MikroTik

dmfr

Speaking about VyOs, old ER-4 can forward established TCP IPv6 at line speed (gigabit) with less than 2% CPU utilization. Too bad their os is abandonware. Old ER-4, and even older ER-Lite, were using Cavium SDK (proprietary) to offload established connections to hardware (Octeon SoC). It isn't pure...

dmfr

Maybe some guys should stop waiting and invest on RB5009, or whatever recent device / vendor capable of +1G I am thinking Mikrotik is moving forward to "detach" true L3HW from (software) fasttrack. That's what happened with IPv6. Whatever the benefits once provided, fasttrack sounds like a...

dmfr

Hi, just noticed that on 7.7beta8 my DNS conditional forwarding config via REGEX stopped working. Please advice! Facing same regression. add forward-to=10.39.1.51 regexp=".*\\.int\\.mydomain\\.com\$" type=FWD Above rule non functional on beta8. Downgraded to 7.7beta6, dns condtional forwa...

dmfr

It is difficult for me to trace and debug the issue because there is always a lot of background traffic on my router, and also because I really want to trace the traffic coming out of the switchport, not some internal trace that may be leading me to the wrong path. Right it could be anything from t...

dmfr

/interface/ethernet/switch/rule add switch=switch1 ports=ether8 new-vlan-priority=6 failure: new-vlan-priority not supported for this switch Please support this on RB5009 (SUP-70924 opened accordingly, jan 2022). Many thanks MikroTik dev team ! Recently opened SUP-85256 to request the same. Besides...

dmfr

As of 7.4beta / 7.3.1 : NOT SOLVED On my RB5009 and RB4011 the fasttrack is working since the support for it was introduced back on some v7.1.sth. maybe you have something on your config preventing the fasttrack to work. if you could post your config will be easier... Sure, consider simplest : /inte...

dmfr

Upgraded one RB5009 to 7.3, no immediate issue, export diff clean.

Edit : had total loss of connectivity some hours after.
Need further check to see if it is related or not.

dmfr

Even if there is no vlan filtering, just bridge filter rules, fasttrack doesn't enable on 7.1.x / 7.2 stable, on both RB4011 & RB5009. Well.. it shows enabled (/ip/settings/print), but no packets processed and IPv4 single-thread maxes at 600-700 Mbps on RB4011. Same configuration (bridge filters...

dmfr

We came accross the issue exactly because standard transfers became slower. IPIPv6 tunnel with RB4011 at one end and linux server gateway at the other. Max download speeds : With 7.1.5 : ~ 52 MB/s With 7.2 : ~ 31 MB/s Ipsec encryption or not, it does not make a difference. Seems that downstream inne...

dmfr

Same with 7.2 stable.
Opened ticket SUP-78953

dmfr

Hello, Just noticed a severe download speed degradation between 7.1.5 and 7.2rc7 using IPIP tunnel. Tested with RB4011 at both ends, IPIPV6 tunnel, local router running 7.1.5 : tcp-download: 379Mbps local-cpu-load:51% tcp-upload: 334Mbps local-cpu-load:38% remote-cpu-load:57% udp-download: 593Mbps l...

dmfr

Confirmed fix on ROS v.7.1.3 for RB5009 (arm64).

dmfr

Probably you should report this via their support system. In the meantime, you can probably work around this with a mangle rule to get the same result. SUP-71491 on Mikrotik jira. Unfortunately DHCP client make use of raw sockets (at least for DHCPv4) and therefore bypasses IP firewall. Marking pac...

dmfr

Seems like this got fixed with 7.2rc3

Still doesn't work with above configuration (first post).

dmfr

From support ticket #[SUP-71491], priority has been raised regarding bridge filter rules. First, may they just work, even being CPU bound (like RB4011), it doesn't introduce a large performance cost. Now, if eventually bridge filter rules transparently trigger hardware capabilities when available, i...

dmfr

In my experience, bridge filter rules do not work on RB5009 for bridges with L2 hw offload enabled. But adding PCP/802.1p priorites works for me on RB5009 using interface/ethernet/switch/rule with action new-vlan-priority . Special attention has to be paid to keep switch rules and bridge config in ...

dmfr

Despite being fixed for RB4011 (arm),

That very issue is still occuring using 7.1.1 on RB5009 (arm64).
VLAN PCP/802.1p is not properly set through bridge filter rule.

dmfr

You won't ever achieve performance (by 2021 standards) with CAPsMAN. It's not a matter of fine-tuning, it is just by design for now. We recently experienced quite a lot and discovered that CAPsMAN performance (being local forwarding or CAPsMAN encapsulation) is very different (and much worse) than s...

dmfr

I am glad everyone finds the ideal AP seeking for new shiny brands. Ubiquiti was one at some point. Hope Mikrotik does not follow the same marketing / cloud / smartphone-enabled-management way... Back to the original topic, Did we solve the mystery of roaming in Mikrotik ? Genesispro, I had second t...

dmfr

From my experience it's much more efficient to set a standard minimum data rate of 12 or 18M, so clients are at least aware of the limits, and will try on purpose to find nearest AP more aggressively Yes, I do this as well. Difficult to tune, and I miss somewhat the "allow-out-of-range" e...

dmfr

Did you add this for improved roaming?(fine tune the value to your liking) ... add action=reject allow-signal-out-of-range=6s client-to-client-forwarding=yes disabled=no interface=any signal-range=-120..-83 ssid-regexp="" At best it's not any better, at worse in your dark spots clients ge...

dmfr

I recently had to decide sourcing wireless equipment for a new site. Site is a warehouse (~12 APs) and adjacent offices (2 floors ~4 APs) On other premises we have been using Unifi gear and kind of satisfied with it, with notable exception of 'new' NanoHD which has been a disaster, due to poor inter...

dmfr

Interesting.
I've reported same issue for RB4011 as well :
viewtopic.php?t=167633

However, for this device (RB4011) at least, it is now working from rc3.

dmfr

Starting with rc5/6, default configuration includes the following leds config : /system leds add interface=wlan2 leds=wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-led,wlan2_signal4-led,wlan2_signal5-led type=wireless-signal-strength add interface=wlan2 leds=wlan2_tx-led type=interface-transmit ...

dmfr

Opened SUP-62240 to highlight this request.
From an outside point of view, things are always easier... but I trust it would not be big work to implement as the two functions are already operational (for more than a decade).

dmfr

Hello, When configuring ARP mode on any interface (ethernet / vlan / bridge), it would be nice to select both modes : local-proxy-arp reply-only Some kind of : /interface/bridge set [find where name="bridge"] arp=local-proxy-arp,reply-only This behaviour would effectively implement router-...

dmfr

Thank you for all helpful answers.
Now I clearly understand how :

/interface/bridge/vlan

has to be used the "right way".

Will eventually redesign our configuration when chance comes!

dmfr

Thank you for the explanation, things are becoming a bit clearer ! Plus, I now understand your solution is even more "logic" as soon as there are VLANs involved in the bridge. To your end question, attached to ether1 there is a switch, and as non-expert configured that way : port 1 (attach...

dmfr

Thank you for the link, assuming there's only one bridge so : /interface bridge add name=bridge protocol-mode=none vlan-filtering=yes /interface bridge port add bridge=bridge interface=ether1 add bridge=bridge interface=ether2 add bridge=bridge interface=ether3 add bridge=bridge interface=ether4 /in...

dmfr

Thank you for the prompt answer ! May i ask when you say : The correct way would be to have only one bridge, create the VLAN interface on the bridge and configure port1 to have vlan 33 tagged. how would i do this the preferred way ? I'm a bit confused by /interface bridge vlan section, don't know wh...

dmfr

Hello, Router (RB4011) is handling two LAN subnets as bridges : /interface bridge add name=bridge protocol-mode=none vlan-filtering=yes add name=bridge-guest protocol-mode=none vlan-filtering=yes /ip address add address=192.168.1.1/24 interface=bridge network=192.168.1.0 add address=192.168.33.1/24 ...

dmfr

Unfortunately true. However, /export show-sensitive terse produces export code that can be imported successfully, for a full config restore. I can not confirm that. If there is a script in the command, as in my example above, it still fails. My mistake. You're right. Didn't test "export terse&...

dmfr

Export creates code, that import can not read (starting with 7.1rc3): Unfortunately true. However, /export show-sensitive terse produces export code that can be imported successfully, for a full config restore. On the bright side, such export now works with : /system/reset-configuration keep-users=...

dmfr

Do not use backup, use export for configuration. Thing is, simple export/import is broken in 7.1rc3, "expected end of line error" when line-break inside double-quote, example : /user group set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\ sword,web,sniff...

dmfr

Found a divergence in /ping command output between V6 and V7. Consider an unreachable IP address (10.99.99.99) and script sentence to return TRUE if actually unreachable : [admin@mtk-V6] > :put ([/ping count=4 address=10.99.99.99]=0) true [admin@mtk-V7] > :put ([/ping count=4 address=10.99.99.99]=0)...

dmfr

Unfortunately :
viewtopic.php?f=1&t=178045#p876086
Enabling igmp-proxy brings kernel alert on reboot, though igmp proxy seems functional with no other side effects.

dmfr

Enabling igmp-proxy causes (harmless ?) kernel failure and autosupout.rif

 14:46:49 system,error,critical kernel failure in previous boot
 14:46:53 igmp-proxy,info starting IGMP proxy forwarding

Disabling igmp-proxy (by removing again all interfaces) suppresses that error message.

dmfr

Thank you.
Looking forward to next RC update.

dmfr

Hello Mikrotik,
Multicast package is still missing from v7.1rc1, I cannot find any option to enable igmp proxying.
Is this feature considered obsolete or still due for final release ?
Thanks,

dmfr

There is definitely a regression from RouterOS v6. Same setup : /interface bridge add admin-mac=48:8F:5A:F9:E9:7D auto-mac=no name=bridge protocol-mode=none /interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface=ether3 add bridge=bridge ...

dmfr

Confirmed. Same hardware, same result.

Additionally, applying previous exported config through :

/system reset-configuration no-defaults=yes run-after-reset=myexport.txt.rsc

fails unless you add

:delay 20

on top of script.

dmfr

Found described issue with v7.1beta6, On bridge interface (LAN type) with auto-mac=no + admin-mac, link-local address is randomly missing after reboot (most of the time but not always). As trivial consequence, prefix ADV and route annonces on LAN are not working. However DHCPv6 address from dhcp6_po...

dmfr

Seems fixed in v7.1beta6.
After multiple restores from /export output, bridge filter rules are correctly applied.

dmfr

Hello all, I am using RB4011iGS with current ROS 6.48.1 along with some GPON ONU modules, and noticed that SFP interface activates only when FTTH fiber is actually connected (which makes sense on standard tranceivers). However most ONUs (nokia G-010S-A, ZTEs, ... as examples) always expose an intern...

dmfr

Same on v7.1beta5. See above. With some interesting fact, Configuration similar to above defined under ROSv6 stays functional after upgrade to ROSv7. However, after /system reset-configuration , identical configuration (typed or restored from a working /export) is non functional. Might be related to...

dmfr

IPSEC tunnels are "crypto routed" (maybe this is incorrect term). They are using xfrm tables, not regular routing table in kernel, packet is "stolen" by kernel before it reaches regular routing tables. I am not aware of any trick to manually add other destination(s) or default ro...

dmfr

I've been able to make progress with the UFiber-Instant ONU module: it can definitely reach Operation State (o5) on the Movistar (Huwaei) ONT in Spain However I had to go in the diag system and manually overwrite the PLOAM password, because the flash command limits the GPON_PLOAM_PASSWD to 10 chara...

dmfr

Hello Mikrotik, Consider following setup to set VLAN 802.1Q priority (PCP) = 6 for DHCP outbound packets. /interface vlan add interface=ether1 name=ether1.832 vlan-id=832 /interface bridge add fast-forward=no name=orange-832 protocol-mode=none /interface bridge filter add action=set-priority chain=o...

Search found 48 matches