Hi, I think I have issues witt VLAN config on my switch. I Make a config and load it but now some devces get no IP addres. It is offered but it will not bound. I think it is because of the VLAN config. This below is the config I put in: /interface ethernet switch egress-vlan-tag add tagged-ports=eth...
Hi, I have a mikrotik 951G-2HnD I have congigured it from blanc. ether 1 is for WAN connection and has a DHCP client confgured for the interface. On Ether2 There are several VLANS and on each VLAN is a DHCP-server enabled. It works great. Now I want ether 5 for management. The ether1 wan and Ether 2...
Hi, I use Mikrotik as core router (RB3011). This is connected to Mikrotik switches. On the RB3011 I have connected a Cisco WLC 2504 (trunk port). On the swithces there are Cisco AccessPoints. I can see the SSID's but if I connect I can not get an IP address. On the RB3011 I have configured DHCP serv...
Hi, I'm a Cisco man. Know how to configure access ports and trunkports but to do this in mikrotik makes me sad. I don't konow how to do it. Wat is the syntax in mikrotik for the cofig below? configure terminal vlan 9 name LAN_MGMT exit interface vlan 9 ip address 172.16.0.2/24 exit interface gigabit...
Hi, I have 2 CRS112 switches and would like to configure them but I'm confused about the VLAN tagging I read the manual below and that makes a lot clear but not all. https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_VLANs_with_Trunks#Port_based_VLAN For example I have a 3 trunk ports to devices and w...
Hi,
I'm familiar with Cisco Wireless lan Controller.
Cisco controllers do set the channels of the AP's automatically.
Can mikrotik CapsMan this also?
If yes, how to configure?
Hi. I have a bruteforce blacklist in my device but I want to exclude 1 IP address, is that possible? I Like to exclude 1 (or more IP address to be put on the blacklist address-list) /ip firewall filtter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop \ comment=&qu...
Hi, I have a RB951G-2HnD and want to set it up as an AP client to connect to a WiFi network and use NAT and have ether1 to ether5 als LAN clients. Most is working but I have no internet access on the clients that are connected to the ether1 to ether 5 ports. This is the config. Wirelss is working an...
Yes, that is true
The device was hacked and the hacker has changed the device.
also after a reset the issue was still there.
After a netinstall the problem was solved.
Then the device was clean.
A reset configuration was not enough.
The Primary IP is not the issue. If you read the topic you can see that if I connect a device direct to the modem all is working (with the same Public IP. Replaced the mikrotik with a new one (same model, same config) Netfilx works fine. The router was hacked and the the device was changed, even a f...
Normis, The router was sure hacked. I Save Proxy settings and vpn settings (I never made). But before Netflix works for 3 years. Now I reset the router and add the config again (same as first setup). But Netflix is still not working. If I connect a device right to the modem than netfilx is working. ...
Hi, Anyone an idea? I have the same thing. My router was hacked. Reset it to defaults and update the firmware. After that I configured it again as it has to be and has allways worked. But now still netfilx is not working. If I connect a device at once to the modem (no mikrotik router in place. than ...
Hi, I have a problem I use a RB951G-2HnD as router. Use it now for 3 years and it was working great. But last week my router was hacked (for cryptomining). I saw VPN services and proxy settings on the router. Netfilx was not working anymore on the network. I get a warning I use a unblocker or a prox...
Hi, I have 2 networks (they are about 200 meters from each other). Both networks have there own internet breakout (gateway) Both networks have a differeten IP subnet (1 had 172.16.0.0/21 the other has 172.17.0.0/21) I want to bridge the two netwerks to each oter with 2 SXT-AC devices. To make it a l...
Hi, I have a network with WiFi. I want to configure a Mikrotik (RB-951G-2HnD) as a wireless client. Want to use port ether 2,3,4 and 5 to connect to devices. Is it possible to do this without double NAT I know how to configure it with NAT (IP firewall Masqurade) but don't want that. I want that devi...
I use Capsman
But wireless speed is not high.
The AccessPoints mangens by CAPsMAN are all AC.
Is there a possibility to set the Channel width to 20/40/80mhz?
Oh ok, that sounds great. Really like that. Now I have 2 Mikrotik SXT 5 AC devices for bridging two buildings but it is not stable. Is Wireless Wire 60Ghz a good replacement for this and is het more stable? Now we experience regular timeouts. The signal is ok I think (TX RX signal is -65 / -63 but i...
I have a question about wireless wire 60ghz.
In the paper about it I can read it is preconfigured and paired.
Don't we need additional configuration?
What about IP addresses and subnets and so on?
Hi, I have this config in my network. /interface bridge add name=BRIDGE-225-227 vlan-filtering=no /interface bridge port add bridge=BRIDGE-225-227 interface=ether1 add bridge=BRIDGE-225-227 interface=wlan1 add bridge=BRIDGE-225-227 interface=ether5 pvid=15 comment="Dell 1320c" /interface b...
Hi, I try to setup CAPsMAN and let the users sign in with ther Activer Directiry account but it is not working. in security configuration of CAPsMAN I set this: /caps-man security add name=sec_WLAN_DATA authentication-types=wpa2-eap encryption=aes-ccm group-encryption=aes-ccm eap-methods=passthrough...
Hi, Is it possible with mikrotik to use mac authentication in combination with radius? In the radius server I have a users with username (mac address) and password (mac address). With cisco I can do mac authentication with radius and than the device is authenticated with its mac address. Is this als...
If I want to add SSL certificates it is also going wrong. Allso If I add an :delay 2m for example If I add this at the top of my .rsc file and than a delay and than the rest of the script (the rest of the script is not executed). /certificate add name=NameOfSSL common-name=172.16.0.1 country=NL days...
Hi, I have still no success. It is running a bit of the script but not all. Below a little bit for the script (only the beginning). It change the identity and add a bridge but not add ports to the bridge. (see screenshot # Installatie Ring 227 SW09 #STATION: # Geef het apparaat een identitiet /syste...
Hi, I have created new .rsc files to install a lot of my devices. I have several locations and use PtP connections. I also need to reconfigure the PtP devices remotely. Now I try this in a test lab but when I put the new configuration on the device and reset the device and choose to run a script aft...
I use CAPsMAN in my test lap. Use Local forwarding for the CAPs. Have the configuration below. I need to add the virtual interfaces by hand on the bridge vlan on the CAPs. (very frustrating because it is not nice. If you make some changes. the name of the virtual AP wil change and you have to manual...
Hi, Is it possible to use CAPsMAN and have multiple SSIDs and use for some SSID's WPA2 enterprise with different Radius servers? I Ask this because I have Multiple VLANs and each VLAN has its own SSID and also have a guest network. For the production network we want to use Radius authentication from...
Hi, I have setup a test lab with 2 devices. 2 RB 951G-2HnD 1 as CAPsMAN and one as CAP. If I connect a wireless device I will not get an IP address. In the DHCP server on the CAPsMAN router I see it offers an IP but the device will not get it. What is wrong in the config? Both configs are here below...
Hi, I try to reconfigure a test lap. But still struggle with VLANs, Bridges and CAPsMAN in mikrotik. Documentation is hard to understand. In Cisco I can configure it easy but in mikrotik I'm allways struggle. I have 2 devices in my test lap. (2 RB 951 G 2HnD) Try to set up CAPsMan and CAP. but get n...
We have noticed quite a few configurations that are known to cause issues, make sure sure you are not using this (or one of described) configuration: https://wiki.mikrotik.com/wiki/Manual:L ... _interface
Think this make sense.
I think I have here a misconfiguration.
# Installation SW04 (RBSXTG-5HPacD) # AP BRIDGE # Set the identity /system identity set name="SW04 - Ring 393" # Create a bridge /interface bridge add name=BR_BRIDGE-1 # Create the needed VLANs /interface vlan add name=VLAN_LAN_MGMT vlan-id=9 interface=BR_BRIDGE-1 # Add an IP address for m...
Thanks a lot. Yes I know that DHCP is not working for the 2 buildings (but that is ok.) But I need a little help with the configuration of the RB SXT 5AC devices wich I use for the Wireless link between the buildings. On building 1 172.16.0.0/21 is also split in VLANs On Building 2 172.17.0.0/21 is ...
Hi, thanks a lot for your answere. What I want is as follow. We have two buildings (separated 200 meters from each other) Mikrotik works great to get a wireless link between these buildings. We want on both buildings different subnets Building 1 172.16.0.0/21 Building 2 172.17.0.0/21 But in building...
I have 2 locations (2 buildings. Both have a gateway to internet with a firwall. I want to connect both buildings (with mikrotik) wireless so not over internet. I likt that both buildings use their own internet gateway. In building 1 is a DNS and DHCP server that I want to use in both buildings. Wha...
After I have update all mij devices from 6.40.5 to 6.41 we don't have internet anymore. Allso local network is not reachable any more.
We use CAPsMAN and caps.
I did a downgrade and it works again.
I use CAPsMAN to manage the wireless network.
In Datapath I activated "Local forwarding"
How can I now config the Channel width?
I think it is now not ok. Users can't get high speed WiFi now.
Hi,
I have an RB951G-2HnD.
In the USB port is a 3G stick.
I configured PPP and it is working.
I can internet if I connect a pc to ether1 to ether5
But if I try to build a VPN connection ( UDP 500 and UDP 4500 ) than it is not working.
I have not set up any firewall rules.
What can be wrong?
If security is no problem then the uptime is nice.
But if you make updates than you can't see this uptimes in Mikrotik because you need a reboot after you upload a new version.
Hi, thanks for your answere again. Sorry, I have on both sides Public IP addresses (static assigned by my ISP. On one side I have a CCR1009 and at the other side I have x86 on ESXi. Is this also able for hardware encryption? I have on both sides a speed of 80Mbps down and 30 Mbps up (internet) Do yo...
Hi,
I have a question.
Is it possibile to build a Site-to-Site VPN tunnel (secure) with on both sides Mikrotik routers.
On both sides we use the same IP range and subnet.
Do you also check the log in the device?
I have kind of same problem overhere and I see in the log many records about problably RSTP loop.
But till now I cant find any loop
but I see same pattern. like every minute a log record and packet loss
Hi, For troubleshooting my problem I have made a LAB environment with two devices. R01 and SW07 (Both RB-951G-2HnD). R01 ether5 is connected with cable to SW07 ether 1. The configs are as below. I have on the SW07 messages ether1: bride Probably RSTP LOOP Can anybody tell me what is wrong in my conf...
Thanks again.
All the devices are running the latest version.
I know for sure I don't have real loops (by cables).
Maybe loop from bad config (Is that possible?)
Jarda, Thanks for your reply. I will explain a little more. I have a new configuration with several devices but have lots of problems (in the logs I see RSTP loop messages.) Now I'm so far to see if I need a new design and configuration but don't know what to do. The point is that I don't understand...
Jarda, Thanks for your reply. I asked this because I have problems with RSTP loops. If I create vlans on switch, do I need to add /interface vlan add .... also? And when do I need bridges? I want to use CAPsMAN with local forwarding. want VLANs for management, smartphones, laptops, desktops and so o...
Hi, What is best way to configure VLANs. I'm struggeling now for a long time with it. It is not real clear for me. You can add vlans in /interfaces vlan Than create bridges (for trunk ports) You can also create vlans under /internet Ethernet switch vlan What is best and most stable? And best perform...
Here is the config of the Omnitik: # jun/27/2017 09:58:09 by RouterOS 6.39.2 # software id = 22T6-298V # /interface bridge add name=BRIDGE01 /interface ethernet set [ find default-name=ether1 ] comment="Trunk SW06" set [ find default-name=ether2 ] comment="Dell Printer" master-po...
Hi, thanks for your reply.
I reviewed the settings on the CRS125. sa-learning is enabled by default I thought.
Yes ther is a CHR on ESXi connected to the CRS switch.
The Config of the Omnitik wil will upload as well but I can't connect to the omnitik now because it is instable due to the loop
This is the config of the CRS125. later this day I will post the config of the Omnitik. CRS125: # jun/26/2017 14:40:50 by RouterOS 6.38.5 # software id = E3Q0-ENNN # /interface bridge add name=BR_LAN_MGMT /interface wireless # managed by CAPsMAN # channel: 2462/20-eC/gn(30dBm), SSID: WLAN_DATA, loca...
I ask for a solution.
In Mikrotik it is not clear where the problem is.
In Cisco you see exactly where the problem is if you have a loop.
But in Mikrotik not.
And in mikrotik you have bridges, switch-cpu and so on. It is complicated.
Thanks for your reply. Below the config of the device. Ether1 is connected to a CRS125 switch Ether 1 is a trunk port on the CRS125 switch. On ether2 of the Ominitik AC there is a printer connected. WiFi is voor P2MP links to other sites. I noticed that if I bind VLAN-LAN_MGMT to ether1 instead of B...
Hi everyone, I have an Omnitik and have the configuration you see below. I have a RSTP problem. If I change /interface vlan vlan-id=9 interface=BRIDGE01 to interface ether1, than the RSTP look is gone but then I cant reach the other end of the wireless link (p2mp) ###################################...
Hi, I have an Omnitik 5AC and use it for Point 2 Multipoint connection. Masterport is ether1 (slave ports ether2-5) WDS for Multipoint links (SXT) Now I see every minute a log error about probably loop on ether1. WDS is add to bridge. If it make more sens I can also post my config that I have on the...
Hi, I have a problem with my configuration. I have several swithes (RB951G-2HnD and one RB3011 My core router (RB951G-2HnD) is connected from Ether5 to the RB3011 Ether 1. On the RB3011 Ether 10 I want to connect an other RB951G-2HnD Ether1). My Management network is VLAN 9 From the Core to the RB30...
Hi, Ik have the old one CCR1009-8G-1S-1S+ Ok but What I need to know is. what is better? To use on the RB3011 and RB951G-2HnD. "/interface Ethernet switch" to configure the VLANs or use bridged and add the VLANs and Ether ports to the bridges. What is faster and better? Thanks for you sugg...
Hi, I'm still struggeling with my configuration. I have several switches and AP's. I want wire speed so I follow this documentation: https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features But I have several switches and can't get it working. First big problem is VLANs and Management VLAN. I have...
Hi,
It looks like it is working I only get a lot of timeouts if I ping from the Core router to the RB3011 management IP address.
I also saw RSTP is set to none. If I set it to RSTP than the link is down. (so RSTP problem.).
Can we also solve this? I think this is a big inpact on performance now.
Thanks for your explination. The scenario is as follow: I have a CCR1009 as core router. Port 1 of this core router is connected to the ISP modem. Port 5 is connected to the RB3011 (must be vlan 9 untagged) The other ports of the RB3011 are as follow: Ether1 as told untagged vlan 9 Ether2 untagged v...
Hi, I have an RB3011. On this device we have vlan's All VLAN's are on Ether10 (vlan9, vlan10, vlan12, vlan14, vlan15, vlan16, vlan17, vlan18, vlan19 and vlan900) Now I want only a few vlans on Ether 4 (only vlan 9, vlan10 and vlan900. How can I do this? In Cisco you have a trunk with allowed vlan co...
Hi, I have some problems with my IPS. Now I want to use netwatch to ping a host and on down write to a file. I like to have the Date and time in the log file and the IP netwatch pings. Is this possible and how can I do this? The lines in the file must be added so the file grows and every new on down...
Hi, I know I have RSTP problems in my network but Mikrotik is nog logging these changes or problems. When I turn RSTP off in all bridges, than everything is working. but that is not what I want. Is there a way to enable logging for this? Or Is there a other way to pinpoint the problem? This problem ...
Below is the config of the CRS125. If I connect at Ether1 the Device with CAPSman on it. Then it looks like everything is working but Wireless clients won't get an IP address. They can connect to the wireless network but don't get a IP addres from the DHCP server. On the CRS125 I switch from local c...
Hi, I would like to configure CAPSman in my network. We have 9 vlans and 5 SSID's I try to configure it but we have also 2 CRS125 switches with the VLANs on it But the CRS125 is a PAIN in the ASS to configure it. Can someone help me? On the CRS125 Ether 1, Ether 22, Ether 23 and Ether 24 must carry ...
Is it not a mind thing?????
What does it matter wat version number it had.
If it is V6xxx or V7xxx?
If it is working it is fine.
So why is everybody asking for V7. If it can be fixed in V6 of V8 it will be great of is it wrong?
Hi, We have a network with a lot of Mikrotik devices. Allso we have somt Pont to Point and Point to Multipoint connections (mikrotik). On one Point to Point connection we have problems with the RSTP. This works perfect for years but now we have upgrade to 6.38.1 we have problems. I have to set the p...
I have it working now. The problem was that I setup the PtP and PtmP with NV2 and that doesn't work Now I change it to 802.11 and it works. Now follow problem. Channels. I have wAP AC devices and want to set tem for the max speed. 20/40/80 MHz eceee But Than it say no supported band if I set the wid...
Hi, I'm a little further now. Situation now. CAPsMAN configured and direct connect 1 CAP it is working. But I have also sites that are PtP connected or PTMP connected I have done this with WDS CAPsMAP is working over this links but the clients don't get IP addresses. I use Local forwarding. What is ...
Ok, here is my configs. Problems with getting a DHCP lease. I the DHCP server I see offer but no accept (bond). Hope someone can see what is wrong. I also try to set the parameter for "Local Forwarding" but this makes no difference. First is from the CAPsMAN. # Maak VLANs /interface vlan a...
Thanks for you reply. So in the AP's I don't have to add VLAN setup? That is great. I Only have to add the Management VLAN I think (All the devices are in one management VLAN). No VLAN setup on ap if you use CAPsMAN sounds great, I will try it for sure. I need to add "Use Tag" And VLAN ID ...
Hi,
This is a very interesting topic.
I want to use it on a transparent mikrotik device.
So no router.
Is that also possible?
And than make difference in up and download
Hi,
I want to use CAPsMAN to manage many AP's in our network (with many VLANs.)
Our network is changing a lot.
So my question, is CAPsMAN dynamic?
If we change for example WPA2-PSK encryption in the CAPsMAN is it automatically pushed to to CAP clients?
Or de we need manual actions?
That is because the software on all devices is the same but keep in mind that not all devices are made for routing and firewalling because of the internal power.
For good routing and firealling you need a CCR and not a wAP.
Ok, You are from Mikrotik, so you know it. I think "wAP" stands for wireless AccessPoint. In the default config it is managed by CapsMan. I thought it is a device like in cisco you have a controller with wireless accesspoints. The AP's are for the wireless signals and nog for routing and f...
Normen, Internet is not secure, Right. But this is an AP and not a firewall. Normaly you connect aps to a switch and a switch to a firewall/router and that is connected to the internet. Optional you can manage the AP by a capsman. normaly the internal network is (secure). Use NAT and use a firewall
In my opinion it is not secure. Configure the device must be done over the wire and nog wireless. But ok that is a vision. A AP must not be firewalled. I have sent the AP back to the reseller the first time. It was no documentation about this problem. Than I figure out if I reset the AP I can see it...
Maybe that is not possible.
I bought four of these wAP ac devices. and none of the devices could be edit.
I have to reset them first.
Before the reset you could not find the device in WINBOX.
Yes I know you announced it in a MUM event.
It was announced for Q2 2016.
Allso in the hardware overview you present on the mikrotik site it is not there anymore.
So will this product ever see the light?
The scenario I want is as follow: I have a router from my ISP (with WiFi on board). Serveral devices connected (wired and wireless.) Allso connected a RB760 Switch (on ether1) I want all ports in same in same bridge group but ether1,2 and 3 can communicate to each other and to the ISP router. Eter 4...
Hi, I like a to create a very simple configuration. Reset the switch (RB260) with no config Make a bridge and put all 5 Ether ports in the bridge. Add an IP address to the bridge (for management. This is working well. Now I like to configure one port (ether5) so that this port only can communicate t...
Hi people, I'm waiting for the new Omnitik gigabit ports and AC. First it was announced in Q2 2016 (but is not there. Now if I look at the site (www.mikrotik.com) I see a hardware document for Q3 and Q4 Is this product not coming any more? Than I have to look for something else. Now I have a Omnitik...
Hi, Is it possible to separate upload and download traffic in simple queues? For example, we have a line of 50/50 Mbps Now we want to make rules for upload and download traffic. For example we use google drive. Is it possible to make rules for limit upload traffic to google drive and also make ruls ...
Hi, I have created a transparent traffic shaper with mikrotik. I have made Mangle Rules and Queue Tree rules. This is working perfect but the only limitation is that I can not (or don't know how to) make rules for up and download. Now it is so if a queue is full for download than also the upload is ...
Hi, After I upgrade to 6.35 and 6.35.1 the export command is not working properly anymore
I also use a backup tool (GregSowell.com) and this tool is also not working any more.
I get empty files after export (0 kb)
Is this a but in this version?
Hi, I have seen where it goes wrong.
If I add the VLAN to the bridge than the DHCP is getting red (so it is not working any more.)
What can be the reason for this?
Thanks a lot for all your info. I will read it carefully and try tp understand what you mean. The reason only Ring ... is in AP mode is because I want to test it for one location. Now every AP is configured manualy and if it is working I want to change all AP's in my network to CAPs. The reason I ha...
Hi, I'm now testing. If I do this: A small patch: in every line of /caps-man datapath add bridge=BR_LAN_MGMT name=datapath-WLAN_1_DATA vlan-id=12 vlan-mode=use-tag And just to be sure: /caps-man access-list add action=accept disabled=no mac-address=00:00:00:00:00:00 ssid-regexp="DATA" vlan...
If I do that, it is still not working.
I find out I need to create new bridges.
Bridge with port VLAN_WLAN_DATA for example
and in the datapath change BR_LAN_MGMT to BR_WLAN_DATA
But why is your suggestion not working?
And what is better?
Hi, I like to switch ot CAPsMANv2 (now I do all local on every AP) Is All communication going over 1 bridge? Allso if I want virtual AP's and each virtual AP on its own VLAN? How do I have to configure the VLANs? For so far I have this as config # CAPsMAN datapath /caps-man datapath add bridge=BR_LA...
When I add a new VirtualMachine
Choose custom
Choose Other 64 bits Operating System
Choose existing disk and link it to the VMDK file
When I run the Virtual Machine I get the error below.
I have multiple AP's in my network.
I use wireless Access-list to allow only certain clients mac-addresses.
Now I edit all APs if I have a new client.
Can I do this more easy?
For example only edit the access-list on one AP and use that on all others.
hi, I have a question about IP FIREWALL MANGEL rule handling and about Queue tree handling. How are these rules handeld? is it from top to bottem and when one rule matches the other are skipped? Reason why I ask is because I want more then one mangle rule foor TCP port 80,443 only the source or dest...
Hi, I want to make a transparent traffic shaper but never done it before. We have a connection of 45Mbps down and 45Mbps upload. We want guaranteed speed for some things. Citrix traffic guaranteed 5Mbps up and down speed highest priority Afas traffic (to destination 185.46.180.0/24) guaranteed speed...
Ok, Thanks for the reply. Ok I understand. So strange that Bonding 802.3ad Is in the config of a CRS125 But I understand due to the limits of the device it is not possible. Is it also not possible to loadballance over multiple ports? For example if I have a CCR1009 and a CRS125 and want to loadballa...
Hi, I have the config below and like to add a NAS with a 802.3ad LACP on ether16 and ether17. But how can I do this? It must be an access port for VLAN 900 CONFIG: # Geef het apparaat een identitiet /system identity set name=R02 # Bonding toevoegen voor LoadBallancing #/interface bonding add name=Bo...
I have a CRS125 with many VLANs.
Work GREAT
But now I want to edit membership
But like to edit more vlans at once.
How can I do this vast with commandline?
/interface ethernet switch vlan edit ???
If I use the gui or do it with edit numbers =x
than it will take very much time
I have a CCR1009 and a CRS125 in my network.
Now I like to build a LACP etherchannel between both.
I like to bound ether 5,6,7,8 from the CRR1009 to ether 1,2,3,4 of the CRS125.
But there are a lot of VLANS and I want all VLANs available over the LACP etherchannel.
Thanks a lot for your reply. I thought about pfsense also but I have all mikrotik now. So I rather like to keep it. What is hard about configuring a firewall on mikrotik? I have never done it before. But is it not like one rule to block everything and other rules on top of it to allow the traffic yo...
Hi, I have a new internet connection 100Mbps down and 25Mbps upload. I need a new firewall and don't know what device to choose for it. It must can handle the up and down speed and do firewalling and portforwarding. there will be about 10 to 25 clients connect to it (wired and wireless). It must be ...
Hi, thanks. I also thought it was that easy. But when I add the HTTPS, tnat it stop working / interface bridge add name="bridge1" / interface bridge port add interface=ether2 bridge=bridge1 add interface=ether3 bridge=bridge1 / interface bridge settings set use-ip-firewall=yes / ip firewal...
Hi, Thanks for your reply. The reason I choose to add a transparent bridge is because the Router is not managed by us and the Core Switch is a HP Procurve and is not able to do traffic shaping. I need to prioritise Citrix traffice to our lan and HTTP and HTTPS to the internet. What classes do I need...
Hi, We have a network consist of a /21 subnet. (so a lot of devices. We have a router with a /29 network that pass all traffic to our core switch. This core switch is also doing the main routing in our business. Now we need to limit http and https in and outbount traffic to max 17 Mbp/s Can we use t...
I have two things, 1 reqeust 1) Is it possible to add authentication to email settngs. Now it is not possible to configure email notifications when the server requires authentication. 2 question 2) Is it possible to use the Dude as syslog server for all our devices? Must I send the syslog events to ...
Hi, I have several RB951G-2HnD AP's in my network. Now the problem is that I see that devices (not roaming devices but Static placed devices) are changing for one AP to an other AP frequently. How can I reduce this? Because of this problem the users are complaining about slow speed and sometimes los...
What must I add for commands to have the recursive route? This is what I get if I do a /ip route export /ip route add check-gateway=ping comment="Gateway naar de Sonicwall Ring 393" distance=1 \ gateway=172.16.0.125 add check-gateway=ping comment="Gateway naar de Sonicwall Ring 225&qu...
I don't understand the notation yet.
You have a signal-ranges of -120..-81
Must I read this that alle clients with a value of -81 and wors signals are not connected?
Hi, I have trouble with creating a self signed certificate. I followed this manual: http://wiki.mikrotik.com/wiki/Manual:Create_Certificates#Generate_certificates_on_RouterOS The first part is going ok but the second part I get errors. The error is: expected end of command (lin 1 column 22) /certifi...
Hi,
I use Access list voor my wireless clients.
Default there is a signal-range=-120..120 , is this not a very high value?
I learned that if the signal is over the -68 Dbm that the link quality is getting poor.
Is it possible to add multiple SRC_ADDRESSES in a firewall rule?
How to do this?
I Need more than one src-address but can fill in only 1 address.
Allso if I use an addresslist.
If I run the command: /interface wireless spectral-scan number=wlan1 I See a lot of frequencies and after that I see DBM and after that I see Graph. How to implement this and what is best frequency to use? Where there are less ":" and "." or where there are more ":" end...
Hi, I Use a RB951G-2HnD. Wired is the speed good but wireless is the speed bad. The signal strength is ok (between the -58 and -68 But the speed is poor. In Winbox I seed a speed of 72Mpbs at the max. All my devices are 801.11N The settings in winbox: Mode: ap bridge Band: 2GHz-only-N Channel Width ...
I read that site but I cant sign my certificate.
I have a template created.
Now need to sign it and want to do it command line.
Name is test-cert
How to sign this?
Hi I try to hardening my mikrotik but hope there are some guilde lines.
I found some firewall rules on internet.
I found some documentation about disabling ip services.
What I don't found is how to configure https for webfig and don't use http for it.
Can someone help?
Hi, Is it possible with mikrotik to block a host from the LAN to Internet and show him a page with warning? Or redirect all http and http traffic from only one specific host from the LAN to a warning page. Please help me. I want this because sometimes I need to show a warning to a specific host of m...
Hi thanks for your reply.
The device is only for a few Wired connections and about 5 to 10 Wireless devices.
No firewalling. Maybe only DHCP server.
Can a RB951G-2HnD do this also? Or is this not a good idea?
Main thing is that the wireless speed is good.
Hi, I have a 200 Mb/s synchrone filber internet line from my ISP.
Is mikrotik suitable for this speed?
What device do I need? I have a Fiber modem so I need only UTP and Wireless.
Allso the Wireless must be fast.
What is the speed of Wireless with Mikrotik?
I have configured PPTP on a CCR1009 to use Radius (windows 2008r2)
PPTP is working but not with Radius.
In the CCR1009 log I see a Time Out Error when I want to login with a AD account.
In de Log from the Windows 2008R2 Server I see that the login is correct and granted.
What can be wrong?
I understand and can provide a network digram.
What data do you need else?
It is all about clients who connect to a mikrotik (SW01, SW03, SW06, SW11, SW12, SW13 or SW16) have a slow connection.
Clients are all N devices. (laptops, Smartphones, Cameras)
Hi, I have several Mikrotik devices in the network. From RB2011, CCR1009, CRS125 and RB951G-2HnD. Wired clients work great but wireless clients have slow connection. If I look at the status in Windows it looks ook and see a connection of at least 144 Mbp/s But by file transfere at the network I can'...
Hi I have a CCR1009 and have two routes configured to internet. 0.0.0.0/0 gateway 172.16.0.125 0.0.0.0/0 gateway 172.16.0.126 Now I see in front of these routes: AS S This means that gateway 172.16.0.125 is used. and 172.16.0.126 is not used. Can I use both at same time? Allso for incoming traffic? ...
If I have to set to default
I can't connet.
I'm about 4 meters away from the AP.
If I set the value to 25 fixed rates I can connect.
is 25 less or more than the default power?
Hi,
I have a OmniTIK U-5HnD for Point to Point connection to 3 SXT-G.
I also use a second Ether port of the OmniTIK for connecting a printer on a VLAN.
I like to replace this device and want something faster and more Wirless Power.
Hi, Thanks for your reply, I try this but it is not working. The current configuration in the Omnitik is what you can see here below. Hope you can me with it. ################################################################################### # # # MMM MMM KKK TTTTTTTTTTT KKK # # MMMM MMMM KKK TTTTT...
Hi, I have a network like the picture I add. The three collors are three buildings. Between the buildings is a wireless link. (SXT-AC to SXT-AC and an OmniTIK to SXT). All is working only I want to use Ether5 of the OmniTIK to connect a pc to.But his PC must work in VLAN-ID 20. The Omnitik and SXT a...
I have a point to multipoint configuration and this works great. Now I use a OMNITIK for the AP Bridge. It works great. But now I want to use ether5 also and like to use it for VLAN-ID 30. How can I do this and is it possible? Below is my config in the OMNITIK device ################################...
Hi,
I have a CCR1009 as my main router and have several SXT-AC's and RB951G-2HnD and 2 CRS125 switches in my network.
Is it possible to use the CCR1009 as the CapsManager? It has not Wireles on board but it is the most powerfull device in the network.
Hi, I have a CCR1009 for routing, DHCP, hotspot and usermanagement. I use VLANS. I have also a CRS125 connected to it and use the WiFi on it. On the CRS125 I have several Virtual AP's and the are connected to VLAN's. Clients can connect to the Virtual AP but cant get a DHCP address from the DHCP ser...
This is not a big deal I think. Mikrotik is very stable and can run years but what advantage does it have?
I have learned it is bad to have such a long uptime. It means your router is not updated and running old software. So vulnarabilities are not solved.
Thanks for the links.
Is this allso usable if the 2 ISP's are not connected to the same router in the network?
I have one mikrotik router in the network.
On Ether1 there is a ISP connected but the other ISP is connected to a switch somewhere else in the network.
Hi, I have 2 ISP's, so also 2 gateways. I have multiple VLANS (with each vlan its own subnet). Now I want to split the internet traffic. For example: VLAN1, VLAN2 and VLAN3 (172.16.0.0/25, 172.16.0.128/25 and 172.16.1.0/24) Use ISP1 for its internet traffic VLAN4, VLAN5, and VLAN6 (172.16.2.0/24, 17...
Hi,
I have a CRR and CRS125.
I need VLANS
The CRR must do DHCP.
I like to have a interface bonding (ether1,ether2,ether3 and ether4) on the CRS125 and CRR.
In this situation, do I need switch1-cpu on the VLANS on the CRS125?
Do I need DHCP relay on the CRS125 or CRR?
Thanks for the hint but what CRR do I need?
I don't want any limitations.
I bought the CRS125 but that is far from what I expect.
My speed is 1MB/s max if I use VLANs and If I don't use VLANs the speed I can get is about 110MB/s (it is a B and not a b)
Hi,
I need about 40 VLANS and about 6 Virtual AP's The VLANS and Virtual AP's must be routeable.
I have now a CRS125 for testing but it is VERRY VERRY slow with the VLAN's
I need at least 12 Gigabit ports.
So what mikrotik device must i buy? or is Mikrotik not good for this?
Hi, Thanks for your reply. I see that ether2 is set to half-duplex. But I did not do that. So that is strange. But I can not change it also. Is this maybe the problem? On the server the network interface is set to auto-negotiate and full duplex. But the CRS125 set the port to halfduplex automaticly....
I know for sure there is no cable problem. Alle new cables (30 centimeters long).
The same server and nas connected to a unmanaged gigabit switch gives me good speed but CRS125 not.
Hi, My speed is at the max about 30 Mb/s
The switch is completely plain configured.
Only this
Set IP adres 172.16.0.1/24
Ether1 - Ether23 set to master ether24
That's it.
I connect a Supermicro server on port ether 2 and a Qnap-TS259 on ether9
Why is this slow?
Do I use fastpath with this config.
Hi, I have a CRS125-24G-1S-2HnD Problem is that my server is very slow with transvering data. It is going at a maximum of 1MB/s The server has 4 Gigabit Ethernet ports. I have connected 1 Gigabit port to the CRS125 (at ether2). If I uncheck the 1000Mb/s option on the ether2 interface than I can get ...
This is the configuration. Server direct attached with 1 Meter cat6 cable to ether 2 Nas direct connected to ether9 with a 1 meter cat6 cable # jan/13/1970 22:22:56 by RouterOS 6.25 # software id = AJTT-EAMY # /interface bridge add name=BR_LAN_1_CAMERA add name=BR_LAN_1_DATA add name=BR_LAN_1_GAME a...
Hi, I have a CRS125G-1S-2HnD and do some test. I attached a SuperMicro server with Gigabit netwerk and a QNAP TS-259 NAS. Now i see a throughput between the 1 and 2 MB/s. and the avg. is about 800KB/s This is verry bad. If I use an other switch (gigabit) than the throughput is about 90MB/s (MegaByte...
Hi, I try to conifgure mijn CRS125 with tagged and untagged ports. But still not working. Please can someone give me some help? Ether1 Untagged VLAN 9 Ether2 Untagged VLAN 9 Ether3 TAGGED VLAN 10, 20, 30, 40, 50, 60 and 900 Ether4 TAGGED VLAN 17,27,37,47,57,67 Ether6 untagged VLAN 900 Ether9 Untagge...
Hi, if you think VLANS are easy in tik's than you can help me. (I hope). I have this situation. I have this VLANS LAN_MGMT VLAN ID=9 LAN_1_DATA VLAN ID=10 WLAN_1_DATA VLAN ID=12 WLAN_1_GUEST VLAN ID=14 LAN_1_MFP VLAN ID=15 LAN_1_GAME VLAN ID=16 LAN_1_CAMERA VLAN ID=17 LAN_1_TVMM VLAN ID =18 WLAN_1_S...
I think VLAN and mikrotik is verry difficult. Who can tell me what is the difference between: /interface vlan and /switch vlan? I have about 40 vlans on my mikrotik and want to configure one port for 7 vlan's (TAGGED) but don't know how to do this. Please can someone tell me how to configure this? I...
Is there somebody who has experience with Mikrotik and QNAP the speed up the connection.
I like to bundle the 2 NIC's from the QNAP.
They are both connected to a Mikrotik CRS125
Is it possible with Mikrotik to do the following: Make more then one DHCP server (for each VLAN a DHCP server) Add a DHCP POOL but only known mac addresses can get a IP from the pool? I don't want to bind a specific IP to a MAC addres but use the DHCP POOL and only allow know MAC addresses to get an...
Hi, I like to change my password. Do this in the terminal but I want to use this: /user set admin password="!@test#$" But think the characters !@#$ are not accepted or one of them is not accepted. How to do this? Is it possible to escape thes characters? I have the same problem when I like...
Hi, I have a drawing of a new network I want to deploy. But struggle with the configuration. How to configure the VLANs. And how to configure the Wireless links between the buildings. I have configured the DHCP servers on the CRS125 and that works but now all other configs. Can someone help and give...
For the SXT AC I use this manual. Only change the setings voor AC (this manual is voor older SXT).
Is this correct if I want to use it for the VLANS or do I have to configure the VLANS on the SXT AC's? http://www.ispsupplies.com/content/reso ... Bridge.pdf
I think I need some more help.
Still it is not working.
I can't change the MTU on the Ether1 and WAN interface.
If I want to change it and I hit apply then winbox close and when I reopen it the change is not there.
On the SXT AC .
I configured one as BRIDGE and the other as STATION BRIDGE.
The 2 SXT AC's are connected to each other.
But the VLANS is still not working.
What MTU must I change? MTU or L2MTU?
And I don't hate to add the VLANS to the SXT AC?
Hi, I would like to build a network. With three buildings as you can see on the picture. On building 1 there are 2 Mikrotik devices. The RB-951 is allso the DHCP server for each VLAN. The[img][img][/img][/img] SXT-AC must connect to bulding 2 SXT-AC. On building 2 there is an OMNITIK to connect to b...
Hi, I'm plannig to rebuild our netwerk. We have more than one building (5 buildings) each building has its own VLANS. Is it allso possible to use CAPsMAN in this sittuation? All the buildings are connected with Mikrotik PTP links. In the buildings we use Mikrotik for Wireless Each building has 7 VLA...
Hi, is it possible to redirect all internet traffice form a specific device to a specific page? What I want is to block internet traffice for a specifice device (PC, notebook or smartphone) and redirect to a page where the can read Internet access is blocked because they have not payed there bill yet.
Hi, I have several P2P and P2mP connections. But what are the correct steps to align? I try to use the tool in router OS but did not work The devices are allready in production and setup. When I click align and do the configuration settings. Fill in the mac addres of the other device by "Audio ...
Thanks for your commend.
Yes I have sure a free line of sight.
But about the freshnel zone I'm not sure.
Both antenna's are at 8 Meters above the ground
The distance between the two antenna's is about 300 meters
In between the antannas there are shelters but not to high.
I think about 3 meters.
Hi this are some signal values: Tx/Rx Signal Strength: -42/-43 dBm Tx/Rx Signal Strength Ch0: -42/-43 dBm Tx/Rx Signal Strength Ch1: -63/-63 dBm Noice Floor: -103 dBm Signal To Noise: 61 dB Tx/Rx CCQ: 84/90 % RouterOSVersion 6.20 The TX rate and Rx rate are not stabel and are between the 24 and 375 ...
Hi, I'm trying to get the best speed out of my new RBSXTG-5HPacD but it is still not working. Before I had 2 Sextants at the same place where I now have RBSXTG-5HPacD With the sextants I allwasy have a stable speed of 300Mbps wireless. But with the RBSXTG-5HPacD the speed is verry unstable. It is go...
Great, it is working
I made a mistake.
I add a addres without the /24
I still think it is strange you have to add an address with an /x option and below also add the network mask.
But ok it is working
Thanks,
I have done this but was not able to internet.
But only thing I have done different was not using bridge but use swicht.
I add ether2 - ether5 to masterport ether1.
Is that not enough?
Hi, I want to use my RB951G-2HnD as wireless client and use all the ether ports to connect hosts so they can also internet via the wireless client. I follow this manual but think it is not complete. http://wiki.mikrotik.com/wiki/Connect_to_an_Available_Wireless_Network I reset the RB951G-2HnD with n...
Hi,
I just have bought 2 SXT-5HPacD devices.
Want to setup a Transparent Bridge for 2 buildings.
I have it working on the older SXT's but with these new devices it won't work.
I want to use AC for faster thoughput.
So thanks for your reply's but I really don't understand anything of it.
I have zabbix running and know how to import a template (but really can't build one myself.
Hi, I'm just started with monitoring with zabbix. Now I found a mikrotik template but think it is not ok. I see ether1, ether2, ether3, ether8 and sfp. I wil use it for all my mikrotik devices. I have RB SXT-G, RB SXT-AC, RB-Sextant, RB-Omnitik, RB951-2HnD and RB2011 Is there a good template? and do...
I understand what you are telling but we use the mikrotik for our employees in combination with a 3G/4G USB modem so they have internet in the field.
I can't ask them to carry allso a server with them.
That's the reason why I want to do it in the mikrotik.