Incidentally, if you want the equivalent of a "native" VLAN, don't put any tag on the Mikrotik port, just assign the relevant IP for that "native" subnet to the relevant Ethernet port (and make it "native" on the Cisco).
You only need DHCP relay if you're wanting to use an external (to the router) DHCP server. With Mikrotik, define your pool(s), put a DHCP server instance on each VLAN interface and assign pools and other details to it. In your case, you want 10 pools, one for each /24. Create 10 VLAN interfaces (wit...
I believe to be effective, you're supposed to run the test from an external device to an external device through the device under test (i.e. to measure throughput on your CCR, you need a bandwidth test server and client connected through the CCR, rather than testing to/from the CCR itself to your ma...
Maxstel - a /128 in ipv4 is the same as a /32 in ipv4 - it's effectively a single host "subnet" - you can't use it for a p2p network (but it works OK as a loopback IP for management purposes).
Unfortunately Janisk's answer didn't really help much.
I tried NV2; this has been stable but I lose about 20mbit/s throughput (testing to a speedtest mini instance on the other side of the link) compared with nstreme (30mb/s vs 50mb/s)
I have had a wireless link running across a road for several years now (rock solid for the most part). Recently, it's been occasionally disconnecting, seemingly at random. After upgrading to the latest RouterOS version (5.25 from 5.4) it's become extremely flaky. On looking at the logs of the two de...
I think you have your to-addresses and dst-address backwards? If we assume the WAN address you'd like to have ports forwarded to the camera is 192.168.1.117 and the camera's assigned LAN IP address is 192.168.88.51, a rule like: chain=dstnat action=dst-nat to-addresses=192.168.1.114 to-ports=6080 pr...
In an increasingly IPv6 world, it would be useful if Mikrotik fully supported ipv6 subnet masks longer than /64. This generally requires the ability to disable subnet-router anycast , which does not seem to be the case in RouterOS (at least not in v5.x; I haven't seen v6 yet, and I doubt it is there...
Incidentally, the Best Current Operational Practices ( according to IPBCOP ) suggest that whilst /64 should be allocated to PtP links, masks should be /127 to avoid various issues ( point B, page 4 of doc ). This would suggest Mikrotik ought to look at implementing the option of disabling subnet-rou...
How are you testing throughput? If you're using the built-in mikrotik bandwidth tests, note that you should not ideally be testing to and from routers/links you're interested in, but to things on the other side (i.e. you should have a bandwidth test server and client on "the other side" of...
If you'd like to learn (a lot) more about wireless networking, http://wndw.net/download.html is an excellent resource, and some versions are available in Indonesian.
1) it depends (on things you don't say in the post, like how "noisy" it is there, how good the LOS is, etc. etc. etc. etc.) 2) you can try any combination of antennae, as long as the polarisation is the same; if you have the panel and other antenna lying around, try it out; if performance ...
I can't imagine that Zyxel magically over-rides the client's DHCP mode; they must be doing some sort of (symmetric) NAT on such devices. This is more or less what I was talking about in the second paragraph - it's certainly possible to do this. I suspect you may have to run some scripts to get this ...
Thanks janisk, I think we'll get our ISP to change the router subnet, it seems the better option. Having a /48, we're not exactly short on space just yet...
time.nist.gov is used by far too many people* -it's possible it fell over under load. If you specifically want a NIST server, try one of the others at http://tf.nist.gov/tf-cgi/servers.cgi but pool.ntp.org is an extremely good idea. Also, you can try the more fully featured NTP Client/Server RouterO...
I've not seen any Mikrotik specific stuff, but you could always use a 3rd party ATA and appropriate configs in your CPEs to pass traffic back to your VOIP server at the datacentre. If you need something more complex than a simple phone extension, then you'll probably need more complex devices; these...
I've scarcely any BGP experience, but I imagine you can set up e.g. a PC-based quagga server as a route reflector (or otherwise "sucking"/copying/cloning its routes from your Mikrotik) or similar and then use lookingglass on that? That way the quagga server "knows" the same info ...
There may be a Miktotik way of doing this, but this sounds very much like a job for a separate RADIUS server. Another option, since you have lots and lots of private address space, is that you can simply create another DHCP pool for the other users, and add new ones as your userbase outgrows the sub...
Use src and dst nat rules to translate between the public and private addresses on your gateway router (I assume the public address is routed to your gateway router). e.g. in Winbox, IP>Firewall>NAT + Chain: Srcnat Src Address: <private> Action: src-nat To Addresses <public> OK + dstnat dst address:...
IP>DHCP>Networks double click on the DHCP network you want to change change the netmask. it's generally a good idea to change the address in the same place too - so if you're e.g. splitting a /24 into two /25s, make the netmask 25 (or 255.255.128) and the Address x.x.x.x/25 click OK. Changes only ta...
As long as that IP address doesn't conflict with another, it should be OK as long as your firewall rules allow it. I am of course assuming that the static IP addresses are something you know in advance (i.e. you use DHCP to hand out addresses from e.g. the bottom half of 192.168.1.0/24 and staticall...
To be sure you get all the traffic, you'll be better off with firewall rules; I generally find that routerboards (being routers) merrily pass packets between connected VLANs, which most switches (being L2 devices) don't do. Simply specify some firewall reject/drop rules in the forward chain with the...
A possible solution to this is to simply drop/reject all traffic from 10.1.1.0/24 to 192.168.1.0/24 (IP>Firewall; you'll need a forward chain rule) - make sure you first allow connections to 192.168.1.1, otherwise they'll get no internet.
Not sure exactly when I bought this RB750, but it's the second one to fail (at around 6am yesterday) in the exact same place in the network.
On reading this thread, I've swapped out the 24V adaptor that was powering it to a 12V for the replacement RB750. Fun start to a Monday morning...
It works by examining the packets for Layer7 traffic containing "videoplayback" (which youtube uses) and then assigning packet marks based on this which are then used in the queues to limit traffic. You may find (if you have space/computer lying about the place) that squid offers more powe...
Our upstream ISP has asked us to use a /125 ipv6 subnet for the point-to-point link (ethernet) between our border router and their router. However, I can't get packets to flow from our network beyond their gateway IP on that /125. A friend with more IPv6 experience suggests any ipv6 link less than a...
fewi - Many, many thanks for your invaluable advice! I figured out why a lot of the inter-router VLAN traffic was broken. Some idiot forgot to allow VLAN 2 on the trunk between the 3750 and the core RB1000... Oops...! Anyway, your proposed network makes a lot more sense, so I'm going that route! I'm...
Hi there, I've been scratching my head and pounding it on the desk in frustration for the past little while. I have read the VLAN wiki entry numerous times and it hasn't (yet) lead to a lightbulb moment! I'm trying to split 2 sections of a network off from the rest with a couple of VLANs in a mixed ...
On *very* crude method of blocking facebook is to drop all packets containing facebook - in chain forward, put facebook into the content field under Advanced in winbox IP>firewall filter rules. Use Action reject with icmp host prohibited.
Hi there, I've currently got two different sites, one has managed switching infrastructure and the other not. In the unmanaged environment (Building 1&2), there are 2 ways to get to the main "campus" (building 3) - a MikroTik wireless link, or a Speedstream SDSL link. Obviously, the Mi...