MikroTik

jbl42

In devices supporting l2hw for VLAN filterig, using bridge rules disables l2hw. Depending on the device and network topology, this might be an issue or not. For simple setups were it is only about getting mDNS and/or UPnP passed between two different L3 routed VLANs, switch rules also work and are H...

jbl42

Bought a new Cisco Nexus router/switch a month ago, 48 x 10/25Gbps + 6 40/100Gbps ports. Closest Mikrotik comes is the CRS512 which is more expensive and has less ports. That's interesting. The cheapest Switchzilla Nexus with 48 x 10/25Gbps + 6 40/100Gbps I'm aware of is more than 10'000€... Which ...

jbl42

Updated the RB5009 in my home and several RB4011 in the lab from 7.13.5 to 7.14. No peculiarities so far, except the known bridge-MTU-change-on-reboot fixed in 7.15rc The ccr2004-pcie should not even have been released with a reset button that needs you to open the server up. Yes, a button/switch wo...

jbl42

I'm not sure what's meant with "tailor". It's just about the usual release notes. Something like limitations, resolved issues, known issues, precautions (for ex a warning for configs with non default bridge port MTU in 7.14 to wait for 7.15). With issues having unique IDs so they can be tr...

jbl42

But many change descriptions are pretty useless: "Improve something with something" No description of the actual problem solved, no description of potential impact on existing configs, backward compatibility, no updates of related documentation etc. We need more details to assess for our s...

jbl42

It is also the acknowledging reply from support when they can reproduce an issue: "We are aware of this issue, and we look forward to fixing it on an upcoming RouterOS versions." Breaking MTU handling on bridges should not be a known issues but a showstopper as it has the potential to put...

jbl42

As there is obviously not much testing, it is hard for them to know about known issues.
The current history of 7.13.1 to 7.15.5 has 26 (!!) bugs introduced with 7.13.x releases.

jbl42

Yes, having the link going up and down on device reboot confuses Windows and/or Netinstall. One way to avoid this is to use a dumb (unmanaged) switch in-between. Another way is to boot your MT device into netboot mode and wait until link is up again before staring netinstall. Once the MT device is i...

jbl42

I'm using wine-8.21-staging on macOS 14.2.1
Of course different macOS and wine versions might have different problems.

PS
I'm not sure what those version numbers in your screenshot are referring to. Current wine version is 8.x (9.0 is in RC state)

jbl42

Winbox with Gcenx built wine has one big problem on Mac which screws up all field entries containing commas and periods

On my Mac (M2Pro, Sonoma), winbox 3.40 runs without issues using Gcenx wine builds available at
https://github.com/Gcenx/macOS_Wine_builds
Even winbox self update works.

jbl42

The whole MT country specific WIFI regulation thing is currently in a bad state. 7.13.1 just broke it again in a new way. At least they are working on it. It seems confusing to have country settings for VAPs. It makes no sense for VAPs sharing the same channel and radio HW to broadcast different cou...

jbl42

What does it mean "skip 10 min CAC" , if choosing a wheater radar channel is exactly what the device then does on its own The regulatory Channel Availability Check (CAC) time before an AP is allowed to broadcast beacons on a DFS channel is 1 min. For 5'600 to 5'650 MHz (116 to 128), EU re...

jbl42

If I have control over my device connected to your network, i just connect to the https based VPN server running on one of my servers.
For your firewall it is just encrypted https traffic on usual dest port 443. For me it is a tunnel to my server from where I can go everywhere. Including youtube.

jbl42

There is a chance this will improve in the future. The switch ASICs in CCR22xx support many HW features not implemented/exposed in ROS. Not only MPLS, also VXLAN and more. (VXLAN currently also lacks HW support on CCR22xx although the ASICs could do it). As you described, with the recent IPv6 l3hw f...

jbl42

There's another "gem" with regard to firewall: new drop rules only affect new connections This is based on how iptables work: existing connections are in established stated what us usually handled by "established, related, (untracked)" rules before drop rules. So new drop rules ...

jbl42

This is possible on Mikrotik devices where the switch ASIC supports DSCP to PCP mapping (CRS3xx and upwards)
https://help.mikrotik.com/docs/pages/vi ... S)-DSCPMap

jbl42

This is a Mikrotik specialty: The switch/bridge port towards the CPU has the same name as the bridge itself. Adding this port as tagged makes the CPU facing switch port a tagged member of the VLAN. While adding a VLAN interface to the bridge adds a VLAN (virtual interface) on the CPU Ethernet port g...

jbl42

200 users with ONE-TO-ONE NAT and in total 400 mbps of internet We have RB4011 and RB5009 in production and in our experience both will be able to handle this with reasonable CPU load. For pure NAT/routing, we see both of them maxing out at 1.5-2.5GBit/s. It will be less depending on amount of addi...

jbl42

I would say "unbound", others maybe say "dnsmasq" I would also say "powerdns" ;-) While I agree with your sentiments, at least since we have Docker this can be solved easily. I started to run PowerDns and dnsmasq images, both working with almost no issues. Especially o...

jbl42

This means ROS can see the USB device but does not have a driver to actually use it as a cellular modem.
ROS is limited to a set of supported devices and no additional drivers can be added by the user.
There is a list of supported devices:
https://help.mikrotik.com/docs/display/ROS/Peripherals

jbl42

Mikrotik EU Store has 5pcs on stock:
https://www.mikrotik-store.eu/en/mikrot ... 48p-4s2qrm

No need to by from a distributor having them from an importer, both putting their own margin on top of the price for doing nothing else then forwarding your order.

jbl42

When are you releasing 7.12? I need those IKEv2 rekey fixes in the stable version :) After the buggy 7.10.0 (breaking OpenVPN on all devices) and 7.11.0 (breaking VLAN filtering on many devices) releases, taking their time to release 7.12 without major regressions and earning the "stable"...

jbl42

Many MT WiFi APs occasionally just cease operation in noisy environments. They still broadcast, but do not let stations connect. There is no other way to bring them back to operation than a power cycle. The only improvement is MT stopped denying it, as they did for a long time. The root cause is poo...

jbl42

we will be running bare metal x86_64 .. not virtualization CHR May I ask why? We stopped doing this and run all CHRs in VMs. It is so much easier to maintain, and ROS x86_64 constantly lacks behind with support of HW, especially recent network cards. And it can easily be moved from one server to an...

jbl42

be careful with using .local for your internal domains. .local is reserved for MDNS/Bonjour (RFC6762) used by many Apple Devices, Google Chromecast,Smarthome stuff etc. and using it for your internal domain might cause hard to track issues. https://en.wikipedia.org/wiki/.local If you have an officia...

jbl42

Yep. I had a similar issue with RB5009: Netinstall only works on ether1. After the following reboot, the default config is loaded and ether1 becomes the WAN port not allowing Winbox/Webfig connections. So the cable must be changed to one of the LAN ports, in case of RB5009 ether2-8. This should be b...

jbl42

That is how to deal with it.......... just need one example be made.......... That's exactly what was meant with "different way than using firewalls" ;-) And blocking in companies depends in my experience on the region. Many US companies have not much filtering in place (if at all mostly ...

jbl42

If there is any authentication required, and if yes it is using DHCP option 82 and if so what to fill in there is something only the provider can tell you.

jbl42

If it is about shaping all traffic, you can attach it to the interface. Interface queues only applies to egress traffic. Shaping ingress traffic is less helpful, as it is already to late. It the upstream device priorities incoming traffic "wrong", there is not much to be done on the WAN in...

jbl42

PUPG servers are run in AWS cloud using many IPs, some unofficial lists are around, for ex here https://gist.github.com/0n3la57k155/ce590e8692b9b04a89df42aeeb0d077c Theoretically you could add all of them to an address list and filter them in you firewall. But practically this will hardly work. The ...

jbl42

Maybe I'm missing something, but flow control does not change the fact that packets are dropped. It just changes where they are dropped. Without flow control packets are dropped at the receiving end because the RX buffer overruns. With flow control in case of backpressure packets are dropped at the ...

jbl42

I still struggle to understand why so many people fail to understand the MT single bridge VLAN filtering and state it is much more complicated than Cisco etc al. A normal Cisco switch is the same: you have one implicit bridge (the ASIC) and you add VLANs, than add ports to VLANs as tagged or untagge...

jbl42

Buffering towards slower interfaces only helps for short bursts. For constant streams like iperf or large file transfers, even large buffers only can help for a short period. If there is more data arriving than possible to output on the egress port, buffers will overflow. Only flow control can help,...

jbl42

Can I reasonably extrapolate that into two bridges with RB4011iGS+ as a sound design? The RB4011 is actually a 3-port router: 1x 10GBit Port (SFP+), and 2x 2.5GB Ports with attached extenders(ether1-5/6-10) To take full advantage of l2hw capabilities, there should be one ROS bridge per switch chip....

jbl42

Independent of protocol reserved multicast bridging, your VLAN should not be in a bridge with a physical interface /interface ethernet set [ find default-name=sfp1 ] comment="1Gbps Ethernet Link to Test CPE" mtu=9192 set [ find default-name=sfp-sfpplus1 ] comment="10Gbps Ethernet Link...

jbl42

hw=yes in ROS bridging means L2 packet forwarding in HW btw. physical ports of switch ASICs, aka l2hw This is only possible for ports on the same switch chip. RB4001 has two switch chips , one for ether1-5 and one for ether6-10. No HW forwarding is possible ether2 <-> ether9. This is one of the adv...

jbl42

If I'm not missing something here, this should be possible using FWD static DNS entries instead of NAT. regex entries are processed before "normal" static entries. If clients use ROS DNS first, adding a regex FWD entry matching urls not going to your internal domain(s) should work /ip/dns/...

jbl42

I don't know the video, but this forum post

Bridge different VLANs together [SOLVED]
viewtopic.php?t=178614

jbl42

So if even if mDNS reaches a subnet... the AirPlay "client" and "server" must be in same IP address range. My MacBook Pro streams video and audio over airplay to an AppleTV in a different VLAN/subnet without problems. Running an mDNS forwarder for discovery. Don't know about Son...

jbl42

Not sure where our disconnect is here. Yes, it is about bridging the IPTV box on L2 to the ISP WAN, same as the dedicated IPTV port of the original ISP CPE would do. Special VLANs or not (of course in case of special tagged VLANs, assuming all tagged VLANs are properly configured to be forwarded btw...

jbl42

No. Just different VLANs on the same bridge. One for WAN (10), one for LAN (20). ether1/2 as access (untagged ports) for WAN(10), ether3-8 as access port on LAN (20). With WAN/LAN NAT routing happening btw. CPU bridge interfaces for 10 and 20 VLANs. This works because my ISP uses no special VLANs fo...

jbl42

I do something similar on my home RB5009 to directly bridge my ISP's IPTV box to the ISP WAN so I 1) don't have to bother with multicast routing and b) can keep the ISP controlled IPTV box out of my private LAN. I can't not provide a direct config export as my actual setup is more complicated (WAN g...

jbl42

Dynamic DHCP leases are persited to FLASH in a configurable interval (default is 5min) or on proper shutdown/reboot. But static DNS entries, added manual or by a script, are persisted immediately. But still the wear out is negligible for the usual home network's rate of DHCP lease script driven stat...

jbl42

As is the case with most software, you will learn that it is usually not a good idea to install a .0 release, at least not immediately. I conquer. With SW, it is usually safe to upgrade from a stable minor release to the next. Like form *stable* 7.10.2 to *stable* 7.11. But with Mikrotik you have t...

jbl42

For each VLAN requiring mDNS "routing" by the container, add a veth and addd it to the bridge with matching PID.
If your main bridge uses default VLAN1 for untagged traffic, add a veth with PID1 to the bridge.

jbl42

While this can be achieved with PIM, it is quite a big gun to get AirPlay/Chrome/IoT working among routed VLANs. All those systems rely on mDNS (a simple multicast based DNS system, aka as Bonjour in the Apple world) for devices to find each other. mDNS is designed to work inside an IP subnet resp. ...

jbl42

The scripts do NOT receive any of the agent id information I never tried using DHCP options in lease scripts so far, but my understanding of the documentation " lease-options - array of received options" always was lease-options provides an array of DHCP options sent by the client and wou...

jbl42

"All (1) CRS3xx, (2) CRS5xx series switches, and (3) Ccr2116, (4) CCR2216 devices can be configured with MLAG using RouterOS version 7." As far as I understand, MLAG in ROS7 is only available on devices featuring a Marvell Prestera family switch ASIC. There is no protocol standardization ...

jbl42

Looks like this is not caused by capsman itself, but handling of dynamic interfaces in bridge. > I have had the issue reported by AdB and eworm that my 5009 running my capsman is "dropping" the VLANs for any VLAN edge ports on the 5009 On my RB5009 running 7.11 it indeed seems like VLAN H...

jbl42

DHCP server lease scripts receive all necessary information (including the DHCP options sent by the client) to do such things as pseudo global variables. The problem is the script is called *after* the lease is created and the offer is sent to the client. A more flexible way to would be a script hoo...

jbl42

There is no standardization on what value modules/DACs without temp sensor return for temperature. Some report 0x00 (0 decimal), some 0x14 (20 decimal), some 0xff (255 decimal) It obviously would make sense for ROS sense to ignore a reported SFP temp of 255 degrees (0xff) for fan control. Yet not im...

jbl42

QSFP28 vs QSFP+ is actually SFP28 vs SFP+ SFP+ is 10G max, QSFP28 is 25G max. Both are electrically and mechanically compatible, but not all (Q)SFP28 ports support 10G. So technically it should work in your case. For cable, also have a look at fs.com, where you can get active optical DACs for less t...

jbl42

I'm not really familiar with the CRS326-24G-2S+, but as far as I understand switch rules should work the same way as on RB5009 ROS supports CDP , LLDP and MNDP for discovery protocols. The switch rule only applies for LLDP, as CDP does not use e special EtherType but a reserved multicast dest MAC (0...

jbl42

/ip/firewall/nat/print where disabled=no src-address-list=[:nothing]

jbl42

Copper Ethernet is based on differential signals on twisted pairs. Those signals have +/- polarity which is detected between link partners on link establishment. Some chips (like 88E6193X in CSS610 and RB50009) can report the chosen polarity for a link as "normal" or "reversed". ...

jbl42

https://mikrotik.com/product/hex_s#fndtn-testresults

Depending on the packet size the HEX S can reach 1GB for routing with firewalling. I suggest to give it a try for your usage scenario.
Depending on the number of parallel connections and packet sizes, it might be enough or not.

jbl42

What I wanted is to isolate VLAN2 and VLAN5 of anyone else. But they need to be able to go to internet. You need to add the CPU port towards the bridge port itself as tagged interface for your VLANs so the switch forwards tagged packets to the CPU. After that, you will be able to enable VLAN filter...

jbl42

the rb5009 seems to be the lone device that has a capable marvell switch that doesn't seem to have a hardware routing option in routeros. The 88E6393X chip is part of the LinkStreet familiy which is much simpler (and cheaper and cooler) than the Prestera Familiy used in CRS devices. Presteras have ...

jbl42

As others have explained, RB5009 switch chip fully supports L2 offloading for VLANs and IGMP/DHCP snooping in HW. (aka L2hw). For routing, there is no HW support (aka L3hw). Fasttrack bypasses parts of ROS. Data is directly passed in low level SW. This is still CPU based, but with less load. Fasttra...

jbl42

The ROS DHCP server can run a script on creation and removal of DHCP leases. Inside those scripts, DNS entries can be added or removed.
Find an example here:
viewtopic.php?t=119469
There are also other similar scripts which you can find using the forum search function.

jbl42

Off topic: on which version are your devices ? Since, I think, 7.8 or so, I haven't seen this happening anymore.

I still see this occasionally on 7.9.2. It is much better than it was with 7.7 where it happened on every reboot. But it still happens rarely.

jbl42

I use two different USB storage on two RB5009 without problems so far (except the occasional USB drive renaming on reboot breaking containers, but that's a ROS issue): A Startech USB to SATA adapter connected to a Samsung 860 EVO 2.5" 256GB SATA SSD I had lying around from a disfunct notebook P...

jbl42

Could this potentially be used to flash a lightweight Linux distro onto an arm-based routerBOARD? No. RouterBOOT (Mikrotik bootloader) only boots up signed Mikrotik SW installed uing NPKs. To boot a 3rd party Linux kernel, you need a modified RouterBOOT. See here for an example on how to install op...

jbl42

But MikroTik script has a syntax all its own. It's certainly not like C or PHP. In some ways its closer to Assembly. Mikrotik scripts is basically shell automation and hence is more similar to bash/zsh (Unix shell) scripts. There you would write "${qplan}M" The difference is MT scripts us...

jbl42

I'm thinking to put in the unifi controller to control the APS

RB5009 has 1GB RAM in total. A running unifi controller instance requires 1-2GB RAM (can be more depending on number of managed devices), so most likely you will run into out of memory issues.

jbl42

If you need BFD and BGP, use Cisco or Juniper Yeah, thanks. You must be fun at parties. Same as pe1chl, I really do not get all those stupid comments. There are large installations based of ROS6 using BFD. Without BFD, there is no way to upgrade to ROS7 and most important not possible to use any of...

jbl42

As Ca6ko wrote, it is important that the network interface used for netinstall is the one and only active network interface on the host running netinstall. All others must be disabled before netinstall is started. My usual setup to run netinstall is to run in a virtual machine with an USB Ethernet a...

jbl42

Make sure you specify a session file (e.g. <own>) in your connection.

After wiping out sessions and creating a new one it indeed works.
I'm happy to stand corrected!

jbl42

I'm not ;-) I only apply such filters for stupid paying customers wanting it. Because they only know YouTube for video and Facebook for social media. So they think trying to block those two sites helps anything. What I sometimes do on sites with low bandwidth uplink is using tls-host rules to apply ...

jbl42

add software-id column in winbox neighbors discovery section. software-id column is available in neighbor window in Show Columns... menu (down looking arrow on the right) But a long standing feature request is that WinBox keeps selected columns and does not set them back to defaults for every new s...

jbl42

What I do on "important" RB5009 is to sacrifice ether8 for mgmt port. I make it not part of the main bridge nor part of the LAN interface group and bind a static ip directly to ether8, allow winbox/webui/ssh on it. So if I mess up bridge settings or FW rules in a way not even MAC access is...

jbl42

Beside running services, I can also see value in Docker for testing and debugging: Temporary starting up a minimal Debian or Ubuntu image on a remote router to run tools like flent, cacti or nagios from the router's remote point of view could come in handy.

jbl42

Yes, using tls-host is in my experience the best result with least effort add action=reject chain=forward in-interface-list=LAN protocol=tcp reject-with=tcp-reset tls-host=*.googlevideo.com Plus a rule to block quic. It is resistant to DoHS, but not against VPN. It requires only one simple and easy ...

jbl42

As always with technical problems: It is not about who is right. It is about what works. In summary: Youtube can be blocked to a certain extend for the average user by forwarding DNS to a commercial DNS service like Cloudflare, Umbrella etc. They have the abilities to track and adapt to the constant...

jbl42

To add something more constructive to all the complaints: I'm happy with the state of ROS 7.x on RB5009. For heavy SOHO and small branch applications, they work reliable with not much complaints except some SFP+ module issues solvable by using other SFPs. Also Docker is appreciated to run services l...

jbl42

jbl42

I read something about using switch ACLs but this doesn´t seem to be supported on my switch cpus (QCA 8513L) According to https://help.mikrotik.com/docs/pages/viewpage.action?pageId=103841835 CRS125 should have switch ACLs available in /interface ethernet switch acl At the other hand, LLDP should n...

jbl42

I don't think it is the heat in my case. In the interface it shows the temperature of the sfp around 30 celcius while it shuts down at 95 No, it's not. The RB5009 is quite picky with SFP(+) modules. Many do not work, but do work on RB4011 (which also required many ROS upgrades to solve SFP problem ...

jbl42

Bugs and things like BFD have no "enabled=yes" switch in RouterOS configuration files, sorry Sorry Normis, but writing nonsense like "there is no enabled=true for BFD" after 18+ months of claiming to work on it is just pathetic. If 18 months is not enough for MikroTik to bring B...

jbl42

Eh, Jletti42

My Italian is rusty, but still I think I got that one

jbl42

Beside protocol issues, the important thing to know is that youtube content is delivered using a world wide CDS (content delivery system). Most of it runs on Google's own infrastructure, part of it is also rented from Akamai and similar. So the list of youtube hosts is a) large and b) constantly cha...

jbl42

It's been odd to me that rb4011 sporting a fairly powerful hw lacks usb port and now it's disappointing to know there's no workaround for it either. Yes. Especially regarding the fact the RB4011 SoC features a USB3.0 controller. Still for some reason MikroTik decided not to add a USB port for RB401...

jbl42

This issue was introduced with 7.5, and still happening with 7.6: https://forum.mikrotik.com/viewtopic.php?t=190072#p964372 It was reported to be fixed, but is still appears in the current 7.7 beta https://forum.mikrotik.com/viewtopic.php?t=190351#p965140 For our three CCR2216, we had to go back to ...

jbl42

Two pieces of metal, one cast and one sheet, two sets of LAN terminals, an USB, SFP, and some other connectors, plus a printed board with some chips on it. Always funny when some random guys know things better. The shortage affects especially "simple" chips. Like small uCs, voltage contro...

jbl42

The UBNT are much more stable (and you have to like the UniFi controller thing), but if you need an AP running reliable in a busy bar or office, with 10+ neighbor SSIDs fighting each other, they still have issues. In such locations, it is worth to spend some £200 - £250 for a lower end professional ...

jbl42

I have a RB5009 in "production" at home running 7.6 (7.5 and 7.4 before). 1Gbit fiber, SFP+ module, NAT, some medium firewalling, 4 VLANs with HW filtering on the bridge, some simple queues and wireguard server. 2 persons frequently working from home, with heavy VPN usage, Teams/Zoom confe...

jbl42

*) sfp - added 2.5G SFP module support for RB5009;

Thanks. If AutoNeg is disabled and speed fixed to 2.5GB, it works with an ISP provided PON-ONT in RB5009 SFP+ port.

jbl42

For RB5009, we were able to get our hands on some rb5009upr+s+in. We do not need the PoE, but better than nothing. We also had to bite the bullet and buy some expensive Cisco boxes, because CCR2216 is available nowhere with unknown date of restocking. We still have global chip shortage. My employer ...

jbl42

The last email from support... they recommended changing the lease time on the router and Extending the Key Exchange time out to something longer than the 5 min default. This is sheer desperation. There are long standing issues with key exchange on MT WiFi, but this is not related to noise/HD probl...

jbl42

the fact that Wifi 6 ax is still not fully baked at Mikrotik

WiFi in general at MikroTik is not even closed to be baked.
I'm a MikroTik router proponent, but do yourself a favor and stay away from any MikroTik WiFi.

jbl42

I'm going to evaluate for the coming days...luckily an RB5009 has 1Gbytes so there is some headroom ... but stil.... If I read your chart right, the memory consumption increased by about 4MB in about 6h and seems to stabilize towards the end of the available data. PiHole is caching things like reso...

jbl42

No, I did not try to disable L3HW.
I don't see any value in running a ROS version with broken L3HW on a CCR2216. As you mentioned, the large scale L3HW capabilities are the reason to pay the extra money for a CCR2216 in the first place.

jbl42

I think I have to rephrase my question: what´s better in 6.47.9 wifiwise than with 6.49.7 ?

Nothing we know about, and hardly related to TX power.
But everything after 6.47.9 is worse than 6.47.9.
No more details known beyond what is mentioned in the (incomplete and sketchy) ROS release notes.

jbl42

Its not MTs fault, its Apple fault to use mDNS. As a hobbyist, this might be a valid point. As a professional: Have you ever tried to sell gear not supporting the managements beloved iThings to a company? Ever tried to explain to a "important" manager that his shiny new iPad Pro cannot co...

jbl42

Is it related to the TX power setting, which is not available in newer versions? No, it is related to issues with the ROS 7.x WiFi driver for hAP lite and hAP mini. TX power was removed to comply with regulation. But contrary to popular belief, increasing TX power does not help much anyway. WiFi is...

jbl42

Installed 7.6 without issues on several RB4011(no WiFi) and R5009. Basic setups (NAT, VLAN filtered bridge, some simple queues, basic firewalling, DHCP client/server), all working fine so far. Different on CCR2216: BPG/OSPF with large (300'000+) tables and L3HW enabled is unstable and peer connectio...

jbl42

It is and was a sad story: Never put MT WiFi APs into noisy environments, especially not if you are the one being called if things do not work: The 2.4Ghz Radio will kind of lock up every few hours or days, requiring a reboot to get clients connecting again For 5Ghz, if using DFS channels (what is i...

jbl42

Yes, 224.0.0.0/24 addresses shall not be and are not routed by normal routing. That's why an additional mDNS reflector is required in the first place to propagate mDNS among subnets. Technically, it is an odd thing to do. But practically there are many add-on implementations by Cisco et al to make A...

jbl42

At least for the Zyxel APs I used so far, intra-bss blocking blocks communication between clients (STAs) on the same AP using the same SSID, independent of 2.4/5GHz band. Other brands calls the same feature client isolation. This is often used for public APs in Hotels, Bars, Shops etc. for security ...

jbl42

"NIST compliance" is a very broad term. NIST (National Institute of Standards and Technology, a US Federal Organization) has many different standards in different revisions. Some of them also combine or overlap with US federal standards like FIPS . I suggest to ask for the exact standard n...

jbl42

The price difference mainly comes from thw 2216 providing 25GBit local links with 100Gbit uplinks vs. 2116 with 1Gbit local links and 10Gbit uplinks. 25/100 Gbit vs 1/10Gbit switch chip makes a big price difference. If your routing/QOS is CPU based and the load high enough for the CPU being the bott...

jbl42

SFP(+) is an unofficial standard and only specifies the mechanical and electrical interface. There are different protocols possible between the SFP port and the inserted module. Depending on speed and copper vs optical: MII, GMII, SGMII, raw 4b5b, raw 8b10b, and many more. Technically, a SFP(+) host...

jbl42

1. I'm not sure the OP is talking about RB5009UPr. The "normal" RB5009 also has PoE in on ether1 2. The 7.6beta6 release notes do not mention any PoE in related fix 3. Running betas on production devices is a no-go. So are you telling us RB5009UPr is not ready for production yet? An then t...

jbl42

Updated two RB4011 and one RB5009 in our testlab and one RB5009 at my home network 7.4.1 -> 7.5 without issues so far. Used features: intra VLAN routing (no BGP/OSPF) with srcNAT towards WAN, bridging 5-7 VLANs with HW filtering, 30-50 FW rules, some simple queues, NTP server/client, DHCP server/cli...

jbl42

As I said before, free filtering platform or software (ex. Pi-Hole) are suitable if the Organization has a skilled admin supporting the service. And if there is no need for enterprise features (such as Active Directory integration, Google workspace synchronization, etc). Most companies using MT equ...

jbl42

I would like to be able to access the same VLANs of building B, basically as if I were connected directly to the router of building B. How can I go about transporting VLANs through NAT? (The masquerade is involved) VLAN is Layer2, NAT happens on Layer3. You need a L2 over L3 tunnel, like EoIP and s...

jbl42

RB5009 does support EEE 802.3az on ether1 - ether8. I have several RB5009s connected to Cisco switches and EEE is supported and operational on Cisco <-> RB5009 1GB connections. It is not mentioned in the MT specs, It is not visible, cannot be disabled. But its there and it works. Here an example of ...

jbl42

In general: If the specs of a PoE source device do not explicitly mention galvanic isolation for PoE, there is none. It is quite expensive to build in. Devices like MikroTik, Ubnt, TP etc all miss galvanic isolation on the PoE outs. The PoE GND is directly connected to the power supply ground of the...

jbl42

I was able to pass the card through to a Linux VM running ubuntu 20.04 and it shows 1G but I can almost get 10G through it with iperf. I was hoping to be able have the card show up as vmnics. Glad to hear it worked. The AR8151 network chip is actually a 1GB chip, but the virtual chip as emulated by...

jbl42

The CSS610-8P (and CSS610-8G) is built based on the Marvell 88E6390X switch chip. SwitchOS lite runs on a small CPU integrated into the switch chip, what makes the very low price point possible, compared to other brand's managed PoE 2x10GB switches. But the drawback is it has not enough resources to...

jbl42

That's not true. It's called limiting access. For example, say you wanted to expose port 22 to another vlan, but not port 23, you can limit what can communicate. Exactly. Even Enterprise boxes from Cisco, Juniper and the usual suspects provide mDNS proxies to allow AppleTV based screen sharing amon...

jbl42

The CCR2004-1G-2XS-PCIe emulates a Atheros 1GB chip towards the host supported by the Linux atl1c driver. It requires a patch added by MikroTik so it is recognized as 10/25GB interface. Currently it is only supported by recent Linux kernels. Not in Windows , FreeBSD (yet) or VMWare7 (I suppose you a...

jbl42

Also of note, I have spun up a CHR and I am able to connect to it via MAC from a laptop on the same layer 2 but from the Windows 11 machine, I am unable. I have gone so far as to move ports on the CRS305 for this Window 11 machine and still see the same issue. Same here: Winbox-mac can not connect ...

jbl42

But on CRS-8P that have both 48 and 24, , if I plug non mikrotik device like a PMP450i are provided 48V, if I plug AF5XHD or AF60-LR, are provided 24V without force anything. The handshake do the choice....??? The PMP450i supports 802.at active PoE in. The CRS-8P supports 802.3af/at @48V and passiv...

jbl42

https://hub.docker.com/r/andrius/asterisk
should run on RB5009/RB4011 and similar arm/arm64 MT devices, but did not try it yet.

jbl42

Do we need to buy additional Power Supply? According to specs, RB5009UPr+S+IN reserves 20W for its own usage, leaving max 130W for devices running on PoE supply. Or 76W with the included PSU. So if the total power consumption of attached PoE devices stays below 76W (which is the case for many appli...

jbl42

Ping to the next hop timeout, and ping to any other IP say no route. I have a deadline this week to get it working, so I'm desperate for help! I have a deadline this week to get it working, so I'm desperate for help! No ROS version, no config export, no details on your setup, nothing about what you...

jbl42

We have some branches connected through Mikrotik PPTP As others have suggested, you might read about PPTP and consider switching to wireguard: https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security we have disabled their Internet usage by disabling masquerade nat. Disabling masque...

jbl42

Anyway, Mikrotik has worse issues with radars than others, as far as I can tell Absolutely. In noisy environments, MikroTik APs tend to "detect" radars all over the place and constantly jump DFS channels. There are many complaints about this in the forum. If non-DFS schannels are not an o...

jbl42

I would think the AP would send an appropriate errormessage and the clients would then go through the complete authentication cycle instead of using the fast PMKSA. Yes, obviously that is what's going wrong. According to 802.11r, it is not based on error codes, but by the AP initating a full IEEE 8...

jbl42

> *) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces; If 802.11r is enabled (`security.ft=yes`) some devices can't reconnect to an AP after the latter gets rebooted. In my case it was an iPhone with iOS 15.5. Logs show the following: mac-address@wifi2 rejected, c...

jbl42

I can remember a link to a thread were someone actually did soldering PCIe sockets onto an RB5009 board. It was either on reddit or here, could not find it in a quick search. He could not get it to work. Most likely there are other components in addition to the PCIe sockets required to be soldered. ...

jbl42

Bro, what are you smoking? Grow up. Netmap is NOT stateless. I use it on ISP BNGs and also in my personal home router for /32s and the same thing for normal home users who are my clients. I have given up to ask you how iptables netmap statefuly accepts incoming UDP content streams to a port request...

jbl42

And every freakin distributor loves to lock in the end user with their specific solution aka "triple play" and likes. And besides VLAN and other related stuff, all using specific port numbers, transport initialization, multiple streams using different transports and sometimes even proprie...

jbl42

Repeat after me: There Are No Standards, Not Even for IPTV. :D Sniffing the Transport field in the outgoing RTSP request as defined in RFC2326 is enough to have all those IPTV solutions working. Transport: RTP; unicast;client_port=12345 OpenWRT manages to handle all those IPTV services with just th...

jbl42

Bottom line, it's virtually impossible to implement a general RTSP "helper" since there isn't just one "standard". Quite the opposite there are many different ones including proprietary solutions and they all differ depending of intended application. While I agree on this, I thi...

jbl42

Isn't that just "architectures supported by dockerhub"? When you compile your own binaries, you could use any architecture, of course easiest is to use the architectures supported by gcc. Yes. Dockerd and associated utilities can be installed and/or built anywhere a recent enough working ...

jbl42

Only x86, arm and arm64 Architectures supported by Docker are ARM ARM 64 IBM POWER IBM Z PowerPC 64 LE x86 x86-64 Docker does not support MIPS or Tilera (TILE support anyway was removed from official Linux kernels in 2018 ). While technically Docker most likely could be ported to Linux/MIPS or Linu...

jbl42

Im getting this error in red now which I didn't have before the upgrade anyone know best way to resolve it?

Remove the bandwitdth from the cake queue type and configure traffic limits within the queue itself.

jbl42

If the users instead to submit problems to support@mikrotilk.com do a mess on user forum So reporting the same issue over and over to support is better than reporting the same issue again in the forum? And why is MT support telling me to report issues with betas in the forum? And how does it come y...

jbl42

If the user read the whole topic to see if someone has already asked or reported the same thing, instead of making another post virtually identical, there will probably be no errors and everything would be more readable ... Nope, the user is not exepcted to read the whole topic for a (beta) release...

jbl42

As far as I have tested, this authentication using APP password has limited use. You can not logg inn to an gmail account with it (using web), so you can not change anything. There are (IMHO perfect legitimate) reasons for APP passwords: If it leaks, you just can revoke the APP password using your ...

jbl42

Updated the RB5009 at home (admittedly also kind of YOLO with 3 teenagers ;-) from 7.2.2 to 7.3.
No new issues so far, config export diff is clean.
Same with two lab RB4011 at work.

jbl42

In both routers
Code: Select all
/system routerboard settings set auto-upgrade=yes
was configured and routerboard firmware version was v7.2.3

You have remote routers on auto-upgrade and get them updated at the same day of a new 7.x release?
You seem to be more the YOLO type of admin ¯\_(ツ)_/¯

jbl42

Also, in such cases it will be sufficient to have a simple queue tree with e.g. 4 or 8 priorities derived from DSCP, similar to what you have with WiFi WMM. But it appears that some people really are only satisfied when having CAKE. That's what we did for many years before there was Cake. The beaut...

jbl42

It's usually pretty hard to saturate >1Gbs connections without proper test equipment so that's probably why you don't see any major difference ie only achieves 10-15 ms latency. Also buffer bloat is usually less of an issue for symetric lines like 1000/1000. In extreme cases like 1000/50 cable inte...

jbl42

I have a 1Gbit fiber connection over pppoe and when i use these settings ( corrected for 1000mb up and 1000mb down ) this does not improve things, only losing some bandwith. Even when setting bandwith to 900mb up and down, the bufferbloat remains te same ( about +10ms to +15ms on a 2ms unloaded pin...

jbl42

@nrz If you you deliberately want to missinterpret what I wrote, you can read or that way. Fell free not to listen to your customers, many of them beta testing your stuff and sharing their decades of experience for free. Just continue debating your customers and knowing things better. Luckily my sal...

jbl42

If you are referring to BFD,. I'm referring to BGP Multipath selection, BGP Aggregation, RFC 6666, RFC 6286,BGP Advertisement monitoring and BGP Prefix limit (prefix limit has "initial support" with 7.3 after having having MT officials here in the forum claiming it is not needed at all). ...

jbl42

Regarding the non-existing progress on BGP and IPv6 in ROS7, I really wonder to whom MT is planning to sell all the new CCR2000 high-end devices not able to run ROS6. With all the more advanced features missing, who is supposed to buy those devices? They are way overpowered for home applications, an...

jbl42

What's new in 7.3beta40 (2022-May-11 12:18): !) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled); Ok. Cake is not allowed for simple queues and tree queues anymore. Will be disabled. Got it. What's new in 7.3rc1 (2022-May-27 11:50): *) queu...

jbl42

The maximal raw WiFi bandwidth with ac2 2x2 Mimo is 866MBit/s (2x433). Connection at the theoretical max rate will only work in the same room a few meters away from the RB4011, if it at all. A room away it will be closer to 200-300MBit raw WiFi rate. The practical per client TCP bandwidth as measuer...

jbl42

Surely, download is shaped and controlled by the ISP and upload by the client? What am I not understanding here with everyone wanting Cake on Simple Queue? See here for an example were the DL/UL is shaped by the ISP to 500/100 https://forum.mikrotik.com/viewtopic.php?p=935980#p935980 The cake simpl...

jbl42

Are there any advantages at the RouterOS v7.2.3? It depends. For the average IPV4 NAT home/smb router, ROS 7 works fine. Plus you get Wireguard and fq_codel/cake queues. For the more advanced stuff (IPv6, "real" routing with BGP/OSPF, advanced queue trees, VXLAN, MLPS, ...) ROS 7 is not y...

jbl42

To avoid further flooding of the 7.30beta thread with Cake topics, here some results taken from my home network: RB5009, ROS 7.2.2, Fiber uplink at SFP1 using PPPoE with NAT capped at nominal 500/100 by the ISP equipment at the other end of the fiber. The ISP UL shaper does a not so bad job, but the...

jbl42

If the rumored price of about 210€ turns out to be true, it is even a very good offer if it is just used as a "normal" 2x SFP28 NIC in pass-through mode for Linux servers.

jbl42

My guess is RSTP on those switch chips was added at the same time as the VLAN-filtering and the footnote can just be updated Yes, for devices using RTL8367 (like RB4011), l2hw offload for STP/RSTP was introduced at the same time as VLAN filtering. And because ether1-5 and ether 6-10 are connected t...

jbl42

I do not have a spare parts to test on win 10, but probably the string is emulated, not real.... (win 10/11 is the same from this point of view) According to the block diagram , the Ethernet controllers exposed to the PCIe host are indeed not "real". They are kind of emulated inside the A...

jbl42

Hosts' DHCP times out before router is fully up to hand out IPs.. Hosts pick their own RFC3927 address and remain offline. Some hosts retry the DHCP discovery and come online properly.. Once the router is back, run a script on the switch disabling all client switch ports and reenabling them after s...

jbl42

Looking at the 2nd capture sniff02.png At packet #241-243 the SIP host sends 3x SIP CANCEL, which the MikroTik fails to deliver to the PBX and hence bounce with ICMP code 3 (Host unreachable). After that (starting at #254), the PBX on 192.168.1.252 starts responding again, but never with something e...

jbl42

But it works for physical ones, for example, my WAN interface is ether1. I haven't tested if it actually functions properly, but RouterOS let's me assign the queue. In my tests it never was possible to attach cake as interface queues on virtual interfaces. But what works, at least for me up to ROS ...

jbl42

Yes, the Anynode-device is registered to our PBX. And it is registering every 3 minutes. Have you tried to increase the udp-stream-timeout to 5m in /ip/firewall/connection/tracking ? The default value is 3m (minutes), same as your phone's register interval. Maybe the connection times on small inter...

jbl42

How do you specify the Cake bandwidth on asymetric links?

limit-at=DOWN/UP ?

There is no limit-at=DOWN/UP for interface queues.

jbl42

the cake was a lie all along bros....

:-) memories...

jbl42

CAKE type was always meant only for interface queue, it had no effect when used in simple queue. I'm confused. I run 2 cake queue types on my WAN bridge interface in a simple queue and it works without issues. In a WAN interface queue , how do i specify different rates for asymetric lines? Further,...

jbl42

I see, thanks for the link! That looks like OM3 glass and not plastic to me. 8) But anyway still very cheap. After checking it out: You're right. The "PVC (OFNR)" is bout the coating of the fiber, not the fiber itself. And yes, fs.com is a real price dumper. (I'm not affiliated with fs.co...

jbl42

@jbl42: you probably just mean multimode fibre (which is glas, but that´s also getting cheaper), or is there really a plastic fibre solution for 1G and for let´s say longer than >30m? We used fs.com OM3 Multimode PVC (OFNR) with success for such applications: https://www.fs.com/products/74385.html?...

jbl42

Multimode plastic fiber stuff has gotten very cheap. For WAPs exposed on poles, using cheap plastic fiber for the network link solves all problems with EMC, potential differences and surges. If the WAP is missing SFP, use a cheap media converter to convert to copper on top of the pole. The power sup...

jbl42

If we had a public bug tracker / issues list currently known it would be so much easier. If we are at it, proper release notes would make thighs easier too. "fixed an issue with xy" is less than helpful to decide if it is worth to take the risk of an update. Especially nowadays, were ROS ...

jbl42

wouldn't it also bottleneck on 1 out of 16 cores with the CCR2116? A single TCP connection is always handled on 1 CPU core. This is required to avoid packet reordering. So if you run a speedtest using only one TCP connection, it will max out 1 core also on CCR2116. But if you run several connection...

jbl42

Come on, this has already been discussed 20 times before! YES, the default was changed. YES, devices that were installed from defaults before that change now display a warning. YES, that warning is needlessly alarming. This is ALL already known. This is only known for frequent reader. Known issues ...

jbl42

When you have 20 rules that each check different variant of ICMP and you replace that with a jump to a separate chain it will perform a factor of ~20 better. I know ICMP is just an example for the principle here. But if we are at it anyway: I never got why so many people try to tamper with ICMP in ...

jbl42

100 total for input + output + forward chain ? Yes, 100 "non raw" rules in total. What happens above those 100 rules ? Is the performance drop linear or exponential ? (I'm asking because I'm interested in the 5009 once PIM-SM is supported) For our uses cases, it is good enough if RB5009 f...

jbl42

how is possible reach 140G if the max speed of combined port are 100G? (or not?) As I understand it, we are discussing the speed of the established link, not the effective throughput. The CCR2216 block diagram states "2x100 GB full duplex" for the QSFP ports. It should be possible to esta...

jbl42

Does anyone have figures showing "when it stops being negligible" ? The impact and scalability of FW rules is depending on device capabilities like number and speed of CPU cores, RAM size and l3hw offload in the switch chip. So it is hard to come up with numbers among different MT devices...

jbl42

The RB5009 quick set config gives you the equivalent of a normal "dumb" home NAT router: - DHCP client towards WAN - DHCP server for LAN - DNS server for LAN (forwarding to DNS received by DHCP client on WAN) - srcNAT (masquerade) towards LAN - all connections LAN -> WAN allowed - all conn...

jbl42

however when I plug in my ccr2216 with the 40g transceiver in port qsfp #1, the qsfp port #2 does not show 100G speed available only 40g. For your setup, QSFP-1 should run in 4x10GB mode and QSFP-2 in 4x25GB mode. I seems like running QSFP-1 with 4x10GB somehow disables 4x25GB on QSFP-2. Most likel...

jbl42

Do you have some kind of evidence to back up the claim that the RB4011, RB5009, etc will do the job? The RB5009 maxes out a 1GB uplink with PPPoE with 10-30% CPU load on all 4 cores in my personal experience. I has a 4x 1.4GHz 64bit Arm Cortex-A72 CPU compared to 2x 800MHz ARMv7 32bit wich is a lot...

jbl42

Hi strods No issue, thanks for your hard work. Normally I'm not the type getting grumpy in vendor forums. The reason I did tis time is the following: *) leds - fixed wireless related LED behavior with WW2 package; *) ww2 - fixed VLAN tag handling; So those two ww2 related fixes were tested on 7.2.2 ...

jbl42

But in case of such a blocking problem I would expect either a delay of the stable version, or a warning "do not upgrade to this version when you use wifiwave2". In the normal world yes. In the world of Mikrotik labels like "stable" and "RC" and are just randomly attac...

jbl42

What's new in 7.3beta37 (2022-Apr-25 15:29): *) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34); And the same bug was also introduced in 7.2.2 "stable", which was released later than 7.3beta37... Bugs introduced in v7.3beta34 also appear in 7....

jbl42

We use RB5009 and RB4011 as site routers for small branch offices with good success, while we are mostly a Cisco and Juniper shop for HQ and larger sites. Now we started to investigate VXLAN for near-future use, most of our Juniper/Cisco boxes can do VXLAN in HW at full wire speed. I would love to m...

jbl42

RB5009 supports L2 hw offloading for VLAN filtering. All traffic not addressed to the CPU interface is handled by the switch chip with wire speed and not visible to the CPU, hence it does not appear in torch. To torch bridge traffic with active VLAN filtering, temporarly disable HW offload on all br...

jbl42

PPTP is inherently unsafe by today standards, see https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security If you have known IP ranges from were your PTPP users are connecting, you can improve the situation a little bit by restricting source IPs of PPTP clients. But still, if securit...

jbl42

The RB5009 has issues if the switch traffic ingress port runs at higher rate than the egress port, in your case towards PC2 with 100MBit. There are several topics discussing this, the biggest is this one, discussing the same issue when mixing 2.5GB and 1GB. https://forum.mikrotik.com/viewtopic.php?p...

jbl42

According to the 802.3az standard, EEE shall only be enabled if agreed on both ends during link auto negotiation, using a special "next page" for EEE. Some devices allow to force-enable EEE if auto negotiation is disabled, but this is not conforming to the 802.3az spec. So either the RB500...

jbl42

This looks like congestion problems if download traffic ingresses with 2.5GB at ether1 and gets bridged (switched) towards the ether2-8 1GB ports. As the bridge ingress port is faster than the egress port, the switch chip queue for the egress port overruns and packets get dropped. This causes packet...

jbl42

There must be a very good reason why this "basic" feature is not added to the Linux kernel for over 15 years. So there is no simple toggle "enable RTSP helper". While I personaly do not have a need for a RTSP proxy in ROS, there still is a very good reason there is none in the L...

jbl42

Really looks like using a different main router makes both of your smartphones connecting with 20MHz only while the TV stick is able to connect with 80MHz at the same time. Very weird indeed... Looks like an obscure bug only happening for some "special" combination. I suggest to contact Mi...

jbl42

My ISP give me unlimited traffic but after 10GB it droped me download speed to 3Mbs ... How else can you know bandwidth has dropped if not specifically testing for it ? Checking for the total traffic of the interface to reach 10GB? It is available in interface stats and can also be read by scripts....

jbl42

As far as I can see you are using your local private IP as source for outgoing public internet traffic, because no NAT. Private IPs are not routed in public Internet, so there will never be a resonse from any server with public IP. The outgoing traffic visible in your screenshot is your ping request...

jbl42

@jbl42, VLANs 0 and 4095 are reserved and VLAN with id 1 is the default VLAN used by MikroTik and should not be used... It is explained here https://en.wikipedia.org/wiki/IEEE_802.1Q Yep. VLAN1 is used by MT implementation as default PVID for all ports, same as for many other vendors too. But in of...

jbl42

My problem is, i noticed that when im upstairs i have full net speed and mobile phone says that wifi link speed is 866 mbps. When im downstairs, wifi link speed is 192 mbps and im standing right below the AP. (I checked with winbox in the router to be sure that phone is indeed connected to downstai...

jbl42

please advise what went wrong.it is nearly 1 year old.

Obviously some electronics stuff inside broke, overheated and the unit died. Such things happen.
Return it to your retailer and get it replaced. If it is less than a year old, it is most likely replaced under warranty.

jbl42

bind() failed: An attempt was made to access a socket in a way forbidden by its access permissions. [10013] This is an error coming from the windows socket API when netinstall tries to open (bind) the listening port for incoming netinstall boot request. There are usualy two reasons for this: Anothe...

jbl42

If a bridge has protocol-mode=none it will forward packets with a destination MAC address 01:80:C2:00:00:0x, this is not compliant with 802.1D but has its uses. It not only violates 802.1D, it has the potential to mess up VOIP settings by propagating LLDP-MED to all ports. If you set protocol-mode=...

jbl42

VLAN-id=1 should not be used in your configuration... Read here : https://help.mikrotik.com/docs/display/ROS/VLAN " The IEEE 802.1Q standard has reserved VLAN IDs with special use cases, the following VLAN IDs should not be used in generic VLAN setups: 0, 1, 4095" Source: link above... @z...

jbl42

For inter vlan routing (aka HW-Offloading Connected Routes). For example if i have two access switch connected to a CRS317. Each access switch is a separate L2 with a /24 subnet. Now if the CRS317 attempts to route between those two networks, two /32 routes a creaded in the routing table of the swi...

jbl42

So for now the best workaround is to disable the "Bridge Port" column in winbox, then we can safely enter DHCP leases & ARP list windows again without disrupting router stability.

It is not sure the information is not polled when the column is hidden in Winbox.

jbl42

Just advising that this problem is also triggered whenever viewing the “IP → ARP List” Window .. Also, this is not a Winbox problem, as the issue occurs even if you access these menus from Webfig. The IP/Arp window has a column "bridge port", same as the DHCP lease windows. This info is c...

jbl42

that's also why RJ45 console cable is part of the basic toolkit of every network technician. (except that you need multiple adaptors, because various network equipment vendors use diferent pinouts) While MikroTik is using the Cisco pinout which is by far the most common among vendors. But yes, ther...

jbl42

3.3V * 700mA = 2.3W The S+RJ10 copper SFP is rated with 2.4W and officially supported for RB4011. So your SFP is OK regarding power consumption for RB4011. Not sure about the RB260GS. But in my experience, the RB4011 in general is a bit picky with SFP support. Especially for "exotic" ones ...

jbl42

Switching performance is depending on the capabilities of the device's switch chip. There might be differences in available features, but the switching throughput ist not depending on ROS vs SwOS. There are some ROS only devices with switch chips not providing l2hw for bridges, so the CPU has to han...

jbl42

The problem is that tv company has multiple streams(10to12) in one multicast ip, where the difference is in the port. Some mikrotiks has eoip connection over internet with the main one, and if a stb connected to these mikrotiks, require one of streams in a ip multicast with multiple streams, all st...

jbl42

@BettyRNorahDeniels GPON (Gigbabit Passive Optical Network) SFPs in general are different to normal optical transceivers. GPON is a shared medium and requires special encription and time sliceing for media access. GPON SFPs conatain local intelligence handling all this low level stuff autonomiously ...

jbl42

am i doing something wrong or is this just a fact of life with the little Hex mips running out of steam? Queues require disabling fastpath so the poor little single core 850MHz MIPS just works it's butt off with routing, NAT and queue ;-) Presumably cake is even more cpu intensive? Efficiency was o...

jbl42

Do you know the user/password to login? If not, there is no way (at least we all hope so ;-). Except doing a factory reset (netinstall) losing everthing. If you have user/pw, you can use serial terminal to access the device and view/export config. RJ45 serial cables are cheap and avaialble everywher...

jbl42

working, but only in CLI

If 88cc is used for mac-protocol, the switch rule can also be set up using Winbox.
The protocoll name lldp (ethertype 0x88cc) is only known on the CLI, not in Winbox.

jbl42

A few days with Winbox connected, but showing only the interface table = no flaps and graphs look ok. As soon as I add DHCP server / lease table = gaps started to appear on graphs immediately and all ports flapped after around 2.5 hours. This. I can reproduce this on a RB5009 running 7.1.1: Having ...

jbl42

I could solve similar issues on RB5009 and 7.1.1 by setting frame-types=admit-only-untagged-and-priority-tagged for the untagged access ports. This setting should not be necessary and should have affect on ingress only. But still it helped for me to get rid of wrong egress tags for HW offloaded acce...

Search found 277 matches