Community discussions

MikroTik App

Search found 24 matches

by mhaluska
Fri Sep 09, 2022 12:14 am
Forum: RouterBOARD hardware
Topic: Plan for CCR2116-12G-4S+ alternative?
Replies: 13
Views: 9879

Re: Plan for CCR2116-12G-4S+ alternative?

CCR2216-1G-12XS-2XQ was announced

i hope it can meet your expectations
Not really, it's almost 3 times more expensive. Hard to invest such money to homelab.
by mhaluska
Wed Sep 07, 2022 9:39 pm
Forum: General
Topic: Switch: block STP on one port in RouterOS v7
Replies: 4
Views: 1641

Re: Switch: block STP on one port in RouterOS v7

It looks like bridge filter is not working or all rules are totally ignored, ether5 is my Raspberry Pi where I tried to generate traffic after adding those rules: > /interface/bridge/filter/export /interface bridge filter add action=accept chain=forward in-interface=ether5 add action=accept chain=fo...
by mhaluska
Wed Sep 07, 2022 9:28 pm
Forum: General
Topic: Switch: block STP on one port in RouterOS v7
Replies: 4
Views: 1641

Re: Switch: block STP on one port in RouterOS v7

None is matching (before setting edge=yes -> see below)... /interface bridge filter add action=drop chain=output dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF out-interface=ether23 add action=drop chain=output out-interface=ether23 src-mac-address=08:55:31:95:85:C3/FF:FF:FF:FF:FF:FF I managed ...
by mhaluska
Wed Sep 07, 2022 8:31 pm
Forum: General
Topic: Switch: block STP on one port in RouterOS v7
Replies: 4
Views: 1641

Switch: block STP on one port in RouterOS v7

Due to ISP special setup, I need to block STP on one switch port, otherwise clients behind this switch will not get IP thru DHCP. I'm limited to 3 dynamic public IPs, but also STP proto is somehow blocking rest of clients and is counted as a client. This bridge filter was working fine untill I upgra...
by mhaluska
Thu Jan 20, 2022 7:28 pm
Forum: General
Topic: l2tp with ipsec between CHR and RB
Replies: 24
Views: 2753

Re: l2tp with ipsec between CHR and RB

Working fine for me: CHR <-> HexS, both on ROS 7.1.1
by mhaluska
Thu Jan 20, 2022 7:09 pm
Forum: RouterOS beta
Topic: Fans significantly more aggressive with ROS7
Replies: 2
Views: 2121

Re: Fans significantly more aggressive with ROS7

Seems there is no way, except putting your switch to colder area. In your case, it looks like tigger is sfp+ module. Can you try to cool down somehow this module? Also is strange my CPU is on 58C and fans are on 0 RPM, but I'm still on ROS6. > /system health print cpu-temperature: 58C power-consumpt...
by mhaluska
Fri Jan 07, 2022 11:35 pm
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223473

Re: v7.1.1 is released!

Just define new type...
> /queue/type/add kind=[TAB]
bfifo  cake  codel  fq-codel  mq-pfifo  none  pcq  pfifo  red  sfq
by mhaluska
Tue Jan 04, 2022 1:25 pm
Forum: RouterBOARD hardware
Topic: Plan for CCR2116-12G-4S+ alternative?
Replies: 13
Views: 9879

Re: Plan for CCR2116-12G-4S+ alternative?

But if I understand correctly, you can enable l3 or firewall acceleration on CRS317, but I need l3 AND firewall.
It's pity that mikrotik is not showing in presented throughput also values without fasttrack.
by mhaluska
Tue Jan 04, 2022 12:39 am
Forum: RouterBOARD hardware
Topic: Plan for CCR2116-12G-4S+ alternative?
Replies: 13
Views: 9879

Re: Plan for CCR2116-12G-4S+ alternative?

Put a switch and do VLAN Trunking... Not an option, if you need to get inter VLAN routing with 10G line speed thru FW. Due to limitations I need to disable fasttrack and CCR2004 is not able handle 10G routing in this case. To get best speed from CCR you need to utilise as much interfaces as possibl...
by mhaluska
Sun Dec 26, 2021 9:47 pm
Forum: General
Topic: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN
Replies: 55
Views: 18832

Re: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN

@Znevna: ignore tailscale, try headscale https://github.com/juanfont/headscale. i think heads are scaling better than tails /s
by mhaluska
Wed Dec 22, 2021 2:17 pm
Forum: RouterBOARD hardware
Topic: Plan for CCR2116-12G-4S+ alternative?
Replies: 13
Views: 9879

Plan for CCR2116-12G-4S+ alternative?

I would like to see something like CCR2116-4G-12S+, even something without RJ45, just pure SFP+ with 1G management port, like old CCR2004. This is really nice piece of HW, but only 4 SFP+ isn't usable for me.
by mhaluska
Fri Sep 10, 2021 6:03 pm
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 160227

Re: v7.1rc3 adds Docker (TM) compatible container support

This docker implementation looks nice, but I don't think it's good idea, plus I think Mikrotik should invest their development time on more important RouterOS things - like they did with ZeroTier. It makes no sense to use docker container on some boards (maybe most of them) due to low memory or no H...
by mhaluska
Tue Apr 20, 2021 6:59 pm
Forum: General
Topic: IPIP vs GRE [SOLVED]
Replies: 7
Views: 4102

Re: IPIP vs GRE [SOLVED]

In what cases do I need to specify addresses for both ends of the IPIP-tunnel, and in what cases it is not necessary? I tried a IPIP-tunnel without addresses - everything works fine. Not required for single ISP or single WAN IP. If you have multi-ISP uplink or more IPs on WAN and you want to use sp...
by mhaluska
Sat Apr 03, 2021 1:49 pm
Forum: General
Topic: Reverse proxy in Mikrotik only works in LAN?
Replies: 2
Views: 4554

Re: Reverse proxy in Mikrotik only works in LAN?

@loloski is right, reverse proxy is your friend.
Often used proxies are haproxy, nginx, caddy... for containers for example traefik. If you want easy quick start with web UI and build-in ACME, you can use Nginx Proxy Manager
by mhaluska
Fri Mar 19, 2021 4:52 pm
Forum: General
Topic: Maximum Temperature Limits for CCR2004-1G-12S+2XS
Replies: 3
Views: 1822

Re: Maximum Temperature Limits for CCR2004-1G-12S+2XS

Interesting, your temps are lower, but fans are running. I've S+RJ10 in sfp2 and sfp4, sfp8-12 are DACs, rest is unused. Also psu2 is not connected for now. Edit: this is in my living room with temp ~22-23C. > /system health print temperature: 61C cpu-temperature: 48C board-temperature1: 26C board-t...
by mhaluska
Sun Feb 07, 2021 4:40 pm
Forum: General
Topic: X86 and RouterOS (to overcome speed problem)
Replies: 6
Views: 1988

Re: X86 and RouterOS (to overcome speed problem)

Look at the "IPsec test results" section of any prospective router at mikrotik.com/routerboard. hEX S gets pretty close to 200Mbps IPsec and is very competitively priced. Next step up would be RB4011 which can do >500Mbps IPsec. With hEX S I was able reach ~120Mbps using AES128 and SHA1. ...
by mhaluska
Sat Jan 09, 2021 12:41 am
Forum: RouterBOARD hardware
Topic: CCR2004 packet loss
Replies: 135
Views: 58103

Re: CCR2004 packet loss

I even put a CRS309 in between my ELAN and my CCR2004 and the tx drops moved to the interface going to the ELAN on the CRS309 and stoped on my cloud core. … It's odd that the problem moved down to the interface on my CRS309 instead of staying on my CCR2004. So you think the CCR2004 is causing tx dr...
by mhaluska
Sat Dec 26, 2020 8:29 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126866

Re: v6.48 [stable] is released!

-- deleted --
by mhaluska
Mon Nov 30, 2020 4:40 pm
Forum: General
Topic: RSTP - Disable on one port
Replies: 9
Views: 6071

Re: RSTP - Disable on one port

Until someone comes with a better solution, I recommend you to use bridge filter to drop packets with destination MAC address 01:80:C2:00:00:00 which come in through that physical interface. As the bridge filter permits filtering by specific STP fields, I deduce that the filter acts before the STP ...
by mhaluska
Sun Jul 26, 2020 10:41 am
Forum: General
Topic: CHR license - deadline monitor on PRTG
Replies: 1
Views: 963

Re: CHR license - deadline monitor on PRTG

This info is currently not available in SNMP...
> /system license print oid 
  software-id: .1.3.6.1.4.1.14988.1.1.4.1.0
        level: .1.3.6.1.4.1.14988.1.1.4.3.0
by mhaluska
Fri Jun 19, 2020 6:40 pm
Forum: General
Topic: IPIP/EoIP with IPsec non-default proposal [SOLVED]
Replies: 3
Views: 2487

Re: IPIP/EoIP with IPsec non-default proposal [SOLVED]

works like a charm, thanks a lot sindy If you just set a non-empty ipsec-secret value in the /interface eoip row, and let RouterOS create the IPsec configuration for you dynamically, it uses the default profile for phase 1 and the default proposal for phase 2, full stop. To use another profile/propo...
by mhaluska
Fri Jun 19, 2020 6:03 pm
Forum: General
Topic: IPIP/EoIP with IPsec non-default proposal [SOLVED]
Replies: 3
Views: 2487

Re: IPIP/EoIP with IPsec non-default proposal [SOLVED]

@sindy: thanks a lot, i'll try this, had no idea it's possible :-)
by mhaluska
Fri Jun 19, 2020 1:21 pm
Forum: General
Topic: IPIP/EoIP with IPsec non-default proposal [SOLVED]
Replies: 3
Views: 2487

IPIP/EoIP with IPsec non-default proposal [SOLVED]

Hi, I'm not able to get working different proposal in IPsec then 'default' with IPIP or EoIP tunnel. I tried create IP matching template, putting it on first place, anyway still 'default' one is picked. I want to have CHR connected using AES-CTR and some MikroTik devices connected to CHR using AES-C...