MikroTik

S8T8

Don't know if related, I have an RB4001 and hAP ac2 network, with VLAN used to isolate main LAN and IoT, having mDNS enabled is working, printer is able to be discovered from the isolate LAN. Another network with RB5009 and hAP ax2 configured in a similar way but with CAPsMAN, also with mDNS enabled...

S8T8

@MT Staff, could you please update documentation about channel.reselect-time parameter?
And how is working with channel.reselect-interval .

S8T8

Thanks @Amm0! I've already bookmarked your post but I was not able to understand/adopt to my situation where interfaces and VLANs are already set up. One other thing I wasn't able to achieve (but is OT) is adding interface list as /interface bridge vlan tagged and removing ethernet interface already...

S8T8

Dear experts, in the recent version v7.17, MikroTik introduced the :range function, which combined with the ability to use interface list, can improve the VLAN creation process. I'm currently trying to add multiple interfaces as list members (/interface list member add interface=ether1,ether2... lis...

S8T8

Got an answer from support, basically for a common use case, the 'lo' interface shouldn't need to be allowed in Firewall RAW and Filter, so the logs reported in my first post are considered “errors.”

S8T8

Thanks @CGGXANNX and @rextended for providing useful info, in my case I had to increase ethernet MTU to 1508 to establish the connection via PPPoE with 1500 MTU without VLAN.
Will try again what was suggested on another network.

S8T8

This topic has some useful info:
viewtopic.php?t=203659#p1054298

S8T8

Is possible to have a list of know issues with the latest v7.18.2 release? Increase in latency spikes is confirmed? Don't know if this is possible but for low memory devices with USB port, connecting small USB drive could be used to extend main flash drive? Should be nice to have an option to format...

S8T8

Hello sir. @rextended, thanks for the explanation, just found some notes from the last time I was able to obtain actual-mtu=1500 from ISP PPPoE using max-mtu=auto / max-mru=auto, and was using: /interface vlan add interface=ether1 mtu=1512 name=ISP-VLAN vlan-id=100 /interface ethernet set [ find def...

S8T8

OT:
how to obtain PPPoE baby jumbo frames with VLAN (if supported by ISP)?
Ethernet MTU=1508 and VLAN MTU=1504?

S8T8

Avoid this command in this version, your device will crashed and put the device on boot loop.

/queue/type/remove [find default =no]

Can confirm, couple weeks ago my RB4001 crashed with /queue/type/remove [find], I had to reset it due to a boot loop.

S8T8

Hello, enabling FastTrack is possible in both firewall Filter and Mangle, but according to the help documentation, in Mangle doesn’t seem to be effective: action=fasttrack-connection - shows fasttrack counters, useful for statistics If it works, is there any advantage in moving FastTrack to Mangle? ...

S8T8

channel.reselect-time=01:00 can be used in conjunction with reselect-interval=7d to scan channels at 1am every 7days?

Shortest changelog of beta, means quality and stable update? :)

S8T8

*) wifi - implement steering parameters to delay probe responses to clients in the 2.4GHz band

How does 2g-probe-delay practically work and when should be used?

S8T8

Hello,
is Beamforming supported by new Wi-Fi devices?

Thanks!

S8T8

From a recent test, yes still single core.
Waiting for hardware offload...

S8T8

Here is the Firewall RAW config: /ip firewall raw add action=accept chain=prerouting comment="defconf: accept DHCP discover" dst-address=255.255.255.255 dst-port=67 in-interface-list=VLAN protocol=udp src-address=0.0.0.0 src-port=68 # add action=drop chain=prerouting comment="defconf:...

S8T8

Thanks for the interesting link @holvoetn,
even if allowed the lo interface in input, will be dropped in raw,
lo is not using only 127.0.0.1 as reported by logs.

S8T8

Hello, as the title suggests, my firewall is configured based on the Help pages https://help.mikrotik.com/docs/spaces/ROS/pages/328513/Building+Advanced+Firewall#BuildingAdvancedFirewall-IPv4RAWRules , the rule add action=drop chain=prerouting comment="defconf: drop the rest" in Raw and In...

S8T8

Is anyone using cake-overhead-scheme with PPPoE and VLAN to the WAN or Bridge interface in Queue-Tree?

S8T8

Hope this could be useful:
viewtopic.php?p=1095429#p1095429

As always, thanks to the precise and detailed contribution from @Amm0

S8T8

Due to "keep this discussion related to 7.17" and the fact that this post will be locked soon, a moderator could please open new topic and move all the messages related to DHCP / IGMP Snooping? Would be nice to have a clear statement from @MT Staff like sometimes @raimondsp does, what is a...

S8T8

Thanks sir.
This is useful also in case of non-public domains like domain=home.arpa ?

S8T8

Hello all, how this is working? Is DHCP-Option 15? /ip dhcp-server network set [find] domain="internal" I would like to ping " device hostname ".domain without adding as DNS Static. Not sure if Domain= should be the router (eg.: router.lan) or the local domain (like .internal / ....

S8T8

As mentioned in the title, I have 3 different setups; 1) hAP ax3 as all-in-one router & Wi-Fi access point 2) RB4011 as router + hAP ac3 Wi-Fi access point 3) RB5009 as router + hAP ax2 Wi-Fi access point, managed by CAPsMAN Configs are very similar, for similar I mean copy-paste, 3 VLANs (LAN, ...

S8T8

Following all the v7.17 topics, between various complaints, it's not clear what are the know issues. Couple release ago we had an improvement in the changelog, a step further would be nice, as example take a look at TrueNAS or Uptime-Kuma release notes. https://www.truenas.com/docs/core/13.0/getting...

S8T8

This is a game-changer

*) wifi - added multi-passphrase (PPSK) support (CLI only);

S8T8

*) console - added "about" filters for "find" and "print where" commands;

Hello, could someone explain where we can find or print about?

S8T8

Impressive! MikroTik should value contributions from the experts more. Read a couple of times, well explained and comprehensive as always @Amm0! I did some tests, Mangle Rules are very useful to see which WAN is being used, trying to complete marks with chain input and output from / to LAN (but not ...

S8T8

I would be interested in reading a comment from the expert @mrz about the last @sindy's post.

S8T8

Thanks again @rextended, you're so clever!
I wasn't that good integrating what I was trying to achieve, in the end, using :if ($WANif=WAN1) do= else=, I got a variable of WAN1IP WAN1=100.10.20.40 which is fine, it's just for hobby.

MikroTik community owe you a lot!

S8T8

Right, it was not very accurate... 1) In the DHCP up script I get the interface and address + create a global variable: :local WANif [/interface get $"interface" name] :local WANip [:tostr $"lease-address"] [:parse ":global $WANif $WANip"] <- THANKS to REXTENDED for thi...

S8T8

Dear experts, sorry, I'm very very poor knowledge of scripting... I was able to add my IP in a global variable, like: :global WAN1 "100.10.20.40" :global WAN2 "100.10.20.50" it would be nice to achieve something like: :log info "WAN1 IP is 100.10.20.40 and WAN2 IP is 100.10....

S8T8

I'll go over the case from the first post one more time, based on this example (it might sound silly, but it's for learning purposes): add comment=WAN1 dst-address=1.1.1.1 gateway=ether1 scope=10 add comment=WAN1 dst-address=9.9.9.9 gateway=ether1 scope=10 add comment=WAN2 dst-address=8.8.8.8 gatewa...

S8T8

It would be interesting to read what @mrz thinks about the last @sindy's post

S8T8

Hello experts,
as per title, could someone explain the difference and suggest when using / and when : ?
Thanks!

S8T8

Yes, if a better channel is found, channel switch announcment will be sent, and clients will be disconnected. 6h..8h means that in random interval after 6, but before 8 hours, reselect.interval will perform a background scan to evaluate if there is a better channel available. ... If anyone is inter...

S8T8

Thanks @Amm0, your responses are always so clear and full of great information!

S8T8

What I'm still trying to figure is, if using clamp-to-pmtu to an interface list, every packet/connection is reduced to the appropriate MTU? Let's say we have a main WireGuard client (as server) connected to other WireGuard clients (router or PC) having different MTU values, this roule fits all? /ip ...

S8T8

This is an interesting question for MT developers to answer... Looking between notes to find where " where " could be useful and where not, I discovered: /ip arp remove [find !complete] -> NOT WORKING | /ip arp remove [find where !complete] -> WORKING /ip firewall connection print (timeout...

S8T8

HI @sindy, the result of your test is the same using find or find where? I'm trying to understand the difference between the find and find where commands, recently came across an old discussion (can't find the link right now) that suggested find is used for single results, like: find name=ether1 whi...

S8T8

Hello all,
with the new Wi-Fi drivers we have two options, antenna-gain and tx-power .
The first one seems to be self explanatory and antenna-gain=3 will lower the antenna gain,
second one tx-power=10 will limit to 10dBm the device, no matter if this is an hAP ac2 or hAP ax3.

Is this correct?

S8T8

Thanks @mrz, for using easy words, first case: Wireguard used on MT router on one side, PC client on other side, the hop with PMTU blocked could be between the PC and the router. second case: Wireguard used on both MT routers as site-to-site. Sounds good examples? clamp-to-pmtu is reducing MTU for e...

S8T8

Hello all, searched online first but couldn't find much besides old discussions about v6 and unanswered topics like: https://forum.mikrotik.com/viewtopic.php?t=116167 I've seen some recommendations that suggest lowering TCP MSS, especially for VPNs like WireGuard that can't handle PMTU; Proton examp...

S8T8

I use /routing/rule and additional routing table called "ecmp" that does load balance, so the "main" routing table is just using failover - which allow assigning some clients to load balancing or be directed to a specific WAN using /routing/rules. See https://forum.mikrotik.com/...

S8T8

If you don't explicitly configure reselect-interval no automatic rescan will take place, unless interface goes down - CAP-CAPsMAN communication was interrupted, restart, etc. Reselect-interval uses a background scan. Thanks @Guntis, so to make more clearer; - using !reselect-interval no automatic r...

S8T8

@Guntis, should be nice to have a detailed explanation like the last one, also for reselect-interval I have some questions on how the reselect-interval works? Me too, also with the default !reselect-interval channels are not scanned? Stil no answer to SUP-155649 asking to provide extra info about th...

S8T8

anav is very knowledge, but try also:

/interface wireguard set [find] mtu=1400
/ip firewall mangle add action=change-mss chain=forward new-mss=1360 out-interface=WireGuard protocol=tcp tcp-flags=syn tcp-mss=1361-65535

S8T8

Is your WAN MTU 1500 on both sites?
https://www.speedguide.net/analyzer.php

S8T8

So interesting, nice to see @Amm0 stepping in. @Amm0, based in your comment from 7.16beta topic, are you using ECMP via different WANs without mangle rules? I probably understood 40% from the more technical posts, is correct to assume that using ECMP (same distance for 0.0.0.0/0 routes), it doesn't ...

S8T8

Hi, can you do an MTU test using your main WAN?
Your ISP is using PPPoE? IPv6?

S8T8

Writing in non-native language has it limits. Curiosity was to understand if, when setting different distance for the two "canary" addresses is enough and when first service is down, second route with increased distance is efficient to provide traffic continuity, or load-balancing the two ...

S8T8

So it is no background operation. May be different on AX hardware though.

This should be a good thing, right?
Please confirm that clients are not disconnected during scan.

Should be nice to have some indications about recommended values too.

S8T8

@stich86, any answer in SUP-123458 ?

S8T8

I have some questions on how the reselect-interval works? Me too, also with the default !reselect-interval channels are not scanned? Stil no answer to SUP-155649 asking to provide extra info about this feature. You can read some advices: https://forum.mikrotik.com/search.php?keywords=reselect-inter...

S8T8

Thanks @sindy, a side question was, if using ECMP, in this case is more CPU consuming and if there is any difference in case (using this example) 1.1.1.1 is not available. I did some basic tests changing distance=2 for 9.9.9.9 and increasing to 3 for 8.8.8.8 but didn't find any difference in WAN1 av...

S8T8

@anav, this was the question for you experts

S8T8

Dear experts, I read many interesting posts about recursive routes, first of all thanks to anyone who contributed investing his time to share experiences and help many who couldn't learn networking. A basic example edited from @sindy's post: add comment=WAN1 dst-address=1.1.1.1 gateway=ether1 scope=...

S8T8

From v7.15 the "sanitize-names" option was implemented, there is or will be an option to :convert to/transform=sanitize-names ?

S8T8

Hello experts,
have you applied flow-control=on / auto to WAN port?
As far I understood, it's useful with asymmetric uplink, correct?
Does it interfere with CAKE QoS algorithm?

Thanks!

S8T8

Sir @anav is always right, amen! @Larsa, yeah it sounds strange but I have added CAKE to the WAN interface that is "eating" most the single core + GRE interface + IPSec (AES-256-CBC + SHA256 still Hardware Offloaded) + route & routing rule + lower MTU... CPU power is reaching it's limi...

S8T8

From v7.15 the "sanitize-names" option was implemented, there is or will be an option to :convert to/transform=sanitize-names ?

S8T8

I spent some time testing 3 alternatives, - EoIP, MTU 1500, interface added to the Bridge, not sure if interface should be considered edge=no / point-to-point=yes but the interface became "root port", for me was the slowest solution. - GRE, MTU 1418, speedtest is around 50Mbps Down / 60Mbp...

S8T8

Thanks to all!
@anav, WireGuard to me was much harder to config than EoIP for example, IPSec is just a password typed, super easy.
By the way as soon IPsec is enabled to EoIP/GRE/IPIP, MTU is lowered again and performance are like WG, good enough for me.

S8T8

Hi anav, why WireGuard?
AFAIK it has higher MTU overhead and is not hardware offload

S8T8

Dear experts, asking for advice on different VPN styles, I'm using two hAP ac3 configured in the same way (basic config) with VLANs, one at my house and one at parent's, there is a shared NAS to reach. Until now I tested EoIP, GRE, IPIPI, WireGuard, ZeroTier but open to any alternative to try, conne...

S8T8

Hi, not an expert but I'm trying to achieve something similar; I have two hAP ac3 with 3 VLANs configured at the same way (also same internal addresses), one at my house one at parent's, there is a shared NAS to reach. Wireguard is configured, with my PC I have access using the app, I would like to ...

S8T8

Sir @rextended, regexp="(^|\\.)mydevice(\$|\\.)" was ment to match "mydevice", "mydevice.local", "test.mydevice.net" due to macOS not matching mydevice from Finder or Terminal.
If you have a better suggestion, your contribution is always appreciated

S8T8

I'm using

 regexp="(^|\\.)example(\$|\\.)"

to match: example, example.com test.example.com but not sure if correct.

S8T8

I agree, commands like :error, :quit, :return are valid and it should not produce such error in log.

@optio @eworm, what is now the correct way to terminate a script without an error in the log?

S8T8

After many weeks of testing with different wireless devices and reading (+ testing) all the 7.15.X changelog, v7.14.3 was promoted as very stable for me, despite some "nice to have" features and no relevant fixes (for my use case) of latest release, I suggest to skip. v7.16beta seems nice ...

S8T8

Has anyone discovered how this works?

*) console - added option to get "about" value (dynamically created text field by RouterOS services like CAPsMAN);

EDIT:
Thanks @infabo, "about" is not available in v7.14, your guess is right

/interface wifi get about

S8T8

OT: @Amm0, have you connected two remote locations using EoIP with interface added to the Bridge (and eventually VLAN ID), or assigning an Address to EoIP and adding routing rule? MTU? Mangle rules? If you prefer I can be more specific with the question posting in https://forum.mikrotik.com/viewtopi...

S8T8

UP! Waiting for this to be implemented...

S8T8

I'm aware of the recent change to the LTE interface queue for some devices, waiting an official reply from support.

S8T8

Sorry @Larsa for asking again,
do you know if using /queue interface set ether1 queue=fq-codel is "doing something" or it's like having only-hardware-queue?

S8T8

OK so, BQL is missing and maybe will be implemented in the future, FQ_Codel needs BQL, this means that using FQ_Codel in queue simple or queue tree is working not in interface queue?
/queue interface set ether1 queue=fq-codel

S8T8

I'm curious too... Investing an huge amount of time on it, by the way configurations are 100% identical between standalone AP and CAPsMAN, same channels too. Could you please help me posting the results of ping from your computer to some wireless devices? EDIT: configurations are not 100% specular, ...

S8T8

Hi, I will try this. I believe I can reproduce this. edit : not my case, I don't use CODEL, with ros 7.13.5 no packet loss, with 7.15 can be easily up to 20% with small packet size Experiencing latency increase caused probably by the use of CAPsMAN: https://forum.mikrotik.com/viewtopic.php?p=107926...

S8T8

UPDATE: pseudobridge (wifi client against capsman APs) on Metal 2SHPn and RBmAP2nD still high packet loss, since ros 7.14.x @rushlife noticed a similar behavior using CAPsMAN, so I tried to enable CAPsMAN again without using FQ-Codel, monitoring 1.1.1.1 latency spikes are back: https://i.imgur.com/6...

S8T8

This is the queue I was using: /queue type set [find where name=ethernet-default] fq-codel-ecn=yes fq-codel-limit=1024 fq-codel-quantum=1514 kind=fq-codel /queue type set [find where name=wireless-default] fq-codel-ecn=yes fq-codel-limit=1024 fq-codel-quantum=1514 kind=fq-codel Today at 7 PM FQ-Code...

S8T8

Hi @rushlife, is packet loss a common problem with 7.15/7.15?
I'm experiencing a similar issue, mine seems to be related to Queue ( viewtopic.php?t=208197 ), did you try some changes to wifi config?

S8T8

Dear MikroTik enthusiasts, I've switched from working device with ISP router + TP-Link switch unmanaged + TP-Link APs to all MikroTik RB5009 + CRS328 + hAP ax2. After months of reading the knowledge base and many informative forum posts, I was able to set-up PPPoE, VLAN, Firewall and some tweeks lik...

S8T8

Will this ever be implemented?

S8T8

Maximum link distance in kilometers, needs to be set for long-range outdoor links. The value should reflect the distance to the AP or station that is furthest from the device. Unconfigured value allows usage of 3KM links.

setting configuration.distance=1 will improve anything for indoor devices?

S8T8

Guys, we have rights to complain but I doubt they will revert the change and allow spaces in identity.
So, what are the characters not allowed?
Any suggestion to fix the identity name in scripts or get the edited backup file name created by the system?

S8T8

common sense would dictate not to use special chars in filenames... Sir mrz, for who that is not an expert like you, but learned using MikroTik devices from time to time (sorry not all your users are PRO), could you please spend few minutes writing a clear statement like " attention this versi...

S8T8

" replace reserved characters... " should be marked as Bold or at least ! Could someone please confirm if those are special characters not allowed? https://engineering.purdue.edu/ECN/Support/KB/Docs/ReservedCharactersIn ; Command separator & Background execution ( ) Command grouping | ...

S8T8

... /routing pimsm instance add name="PIM-SM" disabled=no [+ Bridge set multicast-querier=no] /routing pimsm interface-template add instance="PIM-SM" interfaces=LAN-VLAN,IoT-VLAN source-addresses=10.0.3.60 are those two lines of code enough to find the printer connected in IoT-VL...

S8T8

Hi DarkNate, I tested your suggestion about PIM-SM but was not working with printers, Chomecast, etc…
Support said that we need multicast repeater (will paste their answer if needed).
It should work for you?

S8T8

since 7.13 not 7.13.5

S8T8

It would be nice to know what's new in 7.14rc4 from 7.13.5, any chance to know it before the stable release?
Thanks

S8T8

Let us know what official support says at least for RB4011. Both methods are correct. You can use a single bridge that spans across both switch chips. Packet forwarding within a single switch will use switch forwarding, but packet forwarding across both switches will use CPU. In case vlan-filtering...

S8T8

Hi @erlinden, it's an interesting topic and I want to share some researches; I have a very basic topology, Router -> Switch -> APs, Router and Switch are connected via Trunk ports trough DAC 10G and Ethernet 1G (disabled, at the moment). From: https://help.mikrotik.com/docs/display/ROS/Bridging+and+...

S8T8

Yes sir. DarkNate, I trust you more than me :) This is an RB4011, currently I can't show you that ports were hardware offloaded due to testing dhcp/igmp snooping enabled; /interface bridge add dhcp-snooping=yes frame-types=admit-only-vlan-tagged igmp-snooping=yes igmp-version=3 mld-version=2 name=Br...

S8T8

@DarkNate, I could have misread and I don't even have 0,1% of your knowledge, the note you posted seems to be for "Other devices with a built-in switch chip" (VLANs configured on the switch). I was one that reported bug on the RB4011 in v7.8 for devices with 2 switches and hardware offload...

S8T8

@andriys, I was interested in testing suggestion by @whatever about connect-priority=0/1 but I wonder how this affect connect-group and security (this was implemented to prevent MacStealer attack), connect-priority=0/1 should allow duplicate MAC addresses to be connected at the same time.

S8T8

Thanks sir pe1chl, it was a test for learning, will ask to support why edge=no is not working.

S8T8

Doing some tests following the suggestions by @ pe1chl and noticed that, setting edge=no on Trunk port connected to CRS326 switch with RSTP enable or WiFi devices are unable to get IP form DHCP, is this expected when using edge=no in a port that is connected to another bridge (MT Switch)? no-discove...

S8T8

Thank you Edge port should be no when directly connected to a xSTP Bridge, like a Trunk port to Switch or Wireless mode=station-bridge. Point-to-Point is less clear, should be set to yes for any directly connected ethernet port with xSTP or non xSTP enabled and Wireless mode=station-bridge with xSTP...

S8T8

Indeed, protocol-mode=none is suggested, except for AX devices, question was intended to be educational.

Is correct what I wrote before about edge and point-to-point ?

S8T8

Dear experts, raised the curiosity reading v7.14b changelog; *) bridge - make "point-to-point=yes" default value for non-wireless bridge ports; *) bridge - try to set wireless bridge ports as edge ports automatically; noob questions, we can assume that any port not directly connected to an...

S8T8

Nothing mysterious, as you noticed in Bridge Hardware Offloading Currently, HW offloaded bridge support for the IPQ-PPE switch chip is still a work in progress. We recommend using, the default, non-HW offloaded bridge (enabled RSTP). Any condition that disables HW offload is fine on switch chip IPQ-...

S8T8

@kravemir I'm not that expert for a proper answer, about xSTP the answer received from support was that protocol-mode=none is fine but not for AX devices with switch chip not enabled for hardware offloading.

S8T8

I just discovered that Mac devices are not able to ping .local devices adding static DNS with this formula (^|\.)mikrotik\.com , due to .local included/added when not TLD is specified, in fact mydevice.mikrotik.com is resolved but not just ping mikrotik or mikrotik.local . This is more correct? (^|\...

S8T8

Thanks @LdB! So interesting... 1) 127.0.0.1, default is dst-address= , in some topics I found suggestion for src-address= . The fists, DST, should be used when same device is CAPsMAN and CAP as the same time, SRC lo allow the internal loopback interface, in case is not already allowed by design. 127...

S8T8

Questions reduced and updated, hope for some interesting answers

S8T8

Hello @avav, not that relevant with this topic but, what's the difference between: add action=accept chain=input comment="admin access" src-address-list=Authorized add action=drop chain=input comment="DROP ALL ELSE" - add action=accept chain=forward comment="allow internet t...

S8T8

Thanks @k6ccc

S8T8

Yes, read that topic and also did an extensive research through the forum; - question 1, read a suggestion from @rextended about use src-address instead of dst-address - question 2, is from @anav topic, add action=drop chain=input seems to be enough - question 3, @sindy indicated the use of in-inter...

S8T8

Any hints?

S8T8

(updated)

S8T8

Dear experts, in my home environment I'm using a basic MikroTik router plus some additions like VLAN, VPN, configured following wiki, the great pcunite's VLAN topic, and other advices (thanks to all forum community!) No big issues, just some clarifications; 1) Firewall Filter, 127.0.0.0 what's the d...

S8T8

Questions 1 & 2: Thanks @pcunite, appreciated, you know better than many of us! Question 3 we had confirmation from @anav and @Amm0 that loose-tcp-tracking=no is OK. Question 1, your point is clear. Question 2, as your example, the server is routed only via specific ISP or Wireguard from my exa...

S8T8

Hello, thanks pcunite for this very informative and well-explained post! I'm using a different approach, without routing tables and mangle rules, different scope values, adapting suggestions (probably in the wrong way) from @sindy posts . add comment="WAN1" distance=1 dst-address=1.1.1.1 g...

S8T8

Follow up on this, there is any advantage to increasing MTU on ethernet ports but not in VLAN?
For example, setting L2MTU at the maximum and MTU to 9000 for trunk ports (both sides. Router and Switch) or for NAS, VLAN will stay at 1500 for compatibility.

Thanks!

S8T8

Hello, trying to apply FQ Codel to all ports except WAN, previously I was using: /queue interface set [find where default-queue~"hardware"] queue="NewQueue" now, to exclude WAN ports that are not in the Bridge: :foreach i in=[/interface bridge port find where interface~"sfp|...

S8T8

Edited for simplified version

Nice! Should not be more useful to pick just the date and compare it with the current date [/system clock get date], than if the date is X days after the release, install?

S8T8

Hello, after reading somewhere that some MT 60 GHz products have a redundant radio solution, I've been curious to understand how; from my understanding, in case 60Ghz communication between both devices stops, a secondary frequency will enter in use. This should be possible using Bonding active-backu...

S8T8

This should be correct:

/ip dns static add regexp="(^|\\.)guugol\\." address=10.10.10.10

S8T8

Hello, noob question, adding a static DNS entry using regex /ip dns static add regexp="[*mikrotik*]" address=10.0.0.2 will match everything that contains "MikroTik", or "myMikroTikDevice.com" , how to match only " mikrotik " and not "myMikroTik" or &...

S8T8

Thanks @eworm, I'm a big fan of your Repo, very intresting

Will look into it, thanks!
@msatter, I found "uptime" easy for what I would like to have, a log entry like "Internet not available for 10 min..."

S8T8

@Amm0

What's new in 7.12beta3 (2023-Aug-24 12:15):
*) wifiwave2 - enable changing interface MTU and L2MTU;

S8T8

Appreciated your assistance, thanks @Amm0! Spent days trying to figure out what's wrong, had mixed and inconsistent results. Today I noticed that the ARP table was not populated with IP and MAC from device at the other side (Router B) - Bridge Test, adding it helped to succeed with Ping instead of &...

S8T8

Is it possible to redirect a new device connecting to DHCP server without external apps or container? (Edited example from @Ammo's post) # add DHCP Option 114 stuff... /ip dhcp-server option add code=114 name=Redirect value="'https://forum.mikrotik.com'" /ip dhcp-server option sets add nam...

S8T8

Hello, hope title is appropriate and clear; recently had WAN issues reported by Netwatch, would be useful to receive a notification like "Internet was not available from 2PM to 3PM" or "... for 1 hour". I was thinking about something like: :global Uptime; :global Downtime; global...

S8T8

Followed your instructions a small step forward... In my specific case VLAN's IP address were duplicates on both side...(I feel so dumb!) 1st "Bridged Test": [on Routers] ✓ Created ZeroTier interface on both Routers (A - B) with Allow Managed unchecked /zerotier interface add allow-default...

S8T8

Obviously BTH is not release-ready yet. And probably stabilizing BTH would take longer time than MT devs would like.

As MikroTIk fan, this move is 100% approved, BTH is a nice have but pretty sure there is a looong list of things to fix/improve!
Nice job MT, waiting for Stable.

S8T8

OK so, an example of config (I don't have the export with me now but it's pretty much based on MT KB and pcunite's guide : /interface bridge add name=Bridge vlan-filtering=yes frame-types=admit-only-vlan-tagged /interface vlan add interface=Bridge name=LAN vlan-id=10 add interface=Bridge name=GUEST ...

S8T8

Hi all, trying to learn more about ZT, read couple times the very well written guide by @Ammo (thanks again!), what I would like to achieve is in the middle between use case C and D, bridge single VLAN to another MikroTik device, to be able to reach an IoT device connected to Router B (behind NAT) f...

S8T8

You're saying better have it than don't?

Loops happens plugging more than one ethernet cable, right?

S8T8

Hello, it should and easy question; in a basic topology, Router -> Switch -> AP is RSTP useful/necessary? Or protocol=none is OK? Is the use of CAPsMAN making any difference? WiFiWave2 wiki says If the CAP is hAP ax2 or hAP ax3, it is strongly recommended to enable RSTP in the bridge configuration, ...

S8T8

Hello, old topic I know...
I'm in a similar position of the OP, with a script to replace NTP server every day, I wonder if this is really necessary or RouterOS is able to keep synched with the sever just adding the server once (/ntp client set server=NTPpool.org...)
Thanks!

S8T8

Excellent as always, @Amm0! - I was referring to an MT router with a direct route to the internet (no NAT, Public IP assigned), assigning ZT interface to LAN interface-list was enough for me - Unfortunately no IPv6 (still...) - I can confirm that UPnP enabled on ZT interface is creating a dynamic ro...

S8T8

Hi all, thanks @Amm0 for this interesting and detailed guide! There is a point not very clear to me; Supporting either UPnP or NAT-PMP on your network can greatly improve performance by allowing ZeroTier endpoints to map external ports and avoid NAT traversal entirely. this means that, in case of pu...

S8T8

Hi @gigabyte091, could you please share your /interface wifiwave2 export on both devices?
I was testing CAPsMAN for a similar set-up you have without success, WiFi settings were non applied to CAP.
Thanks!

S8T8

I get your point, I see more interesting the user than IP in this specific case, "you" can still access to the router and read the full log, if someone had access to the device I would try to do log-in to the router anyway. This was just my point of view, I could be wrong. On my phone I re...

S8T8

Excellent @rextended, shockingly easy and works!
Now, in a perfect world text with more that 30 characters should have "..." at the end and shorter not. I'll try to scratch my head but if you have an hint to point in the right direction...

S8T8

Not a problem at all, just to share an opinion, a long log message could result in 3/4 or more text lines.

If you could give an hint would be appreciated, as always.
Thanks

S8T8

Hello all, @rextended, someone may will find useful the option to truncate messages, like logs with more than 30 characters are replaced with "...".
What do you think?

S8T8

@gigabyte091 witch version are you using? WPA3 disabled? Any particular setting off?

S8T8

Hi @rextended, using the latest version of the script provided, if possible would be nice to have integrated the possibility to exclude some topics but integrate if associated with others to be included, like MikroTik logging settings. Let me explain a little bit better; If we include topic "DH...

S8T8

EDIT 2: Exclude on default ipsec error messages phase1 negotiation failed , added the possibility to exclude topics regardless are critical or error or warning EDIT 3: Misspell fixed Nice update, this was exactly what I meant! You mind to spend few words on the last Edit? Hope to have other suggest...

S8T8

Also if I don't have any knowledge in scripts I applied few edits; - added a dash " - " before a new line of log sent on the text Example: - 2023-05-28 12:20:46 ether3 link down - 2023-05-28 12:21:03 ether3 link up (speed 100M, full duplex) - changed: and !(message~" -> and !(topic~&q...

S8T8

@rextended testing right now, works also for me!
This should be a pinned topic...

S8T8

Out of curiosity, has 7.10rc1 fixed issues with AX devices?

S8T8

Hello @diamuxin, I was reading your previous post and noticed that the script is looking for the "last log" for the date that was written on the scheduled comment. Druvis from MikroTik wrote a script that may help you to fix the problem and you could try to your integrate: https://github.c...

S8T8

What is this? "( then also added the LAN subnet + 192.168.1.0/24 )" Hello @DarkNate, I can not be smart like you Sir but I did my best to have the device config working at the best following all official guides (I mean Bridges, VLANs, etc...), waited some days after your initial answer ju...

S8T8

What is the reason for your fear of loopback interface to correctly set the upstream interface? Hello @DarkNate, apologies for not having followed your example, it was not clear that the "loopback" interface was the one that did the trick. This is what I tested without success, maybe due ...

S8T8

...it's only two-three lines of config to get it working: https://forum.mikrotik.com/viewtopic.php?t=174354#p982910 Let's see if this second attempt will be the good one :) /interface bridge add frame-types=admit-only-vlan-tagged igmp-snooping=yes igmp-version=3 mld-version=2 name=Bridge protocol-m...

S8T8

Hello @normis, Roaming between devices is a "new" feature introduced by the WifiWave2 CAPsMAN? Any particular condition needed or following the config example will enable Roaming between Router and APs? https://help.mikrotik.com/docs/display/ROS/WifiWave2#WifiWave2-CAPsMAN-CAPconfiguration...

S8T8

Not familiar with CAPsMAN but, with the recent WifiWave2 compatibility and 802.11 K and R support has something changed on the roaming aspect? The difference between CAPsMAN and Standalone mode is just the speed in configuration process? WifiWave2 CAPsMAN only passes wireless configuration to the CA...

S8T8

Was hoping for an answer from you! The question was easier than you thought, examples: - /interface ethernet set [ find default-name=ether5 ] VS. /interface ethernet set [find default-name=ether5] - $[ /system routerboard get model ] VS. $[/system routerboard get model] - [ :resolve google.com ] VS....

S8T8

Apologies for the "idiod" question; I saw many scripts with [ /function ] with and without the spaces between [brackets], always used without but all the scripts from MikroTik are with a space in between.
There are cases where space is necessary and other where is not? (Except RegEx)
Thanks

S8T8

THANKS Guru @mkx! Very informative answer.
QinQ is a case where VLAN MTU should be increased? (Not related to my example)

S8T8

Hello, days ago I found a comment on Reddit mentioning about the correct MTU for VLAN of 1508 to avoid fragmentation; /interface vlan add interface=bridge mtu=1508 name=VLAN-10 vlan-id=10 has this sense or a specific reason? In this example there was no mention of MPLS or routing protocols. Thanks.

S8T8

@piotrchm93 thanks, never spent time learning The Dude, don't know if this is the right tool, an always-on VPN for small devices could be resource intensive but will try to understand more how it works. @anav, I was looking into Telegram, Signal and Element (Matrix) scripts, probably are the best wa...

S8T8

@DarkNate, appreciated your help, followed suggestions on the previous post but not working, could be my fault. Tried setting the bridge as upstream and then the VLAN2, printer was not visible on both cases, connected to VLAN1 and worked immediately. I'm OK with IGMP Proxy, the MT complicated way in...

S8T8

Hello, I'm "managing" 3 MT devices (home, office, parents), looking for an advice for easy solution to check logs. Actually, I have set-up email forwarding for most relevant topics, working great, it's only a little bit of a mess with the personal email. An alternative could be still using...

S8T8

@DarkNate, interesting, could you share an example of your configuration? igmp-snooping will disable bridge hardware offloading on many low-end devices, multicast-querier must be disabled on the router?
Thanks

S8T8

@Frankxo, could you please share an example of the usecase for EoIP with Wireguard and, if possible, the CLI part of how you implemented it?
Thanks

S8T8

Thanks @biomesh, really appreciated!

S8T8

I'm using a MT router for handling PPPoE, couple of VLANs, Firewall, DHCP, etc... a CRS device wtih the trunk port to the router, connected devices are separated from VLAN A and VLAN B. From what I understand using L3HW is ignoring firewall roules, but those roules are "managed" by the rou...

S8T8

Hello, a little bit dumb question...
In a basic SOHO enviroment, is L3HW useful only when multiple subnets, firewall rules or routes are involved?
As example in a CRS switch L3HW is supported but not usefu (in most of cases), correct?

S8T8

Apologies for adding question not too relevant, I tried to set up a failover but never understood how to properly do using @anav example, I have a PPPoE and DHCP Client connection, or a static IP and DHCP Client connections, should work this easy way? /interface pppoe-client add add-default-route=ye...

S8T8

Thanks a lot @soonwai!
@Dude2048 I read all the pcunite's guide, my question was specific, if the only and best way to use VoIP VLAN is to have a second bridge losing the hardware offload.
If useful for someone, I used a very similar solution suggested by @soonwai for PPPoE passtrough.

S8T8

maybe this as first rule

/ip firewall nat add chain=dstnat action=accept... pihole.ip

S8T8

any hint is the solution could be like add a second Bridge with WAN port + untagged VLAN836 to LAN port, losing the hardware offload due to multiple bridges or add the VLAN 836 to one LAN port in the main bridge...
Sorry not very techical

S8T8

Dear MikroTik experts, currently using an hAP ac2 with a pair of VLANs to the bridge, connected to ISP via VLAN835, an analog phone is configured to an external VoIP gateway, /interface vlan add interface=ether1 name=ISP-VLAN vlan-id=835 /interface pppoe-client add add-default-route=yes default-rout...

Search found 169 matches