I'v had issues in the past with netinstall. Usually the device, or more specifically the ethernet port of the laptop/pc causing the netinstall trouble. Funnily enough, i'v used usb dongles on the same machine that had a fixed etherport tht didnt work, but the usb dongle allowed the netinstall proces...
Maybe its time MT splits their product lines, and does a 'budget' version of their gear( which I understand reasons for ), and a PRO line of gear ( happy to pay more to have all the bells and whistles.)
Last I checked, there's plenty of vpn or equivalent sneaky ways to get a MT to bypass a state based vpn block, that doesnt require some 'magic' plugin for MT that "would work", but other existing mechanisms already onboard dont...
I agree that there should be a bit of a road-map from Mikrotik, at least in terms of "a product that will.... and has a form factor of ....", because honestly they need to start concentrating on larger customers who as stated by avacha do have large budgets and do lifecycle planning. I als...
A couple of things. Is BOTH the routerOS version Current as well as the HapAX hardware board Firmware(System->RouterBoard { }, if not ->upgrade+reboot). Then after a reboot and the LTE comes back, have you checked the firmware upgrade for the LTE card itself ? ( Ps you could add in a watchdog servic...
Not sure if this is common knowledge. But just tested MACSEC to see if I could get it to work using 3 mikrotik's and a generic switch to connect them. I was under the impression that it was just point to point, but no it point to muti-point plus !! I set up a CCR1036, a RB750 and a RB750r2 via a gen...
100% Pain in the A$$, this issue. MT really needs to get onto fixing this. I have a mix of ~20ac + 20ax units running under capsman(wireless + wifi ) Being able to bring all my units under 1(wifi) controller-window is what I want. Its so close to working, even the ap's when I try this, i see in the ...
I think you have the concept of WAN incorrect according to your drawings. Technically you have just interfaces, one of which is a private ip range 10.x.x.x( not routable on the internet ), and your 20 & 30 ranges technically routable on the internet Anyhow, you need a 3rd set of IP's on each int...
CRS series are at the core a network switch. Yes they have some ability to do layer 3 in cpu, and some minor hardware offload, but you should 100% expect cpu to 100% cap out unexpectedly. . The CRS series is not what you should be using for routing. Try at minimum a RB5009 via the 10gbpt port as a r...
I am going down this path at the moment. I have a front end wan mikrotik rb5009, connected to a netgate pfsense hardware appliance for internet services for desk pc's which are also in an active directory environment. That said at this point will be either going down a proxy gateway approach or trap...
Yep, makes sense. The crs series is primarily a switch not a router(yes they route, but not fast and its not what they are aimed at as a product). Use a ccr series or maybe a rb5009.
https://help.mikrotik.com/docs/display/ROS/Basic+VLAN+switching With mikrotik you have generally 2 choices with vlan switching. Do it all on the devices switch chip (wirespeed ) OR Do in in CPU( the processor ) usually much slower. Doing it in switch chip is always choice 1 where you can. CRS 1 + 2...
Well a bit of time has passed since I put up this thread.... Wi-Fi 8 ..802.11bn The goal of 802.11bn is to reach 100 Gbps speeds. This is faster than copper Ethernet which tops out at 40 Gbps. This will require retrofitting ceiling mounted access points with single mode fiber. https://en.wikipedia....
Well I'll assume your using at least 24 or at worst 26AWG cat5/6 for such a long run. Cap ax's are power hungry beasts. Powering Details Number of DC inputs 2 (DC jack, PoE-IN) DC jack input Voltage 18-57 V Max power consumption 40 W (most likely CPU load related ) Max power consumption without atta...
Yes, it looks nice, and will indeed fill in a gap in the market and be good for many "basic" switching applications.. That said, for me : Big talk of future upgrades; sorry, tell me what I am getting now, not what may or may not come.. Will stick with Cisco, as you know what your getting w...
Let just hope they will be releasing next gen equipment that supports macsec hardware offload... https://www.marvell.com/content/dam/marvell/en/public-collateral/phys-transceivers/marvell-phys-transceivers-alaska-c-88x7121p-product-brief-2020-02.pdf or https://www.marvell.com/content/dam/marvell/en/...
Its funny, I work with a large Cisco environment( and have a lot of MT gear too :) ). But Cisco's software is also buggy as, let alone full of CVE's( funny when you compare against MT ! ). I'v experienced expensive and 'compatible' cisco sfps' that wont work in there hardware with various os release...
Like most versions, there are beta's.
In the case of 7.15betas were out around 2 months.
Feedback was a plenty in the forums, let alone private submitted bugs to support.
Not bad for a free release !
Was hoping 7.16 to fix roaming issues, but no luck, all worked perfect until 7.15 and new drivers. My devices keep roaming from 5ghz to 2ghz and thats very next to router under full signal, and often multiple devices roam same time(Samsung s23, LG OLED TV, ASUS tablet). I already reduced 2ghz to 10...
Having been a MT user for the past 10 years. I note a usually pretty active pattern of software patches/releases on a ~2 to 4 week cycles. Why does it feel like they have got to about 7.14.x / 7.15rc.. But have stalled on significant releases over the past 2-3 months.. Is there a new hardware produc...
Yes, that is correct.
I have just one VLAN ( a management vlan I like to call it !), that both capsmans(WiFi & Wireless) on the same physical controller unit work on.
All the clients both legacy + new ax devices use that vlan to connect back on for caps management.
I am running DUAL capsman at the moment to support dozens of legacy devices || AC || and new AX devices. So far no issues on 7.13.4 as a controller. There are some things to navigate/additions on the new wifi side of capsman world, but have now got over that hurdle. I have 1 controller a CRS317, I u...
Hi. I have a scenario where I have a few business units who look after their own gear, and do their own thing.. [ISP]-----v4(/28)--+-v6/(/54)---(VLAN200)--[CORE ROUTER-rb5009 v7.12.1]===(VLAN205)===>VLAN SWITCH===> Other routers(MT RB5009's v7.12.1) (/56) That said, I gatekeep the core router where ...
While we're at it. It would be nice to be able to disable Winbox Graphics Licence and Help for the RouterOS login screen. And also the note You have connected to a router. Administrative access only. If this device is not in your possession, please contact your local network administrator. Plus may...
If we were to wind back a bit regarding tagging/vlan and go back to documented basics Follow me here : https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching https://wiki.mikrotik.com/images/thumb/c/c7/Basic_vlan_switching.png/700px-Basic_vlan_switching.png What is the VLAN config DIFFERENCE, be...
HERE IS A VIDEO SHOWING THE ISSUE https://www.youtube.com/watch?v=PLI-1Qm1Lp4 I'm not sure why the vlan appears twice in the list in your video, but the interface appearing under "tagged" should not be a problem and is correct. If it was untagged then your packets would likely have two ta...
Depends on how you have the ports configured. If you have stuff "switching", like vlans etc then you should get full wirespeed. Else if you need to process traffic then the bottleneck is that 10Gb full duplex link to the cpu plus any load on the cpu itself.. https://i.mt.lv/cdn/product_fil...
I think it's time you uploaded your configs mate. HERE IS A VIDEO SHOWING THE ISSUE https://www.youtube.com/watch?v=PLI-1Qm1Lp4 HERE IS THE CONTROLLER /interface wifiwave2 channel add band=5ghz-ac disabled=no frequency=5200 name=5GHZ_CHANNEL40_20_AC width=20mhz add band=2ghz-n disabled=no frequency...
I run a CAMPUS mikrotik wifi network ~60 Radio's worth using legacy CAPsMAN. I can tell you it dynamically add's wireless access points & slave-ap's interfaces properly using VLAN's that are dynamically added to the bridge ( Yes I need to make sure that the required VLANs are on the bridge of t...
Why do you have a VLAN interface under the Bridge? In my setup they all report as tagged into the Bridge which is what I want. Then the bridge has a trunk port to the switches to manage the VLAN so it finds it's way back to the firewall/router to be processed. I can be wrong here but if they where ...
Just trialed 7.12rc to try and get WAVE2-Capsman-Controller ( on a RB5009 ) to properly set VLAN datapath on a cap unit ( in my case a cAP ax ) set as a cap with the manager set to capsman. I run a campus of older MT wireless and use a separate controller which is its ONLY task(not routing traffic v...
I running capsman, with about 106 radio's at the moment( mix of 2.4 + 5.8 GHz, multi-channel ), in my campus environment and about to add AX gear too( yes it sux I have to add a new controller just for those too ). No problem with high density either( I'm comfortably doing ~7+ users per 10m2 of floo...
I need to transport carrier grade ethernet(9000 byte frames) layer-2 traffic that is encrypted at layer2(macsec 802.11AE) as a backhaul using mikrotik's NV2 or NStream modes etc, not classic Wi-Fi mode(which everyone defaults to in these conversations) in a point to point bridge mode only... Current...
*) wifiwave2 - enable changing interface MTU and L2MTU;
Now if you can only adjust the wireless MTU to 9000+ Bytes for bridging l2 networks for jumbo frame support(e.g MEF 3 carrier grade connections ) in ptp wireless setups :)
Yes, take into account that most client devices ( phones etc ) have "crap" internal antennas( pretty deaf on the RX ) and low TX power. Understanding that, will help you choose a better setup, eg. more smaller units mixed around the area( same ssid/passwords , but different channels ) to h...
I have a requirement to extend a layter-2 metro fiber Ethernet service from a carrier provider over a few km's over some water. The traffic is macsec encrypted to a site. Its pretty simple stuff. So the wireless gear just needs to support 9000 Bytes-Jumbo frame(Ideally 9200 Bytes ). Mikrotik stops a...
Grateful if mikrotik could look into supporting Layer-2 Jumbo frame support( 9000+ Bytes L2 MTU ) into its Wireless backhaul products. I have a requirement to pass metro ethernet over a few KM's point to point with a L2 MTU of 9000, but wireless side gear currently (NetMetal ac² with 30dBi dishes) i...
So today I had to pull apart a LHGGM to get a sim card out. Was not happy.!1 So I made a new 3D printable model for a sim card cradle that allows you to pull it out without tape( etc ).. I have attached the .STL file if you want to 3d print one yourself ( I used a creality S1 PRO on super-quality .1...
So today I had to pull apart a LHGGM to get a sim card out. Was not happy.!1 So I made a new 3D printable model for a sim card cradle that allows you to pull it out without tape( etc ).. I have attached the .STL file if you want to 3d print one yourself ( I used a creality S1 PRO on super-quality .1...
Why? Genuinely curious as to why anyone would use WebFig over Winbox if they have the option to use Winbox. Winbox needs to be installed, WebFig is available using pre-installed browser. So why even bother with Winbox ? Winbox is fantastic in "Windows world", apple / linux... wine I guess...
PPPoE is a CPU based process last I checked.Not sure how the cpu load would look, but isnt a CRS3x a better switch than 'route/network' device.. Would a RB5009 or CCRxxxx series be better to do what you want in PPPoE and QoS.. Anyhow try CPU and use packet/connection marking in mangle and then use Q...
Hi golf0r. Use 'export' rather than 'print to show configs. e.g /export file=MyFile.rsc and from the winbox / files you will see the MyFile.rsc which you can drag onto the windows desktop and open with a text editor or use /export file=[filename] hide-sensitive command to not add in things pike pass...
I'd be waiting for cAP XL ac, but an AX version( who knows when ). That said the cAP XL ac has about 3dB better RX ( on my personal tests just looking at noise floor in a RF quiet environment ), and its got 3db+ more tx power by default over a classic cAP ac too( adjustable of course for country rul...
I've been there in my very early days millions of years ago!! with that vlan / interface port per bridge thing, and its WRONG, very wrong..( Yes it works, but at a big cost(readability + CPU load ) Via the bridge menu you should ONLY be, and do ALL of that inside there...!!! Then do your FIREWALLING...
Sorry I missed something, why does a bridge need a 100 IP DHCP range? Because that's exactly where your suppose to apply the DHCP server if you add a bridge to a physical interface port( because the physical becomes a slave interface), furthermore if you add a vlan to a bridge or physical interface...
Your better off spinning up a CHR RoS on a virtual machine and getting a CHR license to manage the hotspot users, than using an under-spec'ed(CPU/mem) device for even 50+ simultaneous users !
Noting the expected 2024 timeframe for most manufacturers to have product(s) ready. It would be now where the R&D teams should be getting there sample/test boards ready for a ~1year turn-around to market. Of all the new bells and whistles coming with WiF7, I'm most optimistic about MU-MIMO becau...
Just a nice to have... With WiFi 6 / ax having barely been introduced into Mikrotik harware lineup as of this general message. I read Wi-Fi 7 is not far off. Further reading I see Mikrotik's favorite supplier Qualcomm is now producing chips with Wi-Fi 7 onboard. ( IPQ9574 / PQ9554 / etc etc) Would i...
I think ( and probably wrong !! will need to test ). Based on some playing of other things a few nights ago If you adjust the MTU of the ETH ( or adjust down the bridge ) by ~ +/- 64bytes, and take and try again, the error may go, as I dont think MTU gets corrected when you add it to bridges/vlans a...
Thanks Network5 Thats quite handy information. Especially on CPU load. I wonder if one/two of the cores was dedicated to that task thus the ~50%'ish cpu-load !! ? Not bad I guess for a unit that's only got a CPU and no dedicated switch chip. At least there is head room for other activities on the ro...
The CRS310 is a L2 switch with Layer3 routing capability. You have the right product, but I'm not sure if you understand how to program the interface ports to do it via Router OS. There are plenty of guides e.g :https://wiki.mikrotik.com/wiki/Manual:CRS_Router#CRS3xx_series_switches In the simplest ...
Hi. Just FYI, when you do a export use : export hide-sensitive so that passwords etc are not shown.. Looking over your config further shows me that you are doing a LOT of CPU intensive work. As for switch chip native & vlan traffic, it looks like all your processing needs are CPU based not switc...
Without console config files( export ), its hard to see how you have configured devices correctly. Especially the hex S which is not designed for massive loads. That said, if your are offloading to the SWITCH CHIP of each device and NOT the CPU as you have by the looks of your winbox screen shot, yo...
In regards to the 'Cloud' solution.
Not everything I have in now >100 devices touches the public internet.
I would prefer a solution I can spin up on a Virtual Machine in a closed environment.
I understand that other people could benefit from a cloud controller, but not in my current use case.
Its a great idea. I manage approximately 97 mikrotik devices from my desk. Of which I have about 12 different models of MT hardware incl a couple of VM's Dude only gets me so far with f/w updates with the hardware side. Ideally I want a platform that : 1. Keeps an eye on configs across all devices a...
Yep, seems pretty normal for generic sfp's to randomly work between MT chassis. I have about 50 MT devices in my care all using fiber trunks. Generally speaking I use either genuine mikrotik SFP's, or Cisco Genuine( which seem to work fine ) in my MT gear. I also keep an eye on : https://wiki.mikrot...
Hi Mikrotik Next time your dev'ing up some hardware, can you look at the possibility of adding in a 'feature' as seen in some Cisco gear known as Dying Gasp. It would be nice for the last function of a router/switch who has remote syslog to receive a message with. I'm done, all power has been lost I...
I have not seen Mikrotik do anything in this area.!!! The MACSEC option has been there in the console since the very first v7 RC public release back in 2019. Its 2022 and NOTHING, yet > interface/macsec is there hidden in place sight of the console terminal... bump... I've Tried to configure it on l...
Wireless Tables -> Access list is your friend... Kick low signal clients( from the perspective of the AP ) using it. E.g /interface wireless access-list add allow-signal-out-of-range=30s interface=wlan1 signal-range= -86..120 add allow-signal-out-of-range=1s authentication=no forwarding=no interface...
I have nearly every CRS3xx box in my network, but CRS312 is not one of them(yet!), but have not come across such issue. Could you list your config. And double check your error counters on your connected ports/sfp's to see if drops match against heat load( may be a sfp issue if you use them ? ) Other...
These units are not really different conceptually to a Layer-3 switch from Cisco e.g Catalyst 3560G( one sitting on my desk atm ! ). I have 1xCRS326-24S+2Q+RM in my network, but its primary role is wire-speed switching, and the only offloaded cpu task I hand to it is the management vlan network. Pro...
Hi. I'd recommend you doing some basic online network courses 1st up to get basic network understanding. You don't do port-forwarding unless your running a local server people connect to. Don't confuse connecting to an external server's Port requirements to having your own server, they network flow ...
MT Boards with chips like IPQ40xx chipsets are USB3 compatible, just need to check they have a minipcie interface and away you go.. e.g : https://www.qualcomm.com/products/ipq4019 MT boards like : AP ac(RBwAPGR-5HacD2HnD) are what your looking for :) Remember to look at the chipset datasheets to see...
Netinstall can suck, and can be the actual PC's/Laptop network interface causing trouble in getting netinstall to work.
I'v found (sadly) sometimes I have been forced to use a usb to ethernet adaptorto get netinstall to work, after trying a dozen times on a specific pc or laptop.
From my bench testing of these, its about 3 dB higher RX( based on noise level testing against a cAP ac) , and they have also bumped the TX power by +3dB too.
Should be no problem for +100Mbps throughput @ 5GHz at reasonable line of sight distances.
Indeed band 66 is not part of the physical hardware you have installed in your LHG LTE6 and cannot be 'software fixed' Your best bet if you want to use that band is to remove the LTE card inside your LHG and replace it out with a suitable card that supports band 66. Something like a Quectel EP06-A w...
You need to add the LoRa package from the Mikrotik ->Downloads->"Extra Packages", extract out the LoRa package and drag it into winbox, the same as you would to upgrade the router with the main software update. So I would update to the latest long-term or stable(depending on your risk asse...
If anyone needs the EP06-E firmware upgrade(EP06ELAR03A08M4G.zip) and is not getting a response from Quectel support. I have a copy of it after much pain in getting it from Quectel. The upgrade process was a relative painless operation of the firmware upgrade using the Quectel v4.19 flash tool and h...
Please Mikrotik, can you add some comments on where MACSEC is currently at.. Now trying with 7.1rc7 using x86... All I see is ether-type traffic 888e on the interface I configured it on between 2x VM's. I can add an IP against the 'macsec1' interface using the command line( not winbox ) too,. mikrot...
Hi, I was wondering if Mikrotik would introduce physical USB license dongles. Use case I have is in an x86 virtualization scenario, where NO internet connections is unavailable(eg CHR). Notably the deletion/modification or moving an x86 VM would require a newly generated x86 license code. Passing th...
Why would mikrotik, make a niche product for that band plan by FCC. Niche? 6 GHz is used for 802.11ax world wide (https://en.wikipedia.org/wiki/IEEE_802.11ax-2021). Within Q3/Q4 2021, vendors start selling their enterprise access points. Consumer routers with triple radios (2.4GHz, 5 GHz, 6GHZ) and...
Wifi 6 when? I am starting to wonder if Wi-Fi 6 or Wi-Fi 6e is even on the road map. Over a year ago , the FCC opened up the 6 GHz band (5.925–7.125 GHz) and made it available for unlicensed use. More than a year later and total lack of any official Mikrotik information, I can only assume there are...
I heard 2 things to try. 1. is to bulk up your sim card with some tape at the back of it to ensure its pushing up against the pins, as apparently some sim's are thinner than the specification 2. There is a beta v027(as of Jan2021) that mikrotik can send you. They will also ask you to put the current...
I did not think about the SIM card, as an issue, but yes that could cause random issues. That said, if it was working well before you upgraded, it might not be sim card issue.
Well, yes, you can overdrive a RF front end pretty easily. I'm a ham radio operator too, and have experienced that for myself on RF equipment. You can also simulate that with an Access point and a client sitting on top of one-another, notable throughput can drop a bit, as opposed to being ~1meter aw...
To use your pfsense/ freeradius as a login for mikrotik. Use winbox : RADIUS -> check the login button & add in the IP address of your pfsense box & add in your pfsense/freeradius login password. On System->UserList, click the AAA, and check the "use Radius" Thats it. RADIUS HOW TO...
Just add the phone number to mikrotiks userman as both username/password. And set the account for a 30min timeout. Or use radius, same deal username/password as the phone number. You could add a virtual AP and just have your mate login to the VAP with a WPA2 with just a phone number as the WPA2 pass...
Hi, Yes, you should not have issues with that antenna, or those signal levels.( maybe you have too much signal LOL(wrap some aluminum around the external antennas to drop it back ! ) I note your probably doing Carrier Aggregation on B1 + B20. I wonder if you force the modem to only do band 1 OR 20, ...
EoIP is basically a Layer2 link.
You can add your VLANs or other tunnels inside your EoIP interface..( not sure why you would tunnel in a tunnel as your MTU on you inner tunnel is going to small, plus your CPU load will be high running it like that )
FEC is common on networks such as satellite comm's. That said, it will be CPU intensive, especially over EoIP. Noting that TCP knows when frames have not been received and windowing of the frame. I would image that using a smaller TCP window size is the better option. As for UDP( Voip / Gaming packe...
Hi, have you installed the external antenna's for the unit, also what is your signal strength indicators RSRP/RSRQ/SINR etc ? Also what if your providers frequency's/band's V.S what LTE/4G towers(and there associated frequencies/band) are nearby. https://www.youtube.com/watch?v=ysiSoglchg0 I install...
The answer is YES for your trunk.( and yes its compatible too with Cisco trunks too(and other vendors), not just MT->MT ) There are at least 2 ways of achiving it and depending on your mikrotik's hardware(e.g Rb vs CRS) there are a couple of different ways to configure it to do the same thing( One b...
When are we likely to hear about 802.11ax products. ?? E.G "cAP ax" :)
Running a significant Mikrotik Wi-Fi network here(50+ AP's(yes with AC)), and now seeing plenty of people with .11AX phones, laptops now onsite..
Just bolt a IPQ8074 into one of your boards MT :)
Actually mikrotik does DPI (https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7). And no, it cannot break SSL etc, nor do I care whats inside normal day to day end user traffic as long as the end machine its not breaking my or SNIFFING around my NETWORK, and if it IS, then I want to detect those LA...
Hi. Would it be plausible to 'integrate' an IDS / IPS " package " into RouterOS 7 ? I know it would be both CPU & storage-wise expensive. That said, I propose it as a package, and aimed at x86 / CHR (virtualized) & up-scaled Mikrotik Hardware. I know you can of course stream IP tra...
Just tried to use 3.27 on a RB2011(current long term). I cannot add data to the firewall -> NAT, each line goes blank when I highlight it..
I need to revert to an older version now.
I still cannot get MACSEC running between devices("Gets to negotiating only"). Any suggestions ? /interface macsec add cak=4cb39ed149d0e0dbea5fad4b91e5456f ckn=f98446584e49ad9e2cd99b2aff00adb73e0b4109eb916b8d5bbe208dda274abb \ disabled=no interface=ether5 name=macsec1 profile=default [admi...
Take a look at LtAP-mini or LtAP ,with your choice of MT-LTE card, you just need 2x~5 to10cm u.fl -> SMA patch leads & a drill. Job done, then you can put your external antenna. Else there are plenty of other offerings like a routerboard and again install your LTE card onto and do your own custo...
Having managed a few massive satellite ground stations in my time, 2 things usually happen. 1 is the lightning rods on the top of the satellite dish which is directly cabled to ground safely takes the hit. Lightning arresters installed after waveguide->LNA/LNBs->Coax go open circuit(blow the fuse), ...
Why not SSH to the unit (better than web based config)?
You could go back to RouterOS(The switch menu is there, if you need pure wire-speed config ) and use Winbox or SSH for secure logging in.
RouterOS supports HTTPS too. https://wiki.mikrotik.com/wiki/Manual:W ... ling_HTTPS
I think in your case, you will need a second LTE/4G card to achieve what you want to do with sim1 being for LAN and sim2 being for wifi services. Pretty stright forward MT route config. That said, I think you will then need to do some homework on antennas for a dual card setup. Not sure if it helps ...
EC25-xx(whatever) has a USB2 minipcie interface and will work in the LtAP with out hardware issue as LtAP's chipet is USB2/MiniPCIe cpu based board. EP06-xx IS USB 3.0 interfaced card on the hardware interface and will require you to tape/glue or cut pins on the card to get it to work in USB 2 mode(...
How did it show you that it was using CA? I'm not seeing that. But maybe it's different with a Mikrotik modem. RBwAPGR-5HacD2HnD WITH A R11e-LTE6 card (Card firmware version R11e-LTE6_V025).. See how winbox shows Primary Band & CA Band.. Sometimes its different bands like B3/B7 or vise versa !!...
Hi, just wondering if there is any formal documentation for Mikrotik's 802.1AE (AKA MACsec) in RoS v7. Given its been in RoS v7 at least since its early beta release I was hoping to see some doco on it by now. As of yet I have not got it working between devices( Get as far as it 'negotiating', and c...
Interesting installation on a SXT.
Band 28 is hard to get right given the physically large antenna required to have a good efficiency(Q rating) for a given antenna.
I'm sending some gear up to rural NSW tomorrow for a B28 job, the other guy is a ham radio operator and is making his own B28 antenna.
I answered my own question. This is definitely a whole lot easier with RouterOS 7 beta. It's just plug and play. So that's what I'm using. WinBox doesn't seem to have any indication that the modem is using carrier aggregation, but based on the output of AT+QCAINFO ("Query Carrier Aggregation P...
Hi, just throwing this one out there since we know MT's are flexible in their architecture & designs. I was staring at my cAP AC mounted in the ceiling of my house, and was thinking wouldn't it be great if the unit had plug-inable sensors like : "Smoke detector", "Particulate dete...
Thanks for the advice on that. Just about to buy Vmware essentials plus kit v7.0.. The problem is neither the physical switch nor the routerOS license level. It's in ESX. Link aggregation is only supported on distributed switches. These are only available from vSphere enterprise license level upward...
Depends on your config about whats wrong with why you cannot see other devices If you don't want to use capsman then just create a bridge, add all your LAN side ports & WLAN ports onto the bridge interface. Give your bridge an private IP address of your liking ( 192.168.1.1/24 ) Add your normal ...
Client can connect to far end(srv side) internet if IPSEC is disabled If IPSEC = enabled ( client box cant get past client-side MT ) & notably the srcnat rule doesn't get a hit from the client. No problems under 6.45.9 !! Can you post both Mikrotik configurations (see anonymisation hints in my ...
Can confirm in 6.47 there is an issue with l2tp/ipsec vpn, where the server + client device is also a mikrotik, and the client runs a NAT. The client side NAT rule doesnt even get a hit when IPSEC is enabled(both ends). If I turn it off(both ends) and just run l2tp, all is good and the src-nat rule ...
1. At least cat 6 2. Australia is currently using these LTE bands: 2100MHz (B1) 1800MHz (B3) 850MHz (B5) 2600MHz (B7) 900MHz (B8) 700MHz (B28) ** works well in long distance in Aus environment *** 2300MHz (B40) 3. 2G was discontinuted a couple of years ago in country. 3G will start being removed in ...
Please keep this topic related to the problems found in this RouterOS release. This topic is not made for feature requests. For that please create a new topic or contact support@mikrotik.com. Where is CAKE?!?!?!? Literally everyone expects it, yet there's nothing about it from mikrotik.. Kind of pa...
LtAP mini VS v7.0beta 8 Well the wifi via a station & station bridge mode does not work. It connects briefly(10 seconds), then drops( no its not a signal, issue, 6.47 works a treat on the same unit)). I have a Quectel EC25 LTE board in it. That works no problem ! Doing a WiFi SCAN produces rando...
As a rule dont try and do VLAN 1 as a management vlan or as a separate vlan, you will come unstuck with vendors and some Linux kernel versions. In Cisco world vlan 1 is the Native vlan e.g the default layer 2 traffic on an unconfigured switch . Googling 'vlan 1' or 'native vlan' has so many varied r...
There are a few ways to do a Management-VLAN for MT devices, and you could just add a VLAN against your trunk interface(not a great recommendation, but will get you out of a tough spot ). OR do it the better way for MT/RouterOS https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching The info belo...
Hi. I am testing out MACSec(beta 3) on a RB951G-2HnD & RB750G, but cannot seem to get the two mikrotik units past "negotiating". I'm using the same cak and ckn values between the units, and the ethernets are of course connected together. I'm using the same code(different interface name...
Thanks mkx for the eNB ID info. @RogerWilco Consider a EC25-AU as it is electrically more compatible(+RCM compliant) with most MT boards (usb 2) plus it also fully support all the AUS bands(like B28). See(about taping pins): https://wiki.mikrotik.com/wiki/Cellular_Quectel_modems_01 That said, I susp...
This is quite subjective, also to note is that the EP06-E is running on the default antenna's on my w AP R ac unit. Also I am currently back in Victoria. I suspect that the B28 tower is at a different location to the other tower doing band 3&7!? So B3 / B7 /B28 .. BAND 3.png BAND 7.png BAND 28.p...
Nice mate! Finding a modem that works with LTE and not PPP with B28 + Telstra is perfect. I don't suppose you could tell me where in Australia you got the card and what firmware is on it? What speeds you getting with the modem? Hi. I picked up the EP06-E from ebay : https://www.ebay.com.au/itm/1838...
Well happy to report that a Quectel LTE EP06-E(RCM compliant) installed in a wAP ac(RBwAPGR-5HacD2HnD) tested using ROS 6.45.1 works without the need to cut or tape pins on the card. (I am testing with ALDI mobile(mdata.net.au APN, which uses Telstra Towers here in Australia ). I used this to get to...
I have an ec25-AU. It took me about 15 minutes of buggering around to get it to LTE mode from the default PPP mode ( In the end I actually put it in my latop, installed (windows drivers for it), Connected to the COM port, Putty'ed into the com port and put in the command(as seen on the MT wiki ). Pl...
I am running a EC25-AU in a LtAP, its currently running outback Australia. Its with 2x 3dBi Antennas and is working a treat on 3G( getting ~-81dBm). 4G lte b28 700MHz also works well, but getting a better signal off 3G 850Mhz at the moment and due to my extreme tower edge location. My phones I have ...
Hi. I have the same issue. I'm trying to look into it to see if it can be changed to some sort of bridge mode, rather than the NAT style address its giving out. !
Having recently obtained a couple of MT RB4011iGS+RM's for install in a rack. I have to say what a poor rack ear attachment design for this router. The router is a nice robust bit of kit, but the rack ear attachment is terrible. Just 1 small screw on either ear to hold this unit is place is just cra...
Hi. I have a bit of a general MT wireless question. I have run MT gear for a long time(10 Years now!) and have seen this wireless link phenomenon notably in my long distance links(7KM's+), but never understood why this occurs. This is notable when I am passing little to no traffic. If I have hard se...
Maybe its time for MT to consider a parallel "community" like edition version of RouterOS. That open to view /compile "source code" and allows the community to quickly fix issues(CVE's !!!) and add networking functionality as community made plugin's for MT Hardware..
At some point enough, is enough. And yes, other vendors have other issues. Other vendors may also be more costly. But at least other vendors take responsibility for their products, have a clear guideline what a timely response to a ticket is and implement critical features, that customers and the i...
While many of you are notably upset about the extraordinary amount of time that has gone by on this issue. I note some of you are wanting to move to new product vendors. This is your prerogative to do so. That said, I will point out the BIG VENDORS such as CISCO are smashed by CVE's problems ALL the...
True for that particular situation. But not all installs are secure buildings. 30dBi Antenna's such as the https://mikrotik.com/product/MTAD-5G-30D3-PA can become big wind sails and stress mounting gear that was not obvious when install occurs on a nice day. Also managing sites remotely e.g those th...
Hi. I was thinking about how useful a vibration sensor would be for a fair chunk of mikrotik outdoor products. Over my many years of wireless installs, wind is usually an enemy for wireless antenna/integrated WiFi products where the guy wires or structures that mount those systems is not quite up to...
Sorry, I don't agree with you R1CH for my typical mikrotik configurations across my campus network. If this was a typical cisco switch(ASIC switching) I would agree, or if I was using mikrotik switch chip directly. I can use Torch on the bridge and or each interface and see traffic 'Forwarding' or '...
Thanks dadaniel.
I'll take a look at AP isolation.
As I am not using the switch chip for my ether->vlan activities rather ether->bridge->vlan. Thats why I am looking at bridge firewall rules at this point.
Hi. I'm running a small campus with about 40 wifi/ether ports devices(Distribution network) for guests that run behind a MT hotspot/firewall. I run a pretty good firewall set on the main router/internet/hotspot box. I'm putting some thought on the internal LAN side of the network and asking the ques...
The crosstalk is cos(angle) related so at 90 degrees there is "theoretically zero" crosstalk (in practice those 20-30dB figures) but at any other angle there is substantial crosstalk. At 60 degrees about half of the signal is present. I suspect that is a correct assumption. If you were tr...
3x3 MIMO is for local use, where you have an access point in a room or outdoor area and antennas that can radiate in 3 different patterns. The different clients can each have different use of these patterns. With point-to-point, 3x3 makes no sense. There are no 3 different polarization that you can...
Well. Buy it and try and come back here to tell how it works. I suspect that the throughput will be better with central chain off. But maybe it will be so good that three chain could work independently. We cannot judge before the tryout. Its tempting, but I already use a 28dBi + a 30dBi for my 7km ...
I hear you, that said, the isolation issue @ 45 degrees must be enough otherwise you would not design such a radio device with 3 chains. The item below is a 17dBi, which they say is better than 26dBi. I think that's pretty good gap as most 2x2 big 30dBi parabolic's have approximately 30-35dBi cross ...
Just wondering if someone can tell me why there are no 3x3 MIMO antennas on the market much greater than 20dBi ? I have a couple of RB921UAGS-5SHPacD-NM(triple chain capable) doing about 8KM's point to point, but limited to 2x2 due to antenna limitations(cant find a commercial 28 to 30dBi antenna wi...
IP Neighbor Please revert or Alter the NEW functionality of Neighbor discovery. I use specific Bridges/Interfaces ( A management VLAN segment) that see's all devices, but I also have Client Side Bridges/Vlans/Interfaces. I DO NOT want Clients to SEE Discovery Broadcasts. Thus I ask you to Revert to ...
Hi. Is there a method to manually initiate a mikrotik device to boot into netinstall mode upon reboot(I still have access to winbox) where I do not require holding down the reset button as the devices are either in other buildings(etc) ? I have found a repeatable bug with a bunch of MT devices(LTE/F...
I think there is too.. I'm having a DHCP issues.
I had a power outage on my DYNADISH(doing local DHCP to eth->VLAN) and now with dhcp 'offering' but devices are not accepting..
It was all working before the power outage... Config has not changed..
Use current bugfix 6.37.5, or do a full cutover on your second-end routerboard to 6.38.5 This is probably the indirect cause : What's new in 6.38 (2016-Dec-30 11:33): Important note!!! RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and proces...
Hi. I have been running a MT hotspot for work for a number of years(CLASSIC IPv4).. Our ISP has native IPv6 available..(I have tested it on the network, and noted the routeros hotspot service does not touch IPv6 packets, thus client machines can bypass the hotsport service e.g http://ipv6.google.com...
Hi all. I have a setup, where a MT wireless router is configured without issue on a NON-INTERNET connected network. However, I note from my SYSLOG server that the router reports to that it appears the router in question attempts to automatically DNS request(every 1/2 hr) cloud.mikrotik.com.. WHY is ...
Hi all
If I was to buy a RB921UAGS-5SHPacT-NM (Triple chain device), and only use CH0 & CH1 and disable CH2 (As the current antenna only supports vert/horizontal inputs).. Is there any big issues(Other than loss of available bandwidth of course) I should make myself aware of ??
Hi. Does anyone know what the weight of a Dynadish is ? (RBDynaDishG-5HacD).
I can find some references to shipping weight(unit plus box weight(which I know is probably .5-1 kg? of cardboard), but not the unit itself.
I am doing some mast loading calculations.
Installed 6.38 to a 50+ device mix of MT routers/crs devices(~50%) and AP's(~50%) from v6.37.1. Had 3x devices die from a 6.37.1 ->6.38 upgrade ( 1xRBwAP2nD & 2xRB912UAG-2HPnD), had to net-install to fix. *** Had ALL 5x RB2011UiAS 2x CRS125-24G-1S give a WARNING in the log about OVERCLOCKED RAM ...
Hi, yes I kept it simple. Just pressed the check for updates in the package list(release candiate(cutting edge eh!!), and pressed upgrade). Took less than minute to come back to life on AWS.
Nice and smooth .
Cheers
Hi all. Just did an Amazon Web services test of Mikrotiks RouterOS with the available amazon marketplace release of RouterOS v6.34.1. As it was just a test I did an upgrade to v6.38rc15 which went smooth.. I used the t2.micro ( Free tier ) for the test. It took me about 2 minutes from starting the w...
Updated from 6.36 to 6.37rc4 on a RB951-2n.. Did the update over wireless, but of course it didn't not come back. I see I should have updated it over Ethernet. I had to manually enable 'Wireless' package and manually enable the wlan1 interface and re-program SSID/frequency etc.. So its like a fresh...
http://en.data-alliance.net/wp-content/uploads/2012/11/antennas-range-patterns.jpg http://www.zive.cz/GetThumbNail.aspx?id_file=507737282&width=480&height=391&q=100 The RF radiation pattern of an antenna is true for both Transmit and Receive operations. Given you want to cover an area b...
Hi If you use an antenna like this http://i.mt.lv/routerboard/files/DPA-SLANT-R0-151029152145.pdf then both polarizations are integrated into the one antenna. What you may find is if you enable 2 chains in your netmetal that possibly signal levels from one of the chains(polarization) will be bett...
Probably something like ( if you still have it mounted 10 meters up and a direct connect to your RB Metal 2.4GHz ). http://www.l-com.com/wireless-antenna-24-ghz-3-dbi-black-radome-enclosed-omni-antenna-type-n-female-bulkhead OR http://www.l-com.com/wireless-antenna-24-ghz-2-dbi-omnidirectional-anten...
Hi, (noted on 5GHz. You should still be able to use smaller bandwidths).. Can you change polarity of the antenna's e.g. vertical to horizontal polarization... Generally if you use horizontal you can get 20 to 25dBm isolation between polarization, depending on antenna design. This alleviates noise(wh...
If you mount the antenna at 10 meters, then you should use a 2 or 3dBi vertical, as the radiation pattern of the 8dBi is not good for area below the antenna. a 2 or 3 dBi vertical will be better for areas below the antenna at that height.
A couple of options are. 1) Use NV2 ( it is more robust in noisy environments ) 2) You could use narrower channel spacing. Instead of using 20MHz use 10 or 5 MHz( If using 2GHz area, set to using G or N mode or combination, but you will need to test in your area and your setup). This increases the e...
Thanks Sob, I take your point on the full URL being encrypted... That said : I note I can see in the initial handshake (Using Wireshark filter -> ssl.handshake.type == 1) which is the initial client hello message that I can see the requested domain address from the client machine. This is at least ...
Hi. Does anyone have a method to LOG https:// addresses people behind my NAT are connecting to ? I already know how to log http:// addresses(Via Webproxy), but that's only good for port 80 stuff. I am specifically looking for the whole address line of a web page request(not the encrypted content) e....
900MHz band, that's a tough band to work in... Can you access the 'faulty' unit(s) from the other side of the wireless rather than locally from the 'faulty' ethernet ? How are you linking the Ethernet side to wifi (e.g Do you make a BRIDGE and port link the wifi interface and the ethernet interfac...
Grateful Mikrotik supplies rack ears for the CRS112-8G-4S-IN product.. I have a few of these and have no idea why they do not come with ears(and they are not available from your suppliers as an aftermarket item). I also have a few CRS212-1G-10S-1S+ IN units which do have ears(I'v stolen the ears off...
Massive update!
Its also been one of the longest number of release candidates I think I've ever seen(me since v4.17). Thought I was going to see an RC50 in there
Just upgraded a RB-951-2n to 6.35, so far so good for that unit..
Hi I'm liking the LHG 5 from a cost perspective (gather it does well for ~3km-4km links based on TX pwr?).. Love to see a LHG 5HPacn version or using the same platform and kick it up a notch to the 24 GHz ISM band using the same antenna for higher gain(nice way to enter a new market area in 24GHz Wi...
Hi It may pass vlan traffic at wirespeed OK, but 15mS ping response @ 1Gbps fiber link is a long time in the network world and looks bad on some of my monitoring equipment especially when peer IT people are looking over my install and laughing, telling me I should have put cisco gear in. In hindsigh...
I just deployed 5 of these 260GSP units. There are some real issues. E.g ; NO subnet mask against the IP address such as 172.16.1.1 or 10.1.1.1 seems to default to a /24 address range. VLAN and the mikrotik discovery protocol on these units cannot be seen by other MT products on the same VLAN, but s...
I note that I will need to use an external radius server, rather than using the MT 'userman' package to use encrypted protocols for WPA2-EAP.
Cheers
Greg
These are just a few items from the RouterBoard range that do PoE output. PowerBox (RB750P-PBr2); 1x PoE in -> 4xPoE Out hex PoE lite; 1x PoE in -> 4xPoE Out RB260GSP; 1x PoE in -> 4xPoE Out I have experience with PowerBox and the RB260GSP, they work great(Just need to remember to click the option o...
Hi, I am doing some testing on what should be a basic wireless WPA2 EAP setup. But I am running into an issue with the RADIUS response of ; radius,debug,packet Reply-Message = "unknown authentication algorithm" which appears to stop me wirelessly login in with my laptop and or mobile phone...
Hi, this has probably been asked before, but can I use say 2x CRS210-8G-2S+IN or CRS226-24G-2S+IN but use 1Gbps SFP's(S-85DLC05D) rather than 10Gbps sfp's.? I guess more generally can I use a standard SFP in a SFP+
Just wondering if anyone else is suffering a failure of the "Reset Counters" in the Interface/Traffic TAB. By where as an example in the Tx/Rx Bytes( and in my instance this interface connections to my cable modem ) and in my case shows 32Gb TX and 31Gb Rx respectively. But when I click on...
Does anyone have a list/table of minimum SNR for Auto Rate Fall Back for 802.11 b and n modes I'm doing a Uni paper at the moment on omni antenna gain and want to add some context to different 'gain' omni antenna's(2,3,5,9,15dBi) vs performance.(I'v already done some real world tests today around th...
NTP Client seems to still have an issue(as of 6.11, v6.10 had no issues) on MT Metals 2SHPn's(WILL NOT SET System clock time).
My RB951G(v5.26) on the same subnet with the same NTP config has no issue with setting the system time.
Think it might be Supout.rif time... !
NTP Client has stopped working on both of my RB Metal 2SHPn's after upgrading from 6.10 to 6.11.
It just displays the word 'reached' in Winbox, and that's all it does.
Will there be a CloudCore router with ~24 SFP ports ever?
+1 Would love that.
Would also love to see 12 or 24 port SFP switches(Would love to replace out all our ether & media converters to be all in 1 fibre switch/routing device )
Hi, I'm looking for some info on bridging a LAN segment, which is normally easy, but I'd like to put in 2 Mikrotik routers, and IPSEC over the wifi segment to join 2 LAN segments. The WIFI part is not in my control and I'm effectively give an Ethernet cable at both sites saying that is the link to t...
As I said ARP poisining is in effect by default when hotspot is enabled(going by the book). A 3rd party cannot arp poison an already arp poisoned network(whats the point!), not to say they cannot cause denial of service!. Like any open to the public network, enable firewall's on pc's & routers(w...
No worries. I edited the last table of info, I had the brackets in the wrong spot, which made the table header read wrong!.. The same principal's applies to ADSL over phone lines as well as digital satellite services.(Though Satellite tends to use the Term 'EbN0' for signal to noise value of a signa...
I hope the following helps you understand nose floor vs signal level(or strength). Just remember you are dealing with negative numbers and you will be all good... Quoted FROM : http://www.dd-wrt.com/wiki/index.php/Index:FAQ#How_do_I_read_signal_and_noise_ratings.3F ----------------------------------...
Hi, I'd like some advice on setting up this scenario. I'd like to set up 4 AP's(Large area ~ 100meters between points in a square shape) using same SSID & Encryption password, and run off the same subnet . I'd like the end users to be able to use 1 SSID to sign in with, but for them not to notic...
And some further updates.... Last updated: March 2013 Q. Why is Cisco opening up Enhanced Interior Gateway Routing Protocol (EIGRP)? A. Cisco is opening up its EIGRP routing protocol as an open standard in order to help companies operate in a multi-vendor environment. Customers should be able to pic...
Hi, I'm not sure why you say I am wrong. The chip `CAN' add and change vlan headers. Just look at the atheros AR8327 datasheet. If anything the AR8327 can do more than 7240 chip. Solution Highlights • One GMII or two RGMII MAC interfaces • Single SERDES/SGMII Interface • 5 integrated 10/100/1000Base...
use winbox torch to have a look at whats happening on your lan segment.. probably virus/malware or a dodgy user! then use firewall rules to block/disconnect them.
You should be able to set max hotspot sessions to 1, and ensure hotspot Route poisoning is turned on to stop un-authed clients starting a mac/ip port scan. Turn on arp-poisoning by making sure the address pool to none ip range in hotspot->server. Arp poisoning can cause some issues with network prin...
You should do a check that one of your lan pc's is not : route poisioning your lan
The effects you descibe, are similar to an experiance I have had with route poisioning the arp table.
My cause was the mikrotik hotspot was doing the R-Poising by default to stop un-authed devices traversing the lan.
Thats what I place on my wan-pppoe interface to deter nastie inbounds! Its not all i have in my rules(drop icmp etc)but makes it clear i'm not playing !!
1. yes you can limit user logons to just 1 active machine(ip address). e.g trying to logon on another machine with currently running session will result in simultaneous user session reached error on the logon on the second machine.... 2. Dont use a 750gl with a level 4 licence as you will only be al...
Since the 750's(and most of the routerboards I'v seen) are logically divided so to speak into the switch side of the 750 and the CPU side(IP/routing/scriptable logic!/etc...). Some of the previous examples is using the CPU side of the unit to deal with VLAN's. You can also acheive what you are doing...
Thanks Feklar, I think I will do a test when I can and have a go at adding a separate subnet to the same interface for printers and use routing to get to the printer(s). I'll post back if it was a good or bad move !!
+1 Karma to you both for responding... Arr, so it looked like placing 100Mbit media converters, only masked my issue(re-tested this morning).! Arp - poisioning... Now I understand what it is I'v been seeing on the network(other oddities).!! I didnt realize that hotspot introduced that( I guess as a ...
I want some input on what you believe happened in this scenario. Issues with printing came about after converting the mikrotik router into a hotspot system. I had trouble printing on printers 1 + 2, printing from pc's 1 + 2. Surfing the web via the hotspot on PC 1 & 2 had no problems. All printe...
Hi, I have a 1100AHx2 (v5.14 ) that is being set up as a hotspot & running the internal user-man package. I have a 2Gb micro SD card in the unit. I have formatted it and it appears to be running. In the /store area the command I tried : set 1 disk=micro-sdl and it came back with `cannot change d...