MikroTik

gotsprings

So I still don't know what to buy. Want RB4011 for wireless. Currently have CCr1009-7G-1C-PC + 2x UniFi Pro. CCR will sell. Maybe will stay with RB4011 as main router and wifi + RB962UiGS for wifi in another room? The 4011 has had problems with SFP+ port and with WiFi interfaces. I would hold off o...

gotsprings

Probably that default config problem where the DHCP-SERVER has no DNS entry.

gotsprings

A bit more tricky is going to be the setup / config, specially if you will use 3 AP Wifi interfaces (and not as MESH). Which 5Ghz network will a client select if you have 2 with same SSID at two different channels? Or create 2 or 3 different SSID? Running two 5GHz channels with same SSID in the sam...

gotsprings

Distros in the US are sending out "we have Audience in stock". But still not seeing anyone saying... "Yes I have used it... And..." Everybody is waiting for you to share the experience :wink: # While I used to LOVE TESTING STUFF OUT AND BEING FIRST... Not getting paid, and ending up holding the bag...

gotsprings

Distros in the US are sending out "we have Audience in stock".

But still not seeing anyone saying... "Yes I have used it... And..."

gotsprings

We believe we have fixed the issue, but that particular fix has not yet been released. Wait for the next beta please. FORTUNATELY... I only have one in the field and it has not exhibited this particular problem. Could the fact that I am in the US have something to do with it? The reports of the wif...

gotsprings

What was the outcome of this?

gotsprings

What is Eero? :shock: mesh WiFi https://eero.com/ I have 2 in bridge mode. Excellent wireless coverage. I did order Audience to give it a try. Eero is what the guy who has NO BUSINESS AT ALL TOUCHING A NETWORK, is bringing into a commercial install. .... Rather confused why you quoted me and posted...

gotsprings

What is Eero? :shock: mesh WiFi https://eero.com/ I have 2 in bridge mode. Excellent wireless coverage. I did order Audience to give it a try. Eero is what the guy who has NO BUSINESS AT ALL TOUCHING A NETWORK, is bringing into a commercial install. Sparky, "I use this all the time." Me, "YEAH IN H...

gotsprings

That seems to be the product its built to compete with.

Anyone done the comparisons yet?

gotsprings

I see this problem the same day I configure the router. Now on some jobs the problem pops up a few days after I have left. Those ones... disabling the radio interface sometimes cures it. But the jobs where I see those messages right away... I have to change manufactures. Too many lost hours and clie...

gotsprings

I have the same similar issue “disconnected, received disassoc: sending station leaving”. I have not found a fix for this problem but I think I have a workaround that has solved this issue. Wrote a script and add it to the scheduler as shown below: /system scheduler add interval=1w name=Recycle-Cap...

gotsprings

Logged into my one and only restaurant/bar Caps-System, in the middle of an American Football Game. (They agreed to be the Guinea Pigs when they compared the cost to the Ruckus System at their other store.) 3 cAP AC and 1 hAP AC2 as the main router. I might as well have 2.4 turned off. 2.4 only clie...

gotsprings

A problem I seem to have nailed down... If I set up caps-man on the hAP AC2 and then tell its wireless interface to JOIN THE CAP... All SSIDs start transmitting and the configuration looks like the other caps. I ve configured many many routers as capsman manager with their own WiFi joining as a cap...

gotsprings

Chechito: Environments where there are other wireless networks is when it really crumbles. I have managed to keep 50 clients connected to a cAP AC or hAP AC. But if there is a lot of wireless around you that isn't your... You get all sorts of disconnect messages. Anuser: Private PSK is a function of...

gotsprings

They are not going to set up a VPN. If they have dynamic servers... Find out if they have a domain. You could resolve the domain and have a script punch it into the src-address when a change happens. Or with the addition of address lists... You can put the domain in there and it will resolve it as o...

gotsprings

If the port doesn't change between WAN and LAN... you don't need to-ports=38880-38884 As for the compliance scans... SOB was asking if those ports need to be open to the whole world or only the POS servers? For example... at one of my bars, they used an online ordering company. This was before door ...

gotsprings

2 months??? wAP ACs took nearly a year to get stable numbers. In that specific case, a special situation is presented, which was the incorporation of a new ipq4xxx platform and a massive support for the ARM architecture Are you sure you are talking about wAP ac and not cAP ac ? The wAP ac is MIPSBE...

gotsprings

take it with a grain of salt

new devices comes with their own issues, and take some time to be resolved

i recommend to wait at least 2 months after introduction to market, to include a new device in a serious project

2 months??? wAP ACs took nearly a year to get stable numbers.

gotsprings

I won't pretend my Mikrotik Caps systems can touch My Ruckus systems.

but that kick below -87 in the access-list, is one of the easier tweaks that HELPED with roaming.

gotsprings

Love Tik for routing... but when it comes to wireless... not so much. If you have a connection faster than about 300M, you are going to want to look at other vendors for the wireless.

Also if you are in a very dense WiFi environment... other manufactures handle interference better than Tik.

gotsprings

Adding a rule to the access list to kick devices below 87... really helped the roaming on my installs.

/caps-man access-list
add action=accept interface=any signal-range=-87..120
add action=reject interface=any signal-range=-120..-88

gotsprings

I have a bunch of cAPs installs out there and have a pretty good template to apply to my routers to function as the router and controller. I set up the caps configurations to allow client to client forwarding and local forwarding. After putting caps man on the primary router... I log into each cAP A...

gotsprings

I think you need to set the IP address that the VPN client comes in as. Then firewall rules will dictate what clients can then reach the next subnet. If I understood the diagram... its not VPN from one site to another... but a wired connection. If that is the case... you have one feed from the first...

gotsprings

Whenever I see oVPN in a Mikrotik thread... I stop reading. OpenVPN has been crippled in Mikrotik for like 10 years now.

gotsprings

I didn't read the whole thing..

When local net goes back to local net on local interface.... That is what the hairpin Nat rule needs to have.

gotsprings

A company's office doesn't have a public IP address. My office does. I have the Far office calling my Office over L2TP. The route between them is 2 points. On each router... I have a route that points to the l2tp route. Encryption engine grabs the traffic before it goes over the tunnel. I vpn to my ...

gotsprings

And please keep in mind lots of users have posted about the constant connect disconnects that show up as station leaving... Or what ever it was. And people have reported that one for years to no avail. In the case of this ticket... I had another problem with Mikrotik wireless that I took the time to...

gotsprings

The conclusion is that a particularly high interference is causing your issue. How do you think this can be easily/quickly fixed by us? Normis, As I, and a other people on this forum have found... It's not that uncommon an occurrence. And an immediate fix is to replace the Mikrotik wireless with an...

gotsprings

Tech in the field (related to owner, so I was out ranked) insisted on putting in the cap AC he had in his truck. In the days since. Customer has been pounding him with complaints for the last week. Calling everyday. We get into the configuration and try to adjust things... But this is another site w...

gotsprings

Several new firmwares have been released... Gave them a try... Problem is still there.

Now I get to start all over learning another wifi vendor.

gotsprings

Isn't chromebook a Chrome browser based device? Webfig is the answer then

After years of Winbox... Webfig ain't even close.

And can't you install "apps" in Chromebook?

gotsprings

Give me Winbox on a Chromebook... (Asked for this years ago.)

gotsprings

The client should be setting their VPN to NOT SEND ALL TRAFFIC, if you don't want them sending their traffic over your ISP.

If you put a firewall rules in their to deny their traffic access to the WAN... That would get them to disconnect or at least look up split tunneling VPN.

gotsprings

Tom, WAP LTE is 10/100 on the Ethernet port and 2.4 on the radio. Compounding the problems in the US, is the Cellular radio doesn't work with Band 13. This is the most common band used by Verizon. The configuration of the cellular is not "straight up". I wasted too much time on this... Just pay for ...

gotsprings

Use a different manufacture for wireless and just forget about Mikrotik wireless.

This "glitch" has been observed and reported for years at this point.

Get over it and move on.

gotsprings

+1 for Band 13 (US Verizon)

The reason I only have one in the field.

gotsprings

i have another problem with wifi. it seemes to drop speed tenfold after several days of working without reboot. reboot solves wifi speed problem but again only for several days. help needed :( Write a simple scheduler and and script to reboot it every 48 hours. Professionally... We put a stop on Mi...

gotsprings

Upgraded a cAP AC to 6.45.2 Reset Configuration Like I normally do... but this site was not a CAP install. /system reset-configuration UNIT CAME UP AS A ROUTER. wAP AC has always done this. This was the first time I have seen a cAP AC do this. Had to have tech on site connect to the local SSID to ge...

gotsprings

We used to use Cradlepoint but there's limited space in these device boxes, hence the move to using Routerboards since we're tunneling back to HQ anyway. The LTE card is perfect for this application. We might try a MVNO that utilizes Verizon and see if they will be more flexible in their accomodati...

gotsprings

1 Cradlepoint CBA850LP6-NA Cellular Modem. 1 Mikrotik hAP AC2 Router. 2 Power Dsine 3501-GAC POE injectors. 2 Ruckus R510 Wireless Access points. The Cellular connection to the outside world will be the choke point. But the Ruckus Wireless Antennas are much better suited for having that many clients...

gotsprings

Bump. This sounds like what I am trying to do. I want to know if a device service is still running. Like checking a printer if 9100 is responding. In my case I have a device that responds to pings. Webserver works. But a service on 51510 stops responding as confirmed by Digital Loggers autoping agai...

gotsprings

Yup... A static IP follows the Sim card. I have taken one Sim that was setup with a static IP and moved it between 3 modems. The only issue I could think might bite you... The APN for Verizon Static is geographic. If you went to another geographic area... You may need to change the APN. In the DC m...

gotsprings

Yup... A static IP follows the Sim card. I have taken one Sim that was setup with a static IP and moved it between 3 modems. The only issue I could think might bite you... The APN for Verizon Static is geographic. If you went to another geographic area... You may need to change the APN. In the DC me...

gotsprings

I know I'm a little late to the party on this thread - I'm also trying to activate some Microtik LTE boards - this is the R11e-LTE-US boards and our Verizon rep tells us the IMEI "pattern" that Microtik is assigned isn't "registered" with Verizon so their sales and provisioning systems sees the IME...

gotsprings

This time...
"We were able to reproduce the problem. (Blah blah blah). We don't currently have a Fix."

When did you get this anwser?

June 10th.

gotsprings

I miss the good old days when Mikrotik Routed...
And Ubnt did wireless...

It's when one tried to do the other that things start to fall apart.

gotsprings

I got a good capture of Caps-man not allowing connections. Wrote up a what how and when for Mikrotik. They actually investigated it. All my prior interactions with Mikrotik about wireless have been pointless. One suggestion email per month with no resolution. This time... "We were able to reproduce ...

gotsprings

Need a gigabit interface and Sierra wireless modem.

gotsprings

This
Code: Select all
/ip firewall connection remove [find]

I have this exact command in my netwatch when it checks if the Primary ISP's DNS server is there AFTER RECURSIVE ROUTING.

So it CLEARS all connections whether flipping too or away from the Primary ISP.

gotsprings

I have a device that locks up. Send pings to it and it still replies. Bring up its webserver... that works too. So I need a script to look at a specific service port TCP 51510 I would like to make something like this... :if ([/ping 172.16.16.16 count=5] > 3) do={ :log info "It's Up" } else={ :log in...

gotsprings

Amazon seems to have a steady flow of Ruckus at ~50% off retail.

gotsprings

Support got back to me a few weeks later. They duplicated the problem by logging into the webserver from more than one IP. No fix yet.

Work around... Disable and reenable webserver under /IP services.

gotsprings

Could you please provide your ticket number? Now that the issue has been clearly identified and reproduced... What sort of time table can we expect for a fix? I am sure installers and integrators would love to see some sort of progress reports. The people I answer too are pretty annoyed, looking at...

gotsprings

I had exactly the same story on a big event with 12 sxt sq lite 2, it was awe full, i tried basically everything, for 5 hours, then i just moved to another brand then it worked... I was also using CAPsMAN. I am interested to know why that can happen Thank you Because some vendors can deal with inte...

gotsprings

Got email from Mikrotik. Explained the problem and how to reproduce it.

They did... And don't currently have a fix.

So high density with interference... If you see 4-way handshake time out in Caps-man...

Don't fight it. Don't mess with support. Just buy the Ruckus radio and move on.

gotsprings

Gave up weeks ago and seteled for DMZ mode.

Found Google service at this location to be "questionable" at best.

gotsprings

Could you please provide your ticket number? My most recent one... 2019052522002091 Generated MAY 25th... has not received a single response yet. I provided the rif file in the initial email. I then provided a copy paste of the log as the problem was being observed. Here is the thread that went wit...

gotsprings

If I have a problem with Mikrotik wireless... I send support files to support and hear nothing. Weeks and even months go by. The last time I got a reply on a wireless issue... I got one email per month with "suggestions". I type suggestions... Because they were NOT solutions. It was, "try this"... I...

gotsprings

For anyone keeping score... Still no email from Mikrotik support.

gotsprings

Did the Ruckus work? I've never seem something like this, are you sure there is no jammer nearby? Jammers don't show in any of the WiFi protocol scans.

I struggle to recall an install in the last 10 years that it hasn't.

gotsprings

Mikrotik wireless is THE REASON I get complaints. They can route and I love the routing. But the switches and more specifically the wireless is not up to it. Cheap is great... And it can fit some (I mean basic installs), but as a professional... I can't play around with thing for weeks. Hard limits ...

gotsprings

Mikrotik can route... Much Like a Sony TV looks incredible.

But a Sony speaker is a piece of $h!+.

gotsprings

While I have about 150 Mikrotiks out there as wireless devices... I just can't do it anymore. Just a waste of my time trying to get support to figure out what wrong with their gear. Much like I would never expect a Sony speaker to be worth a $h!+... Mikrotik wireless has let me down too many times a...

gotsprings

Done a bunch of Caps-man installs at this point. Found a lot of "hard limits"... That Mikrotik wireless is "crippled by". As long as I stayed with in the lines... Most installs went ok. Have better than 300 Meg's WAN to LAN. No Mikrotik wireless. Really busy wireless airtime. No Mikrotik wireless. I...

gotsprings

Used one. Tried on several Wireless providers. Issues with remote access on any of them...

Gave up and tried mofi.

Back to cradlepoint now.

gotsprings

There are mesh products you may have to look into, from other vendors.

gotsprings

Still nothing from support.

gotsprings

Post your wireless settings.

gotsprings

Try all the resets listed in the directions.

Last resort... Netinstall.

gotsprings

I ran a RB4011 at home as a wireless access point only, for about a month. While it suffered from the same... "Can't go faster than about 300M on speed tests..." (This has been the case with every Mikrotik Wireless I have tried.) I can't think of a time when the 5G was not accepting clients. I set t...

gotsprings

It would seem you are coming to the same findings I am. I can't get a single test to break 330 using Mikrotik Wireless. wAP AC, cAP AC, hAP AC, RB4011. This is a consistent thing. It's to the point now where I tell people flat out... "If your internet speed is above 250M we will not be able to use M...

gotsprings

Took cAP out of caps-mode. Same result. Well sort of. Log file showed unicast key time out. Went back to caps mode and added an unencrypted SSID. Devices connected for about 10 seconds. Then I got a disconnected for extensive data loss. Looked up several old posts tagged with extensive data loss. Th...

gotsprings

This seems to have come back on me. Router OS is 6.44.3 on hEX and cAP AC devices on the 2.4 radio are disconnecting from the wifi. Log into the router and check the logs and see... (MAC of Devices) disconnect 4-way handshake timeout Devices on 5Gig radio do not show this error. Last time I reported...

gotsprings

Support just got back to me and set to set the chain in Mangle to OUTPUT. That seems odd. Hello, In RouterOS you can set QoS priority 3 to outgoing VLAN packets using this rule: /ip firewall mangle add chain=output out-interface=GoogleVLAN action=set-priority new-priority=3 Best regards, Follow up ...

gotsprings

Support just got back to me and set to set the chain in Mangle to OUTPUT.

That seems odd.

Hello,

In RouterOS you can set QoS priority 3 to outgoing VLAN packets using this rule:

/ip firewall mangle
add chain=output out-interface=GoogleVLAN action=set-priority new-priority=3

Best regards,

gotsprings

That is correct, you got an IP without that line active so you could also omit that line.
but I think we are discussing a 3011 here, right?

Correct

gotsprings

Also check if your ethernet interface negotiates to the correct speed and duplex.

Status shows as Unknown.

gotsprings

That is correct, you got an IP without that line active so you could also omit that line.

Can't test because I am not even on the same continent.

Thanks for the help.

Will get someone on site to check it.

gotsprings

So in Mangle they want this? /ip firewall mangle add chain=forward out-interface=GoogleVLAN action=set-priority \ new-priority=3 comment="All other traffic with priority 3" I added it and released the DHCP-Client and got a new address. Now if I could get a bandwidth test server to let me connect.

gotsprings

First install with GoogleFiber. After looking into several documents I found that Small Business accounts ABSOLUTELY could remove the Google Router and go straight to their own router. The install I was working on was residential so Google refused to "click that switch" or help me get around the nee...

gotsprings

Using the WAP-R with T-Mobile and Verizon... Never saw better than about 11M. I have tucked tail and given in. At 579 dollars US... the CBA850 is my standard once again. Its not worth my time for the performance hits and issues I had with the MoFi. Won't "play with the WAP-R" anymore, until they get...

gotsprings

rebooted the RB3011 running 6.44 and the webserver is working again.

Support...

Could you please take a look at the file I sent.

gotsprings

Set the Mikrotik to use a DNS other than piehole... Like 8.8.8.8, 1.1.1.1.

Then in your DHCP server... Set the DNS value under network to be piehole, Mikrotik.

If piehole doesn't work... The client will ask the Mikrotik.

gotsprings

Dumb switch and both routers being independent won't go well with the requirement to control other router's bandwidth (on first router, as I undertand it).

Which should be done per router.

But let's face it... This could / should all be done on one router.

gotsprings

I use recursive routing and ping one if the DNS servers with netwatch. When it goes down... I use the connections flush method. Works perfectly.

gotsprings

Put a dumb switch infront of the two Mikrotiks. $30 or less.

gotsprings

Sent a support file to Mikrotik about 8 days ago.

What gives?

gotsprings

@gotsprings yeah it would be great if routeros had something like mesh tunneling or "SD-VPN". something like tinc would be great, but before that, ovpn with udp ;) I meant... SUBSCRIBE TO BIG LEAF'S Service. I only dealt with them on one install so far. The customer found them himself. BigLeaf take...

gotsprings

Bigleaf sd-wan

gotsprings

Thanks for the replies. No Verizon coverage is going to be a deal breaker for me, so I ordered a Sierra Wireless MC7455 card. Will RouterOS recognize this, or is there a way to install drivers? Kind of late... But that same wAP LTE KIT-US I used on T-Mobile. Is now running on Verizon wireless. I ha...

gotsprings

I'm actually very happy with the hAP ac2. My home is of wood construction, is single story, and about 185 m^2. We have a couple of tablets, a couple of smartphones, a couple of laptops, and an Amazon Fire stick on the TV. We occasionally have house guests that add another 1 or 2 phones and perhaps ...

gotsprings

I have 2 RB3011s that the webserver seems to have stopped responding. Winbox works. I can put a firewall rule in as a pass through and see the connection come in. But I see no response. Both running 6.44 Anyone seen something like this before? (I normally turn off the webserver... but this site requ...

gotsprings

https://youtu.be/SrDSqODtEFM

gotsprings

@anav: Give it a break with in-interface, dst-address is fine. Sorry I usually talk myself through config rules. Where are you coming from my sweet little packet and so forth . :-) Is there a situation where stating in-interface=eth-1 wan could be a problem (not including multi-wan setups)?? Yes......

gotsprings

OVPN has been "Broken" on Mikrotik for as long as I have been working on Tiks.

IPSec works well.

You should do an export of your firewall. As I stated above... your PAT (Port Address Translation) in the NAT chain "looked right".

gotsprings

ANAV As I put in that other thread you comment in. I wrote that script to UPDATE THE LOCAL IP ADDRESS ON EACH ROUTER. The EoIP tunnel configuration accepts the IP cloud address and updates it with in 70 seconds on a change. The script I wrote needs a scheduler to run it. But it checks to see if the ...

gotsprings

Hey gotsprings Question: my lte suffers from frequent lte disconnects, which most of the time the modem resolves itself, but sometimes it can't and I need to recycle (stop-start) lte interface to resume connectivity. That the reason why I have netwatch to monitor remote ip. Do you experience simila...

gotsprings

I don't use quickset...

But from what you posted... looks like it is setting up the VPN connection to get a 192.168.89.0/24 address.

If this was allowed in the firewall... you would be able to reach your local network unless SPECIFICALLY blocked.

gotsprings

I would say to not use interface lists and try doing the firewall with interfaces or address lists.

Its more than doable.

gotsprings

You are welcome.

You might want to select my answer as accepted so others can find it quickly.

gotsprings

Those look right.

gotsprings

@gotsprings, does IP cloud address of home router get updated automatically if the IP changes or does one need a script for that?/ @sindy remind me to call you when I try ipsec related setups. I managed to get ikev2 working on my iphone....... pretty pleased with that. IP Cloud updates every 60 sec...

gotsprings

/ip firewall address-list add address=81.198.87.240 list=ipCLOUD add address=159.148.147.229 list=ipCLOUD /ip firewall filter add action=drop chain=output dst-address-list=ipCLOUD place-before=1 add action=drop chain=forward dst-address-list=ipCLOUD place-before=1 /ip dns cache flush That should bl...

gotsprings

Hello, I am using Mikrotik on the vessels behind satellite modem with very limited data usage such as 50Mbyte per month. So each MBbye cost the customers extra US$s. We just allow e-mail IPs on the firewall I have seen on satellite POP, we have a lot of request from our satellite modem to 81.198.87...

gotsprings

If you have more than 1 PUBLIC IP... you have to use src-nat in your firewall NAT chain. NOT Masquerade. Lets use this an example... ISP issues you... xxx.xxx.229.105/29 Gateway as xxx.xxx.229.110 You would connect one connection from the WAN MODEM to one port on your router... say ether1. You would...

gotsprings

Why not use queues?

gotsprings

If I understood... You VPN to the Office using a OPERATING SYSTEMS OS. But you don't want to SEND ALL YOUR TRAFFIC to the Office network, then on to the internet? In Apple there is a Tick Mark for "send all traffic over VPN Connection". In Windws there is a Tick Mark for "use default gateway on remo...

gotsprings

I have 2 connections at my office. 1 RCN Cable Modem 1000/25M With a Public IP address. 2 ATT Cellular Backup Modem. 25/25M with a carrier grade NAT address. SO my solution was to set up a L2TP tunnel to my cohorts office. The L2TP tunnel does not use encryption... as it would fail if behind NAT whe...

gotsprings

You need to allow the VPN'd client to reach the internet and BLOCK access to the subnets you don't want it reaching. Mostly handled in /ip firewall filter. Rule 11 lets you access 192.168.44.0/24 network Rule 12 lets you access 192.168.40.0/24 network Rule 13 BLOCKS you from any other network. SO un...

gotsprings

]/interface lte apn add apn=NE01.VZWSTATIC default-route-distance=1 name=VerizonIPPass \ passthrough-interface=ether1 passthrough-mac=auto Once I did that on the WAP-R LTE Kit... the external IP passed to what ever device I connected. If you look at the APN... I am in the North East Part of the US....

gotsprings

When you setup EOIP... You have to have an entry for Local IP and Far IP. You can place the IP cloud information in the tunnel config. However... the LOCAL IP will RESOLVE AT THE TIME you OK the tunnel. So if the local address changes... the tunnel's encryption will fail. This will update the local ...

gotsprings

Connect a client and it will turn black?

gotsprings

Needed this the other day. In Eoip Tunnel you can define the far point (remote-address) to use IPCloud. But the local address does not. This will grab the local WAN IP and add it to a EoIP tunnel with the word "Tunnel" in the name. /system script add dont-require-permissions=no name=EoipUpdate owner...

gotsprings

I always hated the fact that people could easily steal you scripts with passwords in them. (dyndns)

gotsprings

Figured this out when I was working on caps-man. When you have to disable the SSID across more than one radio... that code made life much easier.

gotsprings

Then this would kill it :log info "Turning OFF Training." /interface disable [find name~"Training"] :log info "Training DOWN." This would bring it back up. :log info "Turning ON Training." /interface enable [find name~"Training"] :log info "Training UP." You can get fancy with if then and time of da...

gotsprings

You could do this several ways...
A simple way to "learn" or "start" would be to make 2 scripts and 2 schedules.
One enables the INTERFACES
One disables the INTERFACES

What are the names of the virtual interfaces?

gotsprings

The device is not properly setting connections as new then established. So it flags the connection as invalid. Then the router drops it on the next pass at invalid or dumps it on my drop all.

Been using this firewall for a couple of years now. This is new behavior.

gotsprings

Updated a CCR1009 and hAP AC2 from 6.44 to 6.44.1 Lots of connections are suddenly getting dropped by my DROP INVALID Forwarding rule. Pings between the 2 routers on VPN show timeouts that never did before. How can I downgrade and hAP AC when the Files Directory doesn't show enough space to put in t...

gotsprings

Upgrading 6.44.1 broke my firewall forwarding chains.

gotsprings

Updated hAP AC2 and CCR1009 from 6.44 to 6.44.1 I am seeing a lot of dropped Forwarded packets as INVALID. These are packets that should have hit the New connection from a local device in the address list. But are getting dropped. Also IPSEC connection between offices is now dropping pings. Call fro...

gotsprings

I don't know why people always use in-interface for port forwarding, it will bite them sooner or later. :) Because they saw it in some youtube tutorial, which was made on basis of having dynamic WAN address (e.g. PPPoE or DHCP) ... and if that's so, one can not really use dst-address as dst-nat cri...

gotsprings

No in interface.

The external IP is what you need.
A separate rule deals with local-address list to local-address list on Local interface.

gotsprings

Gotta use the EXTERNAL IP... interface won't do it.

Like SOB put it...
/ip firewall nat
add chain=dstnat dst-address=<public IP> protocol=tcp dst-port=80,443 action=dst-nat to-adresses=192.168.100.x

PUBLIC IP.

gotsprings

If you mean the srcnat rule with same src/dst-address=<LAN subnet>/<mask> used with hairpin NAT, that's not needed here. It's needed when client thinks that it communicates with some external address, but server would see client's real address from same subnet, would reply directly and that would n...

gotsprings

If you go lazy and do the DNS thing... You can only port forward to one IP. Not good if you have different services on different devices.

Sob left out the
Subenet back on subnet on interface rule.

gotsprings

Export your
/IP firewall nat

gotsprings

I'm using CAPSMAN and set Group-key-update to 01:00:00 and have had no luck with 2 doorbells. aes and WAP WPA2 on with now a shorter 8 character password. No issues connecting with any other device. Anyone else have experience? The device says has a problem connecting to the Internet. Seems like it...

gotsprings

The MoFi is averaging around 30M downloads sitting on my desk.

gotsprings

I got a wAP R-LTE US Kit. Got it working but some US frequencies seem to be missing. I like the form factor... but would really prefer having access to the US bands that i can with the https://www.sierrawireless.com/products-and-solutions/embedded-solutions/products/mc7455/ I bought a MoFi 4500 and ...

gotsprings

Thanks for the replies. No Verizon coverage is going to be a deal breaker for me, so I ordered a Sierra Wireless MC7455 card. Will RouterOS recognize this, or is there a way to install drivers? Kind of late... But that same wAP LTE KIT-US I used on T-Mobile. Is now running on Verizon wireless. I ha...

gotsprings

I never tried with the M2M plans from T-Mobile. I only did a prepaid plan for proof of concept. It showed me that I would have to mount the wAP R OUTSIDE to get a signal with T-Mobile. Keeping that in my back pocket for the next time one client I know of on AutoPay screws up his verizon account again.

gotsprings

I need a steady stream of packets that end up being ~4-6GB The $10 2GB plan just doesn't cut it and the 6GB plan is too expensive. M2M SIMs are a perfect fit, if I can find a modem that is allowed on that network and is mikrotik compatible. You need 4-6Gigs a month and $25 is too much? Wow. I stumb...

gotsprings

Info - I just updated the 207.32.194.24 btest server from 6.43.11 to 6.43.12

North Idaho Tom Jones

THANK YOU!!!

gotsprings

T-Mobile’s M2M service doesn’t work though. It’s imei filtered and the mikrotik LTE card isn’t on the approved list.

So get the $10 a month plan?

https://prepaid.t-mobile.com/plan-detai ... e-internet

gotsprings

https://mikrotik.com/product/wap_lte_kit_us I can confirm that this unit works with T-Mobile in the US. I had to set the APN to /interface lte apn add apn=fast.t-mobile.com default-route-distance=1 passthrough-interface=\ ether1 passthrough-mac=auto add apn=fast.t-mobile.com default-route-distance=1...

gotsprings

/caps-man channel
add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ceee \
    frequency=5180 name="Channel 36 80mhz"

Try that

gotsprings

After bunches of emails and support files... I got nothing.

Switched out unit to a MoFi modem feeding a hAP AC2. No Problem with remote connection.

gotsprings

I have a hAP AC2 running as just a wireless access point. I have a ring connected to it on 5.0 Ghz. No real problems keeping it connected. I have the group key at 5 mins. WPA2 AES. Its been on for about 45 days now.

gotsprings

Well then you need to resolve those IPs and punch them in on changes.
"Scripting"

gotsprings

Seems you would want a SSID and ports per apartment. Then have the "public SSID" run across all the hardware?

gotsprings

If one of the routers lacks a public IP... connect that one using L2TP then setup a encryption inside that connection.

gotsprings

I mean I bought a static public IP so I could reach the device remotely.

Works with Cradlepoint as a modem to a TIk.

But using the Mikrotik wAP LTE as modem and router... It's showing the one IP as the IP and the gateway. A remote connection hits then drops. Makes my remote management a problem.

gotsprings

/interface wireless security-profiles

Then you need to select the security profile for each wireless network you want to connect to.

gotsprings

Got 975M on my tests over short distances. But a difference being that the line of site MEANS line of site. Off axis the throughput disappeared completely even at short range. So AIM and a clean LOS is key.

gotsprings

If its anything like the wAP LTE I am testing... its meant to work like a cellular modem. The one I am testing has problems with the gateway its picking up. So it not allowing remote connections. Making it unsuitable for the application I was planning for it. I emailed support and am looking for a C...

gotsprings

I found out that when the wAP LTE connects to the cellular provider (Verizon) it does get the Static IP From the ISP. Problem is that it gets the static IP and doesn't set a gateway that is one number higher than the static IP. Cradlepoints receive the IP from Verizon and show the IP as /29 IP = xxx...

gotsprings

I am testing a wAP R-2nD as a replacement for our CradlePoint installs. I have the unit configured like a home router with wireless 2.4 bridged to the ethernet port and LTE modem setup as the WAN. I can reach the internet and browse normally. However i noticed that I can't get winbox to load when I ...

gotsprings

Copy and past this whole thing in a New Terminal Window using RIGHT CLICK (Your mouse buttons) Copy and Paste. DO NOT USE CTRL+C and CTRL+P /ip cloud set ddns-enabled=yes /ip firewall address-list add address=192.168.88.0/24 list=GotSprings /ip firewall nat add action=masquerade chain=srcnat comment...

gotsprings

Something like /ip firewall nat add action=dst-nat chain=dstnat comment="Redirect Guest DNS" dst-address=!192.168.x.x \ dst-port=53 protocol=udp src-address-list=Local to-addresses=192.168.x.x and mkv was correct. have the dhcp server tell the clients to use your piehole... (Kind of sounds rude when...

gotsprings

That rule doesn't look like it is meant for external connections. add action=dst-nat chain=dstnat dst-port=81 in-interface=bridge protocol=tcp \ to-addresses=192.168.88.1 to-ports=80 That rule would take a request on port 81 coming from the bridge (Local interface) and forward it to 192.168.88.1 por...

gotsprings

OVPN has not worked on port 1194 for about 10 years now.

Also as for using those VPN services to "side step" geolocation... providers update their blacklists from time to time too.

gotsprings

I'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server. /ip dhcp-server option print # NAME CODE VALUE RAW-VALUE 0 PIHole 6 '192.168.x.x' c0a80032 Where 192.168.x.x is the PI-Hole address. Would be even easier to put it in /ip dhcp-server network add address=192.168.2....

gotsprings

/ip firewall filter
export

gotsprings

Thanks Guys Wish I would Have found MikroTIK be for I started buying Cisco. Not that there is any thing wrong with cisco.
Maybe I may Ebay my Switch's and pick up a 48Port Poe MikroTiK

There are no 48 port Mikrotik switches.

So your Cisco makes sense.

gotsprings

Had this working for several months now.

hAP AC2 is the main router and I wanted to add it to the cap config that it is running three cAP AC.

/interface wireless cap
set certificate=request discovery-interfaces=bridge enabled=yes interfaces=wlan1,wlan2

gotsprings

pihole is a local dns server right?

You would set the dhcp-server to handout the pihole address to clients.

Then set up a rule to capture anything on port 53 and send it to your pihole server.

Any Tik should be able to do this.

gotsprings

Guys what can you say about roaming capability? Is this implemented in unifi is far better than mikrotik ones? Im consider which implement in my house.

Wysłane z mojego HTC 10 przy użyciu Tapatalka

Caps-Man can be MUCH MORE GRANULAR.

gotsprings

The cAP AC and hAP AC2 top out right around 300 at point blank range. But the R510 will actually hit the 866M you should get from a 2x2 AC-MU radio. True, but this is coming at four times the price of a cAP AC/Unifi AC Lite making the comparison unrealistic. Like said by someone else, it is all abo...

gotsprings

Quite happy with the performance of the capAC inside the home but range in 5Ghz is markedly and expectedly less than 2.4ghz.

That's pretty typical of 5GHZ. It is faster, but doesn't go through much, or very far.

gotsprings

How many AP's do you plan to install? aside from a singular AP performance, it's probably more relevant to assess the controller function and features along with the radio performance. The controller function and features along with the client compatibility unfortunately go hard against mtk enterpr...

gotsprings

At this moment bad, we tested 3 Intel Based AC Laptops and both are only able to connect to 54 MBit..... Kind of seems "par" for Mikrotik with wireless devices. They release them and it takes several months and routerOS/firmwares before they start showing acceptable results. I went through that wit...

gotsprings

Double post

gotsprings

Put OpenWRT on the wAP AC and with the newer Kernel and drivers you will get about 450MBit Is this something you can prove in a video or something? A post like that would blow up around here I should think. Might get some grease to the squeaky wheels. Like Cambium putting new OS's on Ubnt and Mikro...

gotsprings

Below might be reason for your problem /tool mac-server mac-winbox set [ find default=yes ] disabled= yes That's for accessing Winbox via MAC address rather than IP. His first allow rule using port 8291 is for a TCP connection as an IP connection. If you see the proper PUBLIC IP on the WAN INTERFAC...

gotsprings

At this moment bad, we tested 3 Intel Based AC Laptops and both are only able to connect to 54 MBit..... Kind of seems "par" for Mikrotik with wireless devices. They release them and it takes several months and routerOS/firmwares before they start showing acceptable results. I went through that wit...

gotsprings

I don't have experience with UBNT AP because the requirement of deploying UniFi controller on top of the APs doesn't fit with my purposes (home only as my business locations are Cisco centric). Nothing wrong with UniFi and I know it could be possible to do a "set and forget" setup but I like to kee...

gotsprings

At this moment bad, we tested 3 Intel Based AC Laptops and both are only able to connect to 54 MBit..... Kind of seems "par" for Mikrotik with wireless devices. They release them and it takes several months and routerOS/firmwares before they start showing acceptable results. I went through that wit...

gotsprings

I upgraded my router and it stopped working... Check if the update changed your master-slave settings to bridge. Thats the #1 thing I saw taking out routers who upgraded from below 6.40.8 to above it. Fixing the bridges and moving IP/DHCP-Server/Filter-Rules to use the new bridge interface got thin...

gotsprings

Set up caps-man on the router. Set the config to use local forwarding. Have the local radios set up as caps, by setting the interfaces in wireless. Then Press and hold the reset button on the other unit as you power it up until is ends up in caps mode. Then you should see 4 radios list on the router...

gotsprings

It would be great if there was a CAP with 4x4 AC-V2. But maybe some day... How is the wireless performance on the 4011 as JUST a wireless access point? The CEO is pushing hard to bring in Meraki. I would love to have a $250 Mikrotik kick the Crap out of the $1600 Wireless Access Point. The routing b...

gotsprings

Set up caps-man.

gotsprings

CZFan, This is a hardware issue that I can cure by switching to any one of several other wireless access points we have. I had emailed support about it when i found it repeatable. I got an email to update routerOS a few weeks later. Which I did. Problem was not solved. I emailed support again with m...

gotsprings

Normis, When I send a request to support for a wireless radio (the 2.4 on a wAP AC) becoming "unavailable" until you restart it (but the 5.0 radio keeps right on going)... that's checking to see if something is a bug. Especially if there are several other units in the same install not showing the sa...

gotsprings

I wanna use Mikrotik Caps-Man... but it doesn't perform nearly as well as competitive products. I keep trying to improve the performance but: The Manual for caps-man is clearly incomplete. When I email support with an issue and send support files... I get replies 30 days later. 30 DAYS LATER. That i...

gotsprings

https://wiki.mikrotik.com/wiki/Manual:CAPsMAN I was checking the caps-man manual, and I don't see reference to: KeepAlive-Frames. or Multicast-Buffering. in 6.43.8 I do see Multicast-Helper in winbox. But not Muticast-Buffering. There is an option for Keep-Alive Frames but no explanation in the manu...

gotsprings

Try a power cycle on the port:
Code: Select all
/ interface ethernet poe etherX power-cycle

Unit still won't power up until I force POE to on. But the complaint in red is gone.

gotsprings

The Ruckus seem even more expensive.. I'm not sure if this isn't way overkill for my home (concrete house). I'm just trying to figure out whether I should get the Hap Ac or Ac2 and which Wireless AP (4 of them)... this is getting really difficult it seems :) Ruckus is more expensive that Mikrotik. ...

gotsprings

Dario.

When you configure a hAP AC2, cAP AC, and Rucks R510 exactly the same and swap them into the same spot one after the next... You would get it.

The cAP AC and hAP AC2 top out right around 300 at point blank range. But the R510 will actually hit the 866M you should get from a 2x2 AC-MU radio.

gotsprings

Mikrotik for routing. Ubnt for PtP links. Ruckus for Wireless Access Points. In wireless.. I can do a ton of stuff with Mikrotik wireless that I can't with Ubnt. But in straight throughput... The Ubnt is going to beat the Mikrotik and Ruckus is going to clobber both of them by a considerable margin....

gotsprings

Router OS 6.43.8. Matching firmware.

gotsprings

Trying out my first 328. The POE seems kind of odd. I had a Wireless Wire Not Power Up on one port but it did on another. Then a UBNT CloudKey... plug it in and I get a "poe-out status: current_too_low" complaint. The unit won't power up until I set the port to POE Forced On and Voltage High. The er...

gotsprings

When Mikrotik got rid of master slave... A BLIND update could really "screw some s__t up" on may configurations. And auto update would have resulted in disasterous results. That's what change logs are for, and why you read them before you hit UPDATE. An unmanaged device gets hacked after the install...

gotsprings

Which RouterOS version are you using ? Cloud implementation has been updated recently, make sure you have a new version.

We have lots of routers out there with 6.40.8 BugFix. Is that release effected but this?

What versions of routerOS should be working with IP cloud?

gotsprings

Seen this since Friday. Would really appreciate and update.

gotsprings

I was trying to come up with a script that could read the registration table from caps-man and output number of clients per SSID. So it would show up as 20:00:00 SSID Main=$Mclients SSID Guest=$Gclients 21:00:00 SSID Main=$Mclients SSID Guest=$Gclients Could be useful for seeing how many clients are...

gotsprings

When I switched to SwitchOS the fans stayed on. After I updated the OS... they spun down.

Switched back to RouterOS and left it on over night on the bench. When I got here this morning... the fans are off.

gotsprings

Here is the CAP config. # dec/10/2018 17:15:44 by RouterOS 6.43.4 # software id = 5M5A-5I1M # # model = RouterBOARD cAP Gi-5acD2nD /interface bridge add admin-mac=CC:2D:E0:xx.xx.xx auto-mac=no comment=defconf name=bridge /interface wireless # managed by CAPsMAN # channel: 2412/20/gn(28dBm), SSID: No...

gotsprings

What sort of numbers are you actually getting over wireless? Using a CAP-AC in Caps-Man mode: My AC-MU 2x2 network card shows a connection of 866.7M in Windows. Screenshot 2018-12-10 13.55.58.png Caps-Man shows 866M the device connected at. Screenshot 2018-12-10 13.52.18.png Actual throughput seems ...

gotsprings

Just hooked one up for testing. As soon as I applied power the fans spun up. After about 20 seconds... they stopped.

gotsprings

Why would you want to Cap-Man 50 unique SSIDs?

(If I understood the end result I might be able to help you make something.)

gotsprings

Its been in there for years. Go into your access control list under wireless. You can generate/set per Mac address passwords. I took my dpsk file from my Zone Director and copy and pasted the passwords in to my access list. Result... The dpsk keys work on my Mikrotik wireless. Unplugged the ZD month...

gotsprings

Normis Look at a default router. hex hap whatever. /ip dhcp-server network Whats right there in the dns entry? As for comment about get someone to respond to my support tickets... they refer to 2.4 Radios suddenly deciding to go into a "stuck beacon" like mode. I have send support files a few times ...

gotsprings

For a cap...
/system package update install
/system routerboard upgrade
y
/system reboot
y
/system reset-configuration skip-backup=yes caps-mode=yes

Thats all that you should need to do on a cap.

gotsprings

Normis. How about you get someone to actually look into my support tickets. As for not using quickset. If you use quickset you will notice that /IP DHCP-server doesn't include DNS entries in the client info. Yesterday someone else used quickset to change the IP scope. When I logged in the ether-1 of...

gotsprings

Use quickset and set the IP scope. First thing you notice... No DNS entry in the DHCP-server.

gotsprings

Never ever use quickset!

gotsprings

No solution and no interest in replying from support.

gotsprings

NEVER EVER USE QUICKSET!

Search found 774 matches