Community discussions

MikroTik App

Search found 34 matches

by blougaville
Thu Nov 07, 2019 9:53 pm
Forum: General
Topic: Traffic to/from the same interface is hitting firewall filter forward chain? [SOLVED]
Replies: 7
Views: 1416

Re: Traffic to/from the same interface is hitting firewall filter forward chain? [SOLVED]

Thank you so much! I will weigh my options with both of your suggestions. I appreciate everyone who chimed in.
by blougaville
Thu Nov 07, 2019 6:00 pm
Forum: General
Topic: Traffic to/from the same interface is hitting firewall filter forward chain? [SOLVED]
Replies: 7
Views: 1416

Re: Traffic to/from the same interface is hitting firewall filter forward chain? [SOLVED]

This will happen when you set ARP mode to proxy-arp in the network interface/bridge. Very interesting...I DO have proxy-arp set on the bridge interface because we use OpenVPN and enabling proxy-arp on the bridge is the only way I know of to allow VPN users to pass traffic to resources on our local ...
by blougaville
Thu Nov 07, 2019 5:20 pm
Forum: General
Topic: Traffic to/from the same interface is hitting firewall filter forward chain? [SOLVED]
Replies: 7
Views: 1416

Re: Traffic to/from the same interface is hitting firewall filter forward chain? [SOLVED]

For example if you have use-ip-firewall=yes set on bridge?

Nope, that is turned off...
by blougaville
Thu Nov 07, 2019 7:47 am
Forum: General
Topic: Traffic to/from the same interface is hitting firewall filter forward chain? [SOLVED]
Replies: 7
Views: 1416

Traffic to/from the same interface is hitting firewall filter forward chain? [SOLVED]

This is strange. I have a firewall filter rule (FORWARD chain) on a Mikrotik router that drops invalid packets. For some reason, it's dropping packets that are to/from the same interface, my LAN subnet. Lots of packets are hitting the rule and being dropped. Here's an example of what I see when I lo...
by blougaville
Sun Jun 23, 2019 9:46 pm
Forum: Wireless Networking
Topic: Need Advice to Cover 300 WiFi Users in Banquet Hall
Replies: 6
Views: 1467

Re: Need Advice to Cover 300 WiFi Users in Banquet Hall

Thank you so much for your advice! I actually feel quite a bit better about using Mikrotik in this case since I think the 1/10 rule definitely applies here. It's scary when they tell me they have large groups coming in and they HAVE TO HAVE GOOD WIFI but I know what you're saying is correct. In this...
by blougaville
Fri Jun 21, 2019 5:47 pm
Forum: Wireless Networking
Topic: Need Advice to Cover 300 WiFi Users in Banquet Hall
Replies: 6
Views: 1467

Re: Need Advice to Cover 300 WiFi Users in Banquet Hall

Thank you both for your replies! Better look into UBNT, Xirrus, Meraki, Fortinet/Meru, Everest Networks (in ascending budget order). Do you have any specific recommendations for these models? I've never used any of these vendors and when I look at their product lines there are lots of options and so...
by blougaville
Fri Jun 21, 2019 8:16 am
Forum: Wireless Networking
Topic: Need Advice to Cover 300 WiFi Users in Banquet Hall
Replies: 6
Views: 1467

Need Advice to Cover 300 WiFi Users in Banquet Hall

I LOVE Mikrotik and use their equipment in every possible situation. I've had great luck with cAP and hAP ACs for small offices or in larger CAPsMAN deployments with multiple APs but I've never yet done a "high density" installation. I have a banquet room with a maximum capacity of 300 people that I...
by blougaville
Fri Jun 23, 2017 6:08 am
Forum: General
Topic: how to limit VPN user access to one server? [SOLVED]
Replies: 1
Views: 625

Re: how to limit VPN user access to one server? [SOLVED]

Let's say the address of the server on your network that you want your user to access is: 192.168.88.2
/ip firewall filter
add chain=forward dst-address=!192.168.88.2 action=drop
The exclamation point means "not" so any address that is not the server will be dropped.
by blougaville
Sat Sep 05, 2015 9:35 am
Forum: Wireless Networking
Topic: client-to-client forwarding in CAPsMAN local forwarding mode
Replies: 7
Views: 3270

Re: client-to-client forwarding in CAPsMAN local forwarding mode

Mikrotik, can you please chime in on this? Your documentation says it's possible but does not say how. Also, I can't find any good real world examples of why you would use CAPsMAN in local forwarding mode vs manager forwarding mode. I am using CAPsMAN on a CCR in a school with 30+ CAPs and am curren...
by blougaville
Sat Aug 29, 2015 7:12 am
Forum: Wireless Networking
Topic: client-to-client forwarding in CAPsMAN local forwarding mode
Replies: 7
Views: 3270

client-to-client forwarding in CAPsMAN local forwarding mode

I understand that when using local forwarding mode the client-to-client forwarding on a interface is not set with CAPsMAN, but is controlled by the local CAP. The manual suggests that client-to-client forwarding needs to be set on the CAP itself, but I can't figure out how to do this. The wireless i...
by blougaville
Tue Jan 27, 2015 12:10 am
Forum: General
Topic: Jumping VLAN to custom mangle chain
Replies: 0
Views: 550

Jumping VLAN to custom mangle chain

I have two VLANS: interface: private-bridge (192.168.1.0/24) interface: student-bridge (192.168.100.0/24) I'm trying to give different marks with mangle to all packets from each VLAN passing through the router so I want to use custom chains. add action=jump chain=forward in-interface=private-bridge ...
by blougaville
Mon Jan 05, 2015 8:46 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 34
Views: 14088

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

Thanks for the replies. Here are the steps I did to get the Mikrotik and Edgeswitch to pass VLANs correctly: On the Ubiquiti EdgeSwitch 1) Create VLANs that you wish to pass from your Mikrotik 2) On Port Configuration page, include VLANs TAGGED on your trunk port(s) 3) On Port Configuration page, in...
by blougaville
Sun Dec 21, 2014 11:00 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 34
Views: 14088

VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

I'm trying to create a simple trunk to pass VLANs between my new CCR1009-8G-1S-1S+ and a 48-port Ubiquiti EdgeSwitch and I'm having a really hard time. I've read that you can do the VLAN tagging with the switch ports on the CCR but that is just confusing me further and I can't even get it working th...
by blougaville
Mon Dec 03, 2012 8:14 am
Forum: General
Topic: How to allow several IPs to bypass a filter rule
Replies: 3
Views: 1788

SOLVED How to allow several IPs to bypass a filter rule

Thank you very much, AlexN. I didn't even think about modifying those rules!

Still, I second the idea that the multiple address list features would be helpful.
by blougaville
Tue Nov 27, 2012 8:42 pm
Forum: General
Topic: How to allow several IPs to bypass a filter rule
Replies: 3
Views: 1788

How to allow several IPs to bypass a filter rule

I have various filter rules to detect port scanners and block them coming into my Mikrotik from the internet. For example: add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="Add NMAP NULL scan to Port Scanners address list" disabled=no \ in...
by blougaville
Fri Jul 20, 2012 7:18 pm
Forum: General
Topic: SOLVED Restrict one VAP to internet access only
Replies: 5
Views: 1258

SOLVED Restrict one VAP to internet access only

I was able to get this working by following up on cieplik206's advice. I enabled Use IP Firewall on the bridge interface. Then, I created a firewall filter for dst. address: 192.168.1.0/24, and on advanced tab, bridge in interface: publicVAP, action: reject. Now clients get an IP from my DHCP server...
by blougaville
Fri Jul 20, 2012 7:14 pm
Forum: Wireless Networking
Topic: VLANS and DHCP over WDS AP-AP link
Replies: 0
Views: 609

VLANS and DHCP over WDS AP-AP link

Here is a simplified diagram showing my desired setup: wds-vlan-diagram.jpg The VLANs seem to be passing traffic over the wds link okay (from RouterB, I can ping all the different interfaces on RouterA). The problem is, when a client connects to either of the VirtualAPs on RouterB, it does not find ...
by blougaville
Tue Jul 17, 2012 5:45 pm
Forum: Wireless Networking
Topic: Unicast key exchange timeout over WDS (AP-AP) link
Replies: 4
Views: 2553

Re: Unicast key exchange timeout over WDS (AP-AP) link

Any update on this? I've been dealing with the same issue. Other threads have caused me to suspect a problem with WPA security, but so far all of my tinkering has not resolved the problem.
by blougaville
Mon Jul 16, 2012 8:21 pm
Forum: General
Topic: SOLVED Restrict one VAP to internet access only
Replies: 5
Views: 1258

Re: Restrict one VAP to internet access only

The VLAN option is good to know for the future, but in my case, it would be much easier if I could restrict each MikroTik device using firewall or bridge filter rules on each device. Can anyone post more specific instructions on how this would work?
by blougaville
Fri Jul 13, 2012 5:02 pm
Forum: General
Topic: SOLVED Restrict one VAP to internet access only
Replies: 5
Views: 1258

Re: Restrict one VAP to internet access only

Thanks for the response!

I did try both of those things already and couldn't figure out the settings to make it work. Could you please give me a little more information on what types of rules to create?

Thank you very much!
by blougaville
Fri Jul 13, 2012 7:12 am
Forum: General
Topic: SOLVED Restrict one VAP to internet access only
Replies: 5
Views: 1258

SOLVED Restrict one VAP to internet access only

I have a MikroTik AP connected to my main internet router. The internet router is a DHCP server for my LAN. I have two VAPs ("public" and "private"). I'd like to be able to get an IP address from the DHCP on my main internet router from both VAPs, but I'd like to make it so my "public" VAP can only ...
by blougaville
Tue Nov 29, 2011 10:36 pm
Forum: Wireless Networking
Topic: Annoying User Manager License Clarification
Replies: 1
Views: 765

Annoying User Manager License Clarification

I know this has been posted in a variety of ways, but it seems like I keep finding contradictions. Here is my understanding of user manager and hotspot session limits: My network: RB493AH with LEVEL 6 License and User Manager Installed (Unlimited active UM sessions is possible) RB411AH with LEVEL 4 ...
by blougaville
Tue Nov 29, 2011 10:16 pm
Forum: Beginner Basics
Topic: Should I route or load balance in this scenario?
Replies: 2
Views: 812

Re: Should I route or load balance in this scenario?

Thank you, I will take your advice!

Steven
by blougaville
Tue Nov 29, 2011 9:10 am
Forum: Beginner Basics
Topic: Should I route or load balance in this scenario?
Replies: 2
Views: 812

Should I route or load balance in this scenario?

Let's say I have a routerboard with two different internet connections coming into two separate interfaces and a LAN interface with two VLANS: ether1 - 99.99.99.99 (WAN link) ether2 - 88.88.88.88 (WAN link) ether3 - 192.168.20.1 (VLAN2, for office network) and 192.168.30.1 (VLAN3, for hotspot networ...
by blougaville
Fri Nov 25, 2011 10:59 pm
Forum: Wireless Networking
Topic: Are my 900mhz SR9s broken?
Replies: 1
Views: 605

Are my 900mhz SR9s broken?

I am trying to set up a point to point link with two SR9 900mhz cards. I have two routerboards with the SR9s sitting next to each other on a work bench with no antennas connected. I set up one card to "bridge" wireless mode and the other to "station" wireless mode. On the station side, when I click ...
by blougaville
Fri Nov 25, 2011 10:47 pm
Forum: Beginner Basics
Topic: Incredibly Basic Routing Question
Replies: 2
Views: 1038

Re: Incredibly Basic Routing Question

Thanks for your help, fewi. I'm not sure what was causing my problem, but I reset routeros to default configuration and set things up again and was able to route between interfaces no problem. Thanks for reassuring me that interfaces should be routable out of the box!
by blougaville
Fri Nov 25, 2011 9:26 pm
Forum: Wireless Networking
Topic: Transparent bridge without wds
Replies: 17
Views: 9017

Re: Transparent bridge without wds

I had some problems to realize transparent bridge without wds. In particular, with a configuration posted I have only direction traffic: the router station and it's lan can ping router bridge and it's lan while isn't the same in the other direction. I am bumping this thread because I am also having...
by blougaville
Wed Nov 23, 2011 9:23 am
Forum: Beginner Basics
Topic: Incredibly Basic Routing Question
Replies: 2
Views: 1038

Incredibly Basic Routing Question

Hi, I am a complete newbie and am having trouble routing between two interfaces (ether1 and wlan1) Here is how I have it configured: IP - Address 192.168.1.1/24 ether1 10.1.10.1/24 wlan1 I have DHCP configured and working on the wlan1 interface, it gives out addresses from a pool to wlan1 clients. I...
by blougaville
Mon Aug 29, 2011 5:42 pm
Forum: RouterBOARD hardware
Topic: Installing Wireless Card on 411AH
Replies: 5
Views: 1345

Re: Installing Wireless Card on 411AH

The card I'm trying to install is an Alfa Networks AWPCI085G. Like I said, the card was mysteriously detected one time and appeared to be working.
I did try another card, a card that is operational in another 411AH board, and that didn't detect on this 411AH either.

Steven
by blougaville
Mon Aug 29, 2011 8:22 am
Forum: RouterBOARD hardware
Topic: Installing Wireless Card on 411AH
Replies: 5
Views: 1345

Installing Wireless Card on 411AH

I'm attempting to install a wireless card in a routerboard 411ah (it is a compatible Atheros chipset), but I am having trouble with it being detected. The first several times I booted the board, nothing was listed under the PCI tab of Resources in RouterOS. Then one time it magically showed up on th...
by blougaville
Sat Aug 20, 2011 6:42 pm
Forum: RouterBOARD hardware
Topic: Help diagnosing ethernet problem on RB411AH
Replies: 8
Views: 2355

Re: Help diagnosing ethernet problem on RB411AH

At this point, I think you are right about it being faulty. It's not under warranty, so I will try to find a replacement. I'm just amazed that it went out after working on a roof for over a year just from carefully replacing the wireless card and booting it up in my office. My fear is now that this ...
by blougaville
Sat Aug 20, 2011 3:55 am
Forum: RouterBOARD hardware
Topic: Help diagnosing ethernet problem on RB411AH
Replies: 8
Views: 2355

Re: Help diagnosing ethernet problem on RB411AH

I just tried the Winbox utility. I tried to the IP address and the mac address of the RB's NIC. No luck. I have set a computer's NIC to use 192.168.88.99/24 so it will be on the same network as the RB411AH. I tried running through my switch with no other devices connected (the switch does not show a...
by blougaville
Fri Aug 19, 2011 11:41 pm
Forum: RouterBOARD hardware
Topic: Help diagnosing ethernet problem on RB411AH
Replies: 8
Views: 2355

Re: Help diagnosing ethernet problem on RB411AH

Thanks for the reply! The IP address is now set to the default of 192.168.88.1/24 after resetting to default configuration. I can not ping either direction, that is, from the RB411AH to a network device on the same IP network via serial console, or from a computer on the same IP network to the RB411...
by blougaville
Fri Aug 19, 2011 7:29 pm
Forum: RouterBOARD hardware
Topic: Help diagnosing ethernet problem on RB411AH
Replies: 8
Views: 2355

Help diagnosing ethernet problem on RB411AH

I took a functioning RB411AH off of a roof and changed the mini-PCI wireless card. When I powered up the device (using POE, as I always have), the board fully powered up with POE, but I noticed that the network switch it was plugged into was not getting a light. I can log into the console via serial...