MikroTik

whatever

So do not make this big change in "long-term". This is not a bugfix, but a change in function....... I guess releasing a "new" version which doesn't respect country regulations might cause legal trouble. But a simple notice in the changelog wouldn't hurt either: "Make sure you are compliant with yo...

whatever

https://cxsecurity.com/issue/WLB-2018120151

Wow. Does every process in routeros run with unrestricted root privileges?

whatever

Thank you for that info, it's rather interesting that wifi is still usable with 36 sec update interval.
I really hope that the fix gets backported to long-term soon.

whatever

*) capsman - fixed "group-key-update" parameter not using correct units;

Can we get some details on this?
How was the parameter interpreted before this fix? Is the long-term release affected by the same bug? If yes: when can we expect a backport of this bugfix to long-term?

whatever

As already mentioned: You can only benefit from features which are supported by AP and client. If your client only supports 80 MHz with dual chain you will not benefit from all four chains which are available on the 4011.

whatever

It's highly unlikely that your dst-address=127.0.0.1 rule will match traffic to 192.168.0.1:5246. Try to use a dst-address-type=local src-address-type=local rule like documented at https://wiki.mikrotik.com/wiki/Manual:S ... in_CAPsMAN

whatever

RTSP or WDS is completely unrelated to your problem. I had some ARP issues that disappeared as soon as I set multicast-helper on the wireless interfaces to "full", you might try if that helps your usecase. In order to support your client devices in roaming you should rather lower the tx-power of you...

whatever

Didn't even know they were doing this, that's definitely something I'd like to turn off. +1

whatever

You dont!?
Nowadays the majority of websites uses https which is designed to be non-interceptable.

whatever

You don't. You can only toggle the QOS part, why do you want to disable it completely?

whatever

Shouldn't they have a WSUS server for centralized update management?

whatever

Changing identity to serial number via script should be possible.

whatever

That is not possible with the standard linux transmit hash policies for 802.3ad.
Thoughts: Why the hell would you want that???

whatever

Well, regex "79" does indeed match "179", etc., so the result you are experiencing is expected.
Try using "^" and "$" in your regexes to match beginning and end of your identity strings.

whatever

That's interesting, I guess the change happened with the switch to factory software 6.42+. I own several devices with factory software 6.40 and 6.41 and all of them have 233MB.

whatever

Has anyone ever received a unit with less than 230MB RAM?

whatever

While it's currently unavailable at all the large distributors, the smaller ones apparently have some stock left.

whatever

For local forwarding to work you got to setup your L2 network accordingly and configure the bridge to drop the traffic on the CAP.
Without local forwarding all your traffic will be tunneled (possibly encrypted) to the CapsMan, that's not a good idea on a device with low CPU power.

whatever

Try local forwarding

whatever

You have to set a different transmit hash policy on the Huawei router.

whatever

RSTP is enabled per default on the bridge. If you don't need it you may disable it in bridge settings.

whatever

RSTP
See https://wiki.mikrotik.com/wiki/Manual:S ... e_Protocol

whatever

My understanding is that per VLAN you need an associated bridge. You cannot have a single Bridge with multiple VLANs.

Your understanding is wrong, please read the manual.

whatever

If I remember correctly, the patch which dropped tile from the Linux Kernel explicitly stated, that nobody was using tile in current Kernels back then and that the vendors who are still shipping tile hardware had no interest in having it maintained for future Kernels. Therefore the chances that tile...

whatever

I think the device will always use the power input with the highest voltage. Having similar voltage on different inputs may cause flapping between them.

whatever

I think what you are asking for would negate any security benefits gained by using cap certificates in the first place.

whatever

Must have missed that, thank you for pointing it out.

whatever

How is it possible that I'm still able to login with my password after downgrading from 6.43.2 to 6.42.9? I thought 6.43 changed the authentication API in order to be able to save passwords as hashes and not as plaintext. However, the fact that I'm still able to login after downgrade to 6.42 clearly...

whatever

Try local forwarding (datapath) for even faster speed.

whatever

Agree its going to catch a few people out, but if you look at the link in my post 152 ( https://forum.mikrotik.com/viewtopic.php?p=688286#p687944 ) they are only €35 new, Are you using any of their products? They are offering 10GbE Multimode optics for 15€ while the competition is selling them for ...

whatever

Imho the lack of switch chip features could be neglected if you had the possibility to connect a "real" switch to the 10G port via a cheap cable. However, the lack of passive DAC support forces you to spend 100+€ for this connection instead of ~25€. Combining both these weaknesses into an otherwise ...

whatever

Footnote 4 says you can only use a SFP+ DAC at 10Gb

Doesn't it rather say that you cannot use passive SFP+ DAC at all? RB4011 seems to be the only Mikrotik SFP+ device which is incompatible with Mikrotik's own direct attach cables.

whatever

The only technical reason I can think of is, that the username is now part of the salt for the new password hashes. Otherwise it might just be a case of "not yet implemented".

whatever

Hi, do you know what wireless specs will this device have? How many chains on which bands?

2.4Ghz b/g/n, dual chain. See https://fccid.io/TV7PL64112ND

whatever

There's as slight bug in switch chip in IPQ4xxx which bit me and MT doesn't have a solution (yet).

What is the bug? Could you share some information?

whatever

One can argue about "router on a stick" SFP+ setup to lift possible limit to 15Gbps total, but i think those will not be numbers anyone is looking for.

Why not? That 15Gbps is exactly the number I'd expected to see as achievable benchmark limit for this block diagram.

whatever

https://forum.mikrotik.com/download/file.php?id=33451 Anybody else wondering why RB4011 CPU-throughput appears to be capped to 10Gbit/s? Assuming both Realtek GbE switchgroups are connected at 2.5Gbit/s each to the CPU (like RB1100AHx4), this leaves only 5Gbit/s possible thoughput for the 10GbE SFP...

whatever

1. Use physical security on your ports.
2. You cannot prevent anyone from using "your" SSID, but using WPA2+Radius authentification should prevent MITM.

whatever

Oh boy, it does look ugly with those rack-mount ears attached.

It's a pretty clever way of combining rack-mount capability and desktop case into the same product. Not exactly pretty, but very funktional; I like it.

whatever

No sensor.

whatever

It's the same as with every other 16 MB routeros device: The update is stored in RAM until installed. Just try it.

whatever

What happens if you try to upgrade?

whatever

You shouldn't use local passwords at all for this kind of deployment. Look into asymmetric crypto (ssh public keys) and/or centralized authentication (radius, etc).

whatever

Use system->resources->CPU and tools->profile to monitor CPU usage while running the speed test. Is any of the cores maxed out? If yes: find out what process causes the high cpu usage, try fasttrack, etc. If not: Check cables and interface speed. Are all the involved interfaces running at gigabit sp...

whatever

This has already been discussed here two weeks ago. The corresponding topics have been deleted/hidden, so it's probably not meant to be public yet.

whatever

Please stop calling ethernet over fibre "fibre channel", these are two different things.

whatever

It's rather a fcked up design than a bug, this is even documented in the wiki. Documentation suggests allowing "all" and forbidding every unwanted interface. This could easily be fixed by introducing an "allow local" setting. Link: https://wiki.mikrotik.com/wiki/Manual:Simple_CAPsMAN_setup#CAP_in_CA...

whatever

viewtopic.php?f=21&t=137572

whatever

But if I'm forced to connect a "real" switch anyway I can get all the ports i need from the switch. Want to connect three ISPs? Configure three ports on your switch on separate vlans and pass them through a "WAN" trunk to your router. Want multiple local networks? Separate them on your switch and pa...

whatever

Thank you for the confirmation. While I get that a router is expected to provide only limited switching features and has the necessary CPU power to perform certain things in software, I'm still confused by this decision. Why would I need 10+ ports on a router if it can't do proper vlan switching in ...

Search found 69 matches