MikroTik

whatever

[Ticket#2019030922002071] CAP not correctly forwarding tagged vlan traffic towards wired network Glad it is not just me, I have the same issue effecting 1000's of units, if you disable the CAP and enable everything works again for a period of time and stops again. I have raised tickets with support...

whatever

New driver will be bundled with ROS 7

whatever

Is this "very important" way of tracking people legal in your country? As far as I know iOS devices as well as the latest Android versions already randomize their mac address when probing for wifi networks as countermeasure to this kind of privacy violation.

whatever

This might be related to viewtopic.php?f=7&t=148263 !?
At least it sounds similar.

whatever

I have the same issue, forcing channel reselect is enough to revive the 5GHz interface. I'm using a low channel reselect interval as workaround.

Edit: I'm running only hap ac2 units with local forwarding and one of them acting as capsman, no other hardware involved.

whatever

I think that's only possible without capsman.

whatever

You can only achieve that by setting password and vlan id per client MAC address. As you probably won't know all your guest's devices, you would have to set up an access rule for each of your private devices. I wouldn't recommend it, a second SSID is most likely the better solution.

whatever

So MIMO is broken in some way that prevent any speed gain from additional chains? Interesting observation, let's hope that this is reproducible and fixable by mikrotik.

whatever

Is it safe to downgrade from 6.44?
Edit: Did it, appears to work fine.

whatever

Once you start to change settings outside of quickset you should stop using quickset.

whatever

Are you 100% sure that your converter outputs standard Ethernet frames?

whatever

Personally, I get > 100Mbps using wAP AC + RB3011 running CAPsMAN, local forwarding.

But you shouldn't you expect > 500Mbps with three chains on 5GHz ac? I consider 100Mbps with that hardware pretty slow, that speed is already achievable with 2.4GHz dual chain n.

whatever

You really shouldn't try to use only local addresses and NAT with IPv6. If you want local addresses use them additionally to your public prefix. For public routable addresses enable IPv6 prefix delegation on your Fritz Box, add DHCPv6 client on your Fritz Box facing mikrotik interface to request pre...

whatever

Try local forwarding

whatever

How do you decide how fast your wireless speed is supposed to be? My hap ac2 802.11ac 2x2 speed with capsman and local forwarding is indeed about half of what you would expect from the standard under perfect conditions, until now I've been blaming it on cheap hardware and poor drivers. But consideri...

whatever

Are there still people dumb enough to expose winbox to anything but an isolated management vlan? Don't do it, the winbox protocol obviously is not designed to be secure.

whatever

Did you try to change your MAC address to something that doesn't look like mikrotik? Like use your phone mac and increment the last byte?

whatever

Local forwarding means the traffic is forwarded to a bridge on the cap itself, not on capsman. You can select the bridge in the cap settings on your cap.

whatever

In optimal conditions I get up to ~230 Mbit/s WiFi downstream with hap ac2 as AP on a 400 Mbit/s Internet Connection. 5 GHz, 80 Mhz channel (Ceee), dual chain, ac-only, 1-2m distance without any obstacles. It should be possible to achieve more than 400Mbit/s in this conditions (I maxed out 400 with ...

whatever

@Darman: if your device got infected you should reset it to factory defaults to ensure all the nasty stuff is removed.

whatever

You can raise the "antenna gain" setting on the 2.4GHz interface by some db, this will lower its tx power and cause most clients to prefer the now stronger 5GHz network.
However, this will also reduce your 2.4GHz signal range, so this "solution" isn't always feasible.

whatever

Afaik there is no way to change it. Other models like hap ac2 are similarly affected.

whatever

So do not make this big change in "long-term". This is not a bugfix, but a change in function....... I guess releasing a "new" version which doesn't respect country regulations might cause legal trouble. But a simple notice in the changelog wouldn't hurt either: "Make sure you are compliant with yo...

whatever

https://cxsecurity.com/issue/WLB-2018120151

Wow. Does every process in routeros run with unrestricted root privileges?

whatever

Thank you for that info, it's rather interesting that wifi is still usable with 36 sec update interval.
I really hope that the fix gets backported to long-term soon.

whatever

*) capsman - fixed "group-key-update" parameter not using correct units;

Can we get some details on this?
How was the parameter interpreted before this fix? Is the long-term release affected by the same bug? If yes: when can we expect a backport of this bugfix to long-term?

whatever

As already mentioned: You can only benefit from features which are supported by AP and client. If your client only supports 80 MHz with dual chain you will not benefit from all four chains which are available on the 4011.

whatever

It's highly unlikely that your dst-address=127.0.0.1 rule will match traffic to 192.168.0.1:5246. Try to use a dst-address-type=local src-address-type=local rule like documented at https://wiki.mikrotik.com/wiki/Manual:S ... in_CAPsMAN

whatever

RTSP or WDS is completely unrelated to your problem. I had some ARP issues that disappeared as soon as I set multicast-helper on the wireless interfaces to "full", you might try if that helps your usecase. In order to support your client devices in roaming you should rather lower the tx-power of you...

whatever

Didn't even know they were doing this, that's definitely something I'd like to turn off. +1

whatever

You dont!?
Nowadays the majority of websites uses https which is designed to be non-interceptable.

whatever

You don't. You can only toggle the QOS part, why do you want to disable it completely?

whatever

Shouldn't they have a WSUS server for centralized update management?

whatever

Changing identity to serial number via script should be possible.

whatever

That is not possible with the standard linux transmit hash policies for 802.3ad.
Thoughts: Why the hell would you want that???

whatever

Well, regex "79" does indeed match "179", etc., so the result you are experiencing is expected.
Try using "^" and "$" in your regexes to match beginning and end of your identity strings.

whatever

That's interesting, I guess the change happened with the switch to factory software 6.42+. I own several devices with factory software 6.40 and 6.41 and all of them have 233MB.

whatever

Has anyone ever received a unit with less than 230MB RAM?

whatever

While it's currently unavailable at all the large distributors, the smaller ones apparently have some stock left.

whatever

For local forwarding to work you got to setup your L2 network accordingly and configure the bridge to drop the traffic on the CAP.
Without local forwarding all your traffic will be tunneled (possibly encrypted) to the CapsMan, that's not a good idea on a device with low CPU power.

whatever

Try local forwarding

whatever

You have to set a different transmit hash policy on the Huawei router.

whatever

RSTP is enabled per default on the bridge. If you don't need it you may disable it in bridge settings.

whatever

RSTP
See https://wiki.mikrotik.com/wiki/Manual:S ... e_Protocol

whatever

My understanding is that per VLAN you need an associated bridge. You cannot have a single Bridge with multiple VLANs.

Your understanding is wrong, please read the manual.

whatever

If I remember correctly, the patch which dropped tile from the Linux Kernel explicitly stated, that nobody was using tile in current Kernels back then and that the vendors who are still shipping tile hardware had no interest in having it maintained for future Kernels. Therefore the chances that tile...

whatever

I think the device will always use the power input with the highest voltage. Having similar voltage on different inputs may cause flapping between them.

whatever

I think what you are asking for would negate any security benefits gained by using cap certificates in the first place.

whatever

Must have missed that, thank you for pointing it out.

whatever

How is it possible that I'm still able to login with my password after downgrading from 6.43.2 to 6.42.9? I thought 6.43 changed the authentication API in order to be able to save passwords as hashes and not as plaintext. However, the fact that I'm still able to login after downgrade to 6.42 clearly...

Search found 91 matches