Community discussions

MikroTik App

Search found 2096 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7
by jaclaz
Sat Jan 18, 2025 2:25 pm
Forum: Beginner Basics
Topic: Help with routing Internet through a RB5009UG router....
Replies: 4
Views: 852

Re: Help with routing Internet through a RB5009UG router....

There is some confusion in your configuration. You should start by using the "normal" default firewall settings, but first fix the following otherwise your ether8 won't have correct access: /interface list add name=WAN add name=LAN /interface list member add interface="sfpplus1-(INTER...
by jaclaz
Sat Jan 18, 2025 1:00 pm
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 75
Views: 15938

Re: Router OS 7 on UEFI

The gdisk analysis of that image is fine, (no problems found). It is a MBR/GPT hybrid, the data in both the partition tables is correct. The first partition is (correctly for UEFI booting) a FAT filesystem. All sizes are ALREADY megabyte aligned BUT there is something strange (at least on my Windows...
by jaclaz
Sat Jan 18, 2025 1:22 am
Forum: Forwarding Protocols
Topic: How to connect WAN directly to some port, bypassing NAT
Replies: 11
Views: 1164

Re: How to connect WAN directly to some port, bypassing NAT

So It Is what rextended posted : Put a switch on the WAN and attach the gateway WANs to it ... If we can abstract for a moment from the fact that having more than one bridge on a single Mikrotik device Is usually not advised, you could have: bridgeWAN with ether1 and ether2 in it and bridgeLAN with ...
by jaclaz
Sat Jan 18, 2025 12:55 am
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 75
Views: 15938

Re: Router OS 7 on UEFI

No idea on the peculiarities (if any) of ARM architecture, but on x86/x64 there Is no differences whatsoever among the various interfaces/buses (like ide/sata/scsi). There are two partitioning styles, i.e. MBR and GPT, and that's It. Then there Is the issue (for UEFI) of the accessibility of the fir...
by jaclaz
Fri Jan 17, 2025 11:59 pm
Forum: General
Topic: Can mikrotik be a web-server with one only simple static web page?
Replies: 1
Views: 200

Re: Can mikrotik be a web-server with one only simple static web page?

I believe that it Is possible to (ab-) use the hotspot/captive portal features. Particularly if - as in your case - you can redirect to a specific url and if the Mikrotik device isn't the gateway (or Is It?). I was thinking of something similar a few day ago, but in my intended case the issue Is con...
by jaclaz
Fri Jan 17, 2025 8:58 pm
Forum: Beginner Basics
Topic: fiber link between rb5009 and crs318 ramdomly down
Replies: 2
Views: 226

Re: fiber link between rb5009 and crs318 ramdomly down

If it's normal, can someone give me a hand and create a script that pings from rb5009 to crs318 and if fails disable / enable sfp interface... Personally I don't think it is normal, but if the crs318 has an IP address, you could use netwatch for the check. https://help.mikrotik.com/docs/spaces/ROS/...
by jaclaz
Mon Jan 13, 2025 11:50 pm
Forum: RouterBOARD hardware
Topic: wAP AX Range (sqft/sqm)?
Replies: 3
Views: 529

Re: wAP AX Range (sqft/sqm)?

And I would add also where the cat6 sockets are located, if on the ceiling of a central room the wAP is not so suitable as it Is not omnidirectional and a cAP (or another manufacturers ceiling AP) would be more suitable. That Is if the floor plan Is roughly a square, if It Is long and narrow it's an...
by jaclaz
Mon Jan 13, 2025 8:52 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 692

Re: Automation Gateway With Mikrotik [SOLVED]

The 951/mipsbe will work with wireguard on Ros 7.x, the issue is working around your apparent lack of a public address.
by jaclaz
Mon Jan 13, 2025 8:41 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 692

Re: Automation Gateway With Mikrotik [SOLVED]

An ax-lite or hex refresh is 60 bucks or so, try converting that in minutes/hours/days :shock: (depending on where you are located) of engineer time, + minutes/hours/days of industrial machine production margin, usually (not always, but often enough) bosses are sensible to this way to present them t...
by jaclaz
Mon Jan 13, 2025 8:20 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 692

Re: Automation Gateway With Mikrotik [SOLVED]

Wireguard?

https://help.mikrotik.com/docs/spaces/R ... /WireGuard

It should run just fine (with a low bandwidth, but surely you don't need speed) on your 951, updated to v7.x RoS:
viewtopic.php?t=197824
by jaclaz
Mon Jan 13, 2025 5:57 pm
Forum: Beginner Basics
Topic: From Quick Setup Bridge Mode to simple Firewall Rule
Replies: 26
Views: 4000

Re: From Quick Setup Bridge Mode to simple Firewall Rule

Hello, would you please provide an updated reference? "In that case you simply need this guidance - https://forum.mikrotik.com/viewtopic.php?t=182276", the link is not working Could you please provide a solution based on the attached config? Thank you Wayback Machine to the rescue: https:...
by jaclaz
Mon Jan 13, 2025 5:38 pm
Forum: General
Topic: Voltage logging
Replies: 1
Views: 261

Re: Voltage logging

You can put together a script. As an example combining this: https://forum.mikrotik.com/viewtopic.php?t=198614 with this: https://forum.mikrotik.com/viewtopic.php?t=189253 Or - way easier if you are not into scripting, try splunk: https://forum.mikrotik.com/viewtopic.php?t=179960 you can have someth...
by jaclaz
Mon Jan 13, 2025 4:04 pm
Forum: Beginner Basics
Topic: WiFi Station to Ethernet Port
Replies: 6
Views: 617

Re: WiFi Station to Ethernet Port

I don't understand how it can connect to your Wi-Fi access point as there is no station (or station-bridge or station-pseudobridge) mode set in /interface wireless and without wpa and wpa2-pre-shared-key (maybe these latter are not shown without the show sensitive, as in /export show-sensitive, but ...
by jaclaz
Mon Jan 13, 2025 12:48 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 784

Re: Is there a simple way to hang a virtual "Out of order" sign?

Well,. at least we tried. Re-searching I found this thread https://forum.mikrotik.com/viewtopic.php?t=136510 where sindy was (as he always is) clear: https://forum.mikrotik.com/viewtopic.php?t=136510#p672515 So I re-asked an already asked and replied to question, my bad. :oops: It remains (IMHO) a p...
by jaclaz
Sun Jan 12, 2025 6:32 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 784

Re: Is there a simple way to hang a virtual "Out of order" sign?

Yep, but this would assume that the LAN is all DHCP clients (which isn't right now) but even if I changed it to becoming dynamic (possibly needing a few machines to have static assignments via MAC), I would need this "temporary replacement device" to replicate the same DHCP server settings...
by jaclaz
Sun Jan 12, 2025 5:51 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 36977

Re: wAP ax?

For *some reasons* the US site specification page: https://www.tp-link.com/us/business-networking/omada-sdn-access-point/omada-eap770/#specifications does not show power requirements. The Italian site does: https://www.tp-link.com/it/business-networking/omada-wifi-wifi7/eap770/ EU: 24.05 W (802.3bt,...
by jaclaz
Sun Jan 12, 2025 5:29 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 784

Re: Is there a simple way to hang a virtual "Out of order" sign?

Or even older foot messengers ... :lol:
by jaclaz
Sun Jan 12, 2025 5:03 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 784

Re: Is there a simple way to hang a virtual "Out of order" sign?

All employees have a cell phone...... Send mass text message - internet out restoration time est XX:XX Hrs. I see from your reply how you have a vast experience of (graciously) managing personnel in activities that run 24/7 (please read shifts) and that your employees at home or in vacation simply ...
by jaclaz
Sun Jan 12, 2025 4:46 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 784

Re: Is there a simple way to hang a virtual "Out of order" sign?

I understand now, you are proposing a "captive portal" that leads to nowhere, I was tricked by the word "hotspot" that I instinctively connected with "Wi-FI stuff", almost any tutorial/example I had seen was about the /ip hotspot assigned on wlan1, but of course it can ...
by jaclaz
Sat Jan 11, 2025 8:18 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 784

Re: Is there a simple way to hang a virtual "Out of order" sign?

Yes, I had in mind a possible re-use for one old hap Lite I have around, but I have also a couple (still old) thin clients I am not using, so a minimal Linux with a web server would also be possible. But using hotspot would catch only wi-fi users, and anyway the half-lease time would be too long. An...
by jaclaz
Sat Jan 11, 2025 6:59 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 784

Is there a simple way to hang a virtual "Out of order" sign?

As the thread title says. Maybe it is a stupid question, and it is a non-problem, still I would be curious to know if something like this exists and/or there is some other "common practice" or similar thing. When you do a maintenance intervention on - say - elevators, you put a sign "...
by jaclaz
Sat Jan 11, 2025 4:38 pm
Forum: Beginner Basics
Topic: Auto Redirect IP with Port [SOLVED]
Replies: 6
Views: 611

Re: Auto Redirect IP with Port [SOLVED]

Well, if we assume that the final desired result is: a. type the destination IP address in the browser without specifying port b. *somehow* connect the browser on a specific port of the specific destination IP address a dstnat port remapping seems like a possible solution, it should be something *li...
by jaclaz
Sat Jan 11, 2025 12:27 pm
Forum: Beginner Basics
Topic: Passive Bridge with Firewall
Replies: 2
Views: 360

Re: Passive Bridge with Firewall

This topic:
viewtopic.php?t=185541

seems to me very similar, maybe you can get some ideas/approaches from that one.
by jaclaz
Sat Jan 11, 2025 11:30 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 2519

Re: old configs don't work [SOLVED]

Good. :) Now that you have the general idea/basic setup working, you should check the post by Sindy right after that: https://forum.mikrotik.com/viewtopic.php?p=1110759#p1111163 as his version is more elegant, and compare with the "final" version on the other already mentioned thread: http...
by jaclaz
Fri Jan 10, 2025 11:48 pm
Forum: General
Topic: PoE-out with Mode A [SOLVED]
Replies: 4
Views: 431

Re: PoE-out with Mode A [SOLVED]

Naah, the Planet one Is generally available, but It Is not cheap, example:
https://www.digitx.it/codice/c-poe_e201 ... od-115326/
70 €!
Of course if you are wasting investing the awful amount of money a Doorbird costs, It could be fine.
by jaclaz
Fri Jan 10, 2025 11:16 pm
Forum: General
Topic: PoE-out with Mode A [SOLVED]
Replies: 4
Views: 431

Re: PoE-out with Mode A [SOLVED]

Doorbird is a strange Beast. It declares 802.3af Mode A, which Is against the specs, as 802.3af PD's should be compatibile with BOTH mode A and mode B. Anyway, the question is which specific devices we are talking of, both the Mikrotik and the Doorbird. If the interfaces are 10/100 It Is relatively ...
by jaclaz
Fri Jan 10, 2025 8:18 pm
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 899

Re: Wireguard config help

Well it gets to 172.20.10.1 (and stops there) . What is that address? Your network gateway? I don't really understand how it even gets there without a route (I was suspecting a ping error of "no route to host".). Anyway, post the output of: /ip address print and of /ip route print so that ...
by jaclaz
Fri Jan 10, 2025 8:05 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1440

Re: 4G/LTE router with Dual SIM [SOLVED]

Well, also the Teltonika RUTX12:
https://teltonika-networks.com/products/routers/rutx12
nice thingy, not exactly cheap.
by jaclaz
Fri Jan 10, 2025 7:58 pm
Forum: RouterBOARD hardware
Topic: HEX S sometimes fails to start properly [SOLVED]
Replies: 13
Views: 3000

Re: HEX S sometimes fails to start properly [SOLVED]

Trying an alternate power supply won't be difficult anyway, the hex S accepts a wide range: DC jack input Voltage 12-57 V but also AC3 is pretty much flexible: DC jack input Voltage 12-28 V Personally I would still suspect the zener diodes, and as said they are easy to test with a tester/voltmeter.
by jaclaz
Fri Jan 10, 2025 7:48 pm
Forum: Beginner Basics
Topic: WiFi Station to Ethernet Port
Replies: 6
Views: 617

Re: WiFi Station to Ethernet Port

I don't understand. The mAP lite has only one ethernet port, ether1. You want to connect your radio (wlan1) to an existing wi-fi network? Then the device is a "client" or "station" (and not an AP). And - it depends on choices - it can be configured both as "router" (wit...
by jaclaz
Fri Jan 10, 2025 2:54 pm
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 899

Re: Wireguard config help

UNfortunately the "timeout" in the ping could be due to anything along the connection, including the remote 74.208.xx.xx prevented from replying to ICMP requests (newish windows as an example have a firewall rule that prevents replying from pings coming from outside the local lan), but it ...
by jaclaz
Fri Jan 10, 2025 2:41 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 1516

Re: Hotspot windows users login with wrong ip

Good. :)

Though the "fault" is most probably in the client that attempts to login before having a "proper" DHCP address (or wait for a timeout), it is good to know that RouterOS can deal with that.
by jaclaz
Fri Jan 10, 2025 1:39 am
Forum: General
Topic: Wireguard config help
Replies: 13
Views: 899

Re: Wireguard config help

I presume that the XX.XX.XX.XX is not on the same network 10.8.0.0/24, right?
Can you ping successfully the XX.XX.XX.XX endpoint address from the router?
If not, which error do you get?
by jaclaz
Thu Jan 09, 2025 11:40 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1440

Re: 4G/LTE router with Dual SIM [SOLVED]

To be fair on the posted image, also Huawei claims the same.
It seems more likely that it is something lost in translation (or whatever) connected with amazon than originating from the manufacturers.
by jaclaz
Thu Jan 09, 2025 11:27 pm
Forum: General
Topic: Won't connect without DHCP...?
Replies: 6
Views: 503

Re: Won't connect without DHCP...?

Bad, bad router? Or maybe - just maybe - there is the possibility that there could be something that needs to be changed in its configuration? If this latter could be the case, a good idea would be to post the current configuration for review (anonymizing the sensible data), instructions here: https...
by jaclaz
Thu Jan 09, 2025 5:01 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 10
Views: 1281

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

I don't know.

Maybe you should recreate the exact configuration that creates the slowdown and post that one.

It is harder to read a configuration where something has been removed (or disabled) as you never know if it is missing or is a leftover from another attempt.
by jaclaz
Thu Jan 09, 2025 3:45 pm
Forum: Beginner Basics
Topic: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik
Replies: 10
Views: 1281

Re: Low internet speed when we did PCC load balancing and connecting 2 ISPs on Mikrotik

Well, that thread is from 2021, and it is about RouterOS 6.49.1. You are running 7.8 (which is in itself really old). Something may well have changed in the meantime. Even if you don't want to upgrade to latest-latest (that would be 7.16.2) you should IMHO at least upgrade to 7.12.1 (to which you ha...
by jaclaz
Thu Jan 09, 2025 12:47 pm
Forum: Scripting
Topic: Securely storing apikey/tokens for /tool/fetch... Approaches? == $SECRET
Replies: 10
Views: 4589

Re: Securely storing apikey/tokens for /tool/fetch... Approaches? == $SECRET

Try to add the policy policy :shock: I.e.: policy=read,write,test,policy Not that I recommend it, but the primitive method I use when testing scripts is giving them all possible permissions, then remove them one by one until it stops working: https://forum.mikrotik.com/viewtopic.php?p=1050058&hi...
by jaclaz
Thu Jan 09, 2025 1:39 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 2519

Re: old configs don't work [SOLVED]

In 7 you need to explicitly add the routing tables and the routing-mark becomes routing-table in /ip route, as already hinted. Like: /routing table add fib name=via-ether2 add fib name=via-ether3 and then: /ip route add distance=1 dst-address=10.1.1.0/24 gateway=ether2 routing-table=via-ether2 in ma...
by jaclaz
Wed Jan 08, 2025 9:09 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1016

Re: Problem with ping using interfaces

Only for the record and JFYI, there is a way out for cases where the narrow route becomes invalid/inactive (for one reason or the other), which is to add a second narrow route as blackhole, but with a higher distance, is that your case?. See, as an example: https://forum.mikrotik.com/viewtopic.php?t...
by jaclaz
Wed Jan 08, 2025 8:24 pm
Forum: Beginner Basics
Topic: What if I just want to use it as a switch? [SOLVED]
Replies: 8
Views: 1130

Re: What if I just want to use it as a switch? [SOLVED]

I think you missed the word "just" in the subject, or misinterpreted that I want to keep things as simple as possible It was more a reply to your question: Can I just install SwitchOS instead of RouterOS? Let me rephrase the answer: No, that device can only run RoS and not SwitchOS. Other...
by jaclaz
Wed Jan 08, 2025 8:18 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1747

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

(besides nicer layout): I don't know :? , those 90° cable bends are ugly :shock: and they are not very good for the flow of data. 0's are usually OK, but 1's may get entangled in those sharp corners. :wink: (I know it's an old joke, but I cannot resist) :lol: Happy the whiole stuff is working. :)
by jaclaz
Wed Jan 08, 2025 8:06 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1016

Re: Problem with ping using interfaces

Well, what do you think netwatch is supposed to do? :?: :wink: https://help.mikrotik.com/docs/spaces/ROS/pages/8323208/Netwatch Using the (newish) ICMP mode (as opposed to "simple" ping) it allows for "fine-tuning" the failover triggering, and it has a few other modes too, beside...
by jaclaz
Wed Jan 08, 2025 7:48 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1274

Re: LTE issue on reboot

@Amm0 That is another aspect. :) But I don't know. :? Let's divide the matter in three: 1 ) what triggers the execution of a script (event) 2 ) what triggers the execution of a script (detection method) 3 ) what remedies we can implement (actions the script executes) The script could be triggered EI...
by jaclaz
Wed Jan 08, 2025 2:55 pm
Forum: General
Topic: what happens when CHR 60 days trial is expired!
Replies: 7
Views: 4895

Re: what happens when CHR 60 days trial is expired!

That is not true and topic is incorrectly marked as solved WHAT is not true? The help page: https://help.mikrotik.com/docs/spaces/ROS/pages/18350234/Cloud+Hosted+Router+CHR Free licenses There are several options to use and try CHR free of charge. free The free license level allows CHR to run indef...
by jaclaz
Wed Jan 08, 2025 12:51 pm
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 834

Re: RB5009UPr+S+IN: POE or POE+

thanks. I'm trying to power 2 Netgear WAX620 access points. The product data sheet says the device uses 25.5W. Seems like the 5009 will underpower them using the supplied barrel connector power supply? That is a beast of access point. :shock: And it is a strange beast, as the datasheet: https://www...
by jaclaz
Wed Jan 08, 2025 11:45 am
Forum: RouterBOARD hardware
Topic: RB260GSP POE Switch
Replies: 6
Views: 792

Re: RB260GSP POE Switch

Well, the good news are that: Netzwerkschnittstelle 10Base-T/100Base-TX RJ45 LAN-Anschluss PoE (nur für PoE-Version) IEEE 802.3af (+ Pin 4 und 5 / - Pin 7 und 8) IF it is the PoE version, it uses Mode B, and the interface is 10/100. BUT there is an added issue. Something, to be 802.3af compatible, n...
by jaclaz
Wed Jan 08, 2025 10:55 am
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1747

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Yes, this would make much more sense. :) ISP do sometimes have "strange" settings, but in the cases where some services are on tagged VLAN the VLAN number is not 1, it is only the way the Mikrotik "sees" the untagged traffic. @mkx So, it still boils down to "do not use VLAN1...
by jaclaz
Wed Jan 08, 2025 1:11 am
Forum: Beginner Basics
Topic: What if I just want to use it as a switch? [SOLVED]
Replies: 8
Views: 1130

Re: What if I just want to use it as a switch? [SOLVED]

The CRS304-4XG-IN Is anyway NOT among the dual boot devices:

https://mikrotik.com/products/group/s ... oot%22]#!
So if you want to go down that road you need to choose another device model.
by jaclaz
Wed Jan 08, 2025 1:04 am
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1274

Re: LTE issue on reboot

Your router(s), your choice.
by jaclaz
Wed Jan 08, 2025 12:58 am
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 834

Re: RB5009UPr+S+IN: POE or POE+

Sure, but if you Power a 16 W device with 30 W (max of the 802.3at Power supply) you can expect to draw, total of the other 7 ports, 14 W or so. If you prefer a 802.3at Power supply can Power - chained - no more than 2 x 802.3af *like* devices, let's say the RB5009 and an AP connected to one of the ...
by jaclaz
Wed Jan 08, 2025 12:32 am
Forum: 3rd party tools
Topic: 🚀 RemoteWinBox Admiral centralized MikroTik Management
Replies: 6
Views: 1391

Re: 🚀 RemoteWinBox Admiral centralized MikroTik Management

Nothing meant by it....We were surprised by the large number of use cases for our software for Starlink integrators. Ah, ok, you meant more like professional users than final customers, since starlinks are more likely installed in remote areas It makes perfect sense that a remote management solutio...
by jaclaz
Wed Jan 08, 2025 12:21 am
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN: POE or POE+
Replies: 5
Views: 834

Re: RB5009UPr+S+IN: POE or POE+

Neither. :shock: Each port can provide 440 mA: https://mikrotik.com/product/rb5009upr_s_in 0.44A*48V=21.12 W (typical voltage) 0.44A*57V=25.08 W (max voltage) 802.3af 15.40 W @PSE /12.95 W @PD (POE) 802.3at 30.00 W @PSE / 25.50 W @PD (POE+) The triple power input should be irrelevant, but only ether...
by jaclaz
Tue Jan 07, 2025 11:07 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1274

Re: LTE issue on reboot

I don't see why BOTH approaches cannot be tested. In the script, if LTE cannot be found, try resetting USB. If after - say - 120 seconds the LTE still cannot be found, then, and only then, reboot the router. If It works, It works, and if It doesn't It goes through the full reboot. 120 seconds Is onl...
by jaclaz
Tue Jan 07, 2025 9:13 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1747

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Yep, this is where I was not understanding.
Native VLAN doesn't necessarily mean VLAN1, do you mean that your ISP is using VLAN1 as "native"?
That would be the typical case of the gun pointed at your head.
by jaclaz
Tue Jan 07, 2025 9:07 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1274

Re: LTE issue on reboot

Cannot it be quickly tested by replacing in the script
:log error "LTE1 interface does not exist. Rebooting router..."
/system reboot
with:
:log error "LTE1 interface does not exist. Rebooting USB..."
/system routerboard usb power-reset duration=10s
or similar?
by jaclaz
Tue Jan 07, 2025 8:54 pm
Forum: 3rd party tools
Topic: 🚀 RemoteWinBox Admiral centralized MikroTik Management
Replies: 6
Views: 1391

Re: 🚀 RemoteWinBox Admiral centralized MikroTik Management

Only out of curiosity:
Heck, even Starlink users love us for all the things.
Why the "heck, even"?
Are Starlink users a category apart? :?
by jaclaz
Tue Jan 07, 2025 8:32 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1747

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

#3 and #4, my bad, The point I was trying to make is that the VLAN1 is *somehow* used (at least in RouterOS) as the default VLAN for *something* and there is the risk that using it for *something else* might create conflicts. Maybe in SwOS it is different, and the (few) people that actually fully un...
by jaclaz
Tue Jan 07, 2025 6:00 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1747

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Re: #4 Does your ISP provide the service over VLAN1 or in any other ways forces you to use it? I might have missed where you explained how you were forced - with a gun pointed at your head - to use VLAN1. The usual advice is to NOT use VLAN1, unless it is really-really needed because the consequence...
by jaclaz
Tue Jan 07, 2025 5:24 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 2251

Re: Simple Bridge with Firewall rules for Ether1 (internet))

Why is AI needed to generate really poor configuration when the default config meets 95% of the use case?
To prove - once again - that AI is not (yet :? ) capable of doing anything good? :lol:
by jaclaz
Tue Jan 07, 2025 5:20 pm
Forum: RouterBOARD hardware
Topic: RB260GSP POE Switch
Replies: 6
Views: 792

Re: RB260GSP POE Switch

To further expand on the matter, splitters that take the 24V in and output the 12V for the camera do exist, BUT there is even another issue, Mikrotik (passive) PoE is "mode B", it has to be checked if the splitter is mode A or mode B: https://www.etherwan.com/support/faq/what-poe-power-pin...
by jaclaz
Tue Jan 07, 2025 12:00 am
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1570

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

A saved export Is enough normally, but a (binary) backup gives added security. They have different uses and different characteristics. The backup allows to "clone" a router, It Is "all or nothing". The export represents the exact configuration, but can be modified or used partial...
by jaclaz
Mon Jan 06, 2025 9:17 pm
Forum: General
Topic: downgrade ROS to pre-7.13 version [SOLVED]
Replies: 14
Views: 1450

Re: downgrade ROS to pre-7.13 version [SOLVED]

Well, I have just replaced in december (with a Mikrotik Ax Lite) a self-made router (a repurposed Fujitsu Siemens S200 running Zeroshell) that had been ticking 24/7 since 2012. The actual device was produced in 2004 or so, processor is Transmeta! I originally got one of these on the cheap (like 20 E...
by jaclaz
Mon Jan 06, 2025 8:57 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 1516

Re: Hotspot windows users login with wrong ip

So, is it working with the correct range settings?

I wasn't at all sure whether the mac-cookie login runs "before" the ip-binding block and thus by-passes it..
by jaclaz
Mon Jan 06, 2025 8:16 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1016

Re: Problem with ping using interfaces

Well, the actual idea behind both recursive routing and netwatch checking is to use a "remote" (and likely reliable) DNS server (such as 8.8.8.8, 8.8.4.4.4, 9.9.9.9, 1.1.1.1, etc.) to check the connection to the internet by pinging it. This is done through a "narrow" additional r...
by jaclaz
Mon Jan 06, 2025 5:53 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 970

Re: Home networking suggestions

The Brume has also a "dedicated" setting called "drop in gateway": https://docs.gl-inet.com/router/en/4/interface_guide/drop-in_gateway/ From what I understand -besides the actual throughput in practice that would need to be tested - it requires disabling the DHCP of the "ma...
by jaclaz
Mon Jan 06, 2025 3:47 pm
Forum: General
Topic: downgrade ROS to pre-7.13 version [SOLVED]
Replies: 14
Views: 1450

Re: downgrade ROS to pre-7.13 version [SOLVED]

Only as a side note, it is refreshing to see someone that reasonably does not upgrade to latest-latest (your point #2) the "production" machines. Bravo! I understand how the forum is largely populated by people that like to experiment and tinker with Mikrotik newish releases, but often upg...
by jaclaz
Mon Jan 06, 2025 2:51 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 1516

Re: Hotspot windows users login with wrong ip

Semi-random idea, would setting ip-binding to something like:
/ ip hotspot ip-binding
add address=169.254.1.0-169.254.254.255 type=blocked
effectively prevent the APIPA addresses from logging in (via mac-cookie)?
by jaclaz
Mon Jan 06, 2025 12:19 pm
Forum: General
Topic: Hotspot windows users login with wrong ip
Replies: 18
Views: 1516

Re: Hotspot windows users login with wrong ip

It seemingly shaved some little time off, however.

Before it was
08:31.51->08:33:58=2 minutes 7 seconds

and now is:
06:03:52->06:05:55=2 minutes 3 seconds

Can the keepalive timeout be reduced? :?:
by jaclaz
Mon Jan 06, 2025 12:06 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 970

Re: Home networking suggestions

So you need it as main firewall, right? I think you can *somehow* configure a Mikrotik as a bridge and set it to use the firewall rules on the bridge (set use-ip-firewall=yes), but I believe this implies the need to disable hardware offload and this could result in poor performance. The impact of ha...
by jaclaz
Sun Jan 05, 2025 11:32 pm
Forum: Beginner Basics
Topic: Problem with ping using interfaces
Replies: 10
Views: 1016

Re: Problem with ping using interfaces

I think you are describing what Is usually called "recursive routing". Check this post for more details: https://forum.mikrotik.com/viewtopic.php?t=157048 Once you confirm this Is the desired result, we'll talk of the details. If - more generally - you are looking for automatic failover th...
by jaclaz
Sun Jan 05, 2025 7:08 pm
Forum: Beginner Basics
Topic: Router on a stick struggles
Replies: 6
Views: 1042

Re: Router on a stick struggles

/interface bridge filter # in/out-bridge-port matcher not possible when interface (wlan1) is not slave add action=drop chain=forward in-interface=wlan1 # in/out-bridge-port matcher not possible when interface (wlan1) is not slave add action=drop chain=forward out-interface=wlan1 # no interface add ...
by jaclaz
Sun Jan 05, 2025 6:24 pm
Forum: General
Topic: Home networking suggestions
Replies: 8
Views: 970

Re: Home networking suggestions

But what is the actual use of the Mikrotik? There are no problems in setting it as a (managed or "dumb") switch, but of course then it will behave like a switch, to all practical effects (besides having three LAN ports available) it would (should) be exactly the same if you bypass it and c...
by jaclaz
Sun Jan 05, 2025 6:10 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1570

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

A packet lost on a LTE connection (possibly through wifi) should not be a problem of actual connectivity. So your DNS is working (it can resolve google.com just fine) and you do have internet connection on both ethernet and wifi. Since you are using windows (I presume a recent one like 10) you shoul...
by jaclaz
Sun Jan 05, 2025 5:41 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1570

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

What anav just posted is a "complete" and "final" confiiguration, I believe it would be more useful, before studying and implementing that solution, to try understanding what is the issue right now, before introducing the complications of the complete setup, with VLAN's and what ...
by jaclaz
Sun Jan 05, 2025 12:13 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 internet via ethernet ports but not on wifi
Replies: 15
Views: 1570

Re: hAP ax lite LTE6 internet via ethernet ports but not on wifi

You seemingly have a duplicate masquerade rule in /ip firewall nat (but that shoudln't be an issue. Post the output of: /ip address print and of /ip route print Try to be more precise when reporting a problem, "cannot access internet" may be due to several reasons, try /ping 8.8.8.8 what i...
by jaclaz
Sun Jan 05, 2025 11:54 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 2519

Re: old configs don't work [SOLVED]

Unless I am missing something, it should be possible even without VRF's, the "generic" case being "access multiple devices with same fixed IP address connected to different ports/interfaces". Here is a solved case for two devices (I don't see how it cannot be extended to more dev...
by jaclaz
Sat Jan 04, 2025 6:34 pm
Forum: Beginner Basics
Topic: Router on Stick for lab purposes
Replies: 4
Views: 785

Re: Router on Stick for lab purposes

Cheapest wold probably be hap lite, but with only 16 Mb of storage (and 32 Mb RAM) you won't be able to run Ros 7 on it (or at least it won't be easy or working "right"). Nowadays I wouldn't buy (new) a device with less than 64 Mb or 128 Mb storage. Right now probably the best bang for the...
by jaclaz
Sat Jan 04, 2025 6:03 pm
Forum: Wireless Networking
Topic: Wireless Wire questions
Replies: 8
Views: 1884

Re: Wireless Wire questions

From what I understand what you are experiencing is a "side-effect" of a problem with your configurations. In the 86 and 87 you have (correctly) both ether1 and wlan60-1 added to the bridge: /interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether1 \ in...
by jaclaz
Sat Jan 04, 2025 3:58 pm
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1034

Re: Cant Update Wifi Extender

That solved it, I now understand both errors and how they happen and was able to upgrade the one networks wifi extenders and will do the others when next on site.

Thank you very much.
Good. :)
You are welcome of course.
by jaclaz
Sat Jan 04, 2025 12:17 pm
Forum: Beginner Basics
Topic: VLAN and Smart home stuff block from internet only for BTH VPN
Replies: 9
Views: 2174

Re: VLAN and Smart home stuff block from internet only for BTH VPN

Make those - say - VLAN10 and VLAN20.
And here ends all my knowledge on VLANs: DO NOT USE VLAN1.
by jaclaz
Sat Jan 04, 2025 11:57 am
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1034

Re: Cant Update Wifi Extender

Well, in this configuration: Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP; + - ECMP Columns: DST-ADDRESS, GATEWAY, DISTANCE DST-ADDRESS GATEWAY DISTANCE DAd+ 0.0.0.0/0 192.168.0.1 1 DAd+ 0.0.0.0/0 192.168.1.1 1 DAc+ 192.168.0.0/24 bridge1 0 DAc+ 192.168.0.0/24 bridge1 0 DAc+ 192.168.1.0/24 ...
by jaclaz
Fri Jan 03, 2025 11:05 pm
Forum: General
Topic: Hap ax3
Replies: 3
Views: 719

Re: Hap ax3

by jaclaz
Fri Jan 03, 2025 8:38 pm
Forum: Beginner Basics
Topic: Cant Update Wifi Extender
Replies: 8
Views: 1034

Re: Cant Update Wifi Extender

You have BOTH a static IP address AND a DHCP client running on both bridges: /ip address add address=192.168.1.4/24 interface=bridge2 network=192.168.1.0 add address=192.168.0.4/24 interface=bridge1 network=192.168.0.0 /ip dhcp-client add interface=bridge1 add interface=bridge2 This may (or may not)...
by jaclaz
Thu Jan 02, 2025 7:35 pm
Forum: General
Topic: Configuring VLAN tagged/untagged
Replies: 11
Views: 1390

Re: Configuring VLAN tagged/untagged

I dont understand this nomenclature add address=10.87.2.28 /28 interface=MGMT_VLAN network=10.87.2. 16 I think the .16 should be .0 and the subnet mask is fine if you really only wanted 14 usable IP addresses!! if the .16 is changed to .0 the .28 will be outside the subnet. https://www.calculator.n...
by jaclaz
Thu Jan 02, 2025 7:06 pm
Forum: Beginner Basics
Topic: Simple Bridge with Firewall rules for Ether1 (internet))
Replies: 16
Views: 2251

Re: Simple Bridge with Firewall rules for Ether1 (internet))

Essentially the same advice Cat12 just provided a little more detailed: /interface bridge add name=bridge1 /interface list add name=WAN add name=LAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik OK. /interface bridge port add bridge=bridge1 interface=eth...
by jaclaz
Thu Jan 02, 2025 3:50 pm
Forum: General
Topic: CCR2004-16g-2S+ Dhcp client stays in status "Searching" [SOLVED]
Replies: 10
Views: 1712

Re: CCR2004-16g-2S+ Dhcp client stays in status "Searching" [SOLVED]

Nevermind, I was commenting on a temporary setup, later corrected.
by jaclaz
Thu Jan 02, 2025 11:29 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 126
Views: 13667

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

At least they had the decency of NOT calling it "Mikrotik 365" :wink: .
by jaclaz
Thu Jan 02, 2025 11:22 am
Forum: RouterBOARD hardware
Topic: Rackmount Question
Replies: 3
Views: 850

Re: Rackmount Question

Yep, also according to a certain holvoeth :wink: that measured it:
viewtopic.php?p=1091642
among the given links here:
viewtopic.php?p=1091642&hilit=rack#p1091642
there are actual pictures.
by jaclaz
Sun Dec 29, 2024 11:56 am
Forum: Beginner Basics
Topic: Two LANs configuration, wireguard?
Replies: 6
Views: 961

Re: Two LANs configuration, wireguard?

Well when you have a real network, I may be of assistance. Not going to chase fake GNS3 musings. There is no particular GNS3 musing, and certainly there is nothing fake. There is no need, if you cannot or don't want to provide assistance, to accuse me of faking anything. The GNS3 is only a represen...
by jaclaz
Sun Dec 29, 2024 1:15 am
Forum: Beginner Basics
Topic: Two LANs configuration, wireguard?
Replies: 6
Views: 961

Re: Two LANs configuration, wireguard?

There is only one Mikrotik device, the Ax lite, there Is no "main MT", the device in the drawing marked Temp-Mikrotik is only a way to have a switchable on/off device with the "right" 192.168.0.1 address as the "Cloud" device in GNS3 is always on (and has an ip address ...
by jaclaz
Sat Dec 28, 2024 7:50 pm
Forum: Beginner Basics
Topic: Two LANs configuration, wireguard?
Replies: 6
Views: 961

Re: Two LANs configuration, wireguard?

a. no, all the addresses at play are in the 192.168.0.0/24 and 10.0.1.0/24 ranges. b. no, they are dumb switches. c. how would the Ax Lite as switch keep those separated? Possibly IF the switches were managed ones one could use somehow VLANs, but the only configurable device is the Mikrotik Ax Lite,...
by jaclaz
Sat Dec 28, 2024 6:01 pm
Forum: Beginner Basics
Topic: Two LANs configuration, wireguard?
Replies: 6
Views: 961

Two LANs configuration, wireguard?

I am working (in GNS3) on a possible setup. The "main" LAN is 192.168.0.0/24. The "child" LAN is 10.0.1.0/24. Internet connection is through a router/modem at 192.168.0.1 (gateway). The "main" LAN should only connect to the internet, exception made for a single PC (PC1-...
by jaclaz
Sat Dec 28, 2024 5:23 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 29
Views: 3110

Re: Do AP's come with all router functions?

Or even before buying anything, you can get a CHR image and play with it. https://help.mikrotik.com/docs/spaces/ROS/pages/18350234/Cloud+Hosted+Router+CHR https://mikrotik.com/download (though no wifi capabilities) You can use that in a VM (like Virtualbox or VmWare) or - if you also want to test so...
by jaclaz
Sat Dec 28, 2024 11:46 am
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 3956

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

If it can be adapted to your situation (and it seems to me it can), this: https://forum.mikrotik.com/viewtopic.php?t=198999 further simplified: https://forum.mikrotik.com/viewtopic.php?t=198999&hilit=simpler#p1102129 is IMHO the simplest method (using a simple Netwatch script that just enables a...
by jaclaz
Fri Dec 27, 2024 12:45 pm
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 3956

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

Ahh, good to know, thanks :) , the trick is the "on error" , I didn't know that it actually allowed the prosecution of the loop in case of error. :oops:
by jaclaz
Fri Dec 27, 2024 11:06 am
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 3956

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

Only as a side-side note, I remember that rextended advised to use a "remaining time" filter of 60 seconds to avoid invalid results when removing connections: https://forum.mikrotik.com/viewtopic.php?t=103812#p977354 though it is aimed to more complex setups with lots of existing connectio...
by jaclaz
Thu Dec 26, 2024 8:51 pm
Forum: General
Topic: What device should I buy for this use-case?
Replies: 6
Views: 919

Re: What device should I buy for this use-case?

To the CRS106-1C-5S you would need to add the SFP modules, and besides budget considerations (5 modules at 25-30 US$ each are 125-150$), copper modules on a passively cooled device are not a good idea for the heat management. For that kind of money you could get a "real" 24 port switch: ht...
by jaclaz
Thu Dec 26, 2024 7:09 pm
Forum: Beginner Basics
Topic: Tips from a home user
Replies: 6
Views: 1105

Re: Tips from a home user

Well, it is not like - besides the name change - the help pages are any better than the wiki (actually they are largely the same, when different, in very few cases are better, in most they are worse). They rarely provide actual instructions, in most cases they are little more than a quick reference ...
by jaclaz
Thu Dec 26, 2024 6:04 pm
Forum: Beginner Basics
Topic: Netbox 5ax WiFi 6 Access Point in bridge mode.
Replies: 1
Views: 676

Re: Netbox 5ax WiFi 6 Access Point in bridge mode.

I wonder what is friggin :shock: (the AP mode, the netbox, the sxtsq, the hex PoE, your shop, your house, Mikrotik generally). :lol: You should follow these instructions: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and post the current configurations of both devices. If you could add ...
by jaclaz
Thu Dec 26, 2024 5:54 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ General info & Questions
Replies: 1
Views: 726

Re: CCR1009-8G-1S-1S+ General info & Questions

If you have a rs-232 port on your computer, a common null-modem one will do.

Reference is here:
https://wiki.mikrotik.com/Manual:Null_modem_cable
https://help.mikrotik.com/docs/spaces/R ... al+Console

There is also a serial header on that model.
by jaclaz
Thu Dec 26, 2024 3:00 pm
Forum: General
Topic: Help to solve routing and mangle problem
Replies: 1
Views: 719

Re: Help to solve routing and mangle problem

It is not at all clear (to me) how what you described is supposed to work. If the IP of the Android box is 192.168. 106 .235 (BTW where does this address come from, is it a static IP manually entered or derives from a DHCP server?), there is no way (unless there is some other device in between or th...
by jaclaz
Thu Dec 26, 2024 2:14 pm
Forum: General
Topic: Problem with Two Separate WAN Connections on MikroTik CCR2004
Replies: 7
Views: 1380

Re: Problem with Two Separate WAN Connections on MikroTik CCR2004

It seems to me you were already on the right track: 1) add a dedicated routing table 2) add a route/gateway on that routing table for the intended gateway 3) add a routing rule filtering the source address range and making use of that router table Loosely, if it was 3 times 1:1, it would be somethin...
by jaclaz
Tue Dec 24, 2024 3:43 pm
Forum: General
Topic: access to MKT even though its offline
Replies: 6
Views: 924

Re: access to MKT even though its offline

Just wondering ... how does that VPN work then without internet connectivity ?
Maybe VPN as in Various People Near the routers? :shock:
:lol:
by jaclaz
Tue Dec 24, 2024 3:37 pm
Forum: RouterBOARD hardware
Topic: mAP lite: Not able to configure very simple use case LAN to WLAN bridge; neither does manual describe such a basic thing
Replies: 12
Views: 9305

Re: mAP lite: Not able to configure very simple use case LAN to WLAN bridge; neither does manual describe such a basic t

Hello, can someone help with this configuraton? I set up wifi repeater, have two wlan interfaces, added ether port to bridge, what I should do next? Follow this: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and post your configuration. Also describe what you want to achieve (goal), it...
by jaclaz
Tue Dec 24, 2024 3:27 pm
Forum: General
Topic: Problem with Two Separate WAN Connections on MikroTik CCR2004
Replies: 7
Views: 1380

Re: Problem with Two Separate WAN Connections on MikroTik CCR2004

First thing. check your configuration, whenever there is a "*" (asterisk followed by a (hex) number, it is a reference to *something* that was deleted/moved/renamed and that RoS cannot find anymore, it is a placeholder for something that was there but doesn't exist anymore: /interface list...
by jaclaz
Tue Dec 24, 2024 1:04 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1447

Re: Assistance Needed with MikroTik Cloud Router Configuration

Yes, but 10.61.0.27 is a private IP address. This implies that the ISP connection is NAtted or - anyway - the ISP router is a blackbox with IP address 10.61.0.27, with no other way to connect to it. From your scheme, the switch (or better the devices connected to them) must be in the 10.61.0.0 (/24?...
by jaclaz
Tue Dec 24, 2024 2:29 am
Forum: Beginner Basics
Topic: New setup CRS309-1G-8S-IN
Replies: 7
Views: 1533

Re: New setup CRS309-1G-8S-IN

But how did you configure the laptop IP/network?
Try a static address of 192.168.88.5 network mask 255.255.255.0.
But if Winbox doesn't see It via MAC, there is something wrong with It, since It has a serial/console connection, that Is probably the only to attempt connecting to It.
by jaclaz
Mon Dec 23, 2024 7:43 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1447

Re: Assistance Needed with MikroTik Cloud Router Configuration

I see, the block diagram: https://cdn.mikrotik.com/web-assets/product_files/CCR2116-12G-4S_240122.png of that device is a bit unusual. From what I understand in this particular case ethernet13 is peculiar as it is a self-standing interface, not connected "directly" to the other ports. So i...
by jaclaz
Mon Dec 23, 2024 6:19 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1447

Re: Assistance Needed with MikroTik Cloud Router Configuration

Naah, it's fine, ether13 in your configuration is not any different from any other ether port (except that in the configuration you posted it was disabled: add bridge=bridge1 disabled=yes interface=ether13). But you have to digest the concept that once a port is added to a bridge it becomes a slave ...
by jaclaz
Mon Dec 23, 2024 4:40 pm
Forum: Wireless Networking
Topic: WIFI connecting issues
Replies: 14
Views: 3981

Re: WIFI connecting issues

@gotsprings @gigabyte091 Out of curiosity, what is the underlying message (if any :shock: ) I am failing to get? :? OP has a cAP AX that is giving issues on Wi-Fi (and there are a lot of similar posts about the Ax2 and Ax3 on the board). Now you are reporting how good is your experience with the new...
by jaclaz
Mon Dec 23, 2024 2:51 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1447

Re: Assistance Needed with MikroTik Cloud Router Configuration

Yes, that's normal. If it is a switch all ports should be part of the bridge. If it is a router the WAN port (ISP or ether1 in your case) must be taken OUT of the bridge (in your posted configuration it is part of the bridge or slave to it): /interface bridge port add bridge=bridge1 interface=ether2...
by jaclaz
Mon Dec 23, 2024 12:37 pm
Forum: Beginner Basics
Topic: Assistance Needed with MikroTik Cloud Router Configuration
Replies: 11
Views: 1447

Re: Assistance Needed with MikroTik Cloud Router Configuration

Provide the output of the following commands: /ip address print and /ip route print But is it is intended to be routing to the ISP modem/router or not? The "ISP" interface (ether1) is part of the bridge, so it should be a "simple" switch. I.e. the configuration you posted seems t...
by jaclaz
Mon Dec 23, 2024 11:13 am
Forum: Wireless Networking
Topic: WiFi Access Points Maxes at 300mbps D/L
Replies: 18
Views: 1605

Re: WiFi Access Points Maxes at 300mbps D/L

Is there any configuration that I need to change in order to get the old speeds I’m getting without the RouterBoard?
Maybe yes, maybe no.
Hard to say without knowing your configuration.
Follow this:
viewtopic.php?t=203686#p1051720
and post your configuration for review.
by jaclaz
Sun Dec 22, 2024 6:45 pm
Forum: Wireless Networking
Topic: config radio mikrotik via mac address Problem
Replies: 1
Views: 657

Re: config radio mikrotik via mac address Problem

Probably it is something in configuration blocking mac-winbox.
Follow this:
viewtopic.php?t=203686#p1051720
and post your configuration.
by jaclaz
Sun Dec 22, 2024 5:54 pm
Forum: Beginner Basics
Topic: WakeOnLan by access
Replies: 1
Views: 660

Re: WakeOnLan by access

Local or remote? Like this? https://forum.mikrotik.com/viewtopic.php?t=172386 or this: https://forum.mikrotik.com/viewtopic.php?t=160169 or this: https://forum.mikrotik.com/viewtopic.php?t=56831 Or using the /tool wol: https://forum.mikrotik.com/viewtopic.php?t=62728 Just in case, there are some dev...
by jaclaz
Sun Dec 22, 2024 11:09 am
Forum: Beginner Basics
Topic: Help needed - How to mitigate DDOS atacks with dns
Replies: 21
Views: 2506

Re: Help needed - How to mitigate DDOS atacks with dns

@erlinden @anav If I may ask a few side questions, only trying to understand your suggestions, the proposed changes are shifting all DNS requests (from LAN) to the router/gateway at 10.44.73.1, right? Is this a "generic" good idea/practice or it is something that is only a test specific to...
by jaclaz
Sat Dec 21, 2024 5:37 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 2919

Re: executing script from net failed

unfortunately i can not publish my export file which is 47000 line with my address list . And how many lines is it without your address list? :?: Maybe - just maybe - you could replace the address list with a shorter reference *like*: <imagine here a loooooooong address list> and post it, I don't t...
by jaclaz
Sat Dec 21, 2024 12:01 pm
Forum: Beginner Basics
Topic: RB5009 in the hands of a newbie, Gateway problem
Replies: 19
Views: 2412

Re: RB5009 in the hands of a newbie, Gateway problem

Only as a note, maybe you haven't noticed it, but it is important that you understand this for other future configurations. I originally suggested to have ether8 as 192.168.88.1 /24 (assuming that you would have changed the same range set on the bridge to your local lan one). BUT what you implemente...
by jaclaz
Sat Dec 21, 2024 10:50 am
Forum: Scripting
Topic: Script to auto create address-list from plain ip-ranges URLs
Replies: 10
Views: 1334

Re: Script to auto create address-list from plain ip-ranges URLs

I think we can say that the script is intended for pre-validated address lists, i.e. all the checks needs to be done before and outside this script, that merely "imports" the (already filtered/corrected/whatever) data.
It seems fair enough to me.
by jaclaz
Fri Dec 20, 2024 11:07 pm
Forum: Wireless Networking
Topic: Rx/Tx 54 mbps on WIndows but not MAC OS
Replies: 4
Views: 807

Re: Rx/Tx 54 mbps on WIndows but not MAC OS

It seems like a common Windows 10 ( but likely nothing much has change in 11) issue when resuming from sleep The workaround (not solution) Is automating disconnection and reconnection, see: https://superuser.com/questions/1849669/wifi-becomes-slow-after-sleep Particularly, but not only, with AX200/2...
by jaclaz
Fri Dec 20, 2024 9:16 pm
Forum: General
Topic: RB5009 / PoE-IN *and* PoE-OUT at the same time
Replies: 7
Views: 1091

Re: RB5009 / PoE-IN *and* PoE-OUT at the same time

RB5009 8.7<16 W
cAP AX 6.4 <11 W
8.7+6.4=15.1 < 27 W
15.1+(some activity)=16.8 < 27 W

If the RB5009 goes high on CPU while the CAP is also loaded it has to be seen how much more power is needed.
by jaclaz
Fri Dec 20, 2024 6:52 pm
Forum: Beginner Basics
Topic: Help needed - How to mitigate DDOS atacks with dns
Replies: 21
Views: 2506

Re: Help needed - How to mitigate DDOS atacks with dns

273000/12=22750 22750/60=379 379/60=6.32 packets per second (on average) And in any case 18.5 Mb over 12 hours. The action of dropping them shouldn't need a large amount of resources, so large that the consequence "makes it almost impossible for the local network to even ping servers 1.1.1.1 or...
by jaclaz
Fri Dec 20, 2024 5:09 pm
Forum: Wireless Networking
Topic: Wireless Wire questions
Replies: 8
Views: 1884

Re: Wireless Wire questions

The detailed instructions to export and post the configurations are here: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 Exporting and saving periodically on a PC/NAS/whatever a copy of the export is anyway common good practice, as it is making periodically a backup (surely before upgrad...
by jaclaz
Fri Dec 20, 2024 4:40 pm
Forum: General
Topic: VLAN help needed
Replies: 5
Views: 943

Re: VLAN help needed

I still don't understand. The "natural" role of the RB3011 would normally be that of a router, but in your current scheme you are using it as a switch (with two bridges, one for LAN and one for WAN) and all the routing happens in your CAP1. If the CAP1 is fast/good enough for your needs, t...
by jaclaz
Thu Dec 19, 2024 8:25 pm
Forum: Beginner Basics
Topic: RB5009 in the hands of a newbie, Gateway problem
Replies: 19
Views: 2412

Re: RB5009 in the hands of a newbie, Gateway problem

If I may, it is not a good idea to connect a router to internet without a proper set of firewall rules. You should first thing add these (they are the default ones from Mikrotik for other devices, adapted for your case): When fiddling with a Mikrotik with only an interface as WAN all the rest in a L...
by jaclaz
Thu Dec 19, 2024 7:16 pm
Forum: General
Topic: Route traffic behind double NAT
Replies: 14
Views: 1395

Re: Route traffic behind double NAT

Yep, but what it is the source address you added to the firewall filter rule? That address is - if I got the configuration right - 192.168.x.10. If this is the case. it is "created" by your current nat rule: /ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN masquer...
by jaclaz
Thu Dec 19, 2024 4:57 pm
Forum: Beginner Basics
Topic: RB5009 in the hands of a newbie, Gateway problem
Replies: 19
Views: 2412

Re: RB5009 in the hands of a newbie, Gateway problem

How can I show you the full configuration of my RB5009?
Follow this:
viewtopic.php?t=203686#p1051720
by jaclaz
Thu Dec 19, 2024 4:37 pm
Forum: Beginner Basics
Topic: Wireless Bridge
Replies: 9
Views: 1212

Re: Wireless Bridge

More explicit instructions in this post:
viewtopic.php?t=203686#p1051720
by jaclaz
Thu Dec 19, 2024 4:23 pm
Forum: Beginner Basics
Topic: problem with vlan configuration
Replies: 10
Views: 1087

Re: problem with vlan configuration

Before anything else, if you check your configuration, you will find several instances of * (asterisk) followed by a (hex) number. This basically means that there was something there that was renamed/deleted/moved/changed in such a way that the RoS can't find it properly anymore, so it places there ...
by jaclaz
Thu Dec 19, 2024 11:38 am
Forum: General
Topic: 2 bank websites doesn't open (WiFi and PPPoE) [SOLVED]
Replies: 4
Views: 1593

Re: 2 bank websites doesn't open (WiFi and PPPoE) [SOLVED]

Follow these instructions: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and post the (redacted/anonymized) configuration of both devices. In theory in a normal setup there shouldn't be anything different from something going: phone<->wifi/wlan<->hAP AC2<->ethernet<->hap Ax2<->Internet ...
by jaclaz
Thu Dec 19, 2024 1:40 am
Forum: RouterBOARD hardware
Topic: CCR2216 M.2 slot length
Replies: 5
Views: 1692

Re: CCR2216 M.2 slot length

The supply of M.2 SATA will eventually die off ...
Sic transit gloria mundi.
by jaclaz
Wed Dec 18, 2024 7:53 pm
Forum: General
Topic: VLAN help needed
Replies: 5
Views: 943

Re: VLAN help needed

Follow these instructions to export and post the configurations of both the RB3011 and of the cAP AC: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 If I may, your current setup seems to me - let's say - unconventional , and the intended one even more so, maybe there are reasons why you ...
by jaclaz
Wed Dec 18, 2024 7:02 pm
Forum: General
Topic: RB5009 / PoE-IN *and* PoE-OUT at the same time
Replies: 7
Views: 1091

Re: RB5009 / PoE-IN *and* PoE-OUT at the same time

I don't think it is a chain, more like hAP AX² + hAP AX² + cAP AX connected to three ports of the same RB5009.
by jaclaz
Wed Dec 18, 2024 6:48 pm
Forum: General
Topic: Files copied have different control sums
Replies: 11
Views: 2543

Re: Files copied have different control sums

Yep, but what I mean is that I am failing to see a "corruption pattern". on line 03C540 there is a missing 00 byte (thus data is shifted by one byte) on positions 8-11, 4 consecutive FF bytes should mean that. on line 03C560 a whole triplet is missing everything seems shifted up by 4 byte ...
by jaclaz
Wed Dec 18, 2024 5:05 pm
Forum: General
Topic: RB5009 / PoE-IN *and* PoE-OUT at the same time
Replies: 7
Views: 1091

Re: RB5009 / PoE-IN *and* PoE-OUT at the same time

The CRS328 "brochure" specs 53V, thus PoE port should provide up to ~24W (not 30W as mentioned in specs.and brochure). This does not change anything for OP though. Good catch. :) So on the product page it has: Max out per port output (input 18-30 V) 1000 mA Max out per port output (input ...
by jaclaz
Wed Dec 18, 2024 4:27 pm
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1589

Re: Incorporating a backup gateway into my setup

When I have created the dhcp client for the backup gateway, I have set the default-route-distance to 2. However, when I see the dynamically assigned route, I see a distance of 0 for the new gateway. Not really, in your (working) config you have: /ip dhcp-client add comment=defconf disabled=yes inte...
by jaclaz
Wed Dec 18, 2024 4:12 pm
Forum: General
Topic: The IP of the bridge is occasionally unavailable [SOLVED]
Replies: 16
Views: 2311

Re: The IP of the bridge is occasionally unavailable [SOLVED]

The D4:01:C3...... is seemingly the Chateau LTE12? :?:
by jaclaz
Wed Dec 18, 2024 3:26 pm
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1589

Re: Incorporating a backup gateway into my setup

Maybe you need to reboot the router. Right now ether2 is not up: /ip dhcp-client add comment=defconf disabled=yes interface=ether1 # Interface not active add interface=ether2 The error: 14:22:36 dhcp,warning defconf offering lease 192.168.88.15 for 08:7B:87:11:C8:D1 without success comes from the DH...
by jaclaz
Wed Dec 18, 2024 11:55 am
Forum: General
Topic: Files copied have different control sums
Replies: 11
Views: 2543

Re: Files copied have different control sums

Several screenshots for analysis I love invisible screenshots, they blend very well with the board theme ... :roll: :lol: EDIT: Ah, ok, now they show. The original pattern seems to be a repeating 4 sets of 12 triplets, with 11 triplets 00FFFF and 1 00FF17. With a hex view in 16 columns the global p...
by jaclaz
Wed Dec 18, 2024 11:39 am
Forum: General
Topic: RB5009 / PoE-IN *and* PoE-OUT at the same time
Replies: 7
Views: 1091

Re: RB5009 / PoE-IN *and* PoE-OUT at the same time

I believe the CRS328 works at 48V, so it will output on a PoE port 450 mA. That makes the power output on that port 48V*0.45A=21.6W. It is basically a "beefy" 802.3af (specs are 12.95 W, actually 15.40W since it is the PSE) or a "skinny" 802.3at (specs are 25.50 W, actually 30W s...
by jaclaz
Wed Dec 18, 2024 11:14 am
Forum: General
Topic: Route traffic behind double NAT
Replies: 14
Views: 1395

Re: Route traffic behind double NAT

Yep, in any I think you should anyway "tighten" that firewall rule by src-address, to at least the originating subnet, but better to the actual natted source address. The suggestion by holvoeth to src-nat the specific dst-address (before the generic masquerade) seems to me like a good one,...
by jaclaz
Tue Dec 17, 2024 7:48 pm
Forum: General
Topic: Route traffic behind double NAT
Replies: 14
Views: 1395

Re: Route traffic behind double NAT

@jack14 Take what I write below with a pinch (or better two) of salt, as I am not at all an expert in firewall rules, so the following may well be completely wrong, still: I don't think that the issue is with that default final drop rule. That rule simply does what it is supposed to do. i.e. drop co...
by jaclaz
Tue Dec 17, 2024 11:42 am
Forum: General
Topic: When the WAN network card is bound to multiple IPs, there is an issue with the source IP for system remote logging
Replies: 6
Views: 986

Re: When the WAN network card is bound to multiple IPs, there is an issue with the source IP for system remote logging

Only as a side-side note, I believe this is how RoS works more generally. An interface with multiple IP addresses is seen by its "lowest" IP address. I have a Mikrotik (hap Ax Lite) used as an "intermediate" router used for failover between two ISP modem/routers, for some reasons...
by jaclaz
Tue Dec 17, 2024 10:45 am
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1589

Re: Incorporating a backup gateway into my setup

There are two possible "points of failure": 1) your local ISP modem/router 2) the ISP line/cable/server/whatever A failover route (with higher distance) will only become effective if the one with a lower distance becomes inactive, but this will normally only happen if #1 above happens, i.e...
by jaclaz
Mon Dec 16, 2024 8:39 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 2919

Re: executing script from net failed

23 other posts (+1) for NOTHING.

Post #3 is still valid, all the other posts are just garbage.
Well, the 23 added posts did give you a good occasion to show (again) your (usual) grumpiness, so - in some way - they were useful ... :lol:
by jaclaz
Mon Dec 16, 2024 6:44 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 2919

Re: executing script from net failed

I believe it is fair enough to ask what a message on the log is meaning.

The point is that nobody here seemingly knows what it actually means and it is also not documented, so only support may be able to give an answer to this question.
by jaclaz
Mon Dec 16, 2024 5:38 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1822

Re: L009 - don't like it...

@anav Again, though not stated on the docs, when a device is said to be 802.3af/at compliant AND it accepts 18-57 V the good Mikrotik guys imply that it can be also powered passive (at the typical 24 V or 48V ). And again, the cap AX was powered (passive) from the previous hex S (that only provides ...
by jaclaz
Mon Dec 16, 2024 5:32 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 2919

Re: executing script from net failed

This kind of log entries are vague, as seen here:
viewtopic.php?t=209998
viewtopic.php?t=209998#p1093607

but the Mikrotik support should know what "net" is (or is supposed to be)
by jaclaz
Mon Dec 16, 2024 5:17 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1822

Re: L009 - don't like it...

Just tried with wAP AX (which is even further down in power requirements but normally also 802.3af/at only): it will power on using L009 but you have to set POE on ether8 to forced on. Not auto on. Yep :) , that's why I asked: (maybe there is some different setting for the PoE out port to check?).
by jaclaz
Mon Dec 16, 2024 4:59 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1822

Re: L009 - don't like it...

Disagree, the hex refresh only states passive poe in and a voltage of 12-28v. No standard mentioned. I think you are the first one to talk of the hex refresh. To recap: 1) OP had a hex S that was PoE powered and powered in cascade.a cap AX 2) then he replaced the hex S with a L009, but the L009 cou...
by jaclaz
Mon Dec 16, 2024 4:30 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1822

Re: L009 - don't like it...

@anav
The whole point is that someone familiar with PoE and specifically with Mikrotik, and even more specifically with the hex S, could be easily tricked by the mis-documentation Mikrotik provides (besides their - let's say creative - claim that these devices are 802.3af/at compliant).
by jaclaz
Mon Dec 16, 2024 2:16 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 36977

Re: wAP ax?

Black wAP would be ideal ...
I believe it depends on the colour of the paint on the walls, maybe there is space for a new business for doll WAP clothes?

Otherwise peel coat (spray paint that can be peeled) or similar?
by jaclaz
Mon Dec 16, 2024 2:08 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1822

Re: L009 - don't like it...

Yep, I was trying to highlight that from specs there is no apparent difference between the two devices. OP had all the rights in the world to believe that the L009 could replace the hex S (maybe there is some different setting for the PoE out port to check?). So the good Mikrotik guys - besides thei...
by jaclaz
Sat Dec 14, 2024 6:50 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1822

Re: L009 - don't like it...

Set aside the whining, I don't see a difference between hexs and L009: Hex s: https://mikrotik.com/product/hex_s Powering Details Number of DC inputs 2 (DC jack, PoE-IN) DC jack input Voltage 12-57 V Max power consumption 24 W Max power consumption without attachments 6 W Cooling type Passive PoE in...
by jaclaz
Sat Dec 14, 2024 12:02 pm
Forum: Wireless Networking
Topic: Best approach for ptp using Wifi (wifi-qcom-ac driver) [SOLVED]
Replies: 2
Views: 1083

Re: Best approach for ptp using Wifi (wifi-qcom-ac driver) [SOLVED]

AFAIK the mode "ap-bridge" has been renamed to simply "ap", see: https://forum.mikrotik.com/viewtopic.php?p=1052701#p1052701 The other side should be set in station-bridge mode, as both devices are Mikrotik: https://help.mikrotik.com/docs/spaces/ROS/pages/122388518/Wireless+Stati...
by jaclaz
Sat Dec 14, 2024 12:16 am
Forum: Beginner Basics
Topic: Network with external router and isolated bridge
Replies: 19
Views: 2500

Re: Network with external router and isolated bridge

It could be that the 1970 date you have Is too far in the past, there were issues reported about this, but I thought they were solved by now. Try disabling the ntp client, setting manually the date/time, re-enable the client. Another possibility Is that your ISP blocks Port 123, check these: https:/...
by jaclaz
Fri Dec 13, 2024 8:43 pm
Forum: General
Topic: Bandwidth went down after trying massive simple queues
Replies: 2
Views: 790

Re: Bandwidth went down after trying massive simple queues

This bridge has no name: /interface bridge port add bridge=*B interface=ether5 add bridge=*B interface=wifi1 add bridge=*B interface=wifi2 Whenever there is an asterisk followed by a (hex) number it means that "something" was there but was removed or deleted and Ros lost track of it, so it...
by jaclaz
Fri Dec 13, 2024 12:52 am
Forum: Beginner Basics
Topic: Network with external router and isolated bridge
Replies: 19
Views: 2500

Re: Network with external router and isolated bridge

I have no idea if It means something, but I have ntp working just fine from a pool.ntp.org server, the only difference, besides the different national server Is the mode set to unicast, while you have broadcast.
Are you sure the address can be DNS resolved?
put [:resolve de.pool.ntp.org]
by jaclaz
Fri Dec 13, 2024 12:00 am
Forum: Beginner Basics
Topic: Is device damage possible when using PoE switch?
Replies: 5
Views: 1007

Re: Is device damage possible when using PoE switch?

If the device boots/netinstalls/etc. it fundamentally "works". It is entirely possible that a part of it is "fried", but if for whatever reasons you applied an excessive voltage to ether1 I would expect It to fry, not the other ports. The 802.3 af or at negotiations are designed ...
by jaclaz
Thu Dec 12, 2024 9:19 pm
Forum: Beginner Basics
Topic: Is device damage possible when using PoE switch?
Replies: 5
Views: 1007

Re: Is device damage possible when using PoE switch?

Well, hAp-ac2 supports passive PoE 18-28V. (and it uses Mode B aka positive on pins 4 and 5 and DC negative on 7 and 8 and data on 1-2 and 3-6) Cap Ax supports 802.3af/at 18-57 V. The GS308EP supports 802.3at. That the cap Ax worked is normal. But the 802.3af and at protocols include some "prob...
by jaclaz
Thu Dec 12, 2024 8:03 pm
Forum: Beginner Basics
Topic: Network with external router and isolated bridge
Replies: 19
Views: 2500

Re: Network with external router and isolated bridge

What do you get with:
/system/ntp/client> print
? :?:
by jaclaz
Thu Dec 12, 2024 12:46 pm
Forum: General
Topic: Mikrotik hap lite can't start
Replies: 3
Views: 754

Re: Mikrotik hap lite can't start

/system resource print
on a hap lite tc I have gives:
cpu: MIPS 24Kc v7.4
architecture name: smips
by jaclaz
Tue Dec 10, 2024 7:51 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3208

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

Good. :)

There still remains the issue (or the non-issue) of a practically non existent firewall.

Up to you if you can trust the firewall(s) - if any - of the ISP router(s) or if it is the case to configure a "proper" set of firewall rules on your hex.
by jaclaz
Tue Dec 10, 2024 9:00 am
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 2247

Re: 2 WAN active at the same time [SOLVED]

Post an export of your actual configuration (change addresses /anonymize it if needed) as per:

viewtopic.php?t=203686#p1051720

as opposed to your own textual representation of it, the devil is in the details.
by jaclaz
Tue Dec 10, 2024 8:55 am
Forum: General
Topic: RouterOS cannot reach internet after PCC load balance two wan connection
Replies: 22
Views: 1876

Re: RouterOS cannot reach internet after PCC load balance two wan connection

I really appreciate your thorough reply. I learned something new today. You solved my issue in a day when the internet couldn't help me for weeks.
sindy 1
internet: 0

Go, sindy, go! :!:
by jaclaz
Sun Dec 08, 2024 5:23 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3208

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

The issue is clearly (from your screenshot) that the two routes for 0.0.0.0/0 are S (Static) while they should be AS (Active Static). No idea why that happens though :( . Have you tried rebooting the router after all the additions/modifications? Please reboot it and then do a new export and post the...
by jaclaz
Sun Dec 08, 2024 5:17 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1698

Re: hAP ax lite LTE6 how to set as repeater

No, why do you want to change the device? You have at hand an Ax lite LTE6, use that. An Ax lite can be configured as Access Point just fine (of course you need not any firewall on it and the LTE will be disabled/not used). The issue is only that: v6.xx used drivers for the local radios that were co...
by jaclaz
Sat Dec 07, 2024 3:41 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1698

Re: hAP ax lite LTE6 how to set as repeater

I cannot find a complete one. The essence can be found here: https://superuser.com/questions/1855137/setup-of-new-mikrotik-router-to-act-as-a-switch-with-wifi-enabled On the other hand, if you start with a blank configuration (let's say you've factory-reset it, then connected via mactelnet/macwinbox...
by jaclaz
Sat Dec 07, 2024 11:01 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3208

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

The idea of having a free, self-standing port for emergency access is only that of having an emergency access, it is relatively easy to lock oneself out of Winbox MAC access too when fiddling with settings. Your current situation is not "normal", unless (intentionally or accidentally) disa...
by jaclaz
Sat Dec 07, 2024 1:28 am
Forum: General
Topic: Wireguard over VRF
Replies: 6
Views: 1731

Re: Wireguard over VRF

can you describe more, what do you thing by that
viewtopic.php?t=208899
by jaclaz
Fri Dec 06, 2024 9:16 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1698

Re: hAP ax lite LTE6 how to set as repeater

Good, so you need a "normal" AP setup. Complete examples for a "pure" AP setup on 7.x are rare (most are for older v 6.x or however for "wireless" whilst you have "wifi" or are related to the much more complex CAPSMAN setup). But it should be pretty much strai...
by jaclaz
Fri Dec 06, 2024 8:30 pm
Forum: Wireless Networking
Topic: Unifi AP running on MikroTik VLAN
Replies: 16
Views: 1918

Re: Unifi AP running on MikroTik VLAN

Well the first few rules of the Mikrotik Club are: https://forum.mikrotik.com/viewtopic.php?t=212419#p1108288 VLAN1 is seemingly used internally, and using it externally may create issues: https://forum.mikrotik.com/viewtopic.php?t=206946#p1071170 If you really cannot change those UNIFI VLAN 1 setti...
by jaclaz
Fri Dec 06, 2024 8:14 pm
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3208

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

It is not a good idea to have a router facing the internet without a firewall, and thus granting connection to the router itself (Ok, a user NOT default and a secure password would help) and to any device in your LAN from the outside, but you have as gateways 192.168.1.1 and 192.168.8.1, so the devi...
by jaclaz
Fri Dec 06, 2024 6:43 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1698

Re: hAP ax lite LTE6 how to set as repeater

I have router in my garage and simply the signal in upper floor is pour but I have sockets RJ45 in each room so was thinking to connect Mikrotik to one of the socket and repeat same wifi as primary router in the garage. It is not at all clear (to me) what you are trying to achieve. You have a route...
by jaclaz
Fri Dec 06, 2024 2:28 pm
Forum: General
Topic: Wireguard over VRF
Replies: 6
Views: 1731

Re: Wireguard over VRF

The question is: do you really need the VRF's?
Or you can with simpler different routing tables (fib)?

VRF's can be tricky as some services might not work on them (as an example DNS is only partially working), and unless really really needed it is better to avoid them.

Post your configuration.
by jaclaz
Fri Dec 06, 2024 11:47 am
Forum: Beginner Basics
Topic: Configured for dual wan, now cant access the router though internet works [SOLVED]
Replies: 25
Views: 3208

Re: Configured for dual wan, now cant access the router though internet works [SOLVED]

Can winbox connect via MAC address? Instead of clicking on the IP address (that will populate the field "Connect To:" with 192.168.0.1, try clicking on the MAC address of the hex, the "Connect To." will be populated with the MAC address of the device. How did you manage to create...
by jaclaz
Thu Dec 05, 2024 6:52 pm
Forum: General
Topic: HEX Lite for routing between subnets [SOLVED]
Replies: 29
Views: 3490

Re: HEX Lite for routing between subnets [SOLVED]

Only to keep things as together as possible, the proposed solution by sindy was tested as working in a very similar setup, here: https://forum.mikrotik.com/viewtopic.php?t=213056 At the end a couple of blackhole routes were needed in addition to avoid the second device to be reached through the main...
by jaclaz
Thu Dec 05, 2024 5:51 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 2340

Re: Port based Routing to 2 identical IP [SOLVED]

Very good. :)
The syntax I posted was for Ros 7, sorry :oops: , but I see you adapted it to your Ros 6.x just fine :) .
by jaclaz
Thu Dec 05, 2024 5:42 pm
Forum: Wireless Networking
Topic: Which is fastest wifi device
Replies: 33
Views: 2990

Re: Which is fastest wifi device

Why, in my day ... [1]
All I had was a Sinclair Zx80, 1 kb memory and I had to solder components myself.
And we liked it
.... kids today.

[1] https://tinyapps.org/blog/200702250700_ ... y_day.html
by jaclaz
Thu Dec 05, 2024 3:13 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 2340

Re: Port based Routing to 2 identical IP [SOLVED]

What are the routes (/ip route print) at the time the machine is disconnected (pull the cable)? Very likely the routing rule (that is for "new-routing-mark=port1") that in your posted output is #0 is not anymore AS (Active, Static) but becomes just S or IS (Inactive), and either the "...
by jaclaz
Thu Dec 05, 2024 12:45 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 3883

Re: Dual Router Configuration Setup Assistance

You can copy and paste those configurations on the board, only, please put them inside "code" tags, the button that looks like a fat dot inside square brackets or as </>, see:
viewtopic.php?t=203686#p1051720
by jaclaz
Wed Dec 04, 2024 8:34 pm
Forum: Beginner Basics
Topic: Problem with clients
Replies: 4
Views: 1867

Re: Problem with clients

The "active address" in that row seems to be assigned to MAC address 00:00:00:00:00:00, so maybe the base issue is not the missing client id, but the (empty) MAC.
by jaclaz
Wed Dec 04, 2024 8:18 pm
Forum: Beginner Basics
Topic: NAT forwarding issue
Replies: 1
Views: 679

Re: NAT forwarding issue

It may depend on other rules in the firewall or even in their actual position, the firewall (filter, mangle and nat) rules need to be checked in their entirety. It should not be needed, but usually an in-interface and out-interface is added to the forwarding rules, *like*: /ip firewall filter add ac...
by jaclaz
Wed Dec 04, 2024 7:56 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 2340

Re: Port based Routing to 2 identical IP [SOLVED]

Very good. :) What still needs to be cleared (at least to me) is whether the netmap and the dst-nat actions can be exchanged at will or not (it seems that in cases like this one both work, so it is not clear if there is a reason to prefer the one over the other). To be fair sindy did attempt to expl...
by jaclaz
Wed Dec 04, 2024 6:56 pm
Forum: Beginner Basics
Topic: Port based Routing to 2 identical IP [SOLVED]
Replies: 11
Views: 2340

Re: Port based Routing to 2 identical IP [SOLVED]

Yep, but we have no final report of success (if any) on that thread.

There is however a similar one where everything is seemingly working:
viewtopic.php?t=212702
(though still not a fully working complete configuration)
by jaclaz
Wed Dec 04, 2024 6:46 pm
Forum: Beginner Basics
Topic: Can't connect to one of my 2 RBSXT 5HnD
Replies: 13
Views: 2560

Re: Can't connect to one of my 2 RBSXT 5HnD

As a general rule, whenever you find in a Mikrotik a value that is normally text replaced by an asterisk "*" followed by a number (often a hex number) it basically means: "Here is a placeholder for something that did exist but has been removed/renamed/whatever and now I cannot find it...
by jaclaz
Wed Dec 04, 2024 6:24 pm
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 1066

Re: Dual Wan link to some isp router

I think that the 2.5 Gb are actually written in the documents as "up to 2.5 Gb" and what you really get in practice is more like 1 Gb, see this (Italian): https://forum.fibra.click/d/32863-vodafone-fibra-25-gbs-velocita-wifi-ed-ethernet seemingly even if you tell them that you want to conn...
by jaclaz
Wed Dec 04, 2024 5:49 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 4003

Re: am i using SOHO Firewall or not?

and if each bridge has one interface than how does the ports in the "boxes" communicate with each other since they're in different boxes? Through a clever use of straws. You can pierce a hole in the box, reach the orange and get the juice. Seriously, you have IP addresses assigned to the ...
by jaclaz
Wed Dec 04, 2024 11:21 am
Forum: General
Topic: Is mAP still relevant with RouterOS 7.16 ?
Replies: 5
Views: 866

Re: Is mAP still relevant with RouterOS 7.16 ?

At least for the moment, it is reported to work just fine with 7.x, see this post by holvoeth: https://forum.mikrotik.com/viewtopic.php?t=212925 https://forum.mikrotik.com/viewtopic.php?t=212925&hilit=map#p1111973 In the future there might be issues, but the good Mikrotik guys are doing their be...
by jaclaz
Wed Dec 04, 2024 10:46 am
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 4003

Re: am i using SOHO Firewall or not?

Naaah, leave that fasttrack rule alone, if everything is working, you are surely better than before. Which doesn't mean that your configuration is "perfect" as there can be other things to fix, or to better, as more expert members advised, re-analyzing requirements and starting form a clea...
by jaclaz
Wed Dec 04, 2024 1:10 am
Forum: General
Topic: Dual Wan link to some isp router
Replies: 9
Views: 1066

Re: Dual Wan link to some isp router

I am not sure to understand, you mean that your ISP Is bringing actual 2.5 Gbit to the house and then immediately bottlenecks It with an inadequate router/ONT?
Which Speed/bandwidth Is on the contract?
by jaclaz
Wed Dec 04, 2024 1:02 am
Forum: General
Topic: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]
Replies: 9
Views: 1302

Re: Two ports bridged and the rest in a second bridge. No internet second bridge [SOLVED]

This needs to be fixed: interface list member add comment=defconf interface=bridgeLAN list=LAN add comment=defconf interface=ether1 list=WAN ether1 Is not anymore a self-standing interface, should be replaced by bridgeWAN. (or you could leave It as-is and add an entry for bridgeWAN as WAN) Post the ...
by jaclaz
Tue Dec 03, 2024 7:04 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 4003

Re: am i using SOHO Firewall or not?

When you get an error: [Admin@MikroTik] > interface list [Admin@MikroTik] /interface/list> add name=Z-WAN failure: already have interface with such name [Admin@MikroTik] /interface/list> add name=INT-LAN failure: already have interface with such name [Admin@MikroTik] /interface/list> /interface list...
by jaclaz
Tue Dec 03, 2024 6:44 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1800

Re: Access LAN B from LAN A, but not LAN A from LAN B

The terminal is very similar to Linux (or Windows) command prompt). / <- means root Changing directory you don't need cd, you can use direct full path or first change to the intended path, i.e.: /ip route print will print routes /ip route print will first change to directory /ip route, and then prin...
by jaclaz
Tue Dec 03, 2024 12:03 pm
Forum: Wireless Networking
Topic: Improving Localization Accuracy with MikroTik RouterBOARD
Replies: 5
Views: 850

Re: Improving Localization Accuracy with MikroTik RouterBOARD

The antennas that come with the RB2011 are (in theory) omnidirectional ones, their emission shape is loosely a doughnut, which is fatter for lower antenna gains and slimmer for higher gain antennas, see this picture: https://www.radiolabs.com/images/omni-antenna-radiation-pattern.png And this thread...
by jaclaz
Tue Dec 03, 2024 10:53 am
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 3883

Re: Dual Router Configuration Setup Assistance

It is difficult/confusing to get data from screenshots.
A textual export is much easier to read.

Besides the "wholesome":
/export file=myexport.txt

command, you can use in Winbox terminal a "section export", i.e.
/ip firewall filter export
and copy and paste the output.
by jaclaz
Tue Dec 03, 2024 1:04 am
Forum: Beginner Basics
Topic: help with LTE passthrough and vlan
Replies: 2
Views: 892

Re: help with LTE passthrough and vlan

This:
/ip address
add address=192.168.1.2 interface=vlan3 network=192.168.1.2
Is a /32 address/network.

Very likely you want instead a /24 one, i.e.
/ip address
add address=192.168.1.2/24 interface=vlan3 network=192.168.1.0
by jaclaz
Mon Dec 02, 2024 6:46 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1800

Re: Access LAN B from LAN A, but not LAN A from LAN B

Very likely you had to login to post and that triggered the "can view attachments" flag.
Take your time, the more you play with the tools and get familiar with them, the better :) .
by jaclaz
Mon Dec 02, 2024 5:21 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1800

Re: Access LAN B from LAN A, but not LAN A from LAN B

I think all these three solutions should be possible.
Personally I would prefer #3, as the Mikrotik right after the ISP router should allow more control and security, even if the ISP router cannot be put in bridge mode and there will be double NAT.
by jaclaz
Mon Dec 02, 2024 4:57 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 138381

Re: v7.17rc [testing] is released!

Forum users can't check support tickets, so no reason to post ticket numbers here It is of no use for other common forum members, but this way you or other Mikrotik staff happening to pass by and interested in a report on the forum may be able to check in more detail what the issue is, without need...
by jaclaz
Mon Dec 02, 2024 2:22 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1800

Re: Access LAN B from LAN A, but not LAN A from LAN B

I have no idea, I am just trying to understand the exact requirements and provide some expanded/explained context of your suggestions, so that even an absolute beginner (as the OP clearly is) can understand and replicate them. (my role is only that of a friendly, slightly more familiar with Ros, beg...
by jaclaz
Mon Dec 02, 2024 1:44 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1800

Re: Access LAN B from LAN A, but not LAN A from LAN B

To better understand, the solution anav suggested is for the topology on the right, whilst you would prefer the one of the left, correct?
It shouldn't be particularly difficult to transform the one into the other.
by jaclaz
Mon Dec 02, 2024 12:16 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1800

Re: Access LAN B from LAN A, but not LAN A from LAN B

Well, you have a pretty much sane (largely default) configuration, it is just a matter to learn a few things as also your intended final configuration (per anav's post) is pretty much standard. You now have: 1. a single ethernet port (ether1) self-standing and added as WAN to the interface list 2. a...
by jaclaz
Mon Dec 02, 2024 2:30 am
Forum: Wireless Networking
Topic: Improving Localization Accuracy with MikroTik RouterBOARD
Replies: 5
Views: 850

Re: Improving Localization Accuracy with MikroTik RouterBOARD

Which Routerboard device? With which antenna? On which frequency range (2.4 or 5 GHz)? On which Channel in the range? Any change in any of the above may modify - slightly or sensibly - the result. If you are looking for measuring distances, you might want to have a very directional antenna to minimi...
by jaclaz
Mon Dec 02, 2024 1:27 am
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1800

Re: Access LAN B from LAN A, but not LAN A from LAN B

Ah, ok, MacOS Is - as often happens - doing things its own way, AFAIK in Windows It Is not allowed and on Linux you need to add the -b switch. I now understand better your setup, the first router, the ISP one, is conceptually not really a router, in the sense that being not configurable (if not for ...
by jaclaz
Sun Dec 01, 2024 9:07 pm
Forum: General
Topic: icmp MTU
Replies: 5
Views: 642

Re: icmp MTU

I see, the issue is with (icmp) packet size (which is not MTU). It is strange that forwarded pings go through however, they should still be 56 bytes, I believe it is the default on most Operating Systems. Size of icmp packets in tool netwatch has been only implemented in later 7.x version I believe,...
by jaclaz
Sun Dec 01, 2024 8:15 pm
Forum: General
Topic: icmp MTU
Replies: 5
Views: 642

Re: icmp MTU

I don't know, but it sounds to me not normal :shock: that your router cannot ping normally an IP on the internet.
I would try to solve that problem before looking for a way to replicate a workaround you found :? .
by jaclaz
Sun Dec 01, 2024 8:00 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1901

Re: Firewall - drop rule within input chain

Sure :) , but at the moment you had posted only the input chain rules. I was trying to highlight how futile it was replacing a rule that doesn't do what is its intended goal (because it is in the wrong chain) with a (better) inverted logical approach that as well is in the wrong chain and thus fails...
by jaclaz
Sun Dec 01, 2024 7:29 pm
Forum: General
Topic: Access LAN B from LAN A, but not LAN A from LAN B
Replies: 24
Views: 1800

Re: Access LAN B from LAN A, but not LAN A from LAN B

You could set it up like this: https://wiki.mikrotik.com/Manual:Simple_Static_Routing In that example, Router2 needs not an additional route because there is a gateway set (that automatically means 0.0.0.0/0 i.e. "everything" is reachable through it), i.e. the "upstream" route in...
by jaclaz
Sun Dec 01, 2024 6:00 pm
Forum: Virtualization
Topic: How to install Mikrotik CHR on Oracle Cloud always free instance?
Replies: 16
Views: 11722

Re: How to install Mikrotik CHR on Oracle Cloud always free instance?

I've seen this project on github, but I never figured out why it's needed... It depends on what hardware (real or virtual) you run the image on. Since several releases the image Mikrotik provides is not fully compliant with UEFI because the "system partition" is formatted as ext2fs (inste...
by jaclaz
Sun Dec 01, 2024 5:37 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 126
Views: 13667

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

There must have been an obstruction in the notification drainpipe, now removed :wink:
https://www.bbc.co.uk/news/articles/cvg7x8l5pv2o
:lol:
by jaclaz
Sun Dec 01, 2024 5:17 pm
Forum: Beginner Basics
Topic: Firewall - drop rule within input chain
Replies: 13
Views: 1901

Re: Firewall - drop rule within input chain

I want to block access to WAN for addresses from the list (that was my comment on this rule). Unless you have another recommendation. The combination of these two rules: add action=accept chain=input src-address-list=Authorized ... add action=drop chain=input comment="drop all else" give ...
by jaclaz
Sun Dec 01, 2024 2:14 pm
Forum: Beginner Basics
Topic: CHECK MY CONFIGURATION
Replies: 3
Views: 793

Re: CHECK MY CONFIGURATION

It seems to me like you have no (sensible) firewall filter rules. This can be very dangerous, your router (and network) is essentially open from the outside. On the other hand you have some not-so-common more advanced settings (ovpn. queues, etc.). It seems like it was configured by someone familiar...
by jaclaz
Sun Dec 01, 2024 1:55 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 1255

Re: Bug in version in winbox and in routerboard

Hmmm. :? Just for the fun of it, run the Wireless Network watcher from Nirsoft (it is not for wireless only): https://www.nirsoft.net/utils/wireless_network_watcher.html besides other things, it identifies "Network Adapter Company" (cannot say if via MAC or through other means) my guess is...
by jaclaz
Sun Dec 01, 2024 12:57 pm
Forum: Beginner Basics
Topic: Dual Router Configuration Setup Assistance
Replies: 29
Views: 3883

Re: Dual Router Configuration Setup Assistance

It seems to me like the first thing you should do is to get Winbox (the dedicated program to manage Mikrotik gear) and use it instead of what you are using now (I presume browser, i.e. webfig). https://mikrotik.com/download One of the distinctive advantages of Winbox is that it can usually connect t...
by jaclaz
Sun Dec 01, 2024 12:18 am
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 4003

Re: am i using SOHO Firewall or not?

@anav
In the OP's current config the DNS server Is on another device, 192.168.1.9.
by jaclaz
Sat Nov 30, 2024 8:51 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 1255

Re: Bug in version in winbox and in routerboard

And you also spoof the MAC to a TP-LINK one? :shock:
by jaclaz
Sat Nov 30, 2024 8:22 pm
Forum: Scripting
Topic: Running a script from Netwatch doesn't work
Replies: 14
Views: 1561

Re: Running a script from Netwatch doesn't work

Possibly a stupid idea :shock: , but would it be possible to generate a log entry with the variable and its value and then parse it out from the log? :?:
The log is usually volatile (in ram, doesn't survive reboot), isn't it?
by jaclaz
Sat Nov 30, 2024 7:55 pm
Forum: General
Topic: am i using SOHO Firewall or not?
Replies: 38
Views: 4003

Re: am i using SOHO Firewall or not?

@Mossii Maybe you need some background to understand the set of configuration johnson73 provided. Here you define two interface lists, one is LAN or inside/safe, the other one is WAN or outside/dangerous: /interface list add name=WAN add name=LAN Here you define which interfaces are what, a default ...
by jaclaz
Sat Nov 30, 2024 3:59 pm
Forum: Scripting
Topic: Netwatch script to check if plugged in
Replies: 1
Views: 483

Re: Netwatch script to check if plugged in

Netwatch is triggered by a change in the status of pinging <some address>, and the discrimination is only between ping OK and ping NOT OK.

If the pinging always fails, no matter if the ether interface has a connection or not, it won't be triggered, I believe.
by jaclaz
Sat Nov 30, 2024 1:03 pm
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 1155

Re: First script problem - just won't execute

Besides it being useful or not, I am failing to understand the logic of the if conditions (i am just trying to understand). The base condition is whether $bound is 1 or not: a. if $bound is not 1, then remove ALL routes with that comment b. if $bound is 1 then: b.1 if there is not a route with that ...
by jaclaz
Sat Nov 30, 2024 12:06 am
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 1255

Re: Bug in version in winbox and in routerboard

OT, but calling the router Archer AX53 seems to me a touch of genius. :lol:
by jaclaz
Fri Nov 29, 2024 11:42 pm
Forum: General
Topic: Help with Extending WAN Physically with VLAN's.
Replies: 11
Views: 1301

Re: Help with Extending WAN Physically with VLAN's.

Not what you asked, but the (good?) ol' way :shock: would have been to protect the router putting it inside an electrical box or, if WAF is involved, a hand made wooden box and keep the LAN topology as is. I guess this shows how old I have become, attempting to solve problems with last century techn...
by jaclaz
Fri Nov 29, 2024 11:33 pm
Forum: General
Topic: How to predefine hostnames for DHCP leases?
Replies: 11
Views: 2208

Re: How to predefine hostnames for DHCP leases?

it is *very* usefull to dynamically booting diskless machines.
This.
I usually boot (dynamically) two or three diskless machines every day, just before breakfast.
by jaclaz
Fri Nov 29, 2024 7:34 pm
Forum: Beginner Basics
Topic: Just updated mAP firmware and now it's broke
Replies: 4
Views: 940

Re: Just updated mAP firmware and now it's broke

Don't worry :) , it happens to everyone, it is the second mistake that happens to everyone (the first one is losing access to the device when fiddling with settings and needing to reset it). The mAP should run fine with latest 6.x version (6.49.17 if I recall correctly) whilst with v 7.x versions it...
by jaclaz
Fri Nov 29, 2024 7:21 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1910

Re: Setup mAP in reverse config from default

0. ether1 is an interface and it has its own "dignity" and you can assign an address to it. But when you add it to a bridge, the bridge is *like* WE ARE THE BORG; YOU WILL BE ASSIMILATED.YOUR UNIQUENESS WILL BE ADDED TO OUR COLLECTIVE. RESISTANCE IS FUTILE. :wink: the individual address of...
by jaclaz
Fri Nov 29, 2024 5:10 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1910

Re: Setup mAP in reverse config from default

Well, which IP address are you pinging? The bridge has none set. Only ether1 has one (and it is a /32): /ip address add address=172.31.246.2 interface=ether1 network=172.31.246.2 Try running /ip address print and post the output. Same for /ip route print, this way we can understand what happens with...
by jaclaz
Fri Nov 29, 2024 4:25 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1910

Re: Setup mAP in reverse config from default

I meant conceptually (since I'm not sure IP firewall rules are even processed when ports are bridged). But just in case, I added accept rules for in/out/fwd at the top of the list, and no difference. There must be a reason for this I don't understand Conceptually firewall should be not part of the ...
by jaclaz
Fri Nov 29, 2024 4:07 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1910

Re: Setup mAP in reverse config from default

Do I have to adjust firewall rules to permit something here?
We won't know until you post your current configuration for review.
by jaclaz
Fri Nov 29, 2024 4:06 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1910

Re: Setup mAP in reverse config from default

Well, the setup I posted is (intentionally) static only, it is that of a device that I use to give wireless connectivity to a device that has only a wired port but is physically in a room where there is not an ethernet cable arriving nearby. In your case you may want or need to set it with a DHCP cl...
by jaclaz
Fri Nov 29, 2024 11:44 am
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 1428

Re: Best way to setup backup route

Yep, sometimes the terminology can be confusing. Routes are just routes (and the go in /ip route). Routing rules are a mechanism for policy routing (that go in /routing rules) that allow to "filter" and modify some particular connections, you can think of them as similar to mangle rules (t...
by jaclaz
Fri Nov 29, 2024 11:20 am
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1910

Re: Setup mAP in reverse config from default

Ok, here is the (very, very basic) configuration that you could use as a base: # nov/29/2024 10:09:05 by RouterOS 6.49.17 # software id = [redacted] # # model = RouterBOARD 941-2nD # serial number = [redacted] /interface bridge add admin-mac=[redacted] auto-mac=no name=bridge1 /interface wireless se...
by jaclaz
Fri Nov 29, 2024 11:13 am
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1910

Re: Setup mAP in reverse config from default

Post what you have, see instructions here:
viewtopic.php?t=203686#p1051720

If you want a reference, I have somewhere a hap lite (should be very similar to the map/map lite) with a very simple configuration that I can share.
by jaclaz
Thu Nov 28, 2024 9:28 pm
Forum: Beginner Basics
Topic: Only one direction PING possible
Replies: 6
Views: 1428

Re: Only one direction PING possible

You must have somehow mixed the printout. Let's start with the main router (the one you posted the configuration on first post) you have on it two IP addresses assigned: /ip address add address=192.168.1.1/24 interface=LAN-Bridge network=192.168.1.0 add address=192.168.0.3/24 interface=ether1-WAN ne...
by jaclaz
Thu Nov 28, 2024 7:04 pm
Forum: General
Topic: fingerprinting
Replies: 8
Views: 1410

Re: fingerprinting

Wait for 802.11az wide adoption? :shock:
by jaclaz
Thu Nov 28, 2024 7:02 pm
Forum: Beginner Basics
Topic: Best way to setup backup route
Replies: 11
Views: 1428

Re: Best way to setup backup route

Because I setup all my forwarding firewall rules to be port specific (eg: rule applies if going out ether1). How do you handle that? Is there a way to make the rules to refer to a group of ports (so it will automatically apply to port 1 and port 3)? Or do I have to duplicate a bunch of rules? Since...
by jaclaz
Thu Nov 28, 2024 5:27 pm
Forum: General
Topic: fingerprinting
Replies: 8
Views: 1410

Re: fingerprinting

Excuse me rextended, if I get this right, that means an untold: Hey, user, you won't connect to my wifi. The more knowledgeable users might read the above unwritten message as: Hey, user, you won't connect to my wifi unless you disable the randomized MAC address feature of your device (yes the one t...
by jaclaz
Thu Nov 28, 2024 5:14 pm
Forum: Beginner Basics
Topic: multple vlans same dhcp subnet
Replies: 4
Views: 955

Re: multple vlans same dhcp subnet

...and - as generic advice - don't use VLAN1, it is used internally and can cause issues in a configuration. Use (say) VLAN10 and VLAN20, instead. ether2? Instead of a supout, follow this post here: https://forum.mikrotik.com/viewtopic.php?t=203686#p1051720 and post your (anonymized) configuration. ...
by jaclaz
Wed Nov 27, 2024 7:20 pm
Forum: Wireless Networking
Topic: Connect Mikrotik as Bridge Station to a router from a different company
Replies: 3
Views: 670

Re: Connect Mikrotik as Bridge Station to a router from a different company

If you use the Mikrotik as a switch you need to use one of the available (station-) bridge modes, if you are going to use it as a router, then you want to the "plain" station mode.
by jaclaz
Wed Nov 27, 2024 4:12 pm
Forum: General
Topic: Netinstall issue
Replies: 4
Views: 726

Re: Netinstall issue

Any bright ideas? Cannot say if bright, but once removed possible issues with the Windows firewall, the common advice is to have ONLY the ethernet port in use enabled on the PC (if it is a laptop or however has also another wireless interface - and you did that) and use a dumb switch between the PC...
by jaclaz
Wed Nov 27, 2024 3:49 pm
Forum: Wireless Networking
Topic: Connect Mikrotik as Bridge Station to a router from a different company
Replies: 3
Views: 670

Re: Connect Mikrotik as Bridge Station to a router from a different company

One Mikrotik would be enough. You want to use station pseudobridge mode (or possibly station-pseudobridge-clone). If you have two Mikrotiks, you can use station bridge mode, but if there is a single device connected to the station, there should be no difference in practice between the three and four...
by jaclaz
Wed Nov 27, 2024 11:24 am
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 1295

Re: bridge has stopped working, all ports marked as not running

Maybe it could be changed from "not running" (that does sound like there is a problem with the interface) to something like "no connection" (that would mean both an empty port or a port connected to a device that is off)? :?:
  • 1
  • 2
  • 3
  • 4
  • 5
  • 7