Thanks for the clarification, I completely missed the point that the router itself is still reachable from all subnets because of the input chainNote that this has nothing to do with blocking communication *between* subnets, so this works if you e.g. have:
don't know, just wanted to let know it does not work in the current versionIt worked in 7.14?
Why are these rules not included in the default-config?Also your rules posted here, don't match the current ones that have a limit on the rules, see: https://help.mikrotik.com/docs/display/ ... v4RAWRules
Done, SUP-129623You may want to contact support on this.
supout.rif will be needed as well so better to include it already in the ticket.
There are many accesspoints with 2.5G PoE-in on the market...Can you guys clarify the use case of 2.5G ports but with PoE output? I thought this kind of switch was great for high end PC's, not for plugging in more routers?
This could work if you choose a Subnetmask with only a few hosts, for example 192.168.17.10/29, 192.168.17.20/29 and 192.168.17.30/29Hi, I have an hEX mikrotik routerboard and I need this configuration:
Eth2: WAN
Eth3: LAN 192.168.17.10
Eth4: LAN 192.168.17.20
Eth5: LAN 192.168.17.30
1Mbit Upload limitation according to the wiki?!CHR will continue to work without any limitation, you will just have to update it manually if you choose to do so (export config, reinstall, import it)
I have the same problem. 7.8 kills 751U-2HnDRB751U-2Hn running 7.7. Tried to upgrade twice. Same result.
D-Link switches have always been a pile of junk...why this config works with TP-link and not D-Link switch?
It essentially is only a "new" DAC cable that supports the higher SFP28 speed on supported hardware, while also being usable with SFP and SFP+ hardware.What is the interest if speed is limited to 10Gb/s?
LAG only has effect when doing transfers from/to multiple hosts at the same time.But speed is still like on 1gbit cable.
When I check the speed, the traffic flows almost via only 1 cable of three (or two).
What GPON modules are supported as of now? The Mikrotik one is not available anymore?*) sfp - fixed GPON module linking (introduced in v6.47);
Why do you need "admit-only-untagged-and-priority-tagged" on the ports in your case?Thank you everyone! I really appreciate your taking a look!
I cannot send tagged VLAN to the AP as I have some dumb switches between the CAPS manager and the AP.If i understood right, you just have to set your eth1 as tagged and then at your AP side you must create an interface VLAN for that VID...
But why would you need to do that ?
channel country distance installation keepalive-frames rx-chains tx-chainsTry this before update: https://www.mikrotik.com/download/share/fix_space.npkHi,
on hAP Lite (RB941-2nD r2), there is again the problem of not enough space to reboot:
2020-04-16 14_11_42-Clipboard.png
Trying to update from 6.46.4. Firmware on the board: 6.46.4.
MartiX
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikappWhat problems you are referring to?I don't know how Mikrotik dares to get new products in arm with the problems he has even if they deny them
I have the same problem.Does someone have a problem with mac telnet login via neighbours?
Won't login with any user and pass or without pass, nor admin..
You will always get a better speed with phone, because Mikrotik is using a very old LTE chipset. Some providers throttle non-phone LTE chip vendors.As per tests I made at the same spot, where SXT LTE is positioned, with phone and got better download speed.
Great, I did an upgrade to 6.43.1 on hEX and auto-upgrade of firmware was active. I did not reboot yet, so what to do now? I cannot upgrade to 6.43.2 bootloader before reboot! Will it be bricked afterwards?It should be fixed in 6.43.2, you will need to netinstall v6.43.2.
Renaming is not possible anymore due to security changes, please see viewtopic.php?f=2&t=139091#p685742still cant change any user names.
introduced in 6.43.0
You are correct, I think he (the user from Brazil) just used the wrong english word.That is beyond the point. Saying "inferior" compared to previous model is simply incorrect.
Yes, but today nearly every cheap smartphone supports LTE-A at 1000Mbps/​150Mbps down/up and you are still using old 150/50 modems. What about LTE bridge mode, is it supported now with SXT LTE kit?What do you guys mean? It is much better than SXT LTE first generation:
Yes, nearly all vendors handle it that way. For example in the SSD market there is AFAIK only Sandisk that offers pre-paid return stickers.Is it standard policy to have the customer pay return shipping on a defective product?
It's a winbox bug, please see viewtopic.php?f=21&t=129034&start=450#p650627Hello jspool! tried to connect from another Windows 7 PC using a switch, but still not detecting at all...
What about matching non-secure traffic with wildcards directly in firewall? Still not possible?* Match websites in firewall
Close netinstall, open it again and press install a second time. This time it will work.The device is seen in netinstall, when press the install button it last 12 seconds and then go back ready with no actual install.
I think he means such a kernel thing:How is this different? What would you like to do instead?
a two seconds search in RavenWing71 posts would have told you that: http://forum.mikrotik.com/viewtopic.php ... 64#p577464Oh, you've already found a way how to identify MSDO traffic. Do you mind sharing how it's done?Notes: I mark the MSDO packets with ToS-Bulk...
Is there a way to bypass fasttrack for this, so still beeing able to use it on all other connections?REMEMBER to disable the defconf:fasttrack in the firewall, else the queue will not work
Oh, so is there an easy way to do this for all IPs in a address-list without using mangle/filter/etc before?Source address can be an individual ip or a network range.
add action=drop chain=forward connection-state=invalidlog-prefix=""/ip upnp exportOk, I hope you don't release 6.32 before this is fixed, because RouterOS without working firewall filters is nearly uselessdadaniel - Issue is not fixed yet. It is reported to developers.
This could be very hard, because you have to be lucky to catch the moment when it is uploading to some other client. I cannot find any information about protocols and ports used anywhere.You will have to sniff the traffic to see what protocol is used.
No, it will kill my bandwidth. Default setting in non-VL editions of Windows 10 is to upload to other users on the internet.but why? it will save your bandwidth
Is this fasttrack rule replacing the default "accept connection-state=established,related"-rule or do I still need it?best is to fasttrack connection-state=established,related
It does only make sense to use FastTrack on specific (known) connections before they enter filter/other routing chains. Using it afterwards makes no sense at all...Why not to mark packet at mangle postrouting?
Is there any SXT shield kit available?Got my first batch of SXT AC and SXT AC SA.
802.11af works fine. The non SA Version does not have a shield painting inside.
So for ptp on a loaded tower some additional shielding might be neccesary.
Try this: http://aacable.wordpress.com/tag/mikrot ... detection/is it possible???
This field is empty, only local address is visible.(I suppose default Gateway: "remote-address"):
I will try this, thank you.as this is tunnel interface you can use interface name as default gateway. And you can assign static name for PPTP-out tunnel.
local iWill this VLAN processing run at hardware level and is capable of wire-speed?That VLAN rule table does not apply to CRS125, the features which will allow similar functionality are currently being developed.
Your e-mail-support is very good, but getting an answer takes way to long. I do not have the time to wait 1 week for each reply of the same case number. Sorry...In support emails, 90% of bugs are not bugs, but mistakes.
sorry, I forgot to add "wirespeed VLAN capable (via switch chipset)"Every single one, because RouterOS implements 802.1q
add action=drop chain=input connection-state=invalidadd action=drop chain=inputHello,has anybody written to support@?Doesn't appear to be even acknowledged by MT as yet, even though there is more than one report of the issue mentioned on this topic.
I am also having throughput issues with 5.2 on RB750G. I only get ~30Mbps of my 100Mbps connection. No problem with 4.175.2 still has the througput issue.