Yes it is completely empty.I'm not really sure if the RB1100 is in the "default settings are completely empty" category (like the CCR)...
/ip firewall filter add action=accept chain=frorward dst-port=1723 protocol=tcp
Processor architecture, hAP is mipsbe, hAP Lite is smips.I don't know what smips device is, I have hAP and two hAP lites. Maybe I don't need the whole smips package.
Check Winbox version, it must be at least 3.19my RB750Gr3 with 6.41.5 version. After reboot it must be upgraded. But after that he did not start correctly, i can not seen him in winbox
Don't want to enable proxy-arp on LAN interface, to access devices on internal network.I assume you have good reasons to take all this burden (registry tweaking or implementing my trick) rather than running the L2TP/IPsec directly on the outer Mikrotik.
/ip firewall nat add action=masquerade chain=srcnat out-interface=ether13WAN
Review firewall input chain, perhaps you have unnecessary ports or protocols open. Best practice is to close all, except only those you are using.i don't use IPSEC at all how can i disable it?
/radius add address=192.168.7.70 secret=AgileroSecret123 service=ppp src-address=192.168.7.1
I can't ping my AD Server (192.168.7.70) using udp 1812/1813
reg add HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
/caps-man provisioning add name-format=identity
/system backup save name=$filename password=xxxxx :delay 3s /export file=$filename
We also wanted to participate in this project to extend our infrastructure. It seems, EU money will go to another company. Perhaps Mikrotik don't need this money?The project requirements for WiFi4EU are:
support IEEE 802.11r
But unfortunately Microtik does not meet the requirements.
/ppp profile add dns-server=192.168.90.254 local-address=192.168.90.254 name=vpn-profile \ remote-address=vpn-pool use-encryption=yes
/interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n frequency=2422 name=wlan2.4 \ ssid=NETGEAR48 mode=station-pseudobridge
Everything outside default protection rules. It should be only warning, nothing else.What is considered unsafe entry? And how would you determine that particular entry is unsafe in specific firewall?would check firewall rules for unsafe entries on every upgrade
It's fixed, niceAfter posting, a white screen is shown instead of the usual next screen.
However, the posting appears when reloading the forum.
/caps-man manager set enabled=yes package-path=/ upgrade-policy=suggest-same-version
Or better, let the CAP choose the channel and to avoid conflicts with other devices set reselect channel every 1 minuteTry a different channel.
/caps-man channel add band=2ghz-g/n reselect-interval=1m name="ch 2"
Do you restored from .backup file not from configuration backup (.rsc file)?maybe it infected the backup file ?
/caps-man provisioning enable 0 :delay 1 /caps-man radio provision numbers=[find]
/caps-man provisioning disable 0 :delay 1 /caps-man radio provision numbers=[find]
Perhaps, but I found it very useful. And it's from MikrotikStrange link that was.
+1001Could we expect that 6.40.5 will become "bugfix" or 6.40.6 with fixes from 6.41?
6.40.5 is the last with "old-known-bridge-implementation" technology and not all want to upgrade to "new-better-but-not-too-familiarized" one.
add action=masquerade chain=srcnat out-interface=bridgeopen src-address=\ 10.35.0.0/24
PPTP port is 1723. I have only this port open and no rules for GRE.Hi
I have setup pptp server with ip pool, ppp profile, secret and pptp server and firewall filter rules for tcp port 1732 and protocol GRE
This error is on router? Or You are using router as NTP server and this error is on clients?SNTP client cannot synchronize time, error server-ip-mismatch.(
No.So should I be worried that my initial Firewall configuration missing those "Drop Invalid connections" rules?
add action=accept chain=forward comment="" connection-state=established,related
What exactlynot working? http? ping to 184.108.40.206? ping to external ip of router? everything?What is not working:
Connect to internet from "wifiguests"
/ip firewall nat add action=masquerade chain=srcnat out-interface=WAN
/ip firewall address-list add address=sam9s.synology.me list=host_synology
chain=dstnat action=dst-nat to-addresses=192.168.1.252 to-ports=3389 protocol=tcp dst-port=4001
+1Winbox 3.x is OK, only one problem which I have is - durig upload file (for example new Router OS) is not posible working in active window.
After file is uploaded, then is possible working.
In winbox 2.2.18 this works. Can you fix it?
Agree to this. Consolidated changelog for bugfix versions would be very useful.Thanks for the link, it is really useful. But as I said before: I don't care about many changes let's say in 6.35.4 which are fixing 6.35.3 bugs, I just need to see summary of changes from 6.34.6 to 6.36.4.
/interface wireless access-list add interface=wlan1 mac-address=00:23:4D:76:8F:F5 add interface=wlan1 mac-address=00:23:4D:76:8F:F5 time=8h-20h,sun,mon,tue,wed,thu,fri,sat \ vlan-mode=no-tag
chain=forward protocol=tcp src-address=172.16.5.5 dst-port=25 action=accept chain=forward protocol=tcp src-address=172.16.5.0/24 dst-port=25 action=drop
/ip dhcp-client add add-default-route=yes default-route-distance=0 dhcp-options=hostname,clientid interface=eth1
Remove frequency from channel settings, it will let CAPs themselves choose the best channel.
/caps-man channel add band=2ghz-onlyn extension-channel=Ce frequency=2412 name=channel1 tx-power=30 width=20 add band=5ghz-a/n/ac extension-channel=Ceee frequency=5210 name=channel42 tx-power=10 width=20
/ip firewall filter add chain=forward connection-state=established,related
I don't mean physically accessible. If You can connect to router A from outside, also router B will be accessible.So i won't be able to connect to routerB from other network outside of routerA ???
I can declare my SuperManagementTool works with Microsoft Server, does it mean it is supported by Microsoft?
I dont understand because its declared by Kiawe that TikTool alows to manage/admin MikroTik routers...isnt it?
/caps-man provisioning add action=create-dynamic-enabled master-configuration=Config1 name-format=identity