Community discussions

MikroTik App

Search found 2259 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 8
by jaclaz
Fri Feb 07, 2025 12:01 pm
Forum: Announcements
Topic: New exciting features for storage
Replies: 9
Views: 485

Re: New exciting features for storage

Meh, this shows how old (and grumpy) I am getting , personally I don't feel particularly excited, the whole stuff appears to be at the moment more wishful thinking than anything else, and anyway it all sounds to me like, to make the usual automotive comparison: "Hey! We added round wheels, an e...
by jaclaz
Fri Feb 07, 2025 11:25 am
Forum: RouterBOARD hardware
Topic: Running out of space on hAP ac2 [SOLVED]
Replies: 77
Views: 24738

Re: Running out of space on hAP ac2 [SOLVED]

But installing 16MB instead of 128MB flash in millions of devices must have made them so much money that it was all worth it. Well IMHO, 32MB would have been enough with a BOM cost difference so small that I presume *any* customer would have happily paid for with whatever premium surcharge MIkrotik...
by jaclaz
Fri Feb 07, 2025 11:16 am
Forum: General
Topic: OOB routing under RouterOS 7
Replies: 1
Views: 82

Re: OOB routing under RouterOS 7

If the "matching condition" for the mark/routing table is in-interface and/or src-address, maybe using a routing rule instead of mangle is simpler?

https://help.mikrotik.com/docs/spaces/R ... cy+Routing
by jaclaz
Fri Feb 07, 2025 1:39 am
Forum: General
Topic: Scheduler Logging
Replies: 3
Views: 183

Re: Scheduler Logging

My personal, not necessarily good, approach Is to add to a script all policies. Then, IF the script runs, start removing them one by one until It fails to run. Then re-add last removed policy and test removing next one ...
by jaclaz
Thu Feb 06, 2025 11:25 pm
Forum: Beginner Basics
Topic: How to offer DHCP only on WIFI but not on ether
Replies: 9
Views: 349

Re: How to offer DHCP only on WIFI but not on ether

You could maybe get away with proxy-arp and separate interfaces/bridges, something similar to:
https://gregsowell.com/?p=5236
viewtopic.php?t=191652
but YMMGV.
by jaclaz
Thu Feb 06, 2025 11:05 pm
Forum: General
Topic: Restore from RSC
Replies: 12
Views: 483

Re: Restore from RSC

Said another way, pasting a full RSC should be done to a device with no config set up. Even partial RSC, the risk of duplication of items Is always there. Simple math: Empty+full=full :D Empty+partial=partial :) then: Partial+full= Full+partial= Full+full= partial+partial= A POSSIBLE MESS :shock:
by jaclaz
Thu Feb 06, 2025 10:52 pm
Forum: General
Topic: Upgrading from V6 to V7...
Replies: 7
Views: 299

Re: Upgrading from V6 to V7...

Everyone has his/her own requisites and approaches, but if you remained for so long on an old version, not even latest 6.x version, It should mean that there is not that much need to update to 7.x. The fact Is that 7.x needs more resources than 6.x, or if you prefer It Is usually slower on limited r...
by jaclaz
Thu Feb 06, 2025 8:18 pm
Forum: General
Topic: Upgrading from V6 to V7...
Replies: 7
Views: 299

Re: Upgrading from V6 to V7...

Well, you cannot anyway go straight to recent v7 releases.. You need to go through 7.12.1. https://help.mikrotik.com/docs/spaces/ROS/pages/115736772/Upgrading+to+v7 But BEFORE anything else, check the devices you are using, if there are any with 16 Mb storage, MAKE SURE that you have enough space fo...
by jaclaz
Thu Feb 06, 2025 6:08 pm
Forum: General
Topic: Very slow upload speed - Please help! [SOLVED]
Replies: 7
Views: 378

Re: Very slow upload speed - Please help! [SOLVED]

This app has a mode called "Prioritization Engine" or something similar. This must've been working ok at the beginning but at some point it must've fucked up, because as soon as I turned it off (per the post instructions) it worked like a charm! Likely you have to thank Windows Update for...
by jaclaz
Thu Feb 06, 2025 6:00 pm
Forum: General
Topic: Restore from RSC
Replies: 12
Views: 483

Re: Restore from RSC

A possible approach :-? in twelve (easy? :?: ) steps: 1. reset a router 2. run default configuration AND DO NOT modify anything 3. export the configuration as .rsc file 4. export the configuration of an identical, already configured, router 5. open a new spreadsheet (excel, libreoffice calc or simil...
by jaclaz
Thu Feb 06, 2025 5:39 pm
Forum: Beginner Basics
Topic: Low Speed Problem
Replies: 4
Views: 304

Re: Absolutely atrocious speeds

Your setup seens almost, but not quite, completely unlike the one specifically recommended for the 2011, here: https://help.mikrotik.com/docs/spaces/ROS/pages/103841826/Basic+VLAN+switching in the part titled: Other devices with a built-in switch chip Maybe you should start from that example (and/or...
by jaclaz
Thu Feb 06, 2025 3:43 pm
Forum: General
Topic: Hotspot DNS Name Error
Replies: 2
Views: 162

Re: Hotspot DNS Name Error

Hard to say anything without knowing your settings. semi-random questions: Could it be the browser or the OS? Could it be a https vs. http problem? Could it be www. prefix missing or included in DNS name? Could it be that two different DNS servers are queried when logged in vs. logged out? If you wa...
by jaclaz
Thu Feb 06, 2025 12:14 pm
Forum: Beginner Basics
Topic: Low Speed Problem
Replies: 4
Views: 304

Re: Absolutely atrocious speeds

The RB2011 has also a particular internal setup: https://cdn.mikrotik.com/web-assets/product_files/Block-RB2011UAS-2HnD_130546.pdf with two separate bridge chips, one for the Gb ports and one for the 10/100 ones, mixing them in a single bridge may be part of the issue, it is usually advised to bridg...
by jaclaz
Thu Feb 06, 2025 11:45 am
Forum: Beginner Basics
Topic: Configuring a RB201 1UiAS-2HnD-IN
Replies: 4
Views: 317

Re: Configuring a RB201 1UiAS-2HnD-IN

To explain, there are two "sets of drivers", which one to use depends on the specific device model/processor, some devices only have the old drivers, some can use both, new devices only have the new one. To make things simple the good Mikrotik guys managed to call the menues for them in di...
by jaclaz
Thu Feb 06, 2025 11:03 am
Forum: General
Topic: Restore corrupted Routerboard with damaged Eth1
Replies: 10
Views: 3120

Re: Restore corrupted Routerboard with damaged Eth1

In such situations when I want physically "block" port I put an unclamped RJ45 connector into it :) You like wasting resources, don't you? :shock: Being cheap , I used already clamped connectors cut out from defective cables. :wink: :lol: BUT, while buying something on aliexpress I needed...
by jaclaz
Thu Feb 06, 2025 2:02 am
Forum: Beginner Basics
Topic: Replace ISP WAN connection with other router
Replies: 7
Views: 330

Re: Replace ISP WAN connection with other router

Yep, once It Is taken out of the bridge, what happens in ether3 stays in ether3 :wink: .
by jaclaz
Thu Feb 06, 2025 1:25 am
Forum: General
Topic: Very slow upload speed - Please help! [SOLVED]
Replies: 7
Views: 378

Re: Very slow upload speed - Please help! [SOLVED]

Generally speaking, in a simple configuration like yours, a (wrong) mangle rule is the only thing that may slow down something, other issues in configuration tend to be on/off, packets either go/through or they don't, interface Is either natted or It Is not, routes are either active or they are not....
by jaclaz
Thu Feb 06, 2025 1:06 am
Forum: General
Topic: Restore corrupted Routerboard with damaged Eth1
Replies: 10
Views: 3120

Re: Restore corrupted Routerboard with damaged Eth1

Yep, sure. The original issue in this thread Is about having to recover a corrupted device. The only way out in these cases, if a reset is not enough, Is to netinstall, that is only possible on the only etherboot port, i.e. ether1. If that specific port doesn't work it is game over (unless directly ...
by jaclaz
Thu Feb 06, 2025 12:34 am
Forum: Beginner Basics
Topic: Replace ISP WAN connection with other router
Replies: 7
Views: 330

Re: Replace ISP WAN connection with other router

You made a new interface list, called it WAN2 and added to it ether3. This only adds an entry to a new list (that you don't want and don't need). You only want the (default) LAN and WAN lists as they are referenced to in other parts of the configuration (firewall) and without changes this may preven...
by jaclaz
Wed Feb 05, 2025 10:58 pm
Forum: General
Topic: Very slow upload speed - Please help! [SOLVED]
Replies: 7
Views: 378

Re: Very slow upload speed - Please help! [SOLVED]

Which mangle rules?
I mean, the two that are both disabled=yes? :shock:
:lol:
by jaclaz
Wed Feb 05, 2025 10:51 pm
Forum: RouterBOARD hardware
Topic: hap ax2 PoE-port suddenly limited to 100Mbps
Replies: 15
Views: 611

Re: hap ax2 PoE-port suddenly limited to 100Mbps

I guess that part of PoE-in, there are capacitors on each line between PoE-in power "ejector" and ethernet transformers. And broken capacitor (not shorted but burned) would effectively isolate that particular line. Or maybe a diode, to make PoE in one way only :? . The problem should howe...
by jaclaz
Wed Feb 05, 2025 8:58 pm
Forum: RouterBOARD hardware
Topic: hap ax2 PoE-port suddenly limited to 100Mbps
Replies: 15
Views: 611

Re: hap ax2 PoE-port suddenly limited to 100Mbps

Thanks for the hint, now we are getting somewhere. Yes, but unfortunately not where we wanted to go. :( It is not particularly clear how the pairs are called/to which pin they correspond, I have to assume that: 1st pair=1,2 2nd pair=3,6 3rd pair: 4,5 4th pair: 7,8 mkx's theory, that makes a lot of ...
by jaclaz
Wed Feb 05, 2025 8:12 pm
Forum: RouterBOARD hardware
Topic: hap ax2 PoE-port suddenly limited to 100Mbps
Replies: 15
Views: 611

Re: hap ax2 PoE-port suddenly limited to 100Mbps

And what happens connecting to that port a (say) 2 m cable with nothing connected at the other end?

Then, if you "force" 1 Gb on that port, you should have no link :?: even with the other device connected, what does the cable test pairs show then?
by jaclaz
Wed Feb 05, 2025 4:54 pm
Forum: Beginner Basics
Topic: Powering cAP ax trough PoE [SOLVED]
Replies: 5
Views: 293

Re: Powering cAP ax trough PoE [SOLVED]

Yep, that is exactly the kind of mess I was talking about, the specs: PoE in 802.3af/at PoE in input Voltage 18-57 V say first 802.3af/at, but anything below 37 or 44V is not 802.3af/at, and the 18-57 V below means that it can also use the "old" 24V PoE. The drawback (unlikely in your case...
by jaclaz
Wed Feb 05, 2025 4:24 pm
Forum: Beginner Basics
Topic: Powering cAP ax trough PoE [SOLVED]
Replies: 5
Views: 293

Re: Powering cAP ax trough PoE [SOLVED]

Dont' worry. :) The cap Ax itself uses 11W: Max power consumption without attachments 11 W that is the absolute max, in real world you will see more like 6-7 W. But you can daisy chain to it another device (i.e. using the PoE out of the cap Ax), this device can be roughly another 20 W, and this make...
by jaclaz
Wed Feb 05, 2025 3:37 pm
Forum: General
Topic: temperature produced CCR 2216
Replies: 4
Views: 291

Re: temperature produced CCR 2216

1 Watt = 1 Joule / second = 3.41 BTU / hour i.e. energy per unit time. Can we say, 1 BTU per hour per cubic feet = 10 ° F increase in temperature per hour? Yep, it's a very approximate the rule of thumb, the 1 to 1.5 is a range that depends on the characteristics of the "envelope", often ...
by jaclaz
Wed Feb 05, 2025 1:16 am
Forum: General
Topic: temperature produced CCR 2216
Replies: 4
Views: 291

Re: temperature produced CCR 2216

Usually the max power stated by Mikrotik (without attachments) is more than twice the actual average one, if a device like a PC, a router or a switch runs at 100% all the time it means that it is the wrong device (too underpowered). A 4 feet by 4 feet (and I presume 10 feet of height) is 160 cubic f...
by jaclaz
Tue Feb 04, 2025 11:44 pm
Forum: RouterBOARD hardware
Topic: Mikrotik switch SFP+ port issue on COLD restart
Replies: 20
Views: 15812

Re: Mikrotik switch SFP+ port issue on COLD restart

Essentially, set aside the accidental blackouts, you are saying that if you remove power from those switches and re-apply it, on only one of them the SFP doesn't get connection correctly. The need to power off again that switch, and keep It off for some ten minutes could be due to two different issu...
by jaclaz
Tue Feb 04, 2025 5:08 pm
Forum: Beginner Basics
Topic: Configuring a RB201 1UiAS-2HnD-IN
Replies: 4
Views: 317

Re: Configuring a RB201 1UiAS-2HnD-IN

You have one excess space (you were tricked by the font used on the device), it is a RB2011: https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-specifications Configuring it needs some minimal knowledge of RouterOS. That particular device has besides the SFP, 5 Gigabit/1000 ports and 5 100mbit on...
by jaclaz
Tue Feb 04, 2025 3:14 pm
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 890

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

I see this whole stuff more as "damned if I do it, damned if I don't". In my understanding: 1. auto-mac=yes <- can cause issues when adding other interfaces to bridge and probably in a number of other "advanced" setups 2. auto-mac-no AND MAC duplicated from first ether port on th...
by jaclaz
Tue Feb 04, 2025 3:02 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax what Antenna Ports?
Replies: 11
Views: 2918

Re: Chateau LTE18 ax what Antenna Ports?

So it would be a bad thing to plop an antenna like this on my roof, attach it to ANT2 and call it a day? https://www.pctel.com/antenna-product/wlq-4g-directional-cellular-antenna-2g-3g-4g-5g-nb-iot-m2m-smart-city-smart-metering-sma/ Because the receiver hardware expects a certain signal from the bu...
by jaclaz
Tue Feb 04, 2025 2:57 pm
Forum: General
Topic: ATL suddenly says "sim not present"
Replies: 19
Views: 927

Re: ATL suddenly says "sim not present"

The "generic/theoretical" issue (by - stupid BTW - design) is that the nano is slightly less thick than the micro, 0.67 instead of 0.76 mm. The multi mini/micro/nano SIMs may be either thickness, I believe (even if they shouldn't) A socket "properly" made should not have these is...
by jaclaz
Tue Feb 04, 2025 2:15 am
Forum: General
Topic: Send Log by Email
Replies: 1
Views: 192

Re: Send Log by Email

You can save the log to file:
/log print file=myfile

You can narrow with something like:
/log print where topics=<topics> && message=<message> file=myfile
by jaclaz
Mon Feb 03, 2025 7:59 pm
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 890

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

@Josephny I didn't mean anything, I only repeated what EdPA wrote here: https://forum.mikrotik.com/viewtopic.php?t=190747#p966670 This is the reason why we recommend setting bridge MAC manually, and all default configurations with bridge involved come out with the "admin-mac" set. It means...
by jaclaz
Mon Feb 03, 2025 7:10 pm
Forum: Beginner Basics
Topic: Switch reset to factory
Replies: 5
Views: 411

Re: Switch reset to factory

Could it be protected routerboot set?
viewtopic.php?t=187742
by jaclaz
Mon Feb 03, 2025 7:01 pm
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 890

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

Is it really that bad to just allow the device to pick/assign it's own mac address? Yet another thing to setup and remember is another thing to go wrong. Of course it isn't, until it becomes so and bites you. Resistentialism is a thing when dealing with Mikrotik: https://en.wikipedia.org/wiki/Resis...
by jaclaz
Mon Feb 03, 2025 5:39 pm
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 890

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

Would you mind explaining what this rule means? Or point me to a thread that explains is. https://forum.mikrotik.com/viewtopic.php?t=214219 https://forum.mikrotik.com/viewtopic.php?t=209850 https://forum.mikrotik.com/viewtopic.php?t=190747 The only possible issue of carving the MAC in stone is that...
by jaclaz
Mon Feb 03, 2025 5:32 pm
Forum: General
Topic: ATL suddenly says "sim not present"
Replies: 19
Views: 927

Re: ATL suddenly says "sim not present"

Do you remember if it was a "proper sized" SIM or a smaller one with an adapter? There are reports (not only on Mikrotik hardware) of issues with the latter, see: https://forum.mikrotik.com/viewtopic.php?t=211182&hilit=sim#p1099231 https://forum.mikrotik.com/viewtopic.php?t=211182&...
by jaclaz
Mon Feb 03, 2025 5:06 pm
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 890

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

... and it is not so casually Rule #4 of the (unofficial) Mikrotik Club Rules: Rules of the Mikrotik Club: You do not use VLAN1 You DO NOT use VLAN1 You remove default user admin and set a strong password before connecting to the internet. You do not use Quickset. You do not use detect internet. You...
by jaclaz
Mon Feb 03, 2025 4:30 pm
Forum: General
Topic: parsing the log for out:(unknown 0) is a disaster
Replies: 3
Views: 334

Re: parsing the log for out:(unknown 0) is a disaster

Feb 3 11:42:56 mikrotik1 v4_drop_4r437_fwdlast forward : in:ether1_gw out:bridge1, connection-state:new,dnat src-mac 20:83:f8:a2:74:f2, proto UDP, 204.76.203.80:2842->192.168.241.190:123, NAT 204.76.203.80:2842->(x.y.z.a:123->192.168.241.190:123), len 36 Feb 3 11:43:03 mikrotik1 v4_drop_4r409_in_TC...
by jaclaz
Mon Feb 03, 2025 4:22 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax what Antenna Ports?
Replies: 11
Views: 2918

Re: Chateau LTE18 ax what Antenna Ports?

No, they are different.
JFYI, on this forum:
https://confusedbird.com/thread-280.html
there is a link to a google drive with some photos of the internals of the LTE18:
https://drive.google.com/drive/folders/ ... drive_link
by jaclaz
Mon Feb 03, 2025 4:07 pm
Forum: Beginner Basics
Topic: Cannot change boot mode to SwOS
Replies: 4
Views: 404

Re: Cannot change boot mode to SwOS

Are you sure that when booted in SwOS you actually can use CLI to issue the command system/device-mode/update routerboard=no?
AFAIK SwOS is GUI only, maybe there is a checkbox somewhere for that.
by jaclaz
Mon Feb 03, 2025 4:00 pm
Forum: RouterBOARD hardware
Topic: CCR2004-16G-2S+PC ports "flapping" on v7.15.3
Replies: 5
Views: 2428

Re: CCR2004-16G-2S+PC ports "flapping" on v7.15.3

Maybe it is just a coincidence, and unrelated to temperature. The -6.6° C are the outside environment or the inside of your enclosures? Which kind of enclosures? If it is sealed, how is the heat dissipated? Which other devices are inside the same enclosure? The CCR2004 is a 35W device, it is hard to...
by jaclaz
Mon Feb 03, 2025 3:35 pm
Forum: RouterBOARD hardware
Topic: hEX refresh (E50UG) - router for gigabit internet?
Replies: 34
Views: 8340

Re: hEX refresh (E50UG) - router for gigabit internet?

You posted (by mistake) twice the same speedtest.
by jaclaz
Mon Feb 03, 2025 3:31 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax what Antenna Ports?
Replies: 11
Views: 2918

Re: Chateau LTE18 ax what Antenna Ports?

I am not understanding. :? The photo you posted is of another device, RBD53G-5HacD2HnD is the Chateau LTE12 , the LTE18 AX should be S53UG+5HaxD2HaxD. The image, coming from this site: https://mikrotikon.pl/mikrotik-chateau-pierwsze-urzadzenie-z-lte12-i-routeros-v7/ is even called MikroTik-Caterau- ...
by jaclaz
Mon Feb 03, 2025 2:54 pm
Forum: General
Topic: Filesystem forensic image
Replies: 26
Views: 2572

Re: Filesystem forensic image

I don't know, but the math sounds similar to the way some of the enterprise SSD's or HD's drives are made (many of these are formatted with 520 or 528 bytes instead of the usual 512). The actual "cell" (or sector group) size on the device should be anyway 4096 bytes or a multiple, and thes...
by jaclaz
Mon Feb 03, 2025 1:47 am
Forum: General
Topic: Filesystem forensic image
Replies: 26
Views: 2572

Re: Filesystem forensic image

So, there are two "layers".
1024+16=1040
63*1040=65520
65520+16=65536
Interesting.
It would make sense to have these extra 16 bytes at the end of a group of "sectors" to "get even" to a multiple of 1024, 64*1024=65536.
by jaclaz
Sun Feb 02, 2025 9:02 pm
Forum: General
Topic: Decision on Network Setup
Replies: 3
Views: 336

Re: Decision on Network Setup

If the 1 Gb is on the horizon but not too near I would go for the hex refresh, you will find other ways to re-use it or however it will likely be easy to resell. If nothing more than 1 Gb is expected maybe you could consider an Ax3 as "main router" (whether you use or not its wi-fi as one ...
by jaclaz
Sun Feb 02, 2025 6:18 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 805

Re: hAP Lite, recoverable??

I don't think that there will be issues (but you never know). Of the two the reset might be (in theory) more prone to failure if a blackout occurs while doing it (because of possible write errors on the flash chip). The netinstall essentially is telling the Ros bootloader to boot from an external se...
by jaclaz
Sun Feb 02, 2025 6:03 pm
Forum: General
Topic: 2gws, slowly internet [SOLVED]
Replies: 7
Views: 656

Re: 2gws, slowly internet [SOLVED]

Reality check: https://mikrotik.com/product/RB3011UiAS-RM#fndtn-testresults Routing 25 Filter rules 107.6 1306.7 110.5 452.6 I think it is simply time to get a faster router, capable of managing 1 Gb internet, even if you get your 3011 work as best as it can, it won't probably go over 500 Mb. And ye...
by jaclaz
Sun Feb 02, 2025 5:48 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 805

Re: hAP Lite, recoverable??

IS there a way to place netinstall files on USB drive (FAT I assume), plug into hAP AC Lite and then set it to default install from there (I have no communication to issue any commands as yet).
No.
by jaclaz
Sun Feb 02, 2025 5:41 pm
Forum: General
Topic: 1.3km Possible?
Replies: 49
Views: 2045

Re: 1.3km Possible?

The idea of a 100m (300') roll fo black pipe is very nice indeed. I assume some type of rigid snake would be use to feed a pull wire through? They use AFAIK a "normal" (of course long/stiff) glass fibre cable puller directly, *like* (example): https://www.batna24.com/en/p/extralink-pilot-...
by jaclaz
Sun Feb 02, 2025 5:22 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 805

Re: hAP Lite, recoverable??

The default configuration for these devices is essentially: 1) ether1 out of the bridge and classified as WAN, with a dhcp client running on it 2) ether2-4 (or 2-5) and wlan into the bridge and classified as LAN 3) mac winbox allowed on LAN 4) firewall rule preventing access from anything different ...
by jaclaz
Sun Feb 02, 2025 5:02 pm
Forum: RouterBOARD hardware
Topic: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)
Replies: 12
Views: 6643

Re: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)

@tdw Yes, that sounds like the only possible explanation As mentioned in the other thread the RBFTC11 comes with the RBGPOE: https://mikrotik.com/product/RBGPOE which is declared as mode B (4,5+ and 7,8-). A crossover cable would not cross 4,5 and 7,8, only 1,2 and 3,6 so it can convert only from &q...
by jaclaz
Sun Feb 02, 2025 4:19 pm
Forum: General
Topic: 1.3km Possible?
Replies: 49
Views: 2045

Re: 1.3km Possible?

I actually have large and small equipment to dig trenches (and move dirt) and have been wondering about playing with some fiber. I don't have experience with terminating it, and I have no idea if fiber can be put direclty in soil, and if there is an issue with freezing (and the resulting heaving) o...
by jaclaz
Sun Feb 02, 2025 1:07 pm
Forum: RouterBOARD hardware
Topic: Replacing a flash drive - problem with the Software-ID
Replies: 19
Views: 1374

Re: Replacing a flash drive - problem with the Software-ID

Yep, the most likely cause is that the new chip has something different from the original one, only a guess, but if the original one has a "unique ID", at every boot this ID is the same and the license sticks, while IF the new chip has not such unique ID, a new one is somehow generated at ...
by jaclaz
Sun Feb 02, 2025 12:28 pm
Forum: General
Topic: PoE status on boot
Replies: 12
Views: 1497

Re: PoE status on boot

Rethinking about it, it would make more sense to use a toggle/latch relay. The mechanical ones are not suitable because they remember the last state they were on when power goes out (battery broken or exhausted), but I believe that electronic ones that default to either on or off at boot do exist. E...
by jaclaz
Sun Feb 02, 2025 2:13 am
Forum: RouterBOARD hardware
Topic: Replacing a flash drive - problem with the Software-ID
Replies: 19
Views: 1374

Re: Replacing a flash drive - problem with the Software-ID

Possibly of interest:
viewtopic.php?t=174182
The chip seems like having a unique ID, so no way to replace one without re-generating the soft ID or licence.
by jaclaz
Sat Feb 01, 2025 9:19 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 805

Re: hAP Lite, recoverable??

The hap lite has only 4 ports :? : https://mikrotik.com/product/RB941-2nD So, maybe it is a hap ac lite? https://mikrotik.com/product/RB952Ui-5ac2nD Not that it changes much. The Err:Connection refused is normally the firewall not allowing MAC Winbox connection from the port. I saw hAP saying it had...
by jaclaz
Sat Feb 01, 2025 7:01 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 805

Re: hAP Lite, recoverable??

Try simplifying things first. Disconnect the old hap lite from your network. Connect to it (try ports 2-4) directly connected to your computer, disable the wifi on your computer . Still same MAC connection error? Try with a dumb switch between the hap lite and your computer. Your old router will be ...
by jaclaz
Sat Feb 01, 2025 2:17 pm
Forum: General
Topic: Filesystem forensic image
Replies: 26
Views: 2572

Re: Filesystem forensic image

No idea, but from what you posted it seems that in one case, just after reading at 0x57a1e4: squashfs: read_bytes: reading from position 0x57a1e4, bytes 8 it "skips" to : squashfs: read_bytes: reading from position 0xffffffffffffffff, bytes 2 so the issue is probably in the 8 bytes @0x57a1...
by jaclaz
Sat Feb 01, 2025 12:29 pm
Forum: General
Topic: RB5009+ 2x hAP ax2 as access Point
Replies: 16
Views: 1132

Re: RB5009+ 2x hAP ax2 as access Point

Well, that is definitely "too much" power, not that it will make any problem, but a 2.75 A / 90 W power supply will run mostly at 22/90=24.5% which is outside the usual optimization range for efficiency (in other words you will consume slightly more electricity than needed). How much more ...
by jaclaz
Sat Feb 01, 2025 2:12 am
Forum: General
Topic: RB5009+ 2x hAP ax2 as access Point
Replies: 16
Views: 1132

Re: RB5009+ 2x hAP ax2 as access Point

Sure :) , I don't think that you are running with 100% CPU on the three devices, of course It should be measured in total, but I would not be surprised if your real power needs are around 50-60% of the max specced. So 20-24W, below the 28.8W of the Power supply. From your screenshot, the two ax2's u...
by jaclaz
Fri Jan 31, 2025 9:17 pm
Forum: General
Topic: PoE from hEX PoE lite
Replies: 9
Views: 723

Re: PoE from hEX PoE lite

Valid remark. But maybe not really that much of a problem with mipsbe version of wap ac ? You can't use wave2 drivers. Wouldn't the 5 GHz radios be capable of saturating the 100 Mbit cable connection? :? In any case the injector should be RBGPOE, so that the devices can be updated. It would also be...
by jaclaz
Fri Jan 31, 2025 7:44 pm
Forum: General
Topic: RB5009+ 2x hAP ax2 as access Point
Replies: 16
Views: 1132

Re: RB5009+ 2x hAP ax2 as access Point

@JhnMtrx
The ax2 power supply is 24V 1.2 A, so 28.8 W.

RB5009UPr+S+IN 16 W
Ax2 12 W
Ax2 12 W
that makes a round 40W.

Even if devices in reality use much less power than specs, it doesn't sound like a safe setup.
you want a 24V 2A power supply. or at least a 24V 1.5A one.
by jaclaz
Fri Jan 31, 2025 7:24 pm
Forum: General
Topic: PoE from hEX PoE lite
Replies: 9
Views: 723

Re: PoE from hEX PoE lite

Values need to be corrected, but final result doesn't change. The wAP ac : https://mikrotik.com/product/RBwAPG-5HacT2HnD has 12W max power. They will work just fine with passive poE at 24V (the device accepts range 11-57V , Mikrotik devices do work with passive PoE, when their specs indicate 802.3af...
by jaclaz
Fri Jan 31, 2025 2:55 am
Forum: General
Topic: PoE from hEX PoE lite
Replies: 9
Views: 723

Re: PoE from hEX PoE lite

Define the exact models you intend to use, hAP or wAP? The hex poe lite can output up to 1 A per Port ( but max 2 A on all four PoE out ports), so you can have as much as 24W per device using 24V Power adapter. The hAP Is 5 W. The wAP Is (was) 4 W. The hex poe lite itself Is 3 W. So you have plenty ...
by jaclaz
Thu Jan 30, 2025 1:47 am
Forum: Beginner Basics
Topic: POE INJECTION
Replies: 10
Views: 857

Re: POE INJECTION

So, all in all we can have a power supply ( or a splitter/converter) that does not actually deliver the current on the label but that can power a device just fine because the device actually needs less than expected. Yes, we are saying the same things, numbers in these matters are in the best cases ...
by jaclaz
Thu Jan 30, 2025 12:05 am
Forum: Beginner Basics
Topic: POE INJECTION
Replies: 10
Views: 857

Re: POE INJECTION

Yep, but in this particular case it could be that a correcting opposite factor exists. TP-Link doesn't state the actual power consumption for this EX230V things, it says that it ships with a power supply 12V 1.5A. If you check (say) the Mikrotik hex lite, It has a stated power consumption of 2W, the...
by jaclaz
Wed Jan 29, 2025 8:57 pm
Forum: Wireless Networking
Topic: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)
Replies: 13
Views: 2535

Re: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)

Only as a side note, anav's suggestion (if you really can use some existing coaxial cables) is for MOCA adapters (search for MOCA 2.5), there is a new, faster 3.0 standard, but seemingly not (yet) consumer level devices available, avoid MOCA 2.0 devices: https://en.wikipedia.org/wiki/Multimedia_over...
by jaclaz
Wed Jan 29, 2025 8:06 pm
Forum: Beginner Basics
Topic: POE INJECTION
Replies: 10
Views: 857

Re: POE INJECTION

JFYl, there are el-cheapo splitters around with 802.3af/at that include a step down converter, the voltage on the ethernet cable is the 38-57 V, that is split and then converted down to 12V. They are common to power non-Poe devices, typically security cameras. So the more common ones are 12 V 1 or 1...
by jaclaz
Wed Jan 29, 2025 11:25 am
Forum: General
Topic: PoE status on boot
Replies: 12
Views: 1497

Re: PoE status on boot

I wouldn't count too much on Mikrotik changing the behaviour of the boot sequence. You can probably get around with a more sophisticated circuit, or, simpler, use a "time delay" relay. I have seen el-cheapo ones (low power, but you don't need that much current) on sale on Aliexpress for a ...
by jaclaz
Wed Jan 29, 2025 12:51 am
Forum: Scripting
Topic: Is there a Script equivalent of "GoTo"?
Replies: 16
Views: 978

Re: Is there a Script equivalent of "GoTo"?

Don't misunderstand me, functions are fine, but GOTO's while ugly are not the root of all evil as many people seem to like to say on the internet.
by jaclaz
Wed Jan 29, 2025 12:22 am
Forum: Scripting
Topic: Is there a Script equivalent of "GoTo"?
Replies: 16
Views: 978

Re: Is there a Script equivalent of "GoTo"?

Yep, but we are talking of RouterOS scripting, not of the next-generation, real-time, object-oriented, mega-fanta-para-efficient language.
by jaclaz
Tue Jan 28, 2025 11:51 pm
Forum: Beginner Basics
Topic: Management access to PtP link
Replies: 9
Views: 1007

Re: Management access to PtP link

Only as a side note, you seem like attempting to access that hap lite via IP (possibly using your browser to access its web interface aka webfig). If you are not using It, now It Is the right moment to start using Winbox. The old 3.x version Is Windows only ( but can run in Linux under wine), the ne...
by jaclaz
Tue Jan 28, 2025 11:13 pm
Forum: Scripting
Topic: Is there a Script equivalent of "GoTo"?
Replies: 16
Views: 978

Re: Is there a Script equivalent of "GoTo"?

GoTo is obsolete way of taking parts of code for reusability or skipping parts of commands for execution, inherited from assembly jump ( jmp ) instruction, much less readable and most modern languages doesn't have support for it because it is just not needed on higher level of coding. Now I know wh...
by jaclaz
Tue Jan 28, 2025 12:51 am
Forum: General
Topic: What to buy
Replies: 31
Views: 1562

Re: What to buy

My brain farted im sorry, can we speak in terms of noob level? *_* You want a plumber comparison? :?: Imagine that in your house there are 9 bathrooms :shock: , a kitchen, an outdoor tap in the garden and one in the garage. That makes roughly 30 taps, each 1/2". If you want to have all of them...
by jaclaz
Mon Jan 27, 2025 2:58 pm
Forum: General
Topic: PoE status on boot
Replies: 12
Views: 1497

Re: PoE status on boot

So you are using the NC contacts of the relay on the (connected to mains) power supply to power the mAP. Then, when you set the device on "forced on", you open the contact and power to the mAP comes from the battery (in parallel or enabled from the NO contact?). When the voltage becomes to...
by jaclaz
Mon Jan 27, 2025 2:39 pm
Forum: General
Topic: What to buy
Replies: 31
Views: 1562

Re: What to buy

The "key" is IMHO your ISP connection speed more than anything else. If it is below 1 Gb speed, you can get a hex refresh (or even a hap ax lite) as a first device on the cheap (with 5 or 4 ports) around 60$. If it is 1 Gb the "right" device is the hap Ax3 (5 ports) 140$. If it i...
by jaclaz
Mon Jan 27, 2025 12:35 pm
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 1404

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

... and I think I have Rule #7: Rules of the Mikrotik Club: You do not use VLAN1 You DO NOT use VLAN1 You remove default user admin and set a strong password before connecting to the internet. You do not use Quickset. You do not use detect internet. You keep routerboard firmware upgraded to the same...
by jaclaz
Mon Jan 27, 2025 11:42 am
Forum: General
Topic: Hotspot Problem
Replies: 1
Views: 401

Re: Hotspot Problem

And what is the output of:
/ip hotspot print
Compare with the one in the Wiki:
https://wiki.mikrotik.com/Manual:IP/Hot ... Spot_Setup
by jaclaz
Mon Jan 27, 2025 10:23 am
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 6
Views: 1204

Re: RTFC11: how to power with PoE 802.11at/af?

Only to keep things as together as possible:
viewtopic.php?t=194596

It seems like "cross" translated from Mikrotikish means crossover (maybe).
by jaclaz
Mon Jan 27, 2025 10:20 am
Forum: RouterBOARD hardware
Topic: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)
Replies: 12
Views: 6643

Re: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)

Yes, it remains not clear at all.
Only to keep things as much together as possible:
viewtopic.php?t=214021
by jaclaz
Mon Jan 27, 2025 12:14 am
Forum: RouterBOARD hardware
Topic: Rackmounting the L009UiGS-2HaxD-IN backwards?
Replies: 3
Views: 1063

Re: Rackmounting the L009UiGS-2HaxD-IN backwards?

3. get a perforated tray and put the L009 on it, this way you can move It back and front as much as you like, and if needed fix It with ties or similar or screws, example:
https://www.thomann.de/it/flyht_pro_rac ... _mount.htm
by jaclaz
Sun Jan 26, 2025 11:07 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1805

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

Oh, that is the frame of the picture on the wall. Cable is white and running along door frame ;)
Then, mission accomplished :) .
by jaclaz
Sun Jan 26, 2025 10:57 pm
Forum: Scripting
Topic: local variable ssid scan
Replies: 2
Views: 383

Re: local variable ssid scan

A rule of the thumb (not necessarily applying in this particular case) Is to never use as variable names that are used by the OS .
Try using "myssid" instead, as "ssid" may be "reserved".
by jaclaz
Sun Jan 26, 2025 10:43 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1805

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

I think it depends on the exact model/version/release :shock: of wife, I don't believe most would consider a black cable on a whitish wall as "hiding", let alone "nicely". :lol:
by jaclaz
Sun Jan 26, 2025 9:13 pm
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 1404

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

@xaviernuma From what you report - it seems like the RouterOS is "inventing" random MACs (as opposed to randomly "inheriting" those of connected devices). It is a different kind of random. But - as mkx noticed - they could be locally generated from "base" real MACs. I a...
by jaclaz
Sun Jan 26, 2025 8:49 pm
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 1404

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

Even with just two, 8631, EEB5, CA8E, 468F are nowhere to be found in this list:
https://gist.github.com/aallan/b4bb86db ... 10ae9bd3e4
by jaclaz
Sun Jan 26, 2025 8:38 pm
Forum: Beginner Basics
Topic: Adding USB 2,5Gbe ethernet adapter to RB5009UG
Replies: 13
Views: 3850

Re: Adding USB 2,5Gbe ethernet adapter to RB5009UG

7.16 recently added support for RTL8156, but for now only for x86.
are you sure for this ? in changelog no mention to this limitation
viewtopic.php?p=1098839&hilit=RTL8156
*) x86 - added RTL8156 driver support;
by jaclaz
Sun Jan 26, 2025 8:29 pm
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 1404

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

But do you have the bridge(s) with auto-mac=yes? I am asking as the usual recommendation is to have manually set admin-mac=xx:xx:xx:xx:xx:xx and auto-mac=no even in v6.x though maybe it is unrelated, that was because MAC could change on reboots or when adding/removing/disabling/enabling interfaces. ...
by jaclaz
Sun Jan 26, 2025 7:48 pm
Forum: General
Topic: CCR2004-1G-12S+2XS slow upload
Replies: 5
Views: 1748

Re: CCR2004-1G-12S+2XS slow upload

I have similar problems, I have a 980/110 connection where I actually get 540/110, ... It doesn't seem similar (to me),. the previous posts were about saturating in upload a 10 Gb links and not reaching 25 Gb, you are having a slow download and a CCR2004 should reach 1 Gb easily both in upload and ...
by jaclaz
Sun Jan 26, 2025 4:09 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 309
Views: 515378

Re: Using RouterOS to VLAN your network

Well, nothing prevents you from accepting the default configuration and later remove/delete it manually.
But it is strange that Winbox doesn't see the router, you should try with another PC and on all other ethernet ports (except ether1)
by jaclaz
Sun Jan 26, 2025 4:03 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1805

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

Yep, besides there are two kinds of "flat" cables, let's call them "semi-flat" and "super-flat". The "semi-flat" have anyway twisted pairs, but the "super-flat" may lack the twisting of pairs (hopefully only very short patch cables are made with this...
by jaclaz
Sun Jan 26, 2025 2:49 pm
Forum: Beginner Basics
Topic: hAP ax3 with issues after reset
Replies: 11
Views: 3756

Re: hAP ax3 with issues after reset

Could anyone explane, what i'm doing wrong? Probably nothing really "wrong", it is entirely possible that you have in your config a firewall rule or something else preventing you from connecting. Make sure that you are trying to connect with the cable in ether 2-5 (NOT ether1). Then your ...
by jaclaz
Sun Jan 26, 2025 3:48 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 309
Views: 515378

Re: Using RouterOS to VLAN your network

... but that doesn't allow me to connect via winbox to then import the script. I'm sure I'm doing something lame since no one else seems to have encounter this issue. Maybe you are just using the "wrong" method? Winbox can connect to IP (that don't exist after a reset) or to MAC (that doe...
by jaclaz
Sun Jan 26, 2025 2:36 am
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1805

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

Even if not damaged "flat", "cat6a" and "30 meters" rarely can work at 10 Gb, personally I wouldn't use the 28 AWG ones for more than 15-20 meters, maybe the 26 AWG for 30 m, but 23 or 24 are the "normal" ones, good for 100 m. If I recall correctly good manufa...
by jaclaz
Sat Jan 25, 2025 8:06 pm
Forum: Wireless Networking
Topic: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)
Replies: 13
Views: 2535

Re: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)

Only for the record (and it depends on country/local regulations) there are ethernet cables certified to be installed in the same conduit as mains/current ones. And fiber is also a possibility (the real issue with fiber is too tight curves and the termination, otherwise a fiber can pass almost anywh...
by jaclaz
Sat Jan 25, 2025 2:48 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1805

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

Still, if the ports are set to 10 Gb it should show "no link" (and not "running" status), this kind of "almost connected" (interface running, but not a real communication on it) seems like a tricky issue. In the (good?) ol' times there was a monthly column on Byte by Je...
by jaclaz
Sat Jan 25, 2025 1:02 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 1621

Re: speed problem with Mikrotik Hex model RB750Gr3

And the Hex refresh is roughly double of that, 498.1: https://mikrotik.com/product/hex_2024#fndtn-testresults still half the speed you want/need. You need either (looking ahead) a RB5009 at around 3 Gb, $219: https://mikrotik.com/product/rb5009ug_s_in#fndtn-testresults or a hap Ax3 (as router), 1145...
by jaclaz
Sat Jan 25, 2025 11:38 am
Forum: General
Topic: Hap AX3 as CAPsMan controller and Hap Ac as a Cap issue [SOLVED]
Replies: 3
Views: 799

Re: Hap AX3 as CAPsMan controller and Hap Ac as a Cap issue [SOLVED]

Check also here: https://forum.mikrotik.com/viewtopic.php?t=212240 You can have both old and new capsman running on the Ax3, but you will lose its radios. Besides the fun of experimenting there are different opinions among the more expert members on the board on the utility/convenience of using caps...
by jaclaz
Fri Jan 24, 2025 9:09 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1805

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

The status of "searching" means that the DHCP server is not found. Otherwise it would be "bound", and you would see the assigned IP. Better leave quick set alone. You can add manually an IP address to the bridge to see if pinging to 192.168.1.1 works, let's say 192.168.1.9/24. Bu...
by jaclaz
Fri Jan 24, 2025 8:55 pm
Forum: Beginner Basics
Topic: "No Route to Host" after upgrade to v 7.17
Replies: 5
Views: 930

Re: "No Route to Host" after upgrade to v 7.17

I have the same problem, but I can't solve it as suggested. Downgrading also not helping. Is there any help on this?
Well, maybe it is not the same problem.

Post your configuration, following these instructions:
viewtopic.php?t=203686#p1051720
by jaclaz
Fri Jan 24, 2025 8:51 pm
Forum: General
Topic: Winbox (both of them) keep disconnecting on an hAP AX2
Replies: 8
Views: 1622

Re: Winbox (both of them) keep disconnecting on an hAP AX2

It remains "strange", even if it happens only on some particular versions the Ax2 is a common device and 7.15.2 is old enough that should have already been some reports.
The good news are that 7.14.3 seems like a very stable version for wi-fi issues.
by jaclaz
Fri Jan 24, 2025 8:43 pm
Forum: Wireless Networking
Topic: Bonding 2.4G and 5G Wifi together for backhaul creation
Replies: 3
Views: 543

Re: Bonding 2.4G and 5G Wifi together for backhaul creation

No idea if it can be "ported" to your devices, but the "wireless wire" (Cube Pro's) have the 60 and 5 ghz in bonding and the settings don't seem that much complex, but it is for failover:

viewtopic.php?t=205042#p1059476
by jaclaz
Fri Jan 24, 2025 8:29 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1805

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

Well, the "dumb" bridge should have an IP (L3) assigned to be able to ping a destination. A "dumb" bridge is L2 and knows nothing of L3, while not becoming "smart"; it will become a "disadvantaged" switch if you give it a L3 address. Once an address is assigne...
by jaclaz
Fri Jan 24, 2025 7:46 pm
Forum: General
Topic: Winbox (both of them) keep disconnecting on an hAP AX2
Replies: 8
Views: 1622

Re: Winbox (both of them) keep disconnecting on an hAP AX2

Maybe going again through the factory version did reset *something* that was mis-ported during one of the past updates. :?
by jaclaz
Fri Jan 24, 2025 7:37 pm
Forum: General
Topic: Winbox (both of them) keep disconnecting on an hAP AX2
Replies: 8
Views: 1622

Re: Winbox (both of them) keep disconnecting on an hAP AX2

Winbox BOTH by MAC and IP? I would try assigning manually a MAC to the bridge, maybe it is unrelated, still it won't make any harm: https://forum.mikrotik.com/viewtopic.php?t=190747 Another thing to try is to put a (dumb) switch between your PC and the AX2, it is one of those mysterious things that ...
by jaclaz
Fri Jan 24, 2025 7:15 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1805

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

Your crs304-4xg-in is defective :shock: it has two ether4 ports :wink: :lol: Now, seriously, how are you managing the Mikrotik? (I presume with Winbox via MAC). A good idea is (unless you really-really need it) is to keep a port outside the bridge, for emergency access (it is not a problem in a &quo...
by jaclaz
Fri Jan 24, 2025 3:26 pm
Forum: General
Topic: Same pppoe on different ethernet for failover use
Replies: 1
Views: 358

Re: Same pppoe on different ethernet for failover use

It seems to me like the second approach is easier as it is more similar to usual failover. Though usually failover is done enabling and disabling routes, not enabling and disabling interfaces. Post your current configuration, following these instructions: https://forum.mikrotik.com/viewtopic.php?t=2...
by jaclaz
Thu Jan 23, 2025 10:46 pm
Forum: Beginner Basics
Topic: hEX - E50UG - default password does not work
Replies: 4
Views: 585

Re: hEX - E50UG - default password does not work

Yep, and by choosing Mikrotik there is the added value of saving on an optician test: you need reading glasses.
by jaclaz
Thu Jan 23, 2025 6:23 pm
Forum: Wireless Networking
Topic: Powering of CubeSA 60Pro ac
Replies: 4
Views: 589

Re: Powering of CubeSA 60Pro ac

Not generally, no. I run all my sites at or above 48V and all the MikroTik gear seems to be just fine. Yep, but other Mikrotik gear "stamped" with (presumed) 802.3af/at compliance have usually voltage range 12-57 (example https://mikrotik.com/product/wap_60g ) or 18-57 V (example https://...
by jaclaz
Thu Jan 23, 2025 6:08 pm
Forum: General
Topic: MikroTik routers Hijacked by botnet
Replies: 9
Views: 1022

Re: MikroTik routers Hijacked by botnet

Details are not scarce, they are not existing. That routers with credentials admin/blank (or admin/admin and similar) can be easily accessed (or bruteforced for simple, common passwords) is not "news", and the referenced CVE (from 2023) is founded on the same basic issue, from its descript...
by jaclaz
Thu Jan 23, 2025 5:42 pm
Forum: General
Topic: PoE status on boot
Replies: 12
Views: 1497

Re: PoE status on boot

I don't understand.
Can you draw a schematic of how this relay is connected?
In any case the scheduler script can be made to check the current status and act depending on that.
by jaclaz
Thu Jan 23, 2025 5:27 pm
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 11
Views: 1034

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

IMHO, correct or incorrect is in the eye of the beholder. Your AP now behaves as bridge for the "normal" wi-fi and as router for the "guest" wi-fi, If you prefer you have double (or triple, depending on what is your connection to the ISP) NAT on the guest "wi-fi". This ...
by jaclaz
Thu Jan 23, 2025 12:07 pm
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 11
Views: 1034

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

Yep, how can the 10.10.10.x devices connect to the gateway at 192.168.88.1? :shock:
Do you want to route that connection? :?:
by jaclaz
Thu Jan 23, 2025 11:34 am
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 11
Views: 1034

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

You seem to have the gateway set to "self" (10.10.10.1).
If the router has a dhcp server enabled (as it normally should) there might be additionally a conflict with the dhcp addresses.

Post the output of these commands (on the AP):
/ip address print
and:
/ip route print
by jaclaz
Thu Jan 23, 2025 11:08 am
Forum: General
Topic: Filesystem forensic image
Replies: 26
Views: 2572

Re: Filesystem forensic image

Re-thinking about it, I believe you can also attempt "brute-forcing" the values. It is not like there are tens or hundreds of possibilities, the single oob record cannot logically be smaller than 8 bytes, and more likely is either 16 or 32 bytes (i don't think that odd values or non multip...
by jaclaz
Wed Jan 22, 2025 9:13 pm
Forum: General
Topic: Filesystem forensic image
Replies: 26
Views: 2572

Re: Filesystem forensic image

Neither can I, but again, with a hex viewer and a little patience it should be easy to identify the oob, see here another example:
https://redballoonsecurity.com/flash-dump/
by jaclaz
Wed Jan 22, 2025 7:34 pm
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 11
Views: 1034

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

For anyone interested I've used this configuration on the AP https://www.youtube.com/watch?v=6P0MDlYWR_E
Maybe or maybe not :shock: (mistakes and typos happen).
It would be better/easier if you post your current configuration of the AP.
by jaclaz
Wed Jan 22, 2025 7:30 pm
Forum: General
Topic: Reboot loop after updating wAP
Replies: 5
Views: 598

Re: Reboot loop after updating wAP

Allow me to disagree. What would be the problem in having the update process actually checking that there is enough space (+ a reasonable amount of "slack") and simply plain refusing to go on? With a message *like*: The pre-update check determined that this device has x.xx Kbytes free, a m...
by jaclaz
Wed Jan 22, 2025 6:40 pm
Forum: General
Topic: Filesystem forensic image
Replies: 26
Views: 2572

Re: Filesystem forensic image

Nice find. :) The related blog post: https://www.j-michel.org/blog/2014/05/27/from-nand-chip-to-files explains in detail how the oob/spare data works :) , and on the main page: https://github.com/Hitsxx/NandTool/tree/master it is clear that you can use oob and page size instead of chip ID (as it see...
by jaclaz
Wed Jan 22, 2025 3:28 pm
Forum: General
Topic: PoE status on boot
Replies: 12
Views: 1497

Re: PoE status

You can add a script in scheduler, it has an option to run at startup (and interval must be 0), see:

https://help.mikrotik.com/docs/spaces/R ... /Scheduler
by jaclaz
Wed Jan 22, 2025 11:48 am
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 11
Views: 1034

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

I would start from this post by pcunite (the same author of the main VLAN related tutorial on the forum: https://forum.mikrotik.com/viewtopic.php?t=143620 ): https://forum.mikrotik.com/viewtopic.php?t=141279 It seems like your setup is similar to that one, the difference is only that you have a seco...
by jaclaz
Wed Jan 22, 2025 11:19 am
Forum: Beginner Basics
Topic: VLAN on a single port
Replies: 9
Views: 1117

Re: VLAN on a single port

The RB2011 is a "special" device that has two switch chips: https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features Atheros8327 (ether1-ether5+sfp1); Atheros8227 (ether6-ether10) The "modern" way to do what you want to accomplish (good on *any* Mikrotik hard...
by jaclaz
Wed Jan 22, 2025 2:19 am
Forum: General
Topic: Filesystem forensic image
Replies: 26
Views: 2572

Re: Filesystem forensic image

I think unsquash Is very "strict" and expects a "sound" filesystem and throws a fit even if minor issues are found. I cannot remember if a tool for recovery/fix exists, something *like* dmde which Is excellent for other filesystems. 7-zip should be capable of reading a squashfs a...
by jaclaz
Tue Jan 21, 2025 7:35 pm
Forum: Beginner Basics
Topic: VLAN on a single port
Replies: 9
Views: 1117

Re: VLAN on a single port

Yep, also a degree in electronics with a master in networking might help, but come on, it is a home network, if the requirements are not absurd it should be possible to fulfill them in a relatively simple way. The concepts in themselves are not that difficult (Mikrotik specific implementation might)...
by jaclaz
Tue Jan 21, 2025 7:19 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 1405

Re: external dhcp delay on cap ac

The same address on ether1 and on the bridge containing it is "wrong", whether it is part of the issue or not, only the bridge should have an IP address. It is not sent in unicast mode and it is sent as broadcast? Sent by which device? The CCR, right? So there are two possibilities: 1) the...
by jaclaz
Tue Jan 21, 2025 12:41 pm
Forum: Beginner Basics
Topic: Bridge operation mode as a layer 2 switch with packet filtering
Replies: 8
Views: 1268

Re: Bridge operation mode as a layer 2 switch with packet filtering

I am not sure to understand the setup with ether1 part of the bridge (actually I am pretty sure I don't understand it), but maybe using the interface instead of the interface list?:
add action=drop chain=forward comment="drop all coming from ether1" in-interface=ether1
by jaclaz
Tue Jan 21, 2025 12:07 pm
Forum: Beginner Basics
Topic: "No Route to Host" after upgrade to v 7.17
Replies: 5
Views: 930

Re: "No Route to Host" after upgrade to v 7.17

Happy you solved it :) .
by jaclaz
Tue Jan 21, 2025 11:39 am
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 1405

Re: external dhcp delay on cap ac

So, you have a chain *like*: Mikrotik CCR <- running centralized DHCP server Cisco 2960 #1 Cisco 2960 #2 Mikrotik AP If the same Mikrotik AP moved to another building (with a similar chain of devices) works, it must mean that *something* is different in another device, either the CCR settings/config...
by jaclaz
Tue Jan 21, 2025 11:14 am
Forum: Beginner Basics
Topic: Can't log into switch from a Macintosh.
Replies: 8
Views: 652

Re: Can't log into switch from a Macintosh.

I don't think that the issue is related to the macintosh vs. windows or linux. Check that the MAC on the label is the same as in the paper leaflet and the same one as the MAC you get in Winbox, while it is possible that a device has been exchanged during manufacturing/packaging, it is - I believe - ...
by jaclaz
Mon Jan 20, 2025 9:19 pm
Forum: Beginner Basics
Topic: "No Route to Host" after upgrade to v 7.17
Replies: 5
Views: 930

Re: "No Route to Host" after upgrade to v 7.17

Post what you get for: /ip address print and /ip route print I would try anyway to change this: /interface detect-internet set detect-interface-list=all internet-interface-list=all lan-interface-list=\ all wan-interface-list=all to: /interface detect-internet set detect-interface-list=none internet-...
by jaclaz
Mon Jan 20, 2025 9:02 pm
Forum: General
Topic: Which HW for Verizon Cellular in NY
Replies: 8
Views: 631

Re: Which HW for Verizon Cellular in NY

I think the thread, and the threads referenced therein, do not point to an MT device that is definetly compatible with Verizon Wireless in the USA.
Exactly.
It seems like such device does not exist (yet) in the Mikrotik product range.
by jaclaz
Mon Jan 20, 2025 8:35 pm
Forum: General
Topic: Which HW for Verizon Cellular in NY
Replies: 8
Views: 631

Re: Which HW for Verizon Cellular in NY

Maybe this thread:
viewtopic.php?p=1082937
can give you some ideas.
by jaclaz
Mon Jan 20, 2025 7:55 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 1405

Re: external dhcp delay on cap ac

Only for the record: Firewall rules are not created automatically. They are present in the default configuration for so-called SOHO Mikrotik devices, that typically have: 1 ) all ports BUT ether1 in bridge 2 ) ether1 as WAN 3 ) bridge as LAN 4 ) default firewall filter rules 5 ) dhcp client on ether...
by jaclaz
Mon Jan 20, 2025 7:00 pm
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 6
Views: 1204

Re: RTFC11: how to power with PoE 802.11at/af?

Yup. Product page says Unit has 12-57V PoE with 802.3af/at support ( with unshielded cross cable ) (emphasis is mine) In addition to emphasis, can you also translate from Mikrotikish? What (the heck) is a cross cable? Does it mean cross over ? But in crossover cables the 4,5,7,8 used for PoE remain...
by jaclaz
Mon Jan 20, 2025 4:49 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 1405

Re: external dhcp delay on cap ac

So you agree, that if an IT person for a university is going to use MT product ... You talkin' to me? :?: I don't know/cannot say, I am non-IT and non-university, and just a beginner level user of MT products, I am only commenting on what I see (and on the little I can understand of it) of the post...
by jaclaz
Mon Jan 20, 2025 3:39 pm
Forum: General
Topic: USB port doesnt work on hAP ac lite
Replies: 6
Views: 996

Re: USB port doesnt work on hAP ac lite

Compare with the list here: https://help.mikrotik.com/docs/spaces/ROS/pages/13500447/Peripherals some of them are only supported if they have a certain firmware revision or USB vid/pid or will only work on v7 and not v6. HUAWEI E3372h-153 -> should work? HUAWEI E3372h-320 -> v7 only HUAWEI E352S-5 -...
by jaclaz
Mon Jan 20, 2025 3:25 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 1405

Re: external dhcp delay on cap ac

I am perplexed :? (but what do I know?) Both ether1 (classified as WAN) and bridge (classified as LAN) have the same static IP address of 172.18.224.5/22, AND ether1 is member of bridge, AND it is the only flagged trusted interface, AND dhcp snooping is on, AND there is a static route with gateway. ...
by jaclaz
Mon Jan 20, 2025 12:43 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2807

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

I think we are getting into a sort of circular reasoning. There are two theories right now: 1) the CHR image at first boot gets somehow "personalized" to the (virtual or real) hardware it is booted on, and from second boot it will only work on exactly same or very similar (virtual or real)...
by jaclaz
Mon Jan 20, 2025 12:23 pm
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 6
Views: 1204

Re: RTFC11: how to power with PoE 802.11at/af?

You mean the R B TFC11: https://mikrotik.com/product/RBFTC11 ? By default it comes with an injector that is this one: https://mikrotik.com/product/RBGPOE That definitely uses mode B (4,5+/7,8-). In theory a 802.3af/at compliant PD should accept both Mode A and mode B (it is the PSE that decides on w...
by jaclaz
Mon Jan 20, 2025 11:46 am
Forum: General
Topic: Help : 2 WAN 1 LAN Configuration [SOLVED]
Replies: 3
Views: 748

Re: Help : 2 WAN 1 LAN Configuration [SOLVED]

Maybe you need:
add address=192.168.10.3/32 list=FOR-WAN1
? :?:
by jaclaz
Sun Jan 19, 2025 11:56 pm
Forum: General
Topic: Adding bridge interface to WAN - is there anything special?
Replies: 2
Views: 542

Re: Adding bridge interface to WAN - is there anything special?

Well, there may be some confusion in terminology. A bridge is an interface that contains interface(s), i.e. you don't assign a bridge to an interface, you add the interface(s) to the bridge. You can then strip the interface from the bridge, not viceversa. If you prefer an interface (like ether1 for ...
by jaclaz
Sun Jan 19, 2025 11:19 pm
Forum: General
Topic: Filesystem forensic image
Replies: 26
Views: 2572

Re: Filesystem forensic image

Aside from updating, what can be done to prevent someone from making such forensic bit-by-bit images and make sure there is plenty of variance? You can update as much as you want, if the hypothetical hacker interested in the secrets you store on your router has physical access to the device for eno...
by jaclaz
Sun Jan 19, 2025 11:04 pm
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 96
Views: 5653

Re: L3 HW Offloading

When you say the main table - are you talking about the firewall table then? No. It Is the table you printed, containing routes. By default on Mikrotik there Is only one routing table, called "main". But more tables can be added. All traffic will use this main table, unless explicit modif...
by jaclaz
Sun Jan 19, 2025 8:26 pm
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 96
Views: 5653

Re: L3 HW Offloading

Sorry to be the bearer of bad news, but (IMHO) you won't get very far with GUI only tools, the Mikrotik configuration settings are already at the same time scattered all over the place and mixed up together that without some use of terminal/command line they are impossible or near to impossible to u...
by jaclaz
Sun Jan 19, 2025 7:54 pm
Forum: Beginner Basics
Topic: Setting up DHCP for beginners
Replies: 5
Views: 1008

Re: Setting up DHCP for beginners

Beginners dont normally need more than 50 addresses ....
Beginners (with lots of friends) throwing parties like there is no tomorrow? :?:
:lol:
by jaclaz
Sun Jan 19, 2025 6:38 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 1405

Re: external dhcp delay on cap ac

But is the issue generated by the DHCP server or by the last element in the chain (the Mikrotik Ap's) or somewhere in between? Which device acts as DHCP server? I would try connecting to one of its ports a dumb switch and see if a device attached to this dumb switch gets an IP and does so in a timel...
by jaclaz
Sun Jan 19, 2025 6:12 pm
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 96
Views: 5653

Re: L3 HW Offloading

The things rplant suggested are firewall (raw) rules (in prerouting I believe), not routing rules (policy routing).

https://help.mikrotik.com/docs/spaces/R ... 6/Firewall
by jaclaz
Sun Jan 19, 2025 6:06 pm
Forum: General
Topic: PCC load balancing and VOIP
Replies: 6
Views: 809

Re: PCC load balancing and VOIP

.... but you will need to post a full (anonymized) /export, otherwise it will be difficult for willing helping members to guess your (say) mangle rules or in any case, holistically evaluate your configuration.
by jaclaz
Sun Jan 19, 2025 4:48 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2807

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

github.com/ayufan-research/mikrotik-qemu-arm64 yep, but we are back that what you do at home may (or may not) work on the cloud: 4. use it as a reference image/configuration to deploy in the wild. As explained above, using a reference image is exactly what you can not do with a CHR, because the fir...
by jaclaz
Sun Jan 19, 2025 4:43 pm
Forum: General
Topic: RB5009 vlan mgmt to sxt passthrough
Replies: 2
Views: 774

Re: RB5009 vlan mgmt to sxt passthrough

sxt lte mgmt vlan ether 1 -> rb5009 ether3 vlan 200 mgmt (added to bridge-LAN) sxt lte passthrough ether 1 -> rb5009 ether 3 WAN_LTE What you describe doesn't seem to match with your config: /interface vlan add interface=bridge-LAN name=VLAN_10_LAN vlan-id=10 add interface=bridge-LAN name=VLAN_20_K...
by jaclaz
Sun Jan 19, 2025 4:29 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2807

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

1. run it in your local environment
oh, oh:
@jaclaz: even if that was possible, how would you do it for architecture you don't have at home (e.g. ampere)?
by jaclaz
Sun Jan 19, 2025 3:03 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2807

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

So, the only "defense" is what rextended suggested for the other case where default config (reset) might get online (LTE devices where you don't want or cannot remove SIM)? but in that case there are some 20-30 seconds of time before the SIM registers to the network: https://forum.mikrotik...
by jaclaz
Sun Jan 19, 2025 2:41 pm
Forum: Beginner Basics
Topic: Stuck in config: winbox and disconnections [SOLVED]
Replies: 5
Views: 1379

Re: Stuck in config: winbox and disconnections [SOLVED]

On the cAP: /interface list add comment=defconf name=WAN add comment=defconf name=LAN this sets two categories. WAN and LAN (if you prefer outside and inside, dangerous and safe). But then you have: /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=et...
by jaclaz
Sun Jan 19, 2025 2:18 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2807

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

@sindy Not even: 1) download a "clean" CHR image from Mikrotik 2) mount/run it locally (VM) 3) change admin user and set a "strong" password 4) upload to cloud 5) configure online ? :shock: I did know that the "s" in "cloud" is the same as the one in "iot...
by jaclaz
Sun Jan 19, 2025 12:45 pm
Forum: Beginner Basics
Topic: need help getting started
Replies: 1
Views: 598

Re: need help getting started

Out of curiosity, did you brick all four of them? If a "plain" reset does not work, you can try netinstall, but since the latter is often tricky to setup (PC network card/firewall, sometimes need of a dumb switch between PC and router, etc), it would help to simulate it on a surely working...
by jaclaz
Sun Jan 19, 2025 12:37 pm
Forum: General
Topic: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2
Replies: 19
Views: 2365

Re: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2

Get a mikrotik, create those bridges and then place a device (or two) that has two ethernet interfaces behind one enslaved port of bridgeA and another of an enslaved port of bridgeB. Sure, and introduce by mistake 2 to 34 of the possible 4587 differences between your configuration and the recreated...
by jaclaz
Sun Jan 19, 2025 12:30 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2807

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

Whereas most cloud providers allow to install your own disk image, the first start of the CHR image downloaded from the Mikrotik site includes some initialization, so installing the CHR on your virtualization platform at home, setting up some basic firewall rules or even a VPN, and then installing ...
by jaclaz
Sun Jan 19, 2025 1:18 am
Forum: General
Topic: PXE Boot From Mikrotik
Replies: 17
Views: 25608

Re: PXE Boot From Mikrotik

Semi-random thought, but do you really need a "multidot" filename? I know that the (good ol') '90's are long gone, but (still good ol') 8.3 filename can some times help. Only for the record, in the (again good ol') days of BartPe, XP USB booting, etc. it was a common saying "oh noes, ...
by jaclaz
Sun Jan 19, 2025 12:41 am
Forum: Wireless Networking
Topic: Unstable connection with pair of nRAYG60ad
Replies: 7
Views: 1976

Re: Unstable connection with pair of nRAYG60ad

A device that Is intended for links up to 1500 m or more cannot be very good at short distances, generally speaking. I like to imagine that the two devices, which have very good hearing, are shouting at each other at the top of their lungs. At 20 meters alignment Is a non-issue, you turn the device ...
by jaclaz
Sat Jan 18, 2025 2:25 pm
Forum: Beginner Basics
Topic: Help with routing Internet through a RB5009UG router....
Replies: 4
Views: 1834

Re: Help with routing Internet through a RB5009UG router....

There is some confusion in your configuration. You should start by using the "normal" default firewall settings, but first fix the following otherwise your ether8 won't have correct access: /interface list add name=WAN add name=LAN /interface list member add interface="sfpplus1-(INTER...
by jaclaz
Sat Jan 18, 2025 1:00 pm
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 77
Views: 18214

Re: Router OS 7 on UEFI

The gdisk analysis of that image is fine, (no problems found). It is a MBR/GPT hybrid, the data in both the partition tables is correct. The first partition is (correctly for UEFI booting) a FAT filesystem. All sizes are ALREADY megabyte aligned BUT there is something strange (at least on my Windows...
by jaclaz
Sat Jan 18, 2025 1:22 am
Forum: Forwarding Protocols
Topic: How to connect WAN directly to some port, bypassing NAT
Replies: 13
Views: 2948

Re: How to connect WAN directly to some port, bypassing NAT

So It Is what rextended posted : Put a switch on the WAN and attach the gateway WANs to it ... If we can abstract for a moment from the fact that having more than one bridge on a single Mikrotik device Is usually not advised, you could have: bridgeWAN with ether1 and ether2 in it and bridgeLAN with ...
by jaclaz
Sat Jan 18, 2025 12:55 am
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 77
Views: 18214

Re: Router OS 7 on UEFI

No idea on the peculiarities (if any) of ARM architecture, but on x86/x64 there Is no differences whatsoever among the various interfaces/buses (like ide/sata/scsi). There are two partitioning styles, i.e. MBR and GPT, and that's It. Then there Is the issue (for UEFI) of the accessibility of the fir...
by jaclaz
Fri Jan 17, 2025 11:59 pm
Forum: General
Topic: Can mikrotik be a web-server with one only simple static web page?
Replies: 1
Views: 628

Re: Can mikrotik be a web-server with one only simple static web page?

I believe that it Is possible to (ab-) use the hotspot/captive portal features. Particularly if - as in your case - you can redirect to a specific url and if the Mikrotik device isn't the gateway (or Is It?). I was thinking of something similar a few day ago, but in my intended case the issue Is con...
by jaclaz
Fri Jan 17, 2025 8:58 pm
Forum: Beginner Basics
Topic: fiber link between rb5009 and crs318 ramdomly down
Replies: 3
Views: 1036

Re: fiber link between rb5009 and crs318 ramdomly down

If it's normal, can someone give me a hand and create a script that pings from rb5009 to crs318 and if fails disable / enable sfp interface... Personally I don't think it is normal, but if the crs318 has an IP address, you could use netwatch for the check. https://help.mikrotik.com/docs/spaces/ROS/...
by jaclaz
Mon Jan 13, 2025 11:50 pm
Forum: RouterBOARD hardware
Topic: wAP AX Range (sqft/sqm)?
Replies: 3
Views: 1158

Re: wAP AX Range (sqft/sqm)?

And I would add also where the cat6 sockets are located, if on the ceiling of a central room the wAP is not so suitable as it Is not omnidirectional and a cAP (or another manufacturers ceiling AP) would be more suitable. That Is if the floor plan Is roughly a square, if It Is long and narrow it's an...
by jaclaz
Mon Jan 13, 2025 8:52 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 1562

Re: Automation Gateway With Mikrotik [SOLVED]

The 951/mipsbe will work with wireguard on Ros 7.x, the issue is working around your apparent lack of a public address.
by jaclaz
Mon Jan 13, 2025 8:41 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 1562

Re: Automation Gateway With Mikrotik [SOLVED]

An ax-lite or hex refresh is 60 bucks or so, try converting that in minutes/hours/days :shock: (depending on where you are located) of engineer time, + minutes/hours/days of industrial machine production margin, usually (not always, but often enough) bosses are sensible to this way to present them t...
by jaclaz
Mon Jan 13, 2025 8:20 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 1562

Re: Automation Gateway With Mikrotik [SOLVED]

Wireguard?

https://help.mikrotik.com/docs/spaces/R ... /WireGuard

It should run just fine (with a low bandwidth, but surely you don't need speed) on your 951, updated to v7.x RoS:
viewtopic.php?t=197824
by jaclaz
Mon Jan 13, 2025 5:57 pm
Forum: Beginner Basics
Topic: From Quick Setup Bridge Mode to simple Firewall Rule
Replies: 26
Views: 4584

Re: From Quick Setup Bridge Mode to simple Firewall Rule

Hello, would you please provide an updated reference? "In that case you simply need this guidance - https://forum.mikrotik.com/viewtopic.php?t=182276", the link is not working Could you please provide a solution based on the attached config? Thank you Wayback Machine to the rescue: https:...
by jaclaz
Mon Jan 13, 2025 5:38 pm
Forum: General
Topic: Voltage logging
Replies: 1
Views: 726

Re: Voltage logging

You can put together a script. As an example combining this: https://forum.mikrotik.com/viewtopic.php?t=198614 with this: https://forum.mikrotik.com/viewtopic.php?t=189253 Or - way easier if you are not into scripting, try splunk: https://forum.mikrotik.com/viewtopic.php?t=179960 you can have someth...
by jaclaz
Mon Jan 13, 2025 4:04 pm
Forum: Beginner Basics
Topic: WiFi Station to Ethernet Port
Replies: 6
Views: 1207

Re: WiFi Station to Ethernet Port

I don't understand how it can connect to your Wi-Fi access point as there is no station (or station-bridge or station-pseudobridge) mode set in /interface wireless and without wpa and wpa2-pre-shared-key (maybe these latter are not shown without the show sensitive, as in /export show-sensitive, but ...
by jaclaz
Mon Jan 13, 2025 12:48 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1500

Re: Is there a simple way to hang a virtual "Out of order" sign?

Well,. at least we tried. Re-searching I found this thread https://forum.mikrotik.com/viewtopic.php?t=136510 where sindy was (as he always is) clear: https://forum.mikrotik.com/viewtopic.php?t=136510#p672515 So I re-asked an already asked and replied to question, my bad. :oops: It remains (IMHO) a p...
by jaclaz
Sun Jan 12, 2025 6:32 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1500

Re: Is there a simple way to hang a virtual "Out of order" sign?

Yep, but this would assume that the LAN is all DHCP clients (which isn't right now) but even if I changed it to becoming dynamic (possibly needing a few machines to have static assignments via MAC), I would need this "temporary replacement device" to replicate the same DHCP server settings...
by jaclaz
Sun Jan 12, 2025 5:51 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 39424

Re: wAP ax?

For *some reasons* the US site specification page: https://www.tp-link.com/us/business-networking/omada-sdn-access-point/omada-eap770/#specifications does not show power requirements. The Italian site does: https://www.tp-link.com/it/business-networking/omada-wifi-wifi7/eap770/ EU: 24.05 W (802.3bt,...
by jaclaz
Sun Jan 12, 2025 5:29 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1500

Re: Is there a simple way to hang a virtual "Out of order" sign?

Or even older foot messengers ... :lol:
by jaclaz
Sun Jan 12, 2025 5:03 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1500

Re: Is there a simple way to hang a virtual "Out of order" sign?

All employees have a cell phone...... Send mass text message - internet out restoration time est XX:XX Hrs. I see from your reply how you have a vast experience of (graciously) managing personnel in activities that run 24/7 (please read shifts) and that your employees at home or in vacation simply ...
by jaclaz
Sun Jan 12, 2025 4:46 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1500

Re: Is there a simple way to hang a virtual "Out of order" sign?

I understand now, you are proposing a "captive portal" that leads to nowhere, I was tricked by the word "hotspot" that I instinctively connected with "Wi-FI stuff", almost any tutorial/example I had seen was about the /ip hotspot assigned on wlan1, but of course it can ...
by jaclaz
Sat Jan 11, 2025 8:18 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1500

Re: Is there a simple way to hang a virtual "Out of order" sign?

Yes, I had in mind a possible re-use for one old hap Lite I have around, but I have also a couple (still old) thin clients I am not using, so a minimal Linux with a web server would also be possible. But using hotspot would catch only wi-fi users, and anyway the half-lease time would be too long. An...
by jaclaz
Sat Jan 11, 2025 6:59 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1500

Is there a simple way to hang a virtual "Out of order" sign?

As the thread title says. Maybe it is a stupid question, and it is a non-problem, still I would be curious to know if something like this exists and/or there is some other "common practice" or similar thing. When you do a maintenance intervention on - say - elevators, you put a sign "...
by jaclaz
Sat Jan 11, 2025 4:38 pm
Forum: Beginner Basics
Topic: Auto Redirect IP with Port [SOLVED]
Replies: 6
Views: 1471

Re: Auto Redirect IP with Port [SOLVED]

Well, if we assume that the final desired result is: a. type the destination IP address in the browser without specifying port b. *somehow* connect the browser on a specific port of the specific destination IP address a dstnat port remapping seems like a possible solution, it should be something *li...
by jaclaz
Sat Jan 11, 2025 12:27 pm
Forum: Beginner Basics
Topic: Passive Bridge with Firewall
Replies: 2
Views: 881

Re: Passive Bridge with Firewall

This topic:
viewtopic.php?t=185541

seems to me very similar, maybe you can get some ideas/approaches from that one.
by jaclaz
Sat Jan 11, 2025 11:30 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 3724

Re: old configs don't work [SOLVED]

Good. :) Now that you have the general idea/basic setup working, you should check the post by Sindy right after that: https://forum.mikrotik.com/viewtopic.php?p=1110759#p1111163 as his version is more elegant, and compare with the "final" version on the other already mentioned thread: http...
by jaclaz
Fri Jan 10, 2025 11:48 pm
Forum: General
Topic: PoE-out with Mode A [SOLVED]
Replies: 4
Views: 1041

Re: PoE-out with Mode A [SOLVED]

Naah, the Planet one Is generally available, but It Is not cheap, example:
https://www.digitx.it/codice/c-poe_e201 ... od-115326/
70 €!
Of course if you are wasting investing the awful amount of money a Doorbird costs, It could be fine.
by jaclaz
Fri Jan 10, 2025 11:16 pm
Forum: General
Topic: PoE-out with Mode A [SOLVED]
Replies: 4
Views: 1041

Re: PoE-out with Mode A [SOLVED]

Doorbird is a strange Beast. It declares 802.3af Mode A, which Is against the specs, as 802.3af PD's should be compatibile with BOTH mode A and mode B. Anyway, the question is which specific devices we are talking of, both the Mikrotik and the Doorbird. If the interfaces are 10/100 It Is relatively ...
by jaclaz
Fri Jan 10, 2025 8:18 pm
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 1530

Re: Wireguard config help

Well it gets to 172.20.10.1 (and stops there) . What is that address? Your network gateway? I don't really understand how it even gets there without a route (I was suspecting a ping error of "no route to host".). Anyway, post the output of: /ip address print and of /ip route print so that ...
by jaclaz
Fri Jan 10, 2025 8:05 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 2557

Re: 4G/LTE router with Dual SIM [SOLVED]

Well, also the Teltonika RUTX12:
https://teltonika-networks.com/products/routers/rutx12
nice thingy, not exactly cheap.
by jaclaz
Fri Jan 10, 2025 7:58 pm
Forum: RouterBOARD hardware
Topic: HEX S sometimes fails to start properly [SOLVED]
Replies: 13
Views: 4347

Re: HEX S sometimes fails to start properly [SOLVED]

Trying an alternate power supply won't be difficult anyway, the hex S accepts a wide range: DC jack input Voltage 12-57 V but also AC3 is pretty much flexible: DC jack input Voltage 12-28 V Personally I would still suspect the zener diodes, and as said they are easy to test with a tester/voltmeter.
by jaclaz
Fri Jan 10, 2025 7:48 pm
Forum: Beginner Basics
Topic: WiFi Station to Ethernet Port
Replies: 6
Views: 1207

Re: WiFi Station to Ethernet Port

I don't understand. The mAP lite has only one ethernet port, ether1. You want to connect your radio (wlan1) to an existing wi-fi network? Then the device is a "client" or "station" (and not an AP). And - it depends on choices - it can be configured both as "router" (wit...
by jaclaz
Fri Jan 10, 2025 2:54 pm
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 1530

Re: Wireguard config help

UNfortunately the "timeout" in the ping could be due to anything along the connection, including the remote 74.208.xx.xx prevented from replying to ICMP requests (newish windows as an example have a firewall rule that prevents replying from pings coming from outside the local lan), but it ...
by jaclaz
Fri Jan 10, 2025 2:41 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 2187

Re: Hotspot windows users login with wrong ip

Good. :)

Though the "fault" is most probably in the client that attempts to login before having a "proper" DHCP address (or wait for a timeout), it is good to know that RouterOS can deal with that.
by jaclaz
Fri Jan 10, 2025 1:39 am
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 1530

Re: Wireguard config help

I presume that the XX.XX.XX.XX is not on the same network 10.8.0.0/24, right?
Can you ping successfully the XX.XX.XX.XX endpoint address from the router?
If not, which error do you get?
by jaclaz
Thu Jan 09, 2025 11:40 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 2557

Re: 4G/LTE router with Dual SIM [SOLVED]

To be fair on the posted image, also Huawei claims the same.
It seems more likely that it is something lost in translation (or whatever) connected with amazon than originating from the manufacturers.
by jaclaz
Thu Jan 09, 2025 11:27 pm
Forum: General
Topic: Won't connect without DHCP...?
Replies: 6
Views: 1028

Re: Won't connect without DHCP...?

Bad, bad router? Or maybe - just maybe - there is the possibility that there could be something that needs to be changed in its configuration? If this latter could be the case, a good idea would be to post the current configuration for review (anonymizing the sensible data), instructions here: https...
by jaclaz
Thu Jan 09, 2025 5:01 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 12
Views: 3040

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

I don't know.

Maybe you should recreate the exact configuration that creates the slowdown and post that one.

It is harder to read a configuration where something has been removed (or disabled) as you never know if it is missing or is a leftover from another attempt.
by jaclaz
Thu Jan 09, 2025 3:45 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 12
Views: 3040

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

Well, that thread is from 2021, and it is about RouterOS 6.49.1. You are running 7.8 (which is in itself really old). Something may well have changed in the meantime. Even if you don't want to upgrade to latest-latest (that would be 7.16.2) you should IMHO at least upgrade to 7.12.1 (to which you ha...
by jaclaz
Thu Jan 09, 2025 12:47 pm
Forum: Scripting
Topic: Securely storing apikey/tokens for /tool/fetch... Approaches? == $SECRET
Replies: 10
Views: 5225

Re: Securely storing apikey/tokens for /tool/fetch... Approaches? == $SECRET

Try to add the policy policy :shock: I.e.: policy=read,write,test,policy Not that I recommend it, but the primitive method I use when testing scripts is giving them all possible permissions, then remove them one by one until it stops working: https://forum.mikrotik.com/viewtopic.php?p=1050058&hi...
by jaclaz
Thu Jan 09, 2025 1:39 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 3724

Re: old configs don't work [SOLVED]

In 7 you need to explicitly add the routing tables and the routing-mark becomes routing-table in /ip route, as already hinted. Like: /routing table add fib name=via-ether2 add fib name=via-ether3 and then: /ip route add distance=1 dst-address=10.1.1.0/24 gateway=ether2 routing-table=via-ether2 in ma...
by jaclaz
Wed Jan 08, 2025 9:09 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1719

Re: Problem with ping using interfaces

Only for the record and JFYI, there is a way out for cases where the narrow route becomes invalid/inactive (for one reason or the other), which is to add a second narrow route as blackhole, but with a higher distance, is that your case?. See, as an example: https://forum.mikrotik.com/viewtopic.php?t...
by jaclaz
Wed Jan 08, 2025 8:24 pm
Forum: Beginner Basics
Topic: What if I just want to use it as a switch? [SOLVED]
Replies: 8
Views: 2110

Re: What if I just want to use it as a switch? [SOLVED]

I think you missed the word "just" in the subject, or misinterpreted that I want to keep things as simple as possible It was more a reply to your question: Can I just install SwitchOS instead of RouterOS? Let me rephrase the answer: No, that device can only run RoS and not SwitchOS. Other...
by jaclaz
Wed Jan 08, 2025 8:18 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 3055

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

(besides nicer layout): I don't know :? , those 90° cable bends are ugly :shock: and they are not very good for the flow of data. 0's are usually OK, but 1's may get entangled in those sharp corners. :wink: (I know it's an old joke, but I cannot resist) :lol: Happy the whiole stuff is working. :)
by jaclaz
Wed Jan 08, 2025 8:06 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1719

Re: Problem with ping using interfaces

Well, what do you think netwatch is supposed to do? :?: :wink: https://help.mikrotik.com/docs/spaces/ROS/pages/8323208/Netwatch Using the (newish) ICMP mode (as opposed to "simple" ping) it allows for "fine-tuning" the failover triggering, and it has a few other modes too, beside...
by jaclaz
Wed Jan 08, 2025 7:48 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 2023

Re: LTE issue on reboot

@Amm0 That is another aspect. :) But I don't know. :? Let's divide the matter in three: 1 ) what triggers the execution of a script (event) 2 ) what triggers the execution of a script (detection method) 3 ) what remedies we can implement (actions the script executes) The script could be triggered EI...
by jaclaz
Wed Jan 08, 2025 2:55 pm
Forum: General
Topic: what happens when CHR 60 days trial is expired!
Replies: 7
Views: 5762

Re: what happens when CHR 60 days trial is expired!

That is not true and topic is incorrectly marked as solved WHAT is not true? The help page: https://help.mikrotik.com/docs/spaces/ROS/pages/18350234/Cloud+Hosted+Router+CHR Free licenses There are several options to use and try CHR free of charge. free The free license level allows CHR to run indef...
by jaclaz
Wed Jan 08, 2025 12:51 pm
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 1597

Re: RB5009UPr+S+IN: POE or POE+

thanks. I'm trying to power 2 Netgear WAX620 access points. The product data sheet says the device uses 25.5W. Seems like the 5009 will underpower them using the supplied barrel connector power supply? That is a beast of access point. :shock: And it is a strange beast, as the datasheet: https://www...
by jaclaz
Wed Jan 08, 2025 11:45 am
Forum: RouterBOARD hardware
Topic: RB260GSP POE Switch
Replies: 6
Views: 1557

Re: RB260GSP POE Switch

Well, the good news are that: Netzwerkschnittstelle 10Base-T/100Base-TX RJ45 LAN-Anschluss PoE (nur für PoE-Version) IEEE 802.3af (+ Pin 4 und 5 / - Pin 7 und 8) IF it is the PoE version, it uses Mode B, and the interface is 10/100. BUT there is an added issue. Something, to be 802.3af compatible, n...
by jaclaz
Wed Jan 08, 2025 10:55 am
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 3055

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Yes, this would make much more sense. :) ISP do sometimes have "strange" settings, but in the cases where some services are on tagged VLAN the VLAN number is not 1, it is only the way the Mikrotik "sees" the untagged traffic. @mkx So, it still boils down to "do not use VLAN1...
by jaclaz
Wed Jan 08, 2025 1:11 am
Forum: Beginner Basics
Topic: What if I just want to use it as a switch? [SOLVED]
Replies: 8
Views: 2110

Re: What if I just want to use it as a switch? [SOLVED]

The CRS304-4XG-IN Is anyway NOT among the dual boot devices:

https://mikrotik.com/products/group/s ... oot%22]#!
So if you want to go down that road you need to choose another device model.
by jaclaz
Wed Jan 08, 2025 1:04 am
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 2023

Re: LTE issue on reboot

Your router(s), your choice.
by jaclaz
Wed Jan 08, 2025 12:58 am
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 1597

Re: RB5009UPr+S+IN: POE or POE+

Sure, but if you Power a 16 W device with 30 W (max of the 802.3at Power supply) you can expect to draw, total of the other 7 ports, 14 W or so. If you prefer a 802.3at Power supply can Power - chained - no more than 2 x 802.3af *like* devices, let's say the RB5009 and an AP connected to one of the ...
by jaclaz
Wed Jan 08, 2025 12:32 am
Forum: 3rd party tools
Topic: 🚀 RemoteWinBox Admiral centralized MikroTik Management
Replies: 10
Views: 3493

Re: 🚀 RemoteWinBox Admiral centralized MikroTik Management

Nothing meant by it....We were surprised by the large number of use cases for our software for Starlink integrators. Ah, ok, you meant more like professional users than final customers, since starlinks are more likely installed in remote areas It makes perfect sense that a remote management solutio...
by jaclaz
Wed Jan 08, 2025 12:21 am
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 1597

Re: RB5009UPr+S+IN: POE or POE+

Neither. :shock: Each port can provide 440 mA: https://mikrotik.com/product/rb5009upr_s_in 0.44A*48V=21.12 W (typical voltage) 0.44A*57V=25.08 W (max voltage) 802.3af 15.40 W @PSE /12.95 W @PD (POE) 802.3at 30.00 W @PSE / 25.50 W @PD (POE+) The triple power input should be irrelevant, but only ether...
by jaclaz
Tue Jan 07, 2025 11:07 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 2023

Re: LTE issue on reboot

I don't see why BOTH approaches cannot be tested. In the script, if LTE cannot be found, try resetting USB. If after - say - 120 seconds the LTE still cannot be found, then, and only then, reboot the router. If It works, It works, and if It doesn't It goes through the full reboot. 120 seconds Is onl...
by jaclaz
Tue Jan 07, 2025 9:13 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 3055

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Yep, this is where I was not understanding.
Native VLAN doesn't necessarily mean VLAN1, do you mean that your ISP is using VLAN1 as "native"?
That would be the typical case of the gun pointed at your head.
by jaclaz
Tue Jan 07, 2025 9:07 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 2023

Re: LTE issue on reboot

Cannot it be quickly tested by replacing in the script
:log error "LTE1 interface does not exist. Rebooting router..."
/system reboot
with:
:log error "LTE1 interface does not exist. Rebooting USB..."
/system routerboard usb power-reset duration=10s
or similar?
by jaclaz
Tue Jan 07, 2025 8:54 pm
Forum: 3rd party tools
Topic: 🚀 RemoteWinBox Admiral centralized MikroTik Management
Replies: 10
Views: 3493

Re: 🚀 RemoteWinBox Admiral centralized MikroTik Management

Only out of curiosity:
Heck, even Starlink users love us for all the things.
Why the "heck, even"?
Are Starlink users a category apart? :?
by jaclaz
Tue Jan 07, 2025 8:32 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 3055

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

#3 and #4, my bad, The point I was trying to make is that the VLAN1 is *somehow* used (at least in RouterOS) as the default VLAN for *something* and there is the risk that using it for *something else* might create conflicts. Maybe in SwOS it is different, and the (few) people that actually fully un...
by jaclaz
Tue Jan 07, 2025 6:00 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 3055

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Re: #4 Does your ISP provide the service over VLAN1 or in any other ways forces you to use it? I might have missed where you explained how you were forced - with a gun pointed at your head - to use VLAN1. The usual advice is to NOT use VLAN1, unless it is really-really needed because the consequence...
by jaclaz
Tue Jan 07, 2025 5:24 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 3088

Re: Simple Bridge with Firewall rules for Ether1 (internet))

Why is AI needed to generate really poor configuration when the default config meets 95% of the use case?
To prove - once again - that AI is not (yet :? ) capable of doing anything good? :lol:
by jaclaz
Tue Jan 07, 2025 5:20 pm
Forum: RouterBOARD hardware
Topic: RB260GSP POE Switch
Replies: 6
Views: 1557

Re: RB260GSP POE Switch

To further expand on the matter, splitters that take the 24V in and output the 12V for the camera do exist, BUT there is even another issue, Mikrotik (passive) PoE is "mode B", it has to be checked if the splitter is mode A or mode B: https://www.etherwan.com/support/faq/what-poe-power-pin...
by jaclaz
Tue Jan 07, 2025 12:00 am
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 2447

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

A saved export Is enough normally, but a (binary) backup gives added security. They have different uses and different characteristics. The backup allows to "clone" a router, It Is "all or nothing". The export represents the exact configuration, but can be modified or used partial...
by jaclaz
Mon Jan 06, 2025 9:17 pm
Forum: General
Topic: downgrade ROS to pre-7.13 version [SOLVED]
Replies: 14
Views: 2459

Re: downgrade ROS to pre-7.13 version [SOLVED]

Well, I have just replaced in december (with a Mikrotik Ax Lite) a self-made router (a repurposed Fujitsu Siemens S200 running Zeroshell) that had been ticking 24/7 since 2012. The actual device was produced in 2004 or so, processor is Transmeta! I originally got one of these on the cheap (like 20 E...
by jaclaz
Mon Jan 06, 2025 8:57 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 2187

Re: Hotspot windows users login with wrong ip

So, is it working with the correct range settings?

I wasn't at all sure whether the mac-cookie login runs "before" the ip-binding block and thus by-passes it..
by jaclaz
Mon Jan 06, 2025 8:16 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1719

Re: Problem with ping using interfaces

Well, the actual idea behind both recursive routing and netwatch checking is to use a "remote" (and likely reliable) DNS server (such as 8.8.8.8, 8.8.4.4.4, 9.9.9.9, 1.1.1.1, etc.) to check the connection to the internet by pinging it. This is done through a "narrow" additional r...
by jaclaz
Mon Jan 06, 2025 5:53 pm
Forum: General
Topic: Home networking suggestions
Replies: 9
Views: 2069

Re: Home networking suggestions

The Brume has also a "dedicated" setting called "drop in gateway": https://docs.gl-inet.com/router/en/4/interface_guide/drop-in_gateway/ From what I understand -besides the actual throughput in practice that would need to be tested - it requires disabling the DHCP of the "ma...
by jaclaz
Mon Jan 06, 2025 3:47 pm
Forum: General
Topic: downgrade ROS to pre-7.13 version [SOLVED]
Replies: 14
Views: 2459

Re: downgrade ROS to pre-7.13 version [SOLVED]

Only as a side note, it is refreshing to see someone that reasonably does not upgrade to latest-latest (your point #2) the "production" machines. Bravo! I understand how the forum is largely populated by people that like to experiment and tinker with Mikrotik newish releases, but often upg...
by jaclaz
Mon Jan 06, 2025 2:51 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 2187

Re: Hotspot windows users login with wrong ip

Semi-random idea, would setting ip-binding to something like:
/ ip hotspot ip-binding
add address=169.254.1.0-169.254.254.255 type=blocked
effectively prevent the APIPA addresses from logging in (via mac-cookie)?
by jaclaz
Mon Jan 06, 2025 12:19 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 2187

Re: Hotspot windows users login with wrong ip

It seemingly shaved some little time off, however.

Before it was
08:31.51->08:33:58=2 minutes 7 seconds

and now is:
06:03:52->06:05:55=2 minutes 3 seconds

Can the keepalive timeout be reduced? :?:
by jaclaz
Mon Jan 06, 2025 12:06 pm
Forum: General
Topic: Home networking suggestions
Replies: 9
Views: 2069

Re: Home networking suggestions

So you need it as main firewall, right? I think you can *somehow* configure a Mikrotik as a bridge and set it to use the firewall rules on the bridge (set use-ip-firewall=yes), but I believe this implies the need to disable hardware offload and this could result in poor performance. The impact of ha...
by jaclaz
Sun Jan 05, 2025 11:32 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1719

Re: Problem with ping using interfaces

I think you are describing what Is usually called "recursive routing". Check this post for more details: https://forum.mikrotik.com/viewtopic.php?t=157048 Once you confirm this Is the desired result, we'll talk of the details. If - more generally - you are looking for automatic failover th...
by jaclaz
Sun Jan 05, 2025 7:08 pm
Forum: Beginner Basics
Topic: Router on a stick struggles
Replies: 6
Views: 1743

Re: Router on a stick struggles

/interface bridge filter # in/out-bridge-port matcher not possible when interface (wlan1) is not slave add action=drop chain=forward in-interface=wlan1 # in/out-bridge-port matcher not possible when interface (wlan1) is not slave add action=drop chain=forward out-interface=wlan1 # no interface add ...
by jaclaz
Sun Jan 05, 2025 6:24 pm
Forum: General
Topic: Home networking suggestions
Replies: 9
Views: 2069

Re: Home networking suggestions

But what is the actual use of the Mikrotik? There are no problems in setting it as a (managed or "dumb") switch, but of course then it will behave like a switch, to all practical effects (besides having three LAN ports available) it would (should) be exactly the same if you bypass it and c...
by jaclaz
Sun Jan 05, 2025 6:10 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 2447

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

A packet lost on a LTE connection (possibly through wifi) should not be a problem of actual connectivity. So your DNS is working (it can resolve google.com just fine) and you do have internet connection on both ethernet and wifi. Since you are using windows (I presume a recent one like 10) you shoul...
by jaclaz
Sun Jan 05, 2025 5:41 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 2447

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

What anav just posted is a "complete" and "final" confiiguration, I believe it would be more useful, before studying and implementing that solution, to try understanding what is the issue right now, before introducing the complications of the complete setup, with VLAN's and what ...
by jaclaz
Sun Jan 05, 2025 12:13 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 2447

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

You seemingly have a duplicate masquerade rule in /ip firewall nat (but that shoudln't be an issue. Post the output of: /ip address print and of /ip route print Try to be more precise when reporting a problem, "cannot access internet" may be due to several reasons, try /ping 8.8.8.8 what i...
by jaclaz
Sun Jan 05, 2025 11:54 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 3724

Re: old configs don't work [SOLVED]

Unless I am missing something, it should be possible even without VRF's, the "generic" case being "access multiple devices with same fixed IP address connected to different ports/interfaces". Here is a solved case for two devices (I don't see how it cannot be extended to more dev...
by jaclaz
Sat Jan 04, 2025 6:34 pm
Forum: Beginner Basics
Topic: Router on Stick for lab purposes
Replies: 4
Views: 1360

Re: Router on Stick for lab purposes

Cheapest wold probably be hap lite, but with only 16 Mb of storage (and 32 Mb RAM) you won't be able to run Ros 7 on it (or at least it won't be easy or working "right"). Nowadays I wouldn't buy (new) a device with less than 64 Mb or 128 Mb storage. Right now probably the best bang for the...
by jaclaz
Sat Jan 04, 2025 6:03 pm
Forum: Wireless Networking
Topic: Wireless Wire questions
Replies: 8
Views: 2698

Re: Wireless Wire questions

From what I understand what you are experiencing is a "side-effect" of a problem with your configurations. In the 86 and 87 you have (correctly) both ether1 and wlan60-1 added to the bridge: /interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether1 \ in...
by jaclaz
Sat Jan 04, 2025 3:58 pm
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1750

Re: Cant Update Wifi Extender

That solved it, I now understand both errors and how they happen and was able to upgrade the one networks wifi extenders and will do the others when next on site.

Thank you very much.
Good. :)
You are welcome of course.
by jaclaz
Sat Jan 04, 2025 12:17 pm
Forum: Beginner Basics
Topic: VLAN and Smart home stuff block from internet only for BTH VPN
Replies: 9
Views: 3002

Re: VLAN and Smart home stuff block from internet only for BTH VPN

Make those - say - VLAN10 and VLAN20.
And here ends all my knowledge on VLANs: DO NOT USE VLAN1.
by jaclaz
Sat Jan 04, 2025 11:57 am
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1750

Re: Cant Update Wifi Extender

Well, in this configuration: Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP; + - ECMP Columns: DST-ADDRESS, GATEWAY, DISTANCE DST-ADDRESS GATEWAY DISTANCE DAd+ 0.0.0.0/0 192.168.0.1 1 DAd+ 0.0.0.0/0 192.168.1.1 1 DAc+ 192.168.0.0/24 bridge1 0 DAc+ 192.168.0.0/24 bridge1 0 DAc+ 192.168.1.0/24 ...
by jaclaz
Fri Jan 03, 2025 11:05 pm
Forum: General
Topic: Hap ax3
Replies: 3
Views: 1335

Re: Hap ax3

by jaclaz
Fri Jan 03, 2025 8:38 pm
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1750

Re: Cant Update Wifi Extender

You have BOTH a static IP address AND a DHCP client running on both bridges: /ip address add address=192.168.1.4/24 interface=bridge2 network=192.168.1.0 add address=192.168.0.4/24 interface=bridge1 network=192.168.0.0 /ip dhcp-client add interface=bridge1 add interface=bridge2 This may (or may not)...
by jaclaz
Thu Jan 02, 2025 7:35 pm
Forum: General
Topic: Configuring VLAN tagged/untagged
Replies: 11
Views: 2096

Re: Configuring VLAN tagged/untagged

I dont understand this nomenclature add address=10.87.2.28 /28 interface=MGMT_VLAN network=10.87.2. 16 I think the .16 should be .0 and the subnet mask is fine if you really only wanted 14 usable IP addresses!! if the .16 is changed to .0 the .28 will be outside the subnet. https://www.calculator.n...
by jaclaz
Thu Jan 02, 2025 7:06 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 3088

Re: Simple Bridge with Firewall rules for Ether1 (internet))

Essentially the same advice Cat12 just provided a little more detailed: /interface bridge add name=bridge1 /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik OK. /interface bridge port add bridge=bridge1 interface=eth...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 8