Community discussions

Search found 476 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 10
by AlainCasault
Wed Jan 30, 2019 8:14 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 421

Re: Text based backup!!!cannot load [SOLVED]

You're better off with export files. True, but with export files it also isn't easy, as I described above. It would be much easier when those minor changes were made... Of course we all understand that you cannot import an export from a 10-port router into a 5-port router without some manual action...
by AlainCasault
Wed Jan 30, 2019 5:36 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 421

Re: Text based backup!!!cannot load [SOLVED]

Doing a binary restore is "officially" meant for the same device, we all know this. It'll work ok on two devices of same model, as long as you reset the MAC address of all physical interfaces. Doing this on two routers of different models is asking for trouble and is NOT recommended. You're better o...
by AlainCasault
Tue Jan 29, 2019 6:09 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 421

Re: Text based backup!!!cannot load [SOLVED]

Hello, I'm assuming that you're rebooting AND loading the rev file at startup. I've found that if you add a 15 second delay at the top of the script file, it solves the case. Also: When transferring an export from one model to an other, it's good practice to edit the file (to remove unwanted configs...
by AlainCasault
Mon Jan 28, 2019 3:27 pm
Forum: Wireless Networking
Topic: Looking for a mikrotik router Model that supports DNAT
Replies: 8
Views: 368

Re: Looking for a mikrotik router Model that supports DNAT

Hello

All MikroTik devices support dnat.

Cheers

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 25, 2019 4:50 pm
Forum: Beginner Basics
Topic: How to use a simultaneous RBMetalG-52SHPacn
Replies: 1
Views: 94

Re: How to use a simultaneous RBMetalG-52SHPacn

Hello

That model only has one radio with the frequency software selectable.

When in doubt, always refer to the specs. https://mikrotik.com/product/RBMetalG-52SHPacn

Cheers,
by AlainCasault
Fri Jan 25, 2019 4:21 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: Make Quickset to be separate package
Replies: 29
Views: 4520

Re: Feature request: Make Quickset to be separate package

The solution he posted involved changing the skin in the web interface. It does not work in winbox.
Click on "Design Skin" and remove the checkmark in front of Quick Set, then save it as default.
Ah! OK, thanks,

Would have loved a WinBox solution also. Oh well. :)
by AlainCasault
Fri Jan 25, 2019 3:29 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: Make Quickset to be separate package
Replies: 29
Views: 4520

Re: Feature request: Make Quickset to be separate package

How do you imagine that would work? The home user needs QuickSet by default, he will not download and install it before he knows how RouterOS works. And removing QuickSet is already possible: Screenshot 2016-02-22 09.59.45.png Hello Normis, Could you please repost how to remove Qucikset? I'm affrai...
by AlainCasault
Fri Jan 25, 2019 2:36 pm
Forum: Beginner Basics
Topic: Block Password Error
Replies: 6
Views: 224

Re: Block Password Error

I would have added the last line near the top of the list, not at the bottom.
I'd also say to not bother with "dst-port=8291 protocol=tcp " on the drop filter. You got there, I'll block "everything" you do!

:)
by AlainCasault
Fri Jan 25, 2019 2:34 pm
Forum: Beginner Basics
Topic: Block Password Error
Replies: 6
Views: 224

Re: Block Password Error

Thanks Pegasus for that code. Very nice! I would suggest that if these attempts come from inside, contact the person behind the computer and have a talk with him/her. Remind him/her of company policies on hacking and the potential risks to his/her job. If it's home, block the kid's access for a day ...
by AlainCasault
Fri Jan 25, 2019 2:23 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 386

Re: Access VPN clients from LAN

I don't see much that could block return traffic (LAN to VPN). Do PCs on VPN have active firewall? I've seen that often where people would go head scratching because of that. I don't think masquerading VPN users helps much since the global masquerade filter will take care of that. I sugget filters t...
by AlainCasault
Fri Jan 25, 2019 2:03 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 386

Re: Access VPN clients from LAN

I saw that you created an IP POOL to assign ip addresses to your VPN clients. You don't need to since all your ppp secrets have an address defined. Keep the pool only if you create secrets that don't have a predefined address, but change the range so that assigned addresses don't clash with hard cod...
by AlainCasault
Fri Jan 25, 2019 2:21 am
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 386

Re: Access VPN clients from LAN

Hmmm Your secrets specify IP addresses found the the IP Pool pptp-vpn. Just change the profile to NOT have an IP Pool since all your users have hardcoded IPs. Can LAN ping VPN and vice versa? comments /ip firewall filter add action=accept chain=input comment="Allow WinBox from MAIN LAN" dst-port=829...
by AlainCasault
Thu Jan 24, 2019 9:56 pm
Forum: General
Topic: Address list in allowed addresses
Replies: 6
Views: 317

Re: Address list in allowed addresses

TIP : If you don't see it in a pull-down menu after its creation, you can't use it. Address-list is in the firewall section, and is usable only for firewall configs. The idea is interesting though!! Cheers, In some cases I have allowed addresses in an address list, in those cases I have to write th...
by AlainCasault
Thu Jan 24, 2019 9:36 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 627

Re: Turn down Tx power

As you support older standards, you may have a negative effect on overall performance as Wi-Fi will enter protected mode to accomodate everybody. But wouldn't it only do that if a device tried to connect with b? So if there are no older devices trying to connect, wouldn't it just run normally, and ...
by AlainCasault
Thu Jan 24, 2019 9:10 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 386

Re: Access VPN clients from LAN

Hello,

show us output of "export /hide-sensitive".

Thank you
by AlainCasault
Thu Jan 24, 2019 8:56 pm
Forum: General
Topic: Address list in allowed addresses
Replies: 6
Views: 317

Re: Address list in allowed addresses

TIP: If you don't see it in a pull-down menu after its creation, you can't use it.

Address-list is in the firewall section, and is usable only for firewall configs. The idea is interesting though!!

Cheers,
by AlainCasault
Thu Jan 24, 2019 8:49 pm
Forum: Wireless Networking
Topic: Use computer as internet gateway
Replies: 5
Views: 193

Re: Use computer as internet gateway

Hello Vertigo220,

Does your model have a USB connector? If you connect your phone to it and tell the phone to share its connexion through USB, then a LTE interface will appear in the RB2011. Then you can use it as a real WAN port.

Cheers,
by AlainCasault
Thu Jan 24, 2019 5:25 pm
Forum: General
Topic: Ipcloud two Mikrotik
Replies: 9
Views: 490

Re: Ipcloud two Mikrotik

It's more a question of having an open port to exploit, two in your case.

And with a VPN, you can have proper routing and all your tools will work as if at home (or at the office).
by AlainCasault
Thu Jan 24, 2019 5:15 pm
Forum: General
Topic: New connection but not SYN
Replies: 8
Views: 346

Re: New connection but not SYN

Hello, This is my ( very basic ) suggestion. It'll be your job to translate it to ROS ;) ==1== chain=intput in-interface=ether1 connection-state=established, related action=accept ==2== chain=forward in-interface=ether1 connection-state=established, related action=accept ==3== chain=intput in-interf...
by AlainCasault
Thu Jan 24, 2019 4:21 pm
Forum: General
Topic: RB 3011 Ethernet ping question [SOLVED]
Replies: 3
Views: 411

Re: RB 3011 Ethernet ping question [SOLVED]

Hello, Many things may cause this like large data transfers, CPU spikes (whatever the cause). Hard to tell from just a screen capture, but I wouldn't worry for a glitch like that. Thing is to know your network and what is normal for you. This is called baselining. If you expect (through regular veri...
by AlainCasault
Thu Jan 24, 2019 4:04 pm
Forum: Wireless Networking
Topic: Wireless connection issue: loop on the same AP
Replies: 3
Views: 198

Re: Wireless connection issue: loop on the same AP

Hello Michael, I think you answered your own question :) If I understand you: * Station has a connect-list entry to the SSID * Station is MikroTik device, since you use connect-list entries * AP1 does not have access-list entry for station * AP2 has access-list entry for station Since AP1 refuses "s...
by AlainCasault
Thu Jan 24, 2019 3:50 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 627

Re: Turn down Tx power

...
Also, when I reply in this forum, others will read it over time. So, I provide the most correct settings I know, not merely answering your exact question.
Great philosophy!! +1
by AlainCasault
Thu Jan 24, 2019 3:50 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 627

Re: Turn down Tx power

I know b is old, but unless it's a security issue, which I don't see why it would be, I don't really see the harm in leaving it for compatibility with older devices. That said, I highly doubt I would ever actually need it, and so I also don't see any harm in disabling it; I was just curious if ther...
by AlainCasault
Wed Jan 23, 2019 8:00 pm
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 287

Re: how do I connect to my bridge?

But will MNDP work? That was his problem, the "not discovering routers"...
Not sure what MNDP stands for ... but Winbox displays routers and MAC Winbox connection works in Linux and wine if that is the question.
Mikrotik neighbor discovery protocol, like Cisco's CDP.

You answered. Thanks!!
by AlainCasault
Wed Jan 23, 2019 5:38 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 1657

Re: 6.43.8 vulnerability or hack?

Side remark/question here: 1.) instead of netinstall (need to press that button, set IP on the computer), is a down grade and then an upgrade of ROS equivalent to netinstall and erases all internal memory safely? 2.) I assume once you have a clean router, if you use a "backup" taken on an infected ...
by AlainCasault
Wed Jan 23, 2019 5:33 pm
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 793

Re: How to for a guest network that can't access the internal network

Is there not a simple step by step guide that contains all the steps that is also compatible with the current OS? I cannot follow this with one step here, another step there, and some steps that are not compatible with my OS. Hello, The URL and examples shown by Baragoon will work. Yes, the URL has...
by AlainCasault
Wed Jan 23, 2019 5:26 pm
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 287

Re: how do I connect to my bridge?

Yep, Linux. (and OSX/macos).

You can run winbox in both using wine.

But will MNDP work? That was his problem, the "not discovering routers"...
by AlainCasault
Wed Jan 23, 2019 4:40 pm
Forum: Beginner Basics
Topic: Blocking adult site
Replies: 4
Views: 250

Re: Blocking adult site

Hello, It is complicated given everything is https now. But I built an Layer7 config using keywords like "porn", "xxx", etc. I use the layer 7 to block DNS requests containing those key words. But now that there are talks about secured DNS, even that will get complicated. Be aware that you should te...
by AlainCasault
Wed Jan 23, 2019 3:07 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 434

Re: CAPsMAN with virtual AP on VLAN - No connectivity

Hello MKX, Aaaah, the joy of offline discutions. Argh, it'd be so much easier "live". Oh well! So, I got it that lowercase=vlan interface (vlan101port) and UPPERCASE=bridge. But I'm still confused as to what you're saying (post #2) since if vlan101port (vlan interface) is assigned to a bridge, I sti...
by AlainCasault
Wed Jan 23, 2019 1:06 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 434

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As a bonus, here's my (partial) working setup for CAPsMAN. /caps-man channel add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ frequency=2412,2437,2462 name=channels-tous-n add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ frequency=2412 name=cha...
by AlainCasault
Wed Jan 23, 2019 1:03 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 434

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As VAPs are setup as tagged, all traffic artiving at bridge VLAN101 is tagged. For L3 configuration that's not acceptable, only untagged traffic is fine. And vlan interfaces do proper tagging/untagging: /interface vlan add name=vlan101port interface=VLAN101 and move IP configuration from VLAN101 to...
by AlainCasault
Wed Jan 23, 2019 3:26 am
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 287

Re: how do I connect to my bridge?

Piece of advice: activate RoMON On all devices. You'll find your devices no matter what. It would have been better for you if you could have used WinBox.

Glad it worked for you :)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 23, 2019 1:49 am
Forum: Beginner Basics
Topic: one port only internet, no lan [SOLVED]
Replies: 20
Views: 649

Re: one port only internet, no lan [SOLVED]

Sounds like a guest port to me. Put it on a separate subnet and allow it access only to non private addresses (through the use of address lists to keep it clean and short).

But anav is correct, I may be out of context. Let me know.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 23, 2019 1:45 am
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 287

Re: how do I connect to my bridge?

Hello Normally, you should have an IP address (on hap) on the same subnet of the port the hap is connected to. Otherwise, you can't connect. Since you can't use winbox, I'm assuming you have a Linux box, yes? Create a bridge on the hap, slave Wi-Fi and ether ports to it, assign address to bridge, an...
by AlainCasault
Wed Jan 23, 2019 1:36 am
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 434

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As VAPs are setup as tagged, all traffic artiving at bridge VLAN101 is tagged. For L3 configuration that's not acceptable, only untagged traffic is fine. And vlan interfaces do proper tagging/untagging: /interface vlan add name=vlan101port interface=VLAN101 and move IP configuration from VLAN101 to...
by AlainCasault
Fri Jan 18, 2019 12:06 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 48
Views: 10535

Re: Photos of towers and masts

Inside rack :)
The grasshopper is only one hop away ;)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 18, 2019 12:03 am
Forum: General
Topic: The time and date refuses to be set properly
Replies: 5
Views: 260

Re: The time and date refuses to be set properly

Have you tried to disable IP CLOUD and set up SYSTEM CLOCK for the correct time zone?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jan 17, 2019 10:57 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 958

Re: Can ping router, but cannot ping or connect to WAN

What I dont see is on the /ip dhcp server-network, a typical reference to dns??? I do not remember what the IP dhcp client shows for normal config export. Good point! Checked options should be show on an export, although I'm not in front of my computer to validate. Even if dns allows remote request...
by AlainCasault
Thu Jan 17, 2019 10:53 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 958

Re: Can ping router, but cannot ping or connect to WAN

I think it has to do with your dhcp client. It's not creating a default route. What make you think that? I've a hAP lite running DHCP client on WAN and config as shown in export is exactly the same as in OP. It does create dynamic route entries, shown only using print command. You were talking abou...
by AlainCasault
Thu Jan 17, 2019 8:07 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 958

Re: Can ping router, but cannot ping or connect to WAN

I think it has to do with your dhcp client. It's not creating a default route.

Cheers,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jan 17, 2019 8:02 pm
Forum: Beginner Basics
Topic: How to shut down Router before Power Off?
Replies: 15
Views: 591

Re: How to shut down Router before Power Off?

Hello, Excuse my ignorance, but why would we want to shutdown the router at the end of the day? It's Linux based, not Windows :D Kidding aside, maybe you're dealing with an issue I don't know about... Please let me know. If one wants to clear memory (???), then perhaps you could simply schedule a re...
by AlainCasault
Thu Jan 17, 2019 11:59 am
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 793

Re: How to for a guest network that can't access the internal network

Ya, since the names can be changed, it can be confusing. Use wlan1 or 2.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 16, 2019 8:15 pm
Forum: General
Topic: Which Router should i buy for a small web hosting company?
Replies: 6
Views: 484

Re: Which Router should i buy for a small web hosting company?


Finally, my mother told me never to trust a man driving in a red car sporting a beard. ;-)
LOL!!!!!

Joking aside, you're right on the money.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 16, 2019 3:18 pm
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 793

Re: How to for a guest network that can't access the internal network

Is there not a simple step by step guide that contains all the steps that is also compatible with the current OS? I cannot follow this with one step here, another step there, and some steps that are not compatible with my OS. Hello, The URL and examples shown by Baragoon will work. Yes, the URL has...
by AlainCasault
Mon Jan 14, 2019 4:53 pm
Forum: General
Topic: SSH WAN port first time
Replies: 3
Views: 182

Re: SSH WAN port first time

Hello,

This may seem obvious but make sure you don't leave ssh open too long and that your router is at the latest os.

For extra protection (sounds like a condom ad), allow ssh only from a specific IP address.

Cheers,



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 11, 2019 9:31 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 380

Re: DHCP Setup on two ports

My comment was purely on form and manner, if it wasn't obvious enough...

Next time, report my post and let a real moderator tell me what to do.
by AlainCasault
Fri Jan 11, 2019 6:23 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 380

Re: DHCP Setup on two ports

Well, you are rude and you're not very understanding. If you read the original question: request is to setup two different dhcp server configuraiton for two ports which are seemingly in same bridge configuration. What's so hard to understand? If you're not willing to help, then don't bother others ...
by AlainCasault
Fri Jan 11, 2019 5:57 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 380

Re: DHCP Setup on two ports

Its not possible to add the dhcp server on a bridged interface because those ports are logically connected like on a switch. That means the dhcp service on slave interface (ether6) would also listen on slave interface (ether7). That results into the problem that the service cannot distinguish from ...
by AlainCasault
Thu Jan 10, 2019 8:30 pm
Forum: Wireless Networking
Topic: Backhaul speeds - N only / AC only or mixed mode
Replies: 3
Views: 261

Re: Backhaul speeds - N only / AC only or mixed mode

Hello, I didn't think that mixed mode will do anything with rain fade. It will help you support older clients, which I did not want (for me). If I read you properly, it's your infrastructure. I'd go Greenfield, meaning pure N and pure AC. Yes, mixed mode allows older clients to connect but it also s...
by AlainCasault
Thu Jan 10, 2019 7:34 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 380

Re: DHCP Setup on two ports

Hello, I'm afraid your question is all over the place. Dhcp, traffic flow... I'll answer the dhcp question: assign your dhcp server to the bridge hosting the two ports. As the router is saying, you can't assign the server to a port inside a bridge. Cheers, Sent from my cell phone. Sorry for the erro...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10