Most devices allow only unicast NTP server use, so try to use the address of the router as the NTP time server IP for test. Also try to define accept rule in Ip Firewall Filter, input chain, protocol UDP, destination-port 123, and in-interface to whichever is router LAN interface. This should make t...
We have Mikrotik v.7.11.2 router with two uplink ports eth1 and eth2 and DHCP Client active on each interface, both connected to the same ISP. ISP DHCP server assigns different IPv4/32 address to each interface, but provides single gateway IPv4 for both interfaces. Effect is that only one of the int...
I know this is replying to old post but just to make sure this is sorted enable use-ip-firewall and use-ip-firewall-for-vlans on the Capsman bridge,
per this thread viewtopic.php?t=151296
Cofiguration is relatively complex to post and contains too many private details to remove... talking about ~150 rules or so. Allow-all is great as soho firewall default, but generally shouldn't be a croproate practice... When I actvate default deny- all as the last rule in firewall forward chain, i...
Running in circles for couple of hours, I have two routers ... first one does inter-VLAN routing and another one handles Internet access (NAT, hotspot, etc.). On the inter-VLAN router I setup allow and deny rules in forward chain so to handle local routing for different VLANs/Subnets, but would like...
Thank you, I will need to setup a bench test for this as I cannot play on the production anymore. Netwatch type of script to check unicast and (de)activate VRRP address for secondary router would be an easy way out, but I would rather solve it using standard VRRP features. Will update here as soon a...
Yes the VRRP outside of a group that functions over EOIP tunnel through VLAN functions normally. Regular VRRPS through VLANs don't. When VRRP over EOIP through VLAN is selected to be the group master for all other non functioning VRRPs then I recieve error message in the subject of this email, displ...
Trying to setup VRRP between two routers, interconnected through two switches, all running Mikrotik v7.11.2. Interfaces between each are bonded but without forced MAC. Topology logically looks like this with bonded interface: R1----SW1----SW2----R2 Physically it is like this: R1===SW1===SW2===R2 Bot...
Possible solution is to make a firewall input rule with tcp port 8291 or 161 as the destination and rule action to add destination address to the IP list for enough time to be checked. This will add the local address of tried winbox/snmp connections to the list so could be used to troubleshoot and f...
Using Dude with many devices in differnet maps creates issue where it is hard to identify a device in dude with wrong or no password entered. This is causing repetitive errors in the device log and damaging NAND as this is erorr/critical type of logging event. In order to ease identifying of the loc...
Wanted to reiterate prior to submitting a bug request as the issue is still present in 7.11 where the order of Capsman export/import seems wrong. Exporting Capsman settings using the command: /caps-man export file=ExportCapsman.rsc show-sensitive exports data into .rsc file, with the following order...
I didn't use that same exact hex and modem, but usually there is no need for additional settings. Just APN for SIM card if required, SIM in proper slot if multiple slots exist, etc. some tricks here: https://wiki.mikrotik.com/wiki/Manual:Interface/LTE#User_at-chat_command I just had a same thing &qu...
I have relatively complex and redundant network and noticed already since 7.8 up until 7.9.1 I have some issues with RSTP bringing ports down. Happens twice or three times a week and logging only contains local interface > Bridge RX looped packet MAC of the local admin brdge MAC and then main router...
Just to add to this old post, this was later documented as compatibility issue of SFP and the switch, but I didn't re-check if it was also fixed in the meantime. Learning would be be to check compatibility prior and have both switch and SFP in production at least for a year prior to purchase so any ...
Thank you all for help on this. As an update, disabling MNDP on all edge switches stopped LinkRunner to identify and display wrong ports ... which was the main concern. NetAlly LinkRunner AT is on the latest FW version so no options there to upgrade or change to what I investigated. I hope this help...
We are using IPTV from 3 different sources on LAN, some music and microphone sources etc. in one implementation so I have 3 different VLANs that need to transport multicast. Right now I have some strange issues with occasional 15 sec. breaks in sound and broadcasting instead of multicasting traffic....
To what I can understand from theory, activate IGMP spoofing on the router LAN interface bridge, with Multicast Querier also activated on the router. Also activate IGMP spoofing on the switch and "Fast Leave" on all related ports: 1. On switch port towards IPTV 2. On router port to which y...
As an update I believe Capsman limits in documentation should be updated with the findings below after Mikrotik staff reviews to confirm. All related to 7.8. So I noticed a single CCR1036 is not enough to handle 250 dual band APs with 4 SSIDs on each with three of those having ~600 clients with Caps...
Hi there, Using using satellite connection with guaranteed CIR, but often achieving MIR which is double speed to CIR. So I am looking into any way that I can prioritize certain traffic type (mangle marking) over other traffic when achieving MIR since connection is quite expensive. However, any queui...
We have put in production a number of CRS354-48P-4S+2Q+RM for the edge layer. Each of them is connected between using QSFP links as some form of edge stacking. Then we SFP+ from each "stack member" to the core layer consisting of a ring of 4 x CRS326-24S+2Q+RM forming a core loop interconn...
OK for now I am still waiting to get to the "impossible to find" port, where I would need to test all possibilities in which case I will try documenting them here. So far I manage through the system of elimination (one way or the other), but with 42 pcs of CRS354-48P-4S+2Q+ to implement an...
Well if I had more time I could probably write thos scripts, but due to project delivery now is not the best of times :) Wouldn't be an issue if this was documented somewhere so we don't run into such issues too late in the project but I couldn't find that info. What I noticed that I managed to add ...
IP Neighbours list is fine to identify all connected neighbors, but Mikrotik displays VLAN or VRRP under the interface column and not the actual ethernet port to which particular device is attached as with 7.8. I might be missing something here but also NetScout attached to the ethernet ports behave...
Apologies for reopening this old thread, but it seems that still even today on 7.8 Capsman dynamic VLANs work only if I manually add all Capsman WiFi interfaces into the bridge VLAN, where I want to redirect clients using Access List by specifying VLAN mode as tagged and specifying that bridged VLAN...
Noticed on 7.8 that Capsman export creates script with wrong order of the commands, so automated importing to backup Capsman doesn't work properly. As a bypass export can be done in pieces step by step and imported in the same manner, but just to note that this worked on the last version 6 prior to ...
On 7.6 setup TFTP server rule, but tftp client reports connection timeout when try to download the file after couple of retries. - Client is windows10, with MS tftp and also tried WinAgents TFTP Client version 2.0b by Tandem Systems, Ltd. but still the same. - TFTP rule is OK as otherwise error is d...
... however, now I am unable to set bridge VLANs anymore to ethernet ports, like it worked earlier. We use mostly HAP AC as CAP and it has eth1 as trunk port carrying all VLANs, but eth2-4 & SFP are used to connect other equipment in different VLANs as either tagged or untagged ports. How to ach...
We use Capsman local forwarding and have three VLANs/SSIDs to push to many CAPs. Bridge VLANs are pushed normally to CAPs from Capsman, together with tagged WiFi interfaces as Dynamic. However, this is just part of the required setup since "bridgeLocal" and "eth1" don't get pushe...
Yes, I get what you mean and I do believe both copy options should be implemented. Of course that's my advice and for what's it worth ... but this is something I'm repetitively bumping into, so my guess was I'm not alone :) I do see table tabbed data copying as a "low hanging fruit", which...
I learned that maintaining primary and secondary backup router in production is much easier with daily export/import scripts copied over FTP or SSH. To make it more reliable you can split export/imports into multiple parts, so to allow partial import in case of particular issue of single section con...
Winbox is getting better by the day, but seems I am still missing a function to copy contents of the table (or selected rows) to the clipboard. Yes, I can export config to a file or copy terminal contents but in both cases I need to filter and cleanse it afterwards manually. Often I want just to cop...
Rather than reinventing the wheel with own protocols, I would recommend using standard management protocols as much as possible. Possibly by extending Dude or maybe building it as a superset to Capsman, but with Radius, SSH, SFTP for encrypted file copy and similar. Either way, should be optional to...
When you get a chance I would like to propose adding Ping, Mac ping and Wake on LAN buttons in Winbox DHCP lease details window, to the right side of General and Active tabs.
Additionally Telnet and SSH would be handy to have there, but above would definitely be useful.
Hi all I have the following hardware: - 2x CRS328-24P-4S+ running 6.47.9 (long-term) manufactured Feb/08/2021 12:48:33 and routerboard on 6.47.9 - 5x SFP+ are Vendor Part Number: XS+31LC10D, Vendor revision 1.0, Manufacturing Date: 21-04-08 - 2x Using SM fiber cable FC-SM-300 by Ubiquiti Networks wh...
Unce upon a time I was unable to use bursts on PCQ when I tried to implement something similar. They simply were not functioning as expected during tests as what I can still recall. So is it official that bursting is not supported combined with PCQ? Can you please point to where that is stated by Mi...
Working on some stuff so wanted to check, is there any way in RouterOS to: - create a dynamic simple queue (dynamic, as in having flag = "D", meaning it doesn't get saved to the flash)? DHCP static lease creates such queues when "limit" is defined in the lease, but I am not sure ...
Not sure if you resolved this in the meantime, but let me try to help. Having you to manage 2500 simple queues and CCR processor handle them is not exactly optimal way, so I would like to recommend you to check PCQ queue type. It also enables limiting bandwidth by IP (if required by setting "ra...
Dear support, I noticed today again that winbox doesn't have copy/paste functionality for tables. Primarily would be useful for hotspot hosts, dhcp leases, firewall ip lists, but in fact would be appreciated to add copy function to any table displayed in Winbox. Not sure why this is already not done...
One use case for InterCell would be on the ships in international waters so to eliminate phones doing excessive sync and cloud backups over satellite uplink. Most phones are set not to do such traffic while in roaming so this would eliminate need to block such traffic. Hope this starts to add on ide...
Posting this in scripting as it mainly relates to that though not exclusively. First of all, all the best to whole team and congrats on excellent software and hardware produced for years now! Did lots of projects using Mikrotiks and I still cannot remember anything that makes me so happy as learning...
Yes, basically it would be Netherlands, Belgium, France, Switzerland, Germany, Austria, Hungary, Croatia, Serbia, Romania, Bulgaria, Greece, Turkey, Albania, Montenegro, Italy, preferably also Russia & Egypt. So all GSM network types GPRS, EDGE, UMTS, HSDPA, HUSPA, HSDPA+, LTE, and frequencies o...
Would I also be able to limit on what reduced-privilege user can do in Mikrotik GUI?
Like for example just check the connection status, and connect/disconnect when needed?
Thank you both for help, really appreciated. Funny how couple of IT buzzwords open up tons of materials to go through. For now I will try with dd-wrt/Openwrt using tinc or opencloud. Guess speed of encryption will be enough for what I need. Please update if you hear some update about this in RouterO...
I realized shortening prior post would help, so here it goes... WANT: I want to buy 5 Mikrotik routers to connect 5 sites into some sort of secure/encrypted network between them. Each site should be able to access every other site through direct encrypted route/tunnel running over Internet. This wou...
Thanks for the answer. It should work like you propose, but some people told me that not too many Mikrotik compatible PCIe modems work well with all mobile networks. Apparently "Sierra wireless is fine, unlike all the others", but I didn't receive more details other than that vague stateme...
Hi all, I am unsucesfully looking for a solution to simple problem for an extended period of time, so I realized it is better to ask for some help at this point. Basically I have 5 locations (homes) with PPPOE authentication DSL Internet connections provided by local ISPs without fixed IPv4 addresse...
Hi all, I would like to use Mikrotik router for connecting river boat to the Internet over any available mobile networks. Mobile modem should support GPRS/EDGE/UMTS/HSDPA/HUSPA/HSPA+ and LTE on European frequency bands. Ship traverses 11 countries, so it would be single SIM in constant roaming (sing...