Community discussions

Search found 24 matches

by lrn23
Fri May 24, 2019 2:09 pm
Forum: General
Topic: Configuring VLAN access port
Replies: 7
Views: 388

Re: Configuring VLAN access port

mkx: Yes, you're right. Sorry for wasting your time. There was another typo. I can't even rewrite few lines without mistakes. I don't even know why I'm doing it. Readability is not better, but worse... Sorry for that. /interface bridge add name=LANbridge /interface bridge port add bridge=LANbridge i...
by lrn23
Thu May 23, 2019 12:04 am
Forum: General
Topic: Configuring VLAN access port
Replies: 7
Views: 388

Re: Configuring VLAN access port

tdw: Yes, I know. It's a typo. This is example of my config. It's switch2 and ether6, ether7 in my production configuration. But thank you!

anav: Thanks a lot for the link! I'll check it!
by lrn23
Wed May 22, 2019 5:42 pm
Forum: General
Topic: Configuring VLAN access port
Replies: 7
Views: 388

Configuring VLAN access port

Hello, I have a problem. I have VLANs on my RB (RB3011UiAS). There is a working trunk port ether2 but I can't configure ether3 as an access port. There is a computer connected to that port unaware of VLANs and I need to have that computer in VLAN 30. According to Wiki https://wiki.mikrotik.com/wiki/...
by lrn23
Wed May 22, 2019 4:14 pm
Forum: General
Topic: routing - 3x GW, failover
Replies: 14
Views: 731

Re: routing - 3x GW, failover

NetWorker: No, I don't miss them. It's done with recursive routing and it works this way. But thank you very much for the link and tips! I really appreciate it! sindy: I see :) Thanks! Combined connection-marks? Mmm nice! I'm already scared! :D Btw... That connection-mark related post is really grea...
by lrn23
Wed May 22, 2019 2:07 pm
Forum: General
Topic: VLAN - hybrid port - untagged VLAN 1
Replies: 11
Views: 670

Re: VLAN - hybrid port - untagged VLAN 1

Safety1st: Look at this: viewtopic.php?f=2&t=148111
by lrn23
Fri May 17, 2019 4:11 pm
Forum: General
Topic: routing - 3x GW, failover
Replies: 14
Views: 731

Re: routing - 3x GW, failover

Thank you guys! So that example here https://awarmanf.wordpress.com/2010/01/06/mikrotikpolicyrouting/ is wrong? There are route rules combined with mangle.. Failover decisions based on pinging gateway does not seems to me like a great idea. There is usualy working gateway and problem is "further dow...
by lrn23
Tue May 14, 2019 4:14 pm
Forum: General
Topic: routing - 3x GW, failover
Replies: 14
Views: 731

Re: routing - 3x GW, failover

OK, thank you! :) So, this could be a working configuration? I have to be sure, because I have to configure this in remote location so I can't test it properly :( WAN interface ISP1 - 10.0.1.1 WAN interface ISP2 - 10.0.2.1 WAN interface ISP3 - 10.0.3.1 LAN subnets: 192.168.1.0/24 192.168.2.0/24 192....
by lrn23
Fri May 10, 2019 1:46 pm
Forum: General
Topic: routing - 3x GW, failover
Replies: 14
Views: 731

routing - 3x GW, failover

Hi guys, I'm trying to setup my router and I don't know which way I should go. I have 3 different ISP connected, I want to have 1 ISP as a default one, one subnet should use another ISP and next subnet should use the last IPS. In case of outage on some ISP link, there should be working automatic fai...
by lrn23
Tue Apr 30, 2019 3:40 pm
Forum: General
Topic: RB3011 switch chip hw offload VLAN configuration [SOLVED]
Replies: 2
Views: 344

Re: RB3011 switch chip hw offload VLAN configuration [SOLVED]

Oh, ok. thank you very much! I'll try it imidiatelly! :)

And yes, there was a typo. IP address is on bridge1. Ether1 and not mentioned ether2 are gateways.
by lrn23
Tue Apr 30, 2019 1:26 pm
Forum: General
Topic: VLAN - hybrid port - untagged VLAN 1
Replies: 11
Views: 670

Re: VLAN - hybrid port - untagged VLAN 1

Thank you. I know about that. But I'm talking about "switch1-cpu" port, which is used here in examples:
https://wiki.mikrotik.com/wiki/Manual:B ... _switching

I don't know how to work with this.
by lrn23
Tue Apr 30, 2019 1:09 pm
Forum: General
Topic: RB3011 switch chip hw offload VLAN configuration [SOLVED]
Replies: 2
Views: 344

RB3011 switch chip hw offload VLAN configuration [SOLVED]

Hello, I'm a little bit lost. I have to configure RB3011UiAS running ROS 6.44. I'm trying to configure it with a switch and use hardware offloading. I need to configure: ether1 - gateway (internet) ether5 - hybrid port - tagged VLAN 20,30 + untagged VLAN 1 ether6 - untagged VLAN 1 ether7 - untagged ...
by lrn23
Mon Apr 29, 2019 4:41 pm
Forum: General
Topic: VLAN - hybrid port - untagged VLAN 1
Replies: 11
Views: 670

Re: VLAN - hybrid port - untagged VLAN 1

2 Samot: I know, that there are some changes now. I wanted to know if it's possible now. 2 solar77: Thank you! :) I have to reconfigure this device which is already running somewhere and there is some weird configuration already. There is a bridge and there are 2 switches configured. I assume, that ...
by lrn23
Mon Apr 29, 2019 2:49 pm
Forum: General
Topic: VLAN - hybrid port - untagged VLAN 1
Replies: 11
Views: 670

VLAN - hybrid port - untagged VLAN 1

Hello, is it possible to configure hybrid port with untagged VLAN 1? I need to configure one port with one or more VLANs (tagged) and leave there untagged VLAN 1 because of Ubiuqiti Unifi AP. There is not possible to configure management VLAN in Ubiquiti and it has to be untagged VLAN 1 :-/ I have R...
by lrn23
Thu Mar 28, 2019 1:19 pm
Forum: General
Topic: block multicasts and broadcasts on bridge (except ARP)
Replies: 1
Views: 224

Re: block multicasts and broadcasts on bridge (except ARP)

I think, this is it (or at least I hope so :)). /interface bridge filter add chain=forward in-interface=ether1 mac-protocol=arp comment="allow ARP" action=accept add chain=forward in-interface=ether1 packet-type=broadcast comment="drop broadcasts" action=drop add chain=forward in-interface=ether1 pa...
by lrn23
Mon Mar 18, 2019 4:40 pm
Forum: General
Topic: block multicasts and broadcasts on bridge (except ARP)
Replies: 1
Views: 224

block multicasts and broadcasts on bridge (except ARP)

Hello, I have a problem. I have a machine connected to the network with approx. 100 IPs in my main subnet. But this machine most likely can't handle multicast and brodcast traffic on the network. I can't readdress it and put it behind the router. So I'm thinking about blocking unnecessary multicast ...
by lrn23
Fri Jan 11, 2019 2:58 pm
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

Re: firewall rules

2 mkx: ok, thank you! :) 2 anav: Yes, you're right. I should tighten those WinBox rules. There should be no guests on LAN, but I could limit access to RB on one IP address for example. In case of WAN interface, this should be only temporary solution. Buť it's true, it doesn't take so long to configu...
by lrn23
Thu Jan 10, 2019 11:41 am
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

Re: firewall rules

Thank you guys for clarification! The second approach looks better even from future config modification point of view. I'll use that one. So I think this would be my configuration: /ip firewall nat add chain=srcnat action=masquerade ipsec-policy=out,none out-interface-list=WAN comment="masquerade" a...
by lrn23
Wed Jan 09, 2019 2:06 pm
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

Re: firewall rules

2 anav: Thank you! I have one question. Isn't better to use this single rule: add action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1 Insted of these 3 rules when I need to forward ports frow WAN to LAN? add action=...
by lrn23
Wed Jan 09, 2019 1:45 pm
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

Re: firewall rules

A default drop is generally much better than adding lots of other rules for port scans, address filters, weird TCP flags etc. On embedded devices like routerboards you have limited CPU time, having lots of filter rules running on each packet opens you up to a resource exhaustion DoS. Ok, I get it. ...
by lrn23
Wed Jan 09, 2019 1:43 pm
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

Re: firewall rules

Hmmm .. which ROS version? Recent ROS versions operate with interface lists, so firewall rules would refer to in-interface-list=WAN instead of in-interface=ether1.
Yes, you're right. I forgot to update new RB before exporting configuration.
Thank you for explanation.
by lrn23
Tue Jan 08, 2019 2:47 pm
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

Re: firewall rules

Forward from WAN to LAN. Because of the access to the NVR. This is default firewall configuration: /ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment="defconf: accept established,related" connection-state=established,r...
by lrn23
Tue Jan 08, 2019 12:08 pm
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

Re: firewall rules

I want to use these RBs in small corporate branches as gateways. There are not so many employees, but the network should be well protected. I only need to allow and forward few ports on RB because of NVR and electronic security system. Beside this, there would be only DHCP server and few DNS static ...
by lrn23
Tue Jan 08, 2019 10:21 am
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

Re: firewall rules

I have few RB750Gr3 RBs with the latest fw (6.43.8). I would like to use them as gateways. Sources: https://wiki.mikrotik.com/wiki/NetworkPro_on_firewalling (not available anymore, but it's available here: http://mikrotik.net.pl/wiki/NetworkPro_w_firewallu) https://wiki.mikrotik.com/wiki/Dmitry_on_f...
by lrn23
Mon Jan 07, 2019 11:15 am
Forum: General
Topic: firewall rules
Replies: 18
Views: 1355

firewall rules

Hello, I'm still learning and I'm not sure if I'm configuring firewall on RB correctly. I was reading the manual, forum and examples on the web. I used one configuration I found on the web as a template. I made some changes and implemented few suggestions. I want to use this configuration in RB whic...