Community discussions

Search found 43 matches

by marinaman
Fri Oct 11, 2019 12:22 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy THANKS - I owe you a coke, beer, wine, whisky, meal. I got my VPN working. >Quick Set> >check VPN Access> "not sure if this is the right way or right vpn, but very easy" I don't have internet service when VPN is connected. I can connect to my cams through the browser. I can't figure out how to...
by marinaman
Thu Oct 10, 2019 12:09 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

I now have ftp and telnet disabled. I don't see any scripts that I haven't done and my logs are ok. What about ssh? I think on the port 111 > I will try: add chain=tcp protocol=tcp dst-port=111 action=drop \ comment="deny RPC portmapper" add chain=udp protocol=udp dst-port=111 action=drop comment="d...
by marinaman
Wed Oct 09, 2019 8:41 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Thanks for your long response - Sindy I did make some changes: I left the hotspot on the hEXs on my cable ISP. No problems for now. I bought a hap ac for the office network and put it on my uVerse ISP. Current PCI Complaint scan fails. My scans are executed from the wan side by the ControlScan compa...
by marinaman
Tue Oct 08, 2019 7:11 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

All has been good up until now - any advice on dealing with PCI Compliant scans?

My current set-up is failing the scans.....See attached scan Vulnerability Details
by marinaman
Wed Sep 04, 2019 1:10 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Nice! - Sindy What a chart........great info. I did go back and watch all my /ip firewall filters while trying to connect with the cam and the very last rule in the chain=forward was killing the packets. I disabled it and that allowed the packets to flow (cam connection), so I knew it was something ...
by marinaman
Tue Sep 03, 2019 7:18 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Ok - things are working, except......port forwarding. Please look over my firewall/nat rules and advise. I want internet access to webfig, so I added the following and it works, hope it's right. IP Cloud - enabled and the Tik's ddns address takes me to webfig login. add action=accept chain=input com...
by marinaman
Thu Aug 29, 2019 4:53 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy - I didn't have it figured out, but makes good sense after seeing and thinking about your response. I added your new rule and it worked! You have really helped me and I appreciate all the instructions. I have my system running well, just for the hotspot off my extra AT&T ISP. I won't make the ...
by marinaman
Tue Aug 27, 2019 4:05 am
Forum: Wireless Networking
Topic: Non-Mikrotik AP Config
Replies: 2
Views: 392

Re: Non-Mikrotik AP Config

If you don’t Use Firewall it VLAN Then it Males not difference what Port you Are yousing
mistry7 - can you be more clear........

>Firewall I created on a vlan?
or
>Firewall check box in a bridge, interface, etc.....?
by marinaman
Tue Aug 27, 2019 12:15 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy - good thinking....I like the log check. "See Attachment"
Thanks
by marinaman
Mon Aug 26, 2019 10:42 pm
Forum: Wireless Networking
Topic: Non-Mikrotik AP Config
Replies: 2
Views: 392

Non-Mikrotik AP Config

I'm configuring a hEXs to my existing wireless network. Can someone point me to the right way to setup my existing non-mikrotik AP's? I have them plugged into ether4,5 and they are working, but I don't know if this is the best way. Should I set them up as a wlan interface? I have plugged into ether3...
by marinaman
Mon Aug 26, 2019 2:56 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

I switched all my AP over to the Tik and the hotspot (HS) is working. My problem is the last drop rule in the input chain. "Drop everything else" If it's enabled > logging into HS > I get radius server error and can't login. Disable - allows me to login. I have included my config file - please let m...
by marinaman
Wed Aug 21, 2019 12:54 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

If the Tik was behind an external firewall, it's OK, no need to netinstall. The rest remains - add the last drop rule in input after checking that the one permitting management access from a dedicated interface with a dedicated subnet counts packets. It will count just one packet per each connectio...
by marinaman
Tue Aug 20, 2019 12:19 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy - I haven't done any firewall config yet. I did try the drop all rule and it disconnected the internet, but you cleared that up. Also my Tik is running off a Netgear switch connected to the lan on my Linksys router. My Tik is getting its ip from the Linksys. I'm just testing for now. Trying to...
by marinaman
Mon Aug 19, 2019 10:49 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy I haven't configured and tested the rules yet. I wanted your input first. I use winbox. I added ",related" after established. Are you thinking I need to add this first: These and any other rules in the input chain must be prior to the drop all rule, the most important input rule being add acti...
by marinaman
Mon Aug 19, 2019 8:02 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy - I'm starting to slowly understand, sorry. See if I'm on the right track and If I need more rules? /ip firewall filter add chain=forward connection-state=established action=accept \ comment="allow already established connections" add chain=forward action=accept in-interface-list=!WAN out-inte...
by marinaman
Sat Aug 17, 2019 7:01 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy - I think what your recommending is: I would like my network all on the Tik. For the 3 zones (wan, office, hotspot). It's not to complex, just takes me time to understand..... The Firewall filters: (with interfaces - as is - OFFICE/interface bridge name=bridge1 > HS/interface vlan vlan-id=10 (...
by marinaman
Thu Aug 15, 2019 12:15 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Yea - Safe Mode is nice and I use it. I guess the firewall rules you listed confused me.... My testing in safe mode: -It works on the first rule, but when I config the second rule the internet quits. Is the second rule a rule by itself? chain=forward action=accept in-interface-list=!WAN out-interfac...
by marinaman
Wed Aug 14, 2019 11:32 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy Your post makes me question is this the right way to go? Meaning - should I have all these zones on (1) router? Should I do this on (2) routers? It seems very lengthy to config on (1) router and maybe not at my Tik level knowledge. I can't mess this up and leery about bleeding. I have (2) ISP'...
by marinaman
Wed Aug 14, 2019 9:55 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

WOW Sindy!
Great advice! I'm reading your detailed comments several times to understand and learn. It's deep thinking for my setup with good protection.

I'm starting the config.....

Thanks for your time > it's helping > creates feelings of accomplishment
by marinaman
Tue Aug 13, 2019 4:31 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Good answers sindy.......

I got to put in firewall rules to separate the vlan from the office. Can you give me direction?

I like your firewall link above and it will help.
by marinaman
Tue Aug 13, 2019 1:02 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

MAN-O-MAN......this thing is WORKING!!! Both the tagged vlan-id10 ssid and the untagged ssid side works. I also turned on vlan filtering > under bridge > double-click bridge tab and it works, but will uncheck for the rest of my config is done. I guest you noticed I had the Protocol Mode > none. Is t...
by marinaman
Mon Aug 12, 2019 11:12 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

I have checked > "allow remote request" in dns. Still the same.
by marinaman
Mon Aug 12, 2019 11:09 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Guessing from your description what may be wrong: you can have one tagless and as many as you want tagged VLANs directly on an Ethernet interface, but if you do it this way, you cannot add the interface itself to a bridge (I mean, you can but the tagged VLANs won't work). So if you want ether4 to b...
by marinaman
Mon Aug 12, 2019 10:14 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

I'm still stuck on my one vlan..... I can't get vlan to work. All I want is to have an office network and a hotspot network on the same Tik router. I got my AP plugged into ether4 > the AP has (2) ssid > (1) no vlan id and (1) vlan id10 > I can get an ip address on the ssid without a vlan tag and in...
by marinaman
Wed Aug 07, 2019 11:51 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Second, your only /ip dhcp-server network item provides the hotspot clients with a default gateway address but not with a DNS server address, which makes it impossible for them to translate domain names like www.google.com to addresses like 216.239.36.109. So either add dns-server=8.8.8.8 to that i...
by marinaman
Wed Aug 07, 2019 10:40 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sindy - I appreciate any help from you and Sob contradictory or not. I want to learn! I'm getting my login page and can login. I got google a couple times and then it's just spinning. I get my status page - saying I'm logged in. Attached is my embarrassing config file - sorry! Back to testing..........
by marinaman
Wed Aug 07, 2019 9:39 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

The /interface vlan for hotspot must be attached to the bridge, not to its particular member port. And the IP address, DHCP server, and hotspot configuration for the guest network must all be attached to that /interface vlan , whilst the IP address and DHCP server for the "insider" network stays at...
by marinaman
Wed Aug 07, 2019 7:59 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Well.....I'm not getting anywhere with the VLAN on Hotspot "working"? I set my test AP to tag traffic to VLAN 10. On router all lans bridged (one bridge) > AP plugged into ether4 > I put the VLAN10 ID 10 on ether4 interface > dhcp is on the bridge > bridge VLAN filtering is checked and PVID 1 I'm mi...
by marinaman
Tue Aug 06, 2019 5:09 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

The only thought to consider: hEX S have a very weak switch chip implementation - it can't do vlan's in hardware, only in software. It is not a real problem for small loads, but depending of the intra-vlan/inter-vlan ratio it can be a good idea to put a more decent switch between hEX and the rest o...
by marinaman
Tue Aug 06, 2019 4:57 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

I don't see where exactly you have two routers, it looks like one should be enough (but there's no major difference between one and two, you'd just spread the config between them). So one independent port would be WAN, and the remaining four would go in bridge. Office can be directly on bridge unta...
by marinaman
Mon Aug 05, 2019 10:21 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sob the diagram is my existing network, running on (2) Linksys routers.

I just need to know how would you set this up on the Mikrotik router, so I can only use the Mikrotik router and ditch the Linksys?

Thanks
by marinaman
Mon Aug 05, 2019 8:41 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

I need some direction. Looking at my network diagram. Let me know if I'm on the right track? AP-1: -VLAN for Backoffice (say VLAN10) for the IP camera. -Not sure what I need for the Hotspot? I think leave open for usermanager on SSID (myhotspot). AP-2: -Just for Hotspot. So leave open for usermanage...
by marinaman
Fri Aug 02, 2019 11:16 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Pictures is worth a 1000 words - this is what I'm trying to accomplish and it's a challenge.
network.jpg

Any help is appreciated!
by marinaman
Fri Aug 02, 2019 7:45 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

My Hotspot - Clients will purchase per-generated voucher for user id and password. So I think the AP's left open is right? -VLANs - I want to use (1) router interface port for the wireless bridge, which has an AP at the remote end. AND (1) router interface port for (1) AP AND (1) router interface po...
by marinaman
Fri Aug 02, 2019 4:34 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Where is backoffice? Connected to main router and this config is from second one, right? In any case, you can prevent communication between different networks using firewall filter. Use statefull firewall, something like this: /ip firewall filter add action=accept chain=forward connection-state=est...
by marinaman
Fri Aug 02, 2019 1:00 am
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Sure and thanks - myconfig is attached, I think attachment is the preferred way. Please let me know. I want to: -create backoffice secure from the Hotspot I have an existing wireless network. I know I can disable security on all my AP's and plug them into the Mikrotik router and the Hotspot will wor...
by marinaman
Thu Aug 01, 2019 10:11 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

I tried (3) off your link and they all want $1500 to $2000.

I just need a little guidance! Just a few questions answered. I feeling it's very hard to get help on this forum.
by marinaman
Thu Aug 01, 2019 8:44 pm
Forum: Beginner Basics
Topic: Anyone for hire?
Replies: 5
Views: 584

Re: Anyone for hire?

Get the course and do the exam. That is cheaper.

Three wanted postings is a bit much.

Where do you get the course? In USA English.
by marinaman
Thu Aug 01, 2019 8:42 pm
Forum: Beginner Basics
Topic: Anyone for hire?
Replies: 5
Views: 584

Re: Anyone for hire?

I think your thread turned him/her on............ ;-P
Is the request for one night or open ended...... jajajajajaja
https://mikrotik.com/consultants
Thanks for the link - I didn't know
by marinaman
Thu Aug 01, 2019 7:32 pm
Forum: Beginner Basics
Topic: Using RouterOS to VLAN your network
Replies: 91
Views: 26048

Re: Using RouterOS to VLAN your network

Hi pcunite, This is great thread/work! I need help are you for hire?

If so - how can I contact you?

Thanks
by marinaman
Thu Aug 01, 2019 7:28 pm
Forum: Beginner Basics
Topic: Anyone for hire?
Replies: 5
Views: 584

Anyone for hire?

Hello, anyone that can help me for hire? I'm new to Mikrotik. I have been able to get a hotspot with userman configured. I coded my login page and coded my voucher to print. It works good - through my testing. I need to replace my current existing system. My existing router setup: Main router for ba...
by marinaman
Thu Aug 01, 2019 7:11 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Re: Microtik router with existing network

Is there anyone for hire? That can write my system script or help give me direction.

Thanks
by marinaman
Tue Jul 30, 2019 10:29 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6625

Microtik router with existing network

Hi, my first time posting and would like new setup advice on moving over to Mikrotik? -Can my new hEXs handle my back office securely from my Hotspot? -My Hotspot is small under 30 clients. I'm new to Mikrotik, but think I've found it's the right way to go finally. My existing router setup: Main rou...