Community discussions

MUM Europe 2020

Search found 31 matches

by thegoop
Sat Aug 03, 2019 6:34 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1712

Re: Very simple VLAN

There is a way, however a terrible one. On the bridge, the common subnet would live, with DHCP server etc. On the ethernet facing towards the non-Mikrotik AP (say, etherX ), you'd set up an /interface vlan vlan-id=99 interface=etherX name=ssid-99 (i.e. having that ethernet as carrying interface). B...
by thegoop
Fri Aug 02, 2019 11:01 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1712

Re: Very simple VLAN

My suggestion will then be place that SSID on a separate vlan, issue a different subnet via DHCP to those clients on the vlan and config routing for that subnet
Thanks - and is there a simple way to "tie" the two subnets together so that everything (including broadcast) works across them both?
by thegoop
Thu Aug 01, 2019 11:50 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1712

Re: Very simple VLAN

Not sure if information missing, or maybe I don't fully understand requirements, but if you have an address list of source IPs, then these are already distinguished on the Mikrotik, why the need to complicate things with VLAN's? All then needed is policy based routing on source address list to go v...
by thegoop
Thu Aug 01, 2019 9:18 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1712

Re: Very simple VLAN

Thanks - I'd fire myself for the poor requirements/posting. I appreciate you reading through and giving advice on how to clarify my request. In my current configuration, all devices (independent of how they connect to the router) are on a single subnet 10.10.2.0/23. They can communicate with another...
by thegoop
Thu Aug 01, 2019 4:28 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1712

Re: Very simple VLAN

Thank you - great suggestion - I'll admit that I am trying to use a VLAN tag for an odd purpose, so none of the diagrams in that post are exactly what I want to do. I am not trying to separate subnets from one another, I am trying to use VLAN ID 99 packets on egress as a tag that does nothing other ...
by thegoop
Thu Aug 01, 2019 5:41 am
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1712

Re: Very simple VLAN

Thank you for the help. I'll admit to being thoroughly confused though - what's the point of having a brand new bridge with just one interface in it? Can't I accomplish the same thing by just having the existing DHCP server to the vlan directly? I believe you need to create a new bridge for the vlan...
by thegoop
Wed Jul 31, 2019 11:56 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1712

Re: Very simple VLAN

I've been googling around and trying to read/understand the forum posts, and can maybe better articulate what would be ideal: 1. VLAN ID 99 is tagged on ingress, and I'd like it to become untagged and set with a routing-mark instead. 2. When packets are sent back (egress), I don't think it matters t...
by thegoop
Wed Jul 31, 2019 9:05 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1712

Very simple VLAN

All - sorry for what is likely a very basic question, but I am note quite getting something right. One of my non-MikroTik APs has two SSIDs, the Mikrotik is the router. SSID-A is sending on VLAN ID1, whereas SSID-B is sending on VLAN ID 99. When clients connect to SSID-1, everything works great. Whe...
by thegoop
Mon Jul 29, 2019 6:45 pm
Forum: General
Topic: Stuck with L2TP VPN routing
Replies: 4
Views: 814

Re: Stuck with L2TP VPN routing

That makes perfect sense, and this is a one-way connection (so from me into his network but not vice-versa). I appreciate you confirming!
by thegoop
Mon Jul 29, 2019 6:09 pm
Forum: General
Topic: Stuck with L2TP VPN routing
Replies: 4
Views: 814

Re: Stuck with L2TP VPN routing

Thanks - this is a VPN into my brother's house, not an anonymization VPN. But, I think I figured out my issue! I wasn't masquerading the outgoing packets on the vpn. Adding a new NAT rule seemed to fix it: Flags: X - disabled, I - invalid, D - dynamic 0 ;;; defconf: masquerade chain=srcnat action=ma...
by thegoop
Mon Jul 29, 2019 4:31 pm
Forum: General
Topic: Stuck with L2TP VPN routing
Replies: 4
Views: 814

Stuck with L2TP VPN routing

Trying to setup my router to route traffic from a certain computer to an L2TP VPN tunnel. I have verified the server end of the is working by establishing a connection directly from my computer, but would rather have it down on the router (as more than one client will eventually use the tunnel). It ...
by thegoop
Mon Jan 14, 2019 4:45 pm
Forum: General
Topic: Is this the right configuration for L2TP/IPSec server?
Replies: 0
Views: 363

Is this the right configuration for L2TP/IPSec server?

New RB4011 serving as the edge router in our configuration. L2TP/IPSec VPN tunnel from outside the network setup works, but appears to be very different than some of the others that I have seen posted (using proposals, etc.). Is there something glaringly wrong with this setup and/or is there a more ...
by thegoop
Fri Jan 11, 2019 1:45 am
Forum: Beginner Basics
Topic: Cannot access RouterOS using WebFig
Replies: 8
Views: 1128

Re: Cannot access RouterOS using WebFig

Perfect, thank you. I used WebFig to do a reset, executing a script immediately after restart against only what was posted. Worked like a champ and didn't require anything else. Thanks for the pointer on /system default-configuration print , I am adding a few things and cleaning up using some script...
by thegoop
Thu Jan 10, 2019 6:39 pm
Forum: Beginner Basics
Topic: Cannot access RouterOS using WebFig
Replies: 8
Views: 1128

Re: Cannot access RouterOS using WebFig

So here is what I have cobbled together with your help, and some other posts. I expect this will get me: Basic switch, wireless enabled, with hw offloaded for ethernet switching Addressable at 10.10.2.1 for WebFig Able to access the internet though the upstream 10.10.1.1 router, using public DNS's L...
by thegoop
Thu Jan 10, 2019 2:59 pm
Forum: Beginner Basics
Topic: Cannot access RouterOS using WebFig
Replies: 8
Views: 1128

Re: Cannot access RouterOS using WebFig

Thanks - Perhaps even easier would be to go with no default config. Then create a bridge, add all ether ports to it, add wireless to it and add IP address for management access. Where do I add the IP address for management access, and can that be a DHCP client? If you plan to use VLANs, configure al...
by thegoop
Thu Jan 10, 2019 3:25 am
Forum: Beginner Basics
Topic: Cannot access RouterOS using WebFig
Replies: 8
Views: 1128

Re: Cannot access RouterOS using WebFig

1- if I reset the configuration to get close to a managed switch, which Quick Set option do I take? I believe - from a different thread - that it's "WISP AP" with Mode=Bridge, but can you please confirm? 2- I thought that there was no such thing as a master port anymore (as of 6.40). The way to get ...
by thegoop
Thu Jan 10, 2019 2:03 am
Forum: Beginner Basics
Topic: Cannot access RouterOS using WebFig
Replies: 8
Views: 1128

Cannot access RouterOS using WebFig

I am repurposing my CRS-125 to be a switch (was prior used as a router). Specifically, a managed switch. - I cannot access the CRS using WebFig (I can via Winbox and the MAC address. Interestingly, it doesn't show up as a neighbor ). - All ports are bridged. - I've tried setting the CRS's network co...
by thegoop
Wed Jan 09, 2019 4:21 pm
Forum: SwOS
Topic: SwOS on a CRS-125
Replies: 6
Views: 1158

Re: SwOS on a CRS-125

A reset should do it for you. Quickset as WISP AP and make sure Bridge All LAN Ports is ticked.
Thanks! Do you know if this configuration on the CRS125 will hw offload switching for the wlan1 wireless interface?
by thegoop
Tue Jan 08, 2019 11:12 pm
Forum: SwOS
Topic: SwOS on a CRS-125
Replies: 6
Views: 1158

Re: SwOS on a CRS-125

thanks - we are on the latest ( 6.43.8 ) so that shouldn't be a problem. So you are saying that all I have to really do to move the CRS125 to be a hw-switch (right now, it is acting as a super simple AP router) is to move ether1 (WAN) into the main bridge (where all other interfaces are)? Better yet...
by thegoop
Tue Jan 08, 2019 10:26 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 1267

Re: RB4011iGS+RM for my use case

Haha, thank you. To be clear, I am very predisposed to get the MT (though our AP's are all Ubiquity, nothing else is). That is with 64 byte packets. Not really a comparison to the RB4011 which is a top notch product clocking in at 5m pps for the same test, I bet and for only what, $70 more? Is it th...
by thegoop
Tue Jan 08, 2019 8:35 pm
Forum: General
Topic: RB4011iGS+RM for my use case
Replies: 7
Views: 1267

RB4011iGS+RM for my use case

I am going to be moving all Layer-3 switching off our trusty CRS-125 and turning it into a pure switch. To route, I am considering going with a new RB4011iGS+RM and have a few questions: Seems that all firewall/NAT/routing is SW based with hw offload only for IPsec. The spec test results (https://mi...
by thegoop
Tue Jan 08, 2019 8:20 pm
Forum: SwOS
Topic: SwOS on a CRS-125
Replies: 6
Views: 1158

SwOS on a CRS-125

I am going to be moving all Layer-3 off of my CRS-125 and using it as a pure switch. I see the states indicate full line speed switching across ports when used as a switch vs. bridged. Can I run SwOS on a CRS-125 (I don't see an image for it in the d/l section), and if not, how can I ensure it is in...
by thegoop
Tue Jan 08, 2019 6:27 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Re: Mikrotik breaking Wi-Fi Calling?

everytime this happens to our customers on our mikrotik network its because fragmented packets are getting dropped (silently). connection-tracking will stop fragmented packets if you arent letting them thru, because it cant handle a fragmented packet until it reassembles it. It appears that i am al...
by thegoop
Tue Jan 08, 2019 3:52 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Re: Mikrotik breaking Wi-Fi Calling?

Sounds like good advice. I am thinking of using a RB4011iGS+RM for routing. I'll plug wireless 5-access points into this directly, then use port 10 to be connected to my current CRS-125 (configured with no layer-3, all ports bridged and hw switched). I suspect this will resolve my current CRS choke ...
by thegoop
Tue Jan 08, 2019 3:51 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Re: Mikrotik breaking Wi-Fi Calling?

Sounds like good advice. I am thinking of using a RB4011iGS+RM for routing. I'll plug wireless 5-access points into this directly, then use port 10 to be connected to my current CRS-125 (configured with no layer-3, all ports bridged and hw switched). I suspect this will resolve my current CRS choke ...
by thegoop
Mon Jan 07, 2019 9:19 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Re: Mikrotik breaking Wi-Fi Calling?

Got it. There is an "H" next to each of the interfaces except my WAN port (ether 1). A bunch are also tagged "I" (inactive), but I suspect that is a function of traffic (though oddly WAN / ether 1 is also tagged I). The other answers make complete sense. Is there an easy way for me to know that all ...
by thegoop
Mon Jan 07, 2019 8:42 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Re: Mikrotik breaking Wi-Fi Calling?

Thanks 1 - Yes, all ports other than WAN have HW "yes". 2 - You bring up a good point about adding a specific router and letting the CRS just do switching/AP. The reason why I have 50 Mbps internet is because I have never been able to get more than about 80 MBps through my Mikrotik (I can get faster...
by thegoop
Mon Jan 07, 2019 6:50 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Re: Mikrotik breaking Wi-Fi Calling?

I'm not sure if this is related to Wi-Fi calling, but it shouldn't hurt. The SIP helper that's built in to Mikrotik and most other routers tends to break SIP. Disable it. /ip firewall service-port set sip disabled=yes I've also had a Brighthouse ISP modem cause problems too. ISP tech support wasn't...
by thegoop
Mon Jan 07, 2019 5:32 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Re: Mikrotik breaking Wi-Fi Calling?

Thank you for the quick response. I don't think it's congestion on while in a call, as it happens repeatedly on every call about 15-20 seconds in. But, if there is congestion, it would have to be in the LAN and not upstream. What is the best way for me to monitor this within the CRS? 1- You mention ...
by thegoop
Mon Jan 07, 2019 4:21 pm
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Re: Mikrotik breaking Wi-Fi Calling?

Thanks. When things go haywire, does any sort of traffic shaping kick in? Not that I have setup, but not sure if RouterOS is doing something behind the scenes. I don't know how to check. Nothing changed in my configuration from when it was working to when it stopped working, other than possible iOS ...
by thegoop
Mon Jan 07, 2019 7:32 am
Forum: General
Topic: Mikrotik breaking Wi-Fi Calling?
Replies: 19
Views: 1748

Mikrotik breaking Wi-Fi Calling?

About a month ago, Wi-Fi calling (iPhone via AT&T) stopped working in my home. After between 10-15 seconds, the person I am talking to can't hear me anymore, but I can hear them just fine. It's like I am on mute, or all my outbound packets are being eaten. Oddly, it doesn't happen right away. I don'...