MikroTik

Cablenut9

Depending on how your internet works - probably a Netwatch script that then modifies VRRP priorities to force the other one to take over Master Could this be like: watch 1.1.1.1 (or 8.8.8.8) on up: set vrrp priority = higher than the backup router on down: set vrrp priority = lower than the backup ...

Cablenut9

The Mikrotik Wiki describes VRRP as a thing to let other routers take over when a main one fails, but this seems too limited. By that definition, VRRP only works when the main router loses power or gets disconnected from the network. However, I need VRRP to trigger when the internet connection on th...

Cablenut9

( Tilera CPU support is dropped by linux kernel - so its no future ).

Mikrotik has already made kernel patches just for Tilera, so no worries there.

Cablenut9

Will this be fixed in a future ROS v7 beta release?

Cablenut9

How many pennies did that save off the manufacturing cost?

Mikrotik only gives you what you need, but if you need 802.3af/at then get the mANTbox 52 15s which has the 12s and 15s combined into one thing with all the good features you want.

Cablenut9

Some x86 thing will cost more than any other premade option, so I would get a hEX S or even a RB4011 because both have good IPsec performance and are all-in-one gadgets.

Cablenut9

What ROS version are you using?
6.48.2 (stable)

Sad, because I had a similar problem on 7.1beta5 and the problem was that it was just a buggy version, bu that isn't true here.

Cablenut9

What ROS version are you using?

Cablenut9

Our main concern comes with DHCP as you also highlighted, there will be a instant loads on the dhcp server when guests arrived the venue. According to this block diagram: https://i.mt.lv/cdn/product_files/CCR1072-150831130622_150822.png the CPU is directly connected to the SFP+ ports, so the DHCP s...

Cablenut9

With those many clients, you're going to have a lot of connections which means a multi-core router with slower individual cores would be better than a few-core one with speedy cores, so that means a CCR. You also have not one but two 10Gbit ethernet links, so you need something with 2+ of those port...

Cablenut9

It is right there. [admin@MikroTikRouter] > system resource print uptime: 22h55m39s version: 7.1beta5 (development) build-time: Mar/16/2021 14:41:12 factory-software: 6.44.6 free-memory: 931.5MiB total-memory: 1024.0MiB cpu: ARMv7 cpu-count: 4 cpu-load: 1% free-hdd-space: 424.8MiB total-hdd-space: ...

Cablenut9

So, you're saying it likely won't be fixed until stable v7 comes out? That's worse than Ubiquiti!

Cablenut9

After upgrading my router to v7 my L2TP BCP setup is broken. No packets can make it across, and I double checked the MTU/MTU/MRRU settings. Are there any changes in v7 that I might to work around to fix this? I spent an hour on my phone during a wedding trying to get the connection to work again.

Cablenut9

The reason there are so many switch chip discrepancies is because the Big Mik cuts costs by only giving you what you need, and that "need" changes depending on the device, unlike Cisco/other-vendor-here which gives you all the features as well as all the costs.

Cablenut9

Right. Nothing remained unchanged ...

So where's the CPU frequency in v7?

Cablenut9

In ROS v6 CPU frequency is shown by /system resource print.

I'm using ROS v7.

Cablenut9

Interestingly, I can't check CPU speed at all either. It used to be in System -> RouterBOARD but now that's gone as well.

Cablenut9

My new RB4011 had a setting to change the CPU frequency with the version of ROS it shipped with (6.45.9), but with 7.1b5 that setting is nowhere to be seen. Is there a fix, or will I be stuck with the default speed?

Cablenut9

Bump!

Cablenut9

Assuming two Mikrotik devices have IPsec offloading for both CBC and CTR, which would be better for a L2TP/IPsec link? I read that CTR can be parallelized more and so might be faster.

Cablenut9

What is the advantage of being able to set different types of NAT.

Sometimes you need to do something very specific that requires a special feature, and it's also a selling point compared to other network OSes like IOS.

Cablenut9

No serious network techs will ever use third party cloud service to manage their own devices. Thus, no discussion needed.

What about UniFi?

Cablenut9

It'd be nice to be able to change the masquerade NAT rule to be one of the many kinds of NAT available: full cone, port/address restricted cone, or symmetric. Is this possible?

Cablenut9

Hmm, nothing about DoH memory leakage fix.

You don't need DoH.

Cablenut9

But why can't it be implement on x86 ? I known there is no HWNAT in Tilera chipset but It indeed have fast path.

Fast path means nothing to me anyway, since to use queues you need to disable it.

Cablenut9

Which part of RB4011 is 3 years outdated?

The processor could be a lot better. It uses Cortex A15 CPUs, which were released way back in 2012, 9 years ago!

Cablenut9

Guess what? Performance doesn't come for free. If you need performance because you have high speed WAN link for which you spend considerable amount of money, then spend some on decent router as well. I just want the features that the RB4011 has (compact size, no-fuss OS system) but I don't want it ...

Cablenut9

If you need your "RB5011" then either look around and see if some available devices may do what you need or just don't buy Mikrotik at all. What are the alternatives? The Ubiquiti Edgerouters lack features while being slightly slower and higher priced, TP-Link Omada is junk, Cisco co$t$ t...

Cablenut9

1. If those old things have nothing to do with the new setups, then keep them. 2. You'll lose everything, unless you do an /export to save the certificates. 3. They're always numbered, but Mikrotik offers a mnemonic abstraction feature that only works within the router. 4. You can't easily, unless y...

Cablenut9

Search the threads to see if there is already a similar thread or start your own. I found this one: https://forum.mikrotik.com/viewtopic.php?f=1&t=173172 which had something to do with allowed-address. I checked /interface/wireguard/peers and manually set the allowed-address to 0.0.0.0/0 and it...

Cablenut9

I'm having trouble getting Wireguard in 7.1b5 to work with Mullvad VPN. My routes: # DST-ADDRESS GATEWAY D DAd 0.0.0.0/0 modem-ip 2 DAc mullvad-local-ip wireguard1 0 DAc modem-ip/22 sfp1 0 DAc 192.168.1.0/24 bridge 0 0 As 0.0.0.0/0 wireguard1 1 I have a masquerade rule for WG so that's out. I can't ...

Cablenut9

and poe on all ether ports

Keep dreaming

Cablenut9

I've been checking https://wiki.mikrotik.com/wiki/MikroTik_News which has all the product releases available. I noticed that the RB4011 is all the way from 2018, the RB3011 2015, and the RB2011 2013. Does this mean that we'll get the RB5011 this year? The biggest features that would be great are hav...

Cablenut9

Would the "mark routing" feature work for this as well? The Mik router has some webservers behind it so I need to be able to differentiate between traffic destined toward regular website visitors and outbound traffic that's supposed to go through the VPN.

Cablenut9

I'm going to have a setup where I have a split-tunnel VPN and a queue tree. The split-tunnel will use mangle rules to mark packets that should get sent through the VPN, but the problem is that the queue tree also uses packet marks for QoS. Is there a way to add multiple marks to a packet/connection ...

Cablenut9

CARP is simple VRRP with support for firewall rule synchronization. When will RouterOS support this? It'd be a great feature to add since other networking software has already supported CARP for a long time.

Cablenut9

Switch to Mint Mobile or Ultra Mobile or any other T-Mobile MVNO or make sure you're using the v27 firmware , as that's what I'm doing right now with the LTE6 modem to post this very message. Also, check this link out. https://www.3gpp.org/ftp/tsg_ran/WG2_RL2/TSGR2_111-e/Inbox/Drafts/%5BOffline-009%...

Cablenut9

It doesn't look like it'll come anytime soon, so what I would do is get a Groove52 (802.11n version) and use it just for spectral scans.

Cablenut9

Cablenut9

Conntrack synchronisation is now available in ROS v7.

How would I do this, along with rule synchronization?

Cablenut9

If I had a VRRP setup with 2 routers, Router 1 with a lot of firewall and NAT rules and Router 2 with none, can VRRP make it so those rules can apply to traffic that passes through Router 2? This is a hard requirement for me to use VRRP for a backup WAN system.

Cablenut9

Soon I'm going to have a hAP ac3 powered by 24v PoE in. Its PoE-out port could power both a SXT LTE6 and a mANTbox 12s. Together, those devices would take 18w maximum power which is 0.75A, more than the 0.5A supported by the 0.5A maximum. Is this safe? I had a similar question about a cAP ac and a s...

Cablenut9

Try this: /interface wireless set [find] antenna-gain=0
What country are you in?

Cablenut9

What it's a "drop-in" ?

It means that I can install the modem and RouterOS will work with it without a lot of reconfiguration.

Cablenut9

Would a Quectel or Telit 5G modem work as a drop-in? I'd expect that I could change the IMEI with either, but drivers could be an issue.

Cablenut9

You want change IMEI at R11e-LTE6? Read: viewtopic.php?f=2&t=146893&hilit=production#p819888 and viewtopic.php?f=7&t=163257

What's "production mode"?

Cablenut9

If it has an IP, try Netwatch or The Dude or Zabbix.

Cablenut9

The problem isn't the modem itself per se, but rather the fact that the modem only supports 100mbit ethernet. Different models of modem might support 1000mbit ethernet and give you the full 200 megabit speed.

Cablenut9

Try another ethernet cable and see if that changes the speed. If it doesn't, then you need a new modem.

Cablenut9

Check "Status" and look for something called "Link Speed" or something like that, because it could be a bad ethernet cable or bad modem.

Cablenut9

Go to Interfaces -> your WAN ethernet port -> link status. What's the speed shown there?

Cablenut9

I understand some people to try change IMEI of lte interface becase imei is used by ISP to determine a vendor+SN of lte device. This is actually something I'd like to do more, since in the US many SIM cards have limits when used with a "hotspot" device. However, with the wAP being a "...

Cablenut9

*) winbox - do not allow...

So this could work through SSH? I could also downgrade it to before 6.47.8. EDIT: It looks like it doesn't work over SSH. I guess I'll have to downgrade.

Cablenut9

I've been trying to change the LTE6 MAC on my wAP ac LTE6 and I can't figure it out. For some reason, it won't let me change it even though I give it the technically right command: /interface lte set lte1 mac-address=address Is there a fix for this, like maybe an AT-chat command to send directly to ...

Cablenut9

You can't, unless you get the International version or do some trickery with an EEPROM on the circuit board inside.

Cablenut9

Cyberpower

The UPS package is only designed for APC USPes, not any others.

Cablenut9

I FIXED IT! It was a MTU problem after all, the fix was to turn down the L2TP client's MTU/MRU to 1400. This seems to be because the LTE standard only has an MTU of that. I also turned down the LTE interface's MTU to 1400.

Cablenut9

I've found the problem. When I try to ping a device on the home network from the wAP, I can only get the packet size to 1388 bytes before it doesn't work.The "Don't Fragment" option changed nothing. Additionally, doing a packet sniff on the l2tp interface I saw that no packets above around...

Cablenut9

Wouldn't the MRRU have to be 1600 because it needs to pass L2 MAC headers too?

Cablenut9

It actually does work but the problem is that now no HTTPS traffic can get through. HTTP and other protocols like Winbox and SSH and DNS work better, but no HTTPS. Even those can't keep a connection open. Linux' curl and wget commands work only on HTTP sites. Wget shows that it connects to the serve...

Cablenut9

It almost works, it gives me some new routes, but the default LTE route with a 3 distance is now labeled not-active. Is this supposed to happen?

Cablenut9

Mikrotik doesn't support UDP on OpenVPN unless you use buggy v7, so either switch to some other protocol or try upgrading to 7.1beta5.

Cablenut9

I've been having lots of trouble setting up a hotspot with a wAP ac LTE6. Here's my routes: Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0...

Cablenut9

Step 1: Add this filter rule: /ip firewall filter add action=drop chain=forward comment="block DoH" dst-address-list="DoH Servers" Step 2: Add the servers: /ip firewall address-list add address=dns.google list="DoH Servers" add address=buttflare-dns.com list="DoH S...

Cablenut9

I noticed that in a few of my Mikrotik devices I can select a higher CPU frequency to boost performance. However, when I do that I get a big "Error: CPU frequency not at default" message and so maybe it's a bad idea to do this. Is it really? I haven't noticed much of a temperature change i...

Cablenut9

In the "ac" case, is it USB 2.0 or 3.0? The IPQ-4018 supports both, so it could be either.

Cablenut9

unit have 100Mbps Ethernet, the USB bus is not problem here.

I'm not so sure about that:

Cablenut9

What protocol does the wAP ac LTE6 use for the LTE card? If it's USB 2, then that's a disappointment because that limits it to only around 300 Mbps. If it's USB 3 or PCIe (the protocol, not just the form factor) then that's great.

Cablenut9

"getting stuff" means it's loading the Dude database. Just wait a little and it'll be done, unless that's not happening.

Cablenut9

It's only an issue when the speeds are mismatched

For some reason, Mikrotik switches have a problem with buffers getting overloaded when differing 1+ gigabit speeds are used.

Cablenut9

Ensure your WAN interface has proper MTU along with accounting for the ghost/hidden 20Bytes hard-coded on MikroTik interfaces: https://forum.mikrotik.com/viewtopic.php?f=2&t=171390#p838707 This is insane, so ROS includes 20 extra bytes in each header that they never told us about? That's a reci...

Cablenut9

I have a relatively slow L2TP/IPsec connection (128kbps) that I need to optimize as much as I can. I also noticed that in PPP -> Profiles -> default-encryption, it offers a setting called use-compression. Does this actually work? Both ends are using ROS.

Cablenut9

example EP06-E can have unlock or enable the 256qam and new discovery show the 3CA can be unlock/enabled too ... that's why R11e-LTE6 can change that Bit Map in firmware until Hardware support that changes.

Is this as easy as installing a firmware update from the wAP itself?

Cablenut9

There shouldn't be any renewal at all, unless they changed something recently with CHR.

Cablenut9

I had the same problem, the fix is: Bridge -> ARP -> proxy-arp

Cablenut9

So, you're saying 41n is "basic 5G" and can be a software drop-in to existing 4G equipment? If so, then I guess it's a good deal for me.

Cablenut9

I noticed that the 41n band supported by the wAP LTE6 is actually 5G. Is this a simple oversight to not call the wAP 5G, or is it actually the "old" 4G version of 41 that is only supported?

Cablenut9

That is unfortunately correct... the older N equipment can do 10 and even 5 MHz channels, but AC devices do only 20 MHz and above.

Is this even compatible with the 802.11n standards, as most client devices I know of only work with 20MHz channels, or is it a Mikrotik-only feature?

Cablenut9

Mikrotik!
I kindly ask you to release wave2 extra packages separately for each CPU in order to fit 16MB Flash.
It is possible to run wave2 driver on 16MB Flash and 128 RAM.

Other vendors can make wave2 work with 16MB, so why not the Big Mik too?

Cablenut9

Winbox is an app, so it makes sense that it would be blocked by whatever list the Sophos has for apps.

Cablenut9

A bridge creates a switch, so it looks like you're good.

Cablenut9

For pasting, I would try Ctrl+V or using an SSH client that allows me to either click to paste or use the keyboard shortcut. I don't think you can turn off auto-completion.

Cablenut9

Go to Webfig -> Files -> "Backup" button -> click it -> download the file that appears. If you want an easily editable script: Go to Terminal -> /export file=your-name-here -> Files -> download your file. You'll need to do the second option if you're moving everything to the RB4011 as the ...

Cablenut9

The "Quick Set" of WebFig always resets to "WISP AP". I switch it to "LTE AP Dual" and logout. On next login it is "WISP AP" again. That was'nt the case in beta4.

This happens to me in v6 too

Cablenut9

Still no wifiwave2 with cAPsMAN support...

Cablenut9

Any clue?

Mesh is junk.

Cablenut9

Another option could be to use The Dude to monitor the gadget and run the script if it's down.

Cablenut9

Get an APC UPS that just plugs right in, and install the UPS package on your router. Then you can access some nifty features like power monitoring and automatic shutdown.

Cablenut9

+1 for mlag

Cablenut9

Ubiquiti's new offering

Based on the current 802.11ax situation, this basically means you'll need a wait a few more years before anything comparable comes on the horizon.

Cablenut9

Does ROS V7 support HW offloading for the CRS305? I know that for the 309+ models it's definitely supported, but the 305 seems to be an unknown.

Cablenut9

I just noticed that in several MT distributors' websites, the hAP ac3 got pushed back even more to April. That's pretty sad for it being a non-ax device meanwhile Ubiquiti is rolling out their entire line of it.

Cablenut9

This bug seems to be fixed in 7.1 beta5.

We need beta5 now!

Cablenut9

Make sure you have the right ports opened up in a firewall input rule, I had the same problem and I fat-fingered my rules.

Cablenut9

The Mik can only control what passes through it. And since the TP AP acts like a simple switch between itself and its ports and the WLAN, there's no way to prevent people from accessing it, unless you change it out to a Mikrotik AP with its own Hotspot rules. Here's something you can try but I don't...

Cablenut9

What/were is the setting in the ROS filesystem/config that locks the device to a specific country code ? From what I can tell, it's saved on an EEPROM chip on the board itself. However, those chips are dead-easy to modify, so changing a US -> International could be as simple as opening the device u...

Cablenut9

Since Mikrotik can't be bothered to provide the simple USA option to allow full legal PTP power in the 5.1 band, or allow 5/10 mHz operation near the 5.1/5.8 band edges (I know, I've asked) , I wouldn't hold my breath on outdoor 6E.

The answer to this: Superchannel mode.

Cablenut9

Linksys & Cisco ( and several other mfgs ) have some stuff

I thought Linksys was dead.

Cablenut9

See https://help.mikrotik.com/docs/display/ ... col+Status

A lot of the things there are now available on beta4, so there's hope. If the next version comes out every 2 months, then we might have a chance of seeing a "stable" version by the end of this year.

Cablenut9

But with Mikrotik, you just really don't know what will happen tomorrow. You may buy competitor's APs and rebuild your infrastructure, only to find Mikrotik released much better product next month... or you may be waiting for it for next two years, which seems to be sadly far more likely... This is...

Cablenut9

i don't want to argue about whether it's necessary to have that much throughput, or is it something that the general public could potentially use for anything else than speedtest. I often do stuff that requires a gigabit internet connection, and getting even close to that with wireless would be gre...

Cablenut9

Usually, when I've made a whole bunch of changes to a thing to try to make it work, I just start from scratch and make the simplest changes I can, rethinking my basic assumptions. Is that possible for you to do in this situation?

Cablenut9

The closest thing Mikrotik offers is the CCR1072 which is $3000 but has ALL the features and performance thanks to the 72 core CPU.

Cablenut9

As it turns out, there's some 802.11 incompatibility issue with my old draft-ac router, as it bypasses "power saving" on the client devices, yet the cAP ac doesn't. I found that the fix was to turn off this "power saving" anti-feature on my client with sudo iwconfig adapter-name ...

Cablenut9

I'm using a recent cAP ac with 6.49beta11, and a hEX S also with 6.49beta11.

Cablenut9

Here's an /export: /caps-man datapath add client-to-client-forwarding=yes local-forwarding=yes name="turbo wifi" /caps-man security add authentication-types=wpa2-psk name="turbo wifi" /caps-man configuration add channel.band=5ghz-n/ac channel.control-channel-width=20mhz channel.e...

Cablenut9

You dont have a clue of what you are talking about.
Moving on to help others.

This kind of ad hominem attack is the reason why so many people don't want to mess with Mikrotik stuff.

Cablenut9

I had the expectation that the cAP would give 2 chains with 802.11ac, yielding a PHY of 866Mbps and throughput of 500, but I can get only 1 chain DOWNLOAD, and upload gets 2. In other words, I get 250Mbps download and 500Mbps upload using a known good 802.11ac client that supports 160MHz DFS 2x2 APs...

Cablenut9

I set up my new cAP ac with cAPsMAN and even though it can receive with 2 chains from this one device, it can't receive with 2, but rather 1. For this reason, I can't get above 300Mbps download when doing a speedtest with my device, yet it's easy to get 500+ upload. Is there a fix? There's no settin...

Cablenut9

If you insist on MT wifi, at least get the hapac3. Its become clear in the beta forum that very few MT wifi devices will benefit from finally getting a WIFI5 standard working (5 years behind everyone else), like the Audience Mesh stuff and apparently the hapac3. Is the hAP ac3 just an ac2 with more...

Cablenut9

10Gbit with 60GHz doesn't actually exist, but you can get close: https://www.cablefree.net/cablefree-mil ... e-mmw/10g/

Cablenut9

Are you using Windows, Linux, or MacOS? WINE for me keeps the file in a special folder and I keep the .exe on my desktop where it's the only file there.

Cablenut9

What are your firewall rules?

Cablenut9

No single vendor will pull out all hardware from sale just because they started working on something new, incompatible.

I can find cheapo 802.11n-only 150mbit routers for $20 USD, so there will always be a market for these older, less desirable things.

Cablenut9

Putting it in perspective, my current WiFi setup is a lone WD MyNet AC1300, the most no-name AP on the market. (Actually, I also have an Apple Airport Express, but that doesn't matter right now) WD actually discontinued all their network stuff back in 2014, so it hasn't seen any updates since 2013, ...

Cablenut9

eurodk.com will have them sometime in March, and another supplier I know is getting a bunch of the mANTbox 52 in March as well, so that's about when I'd expect it to be available. For shipping, I'd expect to get a hAP ac3 in my hands in early April.

Cablenut9

There are stable and dependable wifi5 Access points just as cheap as the capac (TPLINK EAP245) that runs circles around it. This hinges on Wave 2 features actually mattering. My case for a cAP ac is to provide about 500 mbps to a single line of sight device, but I'd have multiple cAPs for multiple ...

Cablenut9

Mikrotik doesn't do mesh well, unless you get some Audiences and link then together. Even then, putting multiple APs one one channel is janky because they're sharing the same bandwidth.

Cablenut9

I have the same IP problem, do you have a device that connects and disconnects often?

Cablenut9

802.11ax is already old news, as 802.11be will be here in a couple years bringing multi-gigabit speeds.

Cablenut9

In any case I'd go for CPU with smaller number of high-performance CPU cores ... with HyperThreading disabled.

Some good examples of this are the Intel i7-10700k and AMD Ryzen 5600x.

Cablenut9

Another problem I noticed that is that some firewall rule is blocking me from accessing the router with L2TP, and I know it's one of those two you mentioned, but I'm not sure how to fix it.

Cablenut9

SOLVED! Switching the port to 1701 now gives me a "Connected" message in my phone. Also, as a side note, that last rule to drop all "WAN not DSTNATed" is listed with 0 packets and 0B in my firewall list. This is weird, considering that I have so many NATted services.

Cablenut9

with RouterOS 7, MikroTik uses binary drivers from the chipset´s vendor, no more selfmade 802.11 code

Finally, maybe we can have spectral scanning in 802.11ac/ax equipment

Cablenut9

/interface bridge add admin-mac=my-address auto-mac=no name=bridge /interface ethernet set [ find default-name=ether5 ] poe-out=forced-on set [ find default-name=sfp1 ] auto-negotiation=no /interface list add comment=defconf name=WAN add comment=defconf name=LAN /interface wireless security-profile...

Cablenut9

The new files are in. Here's what I got from /ipsec policy print: 0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes 1 DA peer=l2tp-in-server tunnel=no src-address=***MikRouter***/32 src-port=1701 dst-address=***Phone***/32 dst-port=any protocol=udp acti...

Cablenut9

Bump!

Cablenut9

I decided to use an old laptop and install Lubuntu just so it can run WINE for The Dude. It works great!

Cablenut9

Here's the debug file. At the beginning there's a mention of fragmentation, and at the end I found some "authtype mismatch: me:cipher peer:cipher." Is there any useful info here?

Cablenut9

I have a L2TP/IPsec server set up. When connecting to it from my Android phone on LTE (important!) the log in my router has this: respond new phase 1 (Identity Protection): MY-IP[500]<=>PHONE-IP[57803] ISAKMP-SA established MY-IP[4500]-PHONE-IP[57801] spi:junk-here:junk-here but there's nothing else...

Cablenut9

Bump, don't make me have to use a Windows VM just for The Dude.

Cablenut9

I had the same problem and the fix was to switch around the modes from b/g/n to g/n and to only-n, and that would eventually get it to connect. Also, make sure you've enabled tkip in the security profile. ROS WiFi tends to work best with other ROS devices, and that's probably why they're not officia...

Cablenut9

I installed Dude on my hEX S and I can't use the Dude Client because WINE doesn't scale its text well on my 4k display. However, I can do most things in WebFig, except for using tools like SNMPwalk on some device. How can I do this, or is it impossible?

Cablenut9

Also, I noticed that in System -> Packages it lets me uninstall 7.1beta4 with no problem at all ("Uninstall" button in WebFig gives no errors). This almost made me have to use Netinstall because it rebooted several times until I downgraded to 6.49beta11.

Cablenut9

I upgraded my hEX S to 7.1beta4 today and now the PoE voltage measurement is broken. Eth5, which used to have auto on for PoE power out, doesn't work because the voltage is now too low. I set it to forced on and now it works. However, System -> Health shows no CPU temperature and the voltage is 0.5V...

Cablenut9

I want to power a cAP ac from another cAP ac with the included 24v power supply, but I noticed that its listed maximum power output on the second port is 500mA. A cAP ac takes up to 13w, which equates to 540mA with 24 volts. Is this power requirement close enough, or is it too risky? Note that the 1...

Cablenut9

The big networking device vendors will release thei WiFi 6E access points in Q3/Q4 2021. So, it would be a chance for MIkroTik to go develop straight 802.11ax access points with 6 GHz support, aswell. We're only 7 months away from Q3, and that's not much time to make new 6E APs if you're not some m...

Cablenut9

Anything with 802.11ac wave 2 or 802.11ax, maybe a cAP ax?

Cablenut9

What's the weather like where you are? If it's like mine, then your radios could be biting the dust because it's hot and sunny and the Metals are painted dark colors which makes them even hotter.

Cablenut9

I'm considering getting a hAP AC2 to use as an access point, not a router. It would be placed in a closet with thin walls, but this could be an issue for its antennas. In your opinion, do you think the AC2 is a good performer, or would a cAP AC be better? The goal is to reach MCS9 from 10 feet (3m) ...

Cablenut9

Could you post your wifi settings?

Thank you in advance.

I didn't see this until now, but I remember which settings I used. Frequency width: 20MHz, Antenna gain: 0 (this is risky!), Channel: 165 (5GHz), Mode: ap bridge, everything else is on default.

Cablenut9

Increasing the TX power so that "TX Power + antenna gain" is above the regulatory domain EIRP level is illegal

It depends on where you are. In the US with PtP links, the only restriction is that the output power can't be above 200W, which no Mikrotik device even gets close to.

Cablenut9

This is a little risky, but you can make the maximum power by doing this:

/interface wireless set antenna-gain=0

which fools the device into thinking it has a 0 dBi antenna which it doesn't. However, you might fry the radio by going that low.

Cablenut9

MT WiFi might be passable if you set up a bunch of cAp acs all linked together with cAPsMan, but that's only good enough for residential.

Cablenut9

https://help.mikrotik.com/docs/display/ROS/WifiWave2

Does this even count?

Cablenut9

Not yet.

Cablenut9

Update: I decided to just add a qualifier to the DNS rule so that only the LAN interface list will work, so that'll block all incoming WAN connections for DNS.

Cablenut9

My router already has that firewall rule(s) to block connections except for those which have NAT rules. The problem is, DNS has the equivalent of a port-forward NAT rule BUT it is NOT accessible from outside, while otherwise identical rules for other services get passed through just fine. "Allo...

Cablenut9

"...they suspiciously look like the rules for port-forwarding..." Reason is that is exactly what those rules are If this is true, why isn't it accessible from outside? Unlike regular port-forwarding rules, these DNS ones don't make the RB's DNS server (or any other one) available to clien...

Cablenut9

According to this article (https://wiki.mikrotik.com/wiki/Force_users_to_use_specified_DNS_server) these rules will redirect users on the network to use the specified DNS server. However, they suspiciously look like the rules for port-forwarding which also uses the same dstnat chain and action combo...

Cablenut9

Go into Firewall -> Connections when you have a bunch of tabs (like 50) and see how many it lists. Also check if you have any firewall rules that have to do with "fast path" or "fast track" because that's the key to unlocking better CPU usage in routers.

Cablenut9

The hAp ac lite has a slightly wimpy CPU, so having 100 tabs will easily bog it down. If you use a lot of internet-heavy sites then you might want to get a better router.

Cablenut9

I'm not from Mikrotik, but I have tried a mANTBox 19s and I could get a good signal on my phone 1000 feet (300m) away in a forested area, so expect that or better if you're using the 52 15s in a clear area.

Cablenut9

What Mikrotik device are you using?

Cablenut9

I'm going to be getting a hEx S and powering it with a 802.3at ethernet injector. And, hEx S' PoE out port will power a CRS305 with two 10Gbase-T modules. Can the hEx S convert the 802.3at to the passive power that it outputs in the out port? The CRS can take in any type of power, but it seems a lit...

Cablenut9

I must say that I find openwrt very interesting. I'd like to run with wpa3 on my CAPs and MT have not committed to any new features. I'm sure they will do something, eventually though. IPQ401X devices with less than 256MB RAM are now "legacy" for the eyes of MT, I don't think they can add...

Cablenut9

1) If this is with the WAN (NOT the local addresses) IP, then you can't use a switch between them. 2) I had a similar issue with some SFP+ modules on a CRS305 switch, and the fix was to simply force the 2.5Gb mode. Also, considering that the RB4011 only has one SFP+ port, I think it would be a bad d...

Cablenut9

I want to be able to switch to 40 MHz width 2.4GHz ONLY. The only option I get that even comes close is 20/40 Ce, eC, and XX. I just want 40 Ce, eC, and XX. Why can't I have just 40 MHz width? It wouldn't matter for WiFi certification because no Mikrotik device is technically WiFi certified, and Rou...

Cablenut9

I can still change it in Winbox, so what gives?

Cablenut9

If each solar panel setup needs to connect to a WiFi network, I would set up a pole with 3 of these in the center: https://mikrotik.com/product/mantbox_2_12s If if you can't get to the center, I would set up a couple of these on a pole at one end to spread out a signal everywhere: https://mikrotik.c...

Cablenut9

How big is the area? How many trees could be blocking where you want to receive a signal?

Cablenut9

DHCP client gets all the information from DHCP server. So if clients of your MT DHCP server don't get default route, you should configure DHCP server appropriately. That's not the problem, the problem is the DHCP client on the Mikrotik device (NOT the devices behind its NAT) itself can't get DHCP w...

Cablenut9

Have you tried Netinstall?

Cablenut9

I have the client ROS device set up as a NAT (in station mode) with its own DHCP server behind that "walled garden" and that part works just fine, so to the non-Mikrotik access point the client device just looks like one thing with one DHCP client. It can ping other devices on the local ne...

Cablenut9

I found a very suspicious-looking wiki here: https://www.cablefree.net/support/radio/software/Manual:TOC which looks like a carbon copy of RouterOS' wiki. It seems like "Mikrotik" has been replaced by "CableFree" and "RouterOS" is now "RadioOS." Also, both Mik...

Cablenut9

Here's something that might help: https://wiki.mikrotik.com/wiki/Manual:Wireless_FAQ Why I can't connect to MikroTik 802.11n AP with Apple Mac devices? This problem is only seen on Mac devices based on Broadcom wireless chipsets. In order to connect with such wireless device to MikroTik 802.11n AP m...

Cablenut9

I've been having this oddball problem with my mANTbox 19s and Metal 52ac where when in station mode, they can't get DHCP on a network when the access point is not from Mikrotik. I tried everything including factory resets and updating to 6.48. Weirdly, they get DHCP when in station-pseudobridge mode...

Cablenut9

Have you monitored the network bandwidth usage before and during these spikes?

Cablenut9

Actually, the wifiwave2 contains spectral scan kernel module - it's just not used for anything (yet?). But main limitation is the version of the radio chipset, AFAIK you have to pay more for advanced version that supports features like spectral scan, phase constellation view and TDMA/GPS timesync a...

Cablenut9

For example, another crew working on a near-by tower at the same location had their RF-monitors on their climber's gear show high RF energy fields , and as a result , they had to take a few days off from work. Well, that's the FAA's problem for using their multi-jigawatt radar in vicinity to those ...

Cablenut9

Metal 52ac does have ac radio so it doesn't support spectrum scan. I'd think so, but the Wiki states "ac devices do not support spectral scans (e.g. QCA98xx, IPQ-...)" and all devices with that chip are pure 5GHz, while the 52ac has support for both and has a different range of chip where...

Cablenut9

I know that the pure 802.11ac devices don't support spectral scanning at all. However, some of them (Metal 52ac) are dual band and so support 2.4GHz too which has no .11ac component because ac is only for 5GHz. Do these support spectral scans for 2.4 or will I have to get some old 802.11n AP just fo...

Cablenut9

I haven't had any problems with this, but here's a tip: What I would do is get some cheap Groove (the 802.11n version) and use spectral scanning to see the exact frequencies and bandwidths they're using. They could well be using just a part of the DFS band and so you can change the channel used.

Cablenut9

Given that this will be branded as Wifi 6E, a subset of 6, and that the Mik has no real 6/ax hardware yet, I wouldn't expect it anytime soon.

Search found 174 matches