Community discussions

MikroTik App

Search found 156 matches

by Stril
Wed Nov 11, 2020 10:42 am
Forum: General
Topic: WAP AC - new version - without triple chain
Replies: 32
Views: 1437

Re: WAP AC - new version - without triple chain

I really love mikrotik, but their wifi-range and wifi-effort makes me think about leaving away...
by Stril
Tue Nov 10, 2020 11:31 pm
Forum: General
Topic: WAP AC - new version - without triple chain
Replies: 32
Views: 1437

WAP AC - new version - without triple chain

Hi!

I just saw the new version of the WAP AC and I am quite confused.
Does it really contain just 2x2 wifi and not triple chain as the "old version"?

That would be a step back...

Stril
by Stril
Sat Oct 17, 2020 12:47 am
Forum: Wireless Networking
Topic: Best way to setup "wireless-uplink" for access points without wired connection
Replies: 1
Views: 160

Best way to setup "wireless-uplink" for access points without wired connection

Hi! I need to have some access points, that do not have a wireless uplink to bring wifi signal so some "low-density"-corners. What do you think, is the best way to configure this? My access points send out 4 SSIDs as virtual APs. Should I do WDS on everyone, or configure the "non-wired" AP as statio...
by Stril
Fri Oct 16, 2020 12:58 pm
Forum: Wireless Networking
Topic: Mikrotik wifi roaming expirience
Replies: 19
Views: 1216

Re: Mikrotik wifi roaming expirience

Hi!

I just found the main-issue:
viewtopic.php?f=7&t=167606&e=1&view=unread#unread

--> STP needs to be disabled
by Stril
Thu Oct 15, 2020 9:22 pm
Forum: Wireless Networking
Topic: Tip: Faster Roaming without STP
Replies: 14
Views: 809

Re: Tip: Faster Roaming without STP

Hi!

Why should DHCP speed up roaming? Can you please explain?
by Stril
Thu Oct 15, 2020 2:07 pm
Forum: General
Topic: Export config without MAC - automation
Replies: 1
Views: 153

Export config without MAC - automation

Hi! I want to do some automation to send a master-config to several devices. Is there any possibility to avoid mac addresses for virtual access points /interface wireless /export compact set [ find default-name=wlan1 ] band=2ghz-g/n country=germany disabled=no mode=ap-bridge name=ssid1 security-prof...
by Stril
Thu Oct 15, 2020 11:52 am
Forum: Wireless Networking
Topic: Tip: Faster Roaming without STP
Replies: 14
Views: 809

Re: Tip: Faster Roaming without STP

Hi!

It's just about the STP on the AP-bridge.
by Stril
Thu Oct 15, 2020 9:18 am
Forum: General
Topic: Central Logging - Graylog
Replies: 6
Views: 962

Re: Central Logging - Graylog

@wisphak1
Did you go with RAW-input, or did you find any option for BSD-input on graylog?
by Stril
Wed Oct 14, 2020 7:59 pm
Forum: Wireless Networking
Topic: Tip: Faster Roaming without STP
Replies: 14
Views: 809

Tip: Faster Roaming without STP

Hi!

I just found a solution to allow MUCH faster roaming between MT-access-points:

Just disable (R)STP on the bridge!

Such an easy thing, but that helps a lot. I never thought about this, but as a wifi-interface is down before the first clients connects, this seems to have impact.

Stril
by Stril
Fri Oct 09, 2020 10:23 am
Forum: Wireless Networking
Topic: Mikrotik wifi roaming expirience
Replies: 19
Views: 1216

Re: Mikrotik wifi roaming expirience

Hi!

Yes, I tried this, but without success.
I already checked, if "forced disconnects" would help, but as I had enough overlap, clients did roam, before the "kick" would have happened.
by Stril
Fri Oct 09, 2020 9:39 am
Forum: Wireless Networking
Topic: Mikrotik wifi roaming expirience
Replies: 19
Views: 1216

Mikrotik wifi roaming expirience

Hi! I am a long-time MT-user - administrating about 150 MT-devices, but I hope, you can give me some input, about roaming. Wifi roaming should be mostly a client-process, but I am just not able to get a good roaming-expirience with mikrotik-wifi-devices. Test-setup: - 2 access-points - perfect wifi ...
by Stril
Tue Oct 06, 2020 2:14 pm
Forum: Wireless Networking
Topic: CAPsMAN - Local-Forwarding - how to choose bridge
Replies: 11
Views: 588

Re: CAPsMAN - Local-Forwarding - how to choose bridge

Hi!

I tried exactly this:

CAPsMAN provisioned two vAPs on one physical CAP.
- SSID1 - Datapath local-forwarding
- SSID2 - Datapath local-forwarding - use-tag=10

But now, the tag does not seem to be used. The vAP on the CAP does still show: no tag, vlan-id 1

Did I miss anything?
by Stril
Tue Oct 06, 2020 9:12 am
Forum: General
Topic: Central Logging - Graylog
Replies: 6
Views: 962

Re: Central Logging - Graylog

Hi!

It would be great, if you could keep me updated.
by Stril
Tue Oct 06, 2020 9:09 am
Forum: Wireless Networking
Topic: CAPsMAN - Local-Forwarding - how to choose bridge
Replies: 11
Views: 588

Re: CAPsMAN - Local-Forwarding - how to choose bridge

Hi!

I do not have any technical reason to do so.
The only advantage of multiple bridges is better visibility for me, as I do not really like the way, mikrotik shows up vlan interfaces.
by Stril
Mon Oct 05, 2020 5:08 pm
Forum: Wireless Networking
Topic: CAPsMAN - Local-Forwarding - how to choose bridge
Replies: 11
Views: 588

Re: CAPsMAN - Local-Forwarding - how to choose bridge

Hi!

Thank you!
So, if I add a new virtualAP via CAPsMAN with local-forwarding, I would have to

- add VLAN to AP
- add VLAN to AP-uplink tagged
- add vAP via CAPsMAN with vlan-tag=xx and local-forwarding


Right?

Thank you for your help!
by Stril
Mon Oct 05, 2020 2:22 pm
Forum: General
Topic: Best way to configure multi-SSID-AP with VLAN-breakout
Replies: 12
Views: 615

Re: Best way to configure multi-SSID-AP with VLAN-breakout

Hi!

@anav
Thank you! This is a great post!

The "default AP-rsc" seems to be working like my "single-bridge-setup".
by Stril
Mon Oct 05, 2020 12:43 pm
Forum: General
Topic: Best way to configure multi-SSID-AP with VLAN-breakout
Replies: 12
Views: 615

Best way to configure multi-SSID-AP with VLAN-breakout

Hi! I am just configuring some access points, with 2 SSIDs that have to break out to different VLANs on ether1. I found multiple possibilities and hope, you can help me to use the "easiest" one fot the futur: Background: SSID1 to vlan 10 SSID2 to vlan 20 Management on default VLAN 1 (untagged) Multi...
by Stril
Sun Oct 04, 2020 9:54 pm
Forum: Wireless Networking
Topic: CAPsMAN - Local-Forwarding - how to choose bridge
Replies: 11
Views: 588

CAPsMAN - Local-Forwarding - how to choose bridge

Hi! I am just trying to do my first CAPsMAN-setup.Everything is clear, except the local-forwarding. Can you give me a hint on how to steer, which local bridge is used at the CAP, if I choose "local-forwarding"? If the AP would not be managed, I would be able to configure: - SSID1 - bridged to bridge...
by Stril
Sat Sep 19, 2020 9:47 am
Forum: Wireless Networking
Topic: Are you using MT for Wifi-Deployments with many APs
Replies: 2
Views: 303

Re: Are you using MT for Wifi-Deployments with many APs

Hi!

Thank you for your answer. Are you happy now with your "single-AP-deployment"?
How do you manage it?

Best wishes
Stril
by Stril
Fri Sep 18, 2020 2:28 pm
Forum: Wireless Networking
Topic: Are you using MT for Wifi-Deployments with many APs
Replies: 2
Views: 303

Are you using MT for Wifi-Deployments with many APs

Hi! I really like mikrotik devices, but I have never used them for larger scale wifi-deployments (> 20 APs). For those setups, I have used Aruba or UBNT. What are your thoughts for deployments with 20-100 Indoos-APs in offices and warehouses? As it should be possible to use (or not) CapsMan: Are you...
by Stril
Mon Jun 29, 2020 9:36 am
Forum: General
Topic: Proscend 180-T VDSL2 SFP Modem - Sync Speed and state
Replies: 2
Views: 855

Re: Proscend 180-T VDSL2 SFP Modem - Sync Speed and state

Hi!

Thank you, but there seem to be no debug-infos.
Did you ever find a solution for this?

Best wishes
by Stril
Fri Jun 26, 2020 5:46 pm
Forum: General
Topic: Proscend 180-T VDSL2 SFP Modem - Sync Speed and state
Replies: 2
Views: 855

Proscend 180-T VDSL2 SFP Modem - Sync Speed and state

Hi! I am using a Proscend 180-T VDSL2 SFP Modem in a HEXS. The module is working as VDSL-modem and I can establish a PPPOE-session through it. But: I do not get any debug-data like: - DSL-Sync state - DSL-Sync speed Do you have any idea on how to get additional debug infos with this module? Thank yo...
by Stril
Thu Jun 25, 2020 10:52 am
Forum: General
Topic: Central Logging - Graylog
Replies: 6
Views: 962

Central Logging - Graylog

Hi! I want to let my MT devices send their logs to a central destination. I am already using Graylog, so I did set up a syslog input on Graylog and configured it as destination for the MT-devices. But: - If I use "BSD syslog" on my MT routers, I do not see the messages. - If I do not use "BSD syslog...
by Stril
Sat Jun 20, 2020 11:55 am
Forum: General
Topic: Performance-Impact of large address-lists
Replies: 1
Views: 661

Performance-Impact of large address-lists

Hi! I want to use large block-lists with >1000 objects in firewall policies. Can you tell me something about the performance impact? Which device do I need, for a bridging firewall with 1 GB/s throughput and some firewall-rules that do filter on that lists? RB1100X4? CCR1009? CCR2004? Thank you for ...
by Stril
Thu Jun 18, 2020 5:30 pm
Forum: General
Topic: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield
Replies: 9
Views: 1571

Re: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield

Hi!

Let's take the IP: 2.59.200.1 (from Spamhaus DROP).

Can you ping the IP?
by Stril
Thu Jun 18, 2020 4:02 pm
Forum: General
Topic: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield
Replies: 9
Views: 1571

Re: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield

But did you see, if the content is really "managed"?
by Stril
Thu Jun 18, 2020 3:14 pm
Forum: General
Topic: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield
Replies: 9
Views: 1571

Re: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield

If I wasnt using axiom shield ( i can write it off for tax purposes) I would be using this service.
But what is your expirience with Axiom? It seems like the Axiom website did not get any updates for two years? Are you getting updates frequently?
by Stril
Thu Jun 18, 2020 12:21 pm
Forum: General
Topic: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield
Replies: 9
Views: 1571

Re: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield

Hi!

I am not really interested in L7 capabilities. What I am looking for is:
- a good set of blacklists, that are maintained
- some DDOS-rules
- a good IDS-link (seperate IDS-system with API-link)
by Stril
Thu Jun 18, 2020 10:08 am
Forum: General
Topic: Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield
Replies: 9
Views: 1571

Adding dynamic firewall rules to mikrotik - Suricata - Axiom Shield

Hi! I am looking for some additional security to block attacks directly at the perimeter. What I found, is: - Suricata-integration with ETPro-rules Looks great, but it's hard to decide and manage which rules should be blocked, because there is no "severity" level at the rules. - Axiom Cyber Shild I ...
by Stril
Mon Feb 24, 2020 4:26 pm
Forum: General
Topic: CRS - Trunk-Port with all VLANs including those, which are not configured
Replies: 2
Views: 1255

Re: CRS - Trunk-Port with all VLANs including those, which are not configured

Hi!

Yes, it's about the CRS3xx models.

Thank you for your hints. That's not, what I hoped, but maybe scriptable. It would be great to have an option to set a port to mode "contains all VLANs".
by Stril
Thu Feb 20, 2020 1:06 pm
Forum: General
Topic: CRS - Trunk-Port with all VLANs including those, which are not configured
Replies: 2
Views: 1255

CRS - Trunk-Port with all VLANs including those, which are not configured

Hi! I want to replace some switches with CRS-switches. Is there any possibility to setup "trunk-ports" wich always hold all VLANs and - where every new vlan is instantly available tagged - where every unknown vlan is forwarded to, that enters another trunk-port? Dell switches e.g. handle VLANs on po...
by Stril
Thu Feb 20, 2020 12:39 pm
Forum: SwOS
Topic: Support for MC-LAG/Port bonding across chassis?
Replies: 3
Views: 4832

Re: Support for MC-LAG/Port bonding across chassis?

Hi!

Do you have any news about MC-LAG?

Stril
by Stril
Tue Jan 07, 2020 1:10 pm
Forum: General
Topic: L2TP-IPSEC Fortigate-Mikrotik
Replies: 0
Views: 988

L2TP-IPSEC Fortigate-Mikrotik

Hi! Was anybody here able to setup a working L2TP-IPSEC between a Mikrotik device as L2TP-client and a Fortigate as L2TP-server? What I did was (first without IPSEC): config vpn l2tp set eip 10.91.91.59 set sip 10.91.91.50 set status enable set usrgrp "L2TP_group" end --> Usergroup L2TP_group is set...
by Stril
Fri Jan 03, 2020 3:28 pm
Forum: General
Topic: Route Metric IPSEC
Replies: 1
Views: 586

Route Metric IPSEC

Hi!

Is there any possibility to set the route metric for IPSEC-tunnels?

I have set up an IPSEC-tunnel Mikrotik to Fortigate (which is working), but I cannot set its priority compared to the "normal routes" and other IPSEC-tunnels.

Can you give me a hint?

Thank you and regards,
Stril
by Stril
Fri Jan 03, 2020 2:32 pm
Forum: Beginner Basics
Topic: Dst-NAT - System reachable on two IPs - PacketLoss
Replies: 1
Views: 767

Re: Dst-NAT - System reachable on two IPs - PacketLoss

...one additional info:

I am running a constant ping, but I only see one packet in the NAT-table-
Connection-Tracking is set to "on"
There is no fasttrack active.
by Stril
Fri Jan 03, 2020 2:12 pm
Forum: Beginner Basics
Topic: Dst-NAT - System reachable on two IPs - PacketLoss
Replies: 1
Views: 767

Dst-NAT - System reachable on two IPs - PacketLoss

Hi! I am totally confused in my setup and hope, you can give me a hint: RB1100AHx4 with v6.46.1 - Computer1 on eth1 with IP 10.10.10.100/24 - Computer2 on eth1 with IP 10.10.20.100/24 - Router has the IP .1 on both interfaces. What I need to achive is, that Computer 2 can reach a virtual IP 192.168....
by Stril
Thu Jan 02, 2020 8:59 am
Forum: General
Topic: Firewall - IPSEC - incoming-interface is WAN
Replies: 12
Views: 1875

Re: Firewall - IPSEC - incoming-interface is WAN

Hi!

I checked the default-config, but there are no firewall rules - only "/ip firewall nat remove [find comment~"defconf"]"
by Stril
Tue Dec 31, 2019 1:25 pm
Forum: General
Topic: Firewall - IPSEC - incoming-interface is WAN
Replies: 12
Views: 1875

Re: Firewall - IPSEC - incoming-interface is WAN

Hi!

Sorry, but I do not understand, how your hint interfers with my last post.
by Stril
Tue Dec 31, 2019 8:49 am
Forum: General
Topic: Firewall - IPSEC - incoming-interface is WAN
Replies: 12
Views: 1875

Re: Firewall - IPSEC - incoming-interface is WAN

Hi!

Yes, that is 95% of what I meant. Thank you!

In that case, I do not need to allow "spoofed addresses" on the WAN-interface, but: Isn't there still the danger, that one IPSEC-peer can spoof addresses of another one, or is this prevented by the Phase-2-definitions?

Thank you for your help!!
Stril
by Stril
Mon Dec 30, 2019 6:18 pm
Forum: General
Topic: Firewall - IPSEC - incoming-interface is WAN
Replies: 12
Views: 1875

Firewall - IPSEC - incoming-interface is WAN

Hi! I want to setup an IPSEC WAN between a Mikrotik and a Fortigate device. The VPN is running, BUT: I am totally confused about the firewall rules. On the mikrotik-device, incoming packets through the VPN-tunnel are coming from interface ether-6 (WAN1). How can I configure the firewall without loos...
by Stril
Mon Aug 19, 2019 12:46 am
Forum: RouterBOARD hardware
Topic: Mikrotik Switch - 48 Port
Replies: 12
Views: 9111

Re: Mikrotik Switch - 48 Port

Hi!

Any news about that?
A 48 Port Switch would be a big step forward for universal usage of mikrotik switches...

Stril
by Stril
Wed Jun 26, 2019 10:53 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi! Did you find any possiblity to get valid RSSI-values? I see fluctuation over the first 5 minutes. After that, RSSI is unchanged for weeks - no matter, if there is heavy rain. On thunderstorms, sometimes the RSSI dropped and did not get back to the "real" value without dropping the link manually ...
by Stril
Wed Jun 26, 2019 10:51 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi! Did you find any possiblity to get valid RSSI-values? I see fluctuation over the first 5 minutes. After that, RSSI is unchanged for weeks - no matter, if there is heavy rain. On thunderstorms, sometimes the RSSI dropped and did not get back to the "real" value without dropping the link manually ...
by Stril
Mon May 06, 2019 9:55 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi! I have a strange problem: - 2x LHG 60G link, 395m - RSSI stable at -50 to -52 dB, Signal-Quality 80-95 Next to the LHG on one side, there is a large (3x3x3m), rotating advertisement-cube When the rotation of the cube is off, the link is 100% stable. When I start the rotation, the MCS drops down ...
by Stril
Mon May 06, 2019 9:23 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi!

Did anybody of you have long-term-experience with any "weather-cover"?
Which ones did work fine for you?

Thank you for your thoughts
by Stril
Fri Mar 22, 2019 9:22 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Can you give me a hint on how to transfer ALL vlans through a LHG-Link? Do I have to configure the VLANs, or is it enough to leave "VLAN Filtering" disabled on the bridge?
Yes. Do a plain bridge and do no tagging then all packets go through.
Thank you!
This is working perfectly.
by Stril
Thu Mar 21, 2019 2:15 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi!

Can you give me a hint on how to transfer ALL vlans through a LHG-Link? Do I have to configure the VLANs, or is it enough to leave "VLAN Filtering" disabled on the bridge?

Thank you for your help!
by Stril
Sun Mar 17, 2019 7:49 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Prior to thinking, these products will be better than the LHGs, just read the UB-forums and search for FCS-errors and corrupted packets...

Just added an LHG to take over the traffic of an AirFiber...
by Stril
Mon Jan 28, 2019 11:41 am
Forum: General
Topic: ERRO: wrong username or password
Replies: 11
Views: 20553

Re: ERRO: wrong username or password

Hi!

Did you find a solution for this?
I just updated one device and now: wrong username or password

Device is on "empty" password!!

Telnet is working, but winbox is not...

Regards
Stril
by Stril
Fri Jan 18, 2019 9:08 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi! There are just too many variables and modifying the hardware makes it any harder... I have a 400m link. With lower frequencies, RSSI ist better than with high frequencies, BUT: MCS is unstable! 58GHz: RSSI=48, MCS is going up and down (on stable weather conditions) 64GHZ: RSSI=54, MCS stable on ...
by Stril
Thu Jan 17, 2019 3:33 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Mikrotik has such a GREAT product with the LHG60G, but details are just too "cheap".

A "LHG-60G-PRO" with weather-proof, professional layout and better align-feature would open the doors to new customers for mikrotik. For short links, LHG-60G-PRO could be as good or better than UBNT AirFiber, etc.
by Stril
Thu Jan 17, 2019 9:09 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Update for ALU vs LHG dish:

The ALU dish has a strange behaviour: RSSI is good, Signal ist good, but MCS is unstable!

With LHG-dish, i see a stable MCS of 8 (PHY Rate: 2.3 Gbps). With the upgrade-kit, MCS goes up and down from 4 to 8.

Do you have any other idea, to make the LHG "snow-proof"?
by Stril
Wed Jan 16, 2019 5:09 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi! I just installed the Alu-dish+ABS-cover (that DJVolt offers) on one side of my LHG-Link. RSSI seems to be a bit lower with Alu than with LHG-dish (+3dB) on my first test /interface w60g monitor 0 connected: yes frequency: 64800 remote-address: 24:18:1D:63:62:56 tx-mcs: 8 tx-phy-rate: 2.3Gbps sig...
by Stril
Wed Jan 16, 2019 12:22 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Aligning with BTest is a very bad idea for a short link in my opinion. Bad aligned means: Gigabit on good weather, lower bandwidth on heavy rain. Good alignment means: Always Gigabit --> You want gigabit on all conditions. What I do: - Align "by sight" both sites (should be easy for 200m) - Optimize...
by Stril
Tue Jan 15, 2019 1:17 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

.... But RSSI is the only way to determine the signal margin for bad weather. Right?

I cannot install the link while there is heavy rain and snow.

Did anybody else see smaller RSSIs with Alu dishes?
by Stril
Wed Jan 09, 2019 1:11 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi!

Why do you use the feeder, now?
Your first setup was: LHG with alu dish AND cover. What's the advantage of the feeder?
by Stril
Sat Dec 08, 2018 7:03 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 301
Views: 57939

Re: wAP 60G experience

Some photo of project that is still modified :) Looks great! It would be perfect to have a fair real life comparison of your devices like: xxx meters, rainy day, perfect aligned systems, rssi and phys rate with: - LHG60G - LHG60G with alu dish - LHG60G with alu dish and abs cover - Custom 60G on WA...
by Stril
Mon Dec 03, 2018 9:23 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi!

Do you see ANY updates on RSSI, when the link is running?
I had much fluctuation within the first 5 minutes, but then, I do not see ANY change - no matter if it's dry or wet.
by Stril
Wed Nov 28, 2018 6:42 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 113679

Re: v6.44beta [testing] is released!


*) winbox - show "W60G" wireless tab on wAP 60G AP;
Hi!

That problem still exists with 6.44beta40
w60g monitoring is still only valid on CLI. GUI shows empty values.
by Stril
Tue Nov 27, 2018 9:11 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi!

Can you tell me, what kind of grounding you are using with the LHG60?

Option 1:
Use shielded patch-cable and a surge-protector like the UBNT ETH-SP-G2 to ground the patch-cord.

Option 2:
Add second cable to the antenna with grounding-cable

Option 3:
Option 1+2

Thank you for your hint!
by Stril
Tue Nov 27, 2018 9:57 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi! Aligning is a real pain compared to other 60G-devices... I was using two Bridgewave-Links which could be aligned with a multimeter - easy process. The LHG 60G are crazy: - Without alignment-mode: It takes 5 minutes! until the signal gets stabilized! RSSI dances up and down within the first 300s....
by Stril
Sun Nov 25, 2018 1:07 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 113679

Re: v6.44beta [testing] is released!

using a w60G and beta28 im not getting any information on the interface page eg Frequency 64800 Remote MAC Signal MCS PHY Rate RSSI TX Sector TX Sector Info RX Sector Distance All blank, and the quickset page is showing 0 for signal and MCS Kingsley I can confirm this on LHG60
by Stril
Sat Nov 24, 2018 8:30 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Another record! Master side: connected: yes frequency: 66000 remote-address: 04:D6:AA:XX:XX:XX tx-mcs: 4 tx-phy-rate: 1155.0Mbps signal: 50 rssi: -62 tx-sector: 58 tx-sector-info: left 0.6 degrees, up 1.4 degrees distance: 4332.52m tx-packet-error-rate: 0% Slave side: connected: yes frequency: 6600...
by Stril
Sat Nov 24, 2018 4:39 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi! But do you have any idea, why the phys-rate is not stable although RSSI is good? It is best at 64800 MHz, but not perfect stable at 2.3 Gbps. At lower frequencies, RSSI is still at -50, but phys-rate drops sometimes to 386 Mbps Do you run Data over the link when you see this? I tried it with an...
by Stril
Sat Nov 24, 2018 11:01 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi!

But do you have any idea, why the phys-rate is not stable although RSSI is good?

It is best at 64800 MHz, but not perfect stable at 2.3 Gbps.
At lower frequencies, RSSI is still at -50, but phys-rate drops sometimes to 386 Mbps
by Stril
Sat Nov 24, 2018 9:07 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

With the dish (LHG60G)? Should probably be around -30/-35. At 400m, it should be around -45 and at 1km, -55 (with channel 4). With channel 1, it's probably going to drop to -55 for 400m and -65 for 1km. I found that post and thought, -50db is not good for 400m... If -50db is o.k.: Do you have any i...
by Stril
Fri Nov 23, 2018 6:05 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Try to use this http://www.cdr.pl/p6418,uchwyt-precyzyjny-wireless-wire-dish-rblhgg-60adkit.html to align with better rssi Hi! I am already using this kit on both sides, but its really strange: I can see a wide window, where RSSI is about -50db! I just cannot get more than -40 to -50 - no matter if...
by Stril
Fri Nov 23, 2018 4:27 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi! Today, I tried to install my first LHG 60G - with not so much success... 399m, perfect LOS. No rain. RSSI is only -48 NO MATTER, if it is really centered or no, NO matter which frequency. I could not get more than -48. BUT: rx-phy-rate is changing all the time from 2.3 Gbps to lower values to "c...
by Stril
Fri Nov 09, 2018 11:50 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Maybe with the precision kit the alignment tool works well

http://www.cdr.pl/p6418,uchwyt-precyzyj ... adkit.html
Hi!

My precision kit just arrived, but CAUTION: it's not a kit! It's only for one side of the link!!
by Stril
Fri Nov 09, 2018 11:23 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

https://www.aliexpress.com/item/10000m-532-nm-Green-Laser-Sight-Lasers-Pointer-Powerful-device-Adjustable-Focus-Lazer-with-laser-303/32921666322.html?spm=2114.search0104.3.26.496e440aBzECTb&ws_ab_test=searchweb0_0,searchweb201602_2_10065_10068_319_317_10696_5728811_10084_453_454_10083_10618_10307_1...
by Stril
Wed Nov 07, 2018 6:36 pm
Forum: General
Topic: Bandwidth test can't connect outside local subnet
Replies: 11
Views: 2834

Re: Bandwidth test can't connect outside local subnet

Hi!

I cannot help you, but I have the same problem...
Did you find a solution?
by Stril
Fri Nov 02, 2018 4:20 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 1588

Re: Winbox-Traffic - 200kbit/s

Hi!

It would be great to be able to configure the refresh rate to lower that bandwidth consumption...
by Stril
Fri Nov 02, 2018 4:09 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 1588

Re: Winbox-Traffic - 200kbit/s

Hi!

Thats strange... I am connecting to the IP of the CRS.
I just checked my Firewall-connection-list....

If I just connect to the CRS, it consumes only a few kbps (14,4)
If I only open the interface-list, it goes up to 260 kbps

--> The problem seems to be the Interface List.

Can you confirm this?
by Stril
Fri Nov 02, 2018 12:50 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 1588

Re: Winbox-Traffic - 200kbit/s

Hi!

Absolutely.
I checked it twice
by Stril
Fri Nov 02, 2018 12:09 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 1588

Re: Winbox-Traffic - 200kbit/s

Hi!

I see constantly 200 kbps with NO open windows.

...tested with CRS 326.


Stril
by Stril
Fri Nov 02, 2018 10:48 am
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 1588

Re: Winbox-Traffic - 200kbit/s

Hi!

Yes, but with only one window, I already see 200 kbps...
by Stril
Fri Nov 02, 2018 10:02 am
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 1588

Winbox-Traffic - 200kbit/s

Hi!

Winbox takes a lot of traffic, if it is simply connected to a router (about 200kbit/s).
Is there any possibility to limit this?

Today, I just had the problem, that two engineers have been connected on a low-bandwidth-link and that caused problems...

Thank you for your hints
Stril
by Stril
Mon Oct 22, 2018 11:42 am
Forum: General
Topic: ZTE LTE-Interface - DHCP
Replies: 0
Views: 478

ZTE LTE-Interface - DHCP

Hi!

I am using many Huawei LTE-interfaces, but I currently have a problem with a new ZTE LTE-interface card:

I am trying to active DHCP-Client, but the interface lte1 is "greyed out". Can you give me a hint on how to activate this?

Thank you
Regards
Stril
by Stril
Mon Oct 15, 2018 12:00 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 592
Views: 106241

Re: LHG 60G experience

Hi!

66GHz sounds great, but if I'm right, LHG60 uses 2000 MHz Channel bandwidth.
In this case, 65GHz would be perfect...
by Stril
Wed Sep 12, 2018 5:24 pm
Forum: General
Topic: Log FCS-Errors - Which Source/Destination
Replies: 0
Views: 440

Log FCS-Errors - Which Source/Destination

Hi! I have some problems with FCS-Errors and the combination of UBNT-airfiber and Mikrotik-devices. UBNT says, its only management-traffic, but I do not trust in that. My Question: Is there any possibility to log every "fcs-error-packet" on a link with source and destination to find out, which packe...
by Stril
Wed Sep 12, 2018 5:07 pm
Forum: General
Topic: fcs error on link - CCR1009-8G-1S-1S+
Replies: 3
Views: 724

Re: fcs error on link - CCR1009-8G-1S-1S+

Hi!

Then, you will have probably a problem with the cabeling.

FCS-Errors are Layer-2-Checksum-Problems.
by Stril
Wed Sep 12, 2018 4:01 pm
Forum: General
Topic: fcs error on link - CCR1009-8G-1S-1S+
Replies: 3
Views: 724

Re: fcs error on link - CCR1009-8G-1S-1S+

Hi!

Which device is installed on that port? UBNT AirFiber?
by Stril
Wed Sep 05, 2018 9:26 pm
Forum: General
Topic: RouterOS v6.x with Ubiquiti AirFiber 24 v2.0 - RX Error FCS
Replies: 76
Views: 33137

Re: RouterOS v6.x with Ubiquiti AirFiber 24 v2.0 - RX Error FCS

Hi! Did you find a solution for that problem? Today, I installed an AirFiber 24HD-link. The MT-device behind the link is a CCR1016 with software version 6.40.3 that shows: fcs error on link I tried to use FlowControl without success. The warning-message occures once a minute (in average). Edit: I ju...
by Stril
Wed Aug 29, 2018 4:50 pm
Forum: Scripting
Topic: Exit script if...
Replies: 4
Views: 2638

Exit script if...

Hi!

I am looking for a solution to abort a script if a variable is empty.
:if ([:len $net1] = 0) do={
exit
}
...rest of the script should not be executed if $net1 empty
This does not work. Can you give me a hint on how to solve this?

Thank you
Stril
by Stril
Wed Aug 29, 2018 12:31 pm
Forum: General
Topic: PCQ - Queue - where to set limit
Replies: 1
Views: 595

PCQ - Queue - where to set limit

Hi! I am trying to setup PCQ-queues, but I am not sure, where to set the bandwidth. Goal: 10M bandwidth 10 Users Every User should get min 1M, but maximum 2M (if possible) I can set bandwidth in the Queue-Tree AND in the Queue-Type menu. Can you give me a hint on how to configure this? - Queue Type:...
by Stril
Wed Aug 15, 2018 7:57 pm
Forum: General
Topic: Stacking and MC-LAG for MT-Switches
Replies: 0
Views: 693

Stacking and MC-LAG for MT-Switches

Hi!

Are there any plans to add the following features to the CRS-switches?

- stacking
- MC-LAG

Thank you and best wishes
Stril
by Stril
Mon Aug 13, 2018 3:22 pm
Forum: General
Topic: Centralized Management
Replies: 4
Views: 6331

Re: Centralized Management

Hi! Unimus is/will hopefully be a great tool, but I think, it needs some enhancements. Just some feedback for the moment: - Centralized Upgrade: Great, but it would be very helpful to see the current ROS-version of every device in the device-list - Backups Backups do not contain passwords/keys. Ther...
by Stril
Wed Aug 01, 2018 6:49 pm
Forum: General
Topic: Centralized Management
Replies: 4
Views: 6331

Centralized Management

Hi! As mikrotik does not really have a centralized management solution: How did you solve this? Did you write any script-set that can send config changes to multiple devices? Whats your way? The only thing, I found, was TikManager, but there is nearly NO information about what it can do. Best wishes...
by Stril
Wed Aug 01, 2018 4:50 pm
Forum: General
Topic: Winbox - Info Popup
Replies: 3
Views: 1020

Re: Winbox - Info Popup

Hi!

Did you find any possibility to configure a popup?

That would be great.
by Stril
Wed Jul 25, 2018 6:47 pm
Forum: General
Topic: User with the right to ping (nothing else)
Replies: 2
Views: 630

Re: User with the right to ping (nothing else)

Hi!

I want to let the user connect via SSH to execute a remote-ping, but ping AND flood-ping seem to depend on "read"-right.

Is there any workaround?
by Stril
Wed Jul 25, 2018 1:40 pm
Forum: General
Topic: User with the right to ping (nothing else)
Replies: 2
Views: 630

User with the right to ping (nothing else)

Hi! I want to create a user for my monitoring-system, that is able to do remote pings. --> Created user with only the right to login via telnet and "test" Now, the user can login, but gets: ping 8.8.8.8 SEQ HOST SIZE TTL TIME STATUS not enough permissions (9) I had to add "read", but I do not want t...
by Stril
Wed Jul 25, 2018 11:34 am
Forum: General
Topic: Calling all Mikrotik Switch experts
Replies: 7
Views: 1151

Re: Calling all Mikrotik Switch experts

PoE or no PoE...
by Stril
Wed Jul 25, 2018 9:22 am
Forum: General
Topic: CRS 326 - Port Isolation
Replies: 0
Views: 529

CRS 326 - Port Isolation

Hi! I want to configure port-isolation on a CRS 326. The wiki describes to use: /interface ethernet switch port-isolation ...but this is not available on a CRS326 Can you tell me, how I can achieve this? The only possibility I found was to use: - Use IP-Firewall for bridge - Set Firewall rules - NO ...
by Stril
Mon Jul 16, 2018 8:44 pm
Forum: Beginner Basics
Topic: Firewall wildcard object - IP ends with .101
Replies: 3
Views: 882

Re: Firewall wildcard object - IP ends with .101

Hi!

Thank you for your answer - although the facts are sad.
This would make it much easier to write rules.
by Stril
Mon Jul 16, 2018 6:28 pm
Forum: Beginner Basics
Topic: Firewall wildcard object - IP ends with .101
Replies: 3
Views: 882

Firewall wildcard object - IP ends with .101

Hi!

I need to define some global firewall rules and I try to simplify the ruleset.

Is it possible to define something like:

IP ends with .101
Or: 0.0.0.101 SubnetMask: 0.0.0.255

Thank you for your help!

Regards,
Stril
by Stril
Wed Jul 11, 2018 10:00 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 21520

Re: MUM Europe 2018 - New hardware incoming

Hi! I hope mikrotik will think about the new models one more time - they have a very strange port-set... For me, it's important to have an uplink that is "one-speedstep" above the rest of the ports. CRS332 should have: 32x SFP+ 2-4x QSFP+ This would be a nice device... CRS354 is good, but QSFP+ is o...
by Stril
Mon Jun 04, 2018 5:23 pm
Forum: General
Topic: CRS 326 - Port down after reboot
Replies: 0
Views: 375

CRS 326 - Port down after reboot

Hi! I have some problems with my CRS 326. Some ports stay down after reboot, although there is a device connected. Disable, reenable also solves the problem until the next restart. Did you ever see that problem? - ROS Versions tested: 6.41.1 and 6.42.3 (same behaviour) - Two different devices tested...
by Stril
Thu May 17, 2018 11:14 am
Forum: General
Topic: Is it so hard to use dynamic IP VPNs with mikrotik
Replies: 23
Views: 2298

Re: Is it so hard to use dynamic IP VPNs with mikrotik

Hi!

Sorry, was not in the forum, was at MUM:

https://www.youtube.com/watch?v=QlkIbx0Jpoo
..at 04:00 min on the slideshare
by Stril
Thu May 17, 2018 9:01 am
Forum: General
Topic: Is it so hard to use dynamic IP VPNs with mikrotik
Replies: 23
Views: 2298

Re: Is it so hard to use dynamic IP VPNs with mikrotik

Hi!

I found several hints in the forum, that xauth should not be used with site-to-site-VPNs. The examples are always just for RoadWarriors.
How did you handle this? I do not want to use dynamic IPs for the "client-branch-offices" inside the L2TP.
by Stril
Thu May 17, 2018 12:10 am
Forum: General
Topic: Is it so hard to use dynamic IP VPNs with mikrotik
Replies: 23
Views: 2298

Re: Is it so hard to use dynamic IP VPNs with mikrotik

Hi!

But with L2TP and IPSEC, I would have to use the same PSK for all the peers, right?

Using only one tunnel at a time actively is absolutely ok for me. Balancing is not important - only failover...
by Stril
Wed May 16, 2018 6:53 pm
Forum: General
Topic: Is it so hard to use dynamic IP VPNs with mikrotik
Replies: 23
Views: 2298

Re: Is it so hard to use dynamic IP VPNs with mikrotik

Hi! What do you think about: 2x L2tP-Tunnels - Tunnel 1: via "current Internet-Connection of branch-office) to HQ-ISP1 - Tunnel 2: via "current Internet-Connection of branch-office) to HQ-ISP2 2x EoIP-Tunnel WITH IPSec inside the L2TP-Tunnels - Tunnel 1 on L2TP-1 - Tunnel 2 on L2TP-2 --> L2TP is not...
by Stril
Wed May 16, 2018 4:22 pm
Forum: General
Topic: Is it so hard to use dynamic IP VPNs with mikrotik
Replies: 23
Views: 2298

Re: Is it so hard to use dynamic IP VPNs with mikrotik

Hi!

@pe1chi:
Your setup sounds good, but how do you handle the problem, that all the L2TP-tunnel will share one PSK?
by Stril
Wed May 16, 2018 3:23 pm
Forum: General
Topic: Is it so hard to use dynamic IP VPNs with mikrotik
Replies: 23
Views: 2298

Re: Is it so hard to use dynamic IP VPNs with mikrotik

Hi! @sindy: I think, the biggest problem is, the aggressive-mode is not fully supported. There seems to be no possiblity to check the peer-id (i did not find one). Thats why I cannot seperate the traffic). @mrz: I will give it a try. is mode-config only possible with an IP-pool, or are static IPs su...
by Stril
Wed May 16, 2018 1:06 pm
Forum: General
Topic: Is it so hard to use dynamic IP VPNs with mikrotik
Replies: 23
Views: 2298

Re: Is it so hard to use dynamic IP VPNs with mikrotik

Hi! Thank you for your answers! @sindy: Yes, I saw this answer. 4 Tunnels would be possible.I will give it a try. Just to be sure: - HQ: Define two IPSec Peers. Peer 1: Local IP is WANHQ1-IP Peer 2: Local IP is WANHQ2-IP Remote-IP is always 0.0.0.0 --> But how are the SAs set, if I do not know the r...
by Stril
Wed May 16, 2018 9:05 am
Forum: General
Topic: Is it so hard to use dynamic IP VPNs with mikrotik
Replies: 23
Views: 2298

Is it so hard to use dynamic IP VPNs with mikrotik

Hi! I really love using mikrotik devices for most of the networking jobs in my projects, but there is one thing, that avoided using mikrotik many, many times: It is SO hard to use VPNs with dynamic IPs or MultiWAN! One example: Branch offices have: DSL-internet + LTE backup (dynamic and provider-NAT...
by Stril
Mon May 14, 2018 10:31 am
Forum: General
Topic: L2TP Server - IPSEC-PSKs
Replies: 9
Views: 972

Re: L2TP Server - IPSEC-PSKs

Hi!

Thats not very nice...

- I want to avoid TCP-VPNs --> no SSTP
- I need to use Multi-WAN on both sides of my VPNs with dynamic IPs on one of the sides. --> IPSEC is VERY bad to configure

Do you have any other idea on how to do this "nicer"?


Stril
by Stril
Sat May 12, 2018 10:44 pm
Forum: General
Topic: L2TP Server - IPSEC-PSKs
Replies: 9
Views: 972

Re: L2TP Server - IPSEC-PSKs

Hi!

The only possibility, I found, was SSTP which is running fine, but I am not sure, if this is a good idea...
by Stril
Sat May 12, 2018 9:57 pm
Forum: General
Topic: L2TP Server - IPSEC-PSKs
Replies: 9
Views: 972

Re: L2TP Server - IPSEC-PSKs

Hi!

Then, it is useless for me. If ever one client gets compromised, I have to change all the accounts...

Is there any alternative, you see?
by Stril
Sat May 12, 2018 9:30 pm
Forum: General
Topic: L2TP Server - IPSEC-PSKs
Replies: 9
Views: 972

Re: L2TP Server - IPSEC-PSKs

Hi!

But how can I define the IPSEC manually, as the IPs are dynamic? The "automatically created" IPSEC-policy from L2TP is created with the current IP of the peer...

How is this done manually?
by Stril
Sat May 12, 2018 9:04 pm
Forum: General
Topic: L2TP Server - IPSEC-PSKs
Replies: 9
Views: 972

L2TP Server - IPSEC-PSKs

Hi! I am trying to setup an L2TP-Server _with_ IPSec-Encryption for multiple clients with dynamic IPs. The first client was easy, but now, there is one thing, I do not understand: /interface l2tp-server server set default-profile=default enabled=yes ipsec-secret=XXXXX use-ipsec=required I can only s...
by Stril
Sat Apr 14, 2018 10:52 am
Forum: General
Topic: Firewall Builder support for MikroTik
Replies: 5
Views: 2605

Re: Firewall Builder support for MikroTik

Hi!

If anybody would be interested in coding a fwbuilder-plugin/extension:

I would pay for such a developement!

Regards,
Stril
by Stril
Tue Feb 06, 2018 9:58 am
Forum: General
Topic: Which device for 10GbE Bandwidth-Test
Replies: 9
Views: 2581

Re: Which device for 10GbE Bandwidth-Test

Hi!

I just want to build a bandwidth-tester to verify that other devices can handle 10 GbE. The MT-devices do not have any other job.

The goal is to have to compact devices, that I can transport to two different racks to have a benchmark about the bandwidth between them.

Stril
by Stril
Tue Feb 06, 2018 9:21 am
Forum: General
Topic: Which device for 10GbE Bandwidth-Test
Replies: 9
Views: 2581

Re: Which device for 10GbE Bandwidth-Test

Hi! I just read the following info in the MT-wiki: Warning: Bandwidth Test uses only single CPU core and will reach its limits when core will be 100% loaded. --> I think,k I will have the same problem with all devices, except the CHR with one VERY fast CPU-core. I could only get 250 Mbps in my first...
by Stril
Mon Feb 05, 2018 5:13 pm
Forum: General
Topic: Which device for 10GbE Bandwidth-Test
Replies: 9
Views: 2581

Re: Which device for 10GbE Bandwidth-Test

Hi!

I just want to have a "real-world-test", if the fiber can run on 10 GbE without errors.

Is this possible with CCR 1016?

One CCR1016 does send, the other one receive and vice versa?
by Stril
Mon Feb 05, 2018 4:07 pm
Forum: General
Topic: Which device for 10GbE Bandwidth-Test
Replies: 9
Views: 2581

Which device for 10GbE Bandwidth-Test

Hi!

I want to connect 2 Mikrotik-devices to test the bandwidth between them with their integrated bandwidth-tester.

Can you give me a hint, which of the devices have enough power to saturate a 10GbE-Link with the tester?

Is a CCR1009 powerful enough?

Thank you for your help!

Stril
by Stril
Mon Feb 05, 2018 10:44 am
Forum: General
Topic: Add Custom-Script to LCD
Replies: 0
Views: 530

Add Custom-Script to LCD

Hi! I want to use 2 mikrotik-devices as network-tester. The goal is to test, if a "clear" 10 GbE-connection can be established over a fiber. It would be great, if I would not need a test-notebook and if everything would be shown on the LCD: - Interface-bandwidth (already available) - Error rate - In...
by Stril
Mon Jan 29, 2018 9:42 am
Forum: General
Topic: running config and startup config in v4.0
Replies: 5
Views: 4558

Re: running config and startup config in v4.0

Hi! I just want to reactivate that old thread. Are there any news about this? I really miss that feature. Safe-Mode is not an option because people often forget to enable it. The "cisco-like" "copy running-config startup-config" is great because there is the option to get back to a working config wi...
by Stril
Mon Jan 29, 2018 9:31 am
Forum: General
Topic: RSTP - Disable on one port
Replies: 5
Views: 2270

Re: RSTP - Disable on one port

Hi!

Its just not clear, what edge-port does...
There are four options:

- yes
- no
- yes discovery
- no discovery

But what does that exactly mean?

Thank you
Stril
by Stril
Sat Jan 27, 2018 11:32 pm
Forum: General
Topic: RSTP - Disable on one port
Replies: 5
Views: 2270

RSTP - Disable on one port

Hi! I need to use RSTP on Mikrotik-bridges, BUT: Is there any possibility to disable RSTP on one of the bridge ports? I just found "edge port", but in that case, the bridge listens for BPDUs, but I want to avoid that, because I do not want that somebody outside connects and makes itself the root-bri...
by Stril
Fri Sep 22, 2017 8:39 am
Forum: Wireless Networking
Topic: BIG BUG- Unicast key exchange timeout
Replies: 120
Views: 103990

Re: BIG BUG- Unicast key exchange timeout

Hi!

I had that problem, too, yesterday.

The reason was a short WPA2-key. Changing it to a longer key solved the problem for me.

Regards,
Stril
by Stril
Tue Aug 22, 2017 10:20 am
Forum: Beginner Basics
Topic: Master-Slave vs Same Bridge
Replies: 7
Views: 2667

Re: Master-Slave vs Same Bridge

Hi!

That feature sounds interesting!
How is this offloading made? Is it like "fastpath", that it can only affect "non-filtered" sessions, or is it like ACLs in an enterprise-grade Switch?

Regards,
Stril
by Stril
Sat Aug 19, 2017 12:16 am
Forum: Beginner Basics
Topic: Master-Slave vs Same Bridge
Replies: 7
Views: 2667

Re: Master-Slave vs Same Bridge

Hi!
Short answer:

MasterSlave means: use switch chip --> few features, high performance

Bridge means: use router CPU --> many features, low performance

For a dump switch, use master slave.
If you want to filter, use a bridge.
by Stril
Tue Aug 08, 2017 9:17 am
Forum: General
Topic: A/P bonding - ARP-Ping
Replies: 0
Views: 466

A/P bonding - ARP-Ping

Hi! I want to use active-passive-bonds to connect CCRs to two switches for redundancy. What I do not understand is, how ARP-ping is working: - eth1(active) and eth2(passive) are bonded to bond1 - arp-ping to IP 10.10.10.10 is activated Does the router send pings on both interfaces, or only on the ac...
by Stril
Tue Aug 08, 2017 12:09 am
Forum: General
Topic: CCR 1016 - max bridging performance
Replies: 3
Views: 1085

Re: CCR 1016 - max bridging performance

Hi!

I do not want to bridge all ports - only two ports.

Are you sure, CRS can filter STP in switch mode without passing the packets to the CPU?
by Stril
Fri Aug 04, 2017 2:16 pm
Forum: General
Topic: CCR 1016 - max bridging performance
Replies: 3
Views: 1085

CCR 1016 - max bridging performance

Hi! I need two new devices. The goal is to bridge full gigabit with only very few filters (block Spanning Tree packets). Can you give me a hint on choosing the right device? As there is a version of CCR 1016 with redundant power supply and SFP-Ports, this would be my prefered choice. Do you think, t...
by Stril
Fri Jul 28, 2017 9:38 am
Forum: General
Topic: Understanding RSTP Port Priority
Replies: 1
Views: 1596

Understanding RSTP Port Priority

Hi! Mikrotik offers a config paramter "priority" for every port of a bridge. Could you help me to understand this? I never saw such a paramter. I do only know bridge-priority which is used to determine which one is the root-bridge and I know path costs to determine which paths are "alternate"-paths....
by Stril
Wed Jul 05, 2017 4:48 pm
Forum: Beginner Basics
Topic: IPTables bash script
Replies: 6
Views: 2602

Re: IPTables bash script

Hi! The real advantage is to be able to easily maintain rulesets with objects for many firewalls. My example: I have 50 branch-offices and I have to setup an additional Active Directory Domain Controller. In FWBuilder, I just need to add the DC to the group of "Domain Controllers" and the full set o...
by Stril
Wed Jul 05, 2017 9:47 am
Forum: Beginner Basics
Topic: IPTables bash script
Replies: 6
Views: 2602

Re: IPTables bash script

Hi!

I just want to reactivate that threat.

How do you config large firewall-rulesets?

I think, the concept of fwbuilder is great with its way to work with "objects".

Regards,
Stril
by Stril
Mon Jul 03, 2017 12:51 pm
Forum: General
Topic: Transparent Bridge over Layer 3
Replies: 0
Views: 441

Transparent Bridge over Layer 3

Hi! I have three buildings: B1 <-> B2 Link with 10G B1 <-> B3 Link with 1G wireless B2 <-> B3 Link with 400M wireless The goal is to bridge all the VLANs, I am using in B1+2 to B3 over the two wireless links Is this possible with EoIP WITHOUT setting up every VLAN, or how do I need to use one bridge...
by Stril
Wed Feb 08, 2017 11:11 am
Forum: RouterBOARD hardware
Topic: 1 Gbit/s connection, need router upgrade?
Replies: 21
Views: 7019

Re: 1 Gbit/s connection, need router upgrade?

Hi!

Did you ever benchmark IPSEC "single-stream-performance" on the CCR1009s?

Regards,
by Stril
Sun Feb 05, 2017 10:37 am
Forum: Beginner Basics
Topic: Usage Reports
Replies: 1
Views: 691

Re: Usage Reports

Hi!

You should take a look at Netflow.

Regards
by Stril
Wed Feb 01, 2017 4:53 pm
Forum: Wireless Networking
Topic: Dual-Radio Client Mode
Replies: 3
Views: 1060

Re: Dual-Radio Client Mode

Hi!

Isnt anybody using MT-Devices as client in Dual-Radio-environments?

Regards,
by Stril
Tue Jan 31, 2017 4:19 pm
Forum: Wireless Networking
Topic: Dual-Radio Client Mode
Replies: 3
Views: 1060

Dual-Radio Client Mode

Hi!

Is it possible to use mikrotik-devices as client devices in dual-radio-environments?

The MT system should connect to a 5GHz AP with fallback to 2.4GHz AP as a standard-client does. How can I set this up?

Thank you
Regards,
Stril
by Stril
Fri Jan 27, 2017 12:30 pm
Forum: Beginner Basics
Topic: Safe Mode Powercycle - Useless
Replies: 13
Views: 3026

Re: Safe Mode Powercycle - Useless

Hi!

I think, it would be best to have the standard-enterprise behaviour:

- Config-edits change "running-config"
- running-config must be commited to "boot-config"

If you want to have an "auto-reset" after 5 mins, you could schedule a reboot and cancel it, if everything goes right.

Regards,
by Stril
Fri Jan 27, 2017 12:08 pm
Forum: Beginner Basics
Topic: Safe Mode Powercycle - Useless
Replies: 13
Views: 3026

Re: Safe Mode Powercycle - Useless

Hi!

I saw this long time in some szenarios where I connected over WAN.
On local devices, the reconnect happens in less than 30s.

Regards
by Stril
Fri Jan 27, 2017 11:21 am
Forum: Beginner Basics
Topic: Safe Mode Powercycle - Useless
Replies: 13
Views: 3026

Safe Mode Powercycle - Useless

Hi! I am just trying to use and understand Safe Mode. The goal is to go back to a working config if i do something stupid. Test 1: - Activate Safe Mode in Winbox - Do something stupid (remove IP from interface) - Wait 10 Minutes --> Working config is back --> Great Test 2: - Activate Safe Mode in Wi...
by Stril
Tue Jan 24, 2017 7:12 pm
Forum: General
Topic: User with default Safe Mode
Replies: 16
Views: 9445

Re: User with default Safe Mode

Hi! Are there any plans to add that option? I think most "enterprise hardware" has the standard behaviour: - Changes in Config are volatile until you "safe to bootconfig" I really like that behaviour as a lockout can always made undone by letting someone power-cycle the device. Safe Mode is a good t...
by Stril
Tue Jan 24, 2017 6:54 pm
Forum: General
Topic: Feature request: Aggressive mode IPSEC with pre-shared key
Replies: 4
Views: 4932

Re: Feature request: Aggressive mode IPSEC with pre-shared key

Hi! That feature request is quite old, but still unsolved. Will there be any possibility to work with IPSEC on dynamic IPs without the need of any "DYNDNS-hacks" or a second L2TP-Layer? The need to use IPSEC in combination to L2TP leads to an additional layer of complexity. Other vendors allow to co...
by Stril
Tue Jan 24, 2017 11:40 am
Forum: General
Topic: Netflow on Bridge / Switch (CRS)
Replies: 1
Views: 622

Re: Netflow on Bridge / Switch (CRS)

Hi! Update: I was just able to produce a Netflow stream. The trick was not to use the switch-chip. The "internal" ports can be configured with "master-interface", but I removed the "uplink-port" and added both of them to a bridge. Now I see the uplink-traffic on netflow if "Bridge - Use IP Firewall"...
by Stril
Tue Jan 24, 2017 11:02 am
Forum: General
Topic: CCR as NetFlow Generator
Replies: 5
Views: 1293

Re: CCR as NetFlow Generator

Hi!

Did you find any solution on how to see the whole traffic with netflow in your setup?

Regards,
by Stril
Tue Jan 24, 2017 9:43 am
Forum: General
Topic: Winbox - Info Popup
Replies: 3
Views: 1020

Winbox - Info Popup

Hi! Is there any possibility to open a popup with an information on winbox-logon? I found /system note, but this information can only be seen on terminal-logon. It would be great to leave some information if another engineer is using winbox like "Caution - High-Availability-Setup - Manual Sync to Pa...
by Stril
Tue Jan 24, 2017 9:08 am
Forum: General
Topic: Netflow on Bridge / Switch (CRS)
Replies: 1
Views: 622

Netflow on Bridge / Switch (CRS)

Hi! I am trying to setup netflow-support on a CRS125. The post in the mikrotik wiki describes, that normally only trafic which is "passing the queues" is counted. Is there any possibility to see traffic passing a bridge? As the system does not need much performance, I could avoid using the switch ch...
by Stril
Tue Jan 17, 2017 8:53 am
Forum: General
Topic: IPSec VPN Set-up between Dual WAN & Single WAN for Fail-Over
Replies: 17
Views: 21094

Re: IPSec VPN Set-up between Dual WAN & Single WAN for Fail-Over

Hi!

I know, that this is a very old thread, but was anybody able to get this working?

In my szenario, the Branch Office has got two ISPs (with dynamic IPs), too. So there should be no point of failure if one of the ISPs should fail.

Thank you and best wishes

Stril
by Stril
Tue Feb 10, 2015 9:25 am
Forum: General
Topic: 802.1Q Vlan Tagging between RB433 and CRS
Replies: 2
Views: 815

Re: 802.1Q Vlan Tagging between RB433 and CRS

Hello! I could it get to work now: Config on CRS: /interface vlan add interface=ether1 l2mtu=1518 name=ether1-Vlan101 vlan-id=101 /ip address add address=192.168.1.168/24 interface=ether1-Vlan101 network=192.168.1.0 Config on RB433 /interface vlan add interface=ether1 l2mtu=1518 name=ether1-Vlan101 ...
by Stril
Mon Feb 09, 2015 10:19 pm
Forum: General
Topic: 802.1Q Vlan Tagging between RB433 and CRS
Replies: 2
Views: 815

802.1Q Vlan Tagging between RB433 and CRS

Hi! I am trying to setup a VLAN-Trunk between a RB433 and a CRS. Just one Vlan tagged (101) and one Vlan untagged (1) My first try was not to use the switch-chip of the CRS. On both sides, I added a VLAN-interface to ether1 (ether1-vlan101) and assigned an IP to it. The two systems cannot ping each ...
by Stril
Thu Feb 13, 2014 3:53 pm
Forum: Beginner Basics
Topic: IPTables bash script
Replies: 6
Views: 2602

Re: IPTables bash script

Hello! I know, that this thread is quite old, but i am searching for a similar solution. FWBuilder is great to maintain firewall-rules. Mikrotik offers great hardware. It would be perfect, if both solutions could be combined. FWBuilder is open-source, now. Would anybody be interested in developing a...
by Stril
Sat Feb 04, 2012 8:04 pm
Forum: General
Topic: SSTP and HTTPS
Replies: 8
Views: 4892

Re: SSTP and HTTPS

Hi!

That`s a problem by design. You can't assign a port to two applications on on IP.

Stril
by Stril
Sat Oct 01, 2011 1:25 pm
Forum: Wireless Networking
Topic: WDS causes outage in wired LAN
Replies: 0
Views: 524

WDS causes outage in wired LAN

Hi! I have got a massive problem when setting up a wds: I am using two RB433 as a transparent WDS-bridge to connect devices in another building. One of them has access to the "wired" Network and the other one is connected to some other devices by wire. WDS and the ethernet interface are assigned to ...
by Stril
Tue Sep 06, 2011 4:55 pm
Forum: General
Topic: RSTP - asynchronous interface state
Replies: 2
Views: 664

Re: RSTP - asynchronous interface state

Hi!

Of course, one of the routers does send "regular" packets over the wds link, as its state is forwarding.
If I create a Bridge-Firewall-Rule, I can see that e.g. UDP packets (broadcasts) are sent from ethernet into that link and produce traffic.

Stril
by Stril
Tue Sep 06, 2011 4:43 pm
Forum: Wireless Networking
Topic: Are there any large WLAN clouds made with mikrotik
Replies: 7
Views: 1866

Re: Are there any large WLAN clouds made with mikrotik

Hi!

I do not setup anythin on the PDA.
The PDA does just connect to the SSID of the WDS.

Stril
by Stril
Mon Sep 05, 2011 7:16 pm
Forum: General
Topic: RSTP - asynchronous interface state
Replies: 2
Views: 664

RSTP - asynchronous interface state

Hi! I have got a problem with RSTP on Mikrotik-devices: If a redundant path between two devices is blocked by RSTP, it is only blocked in one direction. Router 1 and Router 2 are connected via Cable and WDS. The WDS-Link has got higher path costs, so Router 1 does set it up as "disabled" or "alterna...
by Stril
Mon Sep 05, 2011 6:22 pm
Forum: Wireless Networking
Topic: Are there any large WLAN clouds made with mikrotik
Replies: 7
Views: 1866

Re: Are there any large WLAN clouds made with mikrotik

Hi! I have to use PDAs in a warehouse. The PDAs use VNC-Sessions to connect to a Server. It is important, that we do not losse connectivity, when we change the radio cell. At the moment, I have loose packets, when the client starts roaming. If I use WDS, there is no problem, but I think WDS with abo...
by Stril
Mon Sep 05, 2011 11:06 am
Forum: Wireless Networking
Topic: Are there any large WLAN clouds made with mikrotik
Replies: 7
Views: 1866

Are there any large WLAN clouds made with mikrotik

Hi!

I need to setup am large WLAN cloud of about 40 APs.
Clients need to be able to travel around the cells without connection loss.

Are there any setups out there with MT-Systems?

Can you give me a hint, if roaming will be a problem?

Thank you and best wishes,

Stril
by Stril
Fri Feb 18, 2011 8:51 am
Forum: Beginner Basics
Topic: Deploy WLAN in large buildings - WDS
Replies: 3
Views: 816

Re: Deploy WLAN in large buildings - WDS

Hi!

But if I use wires, how should I set this up?
Is it better to use WDS to be allowed to use one single frequency in the whole building, or to use different frequencies and "isolated" WLAN-cells?

Stril
by Stril
Thu Feb 17, 2011 10:42 am
Forum: Beginner Basics
Topic: Deploy WLAN in large buildings - WDS
Replies: 3
Views: 816

Deploy WLAN in large buildings - WDS

Hi! I have to setup a WLAN in a large building. I need about 8 radio-cells, where 5 cells can be accessed by CAT-7 cables. How would you set this up? Is it good idea, to configure all the nodes as WDS-Bridges with RSTP? Then, the client could (in theory) walk through the whole building without any f...
by Stril
Wed Dec 15, 2010 5:40 pm
Forum: Wireless Networking
Topic: new static and dynamic mesh wds-mode
Replies: 3
Views: 3669

Re: new static and dynamic mesh wds-mode

Hi!

I know, that the post is quite old, but I have got the same question...

What is the difference between wds-mesh and wds?

Best wishes,
Stril