Views: 11274

Re: 260GSP vs. CSS106-1G-4P-1S

STM32F107xxx is not a switch chip it's the CPU.
by xvo
Tue Dec 29, 2020 10:09 pm
Forum: General
Topic: Tis the Season
Replies: 9
Views: 1629

Re: Tis the Season

Cheers!
by xvo
Sat Dec 26, 2020 11:21 am
Forum: RouterBOARD hardware
Topic: Which router with NAT/Masquerading Performance > 1Gbps
Replies: 9
Views: 4060

Re: Which router with NAT/Masquerading Performance > 1Gbps

this will have to involve NAT/Masquerading...a feature I was not able to gahther info, whether this will be hardware accelerated on MT (some or in general) devices or not. No it won't. All current mikrotik routers don't do NAT in HW. (Only some of mikrotik switches can do HW NAT in ROS7 now, but on...
by xvo
Thu Dec 24, 2020 6:12 pm
Forum: Beginner Basics
Topic: Setting to NOT connect automatically on boot
Replies: 3
Views: 855

Re: Setting to NOT connect automatically on boot

You can create a scheduler script that will run at boot and disable interfaces in question (or do anything else you need).
by xvo
Thu Dec 24, 2020 11:03 am
Forum: Beginner Basics
Topic: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]
Replies: 18
Views: 9623

Re: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]

1) You can create second l2tp-tunnel through the second wan connection the same way and revert to lookup-only-in-table for both of them: switching routes between two tunnels will be much faster than rebuilding the tunnel. Especially if OSFP + BFD can be used on top of that. 2) You need this address ...
by xvo
Wed Dec 23, 2020 10:17 pm
Forum: Beginner Basics
Topic: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]
Replies: 18
Views: 9623

Re: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]

You can try, if it's the only l2tp connection originated by the router.
Mangle output and srcnat chains are at your service.
But I don't see in what way is it simpler.
by xvo
Wed Dec 23, 2020 8:41 pm
Forum: Beginner Basics
Topic: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]
Replies: 18
Views: 9623

Re: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]

Two possibilities: 1) Create a loopback interface (empty bridge) and assign this random/unused address there. That should work. 2) Add a script to PPP profile used for PPPoE to update the address in l2tp-client and route rule any time it changes. Anyway, try to make it work with you current dynamiс ...
by xvo
Wed Dec 23, 2020 6:51 pm
Forum: Beginner Basics
Topic: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]
Replies: 18
Views: 9623

Re: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]

1) Fill the src-address field in l2tp-client.
2) Use /ip route rule (lookup-only-in-table) to force connections originated from this ip to desired routing table.
by xvo
Tue Dec 22, 2020 12:01 am
Forum: General
Topic: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]
Replies: 35
Views: 9336

Re: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]

This approach would be so much easier to understand for idiots like me. I kept thinking that the Network Address was on top. Sure, but again, as already stated, it would require to specify both values. And with the current approach the only occasion when you need to specify network manually is when...
by xvo
Mon Dec 21, 2020 11:48 pm
Forum: General
Topic: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]
Replies: 35
Views: 9336

Re: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]

Can you confirm that this is the correct setting for a XXX.128/25 subnet?
Yes it is.
And you don't even need to specify the network - it will be automatically calculated from XXX.129/25 address/mask.
by xvo
Mon Dec 21, 2020 11:40 pm
Forum: General
Topic: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]
Replies: 35
Views: 9336

Re: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]

but for anything that starts with a 0/XX, the Network Address get set to 1/XX.
No it's not.
Your own screenshot:
network.jpg
by xvo
Mon Dec 21, 2020 11:37 pm
Forum: General
Topic: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]
Replies: 35
Views: 9336

Re: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]

This is how my router defines the Network Address out of the box, not as 0/24, but as 1/24. If I change it to 0/24, the subnet stops working. I am crazy at this point? Untitled.jpg At your screenshot it defines your router's address - 192.168.88.1, your network address - 192.168.88.0 and your subne...
by xvo
Mon Dec 21, 2020 11:26 pm
Forum: General
Topic: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]
Replies: 35
Views: 9336

Re: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]

At this point it feels like I'm talking to a wall. I REALIZE how it works, I'm saying that if you gave a monkey an example of XXX.XXX.XXX.0/25 Subnet >>> XXX.XXX.XXX.1/25 Network Address and told it to replace it on .128/25, it would make it like so: XXX.XXX.XXX.128/25 Subnet >>> XXX.XXX.XXX.129/25...
by xvo
Mon Dec 21, 2020 3:30 pm
Forum: General
Topic: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]
Replies: 35
Views: 9336

Re: What is the difference between 192.168.88.1/24 and 192.168.88.0/24 address list? [SOLVED]

There are no exceptions here.

XXX.XXX.XXX.128/25 is not a valid address for a device, just as XXX.XXX.XXX.0/25

They are both reserved to be a network address.

Same for XXX.XXX.XXX.127/25 and XXX.XXX.XXX.255/25 which are broadcast addresses for these two networks.
by xvo
Sat Dec 19, 2020 4:55 pm
Forum: General
Topic: RB760iGS - Very Slow transfer speeds vlan to vlan and cpu usage is just 30%
Replies: 7
Views: 2577

Re: RB760iGS - Very Slow transfer speeds vlan to vlan and cpu usage is just 30%

1) Inter-VLAN traffic should be fasttracked on hEX (and you need to enable Fast Path in IP -> Settings for it to work). It is not powerful enough to route full gigabit without it. 2) As you are using one of the ports outside of the bridge for uplink, and SFP port as part of the bridge, the CPU <-> S...
by xvo
Sat Dec 19, 2020 12:08 am
Forum: General
Topic: RB4011 Inter-VLAN routing performance
Replies: 17
Views: 5482

Re: RB4011 Inter-VLAN routing performance

Fastpath is not enabled, does this have to be working for fastrack to work correctly? Yes, it absolutely does. That should be the solution to your problem. I have VLAN filtering enabled on the router. From what i was reading if vlan filtering is enabled fastpath is disabled. Fastpath is used by dif...
by xvo
Fri Dec 18, 2020 10:17 am
Forum: General
Topic: RB4011 Inter-VLAN routing performance
Replies: 17
Views: 5482

Re: RB4011 Inter-VLAN routing performance

I am fairly certain it catching and processing the packets through those rules as when i run my iperf test now i see a massive spike in bytes and packets on those to rules in Winbox only during the duration of the test. Something is definitely wrong, the fasttrack rule should be hitted only once pe...
by xvo
Fri Dec 18, 2020 10:00 am
Forum: RouterOS beta
Topic: Feature Request: Proper support for RTL8367
Replies: 5
Views: 3639

Re: Feature Request: Proper support for RTL8367

While the chip seems to support up to 32 VLANs in hardware the functionality is not exposed in ROS. Most likely the switch chip vlan layer is used inside ROS to provide individual (non-switched) ports functionality. And as the switch chip can't do vlan stacking, there is simply no additional vlan l...
by xvo
Thu Dec 17, 2020 11:46 am
Forum: RouterBOARD hardware
Topic: HELP: POE OUTPUT
Replies: 3
Views: 1041

Re: HELP: POE OUTPUT

UAP-AC-HD needs more than 44V according to datasheet, so 48V power supply is needed anyway.
And no passive poe support is mentioned at all.
So no guarantee it will work from 4011 at all.
Better wait for someone who actually tried it to confirm.
by xvo
Thu Dec 17, 2020 9:57 am
Forum: General
Topic: RB4011 Inter-VLAN routing performance
Replies: 17
Views: 5482

Re: RB4011 Inter-VLAN routing performance

Established/related etc are states between WAN - LAN etc. not from VLAN to VLAN. Why do you think VLAN to VLAN traffic if somehow special? For multiple connections the device should utilise more than one core. But still, this is the kind of traffic you should apply fasttrack to, in order to increas...
by xvo
Mon Dec 14, 2020 5:58 pm
Forum: Scripting
Topic: VPN up/down scripts username variable [SOLVED]
Replies: 2
Views: 1318

Re: VPN up/down scripts username variable [SOLVED]

$user
by xvo
Mon Dec 14, 2020 11:25 am
Forum: Scripting
Topic: WoL triggered by VPN client connection
Replies: 2
Views: 1311

Re: WoL triggered by VPN client connection

There is a dedicated tab for that in ppp profile settings:
ppp-profile-scripts.jpg
by xvo
Sat Dec 12, 2020 1:30 pm
Forum: General
Topic: Ip addresses through Mikrotik takes the router's ip
Replies: 20
Views: 3500

Re: Ip addresses through Mikrotik takes the router's ip

If the static DNS records provided by the router are simple to distinguish, you can use matching of the queries to regular expressions listed under /ip firewall layer7-protocol to make the action=dst-nat rule selective: what needs to be answered by the external DNS server will be redirected (dst-na...
by xvo
Sat Dec 12, 2020 12:31 pm
Forum: General
Topic: Ip addresses through Mikrotik takes the router's ip
Replies: 20
Views: 3500

Re: Ip addresses through Mikrotik takes the router's ip

I changed the IP of the DNS server to 10.10.10.1 and then used that address in the NAT it forwarded the request to that DNS server, but the IP entering the DNS server is still the IP of the router rather than the client's actual ip That was the solution to make NAT work, not for your initial proble...
by xvo
Fri Dec 11, 2020 2:32 pm
Forum: General
Topic: Ip addresses through Mikrotik takes the router's ip
Replies: 20
Views: 3500

Re: Ip addresses through Mikrotik takes the router's ip

What if I changed the IP of the DNS Server to a different range?
Yes, that is the best solution.
by xvo
Fri Dec 11, 2020 2:27 pm
Forum: General
Topic: Ip addresses through Mikrotik takes the router's ip
Replies: 20
Views: 3500

Re: Ip addresses through Mikrotik takes the router's ip

why if I use a public DNS IP in DST-NAT everything returns to normal but when I use a local IP like 0.33 everything stops? Because the local server sends the reply directly to the client (and the router has no chance to do the reverse translation), while the client waits for the answer from the rou...
by xvo
Fri Dec 11, 2020 2:22 pm
Forum: General
Topic: Ip addresses through Mikrotik takes the router's ip
Replies: 20
Views: 3500

Re: Ip addresses through Mikrotik takes the router's ip

yes i think I'll just have to live with that, i tried using NAT dst-nat but that didn't work at all the requests wouldn't resolve. Dst-nat could help you to forward the request to the server, and let the server answer instead of mikrotik. But you can either forward the request to the server (needed...
by xvo
Fri Dec 11, 2020 1:32 pm
Forum: General
Topic: Ip addresses through Mikrotik takes the router's ip
Replies: 20
Views: 3500

Re: Ip addresses through Mikrotik takes the router's ip

I can't do that there are some specific static DNS entries available on the router, required to be available.
Either move these entries to your server at .33, or you have to live with what you have now.
by xvo
Fri Dec 11, 2020 1:24 pm
Forum: General
Topic: Ip addresses through Mikrotik takes the router's ip
Replies: 20
Views: 3500

Re: Ip addresses through Mikrotik takes the router's ip

yes, exactly I set the router's DNS as 192.168.0.33 and "allowed remote requests" but all the requests coming to the DNS Server 0.33 are from the client IP 0.1(the router) i need them to be the source IP address not masked with the router's address. Use 192.168.0.33 as DNS server on your ...
by xvo
Wed Dec 09, 2020 10:59 am
Forum: Beginner Basics
Topic: Slow LAN transfer speeds through RB4011. [SOLVED]
Replies: 5
Views: 1676

Re: Slow LAN transfer speeds through RB4011. [SOLVED]

Probably RSTP is enabled on the bridge, and as a result hw-offloading is disabled.
by xvo
Sun Dec 06, 2020 11:33 pm
Forum: RouterOS beta
Topic: v7.1beta3 [development] is released!
Replies: 261
Views: 79108

Re: v7.1beta3 [development] is released!

Interestingly only 9 wired ports..
Probably 8-port switch + 10Gb combo-port.
Would be nice.
by xvo
Sat Dec 05, 2020 9:44 pm
Forum: Announcements
Topic: v6.47.8 [stable] is released!
Replies: 54
Views: 31305

Re: v6.47.8 [stable] is released!

Oh, it was my impression that this figure is the max EIRP per chain on that specific frequency. So subtract the antenna gain and you get the max output power per chain. Total, not per chain. And with antenna gain already subtracted. So for ac you can set this as tx-power. For n - might need to subt...
by xvo
Sat Dec 05, 2020 9:10 pm
Forum: Beginner Basics
Topic: Issues with Mikrotik hAP AC2
Replies: 17
Views: 6167

Re: Issues with Mikrotik hAP AC2

bpwl is bailing, would someone please explain his parting words, to me? Please? Bottom line: no one even cares if quickset is buggy, because no one is using it. At least for scenarios more complex, then the home ap. Simply no point - you will need to redo most of the config anyway, so why not start...
by xvo
Sat Dec 05, 2020 9:06 pm
Forum: Announcements
Topic: v6.47.8 [stable] is released!
Replies: 54
Views: 31305

Re: v6.47.8 [stable] is released!

You have "some" information in the status of the interface. Here 17dBm. That is shown only in tx-power-mode=regulatory-domain and that is simply maximum allowed tx-power. Don't even know if it is calculated from actual antenna gain, as you describe, or just hard-coded from the default ant...
by xvo
Sat Dec 05, 2020 5:00 pm
Forum: Announcements
Topic: v6.47.8 [stable] is released!
Replies: 54
Views: 31305

Re: v6.47.8 [stable] is released!

Is this a bug, but I can't see 5GHz Current Tx Power? It is working fine and devices are connected, but just can't see anywhere the transmit power.
The tab is just empty. in 2.4GHz it's filled with numbers.
It has nothing to do with the ROS version, this was always the case for 5GHz ac cards.
by xvo
Fri Dec 04, 2020 5:36 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 83
Views: 29810

Re: "antenna gain" missing in 6.46.8?

What most people really want is to enter simple value that lowers the gain proportionally for all modulations by a specified number. If I want 5dBm weaker signal, I just enter "5" and I get 5dBm less signal over all modulations and modes. Irregardless of regulation domain settings, MIMO c...
by xvo
Thu Dec 03, 2020 2:45 pm
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 60
Views: 30195

Re: Country Code [SOLVED]

ISSUE FIXED !!!

I'm now on MacOS 11.0.1 Big Sur.
But i assume the solution is the same on previous MacOS Versions
Nope.
Broadcom 4331 still needs kext modification on High Sierra.

So perhaps this is true only for some of wireless chips, or only for 11.0.1.
by xvo
Tue Dec 01, 2020 10:47 am
Forum: Forwarding Protocols
Topic: Disable ECMP on OSPF?
Replies: 8
Views: 3221

Re: Disable ECMP on OSPF?

Even if you somehow disable ECMP, you will still have "unpredictable routing".
Only instead of having ECMP routes, which at least are easily seen in the routing table, you can end up with asymmetric routes.
by xvo
Tue Dec 01, 2020 10:01 am
Forum: Forwarding Protocols
Topic: Disable ECMP on OSPF?
Replies: 8
Views: 3221

Re: Disable ECMP on OSPF?

If you don't care what path will be chosen between two points (which is the case, as you don't want to fine-tune the path costs), then why do you care if it is ECMP or not?
by xvo
Fri Nov 27, 2020 12:43 pm
Forum: RouterBOARD hardware
Topic: new hardware Wireless Wire nRAY 60 ghz
Replies: 76
Views: 23692

Re: new hardware Wireless Wire nRAY 60 ghz

If I remember correctly higher channels are available via CLI only.
by xvo
Wed Nov 25, 2020 8:33 pm
Forum: Beginner Basics
Topic: Manual DNS for individual clients? [SOLVED]
Replies: 6
Views: 3119

Re: Manual DNS for individual clients? [SOLVED]

Or create a more specific dhcp-server network(s) with different dns-server specified.
by xvo
Sun Nov 22, 2020 10:33 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 153552

Re: v7.1beta2 [development] is released!

Should i paid HALF of price?
Well, you kind of do...
Maybe even less, compared to other brands :)
by xvo
Sun Nov 22, 2020 4:05 pm
Forum: Beginner Basics
Topic: Network Speed Reduce
Replies: 6
Views: 1051

Re: Network Speed Reduce

Thanks, it is clear, what about the device - mAP 2nd is OK? Can I assign the same IP address on ehter1 and ether2, to avoid NAT, or there is some other trick? You don't need router for the task, any managed switch can do that. Or I think any unmanaged 100mbit one will do the trick too. And even if ...
by xvo
Sun Nov 22, 2020 1:29 pm
Forum: Beginner Basics
Topic: Network Speed Reduce
Replies: 6
Views: 1051

Re: Network Speed Reduce

port_speed.jpg
by xvo
Sun Nov 22, 2020 10:30 am
Forum: Beginner Basics
Topic: Network Speed Reduce
Replies: 6
Views: 1051

Re: Network Speed Reduce

If the device can work only on 10 or 100 it will autonegotiate at 10 or 100.
If for some reason autonegotiation doesn't work you can set the speed manually.
by xvo
Sat Nov 21, 2020 12:03 pm
Forum: Beginner Basics
Topic: CRS312-4C-8XG reboot loop & windows netinstall failure
Replies: 3
Views: 888

Re: CRS312-4C-8XG reboot loop & windows netinstall failure

I guess this is because netinstall is compiled for win32.
It is. Always forget about such limitations in newer macOS.
Using it myself on a machine that is still on High Sierra.
by xvo
Fri Nov 20, 2020 11:13 pm
Forum: Beginner Basics
Topic: CRS312-4C-8XG reboot loop & windows netinstall failure
Replies: 3
Views: 888

Re: CRS312-4C-8XG reboot loop & windows netinstall failure

You can run Netinstall with Wine.
by xvo
Thu Nov 19, 2020 11:24 pm
Forum: SwOS
Topic: CRS305 SFP+ connect speedtest
Replies: 2
Views: 3710

Re: CRS305 SFP+ connect speedtest

What exactly do you want to test? When testing by bandwidth test in ROS between two devices you are not really testing network performance, but rather CPU performance of the devices. To test bandwidth properly you should test through your devices, not between them. And you can do so for SwOS as well...
by xvo
Thu Nov 19, 2020 12:40 am
Forum: Wireless Networking
Topic: Audience wireless speed
Replies: 14
Views: 2693

Re: Audience wireless speed

Shouldn't this speed happen between the 2 clients? If they are both on the same wireless? Of course not: each frame needs at least twice the airtime to be transmitted - from A to AP and then from AP to B. So maximum you can get is 1/2 of what you have, when only one client is on wireless, and in re...
by xvo
Wed Nov 18, 2020 4:15 pm
Forum: Wireless Networking
Topic: Audience wireless speed
Replies: 14
Views: 2693

Re: Audience wireless speed

Curious enough, when both tested with Speedtest, each of them achieves ~470/25 Mbps, my contract being 500/25. Why do you find it curious: 230mbit between two wireless clients on one radio is actually more or less the same as 470mbit from one of them to outside network. To have the idea of maximum ...
by xvo
Wed Nov 18, 2020 3:28 pm
Forum: Announcements
Topic: MikroTik newsletter November 2020 (#98)
Replies: 65
Views: 32686

Re: MikroTik newsletter November 2020 (#98)

Not the wap ac LTE Kit (QCA9531).
Can't find any info on that one.
As I remember wAP ac LTE Kit was IPQ4018 from the start.
by xvo
Tue Nov 17, 2020 3:32 pm
Forum: Wireless Networking
Topic: netPower Lite 7R - Reverse POE misunderstanding!
Replies: 6
Views: 1718

Re: netPower Lite 7R - What a Disappointment?

Looks like you missed that it is kind of special reverse-PoE switch.
For PoE-out there are different models.
by xvo
Mon Nov 16, 2020 6:38 pm
Forum: General
Topic: Is there a way to log into admin panel if service on port 80 was accidentially turned off
Replies: 13
Views: 2165

Re: Is there a way to log into admin panel if service on port 80 was accidentially turned off

I've been trying to login from winbox for Win, but no luck.
And you are sure that you tried to connect by MAC, not by IP?
by xvo
Mon Nov 16, 2020 6:30 pm
Forum: General
Topic: hEX S does not respond on MGMT interface
Replies: 4
Views: 739

Re: hEX S does not respond on MGMT interface

As for hardware vlan issue, I see that now, but i cannot figure out how to do this without that. https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Management_access_configuration and for all your other vlan's: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#VLAN_Example_.231_.28Trunk_an...
by xvo
Mon Nov 16, 2020 6:26 pm
Forum: General
Topic: MikroTik HAP AC2 fails to link 1Gbps
Replies: 18
Views: 4168

Re: MikroTik HAP AC2 fails to link 1Gbps

Check, that you advertise 1000M:
ether1.jpg
by xvo
Mon Nov 16, 2020 5:02 pm
Forum: General
Topic: MikroTik HAP AC2 fails to link 1Gbps
Replies: 18
Views: 4168

Re: MikroTik HAP AC2 fails to link 1Gbps

Neither your hAP ac2, nor the device on either end is advertising 1Gbit.
by xvo
Mon Nov 16, 2020 4:58 pm
Forum: General
Topic: Is there a way to log into admin panel if service on port 80 was accidentially turned off
Replies: 13
Views: 2165

Re: Is there a way to log into admin panel if service on port 80 was accidentially turned off

I guess the easiest way if you disabled winbox and ssh as well is to try mac-winbox. It is controlled by different menu, so if you didn't have a chance to mess with it before proceeding to IP -> Services it should still be open from the LAN by default. Open winbox, go to the neighbours tab and wait ...
by xvo
Mon Nov 16, 2020 1:49 pm
Forum: RouterBOARD hardware
Topic: Question regarding Hex PoE (RB960PGS)
Replies: 3
Views: 1010

Re: Question regarding Hex PoE (RB960PGS)

TP-link is probably using different pairs when in Passive-PoE mode.
by xvo
Mon Nov 16, 2020 1:39 pm
Forum: General
Topic: hEX S does not respond on MGMT interface
Replies: 4
Views: 739

Re: hEX S does not respond on MGMT interface

hEX S doesn't support vlan filtering on switch chip.
Only on the bridge.
by xvo
Mon Nov 09, 2020 9:54 pm
Forum: General
Topic: iOS14 "Use Private Address" Random MAC (Default) and Time Restrictions
Replies: 25
Views: 5647

Re: iOS14 "Use Private Address" Random MAC (Default) and Time Restrictions

What makes access list an "enterprise solution" and why being "enterprise solution" is a "bad thing" in the first place?
by xvo
Mon Nov 09, 2020 6:19 pm
Forum: General
Topic: iOS14 "Use Private Address" Random MAC (Default) and Time Restrictions
Replies: 25
Views: 5647

Re: iOS14 "Use Private Address" Random MAC (Default) and Time Restrictions

One way to solve this problem is to use Static-only for the DHCP server. In this case, if users change their MAC address they will not be able to obtain an IP address. This will force them to disable the option in iOS settings. Also this will not work for all users, because some of them will set th...
by xvo
Sun Nov 08, 2020 10:16 am
Forum: Beginner Basics
Topic: Mysterious "denied winbox/dude connect from 117.202.126.x" log
Replies: 7
Views: 7700

Re: Mysterious "denied winbox/dude connect from 117.202.126.x" log

I doubt the CAPsMAN rule ,,,,, possible ?
Try ading src-address=127.0.0.1 to this rule as well.
by xvo
Tue Nov 03, 2020 10:42 pm
Forum: Virtualization
Topic: Hetzner CHR issue
Replies: 11
Views: 9623

Re: Hetzner CHR issue

Ok. Short googling tells that you need forced reboot at the end of procedure, not the "regular" one:
echo 1 > /proc/sys/kernel/sysrq
echo b > /proc/sysrq-trigger
From here (in Russian).
by xvo
Tue Nov 03, 2020 7:58 pm
Forum: Virtualization
Topic: Hetzner CHR issue
Replies: 11
Views: 9623

Re: Hetzner CHR issue

Try of=/dev/vda
If I remember correctly that helped me with Aruba Cloud.
by xvo
Tue Nov 03, 2020 7:01 pm
Forum: Beginner Basics
Topic: NAT + Tag/Untag multiple identical devices
Replies: 17
Views: 2045

Re: NAT + Tag/Untag multiple identical devices

I don't think you need bridges at all: just vlan-interfaces on top of each of ethernet ports.
It's not that you will be switching between to ports with vlan tag in mind, but rather untagging - routing - then tagging again.
by xvo
Tue Nov 03, 2020 1:20 pm
Forum: General
Topic: Help to load balancing for more than 4 wan
Replies: 2
Views: 518

Re: Help to load balancing for more than 4 wan

What's the difference between 4 and 6?
Just scale accordingly.

And if I recall correctly, you already posted the same question earlier?!
by xvo
Tue Nov 03, 2020 11:44 am
Forum: RouterBOARD hardware
Topic: SIM slot on wAP LR8 (LoRa) kit
Replies: 4
Views: 1328

Re: SIM slot on wAP LR8 (LoRa) kit

The sim slot is there to be used if you swap LoRa card for a 3G/4G modem card.
The kit is basically a wAP R device + LoRa card, so no modem included, and there is no way to use both (modem and LoRa) at the same time.
by xvo
Sat Oct 31, 2020 11:59 pm
Forum: RouterBOARD hardware
Topic: Connect non-PoE to Passive PoE output of cap ac?
Replies: 3
Views: 1172

Re: Connect non-PoE to Passive PoE output of cap ac?

You can use any PoE-out port on any of Mikrotik devices (except for PoE injectors) to connect a non-PoE device without any risk. If you don't manually put such port to poe-out=forced-on , but leave it on auto-on or off the power won't be applied to it. And it's clearly mentioned in the manual: https...
by xvo
Fri Oct 30, 2020 9:03 am
Forum: Beginner Basics
Topic: Default route gateway is unreachable
Replies: 5
Views: 10685

Re: Default route gateway is unreachable

I suggested OP (on the other forum) to add /ip route add dst-address=137.17.4.1/32 gateway=137.17.24.1 scope=10 And he already confirmed, that it resolved the issue. But per @Sob 's suggestion I would still add a lease script: to update this route instead, in case of gateway or network change (proba...
by xvo
Thu Oct 29, 2020 1:38 pm
Forum: General
Topic: Ports bridged, how to ip firewall per port?
Replies: 2
Views: 458

Re: Ports bridged, how to ip firewall per port?

Set use-ip-firewall=yes on the bridge or use bridge filter if it's capabilities are sufficient for your task.
by xvo
Wed Oct 28, 2020 11:05 pm
Forum: General
Topic: DHCP on VLAN [SOLVED]
Replies: 8
Views: 2920

Re: DHCP on VLAN [SOLVED]

Ok...so i need to add the switch cpu port in the vlan Table for VLAN-ID 20. But this also enables access to device management. What is a good strategy to get around this problem? There are multiple options how to restrict unwanted access to device itself: IP -> Firewall and IP -> Services for L3 ac...
by xvo
Wed Oct 28, 2020 9:27 pm
Forum: General
Topic: hAP AC VLAN Trunk with SFP
Replies: 7
Views: 1894

Re: hAP AC VLAN Trunk with SFP

Unfortunately the SFP-Port is not available in switch config mode. So you don't think it is possible to use near wirespeed config with a sfp Port? You are right. No it's not possible for SFP <-> other ports. But it should be possible to maintain wirespeed between other ports. I guess that's the sam...
by xvo
Wed Oct 28, 2020 8:54 pm
Forum: General
Topic: DHCP on VLAN [SOLVED]
Replies: 8
Views: 2920

Re: DHCP on VLAN [SOLVED]

No problem,
but i'm curious. What are the benefits or downsides to each of those methods.
I could not find any definite answer on it in the mikrotik documentation.
Just answered the same question in a similar topic: viewtopic.php?f=2&t=168221&p=825432#p825432
by xvo
Wed Oct 28, 2020 8:52 pm
Forum: General
Topic: hAP AC VLAN Trunk with SFP
Replies: 7
Views: 1894

Re: hAP AC VLAN Trunk with SFP

You are mixing two configuration possibilities together: bridge vlan filtering (which is done in software on this device) and switch vlan filtering (which is done on the switch chip). No good can come out of it. You need to choose one depending on what better suit your needs: 1) Bridge vlan-filterin...
by xvo
Wed Oct 28, 2020 5:36 pm
Forum: SwOS
Topic: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing
Replies: 15
Views: 7952

Re: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing

@mikrotik ... how to use VLANs correctly on CSS610-8G-2S+ ??
Why bother reading the thread two messages up from your own...
viewtopic.php?f=17&t=167049#p821159
by xvo
Wed Oct 28, 2020 12:10 am
Forum: General
Topic: IPSEC over GRE - SA installed - but gre interface is down [SOLVED]
Replies: 6
Views: 3693

Re: IPSEC over GRE - SA installed - but gre interface is down [SOLVED]

@xvo's remark would make sense if you used 1.1.1.1 and 1.1.1.2 as GRE's local-address and remote-address; in your setup, you do need the tunnel=yes mode.
Indeed...
by xvo
Tue Oct 27, 2020 10:21 pm
Forum: General
Topic: IPSEC over GRE - SA installed - but gre interface is down [SOLVED]
Replies: 6
Views: 3693

Re: IPSEC over GRE - SA installed - but gre interface is down [SOLVED]

As you are wrapping gre in ipsec you need tunnel=no in ipsec policy.
by xvo
Sun Oct 25, 2020 4:14 pm
Forum: Forwarding Protocols
Topic: How to merge VPN and existing network in one subnet?
Replies: 3
Views: 1667

Re: How to merge VPN and existing network in one subnet?

If you use the same subnet for VPN and for your local bridge you need to set arp to proxy-arp on the bridge.
by xvo
Fri Oct 23, 2020 12:14 pm
Forum: General
Topic: Routerboot
Replies: 8
Views: 1052

Re: Routerboot

Yes.
by xvo
Fri Oct 23, 2020 12:02 pm
Forum: General
Topic: Routerboot
Replies: 8
Views: 1052

Re: Routerboot

You need to disable serial console on serial port, that is used for connection to cisco.
Then setting silent-boot=yes should be enough.
If not - try enter-setup-on=delete-key too.
by xvo
Fri Oct 23, 2020 11:44 am
Forum: General
Topic: Routerboot
Replies: 8
Views: 1052

Re: Routerboot

Ok, now I see that your initial post need some clarification: do you use CCR to control cisco or vice-versa?
by xvo
Fri Oct 23, 2020 11:38 am
Forum: General
Topic: Routerboot
Replies: 8
Views: 1052

Re: Routerboot

/system routerboard settings set silent-boot=yes
and also
/system routerboard settings set enter-setup-on=delete-key
by xvo
Wed Oct 21, 2020 10:11 pm
Forum: Beginner Basics
Topic: Route via a Specific Interface Only
Replies: 11
Views: 3530

Re: Route via a Specific Interface Only

It seems, that you are right.
by xvo
Wed Oct 21, 2020 2:55 pm
Forum: RouterOS beta
Topic: Feature Request : Non routable Management VLAN
Replies: 6
Views: 2100

Re: Feature Request : Non routable Management VLAN

You might be right.

Ok. Another suggestion: putting vlan-mgmt into separate vrf will definitely make it unroutable, unless needed.
by xvo
Wed Oct 21, 2020 2:47 pm
Forum: General
Topic: Mikrotik CCR as Console server for cisco ?
Replies: 6
Views: 1197

Re: Mikrotik CCR as Console server for cisco ?

when i set slient-boot do i need rebootthe router?
I’m not sure: this setting is needed to prevent mikrotik from writing into console port on startup.
But I don’t know if it will be applied on first reboot or after it.
by xvo
Wed Oct 21, 2020 1:03 pm
Forum: General
Topic: Mikrotik CCR as Console server for cisco ?
Replies: 6
Views: 1197

Re: Mikrotik CCR as Console server for cisco ?

Never used it between mikrotik and cisco, only between two mikrotiks, so can't say about the needed baud rate.
But don't forget to disable serial console on mikrotik's serial port.
And also set silent-boot=yes in /system routerboard settings.
by xvo
Wed Oct 21, 2020 12:55 pm
Forum: Beginner Basics
Topic: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address
Replies: 20
Views: 8316

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

Where do you run your pi-hole?
Bare device, VM, docker container?
It looks like some misconfiguration in VM/docker networking.

Anyway, it most likely has nothing to do with mikrotik.
by xvo
Wed Oct 21, 2020 10:45 am
Forum: RouterOS beta
Topic: Feature Request : Non routable Management VLAN
Replies: 6
Views: 2100

Re: Feature Request : Non routable Management VLAN

I believe there is even simpler way: /ip route rule add interface=vlan-mgmt action=drop With this approach, you are explicitly ending your set of rules using "drop everything else". That means you have to whitelist (allow/accept) every single separate type of traffic you want to allow. Wit...
by xvo
Wed Oct 21, 2020 7:39 am
Forum: RouterOS beta
Topic: Feature Request : Non routable Management VLAN
Replies: 6
Views: 2100

Re: Feature Request : Non routable Management VLAN

And your question is?!
What exactly prevents you to configure what you describe?
by xvo
Wed Oct 21, 2020 12:02 am
Forum: Beginner Basics
Topic: Mikrotik DNS resolver [SOLVED]
Replies: 2
Views: 839

Re: Mikrotik DNS resolver [SOLVED]

IP -> DNS -> Static

Of course that will work only if mikrotik is used as DNS server for you network.
by xvo
Wed Oct 21, 2020 12:01 am
Forum: Beginner Basics
Topic: Route via a Specific Interface Only
Replies: 11
Views: 3530

Re: Route via a Specific Interface Only

The second is the right one.
That's interesting to know if %interface can actually be used to "bind" ping check to this interface only.
by xvo
Tue Oct 20, 2020 11:44 pm
Forum: Forwarding Protocols
Topic: 1-way OSPF between RB2011 and RB4011
Replies: 3
Views: 1427

Re: 1-way OSPF between RB2011 and RB4011

Is ospf permitted by firewall on both sides?
by xvo
Mon Oct 19, 2020 8:02 pm
Forum: Beginner Basics
Topic: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address
Replies: 20
Views: 8316

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

As already stated - It's not a bug, but a misinterpretation of router's config options.
by xvo
Mon Oct 19, 2020 7:14 pm
Forum: Beginner Basics
Topic: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address
Replies: 20
Views: 8316

Re: Pi-Hole and Mikrotik - DNS - Pi-hole only show my router’s IP address

I guess you entered pi-hole as DNS server in IP -> DNS?
You should additionally specify pi-hole as DNS server in IP -> DHCP -> Networks
by xvo
Sun Oct 18, 2020 7:54 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 1613

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

And it works like a charm. Yes it does! And another great thing about that - the addresses doesn't have to be adjacent, so I have all my PTP links like 172.27.XXX.YYY - 172.27.YYY.XXX (where XXX is some unique identifier for this particular router). That is perfect for 1) ease of reading 2) the abi...
by xvo
Sun Oct 18, 2020 7:17 pm
Forum: Beginner Basics
Topic: Route via a Specific Interface Only
Replies: 11
Views: 3530

Re: Route via a Specific Interface Only

That should work.
by xvo
Sun Oct 18, 2020 6:36 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 1613

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

I'm not sure if Mikrotik supports /31 but I thought I'd mention it.
It doesn't. You need to use pair of /32 addresses with network specified as the "opposite" one.
by xvo
Sun Oct 18, 2020 6:29 pm
Forum: Beginner Basics
Topic: Route via a Specific Interface Only
Replies: 11
Views: 3530

Re: Route via a Specific Interface Only

Hi, This is for Internet fail over. What's the best way in RouterOS to configure a route via a specific interface, so that if that interface is down it won't route via the default route (or any other less specific route)? I think I can do it by adding a route to Null for the same /32 but with worse...
by xvo
Sun Oct 18, 2020 4:20 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 1613

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

Yes, that's exactly my point.
by xvo
Sun Oct 18, 2020 3:41 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 1613

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

Performance-wise you're right. Configuration-wise, VLANs and centralized routing config is much simpler than distributed routing. Plus it would make a good basis for expansion (much easier to add another subnet or increase number of ports within subnet or replacement of RB760iGS with a proper manag...
by xvo
Sun Oct 18, 2020 12:21 pm
Forum: RouterBOARD hardware
Topic: RBM33G Voltage Monitoring
Replies: 8
Views: 5168

Re: RBM33G Voltage Monitoring

that there are no additional GPIO pins
Have you seen this in the latest 6.48beta48?
*) m33g - added support for "/system gpio" menu (CLI only);
viewtopic.php?f=21&t=163308#p822721
by xvo
Fri Oct 16, 2020 11:35 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 153552

Re: v7.1beta2 [development] is released!

including wiping the file storage...where I had stored a couple backup configs
Are you sure they were in /flash folder, not in the root directory that is mounted to RAM?
by xvo
Fri Oct 16, 2020 11:32 pm
Forum: Beginner Basics
Topic: Building LAN from scratch: 4 mikrotiks - 4 networks
Replies: 15
Views: 1613

Re: Building LAN from scratch: 4 mikrotiks - 4 networks

There are different approaches - you could route between subnets on mikrotik2-4 and have static routing rules on mikrotik1 so traffic is directed to the correct mikrotik, or you could use mikrotik2-4 as switches with VLANs and perform all of the routing/firewalling on mikrotik1 RB760iGS won't be go...
by xvo
Fri Oct 16, 2020 9:54 pm
Forum: General
Topic: Which rule is a connection matching
Replies: 3
Views: 854

Re: Which rule is a connection matching

Firewall doesn't allow connections, it allows packets.
And different packets from that connection can be allowed by different rules.
by xvo
Thu Oct 15, 2020 12:44 pm
Forum: SwOS
Topic: Number of SWOS VLANs
Replies: 7
Views: 3649

Re: Number of SWOS VLANs

This is an all wireless network with the AP's UN-tagging VLAN traffic. In this scenario, is there any advantage to tagging all the switch ports? Thanks again.
If all ports need to have the same set of tagged vlans, then there is no point really.
by xvo
Thu Oct 15, 2020 1:32 am
Forum: Beginner Basics
Topic: WOL before RDP
Replies: 2
Views: 1333

Re: WOL before RDP

I've come to conclusion that the easiest way to wol a pc in remote network is running a small bash script that will connect to mikrotik by ssh and run a wol command. A special user can be used for that: only ssh and test permissions are needed. But anyway, ssh port open to outside network is not a g...
by xvo
Tue Oct 13, 2020 6:26 pm
Forum: SwOS
Topic: Number of SWOS VLANs
Replies: 7
Views: 3649

Re: Number of SWOS VLANs

manual.jpg
That is from the very beginning of that page.
https://wiki.mikrotik.com/wiki/SwOS/CRS ... s_features

Unfortunately, it looks like RoS is the only option here.
by xvo
Tue Oct 13, 2020 11:36 am
Forum: SwOS
Topic: Number of SWOS VLANs
Replies: 7
Views: 3649

Re: Number of SWOS VLANs

Yes, there is 250 VLAN limit in SwOS:
https://wiki.mikrotik.com/wiki/SwOS/CRS3xx
by xvo
Sun Oct 11, 2020 2:51 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 6613

Re: IPV6 Firewall [SOLVED]

In winbox you have to choose needed action first (in this case action=reject) and then options for this action will appear.
by xvo
Sat Oct 10, 2020 11:45 am
Forum: The Dude
Topic: Strange graphs plot [SOLVED]
Replies: 2
Views: 4303

Re: Strange graphs plot [SOLVED]

That is the expected behaviour - latest period of time is stored in max resolution, the next one - in lower (10 min), and so on (2 hours, 1 day).
You can change the exact time for each period in settings:
dude charts.jpg
by xvo
Sat Oct 10, 2020 12:24 am
Forum: Forwarding Protocols
Topic: Routing Advices
Replies: 7
Views: 1808

Re: Routing Advices

First you have to decide: do you really need to "bridge" or to "route" will be enough? In first case you will have one subnet, only one of the routers will act as a DHCP server for both networks and so on. While in the second case you will have two completely independent networks...
by xvo
Sat Oct 10, 2020 12:07 am
Forum: General
Topic: ECMP balancing sometimes breaks TCP connection
Replies: 9
Views: 1867

Re: ECMP balancing sometimes breaks TCP connection

A load balancer would slightly complicate things, nothing terrible, but a couple rules like sindy suggested would be a much simpler solution in this case. These rules are what load balancer is mostly. And now meaning the "destination". The only thing that is lacking - taking the up/down s...
by xvo
Fri Oct 09, 2020 11:45 pm
Forum: Beginner Basics
Topic: NAT + Tag/Untag multiple identical devices
Replies: 17
Views: 2045

Re: NAT + Tag/Untag multiple identical devices

Now ping and ssh connection are working from management RPi to DEVs! Thanks xvo! Niiice! However that makes me wonder if the guy who wrote the article ever tried it himself in the exact way he wrote. I once built a test setup somehow using this article as a guidance, but the setup itself had some m...
by xvo
Fri Oct 09, 2020 10:45 am
Forum: Beginner Basics
Topic: Unable to Access [SOLVED]
Replies: 5
Views: 906

Re: Unable to Access [SOLVED]

Then check IP -> Services, System -> Users and IP -> Firewall -> Filter (input chain) sections to see if access is not restricted to some ip's (whether for this user only, or to device in general).
by xvo
Thu Oct 08, 2020 10:20 pm
Forum: Beginner Basics
Topic: Unable to Access [SOLVED]
Replies: 5
Views: 906

Re: Unable to Access [SOLVED]

Are both of PCs have the same winbox version?
by xvo
Thu Oct 08, 2020 10:18 pm
Forum: Beginner Basics
Topic: Help validating PoE will work in my setup?
Replies: 5
Views: 780

Re: Help validating PoE will work in my setup?

I also found MikroTik RBGPOE power injectors, with these I think I should be able to use the power supply that comes with the ac²s to supply PoE. This way, all of my APs should be able to pull up to 0.8A*24V=19.2W in ideal conditions. Besides the extra wiring and cabling in the basement, that shoul...
by xvo
Thu Oct 08, 2020 10:10 pm
Forum: General
Topic: ECMP balancing sometimes breaks TCP connection
Replies: 9
Views: 1867

Re: ECMP balancing sometimes breaks TCP connection

You are misusing ECMP - it is meant to load balance routes, not the "destinations".
by xvo
Thu Oct 08, 2020 10:08 pm
Forum: Beginner Basics
Topic: NAT + Tag/Untag multiple identical devices
Replies: 17
Views: 2045

Re: NAT + Tag/Untag multiple identical devices

I have one idea. For returning packets you do this: /ip firewall mangle add action=mark-routing chain=prerouting dst-address=192.168.2.2 new-routing-mark=main Is this rule being hit at all? The idea is, dst-nat is performed after the prerouting chain, so probably the action reversing the src-nat too...
by xvo
Thu Oct 08, 2020 4:48 pm
Forum: General
Topic: Firewall for ROS device used as internal switch? [SOLVED]
Replies: 2
Views: 859

Re: Firewall for ROS device used as internal switch? [SOLVED]

No, if the device is configured as a switch it doesn't forward any IP packets.
You can even disable IP forwarding in IP -> Settings.
by xvo
Thu Oct 08, 2020 10:01 am
Forum: Beginner Basics
Topic: Help validating PoE will work in my setup?
Replies: 5
Views: 780

Re: Help validating PoE will work in my setup?

I agree that it would be nice to have a bit of a buffer, but I can't seem to find that 28V 3.4A supply while browsing MikroTik products. I think it may be a one-off accessory for that specific switch. Do you happen to know if it is sold anywhere? I'm not finding similar products offered elsewhere e...
by xvo
Thu Oct 08, 2020 12:12 am
Forum: Beginner Basics
Topic: Help validating PoE will work in my setup?
Replies: 5
Views: 780

Re: Help validating PoE will work in my setup?

No attachments in case of hAP ac2 means no usb devices. The device itself consumes 16W which is 0.666A at 24V (not 0,5A). So 3 of them will give exactly 48W which is 2A at 24V. So theoretically this is as much as hEX PoE can provide. But that doesn't account for losses on the cables on one hand, and...
by xvo
Thu Oct 08, 2020 12:00 am
Forum: Beginner Basics
Topic: Help setting up new router - RB4011
Replies: 2
Views: 537

Re: Help setting up new router - RB4011

If you changed the IP for your LAN bridge you should change dhcp pool and dhcp-server network as well.
by xvo
Wed Oct 07, 2020 11:58 pm
Forum: Beginner Basics
Topic: Hex and VLAN trunk port Ether5
Replies: 1
Views: 533

Re: Hex and VLAN trunk port Ether5

Why your vlan-interfaces are created on top of the bridge if you want ether5 to be a trunk port?
Move them to ether5. Also add all of them to interface-list=LAN.

And also move the address from ether2 to the bridge.
Despite the fact that it is in the default config it is wrong.
by xvo
Wed Oct 07, 2020 5:15 pm
Forum: Beginner Basics
Topic: Hitting a brick wall with VLANs on RB4011 [SOLVED]
Replies: 4
Views: 1450

Re: Hitting a brick wall with VLANs on RB4011 [SOLVED]

So, I did try that - I set a port on the bridge to untagged VLAN4 and then enabled vlan-filtering on the bridge. Plugging in a client to that port and I do not get an IP from the DHCP server on that VLAN. I may be missing something else here. Would I need to also add the VLAN interfaces to the brid...
by xvo
Wed Oct 07, 2020 5:08 pm
Forum: General
Topic: Help with POE at Powerbox Pro
Replies: 1
Views: 548

Re: Help with POE at Powerbox Pro

Mikrotik uses Mode B (4,5 - 7,8) to supply power.
Most likely cameras support only Mode A (1,2 - 3,6) which is against the standard.
by xvo
Wed Oct 07, 2020 4:57 pm
Forum: Beginner Basics
Topic: Hitting a brick wall with VLANs on RB4011 [SOLVED]
Replies: 4
Views: 1450

Re: Hitting a brick wall with VLANs on RB4011 [SOLVED]

RB4011 doesn't support vlans on hardware.
So you should configure bridge vlan filtering (and lose hw-offloading).
by xvo
Wed Oct 07, 2020 11:48 am
Forum: General
Topic: Disable Firewall and NAT (Allow Traffic in both Directions
Replies: 3
Views: 1974

Re: Disable Firewall and NAT (Allow Traffic in both Directions

Thanks for your reply, there are some default rule under the filter rules tab NAT tab or Mangle Which I am not able to delete.
If you are talking about "special dummy rules", the will be deleted on first reboot once you delete the fasttrack rule in filter forard chain.
by xvo
Tue Oct 06, 2020 10:49 pm
Forum: Beginner Basics
Topic: RB4011 VLAN + unifi [SOLVED]
Replies: 14
Views: 3302

Re: RB4011 VLAN + unifi [SOLVED]

How an untagged flow of traffic into a switch can then be turned into tagged traffic coming out other ports of the switch It will be tagged by a switch, I guess :))) Isn't that what is switch for after all: tagging, untagging and tagging again, just to fulfil the darkest of admin's designs?! You co...
by xvo
Tue Oct 06, 2020 7:42 pm
Forum: SwOS
Topic: Mikrotik SwOS for CRS112-8P-4S-IN
Replies: 12
Views: 10366

Re: Mikrotik SwOS for CRS112-8P-4S-IN

Thanks for keep supporting. I know RoS has more configuration features than SwOS, but some features i didn't get in RoS what i see with SwOS such as port isolation, port forwarding, port locking, port mirroring, bandwidth limit etc. Thanks. All is there, in switch menu, with far more possibilities ...
by xvo
Tue Oct 06, 2020 7:13 pm
Forum: SwOS
Topic: Mikrotik SwOS for CRS112-8P-4S-IN
Replies: 12
Views: 10366

Re: Mikrotik SwOS for CRS112-8P-4S-IN

Okay! i disappointed to know this as i thought all Mikrotik smart switches come with SwOS opeating system. Totally waste my money on this. Thanks. There are 3 families of Mikrotik switches: - CSS: that run SwOS - CRS1XX/2XX: that run RoS - CRS3XX: that allow dual-boot (you can choose what os to run...
by xvo
Tue Oct 06, 2020 6:55 pm
Forum: SwOS
Topic: Mikrotik SwOS for CRS112-8P-4S-IN
Replies: 12
Views: 10366

Re: Mikrotik SwOS for CRS112-8P-4S-IN

No, you can't.
by xvo
Tue Oct 06, 2020 6:39 pm
Forum: SwOS
Topic: Mikrotik SwOS for CRS112-8P-4S-IN
Replies: 12
Views: 10366

Re: Mikrotik SwOS for CRS112-8P-4S-IN

CRS1XX/2XX are RoS devices, not SwOS.