Community discussions

MikroTik App

Search found 253 matches

by atomicduck
Wed Oct 09, 2024 10:45 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1296
Views: 244071

Re: 📣 WinBox 4 is here 📣

Hello MikroTik guys, I have been testing WinBox 4.0 beta9 and I see some stuff have improved since last time I tried. It is good that you have returned with the tabs and overall stability is better. However, all in all I can't say that I like the new WinBox. It has some nice features, but is all doe...
by atomicduck
Wed Oct 09, 2024 10:42 am
Forum: General
Topic: Winbox 4 comments
Replies: 1
Views: 206

Re: Winbox 4 comments

I second this.
by atomicduck
Tue Sep 03, 2024 1:43 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1296
Views: 244071

Re: 📣 WinBox 4 is here 📣

On a Mac it works relatively OK. I see a fair number of crashes, and initial search of devices on LAN is slow. Visibility is better than before, but I think the bg should be a bit lighter to increase contrast. I liked the new status on the botton. It is very useful. Header letters are very bad visib...
by atomicduck
Sun Aug 11, 2024 2:05 pm
Forum: Beginner Basics
Topic: Weird filtering issue on 7.15.3
Replies: 2
Views: 557

Weird filtering issue on 7.15.3

I am just building a small network on 1100AHx4, and have encountered a weird issue with Firewall: if I define a list for all local interfaces, and use it in the firewall it doesn't see to catch anything. Only if I define input for a bridge interface it catches something. Doesn't work: /ip firewall f...
by atomicduck
Tue May 28, 2024 6:48 pm
Forum: General
Topic: Reboot loop on hEX - not possible to start netinstall? [SOLVED]
Replies: 5
Views: 984

Re: Reboot loop on hEX - not possible to start netinstall? [SOLVED]

Well, I fixed it. The router had the button stuck. Managed to put it in netinstall mode and it worked. HOWEVER - the router behaves in a weird way. The normal bridging didn't work after I got it up, and I just needed it as a simple switch. So I put it away for now and ordered a 260GS. Too much troub...
by atomicduck
Tue May 28, 2024 2:43 pm
Forum: General
Topic: Reboot loop on hEX - not possible to start netinstall? [SOLVED]
Replies: 5
Views: 984

Re: Reboot loop on hEX - not possible to start netinstall? [SOLVED]

There are two (BTW confusing) ways to boot in Routerboot mode: 1) press the reset button and while it is pressed power the device, then keep pressed until the device appears in netinstall <- this will use the backup bootloader 2) power the device and immediately after press the reset button, then k...
by atomicduck
Tue May 28, 2024 1:26 pm
Forum: General
Topic: Reboot loop on hEX - not possible to start netinstall? [SOLVED]
Replies: 5
Views: 984

Reboot loop on hEX - not possible to start netinstall? [SOLVED]

I have one weird hEX which failed during upgrade, however I am not able to put it netinstall mode.

What happens is that the device just restarts at one point while I am holding the reset (at about 15-20s?).

I presume the device is irepairable, is there anything else I could try?
by atomicduck
Sun May 26, 2024 12:47 pm
Forum: General
Topic: WireGuard throughput on mAP lite?
Replies: 0
Views: 656

WireGuard throughput on mAP lite?

I have one mAP Lite that I use for Dynamic DNS on a location where the main VPN router seems to have crashed / exhibiting bugs. So I was wondering if it would be possible to set up an usable temporary WireGuard VPN on mAP lite... Did anyone measure what is the throughput? I am aware how ridiculous t...
by atomicduck
Wed May 01, 2024 5:04 pm
Forum: General
Topic: How to set L2TP/IPsec use only one gateway on dual gateway (redundant) setup?
Replies: 0
Views: 457

How to set L2TP/IPsec use only one gateway on dual gateway (redundant) setup?

Hello, I added second internet access to the main router (failover). I put it in its own bridge, made masquerade rules and added route with correct metrics. ROUTE: /ip route add check-gateway=ping comment="MAIN - SLOW INTERNET" distance=2 gateway=192.168.0.1 add check-gateway=ping comment=...
by atomicduck
Fri Mar 22, 2024 12:14 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 5524

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

It's not rocket science. If you go the manual road, it MIGHT be possible you need to handle this in 2 steps. But you will only know once you see it failing. If you go the normal road as foreseen in Winbox/CLI, it SHOULD be a one-step thing. Also there, log file after reboot will tell you were you a...
by atomicduck
Fri Mar 22, 2024 12:12 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 5524

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

I have tested this on mAP lite: 1. update to 7.12.1 worked as it should 2. update to 7.13.5 where i also added wireless package manually when updating also worked as it should So I conclude that it is indeed possible to manually install both the system and wireless package at once during an upgrade ...
by atomicduck
Fri Mar 22, 2024 10:12 am
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 5524

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

So... call me stupid, but I still don't understand is it doable or not.. I will have to dig one older ap and test.
by atomicduck
Thu Mar 21, 2024 9:14 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 5524

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

HOW did you do these upgrades ? Should be done using System / packages / upgrade (Winbox or CLI) Don't simply drop ROS package on files and reboot. If you used that approach, you should have dropped wireless as well. Every single legacy wifi device I upgraded past 7.12 towards 7.13.x, got the wirel...
by atomicduck
Thu Mar 21, 2024 8:48 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 5524

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

Excuse my ignorance, but how? I have done a number of upgrades today, both to 7.12.1 and then to 7.13.5, and not one of the updates installed legacy wireless package automatically. All of these were active CAPs, and until I specifically installed wireless package, this didn't work. As for the Capsma...
by atomicduck
Thu Mar 21, 2024 6:02 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 5524

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

If you use the normal upgrade proces (System / upgrade packages / Download and install) then 7.13 will "automagically" take care of required extra packages where needed (actually, the hooks are present in 7.12 since that's the one doing the download). It's even so that on some device NOT ...
by atomicduck
Thu Mar 21, 2024 5:41 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 5524

Only offline update of WLAN only devices over 12.1? [SOLVED]

I have a number of pseudobridge WiFi devices scattered around. Now, I wanted to update them all to newer ROS, but then it dawned on me that new ROS does not contain wireless drivers... Am I correct that after 7.12.1 I will have to physically access device to update it? Or is there a way to prepackag...
by atomicduck
Sat Mar 09, 2024 1:41 pm
Forum: Wireless Networking
Topic: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]
Replies: 11
Views: 4223

Re: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]

1- yes, 2 different capsman environments. One under wifi, one under wireless / capsman 2- yes. Don't believe me ? Try it :lol: I have a capac and hap ac2 running wifi-qcom-ac driver as standalone APs. Wifi-part needs to be reconfigured from scratch but this time in the wifi screens (if you use CLI,...
by atomicduck
Fri Mar 01, 2024 12:13 pm
Forum: Wireless Networking
Topic: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]
Replies: 11
Views: 4223

Re: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]

1- yes, 2 different capsman environments. One under wifi, one under wireless / capsman 2- yes. Don't believe me ? Try it :lol: LOL :-D Will test I have a capac and hap ac2 running wifi-qcom-ac driver as standalone APs. Wifi-part needs to be reconfigured from scratch but this time in the wifi screen...
by atomicduck
Fri Mar 01, 2024 11:45 am
Forum: Wireless Networking
Topic: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]
Replies: 11
Views: 4223

Re: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]

Thank you. I think I get it now. - I can control new AND old versions of devices on one capsman (are there really two separete versions or they just include it in two diff packages?) - Are you sure I lose I loose radios? I see that routeros + wifi-qcom-ac on controller work? (kind of an issue for sm...
by atomicduck
Fri Mar 01, 2024 11:09 am
Forum: Wireless Networking
Topic: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]
Replies: 11
Views: 4223

Re: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]

Ok... I won't lie - I am confused... So the situation is the following? -> 1. for Capsman i have two different versions now? 2. for devices like CAP-AC (and I have a lot of those) for wave2 I would need to install wifi-qcom-ac and loose 2.4 ghz? 3. on 4011 I have to use old Wireless to have both car...
by atomicduck
Fri Mar 01, 2024 10:46 am
Forum: Wireless Networking
Topic: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]
Replies: 11
Views: 4223

Re: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]

RB4011 is a special case since it has 2 different wifi chips. The choice you have to make is using wave2 drivers but only keeping 5GHz. Or continue using legacy drivers and keep both radios. Thank you. I will probably keep W2, but if I will have to have both WiFi interfaces - how do I proceed? What...
by atomicduck
Fri Mar 01, 2024 10:20 am
Forum: Wireless Networking
Topic: Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]
Replies: 11
Views: 4223

Can I get both 2.4 and 5 Ghz to work with new drivers? [SOLVED]

I have one 4011 device working fine (excellent actually) on ROS 7.12.1, but I don't see 2.4 GHz card with WiFi Wave 2 package. Unfortunately, client has some old devices that need 2.4 Ghz. If I upgrade to latest ROS, I understand that WiFi packages are installed by need, and not by default? I see th...
by atomicduck
Thu Feb 22, 2024 3:15 pm
Forum: Useful user articles
Topic: Lis of ingress allow ports for Windows networks
Replies: 3
Views: 6146

Re: Lis of ingress allow ports for Windows networks

So you need to allow VLAN to VLAN traffic, but have a mandate to restrict by IP and port? If so, what you are doing seems reasonable in terms of rules and efficiencies. This was built for a very large distributed network that consists of 5 huge buildings with office spaces, production and warehouse...
by atomicduck
Wed Feb 21, 2024 3:56 pm
Forum: Useful user articles
Topic: Lis of ingress allow ports for Windows networks
Replies: 3
Views: 6146

Re: Lis of ingress allow ports for Windows networks

UPDATE: The port list I defined here works fine. I maybe modified it a bit, but in essence that's it. (It seems everything works without RPC dynamic range.) Screenshot 2024-02-21 at 14.53.23.jpg Allowing only specific ports I filter out an ungodly amount of crap from the network... And everything wo...
by atomicduck
Wed Feb 14, 2024 1:29 pm
Forum: General
Topic: Port forwarding flopping?
Replies: 11
Views: 2591

SOLVED

Fast forward a bit. MikroTik S-RJ01 modules seem to not work well / work at all with RB2004, possibly other devices. I detected that the modules are failing in mysterious ways. For example, after a reboot some wouldn't start. Other just turned off after a while, and back on. Anyways, we have connect...
by atomicduck
Tue Feb 13, 2024 8:46 pm
Forum: General
Topic: Port forwarding flopping?
Replies: 11
Views: 2591

Re: Port forwarding flopping?

Here is an update; I have disconnected everything from router ecept my own laptop and internet feed. Tried checking routers own (VPN) ports open and nothing. Under NAT I can see that ports get triggered.
by atomicduck
Tue Feb 13, 2024 4:03 pm
Forum: General
Topic: Port forwarding flopping?
Replies: 11
Views: 2591

Re: Port forwarding flopping?

It would appear that you dont have the single allow dstnat rule in the forward chain but have created the firewall portion of every dstnat rule as a separate entry also in the forward chain. Or maybe not???? Q. Can you confirm if all those forward chain rules with dst are simply LAN to LAN or wireg...
by atomicduck
Tue Feb 13, 2024 3:56 pm
Forum: General
Topic: Port forwarding flopping?
Replies: 11
Views: 2591

Re: Port forwarding flopping?

Honestly, I can't spot the error in the config. Only one thing (actually two) is unclear for me and may cause access problems is /ip firewall nat add action=log chain=dstnat comment=TEST dst-port=45562 log-prefix=\ "NAT incoming" protocol=tcp add action=log chain=dstnat comment=TEST dst-p...
by atomicduck
Tue Feb 13, 2024 1:15 pm
Forum: General
Topic: Port forwarding flopping?
Replies: 11
Views: 2591

Re: Port forwarding flopping?

please clarify, you are trying to connect to port 3389 from router (?) to which address, internal or external (?) Thank you for replying. I am trying to port forward to 10.0.20.14 to 3389 I run wireshark a bit and I could see IP from main router when I used telnet on the server and also could conne...
by atomicduck
Tue Feb 13, 2024 12:08 pm
Forum: General
Topic: Port forwarding flopping?
Replies: 11
Views: 2591

Re: Port forwarding flopping?

I sincerely appologize. Here is the info: I am running 7.11.2 on CCR2004. Here is the config, I removed DHCP, capsman (works fine) Wiregaurd. /interface bridge add name=BR1 protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] name=ether1-MGMT set [ find default-...
by atomicduck
Tue Feb 13, 2024 11:49 am
Forum: General
Topic: Port forwarding flopping?
Replies: 11
Views: 2591

Port forwarding flopping?

I have a router with VLANned network. Internet access is masqueraded and internet access works. The issues are the servers are on and off accessible from outside? I have port forwards and they should work / work - I see rules triggered, and when I try to telnet to server (3389 port) from the router ...
by atomicduck
Sun Feb 11, 2024 5:19 pm
Forum: General
Topic: S-RJ01 - terribly unrelibable?
Replies: 4
Views: 539

S-RJ01 - terribly unrelibable?

I have just had an entire LAN drop after both DNS / DC servers dissapeared from the LAN. I took me about an hour (it is a very large site) to find out that after the restart of the main router (CCR2004) where I use them to connect servers to it using copper the simply did not start. I have temporari...
by atomicduck
Wed Jan 03, 2024 12:59 pm
Forum: General
Topic: How to enable ROMON correctly? (I have three switches with identical ID)
Replies: 21
Views: 4716

Re: How to enable ROMON correctly? (I have three switches with identical ID)

Maybe you should report it. When I did then could not replicate and after setting the address manually it worked OK for me.
by atomicduck
Thu Sep 21, 2023 1:41 pm
Forum: Useful user articles
Topic: Special settings needed for XS+31LC10D and XS+2733LC15D
Replies: 0
Views: 5301

Special settings needed for XS+31LC10D and XS+2733LC15D

I had an issue establishing links with XS+31LC10D module, and got an info from support stating that for: XS+31LC10D XS+2733LC15D modules, the following settings need to be applied when plugged in to SFP+ interface: /interface ethernet set sfp-sfpplus1 auto-negotiation=no speed=10Gbps full-duplex=yes...
by atomicduck
Wed Sep 20, 2023 12:58 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

But then you still have to use the same PSK for all users. This was exactly what I wanted to avoid. The idea, at least for me, is to have users defined in advance for stable or sensitve equipment. Everything else? Normal PSK and that's it. In any case, still waiting for the atomic duck blueprint fo...
by atomicduck
Tue Sep 19, 2023 7:04 pm
Forum: RouterBOARD hardware
Topic: XS+31LC10D and CRS318-16P-2S+out no link after reboot
Replies: 3
Views: 2896

Re: XS+31LC10D and CRS318-16P-2S+out no link after reboot

Tried setting no-negotiate and static speed & duplex?
I had the same problem with XS+3LC10D and CCR2004 and CRS309 today and this helped. The cable was a short interconnect of 1M... I set the rate to low, same settings on both devices.
by atomicduck
Tue Sep 19, 2023 3:06 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

The problem is that EAP isn't supported by minimal systems (like printers and IoT devices), and that many devices do not work properly when both PSK and EAP are configured on the same SSID (although the standard and the configuration of RouterOS does allow that). Another problem is that configuring...
by atomicduck
Tue Sep 19, 2023 9:18 am
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

TBH, this is not that important. There is a solution to this problem via EAP, with an ability to assign username / password per user. That is perfectly fine. One should think in terms of manageability of computer networks, and sometimes logical separation is at least as important as a security aspec...
by atomicduck
Fri Sep 15, 2023 3:45 pm
Forum: Useful user articles
Topic: Lis of ingress allow ports for Windows networks
Replies: 3
Views: 6146

Lis of ingress allow ports for Windows networks

As I have segregated departments into their own VLANs, I need to allow those port IN specific from those VLANs. I made a list of ports needed for AD DC and file sharing work on Windows network: LINE BY LINE: # TCP Services /ip firewall filter add chain=forward protocol=tcp in-interface-list="LO...
by atomicduck
Wed Sep 13, 2023 11:25 pm
Forum: General
Topic: How to enable ROMON correctly? (I have three switches with identical ID)
Replies: 21
Views: 4716

Re: How to enable ROMON correctly? (I have three switches with identical ID)

Maybe this is related? v7.12beta7 has an RoMON fix...so maybe something was/is broken... *) console - improved system stability through RoMON session; What version are these RoMON problems happening? For me it was on 7.11.2. I reported this to MikroTik, we will see if they will consider it a unusua...
by atomicduck
Wed Sep 13, 2023 1:09 am
Forum: General
Topic: How to enable ROMON correctly? (I have three switches with identical ID)
Replies: 21
Views: 4716

Re: How to enable ROMON correctly? (I have three switches with identical ID)

Maybe you actually have duplicate mac-address on the bridge interface someplace & it's not an RoMON issue. I'd really use leave id= unset. If it's switching look at the mac-address it's switching between, and compare with /ip/arp/print and /interface print proplist=name,mac-address I did compar...
by atomicduck
Wed Sep 13, 2023 12:56 am
Forum: General
Topic: How to enable ROMON correctly? (I have three switches with identical ID)
Replies: 21
Views: 4716

Re: How to enable ROMON correctly? (I have three switches with identical ID)

Perhaps limit interfaces= to where you want RoMON? I guess you can use id=00:00:00:00:00:01 id=00:00:00:00:00:02 id=00:00:00:00:00:03 since RoMON used different ethertype & likely best it's NOT same as anything else. But I've let it figure it out and never seen an issue... so I may not be much ...
by atomicduck
Wed Sep 13, 2023 12:30 am
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Super, I will be sure to link to it from the user article!!
I am planning how to do it, but I am currently working on this network I am building right now so no much time. But I will certainly make it, because it is very useful feature to have.
by atomicduck
Wed Sep 13, 2023 12:29 am
Forum: General
Topic: How to enable ROMON correctly? (I have three switches with identical ID)
Replies: 21
Views: 4716

Re: How to enable ROMON correctly? (I have three switches with identical ID)

I wouldn't not mess with the "ID" – leave as default/unset. It will be automatically be assigned. I've used it for years, and never messed with id / mac-address, only secret. The "secret" on all routers DO need to MATCH (or all be blank). When enable, do the 3 routers all show u...
by atomicduck
Tue Sep 12, 2023 6:23 pm
Forum: General
Topic: How to enable ROMON correctly? (I have three switches with identical ID)
Replies: 21
Views: 4716

Re: How to enable ROMON correctly? (I have three switches with identical ID)

In the end it doesn't matter as long as it is a unique value.
I will set it to MGMT port MAC then by default, as the native functionality does not provide unique ID.

Thanks
by atomicduck
Tue Sep 12, 2023 6:14 pm
Forum: General
Topic: How to enable ROMON correctly? (I have three switches with identical ID)
Replies: 21
Views: 4716

Re: How to enable ROMON correctly? (I have three switches with identical ID)

Good question. I leave it blank/deselected and then it will take bridge MAC address on most of my routers (which usually makes most sense). It should be a unique identifier or you may run into problems further on when using romon. OK, so played with the setting and one one CRS328 when set again to ...
by atomicduck
Tue Sep 12, 2023 5:29 pm
Forum: General
Topic: How to enable ROMON correctly? (I have three switches with identical ID)
Replies: 21
Views: 4716

How to enable ROMON correctly? (I have three switches with identical ID)

I enabled ROMON and noticed that three of the switches have an identical ROMON id. This is the config: /tool romon set enabled=yes id=00:00:00:00:00:00 /tool romon port set [ find default=yes ] cost=100 disabled=no forbid=no interface=all There is an additional line where I set the three secrets. Ho...
by atomicduck
Sat Sep 09, 2023 6:25 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Atomic duck, when you get time can you add to the bottom of this thread a more detailed end to end step by step to achieve this functionality?
Will do!
by atomicduck
Thu Sep 07, 2023 5:48 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Users are connecting with username/password in EAP (enterprise security) anyway. So random MAC is not a problem as long as all limits are bound to the username (RADIUS accounting and profile limits). In wifi "registrations", the used username for RADIUS is not visible, so I add it in the ...
by atomicduck
Mon Sep 04, 2023 10:52 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

@bpwl Thanks. Will test. MikroTik guide set the EAP TLS adn RAP PEAP for the outer atuh (1.st stage) and TTLS PAP, TTLS CHAP, TTLS MSCPAH1 , TTLS MSCHAP2 and PEAP MSCHAP2 for inner auth (st. 2). What I need to leave on 1 is: both EAP TTLS and EAP PEAP auth and PRAP MSCHAP2 in 2. As for Mikrotik-Wire...
by atomicduck
Sun Sep 03, 2023 9:47 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Thanks. I have never used EAP before and I noticed interesting pattern - with iPhone I can connect to any username no problem, but not on windows or mac. I can connect only on not used before username/pass. Have you maybe noticed this behaviour too? Not really an issue, I even prefer it, but trying ...
by atomicduck
Sun Sep 03, 2023 5:17 pm
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Re: Separating access points from management VLAN?

What's wrong with AX3? @anav was always a proud hater of capsman, so he never learned its convoluted way. Now that wifiwave2 follows the path of capsman, he's suddenly lost. I can can put my 5c here for anyone interested: I have tested several wireless aggregators, the latest and most expensive bee...
by atomicduck
Sun Sep 03, 2023 4:59 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

No certificate .... that was exactly my problem also! https://forum.mikrotik.com/viewtopic.php?t=185562&hilit=userman#p765296 And I also only used PEAP and MSCHAPv2, not EAP-TLS. Creating the certificate for Userman was the solution. Code/exemple is in the MT HELP: https://help.mikrotik.com/doc...
by atomicduck
Sun Sep 03, 2023 4:14 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Just curious, what WLANs are you trying to invoke such high security........... Are you protecting guest users from each other or what?? If you are asking me: - I have an industrial production facility where I need to connect pseudobridged devices as an ethernet port emulator so that industrial pri...
by atomicduck
Sun Sep 03, 2023 4:10 pm
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Re: Separating access points from management VLAN?

The unfortunate part of the IT is that new features are the name of the game... :lol:
by atomicduck
Sat Sep 02, 2023 12:59 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

@bpwl Thanks. I will then proceed to make a certificate using the tutorials you provided. I see you have made it last like 20 years or so, which is plenty. @pe1chl Yes, I am aware that an attack is possible, but this approach is essentially a workaround for simple multi-PSK approach, and probably mo...
by atomicduck
Sat Sep 02, 2023 12:36 pm
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Re: Separating access points from management VLAN?

LOL guys :-D you made me laugh Yeah... the main issue I have now is that I need to put a production network on, and it chrashes on current software. Not ideal and due installation is probably next week. What's wrong with AX3? I have set up an 4011 on Wave 2 and it works like a charm. I gather not th...
by atomicduck
Fri Sep 01, 2023 7:38 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

I added the Capsman (lcoal) under router and they do communicate, but users get rejected. I did not create certificates yet, as I hoped to skip that if possible. I just need specific login for specific user account and that's it. I did find some tutorials how to make this work usil EAP-TLS, but I do...
by atomicduck
Fri Sep 01, 2023 7:18 pm
Forum: The User Manager
Topic: Radius timeout error
Replies: 11
Views: 44365

Re: Radius timeout error

Radius client can not communicate with radius server aka (Userman) when general masquarading rule is applied. exclude 127.0.0.1 from masquerading & use 127.0.0.1 as Radius client & User manager IP. Use this code instead /ip/firewall/nat/add chain=srcnat action=masquerade src-address=!127.0....
by atomicduck
Fri Sep 01, 2023 6:27 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Users are connecting with username/password in EAP (enterprise security) anyway. So random MAC is not a problem as long as all limits are bound to the username (RADIUS accounting and profile limits). In wifi "registrations", the used username for RADIUS is not visible, so I add it in the ...
by atomicduck
Fri Sep 01, 2023 6:09 pm
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Re: Separating access points from management VLAN?

Well... thanks? :-) For now I have make Capsman function as is, with APs on isolated network. It seems a lot of config to change everything (read I need some time to read and understand your config.) I also made the VLANs work as they should over capsman and added bridge horizon (capsman forwarding,...
by atomicduck
Wed Aug 30, 2023 9:40 am
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Re: Separating access points from management VLAN?

Your concept is flawed! Every smart device (able to read vlans) should get its IP address from the management VLAN. This is where neighbours discovery really shines as there should also me a managmenet interface list entry populated only by the managment vlan and any other ports or interfaces you s...
by atomicduck
Tue Aug 29, 2023 8:06 pm
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Re: Separating access points from management VLAN?

Your understanding is about correct for what is needed. As long as there is some sort of connectivity, romon will work. Even if your complete IP setup is borked, it still works. I don't use secret at home. See here for more info. https://help.mikrotik.com/docs/display/ROS/RoMON Thank you very much,...
by atomicduck
Tue Aug 29, 2023 7:24 pm
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Re: Separating access points from management VLAN?

I presume you too manage devices directly from central router? You don't use winbox for scanning? Sometimes I do but when I see it doesn't come through, I use ROMON. I have never used ROMON before. Pls. see if I understand how ti works: 1. I set up the ROMON on central router, set ID and secret (BI...
by atomicduck
Tue Aug 29, 2023 7:06 pm
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Re: Separating access points from management VLAN?

The fact you use VLANs, is giving this to be expected behavior. What I do at home, is allow my personal PC access to all defined VLANs (since it has a fixed IP based on MAC address). At work I always connect from PC to 1 central router using ROMON and then I can move on. Thanks - I have this set al...
by atomicduck
Tue Aug 29, 2023 5:43 pm
Forum: General
Topic: Separating access points from management VLAN?
Replies: 28
Views: 3093

Separating access points from management VLAN?

I made a MGMT VLAN and an AP VLAN. MGMT is for routers and switches, and AP is for AP. I isolated a bit that VLAN, and only CAPSMAN ports and some IP services are available. The AP ports are access ports on PoE switches, and I am reluctant to allow management VLAN there, because that makes accessing...
by atomicduck
Tue Aug 22, 2023 5:56 pm
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

The plans are always changing and suspect vary a lot by country too... Apparently, Starlink Router is WiFi only. Go figure. (No business option where I am .) The ethernet adapter goes in-line between the dish and router on regular/"rectangular" ones. Also why I suspect it's still a USB bu...
by atomicduck
Tue Aug 22, 2023 5:16 pm
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

I will definitely order an additional cable with it when I get to implementation. And perhaps an ethernet adapter too. They typically don't come with any (but they are always changing things, so check when you order) ... i had to check this. For anyone interested: https://api.starlink.com/public-fi...
by atomicduck
Tue Aug 22, 2023 4:53 pm
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

Thank you very much for this informative and usable info.

I will definitely order an additional cable with it when I get to implementation.
by atomicduck
Tue Aug 22, 2023 8:27 am
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

BATTERY: But how do you prevent overcharging?? The AC/DC adapter that comes with battery has a voltage sensor. STARLINK: I also heard that starlink antenna array uses a *lot* of power... Have you had experience of how it feels using it in real life? I haven't monitored it closely, but SL typically ...
by atomicduck
Mon Aug 21, 2023 7:27 pm
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

BATTERY: But how do you prevent overcharging?? I supposed you have circuitry to monitor both upper and lower voltages and stop charging, or you rely on internal battery circuitry? (Apart from that, this is rather smart setup..) STARLINK: I was actually thinking of using starlink as a backup in a nu...
by atomicduck
Mon Aug 21, 2023 4:24 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Unfortunately no. It is a standard feature now. No, what is standard now is to use a "random" MAC. But it remains constant. In the first version a new random MAC would be selected every time a WiFi connection was made, or even when it roamed to another AP. That would cause overflow of DHC...
by atomicduck
Mon Aug 21, 2023 3:41 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Users are connecting with username/password in EAP (enterprise security) anyway. So random MAC is not a problem as long as all limits are bound to the username (RADIUS accounting and profile limits). In wifi "registrations", the used username for RADIUS is not visible, so I add it in the ...
by atomicduck
Mon Aug 21, 2023 2:46 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

For this to work you need to disable that mis-feature. Also I think Apple has stopped doing that long ago. Unfortunately no. It is a standard feature now. May I ask how big is the system? We have about 250 Windows machines, a similar number of Android phones, and about 2500 "guest" device...
by atomicduck
Mon Aug 21, 2023 1:57 pm
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

I sometimes use 24V battery packs on either PoE injector or as the DC IN, with the battery charge always plugged in to the grid. No AC/DC conversion and Mikrotik's don't really use all that much power, so $50-100 battery pack is often longer lasting/cheaper than APC-like AC UPS. The 24V lithium pac...
by atomicduck
Mon Aug 21, 2023 1:29 pm
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 86
Views: 32327

Re: RouterOS bridge mysteries explained

Anyways, it is nice to have unified way to do this. From what I understand, most, if not all of the new devices support the new bridge mode, so that is fine (and preferable) by me. :arrow:
by atomicduck
Mon Aug 14, 2023 12:06 pm
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 86
Views: 32327

Re: RouterOS bridge mysteries explained

If it is purely UI decision, then why there are three different ways to set VLANs depending on underlying hardware? If we're thinking of same 3 ways, then: bridge with vlan-filtering is the unified solution, introduced in ROS 6.42. All newer devices can offload it to HW for some functions and some ...
by atomicduck
Mon Aug 14, 2023 11:20 am
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 86
Views: 32327

Re: RouterOS bridge mysteries explained

I would second this. I don't agree ... and I wrote my reasoning in post #69 above. Configuring switch chip via bridge configuration interface has nothing to do with hardware topology, it's an UI design decission. IMO it's similar to dilemma between using 3D graphic card using GPU-specific ABI versu...
by atomicduck
Mon Aug 14, 2023 12:22 am
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 86
Views: 32327

Re: RouterOS bridge mysteries explained

The only reason: MT has using cheap consumer chips which has "slow shared bus" to the physical ports ( eth1, eth2, eth3, ... ) and all the processing is done by the limited CPU. Other "large" vendors, they using ASIC chips for packet processing. The difference in short: "Yo...
by atomicduck
Fri Aug 11, 2023 5:20 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

May I ask how big is the system? - Complex solutions are warranted only on very large systems, and your solution does seem quite a hassle to develop and maintain. I presume your spans hundreds of machines. Probably in the range from 200-400? Or more? I just checked, and really - there is no replicat...
by atomicduck
Fri Aug 11, 2023 4:17 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

Yes it is possible to make WPA2-EAP work on Windows and e.g. Android and IOS, we have that here at my work. But I can tell you it is a royal pain in the b*tt to make it all working and to get the certificates installed etc. In the end I have made it all work automatically with INTUNE and a UBNT Lin...
by atomicduck
Fri Aug 11, 2023 2:11 pm
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

Re: A bit better WiFi security with per-user PSK? [SOLVED]

MikroTik does not support having different PSK per device under WPA2-PSK. It *is* possible to do this under WPA2-EAP, but you will find that not all client devices support that, and when they do they may mandate the installation of a certificate (this is not strictly required for the protocol to op...
by atomicduck
Fri Aug 11, 2023 1:59 pm
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 86
Views: 32327

Re: RouterOS bridge mysteries explained

Would it work that I make images out from it, and post it one by one on the forum? This is rather usable presentation. Would do it.
by atomicduck
Fri Aug 11, 2023 1:58 pm
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

Thanks. These monitoring tips are great. For me the most important one would be the temperature - sometimes AC units fail in server rooms and then things can get toasty. I was maybe thinking building my own, base on Pi https://www.instructables.com/How-to-Build-a-Raspberry-Pi-Temperature-Monitor/ Wh...
by atomicduck
Fri Aug 11, 2023 9:18 am
Forum: Wireless Networking
Topic: A bit better WiFi security with per-user PSK? [SOLVED]
Replies: 62
Views: 11978

A bit better WiFi security with per-user PSK? [SOLVED]

I would like to lift up security of mi WiFi networks, but still keeping it simple. Username / password for accessing wifi would be enough, but I would like to skip certificates. I would appreciate info in this regard, and a tutorial or two as I can't find anything. Other option would be a PSKs for e...
by atomicduck
Thu Aug 10, 2023 8:09 am
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

Thanks for info. Out of curiosity, how do you solve monitoring and reporting of MIkroTik systems and external sensors/batteries and such? Also re UPS, fullcapacity is a no-no in my opinion, one should always leave a large power margin when UPSs are concerned. The hack I mentioned regarding Back-UPS ...
by atomicduck
Wed Aug 09, 2023 10:52 pm
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

#1 OK #2 Jesus. ... Don't you think that s a bit of an overkill? :shock: That system is really complex, have multiple fail points and is expensive to maintain. If I my suggest maybe a more sensible approach, given that you like to thinker - get an Smart UPS 750, or 1000 (they don't have a fan), or i...
by atomicduck
Wed Aug 09, 2023 10:33 pm
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 86
Views: 32327

Re: RouterOS bridge mysteries explained

I hope you add information about creating VLANs by new way... and how live with General vlan id:1 and others as Trunk. For now I use always this howto: https://mbum.pl/archive/vlan-po-nowemu.pdf (Presentation from Ihor Hreskiv at Mikrotik Beer User Meating at Poland 2019, mbum.pl) Pages: 34 - 50 I ...
by atomicduck
Wed Aug 09, 2023 6:49 pm
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Re: Practical redundancy on devices with PoE port + adapter?

So you chose an option to have external dedicated poe backup. I am thinking about this too, in a way that I would have a separate injector and an adapter for each device if I wont find a way to configure excess PoE switch ports to be redundancies. Have you maybe checked what happens when you plug/un...
by atomicduck
Wed Aug 09, 2023 11:32 am
Forum: Beginner Basics
Topic: Practical redundancy on devices with PoE port + adapter?
Replies: 26
Views: 4654

Practical redundancy on devices with PoE port + adapter?

I had an adapter fail on me during a rather large installation last week, so I scrambled to go there and replace it... I have a big box of them, just in case. (I think 20-30 adapters. :lol:) Then I started reading about PoE input and realized that some of the devices are built in such a way that if ...
by atomicduck
Tue Jul 04, 2023 12:25 pm
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

we have retested 5009 - USB specification will change to 1.5A
I appreciate this very much. I love it that you are flexible enough to do this, and that you as a company keep the original appeal for your devices.
by atomicduck
Tue Jul 04, 2023 12:17 pm
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

Re: INFO: MikroTik new default device password practice

I still would not dare to have a MikroTik router with open webfig/winbox ports to the internet!
Only allow management from the "inside" or via a VPN.
Of course :-)
by atomicduck
Tue Jul 04, 2023 12:08 pm
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

Re: INFO: MikroTik new default device password practice

My password strategy is twofold: For stuff that I have to login manually sometimes i use cca 15-25 char passwords that are also relatively easy to type. For stuff that I never type, I set the pass alphanumeric as large as the system accepts. Say 50, 100 or more random generated characters. So device...
by atomicduck
Tue Jul 04, 2023 10:37 am
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

Re: INFO: MikroTik new default device password practice

I do use KeePass as well. Storing password in a cloud together with many other user, is a big bait for any hacker so it will be hacked soner or later. (or lost since site has corrupted disk) Same logic here. I have thousands of passwords, keys and encryption certificates. I do backup the databases ...
by atomicduck
Tue Jul 04, 2023 9:43 am
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

Re: INFO: MikroTik new default device password practice

The scenario that this new practice (as mandated by the EU) tries to prevent is that new devices are deployed and left with a default (or no) password. That is a very common scenario (as indicated by "research scanners") and regulation has been made because manufacturers apparently did no...
by atomicduck
Mon Jul 03, 2023 12:44 pm
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

Re: INFO: MikroTik new default device password practice

1) Netinstall doesn't give a damn about your password, you might as well lose it. It doesn't, but deivice does pull default password on reinstall. You can force it not to it seems. 2) Are you concerned about security? What do you care if someone discover the default password, so you make a user of y...
by atomicduck
Sun Jun 25, 2023 9:33 pm
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

Re: INFO: MikroTik new default device password practice

Picture of label of every device with password and I store everything in Evernote. If you reset to factory conditions, you need to have those passwords again. You can also netinstall and apply your own default password. Hm. Istn't evernote a bit unsafe? I use KeePass and store everything there. Enc...
by atomicduck
Sun Jun 25, 2023 8:13 pm
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

Re: INFO: MikroTik new default device password practice

Had it too some months ago on an AC3.
Support said there was a mismatch between printed material off factory and online manual.
Yup, that's what I got from all of this...

How do you solve archiving passwords? Is it needed after you change pass?
by atomicduck
Sun Jun 25, 2023 7:47 pm
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

Re: INFO: MikroTik new default device password practice

Well, task successfully failed from my perspective :-) I thought I got a bricked device at first. Happened a few times, so no biggie I thought, that is why I did a netinstall (especially concerning that I did have a bricked 4011 recently). However, the change was NOT in the supplied manual. I did ch...
by atomicduck
Fri Jun 23, 2023 2:05 am
Forum: Beginner Basics
Topic: INFO: MikroTik new default device password practice
Replies: 23
Views: 6942

INFO: MikroTik new default device password practice

Info for users: I just spend 2-3h troubleshooting new 4011 on site, into which I couldn't login with default“ admin / empty. I did not see / notice that the device has a preset admin and WiFi passwords on the back of the device, which is different from hundreds of other devices I configured. If you ...
by atomicduck
Fri Jun 09, 2023 3:15 pm
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

mostly container and rose tests - some heavy writes after that no use at all. p.s. Just checked 5009 - it seems that inner power delivery circuit should support 1.5A, we will recheck if there is a mistake in spec sheet. I think it would be great if that is so. Design for 1.5A, peaks maybe 10% more....
by atomicduck
Thu Jun 08, 2023 3:46 pm
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

I personally have been using 1.7A rated Micron 5200 SSD via USB to SATA close to year with RB5009 - no issues so far.
How long? And what are you holding on it? - Meaning are you using databases with constant access, or stuff to boot with only ocassional access?
by atomicduck
Thu Jun 08, 2023 11:43 am
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

I have successfully connected a hub and a couple of drives to a 5009 or 2004. If the drives weren't bad in the first place (which turned out to be the case for a couple), they came right up. So ROS handles multiple drives without an issue. Appreciaated. As for power consumption, the drive I have is...
by atomicduck
Wed Jun 07, 2023 4:15 pm
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

A distributor told me that it will be available in end of August / beginning of September. :D :D :D :D Yeah. No way Anselmo. I waited for my own RB5009 for A YEAR. And currently I am waiting for a bunch for a project (10GBE backbone, routers, switches) of equipment for about a month now. Everything...
by atomicduck
Wed Jun 07, 2023 3:37 pm
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

Yeah, it is a pity. I do have a RB4011 and I dislike the lack of a USB port (and the beeper). And of course the use of two different chip families for 2GHz and 5GHz (it is a wireless model). In the good old days we had the RB2011 which had all the options. But of course a weak CPU for today's speed...
by atomicduck
Wed Jun 07, 2023 11:51 am
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

And why do that on RB5009 and not on a machine really suited for the required processing power ? (database stuff can be quite resource intensive) Or is the test to see how it runs on RB5009 ? RB5009 is very powerful. It directly compares with Intel Core2 Duo E4500, which means it is more than power...
by atomicduck
Wed Jun 07, 2023 11:15 am
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

I need to do a bunch of tests on docker contaners for database engines and apache/php.
by atomicduck
Wed Jun 07, 2023 11:11 am
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

May I ask why? (I am too inclined to use it as is.)
by atomicduck
Wed Jun 07, 2023 10:56 am
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

Well, data for a year working without a problem would be OK... :_)

As for powered hub, that is actually a great idea. Can you recommend one?
by atomicduck
Wed Jun 07, 2023 10:43 am
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Re: Long term effects of SSD HDD connected to 5009 router?

I think the SATA SSD disks should be between 2-5W.. Which should fall in to 1A/5V range. As for passthhrough - the 5009 has to have a rectifier, as the input power can be from 12-24V all of which are a lot above USB voltage of 5 V (unless PD). Now... The Q is mainly the long term, because I know peo...
by atomicduck
Wed Jun 07, 2023 9:26 am
Forum: RouterBOARD hardware
Topic: Long term effects of SSD HDD connected to 5009 router?
Replies: 26
Views: 5622

Long term effects of SSD HDD connected to 5009 router?

I was thinking to expand storage for my RB5009 with enclosure with USB SSD that I have standing around. I know from experience that normal laptop HDD will draw too much power, and over time USB poer / power circuitry will suffer. Can the router handle long term connection to SSD in enclosure? Anyone...
by atomicduck
Sun Feb 05, 2023 12:51 pm
Forum: General
Topic: Add emoji to the ssid name
Replies: 38
Views: 18606

Re: Add emoji to the ssid name

KUDOS
by atomicduck
Sun Feb 05, 2023 11:36 am
Forum: Useful user articles
Topic: Few notes on how to successfully use Netinstall on Mac
Replies: 0
Views: 7974

Few notes on how to successfully use Netinstall on Mac

Here are a few notes on now to successfully use NetInstall on Intel Macs (works on all version od MacOS, tested last on Ventura). Steps: 1. Download same version of ROS installation and Netinstall for the bricked deivice (don't mix different Netinstall and ROS versions). 2. You need to have Windows ...
by atomicduck
Sun Feb 05, 2023 1:14 am
Forum: General
Topic: Add emoji to the ssid name
Replies: 38
Views: 18606

Re: Add emoji to the ssid name

Neat! Just tested it and it works on CapsMan on 7.7, however only thu cli.
by atomicduck
Sat Feb 04, 2023 8:57 am
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Any router that might be designed for use as a test bed or lab environment should be designed with a serial port. The fact that the RB5009 wasn't baffles me. Initially, it looked attractive till I saw the serial port wasn't there.. Just get a RB4011 instead.. -tp Exactly what I did. I decided to pu...
by atomicduck
Fri Feb 03, 2023 7:04 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Let's make a request for MikroTik to make that setting an option? Something that can be flipped the same way other RouterBOOT settings can? I support that. Even if going to the board directly if there are headers there, that would be a viable option to recover router that died. Or make header ourse...
by atomicduck
Fri Feb 03, 2023 6:45 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Probably not a good idea. It seems it would be very easy to brick the router this way...
I just won't use this thing in production and that's about it.

RB1100 is plenty.
by atomicduck
Fri Feb 03, 2023 5:56 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Do you happen to have OpenWRT manual on how to do this? 5009 is ARM 64 bit which is plenty and a reason why I bought it.
by atomicduck
Fri Feb 03, 2023 11:40 am
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

I also got a reply from MikroTik support: both Woobm and USB-Serial adapters can work only if ROS is running, so no console for me. So I guess it better not break. LOL :-)
by atomicduck
Thu Feb 02, 2023 1:35 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Like on the back of the The Hitchhiker's Guide to the Galaxy book. :-D
by atomicduck
Thu Feb 02, 2023 9:36 am
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Crap. OK... So tell me this: I had a failed 4011 two months ago, as the storage got corrupted. That is the most plausible explanation of what happened to it. Netinstall did not work whatever I tried, it just got stuck on upload, so I had to reformat the storage, and reupload the routerboot that I go...
by atomicduck
Thu Feb 02, 2023 9:27 am
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Probably there are some stuff lost in translation. 1. You CAN use serial<>usb adapters to connect to your RouterOS, IF: that adapter is properly recognized and configured under RouterOS and if RouterOS is functional. 2. You CAN'T use serial<>usb adapters as a debug port (if RouterOS crashed for som...
by atomicduck
Thu Feb 02, 2023 9:15 am
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

I am confused now - does this mean I wouldn't be able to connect to serial console using an adapter? (in usb-serial = serial-usb config)
by atomicduck
Wed Feb 01, 2023 11:49 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

I got a reply re connectivity -> USB-serial-nullmodemcable-serial-usb contraption should work no problems. It can be made even easier from two USB to TTL boards (super cheap from China, <$1, just get FTDI chips as they are least problematic), connect RX->TX, TX->RX, GND->GND and it's done. Easiest ...
by atomicduck
Wed Feb 01, 2023 11:47 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

What I do on "important" RB5009 is to sacrifice ether8 for mgmt port. I make it not part of the main bridge nor part of the LAN interface group and bind a static ip directly to ether8, allow winbox/webui/ssh on it. So if I mess up bridge settings or FW rules in a way not even MAC access i...
by atomicduck
Wed Feb 01, 2023 4:49 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

I got a reply re connectivity -> USB-serial-nullmodemcable-serial-usb contraption should work no problems.
I just ordered another usb adapter I know works fine and I tested over USB connection.

As for woobm I am still not sure if that is console connection or terminal connection.
by atomicduck
Wed Feb 01, 2023 3:28 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

This said, 5009 is a great device, but without serial I can't implement it anywhere as there is no backup access.
Backup for what? For have serial port onsite or use remotely the serial port?
[/quote]

Backup for when routeros is broken so I can fix it tru console.
by atomicduck
Wed Feb 01, 2023 3:12 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Do not work on v7, see other topic about that.
Could you please provide me the with the thread link? I can't find it.

This said, 5009 is a great device, but without serial I can't implement it anywhere as there is no backup access.
by atomicduck
Wed Feb 01, 2023 3:00 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

But this doesn't connect to serial console? It is only for running routeros devices?
by atomicduck
Wed Feb 01, 2023 12:07 pm
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Re: Doesn't RB5009 have a serial port?? [SOLVED]

Yes, you missed reading the specs before buying it.
Excellent. Is there a way to access the device over USB port via serial adapter or something??
by atomicduck
Wed Feb 01, 2023 11:58 am
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 40
Views: 5592

Doesn't RB5009 have a serial port?? [SOLVED]

I just (finally) received RB5009, and I see no serial port? Am I missing something?
by atomicduck
Tue Jan 31, 2023 3:28 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

OK, so after a year of waiting I managed to get (pay for now) for my 5009... My distributor told me again MT prolonged delivery to April, and another distributor just rung me and told me they have one for me :o) The first one will return the deposit, and I paid to the second one. And of course it wa...
by atomicduck
Tue Jan 17, 2023 12:35 pm
Forum: Beginner Basics
Topic: Is it good idea to PoE feed all ROS and SWOS devices centrally in a closet?
Replies: 21
Views: 1601

Re: Is it good idea to PoE feed all ROS and SWOS devices centrally in a closet?

Thanks My general idea was to have a CRS328 or CRS112 in a rack, and then power the devices through it. Both of these switches have dual voltage output where 328 as PSU-s integrated and 112 via external adapters. I would skip non MT solutions and injecting power, because that would defeat the purpos...
by atomicduck
Tue Jan 17, 2023 8:44 am
Forum: Beginner Basics
Topic: Is it good idea to PoE feed all ROS and SWOS devices centrally in a closet?
Replies: 21
Views: 1601

Is it good idea to PoE feed all ROS and SWOS devices centrally in a closet?

For a while I have been thinking about centrally powering all of my devices in a specific communication or server closet. I'm currently using power adapters that came with devices, and that solution does work well. Given that essentially every MT device that I know has a power in Port maybe it would...
by atomicduck
Fri Dec 30, 2022 1:26 pm
Forum: General
Topic: L2TP not connecting on Windows client
Replies: 6
Views: 12607

Re: L2TP not connecting on Windows client

Set these values:
Proposal: aes-128cbc/sha1/modp1024
Profile: sha1/aes-128/ecp256
Had the same problem, and these work fine. I tested on latest Win 10.
by atomicduck
Fri Dec 30, 2022 11:53 am
Forum: General
Topic: 6.48.6 looses Interface list setting for VPN? [SOLVED]
Replies: 10
Views: 2395

Re: 6.48.6 looses Interface list setting for VPN? [SOLVED]

You can create static interface for user and that one won't disappear: /interface l2tp-server add name=<interface name> user=<user name> This worked. I also got reply from Emil from support who noted that I should make a profile for the specific user and lock use only-one flag: /ppp profile set <us...
by atomicduck
Wed Dec 14, 2022 12:01 pm
Forum: General
Topic: 6.48.6 looses Interface list setting for VPN? [SOLVED]
Replies: 10
Views: 2395

Re: 6.48.6 looses Interface list setting for VPN? [SOLVED]

Thanks, will try both solutions today after work hours.
We had some other issues that I had to urgently fix, sorry for the pause!
by atomicduck
Fri Dec 09, 2022 11:03 am
Forum: General
Topic: 6.48.6 looses Interface list setting for VPN? [SOLVED]
Replies: 10
Views: 2395

Re: 6.48.6 looses Interface list setting for VPN? [SOLVED]

Is it client or server? But in both cases, if you "defined L2TP interface", i.e. you definitely added something, it's either client interface that must be there, or optional "L2TP Server Binding", and both should be usable. What wouldn't work is the dynamic interface created for...
by atomicduck
Fri Dec 09, 2022 11:00 am
Forum: General
Topic: 6.48.6 looses Interface list setting for VPN? [SOLVED]
Replies: 10
Views: 2395

Re: 6.48.6 looses Interface list setting for VPN? [SOLVED]

Ok, so I was digging a bit - if I make a profile per connection, I would be able to have a script run on connection up. Then I would add: /interface list member add interface=<l2tp-1> list="[LAN] Would this work? And on link down, I would have to remove it. However, I can't find the command to ...
by atomicduck
Wed Dec 07, 2022 4:56 pm
Forum: General
Topic: 6.48.6 looses Interface list setting for VPN? [SOLVED]
Replies: 10
Views: 2395

Re: 6.48.6 looses Interface list setting for VPN? [SOLVED]

here they are: (Also, the last two in members, shoudl show l2tp-connection1, but that one falls off after a day or so. /interface list add name="[INTERNET]" add name="[LAN]" add name="[INTERNAL LANS]" add name="[INTERNAL LANS + WIFI]" /interface list member ad...
by atomicduck
Wed Dec 07, 2022 3:06 pm
Forum: General
Topic: 6.48.6 looses Interface list setting for VPN? [SOLVED]
Replies: 10
Views: 2395

6.48.6 looses Interface list setting for VPN? [SOLVED]

Hello, not sure if this is by design, but RB1100AH on 6.48.6 is loosing setting under interface lists for VPN setting. I have defined a l2tp-connection1 as an interface under PPP, and when I define it under interface list, it is lost - upon reconnection I think. Is this by design? I use it for the n...
by atomicduck
Mon Nov 14, 2022 10:03 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

If your short in supply, see in which end-product those goods are being used which bring the highest margins. Sell those. Yes I get that, but the thing is that *everything* is more expensive now. Simple ICs are often several times more expensive than before (someone up commented exactly that), so I...
by atomicduck
Mon Nov 14, 2022 8:24 am
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

Now new trend is that older industry standard parts are being obsoleted in rapid fashion. Component MFGs are freeing up production lines for something more profitable. You mean in general, or as a result of shortage? As for my 5009, I managed to get on a waiting list. A friend form another co told ...
by atomicduck
Wed Nov 02, 2022 7:00 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

Thank you. I appreciate it.
by atomicduck
Tue Nov 01, 2022 6:54 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

@jbl42 - I am ranting... But it is two+ years now. From my perspective that is enough to fix the supply chain. I will read the article, hopefully it will shine some light on the issue. @chechito - I think I will have to go that route myself. The unfortunate part is that the planning is not months, b...
by atomicduck
Mon Oct 31, 2022 7:03 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

With all components in it ? Plenty of tesla on parking lots with parts missing. Where I live 1 year for a new car with personal config. Ok, now compare that with a pre-built router. No options, etc. Two pieces of metal, one cast and one sheet, two sets of LAN terminals, an USB, SFP, and some other ...
by atomicduck
Mon Oct 31, 2022 11:00 am
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

I just got info from distributor: CCR1009-7G-1C-1S+PC - not available at at all CCR2004-16G-2S+PC - February at the earliest What I don't understand is how is it possible that the supply circus issue lasts this long. I mean, how it is possible that there are no chips? Deliveries should really be a n...
by atomicduck
Sun Oct 30, 2022 12:54 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Move from UBNT
Replies: 17
Views: 2282

Re: [CAPsMAN] Move from UBNT

atomicduck "But it's cheap." Apparently no one does proper QA anymore. But the webinar and talk with the reps back in Dec really got my interest. 6ghz radios that can run as 5ghz until there are more devices sounded awesome. But they missed a bunch of release dates. And here in the US... ...
by atomicduck
Fri Oct 28, 2022 5:23 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

I am looking everywhere. Found some locations around the globe, but TBH I doubt any of them actually have the thing on stock, regardless of online status. As for alternatives, I could either aim for: CCR2004-16G-2S+PC or CCR1009-7G-1C-1S+PC However, I wouldn't really bet on the availability. Have to...
by atomicduck
Thu Oct 27, 2022 3:48 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN availability
Replies: 20
Views: 5708

Re: RB5009UG+S+IN availability

I just called my dealer, and after waiting 7 months, got delayed to February 2023...

Not sure what to do, the only thing left is to get 4011 with wifi chipset. Even plain 4011 is not available.
by atomicduck
Wed Oct 26, 2022 4:18 pm
Forum: General
Topic: Filtering out VPN traffic to specific host / port range
Replies: 0
Views: 285

Filtering out VPN traffic to specific host / port range

I have a VPN link for external user that I need to limit to one server / several ports and just looking if my line of thought is OK: I need to create server binding interface in PPP, and then I use that port as an in interface, and allow forward to the specific local IP + ports, and block else. Shou...
by atomicduck
Wed Oct 26, 2022 4:14 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Move from UBNT
Replies: 17
Views: 2282

Re: [CAPsMAN] Move from UBNT

Here we go again... Its just inevitable. Been to a Cambium conference last week. Seems that they don't have much if any supply chain issues. Most of their equipment is available immediately here, and I have to admit that sounds sweet. I waited to MikroTik PoE SW for 9 months this year, and waiting ...
by atomicduck
Mon Oct 03, 2022 6:52 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Move from UBNT
Replies: 17
Views: 2282

Re: [CAPsMAN] Move from UBNT


Its just inevitable.
If all would be perfect, what would you hope for? :-)
by atomicduck
Mon Oct 03, 2022 5:48 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Move from UBNT
Replies: 17
Views: 2282

Re: [CAPsMAN] Move from UBNT

:-) a netadmin's horror story from hell. One really has to understand the scope and the philosophy behind MikroTik, and either accept it or move on. Their way of doing stuff is producing very useful and versatile equipment for cheap. Most of the stuff they make is not available anywhere else. Take l...
by atomicduck
Mon Oct 03, 2022 3:25 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Move from UBNT
Replies: 17
Views: 2282

Re: [CAPsMAN] Move from UBNT

Yeah... Those are quite specific issues and I can relate to them.
What provider you used to fix the issue?
by atomicduck
Mon Oct 03, 2022 1:52 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Move from UBNT
Replies: 17
Views: 2282

Re: [CAPsMAN] Move from UBNT

I am curious what was the issue at hand for you? Regarding the MirkoTik WiFi, one has to not expect hgih transfer speeds, as devices used are predominantly older iteration of WiFi and simple to maintain when you get a grip with CapsMan. That said, I get 80-100 mbps routinely in a well covered facili...
by atomicduck
Sun Oct 02, 2022 10:58 am
Forum: Wireless Networking
Topic: [CAPsMAN] Move from UBNT
Replies: 17
Views: 2282

Re: [CAPsMAN] Move from UBNT

moderator note: do not quote preceding post, use "post Reply". CapsMan / MikroTik is hardcore. It is really hard to do stuff in it sometimes, but the good thing is that when things are set they are rock-solid. I have a number of installations, and number of devices is usually 20-30, somet...
by atomicduck
Sat Oct 01, 2022 4:12 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Move from UBNT
Replies: 17
Views: 2282

Re: [CAPsMAN] Move from UBNT

Can you please help me identify where I'm wrong? Hello, just a few quick notes: you can make it all work, but as there is no "smarts" integrated in Coapsman, roaming depends on signal availability. My approach for this problem is to install enough access points, and set signal levels rath...
by atomicduck
Mon Aug 29, 2022 11:17 pm
Forum: General
Topic: L2TP / IPsec speed on QCA9557 (hEX PoE) [SOLVED]
Replies: 9
Views: 1583

Re: L2TP / IPsec speed on QCA9557 (hEX PoE) [SOLVED]

RB450Gx4 could actually work fine. :-) 5009 is an overkill tho... And you couldn't get one if your life depended on it. I am waiting for mine for more than half a year.
by atomicduck
Mon Aug 29, 2022 9:14 pm
Forum: General
Topic: L2TP / IPsec speed on QCA9557 (hEX PoE) [SOLVED]
Replies: 9
Views: 1583

Re: L2TP / IPsec speed on QCA9557 (hEX PoE) [SOLVED]

I'd really suggest hAP ac² rather than hEX Gr3 for this purpose. The price is about the same, and the throughput is better. So unless you need the microSD slot, it is a better value for money. You can keep the WiFi disabled if that's a concern. The issue with hAP is that it doesn't look professiona...
by atomicduck
Mon Aug 29, 2022 4:23 pm
Forum: General
Topic: L2TP / IPsec speed on QCA9557 (hEX PoE) [SOLVED]
Replies: 9
Views: 1583

Re: L2TP / IPsec speed on QCA9557 (hEX PoE) [SOLVED]

@nichky Thanks. That is what I did. L2TP worked fine, and in essence I am saturating 20/20 link, even with IPsec. However, MikroTik support told me that I can expect the hEX PoE to top out at about 20-something mbps, so that's that, I suppose. @sindy I think hEX PoE is not supposed for this purpose....
by atomicduck
Mon Aug 29, 2022 12:08 pm
Forum: General
Topic: L2TP / IPsec speed on QCA9557 (hEX PoE) [SOLVED]
Replies: 9
Views: 1583

L2TP / IPsec speed on QCA9557 (hEX PoE) [SOLVED]

I maybe made a mistake utilizing hEX poe for a tunnel... I thought it has IP sec acceleration like it hEX sibling, but I am not sure. Does anyone know what throughput can I get over L2TP/IPsec with AES128 tunnel (basic)? I am currently saturating 20/20 link, getting some 14-15 usable Mbps throughput...
by atomicduck
Sat Aug 27, 2022 12:35 am
Forum: General
Topic: L2TP / IPsec encrption algorhytm [SOLVED]
Replies: 2
Views: 891

Re: L2TP / IPsec encrption algorhytm [SOLVED]

Thank you. That document is amazing really, as it is highly useful. I hope my government would do things like that... I implemented your suggestions, as I think they are valid. As for certs vs PSK, I use this VPN for site to site, and keys are 250 chars long, complex gibberish. If someone manages to...
by atomicduck
Thu Aug 25, 2022 2:47 pm
Forum: General
Topic: L2TP / IPsec encrption algorhytm [SOLVED]
Replies: 2
Views: 891

L2TP / IPsec encrption algorhytm [SOLVED]

Hello, I have a Q regarding IPsec encryption algorithms, after some testing of SSTP and abysmally slow connection speed (about 5-6 mbps whatever I do) I established L2TP/IPsec connection which seems to work fine. Now, I understand that by default encryption is rather weak, so I wanted to doublecheck...
by atomicduck
Wed Jul 27, 2022 11:29 pm
Forum: General
Topic: Upgrading the network to 10Gbit backbone
Replies: 3
Views: 639

Re: Upgrading the network to 10Gbit backbone

What, too cheap to splurge for the CCR1072-1G-8S+ router ? ;-) LOL :-D I would be very hard pressed to explain why I would need something like that hahahaha :o) (Also I am happy that I don't really need something like this.) The overall selection of models seems correct... Thanks. What I am aiming ...
by atomicduck
Wed Jul 27, 2022 1:28 pm
Forum: General
Topic: Upgrading the network to 10Gbit backbone
Replies: 3
Views: 639

Upgrading the network to 10Gbit backbone

Hi guys - I am preparing to upgrade a large-ish multi building network to 10Gbit backbones. Here are some ideas I have; would appreciate a comment or two is the general thinking OK... :-) We have a number of servers in central server room, and soon 5 closets in different buildings connected via fibe...
by atomicduck
Wed Jul 27, 2022 1:07 pm
Forum: Wireless Networking
Topic: Making holes in Firewall to allow for AirPrint from WiFi LAN
Replies: 5
Views: 1987

Re: Making holes in Firewall to allow for AirPrint from WiFi LAN

Thanks guys :-) I will try making holes to IPs for starters for these non-HTTP ports for AirPrint, and then will see how this behaves. Not sure will it work, but won't know until I test. Another this that occurred to me is that Android clients won't be able to print to AirPrint devices. No Google Pr...
by atomicduck
Wed Jul 27, 2022 12:55 pm
Forum: Wireless Networking
Topic: Optimal signal levels 2.4/5 GHz for multiroom setup [SOLVED]
Replies: 2
Views: 1033

Optimal signal levels 2.4/5 GHz for multiroom setup [SOLVED]

Hi all, I have a Capsman network with 13 CAP AC APs, 8 of which are in dry-board rooms + 5 CAP XL in warehouse halls. I have set up 2.4 GHz and 5GHz channels manually, and was careful to set 2.4 GHz channels not to overlap. The question is how to set signal levels? - currently I have set signal leve...
by atomicduck
Tue Jul 26, 2022 10:13 am
Forum: Wireless Networking
Topic: Making holes in Firewall to allow for AirPrint from WiFi LAN
Replies: 5
Views: 1987

Making holes in Firewall to allow for AirPrint from WiFi LAN

We have a WiFi network that can't see the the physical network, but some users require AirPrint capabilities from a mobile phone to our printers. I have separate WiFi for internal connections, but would like to set up some holes in the firewall to allow airprint. Did anyone tried to do something sim...
by atomicduck
Thu May 05, 2022 2:44 pm
Forum: Wireless Networking
Topic: Does master interface needs to run for slave to be active? [SOLVED]
Replies: 2
Views: 974

Re: Does master interface needs to run for slave to be active? [SOLVED]

I have it configured as dynamic off. The best approach is what you suggested below; will rearrange the list and set the obligatory SSID as master, and voila.

Thanks!
by atomicduck
Thu May 05, 2022 12:58 pm
Forum: Wireless Networking
Topic: Does master interface needs to run for slave to be active? [SOLVED]
Replies: 2
Views: 974

Does master interface needs to run for slave to be active? [SOLVED]

Practical question - in CapsMan there is one master configuration with SSID, and then I have slave configurations with different SSIDs.

How do I turn off the master configuration SSID off? - If I just disable the master config, all slaves are down (as it should be).

Thanks
by atomicduck
Sun May 01, 2022 2:48 pm
Forum: General
Topic: CRS112 just died on me - 48V connection an issue? [SOLVED]
Replies: 7
Views: 1416

Re: CRS112 just died on me - 48V connection an issue? [SOLVED]

If it's under warranty, I would rma it. if not, perhaps someone else can give you things to check on the board itself for repairs.
It is under warranty. Will return it!

Just curious, is the 48V adapter supposed to be able to power the device alone, or it _requires_ 24 AND 48 volt PS'es?
by atomicduck
Sun May 01, 2022 2:38 pm
Forum: General
Topic: CRS112 just died on me - 48V connection an issue? [SOLVED]
Replies: 7
Views: 1416

Re: CRS112 just died on me - 48V connection an issue? [SOLVED]

It should not matter. I would try with one power supply at a time, if you have different ones, try those. From your description, this is the poe version of the switch, if it was not then you could also try to power via poe in. Yes, this is PoE version, CRS112-8p-4s-IN. I tried with only 24V, 48V, a...
by atomicduck
Sun May 01, 2022 1:55 pm
Forum: General
Topic: CRS112 just died on me - 48V connection an issue? [SOLVED]
Replies: 7
Views: 1416

CRS112 just died on me - 48V connection an issue? [SOLVED]

CRS112 just died on me. It doesn't want to turn on. I needed to move it, and I disconnected power - not 100% sure, but I think I first disconnected default 24V, leaving 48V PS. Later on the switch doesn't power up at all. There is nothing in documentation that I noticed regarding this. Have I made a...
by atomicduck
Thu Apr 28, 2022 2:09 pm
Forum: Beginner Basics
Topic: Firewall / bridge vs interface filtering Q
Replies: 2
Views: 724

Re: Firewall / bridge vs interface filtering Q

Thanks. I gave it some thought. Generally, firewalling works with more or less the same priciple on both input and forward. 1. allow established,related 2. block invalid 3. filtering-blocking 4. allows 5. blocks 6. drop all I have reworked my firewall, partly on your comments; 1. on input i specific...
by atomicduck
Wed Apr 27, 2022 3:25 pm
Forum: General
Topic: mAP lite power draw? [SOLVED]
Replies: 17
Views: 2269

Re: mAP lite power draw? [SOLVED]

I actually never checked it myself, but I am surprised re wAP ac reqs. I always counted it as 10-15W AP, but it seems taht realistically it is much lower. Just checked on one of my PoE switches: RBcAPL-2nD - 1.4 W RBcAP-2D - 1.0 W RBwAPr-2nD - 1.8W These are idling, and go to 2-3W occasionally, whic...
by atomicduck
Wed Apr 27, 2022 2:17 pm
Forum: Beginner Basics
Topic: Firewall / bridge vs interface filtering Q
Replies: 2
Views: 724

Firewall / bridge vs interface filtering Q

I am building a simple firewall using this tutorial: https://help.mikrotik.com/docs/display/ROS/Building+Your+First+Firewall I am happy, but I have few Q for more knowledgable ones. I usually put ether1-WAN in INTERNET bridge and then filter that bridge in rules. The reason is simply not to get conf...
by atomicduck
Wed Apr 27, 2022 1:11 pm
Forum: General
Topic: mAP lite power draw? [SOLVED]
Replies: 17
Views: 2269

Re: mAP lite power draw? [SOLVED]

Thank you very much!

So, it is 260mA or 1.3W or under reasonable load, which is about 50% for USB 2.0 standard of max 500 mA. With light load it is 0,8W which is truly amazing.

Swell and thanks again!
by atomicduck
Wed Apr 27, 2022 11:41 am
Forum: General
Topic: mAP lite power draw? [SOLVED]
Replies: 17
Views: 2269

Re: mAP lite power draw? [SOLVED]

0.14A - 0.16A measured when connected to laptop

mAP_power.jpg
!!

Thank you very much! Could you share what was the load / Tx power setting?

I presume this is idling power drain?
by atomicduck
Wed Apr 27, 2022 12:18 am
Forum: General
Topic: mAP lite power draw? [SOLVED]
Replies: 17
Views: 2269

Re: mAP lite power draw? [SOLVED]

The power adapter provided is specified at 1A / 5W max. Might be required sometimes when REALLY taxing the little bugger :lol: Yes, you are right, I just checked :-) I bought this one as a toy, and I configured it as a bridge AP so I can dig into wired LANs easily... On it have WEYLAND-YUTANI SSID ...
by atomicduck
Wed Apr 27, 2022 12:01 am
Forum: General
Topic: mAP lite power draw? [SOLVED]
Replies: 17
Views: 2269

Re: mAP lite power draw? [SOLVED]

I can use it without any problems with a micro-USB connection, so should be max 500mA since that's what a standard USB port should provide.
From experience I know that many devices have problems supplying even 500mA on 5v USB output, especially in long term applications.
by atomicduck
Tue Apr 26, 2022 11:54 pm
Forum: General
Topic: mAP lite power draw? [SOLVED]
Replies: 17
Views: 2269

Re: mAP lite power draw? [SOLVED]

Unless I missed it, not that I know.
Thanks. Do you maybe happen to have real world info on power draw? Website says 700 mA (3.5W) max..
by atomicduck
Tue Apr 26, 2022 11:47 pm
Forum: General
Topic: mAP lite power draw? [SOLVED]
Replies: 17
Views: 2269

mAP lite power draw? [SOLVED]

Is there a command that will show voltage and current draw of mAP lite device?

I wonder how much it draws, not to overload USB ports, as they usually can reliably provide much less than than 500mA standard describes.

Thanks
by atomicduck
Sat Apr 23, 2022 6:23 pm
Forum: Beginner Basics
Topic: CRS326 as a switch, running basic ROS? [SOLVED]
Replies: 4
Views: 1097

Re: CRS326 as a switch, running basic ROS? [SOLVED]

Thank you very much for your reply.

Will do as suggested.

EDIT: Only thing I left on and that was suggested to turn off is the Cloud time update. I see not much harm from that, so I left it on. Thanks again.
by atomicduck
Sat Apr 23, 2022 5:58 pm
Forum: Beginner Basics
Topic: CRS326 as a switch, running basic ROS? [SOLVED]
Replies: 4
Views: 1097

Re: CRS326 as a switch, running basic ROS? [SOLVED]

Thank you. Does ip-forward matters at all, given all interfaces are in one bridge? Really curious about this one. ** I just checked and there are no visible setting in the /ip cloud. Time updated only when I turned on SNTP client, so do I need to explicitly state that one? ** Re www 80, simplest is ...
by atomicduck
Thu Apr 21, 2022 8:14 pm
Forum: Beginner Basics
Topic: CRS326 as a switch, running basic ROS? [SOLVED]
Replies: 4
Views: 1097

CRS326 as a switch, running basic ROS? [SOLVED]

I am configuring some CRS325 as switches on ROS LT branch. Setup is very simple, and the switch is inside a LAN, connected to the main router. All packages except DHCP and SYTEM are disabled, and I've put firewall on input chain, and the rest should be fine? In essence, I am trying to cut all down t...
by atomicduck
Tue Apr 12, 2022 10:25 am
Forum: General
Topic: CapsMan bridges vs VLANs? [SOLVED]
Replies: 10
Views: 2567

Re: CapsMan bridges vs VLANs? [SOLVED]

You have to be aware that CAPsMAN forwarding is CPU intensive for both CAP devices as well as (or mainly) for CAPsMAN device. Traffic between CAP and CAPsMAN is ciphered and encapsulated into normal IP packets. Both ciphering/deciphering and fragmentation/defragmentation can be pretty CPU intensive...
by atomicduck
Mon Apr 11, 2022 11:28 pm
Forum: General
Topic: CapsMan bridges vs VLANs? [SOLVED]
Replies: 10
Views: 2567

Re: CapsMan bridges vs VLANs? [SOLVED]

tl;dr: VLANs are like having multiple bridges, except the traffic for all the bridges can be carried between devices over a single Ethernet port. You are completely right - I am using CapsMan with local-forwarding off. From your (Very clear!! Thank you!) explanation it is clear that I don't need VL...
by atomicduck
Mon Apr 11, 2022 9:49 pm
Forum: General
Topic: CapsMan bridges vs VLANs? [SOLVED]
Replies: 10
Views: 2567

Re: CapsMan bridges vs VLANs? [SOLVED]

Thanks.

Re MT new WiFi standards... I decided to go with MT devices as I usually use those for installations. They are not the fastest, but they are fast enough and price is more than acceptable. Usually 2-3x cheaper than other options.

I am also very much looking forward new MT WiFi models.
by atomicduck
Mon Apr 11, 2022 7:47 pm
Forum: General
Topic: CapsMan bridges vs VLANs? [SOLVED]
Replies: 10
Views: 2567

Re: CapsMan bridges vs VLANs? [SOLVED]

Why, if your setup is working for you? Stick what works and you understand. I find capsman, datapath etc etc. far too complicated. Vlans is easy as pie to implement. I am trying to improve. Trying to understand if there is a better way to do stuff than I am currently using. I find it very simple to...
by atomicduck
Mon Apr 11, 2022 5:59 pm
Forum: General
Topic: CapsMan bridges vs VLANs? [SOLVED]
Replies: 10
Views: 2567

CapsMan bridges vs VLANs? [SOLVED]

I am trying to wrap my head around VLANs and the need for them for my setups. (Just read https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 ) My general setyup is: 1. central router 2. a number of switches 3. a number of APs Router hosts and controls everything. WAN port is for Intenret acce...
by atomicduck
Tue Mar 22, 2022 4:10 pm
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN PoE power output question [SOLVED]
Replies: 6
Views: 2698

Re: CRS112-8P-4S-IN PoE power output question [SOLVED]

Thank you, appreciated.

I will order the switch + 48POW.
by atomicduck
Sat Mar 19, 2022 11:15 am
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN PoE power output question [SOLVED]
Replies: 6
Views: 2698

Re: CRS112-8P-4S-IN PoE power output question [SOLVED]

Thanks guys. I will have situation similar to @rextended: with three higher power devices (cameras, 18w) and five smaller ones (CAP ac at 13W). As the PoE output is input passthrough, I presume the proposed standard 48POW will be adequate to split it between the PoE and PoE+ devices, otherwise I wou...
by atomicduck
Fri Mar 18, 2022 10:21 pm
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN PoE power output question [SOLVED]
Replies: 6
Views: 2698

CRS112-8P-4S-IN PoE power output question [SOLVED]

Hello, I have a practical question about PoE device power consumption. The general CRS112-8P-4S-IN comes with 95W adapter. That leaves about 80-85W for devices. I will have 8 PoE devices with total consumption of some 149 W nominally, which is at the max output for the Switch. There are two Power Ad...
by atomicduck
Mon Jan 31, 2022 11:38 am
Forum: Wireless Networking
Topic: What AP for wall mounting inside the office? [SOLVED]
Replies: 14
Views: 6792

Re: What AP for wall mounting inside the office? [SOLVED]

I mean, 20-30 mbps is more than enough for browsing, terminals, even video calls, etc. Higher speeds are great, but the reality is that most companies have relatively small uplinks. Do not get confused...Wireless speed and LAN/wired should be compared by a factor of 10. So this is a 60Mbps Lan/Wan ...
by atomicduck
Mon Jan 31, 2022 9:39 am
Forum: Wireless Networking
Topic: What AP for wall mounting inside the office? [SOLVED]
Replies: 14
Views: 6792

Re: What AP for wall mounting inside the office? [SOLVED]

Wow. Amazing. No can do in MikroTik, altho to be fair MikroTik is routing company primarily + they try to be the cheapest and most flexible option. So I guess their logic is that if you want ultimate speed you can get it, but for basic access and "normal" speeds, they are more than enough....
by atomicduck
Sun Jan 30, 2022 4:52 pm
Forum: Wireless Networking
Topic: What AP for wall mounting inside the office? [SOLVED]
Replies: 14
Views: 6792

Re: What AP for wall mounting inside the office? [SOLVED]

I now switchzed to wifiwave2 drivers and see double performance (around 550-600Mbps on 5G, compared to 240-280Mbps with default wireless drivers - tested with a samsung S20FE). note that a wap ac or cap ac cannot move to wifiwave2 drivers. I am amater that you see such an improvement. Whats with ca...
by atomicduck
Thu Nov 11, 2021 5:48 pm
Forum: Wireless Networking
Topic: What AP for wall mounting inside the office? [SOLVED]
Replies: 14
Views: 6792

Re: What AP for wall mounting inside the office? [SOLVED]

The wAP AC doesn't look bad when wall mounted and provides excellent coverage. With brick walls, I would plan on 3 per floor just to insure 5ghz coverage. https://mikrotik.com/product/RBwAPG-5HacT2HnD Thanks. Does MikroTik publish antenna beam coverage? wAP AC has a metal backplate, so I presume co...
by atomicduck
Thu Nov 11, 2021 2:12 pm
Forum: Wireless Networking
Topic: What AP for wall mounting inside the office? [SOLVED]
Replies: 14
Views: 6792

Re: What AP for wall mounting inside the office? [SOLVED]

Do you have a floorplan?
Here it is, roughly. Still waiting for the actual plans. I have this + about 3x times the area with rooms below.
splan.png
by atomicduck
Thu Nov 11, 2021 11:30 am
Forum: Wireless Networking
Topic: What AP for wall mounting inside the office? [SOLVED]
Replies: 14
Views: 6792

What AP for wall mounting inside the office? [SOLVED]

Hello all, could you please suggest what would be the best AP for wall mounting inside the office? It is because we are lacking ceiling mounts and cabling, so I am looking at the next best solution. The idea in general is to use CAP ac or CAP xl, but I am worried how the WiFi signal will propagate o...
by atomicduck
Wed Oct 20, 2021 8:26 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 3289

Re: RB260GS EOL? [SOLVED]

The next best alternative is a cheap TP-Link managed switch, but those aren't even close to Mikrotik's quality.
Yah, I know. :-(

It is kind of weird that they allow such situations. The only explanations that I can think of is that they have very low margins.
by atomicduck
Wed Oct 20, 2021 4:51 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 3289

Re: RB260GS EOL? [SOLVED]

Managed switch 1SFP + 5 1G ports with POE in for $ 40? I don't know any alternative. It is very convenient to use for connecting a small number of clients. Our first such switch has been successfully working for over 10 years :) That is exactly my point. I have loads of those, and the all work fine.
by atomicduck
Wed Oct 20, 2021 4:04 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 3289

Re: RB260GS EOL? [SOLVED]

Why,,,,,,,, they are the plain jane 5 port switch.....??

Are you saying that the CSS610-8G-2S+IN is now their low ball switch??
Thats 8P 10G sw that costs 100 USD.
by atomicduck
Wed Oct 20, 2021 2:45 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 3289

Re: RB260GS EOL? [SOLVED]

Probably correct, local shops here still have inventory but they offer it at a special reduced price. That likely means they want to sell-out their stock before a new device appears that would make it an unattractive choice. So likely there will be an announcement of a new model. If not, you could ...
by atomicduck
Wed Oct 20, 2021 2:32 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 3289

RB260GS EOL? [SOLVED]

I just was informed by distributor that RB260GS is EOL, and that they can not deliver it. Is that correct?

I have no replacement for small switches, and need info. Thanks.
by atomicduck
Thu Oct 14, 2021 11:14 am
Forum: Scripting
Topic: How to make CAPSMAN beep? :-)
Replies: 0
Views: 1883

How to make CAPSMAN beep? :-)

I would like my capsman to beep when users reallocate to another AP as they roam. How would I do that? :-D

There is no practical purpose in that, but it would be fine to hear the beep beep beep as the users roam... :o)

thanks
by atomicduck
Thu Oct 07, 2021 10:49 pm
Forum: Wireless Networking
Topic: CAP ac / speed issue @ 5Ghz, cant get more than 80-90 mbps
Replies: 5
Views: 3319

Re: CAP ac / speed issue @ 5Ghz, cant get more than 80-90 mbps

Thanks @ConnyMercier, I appreciate the comment. I don't think any of those will make a difference, I just pasted one of the configs I was trying and had on hand. I think I tested probably more than hundred variations to try and get speeds in line (I worked last 14 hours on this non-stop), but couldn...
by atomicduck
Thu Oct 07, 2021 6:17 pm
Forum: Wireless Networking
Topic: CAP ac / speed issue @ 5Ghz, cant get more than 80-90 mbps
Replies: 5
Views: 3319

CAP ac / speed issue @ 5Ghz, cant get more than 80-90 mbps

Hi all, I have a CAP ac device on my table that stubbornly declines to work fast on 5Ghz. 2.4 GHz is as it should, I get 70-90 mbps fine, but the issue is that it is the same on 5 Ghz, whatever I do. The RoS is the latest stable, firmware upgraded. I set the AP up as a bare minimum, disabled 2.4 and...
by atomicduck
Wed Oct 06, 2021 11:49 pm
Forum: General
Topic: Is there a way to auto arrange Dude network map (and set device name by ROS name)?
Replies: 0
Views: 756

Is there a way to auto arrange Dude network map (and set device name by ROS name)?

I am truing to configure The Dude on one Windows machine, and all is fine except network map. While scanning, devices are neatly ordered in rows, and immediately after scan is over, they all get garbled one onto another. Is there a way to make Dude auto arrange devices on network map? (All this was ...
by atomicduck
Tue Oct 05, 2021 9:38 pm
Forum: Beginner Basics
Topic: Trying to allow only one port using In and Out interfaces [SOLVED]
Replies: 9
Views: 1581

Re: Trying to allow only one port using In and Out interfaces [SOLVED]

One correction (computer tricked me on testing due to cashed DNS) - I still had to enable DNS ports before input drop, because LAN interface list is defined as a bridge INTERNAL, which contains physical ports on the router. Other stuff is on another Bridges. DNS didn't work otherwise. /interface eth...
by atomicduck
Tue Oct 05, 2021 8:13 pm
Forum: Beginner Basics
Topic: Trying to allow only one port using In and Out interfaces [SOLVED]
Replies: 9
Views: 1581

Re: Trying to allow only one port using In and Out interfaces [SOLVED]

Your input chain rule was flawed from the beginning, it was missing the default last rule in BLUE and you added two other rules that were needed due to missing the default rules but they fail to cover any other WAN to Router traffic that would have been blocked by the proper default rule. {Input Ch...
by atomicduck
Tue Oct 05, 2021 8:03 pm
Forum: Beginner Basics
Topic: Trying to allow only one port using In and Out interfaces [SOLVED]
Replies: 9
Views: 1581

Re: Trying to allow only one port using In and Out interfaces [SOLVED]

.Will address input chain next.......... /ip firewall filter {FORWARD CHAIN} add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec add acti...
by atomicduck
Tue Oct 05, 2021 8:00 pm
Forum: Beginner Basics
Topic: Trying to allow only one port using In and Out interfaces [SOLVED]
Replies: 9
Views: 1581

Re: Trying to allow only one port using In and Out interfaces [SOLVED]

Lets have a look!! See if anything is out of place - RED Improvements possible... GREEN MIssed the boat a bit..... . Blue unknown purpose so probably okay but explanation of requirements would ensure such assumptions - Also since you havent posted the complete config I can only guess at some things...
by atomicduck
Tue Oct 05, 2021 7:06 pm
Forum: Beginner Basics
Topic: Trying to allow only one port using In and Out interfaces [SOLVED]
Replies: 9
Views: 1581

Re: Trying to allow only one port using In and Out interfaces [SOLVED]

... I feel weird because this is the exact opposite of what I have been doing for years now... the rules are completely inverted. :-) It is beautiful, but TBH I am almost afraid not to break anything. Before I did blocks specifically: /ip firewall filter add action=accept chain=input comment="d...
by atomicduck
Tue Oct 05, 2021 3:41 pm
Forum: Beginner Basics
Topic: Trying to allow only one port using In and Out interfaces [SOLVED]
Replies: 9
Views: 1581

Trying to allow only one port using In and Out interfaces [SOLVED]

Hi, I am trying to block all internet traffic from part of the lan (WiFi) using interface except for custom RDP port, but I am getting weird results. Specifically, I have: blocked WiFi users communicating with local lan, allowed port, and then blocked internet out and internet in. Unfortunately, thi...
by atomicduck
Sun Oct 03, 2021 9:39 pm
Forum: Wireless Networking
Topic: Optimal CAP configuration on CAP-only network [SOLVED]
Replies: 8
Views: 4127

Re: Optimal CAP configuration on CAP-only network [SOLVED]

Your config looks good to me... As for the other services and such, how much should I tighten the security? As much as you thing you should, i can't tell how strict your security should be or not ... I was preparing and testing these scripts for the whole day, thinking about this. One should be awa...
by atomicduck
Sun Oct 03, 2021 1:21 am
Forum: Wireless Networking
Topic: Optimal CAP configuration on CAP-only network [SOLVED]
Replies: 8
Views: 4127

Re: Optimal CAP configuration on CAP-only network [SOLVED]

This is what I have as for now. Trying to keep everything simple and fast: 1. i set the CAP in CAPS mode 2. i login defaul and feed this in: /system identity set name="CAP - NAME" /interface wireless cap # set bridge=bridgeLocal certificate=request discovery-interfaces=bridgeLocal enabled=...
by atomicduck
Sat Oct 02, 2021 9:40 pm
Forum: Wireless Networking
Topic: Optimal CAP configuration on CAP-only network [SOLVED]
Replies: 8
Views: 4127

Re: Optimal CAP configuration on CAP-only network [SOLVED]

You can automate all the procedure by creating a script and importing it to every cap after reset ( change IP if set static, Identity etc...)... No need to configure firewall to an Access Point... I am making a script right now :-) Thanks for the FW tip. As for the other services and such, how much...
by atomicduck
Sat Oct 02, 2021 8:19 pm
Forum: Wireless Networking
Topic: Optimal CAP configuration on CAP-only network [SOLVED]
Replies: 8
Views: 4127

Re: Optimal CAP configuration on CAP-only network [SOLVED]

Is there a way to automate entire process to a point where it is easier to set-up devices galore? Have you tried Cap mode ? Of course, but that is pretty rudimental. I have some 50 APs here, and I am aware that I need to lock them up, but the Q is how much... It is a lot of work, so I have to think...
by atomicduck
Sat Oct 02, 2021 5:44 pm
Forum: Beginner Basics
Topic: DHCP / Weird range given?
Replies: 2
Views: 781

Re: DHCP / Weird range given?

export, not novels and the address on network must be 10.10.10.0 /24 It was set to 10.10.10.0/24 Pretty standard configuration. Can't export, because I reconfigured to standard 192.168.242./24 and it works now on all clients. Go figure. (I also update boxes to latest LT ROS.) This is the first time...
by atomicduck
Sat Oct 02, 2021 1:45 pm
Forum: Beginner Basics
Topic: DHCP / Weird range given?
Replies: 2
Views: 781

DHCP / Weird range given?

I have a weird situation with 3011: I just made a DHCP and a network: Addr: 10.10.10.0 Gate: 10.10.10.1 Netmask: 24 etc However, my client machine receives 10.10.10.n / subnet: 255.0.0.0? Shouldn't netmask 24 make max 255 clients? This is on 6.47.9 I just checked on one other installation (4011) wit...
by atomicduck
Tue Sep 28, 2021 4:57 pm
Forum: Wireless Networking
Topic: Optimal CAP configuration on CAP-only network [SOLVED]
Replies: 8
Views: 4127

Optimal CAP configuration on CAP-only network [SOLVED]

Hi guys, I have a practical Q regarding a large-is CAP installation. When I am putting up a Capsman network, I usually configure cap by cap, firewall and everything that goes with that. However, that is really cumbersome for say fifty devices. So the question is there really a need for careful confi...
by atomicduck
Tue Sep 21, 2021 3:01 pm
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 2210

Re: Problem with delivery / looking for alternative [SOLVED]

2.4 GHz was fine for the purpose, as there are no other radio sources and I could put as many as I needed on the ceiling. I even did a pilot with 5 modules to see how it worked in one row, and it was fine. The price would be quite up for the ac version, so I skipped that.
by atomicduck
Tue Sep 21, 2021 1:05 pm
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 2210

Re: Problem with delivery / looking for alternative [SOLVED]

Thanks. I have only one Cap AC device, so I guess I am fine. From what I see, calculating in power req to +15-20% watts total is a good indication.. That said, that MikroTik switch is a real powerhouse with its 450W of power delivery. Arubas are expensive as hell. 8-I About 1000 EUR+ for the same pe...
by atomicduck
Tue Sep 21, 2021 9:59 am
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 2210

Re: Problem with delivery / looking for alternative [SOLVED]

Guys, are you sure I will run power poor? - It is not one switch to support all the cAPs, but two! cAP uses 4W max, meaning max 4 x 21 per switch. That is about 84W + losses, which I factor in as 20% max on a good wire, so ~ 100W. Aruba (favourite compared to planet) can churn out 195W class 4 (at/a...
by atomicduck
Tue Sep 21, 2021 8:32 am
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 2210

Re: Problem with delivery / looking for alternative [SOLVED]

I use ubiquiti EdgeSwitch as a decently priced alternative - however 20+ cAP's on a single switch has a max power draw of over 500W (not including the power the switch needs), you can obviously account for much less continuous but if you are playing safe you'd have to go up to 48 port 750W versions...
by atomicduck
Mon Sep 20, 2021 11:37 pm
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 2210

Problem with delivery / looking for alternative [SOLVED]

Hi guys, I have an issue and hope someone could jump in. I have a network of some 42 WiFi (cAP) devices. For powering I choose CRS328-24P-4S+RM, however local distributor can not deliver the switches (2). I would have to wait december for switches to _maybe_ arrive. I asked MT for help, but they tol...
by atomicduck
Tue Sep 07, 2021 1:38 pm
Forum: General
Topic: Mirkotik Cloud IP propagation issue
Replies: 7
Views: 1376

Re: Mirkotik Cloud IP propagation issue

Appreciated.

I suppose they are working on it. Never had this happen before..

No ETA, I suppose?
by atomicduck
Tue Sep 07, 2021 12:04 pm
Forum: General
Topic: Mirkotik Cloud IP propagation issue
Replies: 7
Views: 1376

Re: Mirkotik Cloud IP propagation issue

I wrote MikroTik regarding this issue but still got no reply.

Last night propagation seems to be working OK. I checked with https://www.whatsmydns.net/#A/ and the hosts worked. It was down again by morning.
by atomicduck
Tue Sep 07, 2021 10:18 am
Forum: General
Topic: Mirkotik Cloud IP propagation issue
Replies: 7
Views: 1376

Mirkotik Cloud IP propagation issue

Hello, we are having issues on two locations where MirkoTik Cloud IP doesn't seem to point correctly to the IP. I have checked propagation, and indeed most all DNS servers seem not propagation MikroTik dynamic DNS. What can I do to fix this? All routers we have are on latest LT firmware 6.47.10 Than...
by atomicduck
Fri Oct 23, 2020 12:43 pm
Forum: Wireless Networking
Topic: Spectral Scan
Replies: 9
Views: 4807

Re: Spectral Scan

What do you think is the reason people try to switch to 900MHz, 5GHz, 700MHz etc? 2.4 is overcrowded. You have bluetooth devices, microwave ovens, neighbors wifi, and all kinds of other 2.4GHz devices in this spectrum. So yes, it's full of noise, unless you are in the middle of the desert, with thi...
by atomicduck
Thu Oct 22, 2020 9:36 am
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

Thanks for sharing. To confirm, can't scan on 5Ghz via Winbox? Have to use Dude? Hello, I just checked for you, and it works fine in WInBox / Terminal. It actually did't occur to me to check there. :o) Performance is *much* faster than with DUDE. on 2 GHz it is several measurements per second, and ...
by atomicduck
Mon Oct 19, 2020 8:23 pm
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

UPDATE: Got the Groove, and it seems it works fine. Scanning seems fairly high resolution, albeit it is *very* slow on 5-6 GHz, but that is understandable. Interestingly the card is dual-band, and it supports up to N standard (which is mostly irrelevant for scanning alone). Great ting about Groove i...
by atomicduck
Mon Oct 19, 2020 8:20 am
Forum: Wireless Networking
Topic: List of 5 GHz WiFI channels for EU
Replies: 10
Views: 13609

Re: List of 5 GHz WiFI channels for EU

For the 5 GHz band: Indoor frequencies is "indoors only - not allowed outdoors". Outdoor frequency is allowed outdoors and indoors. So indoor should include the external frequencies as well. Mikrotik has it set to strict "indoor only" with installation set to "indoor" ...
by atomicduck
Mon Oct 19, 2020 8:17 am
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

Do you use it with the stock Omni antena for measurements? How fast is the scan speed? . Yes I use the omni antenna sometimes, depends on the requirement at the time. It's slow but anything that scans a large spectrum will be slow. It can do 4910-6000MHz which is a large amount requiring a lot of s...
by atomicduck
Sun Oct 18, 2020 5:07 pm
Forum: Wireless Networking
Topic: List of 5 GHz WiFI channels for EU
Replies: 10
Views: 13609

Re: List of 5 GHz WiFI channels for EU

I gave this some thought and in essence channels 144-165 should really be not used for quite a while now, simply because old devices do not support them. I just checked on my old Early 2011 MacBook Pro and indeed, these channels are no go. I prepared full list of WiFi channels, 2 and 5 GHz, and auto...
by atomicduck
Sat Oct 17, 2020 11:59 am
Forum: Wireless Networking
Topic: List of 5 GHz WiFI channels for EU
Replies: 10
Views: 13609

Re: List of 5 GHz WiFI channels for EU

Which means I can't use CH144-CH165 at all? I don't get it.

On Wikipedia I have listed channels from CH144-CH173 as valid??
by atomicduck
Sat Oct 17, 2020 10:22 am
Forum: Wireless Networking
Topic: List of 5 GHz WiFI channels for EU
Replies: 10
Views: 13609

List of 5 GHz WiFI channels for EU

Could someone please share list of channels for EU that work on WiFi devies / MTik? I have channels from: 36-64 100-165 But I see on https://en.wikipedia.org/wiki/List_of_WLAN_channels#5.0_GHz_(802.11j)_WLAN that channels 32-34 and 169-173 are also allowed to be used indoors. However, on my iMac the...
by atomicduck
Fri Oct 16, 2020 7:21 am
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

How about hackRF with sweep mode and gr-fosphor ? It's a while since I did it, but even my old Thinkpad X1 Carbon with 5th-gen Intel-core could do the 'realtime spectrum analyzer' style stuff thanks to the basic OpenCL in the GPU of this old laptop. I had been hoping to put an LimeSDR or XTRX into ...
by atomicduck
Tue Oct 13, 2020 6:37 am
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

Yes I use the omni antenna sometimes, depends on the requirement at the time. It's slow but anything that scans a large spectrum will be slow. It can do 4910-6000MHz which is a large amount requiring a lot of sampling. I intend to use it for scanning in warehouses mainly, and was thinking that ante...
by atomicduck
Mon Oct 12, 2020 3:52 pm
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]


Scanning of 5GHz works on a Groove A-52HPn that I have.
Thanks a lot. I will probably confirm order for it today.

Do you use it with the stock Omni antena for measurements?

How fast is the scan speed?
by atomicduck
Sat Oct 10, 2020 8:10 pm
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

UPDATE: I tried spectral scan on RB962UiGS-5HacT2HnT and it works only on 2 GHz. - Is 5 Gz spectral scan supposed to work at all on this device? As for Grove 52, would 5 GHz work on that device? - I feel it makes more sense to get ubiquity on 2 and 5 GHz for spectral scanning than MT, however better...
by atomicduck
Thu Oct 08, 2020 8:02 pm
Forum: General
Topic: Firewall for ROS device used as internal switch? [SOLVED]
Replies: 2
Views: 1009

Re: Firewall for ROS device used as internal switch? [SOLVED]

No, if the device is configured as a switch it doesn't forward any IP packets.
You can even disable IP forwarding in IP -> Settings.
Thank you.
by atomicduck
Thu Oct 08, 2020 3:29 pm
Forum: General
Topic: Firewall for ROS device used as internal switch? [SOLVED]
Replies: 2
Views: 1009

Firewall for ROS device used as internal switch? [SOLVED]

Hello all! I installed one CRS112-8p-4s-in as internal PoE switch. I have set up some input protection, and was wondering if I also needed to put forward rules in the firewall? /ip firewall filter add action=accept chain=input comment="allow established, related" connection-state=establish...
by atomicduck
Mon Oct 05, 2020 9:23 am
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

The RB951 devices should support scanning. Ensure you select the Wireless interface otherwise it will look like the device doesn't support scanning. The ac devices don't all support scanning. Bingo! Scanning on 951 worked. Resolution seems quite good, tho the scanning is a bit on the slow side. I t...
by atomicduck
Sun Oct 04, 2020 1:09 pm
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

The RB951 devices should support scanning. Ensure you select the Wireless interface otherwise it will look like the device doesn't support scanning. The ac devices don't all support scanning.
Will try tomorrow.
Thanks.
by atomicduck
Sun Oct 04, 2020 11:29 am
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

. https://wiki.mikrotik.com/wiki/Manual:Spectral_scan https://wiki.mikrotik.com/wiki/Manual:Spectral_scan Thanks. From what I see, Dude more or less corresponds with what Ubiquity provides. Do you happen to know what MikroTik devices support spectral scan? I have tried scanning on on RB2011, cap li...
by atomicduck
Sat Oct 03, 2020 5:11 pm
Forum: Wireless Networking
Topic: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]
Replies: 23
Views: 6675

Re: What MT boxes can support spectral scan? - Cheap spectrum analyzer instead? [SOLVED]

Using the Dude tools and a Groove A-52HPn you can do this as well.
Is there a list of mikrotiks that can do that?

Can you screenshot me how does analysis look?