Community discussions

MikroTik App

Search found 155 matches

by ashpri
Thu Dec 07, 2023 1:38 am
Forum: General
Topic: hap ac3 - containers stop working after reboot
Replies: 3
Views: 1977

Re: hap ac3 - containers stop working after reboot

I now 2 times experimented with containers and got them working just to see them stop working at the next hard reboot (i.e. power outage) of the router. First time was with PiHole and this second time I tried with Adguard home instead. When it happens, the container will start (status is "runn...
by ashpri
Thu Nov 02, 2023 2:14 am
Forum: Useful user articles
Topic: MultiWAN with RouterOS
Replies: 51
Views: 13954

Re: MultiWAN with RouterOS

asphri start your own thread if you want specific help on your config. I will cease and desist here as the thread is for the article........... Well I was responding to your: "In other words if one is forcing traffic to a WAN that is not available, how do you deal with that!" and hopefull...
by ashpri
Wed Nov 01, 2023 6:14 am
Forum: Useful user articles
Topic: MultiWAN with RouterOS
Replies: 51
Views: 13954

Re: MultiWAN with RouterOS

In any case the real fun begins in routing. How will you ensure that traffic from 2/0 or 2/1 and if three WANS 3/0, or 3/1 or 3/2 will be covered by the other WAN. I am following pcunite's recursive routing and so far when I disable WAN 1 and WAN 2 the failover seems to be reasonably seamless (exce...
by ashpri
Tue Oct 31, 2023 6:08 am
Forum: Useful user articles
Topic: MultiWAN with RouterOS
Replies: 51
Views: 13954

Re: MultiWAN with RouterOS

Bravo to pcunite for this post. I tried to follow the mikrotik wiki for dual wan in ros7 and they talk about virtual hops with no explanation. I have managed to intregrate PCC Load Balance in my ros7.10.2 setup using pcunite's as base. This is just the mangle. The routing section is the same. /ip fi...
by ashpri
Sun Oct 29, 2023 6:13 pm
Forum: General
Topic: VLAN 5 out WAN1, VLAN10 out WAN2, VLAN15 Loadbal (ok on ROS6, not 7) [SOLVED]
Replies: 3
Views: 710

Re: VLAN 5 out WAN1, VLAN10 out WAN2, VLAN15 Loadbal (ok on ROS6, not 7) [SOLVED]

Problem solved. This page by pcunite "MultiWAN with RouterOS" https://forum.mikrotik.com/viewtopic.php?t=192736 solved my problems and is explained well. Load balancing is not there yet but this shouldn't be too difficult to track down. Unfortunately the mikrotik page was not clear at all ...
by ashpri
Sun Oct 29, 2023 11:52 am
Forum: General
Topic: VLAN 5 out WAN1, VLAN10 out WAN2, VLAN15 Loadbal (ok on ROS6, not 7) [SOLVED]
Replies: 3
Views: 710

Re: VLAN 5 out WAN1, VLAN10 out WAN2, VLAN15 Loadbal (ok on ROS6, not 7) [SOLVED]

I am reading this: Failover (WAN Backup) https://help.mikrotik.com/docs/pages/viewpage.action?pageId=26476608 ------------ There is something I don't understand. In the section "Adding Multiple Hosts" it says: KArlrfRH6Z.jpg What is this for exactly and what do I use in place of 10.10.10.1...
by ashpri
Sun Oct 29, 2023 6:32 am
Forum: General
Topic: VLAN 5 out WAN1, VLAN10 out WAN2, VLAN15 Loadbal (ok on ROS6, not 7) [SOLVED]
Replies: 3
Views: 710

VLAN 5 out WAN1, VLAN10 out WAN2, VLAN15 Loadbal (ok on ROS6, not 7) [SOLVED]

In regards to the above topic, I use to be able to do this on ROS6 but it doesn't seem to work in ROS7.10.2 I've done the following: 1. WAN1 distance = 10, WAN2 distance = 12 2. Added out-WAN1 and out-WAN2 in Routing > Tables 3. When I copy my dynamically assigned route for WAN2 and change the routi...
by ashpri
Fri Oct 20, 2023 1:46 pm
Forum: General
Topic: Router HAPAC2 behaving oddly (can't ping any client)
Replies: 2
Views: 632

Re: Router HAPAC2 behaving oddly (can't ping any client)

I've tried to group the export in its correct categories. I have some potentially odd rules in mangle and recursive routing but even if this is not correct, as far as I know it shouldn't impact pings from the router to client devices. Thanks ------ /interface ethernet set [ find default-name=ether1 ...
by ashpri
Fri Oct 20, 2023 12:42 pm
Forum: General
Topic: Router HAPAC2 behaving oddly (can't ping any client)
Replies: 2
Views: 632

Router HAPAC2 behaving oddly (can't ping any client)

Lately my organization's router is behaving oddly. I can't be sure if its the v6 to 7 upgrade or something else. I haven't tried backing up and completely restoring the settings since its in a remote location. I have a couple of VLANS. The problem is the router cannot ping ANY of the clients in the ...
by ashpri
Thu Aug 17, 2023 4:13 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 165221

Re: v7.11 [stable] is released!

Problem with my HAPAC2 after 7.11 (ROS and RouterBOARD) from 7.9.2. HAPAC2 locks up every 15-30 mins consistently. Downgraded to 7.10.2.
by ashpri
Thu Mar 16, 2023 11:12 am
Forum: General
Topic: HAPAX3 Low wifi signal strength & other issues [SOLVED]
Replies: 5
Views: 1259

Re: HAPAX3 Low wifi signal strength & other issues [SOLVED]

Another limitation of the wifiwave2 package is as a CAP, you cannot choose which which radio is to be managed by the CAPSMAN. I assume this will be fixed in a future ROS.
by ashpri
Thu Mar 16, 2023 10:06 am
Forum: General
Topic: HAPAX3 Low wifi signal strength & other issues [SOLVED]
Replies: 5
Views: 1259

HAPAX3 Low wifi signal strength & other issues [SOLVED]

I have a new hapax3. I am expecting good things but so far it has been a disappointment. I expect future ROS upgrades will make this better but currently my issues are: 1. If I uninstall wifiwave2 package, wireless adaptor no longer shows up in wireless. I can't remember the factory default behavior...
by ashpri
Fri Sep 23, 2022 9:33 am
Forum: Scripting
Topic: Script for recursive failover based on packet loss
Replies: 7
Views: 2456

Re: Script for recursive failover based on packet loss

FYI this is the relevant screen in fortigate to achieve the above.
by ashpri
Fri Sep 23, 2022 4:39 am
Forum: Scripting
Topic: Script for recursive failover based on packet loss
Replies: 7
Views: 2456

Re: Script for recursive failover based on packet loss

That logic would not work. Once you disable a route you can't check whether it is back to normal. Updated logic: 1. Ping 8.8.8.8 (recursive for ISP-1) 20 times 2. If packet loss = 0%, do nothing 3. Else If packet loss >= 20% and route to ISP-1 (find by comment) distance = 1, find route to ISP-1 (fin...
by ashpri
Fri Sep 23, 2022 4:22 am
Forum: Scripting
Topic: Script for recursive failover based on packet loss
Replies: 7
Views: 2456

Script for recursive failover based on packet loss

Recursive failover has been working perfect for my connection with 2 ISPs. Last week my main ISP experienced intermittent issues. You could still ping but it was intermittent with latency spikes. I ended up having to disable (renumber) the route manually. How would I apply recursive failover by chec...
by ashpri
Wed Sep 07, 2022 8:45 am
Forum: General
Topic: How to use the find command [SOLVED]
Replies: 7
Views: 5330

Re: How to use the find command [SOLVED]

Thank you for the various solutions. I am in the process of learning scripting so the script solution is a great start.
by ashpri
Wed Sep 07, 2022 3:41 am
Forum: General
Topic: How to use the find command [SOLVED]
Replies: 7
Views: 5330

How to use the find command [SOLVED]

Let's say I have the folllowing setup: /interface bridge vlan add bridge=bridge1 tagged=bridge1,wlan2.0,ether1,ether2,ether3,ether4,ether5 vlan-ids=3 add bridge=bridge1 tagged=wlan2.0,ether1,ether2,ether3,ether4,ether5 vlan-ids=20 add bridge=bridge1 tagged=wlan2.0 vlan-ids=25 add bridge=bridge1 tagg...
by ashpri
Sat Aug 13, 2022 6:11 pm
Forum: Scripting
Topic: Useful scripts
Replies: 116
Views: 297351

Re: Useful scripts

This script is courtesy of user ukzerosniper from https://forum.mikrotik.com/viewtopic.php?p=951621 This script searches a route based on it's comment and sends an email based on status changes (UP / DOWN). In my case my office has 3 WAN routes. Because they are fail-over and load-balanced, if one I...
by ashpri
Sat Aug 13, 2022 5:51 pm
Forum: Scripting
Topic: email notification for interface down
Replies: 3
Views: 1058

Re: email notification for interface down

Hi

i have two wan interfaces with load balancing method and i want to receive an email notification if i lost one of them or when downed link comes up again.
i dont know anything about scrip and schedule tools.

viewtopic.php?p=951621
by ashpri
Sat Aug 13, 2022 5:31 pm
Forum: Scripting
Topic: Alert on AS Route becomes inactive
Replies: 3
Views: 2791

Re: Alert on AS Route becomes inactive

I hate to revive an old thread, but this script worked perfectly the first time and the poster deserves a kudos. Thank you! My condition: My office has 3 WAN routes. Because they are fail-over and load-balanced, if one ISP fails, internet access is not affected and nobody knows. So I needed a script...
by ashpri
Fri Aug 12, 2022 5:42 am
Forum: General
Topic: Question on MUM topic "Local IP leaking to public network"
Replies: 0
Views: 364

Question on MUM topic "Local IP leaking to public network"

Referring to this MUM by Janis Megis https://mum.mikrotik.com/presentations/EU17/presentation_4058_1490948376.pdf, page 27 "Local IP leaking to public network". On page 31 for the solution it states: 1. Use action=src-nat instead of action=masquerade where it is possible 2. Drop connection...
by ashpri
Fri Aug 12, 2022 3:03 am
Forum: General
Topic: Wireless Backup Trunk. Where to change RSTP path cost: switch port or wireless port.
Replies: 0
Views: 336

Wireless Backup Trunk. Where to change RSTP path cost: switch port or wireless port.

I plan to install a wireless backup link (using dual SXTsq5AC) from a farther switch in my site to a node closer to the root bridge (server room). My questions are: 1. Do I increase the RSTP port path cost of the switch going to the SXT, or on the wireless port of the SXT. Currently I have increased...
by ashpri
Thu Aug 11, 2022 10:03 am
Forum: General
Topic: IKE2/IPSEC Sucess with Certificate, EAP Error? [SOLVED]
Replies: 6
Views: 1679

Re: IKE2/IPSEC Sucess with Certificate, EAP Error? [SOLVED]

I'm afraid the whole issue is merely a misleading error handling in Winbox. auth-method=eap can only be used in identities linked to initiator peers; on responder peers, you have to use auth-method=eap -radius and configure a RADIUS server for user authentication, which may be UserManager5 (availab...
by ashpri
Thu Aug 11, 2022 6:07 am
Forum: General
Topic: Dynamic Port Policy on Mikrotik
Replies: 0
Views: 449

Dynamic Port Policy on Mikrotik

I am pretty sure this cannot be done in mikrotik (based on lack of results to my searches) but I am wondering if it is something the team will look into. Dynamic Port Configuration (DPC) provides the ability to assign port profiles (vlan, trunk/access port, etc) to client devices based on client ID ...
by ashpri
Thu Aug 11, 2022 1:52 am
Forum: General
Topic: IKE2/IPSEC Sucess with Certificate, EAP Error? [SOLVED]
Replies: 6
Views: 1679

Re: IKE2/IPSEC Sucess with Certificate, EAP Error? [SOLVED]

My experience is that "peer does not exist and suggestion" will disappear once I close the ipsec window and reopen (provided there is no error window). ROS v6.48.6. ----- /ip ipsec mode-config add address-pool="VPN Pool" address-prefix-length=32 name=cfg1 split-include=0.0.0.0/0 ...
by ashpri
Wed Aug 10, 2022 4:11 pm
Forum: General
Topic: IKE2/IPSEC Sucess with Certificate, EAP Error? [SOLVED]
Replies: 6
Views: 1679

Re: IKE2/IPSEC Sucess with Certificate, EAP Error? [SOLVED]

Still unsuccessful, but a different error.

I've tried:
1. EAP Methods: MSCHAP2 and TLS.
2. Selecting a Remote Client Cert and none.
3. Remote ID Type: Ignore, KeyID (entered random string in RemoteID) & Auto
4. Creating a new peer (the attached image is a new peer).

-----
HzfGQOGKOC.jpg
by ashpri
Wed Aug 10, 2022 3:40 pm
Forum: General
Topic: IKE2/IPSEC Sucess with Certificate, EAP Error? [SOLVED]
Replies: 6
Views: 1679

IKE2/IPSEC Sucess with Certificate, EAP Error? [SOLVED]

After endless hours tinkering I finally managed to get IKE2 working (in win10 and android 12) with certificate.

However when I tried EAP, I received this error:

Error.jpg

Anyone manage to get EAP authentication working with IKE2/IPSEC?
by ashpri
Fri Aug 05, 2022 6:36 am
Forum: General
Topic: WAN Load Balance question. WAN2 only to operate once WAN1 reaches X mbps.. [SOLVED]
Replies: 2
Views: 881

WAN Load Balance question. WAN2 only to operate once WAN1 reaches X mbps.. [SOLVED]

I've seen this discussed somewhere in the forum (or a MUM) but I have not been able to track it down. I have successfully implemented WAN Load Balancing across 3 ISPs, with certain VLANs going out specific WANs and certain VLANs going out all 3 WANs. My next goal is to try a scenario where WAN2 will...
by ashpri
Wed Aug 03, 2022 1:57 am
Forum: Beginner Basics
Topic: Switch maximum hop end-to-end [SOLVED]
Replies: 7
Views: 1852

Re: Switch maximum hop end-to-end [SOLVED]

RSTP is a complex and wide Topic not to say MSTP which is even more complex Similarly I am not an expert. But I find that researching and understanding RSTP is more difficult than implementing it once you understand the basic concept. The RouterOS hill was significantly more brutal vs RSTP. Once I ...
by ashpri
Tue Aug 02, 2022 6:45 pm
Forum: Beginner Basics
Topic: Switch maximum hop end-to-end [SOLVED]
Replies: 7
Views: 1852

Re: Switch maximum hop end-to-end [SOLVED]

checking MikroTik Bridge RSTP default configuration looks like it follow diameter of 20 pre-configured with max hops and max age set at 20, but it allows configuring up to 40 Crawling through some posts on the cisco forums seems to concur with 20 being acceptable in the field, depending on the sens...
by ashpri
Tue Aug 02, 2022 5:45 pm
Forum: Beginner Basics
Topic: Switch maximum hop end-to-end [SOLVED]
Replies: 7
Views: 1852

Switch maximum hop end-to-end [SOLVED]

In my installation, from the server room to the farthest device there are around 8 switches. Due to expansion this may increase to around 10 switches. According to old cisco documentation (https://community.cisco.com/t5/switching/802-1d-spanning-tree-7-hops-limitation/td-p/763269), the recommended d...
by ashpri
Fri Jul 29, 2022 5:11 am
Forum: Beginner Basics
Topic: Where do I change path cost for RSTP
Replies: 2
Views: 489

Re: Where do I change path cost for RSTP

example:

/interface bridge port
add bridge=brdge1 interface=ether1 path-cost=4
https://help.mikrotik.com/docs/display/ ... e+Protocol

Thank you, I know how to change it. My question is WHERE should the change be. The switch port to the SXT or the wlan port of the SXT.
by ashpri
Fri Jul 29, 2022 4:25 am
Forum: Beginner Basics
Topic: Where do I change path cost for RSTP
Replies: 2
Views: 489

Where do I change path cost for RSTP

In the following topology, where do I change the path cost for RSTP?

zzz.jpg

Do I change the path cost on the switch side A & D, or on the SXT side B & C?

Thank you.
by ashpri
Fri Jul 29, 2022 3:31 am
Forum: Beginner Basics
Topic: (R)STP Aha! moment [SOLVED]
Replies: 2
Views: 911

Re: (R)STP Aha! moment [SOLVED]

The question I have is this: If your server rack and internet router is in the same room, then selecting the router or any of the switches in the main server room as the root bridge is easy. What if the server room and the internet router are in opposite locations in the site. Where should the root ...
by ashpri
Fri Jul 29, 2022 3:10 am
Forum: Beginner Basics
Topic: (R)STP Aha! moment [SOLVED]
Replies: 2
Views: 911

(R)STP Aha! moment [SOLVED]

I've just had an aha! moment with STP that might help other beginners understand the concept. I've just made my core router a root bridge. I was concerned that CPU cycles would increase but it didn't, so I became curious what is exactly the purpose of a root bridge in a redundant network. Experts co...
by ashpri
Tue Jul 26, 2022 3:25 pm
Forum: Wireless Networking
Topic: Wireless trunk. mANTBox15s,19s and SXTsq5ac question [SOLVED]
Replies: 6
Views: 1182

Re: Wireless trunk. mANTBox15s,19s and SXTsq5ac question [SOLVED]

60ghz is indeed interesting.

For around 180mtr distances is the wAP-60G-AP / wAP-60G combination sufficient? It seems that this is on the maximum end of the stated distance.
by ashpri
Tue Jul 26, 2022 2:51 pm
Forum: Wireless Networking
Topic: Wireless trunk. mANTBox15s,19s and SXTsq5ac question [SOLVED]
Replies: 6
Views: 1182

Re: Wireless trunk. mANTBox15s,19s and SXTsq5ac question [SOLVED]

Thank you both. I am not familiar with the 60ghz. I will research it.
by ashpri
Tue Jul 26, 2022 1:09 pm
Forum: Wireless Networking
Topic: Wireless trunk. mANTBox15s,19s and SXTsq5ac question [SOLVED]
Replies: 6
Views: 1182

Wireless trunk. mANTBox15s,19s and SXTsq5ac question [SOLVED]

Hi there, I am trying to create a wireless trunk between several buildings on my site. They have line of sight and the following chart summarises their relative location.

Are the equipment I am planning for correct? Is the 15s adequate or do I need the 19s. Thank you

Network 1.jpg
by ashpri
Fri May 06, 2022 6:04 pm
Forum: General
Topic: WAN Load Balancing Done. Fine tuning questions. [SOLVED]
Replies: 4
Views: 988

Re: WAN Load Balancing Done. Fine tuning questions. [SOLVED]

You may also want to read Dischers explanation ( i prefer it over thomas, although both are master classes )
https://mum.mikrotik.com/presentations/US12/steve.pdf

I read both Tomas and Discher. I needed a dose of contraband to understand Discher.
by ashpri
Fri May 06, 2022 2:35 am
Forum: General
Topic: WAN Load Balancing Done. Fine tuning questions. [SOLVED]
Replies: 4
Views: 988

WAN Load Balancing Done. Fine tuning questions. [SOLVED]

So I was looking at this presentation for load balancing https://mum.mikrotik.com/presentations/US12/tomas.pdf (It is an excellent presentation and highly recommended as a Load Balancing guide) 1. One aspect of load balancing is to make sure that when a connection is initiated through one of the ISP...
by ashpri
Mon Apr 25, 2022 2:34 pm
Forum: Beginner Basics
Topic: How to enable VLAN filtering for existing bridge in CLI [SOLVED]
Replies: 1
Views: 636

How to enable VLAN filtering for existing bridge in CLI [SOLVED]

So I MAC Telnet to a new device, created bridge1 (vlan filtering not enabled at this stage), added bridge vlans, entered other basic setup. On the very last step of the setup process, I entered: /interface bridge add name=bridge1 vlan-filtering=yes and received the error "failure: already have ...
by ashpri
Fri Apr 22, 2022 2:17 pm
Forum: General
Topic: (yet another) Inter-vlan routing question [SOLVED]
Replies: 13
Views: 1598

Re: (yet another) Inter-vlan routing question [SOLVED]

And add it for all local subnets that should be looked up only in main routing table. Is this the correct routing rules to allow inter-vlan routing to work with the mangle rule to route office vlan out wan2 active. Flags: X - disabled, I - inactive 0 src-address=172.16.0.0/12 dst-address=172.16.0.0...
by ashpri
Fri Apr 22, 2022 11:52 am
Forum: General
Topic: (yet another) Inter-vlan routing question [SOLVED]
Replies: 13
Views: 1598

Re: (yet another) Inter-vlan routing question [SOLVED]

And add it for all local subnets that should be looked up only in main routing table. I will try this thank you. I don't have a good handle on mangle rules yet. If I changed the mangle chain (to route VL10-Office to WAN2) from prerouting to forward and added in-interface = VL10 and out-interface=WA...
by ashpri
Thu Apr 21, 2022 1:09 pm
Forum: General
Topic: (yet another) Inter-vlan routing question [SOLVED]
Replies: 13
Views: 1598

Re: (yet another) Inter-vlan routing question [SOLVED]

Huge thanks to anav for helping me to clean up my settings. I had questions regarding the duplication of address lists, and other questions, which you have answered. I have identified the reason why vlan routing does not work. I have a mangle rule to test routing internet traffic from Office VLAN to...
by ashpri
Wed Apr 13, 2022 7:51 am
Forum: General
Topic: (yet another) Inter-vlan routing question [SOLVED]
Replies: 13
Views: 1598

Re: (yet another) Inter-vlan routing question [SOLVED]

Nice brain teaser. Aside from useless VL01 interface, I don't see anything clearly wrong. You have bridge with ether1-3, and on all ports you have untagged vlan 1, tagged vlans 3, 5, 10, 35, with I assume some managed switches connected and access ports configured on them. Everything should be usin...
by ashpri
Wed Apr 13, 2022 6:05 am
Forum: General
Topic: (yet another) Inter-vlan routing question [SOLVED]
Replies: 13
Views: 1598

Re: (yet another) Inter-vlan routing question [SOLVED]

No suggestions?

Essentially I cannot get inter-vlan routing to work unless I enable "use ip firewall" and "use ip firewall for vlan". Since this is not recommended, I have left them disabled (and inter-vlan routing does not work). I cannot spot the error in my setup.
by ashpri
Tue Apr 12, 2022 11:27 am
Forum: General
Topic: (yet another) Inter-vlan routing question [SOLVED]
Replies: 13
Views: 1598

Re: (yet another) Inter-vlan routing question [SOLVED]

### IP SETTINGS: I've left this at default, should I chg anything? ip-forward: yes send-redirects: yes accept-source-route: no accept-redirects: no secure-redirects: yes rp-filter: no tcp-syncookies: no max-neighbor-entries: 8192 arp-timeout: 30s icmp-rate-limit: 10 icmp-rate-mask: 0x1818 route-cac...
by ashpri
Tue Apr 12, 2022 10:50 am
Forum: General
Topic: (yet another) Inter-vlan routing question [SOLVED]
Replies: 13
Views: 1598

Re: (yet another) Inter-vlan routing question [SOLVED]

If necessary, this is the complete setup: /interface bridge add fast-forward=no name=bridge1 vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] comment="LAN 1" set [ find default-name=ether2 ] comment="LAN 2" set [ find default-name=ether3 ] comment="LAN...
by ashpri
Tue Apr 12, 2022 10:40 am
Forum: General
Topic: (yet another) Inter-vlan routing question [SOLVED]
Replies: 13
Views: 1598

(yet another) Inter-vlan routing question [SOLVED]

Firstly thank you for your time. I perused this excellent post (and read each .rsc file) by pcunite but it does not seem to solve my issue https://forum.mikrotik.com/viewtopic.php?f=23&t=143620. I can't remember when it stopped working, because it used to work. I wonder if one of the recent firm...
by ashpri
Tue Mar 30, 2021 4:10 pm
Forum: General
Topic: Question on VLAN 0 & 1 implementation across different MT devices
Replies: 3
Views: 1078

Re: Question on VLAN 0 & 1 implementation across different MT devices

Sorry dont use powerbox, but RoS is RoS and the same so vlan1 is the default pvid and normally is never removed or changed for vlan filtering or bridge ports. The only time one defines a PVID on a bridge port (access port) is when that port is going to a dumb device. Typically no one uses vlan1 or ...
by ashpri
Tue Mar 30, 2021 12:05 pm
Forum: General
Topic: Question on VLAN 0 & 1 implementation across different MT devices
Replies: 3
Views: 1078

Re: Question on VLAN 0 & 1 implementation across different MT devices

So reading this older post https://forum.mikrotik.com/viewtopic.php?t=118086#p582957, it states "Native VLAN (Cisco VLAN1) is translated to Mikrotik VLAN ID 0". That's clear enough. Does that mean that Mikrotik's VLAN-on-the-Bridge implementation treats Native VLAN as 1 (as the pvid defaul...
by ashpri
Tue Mar 30, 2021 11:27 am
Forum: General
Topic: Question on VLAN 0 & 1 implementation across different MT devices
Replies: 3
Views: 1078

Question on VLAN 0 & 1 implementation across different MT devices

My network is running fine. However I have a question on the different treatment of default vlan id (0 or 1) across different products for switch chip VLAN implementation. On the HAPAC2, this is the setting: (I assume with the port default vlan empty, it defaults to 1) HAPAC2.jpg On the Powerbox, th...
by ashpri
Thu Mar 25, 2021 1:46 am
Forum: General
Topic: Switch Chip VLAN Setting Question (HAPAC2)
Replies: 6
Views: 900

Re: Switch Chip VLAN Setting Question (HAPAC2)

I didn't say there was no difference. In case A traffic from other VLANs will bleed through ether5 (broadcasts, multicasts and some unicast packets if switch won't know exact egress port for dst MAC address, ...). It goes against the gist of setting vlan-mode=secure ... Even more so if you don't se...
by ashpri
Wed Mar 24, 2021 3:44 pm
Forum: General
Topic: Switch Chip VLAN Setting Question (HAPAC2)
Replies: 6
Views: 900

Re: Switch Chip VLAN Setting Question (HAPAC2)

This is a decent guide. https://www.youtube.com/watch?v=Rj9aPoyZOPo Thank you, I watched this. He uses option B. Case A (ether5 member of VLANs 1, 01 and 20) doesn't make much sense since ether5 port is set to untag everything on egress and can only tag untagged frames with single default-vlan-id o...
by ashpri
Wed Mar 24, 2021 1:48 pm
Forum: General
Topic: Switch Chip VLAN Setting Question (HAPAC2)
Replies: 6
Views: 900

Switch Chip VLAN Setting Question (HAPAC2)

Port 1-4 = Trunk Port Port 5 = Access Port (VL10) --------- /interface ethernet switch port set 0 vlan-mode=secure set 1 vlan-mode=secure set 2 vlan-mode=secure set 3 vlan-mode=secure set 4 default-vlan-id=10 vlan-header=always-strip vlan-mode=secure set 5 vlan-mode=secure Is A or B correct: (or are...
by ashpri
Wed Mar 24, 2021 1:18 pm
Forum: General
Topic: Port forwarding issue [SOLVED]
Replies: 8
Views: 1758

Re: Port forwarding issue [SOLVED]

add action=dst-nat chain=dstnat comment=DVR1 dst-port=67-68 in-interface=\ ether2 protocol=tcp src-port="" to-addresses=192.168.1.71 to-ports=67-68 add action=dst-nat chain=dstnat comment=DVR2 dst-port=70-72 in-interface=\ ether2 protocol=tcp to-addresses=192.168.1.72 to-ports=70-72 The f...
by ashpri
Mon Oct 21, 2019 1:37 am
Forum: Beginner Basics
Topic: bridge interfaces: tagged or untagged?
Replies: 16
Views: 4624

Re: bridge interfaces: tagged or untagged?

@dave this is how I have my bridge setup including DHCP Server. /interface vlan add interface=bridge1 name="VL 201 Guest" vlan-id=201 add interface=bridge1 name="VL 202 Fam" vlan-id=202 add interface=bridge1 name="VL 203 Kids" vlan-id=203 add interface=bridge1 name=&quo...
by ashpri
Sun Oct 20, 2019 5:02 pm
Forum: Beginner Basics
Topic: bridge interfaces: tagged or untagged?
Replies: 16
Views: 4624

Re: bridge interfaces: tagged or untagged?

Do all untagged ports tag every packet in input or not?

In my testing, I believe it does. In the following bridge configuration, incoming packets into eth5 are tagged with vlan 999.

My trunk port in this case is PORT 1.

zz1.png
by ashpri
Sat Oct 19, 2019 7:13 pm
Forum: Beginner Basics
Topic: No access to LAN over PPTP VPN (can only ping router)
Replies: 26
Views: 82652

Re: No access to LAN over PPTP VPN (can only ping router)

Try to change to proxy-arp the LAN interface on the VPN server side.
This worked for me.
by ashpri
Sat Oct 19, 2019 6:55 pm
Forum: Beginner Basics
Topic: bridge interfaces: tagged or untagged?
Replies: 16
Views: 4624

Re: bridge interfaces: tagged or untagged?

I uses IP firewall for VLAN because was the only way to firewalling between different VLANs, I haven't found other methods. I use vlans in my bridge (use-ip-firewall-for-vlan is disabled) and these are the rules to prevent vlans from talking to each other. Allows first then a drop all at the bottom...
by ashpri
Sat Oct 19, 2019 6:32 pm
Forum: Beginner Basics
Topic: When is "use-ip-firewall" and "use-ip-firewall-for-vlan" necessary
Replies: 2
Views: 3445

When is "use-ip-firewall" and "use-ip-firewall-for-vlan" necessary

I have a bridge with multiple vlans (vlan filtering enabled). I have firewall rules and queue tree setup for wan routed traffic (different vlans have different wan bandwidth limit and priorities). Question: 1. I have "use-ip-firewall" active on the bridge. Is this necessary or not? My feel...
by ashpri
Wed Oct 02, 2019 6:03 am
Forum: Beginner Basics
Topic: Increase Idle timeout instead of using http/mac-cookie [SOLVED]
Replies: 1
Views: 1305

Increase Idle timeout instead of using http/mac-cookie [SOLVED]

My hotspot constantly asks the user to login multiple times a day, even when mac-cookie (or http-cookie) is set to 7 days. I am thinking I can get around the the above issue by disabling mac/http-cookie and increasing idle time (or keepalive timeout) to 7 days. Is there anything I need to watch out ...
by ashpri
Tue Sep 10, 2019 6:24 am
Forum: Beginner Basics
Topic: Slow 5GHz transfer rate
Replies: 2
Views: 1418

Re: Slow 5GHz transfer rate

Disclaimer: I am not an expert in this. Look here: https://www.wlanpros.com/mcs-index-charts/, at the 1 Spatial Stream (top) section. Why 1SS? Because the HapACLite has 1 antenna (tx/rx chain) in the 5ghz band. It seems like your channel width setting went from 80mhz (MCS7 325) to 20mhz wide (MCS8 8...
by ashpri
Tue Sep 10, 2019 5:36 am
Forum: Beginner Basics
Topic: Understanding acmin-mac (mtik devices mac changes after reboot)
Replies: 3
Views: 1365

Re: Understanding acmin-mac (mtik devices mac changes after reboot)

Thank you for your reply. It seems to be hugely impractical to manually enter the admin-mac for each device in a large network. I must be missing something. How do other admins with a large number of mtik devices monitor their device up/down status reliably. ----- This is an example of my netwatch f...
by ashpri
Mon Sep 09, 2019 10:32 am
Forum: Beginner Basics
Topic: Understanding acmin-mac (mtik devices mac changes after reboot)
Replies: 3
Views: 1365

Understanding acmin-mac (mtik devices mac changes after reboot)

I have 20-30 Mikrotik devices in my network, APs and Switches. I use tool>netwatch to monitor their up/down status. The issue is on some (not all) of the devices, from time to time for what seems to be no reason at all, when the AP/Switch reboots, their bridge mac changes and therefore it would get ...
by ashpri
Tue Aug 20, 2019 3:26 am
Forum: Beginner Basics
Topic: CAPSMAN: CAP Setting for Local vs CAPSMAN Forwarding, with vlans
Replies: 3
Views: 1338

Re: CAPSMAN: CAP Setting for Local vs CAPSMAN Forwarding, with vlans

If your infrastructure (switch, router) has your vlans already set up on the uplinks to the CAPs you only have to switch to "local-forwarding=yes" in your capsman configuration. The vlan<->port association is done by the CAP on the bridge that you assign in /interface wireless cap (2. que...
by ashpri
Sun Aug 18, 2019 5:13 am
Forum: Beginner Basics
Topic: CAPSMAN: CAP Setting for Local vs CAPSMAN Forwarding, with vlans
Replies: 3
Views: 1338

CAPSMAN: CAP Setting for Local vs CAPSMAN Forwarding, with vlans

This is how I have my CAPs setup for "CAPSMAN forwarding" scenario. VLAN assignment per SSID is working well. /interface bridge add name=bridge1 /interface vlan add interface=bridge1 name=VL03 vlan-id=3 add interface=bridge1 name=VL05 vlan-id=5 add interface=bridge1 name=VL10 vlan-id=10 /i...
by ashpri
Mon Jun 17, 2019 4:16 pm
Forum: Wireless Networking
Topic: Connection Rate Setting
Replies: 0
Views: 896

Connection Rate Setting

I have the following settings on my Unifi APs which has served me well. A Unifi Mesh Pro was stable serving 260 users with this setting, with the default settings it would crash. zz1.png Is the following mikrotik rates similar to the above's 2G section? zz3.png I'm not sure what do to with the HT, V...
by ashpri
Sun Jun 16, 2019 5:57 am
Forum: Wireless Networking
Topic: CAPSMan + freeradius + VLAN per User
Replies: 21
Views: 17098

Re: CAPSMan + freeradius + VLAN per User

I know exactly what's happening now. This is the issue:

zz3.png

If I have 200 CAPs, I have to add all 200 CAP Interfaces manually to the bridge? This doesn't seem like the normal Mikrotik way. I must be missing something.
by ashpri
Sun Jun 16, 2019 5:01 am
Forum: Wireless Networking
Topic: CAPSMan + freeradius + VLAN per User
Replies: 21
Views: 17098

Re: CAPSMan + freeradius + VLAN per User

JACKPOT! With a manually created SSID (Virtual AP), the radius properly authenticates the user and places the user in the right vlan. The only issue is I had to ipconfig/release and /renew when switching between different users in different vlans. In production, this should not be an issue. As I sus...
by ashpri
Sun Jun 16, 2019 3:05 am
Forum: Wireless Networking
Topic: CAPSMan + freeradius + VLAN per User
Replies: 21
Views: 17098

Re: CAPSMan + freeradius + VLAN per User

Thank you for your response Dorian. I will post that data soon. I am not sure this is even a radius issue. I am now testing with Tekradius LT as instructed here https://mum.mikrotik.com/presentations/CN16/presentation_3107_1461137144.pdf. I have bypassed DHCP and placed a static address 192.168.86.1...
by ashpri
Sat Jun 15, 2019 7:26 pm
Forum: Wireless Networking
Topic: CAPSMan + freeradius + VLAN per User
Replies: 21
Views: 17098

Re: CAPSMan + freeradius + VLAN per User

Might it have to do with the fact that the radius server is on vlan86 while the client (as instructed by freeradius) is to be on vlan60? The dhcp server is on the mikrotik router, as is capsman. The client is logging in from a cap. Might a firewall rule (or something) be blocking the dhcp offers fro...
by ashpri
Fri Jun 14, 2019 6:15 pm
Forum: Wireless Networking
Topic: CAPSMan + freeradius + VLAN per User
Replies: 21
Views: 17098

Re: CAPSMan + freeradius + VLAN per User

Reviving an old but relevant thread. I've followed everything in this thread as well as https://forum.mikrotik.com/viewtopic.php?t=51817, https://forum.mikrotik.com/viewtopic.php?t=140239, https://forum.mikrotik.com/viewtopic.php?f=7&t=109431, https://forum.mikrotik.com/viewtopic.php?t=124596, h...
by ashpri
Fri Jun 14, 2019 12:25 pm
Forum: Wireless Networking
Topic: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help
Replies: 5
Views: 3347

Re: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help

The setting seems basic enough. There are 2 settings below. The top is WPA2-EAP for radius assigned VLAN, with the DHCP issue. The bottom is WPA2-PSK, with no DHCP issue. Both serving the same vlan. ----- /caps-man configuration add datapath.bridge=bridge1 mode=ap datapath.vlan-mode=use-tag name=&qu...
by ashpri
Fri Jun 14, 2019 8:05 am
Forum: Wireless Networking
Topic: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help
Replies: 5
Views: 3347

Re: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help

I've discovered the problem isn't freeradius at all.

The error is the client isn't getting proper dhcp lease in the vlan assigned by the radius server. What could I be missing.

zz4.jpg
by ashpri
Thu Jun 13, 2019 1:31 pm
Forum: Wireless Networking
Topic: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help
Replies: 5
Views: 3347

Re: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help

I have reviewed that post and others with similar topics before posting this thread. I did not find a solution, but I will go through that post again. I did a test with radlogin (radius test client) from another pc and this is the result: zz1.png Is that response acceptable? I am assuming it is the ...
by ashpri
Thu Jun 13, 2019 9:01 am
Forum: Wireless Networking
Topic: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help
Replies: 5
Views: 3347

Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help

Goal: Have a single ssid authenticated by radius, with vlans assigned based on username/password. Succeeded: - I've managed to get FreeRADIUS working with my router. My AP is a HAPAC2 (as CAP). - Authentication with freeradius works great. Issue: I cannot get the radius server to assign vlan. I hav...
by ashpri
Wed Jun 12, 2019 5:39 pm
Forum: Wireless Networking
Topic: Radius Assigned VLAN using user manager for wifi users
Replies: 0
Views: 937

Radius Assigned VLAN using user manager for wifi users

Is this possible?

I've searched for some guides and most uses external radius servers.

Thank you
by ashpri
Mon Jun 10, 2019 5:26 am
Forum: Beginner Basics
Topic: CPU % while using RB750Gr3 as vlan enabled switch
Replies: 2
Views: 1267

CPU % while using RB750Gr3 as vlan enabled switch

Just relating my experience. I am using a HEX (RB750Gr3) purely as a vlan enabled switch in my production environment. I had a choice to use bridge vlan (no hardware offload) or switch chip vlan (hardware offload). I was concerned that using bridge vlan would max the cpu (and reduce performance). I ...
by ashpri
Wed Jun 05, 2019 4:23 am
Forum: Beginner Basics
Topic: guest wifi + VLAN confusion
Replies: 7
Views: 6025

Re: guest wifi + VLAN confusion

This is how I set vlan on my bridge (minus the dhcp and firewall rules, to keep it simple): /interface bridge add name=bridge1 protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] comment="UPLINK - TRUNK" set [ find default-name=ether2 ] comment="...
by ashpri
Tue Jun 04, 2019 9:23 am
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 113
Views: 53037

Re: RB750Gr3 - Report and questions

I can confirm that as of today, the HEX (RB750GR3) with v6.44.3 cannot yet implement vlan in switch chip (with hardware offloading).

I have a HAPAC2 with switch chip vlan enabled and the same settings does not work on the HEX.
by ashpri
Tue Jun 04, 2019 3:47 am
Forum: Beginner Basics
Topic: Confused with PASSTHROUGH YES/NO in Mangle
Replies: 7
Views: 7033

Re: Confused with PASSTHROUGH YES/NO in Mangle

So, if a packet matches a rule early on in the mangle rules BUT................ will also need to be processed again by lets say 10 mangle rules later, then the first rule that packet is involved in MUST have passthrough=yes?? Noted and thanks. The ?? threw me off, thanks for clarifying they were r...
by ashpri
Mon Jun 03, 2019 3:24 am
Forum: Beginner Basics
Topic: Confused with PASSTHROUGH YES/NO in Mangle
Replies: 7
Views: 7033

Re: Confused with PASSTHROUGH YES/NO in Mangle

Thank you. I've read and understood all that. The clarification I need is, and I should have been clearer on this, whether the PASSTHROUGH=NO in Packet Marking Rules 5-8 stops Packet Marking Rule 9 from processing. It shouldn't, since Packet Marking Rule 9 is based on a different connection mark tha...
by ashpri
Sat Jun 01, 2019 2:02 am
Forum: Beginner Basics
Topic: Confused with PASSTHROUGH YES/NO in Mangle
Replies: 7
Views: 7033

Confused with PASSTHROUGH YES/NO in Mangle

I have been following a guide in the forum as well as on youtube to setup Queue Tree QOS. Everything is working, I just don't quite understand passthrough completely. Aim: 1. To split overall bandwidth to: hotspot (higher priority and bandwidth) and office downloads (lower priority and bandwidth). 2...
by ashpri
Sat Jun 01, 2019 1:03 am
Forum: Beginner Basics
Topic: 6.44.3 not installing
Replies: 2
Views: 1351

Re: 6.44.3 not installing

I had a HAPACLITE with this same issue. I had to do a netinstall. A note with netinstall, I had to disable all other ethernet interfaces on my PC (including eth interfaces for virtual machine software), except the one connected to the mtik.
by ashpri
Thu May 30, 2019 3:56 pm
Forum: Beginner Basics
Topic: Do I need the following firewall rules for CAPSMAN? [SOLVED]
Replies: 2
Views: 6599

Re: Do I need the following firewall rules for CAPSMAN? [SOLVED]

This is to accept CAP from the same board where runs CAPsMAN.

Ah, that's right. Thank you. Now I remember why I have this rule.
by ashpri
Wed May 29, 2019 3:43 am
Forum: Beginner Basics
Topic: Do I need the following firewall rules for CAPSMAN? [SOLVED]
Replies: 2
Views: 6599

Do I need the following firewall rules for CAPSMAN? [SOLVED]

Following some guide in the forum, I ended up with this firewall rule in the process of setting up CAPSMAN (my router is my capsman): /ip firewall filter add action=accept chain=input comment="IN - CAPSMAN Local" dst-address-list=\ "Loop Local" dst-port=5246,5247 protocol=udp src...
by ashpri
Wed May 29, 2019 3:25 am
Forum: Beginner Basics
Topic: Are these redundant dns firewall rules?
Replies: 2
Views: 1359

Are these redundant dns firewall rules?

I have this rule in my firewall (following a firewall guide): /ip firewall filter add action=accept chain=input comment="IN - Accept DNS Request" dst-port=53 in-interface-list=LAN protocol=tcp add action=accept chain=input comment="IN - Accept DNS Request" dst-port=53 in-interfac...
by ashpri
Tue May 28, 2019 4:01 pm
Forum: Beginner Basics
Topic: Slow throughput (<100Mbps) between 2 Gbit Routers being used as switch
Replies: 4
Views: 1336

Re: Slow throughput (<100Mbps) between 2 Gbit Routers being used as switch

So I put the Powerbox Pro (acting as switch) between a CCR1016-12G and a HAPAC2, and ran the bandwidth test again. Simultaneous TCP Tx/Rx yields roughly 320Mbps/320Mbps. HAPAC2 @ 100% CPU, CCR at 10% CPU. Test limited by HAPAC2 CPU. One way (CCR = test source) yields roughly 800Mbps (Rx) and 920Mbps...
by ashpri
Fri May 24, 2019 9:14 am
Forum: Beginner Basics
Topic: Slow throughput (<100Mbps) between 2 Gbit Routers being used as switch
Replies: 4
Views: 1336

Re: Slow throughput (<100Mbps) between 2 Gbit Routers being used as switch

I put a PBPro as a switch in-between a HAPAC2 (source) and another PBPro (target). As you mentioned, the PBPro acting as a switch (middle) has low CPU @ 2%. However since the speed test target is another PBPro, its CPU (@ 100%) is limiting the result, whereas the HAPAC2's CPU hovers between 15-25%. ...
by ashpri
Fri May 24, 2019 6:59 am
Forum: Beginner Basics
Topic: Slow throughput (<100Mbps) between 2 Gbit Routers being used as switch
Replies: 4
Views: 1336

Slow throughput (<100Mbps) between 2 Gbit Routers being used as switch

This is a repost. I deleted my original post. I thought I made an error in the testing, but I did not. Throughput test between 2 Powerbox Pro routers used as a switch (I plan to use them as outdoor Gbit POE switches). Simple setup (no other config, zero firewall rules): /interface bridge add name=br...
by ashpri
Tue May 21, 2019 11:40 am
Forum: Beginner Basics
Topic: FQDN for Mikrotik update server for hotspot walled garden bypass
Replies: 1
Views: 742

FQDN for Mikrotik update server for hotspot walled garden bypass

What is the FQDN for the mikrotik update server? I would like to make a walled garden bypass for my hotspot, so APs can update themselves without having to be bypassed.

I've added mikrotik.com and download.mikrotik.com. Is this enough?

Thanks.
by ashpri
Mon May 20, 2019 6:13 pm
Forum: Beginner Basics
Topic: Multiple ISP usage question
Replies: 3
Views: 1019

Re: Multiple ISP usage question

This is all I did for 2 ISP failover and it seems to work fine. Experts correct me if I am wrong. ISP1 is main, ISP2 is failover. They key is in the Distance set in /ip route. /interface ethernet set [ find default-name=ether1 ] comment="To Switch" set [ find default-name=ether2 ] comment=...
by ashpri
Mon May 20, 2019 5:31 pm
Forum: Beginner Basics
Topic: Local vs Capsman forwarding for CAPs
Replies: 3
Views: 1773

Re: Local vs Capsman forwarding for CAPs

You need a bridge with the VLANs on it. It doesn't have to be VLAN-aware, so it is possible to combine CAP with hardware switched ethernet ports. As the CAP is likely to have a single managment IP on one VLAN you don't need any firewall rules on the CAP as all the VLAN encapsulated traffic is passe...
by ashpri
Mon May 20, 2019 5:41 am
Forum: Beginner Basics
Topic: Local vs Capsman forwarding for CAPs
Replies: 3
Views: 1773

Local vs Capsman forwarding for CAPs

Are the following true, if local forwarding for caps is enabled? 1. In a wifi network with multiple vlans (internal vlan and guest hotspot vlan), each cap would need to have a vlan enabled bridge and inter-vlan drop rules set on the firewall. 2. For the guest hotspot vlan, I would need to set guest ...
by ashpri
Mon May 20, 2019 3:57 am
Forum: Beginner Basics
Topic: Help with VLAN and separate WLAN's [SOLVED]
Replies: 8
Views: 1997

Re: Help with VLAN and separate WLAN's [SOLVED]

Why do you need multiple router boxes? I have one Mtik router in my office with multiple vlans. APs are mikrotik and unifi. Switches are mikrotik and unifi as well.

One vlan for office, one for guest. One cannot see the other once they are segregated via vlan with proper firewall rules.
by ashpri
Sun May 19, 2019 12:33 pm
Forum: Beginner Basics
Topic: VPN into a VLAN (Working, SSTP) [SOLVED]
Replies: 3
Views: 2743

Re: VPN into a VLAN (Working, SSTP) [SOLVED]

In addition, instead of PPTP which is old and supposedly insecure, I've managed to utilise SSTP via another acid-reflux-free guide:
http://www.dr0u.com/mikrotik-setup-sstp ... 10-client/
by ashpri
Sun May 19, 2019 7:30 am
Forum: Beginner Basics
Topic: VPN into a VLAN (Working, SSTP) [SOLVED]
Replies: 3
Views: 2743

Re: VPN into a VLAN (not working) [SOLVED]

I may be wrong but try enabling "Proxy-Arp" on the interface that the VLAN is attached to.

That did it! Thank you. No acid reflux after all.
by ashpri
Sun May 19, 2019 3:16 am
Forum: Beginner Basics
Topic: VPN into a VLAN (Working, SSTP) [SOLVED]
Replies: 3
Views: 2743

VPN into a VLAN (Working, SSTP) [SOLVED]

On my mikrotik router, I have VLAN3 reserved for network device mgmt. Address Pool: 172.16.2.50-172.16.3.254 Since Romon doesn't work in a unifi switch environment, I need to login into the vlan for network devices, to manage my mikrotik switches and APs in the office, remotely. My steps in creating...
by ashpri
Sun May 19, 2019 2:24 am
Forum: Beginner Basics
Topic: Use router as switch (switch chip), bridge needed? [SOLVED]
Replies: 6
Views: 2962

Re: Use router as switch (switch chip), bridge needed? [SOLVED]

Configure as a "hybrid" port with VLAN98 untagged and the other VLANs tagged, see https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#VLAN_Example_2_.28Trunk_and_Hybrid_Ports.29 . Note this is only possible on gigabit switch chips (QCA8337, Atheros8327). Be aware that management fo...
by ashpri
Sun May 19, 2019 2:06 am
Forum: Beginner Basics
Topic: Use router as switch (switch chip), bridge needed? [SOLVED]
Replies: 6
Views: 2962

Re: Use router as switch (switch chip), bridge needed? [SOLVED]

Thank you for the link. That seems to work in the lab, although I have not tested every permutation of possible real condition. This is that I did, as a guide for others. To summarise, what I am trying to do is use a HAPAC2 and POWERBOX-PRO as a VLAN enabled switch, using the speed of switch chip, b...
by ashpri
Thu May 16, 2019 5:05 pm
Forum: Beginner Basics
Topic: Use router as switch (switch chip), bridge needed? [SOLVED]
Replies: 6
Views: 2962

Use router as switch (switch chip), bridge needed? [SOLVED]

I am using a HAPAC2 (Atheros 8327 switch chip) purely as a switch, in a VLAN environment. The reason I am using the switch chip, correct me if I am wrong, is my understanding that enabling vlans on the bridge will disable hardware offloading and will reduce the throughput of the HAPAC2 as a switch s...
by ashpri
Thu May 09, 2019 4:36 pm
Forum: Beginner Basics
Topic: HAP AC LITE will not update firmware from 6.43.4 to 6.44.3 (or any other fw)
Replies: 2
Views: 1226

Re: HAP AC LITE will not update firmware from 6.43.4 to 6.44.3 (or any other fw)

Is there something in log? It's not flash ("HDD") size, if it was, it wouldn't be possible to upgrade any of these new 16MB device. Upgrade on these uses RAM. I will check the log thanks. I didn't think to look there. I did a netinstall at the end. This was also frought with issues until ...
by ashpri
Wed May 08, 2019 6:21 pm
Forum: Beginner Basics
Topic: HAP AC LITE will not update firmware from 6.43.4 to 6.44.3 (or any other fw)
Replies: 2
Views: 1226

HAP AC LITE will not update firmware from 6.43.4 to 6.44.3 (or any other fw)

My router cannot update from 6.43.4 to 6.44.3 I've done a check for update, the new firmware downloaded and the unit rebooted, it comes back to 6.43.4 after reboot (instead of updating to 6.44.3). I've reset the unit to no-default-config, including manually downloading the npk file and uploading it ...
by ashpri
Mon May 06, 2019 5:10 pm
Forum: Beginner Basics
Topic: ROS Level 4 hotspot active user
Replies: 3
Views: 1338

Re: ROS Level 4 hotspot active user

When it reaches the user limit, I can think of 3 possibilities:
(1) prevent new logins, or
(2) drop the oldest logged in, or
(3) drop the oldest and inactive logged in (unlikely but I would be pleasantly surprised if it behaves this way)
by ashpri
Mon May 06, 2019 4:46 pm
Forum: Beginner Basics
Topic: ROS Level 4 hotspot active user
Replies: 3
Views: 1338

ROS Level 4 hotspot active user

ROS Level 4 License limits the hotspot active user to 200.

My organisation can have up to 300 active users, however at any time only less than 100 has active rx/tx traffic.

What is mikrotik's algorithm if you exceed the active user limit for the license level. Who gets dropped first.
by ashpri
Mon May 06, 2019 9:43 am
Forum: Beginner Basics
Topic: DHCP Server conflict (same address pool)
Replies: 4
Views: 2479

Re: DHCP Server conflict (same address pool)

Thank you, I've fixed it. I forgot to add an address for the VLAN interface, which prompted the DHCP server error. I'm basically trying to merge an old hotspot network running on an old bridge, with a flat network, connected to ether3 on the router, to a vlan on a new bridge, connected to ether2 on ...
by ashpri
Sun May 05, 2019 6:06 am
Forum: Beginner Basics
Topic: DHCP Server conflict (same address pool)
Replies: 4
Views: 2479

Re: DHCP Server conflict (same address pool)

Thank you for the follow up. ether1: WAN ether2: new LAN (vlan split between office and hotspot), bridge2 ether3: old hotspot lan (flat network), bridge1 I would like to merge the old hotspot lan running on ether3 to the new network on ether2. The new hotspot on ether2 has a different subnet than th...
by ashpri
Sat May 04, 2019 8:50 am
Forum: Beginner Basics
Topic: DHCP Server conflict (same address pool)
Replies: 4
Views: 2479

DHCP Server conflict (same address pool)

See the following image:

zz1.jpg

The DHCP server "VL98 DHCP" gives a redline error on start. No error message pops up in the log.
Could it be because it shares the same address pool as the DHCP Server called "dhcp1"?
by ashpri
Tue Feb 19, 2019 4:02 pm
Forum: Beginner Basics
Topic: Does EOIP need both ends to be visible [SOLVED]
Replies: 1
Views: 1387

Does EOIP need both ends to be visible [SOLVED]

I will be testing site to site EOIP, however one side is behind a NAT and I can't get my isp to port forward to the mikrotik.

Is EOIP possible in this scenario?
by ashpri
Tue Feb 19, 2019 4:47 am
Forum: Beginner Basics
Topic: set up vlan with switch chip [SOLVED]
Replies: 20
Views: 6614

Re: set up vlan with switch chip [SOLVED]

This is what I did on my HAPAC2 VLAN config using switch chip (not bridge). As I understand it, if I use vlans using bridge, I believe it disables hardware offloading to the switch chip, and therefore may reduce performance. I would like to use the HAPAC2 only as a switch therefore I set the vlan on...
by ashpri
Thu Feb 14, 2019 12:41 pm
Forum: Beginner Basics
Topic: ROMON Troubleshooting [SOLVED]
Replies: 3
Views: 2979

Re: ROMON Troubleshooting [SOLVED]

That means 3 replies are received per each request. 0 reply per each request = 100% loss 1 reply per each request = 0% loss 2 replies per each request = -100% loss 3 replies per each request = -200% loss I know the number like this does not make sense, however, there is no other way to summarize pa...
by ashpri
Thu Feb 14, 2019 2:16 am
Forum: Beginner Basics
Topic: ROMON Troubleshooting [SOLVED]
Replies: 3
Views: 2979

Re: ROMON Troubleshooting [SOLVED]

Anyone? No one has ever had issues with not seeing devices in ROMON? Researching further, it seems to be related to this thread https://forum.mikrotik.com/viewtopic.php?t=99208 And this thread in the ub forums https://community.ubnt.com/t5/EdgeSwitch/ES-24-250W-and-Mikrotik-RoMON-failure/td-p/131397...
by ashpri
Wed Feb 06, 2019 9:45 am
Forum: Beginner Basics
Topic: ROMON Troubleshooting [SOLVED]
Replies: 3
Views: 2979

ROMON Troubleshooting [SOLVED]

I have 2 kinds of MTIK devices behind my main MTIK router. 1. MTIK device that is in the default VLAN, ROMON works. 2. MTIK device that is in VLAN 03, ROMON does not work. For device #2, mac-ping from TOOLS > ROMON results in timeout, but mac-ping from IP > NEIGHBORS works but shows a -200% packet l...
by ashpri
Sun Dec 23, 2018 1:50 am
Forum: Beginner Basics
Topic: Automatic update of ROS packages, Routerboard then Reboot
Replies: 1
Views: 1562

Automatic update of ROS packages, Routerboard then Reboot

I have this script to auto-update the ROS packages, then auto-update Routerboard FW and finally do a reboot. Based on https://www.youtube.com/watch?v=3zYBvRxp_lg and the wiki. ---------- /system scheduler add interval=1d name="Check for Update" on-event="/system package update\r\ \nch...
by ashpri
Fri Dec 21, 2018 12:26 pm
Forum: Beginner Basics
Topic: CAPSMAN vs Unifi Controller (user review)
Replies: 2
Views: 4004

CAPSMAN vs Unifi Controller (user review)

We have both mikrotik and unifi APs in the organisation. We have been using unifi APs much longer. We've only been using capsman for a week or so. Simple observations: 1. If we need to mesh APs, we use unifi. Unifi can adopt an AP wirelessly and they will automatically mesh and provision. Configurin...
by ashpri
Tue Dec 11, 2018 6:12 am
Forum: Beginner Basics
Topic: Mikrotik PT(M)P tx/rx low speed. Best Practice.
Replies: 0
Views: 711

Mikrotik PT(M)P tx/rx low speed. Best Practice.

I have several HAP-AC2 and CAP-AC around the house to repeat wifi signals. I am separating the radios. 2ghz is for user connections, 5ghz is for the inter-AP backbone. I am trying to understand why TX and RX rates differ for the same AP and how I can improve their connection rates. See the following...
by ashpri
Mon Dec 10, 2018 3:31 pm
Forum: Beginner Basics
Topic: Failed connecting LAN device via wireless [SOLVED]
Replies: 2
Views: 1421

Re: Failed connecting LAN device via wireless [SOLVED]

Use mode station-bridge for the client router. If you're running CAPsMAN on the main router, then you should go for station-pseudobridge as CAPsMAN unfortunately doesn't support the MikroTik-proprietary bridge extensions. -Chris I am using CAPSMAN on the main Router-A to provision its built-in 2G a...
by ashpri
Mon Dec 10, 2018 1:03 pm
Forum: Beginner Basics
Topic: Failed connecting LAN device via wireless [SOLVED]
Replies: 2
Views: 1421

Failed connecting LAN device via wireless [SOLVED]

Hello all. I have a simple problem. I have looked at many guides. I must be missing something simple somewhere. From what I am reading, connecting a LAN device (in another room) to an existing network with wifi (all mikrotik), is as simple as activating the WLAN interface on STATION mode and connect...
by ashpri
Sun Dec 02, 2018 6:07 pm
Forum: Beginner Basics
Topic: Deploy and manage PTMP endpoints via CAPSMAN
Replies: 0
Views: 681

Deploy and manage PTMP endpoints via CAPSMAN

Is it possible to (1) initial-deploy and (2) manage the endpoint of a PTMP link (WAP AC 2 & WAP AC 3 in the following image) via CAPSMAN?


zz1.png

Thank you.
by ashpri
Thu Nov 29, 2018 2:34 pm
Forum: Beginner Basics
Topic: Hotspot doesn't work when attached to slave member of bridge (VLAN)
Replies: 1
Views: 868

Re: Hotspot doesn't work when attached to slave member of bridge (VLAN)

I found the problem. If I disable "Use IP Firewall For VLAN", everything works as it should. Reading https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge, "use-ip-firewall-for-vlan" is described thus : Send bridged VLAN traffic to also be processed by IP/Firewall. This property...
by ashpri
Thu Nov 29, 2018 8:57 am
Forum: Beginner Basics
Topic: Hotspot doesn't work when attached to slave member of bridge (VLAN)
Replies: 1
Views: 868

Hotspot doesn't work when attached to slave member of bridge (VLAN)

Hi guys, I have bridge1 with many vlans, one of which is the guest VLAN. I created a hotspot and tagged it to the guest VLAN interface. zz1.png When clients connect to SSID with VLAN99, they get the IP Address just fine, so I know the DHCP server works. When Hotspot is disabled, clients can access t...
by ashpri
Mon Nov 26, 2018 4:39 am
Forum: Beginner Basics
Topic: Why use user manager over hotspot
Replies: 1
Views: 731

Why use user manager over hotspot

I am testing Mikrotik's hotspot feature. So far I foresee that all our organisation's needs are served by hotspot without having to use user-manager. The biggest advantage of user manager, that I can see, is splitting up mikrotik administration (winbox) and hotspot-user administration (web-browser),...
by ashpri
Mon Nov 26, 2018 4:01 am
Forum: Beginner Basics
Topic: Hotspot logic: MAC login vs ip binding [SOLVED]
Replies: 2
Views: 1132

Re: Hotspot logic: MAC login vs ip binding [SOLVED]

If the device does not touch port 80 (http), then MAC login will not work. If opening a web browser for the device to connect is not an issue, then it is up to preference.

I see. Thank you.

What is Mikrotik's suggested best practice?
by ashpri
Sun Nov 25, 2018 4:16 pm
Forum: Beginner Basics
Topic: Hotspot logic: MAC login vs ip binding [SOLVED]
Replies: 2
Views: 1132

Hotspot logic: MAC login vs ip binding [SOLVED]

Hypothetical case: I have 10 devices which need to access the internet without having to authenticate to the hotspot.

Should I set these 10 devices to login as MAC-based user or use ip-binding (bypass).
by ashpri
Sun Nov 25, 2018 10:12 am
Forum: The User Manager
Topic: Radius Server is not responding with Hotspot
Replies: 15
Views: 48095

Re: Radius Server is not responding with Hotspot

So, I was having this problem for the last couple days.. Its true, that the UM works if you use the public interface address, however, mine was a DHCP client address, and would have been complicated to manage. TLDR; I needed an accept rule to make the 127.0.0.1 UM host work locally. /ip firewall fi...
by ashpri
Fri Nov 02, 2018 4:00 am
Forum: Beginner Basics
Topic: Mangle. Where do you draw the line between connection and packet marks
Replies: 1
Views: 933

Mangle. Where do you draw the line between connection and packet marks

Following online guides, in mangle, I have: 1. Guest vlan download connection mark 2. Office vlan download connection mark 3. Upload connection mark for all vlans 4. After those connection marks, there are the corresponding packet marks. 5. Then more packet marks prioriting browsing, youtube, downlo...
by ashpri
Fri Oct 26, 2018 6:30 am
Forum: General
Topic: HotSpot/Vlan/DHCP Issues
Replies: 14
Views: 3917

Re: HotSpot/Vlan/DHCP Issues

Hello Anyone else experience is this as well? I am, with Hap AC Lite on ROS 6.43.4. The router is connected to an office switch and a public area switch (both Unifi US-24-250W devices). The 5 APs are all Unifi. 1 Native mgmt vlan and 7 tagged vlans. I have tried: 1. Making sure admin mac is enabled...
by ashpri
Wed Oct 24, 2018 3:52 am
Forum: Beginner Basics
Topic: Bandwidth Management (Queue Tree) for Office and Hotspot.
Replies: 1
Views: 2537

Re: Bandwidth Management (Queue Tree) for Office and Hotspot.

This is the mangle rule for those curious. https://i.imgur.com/3CA2E5X.png Observed oddities: Since I don't need the upload children in the Q-Tree, I disabled mangle rules AU2,3,4,5 (look in comments). When I do this, packet marks for youtube (HD3 & OD3) do not work (for both office and hotspot)...
by ashpri
Wed Oct 24, 2018 3:34 am
Forum: Beginner Basics
Topic: Bandwidth Management (Queue Tree) for Office and Hotspot.
Replies: 1
Views: 2537

Bandwidth Management (Queue Tree) for Office and Hotspot.

This is the goal https://i.imgur.com/wcmNLI8l.png Is this the correct Queue tree implementation to achieve the goal? https://i.imgur.com/5V16CsVl.png Questions, comments: 1. I've disabled the child items to upload, since uploads never reach the max limit of 100mbps, so a simple PCQ of all upload tra...
by ashpri
Tue Oct 23, 2018 3:38 am
Forum: Beginner Basics
Topic: Slow Ethernet
Replies: 5
Views: 4543

Re: Slow Ethernet

Might be related. https://forum.mikrotik.com/viewtopic.php?f=3&t=106176 with possible solution https://forum.mikrotik.com/viewtopic.php?f=3&t=106176&start=50#p576065 https://forum.mikrotik.com/viewtopic.php?t=121875 with possible solution https://forum.mikrotik.com/viewtopic.php?t=121875...
by ashpri
Mon Oct 22, 2018 5:54 pm
Forum: Beginner Basics
Topic: Slow Ethernet
Replies: 5
Views: 4543

Re: Slow Ethernet

Thoughts:
1. If you used Mtik's prebuilt configuration, what mode did you pick.
2. The link to your ISP's router is plugged into ether1 (the wan port in your config) in your Mtik?
by ashpri
Mon Oct 22, 2018 4:44 pm
Forum: Beginner Basics
Topic: Is my mangle rule correct (it seems to mostly work)
Replies: 0
Views: 1068

Is my mangle rule correct (it seems to mostly work)

I followed this youtube guide https://www.youtube.com/watch?v=3zJrNOUDNrc, and others, and resulted in this mangle rule: /ip firewall mangle "Connection marking and packet marking for overall downloads" add action=mark-connection chain=forward in-interface-list=WAN new-connection-mark=clie...
by ashpri
Mon Oct 22, 2018 4:29 pm
Forum: Beginner Basics
Topic: Slow Ethernet
Replies: 5
Views: 4543

Re: Slow Ethernet

I am new to Mtik as well. I will take a chance at helping you identify your issue.

If you go to Bridge > Port, click on each ether interface, and see whether hardware offload is checked.

2018-10-22 21_25_14-Window.png

Can you post your bridge port and interface list.
by ashpri
Mon Oct 22, 2018 3:19 pm
Forum: General
Topic: How to choose router (which cpu/ram) for hotel [SOLVED]
Replies: 9
Views: 3856

Re: How to choose router (which cpu/ram) for hotel [SOLVED]

Would the RB1100AHx4 be also sufficient for a 300mbps Uplink? If you go to its page, pick Test Results and you will see the throughput. https://mikrotik.com/product/rb1100ahx4#fndtn-testresults I've attached it here to ease your search. zz1.png I don't quite know how to translate this to my scenari...
by ashpri
Mon Oct 22, 2018 2:57 pm
Forum: General
Topic: How to choose router (which cpu/ram) for hotel [SOLVED]
Replies: 9
Views: 3856

Re: How to choose router (which cpu/ram) for hotel [SOLVED]

I suggest RB1100AHx4, almost same hardware than RB4011, redundant PSU and RouterOS license level 6. You are right. After upgrading ROS level 5 to 6 in the RB4011, it will cost more than the RB1100AHx4, and does not come with redundant PSU. I was going to order the RB4011 tomorrow, your advice is ti...
by ashpri
Mon Oct 22, 2018 4:27 am
Forum: Beginner Basics
Topic: Simple Port Forwarding Question [SOLVED]
Replies: 1
Views: 1181

Simple Port Forwarding Question [SOLVED]

I have a port forwarding rule set as per the left image. It works fine.

Is there a security risk in blanking the "Dst Address" field? The ip address of ether2-wan is currently static, I would like to make it dynamic.

zz3.png
by ashpri
Sun Oct 21, 2018 2:47 am
Forum: General
Topic: How to choose router (which cpu/ram) for hotel [SOLVED]
Replies: 9
Views: 3856

Re: How to choose router (which cpu/ram) for hotel [SOLVED]

RB4011 for you! Thank you. My experience with Mtik is only a week. It looks like the winbox interface and ROS code is the same across all devices. The code sections (so far) that will be part of my deployment include interface, bridge, vlan, dhcp server, firewall, nat, mangle, queue trees. I am tes...
by ashpri
Sat Oct 20, 2018 12:01 pm
Forum: Beginner Basics
Topic: What is discover mactel mac-winbox line, in interface list member [SOLVED]
Replies: 2
Views: 4010

Re: What is discover mactel mac-winbox line, in interface list member [SOLVED]

1. If I remember correctly, on blank config all of this is allowed on all static interfaces, which is not very good for security. 2. But I strongly advise to have neighbour discovery and mac-winbox configured at least for one of the LAN ports - to have an emergency access to the router on L2 in cas...
by ashpri
Sat Oct 20, 2018 10:13 am
Forum: General
Topic: Mass Managing Mikrotik
Replies: 11
Views: 7347

Re: Mass Managing Mikrotik

I am not aware of any "product" that will manage a large network of devices. I am thinking of publishing my system, but I haven't gotten around to developing a web interface for it yet. It currently runs/updates via the command line on the virtual machine that it resides on. In my limited...
by ashpri
Sat Oct 20, 2018 9:07 am
Forum: Beginner Basics
Topic: What is discover mactel mac-winbox line, in interface list member [SOLVED]
Replies: 2
Views: 4010

What is discover mactel mac-winbox line, in interface list member [SOLVED]

What is the significance of the following lines. It was there by default from ROS configured as dual-band home AP. /interface list member add interface="wlan1 - 2.4g" list=discover add interface="wlan2 - 5g" list=discover add interface=ether2 list=discover add interface=ether3 li...
by ashpri
Sat Oct 20, 2018 6:31 am
Forum: General
Topic: How to choose router (which cpu/ram) for hotel [SOLVED]
Replies: 9
Views: 3856

Re: How to choose router (which cpu/ram) for hotel [SOLVED]

I've been reading that QOS and Firewall consume the most CPU. What about RAM? Source: viewtopic.php?f=2&t=93518&hilit=ram Just to add: 1. I foresee my firewall rules to be simple. 2. There will be no (or very little, less than 10) VPN connections inbound. 3. We are not running any servers in...
by ashpri
Sat Oct 20, 2018 6:30 am
Forum: General
Topic: How to choose router (which cpu/ram) for hotel [SOLVED]
Replies: 9
Views: 3856

How to choose router (which cpu/ram) for hotel [SOLVED]

I've searched the forum for choosing the right router but I am still unclear. My condition: 1. I am deploying for a hotel of 200 rooms. 2. 5-ethernet interfaces on the router is sufficient (2 WAN (Main and Redundant) & 1 LAN). 3. Internet bandwidth is 100mbps (75 for guests, 25 for office). Comm...
by ashpri
Thu Oct 18, 2018 4:21 am
Forum: Beginner Basics
Topic: WAN NAT Bridge and VLAN yes/no
Replies: 14
Views: 4512

Re: WAN NAT Bridge and VLAN yes/no

all examples here work with ONE bridge? https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#VLAN_Example_.231_.28Trunk_and_Access_Ports.29 is there a simple "rule" when more than one bridge is neded? Correct me if I am wrong, you shouldn't ever need more than one bridge (when it comes ...
by ashpri
Wed Oct 17, 2018 4:42 pm
Forum: General
Topic: Sofware VLAN/Bridge on RuterOS explained.
Replies: 67
Views: 43036

Re: Sofware VLAN/Bridge on RuterOS explained.

What a great thread. I hope my revival of it is relevant. I am failing in trying to set the new way of vlan bridging. I have followed your guide and this https://wiki.mikrotik.com/wiki/Manual:CAPsMAN_with_VLANs (v6.41+ way of vlan bridging). The problem is this code. /ip dhcp-server add address-pool...
by ashpri
Wed Oct 17, 2018 1:10 pm
Forum: Beginner Basics
Topic: WAN NAT Bridge and VLAN yes/no
Replies: 14
Views: 4512

Re: WAN NAT Bridge and VLAN yes/no

1. everey bridge is a separated sub-net, an there is per default no communication possible between this sub-nets and the firewall makes the communication possible.. or is it the other way round the firewall blocks the communication (with "drop all" or somthing similar?) 2. "bridge vl...
by ashpri
Wed Oct 17, 2018 1:56 am
Forum: Beginner Basics
Topic: WAN NAT Bridge and VLAN yes/no
Replies: 14
Views: 4512

Re: WAN NAT Bridge and VLAN yes/no

I don't know if this helps you. I am new to mikrotik. I got 5 vlans (me (yes I deserve my own vlan), family, kids, office, guest) working over a root ap (hap-ac2) running capsman and one cap (cap-ac). I followed this guide (https://www.youtube.com/watch?v=1ZJ-pM89N7o) to set up vlans and dhcp server...
by ashpri
Tue Oct 16, 2018 5:42 pm
Forum: Beginner Basics
Topic: Capsman Cap client unable to ping one another
Replies: 2
Views: 1250

Re: Capsman Cap client unable to ping one another

Seems that in the provision for cap AC “Client to client forwarding” is set to “no”.

Problem solved. When I first received my Mikrotik I feel like I married a router with a thousand check-boxes and dropdown-lists. I knew one of those would make her happy, I just don't know which one. Thanks
by ashpri
Tue Oct 16, 2018 4:44 pm
Forum: Beginner Basics
Topic: Capsman Cap client unable to ping one another
Replies: 2
Views: 1250

Capsman Cap client unable to ping one another

This is what I'm getting in my cap-ac. A able to ping B (and vice versa) A able to ping C (and vice versa) A, B & C able to ping HAP-AC2 and CAP-AC B cannot ping C (and vice versa). The message is "destination host unreachable" 2018-10-16 21_39_07-Book1 - Excel.png If A, B & C are ...
by ashpri
Mon Oct 15, 2018 5:35 am
Forum: Beginner Basics
Topic: Capsman backbone over wifi working
Replies: 0
Views: 645

Capsman backbone over wifi working

I've been wondering this since I learned about capsman in mikrotik (my mikrotik experience has only been 2 days). Gateway/1st AP/capsman = hap-ac2 Repeater/cap = cap-ac I setup the cap-ac 5ghz-wlan in station mode (as a client of the hap-ac2) as the backbone link. Gave the 5ghz-wlan interface 88.2 a...
by ashpri
Mon Oct 15, 2018 2:06 am
Forum: Beginner Basics
Topic: How to setup repeater for wlan with multiple virtual ssid/vlans
Replies: 3
Views: 2250

Re: How to setup repeater for wlan with multiple virtual ssid/vlans

Not in repeater mode, that works only for one SSID. You could trunk the traffic together over the Wifi link with VLAN and then separate on the repeater into the subnets with their SSID. It will then look as if the SSID are "repeated". It is basically two AP with each having same SSID and ...
by ashpri
Mon Oct 15, 2018 1:55 am
Forum: Beginner Basics
Topic: Firewall works but doesn't feel right
Replies: 3
Views: 1271

Re: Firewall works but doesn't feel right

Bridges involved?

Here is my bridge and port. Physical ports on the hap ac2 (eth1-5) are on default setting (on default lan 88.x). ether1 is WAN.

Image

Thank you
by ashpri
Sun Oct 14, 2018 3:02 pm
Forum: Beginner Basics
Topic: How to setup repeater for wlan with multiple virtual ssid/vlans
Replies: 3
Views: 2250

How to setup repeater for wlan with multiple virtual ssid/vlans

I have multiple ssids setup on my 2.4ghz radio (guest, family, kids, office), each with its own subnet and in its own vlan. I've successfully setup the repeater using the "setup repeater" button on the 2nd AP, however I can only repeat a single ssid, and whichever ssid I choose does not ge...
by ashpri
Sun Oct 14, 2018 8:29 am
Forum: Beginner Basics
Topic: Firewall works but doesn't feel right
Replies: 3
Views: 1271

Firewall works but doesn't feel right

This is my first day with Mikrotik (hap ac2). So I followed this guide (https://www.youtube.com/watch?v=1ZJ-pM89N7o) and created several wifi VLANS (SSIDs: Family, Kids, Guest, Office, Staff). Each SSID has their own separate 192.168. address and dhcp server. Each VLAN only has 1 subnet. I want isol...