Another workaround I have tested is to set the Netwatch monitor to some IP for example 8.8.8.8 and if ping failed set the script to disable/enable the lte1 interface. UPDATE: Just now I update to 7.13.5 and after the update when I check the firmware of the modem it now shows installed version 16121....
I have the same problem with 7.13.4 and the latest firmware but I think have found the solution - 2 days of uptime without the problem. First I create a new APN profile with the settings from the provider and in this profile uncheck Use network APN . Then select to only use IPv4 (default is Auto) an...
One way to solve this problem is to use Static-only for the DHCP server. In this case, if users change their MAC address they will not be able to obtain an IP address. This will force them to disable the option in iOS settings. Also this will not work for all users, because some of them will set the...
I reorder my rules, so now established and related connections rule is on top for the input chain. I always make this only for the forward chain, because heavy traffic is there, but it is O.K. for input too. For some reason, my rule with drop and !winbox IPs list still doesn't work. My mistake is th...
I never use the default config. Everything is done from scratch after the full reset of the device. Now in input chain firewall I have: add action=drop chain=input comment="Drop invalid connections in input chain" connection-state=invalid add action=accept chain=input comment="Allow I...
One more question. I want to secure WinBox access to the router. WinBox access should be available only from one of the LANs and from one remote location public IP. I decided to create two rules. The first rule allows access to WinBox port from the address list named "winbox" and the secon...
I add these two route rules and for now, I will leave in route rules also this with source IPs of WANs. What I think, if you force some LAN network to use as primary WAN one of your Internet connections ("lookup only in table") with help of /ip route rule, you need to add rules for other n...
Sob, I don't understand the last one. Because I don't have "table=CSW_interface" and "table=GoceNet_interface", did you mean that I should have a routing rule, which said: for every packet with routing mark "x" use table "x" and for every packet with routing m...
Yes, there is no perfect solution for all cases, I fully agree. I want to create a more universal one. I understand you for interfaces, so instead of "in-interface" I create an interface list and use "in-interface-list" in mark-routing rules. For now, I add two LAN networks inter...
I want my configuration to be not only working but also working right and aesthetic. So if I understand: 1. I mark incoming connections for two WANs. There is no need for passthrough because after marking them, mangle is left and this mark stays on packets while they exist? 2. For every packet which...
I understand now. So I will leave rules with source IP addresses of WANs - the router will use them for example to respond pings to WANs IPs, or they are useless? But I will need also to add: add action=mark-connection chain=prerouting comment="Mark incoming CSW connections" connection-mar...
For such a simple thing, can it be done with IP->Route->Rules. There is not a lot of documentation about Route rules, but I use them. I think when the packet arrives at the WAN interface, the destination IP address of this packet is the WAN public IP address. In my case, both IP addresses of two WAN...
Sob if I understand I should do in prerouting chain: 1. Mark connection with some mark based on incoming interface. Passtrought. 2. Mark packet with some mark for all connection marks from 1 Passtrough 3. Mark routing for all packets with mark from 2. NO Passtrough 4. Add route in main routing table...
I don't understand, why for outgoing packets? As I understand for all packets coming IN interface, first mark connection (Passtrought) and second mark routing. This at the prerouting chain. After that router should know that replays to these packets should go OUT from 0.0.0.0/0 rule with correspondi...
Strange for me, but it works in one and another case. ISP-1 is primary for the server or not. Just to be sure everything will work always can I do: (1) in mangle for in-interface (ISP-1 interface) mark directly with some routing mark, not with connection mark first then packet mark, and finally with...
In my case, LAN-1 use primary ISP-1, but with second default rule in its routing table for ISP-2. The second rule is with a higher distance so it is only used when first is disabled with netwatch.
Hello, Recently I start using two ISPs at home. What I do is to create two default routes, but with different distances, so when one ISP is down, another one is active. Because I have two LAN networks, I create two routing tables, so the first LAN uses mainly ISP-1 and the second LAN uses mainly ISP...
Hello, I'm planning to change the FreeBSD server working as a gateway, firewall, and VPN for a small company with RB4011 or RB1100. Reading this topic for months I'm wondering is this a good choice, because in these days it is very important for network infrastructure to be rock solid. So my questio...
If you want to use CRS only as a managed switch with only one management VLAN: 1. Create single bridge 2. Add all ports in that bridge 3. For every port in the bridge configuration set PVID and type of filtering: - admit all - for hybrid ports - admit only VLAN tagged - for trunks - admin untagged -...
My experience with CRS326-24G-2S running RouterOS - I buy first unit 6 months ago and start using it actively from the first date. The temperature reported in System Health was always above 70 degrees. Most of the time between 73 and 76 degrees. I use the switch ONLY for L2 so the CPU don't handle a...
I understand. One last question - in the schemes attenuators should be on receiver. In my case sender and receiver is the same (only one fiber between SFP modules). So I should put attenuators only on one of SFP modules or on both? Also should I keep them "in production" - the real fiber l...
Maybe someone from MikroTik support should give us answer, this is important question. At the moment opinions are 50:50 and there is not full technical data on product page.
Hello. I'm plan to connect CRS326 and HEX-S with S-3553LC20D kit. Before put them "in production" I want to run them in lab with short LC patch cable, 1 meter or 2 meters to make all the configuration and tests. In this case is there any risks for SFP modules, can they be burned because th...
I use DHCP option 43 but for Ubiquiti UAPs. Your mistake is - IP address in option 43 should be in hex, for example 192.168.0.15 in hex is c0a8000f. Also for UAP you need to add 0104 in front of hex IP address, in my example the value for option 43 should be 0104c0a8000f
Hi, please open or write in a thread/section where your question is addressed. This thread is about a severe port flapping issue on CRS328 and CRS317 as the title reflects. Thanks, nh EDIT: corrected a typo of product names. I'm sorry if this is mistake. I posted here because CRS328 is the same as ...
According to all posters here, the problem presents itself only in connection with CRS317 and 10G SFP+. So it will not happen to your setup. I think the same GuJack20. Do you have CRS326 in production? If you have, what is your opinion for the switch? Somebody else do you have CRS326 in production ...
Hello. I need to buy two 24 port switches and I have to choose between CRS326 and second hand Cisco 2960G, the price is the same. If I take CRS326 it will be used with RouterOS for access switch. From what I read in forum, SwOS is not ready for "in production" setups and this is the reason...
@anav First I think that the rule order should be opposite. NEW packets is the easiest way (for me) to tell the router which host can communicate with other and with Internet. For example you can tell that VLAN23 hosts can create NEW connections only when destination is VLAN56 and this hosts will ha...
If you want to use Mikrotik Routerboard only as access point you should: 1. Reset the board with option No default configuration 2. Login with WinBox with MAC address 3. Create new bridge interface 4. Put in created bridge all of the Ethernet and wireless interfaces 5. Set IP address on bridge for m...
This is near maximum for n Standart, please make picture from registration tab too
I don't have screen shot from registration tab, but in time of the test laptop was rated as I said 300Mbps/300Mbps Tx/Rx and distance to the router was 1 meter.
Just make some test with large file transfer. Laptop is Lenovo X220 with Intel Centrino Advanced N-6205 300Mbps adapter and another PC is connected with Ethernet cable. Channel width is 40MHz and adapter is rated 300Mpbs/300Mbps, no other station on 5GHz near me. The speed vary between 185Mbps and 2...
If you want to use hAP ac2 only as access point you should: 1. Reset the board with option No default configuration 2. Login with WinBox with MAC address 3. Create new bridge interface 4. Put in created bridge all of the Ethernet and wireless interfaces 5. Set IP address on bridge for management pur...