Community discussions

MikroTik App

Search found 2143 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 8
by jaclaz
Thu Jan 23, 2025 12:07 pm
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 10
Views: 494

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

Yep, how can the 10.10.10.x devices connect to the gateway at 192.168.88.1? :shock:
Do you want to route that connection? :?:
by jaclaz
Thu Jan 23, 2025 11:34 am
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 10
Views: 494

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

You seem to have the gateway set to "self" (10.10.10.1).
If the router has a dhcp server enabled (as it normally should) there might be additionally a conflict with the dhcp addresses.

Post the output of these commands (on the AP):
/ip address print
and:
/ip route print
by jaclaz
Thu Jan 23, 2025 11:08 am
Forum: General
Topic: Filesystem forensic image
Replies: 18
Views: 898

Re: Filesystem forensic image

Re-thinking about it, I believe you can also attempt "brute-forcing" the values. It is not like there are tens or hundreds of possibilities, the single oob record cannot logically be smaller than 8 bytes, and more likely is either 16 or 32 bytes (i don't think that odd values or non multip...
by jaclaz
Wed Jan 22, 2025 9:13 pm
Forum: General
Topic: Filesystem forensic image
Replies: 18
Views: 898

Re: Filesystem forensic image

Neither can I, but again, with a hex viewer and a little patience it should be easy to identify the oob, see here another example:
https://redballoonsecurity.com/flash-dump/
by jaclaz
Wed Jan 22, 2025 7:34 pm
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 10
Views: 494

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

For anyone interested I've used this configuration on the AP https://www.youtube.com/watch?v=6P0MDlYWR_E
Maybe or maybe not :shock: (mistakes and typos happen).
It would be better/easier if you post your current configuration of the AP.
by jaclaz
Wed Jan 22, 2025 7:30 pm
Forum: General
Topic: Reboot loop after updating wAP
Replies: 5
Views: 292

Re: Reboot loop after updating wAP

Allow me to disagree. What would be the problem in having the update process actually checking that there is enough space (+ a reasonable amount of "slack") and simply plain refusing to go on? With a message *like*: The pre-update check determined that this device has x.xx Kbytes free, a m...
by jaclaz
Wed Jan 22, 2025 6:40 pm
Forum: General
Topic: Filesystem forensic image
Replies: 18
Views: 898

Re: Filesystem forensic image

Nice find. :) The related blog post: https://www.j-michel.org/blog/2014/05/27/from-nand-chip-to-files explains in detail how the oob/spare data works :) , and on the main page: https://github.com/Hitsxx/NandTool/tree/master it is clear that you can use oob and page size instead of chip ID (as it see...
by jaclaz
Wed Jan 22, 2025 3:28 pm
Forum: General
Topic: PoE status on boot
Replies: 5
Views: 231

Re: PoE status

You can add a script in scheduler, it has an option to run at startup (and interval must be 0), see:

https://help.mikrotik.com/docs/spaces/R ... /Scheduler
by jaclaz
Wed Jan 22, 2025 11:48 am
Forum: Beginner Basics
Topic: Guest WiFi setup with one main router and a couple of APs in bridge mode
Replies: 10
Views: 494

Re: Guest WiFi setup with one main router and a couple of APs in bridge mode

I would start from this post by pcunite (the same author of the main VLAN related tutorial on the forum: https://forum.mikrotik.com/viewtopic.php?t=143620 ): https://forum.mikrotik.com/viewtopic.php?t=141279 It seems like your setup is similar to that one, the difference is only that you have a seco...
by jaclaz
Wed Jan 22, 2025 11:19 am
Forum: Beginner Basics
Topic: VLAN on a single port
Replies: 9
Views: 633

Re: VLAN on a single port

The RB2011 is a "special" device that has two switch chips: https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features Atheros8327 (ether1-ether5+sfp1); Atheros8227 (ether6-ether10) The "modern" way to do what you want to accomplish (good on *any* Mikrotik hard...
by jaclaz
Wed Jan 22, 2025 2:19 am
Forum: General
Topic: Filesystem forensic image
Replies: 18
Views: 898

Re: Filesystem forensic image

I think unsquash Is very "strict" and expects a "sound" filesystem and throws a fit even if minor issues are found. I cannot remember if a tool for recovery/fix exists, something *like* dmde which Is excellent for other filesystems. 7-zip should be capable of reading a squashfs a...
by jaclaz
Tue Jan 21, 2025 7:35 pm
Forum: Beginner Basics
Topic: VLAN on a single port
Replies: 9
Views: 633

Re: VLAN on a single port

Yep, also a degree in electronics with a master in networking might help, but come on, it is a home network, if the requirements are not absurd it should be possible to fulfill them in a relatively simple way. The concepts in themselves are not that difficult (Mikrotik specific implementation might)...
by jaclaz
Tue Jan 21, 2025 7:19 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 859

Re: external dhcp delay on cap ac

The same address on ether1 and on the bridge containing it is "wrong", whether it is part of the issue or not, only the bridge should have an IP address. It is not sent in unicast mode and it is sent as broadcast? Sent by which device? The CCR, right? So there are two possibilities: 1) the...
by jaclaz
Tue Jan 21, 2025 12:41 pm
Forum: Beginner Basics
Topic: Bridge operation mode as a layer 2 switch with packet filtering
Replies: 8
Views: 647

Re: Bridge operation mode as a layer 2 switch with packet filtering

I am not sure to understand the setup with ether1 part of the bridge (actually I am pretty sure I don't understand it), but maybe using the interface instead of the interface list?:
add action=drop chain=forward comment="drop all coming from ether1" in-interface=ether1
by jaclaz
Tue Jan 21, 2025 12:07 pm
Forum: Beginner Basics
Topic: "No Route to Host" after upgrade to v 7.17
Replies: 3
Views: 301

Re: "No Route to Host" after upgrade to v 7.17

Happy you solved it :) .
by jaclaz
Tue Jan 21, 2025 11:39 am
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 859

Re: external dhcp delay on cap ac

So, you have a chain *like*: Mikrotik CCR <- running centralized DHCP server Cisco 2960 #1 Cisco 2960 #2 Mikrotik AP If the same Mikrotik AP moved to another building (with a similar chain of devices) works, it must mean that *something* is different in another device, either the CCR settings/config...
by jaclaz
Tue Jan 21, 2025 11:14 am
Forum: Beginner Basics
Topic: Can't log into switch from a Macintosh.
Replies: 8
Views: 343

Re: Can't log into switch from a Macintosh.

I don't think that the issue is related to the macintosh vs. windows or linux. Check that the MAC on the label is the same as in the paper leaflet and the same one as the MAC you get in Winbox, while it is possible that a device has been exchanged during manufacturing/packaging, it is - I believe - ...
by jaclaz
Mon Jan 20, 2025 9:19 pm
Forum: Beginner Basics
Topic: "No Route to Host" after upgrade to v 7.17
Replies: 3
Views: 301

Re: "No Route to Host" after upgrade to v 7.17

Post what you get for: /ip address print and /ip route print I would try anyway to change this: /interface detect-internet set detect-interface-list=all internet-interface-list=all lan-interface-list=\ all wan-interface-list=all to: /interface detect-internet set detect-interface-list=none internet-...
by jaclaz
Mon Jan 20, 2025 9:02 pm
Forum: General
Topic: Which HW for Verizon Cellular in NY
Replies: 8
Views: 348

Re: Which HW for Verizon Cellular in NY

I think the thread, and the threads referenced therein, do not point to an MT device that is definetly compatible with Verizon Wireless in the USA.
Exactly.
It seems like such device does not exist (yet) in the Mikrotik product range.
by jaclaz
Mon Jan 20, 2025 8:35 pm
Forum: General
Topic: Which HW for Verizon Cellular in NY
Replies: 8
Views: 348

Re: Which HW for Verizon Cellular in NY

Maybe this thread:
viewtopic.php?p=1082937
can give you some ideas.
by jaclaz
Mon Jan 20, 2025 7:55 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 859

Re: external dhcp delay on cap ac

Only for the record: Firewall rules are not created automatically. They are present in the default configuration for so-called SOHO Mikrotik devices, that typically have: 1 ) all ports BUT ether1 in bridge 2 ) ether1 as WAN 3 ) bridge as LAN 4 ) default firewall filter rules 5 ) dhcp client on ether...
by jaclaz
Mon Jan 20, 2025 7:00 pm
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 4
Views: 438

Re: RTFC11: how to power with PoE 802.11at/af?

Yup. Product page says Unit has 12-57V PoE with 802.3af/at support ( with unshielded cross cable ) (emphasis is mine) In addition to emphasis, can you also translate from Mikrotikish? What (the heck) is a cross cable? Does it mean cross over ? But in crossover cables the 4,5,7,8 used for PoE remain...
by jaclaz
Mon Jan 20, 2025 4:49 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 859

Re: external dhcp delay on cap ac

So you agree, that if an IT person for a university is going to use MT product ... You talkin' to me? :?: I don't know/cannot say, I am non-IT and non-university, and just a beginner level user of MT products, I am only commenting on what I see (and on the little I can understand of it) of the post...
by jaclaz
Mon Jan 20, 2025 3:39 pm
Forum: General
Topic: USB port doesnt work on hAP ac lite
Replies: 4
Views: 292

Re: USB port doesnt work on hAP ac lite

Compare with the list here: https://help.mikrotik.com/docs/spaces/ROS/pages/13500447/Peripherals some of them are only supported if they have a certain firmware revision or USB vid/pid or will only work on v7 and not v6. HUAWEI E3372h-153 -> should work? HUAWEI E3372h-320 -> v7 only HUAWEI E352S-5 -...
by jaclaz
Mon Jan 20, 2025 3:25 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 859

Re: external dhcp delay on cap ac

I am perplexed :? (but what do I know?) Both ether1 (classified as WAN) and bridge (classified as LAN) have the same static IP address of 172.18.224.5/22, AND ether1 is member of bridge, AND it is the only flagged trusted interface, AND dhcp snooping is on, AND there is a static route with gateway. ...
by jaclaz
Mon Jan 20, 2025 12:43 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 1900

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

I think we are getting into a sort of circular reasoning. There are two theories right now: 1) the CHR image at first boot gets somehow "personalized" to the (virtual or real) hardware it is booted on, and from second boot it will only work on exactly same or very similar (virtual or real)...
by jaclaz
Mon Jan 20, 2025 12:23 pm
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 4
Views: 438

Re: RTFC11: how to power with PoE 802.11at/af?

You mean the R B TFC11: https://mikrotik.com/product/RBFTC11 ? By default it comes with an injector that is this one: https://mikrotik.com/product/RBGPOE That definitely uses mode B (4,5+/7,8-). In theory a 802.3af/at compliant PD should accept both Mode A and mode B (it is the PSE that decides on w...
by jaclaz
Mon Jan 20, 2025 11:46 am
Forum: General
Topic: Help : 2 WAN 1 LAN Configuration [SOLVED]
Replies: 3
Views: 335

Re: Help : 2 WAN 1 LAN Configuration [SOLVED]

Maybe you need:
add address=192.168.10.3/32 list=FOR-WAN1
? :?:
by jaclaz
Sun Jan 19, 2025 11:56 pm
Forum: General
Topic: Adding bridge interface to WAN - is there anything special?
Replies: 2
Views: 210

Re: Adding bridge interface to WAN - is there anything special?

Well, there may be some confusion in terminology. A bridge is an interface that contains interface(s), i.e. you don't assign a bridge to an interface, you add the interface(s) to the bridge. You can then strip the interface from the bridge, not viceversa. If you prefer an interface (like ether1 for ...
by jaclaz
Sun Jan 19, 2025 11:19 pm
Forum: General
Topic: Filesystem forensic image
Replies: 18
Views: 898

Re: Filesystem forensic image

Aside from updating, what can be done to prevent someone from making such forensic bit-by-bit images and make sure there is plenty of variance? You can update as much as you want, if the hypothetical hacker interested in the secrets you store on your router has physical access to the device for eno...
by jaclaz
Sun Jan 19, 2025 11:04 pm
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 93
Views: 3834

Re: L3 HW Offloading

When you say the main table - are you talking about the firewall table then? No. It Is the table you printed, containing routes. By default on Mikrotik there Is only one routing table, called "main". But more tables can be added. All traffic will use this main table, unless explicit modif...
by jaclaz
Sun Jan 19, 2025 8:26 pm
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 93
Views: 3834

Re: L3 HW Offloading

Sorry to be the bearer of bad news, but (IMHO) you won't get very far with GUI only tools, the Mikrotik configuration settings are already at the same time scattered all over the place and mixed up together that without some use of terminal/command line they are impossible or near to impossible to u...
by jaclaz
Sun Jan 19, 2025 7:54 pm
Forum: Beginner Basics
Topic: Setting up DHCP for beginners
Replies: 5
Views: 523

Re: Setting up DHCP for beginners

Beginners dont normally need more than 50 addresses ....
Beginners (with lots of friends) throwing parties like there is no tomorrow? :?:
:lol:
by jaclaz
Sun Jan 19, 2025 6:38 pm
Forum: Beginner Basics
Topic: external dhcp delay on cap ac
Replies: 18
Views: 859

Re: external dhcp delay on cap ac

But is the issue generated by the DHCP server or by the last element in the chain (the Mikrotik Ap's) or somewhere in between? Which device acts as DHCP server? I would try connecting to one of its ports a dumb switch and see if a device attached to this dumb switch gets an IP and does so in a timel...
by jaclaz
Sun Jan 19, 2025 6:12 pm
Forum: General
Topic: L3 HW Offloading RB5009
Replies: 93
Views: 3834

Re: L3 HW Offloading

The things rplant suggested are firewall (raw) rules (in prerouting I believe), not routing rules (policy routing).

https://help.mikrotik.com/docs/spaces/R ... 6/Firewall
by jaclaz
Sun Jan 19, 2025 6:06 pm
Forum: General
Topic: PCC load balancing and VOIP
Replies: 6
Views: 363

Re: PCC load balancing and VOIP

.... but you will need to post a full (anonymized) /export, otherwise it will be difficult for willing helping members to guess your (say) mangle rules or in any case, holistically evaluate your configuration.
by jaclaz
Sun Jan 19, 2025 4:48 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 1900

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

https://github.com/ayufan-research/mikrotik-qemu-arm64 yep, but we are back that what you do at home may (or may not) work on the cloud: 4. use it as a reference image/configuration to deploy in the wild. As explained above, using a reference image is exactly what you can not do with a CHR, because...
by jaclaz
Sun Jan 19, 2025 4:43 pm
Forum: General
Topic: RB5009 vlan mgmt to sxt passthrough
Replies: 2
Views: 295

Re: RB5009 vlan mgmt to sxt passthrough

sxt lte mgmt vlan ether 1 -> rb5009 ether3 vlan 200 mgmt (added to bridge-LAN) sxt lte passthrough ether 1 -> rb5009 ether 3 WAN_LTE What you describe doesn't seem to match with your config: /interface vlan add interface=bridge-LAN name=VLAN_10_LAN vlan-id=10 add interface=bridge-LAN name=VLAN_20_K...
by jaclaz
Sun Jan 19, 2025 4:29 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 1900

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

1. run it in your local environment
oh, oh:
@jaclaz: even if that was possible, how would you do it for architecture you don't have at home (e.g. ampere)?
by jaclaz
Sun Jan 19, 2025 3:03 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 1900

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

So, the only "defense" is what rextended suggested for the other case where default config (reset) might get online (LTE devices where you don't want or cannot remove SIM)? but in that case there are some 20-30 seconds of time before the SIM registers to the network: https://forum.mikrotik...
by jaclaz
Sun Jan 19, 2025 2:41 pm
Forum: Beginner Basics
Topic: Stuck in config: winbox and disconnections [SOLVED]
Replies: 5
Views: 627

Re: Stuck in config: winbox and disconnections [SOLVED]

On the cAP: /interface list add comment=defconf name=WAN add comment=defconf name=LAN this sets two categories. WAN and LAN (if you prefer outside and inside, dangerous and safe). But then you have: /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=et...
by jaclaz
Sun Jan 19, 2025 2:18 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 1900

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

@sindy Not even: 1) download a "clean" CHR image from Mikrotik 2) mount/run it locally (VM) 3) change admin user and set a "strong" password 4) upload to cloud 5) configure online ? :shock: I did know that the "s" in "cloud" is the same as the one in "iot...
by jaclaz
Sun Jan 19, 2025 12:45 pm
Forum: Beginner Basics
Topic: need help getting started
Replies: 1
Views: 203

Re: need help getting started

Out of curiosity, did you brick all four of them? If a "plain" reset does not work, you can try netinstall, but since the latter is often tricky to setup (PC network card/firewall, sometimes need of a dumb switch between PC and router, etc), it would help to simulate it on a surely working...
by jaclaz
Sun Jan 19, 2025 12:37 pm
Forum: General
Topic: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2
Replies: 19
Views: 1796

Re: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2

Get a mikrotik, create those bridges and then place a device (or two) that has two ethernet interfaces behind one enslaved port of bridgeA and another of an enslaved port of bridgeB. Sure, and introduce by mistake 2 to 34 of the possible 4587 differences between your configuration and the recreated...
by jaclaz
Sun Jan 19, 2025 12:30 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 1900

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

Whereas most cloud providers allow to install your own disk image, the first start of the CHR image downloaded from the Mikrotik site includes some initialization, so installing the CHR on your virtualization platform at home, setting up some basic firewall rules or even a VPN, and then installing ...
by jaclaz
Sun Jan 19, 2025 1:18 am
Forum: General
Topic: PXE Boot From Mikrotik
Replies: 17
Views: 24795

Re: PXE Boot From Mikrotik

Semi-random thought, but do you really need a "multidot" filename? I know that the (good ol') '90's are long gone, but (still good ol') 8.3 filename can some times help. Only for the record, in the (again good ol') days of BartPe, XP USB booting, etc. it was a common saying "oh noes, ...
by jaclaz
Sun Jan 19, 2025 12:41 am
Forum: Wireless Networking
Topic: Unstable connection with pair of nRAYG60ad
Replies: 5
Views: 687

Re: Unstable connection with pair of nRAYG60ad

A device that Is intended for links up to 1500 m or more cannot be very good at short distances, generally speaking. I like to imagine that the two devices, which have very good hearing, are shouting at each other at the top of their lungs. At 20 meters alignment Is a non-issue, you turn the device ...
by jaclaz
Sat Jan 18, 2025 2:25 pm
Forum: Beginner Basics
Topic: Help with routing Internet through a RB5009UG router....
Replies: 4
Views: 1209

Re: Help with routing Internet through a RB5009UG router....

There is some confusion in your configuration. You should start by using the "normal" default firewall settings, but first fix the following otherwise your ether8 won't have correct access: /interface list add name=WAN add name=LAN /interface list member add interface="sfpplus1-(INTER...
by jaclaz
Sat Jan 18, 2025 1:00 pm
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 77
Views: 17056

Re: Router OS 7 on UEFI

The gdisk analysis of that image is fine, (no problems found). It is a MBR/GPT hybrid, the data in both the partition tables is correct. The first partition is (correctly for UEFI booting) a FAT filesystem. All sizes are ALREADY megabyte aligned BUT there is something strange (at least on my Windows...
by jaclaz
Sat Jan 18, 2025 1:22 am
Forum: Forwarding Protocols
Topic: How to connect WAN directly to some port, bypassing NAT
Replies: 13
Views: 2081

Re: How to connect WAN directly to some port, bypassing NAT

So It Is what rextended posted : Put a switch on the WAN and attach the gateway WANs to it ... If we can abstract for a moment from the fact that having more than one bridge on a single Mikrotik device Is usually not advised, you could have: bridgeWAN with ether1 and ether2 in it and bridgeLAN with ...
by jaclaz
Sat Jan 18, 2025 12:55 am
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 77
Views: 17056

Re: Router OS 7 on UEFI

No idea on the peculiarities (if any) of ARM architecture, but on x86/x64 there Is no differences whatsoever among the various interfaces/buses (like ide/sata/scsi). There are two partitioning styles, i.e. MBR and GPT, and that's It. Then there Is the issue (for UEFI) of the accessibility of the fir...
by jaclaz
Fri Jan 17, 2025 11:59 pm
Forum: General
Topic: Can mikrotik be a web-server with one only simple static web page?
Replies: 1
Views: 285

Re: Can mikrotik be a web-server with one only simple static web page?

I believe that it Is possible to (ab-) use the hotspot/captive portal features. Particularly if - as in your case - you can redirect to a specific url and if the Mikrotik device isn't the gateway (or Is It?). I was thinking of something similar a few day ago, but in my intended case the issue Is con...
by jaclaz
Fri Jan 17, 2025 8:58 pm
Forum: Beginner Basics
Topic: fiber link between rb5009 and crs318 ramdomly down
Replies: 2
Views: 316

Re: fiber link between rb5009 and crs318 ramdomly down

If it's normal, can someone give me a hand and create a script that pings from rb5009 to crs318 and if fails disable / enable sfp interface... Personally I don't think it is normal, but if the crs318 has an IP address, you could use netwatch for the check. https://help.mikrotik.com/docs/spaces/ROS/...
by jaclaz
Mon Jan 13, 2025 11:50 pm
Forum: RouterBOARD hardware
Topic: wAP AX Range (sqft/sqm)?
Replies: 3
Views: 619

Re: wAP AX Range (sqft/sqm)?

And I would add also where the cat6 sockets are located, if on the ceiling of a central room the wAP is not so suitable as it Is not omnidirectional and a cAP (or another manufacturers ceiling AP) would be more suitable. That Is if the floor plan Is roughly a square, if It Is long and narrow it's an...
by jaclaz
Mon Jan 13, 2025 8:52 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 849

Re: Automation Gateway With Mikrotik [SOLVED]

The 951/mipsbe will work with wireguard on Ros 7.x, the issue is working around your apparent lack of a public address.
by jaclaz
Mon Jan 13, 2025 8:41 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 849

Re: Automation Gateway With Mikrotik [SOLVED]

An ax-lite or hex refresh is 60 bucks or so, try converting that in minutes/hours/days :shock: (depending on where you are located) of engineer time, + minutes/hours/days of industrial machine production margin, usually (not always, but often enough) bosses are sensible to this way to present them t...
by jaclaz
Mon Jan 13, 2025 8:20 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 849

Re: Automation Gateway With Mikrotik [SOLVED]

Wireguard?

https://help.mikrotik.com/docs/spaces/R ... /WireGuard

It should run just fine (with a low bandwidth, but surely you don't need speed) on your 951, updated to v7.x RoS:
viewtopic.php?t=197824
by jaclaz
Mon Jan 13, 2025 5:57 pm
Forum: Beginner Basics
Topic: From Quick Setup Bridge Mode to simple Firewall Rule
Replies: 26
Views: 4116

Re: From Quick Setup Bridge Mode to simple Firewall Rule

Hello, would you please provide an updated reference? "In that case you simply need this guidance - https://forum.mikrotik.com/viewtopic.php?t=182276", the link is not working Could you please provide a solution based on the attached config? Thank you Wayback Machine to the rescue: https:...
by jaclaz
Mon Jan 13, 2025 5:38 pm
Forum: General
Topic: Voltage logging
Replies: 1
Views: 323

Re: Voltage logging

You can put together a script. As an example combining this: https://forum.mikrotik.com/viewtopic.php?t=198614 with this: https://forum.mikrotik.com/viewtopic.php?t=189253 Or - way easier if you are not into scripting, try splunk: https://forum.mikrotik.com/viewtopic.php?t=179960 you can have someth...
by jaclaz
Mon Jan 13, 2025 4:04 pm
Forum: Beginner Basics
Topic: WiFi Station to Ethernet Port
Replies: 6
Views: 697

Re: WiFi Station to Ethernet Port

I don't understand how it can connect to your Wi-Fi access point as there is no station (or station-bridge or station-pseudobridge) mode set in /interface wireless and without wpa and wpa2-pre-shared-key (maybe these latter are not shown without the show sensitive, as in /export show-sensitive, but ...
by jaclaz
Mon Jan 13, 2025 12:48 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 895

Re: Is there a simple way to hang a virtual "Out of order" sign?

Well,. at least we tried. Re-searching I found this thread https://forum.mikrotik.com/viewtopic.php?t=136510 where sindy was (as he always is) clear: https://forum.mikrotik.com/viewtopic.php?t=136510#p672515 So I re-asked an already asked and replied to question, my bad. :oops: It remains (IMHO) a p...
by jaclaz
Sun Jan 12, 2025 6:32 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 895

Re: Is there a simple way to hang a virtual "Out of order" sign?

Yep, but this would assume that the LAN is all DHCP clients (which isn't right now) but even if I changed it to becoming dynamic (possibly needing a few machines to have static assignments via MAC), I would need this "temporary replacement device" to replicate the same DHCP server settings...
by jaclaz
Sun Jan 12, 2025 5:51 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 37554

Re: wAP ax?

For *some reasons* the US site specification page: https://www.tp-link.com/us/business-networking/omada-sdn-access-point/omada-eap770/#specifications does not show power requirements. The Italian site does: https://www.tp-link.com/it/business-networking/omada-wifi-wifi7/eap770/ EU: 24.05 W (802.3bt,...
by jaclaz
Sun Jan 12, 2025 5:29 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 895

Re: Is there a simple way to hang a virtual "Out of order" sign?

Or even older foot messengers ... :lol:
by jaclaz
Sun Jan 12, 2025 5:03 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 895

Re: Is there a simple way to hang a virtual "Out of order" sign?

All employees have a cell phone...... Send mass text message - internet out restoration time est XX:XX Hrs. I see from your reply how you have a vast experience of (graciously) managing personnel in activities that run 24/7 (please read shifts) and that your employees at home or in vacation simply ...
by jaclaz
Sun Jan 12, 2025 4:46 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 895

Re: Is there a simple way to hang a virtual "Out of order" sign?

I understand now, you are proposing a "captive portal" that leads to nowhere, I was tricked by the word "hotspot" that I instinctively connected with "Wi-FI stuff", almost any tutorial/example I had seen was about the /ip hotspot assigned on wlan1, but of course it can ...
by jaclaz
Sat Jan 11, 2025 8:18 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 895

Re: Is there a simple way to hang a virtual "Out of order" sign?

Yes, I had in mind a possible re-use for one old hap Lite I have around, but I have also a couple (still old) thin clients I am not using, so a minimal Linux with a web server would also be possible. But using hotspot would catch only wi-fi users, and anyway the half-lease time would be too long. An...
by jaclaz
Sat Jan 11, 2025 6:59 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 895

Is there a simple way to hang a virtual "Out of order" sign?

As the thread title says. Maybe it is a stupid question, and it is a non-problem, still I would be curious to know if something like this exists and/or there is some other "common practice" or similar thing. When you do a maintenance intervention on - say - elevators, you put a sign "...
by jaclaz
Sat Jan 11, 2025 4:38 pm
Forum: Beginner Basics
Topic: Auto Redirect IP with Port [SOLVED]
Replies: 6
Views: 771

Re: Auto Redirect IP with Port [SOLVED]

Well, if we assume that the final desired result is: a. type the destination IP address in the browser without specifying port b. *somehow* connect the browser on a specific port of the specific destination IP address a dstnat port remapping seems like a possible solution, it should be something *li...
by jaclaz
Sat Jan 11, 2025 12:27 pm
Forum: Beginner Basics
Topic: Passive Bridge with Firewall
Replies: 2
Views: 436

Re: Passive Bridge with Firewall

This topic:
viewtopic.php?t=185541

seems to me very similar, maybe you can get some ideas/approaches from that one.
by jaclaz
Sat Jan 11, 2025 11:30 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 2765

Re: old configs don't work [SOLVED]

Good. :) Now that you have the general idea/basic setup working, you should check the post by Sindy right after that: https://forum.mikrotik.com/viewtopic.php?p=1110759#p1111163 as his version is more elegant, and compare with the "final" version on the other already mentioned thread: http...
by jaclaz
Fri Jan 10, 2025 11:48 pm
Forum: General
Topic: PoE-out with Mode A [SOLVED]
Replies: 4
Views: 533

Re: PoE-out with Mode A [SOLVED]

Naah, the Planet one Is generally available, but It Is not cheap, example:
https://www.digitx.it/codice/c-poe_e201 ... od-115326/
70 €!
Of course if you are wasting investing the awful amount of money a Doorbird costs, It could be fine.
by jaclaz
Fri Jan 10, 2025 11:16 pm
Forum: General
Topic: PoE-out with Mode A [SOLVED]
Replies: 4
Views: 533

Re: PoE-out with Mode A [SOLVED]

Doorbird is a strange Beast. It declares 802.3af Mode A, which Is against the specs, as 802.3af PD's should be compatibile with BOTH mode A and mode B. Anyway, the question is which specific devices we are talking of, both the Mikrotik and the Doorbird. If the interfaces are 10/100 It Is relatively ...
by jaclaz
Fri Jan 10, 2025 8:18 pm
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 989

Re: Wireguard config help

Well it gets to 172.20.10.1 (and stops there) . What is that address? Your network gateway? I don't really understand how it even gets there without a route (I was suspecting a ping error of "no route to host".). Anyway, post the output of: /ip address print and of /ip route print so that ...
by jaclaz
Fri Jan 10, 2025 8:05 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1621

Re: 4G/LTE router with Dual SIM [SOLVED]

Well, also the Teltonika RUTX12:
https://teltonika-networks.com/products/routers/rutx12
nice thingy, not exactly cheap.
by jaclaz
Fri Jan 10, 2025 7:58 pm
Forum: RouterBOARD hardware
Topic: HEX S sometimes fails to start properly [SOLVED]
Replies: 13
Views: 3218

Re: HEX S sometimes fails to start properly [SOLVED]

Trying an alternate power supply won't be difficult anyway, the hex S accepts a wide range: DC jack input Voltage 12-57 V but also AC3 is pretty much flexible: DC jack input Voltage 12-28 V Personally I would still suspect the zener diodes, and as said they are easy to test with a tester/voltmeter.
by jaclaz
Fri Jan 10, 2025 7:48 pm
Forum: Beginner Basics
Topic: WiFi Station to Ethernet Port
Replies: 6
Views: 697

Re: WiFi Station to Ethernet Port

I don't understand. The mAP lite has only one ethernet port, ether1. You want to connect your radio (wlan1) to an existing wi-fi network? Then the device is a "client" or "station" (and not an AP). And - it depends on choices - it can be configured both as "router" (wit...
by jaclaz
Fri Jan 10, 2025 2:54 pm
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 989

Re: Wireguard config help

UNfortunately the "timeout" in the ping could be due to anything along the connection, including the remote 74.208.xx.xx prevented from replying to ICMP requests (newish windows as an example have a firewall rule that prevents replying from pings coming from outside the local lan), but it ...
by jaclaz
Fri Jan 10, 2025 2:41 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 1615

Re: Hotspot windows users login with wrong ip

Good. :)

Though the "fault" is most probably in the client that attempts to login before having a "proper" DHCP address (or wait for a timeout), it is good to know that RouterOS can deal with that.
by jaclaz
Fri Jan 10, 2025 1:39 am
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 989

Re: Wireguard config help

I presume that the XX.XX.XX.XX is not on the same network 10.8.0.0/24, right?
Can you ping successfully the XX.XX.XX.XX endpoint address from the router?
If not, which error do you get?
by jaclaz
Thu Jan 09, 2025 11:40 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1621

Re: 4G/LTE router with Dual SIM [SOLVED]

To be fair on the posted image, also Huawei claims the same.
It seems more likely that it is something lost in translation (or whatever) connected with amazon than originating from the manufacturers.
by jaclaz
Thu Jan 09, 2025 11:27 pm
Forum: General
Topic: Won't connect without DHCP...?
Replies: 6
Views: 575

Re: Won't connect without DHCP...?

Bad, bad router? Or maybe - just maybe - there is the possibility that there could be something that needs to be changed in its configuration? If this latter could be the case, a good idea would be to post the current configuration for review (anonymizing the sensible data), instructions here: https...
by jaclaz
Thu Jan 09, 2025 5:01 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 10
Views: 1816

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

I don't know.

Maybe you should recreate the exact configuration that creates the slowdown and post that one.

It is harder to read a configuration where something has been removed (or disabled) as you never know if it is missing or is a leftover from another attempt.
by jaclaz
Thu Jan 09, 2025 3:45 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 10
Views: 1816

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

Well, that thread is from 2021, and it is about RouterOS 6.49.1. You are running 7.8 (which is in itself really old). Something may well have changed in the meantime. Even if you don't want to upgrade to latest-latest (that would be 7.16.2) you should IMHO at least upgrade to 7.12.1 (to which you ha...
by jaclaz
Thu Jan 09, 2025 12:47 pm
Forum: Scripting
Topic: Securely storing apikey/tokens for /tool/fetch... Approaches? == $SECRET
Replies: 10
Views: 4675

Re: Securely storing apikey/tokens for /tool/fetch... Approaches? == $SECRET

Try to add the policy policy :shock: I.e.: policy=read,write,test,policy Not that I recommend it, but the primitive method I use when testing scripts is giving them all possible permissions, then remove them one by one until it stops working: https://forum.mikrotik.com/viewtopic.php?p=1050058&hi...
by jaclaz
Thu Jan 09, 2025 1:39 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 2765

Re: old configs don't work [SOLVED]

In 7 you need to explicitly add the routing tables and the routing-mark becomes routing-table in /ip route, as already hinted. Like: /routing table add fib name=via-ether2 add fib name=via-ether3 and then: /ip route add distance=1 dst-address=10.1.1.0/24 gateway=ether2 routing-table=via-ether2 in ma...
by jaclaz
Wed Jan 08, 2025 9:09 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1143

Re: Problem with ping using interfaces

Only for the record and JFYI, there is a way out for cases where the narrow route becomes invalid/inactive (for one reason or the other), which is to add a second narrow route as blackhole, but with a higher distance, is that your case?. See, as an example: https://forum.mikrotik.com/viewtopic.php?t...
by jaclaz
Wed Jan 08, 2025 8:24 pm
Forum: Beginner Basics
Topic: What if I just want to use it as a switch? [SOLVED]
Replies: 8
Views: 1289

Re: What if I just want to use it as a switch? [SOLVED]

I think you missed the word "just" in the subject, or misinterpreted that I want to keep things as simple as possible It was more a reply to your question: Can I just install SwitchOS instead of RouterOS? Let me rephrase the answer: No, that device can only run RoS and not SwitchOS. Other...
by jaclaz
Wed Jan 08, 2025 8:18 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1948

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

(besides nicer layout): I don't know :? , those 90° cable bends are ugly :shock: and they are not very good for the flow of data. 0's are usually OK, but 1's may get entangled in those sharp corners. :wink: (I know it's an old joke, but I cannot resist) :lol: Happy the whiole stuff is working. :)
by jaclaz
Wed Jan 08, 2025 8:06 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1143

Re: Problem with ping using interfaces

Well, what do you think netwatch is supposed to do? :?: :wink: https://help.mikrotik.com/docs/spaces/ROS/pages/8323208/Netwatch Using the (newish) ICMP mode (as opposed to "simple" ping) it allows for "fine-tuning" the failover triggering, and it has a few other modes too, beside...
by jaclaz
Wed Jan 08, 2025 7:48 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1369

Re: LTE issue on reboot

@Amm0 That is another aspect. :) But I don't know. :? Let's divide the matter in three: 1 ) what triggers the execution of a script (event) 2 ) what triggers the execution of a script (detection method) 3 ) what remedies we can implement (actions the script executes) The script could be triggered EI...
by jaclaz
Wed Jan 08, 2025 2:55 pm
Forum: General
Topic: what happens when CHR 60 days trial is expired!
Replies: 7
Views: 5049

Re: what happens when CHR 60 days trial is expired!

That is not true and topic is incorrectly marked as solved WHAT is not true? The help page: https://help.mikrotik.com/docs/spaces/ROS/pages/18350234/Cloud+Hosted+Router+CHR Free licenses There are several options to use and try CHR free of charge. free The free license level allows CHR to run indef...
by jaclaz
Wed Jan 08, 2025 12:51 pm
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 967

Re: RB5009UPr+S+IN: POE or POE+

thanks. I'm trying to power 2 Netgear WAX620 access points. The product data sheet says the device uses 25.5W. Seems like the 5009 will underpower them using the supplied barrel connector power supply? That is a beast of access point. :shock: And it is a strange beast, as the datasheet: https://www...
by jaclaz
Wed Jan 08, 2025 11:45 am
Forum: RouterBOARD hardware
Topic: RB260GSP POE Switch
Replies: 6
Views: 886

Re: RB260GSP POE Switch

Well, the good news are that: Netzwerkschnittstelle 10Base-T/100Base-TX RJ45 LAN-Anschluss PoE (nur für PoE-Version) IEEE 802.3af (+ Pin 4 und 5 / - Pin 7 und 8) IF it is the PoE version, it uses Mode B, and the interface is 10/100. BUT there is an added issue. Something, to be 802.3af compatible, n...
by jaclaz
Wed Jan 08, 2025 10:55 am
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1948

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Yes, this would make much more sense. :) ISP do sometimes have "strange" settings, but in the cases where some services are on tagged VLAN the VLAN number is not 1, it is only the way the Mikrotik "sees" the untagged traffic. @mkx So, it still boils down to "do not use VLAN1...
by jaclaz
Wed Jan 08, 2025 1:11 am
Forum: Beginner Basics
Topic: What if I just want to use it as a switch? [SOLVED]
Replies: 8
Views: 1289

Re: What if I just want to use it as a switch? [SOLVED]

The CRS304-4XG-IN Is anyway NOT among the dual boot devices:

https://mikrotik.com/products/group/s ... oot%22]#!
So if you want to go down that road you need to choose another device model.
by jaclaz
Wed Jan 08, 2025 1:04 am
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1369

Re: LTE issue on reboot

Your router(s), your choice.
by jaclaz
Wed Jan 08, 2025 12:58 am
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 967

Re: RB5009UPr+S+IN: POE or POE+

Sure, but if you Power a 16 W device with 30 W (max of the 802.3at Power supply) you can expect to draw, total of the other 7 ports, 14 W or so. If you prefer a 802.3at Power supply can Power - chained - no more than 2 x 802.3af *like* devices, let's say the RB5009 and an AP connected to one of the ...
by jaclaz
Wed Jan 08, 2025 12:32 am
Forum: 3rd party tools
Topic: 🚀 RemoteWinBox Admiral centralized MikroTik Management
Replies: 6
Views: 1977

Re: 🚀 RemoteWinBox Admiral centralized MikroTik Management

Nothing meant by it....We were surprised by the large number of use cases for our software for Starlink integrators. Ah, ok, you meant more like professional users than final customers, since starlinks are more likely installed in remote areas It makes perfect sense that a remote management solutio...
by jaclaz
Wed Jan 08, 2025 12:21 am
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 967

Re: RB5009UPr+S+IN: POE or POE+

Neither. :shock: Each port can provide 440 mA: https://mikrotik.com/product/rb5009upr_s_in 0.44A*48V=21.12 W (typical voltage) 0.44A*57V=25.08 W (max voltage) 802.3af 15.40 W @PSE /12.95 W @PD (POE) 802.3at 30.00 W @PSE / 25.50 W @PD (POE+) The triple power input should be irrelevant, but only ether...
by jaclaz
Tue Jan 07, 2025 11:07 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1369

Re: LTE issue on reboot

I don't see why BOTH approaches cannot be tested. In the script, if LTE cannot be found, try resetting USB. If after - say - 120 seconds the LTE still cannot be found, then, and only then, reboot the router. If It works, It works, and if It doesn't It goes through the full reboot. 120 seconds Is onl...
by jaclaz
Tue Jan 07, 2025 9:13 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1948

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Yep, this is where I was not understanding.
Native VLAN doesn't necessarily mean VLAN1, do you mean that your ISP is using VLAN1 as "native"?
That would be the typical case of the gun pointed at your head.
by jaclaz
Tue Jan 07, 2025 9:07 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1369

Re: LTE issue on reboot

Cannot it be quickly tested by replacing in the script
:log error "LTE1 interface does not exist. Rebooting router..."
/system reboot
with:
:log error "LTE1 interface does not exist. Rebooting USB..."
/system routerboard usb power-reset duration=10s
or similar?
by jaclaz
Tue Jan 07, 2025 8:54 pm
Forum: 3rd party tools
Topic: 🚀 RemoteWinBox Admiral centralized MikroTik Management
Replies: 6
Views: 1977

Re: 🚀 RemoteWinBox Admiral centralized MikroTik Management

Only out of curiosity:
Heck, even Starlink users love us for all the things.
Why the "heck, even"?
Are Starlink users a category apart? :?
by jaclaz
Tue Jan 07, 2025 8:32 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1948

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

#3 and #4, my bad, The point I was trying to make is that the VLAN1 is *somehow* used (at least in RouterOS) as the default VLAN for *something* and there is the risk that using it for *something else* might create conflicts. Maybe in SwOS it is different, and the (few) people that actually fully un...
by jaclaz
Tue Jan 07, 2025 6:00 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1948

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Re: #4 Does your ISP provide the service over VLAN1 or in any other ways forces you to use it? I might have missed where you explained how you were forced - with a gun pointed at your head - to use VLAN1. The usual advice is to NOT use VLAN1, unless it is really-really needed because the consequence...
by jaclaz
Tue Jan 07, 2025 5:24 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 2404

Re: Simple Bridge with Firewall rules for Ether1 (internet))

Why is AI needed to generate really poor configuration when the default config meets 95% of the use case?
To prove - once again - that AI is not (yet :? ) capable of doing anything good? :lol:
by jaclaz
Tue Jan 07, 2025 5:20 pm
Forum: RouterBOARD hardware
Topic: RB260GSP POE Switch
Replies: 6
Views: 886

Re: RB260GSP POE Switch

To further expand on the matter, splitters that take the 24V in and output the 12V for the camera do exist, BUT there is even another issue, Mikrotik (passive) PoE is "mode B", it has to be checked if the splitter is mode A or mode B: https://www.etherwan.com/support/faq/what-poe-power-pin...
by jaclaz
Tue Jan 07, 2025 12:00 am
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1734

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

A saved export Is enough normally, but a (binary) backup gives added security. They have different uses and different characteristics. The backup allows to "clone" a router, It Is "all or nothing". The export represents the exact configuration, but can be modified or used partial...
by jaclaz
Mon Jan 06, 2025 9:17 pm
Forum: General
Topic: downgrade ROS to pre-7.13 version [SOLVED]
Replies: 14
Views: 1620

Re: downgrade ROS to pre-7.13 version [SOLVED]

Well, I have just replaced in december (with a Mikrotik Ax Lite) a self-made router (a repurposed Fujitsu Siemens S200 running Zeroshell) that had been ticking 24/7 since 2012. The actual device was produced in 2004 or so, processor is Transmeta! I originally got one of these on the cheap (like 20 E...
by jaclaz
Mon Jan 06, 2025 8:57 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 1615

Re: Hotspot windows users login with wrong ip

So, is it working with the correct range settings?

I wasn't at all sure whether the mac-cookie login runs "before" the ip-binding block and thus by-passes it..
by jaclaz
Mon Jan 06, 2025 8:16 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1143

Re: Problem with ping using interfaces

Well, the actual idea behind both recursive routing and netwatch checking is to use a "remote" (and likely reliable) DNS server (such as 8.8.8.8, 8.8.4.4.4, 9.9.9.9, 1.1.1.1, etc.) to check the connection to the internet by pinging it. This is done through a "narrow" additional r...
by jaclaz
Mon Jan 06, 2025 5:53 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 1068

Re: Home networking suggestions

The Brume has also a "dedicated" setting called "drop in gateway": https://docs.gl-inet.com/router/en/4/interface_guide/drop-in_gateway/ From what I understand -besides the actual throughput in practice that would need to be tested - it requires disabling the DHCP of the "ma...
by jaclaz
Mon Jan 06, 2025 3:47 pm
Forum: General
Topic: downgrade ROS to pre-7.13 version [SOLVED]
Replies: 14
Views: 1620

Re: downgrade ROS to pre-7.13 version [SOLVED]

Only as a side note, it is refreshing to see someone that reasonably does not upgrade to latest-latest (your point #2) the "production" machines. Bravo! I understand how the forum is largely populated by people that like to experiment and tinker with Mikrotik newish releases, but often upg...
by jaclaz
Mon Jan 06, 2025 2:51 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 1615

Re: Hotspot windows users login with wrong ip

Semi-random idea, would setting ip-binding to something like:
/ ip hotspot ip-binding
add address=169.254.1.0-169.254.254.255 type=blocked
effectively prevent the APIPA addresses from logging in (via mac-cookie)?
by jaclaz
Mon Jan 06, 2025 12:19 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 1615

Re: Hotspot windows users login with wrong ip

It seemingly shaved some little time off, however.

Before it was
08:31.51->08:33:58=2 minutes 7 seconds

and now is:
06:03:52->06:05:55=2 minutes 3 seconds

Can the keepalive timeout be reduced? :?:
by jaclaz
Mon Jan 06, 2025 12:06 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 1068

Re: Home networking suggestions

So you need it as main firewall, right? I think you can *somehow* configure a Mikrotik as a bridge and set it to use the firewall rules on the bridge (set use-ip-firewall=yes), but I believe this implies the need to disable hardware offload and this could result in poor performance. The impact of ha...
by jaclaz
Sun Jan 05, 2025 11:32 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1143

Re: Problem with ping using interfaces

I think you are describing what Is usually called "recursive routing". Check this post for more details: https://forum.mikrotik.com/viewtopic.php?t=157048 Once you confirm this Is the desired result, we'll talk of the details. If - more generally - you are looking for automatic failover th...
by jaclaz
Sun Jan 05, 2025 7:08 pm
Forum: Beginner Basics
Topic: Router on a stick struggles
Replies: 6
Views: 1147

Re: Router on a stick struggles

/interface bridge filter # in/out-bridge-port matcher not possible when interface (wlan1) is not slave add action=drop chain=forward in-interface=wlan1 # in/out-bridge-port matcher not possible when interface (wlan1) is not slave add action=drop chain=forward out-interface=wlan1 # no interface add ...
by jaclaz
Sun Jan 05, 2025 6:24 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 1068

Re: Home networking suggestions

But what is the actual use of the Mikrotik? There are no problems in setting it as a (managed or "dumb") switch, but of course then it will behave like a switch, to all practical effects (besides having three LAN ports available) it would (should) be exactly the same if you bypass it and c...
by jaclaz
Sun Jan 05, 2025 6:10 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1734

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

A packet lost on a LTE connection (possibly through wifi) should not be a problem of actual connectivity. So your DNS is working (it can resolve google.com just fine) and you do have internet connection on both ethernet and wifi. Since you are using windows (I presume a recent one like 10) you shoul...
by jaclaz
Sun Jan 05, 2025 5:41 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1734

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

What anav just posted is a "complete" and "final" confiiguration, I believe it would be more useful, before studying and implementing that solution, to try understanding what is the issue right now, before introducing the complications of the complete setup, with VLAN's and what ...
by jaclaz
Sun Jan 05, 2025 12:13 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1734

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

You seemingly have a duplicate masquerade rule in /ip firewall nat (but that shoudln't be an issue. Post the output of: /ip address print and of /ip route print Try to be more precise when reporting a problem, "cannot access internet" may be due to several reasons, try /ping 8.8.8.8 what i...
by jaclaz
Sun Jan 05, 2025 11:54 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 2765

Re: old configs don't work [SOLVED]

Unless I am missing something, it should be possible even without VRF's, the "generic" case being "access multiple devices with same fixed IP address connected to different ports/interfaces". Here is a solved case for two devices (I don't see how it cannot be extended to more dev...
by jaclaz
Sat Jan 04, 2025 6:34 pm
Forum: Beginner Basics
Topic: Router on Stick for lab purposes
Replies: 4
Views: 888

Re: Router on Stick for lab purposes

Cheapest wold probably be hap lite, but with only 16 Mb of storage (and 32 Mb RAM) you won't be able to run Ros 7 on it (or at least it won't be easy or working "right"). Nowadays I wouldn't buy (new) a device with less than 64 Mb or 128 Mb storage. Right now probably the best bang for the...
by jaclaz
Sat Jan 04, 2025 6:03 pm
Forum: Wireless Networking
Topic: Wireless Wire questions
Replies: 8
Views: 2021

Re: Wireless Wire questions

From what I understand what you are experiencing is a "side-effect" of a problem with your configurations. In the 86 and 87 you have (correctly) both ether1 and wlan60-1 added to the bridge: /interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether1 \ in...
by jaclaz
Sat Jan 04, 2025 3:58 pm
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1147

Re: Cant Update Wifi Extender

That solved it, I now understand both errors and how they happen and was able to upgrade the one networks wifi extenders and will do the others when next on site.

Thank you very much.
Good. :)
You are welcome of course.
by jaclaz
Sat Jan 04, 2025 12:17 pm
Forum: Beginner Basics
Topic: VLAN and Smart home stuff block from internet only for BTH VPN
Replies: 9
Views: 2323

Re: VLAN and Smart home stuff block from internet only for BTH VPN

Make those - say - VLAN10 and VLAN20.
And here ends all my knowledge on VLANs: DO NOT USE VLAN1.
by jaclaz
Sat Jan 04, 2025 11:57 am
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1147

Re: Cant Update Wifi Extender

Well, in this configuration: Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP; + - ECMP Columns: DST-ADDRESS, GATEWAY, DISTANCE DST-ADDRESS GATEWAY DISTANCE DAd+ 0.0.0.0/0 192.168.0.1 1 DAd+ 0.0.0.0/0 192.168.1.1 1 DAc+ 192.168.0.0/24 bridge1 0 DAc+ 192.168.0.0/24 bridge1 0 DAc+ 192.168.1.0/24 ...
by jaclaz
Fri Jan 03, 2025 11:05 pm
Forum: General
Topic: Hap ax3
Replies: 3
Views: 825

Re: Hap ax3

by jaclaz
Fri Jan 03, 2025 8:38 pm
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1147

Re: Cant Update Wifi Extender

You have BOTH a static IP address AND a DHCP client running on both bridges: /ip address add address=192.168.1.4/24 interface=bridge2 network=192.168.1.0 add address=192.168.0.4/24 interface=bridge1 network=192.168.0.0 /ip dhcp-client add interface=bridge1 add interface=bridge2 This may (or may not)...
by jaclaz
Thu Jan 02, 2025 7:35 pm
Forum: General
Topic: Configuring VLAN tagged/untagged
Replies: 11
Views: 1489

Re: Configuring VLAN tagged/untagged

I dont understand this nomenclature add address=10.87.2.28 /28 interface=MGMT_VLAN network=10.87.2. 16 I think the .16 should be .0 and the subnet mask is fine if you really only wanted 14 usable IP addresses!! if the .16 is changed to .0 the .28 will be outside the subnet. https://www.calculator.n...
by jaclaz
Thu Jan 02, 2025 7:06 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 2404

Re: Simple Bridge with Firewall rules for Ether1 (internet))

Essentially the same advice Cat12 just provided a little more detailed: /interface bridge add name=bridge1 /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik OK. /interface bridge port add bridge=bridge1 interface=eth...
by jaclaz
Thu Jan 02, 2025 3:50 pm
Forum: General
Topic: CCR2004-16g-2S+ Dhcp client stays in status "Searching" [SOLVED]
Replies: 10
Views: 1900

Re: CCR2004-16g-2S+ Dhcp client stays in status "Searching" [SOLVED]

Nevermind, I was commenting on a temporary setup, later corrected.
by jaclaz
Thu Jan 02, 2025 11:29 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 126
Views: 14209

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

At least they had the decency of NOT calling it "Mikrotik 365" :wink: .
by jaclaz
Thu Jan 02, 2025 11:22 am
Forum: RouterBOARD hardware
Topic: Rackmount Question
Replies: 3
Views: 942

Re: Rackmount Question

Yep, also according to a certain holvoeth :wink: that measured it:
viewtopic.php?p=1091642
among the given links here:
viewtopic.php?p=1091642&hilit=rack#p1091642
there are actual pictures.
by jaclaz
Sun Dec 29, 2024 11:56 am
Forum: Beginner Basics
Topic: Two LANs configuration, wireguard?
Replies: 6
Views: 1059

Re: Two LANs configuration, wireguard?

Well when you have a real network, I may be of assistance. Not going to chase fake GNS3 musings. There is no particular GNS3 musing, and certainly there is nothing fake. There is no need, if you cannot or don't want to provide assistance, to accuse me of faking anything. The GNS3 is only a represen...
by jaclaz
Sun Dec 29, 2024 1:15 am
Forum: Beginner Basics
Topic: Two LANs configuration, wireguard?
Replies: 6
Views: 1059

Re: Two LANs configuration, wireguard?

There is only one Mikrotik device, the Ax lite, there Is no "main MT", the device in the drawing marked Temp-Mikrotik is only a way to have a switchable on/off device with the "right" 192.168.0.1 address as the "Cloud" device in GNS3 is always on (and has an ip address ...
by jaclaz
Sat Dec 28, 2024 7:50 pm
Forum: Beginner Basics
Topic: Two LANs configuration, wireguard?
Replies: 6
Views: 1059

Re: Two LANs configuration, wireguard?

a. no, all the addresses at play are in the 192.168.0.0/24 and 10.0.1.0/24 ranges. b. no, they are dumb switches. c. how would the Ax Lite as switch keep those separated? Possibly IF the switches were managed ones one could use somehow VLANs, but the only configurable device is the Mikrotik Ax Lite,...
by jaclaz
Sat Dec 28, 2024 6:01 pm
Forum: Beginner Basics
Topic: Two LANs configuration, wireguard?
Replies: 6
Views: 1059

Two LANs configuration, wireguard?

I am working (in GNS3) on a possible setup. The "main" LAN is 192.168.0.0/24. The "child" LAN is 10.0.1.0/24. Internet connection is through a router/modem at 192.168.0.1 (gateway). The "main" LAN should only connect to the internet, exception made for a single PC (PC1-...
by jaclaz
Sat Dec 28, 2024 5:23 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 29
Views: 3246

Re: Do AP's come with all router functions?

Or even before buying anything, you can get a CHR image and play with it. https://help.mikrotik.com/docs/spaces/ROS/pages/18350234/Cloud+Hosted+Router+CHR https://mikrotik.com/download (though no wifi capabilities) You can use that in a VM (like Virtualbox or VmWare) or - if you also want to test so...
by jaclaz
Sat Dec 28, 2024 11:46 am
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 4169

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

If it can be adapted to your situation (and it seems to me it can), this: https://forum.mikrotik.com/viewtopic.php?t=198999 further simplified: https://forum.mikrotik.com/viewtopic.php?t=198999&hilit=simpler#p1102129 is IMHO the simplest method (using a simple Netwatch script that just enables a...
by jaclaz
Fri Dec 27, 2024 12:45 pm
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 4169

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

Ahh, good to know, thanks :) , the trick is the "on error" , I didn't know that it actually allowed the prosecution of the loop in case of error. :oops:
by jaclaz
Fri Dec 27, 2024 11:06 am
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 4169

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

Only as a side-side note, I remember that rextended advised to use a "remaining time" filter of 60 seconds to avoid invalid results when removing connections: https://forum.mikrotik.com/viewtopic.php?t=103812#p977354 though it is aimed to more complex setups with lots of existing connectio...
by jaclaz
Thu Dec 26, 2024 8:51 pm
Forum: General
Topic: What device should I buy for this use-case?
Replies: 6
Views: 1015

Re: What device should I buy for this use-case?

To the CRS106-1C-5S you would need to add the SFP modules, and besides budget considerations (5 modules at 25-30 US$ each are 125-150$), copper modules on a passively cooled device are not a good idea for the heat management. For that kind of money you could get a "real" 24 port switch: ht...
by jaclaz
Thu Dec 26, 2024 7:09 pm
Forum: Beginner Basics
Topic: Tips from a home user
Replies: 6
Views: 1229

Re: Tips from a home user

Well, it is not like - besides the name change - the help pages are any better than the wiki (actually they are largely the same, when different, in very few cases are better, in most they are worse). They rarely provide actual instructions, in most cases they are little more than a quick reference ...
by jaclaz
Thu Dec 26, 2024 6:04 pm
Forum: Beginner Basics
Topic: Netbox 5ax WiFi 6 Access Point in bridge mode.
Replies: 1
Views: 746

Re: Netbox 5ax WiFi 6 Access Point in bridge mode.

I wonder what is friggin :shock: (the AP mode, the netbox, the sxtsq, the hex PoE, your shop, your house, Mikrotik generally). :lol: You should follow these instructions: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and post the current configurations of both devices. If you could add ...
by jaclaz
Thu Dec 26, 2024 5:54 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ General info & Questions
Replies: 1
Views: 832

Re: CCR1009-8G-1S-1S+ General info & Questions

If you have a rs-232 port on your computer, a common null-modem one will do.

Reference is here:
https://wiki.mikrotik.com/Manual:Null_modem_cable
https://help.mikrotik.com/docs/spaces/R ... al+Console

There is also a serial header on that model.
by jaclaz
Thu Dec 26, 2024 3:00 pm
Forum: General
Topic: Help to solve routing and mangle problem
Replies: 1
Views: 781

Re: Help to solve routing and mangle problem

It is not at all clear (to me) how what you described is supposed to work. If the IP of the Android box is 192.168. 106 .235 (BTW where does this address come from, is it a static IP manually entered or derives from a DHCP server?), there is no way (unless there is some other device in between or th...
by jaclaz
Thu Dec 26, 2024 2:14 pm
Forum: General
Topic: Problem with Two Separate WAN Connections on MikroTik CCR2004
Replies: 7
Views: 1493

Re: Problem with Two Separate WAN Connections on MikroTik CCR2004

It seems to me you were already on the right track: 1) add a dedicated routing table 2) add a route/gateway on that routing table for the intended gateway 3) add a routing rule filtering the source address range and making use of that router table Loosely, if it was 3 times 1:1, it would be somethin...
by jaclaz
Tue Dec 24, 2024 3:43 pm
Forum: General
Topic: access to MKT even though its offline
Replies: 6
Views: 1014

Re: access to MKT even though its offline

Just wondering ... how does that VPN work then without internet connectivity ?
Maybe VPN as in Various People Near the routers? :shock:
:lol:
by jaclaz
Tue Dec 24, 2024 3:37 pm
Forum: RouterBOARD hardware
Topic: mAP lite: Not able to configure very simple use case LAN to WLAN bridge; neither does manual describe such a basic thing
Replies: 12
Views: 9439

Re: mAP lite: Not able to configure very simple use case LAN to WLAN bridge; neither does manual describe such a basic t

Hello, can someone help with this configuraton? I set up wifi repeater, have two wlan interfaces, added ether port to bridge, what I should do next? Follow this: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and post your configuration. Also describe what you want to achieve (goal), it...
by jaclaz
Tue Dec 24, 2024 3:27 pm
Forum: General
Topic: Problem with Two Separate WAN Connections on MikroTik CCR2004
Replies: 7
Views: 1493

Re: Problem with Two Separate WAN Connections on MikroTik CCR2004

First thing. check your configuration, whenever there is a "*" (asterisk followed by a (hex) number, it is a reference to *something* that was deleted/moved/renamed and that RoS cannot find anymore, it is a placeholder for something that was there but doesn't exist anymore: /interface list...
by jaclaz
Tue Dec 24, 2024 1:04 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1548

Re: Assistance Needed with MikroTik Cloud Router Configuration

Yes, but 10.61.0.27 is a private IP address. This implies that the ISP connection is NAtted or - anyway - the ISP router is a blackbox with IP address 10.61.0.27, with no other way to connect to it. From your scheme, the switch (or better the devices connected to them) must be in the 10.61.0.0 (/24?...
by jaclaz
Tue Dec 24, 2024 2:29 am
Forum: Beginner Basics
Topic: New setup CRS309-1G-8S-IN
Replies: 7
Views: 1673

Re: New setup CRS309-1G-8S-IN

But how did you configure the laptop IP/network?
Try a static address of 192.168.88.5 network mask 255.255.255.0.
But if Winbox doesn't see It via MAC, there is something wrong with It, since It has a serial/console connection, that Is probably the only to attempt connecting to It.
by jaclaz
Mon Dec 23, 2024 7:43 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1548

Re: Assistance Needed with MikroTik Cloud Router Configuration

I see, the block diagram: https://cdn.mikrotik.com/web-assets/product_files/CCR2116-12G-4S_240122.png of that device is a bit unusual. From what I understand in this particular case ethernet13 is peculiar as it is a self-standing interface, not connected "directly" to the other ports. So i...
by jaclaz
Mon Dec 23, 2024 6:19 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1548

Re: Assistance Needed with MikroTik Cloud Router Configuration

Naah, it's fine, ether13 in your configuration is not any different from any other ether port (except that in the configuration you posted it was disabled: add bridge=bridge1 disabled=yes interface=ether13). But you have to digest the concept that once a port is added to a bridge it becomes a slave ...
by jaclaz
Mon Dec 23, 2024 4:40 pm
Forum: Wireless Networking
Topic: WIFI connecting issues
Replies: 15
Views: 4407

Re: WIFI connecting issues

@gotsprings @gigabyte091 Out of curiosity, what is the underlying message (if any :shock: ) I am failing to get? :? OP has a cAP AX that is giving issues on Wi-Fi (and there are a lot of similar posts about the Ax2 and Ax3 on the board). Now you are reporting how good is your experience with the new...
by jaclaz
Mon Dec 23, 2024 2:51 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1548

Re: Assistance Needed with MikroTik Cloud Router Configuration

Yes, that's normal. If it is a switch all ports should be part of the bridge. If it is a router the WAN port (ISP or ether1 in your case) must be taken OUT of the bridge (in your posted configuration it is part of the bridge or slave to it): /interface bridge port add bridge=bridge1 interface=ether2...
by jaclaz
Mon Dec 23, 2024 12:37 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1548

Re: Assistance Needed with MikroTik Cloud Router Configuration

Provide the output of the following commands: /ip address print and /ip route print But is it is intended to be routing to the ISP modem/router or not? The "ISP" interface (ether1) is part of the bridge, so it should be a "simple" switch. I.e. the configuration you posted seems t...
by jaclaz
Mon Dec 23, 2024 11:13 am
Forum: Wireless Networking
Topic: WiFi Access Points Maxes at 300mbps D/L
Replies: 18
Views: 1721

Re: WiFi Access Points Maxes at 300mbps D/L

Is there any configuration that I need to change in order to get the old speeds I’m getting without the RouterBoard?
Maybe yes, maybe no.
Hard to say without knowing your configuration.
Follow this:
viewtopic.php?t=203686#p1051720
and post your configuration for review.
by jaclaz
Sun Dec 22, 2024 6:45 pm
Forum: Wireless Networking
Topic: config radio mikrotik via mac address Problem
Replies: 1
Views: 743

Re: config radio mikrotik via mac address Problem

Probably it is something in configuration blocking mac-winbox.
Follow this:
viewtopic.php?t=203686#p1051720
and post your configuration.
by jaclaz
Sun Dec 22, 2024 5:54 pm
Forum: Beginner Basics
Topic: WakeOnLan by access
Replies: 1
Views: 742

Re: WakeOnLan by access

Local or remote? Like this? https://forum.mikrotik.com/viewtopic.php?t=172386 or this: https://forum.mikrotik.com/viewtopic.php?t=160169 or this: https://forum.mikrotik.com/viewtopic.php?t=56831 Or using the /tool wol: https://forum.mikrotik.com/viewtopic.php?t=62728 Just in case, there are some dev...
by jaclaz
Sun Dec 22, 2024 11:09 am
Forum: Beginner Basics
Topic: Help needed - How to mitigate DDOS atacks with dns
Replies: 21
Views: 2626

Re: Help needed - How to mitigate DDOS atacks with dns

@erlinden @anav If I may ask a few side questions, only trying to understand your suggestions, the proposed changes are shifting all DNS requests (from LAN) to the router/gateway at 10.44.73.1, right? Is this a "generic" good idea/practice or it is something that is only a test specific to...
by jaclaz
Sat Dec 21, 2024 5:37 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3057

Re: executing script from net failed

unfortunately i can not publish my export file which is 47000 line with my address list . And how many lines is it without your address list? :?: Maybe - just maybe - you could replace the address list with a shorter reference *like*: <imagine here a loooooooong address list> and post it, I don't t...
by jaclaz
Sat Dec 21, 2024 12:01 pm
Forum: Beginner Basics
Topic: RB5009 in the hands of a newbie, Gateway problem
Replies: 19
Views: 2596

Re: RB5009 in the hands of a newbie, Gateway problem

Only as a note, maybe you haven't noticed it, but it is important that you understand this for other future configurations. I originally suggested to have ether8 as 192.168.88.1 /24 (assuming that you would have changed the same range set on the bridge to your local lan one). BUT what you implemente...
by jaclaz
Sat Dec 21, 2024 10:50 am
Forum: Scripting
Topic: Script to auto create address-list from plain ip-ranges URLs
Replies: 10
Views: 1440

Re: Script to auto create address-list from plain ip-ranges URLs

I think we can say that the script is intended for pre-validated address lists, i.e. all the checks needs to be done before and outside this script, that merely "imports" the (already filtered/corrected/whatever) data.
It seems fair enough to me.
by jaclaz
Fri Dec 20, 2024 11:07 pm
Forum: Wireless Networking
Topic: Rx/Tx 54 mbps on WIndows but not MAC OS
Replies: 4
Views: 901

Re: Rx/Tx 54 mbps on WIndows but not MAC OS

It seems like a common Windows 10 ( but likely nothing much has change in 11) issue when resuming from sleep The workaround (not solution) Is automating disconnection and reconnection, see: https://superuser.com/questions/1849669/wifi-becomes-slow-after-sleep Particularly, but not only, with AX200/2...
by jaclaz
Fri Dec 20, 2024 9:16 pm
Forum: General
Topic: RB5009 / PoE-IN *and* PoE-OUT at the same time
Replies: 7
Views: 1159

Re: RB5009 / PoE-IN *and* PoE-OUT at the same time

RB5009 8.7<16 W
cAP AX 6.4 <11 W
8.7+6.4=15.1 < 27 W
15.1+(some activity)=16.8 < 27 W

If the RB5009 goes high on CPU while the CAP is also loaded it has to be seen how much more power is needed.
by jaclaz
Fri Dec 20, 2024 6:52 pm
Forum: Beginner Basics
Topic: Help needed - How to mitigate DDOS atacks with dns
Replies: 21
Views: 2626

Re: Help needed - How to mitigate DDOS atacks with dns

273000/12=22750 22750/60=379 379/60=6.32 packets per second (on average) And in any case 18.5 Mb over 12 hours. The action of dropping them shouldn't need a large amount of resources, so large that the consequence "makes it almost impossible for the local network to even ping servers 1.1.1.1 or...
by jaclaz
Fri Dec 20, 2024 5:09 pm
Forum: Wireless Networking
Topic: Wireless Wire questions
Replies: 8
Views: 2021

Re: Wireless Wire questions

The detailed instructions to export and post the configurations are here: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 Exporting and saving periodically on a PC/NAS/whatever a copy of the export is anyway common good practice, as it is making periodically a backup (surely before upgrad...
by jaclaz
Fri Dec 20, 2024 4:40 pm
Forum: General
Topic: VLAN help needed
Replies: 5
Views: 1022

Re: VLAN help needed

I still don't understand. The "natural" role of the RB3011 would normally be that of a router, but in your current scheme you are using it as a switch (with two bridges, one for LAN and one for WAN) and all the routing happens in your CAP1. If the CAP1 is fast/good enough for your needs, t...
by jaclaz
Thu Dec 19, 2024 8:25 pm
Forum: Beginner Basics
Topic: RB5009 in the hands of a newbie, Gateway problem
Replies: 19
Views: 2596

Re: RB5009 in the hands of a newbie, Gateway problem

If I may, it is not a good idea to connect a router to internet without a proper set of firewall rules. You should first thing add these (they are the default ones from Mikrotik for other devices, adapted for your case): When fiddling with a Mikrotik with only an interface as WAN all the rest in a L...
by jaclaz
Thu Dec 19, 2024 7:16 pm
Forum: General
Topic: Route traffic behind double NAT
Replies: 14
Views: 1476

Re: Route traffic behind double NAT

Yep, but what it is the source address you added to the firewall filter rule? That address is - if I got the configuration right - 192.168.x.10. If this is the case. it is "created" by your current nat rule: /ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN masquer...
by jaclaz
Thu Dec 19, 2024 4:57 pm
Forum: Beginner Basics
Topic: RB5009 in the hands of a newbie, Gateway problem
Replies: 19
Views: 2596

Re: RB5009 in the hands of a newbie, Gateway problem

How can I show you the full configuration of my RB5009?
Follow this:
viewtopic.php?t=203686#p1051720
by jaclaz
Thu Dec 19, 2024 4:37 pm
Forum: Beginner Basics
Topic: Wireless Bridge
Replies: 9
Views: 1313

Re: Wireless Bridge

More explicit instructions in this post:
viewtopic.php?t=203686#p1051720
by jaclaz
Thu Dec 19, 2024 4:23 pm
Forum: Beginner Basics
Topic: problem with vlan configuration
Replies: 10
Views: 1183

Re: problem with vlan configuration

Before anything else, if you check your configuration, you will find several instances of * (asterisk) followed by a (hex) number. This basically means that there was something there that was renamed/deleted/moved/changed in such a way that the RoS can't find it properly anymore, so it places there ...
by jaclaz
Thu Dec 19, 2024 11:38 am
Forum: General
Topic: 2 bank websites doesn't open (WiFi and PPPoE) [SOLVED]
Replies: 4
Views: 1738

Re: 2 bank websites doesn't open (WiFi and PPPoE) [SOLVED]

Follow these instructions: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and post the (redacted/anonymized) configuration of both devices. In theory in a normal setup there shouldn't be anything different from something going: phone<->wifi/wlan<->hAP AC2<->ethernet<->hap Ax2<->Internet ...
by jaclaz
Thu Dec 19, 2024 1:40 am
Forum: RouterBOARD hardware
Topic: CCR2216 M.2 slot length
Replies: 5
Views: 1781

Re: CCR2216 M.2 slot length

The supply of M.2 SATA will eventually die off ...
Sic transit gloria mundi.
by jaclaz
Wed Dec 18, 2024 7:53 pm
Forum: General
Topic: VLAN help needed
Replies: 5
Views: 1022

Re: VLAN help needed

Follow these instructions to export and post the configurations of both the RB3011 and of the cAP AC: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 If I may, your current setup seems to me - let's say - unconventional , and the intended one even more so, maybe there are reasons why you ...
by jaclaz
Wed Dec 18, 2024 7:02 pm
Forum: General
Topic: RB5009 / PoE-IN *and* PoE-OUT at the same time
Replies: 7
Views: 1159

Re: RB5009 / PoE-IN *and* PoE-OUT at the same time

I don't think it is a chain, more like hAP AX² + hAP AX² + cAP AX connected to three ports of the same RB5009.
by jaclaz
Wed Dec 18, 2024 6:48 pm
Forum: General
Topic: Files copied have different control sums
Replies: 11
Views: 2614

Re: Files copied have different control sums

Yep, but what I mean is that I am failing to see a "corruption pattern". on line 03C540 there is a missing 00 byte (thus data is shifted by one byte) on positions 8-11, 4 consecutive FF bytes should mean that. on line 03C560 a whole triplet is missing everything seems shifted up by 4 byte ...
by jaclaz
Wed Dec 18, 2024 5:05 pm
Forum: General
Topic: RB5009 / PoE-IN *and* PoE-OUT at the same time
Replies: 7
Views: 1159

Re: RB5009 / PoE-IN *and* PoE-OUT at the same time

The CRS328 "brochure" specs 53V, thus PoE port should provide up to ~24W (not 30W as mentioned in specs.and brochure). This does not change anything for OP though. Good catch. :) So on the product page it has: Max out per port output (input 18-30 V) 1000 mA Max out per port output (input ...
by jaclaz
Wed Dec 18, 2024 4:27 pm
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1678

Re: Incorporating a backup gateway into my setup

When I have created the dhcp client for the backup gateway, I have set the default-route-distance to 2. However, when I see the dynamically assigned route, I see a distance of 0 for the new gateway. Not really, in your (working) config you have: /ip dhcp-client add comment=defconf disabled=yes inte...
by jaclaz
Wed Dec 18, 2024 4:12 pm
Forum: General
Topic: The IP of the bridge is occasionally unavailable [SOLVED]
Replies: 16
Views: 2513

Re: The IP of the bridge is occasionally unavailable [SOLVED]

The D4:01:C3...... is seemingly the Chateau LTE12? :?:
by jaclaz
Wed Dec 18, 2024 3:26 pm
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1678

Re: Incorporating a backup gateway into my setup

Maybe you need to reboot the router. Right now ether2 is not up: /ip dhcp-client add comment=defconf disabled=yes interface=ether1 # Interface not active add interface=ether2 The error: 14:22:36 dhcp,warning defconf offering lease 192.168.88.15 for 08:7B:87:11:C8:D1 without success comes from the DH...
by jaclaz
Wed Dec 18, 2024 11:55 am
Forum: General
Topic: Files copied have different control sums
Replies: 11
Views: 2614

Re: Files copied have different control sums

Several screenshots for analysis I love invisible screenshots, they blend very well with the board theme ... :roll: :lol: EDIT: Ah, ok, now they show. The original pattern seems to be a repeating 4 sets of 12 triplets, with 11 triplets 00FFFF and 1 00FF17. With a hex view in 16 columns the global p...
by jaclaz
Wed Dec 18, 2024 11:39 am
Forum: General
Topic: RB5009 / PoE-IN *and* PoE-OUT at the same time
Replies: 7
Views: 1159

Re: RB5009 / PoE-IN *and* PoE-OUT at the same time

I believe the CRS328 works at 48V, so it will output on a PoE port 450 mA. That makes the power output on that port 48V*0.45A=21.6W. It is basically a "beefy" 802.3af (specs are 12.95 W, actually 15.40W since it is the PSE) or a "skinny" 802.3at (specs are 25.50 W, actually 30W s...
by jaclaz
Wed Dec 18, 2024 11:14 am
Forum: General
Topic: Route traffic behind double NAT
Replies: 14
Views: 1476

Re: Route traffic behind double NAT

Yep, in any I think you should anyway "tighten" that firewall rule by src-address, to at least the originating subnet, but better to the actual natted source address. The suggestion by holvoeth to src-nat the specific dst-address (before the generic masquerade) seems to me like a good one,...
by jaclaz
Tue Dec 17, 2024 7:48 pm
Forum: General
Topic: Route traffic behind double NAT
Replies: 14
Views: 1476

Re: Route traffic behind double NAT

@jack14 Take what I write below with a pinch (or better two) of salt, as I am not at all an expert in firewall rules, so the following may well be completely wrong, still: I don't think that the issue is with that default final drop rule. That rule simply does what it is supposed to do. i.e. drop co...
by jaclaz
Tue Dec 17, 2024 11:42 am
Forum: General
Topic: When the WAN network card is bound to multiple IPs, there is an issue with the source IP for system remote logging
Replies: 6
Views: 1039

Re: When the WAN network card is bound to multiple IPs, there is an issue with the source IP for system remote logging

Only as a side-side note, I believe this is how RoS works more generally. An interface with multiple IP addresses is seen by its "lowest" IP address. I have a Mikrotik (hap Ax Lite) used as an "intermediate" router used for failover between two ISP modem/routers, for some reasons...
by jaclaz
Tue Dec 17, 2024 10:45 am
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1678

Re: Incorporating a backup gateway into my setup

There are two possible "points of failure": 1) your local ISP modem/router 2) the ISP line/cable/server/whatever A failover route (with higher distance) will only become effective if the one with a lower distance becomes inactive, but this will normally only happen if #1 above happens, i.e...
by jaclaz
Mon Dec 16, 2024 8:39 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3057

Re: executing script from net failed

23 other posts (+1) for NOTHING.

Post #3 is still valid, all the other posts are just garbage.
Well, the 23 added posts did give you a good occasion to show (again) your (usual) grumpiness, so - in some way - they were useful ... :lol:
by jaclaz
Mon Dec 16, 2024 6:44 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3057

Re: executing script from net failed

I believe it is fair enough to ask what a message on the log is meaning.

The point is that nobody here seemingly knows what it actually means and it is also not documented, so only support may be able to give an answer to this question.
by jaclaz
Mon Dec 16, 2024 5:38 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1895

Re: L009 - don't like it...

@anav Again, though not stated on the docs, when a device is said to be 802.3af/at compliant AND it accepts 18-57 V the good Mikrotik guys imply that it can be also powered passive (at the typical 24 V or 48V ). And again, the cap AX was powered (passive) from the previous hex S (that only provides ...
by jaclaz
Mon Dec 16, 2024 5:32 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3057

Re: executing script from net failed

This kind of log entries are vague, as seen here:
viewtopic.php?t=209998
viewtopic.php?t=209998#p1093607

but the Mikrotik support should know what "net" is (or is supposed to be)
by jaclaz
Mon Dec 16, 2024 5:17 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1895

Re: L009 - don't like it...

Just tried with wAP AX (which is even further down in power requirements but normally also 802.3af/at only): it will power on using L009 but you have to set POE on ether8 to forced on. Not auto on. Yep :) , that's why I asked: (maybe there is some different setting for the PoE out port to check?).
by jaclaz
Mon Dec 16, 2024 4:59 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1895

Re: L009 - don't like it...

Disagree, the hex refresh only states passive poe in and a voltage of 12-28v. No standard mentioned. I think you are the first one to talk of the hex refresh. To recap: 1) OP had a hex S that was PoE powered and powered in cascade.a cap AX 2) then he replaced the hex S with a L009, but the L009 cou...
by jaclaz
Mon Dec 16, 2024 4:30 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1895

Re: L009 - don't like it...

@anav
The whole point is that someone familiar with PoE and specifically with Mikrotik, and even more specifically with the hex S, could be easily tricked by the mis-documentation Mikrotik provides (besides their - let's say creative - claim that these devices are 802.3af/at compliant).
by jaclaz
Mon Dec 16, 2024 2:16 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 37554

Re: wAP ax?

Black wAP would be ideal ...
I believe it depends on the colour of the paint on the walls, maybe there is space for a new business for doll WAP clothes?

Otherwise peel coat (spray paint that can be peeled) or similar?
by jaclaz
Mon Dec 16, 2024 2:08 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1895

Re: L009 - don't like it...

Yep, I was trying to highlight that from specs there is no apparent difference between the two devices. OP had all the rights in the world to believe that the L009 could replace the hex S (maybe there is some different setting for the PoE out port to check?). So the good Mikrotik guys - besides thei...
by jaclaz
Sat Dec 14, 2024 6:50 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1895

Re: L009 - don't like it...

Set aside the whining, I don't see a difference between hexs and L009: Hex s: https://mikrotik.com/product/hex_s Powering Details Number of DC inputs 2 (DC jack, PoE-IN) DC jack input Voltage 12-57 V Max power consumption 24 W Max power consumption without attachments 6 W Cooling type Passive PoE in...
by jaclaz
Sat Dec 14, 2024 12:02 pm
Forum: Wireless Networking
Topic: Best approach for ptp using Wifi (wifi-qcom-ac driver) [SOLVED]
Replies: 2
Views: 1206

Re: Best approach for ptp using Wifi (wifi-qcom-ac driver) [SOLVED]

AFAIK the mode "ap-bridge" has been renamed to simply "ap", see: https://forum.mikrotik.com/viewtopic.php?p=1052701#p1052701 The other side should be set in station-bridge mode, as both devices are Mikrotik: https://help.mikrotik.com/docs/spaces/ROS/pages/122388518/Wireless+Stati...
by jaclaz
Sat Dec 14, 2024 12:16 am
Forum: Beginner Basics
Topic: Network with external router and isolated bridge
Replies: 19
Views: 2580

Re: Network with external router and isolated bridge

It could be that the 1970 date you have Is too far in the past, there were issues reported about this, but I thought they were solved by now. Try disabling the ntp client, setting manually the date/time, re-enable the client. Another possibility Is that your ISP blocks Port 123, check these: https:/...
by jaclaz
Fri Dec 13, 2024 8:43 pm
Forum: General
Topic: Bandwidth went down after trying massive simple queues
Replies: 2
Views: 843

Re: Bandwidth went down after trying massive simple queues

This bridge has no name: /interface bridge port add bridge=*B interface=ether5 add bridge=*B interface=wifi1 add bridge=*B interface=wifi2 Whenever there is an asterisk followed by a (hex) number it means that "something" was there but was removed or deleted and Ros lost track of it, so it...
by jaclaz
Fri Dec 13, 2024 12:52 am
Forum: Beginner Basics
Topic: Network with external router and isolated bridge
Replies: 19
Views: 2580

Re: Network with external router and isolated bridge

I have no idea if It means something, but I have ntp working just fine from a pool.ntp.org server, the only difference, besides the different national server Is the mode set to unicast, while you have broadcast.
Are you sure the address can be DNS resolved?
put [:resolve de.pool.ntp.org]
by jaclaz
Fri Dec 13, 2024 12:00 am
Forum: Beginner Basics
Topic: Is device damage possible when using PoE switch?
Replies: 5
Views: 1081

Re: Is device damage possible when using PoE switch?

If the device boots/netinstalls/etc. it fundamentally "works". It is entirely possible that a part of it is "fried", but if for whatever reasons you applied an excessive voltage to ether1 I would expect It to fry, not the other ports. The 802.3 af or at negotiations are designed ...
by jaclaz
Thu Dec 12, 2024 9:19 pm
Forum: Beginner Basics
Topic: Is device damage possible when using PoE switch?
Replies: 5
Views: 1081

Re: Is device damage possible when using PoE switch?

Well, hAp-ac2 supports passive PoE 18-28V. (and it uses Mode B aka positive on pins 4 and 5 and DC negative on 7 and 8 and data on 1-2 and 3-6) Cap Ax supports 802.3af/at 18-57 V. The GS308EP supports 802.3at. That the cap Ax worked is normal. But the 802.3af and at protocols include some "prob...
by jaclaz
Thu Dec 12, 2024 8:03 pm
Forum: Beginner Basics
Topic: Network with external router and isolated bridge
Replies: 19
Views: 2580

Re: Network with external router and isolated bridge

What do you get with:
/system/ntp/client> print
? :?:
by jaclaz
Thu Dec 12, 2024 12:46 pm
Forum: General
Topic: Mikrotik hap lite can't start
Replies: 3
Views: 795

Re: Mikrotik hap lite can't start

/system resource print
on a hap lite tc I have gives:
cpu: MIPS 24Kc v7.4
architecture name: smips
by jaclaz
Tue Dec 10, 2024 7:51 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3335

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

Good. :)

There still remains the issue (or the non-issue) of a practically non existent firewall.

Up to you if you can trust the firewall(s) - if any - of the ISP router(s) or if it is the case to configure a "proper" set of firewall rules on your hex.
by jaclaz
Tue Dec 10, 2024 9:00 am
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 2350

Re: 2 WAN active at the same time [SOLVED]

Post an export of your actual configuration (change addresses /anonymize it if needed) as per:

viewtopic.php?t=203686#p1051720

as opposed to your own textual representation of it, the devil is in the details.
by jaclaz
Tue Dec 10, 2024 8:55 am
Forum: General
Topic: RouterOS cannot reach internet after PCC load balance two wan connection
Replies: 22
Views: 1941

Re: RouterOS cannot reach internet after PCC load balance two wan connection

I really appreciate your thorough reply. I learned something new today. You solved my issue in a day when the internet couldn't help me for weeks.
sindy 1
internet: 0

Go, sindy, go! :!:
by jaclaz
Sun Dec 08, 2024 5:23 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3335

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

The issue is clearly (from your screenshot) that the two routes for 0.0.0.0/0 are S (Static) while they should be AS (Active Static). No idea why that happens though :( . Have you tried rebooting the router after all the additions/modifications? Please reboot it and then do a new export and post the...
by jaclaz
Sun Dec 08, 2024 5:17 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1768

Re: hAP ax lite LTE6 how to set as repeater

No, why do you want to change the device? You have at hand an Ax lite LTE6, use that. An Ax lite can be configured as Access Point just fine (of course you need not any firewall on it and the LTE will be disabled/not used). The issue is only that: v6.xx used drivers for the local radios that were co...
by jaclaz
Sat Dec 07, 2024 3:41 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1768

Re: hAP ax lite LTE6 how to set as repeater

I cannot find a complete one. The essence can be found here: https://superuser.com/questions/1855137/setup-of-new-mikrotik-router-to-act-as-a-switch-with-wifi-enabled On the other hand, if you start with a blank configuration (let's say you've factory-reset it, then connected via mactelnet/macwinbox...
by jaclaz
Sat Dec 07, 2024 11:01 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3335

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

The idea of having a free, self-standing port for emergency access is only that of having an emergency access, it is relatively easy to lock oneself out of Winbox MAC access too when fiddling with settings. Your current situation is not "normal", unless (intentionally or accidentally) disa...
by jaclaz
Sat Dec 07, 2024 1:28 am
Forum: General
Topic: Wireguard over VRF
Replies: 6
Views: 1803

Re: Wireguard over VRF

can you describe more, what do you thing by that
viewtopic.php?t=208899
by jaclaz
Fri Dec 06, 2024 9:16 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1768

Re: hAP ax lite LTE6 how to set as repeater

Good, so you need a "normal" AP setup. Complete examples for a "pure" AP setup on 7.x are rare (most are for older v 6.x or however for "wireless" whilst you have "wifi" or are related to the much more complex CAPSMAN setup). But it should be pretty much strai...
by jaclaz
Fri Dec 06, 2024 8:30 pm
Forum: Wireless Networking
Topic: Unifi AP running on MikroTik VLAN
Replies: 16
Views: 2002

Re: Unifi AP running on MikroTik VLAN

Well the first few rules of the Mikrotik Club are: https://forum.mikrotik.com/viewtopic.php?t=212419#p1108288 VLAN1 is seemingly used internally, and using it externally may create issues: https://forum.mikrotik.com/viewtopic.php?t=206946#p1071170 If you really cannot change those UNIFI VLAN 1 setti...
by jaclaz
Fri Dec 06, 2024 8:14 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3335

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

It is not a good idea to have a router facing the internet without a firewall, and thus granting connection to the router itself (Ok, a user NOT default and a secure password would help) and to any device in your LAN from the outside, but you have as gateways 192.168.1.1 and 192.168.8.1, so the devi...
by jaclaz
Fri Dec 06, 2024 6:43 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1768

Re: hAP ax lite LTE6 how to set as repeater

I have router in my garage and simply the signal in upper floor is pour but I have sockets RJ45 in each room so was thinking to connect Mikrotik to one of the socket and repeat same wifi as primary router in the garage. It is not at all clear (to me) what you are trying to achieve. You have a route...
by jaclaz
Fri Dec 06, 2024 2:28 pm
Forum: General
Topic: Wireguard over VRF
Replies: 6
Views: 1803

Re: Wireguard over VRF

The question is: do you really need the VRF's?
Or you can with simpler different routing tables (fib)?

VRF's can be tricky as some services might not work on them (as an example DNS is only partially working), and unless really really needed it is better to avoid them.

Post your configuration.
by jaclaz
Fri Dec 06, 2024 11:47 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3335

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

Can winbox connect via MAC address? Instead of clicking on the IP address (that will populate the field "Connect To:" with 192.168.0.1, try clicking on the MAC address of the hex, the "Connect To." will be populated with the MAC address of the device. How did you manage to create...
by jaclaz
Thu Dec 05, 2024 6:52 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 3562

Re: HEX Lite for routing between subnets [SOLVED]

Only to keep things as together as possible, the proposed solution by sindy was tested as working in a very similar setup, here: https://forum.mikrotik.com/viewtopic.php?t=213056 At the end a couple of blackhole routes were needed in addition to avoid the second device to be reached through the main...
by jaclaz
Thu Dec 05, 2024 5:51 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 2452

Re: Port based Routing to 2 identical IP [SOLVED]

Very good. :)
The syntax I posted was for Ros 7, sorry :oops: , but I see you adapted it to your Ros 6.x just fine :) .
by jaclaz
Thu Dec 05, 2024 5:42 pm
Forum: Wireless Networking
Topic: Which is fastest wifi device
Replies: 33
Views: 3071

Re: Which is fastest wifi device

Why, in my day ... [1]
All I had was a Sinclair Zx80, 1 kb memory and I had to solder components myself.
And we liked it
.... kids today.

[1] https://tinyapps.org/blog/200702250700_ ... y_day.html
by jaclaz
Thu Dec 05, 2024 3:13 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 2452

Re: Port based Routing to 2 identical IP [SOLVED]

What are the routes (/ip route print) at the time the machine is disconnected (pull the cable)? Very likely the routing rule (that is for "new-routing-mark=port1") that in your posted output is #0 is not anymore AS (Active, Static) but becomes just S or IS (Inactive), and either the "...
by jaclaz
Thu Dec 05, 2024 12:45 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 3980

Re: Dual Router Configuration Setup Assistance

You can copy and paste those configurations on the board, only, please put them inside "code" tags, the button that looks like a fat dot inside square brackets or as </>, see:
viewtopic.php?t=203686#p1051720
by jaclaz
Wed Dec 04, 2024 8:34 pm
Forum: Beginner Basics
Topic: Problem with clients
Replies: 4
Views: 1928

Re: Problem with clients

The "active address" in that row seems to be assigned to MAC address 00:00:00:00:00:00, so maybe the base issue is not the missing client id, but the (empty) MAC.
by jaclaz
Wed Dec 04, 2024 8:18 pm
Forum: Beginner Basics
Topic: NAT forwarding issue
Replies: 1
Views: 722

Re: NAT forwarding issue

It may depend on other rules in the firewall or even in their actual position, the firewall (filter, mangle and nat) rules need to be checked in their entirety. It should not be needed, but usually an in-interface and out-interface is added to the forwarding rules, *like*: /ip firewall filter add ac...
by jaclaz
Wed Dec 04, 2024 7:56 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 2452

Re: Port based Routing to 2 identical IP [SOLVED]

Very good. :) What still needs to be cleared (at least to me) is whether the netmap and the dst-nat actions can be exchanged at will or not (it seems that in cases like this one both work, so it is not clear if there is a reason to prefer the one over the other). To be fair sindy did attempt to expl...
by jaclaz
Wed Dec 04, 2024 6:56 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 2452

Re: Port based Routing to 2 identical IP [SOLVED]

Yep, but we have no final report of success (if any) on that thread.

There is however a similar one where everything is seemingly working:
viewtopic.php?t=212702
(though still not a fully working complete configuration)
by jaclaz
Wed Dec 04, 2024 6:46 pm
Forum: Beginner Basics
Topic: Can't connect to one of my 2 RBSXT 5HnD
Replies: 13
Views: 2637

Re: Can't connect to one of my 2 RBSXT 5HnD

As a general rule, whenever you find in a Mikrotik a value that is normally text replaced by an asterisk "*" followed by a number (often a hex number) it basically means: "Here is a placeholder for something that did exist but has been removed/renamed/whatever and now I cannot find it...
by jaclaz
Wed Dec 04, 2024 6:24 pm
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 1094

Re: Dual Wan link to some isp router

I think that the 2.5 Gb are actually written in the documents as "up to 2.5 Gb" and what you really get in practice is more like 1 Gb, see this (Italian): https://forum.fibra.click/d/32863-vodafone-fibra-25-gbs-velocita-wifi-ed-ethernet seemingly even if you tell them that you want to conn...
by jaclaz
Wed Dec 04, 2024 5:49 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 4056

Re: am i using SOHO Firewall or not?

and if each bridge has one interface than how does the ports in the "boxes" communicate with each other since they're in different boxes? Through a clever use of straws. You can pierce a hole in the box, reach the orange and get the juice. Seriously, you have IP addresses assigned to the ...
by jaclaz
Wed Dec 04, 2024 11:21 am
Forum: General
Topic: Is mAP still relevant with RouterOS 7.16 ?
Replies: 5
Views: 891

Re: Is mAP still relevant with RouterOS 7.16 ?

At least for the moment, it is reported to work just fine with 7.x, see this post by holvoeth: https://forum.mikrotik.com/viewtopic.php?t=212925 https://forum.mikrotik.com/viewtopic.php?t=212925&hilit=map#p1111973 In the future there might be issues, but the good Mikrotik guys are doing their be...
by jaclaz
Wed Dec 04, 2024 10:46 am
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 4056

Re: am i using SOHO Firewall or not?

Naaah, leave that fasttrack rule alone, if everything is working, you are surely better than before. Which doesn't mean that your configuration is "perfect" as there can be other things to fix, or to better, as more expert members advised, re-analyzing requirements and starting form a clea...
by jaclaz
Wed Dec 04, 2024 1:10 am
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 1094

Re: Dual Wan link to some isp router

I am not sure to understand, you mean that your ISP Is bringing actual 2.5 Gbit to the house and then immediately bottlenecks It with an inadequate router/ONT?
Which Speed/bandwidth Is on the contract?
by jaclaz
Wed Dec 04, 2024 1:02 am
Forum: General
Topic: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]
Replies: 9
Views: 1363

Re: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]

This needs to be fixed: interface list member add comment=defconf interface=bridgeLAN list=LAN add comment=defconf interface=ether1 list=WAN ether1 Is not anymore a self-standing interface, should be replaced by bridgeWAN. (or you could leave It as-is and add an entry for bridgeWAN as WAN) Post the ...
by jaclaz
Tue Dec 03, 2024 7:04 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 4056

Re: am i using SOHO Firewall or not?

When you get an error: [Admin@MikroTik] > interface list [Admin@MikroTik] /interface/list> add name=Z-WAN failure: already have interface with such name [Admin@MikroTik] /interface/list> add name=INT-LAN failure: already have interface with such name [Admin@MikroTik] /interface/list> /interface list...
by jaclaz
Tue Dec 03, 2024 6:44 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1839

Re: Access LAN B from LAN A, but not LAN A from LAN B

The terminal is very similar to Linux (or Windows) command prompt). / <- means root Changing directory you don't need cd, you can use direct full path or first change to the intended path, i.e.: /ip route print will print routes /ip route print will first change to directory /ip route, and then prin...
by jaclaz
Tue Dec 03, 2024 12:03 pm
Forum: Wireless Networking
Topic: Improving Localization Accuracy with MikroTik RouterBOARD
Replies: 5
Views: 899

Re: Improving Localization Accuracy with MikroTik RouterBOARD

The antennas that come with the RB2011 are (in theory) omnidirectional ones, their emission shape is loosely a doughnut, which is fatter for lower antenna gains and slimmer for higher gain antennas, see this picture: https://www.radiolabs.com/images/omni-antenna-radiation-pattern.png And this thread...
by jaclaz
Tue Dec 03, 2024 10:53 am
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 3980

Re: Dual Router Configuration Setup Assistance

It is difficult/confusing to get data from screenshots.
A textual export is much easier to read.

Besides the "wholesome":
/export file=myexport.txt

command, you can use in Winbox terminal a "section export", i.e.
/ip firewall filter export
and copy and paste the output.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 8