MikroTik

WayneF

Thanks for the replies. I feel much more comfortable knowing some experts had a look at my configuration. And yes I do have some duplicated "rules" with specific ports - it is some legacy rules that I have carried over time, and are redundant. I think 90% of my rules are yes "YouTube&...

WayneF

Hi, I have many log entries stating drop not from lan. It's a constant flow of dropped packets. Is this hackers (normal) or is this an error in my config? Here is my config, hope this is sufficient and the best way to make the information available: Log sample: jan/21 10:41:24 firewall,info drop-not...

WayneF

Hey @sid... I don't think I understand what you are saying clearly. I did not mention the router at 192.169.1.3 as I did not think much of it; It is not a Mikrotik router and I did not realise that the routing was localised to the device itself. I just check that "silly" router and it does...

WayneF

Thanks for all the help, again. I have made some progress, well I think so. I have this wired/configuration (is it called topology). (ISP)<--------------->Mikrotik<------192.168.1.0/24--------->Router/Wifi(192.168.1.3)<*****A******>[some devices] |(connects to Mikrotik) |<----------192.168.2.0/24---...

WayneF

export hide-sensitive # dec/19/2020 22:43:02 by RouterOS 6.45.9 # software id = # # model = RB4011iGS+ /interface bridge add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge protocol-mode=none add comment="bridge access point 9 - upstairs" name=bridge-ap9 add name=bridge...

WayneF

and my bridge config: lags: X - disabled, R - running 0 R ;;; defconf name="bridge" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=C6:AD:xx:xx:xx:F6 protocol-mode=none fast-forward=yes igmp-snooping=no auto-mac=no admin-mac=C6:AD:xx:xx:xx:F6 ageing-time=5m vla...

WayneF

Thanks for helping out!! That worked perfect... "interface list member print" Flags: X - disabled, D - dynamic # LIST INTERFACE 0 ;;; defconf LAN bridge 1 ;;; defconf WAN ether1 2 WAN pppoe 3 LAN bridge-ap9 4 LAN bridge-ap10

WayneF

I just checked and my interfaces are in the correct "LIST". Both ap9 and ap10, are in the list named "LAN"; "I tried to print it out but that did not work, interface list print did not work for me, it showed the list names but dit not print the interface names ." Starti...

WayneF

Here is my Firewall rules: I do not see anything wrong with it? [admin@MikroTik] /ip firewall filter> print Flags: X - disabled, I - invalid, D - dynamic 8 ;;; 1: defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked log=no log-prefix=...

WayneF

Here are my interface IP addresses: [admin@MikroTik] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 1 ;;; lan 192.168.0.2/24 192.168.0.0 bridge 2 ;;; ap9 192.168.1.2/24 192.168.1.0 bridge-ap9 3 ;;; ap10 192.168.2.2/24 192.168.2.0 bridge-ap10 Ping Result...

WayneF

I tried the arp settings, and it had no effect. (I did not reboot, or re-connect. I made the change and did a test).

WayneF

I noticed my bridge is set ARP enabled. Perhaps proxy-arp will work? The docs located here mentions this, but my router has an option not mentioned "local-proxy-arp" https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge Address Resolution Protocol setting disabled - the interface will not...

WayneF

Hi, Is masquerading required for routing to work across interfaces in a bridge? I have two interfaces ap9 and ap10 part of the bridge, and devices on ap9 cannot access devices on ap10 (they can access the internet). My NAT is set only on my WAN interface, but if I enable NAT with at source IP addres...

WayneF

Finally I figured out some more information.

When I plug in a host at the AP (ethernet), I can ping the host. But not the AP itself, unless I connect to it via WiFi.
So It must be the access point itself, blocking access.

WayneF

If fixed the problem by just rebooting the AP10, I suspect it still had an old IP address, 192.168.0.13; Since the AP had seperate Power, it never got rebooted after me thanking network addresses. Well after the reboot I could Ping the host and no change was made to the Mikrotik. It worked for a bri...

WayneF

I did a test using ping on a Mac... and that fails.

I did a test using mtr which also use icmp, and that works just fine.

WayneF

I have Queues and for that I had to enable: Use IP FireWall in the Bridge Configuration.

Could that be the cause?

WayneF

Thanks Sindy!!

I do not totally understand it, it is super confusing as to when to use what.

Do you perhaps know of an example that makes use of source and destination address lists to seperate upload and download?

WayneF

Please assist, this is just so strange, and do not understand why this is happening. I cannot ping a AccesPoint/Host with a static IP address on a different bridge, while connected to a seperate bridge. My Config: [WiFi AP9:192.168.1.3]====[Switch]=====[192.168.1.2:AP9-BRIDGE][Mikrotik][AP10-BRIDGE:...

WayneF

Do not why this happened, but after I retyped the address list using Winbox it started working, or maybe it was not that. the new code: add action=mark-connection chain=postrouting comment=OTHER connection-state=new new-connection-mark=other-conn passthrough=yes src-address-list=\ addr-list-lan add ...

WayneF

I have change stuff quite a bit.. I have split the network into three subnets, 1: One For the LAN (wired connections) 2: WiFi AP number 1 3: WiFi AP number 2 Now I have these three sets of markings for each subset (address lists); and still I cannot get the LAN traffic, marked add action=mark-connec...

WayneF

Thanks for that Sindy. I have checked that and it is switched off. (Bridge-->Settings: Allow Fast Path is not checked.) also: /interface bridge settings> print use-ip-firewall: yes use-ip-firewall-for-vlan: yes use-ip-firewall-for-pppoe: yes allow-fast-path: no bridge-fast-path-active: no bridge-fas...

WayneF

Can someone please explain how to get the correct markings for traffic to show in two Queues's? I have two Queues: 1) a Internet-Q 2) a WiFi-Access-Point-Q When traffic is marked correctly I expect the traffic to show in the WiFi-AP-Q and in the Internet-Q Please consider this: 1) The output interfa...

WayneF

Here is my approach thus far, but I need some help with the Mangle Rule adjustments, down below. [WiFi clients get a seperate IP Range] I have moved the ethernet port which is connected to the WiFi access point into it's own bridge, then added a DHCP server to that interface and all clients connecte...

WayneF

Here is what I have tried but have not found a solution yet: 1) Mark the packets to the WiFi AP using the interface - fail cannot do that because the interface is a slave. 2) Mark packets source IP of the WiFi AP, and Mark packets destination WiFi AP that did not work since some packets are not sent...

WayneF

I currently have two queue's each with their own Max Limit. UP-Q: Interface ether1 - my ether1 is not part of the bridge and connects to the Internet, PPPoE. DOWN-Q: Interface bridge Now I want to add two seperate queues for a WiFi Access Point which is connected to ether10 . I want to have two queu...

WayneF

How should I go about choosing sensible max limits for the queues. I have a X Mpbs down and a Y Mbps up ; well so the ISP claims. When I actually do tests I hardly ever see those results when using speedtest.net, using various test servers, it seems to vary as most test servers fail to deliver the s...

WayneF

I did some cpu profiling and the worst I see is that cpu2 is at 46.5% @ a 500Mbps speed test. [admin@MikroTik] /tool> profile cpu=all NAME CPU USAGE www 0 0.5% ethernet 0 0.5% dns 0 0% firewall 0 0% networking 0 24.5% management 0 0% bridging 0 0% cpu0 25.5% ethernet 1 0% console 1 0.5% firewall 1 0...

WayneF

I found this diagram which I think is more inline to my configuration. https://i.mt.lv/cdn/rb_files/RB760iGS-esw3-190628133359.png My eth1 is not part of the bridge, and ether2, ether3, ether4, ether5, and the sfp1 is part if the bridge. (sfp1 is disabled and is also not plugged in) Furthermore my e...

WayneF

Thanks for the tip regarding the Firewall rules, I did a check as I had a screen shot, and the rules appear to be visually the same. Phew! I was really being silly, I forgot the simple fact that I am testing the speed over WiFi, which should theoretically get good results, but still. My WiFi (UAP-AC...

WayneF

Ok,, I have reconfigured the router ... 1) reset factory defaults 2) then copied partial configs.... (I had some really old stuff and just removed those) 3) upgraded the router software to latest long-term 4) upgraded the firmware 5) disabled the sf1 interface, but left it in the bridge: still liste...

WayneF

I have asked @archerious to share his config...

WayneF

I have recently bought a new RouterBoard HexS ( RB760iGS ) since my old one could not do Gigabit. The goal being to get ultra fibre, 900MBPS. I did a backup of the old router [ RB-951UI2 ] , then transferred the backup file to my new HexS [ RB760iGS ] and did a restore. All went well, but I am unabl...

WayneF

Hi, Please assist, I have recently bought a new RouterBoard HexS since my old one could not do Gigabit. I am really impressed thus far with the Mikrotik, but I need some help please. Please see my questions marked Q1 to Q4 below. I did a backup of the old router [RB-951UI2] , then transferred the ba...

Search found 34 matches

Re: Many Drop not from LAN - Hackers or Error?

Many Drop not from LAN - Hackers or Error?

Re: Routing between bridge interfaces - masquerade required or not?

Re: Routing between bridge interfaces - masquerade required or not?

Re: Routing between bridge interfaces - masquerade required or not?

Re: Routing between bridge interfaces - masquerade required or not?

Re: Routing between bridge interfaces - masquerade required or not?

Re: Routing between bridge interfaces - masquerade required or not?

Re: Routing between bridge interfaces - masquerade required or not?

Re: Routing between bridge interfaces - masquerade required or not?

Re: Routing between interfaces - masquerade required or not?

Re: Routing between interfaces - masquerade required or not?

Routing between bridge interfaces - masquerade required or not?

Re: Cannot ping static ip on seperate bridge? [SOLVED]

Re: Cannot ping static ip on seperate bridge? [SOLVED]

Re: Cannot ping static ip on seperate bridge? [SOLVED]

Re: Cannot ping static ip on seperate bridge? [SOLVED]

Re: How to mark traffic for two Queues?

Cannot ping static ip on seperate bridge? [SOLVED]

Re: How to mark traffic for two Queues?

Re: How to mark traffic for two Queues?

Re: How to mark traffic for two Queues?

How to mark traffic for two Queues?

Re: How to configure seperate queue for WiFi Access Point

Re: How to configure seperate queue for WiFi Access Point

How to configure seperate queue for WiFi Access Point

Re: Using RouterOS to QoS your network - 2020 Edition

Re: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.

Re: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.

Re: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.

Re: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.

Re: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.

Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.

Interfaces showing ether1 and ether1-gateway