MikroTik

aesmith

For management it really depends on how the Draytek can be configured, there's nothing technically wrong with having a normal IP address on an Ethernet port that also has the PPPoE client, I expect that can be configured at the Mikrotik end but it's anyone's guess whether the Draytek supports it. If...

aesmith

Oops, looks like I'm a little out of date. However doing a quick catch up it looks like that convention is subject to change, with the latest RFC recommending 000001 for LE traffic, this being a value not previously classified. Do you know which convention Mikrotik follows, specifically in the "...

aesmith

Here's an example I did for test, I'm matching destination address in the mangle rule whereas you would match by source /ip firewall mangle add action=mark-routing chain=prerouting dst-address=8.8.4.4 new-routing-mark=FISH passthrough=yes /ip route add check-gateway=ping comment="*** ADSL - PBR...

aesmith

There might be a simpler solution. If your VoIP phone only communicates with specific hosts at the company, or specific subnets, then you can add routes for those addresses via the VPN. That is easy because the natural behaviour of a router is to forward based on destination address. It gets more co...

aesmith

Make sure your upload program in the PC uses a lower priority (DSCP 8 or 16) than the default traffic (normally DSCP 0).
Then use one of the QoS methods that use DSCP (high 3 bits) to determine priority.

DSCP=0 is the lowest possible priority.

aesmith

What I've done is to prioritise small TCP packets on the upload direction. That way if a big upload is taking place the the small TCP "ack" packets relied on for download will still get through. For streaming services you'll need to look at what upstream control packets are send and do som...

aesmith

The other problem is that you are trying to manage bandwidth utilization of inbound (to the router) traffic flows. That is a very important point. One aspect of QoS is congestion management, when there is more data to be sent than the bandwidth can cope with. Under these conditions QoS is essential...

aesmith

But I'm still missing some nice centralized mechanism how to tell devices to selectively use one address or another (e.g. to route everything to selected subnet via one router, while using other one for everything else). That might not be needed if you number literally everything internally from bo...

aesmith

About multihoming, professional solutions aside (own prefix, BGP and stuff, because that's not for little guy), it's not completely hopeless. Using multiple addresses for a dual homed organisation, Inbound sounds relatively straightforward, the way you explain it. Effectively two overlaid addressin...

aesmith

It gives a pretty good idea about your hardware.

aesmith

Another problem with IPv6 is multihoming support, or the lack of it. I have never seen a sensible solution suggested. Take an example of a user with multiple sites, centralised Internet access via a main and a secondary connection. When the main Internet fails, the hosts at the remote sites won't b...

aesmith

A port channel from a VSS pair can only go to a single device, or a pair of devices pretending to be one (eg Nexus VPC, or Catalyst stack). It can't go to two different devices because on a frame by frame basis either link could be used. How are these two WAN routers going to be configured, will the...

aesmith

Don't forget that "WAN" (Wide Area Network) doesn't mean "Internet". It seems to be a Mikrotik thing to treat them as one and the same. In reality you can have WAN that doesn't need NAT, in fact that's pretty commonplace, and many sites have separate WAN and Internet connections ...

aesmith

Second router [router2], the one without NAT, doesn't have a WAN interface, both are LAN

aesmith

I don't want to be nat. I want to use public ip behind the Mikrotik. Is the IP subnet that you want to use behind the Mikrotik, the same subnet as the ISP uses to connect to your outside interface? Or is it a separate subnet? A lot of providers that I work with use a /30 or /31 to connect to the cu...

aesmith

I've got a reasonable understanding of how routers work but one thing I've never worked out is how the various methods of discovering your public IP address work? https://www.ipchicken.com/ tells me my current Virgin Media public IP address. Where is it getting that address from?? Anything you acce...

aesmith

You might be better asking on the Meraki community, or in fact you can raise a support case from your Dashboard.

aesmith

But you can also have network like this: <internet>---[router]---<192.168.88.0/24>---[router2]---<192.168.89.0/24> That's what OP wants, router2 doesn't need NAT. Apart from the addressing, that's exactly how part of my home network is configured, [router] being my LTE router that does NAT, and [ro...

aesmith

I have the basics taken care of, but now I'm trying to replicate an ability that I had with my previous router. It acted as a local DNS cache ... The first bit's easy, here's an example enabling local router to act as caching DNS server. In this example it's using Open DNS to resolve external names...

aesmith

If you just want a different subnet on each Ethernet interface, and only one interface on each subnet, then you don't need VLANs at all. For each interface, first remove it from the default bridge, add it to LAN list and apply your chosen IP address and mask. Once you'd done one you can disconnect a...

aesmith

Is it worth even considering CAPs Man if you only have one AP? Personally I'm quite happy with my RB4011, I have the model with wireless and it's just about able to cover the whole house. It powers my LTE router from ether10 with no issues. Maybe there's not sufficient PoE out for your AP?

aesmith

The benefit of DSCP marking is that it's persistent, so marks set on one device can be acted on by another. It also removes the need for downstream devices to know exactly why the mark was set, and complex matching criteria need only be configured at the point where the DSCP value is set.

aesmith

Based on that diagram it's not clear whether the wireless devices will need routes as well. You have them interconnecting different subnets, suggesting that they're routing, but you don't show addressing on the actual links so they don't appear to be neighbours. However for the RB2011s it's reasonab...

aesmith

I agree, L2TP is easiest if that's supported at the third party's equipment as well. You said you don't need encryption, which makes some sense if this is Internet traffic anyway. You'll need a route to your third party's IP address range(s) via the L2TP tunnel interface. And if you're using default...

aesmith

A router's natural behaviour is to route based on destination address. So adding configuration to make the routing decision on some other basis is not quite so easy. I've not done this, but I think you could use packet marks or routing marks to do this. I did a quick check and I think it can be done...

aesmith

Yes, I'm looking to have someone outside of my network browse the internet through my router. Do you know of any guides that best match this kind of use case?

How will their traffic reach your network, do you have a private link or are they reaching you over the Internet?

aesmith

When I try to remove the ip address assignment on ether2, I can no longer connect to the router and have to reset to factory defaults. It comes up with that config on default (assigning 192.168.88.1/24 to ether2). To be honest I can't remember what I did with my old router. That had the IP address ...

aesmith

Let's see your current configuration. Making a few assumptions, for example when you say "web traffic" I've assumed you mean Internet access. And when you say "be redirected back out" I assume you mean redirected to the Internet. If my wild guesses are correct, I would expect tha...

aesmith

Comments from comparing with my configuration, where I do the same with DNS - router uses Open DNS but the DHCP clients lookup from the router. I think you need to add the DNS option into your DHCP server config. /ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192...

aesmith

It depends on the ISP router, can you let us know the make and model? Most home routers have all LAN Ethernet and wireless bridged together, then a separate Ethernet or DSL port for the Internet. If that's the case all you'd have to do is connect one of the LAN ports to your Mikrotik, switch off DHC...

aesmith

It's not perfect but you can find data on your mast here, seaching by the mast ID (210070) .. https://www.cellmapper.net/map?MCC=222&MNC=88&type=LTE&latitude=44.94576770661959&longitude=9.631337821483612&zoom=16&showTowers=true&showTowerLabels=true&clusterEnabled=true...

aesmith

That's how I'd do it. If you only need each subnet on one interface only, no need for VLANs or bridges. Configuration can be applied directly to the interface. Not sure on your filter rules, I would have thought they should be on chain "forward", as "input" refers to traffic rece...

aesmith

Is your SXT getting an address and a route from the provider?

aesmith

Check that the bridge MAC addresses are unique, different for each device.

aesmith

Could you block the DNS entries that those apps depend on? So people could download and install the apps, but they wouldn't work.

aesmith

Something like ..

IP address add address=192.168.50.4/24 interface=bridge network=192.168.50.0

aesmith

How are you connecting the CAP AC to your ISP router? If it's by Ethernet, then that Ethernet and the wireless LANs need to be in the same bridge. Once you've done that your wireless connected devices will be able to communicate directly with the ISP router. You would probably also want to assign th...

aesmith

I see your point, use Chateau as a gateway (without NAT) to the main router. It makes sense, but then how about upnp? It works on first router/gateway, isn't it? Using the term gateway in a general sense yes. Have the wireless and any Ethernets all in one Bridge, Interface List "LAN". Onl...

aesmith

Related, I also want to be able to use OpenDNS regardless of the WAN used. That means setting the DNS nameservers to specific, static addresses. Is this possible? In other words, would the IP resolution occur at the MikroTik or at the WAN modems/routers? Would the MikroTik dynamically / automatical...

aesmith

I think I'm now pretty certain it's just not supported on the older modem. A colleague has the Cat 6 version, using the same ISP (although a different mast and cell) and scan works for him.

aesmith

Difficult to be specific without actual IP addresses. But let's assume your main router is .1 and your Chateau is .2 on the same subnet. Default gateway for your devices is .1 so your main router is the decision making point. - On Chateau, make sure it has a default route to the Internet via LTE. If...

aesmith

Thanks. Your answer about cell-monitor makes sense, I'm connected to Band 20 and it does indeed only show other Band 20 sources. I still can't get anything from Scan. I've tried just explicitly enabling the bands that should be available around here, Band 3 and Band 20 but still nothing. But I notic...

aesmith

Thanks. I still see nothing even after updating RoS and FW to 6.47.7. LTE modem firmware was already at the latest. Maybe a silly question, but does the scan show only signals other than the one it's connected to? That still doesn't quite explain it as "cell-monitor" picks up some other si...

aesmith

That's correct. If you install something like this ... https://www.fs.com/uk/products/66613.html into an SFP+ slot, then it can connect it to either a 1000BaseT SFP or a native 1000BaseT interface and work at 1gig. Assuming compatibility between equipment and SFP+ of course.

aesmith

So if you stick a Gigabit 1000BaseT SFP into the RB4011 SFP+ port, and connect that to a normal Gigabit 10/100/1000BaseT port on another device, say to a laptop, does that work? If the only thing that works is SFP to SFP connections (or SFP+ to SFP) then it sounds like there's something non-standard...

aesmith

If it's configured correctly it will work for both. This is how I think it should work ... Your wireless devices connect wirelessly to the LtAP on its wireless, their default gateway is the LtAP 192.168.88.1. Same for anything on Ethernet, it gets its IP address from the LtAP and again default gatew...

aesmith

The hAP AC is a general purpose Mikrotik router that happens to have pretty decent wireless. You can use it for a lot more, but on the other hand it would be pretty easy to configure just as a wireless AP. From the default configuration that I remember you wouldn't need to do much more than remove t...

aesmith

To fancy for me LOL, I just use Ookla;-PP

Great if you have a Gigabit or better Internet connection, otherwise the Internet is going to be the limit and you're not really testing your Ethernet.

aesmith

I have a SFP-RJ45 Module and it shows the link is up in Winbox. When I select the SFP port for the wan - it just does not work - Does the SFP port work for other functions, for example if you add it into the bridge (or whatever configuration you have for your other ports). The question may not be &...

aesmith

If you want to literally reach only one IP on the Internet, then just have a static route for that one IP and don't configure a default route.

aesmith

That's how you know it's a default config

My new router assigned the address to the bridge as default. Maybe it's version dependent, maybe depends on the shipping version of RoS.

aesmith

I have no idea of the purpose of that part of the config. I know when my IP changes on my bell fibre connection I have to manually assign the new gateway to the routing otherwise no dice, unlike my cable connection which automagically routes to the new gateway. Perhaps that feature is designed for ...

aesmith

I've seen others have trouble getting the SIM properly seated, apparently if you put the SIM in the wrong way round it can still go in far enough to apparently latch, but of course it doesn't work. See this discussion on another forum .. https://www.ispreview.co.uk/talk/threads/mikrotik-routerboard-...

aesmith

You have a SIM card inserted?

Yes. It's in service, connected to the mast and carrying traffic. Does the SIM have to come out for the scan to work? Or SIM installed but not connected (not actually sure how to do that).
Thanks,

aesmith

Shouldn't the address be on the bridge not on ether2?

aesmith

Hi, I have an "SXT LTE Kit" RBSXTR&R11e-LTE. I don't get any results when I run the scan function, either from the GUI or the CLI " interface lte scan lte1". Is this function just not supported on this particular modem (R11e-LTE) or is there some setting somewhere to enable i...

aesmith

OK I'm getting the idea a bit better. So your NMEA data is sourced on 192.168.88.1:1000. That route isn't going to be disturbed by re-routing Internet access via another device. What I think I'd try as a start is .. - Keep the LtAP as your central router, default gateway etc - Change the LTE route t...

aesmith

How is the NMEA data sent, is it just sent from the GPS or does the chartplotter reply to confirm receipt? If it need to reply then you need a specific route to the IP address of the NMEA source. The separate and more specific route will still remain in effect when the the general Internet route cha...

aesmith

And the days of this method are numbered. Methods to detect this man-in-the-middle and refuse the connection are being implemented.

It's a pain, we had to do it for one customer but I remember we had to white list quite a few sites that weren't happy with that sort of interference.

aesmith

There is no need to use the word "currently" in that statement. Decrypting SSL will never be possible, and should some ASIC appear that can do it, the SSL protocol (or the encryption protocols it uses) will be upgraded to defeat that. Some systems carry out a form of interference with SSL...

aesmith

Another option may be to turn off NAT on your Asus router, and leave that to the Mikrotik. Then do your port forwarding on the Mikrotik, and also add a route to your internal network so it knows how to reach it. If you configure pass through on the Mikrotik then without some further configuration an...

aesmith

The main benefit from Cat 6 is "Carrier Aggregation" combining two bands from the same mobile operator. So the benefit to you will depend on what your mast offers. If it only offers one band then CA doesn't come into play. You can check your mast on Cellmapper www.cellmapper.net. Also cons...

aesmith

Thanks, if I read that correctly it's a total of 553 Mbits/sec.

aesmith

Ah, thanks! Sounds very similar to what I'm looking for :) Can VRRP also distribute config changes from master to backup nodes? Looks like that is left for the user to handle? VRRP (and HSRP) are intended to preserve the first hop, so that hosts can always reach their default gateway. The routers s...

aesmith

Just did a test from my work laptop. Winbox shows the laptop connected with 160Mhz "Rx Rate" and 80MHz "Tx Rate". I don't know if Rx and Tx are from the client's perspective, or the router. The Windows properties shows various rates from 866.7meg up to 1.7gig.. Again I don't know...

aesmith

Completely aside, I'm puzzled by the idea of a an "Internet of Things" network, with no Internet access. Doesn't that just make them "Things"? .. I think we can call it a IntRAnet of things. There is no reason all devices on the network need to be connected to the www individual...

aesmith

I think a fair summary would be to bridge between interfaces on the same subnet, route between interfaces on different subnets.

aesmith

It's not advisable to have an open access for DNS traffic from the Internet into your network. The default "accept established" should permit in replies to your actual requests. Have you confirmed whether your requests are being prevented from going out, or whether the replies are being pr...

aesmith

If this network isn't Internet connected, I'd suggest disabling any firewall, NAT or mangle rules in the first instance. Just assigning those two subnets via the two interfaces will allow them to talk to each other. If that doesn't work there's probably something wrong with the hosts, for example in...

aesmith

You also have the same addresses applied to different things, for example 10.0.0.1 is applied to ether11 on site 1. But it's applied to the tunnel on site 2. And vice versa for 10.10.0.1. I'm not really familiar with Mikrotik's EOIP tunnels, but assuming it's the same as Cisco's GRE I'd suggest some...

aesmith

You're bridging two different subnets? I can't see how that's going to work, shouldn't you be routing between them? Or if they're supposed to be bridged, then it should be the same subnet. /interface bridge port add bridge=bridge1 interface=Site2 add bridge=bridge1 interface=Local /ip address add ad...

aesmith

I finally got around to testing. It turns on that not for the first time I was over complicating things. I don't actually need the black hole route unless I want to see a particular remote gateway as down for any particular reason. So my basic configuration is ... /ip route add check-gateway=ping co...

aesmith

I've set mine up using a separate subnet between the main router and the LTE router. The interface that connects the main router to the LTE router is added to "LAN" rather than "WAN" interface list, so the main router does not do NAT. Added a default route on the main router poin...

aesmith

Did you also move the IP address from ether1 to the bridge?

aesmith

You might want to explain which exact Mikrotik products you are using, and how they are configured.

aesmith

You could disable the route to 0.0.0.0/0 - that will kill the Internet. I think you'd have to create a script for this, and a schedule to run the script. You'd also want another script and schedule to enable it again.

aesmith

How do you have DNS configured? You can add a script on the Mikrotik to create a matching DNS entry for any DHCP lease issued, using the domain you're configured on the DHCP Network, and the hostname provided during the DHCP request. Of course that's not any good if you're not using the Mikrotik as ...

aesmith

I think those log messages are a red herring. They are errors from a script, presumably you've added that script to the DHCP server. Assuming no errors in the script one of the log messages suggests that you haven't specified a domain in the DHCP network, the other one just means a particular DHCP c...

aesmith

All I believe that is required att is to separate the IoT (which is currently on VLAN50) from the rest. We have it currently setup as a no-internet VLAN, but I can access it from my Admin workstation Completely aside, I'm puzzled by the idea of a an "Internet of Things" network, with no I...

aesmith

To those who have actually used these type of subscription features, do you feel they are worth the price, and which subscription features do you use? If you have used them and are now no longer paying for the features, what made you change? i don't use anything like these at home but we do for our...

aesmith

The Cisco device needs a subscription to get all the fancy stuff. Annual subscription price is around 2/3 of the initial hardware cost.
Cisco Small Business RV340
Cisco RV Securitysubscription licence (1 year) - 1 licence

aesmith

It doesn't work on the recursive route, as soon as you stick the %ether5 it goes unreachable. To be clear, this route shows as unreachable, but becomes reachable as soon as I remove the "%ether5"

 ip route add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8%ether5

aesmith

I have a different model router but it may be the same. In Winbox if you select the LTE interface, on the General tab it should have options to select bands. If it doesn't can you put up a couple of screenshots showing what you do have available?

aesmith

I need to think a bit about lists. I have a router that will have three potential Internet connections, one needs NAT and firewall, one just needs firewall, and the third doesn't need either (the LTE has it's own firewall).

aesmith

Actually I think I may have worked it out. Say I create a new Interface List "INTERNET-DETECTED", and set that in the Detect Internet settings, theoretically it should add the interface into that list, and I would match my rules against the list "INTERNET-DETECTED". Does that sou...

aesmith

Thanks, I was already reasonably clear on all that, however I still can't see where the status is used. I can't see how for example you apply a filter, NAT or mangle rule based on detected status of "internet". The match address list options only offer the statically defined lists, or some...

aesmith

I'm not sure I've seen a straight answer to this, but I'm trying to find out whether "Detect Internet" actually does anything that influences the router's behaviour. The only effect that I think I've seen is on the Mikrotik mobile app where it determines whether the app shows a graph or In...

aesmith

I just saw elsewhere that an interface can be specified along with the gateway definition, I presume this is just not supported by Winbox. Maybe this does away with the need for the second blackhole route. Will have to test when I get a chance, but if it works it will look something like .. /ip rout...

aesmith

You need to explain a bit more, and show your existing configuration. You drawing shows 192.168.200.30 directly connected to 192.168.50.100, with no network devices in between. Could you also clarify about changing IP, as you say "I want to access UBNT device from my LAN IPs, without changing m...

aesmith

I guess you entered pi-hole as DNS server in IP -> DNS? You should additionally specify pi-hole as DNS server in IP -> DHCP -> Networks Hi, Yes. Attached known bug. It's not really a bug though. Setting in IP->DNS tells the router what DNS server it should use, for requests not cached or locally de...

aesmith

Hmm never used blackhole, interesting. I guess I find it hard to fathom not providing internet since one has a backup ISP. I presume "blackhole" just bins the packet silently, like a route to Null on other vendor's kit, whereas "unreachable" or "prohibit" return ICMP e...

aesmith

What is your NAT trying to achieve? 10.1.1.88 is address of your own router interface so not sure which bit of configuration is expected to convert that and into what? Why can't you route to the PBX, without NAT, is it because the PBX won't talk to anything not on it's local subnet? If so then you w...

aesmith

Cheers, I was thinking of something like this, where 172.17.47.2 my primary Internet router and 172.17.47.6 the secondary ... /ip route add check-gateway=ping distance=1 dst-address=8.8.8.8/32 gateway=172.17.47.2 scope=10 add distance=2 dst-address=8.8.8.8/32 type=blackhole add check-gateway=ping di...

aesmith

That's quite a complex network for a home. If it's being done as a learning exercise then I'd suggest adding something else into the mix, variable length subnets. Typically in a corporate network we'd use /30 or /31 for any point to point links that will only ever have two devices. I'm not sure if M...

aesmith

Hi, This is for Internet fail over. What's the best way in RouterOS to configure a route via a specific interface, so that if that interface is down it won't route via the default route (or any other less specific route)? I think I can do it by adding a route to Null for the same /32 but with worse ...

aesmith

Hi, At home I use an LTE Internet connection (Mikrotik router of course) which uses CGNAT. My source address therefore is one shared on an unpredictable basis with an unknown number of users. What I've found is this forum blocks my IP address if I try to post from my PC, but is quite happy if I post...

aesmith

Actually my previous analogy was wrong, a new connection to a L2 switch port IS an STP topology change, it's just that this is usually over-ridden by some special fast start configuration (eg Cisco's "portfast"). A wireless LAN is more akin to an Ethernet hub, where the "network"...

aesmith

The underlying problem here is the wireless interface changing to Disabled when no clients are associated. Why does it do this? A client attaching or roaming should be no different at the STP level than plugging or unplugging a host into an Ethernet switch. It shouldn't trigger a Spanning Tree topol...

aesmith

Most IP telephony systems want SIP ALG disabled, so they can see the actual local addresses. Other methods normally deal with NAT traversal. When you say "can't call" does the callsetup fail, or connect with no audio?

aesmith

(4) Try https://www.grc.com/shieldsup

aesmith

To be honest I nothing springs out as blocking inbound registrations. In fact your firewall could be described as dangerously sparse. I wonder about all the static NATs though, whether these might be conflicting. I might be inclined to strip back all the NAT entries referring to your PBX except for ...

aesmith

Disabling the firewall doesn't sound a good idea. Without seeing your exact configuration or documentation for the phone system I suspect what you'll need is (1) Inbound NAT so that a designated public IP address routes to the internal IP address of your PBX. (2) Firewall rules to permit the ports a...

aesmith

I've got two devices with 16meg flash. Looking at "Files" both report around 12.6 used out of 16, but the actual files listed only amount to less than 100k. How do you see what is actually occupying flash?

aesmith

Tested 3 phones and 1 soft client PC all connects fine internally and only problem is i cannot connect a soft phone / IP phone from outside network When you say you can't connect from outside the network, do you mean from elsewhere on the Internet? If so then we need to know how these remote phones...

aesmith

Does the Nordvpn appear as an interface on the Mikrotik, with a route pointing to it? Could you share the output from "ip route print" from terminal, or screenshot from IP / Routes / Route List from Winbox or the web interface? Assuming it does appear as an interface, with default route po...

aesmith

What's a "proper shutdown" for a Mikrotik router? Most network equipment is OK to just switch off, do Mikrotik need a soft shutdown first?

aesmith

Just to expand a bit more, if you're really sure that queuing delays are the issue you could manually tweak the output queue on your Hap. A simple FIFO queue with depth of say 100 packets can only add a maximum of 1.2 milliseconds even when the queue's full. If that helps you might want to use RED a...

aesmith

"Bufferbloat" happens where you have a bottleneck and a device with inappropriately long buffers. With 1gig service the bottleneck may be within your network, or contention in the ISP access network. Have you tested with a direct Ethernet to the Hap?

aesmith

What do you have configured at the moment, and when you say "bufferbloat" how have you determined that this is within the Mikrotik? It depends on your design but in a normal configuration where your router sits between you and your ISP then excessive latency during heavy uploads is most li...

aesmith

What sort of VPN have you configured? It may be as simple as changing your default route to point to the VPN. You may need an additional /32 static route for the VPN end point, I like to include that to "nail up" the VPN and avoid it trying to tunnel itself.

aesmith

Hi, Still drafting my QoS and queuing rules. I want to prioritise small TCP packets whose function is solely to increment acknowledgement number. Is this a case where I should mark the Packet rather than Connection? Something like .. add action=mark-packet chain=postrouting connection-mark="&qu...

aesmith

Hi, Could someone confirm a couple of things? (1) If a connection or packet is marked in " prerouting ", does it keep that mark all the way through so it could be matched and acted on on " postroutin g", or indeed later to match a queue? (2) Some of the examples show DNS being ma...

aesmith

If your switch has more than one SFP port, try plugging both in there and see what it thinks. That way you're checking both SFPs and the cable.

aesmith

Hope you don't mind me bumping this one. I've been searching around and I simply can't find any reference to the "priority" marking doing anything to change behaviour, the only references I've seen use it as a mark to be matched in later rules or to assign queues etc. Is there more to it t...

aesmith

The mast we're served from is around 12 km away. That mast only has Band 20, but I doubt the higher frequencies would be viable over that distance anyway. There are two masts much closer which have Band 3 as well but so far I haven't found a location or orientation that will pick them up. With hills...

aesmith

Thanks. SINR is 18dB at the moment, although it varies. CQI 13. We're on Band 20 where our carrier has 5MHz.

aesmith

The spec for the HAP AC2 quotes 300meg as the maximum speed on 2.4Ghz. I bet that's what it is. Google finds a few posts about issues with 5GHz on Lenovo laptops, hopefully it finds the solutions as well. Quick check you could disable 2.4GHz on the router.

aesmith

Highly recommend that you don't use a public address on your private network. There are private IP ranges for a reason. Using someone elses address range wiil come back to haunt you if you every have connectivity to the rest of the Internet. For example it will prevent you accessing the real instan...

aesmith

Hi, My current network uses a hAP AC as the main router, with bridge to the internal LAN, and L3 link to a separate LTE router. The HAP handles all local connections both Ethernet and wireless, and mounted centrally it provides good enough wireless everywhere we need it. The problem is that I'm runn...

aesmith

Are you sure you're connected to the 5Ghz? You can check on the Mikrotik under Wireless / Registration (using Winbox)
Or CLI ..

/interface wireless registration-table print

aesmith

Hi,
I'm using an SXT LTE, the LTE modem is shown as "R11e-LTE" in Winbox. Is there any way to show the modulation in use both upstream and downstream? It's not shown in Winbox as far as I can see, are there CLI options that display more detail?
Thanks,
Tony S

aesmith

Hi, This configuration was suggested to me to set a strict priority for output. Do I also need to set up any special queuing for the egress interface? I just want strict priority, no bandwidth limits just always sent higher priority packets before lower. Looking on Winbox the LTE interface queue typ...

aesmith

How is the TP Link configured? As far as I'm aware that device is, or can be, a complete router etc. To works as a simple AP a few things would probably need to be disabled, and other need to be changed. Do you have L3 connectivity to the TP, for example can you reach it's management interface via t...

aesmith

Just to close this off, just for fun I created another NAT rule for access to just that one host from this source subnet, and with that in place it works. Confirming, I think that the Gigaset doesn't like admin access except from its connected subnet. It's not a lower level IP issue because it repli...

aesmith

So does that mean the issues are fixed now? I was considering this router for home, as I need more Ethernet ports than my hAP AC and I want to keep a single box.

aesmith

Very difficult, even impossible, to help if you only give part of the configuration. Fair comment. It's just that even with the "hide-sensitive" option export exposes a lot of stuff including SSIDs, SNMP communities and of course the full addressing scheme. It's possible to mask all this ...

aesmith

How do you have your EIGRP configured? I'm wondering if maybe multicast isn't supported over your tunnel. You could try static neighbours if you haven't already.

aesmith

Layer 2 network means the devices can directly communicate by Ethernet without having to go through a router. Devices on the same subnet assume this. How is the your hAP AC configured? Specifically ether5, is that set up with specific IP addressing or if it part of a bridge group? Ideally could you ...

aesmith

How do you have the devices linked, physically and in terms of IP? For example it sounds as if you have 192.168.88.1 as an interface on the hAP AC. If the Metal 52 is on 192.168.88.2 then it needs to be on the same Layer 2 network as that interface.

aesmith

Hi, I have configured routing between two subnets which I'll call "Office" and "Home". Home is defined on the bridge and includes ether2, ether3, ether4 and the wireless. Office is connected to ether1. From a host on Office subnet I can ping one particular device on the Home subn...

aesmith

Thanks, that sort of confirms what I was coming around to realising. For SIP the UDP "connection" will never timeout, the device specifically keeps it alive in order to allow otherwise unsolicited inbound signalling. I need to look at scripting, particularly triggering since that script is...

aesmith

Did a bit more testing and I can see that this would definitely stop proper fail-over operation. What's happening in a failover situation is that the Mikrotik is correctly re-routing the traffic based on the preferences in the routing table. However it is hanging onto the previous NAT status for the...

aesmith

Who knows when a new model of hAp ac² with SFP will be available?

Wouldn't that be the existing "hAP AC" which is already available?

aesmith

I don't know why this issue was arising for just one particular host but I think I've fixed it by brute force. Firstly there was no good reason other than laziness for the double NAT on the LTE connection so I've changed that to a routed connection, and on the main router moved ether5 out of "W...

aesmith

If A can ping C then it looks like you have two way routing in place. Check it's not Windows firewall on A blocking inbound.

aesmith

OK that's great thanks. I'm running short of interfaces but I'm sure I can scrounge an SFP from work, Hopefully a Cisco GLC-T is compatible. I'll bear your comments in mind, I assume the concern is throughput and CPU impact rather than function. My main ISP uplink is on eth5 as it uses PoE, but I co...

aesmith

Hi, I have a HAP AC with effectively two logical Internet interfaces. One is a physical link from eth5 to an SXT LTE router, that's set up in the laziest way with double NAT, so eth5 has DHCP client and adds a default route with distance=2. The other is an L2TP logical interface that goes via the LT...

aesmith

Hi,
I have the hAP AC (not AC2 or AC Lite) with PoE out and SFP slot. Is the SFP slot a separate interface, making six in all, or does it take over one of the five Ethernets when it's in use? Block diagram seems to show it separate.

Thanks, Tony S

aesmith

Best option is to collect these values using SNMP. I've set that up using PRTG to monitor RSRP etc. Unfortunately I can't remember whether this was a pre-canned sensor in PRTG or whether I had to look out the MIB and the OIDs.

aesmith

Thanks for the response. I now think "Safe Mode" is the most likely cause. I have been in the habit of leaving Winbox running on the desktop PC, and the PC had some sort of crash or reboot. I guess I must have selected Safe Mode (without knowing what I was doing) when I carried out the las...

aesmith

Hi, My home router is a Hap AC (RB962UiGS-5HacT2HnT). It's been in service only for a couple of weeks now and has been working fine. However overnight it suddenly lost three quarters of my wireless configuration. In my configuration I used my own SSID on both of the two physical wireless interfaces ...

aesmith

Thanks, I need to look into this a bit more. I don't suppose you could link or show any examples where the bandwidth is unspecified?

aesmith

Thanks. That's a little disappointing. I was hoping there was a mechanism that would let the interface run at line rate, sending each outgoing packet as soon as the preceding one had been transmitted. Even quite basic routers will do that.

aesmith

Hi, The examples and documentation that I've found for RouterOS quality of service and queuing, all seem to need a known bandwidth to be set either as the maximum for a given traffic class, or the max available on the interface. Are there any mechanisms that adapt to the rate that's actually availab...

aesmith

Thanks for the response, sorry I didn't notice your post earlier. Yes I have mine in service in the UK now, on Three. I'm monitoring and logging LTE signal parameters with PRTG using SNMP, but to answer my own original question I found the Android App best for live display while adjusting the alignm...

aesmith

Hi, Sorry this is a basic question, however I'm thinking of trying the SXT LTE version (RBSXTR&R11e-LTE) in the UK. If it's like other LTE devices that I've used it will need some trial and error to choose the best location and alignment. Is there anywhere in the user interface that displays a l...

Search found 146 matches