Community discussions

Search found 563 matches

  • 1
  • 2
by AlainCasault
Wed Oct 16, 2019 9:08 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8420

Re: hardware idea for a multiport switch

I had suggested in a previous similar post to build a chassis with blades. Could be switch blades, routing blades, whatever port configuration/speed. Could even have a fan blade, just in case. Hot swappable power supplies. One blade is old? A faster one comes out? No problem, swap it. That would ad...
by AlainCasault
Wed Oct 16, 2019 8:58 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8420

Re: hardware idea for a multiport switch

I had suggested in a previous similar post to build a chassis with blades. Could be switch blades, routing blades, whatever port configuration/speed. Could even have a fan blade, just in case. Hot swappable power supplies. One blade is old? A faster one comes out? No problem, swap it. Just make a fa...
by AlainCasault
Wed Oct 16, 2019 8:50 pm
Forum: Beginner Basics
Topic: Branding Maker for Trainer
Replies: 7
Views: 383

Re: Branding Maker for Trainer

I asked for it a few years back and got it, no issue.

I "branded" my 2011 that now shows my text logo on the LCD.

Cheers,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Oct 15, 2019 6:07 pm
Forum: General
Topic: Can't delete Dude files on CHR
Replies: 6
Views: 487

Re: Can't delete Dude files on CHR

Follow up on this issue. As I didn't have much experience with CHR licenses, I found out how to generate a new one without wasting the old one. I created a new CHR and used its software ID to generate a temporary P1 license. I then reassigned the old (permanent) P1 license to the temporary one, thus...
by AlainCasault
Sun Oct 13, 2019 12:19 am
Forum: General
Topic: Can't delete Dude files on CHR
Replies: 6
Views: 487

Re: Can't delete Dude files on CHR

Thanks all. I had deleted the Dude, but to no avail. As I'm not a Hyper-V expert, didn't think of expanding the disk. I tried reinstalling using ISO file, but by then, I had done too much damage. Just used another P1 license :D Mounting the Hyper-V disks didn't do much either, but it's something I'l...
by AlainCasault
Sat Oct 12, 2019 8:20 pm
Forum: General
Topic: Can't delete Dude files on CHR
Replies: 6
Views: 487

Re: Can't delete Dude files on CHR

Hello MKX,

Will try and let you know. But it makes sense.

AC
by AlainCasault
Fri Oct 11, 2019 10:25 pm
Forum: General
Topic: Can't delete Dude files on CHR
Replies: 6
Views: 487

Can't delete Dude files on CHR

Hello guys, I'm running 6.45.6 on Hyper-V (Winodws 10 Pro). I ran The Dude on it for a while and stopped it. Now, I can't seem to delete the leftover files under /Dude and there's only 1% of my file system left (out of the original 95MB!!!). I've read through the forum, but as it's a CHR, I can't Ne...
by AlainCasault
Thu Sep 05, 2019 9:35 pm
Forum: RouterBOARD hardware
Topic: CPU usage upto 90%
Replies: 2
Views: 397

Re: CPU usage upto 90%

Hello, You may have many issues. If you look at the specs, you'll notice that the setup will influence performance. L7 filters, if any, load the CPU. I suggest that you start with /tools - profiles to see which service is using up the CPU and report back your findings. Also include your config for a...
by AlainCasault
Thu Sep 05, 2019 6:24 pm
Forum: Wireless Networking
Topic: Cap interface down/up [SOLVED]
Replies: 3
Views: 444

Re: Cap interface down/up [SOLVED]

Hello,

Well, we see that too. Is there a question?

Regards


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Aug 21, 2019 5:31 pm
Forum: Beginner Basics
Topic: Simple NAT between networks
Replies: 5
Views: 731

Re: Simple NAT between networks

Hello

If all of this is on the same router, why would you need anything firewall wise to make it work?

Ali subnets are reachable by default unless you have something blocking traffic.

So yes, as suggested, post your config please

Regards,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Aug 14, 2019 5:49 pm
Forum: Wireless Networking
Topic: Bridge port received packet with own address as source, probably loop
Replies: 44
Views: 39442

Re: Bridge port received packet with own address as source, probably loop

Hello I had this issue a while back but forgot how I solved it. I have a software vlan setup with 8 VLANs, one of which is a Telco only vlan. If memory serves, I only kept the associated bridge of that vlan as a neighbour enabled interface, along with physical interfaces. Cheers, Sent from my cell p...
by AlainCasault
Tue Aug 13, 2019 8:50 pm
Forum: General
Topic: HELP !! Install Probems
Replies: 2
Views: 377

Re: HELP !! Install Probems

Hello

Please include an export of your config.

2.8 is over 10 years old if not more. Are you really talking about RouterOS??

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Mon Aug 12, 2019 7:48 pm
Forum: General
Topic: Allow traffic between isolated subnets? [SOLVED]
Replies: 8
Views: 711

Re: Allow traffic between isolated subnets? [SOLVED]

Hy

A good trick is to create a bogus rule that only logs forwarded traffic and see where traffic dies. When your bogus rule stops logging, the previous one is the culprit.

Cheers

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sat Aug 10, 2019 5:04 pm
Forum: Beginner Basics
Topic: Tools\ Btest Server
Replies: 2
Views: 352

Re: Tools\ Btest Server

Hello Bob

Yes, that's the server. What is your exact question??

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Aug 06, 2019 8:31 pm
Forum: General
Topic: to delete
Replies: 2
Views: 380

Re: MT PPTP Client host not pinging remote lan

Hello

Does your PPTP server have all routes to come back to the PPTP client?

Both routers need all routes to the other router.

Best regards


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jul 25, 2019 2:48 pm
Forum: Wireless Networking
Topic: 2GHz WiFi 40MHz width best channel
Replies: 7
Views: 687

Re: 2GHz WiFi 40MHz width best channel

Also, with three channels, you get better non overlapping coverage.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jul 25, 2019 2:45 pm
Forum: Wireless Networking
Topic: 2GHz WiFi 40MHz width best channel
Replies: 7
Views: 687

Re: 2GHz WiFi 40MHz width best channel

Good practice is to use 1-6-11 at 20Mhz. Also, 802.11 stipulates that any ap at 40Mhz WILL fall back to 20 if it causes problems to others.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jul 24, 2019 7:51 pm
Forum: Wireless Networking
Topic: CAPsMAN 5GHz data rates problem
Replies: 2
Views: 491

Re: CAPsMAN 5GHz data rates problem

Hello,

As per 802.11 standard...
add authentication-types=wpa-psk,wpa2-psk comment=EnterRealmOfWOOWiFi encryption=tkip \
    name=security1 passphrase=EnterRealmOfWOOWiFi
tkip WILL limit you to 54Mbps, regardless of what else you have set up. Use different encryption.

Cheers,

AC
by AlainCasault
Wed Jul 24, 2019 7:44 pm
Forum: Wireless Networking
Topic: Locked US frequencies on MT products
Replies: 1
Views: 278

Re: Locked US frequencies on MT products

Hello,

I'm wondering the same thing.

We use Aruba Network APs, and they CAN use DFS channels. Maybe it's a misinterpretation of regulations, I don't know. But it would be great to regain use of those channels.

Cheers,

AC
by AlainCasault
Wed Jul 24, 2019 7:30 pm
Forum: General
Topic: Can’t Ping Hosts Inside Network in Site-to-Site VPN and VLANs
Replies: 1
Views: 137

Re: Can’t Ping Hosts Inside Network in Site-to-Site VPN and VLANs

Salut François, It's kinda hard to see without a diagram or ROS code. I have a three-site network, each with their own VLANs (8 per site), but routed between them. My WAN is fully meshed and routed using OSPF (the VPN interfaces are L2TP/IPSec). I have full visibility of all hosts (provided firewall...
by AlainCasault
Mon Jul 15, 2019 12:18 pm
Forum: Wireless Networking
Topic: Wireless scanner results - what does /DP mean?
Replies: 4
Views: 1332

Re: Wireless scanner results - what does /DP mean?

As a general rule of thumb, when you hold your cursor over any flag (in WinBox) it'll tell you what they mean.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sat Jun 08, 2019 11:11 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1303

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hy I'm also confused. How can CZFan's example work? The mangle uses src-address-list, meaning "Download" traffic from a bunch of IPs. How can those packet marks be used in Queue trees for uploads? ... the mangle uses src-address-list, for the device starting the connection, in this case it was a pc...
by AlainCasault
Sat Jun 08, 2019 12:45 am
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1303

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hy I'm also confused. How can CZFan's example work? The mangle uses src-address-list, meaning "Download" traffic from a bunch of IPs. How can those packet marks be used in Queue trees for uploads? I found this which may help Chipburn. https://mum.mikrotik.com/presentations/CZ09/QoS_Megis.pdf My setu...
by AlainCasault
Fri Jun 07, 2019 6:39 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1303

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Oooor! Just dawned on me. Try checking passthrough for the connection marking rule. Can't remember if the mark connection action allows for further processing.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jun 07, 2019 5:43 pm
Forum: Wireless Networking
Topic: How create virtual ap without mac access list
Replies: 2
Views: 320

Re: How create virtual ap without mac access list

Hello, In the access-list tab entries, you can specify the interface that "this entry" will apply for. So if you want to allow mac AA:BB: etc. as a guest only, you'll specify interface "vap1". At the end, don't forget to add a catch-all entry with no mac address, no interface and deny connections. S...
by AlainCasault
Fri Jun 07, 2019 5:32 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1303

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hello, As a debugging tool, I would suggest you check "log" and add meaningful log prefixes. You may get a hint as to which mangle rules are used (and when) and you'll see which interfaces are used also. To compare, I went about it the easy (and bad) way of only doing packet marking (no prior connec...
by AlainCasault
Fri Jun 07, 2019 12:39 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 957

Re: Fix my mess please.

Here's an export of my very basic config along with basic details. __________________________________ ROUTER A /interface ipip[ add name=ipip-tunnel1 remote-address=172.16.2.203 /ip address add address=10.1.1.1 interface=ipip-tunnel1 network=10.2.2.2 /ip dhcp-client add dhcp-options=clientid,hostnam...
by AlainCasault
Wed Jun 05, 2019 1:06 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 957

Re: Fix my mess please.

So tell me if im doing this right. On the router A, in the route list, i need to put 1.1.1.1 instead of ipip-tunnel. Not sure if im doing this correctly, because when i do this, gateway becomes "unreachable". But i believe the problem is as you say in my routes. OK! Now that I've got my head out of...
by AlainCasault
Wed Jun 05, 2019 12:57 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 957

Re: Fix my mess please.

Damn! I had this TOTALY confused with another (and totaly unrelated) issue... My bad!!! Thank @MKS for setting me straight. /interface bridge add name=LAN /interface ipip add name=ipip-tunnel1 remote-address=172.16.2.203 /ip address add address=10.1.1.1/24 interface=LAN network=10.1.1.0 add address=...
by AlainCasault
Tue Jun 04, 2019 11:38 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 957

Re: Fix my mess please.

Never use an interface as gateway, always an IP address. What's wrong with using interface as gateway if interface is a point-to-point type of interface? Works for non broadcast technologies like x.25, Frame relay. Works for any PtP link, such as IPIP or PPPoE: /ip address print Flags: X - disabled...
by AlainCasault
Tue Jun 04, 2019 9:26 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 957

Re: Fix my mess please.

Never use an interface as gateway, always an IP address.

What's wrong with using interface as gateway if interface is a point-to-point type of interface?
Works for non broadcast technologies like x.25, Frame relay.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Jun 04, 2019 5:55 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 957

Re: Fix my mess please.

Eventually, use dynamic routing. Avoids the hassle of static routing.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Jun 04, 2019 5:53 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 957

Re: Fix my mess please.

Hello,

One big thing that jumps up is your routing. Never use an interface as gateway, always an IP address.

So on router A, use the IP if B's tunnel to each B's LAN.

Cheers



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sun Jun 02, 2019 11:11 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2793

Re: Ping Knock

@sindy,

Thanks for the feedback. I'll run some tests and will report my findings on the trouble ticket.

Best regards,

AC
by AlainCasault
Sat Jun 01, 2019 9:21 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2793

Re: Ping Knock

Thanks for getting back to me so fast. I'm not using that field. As I inspect the conntrack table, I see my ICMP connection there for 10 secs even though my ping only sent one packet. This is why my other pings are not seen by the other filters as the routeur thinks it's still the same connection. I...
by AlainCasault
Sat Jun 01, 2019 8:07 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2793

Re: Ping Knock

Hy all, I know I'm rehashing an old post, but this issue has me stumped. I have done the same thing for demo purposes for the longest time. I'm doing this again this morning and it doesn't work. A bit of troubleshooting and I realize that the ICMP-TIMEOUT in conntracking is the issue. If I reduce th...
by AlainCasault
Sat Jun 01, 2019 2:23 am
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 586

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.
It is ISP network not mine I am only customer....
Then, as a client, I'd be worried ;-)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri May 31, 2019 7:23 pm
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 586

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.
Mon Dieu !!!!!
or in Quebec
Ostie de tabarnak
Get an IPAD LOL.............
No all Apple products. Android!! See what Apple did to your French :D

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu May 30, 2019 4:29 pm
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 586

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed May 29, 2019 1:22 am
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 123
Views: 31903

Re: v6.44.3 [stable] is released!

We are trying to upgrade to 6.44.3 from 6.29. I can download the file and it is in the files window. It will not install. I have tried to reboot 5 or 6 times and still nothing. Any advice? Look at the log. It should tell you why. Usually, you've chosen files for the wrong architecture. Sent from my...
by AlainCasault
Tue May 28, 2019 9:35 pm
Forum: Beginner Basics
Topic: How to reserve IP in mikrotik hex poe lite [SOLVED]
Replies: 7
Views: 498

Re: How to reserve IP in mikrotik hex poe lite [SOLVED]

Hello If I understood you correctly, the DVRs have hardcoded IP addresses. In that case, I would just click the add button, use all 0's for the mac and input the reserved IP's on the IP address field. That way, those two addresses will never be handed out. Sent from my cell phone. Sorry for the erro...
by AlainCasault
Tue May 28, 2019 6:12 pm
Forum: General
Topic: How to create group of address lists?
Replies: 7
Views: 641

Re: How to create group of address lists?

I like your plan. a. there are no hackers in france and germany (FACT) b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT) c. allowing access to winbox by external IPs is very safe (FACT). FACT Foundation for the Advancement of Cardiac Therapies, In (whe...
by AlainCasault
Fri May 03, 2019 5:43 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 411

Re: Script initiate Winbox windows?

I know it's not your question, but maybe a raspberry pi? I have one with scripts for availability (netwatch replacement), and iperf to test my queue trees. I "cron"ed the availability script but I could create a web page from which to launch the queue testing script... Hum, that's actually an intere...
by AlainCasault
Thu May 02, 2019 1:26 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 411

Re: Script initiate Winbox windows?

Hello Joe I'm not a script guru, so I'll send you elsewhere. Have you considered creating a limited skin (only for web interface though) and only show the tools you wants to be made available? It's a somewhat lengthy process, but it could help you. You'll need to create user accounts with limited ac...
by AlainCasault
Thu Apr 11, 2019 2:59 pm
Forum: General
Topic: CPU Utilization reaches 100%
Replies: 3
Views: 432

Re: CPU Utilization reaches 100%

So I'm guessing you're doing a lot of queuing :D As ROS is software with no specialized ASICs, the more features one configures, the more hits the CPU takes. Check MUM presentations to see if there are suggestions about optimizing queues. There are presentations that talk about the load layer 7 filt...
by AlainCasault
Wed Apr 10, 2019 8:47 pm
Forum: General
Topic: CPU Utilization reaches 100%
Replies: 3
Views: 432

Re: CPU Utilization reaches 100%

Hello,

Your issue is something special because, indeed, the stats are good.

Have you tried to use Tools->Profil? That'll give you a hint.
by AlainCasault
Wed Apr 10, 2019 5:02 pm
Forum: General
Topic: Telnet function not working anymore since several versions
Replies: 5
Views: 415

Re: Telnet function not working anymore since several versions

Hello,

Thinks to check...

Has telnet been disabled in IP->SERVICES?
Has the user been modified to refuse telnet access?

Cheers
by AlainCasault
Wed Apr 10, 2019 4:10 pm
Forum: Beginner Basics
Topic: Any ideas how to block andriod/ios app in mikrotik router???
Replies: 1
Views: 254

Re: Any ideas how to block andriod/ios app in mikrotik router???

You don't use the firewall to block an app, you block communications based on protocol and port number, as you know. But!!!! Maybe you could sniff the communications and see if the app has a signature (look that up on MikroTik's website. Later 7 signatures). You might get more success there but if n...
by AlainCasault
Wed Apr 10, 2019 4:04 pm
Forum: General
Topic: RB4011 Fail to netinstall
Replies: 2
Views: 328

Re: RB4011 Fail to netinstall

Or maybe personal firewall. I've seen this before. And always disable unused interfaces on the laptop. That also has been an issue.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Apr 10, 2019 3:56 pm
Forum: Beginner Basics
Topic: alternative to scheduler
Replies: 5
Views: 381

Re: alternative to scheduler

Actually, you could use netmonitor.... I think that's what it's called.

Once you reach a threshold, either in our out, the script is run.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:17 pm
Forum: General
Topic: RB4011iGS not in Winbox Neighbors tab
Replies: 1
Views: 207

Re: RB4011iGS not in Winbox Neighbors tab

Hello

Check your ip-neighbour-settings

Then interface list

Maybe the port you're connected to doesn't send mndp anymore.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:15 pm
Forum: General
Topic: Infected Routerboard sending SPAM
Replies: 7
Views: 669

Re: Infected Routerboard sending SPAM

Hello,

Netinstall and start from scratch.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:13 pm
Forum: General
Topic: Debugging NTP issue with packet sniffer [SOLVED]
Replies: 4
Views: 449

Re: Debugging NTP issue with packet sniffer [SOLVED]

Hello If you want to see ntp traffic, add a firewall rule with: Chain=input Protocol=UDP Dst.port=123 Action=log Make sure it's on top and you'll see everything for ntp. Add the proper in interface to see only internal requests. I'm not in front of a router, but check to see if your ntp server has m...
by AlainCasault
Fri Apr 05, 2019 8:15 pm
Forum: Wireless Networking
Topic: How to list devices around mk?
Replies: 5
Views: 487

Re: How to list devices around mk?

Whichever tool you use, I suggest NOT using your AP as it'll drop current clients. Your kids won't like you ;)

Use a spare router.

Ahs yes, snooper is good IMHO and gives a loooot of information.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:55 pm
Forum: General
Topic: Mangle rules, can we have content wildcards
Replies: 1
Views: 242

Re: Mangle rules, can we have content wildcards

Hello, I'd say no. I do that to block those very same sites and as you can tell, there are no common strings between youtube and googlevideo :D Go with 2 rules. Be careful though; wanting to block the YouTube app, I wound up blocking other sites. Still not sure how or why !!??!?! Sent from my cell p...
by AlainCasault
Fri Apr 05, 2019 7:45 pm
Forum: General
Topic: how to close all UDP ports on mikrotik?
Replies: 3
Views: 501

Re: how to close all UDP ports on mikrotik?

To piggy back on rich1's comment, do it for only THAT host

Shouldn't be hard to find the guilty party. If you don't know who's doing it, add a forward rule that only logs UDP outbound.

Cheers


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:42 pm
Forum: General
Topic: Block DropBox with firewall
Replies: 2
Views: 486

Re: Block DropBox with firewall

Try the tls-host field in a mangle rule. It works for me blocking other sites like Netflix.

And you can use the same marking in simple queues to rate limit.

Cheers,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:35 pm
Forum: Beginner Basics
Topic: Can someone help identify this router..
Replies: 8
Views: 795

Re: Can someone help identify this router..

At any rate, once you find out the model, go on routerboard.com, search for end of life models and the specs should be there.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:33 pm
Forum: Beginner Basics
Topic: Can someone help identify this router..
Replies: 8
Views: 795

Re: Can someone help identify this router..

Hello

Don't you have physical access?

The sticker under should have all the details.

Regards,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 3:15 pm
Forum: Wireless Networking
Topic: Band and AP steering
Replies: 1
Views: 311

Re: Band and AP steering

I haven't seen if it's possible but would looooove to make that work.

I have devices that regularly select a weaker AP then the users complain of slow Internet access (your network sucks...) :D



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 2:54 pm
Forum: General
Topic: microtik L2TP server and microtik Client
Replies: 1
Views: 206

Re: microtik L2TP server and microtik Client

Hello SUD Please see this regarding licence questions: https://wiki.mikrotik.com/wiki/Manual:License As for only 5 tunnels working, there shouldn't be any issues with having more. It would be good if you posted your config and any error message you may have on your logs. Cheers, Sent from my cell ph...
by AlainCasault
Mon Apr 01, 2019 4:00 pm
Forum: Wireless Networking
Topic: 34km link low CCQ
Replies: 13
Views: 1247

Re: 34km link low CCQ

Use that mikrotik protocol thing
NV2 ;)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Mar 29, 2019 6:56 pm
Forum: Wireless Networking
Topic: 34km link low CCQ
Replies: 13
Views: 1247

Re: 34km link low CCQ

Did not see much channel usage for this frequency in the snooper, freq usage or scan. What option is Greenfield. I am currently researching it.
It's an expression meaning that you don't mix modes (a/n/ac) but rather stick with just one (ac).


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Mar 28, 2019 11:25 pm
Forum: Wireless Networking
Topic: 34km link low CCQ
Replies: 13
Views: 1247

Re: 34km link low CCQ

Have you tried the built-in tools to analyze the RF (scan, shopper)?

Have you also tried seeing it up as Greenfield, not a/n/AC?

Otherwise, signal levels are good... Snr good...



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Mar 27, 2019 2:04 pm
Forum: Beginner Basics
Topic: winbox on linux with firewall active
Replies: 3
Views: 307

Re: winbox on linux with firewall active

Actually, the way I'm reading this, his MAC-WINBOX is being blocked.

You should allow udp src.port 5678 so that the return traffic is allowed.

You should then see your routers.

Regards,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Mar 26, 2019 3:06 pm
Forum: Beginner Basics
Topic: Connecting two routers in two buildings with cable
Replies: 8
Views: 687

Re: Connecting two routers in two buildings with cable

I'd go with OSPF and let everything sort itself our ;)

Take a look at https://alaincasault.com/ca/posts/, the post named. "Redundant WAN links".

When the failure is in the ISP's infrastructure, the regular "check gateway" doesn't help much.

Cheers,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Mar 19, 2019 12:40 am
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 954

Re: How to really make backups (by script) ?

True!

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Mon Mar 18, 2019 8:20 pm
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 954

Re: How to really make backups (by script) ?

The binary backup will let you restore a perfect/complete copy of the config of the original router (A) on the new router(B). It will work. But DO reset the MACs, either manually or through a script as suggested. Obviously, it should NOT be done if the original router (A) is still running as you'll ...
by AlainCasault
Fri Mar 15, 2019 5:29 pm
Forum: Beginner Basics
Topic: Mikrotik as HUB (configuration)
Replies: 17
Views: 1262

Re: Mikrotik as HUB (configuration)

Ok, got it. Still can't do hub in MikroTik. Do a switch as was suggested before using a bridge. From within the router, you can launch a packet sniffer (in tools menu) which is wireshark compatible (make sure to name the file .pcap). You'll have to play with it as I don't remember if the bridge will...
by AlainCasault
Thu Mar 14, 2019 9:14 pm
Forum: Beginner Basics
Topic: Mikrotik as HUB (configuration)
Replies: 17
Views: 1262

Re: Mikrotik as HUB (configuration)

Because I have to simulate something like that in laboratories. Maybe as a bridge to do it, that it would be similar? I'm not sure you know what you require if you think that a hub and a switch are similar. Can you explain what you need to achieve? That could help us understand. Sent from my cell p...
by AlainCasault
Wed Mar 13, 2019 8:56 pm
Forum: Beginner Basics
Topic: Mikrotik as HUB (configuration)
Replies: 17
Views: 1262

Re: Mikrotik as HUB (configuration)

More to the point: why do you want a hub?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Mar 12, 2019 4:17 pm
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 954

Re: How to really make backups (by script) ?

Hello, This topic has been documented MANY times. But, yes, you CAN restore a binary backup of one device to another of SAME model. But: * Make sure they're both running the same version of OS * Reset each interface's MAC address. Voilà! As far as running and storing backups, that too has been docum...
by AlainCasault
Tue Mar 12, 2019 3:49 pm
Forum: Beginner Basics
Topic: Connecting two routers in two buildings with cable
Replies: 8
Views: 687

Re: Connecting two routers in two buildings with cable

Hello, I'm assuming that the /16s are just to summarize local subnets and you don't have such a big network. Otherwise, break the subnet down to smaller ones (like /24). Also, I'd probably go with fiber regardless since your working with two buildings. Fiber will insulate you from grounding issues, ...
by AlainCasault
Mon Mar 11, 2019 7:59 pm
Forum: Beginner Basics
Topic: Help with new Vlan Setup
Replies: 8
Views: 407

Re: Help with new Vlan Setup

Also, try this.

I think this is what you're going for.

https://wiki.mikrotik.com/wiki/Manual:S ... p_Features

Cheers,
by AlainCasault
Mon Mar 11, 2019 7:30 pm
Forum: Beginner Basics
Topic: Help with new Vlan Setup
Replies: 8
Views: 407

Re: Help with new Vlan Setup

Hello, I know what you mean as I have a Unifi also. I basically took the IP address of my Telco devices' subnet and its associated DHCP server and moved them to the trunk bridge. The Unifi is connected to a trunk port, but because the IP was set to the trunk bridge, that subnet became untagged. Of c...
by AlainCasault
Fri Mar 08, 2019 9:33 pm
Forum: General
Topic: Viewing network traffic question
Replies: 7
Views: 554

Re: Viewing network traffic question

Hello Nazralte, 1st thing to do is make sure your catch-all rules log traffic reaching them. As you indicate not being so good w/ firewalls, I'll give you more information, hoping I'm not treating you like a child ;) Catch-all rules just drop and log whatever was not processed by the previous rules,...
by AlainCasault
Fri Mar 08, 2019 8:31 pm
Forum: Beginner Basics
Topic: Routing CCR 1036 and CRS 317
Replies: 2
Views: 222

Re: Routing CCR 1036 and CRS 317

Hello, For starters, your devices should have a static IP address, not get one from a server. Otherwise, how do you plan on doing proper management with dynamic IP addresses? Secondly, I suggest you post a diagram you what you wish to acheive and your devices current configuration. You're asking for...
by AlainCasault
Fri Mar 08, 2019 5:59 pm
Forum: General
Topic: Winbox disconnects after few seconds
Replies: 4
Views: 329

Re: Winbox disconnects after few seconds

Hy again!! If you can winbox but not webfig, check that the IP Service for TCP 80 is not disabled. Could be that simple. :| If you use "bridge" mode (and it's not a typo), then your problem could lay there. I'm not in front of a router right now, but you should be set as AP-bridge mode, and I THIIII...
by AlainCasault
Fri Mar 08, 2019 3:15 pm
Forum: General
Topic: Winbox disconnects after few seconds
Replies: 4
Views: 329

Re: Winbox disconnects after few seconds

Hello

Are you connecting using an IP address or a mac address?

If it's the MAC, yes you may loose connectivity often. Use a IP as soon as possible.

Regards

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Mar 08, 2019 3:10 pm
Forum: Wireless Networking
Topic: Configuring a Single SSID WLAN with Two wAP AC (RBwAPG-5HacT2HnD-US) and one hEX (RB750Gr3)
Replies: 6
Views: 491

Re: Configuring a Single SSID WLAN with Two wAP AC (RBwAPG-5HacT2HnD-US) and one hEX (RB750Gr3)

Thanks for both replies! One additional question, I've read that a WDS mode has to be enabled in the routers and that both routers must be bridged into a single Wireless interface. Is that right? Thanks again. Hello No need for wds. And keep the setup as simple as possible. The APs' Wi-Fi card shou...
by AlainCasault
Thu Feb 28, 2019 4:12 pm
Forum: Beginner Basics
Topic: Bandwidth separation for VoIP
Replies: 5
Views: 381

Re: Bandwidth separation for VoIP

Hello

Packet marking is the first step. You'll move on to queue trees where you'll use the packet marks.

Check the url I gave you for a real step by step.

Cheers

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Feb 27, 2019 4:40 pm
Forum: Beginner Basics
Topic: Bandwidth separation for VoIP
Replies: 5
Views: 381

Re: Bandwidth separation for VoIP

Hello, What I wrote was meant as a general guideline, so it's possible it may not apply to your setup. But the caracteristics part still applies. Unless you know how an application behaves (protocol, port, DST IP address, anything that can help to identify it), it's going to be hard to do bandwidth ...
by AlainCasault
Wed Feb 27, 2019 2:33 pm
Forum: Beginner Basics
Topic: Bandwidth separation for VoIP
Replies: 5
Views: 381

Re: Bandwidth separation for VoIP

Hello, The hard part is to categorize your traffic. That is to says that you need to know as many "traits" as possible. As an example, I have VoIP phones on three dedicated subnets (three sites) and my PBXs on another. That becomes easy to do QoS between all subnets. My PBXs connect to my SIP trunk ...
by AlainCasault
Wed Feb 27, 2019 2:07 pm
Forum: Wireless Networking
Topic: 20Mhz or 20Mhz/40Mhz above,below which correct fot access point ?
Replies: 2
Views: 448

Re: 20Mhz or 20Mhz/40Mhz above,below which correct fot access point ?

Hello, Since you don't mention it, I'll start of with 2,4GHz. The choice of 20 or 40 MHz depends on your neighbors. If there's a lot of 2,4GHz around you, stick with 20MHZ as the AP will revert from 40 to 20 if it detects interference. If you can go to 40MHz, then scan what's around you and select a...
by AlainCasault
Fri Feb 22, 2019 9:54 pm
Forum: Beginner Basics
Topic: How to connect from android app Mikrotik to RB2011?
Replies: 6
Views: 465

Re: How to connect from android app Mikrotik to RB2011?

I don't recommend using the app from the WAN side, for many reasons (mainly security) other than its just in beta. However if you can open a VPN to home and then use the APP as though you were on the LAN, that may be a different story) Am I hearing an echo here? ;) Sent from my cell phone. Sorry fo...
by AlainCasault
Fri Feb 22, 2019 5:45 pm
Forum: General
Topic: Simple L2TP/IPSEC roadwarrior
Replies: 1
Views: 879

Re: Simple L2TP/IPSEC roadwarrior

Hello A gateway of 0.0.0.0? That can't be good. You're probably missing stuff in your ppp profile. Post your ppp setup. /ppp export. I have this basic setup and it works great. Is your tunnel coming up? I'm guessing yes if you're getting an address. Sent from my cell phone. Sorry for the errors.
by AlainCasault
Fri Feb 22, 2019 2:52 pm
Forum: Beginner Basics
Topic: How to connect from android app Mikrotik to RB2011?
Replies: 6
Views: 465

Re: How to connect from android app Mikrotik to RB2011?

Hello Pablo, I'm glad you solved your issue but did you realize you created a new one? It's not a good idea to open WinBox on your WAN port. It's a major security risk. You'd need better off doing at least port knocking first or, better yet, VPN to your router before managing it. Regards, Sent from ...
by AlainCasault
Wed Jan 30, 2019 8:14 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 773

Re: Text based backup!!!cannot load [SOLVED]

You're better off with export files. True, but with export files it also isn't easy, as I described above. It would be much easier when those minor changes were made... Of course we all understand that you cannot import an export from a 10-port router into a 5-port router without some manual action...
by AlainCasault
Wed Jan 30, 2019 5:36 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 773

Re: Text based backup!!!cannot load [SOLVED]

Doing a binary restore is "officially" meant for the same device, we all know this. It'll work ok on two devices of same model, as long as you reset the MAC address of all physical interfaces. Doing this on two routers of different models is asking for trouble and is NOT recommended. You're better o...
by AlainCasault
Tue Jan 29, 2019 6:09 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 773

Re: Text based backup!!!cannot load [SOLVED]

Hello, I'm assuming that you're rebooting AND loading the rev file at startup. I've found that if you add a 15 second delay at the top of the script file, it solves the case. Also: When transferring an export from one model to an other, it's good practice to edit the file (to remove unwanted configs...
by AlainCasault
Mon Jan 28, 2019 3:27 pm
Forum: Wireless Networking
Topic: Looking for a mikrotik router Model that supports DNAT
Replies: 8
Views: 666

Re: Looking for a mikrotik router Model that supports DNAT

Hello

All MikroTik devices support dnat.

Cheers

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 25, 2019 4:50 pm
Forum: Beginner Basics
Topic: How to use a simultaneous RBMetalG-52SHPacn
Replies: 1
Views: 212

Re: How to use a simultaneous RBMetalG-52SHPacn

Hello

That model only has one radio with the frequency software selectable.

When in doubt, always refer to the specs. https://mikrotik.com/product/RBMetalG-52SHPacn

Cheers,
by AlainCasault
Fri Jan 25, 2019 4:21 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 29
Views: 5548

Re: Feature request: Make Quickset to be separate package

The solution he posted involved changing the skin in the web interface. It does not work in winbox.
Click on "Design Skin" and remove the checkmark in front of Quick Set, then save it as default.
Ah! OK, thanks,

Would have loved a WinBox solution also. Oh well. :)
by AlainCasault
Fri Jan 25, 2019 3:29 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 29
Views: 5548

Re: Feature request: Make Quickset to be separate package

How do you imagine that would work? The home user needs QuickSet by default, he will not download and install it before he knows how RouterOS works. And removing QuickSet is already possible: Screenshot 2016-02-22 09.59.45.png Hello Normis, Could you please repost how to remove Qucikset? I'm affrai...
by AlainCasault
Fri Jan 25, 2019 2:36 pm
Forum: Beginner Basics
Topic: Block Password Error
Replies: 6
Views: 446

Re: Block Password Error

I would have added the last line near the top of the list, not at the bottom.
I'd also say to not bother with "dst-port=8291 protocol=tcp " on the drop filter. You got there, I'll block "everything" you do!

:)
by AlainCasault
Fri Jan 25, 2019 2:34 pm
Forum: Beginner Basics
Topic: Block Password Error
Replies: 6
Views: 446

Re: Block Password Error

Thanks Pegasus for that code. Very nice! I would suggest that if these attempts come from inside, contact the person behind the computer and have a talk with him/her. Remind him/her of company policies on hacking and the potential risks to his/her job. If it's home, block the kid's access for a day ...
by AlainCasault
Fri Jan 25, 2019 2:23 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 562

Re: Access VPN clients from LAN

I don't see much that could block return traffic (LAN to VPN). Do PCs on VPN have active firewall? I've seen that often where people would go head scratching because of that. I don't think masquerading VPN users helps much since the global masquerade filter will take care of that. I sugget filters t...
by AlainCasault
Fri Jan 25, 2019 2:03 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 562

Re: Access VPN clients from LAN

I saw that you created an IP POOL to assign ip addresses to your VPN clients. You don't need to since all your ppp secrets have an address defined. Keep the pool only if you create secrets that don't have a predefined address, but change the range so that assigned addresses don't clash with hard cod...
by AlainCasault
Fri Jan 25, 2019 2:21 am
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 562

Re: Access VPN clients from LAN

Hmmm Your secrets specify IP addresses found the the IP Pool pptp-vpn. Just change the profile to NOT have an IP Pool since all your users have hardcoded IPs. Can LAN ping VPN and vice versa? comments /ip firewall filter add action=accept chain=input comment="Allow WinBox from MAIN LAN" dst-port=829...
by AlainCasault
Thu Jan 24, 2019 9:56 pm
Forum: General
Topic: Address list in allowed addresses
Replies: 6
Views: 497

Re: Address list in allowed addresses

TIP : If you don't see it in a pull-down menu after its creation, you can't use it. Address-list is in the firewall section, and is usable only for firewall configs. The idea is interesting though!! Cheers, In some cases I have allowed addresses in an address list, in those cases I have to write th...
by AlainCasault
Thu Jan 24, 2019 9:36 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 1324

Re: Turn down Tx power

As you support older standards, you may have a negative effect on overall performance as Wi-Fi will enter protected mode to accomodate everybody. But wouldn't it only do that if a device tried to connect with b? So if there are no older devices trying to connect, wouldn't it just run normally, and ...
by AlainCasault
Thu Jan 24, 2019 9:10 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 562

Re: Access VPN clients from LAN

Hello,

show us output of "export /hide-sensitive".

Thank you
by AlainCasault
Thu Jan 24, 2019 8:56 pm
Forum: General
Topic: Address list in allowed addresses
Replies: 6
Views: 497

Re: Address list in allowed addresses

TIP: If you don't see it in a pull-down menu after its creation, you can't use it.

Address-list is in the firewall section, and is usable only for firewall configs. The idea is interesting though!!

Cheers,
by AlainCasault
Thu Jan 24, 2019 8:49 pm
Forum: Wireless Networking
Topic: Use computer as internet gateway
Replies: 5
Views: 387

Re: Use computer as internet gateway

Hello Vertigo220,

Does your model have a USB connector? If you connect your phone to it and tell the phone to share its connexion through USB, then a LTE interface will appear in the RB2011. Then you can use it as a real WAN port.

Cheers,
by AlainCasault
Thu Jan 24, 2019 5:25 pm
Forum: General
Topic: Ipcloud two Mikrotik
Replies: 9
Views: 732

Re: Ipcloud two Mikrotik

It's more a question of having an open port to exploit, two in your case.

And with a VPN, you can have proper routing and all your tools will work as if at home (or at the office).
by AlainCasault
Thu Jan 24, 2019 5:15 pm
Forum: General
Topic: New connection but not SYN
Replies: 8
Views: 550

Re: New connection but not SYN

Hello, This is my ( very basic ) suggestion. It'll be your job to translate it to ROS ;) ==1== chain=intput in-interface=ether1 connection-state=established, related action=accept ==2== chain=forward in-interface=ether1 connection-state=established, related action=accept ==3== chain=intput in-interf...
by AlainCasault
Thu Jan 24, 2019 4:21 pm
Forum: General
Topic: RB 3011 Ethernet ping question [SOLVED]
Replies: 3
Views: 570

Re: RB 3011 Ethernet ping question [SOLVED]

Hello, Many things may cause this like large data transfers, CPU spikes (whatever the cause). Hard to tell from just a screen capture, but I wouldn't worry for a glitch like that. Thing is to know your network and what is normal for you. This is called baselining. If you expect (through regular veri...
by AlainCasault
Thu Jan 24, 2019 4:04 pm
Forum: Wireless Networking
Topic: Wireless connection issue: loop on the same AP
Replies: 3
Views: 408

Re: Wireless connection issue: loop on the same AP

Hello Michael, I think you answered your own question :) If I understand you: * Station has a connect-list entry to the SSID * Station is MikroTik device, since you use connect-list entries * AP1 does not have access-list entry for station * AP2 has access-list entry for station Since AP1 refuses "s...
by AlainCasault
Thu Jan 24, 2019 3:50 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 1324

Re: Turn down Tx power

...
Also, when I reply in this forum, others will read it over time. So, I provide the most correct settings I know, not merely answering your exact question.
Great philosophy!! +1
by AlainCasault
Thu Jan 24, 2019 3:50 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 1324

Re: Turn down Tx power

I know b is old, but unless it's a security issue, which I don't see why it would be, I don't really see the harm in leaving it for compatibility with older devices. That said, I highly doubt I would ever actually need it, and so I also don't see any harm in disabling it; I was just curious if ther...
by AlainCasault
Wed Jan 23, 2019 8:00 pm
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 473

Re: how do I connect to my bridge?

But will MNDP work? That was his problem, the "not discovering routers"...
Not sure what MNDP stands for ... but Winbox displays routers and MAC Winbox connection works in Linux and wine if that is the question.
Mikrotik neighbor discovery protocol, like Cisco's CDP.

You answered. Thanks!!
by AlainCasault
Wed Jan 23, 2019 5:38 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 6662

Re: 6.43.8 vulnerability or hack?

Side remark/question here: 1.) instead of netinstall (need to press that button, set IP on the computer), is a down grade and then an upgrade of ROS equivalent to netinstall and erases all internal memory safely? 2.) I assume once you have a clean router, if you use a "backup" taken on an infected ...
by AlainCasault
Wed Jan 23, 2019 5:33 pm
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 1429

Re: How to for a guest network that can't access the internal network

Is there not a simple step by step guide that contains all the steps that is also compatible with the current OS? I cannot follow this with one step here, another step there, and some steps that are not compatible with my OS. Hello, The URL and examples shown by Baragoon will work. Yes, the URL has...
by AlainCasault
Wed Jan 23, 2019 5:26 pm
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 473

Re: how do I connect to my bridge?

Yep, Linux. (and OSX/macos).

You can run winbox in both using wine.

But will MNDP work? That was his problem, the "not discovering routers"...
by AlainCasault
Wed Jan 23, 2019 4:40 pm
Forum: Beginner Basics
Topic: Blocking adult site
Replies: 4
Views: 439

Re: Blocking adult site

Hello, It is complicated given everything is https now. But I built an Layer7 config using keywords like "porn", "xxx", etc. I use the layer 7 to block DNS requests containing those key words. But now that there are talks about secured DNS, even that will get complicated. Be aware that you should te...
by AlainCasault
Wed Jan 23, 2019 3:07 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 738

Re: CAPsMAN with virtual AP on VLAN - No connectivity

Hello MKX, Aaaah, the joy of offline discutions. Argh, it'd be so much easier "live". Oh well! So, I got it that lowercase=vlan interface (vlan101port) and UPPERCASE=bridge. But I'm still confused as to what you're saying (post #2) since if vlan101port (vlan interface) is assigned to a bridge, I sti...
by AlainCasault
Wed Jan 23, 2019 1:06 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 738

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As a bonus, here's my (partial) working setup for CAPsMAN. /caps-man channel add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ frequency=2412,2437,2462 name=channels-tous-n add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ frequency=2412 name=cha...
by AlainCasault
Wed Jan 23, 2019 1:03 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 738

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As VAPs are setup as tagged, all traffic artiving at bridge VLAN101 is tagged. For L3 configuration that's not acceptable, only untagged traffic is fine. And vlan interfaces do proper tagging/untagging: /interface vlan add name=vlan101port interface=VLAN101 and move IP configuration from VLAN101 to...
by AlainCasault
Wed Jan 23, 2019 3:26 am
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 473

Re: how do I connect to my bridge?

Piece of advice: activate RoMON On all devices. You'll find your devices no matter what. It would have been better for you if you could have used WinBox.

Glad it worked for you :)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 23, 2019 1:49 am
Forum: Beginner Basics
Topic: one port only internet, no lan [SOLVED]
Replies: 20
Views: 1281

Re: one port only internet, no lan [SOLVED]

Sounds like a guest port to me. Put it on a separate subnet and allow it access only to non private addresses (through the use of address lists to keep it clean and short).

But anav is correct, I may be out of context. Let me know.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 23, 2019 1:45 am
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 473

Re: how do I connect to my bridge?

Hello Normally, you should have an IP address (on hap) on the same subnet of the port the hap is connected to. Otherwise, you can't connect. Since you can't use winbox, I'm assuming you have a Linux box, yes? Create a bridge on the hap, slave Wi-Fi and ether ports to it, assign address to bridge, an...
by AlainCasault
Wed Jan 23, 2019 1:36 am
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 738

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As VAPs are setup as tagged, all traffic artiving at bridge VLAN101 is tagged. For L3 configuration that's not acceptable, only untagged traffic is fine. And vlan interfaces do proper tagging/untagging: /interface vlan add name=vlan101port interface=VLAN101 and move IP configuration from VLAN101 to...
by AlainCasault
Fri Jan 18, 2019 12:06 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 55
Views: 15665

Re: Photos of towers and masts

Inside rack :)
The grasshopper is only one hop away ;)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 18, 2019 12:03 am
Forum: General
Topic: The time and date refuses to be set properly
Replies: 5
Views: 391

Re: The time and date refuses to be set properly

Have you tried to disable IP CLOUD and set up SYSTEM CLOCK for the correct time zone?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jan 17, 2019 10:57 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 1622

Re: Can ping router, but cannot ping or connect to WAN

What I dont see is on the /ip dhcp server-network, a typical reference to dns??? I do not remember what the IP dhcp client shows for normal config export. Good point! Checked options should be show on an export, although I'm not in front of my computer to validate. Even if dns allows remote request...
by AlainCasault
Thu Jan 17, 2019 10:53 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 1622

Re: Can ping router, but cannot ping or connect to WAN

I think it has to do with your dhcp client. It's not creating a default route. What make you think that? I've a hAP lite running DHCP client on WAN and config as shown in export is exactly the same as in OP. It does create dynamic route entries, shown only using print command. You were talking abou...
by AlainCasault
Thu Jan 17, 2019 8:07 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 1622

Re: Can ping router, but cannot ping or connect to WAN

I think it has to do with your dhcp client. It's not creating a default route.

Cheers,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jan 17, 2019 8:02 pm
Forum: Beginner Basics
Topic: How to shut down Router before Power Off?
Replies: 19
Views: 3474

Re: How to shut down Router before Power Off?

Hello, Excuse my ignorance, but why would we want to shutdown the router at the end of the day? It's Linux based, not Windows :D Kidding aside, maybe you're dealing with an issue I don't know about... Please let me know. If one wants to clear memory (???), then perhaps you could simply schedule a re...
by AlainCasault
Thu Jan 17, 2019 11:59 am
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 1429

Re: How to for a guest network that can't access the internal network

Ya, since the names can be changed, it can be confusing. Use wlan1 or 2.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 16, 2019 8:15 pm
Forum: General
Topic: Which Router should i buy for a small web hosting company?
Replies: 6
Views: 628

Re: Which Router should i buy for a small web hosting company?


Finally, my mother told me never to trust a man driving in a red car sporting a beard. ;-)
LOL!!!!!

Joking aside, you're right on the money.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 16, 2019 3:18 pm
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 1429

Re: How to for a guest network that can't access the internal network

Is there not a simple step by step guide that contains all the steps that is also compatible with the current OS? I cannot follow this with one step here, another step there, and some steps that are not compatible with my OS. Hello, The URL and examples shown by Baragoon will work. Yes, the URL has...
by AlainCasault
Mon Jan 14, 2019 4:53 pm
Forum: General
Topic: SSH WAN port first time
Replies: 3
Views: 316

Re: SSH WAN port first time

Hello,

This may seem obvious but make sure you don't leave ssh open too long and that your router is at the latest os.

For extra protection (sounds like a condom ad), allow ssh only from a specific IP address.

Cheers,



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 11, 2019 9:31 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 498

Re: DHCP Setup on two ports

My comment was purely on form and manner, if it wasn't obvious enough...

Next time, report my post and let a real moderator tell me what to do.
by AlainCasault
Fri Jan 11, 2019 6:23 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 498

Re: DHCP Setup on two ports

Well, you are rude and you're not very understanding. If you read the original question: request is to setup two different dhcp server configuraiton for two ports which are seemingly in same bridge configuration. What's so hard to understand? If you're not willing to help, then don't bother others ...
by AlainCasault
Fri Jan 11, 2019 5:57 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 498

Re: DHCP Setup on two ports

Its not possible to add the dhcp server on a bridged interface because those ports are logically connected like on a switch. That means the dhcp service on slave interface (ether6) would also listen on slave interface (ether7). That results into the problem that the service cannot distinguish from ...
by AlainCasault
Thu Jan 10, 2019 8:30 pm
Forum: Wireless Networking
Topic: Backhaul speeds - N only / AC only or mixed mode
Replies: 3
Views: 488

Re: Backhaul speeds - N only / AC only or mixed mode

Hello, I didn't think that mixed mode will do anything with rain fade. It will help you support older clients, which I did not want (for me). If I read you properly, it's your infrastructure. I'd go Greenfield, meaning pure N and pure AC. Yes, mixed mode allows older clients to connect but it also s...
by AlainCasault
Thu Jan 10, 2019 7:34 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 498

Re: DHCP Setup on two ports

Hello, I'm afraid your question is all over the place. Dhcp, traffic flow... I'll answer the dhcp question: assign your dhcp server to the bridge hosting the two ports. As the router is saying, you can't assign the server to a port inside a bridge. Cheers, Sent from my cell phone. Sorry for the erro...
by AlainCasault
Wed Dec 19, 2018 5:07 pm
Forum: Beginner Basics
Topic: Router doesn't show in Winbox "Neighbors" list [SOLVED]
Replies: 5
Views: 1309

Re: Router doesn't show in Winbox "Neighbors" list [SOLVED]

Hello Olaf, I haven't seen the WAN LAN naming convention that you mention. I personally would not like it as I find it very confusing to make a quick corelation between WAN and etherX. Many of my students do that (rename interfaces). Instead, I encourage them to use comments. There are no ports labe...
by AlainCasault
Tue Dec 18, 2018 6:06 pm
Forum: General
Topic: NETINSTALL: bind tftp general failed
Replies: 3
Views: 1033

Re: NETINSTALL: bind tftp general failed

I ran into the same issue last year Alain caused by a conflict with the same TFTP server and it took me a while to figure it out. Felt silly afterwards. I think it happens to everyone from time to time.
;)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Dec 18, 2018 6:21 am
Forum: General
Topic: NETINSTALL: bind tftp general failed
Replies: 3
Views: 1033

Re: NETINSTALL: bind tftp general failed

I forgot,

Run netstat -abno (as admin) to see what process or application uses which ports / protocols.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Dec 18, 2018 2:52 am
Forum: General
Topic: NETINSTALL: bind tftp general failed
Replies: 3
Views: 1033

NETINSTALL: bind tftp general failed

Hello all, ====General FYI==== I got this error that says: Bind tftp general failed: One occurence of each port / address allowed (10048) when I was using Netinstall. I realy needed it as my client's router got hacked. I checked the forum posts, to no avail. You know what nerves will do when tired a...
by AlainCasault
Thu Dec 13, 2018 6:12 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 168
Views: 25911

Re: Which types of ports would you like to see for a high speed router

Given that there are switch chips and encryption chip, how about other types of specialized ASICs to further offload the cpu and give the boxes better performance. A firewall chip perhaps?? Sent from my cell phone. Sorry for the errors. Switch chips typically have ACL capabilities built-in. Limited...
by AlainCasault
Thu Dec 13, 2018 3:12 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 168
Views: 25911

Re: Which types of ports would you like to see for a high speed router

Given that there are switch chips and encryption chip, how about other types of specialized ASICs to further offload the cpu and give the boxes better performance.

A firewall chip perhaps??


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sat Dec 01, 2018 6:54 pm
Forum: Wireless Networking
Topic: Why Mikrotik isn't improving its wireless like Ubiquiti and Cambium?
Replies: 5
Views: 879

Re: Why Mikrotik isn't improving its wireless like Ubiquiti and Cambium?

I would say the outdoor stuff is much more expensive to design test and certify???? Not sure about certification. Each device has to be tested under it's model number/name, even if they all use the same chip set. Wouldn't make much sense to try to save money there. Maybe design and testing is a dif...
by AlainCasault
Sat Dec 01, 2018 4:25 am
Forum: General
Topic: Address Lists in Firewal rules
Replies: 16
Views: 1245

Re: Address Lists in Firewal rules

I agree with Anav. Order SHOULD be irrelevent. "Grad that address list and use it to check for a match".

I couldn't care less about order. Imagine the hassle of redoing the entire list if there's an order issue?? Hope you guys are good with Excel and sorting :D

Major bug if it's the case.
by AlainCasault
Fri Nov 30, 2018 4:14 pm
Forum: General
Topic: Block VPN access to VLAN
Replies: 11
Views: 774

Re: Block VPN access to VLAN

Hello,

Layer 3 VPNs can be filtered easy enough with regular filters. Just intercept forward traffic between both subnets and voilà!

A good example is L2TP over IPSec.

Regards

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Nov 30, 2018 4:08 pm
Forum: General
Topic: Address Lists in Firewal rules
Replies: 16
Views: 1245

Re: Address Lists in Firewal rules

Edit; firewall lists work great, so no, no problems there and your understanding is good.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Nov 30, 2018 4:07 pm
Forum: General
Topic: Address Lists in Firewal rules
Replies: 16
Views: 1245

Re: Address Lists in Firewal rules

Hello, If it works for one, it should work for all, unless you forgot to add an address in your list, which you would have spotted fast enough. A common problem that I see often in my classes is computer's personal firewall. Disable it and redo your tests. Make sure also that you have a rule that al...
by AlainCasault
Thu Nov 29, 2018 2:58 pm
Forum: General
Topic: Backup/ Restore issue and duplicating Ethernet MAC address [SOLVED]
Replies: 4
Views: 1518

Re: Backup/ Restore issue and duplicating Ethernet MAC address [SOLVED]

Those functions are not in the menu, that is true. Just open a CLI window and: /export file=filename As I suggested before, edit your file before importing it to the new router. You could, technically, restore a binary backup to the new router (if same model), but you'd need to go through ALL physic...
by AlainCasault
Sat Nov 24, 2018 6:31 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1023

Re: 2 PPPOE Connections to be Active Simultaneously

Hello Anav, I think the idea behind the "elephant" expression was just that it's human nature to get easily discouraged when faced with a big task. But, if we approach it in a step-by-step manner, nothing is insurmountable. I understand that the "ant" expression is meant to secure people when faced ...
by AlainCasault
Fri Nov 23, 2018 1:09 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1023

Re: 2 PPPOE Connections to be Active Simultaneously

Like my MikroTik trainer once said: "How do you eat an elephant? One bite at a time." Doing something complicated remotely is not recommended practice. Go local if you can. I would establish one link and make sure it's stable. Work from there after. The first thing you absolutely need to learn and p...
by AlainCasault
Thu Nov 22, 2018 7:23 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1023

Re: 2 PPPOE Connections to be Active Simultaneously

Alain has a lots of designations so he must be on the right track!! ;-)
Me blushing :D
by AlainCasault
Thu Nov 22, 2018 6:22 pm
Forum: Beginner Basics
Topic: client connect to wifi in other room - why [SOLVED]
Replies: 9
Views: 896

Re: client connect to wifi in other room - why [SOLVED]

Quick suggestions: Band: Use only 11n unless you have old clients to support. Channel width: Use only 20MHz. Period! 40MHz in 2,4GHz is very bad practice!!! Will cause interference. Frequency: Make sure that 2412 is free (or not too busy)... Always stay with 1,6,11 for channels (non overlaping). WPS...
by AlainCasault
Thu Nov 22, 2018 5:08 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1023

Re: 2 PPPOE Connections to be Active Simultaneously

Hello Duke, Quick answer: Yes, it can be done. Longer answer: It'll depend on what traffic needs to go where. You could manually create a static route while you tell the pppoe clients not to add a default route. The (2) gateway field values (yes, you'll add a 2nd) of that static route would be the I...
by AlainCasault
Thu Nov 22, 2018 3:48 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1023

Re: 2 PPPOE Connections to be Active Simultaneously

Hello Duke I don't see why the second pppoe should go down when the first is up. Are your isp's two separate providers? The only thing I see from your description is the distance value. I'm assuming you're taking about the distance parameter in dhcp-client (or routing in general). If so, it's normal...
by AlainCasault
Thu Nov 22, 2018 3:41 pm
Forum: Beginner Basics
Topic: client connect to wifi in other room - why [SOLVED]
Replies: 9
Views: 896

Re: client connect to wifi in other room - why [SOLVED]

You haven't said anything about your parameters. Are tx power and antenna gain properly setup? A quick and dirty trick is to close and restart Wi-Fi on your laptop once in your room. If your laptop has a tendency to be a sticky client, this usually solves the issue. As mentioned above, roaming is a ...
by AlainCasault
Wed Nov 21, 2018 4:12 pm
Forum: Beginner Basics
Topic: client connect to wifi in other room - why [SOLVED]
Replies: 9
Views: 896

Re: client connect to wifi in other room - why [SOLVED]

Hello, CAPsMAN should handle this for you. Otherwise you can always set a rule in the connection list to deny a certain signal strength from connecting to the AP. You can find this under Wireless > Connect List (Winbox) or /interface wireless connect-list Hello Do not use connect list. This is to t...
by AlainCasault
Wed Nov 21, 2018 4:08 am
Forum: Beginner Basics
Topic: DHCP showing Red
Replies: 9
Views: 2286

Re: DHCP showing Red

Hello

A DHCP server is red if it's assigned to a slaved interface (I.e. ether port under a bridge) but it doesn't look like it.

I'll Go with Anav's idea: I'm seeing the bridge and ether5 in the same interface list; not sure...

Envoyé de mon LG-H873 en utilisant Tapatalk

by AlainCasault
Wed Nov 14, 2018 7:21 pm
Forum: General
Topic: Static IP on single interface which is member of a bridge
Replies: 3
Views: 418

Re: Static IP on single interface which is member of a bridge

Hello

You can't assign an address to a slaved port.

You'll have to review your design.

Cheers,


Sent from Tapatalk

by AlainCasault
Wed Nov 14, 2018 2:59 pm
Forum: General
Topic: secure winbox port access only by wan ip
Replies: 16
Views: 1625

Re: secure winbox port access only by wan ip

Winbox is to control the router and the router setup. It should not be done via WAN connection (direct), it should be done with a VPN or at the very minimum the Port Knocking technique. Theese are okay if you are using just a few mikrotiks. But when you get plenty of them in different places around...
by AlainCasault
Sat Nov 10, 2018 11:20 pm
Forum: General
Topic: secure winbox port access only by wan ip
Replies: 16
Views: 1625

Re: secure winbox port access only by wan ip

To begin with, remove the value entered with "/ip services set winbox address=X.X.X.X/Y". That's just plain bad! Even if you're coming in from other offices, don't see it as coming in through the WAN port. You're coming in through a point-to-point link (L2TP/IPSEC, which is great) from an other LAN ...
by AlainCasault
Sat Nov 10, 2018 8:36 pm
Forum: General
Topic: secure winbox port access only by wan ip
Replies: 16
Views: 1625

Re: secure winbox port access only by wan ip

Hello,

Do you realize that by giving your public IP address, you basically invited everybody to test your security?

Make sure you have a strong firewall and have secured your router.

Best regards,


Sent from Tapatalk

by AlainCasault
Fri Nov 09, 2018 4:50 am
Forum: Beginner Basics
Topic: The winbox is hard to use
Replies: 12
Views: 1204

Re: The winbox is hard to use

Hi guys, i want to know how do you use winbox, because i think it's really hard to use. For example: 1.can't move the sub window out of the main window. 2.can't minimal the sub window. So when opening many sub windows, it's hard to find the window which you want. Anyone else has good idea to operat...
by AlainCasault
Sat Nov 03, 2018 2:57 pm
Forum: General
Topic: rules order in raw firewall change
Replies: 11
Views: 754

Re: rules order in raw firewall change

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
Are you sure they aren't just sorted?
Agreed. I do that sometime by mistake. Just click on the sequencial numbers column and it should be ok.


Sent from Tapatalk

by AlainCasault
Thu Nov 01, 2018 10:55 pm
Forum: General
Topic: Two subnets, one mine one foreign
Replies: 5
Views: 538

Re: Two subnets, one mine one foreign

Hello Mareka, Ya, I think I get you. In this case, create TWO bridges and have 2 EOIP tunnels, one inside each bridge. You don't even have to have IP addresses on your MTK. Well, maybe one for management. Use 0.0/24 if this is your network. So, in general (this in an example only. adapt it to your n...
by AlainCasault
Thu Nov 01, 2018 7:37 pm
Forum: General
Topic: Two subnets, one mine one foreign
Replies: 5
Views: 538

Re: Two subnets, one mine one foreign

Hello, No offence but your setup is... Special. One layer 2 network, remote DHCP, two addresses per computer, no GW for 80.0/24, DHCP assigned address to the bridge and one manually... You're probably having issues with your computers as well as with your mk setup. I know you said that the reason is...
by AlainCasault
Wed Oct 31, 2018 12:50 pm
Forum: Scripting
Topic: Netwatch WAN failover with dynamic gateway [SOLVED]
Replies: 6
Views: 3046

Re: Netwatch WAN failover with dynamic gateway [SOLVED]

Well, this sucks. How can you have something solid when your provider changes stuff. It's the first time I hear about a setup like that. I wanted to suggest this : https://alaincasault.com/ca/posts But that setup won't do it either since the default gateway will change on you. Use my idea of renewi...
by AlainCasault
Tue Oct 30, 2018 4:30 pm
Forum: General
Topic: admin user accidentaly deleted
Replies: 4
Views: 556

Re: admin user accidentaly deleted

As I said, can't be done without another full admin.


Sent from Tapatalk

by AlainCasault
Mon Oct 29, 2018 4:11 am
Forum: General
Topic: admin user accidentaly deleted
Replies: 4
Views: 556

Re: admin user accidentaly deleted

Hello

Thing is, you can't delete admin unless you already have an account with full rights. Just recreate admin, give it a password and it's over :)

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Sun Oct 28, 2018 11:55 pm
Forum: General
Topic: Winbox layout
Replies: 3
Views: 466

Re: Winbox layout

Hello,

GUI editing is available only for webfig, although this would be great for winbox.

Regards,

Sent from Tapatalk

by AlainCasault
Sun Oct 28, 2018 8:06 pm
Forum: General
Topic: RB962UiGS-5HacT2HnT upgrade not working
Replies: 4
Views: 657

Re: RB962UiGS-5HacT2HnT upgrade not working

Hy

Doing know why, but have you tried netinstall to recover the router?

Sent from Tapatalk

by AlainCasault
Fri Oct 26, 2018 3:25 am
Forum: Scripting
Topic: Netwatch WAN failover with dynamic gateway [SOLVED]
Replies: 6
Views: 3046

Re: Netwatch WAN failover with dynamic gateway [SOLVED]

Well, this sucks. How can you have something solid when your provider changes stuff. It's the first time I hear about a setup like that. I wanted to suggest this : https://alaincasault.com/ca/posts But that setup won't do it either since the default gateway will change on you. Use my idea of renewin...
by AlainCasault
Thu Oct 25, 2018 8:25 pm
Forum: Scripting
Topic: Netwatch WAN failover with dynamic gateway [SOLVED]
Replies: 6
Views: 3046

Re: Netwatch WAN failover with dynamic gateway [SOLVED]

Hello

I guess you could script a dhcp client renewal and schedule it every so often, frequency is up to you.

I'm not a scripting expert, so I won't suggest one ;) but I'm pretty sure it would be ok.

Regards,


Sent from Tapatalk

by AlainCasault
Thu Oct 25, 2018 4:31 pm
Forum: General
Topic: firewall [SOLVED]
Replies: 5
Views: 683

Re: firewall [SOLVED]

Also!!

Assume your router is hacked. Netinstall it to be safe.

The netinstall procedure will format everything and you'll start clean.

Sent from Tapatalk

by AlainCasault
Thu Oct 25, 2018 4:28 pm
Forum: General
Topic: firewall [SOLVED]
Replies: 5
Views: 683

Re: firewall [SOLVED]

Hello Most definitely! As off now, anybody can telnet/ssh/winbox into your router. Your current rule only prevents traffic going into your lan. I suggest you take the default config of a basic RB model and study it. The firewall is fairly basic and offers real protection. Best regards, Sent from Tap...
by AlainCasault
Wed Oct 24, 2018 5:08 pm
Forum: Wireless Networking
Topic: Connect 2 locations 80m apart with obstacles
Replies: 6
Views: 966

Re: Connect 2 locations 80m apart with obstacles

Hello

You can try if you want, but I'm sure you will get serious signal loss.

All that you mentioned have serious effect on RF and wals might include some metal studs that'll make it worst.

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Wed Oct 24, 2018 3:09 pm
Forum: General
Topic: firewall [SOLVED]
Replies: 5
Views: 683

Re: firewall [SOLVED]

Hello,

No rules? Your router is an open bar for hackers. Why do you do that?

Forget everything, netinstall and start over.

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Wed Oct 24, 2018 2:19 pm
Forum: Beginner Basics
Topic: Windows Firewall and Sub-Network question
Replies: 6
Views: 881

Re: Windows Firewall and Sub-Network question

Hello,

By default, all devices in the same router can communicate with each other if you don't have firewall rules blocking anything.

You answered you own question. It works when you disable the Windows firewall. I don't see what else you need??

Regards,


Sent from Tapatalk

by AlainCasault
Tue Oct 23, 2018 6:09 am
Forum: General
Topic: 31 subnet - Not finding an answer to default gateway.
Replies: 16
Views: 1997

Re: 31 subnet - Not finding an answer to default gateway.

I also read that it wasn't supported, but I also read multiple times, that it can be made to work with an IP of /32, but this hasn't worked for me either. Tom Hello, I've read somewhere (forum, wiki???) that MikroTik does not support /31 :( Try a few searches on the forum to validate this. Regards,...
by AlainCasault
Tue Oct 23, 2018 2:00 am
Forum: General
Topic: 31 subnet - Not finding an answer to default gateway.
Replies: 16
Views: 1997

Re: 31 subnet - Not finding an answer to default gateway.

Hello,

I've read somewhere (forum, wiki???) that MikroTik does not support /31 :(

Try a few searches on the forum to validate this.

Regards,

Sent from Tapatalk

by AlainCasault
Fri Oct 19, 2018 5:38 pm
Forum: General
Topic: Mejor opcion de MIKROTIK para 3000 abonados
Replies: 7
Views: 880

Re: Mejor opcion de MIKROTIK para 3000 abonados

We accept other language only on case the other the English translation is in the post simultaneously. This is just only English forum. If someone cannot speak English enough, he would be welcomed on any other mikrotik related forum that accepts his language. Unfortunately he will not be able to se...
by AlainCasault
Tue Oct 16, 2018 9:42 pm
Forum: Beginner Basics
Topic: which is faster a many entries in the firewall or one with ip list
Replies: 2
Views: 363

Re: which is faster a many entries in the firewall or one with ip list

Hello,

It's better on CPU to have one fw filter using an address list.

Cheers,


Sent from Tapatalk

by AlainCasault
Fri Oct 12, 2018 3:21 pm
Forum: General
Topic: Can't change username on ROS 6.43 [SOLVED]
Replies: 21
Views: 3827

Re: Can't change username on ROS 6.43 [SOLVED]

Thanks guys! I want to create a HotSpot and need to be sure that system will be "Hacker resistant" ( sure i know that if some one really want to hack a system it will be done...) I have already blocked all pings from Hotspot network at firewall filter and so on ... I like your choice of word, "resi...
by AlainCasault
Fri Oct 12, 2018 3:17 pm
Forum: Beginner Basics
Topic: Routing between subnets without bridge
Replies: 5
Views: 605

Re: Routing between subnets without bridge

Oh, by the way, when asked for your config, you should do:

Export hide-sensitive file=nameoffile

Regards,


Sent from Tapatalk

by AlainCasault
Fri Oct 12, 2018 3:15 pm
Forum: Beginner Basics
Topic: Routing between subnets without bridge
Replies: 5
Views: 605

Re: Routing between subnets without bridge

There's no need to put wlan1 in a bridge as it is a standalone interface. @OP, remove wlan1 from bridge. Like I said, I've seen bizarre results when stuff was disabled rather than deleted (may not be the case here but just in case). Otherwise, the print results look good. Also, if you have master-sl...
by AlainCasault
Thu Oct 11, 2018 10:01 pm
Forum: Beginner Basics
Topic: Routing between subnets without bridge
Replies: 5
Views: 605

Re: Routing between subnets without bridge

Hello, You should export your config. It would be easier. I'm guessing here, so... Make sure wlan1 is deleted from the bridge, not just disabled. I've seen weird results with stuff being disabled. Make sure wlan1 had an ip address from a distinct subnet Create a dhcp-server assigned to wlan1 Test Wi...
by AlainCasault
Thu Oct 11, 2018 9:49 pm
Forum: General
Topic: Can't change username on ROS 6.43 [SOLVED]
Replies: 21
Views: 3827

Re: Can't change username on ROS 6.43 [SOLVED]

@man: You can always create completely new user and disable/delete original "admin".
+1

I agree. Deleting "admin", even if it has a pwd from hell is that much more secure.


Sent from Tapatalk

by AlainCasault
Tue Oct 09, 2018 5:29 am
Forum: General
Topic: my router is under attack
Replies: 11
Views: 1969

Re: my router is under attack

Dude, that's what I suggested a week ago.

Regards,


Sent from Tapatalk

by AlainCasault
Sun Oct 07, 2018 2:45 pm
Forum: General
Topic: Unable to get full gigabit speed on RB750Gr3
Replies: 28
Views: 4135

Re: Unable to get full gigabit speed on RB750Gr3

I would agree with R1CH here. I just tested mine with a 120Mbps link and my CPU can peak up to 35%, although my firewall is a bit more elaborate, but I have minimal bridges. If you compare the hEX with a RB3011, the 3011 his about 2x more powerful while the RB4011 is roughly 7x more powerful (than t...
by AlainCasault
Sat Oct 06, 2018 7:25 pm
Forum: General
Topic: Unable to get full gigabit speed on RB750Gr3
Replies: 28
Views: 4135

Re: Unable to get full gigabit speed on RB750Gr3

Hello,

Based on your setup, you may get less than gig. If you look at the gr3 specs, you'll see that with filters and bridges, throughput goes down depending on packet size.

Regards

Sent from Tapatalk

by AlainCasault
Fri Oct 05, 2018 1:14 am
Forum: General
Topic: upgrade to stable [solved]
Replies: 3
Views: 468

Re: upgrade to stable

Hello,

You can upgrade directly to a stable version. Of you want to downgrade, drag and drop the files, and while in system packages, click on Downgrade.

I wouldn't downgrade unless you have a specific reason. Just go to the latest stable version.

Cheers,


Sent from Tapatalk

by AlainCasault
Tue Oct 02, 2018 8:01 pm
Forum: General
Topic: I think my routerboard has been compromised
Replies: 5
Views: 515

Re: I think my routerboard has been compromised

Try also disabling the firewall. Damned thing always puts students in hot water during labs ;)

Sent from Tapatalk

by AlainCasault
Tue Oct 02, 2018 4:03 pm
Forum: General
Topic: I think my routerboard has been compromised
Replies: 5
Views: 515

Re: I think my routerboard has been compromised

Hello,

Netinstall can be difficult some times. Have you disabled the unused network interfaces on your computer before starting netinstall?

It might help.

Regards,


Sent from Tapatalk

by AlainCasault
Tue Oct 02, 2018 3:54 pm
Forum: General
Topic: Btest on Windows - what to use instead ?
Replies: 1
Views: 263

Re: Btest on Windows - what to use instead ?

Hello, I use iperf between devices for a better performance measure. I've long since stopped using anything that requires interacting with a router since it adds an extra load on the CPU and affects the results. I let routers route and leave the testing to computers. With the Windows (as well as Lin...
by AlainCasault
Mon Oct 01, 2018 3:28 am
Forum: Beginner Basics
Topic: router without gateway to internet
Replies: 4
Views: 509

Re: router without gateway to internet

Hello, I think you are over-thinking this. First, why the computer in the middle? Connect to router to wireless and be done with it. If required, buy a router with a wireless interface. The computer is just an extra point of failure. If the wired part is only for internal stuff, add firewall rules t...
by AlainCasault
Mon Oct 01, 2018 3:14 am
Forum: General
Topic: my router is under attack
Replies: 11
Views: 1969

Re: my router is under attack

Netinstall an upgrade and restart from scratch :(

Sent from Tapatalk

by AlainCasault
Mon Oct 01, 2018 3:12 am
Forum: General
Topic: Infected 6.38.5 Clients Upgrade fails to load
Replies: 7
Views: 687

Re: Infected 6.38.5 Clients Upgrade fails to load

I guess your search was too precise. Had you tried "MikroTik infected" , you would have gotten much more.

Regards,


Sent from Tapatalk

by AlainCasault
Sun Sep 30, 2018 5:44 pm
Forum: General
Topic: Infected 6.38.5 Clients Upgrade fails to load
Replies: 7
Views: 687

Re: Infected 6.38.5 Clients Upgrade fails to load

Hello,

At any rate, problems regarding infected routers have been discussed many times.

Please netinstall, change the detault admin account to something else and change the password.

Validate also that you have proper firewall filters.

Regards,

Sent from Tapatalk

by AlainCasault
Fri Sep 28, 2018 4:02 pm
Forum: Beginner Basics
Topic: DHCP Subnetmask /32
Replies: 6
Views: 856

Re: DHCP Subnetmask /32

@AlainCasault: Yes, but in this case you never learn how things works… ;)
Wrong. You can still examine and change anything later. Only instead of finding all dead ends, you have good working starting point.

+1
by AlainCasault
Thu Sep 27, 2018 9:52 pm
Forum: Beginner Basics
Topic: Can't connect to Mikrotik from outside
Replies: 9
Views: 1617

Re: Can't connect to Mikrotik from outside

Just one comment.

Make sure you know what you're doing before doing that.

You might (will) be in a word of pain opening winbox to the internet.

Regards,


Sent from Tapatalk

by AlainCasault
Thu Sep 27, 2018 9:49 pm
Forum: Beginner Basics
Topic: DHCP Subnetmask /32
Replies: 6
Views: 856

Re: DHCP Subnetmask /32

Which is why I always tell my students to use the DHCP-SETUP button instead of doing it manually. Too error prone.

Regards

Sent from Tapatalk

by AlainCasault
Thu Sep 27, 2018 9:46 pm
Forum: General
Topic: my router is under attack
Replies: 11
Views: 1969

Re: my router is under attack

I agree with Jotne and would go one step further. If you must access remotely, I hope it's always from the same place!! If not, you're asking for trouble ;) If so, modify the firewall rule so as to accept tenet / ssh from the ip of the place you're accessing the router from. If the router from where...
by AlainCasault
Wed Sep 26, 2018 8:48 pm
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 1538

Re: Hardware offload on sfp port in hEX S mmips

Hello

Please be aware that this is a user forum. If you want to address MikroTik, I would suggest you write support@mikrotik.com

Regards,


Sent from Tapatalk

by AlainCasault
Wed Sep 26, 2018 3:55 pm
Forum: Wireless Networking
Topic: Is “Wap” support mesh?
Replies: 1
Views: 300

Re: Is “Wap” support mesh?

Hello,

Yes. Mesh is a config that is not hardware specific. You can do it in all Wi-Fi models.

Regards,


Sent from Tapatalk

by AlainCasault
Tue Sep 25, 2018 9:54 pm
Forum: General
Topic: Problem update RB2011
Replies: 4
Views: 482

Re: Problem update RB2011

Weird...

Maybe a good backup / export, then netinstall.

Nothing out of the ordinary in your config, like scripts you never did?


Sent from Tapatalk

by AlainCasault
Tue Sep 25, 2018 4:59 pm
Forum: General
Topic: Problem update RB2011
Replies: 4
Views: 482

Re: Problem update RB2011

Hello Maybe you did but have you tried removing the extra packages instead of just disabling them? Are you using the packages of the right architecture for the upgrade? Usually, when upgrade fails, it's because you're using the wrong files or an older version. Are there messages in log after reboot?...
by AlainCasault
Mon Sep 24, 2018 3:38 pm
Forum: General
Topic: Bridge problems.
Replies: 4
Views: 429

Re: Bridge problems.

Hello

You should never put an address on a slave interface, like ether1 in your case.

If you're using static routing, then the suggestion of adding a default route might be good to try.

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Mon Sep 24, 2018 3:09 pm
Forum: Beginner Basics
Topic: Setting internet bandwidth limitation on CRS125-24G-1S-RM
Replies: 4
Views: 413

Re: Setting internet bandwidth limitation on CRS125-24G-1S-RM

Hello

Take a look at simple queues.

They are... Simple... To setup ;)

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Mon Sep 24, 2018 3:05 pm
Forum: General
Topic: RB 450G - Trunk For PC
Replies: 1
Views: 205

Re: RB 450G - Trunk For PC

Hello Your question seems like a server issue more than a router issue. If you only have one gateway on the server then the subnets in the server without the gateway will never properly send replies. Why do you need three addresses? Just use one and let the router do its job. Trunking won't do more ...
by AlainCasault
Mon Sep 24, 2018 3:04 am
Forum: Beginner Basics
Topic: 2 Networks on 1 interface
Replies: 4
Views: 543

Re: 2 Networks on 1 interface

Good day, I have a newbie question. I have a RB750. How can i access our Local Area Webpage (192.168.1.119)? 0 A S 0.0.0.0/0 192.168.1.1 1 1 S 0.0.0.0/0 192.168.254.254 1 2 A S 0.0.0.0/0 192.168.1.1 1 3 S 0.0.0.0/0 192.168.254.254 2 4 ADC 192.168.1.0/24 192.168.1.2 ether1 0 5 S 192.168.1.0/24 192.1...
by AlainCasault
Mon Sep 24, 2018 3:00 am
Forum: Beginner Basics
Topic: 2 Networks on 1 interface
Replies: 4
Views: 543

Re: 2 Networks on 1 interface

salut, j'ai un petit soucis comment faire un simple queu avec les limites pour un debutant Hello, This forum is meant to be English only. You'll get warned if you don't respect this rule (j'en sais quelque chose!). Also, your question is totally off topic. Start a new post. Thanks Sent from Tapatalk
by AlainCasault
Sun Sep 23, 2018 9:18 pm
Forum: Beginner Basics
Topic: CAPsMAN Access List Question [SOLVED]
Replies: 4
Views: 709

Re: CAPsMAN Access List Question [SOLVED]

Forgot,

Mac address field left blank.

Sent from Tapatalk

by AlainCasault
Sun Sep 23, 2018 9:17 pm
Forum: Beginner Basics
Topic: CAPsMAN Access List Question [SOLVED]
Replies: 4
Views: 709

Re: CAPsMAN Access List Question [SOLVED]

Hello

Your last access list entry should have the action of reject. If not accepted above, then you don't come in. ;)

Sent from Tapatalk

by AlainCasault
Sat Sep 22, 2018 11:48 pm
Forum: General
Topic: two pppoe servers in the same network
Replies: 6
Views: 1293

Re: two pppoe servers in the same network

I would agree with mducharme. Pppoe clients connect to whatever server answers first. You need to use service-name I'm afraid.

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Sat Sep 22, 2018 11:41 pm
Forum: General
Topic: optimize FW rule by using connection-state=new ?
Replies: 6
Views: 647

Re: optimize FW rule by using connection-state=new ?

If it's in the same filter, I don't think that one more matcher (new) will make a difference. And I don't think you'll miss anything with that. If you want to use it, maybe do new AND invalid in the same filter. What I would suggest is to allow what needs to be allowed such as "related-established" ...
by AlainCasault
Sat Sep 22, 2018 11:29 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 1748

Re: restore back to identical devices never works :(

At the very leat, we should be able to import a backup into another device of same model and RoS/bootloader version. Certificates, users and all. I think that is working. But in practice it is not enough. E.g. I have 2 installs of CCR1009-8G-1S-1S+ which when broken is no longer available and would...
by AlainCasault
Sat Sep 22, 2018 6:48 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 1748

Re: restore back to identical devices never works :(

I totaly agree with you; it is "Official" policy, but... There's always a but :) If you restore a binary backup of A on B ( provided both are the same model. And I would STRONGLY advise to have them of same ROS and Firmware also ), this should work. Thing is, you'll have the MACs of A on B. I hope I...
by AlainCasault
Sat Sep 22, 2018 6:03 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 1748

Re: restore back to identical devices never works :(

At the very leat, we should be able to import a backup into another device of same model and RoS/bootloader version. Certificates, users and all. Like I said, you can do that provided you reset the MACs. Not ideal, I agree, but workable. For the MACs, a simple "cleanup" script should make it that m...
by AlainCasault
Fri Sep 21, 2018 9:28 pm
Forum: General
Topic: routerOS licence ? [SOLVED]
Replies: 7
Views: 630

Re: routerOS licence ? [SOLVED]

Comes...

Oups, took too long to reply ;)

Sent from Tapatalk

by AlainCasault
Fri Sep 21, 2018 9:27 pm
Forum: General
Topic: routerOS licence ? [SOLVED]
Replies: 7
Views: 630

Re: routerOS licence ? [SOLVED]

Any mikrotik hardware chimes with its license. You only need to buy for x86 or chr.

Cheers

Sent from Tapatalk

by AlainCasault
Fri Sep 21, 2018 8:15 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 1748

Re: restore back to identical devices never works :(

Well, restore from A to B can work IF you reset the MAC address of ALL physical interfaces. Also, if you have an address in a bridge, make sure that it's pointing to a real MAC, not the one in the backup that doesn't exist anymore.

Cheers

Sent from Tapatalk

by AlainCasault
Fri Sep 21, 2018 4:21 pm
Forum: General
Topic: Change login password
Replies: 1
Views: 241

Re: Change login password

I'm afraid there's no way of doing it. Interrupting the boot process will let you set some low level parameters, but nothing else. Try to negotiate with the former employee, good luck with that. I would suggest you review your config backup strategy, which you probably decided to do by now :( You co...
by AlainCasault
Thu Sep 20, 2018 3:37 pm
Forum: General
Topic: After upgrade firmware 6.40.5, Can't change admin's group to full
Replies: 6
Views: 718

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

What's the point in responding to this 7 month old post?
Especially as a lot of water how flowed under various RouterOS bridges since then.
What's the point of being unpleasant? Why do you care?

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Wed Sep 19, 2018 8:02 pm
Forum: General
Topic: After upgrade firmware 6.40.5, Can't change admin's group to full
Replies: 6
Views: 718

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

And don't forget to add firewall filters!!!
by AlainCasault
Wed Sep 19, 2018 8:00 pm
Forum: General
Topic: Can't change username on ROS 6.43 [SOLVED]
Replies: 21
Views: 3827

Re: Can't change username on ROS 6.43 [SOLVED]

Make a new user, then re-login. There are big security changes in last versions, rename is no longer possible. Hello Normis, Can you explain what this change addresses, what security recommendation is met. I'm not a security expert, so I don't get it. "Create/Delete" ends up with the same result as...
by AlainCasault
Wed Sep 19, 2018 7:54 pm
Forum: General
Topic: After upgrade firmware 6.40.5, Can't change admin's group to full
Replies: 6
Views: 718

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Chances are, you have to netinstall and reconfigure :(
Once finished, change the admin PWD right away?
by AlainCasault
Thu Sep 06, 2018 8:32 pm
Forum: General
Topic: Securing my Rb3011 under attack - SOLVED
Replies: 3
Views: 417

Re: Securing my Rb3011 under attack

Hello, As you're doing your firewall, use "SAFE" mode (top left of winbox). This will remove your new config entries from the moment safe mode was activated until the moment you locked yourself out (should it happen). Yes, you will lose all that work but at least you won't have to drive the 400km. S...
by AlainCasault
Wed Sep 05, 2018 9:20 pm
Forum: Wireless Networking
Topic: Message "does not allow station-bridge" when client cannot connect to capsman
Replies: 4
Views: 741

Re: Message "does not allow station-bridge" when client cannot connect to capsman

I'm not sure what you mean. What's in station mode? The remote router?

If so, the remote router it's meant to be an AP, and nothing else. Once configured as a capsman client, you can't configure the wifi radio unless it's from the capsman.

Regards

Sent from Tapatalk

by AlainCasault
Tue Sep 04, 2018 7:39 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 997

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

I actually do both. I'll use the backup for simple restores, after a test for example, when I change the setup drastically. Just make sure the backup is good by testing it once in a while ;) If the device really crashed or I'm replacing it with a different model, then the export and line by line app...
by AlainCasault
Mon Sep 03, 2018 12:00 am
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 997

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Well I have a binary backup but I thought it is better to just import the config so that any side effects regarding configuration are gone. For me a import script is like setting up the device from the beginning. For me a device independent script should be more reliable in case of disaster recover...
by AlainCasault
Sun Sep 02, 2018 4:35 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 997

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Edit: system backup save name=ABC


Sent from Tapatalk

by AlainCasault
Sun Sep 02, 2018 4:33 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 997

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Hello I have not experienced this issue but I'd like to say that if you are using export as a means of backing up your routers, you're headed for disaster. You need to do a binary backup which is a real backup. Passwords and all. Should you loose a router, as long as it's not totally defective, you ...
by AlainCasault
Thu Aug 30, 2018 8:03 pm
Forum: RouterBOARD hardware
Topic: Please give a remote hard reset option!!!
Replies: 11
Views: 1500

Re: Please give a remote hard reset option!!!

Extra: as long as you only meant hard reboot and not factory reset. ;)

Sent from Tapatalk

Edit:
2 relays. With proper cabling / soldering (one for power, one for reset button leads), one could launch a Netinstall from ground level.
Hey, I never said it would be practical ;)
by AlainCasault
Thu Aug 30, 2018 8:02 pm
Forum: RouterBOARD hardware
Topic: Please give a remote hard reset option!!!
Replies: 11
Views: 1500

Re: Please give a remote hard reset option!!!

How about just connecting your router to a relay. Press a button while at ground level and power it's cut off. Hard reset! :)

Sent from Tapatalk

by AlainCasault
Thu Aug 30, 2018 4:50 pm
Forum: Beginner Basics
Topic: RB3011UiAS Password was changed?
Replies: 10
Views: 816

Re: RB3011UiAS Password was changed?

@tippenring

Ah! Thanks for that.

People just don't get the pitfalls of (poorly) written messages. ;)



Sent from Tapatalk

by AlainCasault
Thu Aug 30, 2018 4:16 pm
Forum: Beginner Basics
Topic: RB3011UiAS Password was changed?
Replies: 10
Views: 816

Re: RB3011UiAS Password was changed?

Yes :(
No. Or "not necessarily" anyway.
And how do you log in with a lost password??

Sent from Tapatalk

by AlainCasault
Thu Aug 30, 2018 3:51 pm
Forum: Beginner Basics
Topic: RB3011UiAS Password was changed?
Replies: 10
Views: 816

Re: RB3011UiAS Password was changed?

Yes :(


Sent from Tapatalk

by AlainCasault
Thu Aug 30, 2018 3:42 pm
Forum: Wireless Networking
Topic: how many device need for 300 concurrent wireless users?
Replies: 5
Views: 1139

Re: how many device need for 300 concurrent wireless users?

I would go for at least 5mbps/user not 100kbos...
Why limit? It's local traffic.


Sent from Tapatalk

by AlainCasault
Wed Aug 29, 2018 4:00 pm
Forum: Wireless Networking
Topic: how many device need for 300 concurrent wireless users?
Replies: 5
Views: 1139

Re: how many device need for 300 concurrent wireless users?

To piggyback on Normis' answer, I'd add that your question is more 802.11 related than MikroTik. You need to consider the area to cover and buy the required devices for that area. Actuality, I would not reduce speed for users as it will prolong airtime which is not recommended. They need to send dat...
by AlainCasault
Fri Aug 24, 2018 3:50 pm
Forum: Wireless Networking
Topic: Sharing Motel WiFi
Replies: 12
Views: 1782

Re: Sharing Motel WiFi

I also benefit from a firewall as I don't trust public hotspots. Thanks. I will test it out. All time I am connected to a public WIFI, I always user L2TP/IPSEC to my MT at home. Do not trust any open site. :) How do I setup the security profile? security-profile=Bidon Same as you would for any non-...
by AlainCasault
Thu Aug 23, 2018 9:00 pm
Forum: Wireless Networking
Topic: Sharing Motel WiFi
Replies: 12
Views: 1782

Re: Sharing Motel WiFi

@Jotne Here's my (partial) config as requested. /interface wireless ###BASIC WLAN1 SETUP. BOGUS SECURITY PROFILE TO PREVENT ROUTER FROM CONNECTING TO ANY "OPEN" WI-FI. NOTE ALSO EMPTY SSID. set [ find default-name=wlan1 ] antenna-gain=1 band=2ghz-onlyn country=canada \ default-forwarding=no disabled...
by AlainCasault
Thu Aug 23, 2018 4:43 am
Forum: Beginner Basics
Topic: downloadable docs?
Replies: 3
Views: 466

Re: downloadable docs?

There appears to be an extension available for Wiki to convert to e-book or PDF. Other wiki sites sometimes have it available. Maybe MikroTIk could install it. They had it at one point, but I guess they removed it. You could even order a printed version of the collection you had created. Sent from ...
by AlainCasault
Wed Aug 22, 2018 10:02 pm
Forum: Wireless Networking
Topic: Sharing Motel WiFi
Replies: 12
Views: 1782

Re: Sharing Motel WiFi

Most definitely. I'm not in front of a router right now but look up VAP ( virtual access point) if you're in a hurry. Real easy once you know (like everything else in life :D ). I suggest you configure wlan1 as a client first since you'll know right away if you have hotspot connectivity. The rest is...
by AlainCasault
Wed Aug 22, 2018 9:11 pm
Forum: Wireless Networking
Topic: Sharing Motel WiFi
Replies: 12
Views: 1782

Re: Sharing Motel WiFi

Wrong, Wrong, wrong. It CAN be done with a single radio. Wlan1 is setup as a WiFi ( and dhcp) client. Then, create a vap that is an AP (with all regular configs). I do this with a mAP or mAP lite, but all WiFi models will do it also. The mAPs are just very portable. So yes, it can be done. Sent from...
by AlainCasault
Wed Aug 22, 2018 9:05 pm
Forum: Beginner Basics
Topic: downloadable docs?
Replies: 3
Views: 466

Re: downloadable docs?

You may find it here i think so https://www.mikrotik.com/documentation
It's all old stuff. The only recent one is the (html) wiki.

It would be good indeed.

Sent from Tapatalk

by AlainCasault
Thu Aug 02, 2018 9:14 pm
Forum: Beginner Basics
Topic: mAP2nD, setup Eth1 as DHCP server
Replies: 5
Views: 493

Re: mAP2nD, setup Eth1 as DHCP server

Personaly, I've never used Quickset, so I can't help you there. I like to go the old-menu-way. When creating a DHCP server, you should use the "DHCP Setup" button on the DHCP Server window, first tab. It automates everything and does a great job of it. Many students try to create the pool, then the ...
by AlainCasault
Thu Aug 02, 2018 4:32 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 7694

Re: Mikrotik in the news..bad news

@AlainCasault 1200 is not a home router, if you buy it you have to know what you are doing. I agree with you, but my point was that some models have different behavior. And as stated in other replies, even so-called "experts" will miss basic steps setting up (corporate) devices. My comment is to em...
by AlainCasault
Thu Aug 02, 2018 3:36 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 7694

Re: Mikrotik in the news..bad news

This is basically the set of default rules I have found on every device I've gotten from Mikrotik. Until I add proper rules, either firewall or NAT, I cannot access the router or the devices behind it remotely because it would drop all my traffic since it lacks proper rules. I can't find the (older...
by AlainCasault
Thu Aug 02, 2018 3:07 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 7694

Re: Mikrotik in the news..bad news

I think he means the default action of "if not filters apply", which is a non issue given the factory "default" firewall filters. I did think which reading this post that maybe the firewall should default to deny with no rules, so you have to explicitly allow everything you want to go through. Some...
by AlainCasault
Thu Aug 02, 2018 2:48 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 7694

Re: Mikrotik in the news..bad news

I think he means the default action of "if not filters apply", which is a non issue given the factory "default" firewall filters.

Sent from Tapatalk

  • 1
  • 2