MikroTik

ffries

Hello. Upgrading My CCR2004-1G-12S upgrade to latest beta failed with message: ccr2004-1g-12s: upgrade failed, free 209 kB disk space for a (null)upgrade I see no special data on disk ... I removed the wifi package without any modification. Uptime 00:10:24 Free Memory 3866.9 MiB Total Memory 4096.0 ...

ffries

Okay, sorry for the confusion. The signal is below -65 dbm and the information was confirmed up.
It is only the message CRC status "Error", which seems to be confusing.

Is everything Okay?

ffries

I am still having a lot of errors on my two LR8 Lorawan gateways. I don't know what happened with those products but for 6 months it seems to be a real mess. Capture d’écran du 2023-12-28 13-23-41.png Capture d’écran du 2023-12-28 13-27-50.png The LR8 is equipped with a 7 Dbi Mikrotik antenna it use...

ffries

Fixed in latest released.

ffries

Wap LR8 Lora is fixed and start automatically, thank you!

ffries

netinstall-cli 7.x is broken under Linux and I was never able to use a recent cli older than 6.x.

ffries

Also in webfig (don't know for CAP)
https://IP/webfig/#Wireless.Configuration

ffries

I don't recommend to link your main switch directly to an outdoor PoE. I am planning to mount a WAP-LR8 with antenna on a high roof. I am planning WAP-LR8<->small PoE switch<->fiber SFP<->main switch. The advantage of Fiber is that it will protect your main switch for a direct strike.

ffries

Scheduler script works with latest RC.

ffries

I tried to create a script and run the script from scheduler on startup.
Does not work at all... Need help.

ffries

I received a reply from support: this is a known problem. A script should run on startup using scheduler. So I added this script in scheduler to run on startup: :delay 10000ms; /iot/lora disable 0 set 0 name="eui-xxxxxxxxxxxxxxxxxxxxxxx" set 0 servers="TTN V3 (eu1)" set 0 channel...

ffries

Well I just configured antenna gain to 6 and TX to 22 and it boosted speed a lot! Thanks.

ffries

Any update on that issue, thanks!
Opened SUP-129874.

ffries

Dear friends and dear community, After upgrading my two Wap LR8 to 7.11.2, I installed IoT package and removed the lora package. Now Lora does not start by default and the LoRa network is forgotten by default. Is there a way to netinstall Wap LR8 with correct settings so that LoRa starts by default....

ffries

I am using an hAP AX3 and I am very happy (way better than other solutions). You are using two different SSID for 5Ghz and 2.4 Ghz. My experience in a concrete building with 80 m2 would be to se the same SSID and let the client choose the best transmission. Also don't look at speed indicated by wire...

ffries

Dear all, I am using two WaP LR8 Lora access points in France and I might be using more of them. I like to good design of the WaP LR8 and the fact that the casing is not sealed, i.e. it has a minimum air flow so it can dry. In my two locations, the WaP LR8 seems to be very resistant to harsh weather...

ffries

fun fact.. lora lr8 it also forgets which server it should be using after every reboot... using "TTN v3 (eu1)" usually... You may be having the "some configuration forgotten at reboot" issue that has appeared in v7 for several people. Try to export your config (and download it),...

ffries

Lora is still broken. After each reboot: * Lora does not start automatically * Server address is lost * Antenna gain is lost I can only pray for those user 100 km away from the LoRa station, who will need to go by foot, air or any means and fix this on site. Poor users. Finally I feel quite happy to...

ffries

After updating my knot lr8 kit from 7.10.2 to 7.11 lora gateway seems to be disabled after reboot. it is reproducable by rebooting the device.. even though i manually started the gw, it remains enabled only till a reboot I can confirm this on my two wap-lr8 gateways. I migrated to iot package and r...

ffries

Dear all,

Sorry to ask a silly question bu how do you translate an Ipv4 topology based on filtering vlans to IPv6? I have IPv4 firewalling rules based on vlans ans subnets. How tontranslate them ?

Kind regards

ffries

I am using 6 routers/switches/Aps always with Router OS. Two things I would love : 1) apply a setting or a group of settings to all my devices. 2) manage ipv6 transparently in firewalling rules. Habing duplicates rules is stopping most users. It is only recently that I implemented IPv6 rules. Ipv4 c...

ffries

The answer is here: https://help.mikrotik.com/docs/display/ROS/Ethernet tx-flow-control (on | off | auto; Default: off) When set to on, the port will generate pause frames to the upstream device to temporarily stop the packet transmission. Pause frames are only generated when some routers output int...

ffries

Dear all, How important is it to set RX/TX flow control on interfaces ? For example I don't understand the difference between ON and AUTOMATIC. Shoudn't Flow control be set to Automatic always and why is it not set by default? I have a feeling that RX/TX automatic flow control allows a better detect...

ffries

I cannot sure, but Wireguard seems to have problems on latest 7.11 beta4. I am using wireguard between my house and summer house. CCR2004 (house) <-> RB5009 (summer house) over wireguard I am also using EoIP to fetch IP TV from my house which needs ipv4+ipv6. So both devices have a small additional ...

ffries

Since 7.10 the hap AX3 seems more stable:

Uptime		3d 04:15:44

ffries

Thanks.

ffries

Dear all,

I enabled vlan filtering on the CRS212-8P-4S and speed drops instantly to 60Mb/s instead of 1Gbit/s.

Does it mean that I should use switch feature?
Will this allow me to reach full wire speed?

Kind regards,

ffries

End of story, I need EoIP with vlan tagging.
I will publish my configuration when finished.

A lot of users need such a feature.

ffries

Dear all,

I am wondering whether RouterOS wireguard supports IPv6.

In recent RouterOS 7.10rc changelog, I can read:
*) wireguard - fixed IPv6 traffic processing with multiple peers;

But nothing is printed in documentation.
Could someone explain how to use Wireguard with IPv6 support.

Thank you.

ffries

Dear all, "home" is my main house. "coutryside" is my house on the countryside. Both are equipped with recent Mikrotik hardware and connected with wireguard. HOME I can watch two IP TV screen simultaneously (OQEE) on a local vlan. Authentication is done over ipv4 and IPtv needs i...

ffries

Same issue here, I am using 7.10rc1 + hAP AX3 with WPA3 only (using plain dump hardware with no filtering).
Can stay 1 or 2 days and the WIFI is no longer visible and I have to reboot.

I just disabled PMKSA to test if things improve.

ffries

Thank you very much. This is an investment between 300€ to 400€ looking on French sites. - 2 x Solar panels 100Wc Mono, up 1000Wh per day - 1 x charging regularor 12/24V 20A - 1 x battery 100Ah 12V (1200Wh) PLUG AND PLAY I will probably build everything in July, thanks. The spot if very nice, I don'...

ffries

Thanks. Some vendors provide kits with a 12v battery, a charger and solar panels. This is ideal for camping. So I am quite confident that I should invest in a 12v solar kit. The problem is that Mikrotik indicates 7W maximum for the wAP R8 but I don't know the voltage (9v-30v). So I cannot calculate ...

ffries

Dear all, I own a small hill 100m above my summer house with 160° view on 20 km around. It is ideal place to install a LoRaWan gateway. I am on top of a commercial 4G tower (maybe 50 meters higher and 2 km away). I have a direct sight from my summer houses to the top of the hill. The wAP LR8 is work...

ffries

Hello, After some investigation I realized that the Helium network could be a Ponzi Scheme. 50% of nodes are now down. Buyers invested in expansive stations, sometime around 500 USD. The money was concerted to HNK crypto and this was used to reward communications between stations. Some nodes even do...

ffries

Dear Friends, I made some progress in understanding the Helium Network and its recent evolution. At present, Helium Full hotspot need to synchronize the blockchain and this can take 2 or 3 days. Also this is very resource consuming and cannot work on the long term as the blockchain would be huge. So...

ffries

I registered the feature request to add Helium support to the wAP LR8/LR9, at least using the Helium Light Gateway
https://github.com/helium/gateway-rs

SUP-111738

I would appreciate Mikrotik to give the community information about a possible Helium support in near future.

ffries

To make sure I understand, in the wap-LR8 documentation it is written: https://mikrotik.com/product/wap_lr8_kit wAP LR8 kit – an out-of-the-box solution to use LoRa® technology. This kit contains a pre-installed UDP packet forwarder to any public or private LoRa® servers So it means that if I am abl...

ffries

I guess the relevant project would be:
https://github.com/helium/gateway-rs

Unfortunately, there is no package for Mikrotik wAP LR8.

I am completely lost. I don't understand why at some point the wAP LR8 should not be connected to the Helium Network.
Or is it incompatible? Please advise.

ffries

I found this information:
https://docs.helium.com/mine-hnt/full-h ... operation/

I still don't understand howto connect to the wAP LR8 ...

ffries

Dear all, I am running a wAP LR8 on the country-side in France running on the thethings.network I wonder if this would be of any interest in joining the Helium network? My network is composed of a NAS running docker 64 bit and the wAP LR8. Do you have any experience in joining the Helium Network. Is...

ffries

Sorry to say, but the above response was from a spam account using chatGPT to generate responses :( Thank you. Sorry for the confusion. Finally I purchased also a TrackerD GPS/BLE tracker and a LHT52 LoRaWAN indoor temperature sensor. https://www.dragino.com/products/tracker/item/234-trackerd.html ...

ffries

Thank you for your information, Just a quick note that I purchased an open-source Kit from OLIMEX: LoRa-STM32WL-DevKit https://www.olimex.com/Products/IoT/LoRa/LoRa-STM32WL-DevKit/ Unfortunately I could not purchase the ublox antenna with UEXT This product is also part of the SoftRF project: https:/...

ffries

Dear Friends, I own a wAP LR8 kit with Omni antenna, which is now installed on the country side and registered on TheThingsNetwork. It works very well, I can see connections in and out but I still don't own any LoraWAN devices. I would like to implement LoRaWan GPS tracking in my car (in case it is ...

ffries

Dear all,

I would like to register my Mikrotik products online.
How to register them? Is that of any interest?

Kind regards,
FF

ffries

Thank you for these information. I purchased a small dump 5port switch as I was using a direct cable and that may have created problems. Will keep you informed ... Also I would like to understand something. Why should I use Netinstall vers 7.x.y with Router OS version 7.x.y and not an older netinsta...

ffries

https://forum.mikrotik.com/viewtopic.php?t=182373 Paragraph H Trick Keep pressing reset until the device shows up in netinstall (works for both Windows and Linux) Thank you for these valuable information, I will try to start Netboot device first pressing reset button and start netinstall server. Is...

ffries

I experienced the same issue with the Intel AX200 wireless card. This is a known issue: if you are using dual boot Linux + Windows, you should disable FastBoot in Windows. There are many tutorials how to do it. After disabling FastBoot, I can connect 1200/1200 within 2 meters of the hap AX3 under Li...

ffries

It could be my Debian station returning false information about the AP.
The WPA3 only I guess, not WPA2/WP3 transitional.

ffries

Dear Friends, I restricted my settings to CCMP and WPA3-PSK and the AP is still seen as a WPA2 AP: Settings: set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=all .width=20/40/80mhz configuration.country=France .mode=ap .ssid=XXXXXX disabled=no \ security.authentication-types=w...

ffries

Sorry for late reply, here are my problems about Netinstall:
viewtopic.php?p=980360#p980360

For information, the CCR2004, the RB5009 and the hapAX3 were purchased from official resellers.
But I did by two switches on the equivalent of eBay in France (LeBonCoin).

ffries

Dear friends, On the hAP AX3, I would like to restrict to WPA3 and not WPA2/WPA3 transitional mode. set [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=all .width=20/40/80mhz configuration.country=France .mode=ap \ .ssid=XXXXXXXXXXXXXXXX disabled=no security.authentication-types=...

ffries

Hello, Here are some questions, for which I searched answers, so it might be better to ask here: 1) There are exploits available to root RouterOS devices and I would like to know what is made at Mikrotik to mitigate those exploits. 2) Also, how to test whether a router was rooted by an exploit. The ...

ffries

Just a quick note that I bricked the hap AX3 twice and had to reboot in factory mode. The Netinstall never displayed any information indicating that netinstall was pending and the HAP was bricked twice. So I stop here. All (Netinstall and RouterOS) were in latest 7.8beta2. And previously under 7.7 I...

ffries

Hello, I am trying to run netinstall 7.7 to reinitialise my hap AX3 device with bootp, but it does not work. The hap AX3 has been upgraded to Router OS 7.7. The script is the same as what I used for 6.x netinstall, so please help me. #!/bin/bash systemctl stop firewalld IFNAME=enp0s31f6 /sbin/ip add...

ffries

Thanks for the information.

I realize that even under OpenWRT the firmware is stripped down to fit low RAM of 128MB.
So I am reselling my 3 x hap AC2 today and I purchased an hap AX3 for testing.

ffries

First thank you all for your answers. Yes, I read the log, it says "installing package ...". But the version is not 7.6 factory, so it seems that Mikrotik information is quite outdated. I would expect to upgrade the CCR2004 to 7.6 factory firmware. I got bored and upgraded from 7.6 to 7.7 ...

ffries

Same issue with the hap ac2. I cannot upgrade it to factory software 7.6

ffries

Hello, Sorry for my late reply. Yes, factory firmware can be upgraded, as explained here: https://help.mikrotik.com/docs/display/ROS/RouterBOARD#RouterBOARD-UpgradingRouterBOOT A special package is provided to upgrade the backup RouterBOOT (DANGEROUS). Newer devices will have this new backup loader ...

ffries

Dear all,

Is there any chance to see the hap ac2 run wifiwave2 in a near future ?
I am interested in capsman and WPA3.

I have 3 x hap ac2 and I might install them with OpenWRT on the converse.

Please advise, should I stick to OpenWRT?

Kind regards,
FF

ffries

Setting watchdog timer to zero will disable watchdog. Then fix your networking problems.

ffries

When I reinstalled on of my routers I had the same problem and after netboot reinstallation (took me lot of time) this watchdog problem was gone. You may also disable watchdog. You can enable ping Watchdog by specifying an IP address and you can disable the software Watchdog by unsetting the Watchdo...

ffries

I opened bug SUP-105018.

ffries

Yes factory firmware can upgraded as explained on the webpage:
https://help.mikrotik.com/docs/display/ ... RouterBOOT

I could upgrade firmware on the rb5009 to 7.6 but not on the CCR2004.
Is this a bug?

ffries

Hello, Following UpgradingRouterBoot document https://help.mikrotik.com/docs/display/ROS/RouterBOARD#RouterBOARD-UpgradingRouterBOOT All hardware were 7.6 when trying to upgrade factory firmware. I could upgrade firmware to 7.6 on RB5009UG+S+: /system/routerboard/print routerboard: yes model: RB5009...

ffries

Dear all,

I am quite surprised that Mikrotik RouterOS DNS cache strips DNSSEC information.
This allows man-in-tje middle attack inside a network.

So +1 for cache DNSSEC support.

ffries

Thanks.

How can I protect against ARP poisoning?
I set up static ARP and static IPs, what can I do more?

ffries

For Layer 3 anti-spoofing:
Code: Select all
/ip settings rp-filter=loose
which does RFC3704 anti-spoofing, https://help.mikrotik.com/docs/display/ROS/IP+Settings

The firewall also does too, but depends on what you have configured .

Great thanks!

Will this also protect me from ARP poisoning?

ffries

Hello,

There is little documentation on RouterOS anti-spoofing protection.
Could you point out some documentation about anti-spoofing protection in RouterOS?

I set up static IPs and static ARP.
What can I do next?

Or is ARP anti-spoofing a lost war in advance?

Kind regards,
FFries

ffries

OK, I will remove them. Thanks.

ffries

Each RouterOS switch obtains an IP address on each VLAN Why???? When you do not want that, do not configure it that way! You probably have DHCP clients configured on each VLAN. Remove that. Hello, No these are static IPs on /24 netmask on each VLAN. I modified setting with static /32 netmask which ...

ffries

Dear all, First I would like to wish you a happy new year 2023. I am using several RouterOS switches with separate VLANs. Each RouterOS switch obtains an IP address on each VLAN. This makes all switches accessible on each VLAN, which might cause security issues. I don't understand why each switch ha...

ffries

https://github.com/vfreex/mdns-reflector
is also a good candidate and has Docker files.

docker pull yuxzhu/mdns-reflector:latest

Anyhow I don't know the internal and security implications.
There is a previous post about mdns-reflector.

ffries

On a Mac, there is a command "dns-sd -Z" that outputs the LAN's DNS records from mDNS broadcast, into a DNS zone file that can be use in a DNS server. I presume some similar tool exists for Win/Linux. Only issue is Mikrotik's DNS doesn't support one of the DNS type (PTR), so those records...

ffries

Hello, Thank you for the hard work and happy new year. I would like to set up SELKS IDS to monitor a Mikrotik CR2004 router (without active response). I am planning to run a dedicated server for SELKS with KVM. Before anything, I need to understand: 1) Should I install a complete Debian system with ...

ffries

I’m new here, just waiting on the arrival of my new Mikrotik router which I was really excited about… am I to understand that in (almost) 2023 mDNS is NOT a feature of Mikrotik routers?? I have a house full of IOT devices and use Home Assistant to bridge everything beautifully to homekit for me. Al...

ffries

The TL;DR version is the RFC answer to dealing mDNS needing to span the local network/segment is actually RFC6763, https://www.rfc-editor.org/rfc/rfc6763#page-30 which is SD-DNS part of mDNS. Essentially if you add _whateverservice._tcp... in the "real" DNS, you can always have a device b...

ffries

If you have a recent-enough router (one that supports containers) you can use https://github.com/mag1024/mikrotik-docker-mdns-repeater to run the repeater directly on the router, without a VM. The veth interface has no firewalling (as far as I know on other systems). So how to make sure that only t...

ffries

Hello, First make sure you are running / upgrade to latest RouterOS on the RB5009. Do you mean "Delta Networks": French ISP hardware, Freebox Delta? It is well-known that the Fiber cable in the SFP+ on theFreebox Delta side is too hot and is underpowered. When the SFP+ fiber module gets to...

ffries

+1 for mDNS repearter.

I don't want to run an additional computer just for mDNS.
OpenWRT offers an mDNS package, you may use it.

ffries

I did a similar iperf3 testing using another OpenWRT AP with a quad-core modern ARMv8 CPU and SIRQ shows 20% usage. So I believe that Wireless is a single core process, which needs massive IRQs and eats-up CPU time pretty fast. The only drawback of the hAP ac is to be single core and adding more CPU...

ffries

I can confirm that the hAP ac is a very fast wireless device. With two radios (it has three), the speed is around 360 Mbits/sec, which is close to the maximum theoretical speed: iperf3 -P4 -c 192.168.10.12 Connecting to host 192.168.10.12, port 5201 [ 5] local 192.168.10.102 port 56250 connected to ...

ffries

I finally as able to install OpenWRT using bootp support : * First booted into OpenWRT 19.07 using bootP and dnsmasq * Installed OpenWRT 19.07 * Upgraded to OpenWRT 20.03 latest rc candidate without keeking settings I can confirm that the RB962UiGS-5HacT2HnT (hAP ac) "unofficially" support...

ffries

Dear friends, I am trying to boot the hAP ac over OpenWRT using bootp and I am having hard times. Already spend between 15 and 20 hours hacking in vain (I don't know really for sure). At some point, after wasting hours following the OpenWRT tutorials, I am thinking about serial access. I plugged to ...

ffries

Sure, I will report when receiving the APs, with pleasure. One limitation with Mikrotik is that they are part of the WIFI alliance. So going through certification of WPA3 for an old device is probably too time consuming. On the converse, OpenWRT does not certify WPA2/3, it is simply the best referen...

ffries

European EID / OpenSC support.for.authentication.
Two factor authentication
I don’t want all my eggs in the same basket if this is not secure.
Open source and open standards eunning in containers and GNU/Linux
Peer review and certification of code by public agencies

ffries

Hello, My summer house is in the middle of nowhere but it has fiber access. The smallest town (200 inhabitants) is 2 km away and the nearest baker 12 km. The whole department has fiber access and fiber is coming everywhere I guess. Orange announced that it would remove all copper wires and sell them...

ffries

Dear all, I am using SFP modules because in my summer house, I plan to use only fiber network. I am currently implementing a wired network and I see no interest in using copper network. I am using fiber networks whenever possible (even with ethernet converters) and plugging everything I can to wires...

ffries

Dear all, I purchased five RB962UiGS-5HacT2HnT (hAP ac) access points which will be used in my home. The network topology is quite simple : router => 5 access points. I am replacing a couple of OpenWRT access points. I will be using fiber for the network. My question are : 1) Can I use WPA3-EAP (not...

ffries

790Mbit/s is relatively slow compared to IPSEC accelerated with AES-NI.
You should use iperf3 for proper testing, furthermore did you use the 10Gb/s SFP+ port or the 2,5 Gb/s Ethernet port?

ffries

Any idea of the CCR2004-1F-12S+2XS Wireguard speed?

ffries

Hello,

I wonder what is the comparable speed of IPsec v.s. Wireguard between two CCR2004-1G-12S+2XS (with IPsec AES acceleration).
Does it make sense to compare speeds? I guess IPsec is faster, please correct me if I am wrong.

Thank you

ffries

After upgrading to RouterOS Latest beta, there is no longer fan noise. Noise was also due to a 10Gbit SPF+ Ethernet connector. 10Gbit SPF+ Ethernet connector goes up 90°C until the fan cools it. It is an infinite loop and cannot be avoided. As a result, I no longer use copper and only fiber, tempera...

ffries

Next question: how to disable Woobm-USB on a Mikrotik device?
i.e. how to disable USB completely.

ffries

Many thanks for the information.

ffries

Inter-vlan speed was fixed in latest RouterOS release.
The CCR2004 can now reach wire speed in inter-lan.
As a result, routing is also faster.

I could not measure the real speed for lack of proper hardware.
But it seems now rock-solid.

Thank you Mikrotik team.

ffries

What about random reboots by watchdog on ccr2004 ?
We are still getting at stable 7.1.1

The CCR2004 is no longer rebooting.
If you are using vlans, speed at least doubled (I could not measure as it saturates my network).
CPU utilization is down, so it cannot harm on the reboot side.

Have fun!

ffries

After upgrading to latest Beta on my CCR2204 I can reach 10 Gbit/s in inter-vlan filtering.

*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;

Thank you very much for this long waited feature.

I no longer want to sell my CCR2004 ...

ffries

The issue was fixed with latest beta v7.2rc3. *) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled; After enabling fast-path, I can reach wire speed in inter-vlan filtering. Routing is also way faster as a result ... So setting this issue to FIXED. User...

ffries

Dear all, I am running GNU/Linux, so I am using only serial console and https admin. Currently, I am testing the RB5009UG+S+IN and I locked it with a wrong IP firewall rule. Is there a way to unlock it? I am quite surprised there is no unlocking rule (like under OpenWRT),. I am thinking about allowi...

ffries

In the video there is a non-full-width CCR2004. Are there any specs or for this yet?

I would like to buy it ASAP as it seems to be fanless. Is it available?

ffries

Thank you for clarification. I set up a bonding uplink to the CCR2004 and now intra vlan routing is worse: [ ID] Interval Transfer Bitrate [ 5] 0.00-3.78 sec 0.00 Bytes 0.00 bits/sec sender [ 5] 0.00-3.78 sec 516 MBytes 1.15 Gbits/sec receiver 1.15Gbit/s on one stream and 2.5 on two streams from vla...

ffries

Looking at the diagram, there are two full-duplex 25gbit/s links linking the CPU to the port extender. If traffic is flowing through the CPU, the maximum theoretical inter VLAN routing speed is limited to 25Gbit/s. This also suggests that the CCR2004 is not the right hardware for managing inter vlan...

ffries

There are methodological problems in my testing: * There could be a limit with my network card (fiber) showing 6Gbit/s on the same VLAN (so direct connection using a Mikrotik switch). Maybe the limit is the other host, maybe I need a larger MTU (jumbo frames), I don't know precisely. I will soon rec...

ffries

The 2004 setup is a very simple setup with VLANs and out on the same device. Since latest 7.2rc upgrade inter vlan speed went up to 3.5 Gbit/s so I don't need more speed as this is a home setup. For me the issue is closed. I will only compare speed to the RB5009US+S+IN as I supect that the switch co...

ffries

Thanks a lot for all the information. I purchased the two fanless switches and sold the other. My home room is now completely silent. I use two passive DAC to link them with LACP. The only issue is that sometimes the 10Gb copper connector goes beyond 92° and gets disconnected. So I am planning to re...

ffries

I think the wAP LR8 kit suits my needs and includes all what is needed. No need to answer this post.
https://www.thethingsindustries.com/doc ... uterboard/

The free community is there:
https://www.thethingsnetwork.org/

ffries

Dear friends, I would like to set up a LoRa gateway in my summer house to monitor temperature and humidify. At the same time, as this is a rural area in France, I would like to offer free access to a small village 2 kilometers at sight. I don't know precisely who would use LoRa, probably farmers and...

ffries

Could you inform us about fan speed. I might be interested to buy one ASAP if there is no fan speed in a home environment with little traffic.

ffries

By the way it seems that latest 7.2 RC increased vlan interrouting on the CCR2004 from 1.5Gbit/s to 3 Gbit/s.
Maybe a switch was the culprit, since I upgraded speed doubled.

I will compare with the RB5009UG+S+IN but this is quite a dramatic increase ...
It was A BUG.

ffries

Many thanks.

ffries

I bought one for testing and comparing with the CCR2004-1G-12S+2XS in single threading.
Any information is welcome.

ffries

Hello, I am using a CCR2004-1G-12S+2XS and it has poor results in routing and inter vlan filtering. Routing is around 1Gb/s and intervlan around 1.5Gb/s. This is far less than the spec, it is because I am testing with single threads and iperf3. The CCR2004-1G-12S+2XS does not have a switch chip, thi...

ffries

Many thanks.

So I wonder why most 10Gb/s switches show the SFP28 as "supported".
What is the interest if speed is limited to 10Gb/s?

ffries

Dear all, I might be interested in buying some XS+DA0001 25G SFP28. Simple questions : when the block diagram of a switch shows speed limited to 10Gb/s and the 25G XS+DA0001 is supported, can the XS+DA0001 25G SFP28 go further and reach 25Gb/s. My understanding is that speed is limited to 10Gb/s of ...

ffries

Forget about the CCR2004-16G-2S. I see in the block diagram that the SFP+ interfaces is not connected to the switch chip, but directly to the CPU. So the switch chip will not speed up SFP+ connections. What about the CCR2116-12G-4S+ All interfaces are connected to the switch chip, so it is suitable ...

ffries

Hello, I am interested in the new CCR2004-16G-2S+ but this is for home use and I wonder it there is some fan noise. I am using previous model CCR2004-1G-12S+2XS which has an external cooler and makes absolutely no noise. Unfortunately, the CCR2004-1G-12S+2XS lacks a switch chip and hardware accelera...

ffries

First of all, many thanks for your help (I could not make it alone). I can report that the MikroTik CRS309-1G-8S+in is now operating fanless. I guess "+in" in product name means home use but it is also rackable. I returned all other hardware (and saved quit a bunch of money). i will also s...

ffries

Thanks for clarification.

I purchased a MikroTik CRS326-24G-2S+in and a MikroTik CRS309-1G-8S+in linked with 10Gb fiber.
Tomorrow, I will ship back all other routers.

ffries

Thank you for clarification.

ffries

I purchased a CRS309-1G-8S, end of the story.

I will link it to a fanless L2/L3 switch with 2 SFP fiber connectors (LACP link aggregation).
Should work like a charm ...

Thank you all for your comments.

ffries

To describe the situation, the switch is running with: * 2 S+RJ10 (10Gbit/s copper) * 8 S-RJ01 (1Gbit/s copper) * 2 SFP+ fiber modules All are very cool around 30°C, except the 2 S+RJ10 10gbit/s, which are 70°C. The S-RJ01 are not reporting any temperature, but are very cool. So the sole reason why ...

ffries

I found a more suitable way to do it. Under ReOS 7.1, in services, I restricted access to a single subnet: /ip/service> print Flags: X, I - INVALID Columns: NAME, PORT, ADDRESS, CERTIFICATE, VRF # NAME PORT ADDRESS CERTIFICATE VRF 0 X telnet 23 main 1 X ftp 21 2 X www 80 main 3 ssh 22 main 4 www-ssl...

ffries

From my understanding, if I want fans to stop spinning, I need
* A small fanless 1G swith (my old L2/L3 switch). All 1Gb RJ-45 connectors should go there.
* A 10Gb switch with only fiber SFP+ modules.
linked using two SFP connectors with LACP.

End of the story I hope.

ffries

Temperature of CRS317-1G-16S+] SFP+ connectors are: * fiber : 39 C * 10Gb : 76 C * 1G: 72 C Stating Mikrotik documentation: CPU and SFP temperature If CPU or SFP temperatures exceed 58C, the fans will start to spin. The higher the temperature, the faster the fans will spin. For devices with PWM fans...

ffries

The CRS317-1G-16S+ arrived today. The fans are spinning very fast because of SFP+ temperature (around 77°). I need to check what is going on ... or I will ship it back. [admin@CRS317-1G-16S+] /system/health> print Columns: NAME, VALUE, TYPE # NAME VALUE TYPE 0 temperature 77 C 1 cpu-temperature 41 C...

ffries

Could upgrade my new CRS317-1G-16S+. Works well.

ffries

Hello.

Can it run silently for home use?
Will the fans spin all time?

ffries

I can report that those devices work well:
CCR2004-1G-12S-2XS
CRS312-4c-8xg-rm

ffries

On the CCR2004 fans are running idle with those values:
0 temperature 65 C
1 cpu-temperature 47 C
2 sfp-temperature 65 C

Like the CCR2004 but I am confident that fans will remain idle.
I think the switch problem is the non-ARM CPU which needs cooling.

I will report back on Saturday, stay tuned.

ffries

Dear all, To make it short, my setup is a normal setup with: CCR2004-1G-12S+2XS router <=> CRS312-4C+8XG-RM switch with VLANs <=> 10gb devices (fiber or RJ-45) Testing with iPerf3, here are the results for single threads (one TCP steam): VLAN A to Internet : 2 Gbit/s or more (fiber line limited to 2...

ffries

I am getting back on this issue because I received new hardware for testing with true 10Gb cards. I can confirm a NAT speed on one thread of 2Gbit/s on the CCR2004-1G-12S+2XS on a fiber line of 2.5Gbit/s On multiple threads I can reach the limit of 2.5 Gbit/s without problem. So this is okay for me....

ffries

Sorry for my late answer:
I purchased a CRS317-1G-16S+RM
Dual ARM cpu, 16 SFP+ cages, fully accelerated.

ffries

This is perfectly viable, thank you.

ffries

I trashed the Mikrotik crs312-4c-8xg-rm and purchased a Mikrotik ARM switch. This is way more expansive, but I hope that it will fix fan noise issue. Of course I don't recommend buying the Mikrotik crs312-4c-8xg-rm for home use, unless it is sitting in an isolated lobby, in the garage or in a server...

ffries

As a comparision, on the CCR2004: @CCR2004-1G-12S-2XS] /system/health> print Columns: NAME, VALUE, TYPE # NAME VALUE TYPE 0 temperature 65 C 1 cpu-temperature 47 C 2 sfp-temperature 65 C 3 switch-temperature 49 C 4 fan1-speed 0 RPM 5 fan2-speed 0 RPM 6 board-temperature1 44 C 7 board-temperature2 40...

ffries

Dear all, I am going to give a last try changing fans before I dump the CRS312-4C+8XG. I want to go silent in the living room and I am prepared to invest for it. Could you confirm what fan model I should buy: how many fans I should buy, I guess 4 pin (adjustable speed) and thickness. Is there any ad...

ffries

My living-room sounds like a plane landing-off : $ system health print Columns: NAME, VALUE, TYPE # NAME VALUE TYPE 0 temperature 40 C 1 cpu-temperature 49 C 2 sfp-temperature 40 C 3 phy-temperature 56 C 4 fan1-speed 6465 RPM 5 fan2-speed 6060 RPM 6 fan3-speed 6285 RPM 7 fan4-speed 6165 RPM 8 psu1-s...

ffries

Thanks. I am comparing with the CRS2004 because it has a nice cooler on the back and it really runs silently. Currently, the crs312-4c-8xg-rm fans are running low: [xxxxxxx@crs312-4c-8xg-rm] /system/health/settings> /system/health print Columns: NAME, VALUE, TYPE # NAME VALUE TYPE 0 temperature 40 C...

ffries

I am running CCR2004-16G-2S+ 7.1rc6 without problem.
Latest versions are always preferable.

If you are scared by an upgrade, you can wait a few days before upgrading to a new RC and read user comments.

ffries

Perfect, thanks, this is what I need.

ffries

Dear all, I am presently running a Mikrotik crs312-4c-8xg-rm 10Gb switch. It is a very good switch except that it is sitting in my living-room and making a lot of noise. I am also running a CRS2004 router with passive cooling. Fans are present, but never running. So I would like to change and buy a ...

ffries

Dear all, RouterOS allows to disable LEDs but this is not always possible. Examples: CCR2004-1G-12S+2XS and CRS312-4C+8XG Normally, all LEDs should be controllable (by RouterOS). But RouterOs says that LED cannot be switched-off. Another example, I purchased a CRS305-1G-4S+in for my parents and it i...

ffries

Dear Support, Using RouterOS on Mikrotik routers and switches, I did not find a simple way to restrict access to Web admin on a particular VLAN for security purpose. Web admin is accessible on the main bridge, so it is accessible from all VLANs (on routers). The only way to restrict access is to use...

ffries

Dear Mikrotik support, First, many thanks to your team for the hard work. I support European products and I am very happy with your products. I would like to report the issue of fan speed on Mikrotik switches. CRS312-4C+8XG is installed with RouterOS 7.1 rc5 and sitting in my living room. The switch...

ffries

Dear Friends, I jump on this issue to find a suitable solution. The CRS312-4C+8XG is sitting in my living room and installed with RouterOS 7.1rc5. Still, from time to time, ever with very little network activity, the fans are turning with some noise. The noise is less than with swOS but still it is ...

ffries

No this is Debian GNU/Linux.
I never use Windows.

My laptop is a Lenovo x270 with USB 3.1 gen1.
I will get a x280 USB3 gen2 with USB 3.1 gen2 and 40 Gs/s thunderbolt.
This will allow me to use a 10Gb/s thunderbolt to sfp+ with fiber adapter.

ffries

This is a QNAP QNA-UC5G1T USB 3 dongle:
https://www.qnap.com/fr-fr/product/qna-uc5g1t

Unfortunately, I don't have a thunderbolt interface.
Maybe when I switch laptop...

ffries

Qnap indicates that to reach 5Gb/s it is recommended to set jumbo frames with MTU 9000. https://www.qnap.com/en-us/product/qna-uc5g1t Does it sound reasonable? here is the kernel information: odinfo aqc111 filename: /lib/modules/5.10.0-8-rt-amd64/kernel/drivers/net/usb/aqc111.ko license: GPL descrip...

ffries

I connected at 2.5Gb speed autonegociation and the results in downloading are still bad: iperf3 -R -p 5209 -c ping.online.net Connecting to host ping.online.net, port 5209 Reverse mode, remote host ping.online.net is sending [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 92.0 MBytes 77.2 M...

ffries

Upgraded from v7.1rc4 to rc5 on RB5009, rebooted and I can't connect to VPN based on IKEv2 with RSA authentication anymore. Windows 10 gives an error "The error code returned on failure is 13816". Haven't tried with macOS. If that fails too, looks like I will have to visit a client in off...

ffries

Good point, thanks.
Speed was negotiated automatically at 5Gb.
I will test with 2.5 Gb and report.
I think I will disable 5Gb to allow 2.5Gb and 1Gb speeds.

ffries

Good point, thanks.
Speed was negotiated automatically at 5Gb.
I will test with 2.5 Gb and report.

ffries

Just a quick note that the CCR2004-16G-2S+ is out !!! It has two switch chip with 16 GB connectors and two SFP+ for uplink, but no passive cooling. The SFP+ cases are not linked to a switch chip so tagging/untagging probably happens in CPU. https://i.mt.lv/cdn/product_files/CCR2004-16G-2S_210931.png

ffries

testing shows that the USB3 dongle is limited to 3.5gbit. It is also quite unstable.
As written before, this kind of hardware is not suited to elaborate an analysis, so I am stopping here.

ffries

Further testing shows that the bottleneck if lying on my side: * I am using two USB3 5gb dongles which appear to be limited to 3.5Gb. * My ISP fiber line is limited to 2.5 Gb downstream. * I need an additional switch and additional computers with 10Gb cards for further testing. So I am happy with Ha...

ffries

I am going to stop investigating as I don't have enough tools to test bandwidth. * My ISP fiber line is offering 2.5Gbit downstream, which is far from 10Gbit. * I am using 2 x 5Gbit USB3 dongles. Testing from one dongle to another shows 3.5 Gbit speed, not 5Gib. * One computer with 10Gb network card...

ffries

I followed the guide for LW3 offloading with the following settings: /ip firewall filter add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes add action=accept chain=forward connection-state=established,related add action=accept chain=forward connection-s...

ffries

Thank you very much for all this information. I enabled fasttrack on the CCR2004-1G-12S+2XS router and L3 hardware offloading on the CRS312-4C+8XG switch. Inter VLAN hardware offloading is working within the same VLANs. I am looking for a simple solution to enable communication from one VLAN to anot...

ffries

If you need 10Gbit/s NAT speed, you must buy at least one CCR1036. True the CCR1036-8G-2S+EM with two SFP+ can make the job. The CCR2004-1G-12S+2XS with tagged and untagged VLANs is far from Mikrotik benchmark: https://mikrotik.com/product/ccr2004_1g_12s_2xs#fndtn-testresults Mikrotik benchmarking ...

ffries

Just a quick note that I am back to a WAN on a VLAN as I wanted to test L3 Hardware acceleration on the switch. The problem is that I am now limited in speed on the WAN: iperf3 -R -p 5204 -c ping.online.net Connecting to host ping.online.net, port 5204 Reverse mode, remote host ping.online.net is se...

ffries

Dear all, My fiber box speed is 2.5gbit download and 700mbit upload. I am using Debian GNU/Linux on my laptop with an embedded 1Gbit network and 5Gbit USB3 dongle. I use a CCR2004-1G-12S+2XS router with a CRS312-4C+8XG switch. All devices are connected to the CRS312 configured as a switch and the CC...

ffries

Working as expected, except for IPSEC client which is broken. I noticed an IPSEC issue during upgrade on the CCR2004-1G-12S+2XS, and I hope that this is the right place to post: IPSEC authentication is broken. I used diff tool to compare /export and it appears that this line was missing on RC5: /ip ...

ffries

It is too late for me to open a ticket but I will keep it in mind for future reference. Thank you all.

ffries

In reply to this post, I migrated WAN to a normal sfp+ port and removed WAN VLAN from the bridge. I could reach 2,5 Mb/s which is the maximum of my fiber provider: iperf3 -R -p 9204 -c paris.testdebit.info Connecting to host paris.testdebit.info, port 9204 Reverse mode, remote host paris.testdebit.i...

ffries

No this is a different topic, here it is about the CCR2004 routing capacity. I am using iperf3 to measure bandwidth (see previous messages in thread). I think figures could be linked of VLAN for WAN. I purchased a Mikrtik sfp+ module for adding the VLAN on a different port. When I connected directly...

ffries

Thank you for your help. You are right, fasttracking is enabled. So why is snat so slow? Is that because I am using a VLAN for output (I need to send TV to another switch). /ip/firewall/connection/print where srcnat Flags: S - SEEN-REPLY; A - ASSURED; C - CONFIRMED; F - FASTTRACK; s - SRCNAT Columns...

ffries

Using multithreading performance ie better, still not fasttrack; Any solution to enable fasttrack? Seems like it does not work with VLANs. iperf3 -P 15 -R -p 9226 -c paris.testdebit.info Connecting to host paris.testdebit.info, port 9226 Reverse mode, remote host paris.testdebit.info is sending [ 5]...

ffries

How's fan speed now under load? I cannot reach high load as I am still stuck at 1Gb/s because of the CCR2004 router not applying fasttrack. The thread for the CCR2004 is in the beginner section as I did not want to migrate to this thread. https://forum.mikrotik.com/viewtopic.php?f=13&t=178055 I...

ffries

Another information to mention is that speedtest on the router itself triggers CPU, not using iperf3 (as written before): This is Mikrotik bandwidth speetest: /tool profile Columns: NAME, USAGE NAME USAGE www 0.5% ethernet 3.5% ntp 0% console 0% ssh 0% networking 68.5% logging 0% management 2.5% bte...

ffries

Thank you very much. I removed eht9 from the non-existant bridge and this make it. Now CPU activity is around 1% /tool profile Columns: NAME, USAGE NAME USAGE console 0.5% ssh 0% networking 0% radv 0% management 0% unclassified 1% total 1.5%

ffries

Run iperf tests through endpoints connected through the switch, not the bandwidth test on the switch itself.

iPerf shouws 600Mb/s output.

Thanks will look into it.

ffries

Dear all, I am starting a new thread. In performance test, the CRS312-4C+8XG cannot switch VLANs faster than 600Mb/s (with 10GB fiber attached) and the CPU reaches 100%. I am aware that I can use H3 offloading, but my CCR2004 can readh 5Gb/s and this is enough for me. This is RouterOS 7.1 rc3. When ...

ffries

Great, I just realize the great possibilities. To make sure I understand, I should not stick to Level2 on the switch rather move to Level3hw routing. There should be a direct cable from switch to the Internet fiber box (this is a home setup). Also, my router becomes useless except for VPN access and...

ffries

Thanks. Unfortunately, L3 HW offloading is not supported on the CCR2004.

ffries

[Edit: please read carefully, I need additional hardware for testing and therefore I stop investigating] Dear all, I am migrating my home network with VLANs to a Mikrotik router and a Mikrotik switch : CCR2004-1G-12S+2XS CRS312-4C+8XG My present setup has isolaged VLANs but some communication is all...

ffries

My setup is nearly complete, for some reason the CCR2004 downloading speed is limited around 1G/s with 10% CPU activity, so there must be a misconfiguration somewhere. IP > Settings show that IPV4 fasttrack is not active. I guess that this is something related to VLANs but I cannot fix it. Any help ...

ffries

Got it. I connected to the 31 usb port and the adapter is now connected with 5Gb/s. Fixed.

ffries

Mikrotik switch displays:

Link Partner Advertising
100M full
1000M full

So this is the problem.

ffries

Dear all, I am running a CRS312-4C+8XG rev2 10Gb switch installed with RouterOS 7 rc3. Works great. Except that I cannot connect with 5Gb USB 3.1 QNAP QNA-UC5G1T adapter. Auto negociation is configured but only 1GB link is detected. I tested other 10Gb switches and it worked, including the CCR2004 w...

ffries

Update:

Dear friends,

I switched to RouterOS and it reduced the fan noise dramatically.
I need a better air flow in the cabinet and new fans and this will be Okay.

Kind regards,
FF

ffries

Thanks. My old 1G switch has two upstream sfp connectors.

I might add a CRS305-1G-4S+IN with sfp direct-attach cable.
Or a CRS309-1G-8S+IN with sfp direct-attach cable.

Could be sufficient.

ffries

Dear all, I purchased a CRS312-4C+8XG-RM 10G switch in replacement of my old switch. It is installed in my living room.. I started with RouterOS and it made no noise. Then I rebooted into swOS. The fans are going crazy. It is like if I were into a server room. I am aware that the CRS312-4C+8XG-RM is...

ffries

Furthermore downloading test with iperf3 need -R for reverse. My ISP router is 2.5Gb/s and is being upgraded to 10Gb/s, so those results are normal: iperf3 -R -p 9225 -c paris.testdebit.info Connecting to host paris.testdebit.info, port 9225 Reverse mode, remote host paris.testdebit.info is sending ...

ffries

I measured NAT speed using Mikrotik speedtest : around 160Gbit/s
Quite and impressing speed indeed compared to my last firewall based on OPNsense.

Seems like I bought the right hardware buying a CCR2004...

ffries

Solved, I feel ashamed : the router speed is limited by my ISP. I am supposed to have 5G/s now and 10G/s later and I only have 600Mb/s. Sorry for the confusion.

ffries

Thank a lot! Please note that WAN is not part of the bridge. Same output, here is my detailed configuration, still far from 10Gb/s. /export # sep/04/2021 19:58:36 by RouterOS 7.1rc2 # software id = L1XN-2BCQ # # model = CCR2004-1G-12S+2XS # serial number = D4F00E00064E /interface bridge add name=bri...

ffries

I don' t see any solution to reach 10Mbit/s routing as per spec.
For sure, I am quite surprised by the lack of hardware offloading of firewall rules and switching.

The router has spf+ interfaces, there must be something that I don't understand.

ffries

Maybe that I should use VLANs to have LAN and WAN on the bridge so I can use switch hardware offloading?
However,

/interface ethernet switch print
Columns: NAME, TYPE, L3-HW-OFFLOADING
# NAME     TYPE              L3-HW-OFFLOADING
0 switch1  Marvell-98PX1012  no

ffries

Thank you. Network pattern : RouterOS 7.x latest, with eth1 network admin spf+ 1 : WAN connected to 2.5 Gb ethernet connector of fiber line (speed is 2.5Gb) spf+ 2 : bridge 10.90.21.254 with one port providing DHCP 10.90.21.x (tested with 1Gb and 5Gb same results). Fiber box providing DNS NAT[/list]...

ffries

Thanks. I am testing the CCR2004 first: Here is my configuration /interface bridge add name=bridge1 /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp ranges=10.90.21.100-10.90.21.200 /ip dhcp-s...

ffries

Thanks. Will test.

One question : I did a simple test in router mode with NAT between a 10Gb LAN and 10Gb WAN and output is only 500Mb/s. What is wrong with NAT?

FF

ffries

Thank you for your answers. All I read is guess, if you don't know I will contact support and ask. Don't tell Putin has access to a Latvian router, Latvia is part of the EU. This is one reason because I am supporting Mikotik : this is a European company and I don't want to invest into foreing produc...

ffries

[Please read carefully. I don't have enough hardware to really test bandwidth, so at some point I stopped investigating. I am very satisfied with Mikrotik hardware]. Dear all, First I would like to thank Mikrotik and the community for these nice products. I purchased a couple of Mikrotik products fo...

ffries

Dear friend,

I am not a specialist, but your topology has one point of failure : the main router.
You could think of redundancy and build direct links between the three networks so that if the main router is dead, the networks are still interconnected.

Kind regards,
French Fries

ffries

Dear all,

Same question here : can I deploy Router OS v7 beta for testing and learning purpose on the CCR2004-1G-12S+2XS ?
I am new to RouterOS and this is a home usage (10Gb Internet fiber).

Thank you,
French Fries

Search found 196 matches