Community discussions

MUM Europe 2020

Search found 39 matches

by stormeporm
Wed Apr 24, 2019 8:41 am
Forum: General
Topic: dhcp en bridge vlan filtering
Replies: 5
Views: 619

Re: dhcp en bridge vlan filtering

I've added a dhcp server on eth1 to see if it workes at all and corrected the things you guys pointed out. Dhcp is working like a charm on eth1 Still no dhcp on 5 or 6 /interface bridge add name=bridge-vlans vlan-filtering=yes /interface vlan add interface=bridge-vlans name=bridge-vlan-10 vlan-id=10...
by stormeporm
Wed Apr 24, 2019 12:02 am
Forum: General
Topic: dhcp en bridge vlan filtering
Replies: 5
Views: 619

Re: dhcp en bridge vlan filtering

ok sorry for taking a while to react. I had no time and no test setup anymore. New setup and a bit of time. My current setup 1 bridge with 2 vlans. I want to have 2 dhcp servers on the 2 vlans. But I cant get it to work. What is the proper way. Do I need to create a bridge per vlan? export: router o...
by stormeporm
Tue Apr 16, 2019 12:20 pm
Forum: RouterBOARD hardware
Topic: RB3011UiAS-RM
Replies: 102
Views: 53691

Re: RB3011UiAS-RM

The hardware acceleration for ipsec is here
https://download2.mikrotik.com/news/news_88.pdf
by stormeporm
Sun Jan 20, 2019 2:09 am
Forum: General
Topic: dhcp en bridge vlan filtering
Replies: 5
Views: 619

dhcp en bridge vlan filtering

I'm lost on the bridge vlan filtering and dhcp. I know how to to this with the switch chip but I wanted to try it with a bridge. I have 3 vlans. Zo I set up a bridge with all interfaces needed in it. Add vlans to the bridge and configure tagged and untagged ports. this al works different ports are i...
by stormeporm
Tue Jul 10, 2018 6:52 pm
Forum: General
Topic: Bridge VLAN Filtering
Replies: 22
Views: 9183

Re: Bridge VLAN Filtering

Is there any chance that the bridge vlan filtering with hardware offloading will be expanded to the devices that at this moment are capable of doing it in the switch chip like the crs, rb2011, rb3011? I was used to doing it in the switch chip then the new bridge thing came along and I to thought tha...
by stormeporm
Sun Sep 10, 2017 11:10 pm
Forum: General
Topic: Nat rule not working for internal network
Replies: 3
Views: 1968

Re: Nat rule not working for internal network

Thanx the hairpin nat was the info I needed it works now!
by stormeporm
Sun Sep 10, 2017 2:18 pm
Forum: General
Topic: Nat rule not working for internal network
Replies: 3
Views: 1968

Nat rule not working for internal network

I have server on a local ip address and a dstnat rule that forwards traffic from the wan to the local ip adres on a single port. chain=dstnat action=dst-nat to-addresses=192.168.69.10 to-ports=119 protocol=tcp dst-address=xx.xx.xx.xx dst-port=119 I can access it just fine on that port from the outsi...
by stormeporm
Wed Jan 25, 2017 6:23 pm
Forum: SwOS
Topic: filter out multicast
Replies: 10
Views: 9460

Re: filter out multicast

Guess like this cant test it.
/interface ethernet switch rule add ports=ether1 switch=switch1 dst-address=224.0.0.0/4 new-dst-ports=

You should check your switch en and port nr.
Let met know if it works.
by stormeporm
Tue May 03, 2016 3:26 pm
Forum: General
Topic: does mikrotik use multiple arp tables
Replies: 1
Views: 456

does mikrotik use multiple arp tables

I was wondering what happens if you have the same mac addresses on different vlans.
If mikrotik uses an arp table for each vlan it should all word fine but does it do that?
by stormeporm
Thu Apr 21, 2016 10:30 am
Forum: General
Topic: multiple wan adresses and dmz
Replies: 0
Views: 403

multiple wan adresses and dmz

I cant figure out how to do this properly I have multiple external ip addresses 1 (.177) is for my router and the other 5 are going to be used on my dmz for servers. I have xx.xx.xx.176/29 over adsl. I connect over ether1 with pppoe. The dmz is on ether2 with a switch connected. All servers use a st...
by stormeporm
Wed Feb 17, 2016 10:51 pm
Forum: General
Topic: Feature Request: shutdown script
Replies: 1
Views: 1321

Re: Feature Request: shutdown script

you could create a script that ends with a shutdown.
by stormeporm
Wed Feb 17, 2016 10:25 am
Forum: General
Topic: feature request ros 7
Replies: 3
Views: 1307

Re: feature request ros 7

I meant it as an visual change just to make the list of firewall rules shorter and more organized. I use the CLI a lot and when the list gets long its gets pretty annoying to find where a rule is. When I have this random list of firewall rules I would like to collapse the first 9 rules into one line...
by stormeporm
Tue Feb 16, 2016 11:45 pm
Forum: General
Topic: feature request ros 7
Replies: 3
Views: 1307

feature request ros 7

Could you add the possibility to create firewall filter sets? When I create a ssh brute force block set of rules to show them as 1 rule an add the possibility to watch inside the set and see the different rules this set is build on. It would make the firewall rule list a lot more organized and easie...
by stormeporm
Fri Aug 22, 2014 1:13 pm
Forum: RouterBOARD hardware
Topic: New product CRS 109
Replies: 48
Views: 15642

Re: New product CRS 109

Which switch chip is it using?
Wil it get the exact same features as the crs-125? This would be nice because I would like to play with the 125 but I don't need 24 ports. The 109 would be a nice test platform.
by stormeporm
Mon Jun 02, 2014 10:52 am
Forum: General
Topic: Trunking support
Replies: 6
Views: 1365

Re: Trunking support

Ok It worked with your old switch so you're shure the esxi part is configured correctly. And you want to connect your esxi machine to your mikrotik with one cable? And then divide the vlans over several ports on your mikrotik? Do you want to have inter vlan traffic, to be able to connect a server on...
by stormeporm
Mon Jun 02, 2014 10:36 am
Forum: General
Topic: RB2011UiAS-2HnD-IN
Replies: 7
Views: 3336

Re: RB2011UiAS-2HnD-IN

Thanks everybody for the information!
I didn't notice the "i" in the name.
by stormeporm
Fri May 23, 2014 2:33 pm
Forum: General
Topic: RB2011UiAS-2HnD-IN
Replies: 7
Views: 3336

RB2011UiAS-2HnD-IN

I noticed that the new RB2011UiAS-2HnD-IN has a poe out on port 10 these days.
But I cant find any information about it.
Is is passive poe?
Is it only available on the new RB2011UiAS-2HnD-IN or does the old one support it as well.
by stormeporm
Tue May 20, 2014 7:42 am
Forum: General
Topic: Trunking support
Replies: 6
Views: 1365

Re: Trunking support

I Would use the switch chip for what your doing. But what is it exactly what your trying to accomplish?
Do you want to team the 2 interfaces of esxi? Or do you want the traffic from esxi to the router and back to esxi?
by stormeporm
Mon May 19, 2014 9:59 am
Forum: General
Topic: where are the 3 cpu ports on the switch for on rb2011
Replies: 2
Views: 752

Re: where are the 3 cpu ports on the switch for on rb2011

I've mailed mikrotik and they had some very detailed answers thanx for that mikrotik! > To get my wifi connected to the switch you need to connect a cpu port to > the switch. This port will be connected to the interface that is the master > interface on the switch. But there are 3 cpu ports to the s...
by stormeporm
Mon May 12, 2014 4:14 pm
Forum: General
Topic: where are the 3 cpu ports on the switch for on rb2011
Replies: 2
Views: 752

where are the 3 cpu ports on the switch for on rb2011

I was changing my vlan setup to let the switch chip to do all the hard word instead of the cpu. This is working great but it left me with some questions. To get my wifi connected to the switch you need to connect a cpu port to the switch. This port will be connected to the interface that is the mast...
by stormeporm
Tue Dec 24, 2013 12:54 pm
Forum: RouterBOARD hardware
Topic: crs-125 dynamic mac based vlan
Replies: 1
Views: 818

Re: crs-125 dynamic mac based vlan

Ok found it it was already in the examples :?
http://wiki.mikrotik.com/wiki/Manual:CR ... Based_VLAN
by stormeporm
Fri Dec 20, 2013 4:30 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G Performance Expectations
Replies: 5
Views: 1605

Re: CRS125-24G Performance Expectations

The rb2011 wich has the same cpu and memory can do a throughput of +- 270/250Mbit with firewall, not to many rules and NAT. This is not based on the official test so it might differ a bit this is from somebody with a 500/500 connection I know. Mikrotik used to have the throughput numbers on there pr...
by stormeporm
Fri Dec 20, 2013 4:12 pm
Forum: RouterBOARD hardware
Topic: crs-125 dynamic mac based vlan
Replies: 1
Views: 818

crs-125 dynamic mac based vlan

Since the crs is a layer 3 switch is it possible to configure ports with dynamic mac based vlan? I want to be possible to connect certain known pc's in a different vlan when they plug in. But I don't know where they will plug in. That is where the dynamic part is useful. The known systems go in a di...
by stormeporm
Tue Oct 01, 2013 1:00 pm
Forum: General
Topic: vlan hopping and ingress filtering
Replies: 2
Views: 1765

Re: vlan hopping and ingress filtering

vlan hopping http://en.wikipedia.org/wiki/VLAN_hopping VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that wo...
by stormeporm
Wed Sep 25, 2013 2:35 pm
Forum: General
Topic: vlan hopping and ingress filtering
Replies: 2
Views: 1765

vlan hopping and ingress filtering

I was wondering is it possible to do vlan hopping on a mikrotik device. This is because I cant find any ingress filtering so it should be possible to double tag a packet. Is it also possible to vlan tag your packets over wifi? If the above is possible I'ts dangerous to use vlans on you mikrotik devi...
by stormeporm
Mon May 13, 2013 4:29 pm
Forum: Wireless Networking
Topic: Cant authenticate Groove A-2Hn-32??
Replies: 3
Views: 1440

Re: Cant authenticate Groove A-2Hn-32??

Ok it was just broken got a replacement
by stormeporm
Sun May 12, 2013 1:45 pm
Forum: Wireless Networking
Topic: Cant authenticate Groove A-2Hn-32??
Replies: 3
Views: 1440

Re: Cant authenticate Groove A-2Hn-32??

Nobody knows a way to check what is causing the problem?
by stormeporm
Fri May 03, 2013 11:11 am
Forum: Wireless Networking
Topic: Is mikrotik is secured ...
Replies: 14
Views: 2853

Re: Is mikrotik is secured ...

If your going to add ipsec dont do it with a pre shared key but use a certificate.
Ms chap is compromised
http://msmvps.com/blogs/harrywaldron/ar ... ccess.aspx
by stormeporm
Thu May 02, 2013 1:36 pm
Forum: Wireless Networking
Topic: Cant authenticate Groove A-2Hn-32??
Replies: 3
Views: 1440

Cant authenticate Groove A-2Hn-32??

I have a mikrotik Groove A-2Hn-32 with a 14db panel antenna on it. It has been working fine but suddenly I cant connect to it anymore. It just shows extensive data loss in the logs and I cant authenticate. So I reseted it did not help. updated the firmware nothing changed. I dropped all security but...
by stormeporm
Mon Feb 04, 2013 11:34 pm
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 7077

Re: Cant connect to internet with pppoe client

Ok this is really weird it just works now.
Ive changed nothing, ive just connected everything again and it now works.
Probably the reboots of modem and router did it.

So the lesson learned here is if pppoe is not working when your sure it should reboot everything and try again.
by stormeporm
Fri Jan 11, 2013 11:02 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 7077

Re: Cant connect to internet with pppoe client

Nobody knows whats wrong?
by stormeporm
Thu Jan 10, 2013 10:06 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 7077

Re: Cant connect to internet with pppoe client

Yes i can ping the internet when i do it from my router over the pppoe interface.
I cannot ping the internet when I do it from a computer. Its no dns problem pinging an ipmadres does not make any difference
by stormeporm
Thu Jan 10, 2013 12:00 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 7077

Re: Cant connect to internet with pppoe client

As you requested Firewall 0 ;;; Drop Invalid connections chain=input action=drop connection-state=invalid 1 ;;; Allow Established connections chain=input action=accept connection-state=established 2 ;;; Allow ICMP chain=input action=accept protocol=icmp 3 ;;; laat alleen verkeer van zakelijk netwerk...
by stormeporm
Wed Jan 09, 2013 12:42 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 7077

Re: Cant connect to internet with pppoe client

I've cleaned up my firewall rules see post below for current ones interfaces 0 sfp1-gateway ether 1500 1598 4074 1 ether1-trunk ether 1500 1598 4074 2 ether2 bedrijf ether 1500 1598 4074 3 ether3 ether 1500 1598 4074 4 ether4 ether 1500 1598 4074 5 R ether5 ether 1500 1598 4074 6 ether6-wan ether 15...
by stormeporm
Mon Jan 07, 2013 2:26 pm
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 7077

Re: Cant connect to internet with pppoe client

I will post my firewall rules tonight. It might be something in the firewall.
The firewall rules have not been changed since I it was working on dhcp as wan.
Accept changing the wan interface in my rules to the pppoe interface.
by stormeporm
Mon Jan 07, 2013 12:53 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 7077

Cant connect to internet with pppoe client

I have the following problem. I have set up my router with an pppoe client as wan. This works up to the point that it connects and I get an ipadres and a gateway. I've added the gateway to my default route. I've setup masquerading on the pppoe interface. But I cant use it to connect to the internet ...
by stormeporm
Fri Jan 04, 2013 2:20 pm
Forum: Beginner Basics
Topic: alias for a bunch of ipaddresses
Replies: 3
Views: 1144

Re: alias for a bunch of ipaddresses

thnx

I had been looking at it but I could not find a way to add multiple addresses to one list.
Is the correct way to do this add multiple addresses with the same addresslist name?

Like this
list1 - 192.168.1.1
list1 - 192.168.1.2
by stormeporm
Fri Jan 04, 2013 1:38 pm
Forum: Beginner Basics
Topic: alias for a bunch of ipaddresses
Replies: 3
Views: 1144

alias for a bunch of ipaddresses

In pfsense you can make groups of a lot of things by grouping them in an alias. I was wondering if routeros has a same feature.
I want to make a alias with the ipaddresses of my printers so I can make a single firewall rule to access them from different networks.
Is this possible?

Thanx in advance