Community discussions

MikroTik App

Search found 1929 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7
by jaclaz
Tue Dec 10, 2024 7:51 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 22
Views: 1249

Re: Configured for dual wan, now cant access the router though internet works

Good. :)

There still remains the issue (or the non-issue) of a practically non existent firewall.

Up to you if you can trust the firewall(s) - if any - of the ISP router(s) or if it is the case to configure a "proper" set of firewall rules on your hex.
by jaclaz
Tue Dec 10, 2024 9:00 am
Forum: General
Topic: 2 WAN active at the same time
Replies: 3
Views: 232

Re: 2 WAN active at the same time

Post an export of your actual configuration (change addresses /anonymize it if needed) as per:

viewtopic.php?t=203686#p1051720

as opposed to your own textual representation of it, the devil is in the details.
by jaclaz
Tue Dec 10, 2024 8:55 am
Forum: General
Topic: RouterOS cannot reach internet after PCC load balance two wan connection
Replies: 22
Views: 939

Re: RouterOS cannot reach internet after PCC load balance two wan connection

I really appreciate your thorough reply. I learned something new today. You solved my issue in a day when the internet couldn't help me for weeks.
sindy 1
internet: 0

Go, sindy, go! :!:
by jaclaz
Sun Dec 08, 2024 5:23 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 22
Views: 1249

Re: Configured for dual wan, now cant access the router though internet works

The issue is clearly (from your screenshot) that the two routes for 0.0.0.0/0 are S (Static) while they should be AS (Active Static). No idea why that happens though :( . Have you tried rebooting the router after all the additions/modifications? Please reboot it and then do a new export and post the...
by jaclaz
Sun Dec 08, 2024 5:17 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 967

Re: hAP ax lite LTE6 how to set as repeater

No, why do you want to change the device? You have at hand an Ax lite LTE6, use that. An Ax lite can be configured as Access Point just fine (of course you need not any firewall on it and the LTE will be disabled/not used). The issue is only that: v6.xx used drivers for the local radios that were co...
by jaclaz
Sat Dec 07, 2024 3:41 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 967

Re: hAP ax lite LTE6 how to set as repeater

I cannot find a complete one. The essence can be found here: https://superuser.com/questions/1855137/setup-of-new-mikrotik-router-to-act-as-a-switch-with-wifi-enabled On the other hand, if you start with a blank configuration (let's say you've factory-reset it, then connected via mactelnet/macwinbox...
by jaclaz
Sat Dec 07, 2024 11:01 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 22
Views: 1249

Re: Configured for dual wan, now cant access the router though internet works

The idea of having a free, self-standing port for emergency access is only that of having an emergency access, it is relatively easy to lock oneself out of Winbox MAC access too when fiddling with settings. Your current situation is not "normal", unless (intentionally or accidentally) disa...
by jaclaz
Sat Dec 07, 2024 1:28 am
Forum: General
Topic: Wireguard over VRF
Replies: 5
Views: 586

Re: Wireguard over VRF

can you describe more, what do you thing by that
viewtopic.php?t=208899
by jaclaz
Fri Dec 06, 2024 9:16 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 967

Re: hAP ax lite LTE6 how to set as repeater

Good, so you need a "normal" AP setup. Complete examples for a "pure" AP setup on 7.x are rare (most are for older v 6.x or however for "wireless" whilst you have "wifi" or are related to the much more complex CAPSMAN setup). But it should be pretty much strai...
by jaclaz
Fri Dec 06, 2024 8:30 pm
Forum: Wireless Networking
Topic: Unifi AP running on MikroTik VLAN
Replies: 16
Views: 942

Re: Unifi AP running on MikroTik VLAN

Well the first few rules of the Mikrotik Club are: https://forum.mikrotik.com/viewtopic.php?t=212419#p1108288 VLAN1 is seemingly used internally, and using it externally may create issues: https://forum.mikrotik.com/viewtopic.php?t=206946#p1071170 If you really cannot change those UNIFI VLAN 1 setti...
by jaclaz
Fri Dec 06, 2024 8:14 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 22
Views: 1249

Re: Configured for dual wan, now cant access the router though internet works

It is not a good idea to have a router facing the internet without a firewall, and thus granting connection to the router itself (Ok, a user NOT default and a secure password would help) and to any device in your LAN from the outside, but you have as gateways 192.168.1.1 and 192.168.8.1, so the devi...
by jaclaz
Fri Dec 06, 2024 6:43 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 967

Re: hAP ax lite LTE6 how to set as repeater

I have router in my garage and simply the signal in upper floor is pour but I have sockets RJ45 in each room so was thinking to connect Mikrotik to one of the socket and repeat same wifi as primary router in the garage. It is not at all clear (to me) what you are trying to achieve. You have a route...
by jaclaz
Fri Dec 06, 2024 2:28 pm
Forum: General
Topic: Wireguard over VRF
Replies: 5
Views: 586

Re: Wireguard over VRF

The question is: do you really need the VRF's?
Or you can with simpler different routing tables (fib)?

VRF's can be tricky as some services might not work on them (as an example DNS is only partially working), and unless really really needed it is better to avoid them.

Post your configuration.
by jaclaz
Fri Dec 06, 2024 11:47 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works
Replies: 22
Views: 1249

Re: Configured for dual wan, now cant access the router though internet works

Can winbox connect via MAC address? Instead of clicking on the IP address (that will populate the field "Connect To:" with 192.168.0.1, try clicking on the MAC address of the hex, the "Connect To." will be populated with the MAC address of the device. How did you manage to create...
by jaclaz
Thu Dec 05, 2024 6:52 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2386

Re: HEX Lite for routing between subnets [SOLVED]

Only to keep things as together as possible, the proposed solution by sindy was tested as working in a very similar setup, here: https://forum.mikrotik.com/viewtopic.php?t=213056 At the end a couple of blackhole routes were needed in addition to avoid the second device to be reached through the main...
by jaclaz
Thu Dec 05, 2024 5:51 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 1061

Re: Port based Routing to 2 identical IP [SOLVED]

Very good. :)
The syntax I posted was for Ros 7, sorry :oops: , but I see you adapted it to your Ros 6.x just fine :) .
by jaclaz
Thu Dec 05, 2024 5:42 pm
Forum: Wireless Networking
Topic: Which is fastest wifi device
Replies: 33
Views: 1998

Re: Which is fastest wifi device

Why, in my day ... [1]
All I had was a Sinclair Zx80, 1 kb memory and I had to solder components myself.
And we liked it
.... kids today.

[1] https://tinyapps.org/blog/200702250700_ ... y_day.html
by jaclaz
Thu Dec 05, 2024 3:13 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 1061

Re: Port based Routing to 2 identical IP [SOLVED]

What are the routes (/ip route print) at the time the machine is disconnected (pull the cable)? Very likely the routing rule (that is for "new-routing-mark=port1") that in your posted output is #0 is not anymore AS (Active, Static) but becomes just S or IS (Inactive), and either the "...
by jaclaz
Thu Dec 05, 2024 12:45 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2859

Re: Dual Router Configuration Setup Assistance

You can copy and paste those configurations on the board, only, please put them inside "code" tags, the button that looks like a fat dot inside square brackets or as </>, see:
viewtopic.php?t=203686#p1051720
by jaclaz
Wed Dec 04, 2024 8:34 pm
Forum: Beginner Basics
Topic: Problem with clients
Replies: 4
Views: 1454

Re: Problem with clients

The "active address" in that row seems to be assigned to MAC address 00:00:00:00:00:00, so maybe the base issue is not the missing client id, but the (empty) MAC.
by jaclaz
Wed Dec 04, 2024 8:18 pm
Forum: Beginner Basics
Topic: NAT forwarding issue
Replies: 1
Views: 324

Re: NAT forwarding issue

It may depend on other rules in the firewall or even in their actual position, the firewall (filter, mangle and nat) rules need to be checked in their entirety. It should not be needed, but usually an in-interface and out-interface is added to the forwarding rules, *like*: /ip firewall filter add ac...
by jaclaz
Wed Dec 04, 2024 7:56 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 1061

Re: Port based Routing to 2 identical IP [SOLVED]

Very good. :) What still needs to be cleared (at least to me) is whether the netmap and the dst-nat actions can be exchanged at will or not (it seems that in cases like this one both work, so it is not clear if there is a reason to prefer the one over the other). To be fair sindy did attempt to expl...
by jaclaz
Wed Dec 04, 2024 6:56 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 1061

Re: Port based Routing to 2 identical IP [SOLVED]

Yep, but we have no final report of success (if any) on that thread.

There is however a similar one where everything is seemingly working:
viewtopic.php?t=212702
(though still not a fully working complete configuration)
by jaclaz
Wed Dec 04, 2024 6:46 pm
Forum: Beginner Basics
Topic: Can't connect to one of my 2 RBSXT 5HnD
Replies: 13
Views: 1885

Re: Can't connect to one of my 2 RBSXT 5HnD

As a general rule, whenever you find in a Mikrotik a value that is normally text replaced by an asterisk "*" followed by a number (often a hex number) it basically means: "Here is a placeholder for something that did exist but has been removed/renamed/whatever and now I cannot find it...
by jaclaz
Wed Dec 04, 2024 6:24 pm
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 564

Re: Dual Wan link to some isp router

I think that the 2.5 Gb are actually written in the documents as "up to 2.5 Gb" and what you really get in practice is more like 1 Gb, see this (Italian): https://forum.fibra.click/d/32863-vodafone-fibra-25-gbs-velocita-wifi-ed-ethernet seemingly even if you tell them that you want to conn...
by jaclaz
Wed Dec 04, 2024 5:49 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3232

Re: am i using SOHO Firewall or not?

and if each bridge has one interface than how does the ports in the "boxes" communicate with each other since they're in different boxes? Through a clever use of straws. You can pierce a hole in the box, reach the orange and get the juice. Seriously, you have IP addresses assigned to the ...
by jaclaz
Wed Dec 04, 2024 11:21 am
Forum: General
Topic: Is mAP still relevant with RouterOS 7.16 ?
Replies: 5
Views: 424

Re: Is mAP still relevant with RouterOS 7.16 ?

At least for the moment, it is reported to work just fine with 7.x, see this post by holvoeth: https://forum.mikrotik.com/viewtopic.php?t=212925 https://forum.mikrotik.com/viewtopic.php?t=212925&hilit=map#p1111973 In the future there might be issues, but the good Mikrotik guys are doing their be...
by jaclaz
Wed Dec 04, 2024 10:46 am
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3232

Re: am i using SOHO Firewall or not?

Naaah, leave that fasttrack rule alone, if everything is working, you are surely better than before. Which doesn't mean that your configuration is "perfect" as there can be other things to fix, or to better, as more expert members advised, re-analyzing requirements and starting form a clea...
by jaclaz
Wed Dec 04, 2024 1:10 am
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 564

Re: Dual Wan link to some isp router

I am not sure to understand, you mean that your ISP Is bringing actual 2.5 Gbit to the house and then immediately bottlenecks It with an inadequate router/ONT?
Which Speed/bandwidth Is on the contract?
by jaclaz
Wed Dec 04, 2024 1:02 am
Forum: General
Topic: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]
Replies: 9
Views: 684

Re: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]

This needs to be fixed: interface list member add comment=defconf interface=bridgeLAN list=LAN add comment=defconf interface=ether1 list=WAN ether1 Is not anymore a self-standing interface, should be replaced by bridgeWAN. (or you could leave It as-is and add an entry for bridgeWAN as WAN) Post the ...
by jaclaz
Tue Dec 03, 2024 7:04 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3232

Re: am i using SOHO Firewall or not?

When you get an error: [Admin@MikroTik] > interface list [Admin@MikroTik] /interface/list> add name=Z-WAN failure: already have interface with such name [Admin@MikroTik] /interface/list> add name=INT-LAN failure: already have interface with such name [Admin@MikroTik] /interface/list> /interface list...
by jaclaz
Tue Dec 03, 2024 6:44 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1218

Re: Access LAN B from LAN A, but not LAN A from LAN B

The terminal is very similar to Linux (or Windows) command prompt). / <- means root Changing directory you don't need cd, you can use direct full path or first change to the intended path, i.e.: /ip route print will print routes /ip route print will first change to directory /ip route, and then prin...
by jaclaz
Tue Dec 03, 2024 12:03 pm
Forum: Wireless Networking
Topic: Improving Localization Accuracy with MikroTik RouterBOARD
Replies: 5
Views: 472

Re: Improving Localization Accuracy with MikroTik RouterBOARD

The antennas that come with the RB2011 are (in theory) omnidirectional ones, their emission shape is loosely a doughnut, which is fatter for lower antenna gains and slimmer for higher gain antennas, see this picture: https://www.radiolabs.com/images/omni-antenna-radiation-pattern.png And this thread...
by jaclaz
Tue Dec 03, 2024 10:53 am
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2859

Re: Dual Router Configuration Setup Assistance

It is difficult/confusing to get data from screenshots.
A textual export is much easier to read.

Besides the "wholesome":
/export file=myexport.txt

command, you can use in Winbox terminal a "section export", i.e.
/ip firewall filter export
and copy and paste the output.
by jaclaz
Tue Dec 03, 2024 1:04 am
Forum: Beginner Basics
Topic: help with LTE passthrough and vlan
Replies: 2
Views: 424

Re: help with LTE passthrough and vlan

This:
/ip address
add address=192.168.1.2 interface=vlan3 network=192.168.1.2
Is a /32 address/network.

Very likely you want instead a /24 one, i.e.
/ip address
add address=192.168.1.2/24 interface=vlan3 network=192.168.1.0
by jaclaz
Mon Dec 02, 2024 6:46 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1218

Re: Access LAN B from LAN A, but not LAN A from LAN B

Very likely you had to login to post and that triggered the "can view attachments" flag.
Take your time, the more you play with the tools and get familiar with them, the better :) .
by jaclaz
Mon Dec 02, 2024 5:21 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1218

Re: Access LAN B from LAN A, but not LAN A from LAN B

I think all these three solutions should be possible.
Personally I would prefer #3, as the Mikrotik right after the ISP router should allow more control and security, even if the ISP router cannot be put in bridge mode and there will be double NAT.
by jaclaz
Mon Dec 02, 2024 4:57 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 191
Views: 53058

Re: v7.17rc [testing] is released!

Forum users can't check support tickets, so no reason to post ticket numbers here It is of no use for other common forum members, but this way you or other Mikrotik staff happening to pass by and interested in a report on the forum may be able to check in more detail what the issue is, without need...
by jaclaz
Mon Dec 02, 2024 2:22 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1218

Re: Access LAN B from LAN A, but not LAN A from LAN B

I have no idea, I am just trying to understand the exact requirements and provide some expanded/explained context of your suggestions, so that even an absolute beginner (as the OP clearly is) can understand and replicate them. (my role is only that of a friendly, slightly more familiar with Ros, beg...
by jaclaz
Mon Dec 02, 2024 1:44 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1218

Re: Access LAN B from LAN A, but not LAN A from LAN B

To better understand, the solution anav suggested is for the topology on the right, whilst you would prefer the one of the left, correct?
It shouldn't be particularly difficult to transform the one into the other.
by jaclaz
Mon Dec 02, 2024 12:16 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1218

Re: Access LAN B from LAN A, but not LAN A from LAN B

Well, you have a pretty much sane (largely default) configuration, it is just a matter to learn a few things as also your intended final configuration (per anav's post) is pretty much standard. You now have: 1. a single ethernet port (ether1) self-standing and added as WAN to the interface list 2. a...
by jaclaz
Mon Dec 02, 2024 2:30 am
Forum: Wireless Networking
Topic: Improving Localization Accuracy with MikroTik RouterBOARD
Replies: 5
Views: 472

Re: Improving Localization Accuracy with MikroTik RouterBOARD

Which Routerboard device? With which antenna? On which frequency range (2.4 or 5 GHz)? On which Channel in the range? Any change in any of the above may modify - slightly or sensibly - the result. If you are looking for measuring distances, you might want to have a very directional antenna to minimi...
by jaclaz
Mon Dec 02, 2024 1:27 am
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1218

Re: Access LAN B from LAN A, but not LAN A from LAN B

Ah, ok, MacOS Is - as often happens - doing things its own way, AFAIK in Windows It Is not allowed and on Linux you need to add the -b switch. I now understand better your setup, the first router, the ISP one, is conceptually not really a router, in the sense that being not configurable (if not for ...
by jaclaz
Sun Dec 01, 2024 9:07 pm
Forum: General
Topic: icmp MTU
Replies: 5
Views: 351

Re: icmp MTU

I see, the issue is with (icmp) packet size (which is not MTU). It is strange that forwarded pings go through however, they should still be 56 bytes, I believe it is the default on most Operating Systems. Size of icmp packets in tool netwatch has been only implemented in later 7.x version I believe,...
by jaclaz
Sun Dec 01, 2024 8:15 pm
Forum: General
Topic: icmp MTU
Replies: 5
Views: 351

Re: icmp MTU

I don't know, but it sounds to me not normal :shock: that your router cannot ping normally an IP on the internet.
I would try to solve that problem before looking for a way to replicate a workaround you found :? .
by jaclaz
Sun Dec 01, 2024 8:00 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1246

Re: Firewall - drop rule within input chain

Sure :) , but at the moment you had posted only the input chain rules. I was trying to highlight how futile it was replacing a rule that doesn't do what is its intended goal (because it is in the wrong chain) with a (better) inverted logical approach that as well is in the wrong chain and thus fails...
by jaclaz
Sun Dec 01, 2024 7:29 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1218

Re: Access LAN B from LAN A, but not LAN A from LAN B

You could set it up like this: https://wiki.mikrotik.com/Manual:Simple_Static_Routing In that example, Router2 needs not an additional route because there is a gateway set (that automatically means 0.0.0.0/0 i.e. "everything" is reachable through it), i.e. the "upstream" route in...
by jaclaz
Sun Dec 01, 2024 6:00 pm
Forum: Virtualization
Topic: How to install Mikrotik CHR on Oracle Cloud always free instance?
Replies: 16
Views: 11117

Re: How to install Mikrotik CHR on Oracle Cloud always free instance?

I've seen this project on github, but I never figured out why it's needed... It depends on what hardware (real or virtual) you run the image on. Since several releases the image Mikrotik provides is not fully compliant with UEFI because the "system partition" is formatted as ext2fs (inste...
by jaclaz
Sun Dec 01, 2024 5:37 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7960

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

There must have been an obstruction in the notification drainpipe, now removed :wink:
https://www.bbc.co.uk/news/articles/cvg7x8l5pv2o
:lol:
by jaclaz
Sun Dec 01, 2024 5:17 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1246

Re: Firewall - drop rule within input chain

I want to block access to WAN for addresses from the list (that was my comment on this rule). Unless you have another recommendation. The combination of these two rules: add action=accept chain=input src-address-list=Authorized ... add action=drop chain=input comment="drop all else" give ...
by jaclaz
Sun Dec 01, 2024 2:14 pm
Forum: Beginner Basics
Topic: CHECK MY CONFIGURATION
Replies: 3
Views: 406

Re: CHECK MY CONFIGURATION

It seems to me like you have no (sensible) firewall filter rules. This can be very dangerous, your router (and network) is essentially open from the outside. On the other hand you have some not-so-common more advanced settings (ovpn. queues, etc.). It seems like it was configured by someone familiar...
by jaclaz
Sun Dec 01, 2024 1:55 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 777

Re: Bug in version in winbox and in routerboard

Hmmm. :? Just for the fun of it, run the Wireless Network watcher from Nirsoft (it is not for wireless only): https://www.nirsoft.net/utils/wireless_network_watcher.html besides other things, it identifies "Network Adapter Company" (cannot say if via MAC or through other means) my guess is...
by jaclaz
Sun Dec 01, 2024 12:57 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 2859

Re: Dual Router Configuration Setup Assistance

It seems to me like the first thing you should do is to get Winbox (the dedicated program to manage Mikrotik gear) and use it instead of what you are using now (I presume browser, i.e. webfig). https://mikrotik.com/download One of the distinctive advantages of Winbox is that it can usually connect t...
by jaclaz
Sun Dec 01, 2024 12:18 am
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3232

Re: am i using SOHO Firewall or not?

@anav
In the OP's current config the DNS server Is on another device, 192.168.1.9.
by jaclaz
Sat Nov 30, 2024 8:51 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 777

Re: Bug in version in winbox and in routerboard

And you also spoof the MAC to a TP-LINK one? :shock:
by jaclaz
Sat Nov 30, 2024 8:22 pm
Forum: Scripting
Topic: Running a script from Netwatch doesn't work
Replies: 14
Views: 1092

Re: Running a script from Netwatch doesn't work

Possibly a stupid idea :shock: , but would it be possible to generate a log entry with the variable and its value and then parse it out from the log? :?:
The log is usually volatile (in ram, doesn't survive reboot), isn't it?
by jaclaz
Sat Nov 30, 2024 7:55 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 3232

Re: am i using SOHO Firewall or not?

@Mossii Maybe you need some background to understand the set of configuration johnson73 provided. Here you define two interface lists, one is LAN or inside/safe, the other one is WAN or outside/dangerous: /interface list add name=WAN add name=LAN Here you define which interfaces are what, a default ...
by jaclaz
Sat Nov 30, 2024 3:59 pm
Forum: Scripting
Topic: Netwatch script to check if plugged in
Replies: 1
Views: 202

Re: Netwatch script to check if plugged in

Netwatch is triggered by a change in the status of pinging <some address>, and the discrimination is only between ping OK and ping NOT OK.

If the pinging always fails, no matter if the ether interface has a connection or not, it won't be triggered, I believe.
by jaclaz
Sat Nov 30, 2024 1:03 pm
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 683

Re: First script problem - just won't execute

Besides it being useful or not, I am failing to understand the logic of the if conditions (i am just trying to understand). The base condition is whether $bound is 1 or not: a. if $bound is not 1, then remove ALL routes with that comment b. if $bound is 1 then: b.1 if there is not a route with that ...
by jaclaz
Sat Nov 30, 2024 12:06 am
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 777

Re: Bug in version in winbox and in routerboard

OT, but calling the router Archer AX53 seems to me a touch of genius. :lol:
by jaclaz
Fri Nov 29, 2024 11:42 pm
Forum: General
Topic: Help with Extending WAN Physically with VLAN's.
Replies: 11
Views: 823

Re: Help with Extending WAN Physically with VLAN's.

Not what you asked, but the (good?) ol' way :shock: would have been to protect the router putting it inside an electrical box or, if WAF is involved, a hand made wooden box and keep the LAN topology as is. I guess this shows how old I have become, attempting to solve problems with last century techn...
by jaclaz
Fri Nov 29, 2024 11:33 pm
Forum: General
Topic: How to predefine hostnames for DHCP leases?
Replies: 11
Views: 1727

Re: How to predefine hostnames for DHCP leases?

it is *very* usefull to dynamically booting diskless machines.
This.
I usually boot (dynamically) two or three diskless machines every day, just before breakfast.
by jaclaz
Fri Nov 29, 2024 7:34 pm
Forum: Beginner Basics
Topic: Just updated mAP firmware and now it's broke
Replies: 4
Views: 492

Re: Just updated mAP firmware and now it's broke

Don't worry :) , it happens to everyone, it is the second mistake that happens to everyone (the first one is losing access to the device when fiddling with settings and needing to reset it). The mAP should run fine with latest 6.x version (6.49.17 if I recall correctly) whilst with v 7.x versions it...
by jaclaz
Fri Nov 29, 2024 7:21 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1224

Re: Setup mAP in reverse config from default

0. ether1 is an interface and it has its own "dignity" and you can assign an address to it. But when you add it to a bridge, the bridge is *like* WE ARE THE BORG; YOU WILL BE ASSIMILATED.YOUR UNIQUENESS WILL BE ADDED TO OUR COLLECTIVE. RESISTANCE IS FUTILE. :wink: the individual address of...
by jaclaz
Fri Nov 29, 2024 5:10 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1224

Re: Setup mAP in reverse config from default

Well, which IP address are you pinging? The bridge has none set. Only ether1 has one (and it is a /32): /ip address add address=172.31.246.2 interface=ether1 network=172.31.246.2 Try running /ip address print and post the output. Same for /ip route print, this way we can understand what happens with...
by jaclaz
Fri Nov 29, 2024 4:25 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1224

Re: Setup mAP in reverse config from default

I meant conceptually (since I'm not sure IP firewall rules are even processed when ports are bridged). But just in case, I added accept rules for in/out/fwd at the top of the list, and no difference. There must be a reason for this I don't understand Conceptually firewall should be not part of the ...
by jaclaz
Fri Nov 29, 2024 4:07 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1224

Re: Setup mAP in reverse config from default

Do I have to adjust firewall rules to permit something here?
We won't know until you post your current configuration for review.
by jaclaz
Fri Nov 29, 2024 4:06 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1224

Re: Setup mAP in reverse config from default

Well, the setup I posted is (intentionally) static only, it is that of a device that I use to give wireless connectivity to a device that has only a wired port but is physically in a room where there is not an ethernet cable arriving nearby. In your case you may want or need to set it with a DHCP cl...
by jaclaz
Fri Nov 29, 2024 11:44 am
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 917

Re: Best way to setup backup route

Yep, sometimes the terminology can be confusing. Routes are just routes (and the go in /ip route). Routing rules are a mechanism for policy routing (that go in /routing rules) that allow to "filter" and modify some particular connections, you can think of them as similar to mangle rules (t...
by jaclaz
Fri Nov 29, 2024 11:20 am
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1224

Re: Setup mAP in reverse config from default

Ok, here is the (very, very basic) configuration that you could use as a base: # nov/29/2024 10:09:05 by RouterOS 6.49.17 # software id = [redacted] # # model = RouterBOARD 941-2nD # serial number = [redacted] /interface bridge add admin-mac=[redacted] auto-mac=no name=bridge1 /interface wireless se...
by jaclaz
Fri Nov 29, 2024 11:13 am
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1224

Re: Setup mAP in reverse config from default

Post what you have, see instructions here:
viewtopic.php?t=203686#p1051720

If you want a reference, I have somewhere a hap lite (should be very similar to the map/map lite) with a very simple configuration that I can share.
by jaclaz
Thu Nov 28, 2024 9:28 pm
Forum: Beginner Basics
Topic: Only one direction PING possible
Replies: 6
Views: 966

Re: Only one direction PING possible

You must have somehow mixed the printout. Let's start with the main router (the one you posted the configuration on first post) you have on it two IP addresses assigned: /ip address add address=192.168.1.1/24 interface=LAN-Bridge network=192.168.1.0 add address=192.168.0.3/24 interface=ether1-WAN ne...
by jaclaz
Thu Nov 28, 2024 7:04 pm
Forum: General
Topic: fingerprinting
Replies: 8
Views: 1046

Re: fingerprinting

Wait for 802.11az wide adoption? :shock:
by jaclaz
Thu Nov 28, 2024 7:02 pm
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 917

Re: Best way to setup backup route

Because I setup all my forwarding firewall rules to be port specific (eg: rule applies if going out ether1). How do you handle that? Is there a way to make the rules to refer to a group of ports (so it will automatically apply to port 1 and port 3)? Or do I have to duplicate a bunch of rules? Since...
by jaclaz
Thu Nov 28, 2024 5:27 pm
Forum: General
Topic: fingerprinting
Replies: 8
Views: 1046

Re: fingerprinting

Excuse me rextended, if I get this right, that means an untold: Hey, user, you won't connect to my wifi. The more knowledgeable users might read the above unwritten message as: Hey, user, you won't connect to my wifi unless you disable the randomized MAC address feature of your device (yes the one t...
by jaclaz
Thu Nov 28, 2024 5:14 pm
Forum: Beginner Basics
Topic: multple vlans same dhcp subnet
Replies: 4
Views: 530

Re: multple vlans same dhcp subnet

...and - as generic advice - don't use VLAN1, it is used internally and can cause issues in a configuration. Use (say) VLAN10 and VLAN20, instead. ether2? Instead of a supout, follow this post here: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and post your (anonymized) configuration. ...
by jaclaz
Wed Nov 27, 2024 7:20 pm
Forum: Wireless Networking
Topic: Connect Mikrotik as Bridge Station to a router from a different company
Replies: 3
Views: 352

Re: Connect Mikrotik as Bridge Station to a router from a different company

If you use the Mikrotik as a switch you need to use one of the available (station-) bridge modes, if you are going to use it as a router, then you want to the "plain" station mode.
by jaclaz
Wed Nov 27, 2024 4:12 pm
Forum: General
Topic: Netinstall issue
Replies: 4
Views: 416

Re: Netinstall issue

Any bright ideas? Cannot say if bright, but once removed possible issues with the Windows firewall, the common advice is to have ONLY the ethernet port in use enabled on the PC (if it is a laptop or however has also another wireless interface - and you did that) and use a dumb switch between the PC...
by jaclaz
Wed Nov 27, 2024 3:49 pm
Forum: Wireless Networking
Topic: Connect Mikrotik as Bridge Station to a router from a different company
Replies: 3
Views: 352

Re: Connect Mikrotik as Bridge Station to a router from a different company

One Mikrotik would be enough. You want to use station pseudobridge mode (or possibly station-pseudobridge-clone). If you have two Mikrotiks, you can use station bridge mode, but if there is a single device connected to the station, there should be no difference in practice between the three and four...
by jaclaz
Wed Nov 27, 2024 11:24 am
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 791

Re: bridge has stopped working, all ports marked as not running

Maybe it could be changed from "not running" (that does sound like there is a problem with the interface) to something like "no connection" (that would mean both an empty port or a port connected to a device that is off)? :?:
by jaclaz
Wed Nov 27, 2024 11:05 am
Forum: General
Topic: Subnet-to-subnet only works in one direction
Replies: 2
Views: 349

Re: Subnet-to-subnet only works in one direction

You have three bridges? /ip address add address=192.168.131.1/24 interface="Infrastructure Bridge" network=192.168.131.0 add address=192.168.132.1/24 interface="Full-access Bridge" network=192.168.132.0 add address=192.168.133.1/24 interface="Limited-access Bridge" netw...
by jaclaz
Wed Nov 27, 2024 12:07 am
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1224

Re: Setup mAP in reverse config from default

In Mikrotik client is called "station".
And there are a few modes available, you want station pseudobridge, see:
https://help.mikrotik.com/docs/spaces/R ... tion+Modes
by jaclaz
Tue Nov 26, 2024 12:19 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2386

Re: HEX Lite for routing between subnets [SOLVED]

I am happy to report that I can finally get UDP packets from the devices to the controller. Thank you to all who contributed!
It would be useful if you could post the final configuration that works for you, so that it can be useful as a reference for other people that may need something similar.
by jaclaz
Mon Nov 25, 2024 8:48 pm
Forum: RouterBOARD hardware
Topic: Quickset modes C53UiG+5HPaxD2HPaxD
Replies: 13
Views: 1698

Re: Quickset modes C53UiG+5HPaxD2HPaxD

This is a snippet from the posted file: /interface wifi # chains not supported set [ find default-name=wifi1 ] channel.skip-dfs-channels=disabled \ configuration.antenna-gain=0 .chains=0,1,2,3,4,5,6,7 .country=Italy \ .dtim-period=1 .hide-ssid=no .manager=local .mode=ap .multicast-enhance=\ disabled...
by jaclaz
Mon Nov 25, 2024 7:01 pm
Forum: Wireless Networking
Topic: Mini ISP Setup, help needed
Replies: 9
Views: 617

Re: Mini ISP Setup, help needed

Yep, but you cannot squeeze lemon juice from cucumbers, if all OP can get is: 300Mbps download / 50Mbps upload. that's it. I would assume that some firewall rules will be needed, the 750 GR3 that can be expected in theory to have 265.2 Mbps routing is weak, the hex refresh at 498.1 Mbps seems like m...
by jaclaz
Mon Nov 25, 2024 2:26 pm
Forum: Wireless Networking
Topic: Mini ISP Setup, help needed
Replies: 9
Views: 617

Re: Mini ISP Setup, help needed

Yep, but you are planning to have 2, 20 or 200 customers? The 750Gr3 as "central router" seems like a very weak device for many users, but if you are convinced that it is powerful enough and if you have to buy new, a new more powerful version of the hex was just released: https://mikrotik....
by jaclaz
Mon Nov 25, 2024 12:07 pm
Forum: Wireless Networking
Topic: wAP ax as replacement for old UniFi AC Pro?
Replies: 11
Views: 1182

Re: wAP ax as replacement for old UniFi AC Pro?

Yep, I meant coverage (and its "shape"). Let's take a square room 6m x 6m. The ideal situation would be a cAP in the center of the ceiling as it supposedly toroidal (doughnut) emission shape should cover everything. If you put a wAP on (say) the north wall, in the middle, it will probably ...
by jaclaz
Mon Nov 25, 2024 1:38 am
Forum: General
Topic: Minimum requirement to be a official Mikrotik consultant
Replies: 14
Views: 979

Re: Minimum requirement to be a official Mikrotik consultant

To be fair, "we expect" has a meaning which Is (IMHO) very different from "are required".
It seems more like a "good willing wish" than a contractual clause.
by jaclaz
Mon Nov 25, 2024 1:08 am
Forum: Wireless Networking
Topic: wAP ax as replacement for old UniFi AC Pro?
Replies: 11
Views: 1182

Re: wAP ax as replacement for old UniFi AC Pro?

Then probably the wAP is just fine for your use, and the cAP - set aside the 160 MHz width - would have been less suitable. But it is really hard to say as indoors there are reflections/absorptions/whatever that may make the real world coverage different from the theoretical or geometrical one. The ...
by jaclaz
Sun Nov 24, 2024 8:22 pm
Forum: Beginner Basics
Topic: Only one direction PING possible
Replies: 6
Views: 966

Re: Only one direction PING possible

Very likely in routers 3 and 2 you have a route for 0.0.0.0/0 pointing "upstream". And of course in main router you have a route for 0.0.0.0/0 pointing to the ISP router: /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.1 \ pref-src="" routing-table=ma...
by jaclaz
Sun Nov 24, 2024 7:09 pm
Forum: Wireless Networking
Topic: How to increase wifi signal distance/strenght ?
Replies: 10
Views: 786

Re: How to increase wifi signal distance/strenght ?

I can’t increase the transmit power on my mobile device (in this case the PlayStation 5) but it’s maybe possible to do it on my mikrotik right ? Yep, but it is two way communication. The PS5 may be able to "hear" the Mikrotik if it "shouts", but the Mikrotik may still not be abl...
by jaclaz
Sun Nov 24, 2024 6:57 pm
Forum: Wireless Networking
Topic: wAP ax as replacement for old UniFi AC Pro?
Replies: 11
Views: 1182

Re: wAP ax as replacement for old UniFi AC Pro?

Be aware of the meaning of the model name and consequently its radiation pattern: c=ceiling omnidirectional (360°, at least in theory) w=wall directional 90° to maybe 120° or so. The radiation pattern of the Wap seems to be like an off center ball with a flat bottom, see: https://forum.mikrotik.com/...
by jaclaz
Sun Nov 24, 2024 12:26 pm
Forum: General
Topic: Winbox vs Webfig
Replies: 5
Views: 1037

Re: Winbox vs Webfig

I like to think that since RouterOS is under the hood a derivative from Linux, GUI parts, both Winbox and Webfig, are "overlays" over textual commands. You can normally connect to a Mikrotik device via SSH (or telnet) and do all the configuration on the command line. What happens - particu...
by jaclaz
Sun Nov 24, 2024 2:29 am
Forum: Wireless Networking
Topic: cAP AC XL to bridge from apartment wifi?
Replies: 5
Views: 472

Re: cAP AC XL to bridge from apartment wifi?

Ah, I see now, you were talking CAD, the price in US$ are correct ( in line with official list price). The cost of shipping seems crazy to me, I understand that Canada is a large country, but the parcel would be small and weight less than half a kg. The cAP ac XL on that same site Is 145 CAD/99 US$,...
by jaclaz
Sat Nov 23, 2024 6:01 pm
Forum: Wireless Networking
Topic: cAP AC XL to bridge from apartment wifi?
Replies: 5
Views: 472

Re: cAP AC XL to bridge from apartment wifi?

The Cap AC XL, before and besides any other consideration, is now an old device, with only 16 Mbyte of storage, which is already starting to be an issue with current Ros v7 (upgrading may be complex). You could consider the newish Wap Ax: https://mikrotik.com/product/wap_ax It is talked about here: ...
by jaclaz
Sat Nov 23, 2024 5:27 pm
Forum: Beginner Basics
Topic: Brand new CRS-305-1G-4S+-IN, login doesn't work
Replies: 12
Views: 2520

Re: Brand new CRS-305-1G-4S+-IN, login doesn't work

There is no secret.
There are some requirements for security mandated by the EU that the good Mikrotik guys believe they are complying with in this way.

JFYI:
viewtopic.php?p=1093341
by jaclaz
Sat Nov 23, 2024 4:10 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2386

Re: HEX Lite for routing between subnets [SOLVED]

Ok, I did a few tests in GNS3, and the vrf approach seems to be working (at least I can ping both with ICMP and UDP from PC to the two targets). Setup: VPCS named PC-source set with ip 192.168.0.254/24 connected to ether1 of a Mikrotik CHR (runnning 7.15.3) VPCS named target1 set with ip 192.168.10....
by jaclaz
Fri Nov 22, 2024 5:06 pm
Forum: Beginner Basics
Topic: hAP ax3: change default internet port ether1 to ether2 [SOLVED]
Replies: 23
Views: 1602

Re: hAP ax3: change default internet port ether1 to ether2 [SOLVED]

Yes, that one (with no marker) is static, the one below it is coming from the DHCP and is marked with D (Dynamic). And then you can remove the (only) static rule, the markings on the first: # DST-ADDRESS GATEWAY DISTANCE 0 As+ 0.0.0.0/0 10.221.215.1 1 mean that it is #0 (i.e. you can remove it) then...
by jaclaz
Fri Nov 22, 2024 4:36 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2386

Re: HEX Lite for routing between subnets [SOLVED]

I don't know, as said I believe (but I may well be wrong) that netmap maps "everything", but maybe there is the need to specify protocols and/or ports. :? But then it could be that for *some reasons* your tool/program/whatever does not expect this kind of netmapping from/to IP addresses. I...
by jaclaz
Fri Nov 22, 2024 11:07 am
Forum: Beginner Basics
Topic: hAP ax3: change default internet port ether1 to ether2 [SOLVED]
Replies: 23
Views: 1602

Re: hAP ax3: change default internet port ether1 to ether2 [SOLVED]

Yep, but you probably should do the reverse. Remove the static address and let the DHCP client run. Since the DHCP server is managed (I believe) by your ISP if they change it (for whatever reason) to another subnet your static assigned address will become m00t. Moreover the DHCP server will provide ...
by jaclaz
Fri Nov 22, 2024 7:49 am
Forum: Beginner Basics
Topic: hAP ax3: change default internet port ether1 to ether2 [SOLVED]
Replies: 23
Views: 1602

Re: hAP ax3: change default internet port ether1 to ether2 [SOLVED]

It looks mostly fine to me :) , the only thing you should re-check is: /ip address add address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0 add address=10.221.215.2/24 interface=ether5 network=10.221.215.0 /ip dhcp-client add comment=defconf interface=ether5 ether5 has bot...
by jaclaz
Thu Nov 21, 2024 11:13 pm
Forum: Beginner Basics
Topic: hAP ax3: change default internet port ether1 to ether2 [SOLVED]
Replies: 23
Views: 1602

Re: hAP ax3: change default internet port ether1 to ether2 [SOLVED]

The advice Is to NOT touch anymore Quickset, not even for viewing its current settings. Is time you start evolving from absolute beginner, read this post: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and follow the instructions and post your full configuration. There is something "...
by jaclaz
Thu Nov 21, 2024 6:48 pm
Forum: Beginner Basics
Topic: hAP ax3: change default internet port ether1 to ether2 [SOLVED]
Replies: 23
Views: 1602

Re: hAP ax3: change default internet port ether1 to ether2 [SOLVED]

My appologies, I have never seen that eth1 is a combined port. Yep :) , and of course which port has PoE IN is not specified on the Ax3 page, probably it is left as an exercise for the reader. The sad news (OT but not much) are that this sloppy way to document devices and their features is becoming...
by jaclaz
Thu Nov 21, 2024 6:07 pm
Forum: Beginner Basics
Topic: hAP ax3: change default internet port ether1 to ether2 [SOLVED]
Replies: 23
Views: 1602

Re: hAP ax3: change default internet port ether1 to ether2 [SOLVED]

Befor you follow these steps (which are explained quit well!): The eth1 is a PoE in port, you will have to connect the cAP AX to eth5 of the hAP AX3 to have it powering the cAP AX. The ether1 is PoE-Out on the A x 3: https://mikrotik.com/product/hap_ax3 PoE-out Details PoE-out ports Ether 1 PoE out...
by jaclaz
Thu Nov 21, 2024 5:36 pm
Forum: General
Topic: CRS312-4C+8XG - routing performance
Replies: 4
Views: 419

Re: CRS312-4C+8XG - routing performance

Well, the CRS should be written as C R S to better convey the performance of the device. And the proxy for real world performance is the 512 byte packet, so without any firewall rule, it is more like 300 Mbps. For around 1 Gb throughput, I presume with just 1 WAN connection, instead of a replacement...
by jaclaz
Thu Nov 21, 2024 3:10 pm
Forum: Beginner Basics
Topic: Solid blue and flashing link light / New Install
Replies: 3
Views: 363

Re: Solid blue and flashing link light / New Install

What I don't understand from your post is whether you just took the two cubes out of the box(es) and attempted connecting them or if you configured them (via Winbox or Webfig or SSH). In the first case it could be a factory mis-configuration of one device, in the second it could be a mis-configurati...
by jaclaz
Thu Nov 21, 2024 3:03 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2386

Re: HEX Lite for routing between subnets [SOLVED]

there must be a typo/inversion in the referenced post :shock: chain is dstnat action is netmap. your: /ip firewall nat add action=dst-nat chain=netmap dst-address=192.168.0.170 to-addresses=192.168.10.2 add action=dst-nat chain=netmap dst-address=192.168.0.171 to-addresses=192.168.10.2 should be: /i...
by jaclaz
Thu Nov 21, 2024 12:47 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2386

Re: HEX Lite for routing between subnets [SOLVED]

I would define "rare" the case that something Sob suggests is not working. Post your full configuration, maybe there is *something else* that needs to be corrected or some "wrong" other setting that some of forum members may be able to spot.. Netmap (from what I understand) shoul...
by jaclaz
Thu Nov 21, 2024 12:29 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2386

Re: HEX Lite for routing between subnets [SOLVED]

So you are on 6.x (routing-mark in /ip route).
Sob's suggestion here:
viewtopic.php?t=187178#p942405
uses netmap, not dst-nat.
That may (or may not) make a difference.
by jaclaz
Thu Nov 21, 2024 12:23 am
Forum: General
Topic: same subnet
Replies: 6
Views: 791

Re: same subnet

Only as a side note, in the 192.168 range you have only 256 /24 subnets.
In the 10 range you have 256*256=65536.
A collision is still possible, but it is definitely less probable.
Particularly if users use 192.168.x.0/24 ranges :wink:
by jaclaz
Wed Nov 20, 2024 7:25 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 2386

Re: HEX Lite for routing between subnets [SOLVED]

I think a line must be drawn somewhere, it is not the first and only case why someone might want or need to have several devices with the same IP. Only as examples: https://forum.mikrotik.com/viewtopic.php?t=119134 https://forum.mikrotik.com/viewtopic.php?t=187178 https://forum.mikrotik.com/viewtopi...
by jaclaz
Tue Nov 19, 2024 6:28 pm
Forum: Beginner Basics
Topic: L009UiGS-2HaxD as WiFi Bridge?
Replies: 7
Views: 1268

Re: L009UiGS-2HaxD as WiFi Bridge?

Well, your ISP router should be running a DHCP server, which you want to keep as "authoritative". You can set the Mikrotik as an AP bridge (i.e with all intefaces, including the Radio/Wi-Fi into a single bridge, with only one ether interface - advised - kept out of the bridge for emergency...
by jaclaz
Sun Nov 17, 2024 8:38 pm
Forum: General
Topic: RB3011UiAS Slow Upload [SOLVED]
Replies: 4
Views: 578

Re: RB3011UiAS Slow Upload [SOLVED]

Interesting that the LCD use can have such dramatic consequences. If we consider the usual proxy for real world speed, routing 512 bytes packets with 25 firewall rules:: https://mikrotik.com/product/RB3011UiAS-RM#fndtn-testresults at 452.6 Mbps you are already at the upper limit of what is achievabl...
by jaclaz
Sun Nov 17, 2024 12:05 pm
Forum: Beginner Basics
Topic: L009UiGS-2HaxD as WiFi Bridge?
Replies: 7
Views: 1268

Re: L009UiGS-2HaxD as WiFi Bridge?

Let's clear the requisites/intended setup first. The network/internet is connected by wire to the Mikrotik and you want some devices (printer as an example) to connect wirelessly to it. If this is the case, you want the Mikrotik to be an Access Point, not a client (station). Even if it is technicall...
by jaclaz
Sun Nov 17, 2024 2:49 am
Forum: General
Topic: CRS112-8P low voltage error for 24V POE devices
Replies: 8
Views: 655

Re: CRS112-8P low voltage error for 24V POE devices

... or some sort of step-down-device from 48V to 24V you could just plug between the 48V supply. Or something like that.
... like:

https://mikrotik.com/product/rbgpoe_con_hp
by jaclaz
Sat Nov 16, 2024 12:03 pm
Forum: Beginner Basics
Topic: Netwatch a Windows 11 firewalled client
Replies: 9
Views: 523

Re: Netwatch a Windows 11 firewalled client

You could add a custom rule to the Windows firewall allowing reply to ping only if the ping comes from a given IP address, some examples here: https://www.wintips.org/how-to-allow-ping-in-windows-firewall/ https://superuser.com/questions/1696779/enable-ping-in-windows-server-for-specific-ip-addresse...
by jaclaz
Fri Nov 15, 2024 11:49 am
Forum: Beginner Basics
Topic: Chateau 5G free space problem
Replies: 8
Views: 830

Re: Chateau 5G free space problem

...and that $500 piece of hardware is now discontinued: https://mikrotik.com/product/chateau_5g and the new one has 128 Mb: https://mikrotik.com/product/chateau_5g_ax for around the same price (if you consider some inflation). The good Mikrotik guys were IMHO a bit "tight" when designing t...
by jaclaz
Fri Nov 15, 2024 11:31 am
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

You know, it all depends on the family and their LIAF (Lack of Internet Acceptation Factor), staying a few days without internet might be viewed either as a good, relaxing experience or as an unbearable nightmare. If the cameras are "just for fun" it won't be an issue, but if they are actu...
by jaclaz
Fri Nov 15, 2024 11:05 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 3082

Re: wAP coverage -- picture included

Viktors says wAP stands for "wireless access point". 😉
I think that that is only to distinguish it from wired access points :roll: :wink:
:lol:
by jaclaz
Fri Nov 15, 2024 1:01 am
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

To be fair, 36 bucks at a 7% compound interest could become over 50$ in 5 years time. One of Murphy's Law corollaries tells us that if a SPF fails, it will do so just after 6 PM on Friday or anyway before 1 PM on Saturday. So one needs to evaluate if 4-5 days without the link are worth around 50 dol...
by jaclaz
Thu Nov 14, 2024 11:53 pm
Forum: Wireless Networking
Topic: multiple upgrade cAP XL ac through CAPs Manager
Replies: 2
Views: 321

Re: multiple upgrade cAP XL ac through CAPs Manager

You cannot normally update from 6.x.y to 7.16 directly. The procedure is to first update to 7.12 something and only then update to higher version. Upgrading 18 devices all together without having tested the procedure on a 19th identical device in lab seems to me a bit bold, but maybe I am overcautio...
by jaclaz
Thu Nov 14, 2024 11:09 pm
Forum: General
Topic: Sonos bridge RX looped packet.
Replies: 4
Views: 365

Re: Sonos bridge RX looped packet.

The simple switch may (or may not) use a different loop prevention method (or none at all). The Mikrotik switch may ( or may not) run STP or RSTP or something else: https://www.geeksforgeeks.org/difference-between-spanning-tree-protocol-stp-and-rapid-spanning-tree-protocol-rstp/ You could try disabl...
by jaclaz
Thu Nov 14, 2024 9:11 pm
Forum: Beginner Basics
Topic: Map devices with identical IP to external IP based on port
Replies: 5
Views: 561

Re: Map devices with identical IP to external IP based on port

When you say in Mikrotik (example): 192.168.1.1/24 You are saying: IP address: 192.168.1.1 Netmask: 255.255.255.0 or 24 in CIDR notation When you are saying: 192.168.1.0/24 You are saying: Network: 192.168.1.0 Netmask: 255.255.255.0 or 24 in CIDR notation In some places it may be unneeded, but in mo...
by jaclaz
Thu Nov 14, 2024 8:17 pm
Forum: General
Topic: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.
Replies: 35
Views: 5153

Re: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.

Depends where you live, in small communities, people with same interest/occupation gathers and talk, you never know what you can find out... Well, in small communities you don't even need to share interests or occupation, if the boyfriend of the cousin of the friend of your brother-in-law likes a f...
by jaclaz
Thu Nov 14, 2024 8:01 pm
Forum: General
Topic: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.
Replies: 35
Views: 5153

Re: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.

Key word "environment", which makes company environments much more sensitive than home users environment. If somehow I find out that my ISP is using such way to update their router, from public source script without proper automated source checks / sanitization, I will be concerned and pr...
by jaclaz
Thu Nov 14, 2024 7:52 pm
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

Sure, you can disable radios just fine.

Then (what I would do if radios is disabled and the antennas are unwanted) you should replace the big ears with dummy loads, to be on the safe side.
by jaclaz
Thu Nov 14, 2024 6:59 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 307
Views: 88963

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

But there is nothing to argue about, when doing *anything* there are some risks involved, everyone should be able to evaluate these risks and decide whether to take them or not.

Personally, if it wasn't that I need internet access, I would have only air-gapped systems :wink: .
:lol:
by jaclaz
Thu Nov 14, 2024 6:39 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 307
Views: 88963

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

The raised issue is not related to MITM attacks, possible attack vector is the following, whenever you "blindly" trust a third party and use a given external address/domain on which you have not full control: 1) someone (in perfect good faith) provides a service of some kind 2) you connect...
by jaclaz
Thu Nov 14, 2024 6:05 pm
Forum: Wireless Networking
Topic: Problem with Wireless, DHCP does not working. [SOLVED]
Replies: 4
Views: 473

Re: Problem with Wireless, DHCP does not working. [SOLVED]

Possibly not connected to your issue, but you have a couple instances of "something" with an asterisk followed by a (hex) number, this means that there was something with a valid name/reference that was later deleted or renamed. These entries are in the best case doing nothing, in the wors...
by jaclaz
Thu Nov 14, 2024 5:51 pm
Forum: Beginner Basics
Topic: Time problem all the time
Replies: 4
Views: 429

Re: Time problem all the time

How can I check if the time is synchronized in which log?
In the normal log there should be an entry each time the date/time is synchronized via NTP, an entry *like*:
2024-09-19T07:47:44.224614-04:00 system,critical,info ntp change time Sep/18/2024 23:16:01 => Sep/19/2024 07:47:44
by jaclaz
Thu Nov 14, 2024 4:58 pm
Forum: General
Topic: wAP AC wireless or qcom?
Replies: 14
Views: 819

Re: wAP AC wireless or qcom?

So extensive they missed 2 reboot steps to make it clear, as shown by the last posts in this thread :lol:
"Extensive" does not necessarily mean "accurate", let alone "clear".
:lol:
by jaclaz
Thu Nov 14, 2024 11:45 am
Forum: SwOS
Topic: RB260GS - Cannot reset to factory defaults [SOLVED]
Replies: 10
Views: 868

Re: RB260GS - Cannot reset to factory defaults [SOLVED]

Is there a way of netinstall RB260GS? Yes and no :shock: No netinstall, but BOOTP/TFTP should work, see: https://forum.mikrotik.com/viewtopic.php?t=145981 The info is now here: https://wiki.mikrotik.com/SwOS/RB250_RB260#Reinstall_SwOS_firmware In any case the ACT led needs to be blinking, so that i...
by jaclaz
Thu Nov 14, 2024 11:22 am
Forum: RouterBOARD hardware
Topic: HEX S sometimes fails to start properly [SOLVED]
Replies: 7
Views: 1237

Re: HEX S sometimes fails to start properly [SOLVED]

Happy to hear a story of success. :)
by jaclaz
Thu Nov 14, 2024 11:15 am
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

Well, a camera stream can be in order of magnitude of 2 to 4 Mbps (high resolution ones 8 Mbps), good old rule of the thumb is double the camera resolution if using (as most do) H.264, see:
https://reolink.com/blog/ip-camera-band ... lculation/

So a few cameras won't make a problem in your setup.
by jaclaz
Thu Nov 14, 2024 11:01 am
Forum: Beginner Basics
Topic: Time problem all the time
Replies: 4
Views: 429

Re: Time problem all the time

Also, in log, you should see when the time changes and by what amount, the sync should happen once every day or less often and the change should be seconds at the most. The "default" mode for the NTP client is "unicast", unless you have reasons for it to be set as "multicast...
by jaclaz
Wed Nov 13, 2024 9:27 pm
Forum: Beginner Basics
Topic: Map devices with identical IP to external IP based on port
Replies: 5
Views: 561

Re: Map devices with identical IP to external IP based on port

Well, you have something wrong in the way you copied the configuration here adapting to your addresses. The configuration posted by Sob there: https://forum.mikrotik.com/viewtopic.php?t=187178#p942405 is the "reverse" of the one you just posted, and it uses an approach that is (was) intend...
by jaclaz
Wed Nov 13, 2024 11:37 am
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

I don't think that the one or the other solution would give you any particular issue or advantage, they seem to me substantially the same in performance, and given the 50/100 internet speed they are both fine, speedwise. If you can afford the higher expense, the two L009's would IMHO be better for a...
by jaclaz
Wed Nov 13, 2024 1:22 am
Forum: Wireless Networking
Topic: wAP ax?
Replies: 250
Views: 29824

Re: wAP ax?

WAP has seemingly a much higher WAF.
by jaclaz
Tue Nov 12, 2024 11:54 pm
Forum: Wireless Networking
Topic: Brand New 2024 SXT LTE Kit Connection Issue.
Replies: 3
Views: 362

Re: Brand New 2024 SXT LTE Kit Connection Issue.

What you report Is strange, if I get It right.

Use network APN must be set to no if you are manually setting an APN, if use network APN is set to yes, the one you are providing will be ignored, see:
viewtopic.php?t=210031
by jaclaz
Tue Nov 12, 2024 8:34 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 994

Re: How does (my) firewalling/routing work? [SOLVED]

I'll work on that later when wife is in bed. I want to stay married. Well, JFYI, if you happen to accidentally cut off internet, it is unlikely that the marriage will break up :o , the outcome is usually either that of wife not talking to you for several days or deciding - since there is nothing be...
by jaclaz
Tue Nov 12, 2024 7:23 pm
Forum: Beginner Basics
Topic: Dual APN Question - Use a second APN for a specific device
Replies: 7
Views: 1031

Re: Dual APN Question - Use a second APN for a specific device

Let's go one by one. #1 If you try "/ip route print" in terminal, you will find that the routes you are getting (after a reboot) come from the DHCP client(s) and likely have a distance of 0 or 1 (i.e. they are "very near"). You can do two things (up to you to decide which one or ...
by jaclaz
Tue Nov 12, 2024 12:46 pm
Forum: RouterBOARD hardware
Topic: RB951Ui-2HnD port Running (R- flag) without cable connected to it
Replies: 5
Views: 576

Re: RB951Ui-2HnD port Running (R- flag) without cable connected to it

Maybe new package, but from the looks of the one in the picture not new devices. From the screenshot, ether4 transmits something but doesn't receive anything (and this could be - though I cannot imagine how - some false contact or the like mistaking an empty port for a connected one) but ether2 tran...
by jaclaz
Tue Nov 12, 2024 11:52 am
Forum: General
Topic: Firewall ports are open but replication wont work. Please help
Replies: 1
Views: 303

Re: Firewall ports are open but replication wont work. Please help

Hmmm. :? This: add action=accept chain=forward disabled=yes dst-address=192.168.13.145 in-interface= *11 out-interface=bridge1 while might not be related to the issue at hand (it is disabled so, not actually running), is a sign that the router config has been changed/edited the *11 (more generally a...
by jaclaz
Tue Nov 12, 2024 10:49 am
Forum: Beginner Basics
Topic: Set Up problem
Replies: 6
Views: 665

Re: Set Up problem

Vista specifically should not be an issue, there are generically some possible issues with netinstall under windows, connected to its firewall and/or - when doing it on a laptop - with services and programs installed by the manufacturer, but usually they lead to netinstall not seeing the router requ...
by jaclaz
Mon Nov 11, 2024 8:11 pm
Forum: Beginner Basics
Topic: Cant get Wireguard client to work
Replies: 50
Views: 3627

Re: Cant get Wireguard client to work

Should not be related, but:
/interface list member
add interface=bridge1 list=LAN
add interface=ether1 list=WAN
add interface=wireguard1 list=LAN

wireguard1 should be WAN conceptually.
by jaclaz
Mon Nov 11, 2024 6:07 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 994

Re: How does (my) firewalling/routing work? [SOLVED]

Yolks on me, much thanks!!!!
You are welcome :) , but you still have to correct the first three.
(I am worrying about people that may copy and paste these rules without critically checking them)
by jaclaz
Mon Nov 11, 2024 5:58 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 994

Re: How does (my) firewalling/routing work? [SOLVED]

anav, you probably have a typo, those "AUTHORIZED" and "DNS/port 53" rules should be on input chain, not forward, right? :?
by jaclaz
Mon Nov 11, 2024 2:49 pm
Forum: Beginner Basics
Topic: How does (my) firewalling/routing work? [SOLVED]
Replies: 14
Views: 994

Re: How does (my) firewalling/routing work? [SOLVED]

Only as a side note, your exported entries are just fine, "disabled=yes" is Mikrotik's way to explicit the enable state and your D marked lines sport "disabled=yes" just fine. The advised approach, as jvanhambelgium stated, is to have a set of explicit rules targeting the traffic...
by jaclaz
Mon Nov 11, 2024 1:12 pm
Forum: RouterBOARD hardware
Topic: Product idea: rack mountable PoE injector
Replies: 10
Views: 1074

Re: Product idea: rack mountable PoE injector

Active ones (802.3af/at) do exist, *like*:
https://www.newegg.com/p/3C6-001B-009D5?
by jaclaz
Mon Nov 11, 2024 11:12 am
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 1102

Re: Configuring wireless on wAP R from zero

I agree that the the firmware should be aligned to software :) , what I am not convinced of is to set it as automatic, since the software update is anyway advised as been done manually, I don't see how having the firmware set to automatic is "better", you have anyway to remember to reboot ...
by jaclaz
Mon Nov 11, 2024 10:47 am
Forum: Beginner Basics
Topic: Completely lost with regards to VLANs
Replies: 8
Views: 697

Re: Completely lost with regards to VLANs

The first rule is to not use VLAN 1 (it can be used but you should really know what you are doing), rename them to VLAN 10 and VLAN 20, to exclude possible issues that are very difficult to find and troubleshoot.

The complete guide is here:
viewtopic.php?t=143620
by jaclaz
Mon Nov 11, 2024 10:41 am
Forum: Scripting
Topic: "ip route find where' strange behavior
Replies: 10
Views: 812

Re: "ip route find where' strange behavior

I see, right idea, but wrong cat. :wink:
by jaclaz
Sun Nov 10, 2024 12:44 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 1102

Re: Configuring wireless on wAP R from zero

... although personally I use the later ... Couldn't that be called "preaching virtue but practicing vice"? :shock: :lol: Seriously, I have found at least one case where firmware upgrading caused issues (in an old 6.4x.yz version): https://forum.mikrotik.com/viewtopic.php?t=180096 It seem...
by jaclaz
Sun Nov 10, 2024 12:13 pm
Forum: Scripting
Topic: "ip route find where' strange behavior
Replies: 10
Views: 812

Re: "ip route find where' strange behavior

Maybe "routes" is a reserved variable name, try using "myroute" instead of "routes". And/or try with put instead of assigning the result to a variable. Also, you can probably remove the "where" (but that shouldn't change anything): https://forum.mikrotik.com/v...
by jaclaz
Sun Nov 10, 2024 11:20 am
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 1102

Re: Configuring wireless on wAP R from zero

Yes, limited to the routeboard firmware, automatic update is probably OK, still the usual advice is to have Routerboard firmware release "aligned" to the Ros (let's call it "software") version, so if setting the one, there is the risk to have it automatically be one or more versi...
by jaclaz
Sun Nov 10, 2024 2:28 am
Forum: Beginner Basics
Topic: Set Up problem
Replies: 6
Views: 665

Re: Set Up problem

Also, maybe It Is not your case, but before connecting a device to internet you should make sure to disable all services but Winbox and limit It to LAN interface(s), possibly changing its default port number. AND add a new user, give It full powers, and a strong password and remove or disable the de...
by jaclaz
Sun Nov 10, 2024 2:09 am
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 1102

Re: Configuring wireless on wAP R from zero

Please allow me to doubt the advice in #1, the good Mikrotik guys are not particularly cautious when tagging a release as "stable" and - if not common - it is far from unusual that in releases marked as stable (and thus subject of automatic updates) new or regression bugs appear. Of course...
by jaclaz
Sat Nov 09, 2024 8:07 pm
Forum: Wireless Networking
Topic: Half a Bridge Is NOT Better Than None!
Replies: 2
Views: 308

Re: Half a Bridge Is NOT Better Than None!

Only hurricane winds or heavy rain too?

JFYI, issues with water have been reported several times:
viewtopic.php?t=189614
by jaclaz
Thu Nov 07, 2024 11:21 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 250
Views: 29824

Re: wAP ax?

Well, access points on external walls seem to me a rather common need.

Anyway the coverage Is surely not 180 degrees, more like 120 or less.

On the other thread here:
viewtopic.php?t=212255
the shape of emissions is described with links to the FCC documentation.
by jaclaz
Thu Nov 07, 2024 11:14 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 3082

Re: wAP coverage -- picture included

maybe an option like mANTBox ax 15s can be considered, i know is not so cheap as the wAP but can be very useful https://mikrotik.com/product/mantbox_ax_15s Yep, but I think OP is already beyond the WAP, a Netmetal Ax (+antenna(s)) is going to cost much more. What is not clear (to me) is how wide th...
by jaclaz
Wed Nov 06, 2024 2:26 pm
Forum: General
Topic: Loopback interface sending DHCP broadcasts [SOLVED]
Replies: 7
Views: 676

Re: Loopback interface sending DHCP broadcasts [SOLVED]

... and it is Rule #4 of my Mikrotik Club Rules:
1) You do not use VLAN1
2) You DO NOT use VLAN1
3) You do not use Quickset
4) You do not use detect internet
5)....

If the good Mikrotik guys would remove it, I would need to change the list ... :lol:
by jaclaz
Wed Nov 06, 2024 12:11 pm
Forum: Wireless Networking
Topic: Cube 60ac Pro not connecting.
Replies: 2
Views: 369

Re: Cube 60ac Pro not connecting.

Unless you changed the original configuration, the Cube Pro original one has a static IP 192.168.88.3 or 192.168.88.2 on the ethernet port, it is not grabbing it from anywhere, so it sounds like the device is not booting properly, and - even if the IP is gone because the configuration is invalid - t...
by jaclaz
Wed Nov 06, 2024 12:00 pm
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 1392

Re: VLANs - there has to be a simpler way!

If I may, there are some inconsistencies in the actual question. There are seemingly two of them: 1) Is there a simple way to VLAN? 2) How can I have a Guest network? Answers: #1 No, it is a complex, advanced topic. #2 Yes, actually two ways, one at L3 level (tangent) and one at L2 level (original M...
by jaclaz
Tue Nov 05, 2024 11:44 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 3082

Re: wAP coverage -- picture included

They are not common, but they exist.
Example:
https://www.quwireless.com/product/qusector-7v-120-2
120 degrees, dual connector, mimo 2x2.
by jaclaz
Tue Nov 05, 2024 3:35 pm
Forum: Beginner Basics
Topic: Problem with failover to backup ISP [SOLVED]
Replies: 10
Views: 843

Re: Problem with failover to backup ISP [SOLVED]

And again /ip route print will show whether the routes are static or dynamic or if coming from the dhcp, etc..
by jaclaz
Tue Nov 05, 2024 11:05 am
Forum: Beginner Basics
Topic: Problem with failover to backup ISP [SOLVED]
Replies: 10
Views: 843

Re: Problem with failover to backup ISP [SOLVED]

Provide the output of /ip route print, twice, once when in the "normal" state and once when you have the ISP WAN cable detached, as it will be more clear what actually happens. As a side note, and JFYI, another possible approach (IMHO simpler): https://forum.mikrotik.com/viewtopic.php?t=19...
by jaclaz
Tue Nov 05, 2024 10:55 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 1392

Re: VLANs - there has to be a simpler way!

Just to be clear, this config only applies to the cAP? There's no additional config for the hEX? If not, the new firewall rules being added to the cAP won't affect the current set of rules on the hEX? Yes and no. Yes, the "tangent's way" only applies to the cAp, but no, the described appr...
by jaclaz
Tue Nov 05, 2024 1:23 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 1392

Re: VLANs - there has to be a simpler way!

What if I told you that you don't *need* a VLAN?

https://tangentsoft.com/mikrotik/wiki?n ... ns%20VLANs
by jaclaz
Mon Nov 04, 2024 11:35 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 845

Re: hAP ac2 - help me make it into a simple managed switch please

Ah, ok, I thought that mac-telnet was dependent on telnet service, good to know that it Is instead completely independent and thus must be restricted separately.
by jaclaz
Mon Nov 04, 2024 6:57 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 845

Re: hAP ac2 - help me make it into a simple managed switch please

Thank you :) , so one should go for the: https://help.mikrotik.com/docs/spaces/ROS/pages/328229/IP+Services way and disable services, to prevent access from anything but Winbox, then, if I get it right, the none in mac-server has in practice the same effect as disabling the telnet service, but this ...
by jaclaz
Mon Nov 04, 2024 5:56 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 3082

Re: wAP coverage -- picture included

No, the device comes without antennas. The photo on Mikrotik store is more explicit :wink: https://www.mikrotik-store.eu/media/images/org/L23UGSR-5HaxD2HaxD-NM-Beispielantennen_1.png The top cover has two passages so you would normally use two external antenna connected with a (short) piece of cable...
by jaclaz
Mon Nov 04, 2024 5:39 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 845

Re: hAP ac2 - help me make it into a simple managed switch please

I see now, that prevents telnet connections, thanks :) .(I wish the good Mikrotik guys had called it "/tool mac-server telnet") But the moment the device has an IP address one can still connect via browser/webfig? :? I.e. is there a need for a firewall rule *like*: /ip firewall filter add ...
by jaclaz
Mon Nov 04, 2024 2:09 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 3082

Re: wAP coverage -- picture included

@infabo Maybe we should rename to: CSS->CASS (Cloud Actually Switching Switch) and CRS->CARS (Cloud Almost Routing Switch) @flynno Maybe stupid question, but aren't the two HGO-antenna-OUT directly mounted too near to each other to do any good? I know it is even on Mikrotik official pictures: https:...
by jaclaz
Mon Nov 04, 2024 1:17 pm
Forum: Scripting
Topic: Voltage monitoring script not working in ROS v7
Replies: 4
Views: 784

Re: Voltage monitoring script not working in ROS v7

I think it is a matter of (double) quotes. The dot means "concatenate" (same as - to give you an example - & in Excel formulas), text and variable(s) needs to be separated. And seemingly you missed a closing round bracket (or maybe they are not needed. Your test: /tool e-mail send to=e...
by jaclaz
Mon Nov 04, 2024 12:58 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1877

Re: Not enough permissions? [SOLVED]

Bravo... Grazie. :) Though I am not convinced that my hypothesis holds, I think that attackers won't spend much time on a "difficult" device (unless of course it is a targeted attack) it is far easer for them go looking for another one, I presume that they go for the low-hanging fruits (t...
by jaclaz
Mon Nov 04, 2024 12:14 pm
Forum: Beginner Basics
Topic: hAP ac2 - help me make it into a simple managed switch please
Replies: 11
Views: 845

Re: hAP ac2 - help me make it into a simple managed switch please

@anav Now that the OP issue is solved, can we talk of the absolute minimum configuration? In my perverted mind it would be: /interface bridge add admin-mac=<tt:uu:vv:xx:yy:zz> admin-mac=no name=bridge1 /interface bridge port add bridge=bridge1 interface=all /ip dhcp client add disabled=no interface=...
by jaclaz
Mon Nov 04, 2024 11:48 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 3082

Re: wAP coverage -- picture included

In case you missed: this thread was about wAP and @Normis tried to explain that wAP (due to being wall AP) doesn't really have spherical radiation pattern. Well, we do have a drawing: https://fccid.io/TV7WAPGR52AX/Test-Report/Antenna-specification-7634095 I think we can define the pattern as "...
by jaclaz
Mon Nov 04, 2024 11:21 am
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax what Antenna Ports?
Replies: 2
Views: 847

Re: Chateau LTE18 ax what Antenna Ports?

Reading the manual would help: https://help.mikrotik.com/docs/spaces/UM/pages/141197416/Chateau+LTE18+ax the hint is here. Antenna usage SMA connectors are for LTE antennas. External antenna sockets are located on the back of the device. Device comes with connected wireless antennas, LTE antennas ar...
by jaclaz
Sun Nov 03, 2024 5:11 pm
Forum: RouterBOARD hardware
Topic: Support for external LTE antennas
Replies: 11
Views: 1318

Re: Support for external LTE antennas

They do sell this pigtail: https://mikrotik.com/product/acsmaufl Which should be a hint towards the DIY path, but if I get it right the U.fl connector(s) are on the actual modem card, so it can be applied to *any* of their LtE products. Example for the WAP ac LTE6: https://forum.mikrotik.com/viewtop...
by jaclaz
Sun Nov 03, 2024 2:50 pm
Forum: Wireless Networking
Topic: Connection lost when lease extended?
Replies: 16
Views: 1594

Re: Connection lost when lease extended?

If it is a new installation, it doesn't surprise me that much, it is not unusual that the settings need to be tweaked/tuned, these new devices have a lot of "delicate" settings. Only anecdotal data, and likely completely unrelated to your case, but not so long ago I had a largish Viessman ...
by jaclaz
Sun Nov 03, 2024 2:16 pm
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 12
Views: 915

Re: Separate internet while using 3 modems

Well, yes, firewall is the thing that might (or might not) allow the ports on the different subnets to talk to each other, so, it is about firewall. Not so sure about routing, in the sense that the routes (at IP level) should be autogenerated in the Mikrotik router, i.e. come out as DAC (dynamic, ac...
by jaclaz
Sun Nov 03, 2024 11:57 am
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 12
Views: 915

Re: Separate internet while using 3 modems

"Forcing" the internet access to the one or the other router (ether1/ether2/ether3) could be - I believe - done with routing rules based on source ports (ether4/ether5/ether6): https://help.mikrotik.com/docs/spaces/ROS/pages/59965508/Policy+Routing The other requirement (windows share acro...
by jaclaz
Sat Nov 02, 2024 8:54 pm
Forum: Beginner Basics
Topic: L009UiGS-2HaxD as WiFi Bridge?
Replies: 7
Views: 1268

Re: L009UiGS-2HaxD as WiFi Bridge?

No, different devices have (or have not) a number of quicksets (it seems like more recent ones have few of them that's why I asked if your L009 had it). It is not a bad thing in an absolute way, as quickset is known to be prone to cause issues, unless used "from clean" (and this piece of i...
by jaclaz
Sat Nov 02, 2024 4:59 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1877

Re: Not enough permissions? [SOLVED]

What we don't know (or at least I don't know) is what changes the attackers make to the router configuration, it is possible that they do not make any besides changing the permissions to user "admin" and adding the "system" one (of which they set the password to a complex one). I...
by jaclaz
Sat Nov 02, 2024 4:19 pm
Forum: Beginner Basics
Topic: Can Ping websites. No internet when trying to access
Replies: 4
Views: 509

Re: Can Ping websites. No internet when trying to access

Let's see how accurate is my crystal ball (I just got it back from the guy that tunes it, but sometimes he doesn't set it right ): a. User 1: J***** K******, commonly called "dad", age 48, Sagittarius User 2: F**** G******, commonly called "mom" age 47, Gemini User 3: R**** K****...
by jaclaz
Sat Nov 02, 2024 3:53 pm
Forum: Beginner Basics
Topic: L009UiGS-2HaxD as WiFi Bridge?
Replies: 7
Views: 1268

Re: L009UiGS-2HaxD as WiFi Bridge?

If I get it right you want to have your L009 in the garage as a "client[1]" to an Access Point that is in your home, right? Is the Access Point also a Mikrotik device or not? The WiFi standards do not really cover this usage, so different manufactures have worked around with different solu...
by jaclaz
Fri Nov 01, 2024 6:06 pm
Forum: Wireless Networking
Topic: Connection lost when lease extended?
Replies: 16
Views: 1594

Re: Connection lost when lease extended?

Side question, but do you really-really need DHCP client on the boiler?
I mean, if you don't go around with your access point (be it the ax or the ax2) the boiler should be pretty much static.
Cannot you set it to a static address and see if the disconnecitons continue or stop?
by jaclaz
Fri Nov 01, 2024 11:50 am
Forum: The Dude
Topic: Teltonika SMS gateway for notifikations
Replies: 3
Views: 525

Re: Teltonika SMS gateway for notifikations

No idea about the actual issue, but also the board parser seems to behave just like you describe, it "interrupts" the hyperlink on the first space (after the "The"). So it could be something similar. Try replacing the spaces with %20, a http URL must contain no spaces: https://fo...
by jaclaz
Fri Nov 01, 2024 11:14 am
Forum: Beginner Basics
Topic: Help with setting up my first Mikrotik
Replies: 5
Views: 583

Re: Help with setting up my first Mikrotik

From what I understand the default configuration is good enough in most cases, particularly, for an internet facing router, do not change the firewall rules until you have understood them[1] (which definitely will take some time) and make sure that interfaces are correctly categorized as LAN and WAN...
by jaclaz
Fri Nov 01, 2024 1:35 am
Forum: Wireless Networking
Topic: SXTsq 5ac as a PtP link - looking for suggestions for improvements
Replies: 8
Views: 1109

Re: SXTsq 5ac as a PtP link - looking for suggestions for improvements

Very interesting, thanks. All the tweaks you did make a lot of sense to me, what I find surprising Is the relevance of the positioning. 5 db difference in 10-15 cm displacement seems a lot, I wonder what the reason could be for such a dramatic change at such a short distance, I believed that there w...
by jaclaz
Thu Oct 31, 2024 4:47 pm
Forum: RouterBOARD hardware
Topic: Hap AX3 as an access point
Replies: 15
Views: 1760

Re: Hap AX3 as an access point

Is the power supply provided with the RB5009 sufficient? That is a 24V 1,5A power adapter. Yes and no (actually no and yes, but ...) :shock: . The power supply provided with the "PoE Out" version of the RB5009 (RB5009 UPr +S+IN ) is the 48V 2A: https://mikrotik.com/product/48v2a96w so it ...
by jaclaz
Thu Oct 31, 2024 2:02 pm
Forum: General
Topic: Small bug in DHCP Relay settings 6.49.17 [SOLVED]
Replies: 2
Views: 353

Re: Small bug in DHCP Relay settings 6.49.17 [SOLVED]

Ah, OK :) , I tried again (started from scratch after a reset with no default configuration to be sure) and you are right, though the "logic" is inverted, I can confirm that now it works as you described, then it was only a false alarm, sorry :oops: I wonder how it could have happened yest...
by jaclaz
Thu Oct 31, 2024 11:58 am
Forum: General
Topic: Small bug in DHCP Relay settings 6.49.17 [SOLVED]
Replies: 2
Views: 353

Small bug in DHCP Relay settings 6.49.17 [SOLVED]

While doing some "crazy" experiments on a hap lite running 6.49.17 I happened to find a "strange" thing related to the /ip dhcp-relay. I tried adding a dhcp relay: /ip dhcp-relay add dhcp-server=192.168.1.151 interface=bridge1 name=relay1 ok. The I tried adding a second one, and ...
by jaclaz
Thu Oct 31, 2024 11:18 am
Forum: Beginner Basics
Topic: POE Questions
Replies: 9
Views: 767

Re: POE Questions

Good (all is well that ends well). :) The 8.9 W (183 mA@48.9V) that you see on the RB5009 is what I would have expected for a device that is essentially a media converter/modem, but even if you add to it the wireless (and that is enough to have the Mikrotik freak out) the added draw for the radio(s)...
by jaclaz
Thu Oct 31, 2024 10:47 am
Forum: RouterBOARD hardware
Topic: Hap AX3 as an access point
Replies: 15
Views: 1760

Re: Hap AX3 as an access point

Not that it anywhere documented properly, but the RB5009UPr+S+IN should be compatible with BOTH 802.3af/at (the latter limited to 440 mA) AND with the "old" Mikrotik passive power @24V. If you power the RB5009 at 24V (by either passive PoE or jack/terminal) it will output 24V (Passive PoE ...
by jaclaz
Wed Oct 30, 2024 7:40 pm
Forum: Wireless Networking
Topic: SXTsq 5ac as a PtP link - looking for suggestions for improvements
Replies: 8
Views: 1109

Re: SXTsq 5ac as a PtP link - looking for suggestions for improvements

Contacted LinITX.com and they helped me tweak the settings on both APs. Now I am getting solid 400-500Mbps link between the aerials and I am very happy with the bridge! And, unless they are a trade secrets, can you share these tweaks? (I am assuming that they are "generic good practice" t...
by jaclaz
Wed Oct 30, 2024 7:25 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1877

Re: Not enough permissions? [SOLVED]

Check the users you have. A normal Mikrotik (default) has only "admin" as user (and it is generally recommended to change the name to something else). There are botnets that try to accesa Mikrotik devices and if they succeed, they remove permissions from "admin" and add a user &q...
by jaclaz
Wed Oct 30, 2024 4:38 pm
Forum: Beginner Basics
Topic: POE Questions
Replies: 9
Views: 767

Re: POE Questions

But your splitter is one with the conversion at 12V? It is entirely possible that the "default" power supply is oversized ( and by turning off the radio surely you reduced the power needed). As well it is possible that a device provided with a 12V supply actually accepts a much wider range...
by jaclaz
Wed Oct 30, 2024 11:50 am
Forum: General
Topic: WireGuard link on 7.15 gets stuck after peer was down, a ping or cycling the peer will unstuck it [SOLVED]
Replies: 16
Views: 4216

Re: WireGuard link on 7.15 gets stuck after peer was down, a ping or cycling the peer will unstuck it [SOLVED]

You could experiment with the Mikrotik Cloud service: https://help.mikrotik.com/docs/spaces/ROS/pages/97779929/Cloud#Cloud-Updatetime no idea how fast it is (and whether its uptime is reliable enough). From the little experience I have with NTP, the time it takes to sync is "random", somet...
by jaclaz
Wed Oct 30, 2024 11:30 am
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 4052

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

It seems just fine to me :) in the sense that it should work, but is not really what I suggested. The idea was that the manual addresses given to the Mikrotik interfaces should be outside the range of the addresses the DHCP of the ISP and LTE would lease, so that when/if you connect additionally ano...
by jaclaz
Wed Oct 30, 2024 1:25 am
Forum: Beginner Basics
Topic: Brand new CRS-305-1G-4S+-IN, login doesn't work
Replies: 12
Views: 2520

Re: Brand new CRS-305-1G-4S+-IN, login doesn't work

New passwords do not contain those characters anymore.
Sure, but how do you know whether the device ericmason64 is having issues with has an "old style" or a "new style" password?
by jaclaz
Tue Oct 29, 2024 11:04 pm
Forum: Beginner Basics
Topic: Brand new CRS-305-1G-4S+-IN, login doesn't work
Replies: 12
Views: 2520

Re: Brand new CRS-305-1G-4S+-IN, login doesn't work

Be very aware of possible ambiguous characters like oO0, Il1, G6, B8, S5, Z2, the password Is usually written in tiny characters in a not particularly readable font.
by jaclaz
Tue Oct 29, 2024 10:52 pm
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 4052

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

Of course It depends, but usually DHCP servers (in *any* device) are pre- configured to not cover the whole address space of the network. As an example, Mikrotik devices are usually configured (defconf) for addresses 192.168.88.10 to 192.168.88.254, while keeping for itself 192.168.88.1. (the wirele...
by jaclaz
Tue Oct 29, 2024 8:06 pm
Forum: Beginner Basics
Topic: POE Questions
Replies: 9
Views: 767

Re: POE Questions

It looks a lot like an Altice UBC1326 (AA00) made by UBEE in Vietnam. I thought that our good guys at italian TIM/Telecom were good at re-branding/re-naming routers in the most confusing manner possible :shock: , but it seems like the french SFR people are even better at it :lol: . Check here: https...
by jaclaz
Tue Oct 29, 2024 4:35 pm
Forum: General
Topic: RouterOS x86, no support for Chelsio T540 VF? [SOLVED]
Replies: 47
Views: 2603

Re: RouterOS x86, no support for Chelsio T540 VF? [SOLVED]

Maybe it is just a case of serendipity, one of the good Mikrotik developers had this driver/fix/whatever ready in his drawer but never found the time/opportunity to add it to ROS, and crosswind's request just triggered the mechanism that allowed adding it to the next release. About the UEFI booting ...
by jaclaz
Tue Oct 29, 2024 4:16 pm
Forum: Beginner Basics
Topic: POE Questions
Replies: 9
Views: 767

Re: POE Questions

Post the exact model of that ISP box, maybe specs can be found. Loosely, if the replacement power supply is @12V, it seems like it wants 12V (or maybe 24V) while the Mikrotik will output PoE at the highest available power source (in your case only the default power brick @48V). The PoE splitter that...
by jaclaz
Tue Oct 29, 2024 12:46 pm
Forum: Wireless Networking
Topic: Best hardware for indoor extension of high speed wireless connection
Replies: 6
Views: 721

Re: Best hardware for indoor extension of high speed wireless connection

I see, in historical buildings - besides the (high) costs - the paperwork/authorizations are usually an issue (please read as "huge PITA").. It is strange how each country has different (besides standards) local uses when it comes to wiring. When I was living in Germany for a short period ...
by jaclaz
Tue Oct 29, 2024 2:24 am
Forum: Wireless Networking
Topic: Mikrotik hAP ax2 as a media bridge, versus other options (Mikrotik models or others)
Replies: 4
Views: 885

Re: Mikrotik hAP ax2 as a media bridge, versus other options (Mikrotik models or others)

Unlike what one could imagine from intuition a higher antenna gain is not necessarily correlated with "better" or "faster" connection. If norms are followed, there is a limit in the output power of the device (tramission), It depends on the device, but if the limit on a given cha...
by jaclaz
Tue Oct 29, 2024 2:13 am
Forum: Wireless Networking
Topic: RF Characteristics of hAP AC Lite
Replies: 8
Views: 580

Re: RF Characteristics of hAP AC Lite

Well, if 2.4GHz only is needed, maybe the Ax Lite should be considered.
by jaclaz
Tue Oct 29, 2024 1:18 am
Forum: General
Topic: RouterOS x86, no support for Chelsio T540 VF? [SOLVED]
Replies: 47
Views: 2603

Re: RouterOS x86, no support for Chelsio T540 VF? [SOLVED]

how is it possible for someone to get a "Forum Guru" tag while being so confidently and completely wrong about something like this? No correlation, JFYI. As an example, I got mine automatically when reaching a certain number of posts, the tag is independent from my knowledge or how much a...
by jaclaz
Mon Oct 28, 2024 2:53 pm
Forum: Wireless Networking
Topic: Mikrotik hAP ax2 as a media bridge, versus other options (Mikrotik models or others)
Replies: 4
Views: 885

Re: Mikrotik hAP ax2 as a media bridge, versus other options (Mikrotik models or others)

If the "source" is "slow" it is not like having an AX device will make it faster, from what you write, an AC Lite TC seems like a good bet:
https://mikrotik.com/product/RB952Ui-5ac2nD-TC
by jaclaz
Mon Oct 28, 2024 2:31 pm
Forum: Wireless Networking
Topic: RF Characteristics of hAP AC Lite
Replies: 8
Views: 580

Re: RF Characteristics of hAP AC Lite

Here is a (better) photo of the AC Lite TC. The board seems identical, and definitely in one corner (now top left on this photo) there are two PCB antennas on two contiguous sides, so at 90°: https://nanoteh.md/en/quickview/9858 https://6e616e6f7465680a.ultracdn.net/radix/img/items/20210219/11/602f8...
by jaclaz
Mon Oct 28, 2024 2:17 pm
Forum: RouterBOARD hardware
Topic: Replacement rack ear screws
Replies: 4
Views: 566

Re: Replacement rack ear screws

A fellow forum user @arnd did measurements and posted results in this post . I strongly believe that all MT rack-mountable devices use same type of "ear mounting" screws... But I don't fully trust that piece of info because of this post (about the 4011 that has a different way to mount ea...
by jaclaz
Mon Oct 28, 2024 1:15 pm
Forum: Wireless Networking
Topic: RF Characteristics of hAP AC Lite
Replies: 8
Views: 580

Re: RF Characteristics of hAP AC Lite

Here is a maybe better description: https://www.arednmesh.org/comment/10459#comment-10459 One connector is definitely in the left hand corner, but you are right, the other two are on the opposite side of the PCB. In any case the thingy seems intended to stay flat, not vertical, at least in the inten...
by jaclaz
Mon Oct 28, 2024 12:57 pm
Forum: RouterBOARD hardware
Topic: Replacement rack ear screws
Replies: 4
Views: 566

Re: Replacement rack ear screws

Can you check the measure of the hole and the thickness of the ear? The screws should be either M4 8 mm length, or M3 6 mm, but if they are a couple mm longer it shouldn't be an issue. Or you can get a suitable kit on (say) Amazon, example: https://www.amazon.com/SZHKM-480pcs-Assortment-Stainless-As...
by jaclaz
Mon Oct 28, 2024 11:09 am
Forum: Wireless Networking
Topic: RF Characteristics of hAP AC Lite
Replies: 8
Views: 580

Re: RF Characteristics of hAP AC Lite

Look if you can find some data on the FCC documents: https://fccid.io/TV7RB952-5AC2ND In the internal photo: https://fccid.io/TV7RB952-5AC2ND/Internal-Photos/Internal-Photos-3088357 the two antennas are the two dark blocks in bottom left corner, they should be omnidirectional thus emissions should h...
by jaclaz
Mon Oct 28, 2024 10:48 am
Forum: Wireless Networking
Topic: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates
Replies: 8
Views: 1402

Re: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates

Yep, I understand, but due to the way Mikrotik creates the updates (since they "mix" bug fixes with new features) just updating because a new version came out can actually be less safe. :shock: The same new feature that creates the instability (whatever it is) may well - for all we know - ...
by jaclaz
Sun Oct 27, 2024 8:06 pm
Forum: Wireless Networking
Topic: Best hardware for indoor extension of high speed wireless connection
Replies: 6
Views: 721

Re: Best hardware for indoor extension of high speed wireless connection

Coax cables (of course it depends on the exact type and on the actual conditions they are in) can actually be very fast, up to 2.5 Gb in theory, but the quality of the cables matters, I think that realistically something around 1 GB can be achieved on *any* coaxial cable. MoCA adapters/converters ca...
by jaclaz
Sun Oct 27, 2024 5:49 pm
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

Well, RouiterOS 7 (on a beefy enough device, such as a RB5009, but given the slow internet connection also an Ax2/3 might do, cannot say) can run containers, including Pi-hole and Adguard.

No idea how complex (or simple) it is to run one.
by jaclaz
Sun Oct 27, 2024 2:30 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 143
Views: 17526

Re: hap ax3 random wireless disconnects

7.15 patch notes include wifi-qcom driver update.
I thought that the issues were caused mainly by that driver update :shock: , it doesn't sound like a desired new functionality ... :lol:
by jaclaz
Sun Oct 27, 2024 2:10 pm
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 4052

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

@KiwiBloke I believe the question is up for debate, and possible answers to it can be different depending on use and hardware involved, some devices (ISP router and LTE modem router) might have very good built-in firewalls or may have not any. If we take for granted that the Mikrotik firewall is the...
by jaclaz
Sun Oct 27, 2024 10:14 am
Forum: Scripting
Topic: Script for CENTRAL-BACKUPS
Replies: 3
Views: 490

Re: Script for CENTRAL-BACKUPS

Only to clear how it seems like we ( baragoon, rextended and myself) are a bunch of crazy guys there was an initial post by user andreacar: https://forum.mikrotik.com/memberlist.php?mode=viewprofile&u=225916 promoting an article on his blog: https://andreacaracciolo.it/2024/10/26/mikrotik-centra...
by jaclaz
Sun Oct 27, 2024 9:59 am
Forum: Beginner Basics
Topic: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]
Replies: 60
Views: 4052

Re: Secondary WAN and failover setup hap ax2 (7.16) for a beginner [SOLVED]

Rethinking about it, I think this is "normal" (and had to be expected) due to the dynamic nature of the setup. It should be tested/checked, but this is what I believe it is happening: 1) Since the route to the LTE is created by the LTE modem DHCP, when you turn it off it simply disappears ...
by jaclaz
Sun Oct 27, 2024 9:38 am
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

I would probably go with two L009 since they are switches with SFP Hmmm. You must have missed the memo about the "on the cheap" requirement :wink: , you go to the OP parents telling them how it is much better to spend 2x119$=238$ instead of 2x40=80$ to be able to switch at 1352.09 Mbps (i...
by jaclaz
Sat Oct 26, 2024 8:14 pm
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

Or you could do with a couple of these:
https://www.crxconec.com/en/product/CC-10-00026.html

You can find them as Intellinet IWP-BOX SC-6 or EAN : 4049759111489, at least here they can be found for 7/10 €/each.
by jaclaz
Sat Oct 26, 2024 7:51 pm
Forum: Scripting
Topic: Script for CENTRAL-BACKUPS
Replies: 3
Views: 490

Re: Script for CENTRAL-BACKUPS

I can translate the "article" easily, in one sentence: Here is a video about it: https://www.youtube.com/watch?v=YRscjpVouXA No subtitles, nice (tiny) quad Winbox screenshots. Maybe someone with a huge screen, putting youtube fullscreen, may be able to read something in it. BTW the site re...
by jaclaz
Sat Oct 26, 2024 6:18 pm
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

Yep, as I see it, if you go down the rack avenue go down it in full (and it has a steep price), otherwise either have long cables from the wall or use wall plates on a box, and keystones all the way. The Hex/hexS/hex refresh are not "rack mountable", the RB5009 or the L009 (say) and higher...
by jaclaz
Sat Oct 26, 2024 12:37 pm
Forum: General
Topic: How to block YouTube effectively
Replies: 44
Views: 18427

Re: How to block YouTube effectively

"you get internet on your workplace and you are not allowed to use it to stream youtube for background music and video, if we find you doing that you are fired on the spot". Then you don't have to worry about site blocking anymore. https://www.imdb.com/title/tt0079470/quotes/?item=qt04719...
by jaclaz
Sat Oct 26, 2024 12:01 pm
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

Yep, but don't take me as an example of "clean", "neat" cables architect. As long as something works, it is enough for me (I know people that buy patch cables with a given colour because they fit better in the environment). I like orange cables, they give you a sense of calm urge...
by jaclaz
Sat Oct 26, 2024 11:33 am
Forum: Wireless Networking
Topic: Connect to Hotel Wifi
Replies: 21
Views: 2670

Re: Connect to Hotel Wifi

It is strange, "consumer" devices all have a basic default configuration (including firewall) AFAIK (all with comment "defconf"). Typical default firewall set (it may depend on the exact version of RouterOS yoiu are running, these come from 6.48.6) /ip firewall filter add action=...
by jaclaz
Sat Oct 26, 2024 2:55 am
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

Well, a wall plate Is 11$, a patch panel has at least 4 connector and It Is more around 70$, if you don't see the difference, your parents surely will. :roll: :wink: But yes, if you are going to make anyway a panel (why?[1]) you can add a fiber keystone to It. [1] I mean, you are not going to put to...
by jaclaz
Sat Oct 26, 2024 2:32 am
Forum: General
Topic: RouterOS x86, no support for Chelsio T540 VF? [SOLVED]
Replies: 47
Views: 2603

Re: RouterOS x86, no support for Chelsio T540 VF? [SOLVED]

Amm0 has a dedicated GitHub repository with the updated scripts/mods, AND pre-made corrected images, see here: https://forum.mikrotik.com/viewtopic.php?t=184254 https://github.com/tikoci/fat-chr/releases You can try one of the pre-made images. There are no issues when updating, once an image works i...
by jaclaz
Fri Oct 25, 2024 11:43 pm
Forum: Wireless Networking
Topic: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates
Replies: 8
Views: 1402

Re: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates

If I may, a meta-question. Why (the heck) are most people here on the forum obsessed with updating? Besides the obvious mistakes the good Mikrotik guys insist on making, pushing out new versions without appropriate testing, and mixing all together, without even an attempt to prioritize them, new fea...
by jaclaz
Fri Oct 25, 2024 11:15 pm
Forum: General
Topic: RouterOS 7 WAN failover -- ARP?
Replies: 11
Views: 715

Re: RouterOS 7 WAN failover -- ARP?

I have no idea how easy It was in v6, but It can be fairly easy in v7.

JFYI:
viewtopic.php?t=198999
by jaclaz
Fri Oct 25, 2024 8:36 pm
Forum: Beginner Basics
Topic: so I can use cAP ax as my router?!?! [SOLVED]
Replies: 9
Views: 952

Re: so I can use cAP ax as my router?!?! [SOLVED]

The "efficiently" depends on the Mikrotik device involved, the mentioned map lite is barely capable of routing 100 Mbps (but it is a 3.5 W device) a Cap AX is rather capable and should top at around 1 Gbps (but it is 11 W). Even if you can, it doesn't mean you should, an hap Ax2 is a more ...
by jaclaz
Fri Oct 25, 2024 8:04 pm
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

Well, if you hadn't this "fiber opportunity", anyone would have advised you a CAT6 cable, 1 Gb speed. With the two RB260GS, you need (for single mode fiber) two of these: https://mikrotik.com/product/S-31DLC20D-181 and thus get a 1.25 Gb connection. A camera feed may be what 10-15 Mbps? Hi...
by jaclaz
Fri Oct 25, 2024 7:02 pm
Forum: Beginner Basics
Topic: Can POE be "daisy chained" ?
Replies: 1
Views: 338

Re: Can POE be "daisy chained" ?

Yes and no, mostly no. CSS610-8P-2S+IN PoE-out Details PoE-out ports Ether1-Ether8 PoE out 802.3af/at Max out per port output (input 18-30 V) 1000 mA Max out per port output (input 30-57 V) 625 mA Total output power 140 CRS112-8P-4S-IN Powering Details Number of DC inputs 2 (DC jack) DC jack input V...
by jaclaz
Fri Oct 25, 2024 4:00 pm
Forum: RouterBOARD hardware
Topic: Recommend router and switch connected with private fiber
Replies: 38
Views: 3115

Re: Recommend router and switch connected with private fiber

If you are on the cheap, you can get away with two RB260GS'. one on each side of the 250 feet fiber, list price 2x$39.95. The "main" router (in the house), for the low speeds you are going to get from the ISP, could be an Ax2 or Ax3 (99-139$) and you would save one AP. Or even an Ax Lite (...
by jaclaz
Thu Oct 24, 2024 7:00 pm
Forum: Wireless Networking
Topic: Best hardware for indoor extension of high speed wireless connection
Replies: 6
Views: 721

Re: Best hardware for indoor extension of high speed wireless connection

How are the coaxial cables laid?

Fiber is really thin (much thinner than a coaxial cable (or any ethernet > CAT3 cable), and can normally replace old cables in *any* conduit/paasage/hole, the only thing one needs to be careful with is small (very small) radius curves.
by jaclaz
Thu Oct 24, 2024 3:08 pm
Forum: Wireless Networking
Topic: Poor Wi-Fi range on cAP AX
Replies: 15
Views: 1298

Re: Poor Wi-Fi range on cAP AX

I don't see any AX3 falling from the ceiling ... I got a couple hanging upside down (also AC3, exact same enclosure). That plastic foot is designed to be used for it. Vertical mount on desk, horizontal mount on desk but also wall mount and ceiling mount . Interesting. :roll: Instead of a large blac...
by jaclaz
Thu Oct 24, 2024 12:45 pm
Forum: Wireless Networking
Topic: Poor Wi-Fi range on cAP AX
Replies: 15
Views: 1298

Re: Poor Wi-Fi range on cAP AX

Of course I will drill the housing and on the end they will be outside and I will have kind of white & black spider on the wall. Naaah, you don't want that HGO antenna, besides it being black, it has not the hinge at the bottom, they are straight to the connector only. You can get a (white) thi...
by jaclaz
Thu Oct 24, 2024 10:57 am
Forum: RouterBOARD hardware
Topic: rbwsAP-5hac2nd discontinued
Replies: 5
Views: 4318

Re: rbwsAP-5hac2nd discontinued

The newish Wap Ax may be suitable, without the base/support it can be wall mounted and it is small enough to be unobtrusive:

viewtopic.php?t=196813
https://www.wifihw.cz/img.asp?attid=3848208
by jaclaz
Wed Oct 23, 2024 8:20 pm
Forum: General
Topic: hAC ax2 Mode Button To Power Off and Power On when pressed? [SOLVED]
Replies: 5
Views: 515

Re: hAC ax2 Mode Button To Power Off and Power On when pressed? [SOLVED]

Don't unplug/replug, and certainly don't make your parents do that. Buy an extension cable with a switch (with light) and a surge protector. mkx is very correct in describing the best possible approach, but it must be convenient for the user. I can imagine (old) parents unplugging, but I have diffic...
by jaclaz
Wed Oct 23, 2024 4:16 pm
Forum: Beginner Basics
Topic: Auto Failover 2 ISP SAME Ip Range
Replies: 1
Views: 356

Re: Auto Failover 2 ISP SAME Ip Range

Well, you have the same IP range, but different IP addresses 192.168.3. 3 and 192.168.3. 4 , so it is nothing "special", it is a normal situation with two distinct gateways. The only issue may be if one of the two gateways is also a DHCP server, if that device goes down you will have troub...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 7