MikroTik

Josephny

Absolutely -- useful approach to consider the topic log entries the same whether they are to "memory" or to "disk"

Thanks!

Josephny

Sorry, I'm sure I'm not explaining myself clearly enough. I understand the action=logtodisk and the topics= My confusion is with the following: /system logging action add name=logtodisk target=disk disk-file-name=/flash/log # OR if is not present flash memory # add name=logtodisk target=disk disk-fi...

Josephny

Product page for NetPower 16p says: Device itself does not have an onboard voltage converter. You need 24V PSU to have 24V PoE out and/or 48V PSU to have 48V PoE out (IEEE 802.3 at/af). * Power supply is NOT included with the product. You are welcome to use your preferred power option, like battery...

Josephny

Does this apply to both the CRS318-16P-2S+OUT as well as the crs328_24p_4s_rm? The former is half the price of the latter. It does apply to both. But for netpower you need to purchase two power adapters (with MSRP of $18 each making price difference a bit less) and the rest of hassles mentioned. An...

Josephny

I guess that at least part of price premium can be explained/excused by dual PoE-out nature: each port can either act as 802.3 af/at PoE port or as passive PoE port (at 26V), it's software-selectable. So ideal if one has to power a mix of MT devices and standard 802.3 af/at devices. All of that by ...

Josephny

I don't see POE out listed on the specs or on the brochure. Am I just missing it? My god, I'm sorry - wrong link. Here, the right one. https://mikrotik.com/product/crs328_24p_4s_rm Yep, that works! Thanks. But, it's double the price of the Netpower 16, which is double the price of a cheap-brand dum...

Josephny

You could look into the CRS328
https://mikrotik.com/product/crs328_4c_20s_4s_rm

Problem is: it costs a lot more. But comes with 24 1Gbps PoE ports, plus 4 SFP+.

I don't see POE out listed on the specs or on the brochure. Am I just missing it?

Josephny

I need a switch with minimum 12, 1gb POE OUT ports.

I see on mikrotik.com the Netpower 16 (CRS318-16P-2S+OUT).

I think this has POE-out on all 16 ports.

This is for indoor use (I see the Netpower is good for outdoor).

Is there an alternate model I should look at?

Thanks.

Josephny

1)/2) Yes! 3) I checked the documentation and I don't see what exactly will be written, and when (i.e., on what occurrences). Work exactly as "memory", just is saved on disk and persist after reboot. Understood, but how do I know what exactly gets written for any speficic topic? Documenta...

Josephny

1) So this is the recommended way, right? :local ldate [ /system clock get date ] :local ltime [ /system clock get time ] 2) Use :pick -- something like this? :local ldate [ /system clock get date] :local yyyy [:pick $ldate 0 4] :local mm [:pick $ldate 5 7] :local dd [:pick $ldate 8 10] :put "$...

Josephny

Two related questions: 1) How can I create a file where the name includes the date and time? I have this: :local date [ :system clock get date ] :local time [ :system clock get time ] /file print file="testfilename-$date-$time.txt" Results in the creation of: testfilename-2025-05-15-04:16:...

Josephny

That is great. I could swear I tried the syntax of quoted variable name followed by the slash (divided by) and then "10" and it "didn't work for me." I quote "didn't work for me" because I know full well that that phrase means that I did something wrong. I added an emai...

Josephny

easy for some problems: was $roundrttavg ms -> was $"roundrttavg"ms Genius: Netwatch at 355hEX detected a up condition to host 192.168.2.2. The rtt-avg was 23ms and the loss-percent was 0%. These value exceed at least 1 of the thresholds of thr-avg of 00:00:00.400 and the threshold loss-p...

Josephny

Imperfections abound.... I'm still working on getting something more useful. The script now produces: Netwatch at 355hEX detected a up condition to host 192.168.2.2. The rtt-avg was 22 ms and the loss-percent was 0 %. These value exceed at least 1 of the thresholds of thr-avg of 00:00:00.400 and the...

Josephny

I'm blown away at the level of expertise on this forum. And, somehow, even more in awe of the generousity shown while sharing all of your expertise. FYI, I am grateful that you are providing an irresistable temptation to exercise this tired old brain. Please let me know if I have this correctly: ROS...

Josephny

So these variables hold text, right? $llosspercent $lrttavg But, the following show the results in whole ms: :local roundrttavg ($lrttavg / 1000) :log info $roundrttavg Does adding " / 1000" simply drop the last 3 characters of the text value of $lrttavg? And getting the results in ms to 2...

Josephny

I did read and did try, with and without the "<" and ">" symbols and it doesn't work. :log info "runtime loss-percent is >$llosspercent</10 %" :log info "runtime rtt-avg is >$lrttavg< us (=4294967295 on down)" runtime loss-percent is >0</10 % runtime rtt-avg i...

Josephny

At 00:30 today the netwatched host went down. The rtt-avg was 4294967295 (choose whatever unit you prefer) and the packet loss was 1000% -- that's a lot of DOWN! Netwatch at 355hEX detected a down condition to host 192.168.2.2. The rtt-avg was 4294967295 and the loss-percent was 1000. These value ex...

Josephny

And, the rtt-avg of 24516 actually means 24.516ms. Hmmm. :? That would imply that inside the router there Is a clock (or some other high precision technology marvel ) capable of 1 millionth second (microsecond) resolution. :shock: I can't say I know anything about this, but my conclusion was far le...

Josephny

I added this to your script: :local thisBox [/system identity get name] :log info "Netwatch at $thisBox detected a $lstatus condition to host $lhost. The rtt-avg was $lrttavg and the loss-percent was $llosspercent. These value exceed at least 1 of the thresholds of thr-avg of $[get $netwatchID ...

Josephny

Now that's a sexy script!

Josephny

Please provide an appropriate title, the current one IS WRONG and ONLY creates CONFUSION. First of all it is wrong to refer to netwatch in this way "/tool/netwatch get [find host=8.8.8.8]" because there can be more than 1 netwatch with the same IP 8.8.8.8, second, thr-avg is a property, a...

Josephny

delete please

Josephny

An alternative solution that doesn’t require scripting is to enable Netwatch logging with " /system logging add prefix=debug topics=netwatch ", and then check all the values in the log: 07:39:10 netwatch,debug debug: [ type: icmp, host: 1.1.1.1 ] Stats: 07:39:10 netwatch,debug debug: [ OK...

Josephny

I may be old fashioned, but before learning to script better there is IMHO the needed step of learning to script. As I see it (non-working) scripts should be divided between those that do not work because they are "wrong" (conceptually) and those that do not work just because of some mist...

Josephny

@Amm0 so you automatically give for reknown basic things that a beginner needs to learn My point is if you understand the problem, you MAY be able to avoid script. If goal is to JUST "tweak a netwatch", then to output current values (rtt- loss- etc) AND configured "threshold", t...

Josephny

You need to use curly brackets when running commands in the terminal to keep everything in the same "scope": { :local myhost 8.8.8.8 :put $myhost } Or: { :local myhost 8.8.8.8; :put $myhost } Now I get it. Yes, :put output is now "8.8.8.8" Thank you for your extreme patience and...

Josephny

It's a different problem. Anyway, jaclaz has more patience than I. If we knew what the desired output and preferred scheme, it be easier to help. And, my understanding is that only the rtt-* variables are predefined -- not the thr-* variables. Is that not correct? Half true. The thr-* are not passe...

Josephny

So, in the script, if you replace :local myhost $host with :local myhost 8.8.8.8 (or whatever host you are using in the netwatch) what happens? Still blank: [admin@355hEX] /tool/netwatch> :local myhost 8.8.8.8 [admin@355hEX] /tool/netwatch> :put $myhost [admin@355hEX] /tool/netwatch> I tried this o...

Josephny

If there is no output, I would suspect that $myhost is empty/not defined or not found. Simple test: { :local myhost Pippo :put $myhost } and/or: /tool netwatch :local mystatus [get [find where host=] status] does it give the same or a different error? [admin@355hEX] /tool/netwatch> { {... :local my...

Josephny

Didn't we already have this discussion about the same script? See https://forum.mikrotik.com/viewtopic.php?t=216444 It's not helpful to start again, since context is lost. Discussed in that thread is there is no need for :local variables in the first place! When a /system/script is called as action...

Josephny

The following as the script called by DOWN and UP in netwatch works fine: :local myhost $host :log info $myhost /tool netwatch #:local mystatus [get [find where host=$myhost] status] #:local mycomment [get [find where host=$myhost] comment] #:local myinterval [get [find where host=$myhost] interval]...

Josephny

Terminal output: [admin@355hEX] > { {... :local myhost $host {... :put $myhost {... } [admin@355hEX] > In the netwatch UP and DOWN entry: No output because, I believe, :put has no where to "put" it In a script (with nothing else) called by the netwatch UP and DOWN entries: Also, no output.

Josephny

:local myhost $host

works just fine

"log info $myhost"

creates the correct log entry.

When I uncomment any of the commented :local statements an error is generated.

Josephny

This script is called in Netwatch when DOWN or UP status changes. I can't figure out why this script fails if I un-comment any of the ":local" variable declarations: :local myhost $host /tool netwatch #:local mystatus [get [find where host=$myhost] status] #:local mycomment [get [find wher...

Josephny

Is this accurate? Yes , it seems accurate to me , in the sense of accurate representation of how we have understood it works, not necessarily accurate in an absolute way. What is missing is (very likely irrelevant in practice, still ...) is the actual time the ping takes, while it is likely a very,...

Josephny

Please someone help me, Quick summary: Four sector 19dbi 120degree antennas connected in both ch0 and ch1 of the netmetal ax using two splitter in offshore to cover 360degree. control room have one dish antenna 30dbi connected in netmetal 5AC. The distance is 6-8km. This setup is for monitor the of...

Josephny

So, provided that the way I understood the mechanism is correct :? , it seems to me that: interval should be as low as possible (with some common sense, the default 10s seems too little, I would settle for 60 seconds or 1 minute) Well, I'd say that setting interval= is more about often you want any...

Josephny

So is this what we all believe happens? Using an example of: interval: 10s timeout: 500ms packet-interval: 100ms packet-count: 20 time 0: Netwatch starts the process of sending "packet-count" number of packets (20) at "packet-interval" (100ms) time 2000ms: Netwatch stops sending ...

Josephny

@jaclaz That is exaclty as I understood it also: packets are sent every 200ms until 400 packets are sent. This process repeats every 2 minutes. And, a 95% packet loss threshold. It was with this understanding of how the parameters interact that I chose them with the goal of netwatch not triggering a...

Josephny

/tool netwatch add comment=Netwatch-192.168.2.2 disabled=no down-script=Netwatch-details host=192.168.2.2 http-codes="" interval=2m name=Netwatch-192.168.2.2 packet-count=400 packet-interval=200ms test-script="" thr-avg=\ 400ms thr-loss-percent=95% type=icmp up-script=Netwatch-d...

Josephny

I like math, and I'm not bad at it. But how do we get to 3.5 pings/second? A ping every 200ms is 5 pings/second, right? with each netwatch test being 400 pings, that's 80 seconds of pings, right? What am I doing wrong? What I am hoping to have achieved by using the ICMP type of netwatch, and by twea...

Josephny

To me it still looks like hammering. :shock: 400 packets sent at 200 ms interval every 2 minutes? The defaults end up being 6 runs per minute x 10 packets/run=60 packets/minute (which already seem to me a lot). Your last settings come up as 1/2 run per minute x 400 packets/run=200 packets/minute. B...

Josephny

Following up for posterity: Since changing the netwatch parameters to the following: /tool netwatch add comment=Netwatch-192.168.2.2 disabled=no down-script=Netwatch-details host=192.168.2.2 http-codes="" interval=2m name=Netwatch-192.168.2.2 packet-count=400 packet-interval=200ms test-scr...

Josephny

But I would never have figured out with your help ...

Talking of double negations .. I presume there Is an "out" that slipped from your fingers ... (I would try putting It after the "with").

Typo: “Without”

Josephny

I do indeed see: Screenshot 2025-05-04 155716.png But I would never have figured out with your help that the system has predefined variables matching what is displayed (and that is not considering the inclusion of a "-" or the need for $"<variable-name>") How would one find this ...

Josephny

It's just $"loss-percent", $"thr-loss-percent" defines where the $"loss-percent" fails. These variables already pre-defined in the down/up-script= so they do not have to be declared or "get" That works. Is there some terminology somewhere that would inform me...

Josephny

I can't get rtt-loss-percent to work.

This in a script:

:local myrttlossper [get [find where host=$myhost] rtt-loss-percent]

kicks back an error

Josephny

The way I read the docs, it is a "or", i.e. there are 6 different thresholds: thr-max (Default: 1s) Fail threshold for round trip time-max (a value above thr-max is a probe fail) thr-avg (Default: 100ms) Fail threshold for round trip time-avg thr-stdev (Default: 250ms) Fail threshold for ...

Josephny

Still playing with netwatch and trying these settings: /tool netwatch add comment=Netwatch-192.168.0.11 disabled=no down-script=Netwatch-details host=192.168.0.11 http-codes="" interval=2m name=Netwatch-192.168.0.11 packet-count=300 packet-interval=200ms \ test-script="" thr-avg=...

Josephny

It gets even better: Here I am thinking I will capture the actual values of these variables and write them to the log instead of turning on logging for topic netwatch and having the log fill up it, when, in reality, the only thing being logged is the netwatch settings (i.e., not the netwatch results...

Josephny

Thanks, that fixed that line. But the rest didn't work. I tried various combinations of quotes. I removed the underscore. Then I discovered that hyphens aren't liked either. There are too many unintuitive rules with this scripting! This works: :local myhost $host /tool netwatch :local mystatus [get ...

Josephny

Ugh! Everything takes so much time, troubleshooting, effort, frustration. I've got a whole big (for me) script, and continue to get an error. Troubleshooting by commenting out lines, this line is the culprit: :local my_host $host With this being the only non-commented line, the script fails: executi...

Josephny

@Josepny Using in scripts variables with the same name of ROS parameters/values/commands/etc. is usually not a good idea. point #16 here: https://forum.mikrotik.com/viewtopic.php?p=1128345 use (say) my_ prefix, i.e. my_status, my_comment, etc. Adding "my_" to the name of an ROS parameter/...

Josephny

With netwatch: /tool netwatch add disabled=no host=192.168.2.2 http-codes="" interval=1m name=Netwatch-192.168.2.2 packet-count=100 packet-interval=100ms thr-avg=400ms \ thr-loss-percent=90% type=icmp Enabled logging and seeing this every minute: 2025-04-30 09:59:32 netwatch,debug [ Netwat...

Josephny

That looks right to me. As I said, I'd compare the "Status" to make sure all the other RTT things are well within the defaults. If not, or even close, specifically set the various thr-* higher. If you temporary enable topics=netwatch in /system/logging, it will log both the values got, an...

Josephny

The goal for me here, BTW, is to not wake up to a screen full of notifications about down hosts when the ISP does some 1 minute flapping in the middle of the night. That is rather easy, suggested "down" script contents: #DO NOTHING :lol: LOL! That's just what they think you'd think they'd...

Josephny

Do I understand this correctly that the following code will check the host once every 1 minute by sending out 100 packets with a 100ms interval between packets and return a 'HOST-IS-DOWN' result if the average response time of those 100 packets is greater than 400ms AND the total packet loss rate is...

Josephny

Tried another one with Dude AI. And it's similar with config (which is essentially still scripting) – while perhaps LLM get "closer" for standard config... but ,it does not know the needed order of operations and names are inconsistent. For example, I tried a somewhat more complex prompt ...

Josephny

Of course, in the end, lovable.dev is writing html, so I would need to edit it manually (although I would suspect there are nice visual editors available).

Josephny

What not using the old way with pre-made templates? A good half or possibly 3/4 of these kind of websites are anyway more or less a copycat of the other, and it is not like there is that much content in them, if you link to a booking portal like Airbnb, the houses/apartments/whatever are pretty muc...

Josephny

I just found lovable.dev. This is the response to a quick prompt at lovable.dev: I need a website that showcases my 6 short term rental houses, with a description and many images of each and a link to each property's airbnb booking page. Lovable 18:48 on Apr 28, 2025 I'm excited to help you create a...

Josephny

Did you try any of the AI site builders I linked to?

Do you mean Wix, Square Space, etc.?

The AI at web site building is (far) worse than the AI for ROS scripting.

Josephny

Google " AI website builder " or just ask your favorite AI. ;-) I did that before coming here. It turned up the usual names (Wix, Squarespace, Google sites, etc.). I actually asked ChatGPT to tell me how it would make my site nicer and it was prevented from visiting the site. I suspect th...

Josephny

Good answers so far! I’m tempted to stop right here and claim that my original post was my only question. But, it wasn’t…. I have a simple website, hosted at Dotster (aka web.com and soon to be network solutions (goes around comes around)). I made it with Dotster’s Wordpress but I am even worse at W...

Josephny

Is it okay to ask a question on a completely non-Mikrotik topic (technology related, but no justifiable way to relate it to Mikrotik)?

Josephny

I agree with almost everything you write. And it surely possible that with regards to those thing I don't agree with, I could be wrong. That is to say, no doubt there a number of reasons why communication here has been difficult. And, one of them very well be my ignorance. Thanks to you and others h...

Josephny

My hope is also that these discussions help develop the language to use to communicate more effectively about these topics. I hate to disappoint you, but the language is already developed, established and wildly used ... one simply has to learn it. Pretty much the same as every toddler has to learn...

Josephny

I am so grateful to you all for these discussions.

They quickly rise to a level above my comprehension but nonetheless raise my understanding substantially.

My hope is also that these discussions help develop the language to use to communicate more effectively about these topics.

Thanks everyone!

Josephny

I was only pointing out that the block diagram helps clarify in some ways, but not as much as I had originally thought because the IPQ6010 is depicted as a single unit, unexplained in any way other than the fact that there is contained within in it a ASIC and a CPU. So, for the purpose of understand...

Josephny

Oh well -- I'm wrong again. So the IPQ6010 is a single chip or device that includes the ASIC and CPU. The IPQ6010 has physical connections to the QCA8075 chips (ethernet ports), the QCN-5022 and 5055 wifi chips, and the RAM/USB/NAND/LEDs. I suppose, therefore, that the diagram (the original, not my ...

Josephny

@mkx:

Could you confirm that my understanding of the diagram is correct:

Yellow is the switch chip
Green is the CPU
Red is the entire MT device
Purple are the physical connections

Screenshot 2025-04-23 062145.jpg

Josephny

Another wow! The combination of the diagram and the specific examples of frame patches that use the CPU is a great way to communicate (teach) this. The diagram, explanation, and examples definitely work together, doing a better job than any one of these singularly can do, to make clear how this works.

Josephny

Right, the above limitation only affects LAN to LAN traffic within the same VLAN. Everything else always goes through the CPU anyway: 1. Between wireless and LAN. 2. Between wireless and wireless. 3. Between wired and wired in different VLANs, with the exception of some higher-end switches that sup...

Josephny

Great discussion -- thank you.

For clarification of one aspect of the origin and intent of my quesiton: I was thinking specifically about whether frames between wifi and etherports could exclusively use the switch chip. That is, the use of a dumb switch would not be applicable.

Josephny

When we say HW offloaded we mean that the frames are processed (I wouldn't dare say routed) by the switch chip, right? In other words, HW offloading is when the CPU is NOT being used, right? HW offloading usually means that the device has an ASIC that will process the frames 1000 times faster than ...

Josephny

That is fascinating! I just want to make sure I understand: When we say HW offloaded we mean that the frames are processed (I wouldn't dare say routed) by the switch chip, right? In other words, HW offloading is when the CPU is NOT being used, right? And, basically, with the ax3, if it is configured...

Josephny

Thanks guys! I did not know that frames between wifi-connected devices and the devices connected to the etherports required the CPU. I thought if the wifi interfaces were part of the bridge, it would be switch chip only. "More than 1 IP to do it's job" captures the criteria nicely. The ax3...

Josephny

Two questions please: 1) How can I confirm that the config below matches what would on this forum be labeled as "used as a switch and not as a router?" (Yes, I know about the other thread: I started it. But, I am asking for the specific config entries below to be identified. For example, t...

Josephny

I have no desire for an argumentative, aggressive, accusatory discussion this morning.

Simply hoping to get some insights and guidance.

Happy to drop the whole thing.

Josephny

There is NO PREFERRED SOLUTION!! Its up to you to decide your comfort level of security. In order for me to decide, I need to understand the options in more detail than something like: "the more vlans I have the more security I have" I dont understand the question. VLAN are to insure bi-d...

Josephny

One should view it as, if a device was compromised, what can it then attack........................... simple question. There is no RIGHT answer, its personal , and what level of comfort you have exposing devices to other devices be they IOT, media, voip, laptops, smartphones etc....... . That is a...

Josephny

You don't have anything that should be restricted from asccessing Internet? Like IoT (my Chinese camera's don't have access to Internet). I wish I understood this better. There are various sensors that feed local servers data streams. To that extent, they don't need Internet access. But, other IoT ...

Josephny

Thank you for your help. Your suggestion of looking at the type or purpose of traffic made me think about this differently. From a perspective of what services or access the different types of connections need I see the following groups of connected devices and users that might correspond to the str...

Josephny

How many VLANs? For a large home network (connected via Wireguard to other locations with a similar group of devices), often with guests/visitors, how fine should the granularity be when it comes to creating separate VLANs? I have the following types of devices: Admins (me) Family connecting via wif...

Josephny

I thought it was just a random OID.

May we all be smitten with such a vice.

Josephny

For the OP problem only the solution is simple, add "1" in the right point....

1.2.3.4 1.3.6.1.4.1.14988.1.1.8.1.1.3.3
=>
1.2.3.4 1.3.6.1.4.1.14988.1.1.18.1.1.3.3

@rextended:

What is this magic that you do? How did you know the value was 18 and not 8?

Josephny

Thank you anav!

I know very well that just about everyone is here to help others, and I try hard to keep that in mind, and appreciate it, with every post.

Being (too) introspective, I nonetheless question my own effort and capability sometimes. But, then, I press on.

Josephny

I am sure I have recommended Ed Harmoush's Network Fundamentals and VLANs — Index to you in the past, but you probably think that it isn't worth your time trying to learn the fundamentals. It is well worth the time. Especially for someone that comes back to the forum for his daily fish so frequentl...

Josephny

Use: "VLAN routing" when frames pass between VLANs as well as between different IP subnets in different VLANs.

Use: "VLAN bridging" or "vlan switching" or "forwarding" when frames pass on the same vlan from one port to another.

Josephny

My question can be reformulted or restated as: How to I ensure that a CRS ROS configuration is such that the CRS is used as a cloud router SWITCH ? The answer to that question has already come from @mkx - if everything works as required while there is only a single IP address up on the CRS326, it o...

Josephny

There are very many threads that involves people screaming at others that they are using the CRS as a router. I can understand (basically) the extreme examples of a CRS being used as an edge router with an Internet-connected WAN port and wireguard or multiple networks, etc. I really struggle to und...

Josephny

In short: any RouterOS device, which has more than a single IP address configured (used only for management), can eventually become a router. So a switch should never have more than one IP address configured, if configuring additional IP address solves a traffic problem, it means that switch became...

Josephny

The example provided is a bit confusing. - why include ports 5 through spf-sfpplus2 if not relevant (not being used) - then I see sfp-sfpplus1 is being used but no indication its a trunk port ( frame types or comment missing ) which is inconsistent from the other entries........ - why are you missi...

Josephny

https://www.spiceworks.com/tech/networking/articles/network-switch-vs-router/ Clues to you are routing. -DHCP -WAN and LAN -NAT -all subnets have an address -need firewall rules (layer3) Switch..... Single Ip address provided to switch setup is primarily about vlan traffic only management or truste...

Josephny

A networking device can take various header fields of an Ethernet frame and the packet it carries into account to make a decision where to forward that frame. If it only chooses the output interface based on the destination MAC address and, possibly, VLAN ID of the incoming frame, it handles that f...

Josephny

I am trying to understand exactly what configuration items determine whether a CRS326 (running ROS) is being used as a switch-only or as a switch-router. From reading many prior threads, using the CRS as a switch-only results in much better performance. I am having a hard time identifying exactly wh...

Josephny

The logging works great.

/system logging action
add email-to=<user>@<domain>.com name=email target=email

/system logging
add action=email regex="ether3 link down" topics=info

I have it set to email me (for now):

Screenshot 2025-04-11 191530.png

Josephny

So what is the summary on why RoMON does not work here? I lost track of the conversation. The OP was trying to use romon from on a PC behind a second rb5009 (that was giving the lab 5009) a WANIP on its flan LAN, to reach the CRS326 that was behind the lab 5009. The OP initially gave the impression...

Josephny

I found this thread: https://forum.mikrotik.com/viewtopic.php?t=173178 that suggests a syslog action of email might work. But, I don't want all topic: interface log messages emailed. Only when ether3 goes down. Nothing more. I see there is a regex option in the logging. I'll try simply using "e...

Josephny

Are you familiair with Netwatch?
https://help.mikrotik.com/docs/spaces/R ... 8/Netwatch

Thank you, I am.

I am hoping there is a more direct manner to monitor the same status that is being logged, and not whether there is connectivity to the device(s) on that interface.

Josephny

Is there a script, or the basis of a script that I can start with, that will monitor either the status (up or down) of an interface? With logging to memory of topic: info I get this: ether3 link down which is good, but I was hoping to send a notification of this event (including the date and time of...

Josephny

You inspired and guided me to another solution! The Windows PC I'm sitting at is wired to 5009-master with a (locally) statically assigned ip of 192.168.2.22 But, it also has a built in wifi adapter. And (another thing I hadn't mentioned is that) I have an ax3 also plugged into 5009-lab. So, I enabl...

Josephny

I do like the goal, but the 5009-master is not set up for vlan. I bought a second 5009 (5009-lab) and the CRS (to replace the CSS) to set these up independently, learn, test, make sure they work before swapping them in for the 5009-master and css. It looks like without VLANs on the 5009-master, the ...

Josephny

Only stating there was a second 5009 at play at such a late stage, and that the Romon issue stemmed from the first one to the Switch was a criminal omission . Consider yourself flogged ;-) Your punishment is having to eat the entire plate of smoked meat served at Katz's. LOL!!!! Just trying to keep...

Josephny

I gather then you have a physical cable attached between master5009 and Lab5009 then??
where is that indicated on the LAB 5009 config??

ether1 (WAN)

Josephny

And bridge will drop RoMON if it's admit-only-vlan-tagged, period — RoMON is not "VLAN tagged"

Got it -- RoMON is not carried across vlan-tagged frames because RoMON frames are neither IP nor IP+VLAN type frames. (Is this an accurate way of describing it?).

Josephny

Who told you this............... ?????? I need Romon to access the CRS its clear that even though ROMON should not be affected by vlan tag settings on the bridge itself, they are, so avoid its use is my advice. So this test bed (5009-lab and CRS) is set up as such: 5009-lab is connected to an opera...

Josephny

What is the conflict? I am having difficulty identifying the conflict. ether7 is the CRS. The config paints a conflicted story? set [ find default-name= sfp-sfpplus1 ] comment= CSS326 Hard to find ether7 tagged for any vlans going to CRS326 ??? /interface bridge vlan add bridge=bridge comment=\ &qu...

Josephny

8. Assigning ether7, tagged here add bridge=bridge comment="ports bridge,4,5,sfp to carry vlan32 out of 5009 AN\ D assign vlan32 to frames arriving on ports 6,7 -- temp moved 7 to tagged \ from untagged" tagged=bridge,sfp-sfpplus1,ether4,ether5 ,ether7 untagged=\ ether6 vlan-ids=32 Confli...

Josephny

What are you using ROMON for,,,,,,,,,that is not available through neighbours discovery?

I need Romon to access the CRS.

Do your corrections allow me to do this?

Josephny

Logically, RoMON is not a tagged packet, so bridge is dropping it. This gets into the topic of Layer2 ethertype's... See https://en.wikipedia.org/wiki/EtherType#Values While not explicitly shown.... by setting frame-types=admit-only-vlan-tagged you're saying you only want "VLAN" ethertype...

Josephny

SWITCH Why are you treating the switch like a router? The only address on the switch is the one given to the switch over the management vlan32 ??? Bridge is not involved............ reminder to look at switch example: https://forum.mikrotik.com/viewtopic.php?t=143620 There is only need of ONE inter...

Josephny

I have an RB5009 (ether7) connected to a CRS326 (ether1) with vlan-id=32 setup. I think the VLAN is working nicely regardless of the frame=type setting for ether 7. But, when I change ether7 from frame=type=admit-all to frame-type=admit-only-vlan-tagged I lose the ability to connect to the CRS via R...

Josephny

Just wanted to resurrect this thread to say thank you to the OP and the participants. This was very enlightening. Some examples: @mkx: for action=masquerade ... it's vital to be done after routing decission as action uses IP address of egress interface as new value of src-address. it's important to ...

Josephny

The last thing I would, should, or could do is get involved the substance of this disagreement. Nonetheless, as the struggling OP, I can add (due to my unique perspective and standing as a struggler), that we (strugglers) do indeed need a better set of terms, a manner of abstraction, a method of con...

Josephny

CGGXANNX sussed out my situation because of my extraordinary communication skills :D Oh yea, and also because he is clearly quite smart. There is only a single inaccuracy, though of absolutely no significance whatsoever: The camera is not old, and is quite a good quality camera (EmpireTech B5842E, w...

Josephny

Your previous attempts did not work because the router didn't know that it should forward frames destined for 192.168.0.97 to ether2. By adding the IP address (and the network address, if you want you can also use 192.168.0.98/24 as address and 192.168.0.0 as network) to the interface vlan-cameras,...

Josephny

The first error. 1. is quoting from your config in post #18 and is WRONG ( do not use the bridge itself to set frames ) IMHO if OP has a VLAN-only configuration, with no IP address configured on the interface "bridge", then setting frame-types=admit-only-vlan-tagged is the correct way, an...

Josephny

100 miles away -- seeing for the first time:

Untitled.jpg

Josephny

Is that ether2 port part of a bridge (slave port) or outside of any bridges (standalone interface)? You'll need to add an IP address first /ip address # choose only one of the three following! add address=192.168.0.98 interface=ether2 network=192.168.0.97 # only if ether2 is standalone port! add ad...

Josephny

So far I've tried, without success: /ip firewall nat add action=dst-nat chain=dstnat log=yes src-address=192.168.0.97 to-addresses=10.72.22.97 add action=src-nat chain=srcnat src-address=192.168.0.97 to-addresses=10.21.22.97 I've also tried the same thing but with x.x.x.0/24 for both networks. I've ...

Josephny

The first error. 1. is quoting from your config in post #18 and is WRONG ( do not use the bridge itself to set frames ) 2. is quoting from your confing in post #18 and is WRONG. Your contradicting yourself, as plain as day, how can you say its a vlan tagged frames, when you have a PVID???? 3. Missi...

Josephny

I don’t know if this is possible. I have a location with a hAPax3. On ether2 is a camera that was previously configured to have a static ip address of 192.168.0.97 The environment is has several vlans in the 10.a.b.c networks, as well as a Wireguard connection with the interface at 10.10.100.80 I am...

Josephny

Speed is not all its cracked up to be, taking ones time mostly results in greater satisfaction,.......... Besides there is an error before that..... and many many after LOL 1. /interface bridge add admin-mac=F4:1E:57:2C:BE:98 auto-mac=no comment=defconf frame-types=\ admit-only-vlan-tagged name=bri...

Josephny

This one:

/interface vlan
add comment=vlan32 interface=ether1 name=vlan32 vlan-id=32
It should be interface=bridge ... it took me 0 seconds (recognized it while reading config).

We have a winner!

Josephny

I can see 3 things. 1. You have "attached" routes which means theyre directly connected. So no need for an "/ip route" statement as Josephny said I don't see any /ip route statements in your config. 2. this FW rule already should catch all traffic. add action=accept chain=forwar...

Josephny

Nice drawing! Maybe try putting the wireguard interface on the bridge? Thank you for the suggestion! I don’t have a strong networking background, so I’m not sure I fully understood what you meant. Since my WireGuard and LAN subnets are different, wouldn’t I need proper IP routing between them, alon...

Josephny

Nice drawing!

Maybe try putting the wireguard interface on the bridge?

Josephny

So I spent an hour or so last night exercising my vlan configurating skills (which is the equivalent of 1kg (2.2 lbs for people like me) dumbells). I thought I had it all working and was very excited. The vlan traffic between an RB5009 ether4 and an ax3 (ether1) was flowing beautfully, but I couldn'...

Josephny

The example we were using was: [code}add bridge=bridge tagged=bridge,sfp-sfpplus1,ether4,ether5 untagged=ether6,ether7 vlan-ids=32[/code] I think you were referring back to the first post in this thread. In this case vlan32 travels within the router or switch as tagged between all ports associated ...

Josephny

I guess performance-wise they should be the same in most scenarios. MikroTik doesn't publish switching performance for these. The main differences are in features. RB750Gr3 has MT7621 switch chip which doesn't support rules. There are two block diagrams, one with disabled switching, one with enable...

Josephny

I understand about MSRP, my question was more oriented to the real market picture that I see. And I was curious to know if there is anything special in the original hEX that still keeps the demand alive. I was lucky to snatch a bunch of hAP ac2's for $60 each, those beat hEX in pretty much every as...

Josephny

If you ask me it's any static public IP address you want to replace with some "fake" like 2.2.2.1 or whatever before posting. And, also the serial number at top, since if you use /ip/cloud the serial number is part of the DNS name. While the IP is "public"... having your config ...

Josephny

I apologize , not being fully versed in English, I still don't understand the meaning. My concept I think is clear about the MAC address: Anyone, if not directly connected, can't do anything. Then we can talk about compromised ISPs, compromised internal peripherals, etc., but they are already insid...

Josephny

Even if not exploit it, we are back to the first point: If someone knew my router's WAN port's mac address, and somehow could find it on the Internet, they could simply attack it -- not necessarily 'break in' but certainly bring down the ability of the router to communicate with the Internet. Let's...

Josephny

That, and revealing that you are using 192.168.1.0/24 in your LAN is not something that would make a difference if "they" are after you (BTW, if "they" are after you, "they" already got you). And allow me to doubt that leaving MAC addresses unredacted will cause a secu...

Josephny

Well HA does not use DHCP Option codes, must have coders from the dark ages. In any case you could try something like this simple DNS pointing. IOT Subnet on R2 - 192.168.55.0/24 IP of server on R1 - 10.10.10.15 ON R2 /ip dhcp-server network add address=192.168.55.0/24 dns-server=192.168.55.1 domai...

Josephny

And how would DHCP or DNS be used to inform the IoT device the address of the HA server? DHCP servers have an ability to attach some information in the return packet when they answer to the request. That additional information, called "Options", is rarely used explicity by SOHO but it cou...

Josephny

And how would DHCP or DNS be used to inform the IoT device the address of the HA server? I stated it above, DHCP OPTION creation and the use of the name of the OPTION in DHCP server settings for the subnet the IOT devices are in. OR Create a domain name for the SERver and use in in the DHCP Server ...

Josephny

You miss the point entirely,
The two options presented DHCP and DNS are to inform the iot device, what is the IP address of the HA server, not to change the local subnet IP the iot device is using.

And how would DHCP or DNS be used to inform the IoT device the address of the HA server?

Josephny

Why would a frame tagged with VID=32 ingressing to ether1 be accepted? What?? Well the physical port ether1 is a trunk port carrying multiple vlans to the local device. Why would you not think that vlan32 should be allowed to ingress in ether1?? A. its on the trunk port leaving the upstream device....

Josephny

By the way, Home Assistant devices typically obtain IP addresses from the Home Assistant server through the network's DHCP server, which is usually the router, rather than directly from the Home Assistant server itself. This sounds much like the UNIFI approach where one can use a. create dhcp optio...

Josephny

"When ingresss-filtering=YES, port will actually look at VLAN ID of ingressing frame and will drop frames where VID is not one of port's VLANs (as configured under bridge/vlan)." What parameter exactly in the bridge/vlan config is checked to see if a frame can ingress? It will check if in...

Josephny

Doesn't everyone include all of these in their ROS configs:

Date of birth
Eye color
Blood Type
Home address
Financial accounts numbers
Image of passport
Social security number
Favorite movie and flavor of ice cream
Pets names

Josephny

Exporting your config to share in the forum is actually pretty easy. Here's a quick step-by-step guide on how to do it: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 I have found that my exports, even without show-sensitive, include a whole bunch of what I would call sensitive info, in...

Josephny

If Joseph you are asking a different question, can one see all the routers at one time via winbox, via wireguard, in order to select for configuring, the answer is no. Those protocols dont go over wireguard. Thanks, but I asked that question over a year ago and learned about the Winbox/ip-neighbors...

Josephny

I assumed as always, that you are short of time and thus want to getter done. If you have time to read novels, that is a different story '=) Wait till you hit the chapters on VRRP VXLAN and BGP. You are indeed prescient. I saw BGP mentioned and I have been resisting exploring. It reminded me that I...

Josephny

Bartosz you make me laugh................. this is a non-paid gig, dont complain about playing consultant for free. ;-P Your stamina is commendable. :-) Wait???? Really??? This is non-paid???? Then how come I keep sending Venmo funds to bartosz@yousucker.com every time he gets aggravated with me?

Josephny

RIGHT, you proved me right again thank Bartosz........ A config is based on a set of established requirements, not vapour future wishes. If the op wants efficiency, the shortest path to get his 10 routers up and running as they are now, DNS is stewpid. If the op wants to tinker with DNS, which is m...

Josephny

I'm far from an actual guru here, but I will save the real gurus the time and ask you to please post your anonymized config: /export file=config Remove serial number, wireguard keys, dynamic dns entries, public IPs, passwords, etc. That's probably a couple of hours of work, at least, but I'll start...

Josephny

It may or may not be applicable for what you are trying to do. My question is why do you need split DNS for the IOT subnet? Do you have different IOT devices on the same subnet? Are there are other ways to target those specific IOT devices...... My post was not at all limited to any particular proj...

Josephny

This might qualify as the least important post ever. I have the following DHCP config: /ip pool add comment=offbridge-dhcp-server name=offbridge-dhcp-server ranges=192.168.55.2-192.168.55.200 add name=guest-pool ranges=10.72.2.2-10.72.2.254 add name=iot-pool ranges=10.72.12.2-10.72.12.254 add name=c...

Josephny

Just wanted to give a gentle shout-out to BartoszP for enlightening me about split-dns here: https://forum.mikrotik.com/viewtopic.php?p=1136419#p1136419 I've been playing with split-DNS and it's totally cool. I (effectively, randomly) chose a location with a router (call it location-1) to act as a &...

Josephny

Also, you wrote above: "When ingresss-filtering=YES, port will actually look at VLAN ID of ingressing frame and will drop frames where VID is not one of port's VLANs (as configured under bridge/vlan)." What parameter exactly in the bridge/vlan config is checked to see if a frame can ingres...

Josephny

Yes. Just add the ingress-filtering=yes and you're golden. That's really great -- and very much appreciated. You wrote above that ingress-filtering is NO by default. I just added a port to a bridge, both by CLI and by Winbox, and in both cases ingress-filtering=yes was the default. What am I missing?

Josephny

Okay. True confessions time. I've been trying to set up a multi-site WireGuard network for some months now. I've made progress. The links are up and working. I can ping the various site routers from each other. I can ping devices on the LANs from the routers. But I can't seem to pass data between t...

Josephny

That is a clear and useful explanation, spanning both the theoretical and practical aspects of vlan config. Thank you. This is an access port (i.e., physical connections to non-vlan-aware devices): /interface bridge port add bridge=bridge frame-types=admit-only-untagged-and-priority-tagged interface...

Josephny

Is my understanding correct? Yes. Of course you need corresponding config for ether1 under bridge/port and appropriate config of bridge port (but that's not subject of this topic, right?) Thank you. Corresponding config for ether1? Something specifically related to vlans? That is, something more th...

Josephny

I'm a little confused (still). I'm trying to keep it simple and practicle (so please try to accomodate this need). A) "/interface bridge port" defines vlan frame ingress behavior. Specifically in the example below, any frames arriving on port "wifi1" will have vlan-id=32 tags add...

Josephny

Okay, I think we are making progress. First, let's leave out the variable of going to each IoT device. This is something that I will need to do regardless of which solution is implemeneted. The question is whether to add a domain name or an ip address in the MQTT configuration of the IoT device. Opt...

Josephny

The question is about DNS configuration, not how to configure and pass the traffic from branches to main place using VPNs. You miss the point, the OP does not intend on reaching the home assistant server over the WWW, he wants all traffic to go over wireguard tunnels between the routers. Traffic wi...

Josephny

What you have in your DNS records and whether you do or don't do nat has no bearing on your firewall and access control capabilities. Maybe I'm misunderstanding, but I assumed that by NAT you meant opening a port that forwards frames arriving on the public IP address port of the router (the WAN por...

Josephny

Just thought I'd chime in to add to the confusion. Generally, private (RFC1918, etc.) addresses are permitted in public DNS records, in fact this is not uncommon. The rise in popularity of this is in fact rising because it's not exactly easy to do split DNS nowadays with hard-coded DNS servers on d...

Josephny

Hi Bartosz, Trying to understand your advice and with Larsa endorsement, of course! I too like Joseph, being not IT professional need some conceptual guidance. What I think your saying, in techno speak, is in static DNS we attach or identify an IP address with an URL or domain name that we have giv...

Josephny

That device asks its DNS server (192.168.0.1) and that DNS server tells the device to go and ask the DNS server at a completely different location (for example, 192.168.2.1). The DNS server (192.168.0.1) doesn't tell the device to go ask the other server. The DNS server performs the lookup itself ,...

Josephny

Just set the name of MQTT broker in all devices to dns name eg. broker.local.mqtt and in all routers (assuming Mikrotik everywhere) set static dns entry forwarding all dns queries to your local dns server /ip dns static add forward-to=IP_OF_YOUR_LOCALLY MANAGED_CENTRAL_DNS regexp=".*local\\.mq...

Josephny

Josephny ... to be honest ... please do not waste our time. My time at least. (A) (B) (C) are the three possible solutions or steps you have take. You do not understand or you do not want understand your own needs? How to describe it better. You manage your own DNS server or use existing one. What ...

Josephny

@Josephny, please listen to BartoszP's advice — they're legit. My recommendation: don’t use an external DNS server for your local needs and private addresses (for a bunch of different reasons)

What is that advice I should listen to?

Why not use the authoritative DNS server?

Josephny

@anav: I see no savings at all :) Concur, in fact its actually more work to create DNS servers at each location and then modify each IOT device to look for a specific URL. Once done, any change to IP address of the home assistant server would require changes to every local DNS server to match, vice...

Josephny

Huston .... there is a problem. Please read advices that are presented to you twice. At least. A. Find a DNS hosting that allows you to define "A" record as you wish with 10.100.0.1 address. Job done. No need to ask us for any help. Case closed. B. You have to set up and manage the only o...

Josephny

OMG ...Josephny please focus :) One central DNS is the one you have enabled in your mikrotik (or any other dns/device that serves that function) that is not public. Local means "local" ... at your home/main office it is probably the same as "central" ... at remote places it is t...

Josephny

Then you manage only the one central dns and set all anyservername.local.mqtt names and it serves all other locations. You just pick out particular domain from others queries and pass to your own DNS. Any dns you want. I'm following except for this: The "one central dns" is the Authoritat...

Josephny

Just set the name of MQTT broker in all devices to dns name eg. broker.local.mqtt and in all routers (assuming Mikrotik everywhere) set static dns entry forwarding all dns queries to you local dns server /ip dns static add forward-to=IP_OF_YOUR_LOCALLY MANAGED_DNS_IN_MIKROTIK regexp=".*local\\...

Josephny

So are you stating that you wish all the traffic from the locations will go out the WWW to reach the home assistant server at location Y? No, not at all. IoT traffic from these Tasmota devices will still use the wireguard tunnel between all locations. The server's address will still be in the 10.35...

Josephny

No need for public A records if you run your own internal DNS server with a split DNS setup. You can map a domain like mqtt-ha.mydomain.local (or whatever) to 10.100.0.1 and have all your IoT devices point to that DNS server. It’s best practice in setups like this and is simple, reliable and fully ...

Josephny

DNS question: I have 10 locations each with a number of IoT devices that talk to a Home Assistant server running its own MQTT broker. Each location has its own private IP subnets (10.1.0.0/24, 10.2.0.0/24, etc.). The server is at 10.100.0.1 The IoT devices need to be configured with the IP address o...

Josephny

Eureka! I slept on it and woke up thinking I needed to break down the troubleshooting better by following the frames. Having seen the packets arrive at the ax3 looking like this: 10.10.100.1->192.168.4.1 With no response from 192.168.4.1, I discovered that the final drop-all FORWARD rule was catchin...

Josephny

TO be clear, the only way I was able to get this far is by setting up a second bridge ("bridge-new") and putting the "wifi-tasmota" interface as a member port of that new bridge. I can packet sniff on the ax3 while running a ping on the rb5009 and see icmp frames arrive at the ax...

Josephny

Still can't get it to work. I assigned 192.168.4.100 to the hAPax3. I can successfully ping from the ax3 to the tasmota device at 192.168.4.1 I can also successfully ping from my local RB5009 (connected via Wireguard to the ax3 which is 10.10.100.80) to 192.168.4.100. But I cannot ping from the RB50...

Josephny

Progress:

I set up a slave wifi interface just for this -- wifi-tasmota.

Set the master to 2412g

added 192.168.4.100/24 as the router's ip address for the wifi-tasmota interface.

Added the masq rule.

I am able to ping 192.168.4.1 from the router.

Josephny

Clicking CONNECT changes the mode (to STATION) and the SSID (to that of the Tasmota device). But I do not see an indication that it is "running." It has a state of "scanning." I tried changing the frequecy to 2412 and the mode to g to match the Tasmota device. Screenshot 2025-03-...

Josephny

Isn't it possible that different hardware implies different resource usage? Like cars where different models result in different fuel consumption even if their bodies are the same. Not just possible, but likely. wAPax: IPQ-5010, ARM, dual core hAPax3: IPQ-6010, ARM64, quad core I'm no electrical en...

Josephny

I would temporarily connect one of the wifi interfaces to the given dimmer as a station, assign it an IP via DHCP or static (depending on the setup), and masquerade it I am unable to successfully execute the first step. When I click the CONNECT button, the small dialog box appears for 1/2 second (a...

Josephny

wap ax has only 256mb RAM. So the wap ax has already less physical memory as your observed memory usage on ax3. That's interesting, and piques my curiousity even more. And begs the question: If a wAPax cam run ROS 7.x in 256MB and still have plenty remaining but the ax3, even with my stripped-down ...

Josephny

So... You gained 4MB. Why is that bothering you ? ax3 have plenty of memory

I'm bothered by a lot of things, just about daily, but not this.

It was nothing more than curiousity, of which I have an overhwelming abundance.

Josephny

Here's a riddle for a boring Saturday night: I have a remote location that I am Wireguard-connected to. I am Winbox'd into it at 10.10.100.80 At that location there are 4 wifi wall dimmers, all with Tasmota installed, and all not configured. If I was physically at the location, I would connect a lap...

Josephny

I have an ax3 Total memory 1024 MiB Avail Free memory: 651.2 MiB Meaning used memory is 373. I do not use any logging or at least minimize it if all possible. Do not expect the ax3 to be any zippier, unless your holvoe, the rest of us mere mortals get around what you are getting. I removed the FW r...

Josephny

I have a hAPax3 acting solely as an AP (connected to an RB5009). Everything is working well -- no complaints. The wifi connection to the computer I'm posting this from (Beelink mini PC) is connected using 802.11ax at rx/tx of 576/681 Mbps. Nonetheless, I'm wondering if I can get a slightly zippier e...

Josephny

Any reason to choose 1 over the other? If nothing else helps, ask your personal numerologist :lol: List of features of used switch chips is more or less the same, so it really is the dilemma between 8 extra ports and 8 PoE++ ports. My local numerologist said she ran the numbers and I should buy a C...

Josephny

I'm trying to figure out if the 328 or the 320 would be a better solution for my needs.

I don't need the extra ports (24 vs 16, plus 4 SFP+ on each) of the 328.

But, I also don't need the POE++ of the 8 ports on the 320.

And the price is close.

Any reason to choose 1 over the other?

Josephny

Hard to say exactly what’s going wrong, but an easy way to troubleshoot is to run "/system telnet" from a router that's having issues. This guide shows how to Testing SMTP using Telnet . It’ll let you see where the SMTP process is failing and should give you a proper error message in plai...

Josephny

You can read specifications as well as anyone else, depends on your requirements etc. For me since I love, setting up vlans on mikrotik products via RoS, its the one I would go with. If you want a plugNplay setup, then I would go with the zyxel ( but only because of that killer sale price ) Reading...

Josephny

Leaving price aside, how does the 328 compare with the Zyxel XGS1930-28HP with respect to features and reliability?

Josephny

If you're sending on behalf of "<user>@<myowndomain>.com" from a new IP address that isn’t part of Google Workspace’s infrastructure, you’ll need to manually add that IP address to your domain’s SPF record. Otherwise, Google (and other receivers) may reject or flag the message as unauthor...

Josephny

Just a quick follow-up to clarify: A Google app password usually works fine out of the box for regular Gmail addresses (like xxxxx@gmail.com). But if you're sending from a custom domain (like xxxx@yyyyy.com), it won’t work unless a proper SPF record is set up for that domain. I use a "Google W...

Josephny

But, if the (wireless or wired) smartTVs are on VLAN10, and wifi users are on VLAN20, then am I right that for those users to use an app on their smartphones then (1) inter-vlan routing is necessary, and (2) this inter-vlan routing must take place on the RB5009? Same question for printers. Routers ...

Josephny

Seems like Google is slowly implementing the "app password" requirement.

I use my regular gmail password in most places.

I just set up an app password and use it now on those devices that require it.

Josephny

So smtp.gmail.com works on some devices and does not work on others (in different locations).

What do others use for smtp server?

Josephny

I'm sorry, but I just cannot decipher this.

Search found 1296 matches