MikroTik

homerouter

Are you sure you use the right cert and your time/clock is right? For me no problem on MT_7.16.2 I use DigiCert Global Root G2 . If using firefox, load the url (https://cloudflare-dns.com/dns-query). Press [Ctrl]+I then Security then Cert and then just get the pem file. (Hadn't seen it was about CRL...

homerouter

Don't understand why v4 should be so different in layout, compared to v3?
For me, ver 3 is just the best. The overview is completely gone in v4, in my opinion.
Maybe it's just me who is too negative, but v4 won't be used until v3 disappears from the MT site.
I use winbox under windows...

homerouter

Maybe i misunderstand you, because all work when using the switch.
Only not working when connecting to MT in 2 hardware port. Both port is member on the switch chip in MT, so why is that a problem when it work on a simple switch?

homerouter

I have some Sonos units, only one is hard wire connected to the net, so Sonos build it's own mesh net. All running ok. -- If i hard wire two Sonos unit, in a simple L2 switch all is still ok. If i hard wire two Sonos init in two ports in the MT then all problem start. I have seen a lot with the same...

homerouter

Anyone using Eufy HomeBox380? I wonder why the Homebox380(HB3) is using multiple ip? I made a test where it only use MAC and not client id, that's not worked... Maybe it use the client id on there own server to know the connections... It all work, but i don't like it ask for new ip on the same MAC, ...

homerouter

Removed...

homerouter

Roadmap for ROS?
What decides when a version is finished to be releases? -OR when it is time to start a new one, e.g. from 7.14.3 to V7.15.x to 7.16.x
Sorry, for me it looks mostly random?

homerouter

homerouter

homerouter

Cant load a rsc script after updating to 7.14.3. I use my test HEX router! I have a running 7.13.5 with a lot config. I made a normal firmware update to version 7.14.3. All is ok. Then i use system->resetconfig and point the "run after reset" to my version7 script file. After pressing &quo...

homerouter

I've tried with DigiCertGlobalRootCA and DigiCertGlobalRootG2 but without success Then you do something wrong. Goto: https://security.cloudflare-dns.com/dns-query In firefox press [CTRL]+i -> Security -> View cert. All of them can be found here too: https://www.digicert.com/kb/digicert-root-certifi...

homerouter

What i dont understand is today problem is back. They again changed the root cert, now back to the DigiCertGlobalRootG2. I see they also use the cert ISRG Root X2 from https://letsencrypt.org/certificates/ for now they change between so many cert: DigiCertGlobalRootCA DigiCertGlobalRootG2 DigiCertGl...

homerouter

cloudflare-dns SSL cert error. -They have changed the root cert? After many month with no DNS problem, this morning i have a lot DoH SSL errror, it started about 02:17 UTC+1 DoH server connection error SSL: ssl: no trusted CA certificate found (6) It i check the cert at https://security.cloudflare-d...

homerouter

MT Image is ok, it is all up to the config on the VMWare. I have 5 to 7 sec boot time.
viewtopic.php?t=196320#p1060334

homerouter

Now all work nice and fast for me on a Intel i7 CPU & AMD Ryzen 7 VMWare Workstation PRO 17.5.1 Boot time MT CHR 7.14 max 5 second. For me all problem was the CPU and Windows the VmWare is running at, and some setting on the MT image. I have mixed WIN_10&11 new and old core i7, and a new AMD...

homerouter

I have the same problem.

VMware Workstation PRO, 17.5.1 -> From start to a login prompt about 1 minutes.
VBox 6.x, About 4-6 second.

I tested both ROS 6.x and 7.x both as OVA and VMDK and I tested most combination i can think, so slow.

Any progress?

homerouter

-My HEX running 7.13.3 for 14 days, then i made update to 7.13.4 two days ago, and today to 7.13.5. All work without any problem. Maybe not the biggest config, but 4 vlan, WG, and 45 fw rules... -The first install was with netinstall from ROS v6 to ROS 7.13.3. Not updated from any ROS 6 or ROS 7.12....

homerouter

Certificate download can be little difficult. What i do: Disable my local firewall like Kaspersky or what you use, it can filter out all script and more... I Use Firefox, open: https://security.cloudflare-dns.com/dns-query Perss CTRL+I->Security->View Certificate Download the pem of the " DigiC...

homerouter

What is this:

bridge - avoid per-VLAN host flushing on HW offloaded bridge (introduced in v7.13)

homerouter

Reset button on a HEX only reset the password. Information from the wiki: Old wiki:https://wiki.mikrotik.com/wiki/Manual:Reset New wiki:https://help.mikrotik.com/docs/display/ROS/Reset+Button This if a copy from the wiki: 1) Headline say: RouterOS password can only be reset by reinstalling the route...

homerouter

homerouter

viewtopic.php?p=1053509#p1053509

homerouter

Anyone use Philips hue bridge with two VLAN? I planing to get Philips hue bridge, it must be placed in my IoT VLAN, and the mobile in another VLAN. Is it just firewall things, or will it need special function like mDNS packets repeater, if then i don't want it in my network:-) At the moment i don't ...

homerouter

After looking in the detailed log i setup, i think the problem is delay or problem in the quad9 server. I only think it, because the logging give no clear indication on the error. For to do something, i changed to cloudflare for testing, and imported the cert and set it all up. After running more th...

homerouter

May i kindly suggest reading a little, helped me so much: Using RouterOS to VLAN your network: https://forum.mikrotik.com/viewtopic.php?t=143620 RouterOS bridge mysteries explained: https://forum.mikrotik.com/viewtopic.php?t=173692 If you want to play without too many wire, use a VMBox and a Cloud H...

homerouter

DoH with Quad9 and syslog err. Running ROS 6.49.6 and it real stable, for now 400 days without any reboot, 4 VLAN and a lot behind. ROS_Uptime.jpg Only thing i can't figure is this: Some days the log show 1 or 2 error, other days 30 error, and other days 0 error. There are different errors, some of ...

homerouter

Anyone tested the new L009? Or compared it to a Hex? https://mikrotik.com/product/l009uigs_rm https://mikrotik.com/product/RB750Gr3 The Hex have 2 core at 880Mhz, the L009 have 2 core at 800Mhz When looking at the test result only with no fw rules it is faster. I can see it have some nice features c...

homerouter

As a simple workaround for not to install ROS 7.x for now at our production router, i have done this. I made some testing with WireGuard in a small mAP lite running ROS:7.6 and some "Cloud Hosted Router" in VirtualBox. After a lot testing i connected the small mAP lite to our MT main route...

homerouter

Is ROS:7.6 ready for real production work? I use ROS 6.49.6 and it have worked without reboot for 93 days, 4VLAN in a office setup with 6 users. I have tested wireguard in ROS:7.6 and it work nice, and then i see ovpn have UDP in ROS:7.6 too (only TCP in ROS:6.49.6). In the forum https://forum.mikro...

homerouter

Same problem here, ROS always show it color red in the winbox certificate->CRL.
I can use "tool fetch" and get it to the file-manager. When it is in the file-manager what to do next?

homerouter

I dont need L2 transparency.

homerouter

Best if I just tell what it will be used for. Site 2 is some computers(servers) connected to a MT. They have internet access. Site 2 connect to site 1. Then site 1 can access all the IP at site 2. So i just need site 2 connecting to site 1, to some IP i can manage in the fire wall. Site 1 have 4 VLA...

homerouter

Dial/Client in VPN to VLAN Both site 1 & 2 use MT devices. When client connect from site 2 to Site 1 it must be assigned to a VLAN. My first idea was EOIP but as Site 2 wont accept any direct incoming traffic it wont work, right? Site 2 must start the traffic for it all can work. Site 1 This sit...

homerouter

Firewall, blocking host testing the same port many times? I use the "psd" it work nice, but i miss a option: The param "WeightThreshold": ->total weight of the latest TCP/UDP packets with <different destination ports> coming from the same host to be treated as port scan sequence ...

homerouter

Thanks for the nice suggestion.
I find this light and nice for my needs:
https://github.com/MaxBelkov/visualsyslog

homerouter

Looking for a free syslog server. Just a simple but working one. I have tested Kiwi from SolarWinds dont like it.
Must run at windows.

homerouter

Just to inform it is now running, thanks for hints and help. Now i have used my EAP245 for about 3 weeks, it is so nice. It cover my house with 3 floor without dead spot, placed about the middle in the house. It supply me with 4 SSID/VLAN in both 2G/5G. I use the management VLAN too, all run just ou...

homerouter

Yes i have read the link posted, but still see any problem in doing as i do in the first setup i running. As in the next setup i isolated the WAN port in then MT as p1. Still i dont see any main difference when using the firewall as i show in ex1 and want to reuse in ex2 -Now to my question, what is...

homerouter

All physical interfaces (except WAN) are contained within one bridge, why? https://forum.mikrotik.com/viewtopic.php?t=143620#p706997 ex1:***I have this working setup*** WAN ....|5.x.x.x ---+--- WAN_Router ---+--- |192.168.10.1/24 + | p1|192.168.10.5/24 ---+--- MT Router ---+--- |||| p2..p5 4xTrunk A...

homerouter

DHCP lease time and firewall? I have some units there are set as DHCP. After they show up in MT "DHCP leases" i change them to static. Then i edit the entry to have an ip out of the DHCP range, all is ok, they get the IP assigned. Now in the firewall i have NO "confirm rules" for...

homerouter

Yes, you are using "in" wrong.
But there is a bug with "contains". We will fix that

Still not working in 3.36...

homerouter

I tested IGMP it work for Sonos, but not for Chromecast. So as many all ready have written, it's all about mDNS...

@holvoetn, for me too:-)

It was because of remove 6 mobile phone from the more secure VLAN i moved them, most important it work:-) for now they are moved back again.

homerouter

Chromecast and VLAN (yes one more time)

Mobile-phone are at VLAN_x, and Chromecast at VLAN_y. The problem is, Mobile-phone can't stream...

I have Sonos working nice, and my Chromecast is connected like Sonos.

->Anyone have VLAN and Chromecast working with MT router?

homerouter

@anav Thanks:-) At the moment my EAP245_V3 is at the postal office, must wait there until next weekend:-) The EAP245 will replace 3 pcs. MT mAP-Lite, and one ASUS 5GHz AP. All will be done by the EAP245, if there is any dead spot i will mount one more EAP245 at the basement. I have my 4 VLAN running...

homerouter

I will give it a try. Thanks:-)

homerouter

Thanks for the hints! The reason i want the TP is for now i use 3 small mAP-Lite, but the output is not so nice... Therefore i will try one TP AP. I have not the TP AP, so don't know anything about it. But i can see i can assign VLAN as you describe to the management IP. But then i have a new questi...

homerouter

Mikrotik to a TP-Link EAP660 HD, multi SSID map to VLAN I have MT router Working at the moment with a mAP-Lite... Switch with Trunk port TP EAP660 HD -- Connection: MT port2 is a Trunk->SW port1 as Trunk TP EAP660 HD->SW port 2 as Trunk But: The TP only map the SSID to VLAN. What about the managemen...

homerouter

@sindy Thanks:-)

homerouter

I dont use it for now, i set all up manually.

My q. was, is it possible to only use it for updating SSID, Channels, and so on wifi stuff?

homerouter

As talking speed it is ok wifi 25/25Mbit and the hex750r3 to internet 250/250Mbit. And between vlan with 3 streams, 750/750Mbit. Removed all not important. # jan/31/2022 17:18:46 by RouterOS 6.49.2 /interface bridge add name=bridge1 vlan-filtering=yes /interface vlan add interface=bridge1 name=vlan-...

homerouter

CAPsMAN confusing... At the moment i have 5 mAPLite, all set manual up vlan, ip, wlan and so on, they are connected to my MT router's trunk. MT router handle it all firewall, DHCP... Can the CAPsMAN be set to only handle wifi stuff like SSID, channel, encryption... If so how? Last time i used CAPsMA...

homerouter

On Win7 it crash every time it is closed.
Working for me on win10 without problem.
I reported it in the release thread for w3.32.

homerouter

Why do you all just auto reply, read what i wrote, yes.
I reconfigured it all to not use it. But maybe i need a new thread.
viewtopic.php?p=904827#p906753

homerouter

No capsman, therefore.

homerouter

# jan/19/2022 17:19:57 by RouterOS 6.49.2 # model = RBmAPL-2nD # # ether1 is connected to MT router with trunk for vlan_10,20,30 # vlan_10 is trusted and the ip at ether1 # mAP is only a wifi AP nothing else, all is done in the MT. /interface bridge add name=bridge1 vlan-filtering=yes /interface wi...

homerouter

Simple, no I did not think so.

-All fw rules are in the main router which is also my capsman.
- 1 trunk (3 dif. vlan) wire is connected to the cap.

The cap need to have a basic configuration, but which one?

homerouter

CAPsMAN or Not Have not tested it, will try to understand it first. -7 AP need to be setup as simple as possible. -I have a working MT main router with all configuration, CAPsMAN, vlan and trunk. -CAP it booted in CAP_Mode and connected to the trunk on the main MT router. But I dont understand how t...

homerouter

Need to ask this:
I have no firewall accept to allow DHCP, and when using log tools "Torch" at the VLAN i see this, (look picture). But nothing in the fw?
Computer get nice ip. DHCP is part of the firewall input chain, right? or is it Layer2, if so how to handle that in the fw?

homerouter

Network drawing program, what are you using?

For now i use the online draw.io same as app.diagrams.net, newer liked it:-(
Or just my pencil:-)

Looking for a free and light one, windows or online without any account.

homerouter

RB750Gr3 not so fast but cheap, what other cheap one to select? -I need this: 5 port, 600-800Mbit between VLAN. I looked at https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features for to find a cheap and faster router, but confused. VLAN in the RB750Gr3 is about 310-350Mbit, and CPU load about 99...

homerouter

Maybe i need to explain why i use the ASUS. For me it is solid working SoHo out off the box routers. -ASUS patch broken things fast, and release security patch too. -There are a 4G fail-over, and it work. -There are AiProtection by Trend Micro https://www.asus.com/Content/AiProtection . It work out ...

homerouter

For now the MT router is up and running as expected. One more time thanks for all the hints, and help :) But... Is it normal that speed between two VLAN is about 310-350Mbit, and CPU load about 99% at one core (RB750Gr3). Test is done in mimimal setup, no fw roules. Test is with cat6 cable, directly...

homerouter

The switch is just a normal networks switch. It just serve as illustration for the 25 client, some are connected with other switch. Main reason for MT router is to get WIFI in all places, and segmentation for some users. For now we want the ASUS as the main router for 192.168.10.0/24. And therefore ...

homerouter

This simple drawing show what i want. It is only a drawing not a real network layout. The 192.168.10.0 is the main segment and the DHCP i in ASUS. The MT must connect to ASUS and have the VLAN 10,20,30. VLAN_10 is the same segment as in ASUS, and all client get ip from ASUS. The MT do all the rest V...

homerouter

My main router is connected to the big www. It also handle 192.168.10.0/24 for DHCP and DNS. It will be connected to the MT router in the untagged port 1. On the MT router normally the WAN port is served with a DHCP client. In my case it will be assigned a static ip as 192.168.10.4/24 and have a DHC...

homerouter

Thank you both:-)
You have pointed me in the right direction.
I actually have an extra router, and some AP.
Now I will try to set it up, and test in a closed environment.

I will return for sure when I hit a wall.

homerouter

If making VLAN will you the use the trunk port to connect to the AP, If not i cant understand it?
What will it change if using VLAN according to the 3 segment, the ip must be routed...?
Maybe give an overview so i get what you mean:-)

homerouter

For now there are 3 segments and 3 SSID in the wireless AP. In the fw chain there are about 25 rules in the AP, to allow/deny traffic between segment. All are using the default gw to the main router, and there are static routes in the main router, so no double NAT. -When extending to 5 or 7 AP i wan...

homerouter

Handling all firewall(fw) rules in the routers for multiple access point(AP), some wireless and some wired. For now i only have 1 router and 1 wireless AP. So i have fw rules in both, this is a mess when expanding to 7 AP. There are 3 segment's in both, and they are not running VLAN. How to handle a...

homerouter

Thanks:-)

Static routes add in the main router, and removed the masquerade in the mAP.

homerouter

AP to existing network with segmentation... Router_1 existing one (ASUS). Wan_port: Public static IP/Internet LAN seg_10 with DHCP hand out. --- At the end i want this: 192.168.10.x: Trusted segment (seg_10) 192.168.20.x: Untrusted segment (seg_20) --- New add on: Mikrotik mAP Lite --- I need 2 wifi...

homerouter

When looking at the wiki for the mAP Lite, nothing on how to boot with a enabled RJ45 or capaman. https://help.mikrotik.com/docs/display/UM/mAP+lite Then i used some hour to find a solution to get access by the RJ45 cable, but nothing. Until i googled it, then this nice information from 2017 came up...

homerouter

On Windows_7, Winbox 3.32 still crash on close.

homerouter

VLAN out of the box, or? Worked with another router for long time, "Edge router" where configuration is simple. I now used some time with the RB750Gr3 ( MT7621 ) router and Winbox. Have read so much about the configuration and hardware in the router. The https://wiki.mikrotik.com and forum...

Search found 74 matches