Hi,
so nobody has any idea? I've hoped that it can be solved without returning to the reseller.
So I will send it back, hoping they will excache those antennas.

Hi, I have a problem with two STXsq 5 ac - there are no WLAN interfaces. Devices are new, and the problem is from the beginning. I've already tried updating to the newest ROS(7.6), stable(6.49.7), netinstal, and configuration reset but nothing has helped. When booting, log shows the following: DefCo...

Hi guys, simple question about ipsec and fasttrack. With ROS7+ do I still need to add 'bypass rule'? eg. /ip firewall mangle add action=mark-connection chain=forward comment="Mark IPsec" ipsec-policy=out,ipsec new-connection-mark=ipsec /ip firewall mangle add action=mark-connection chain=f...

I'd suggest you to create a supout.rif and open a support ticket at Mikrotik. You can refer to this topic in the ticket in addition to a brief description, but supout.rif is the first thing they ask for if you don't attach it straight away, no exceptions. I will do that :) Totally unrelated to the ...

No matter what the reasons are, the essence is that the IKEv2 VPN client needs to connect also from the server's LAN. YES According to your configuration excerpt, the responder peer listens at all addresses. Not exactly - I always have address=0.0.0.0/0 and local-address I've tried different config...

I'm simply stating the fact that IKEv2 seems to be broken in RouterOS when used with split-include, and that it only works with Windows clients by using a non-standard behavior of that specific client. I haven't tested Windows 10 client against other IKEv2 servers. But I think that Windows is not w...

Ok. So maybe I have to write it more simple what I have and what I want: Bridge.png Bridgeports.png /interface bridge add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=br-LAN vlan-filtering=yes add name=br-WAN /interface bridge port add bridge=br-LAN frame-types=admit-only-vlan-tagge...

I'm not sure if I understand your problem. Do you wonder why those two polices are different? In my opinion it is because of windows. As you can see in a fragment from wiki which I've quoted already Windows will always ignore networks received by split-include and request policy with destination 0.0...

Depending on the throughput required, you may try to add an auxiliary bridge interface, move the IP configuration from the VLAN interface to it, and make the VLAN interface a member port of this auxiliary bridge, while its tagged end will remain attached to the main bridge. Hi Sindy. I've read it c...

Hi, I also was playing a little bit with IKEv2. As I know macOS has some limitations. In MikroTik wiki: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec Known limitations Here is a list of known limitations by popular client software IKEv2 implementations. Windows will always ignore networks received ...

Guys thank you very much for your advice. If I may, I'll have more detailed questions. I can start with some 5GHz routerBOARDs which I have. But I'm not sure with which antennas should I try. So firstly should I start with standard omni antennas with some DIY shield to make the wifi wave very narrow...

Hi,
I really need help. If you need more details please feel free to ask me. I thought I've written all, but maybe I've missed some. So please ask.

I've done the test with direct ingres port, still without success :(
Also, DHCP inform packet without src-mac address.

So I've added a third bridge - now I have 'Bridge LAN' 'Bridge WAN' and 'Bridge IKEv2' I've set up IKEv2 peer on IP assigned to 'Bridge IKEv2', and added dst-nat rules for UDP 500, 4500 and ipsec-esp to forward them to the IP of 'Bridge IKEv2'. I still can connect from WAN and LAN. But only on WAN p...

Sindy, thanks for your reply. Yes, I can grab DHCP inform - in both scenarios they are sent as broadcast to address 255.255.255.255:67. See below First one from VLAN - as you can see, after established SAs repeated DHCP packet without response 1.gif Second scenario - not from VLAN - after establishe...

Guys, I need your advice. I'm looking for some solution for WiFi infrastructure in our packing hall. Bellow, I enclose images of how it looks. Packing hall dimensions are 25m x 100m WhatsApp Image 2021-03-26 at 07.30.35 (1).jpeg WhatsApp Image 2021-03-26 at 07.30.35 (2).jpeg WhatsApp Image 2021-03-2...

Hi guys. I have a problem with IKEv2 IPsec configuration. Normally when I have configured IKEv2/IPsec server peer on IP address assign to bridge interface. Windows 10 connects to this IP, ask for policy 0.0.0.0/0, then ask via dhcp option 249 for 'split-include' defined in mode config. -> Everything...

Sindy thanks a lot for your quick response. It looks good :) So for main VLAN I can use identity with Auth. Method 'eap radius' so all domain users get access to the main VLAN. And for the rest VLANs I'll have to define separate identities for each user with Auth. Method different than 'eap radius' ...

Hi guys I've played a little with IKEv2. I'm able to connect to mikrotik router with IKEv2 (using 'digital signature' or 'eap radius'). Now I'm looking for some guides how can I filter access to specific VLANs from IKEv2 clients. I know that, I can add firewall rules like: #ALLOW VPN to VLAN10 add a...

Guys, English is not my main language, but I hope more or less I have written understandably. I don't know which router should I choose for my network - CCR1009-7G-1C-1S+ or CCR2004-1G-12S+2XS. And how to connect it to switches. I've tried to describe my network and my needs. I've looked at block di...

Hi Guys. Can you help me with planning of the architecture of company network? I'm using already CRS328-24P-4S+RM as switches, and RBcAPGi-5acD2nD as WiFi access points. But the question is how to connect together switches and then to the router in the best way. I'm using VLANs(office network, guest...