Community discussions

MikroTik App

Search found 45 matches

by stormeporm
Mon Apr 11, 2022 11:23 pm
Forum: General
Topic: ROS 7 PPPoE IPv6 DHCP Server/Client not Working
Replies: 1
Views: 479

Re: ROS 7 PPPoE IPv6 DHCP Server/Client not Working

Hi Yes I had this problem and its fixed in v7.2
by stormeporm
Thu Feb 03, 2022 11:43 am
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223469

Re: v7.1.1 is released!

So ive updated my CCR1009-8G-1S-1S+ it worked until I updated the routerboard firmware.
Now its in a bootloop.

I had v7RC4 running on it as a test and it was working fine.]

A fresh netinstall fixed it. But it does not make me very eager to use this thing in production
by stormeporm
Fri Jan 22, 2021 6:41 pm
Forum: General
Topic: Port flapping (ether6 link down/up) on RB3011UiAS-RM
Replies: 54
Views: 35388

Re: Port flapping (ether6 link down/up) on RB3011UiAS-RM

Same here version 6.48 massive port flapping with my rb3011.
Had not experienced it before.
by stormeporm
Mon Dec 21, 2020 1:24 pm
Forum: Wireless Networking
Topic: CAPsMAN how to keep .npk updated ? (Cap Manager auto-update)
Replies: 5
Views: 9983

Re: CAPsMAN how to keep .npk updated ? (Cap Manager auto-update)

I've added some code to remove the old file so you wont accumulate npk's until your disk is full
Execute it before you download the new npk

:local oldNpk [file find name ~"routeros-"]
/file remove $oldNpk
by stormeporm
Wed Nov 25, 2020 11:25 am
Forum: General
Topic: ingress filtering on the bridge
Replies: 2
Views: 749

Re: ingress filtering on the bridge

Thnx!
by stormeporm
Tue Nov 24, 2020 3:26 pm
Forum: General
Topic: ingress filtering on the bridge
Replies: 2
Views: 749

ingress filtering on the bridge

Hi can someone explain to me what the ingress filtering on the bridge is for. Not the ingress filtering on the ports
/interface bridge set ingress-filtering[
Is it the same as on the regular ports but its for the cpu port?
Or is it a global setting for al ports?
by stormeporm
Wed Apr 24, 2019 8:41 am
Forum: General
Topic: dhcp en bridge vlan filtering
Replies: 5
Views: 1647

Re: dhcp en bridge vlan filtering

I've added a dhcp server on eth1 to see if it workes at all and corrected the things you guys pointed out. Dhcp is working like a charm on eth1 Still no dhcp on 5 or 6 /interface bridge add name=bridge-vlans vlan-filtering=yes /interface vlan add interface=bridge-vlans name=bridge-vlan-10 vlan-id=10...
by stormeporm
Wed Apr 24, 2019 12:02 am
Forum: General
Topic: dhcp en bridge vlan filtering
Replies: 5
Views: 1647

Re: dhcp en bridge vlan filtering

ok sorry for taking a while to react. I had no time and no test setup anymore. New setup and a bit of time. My current setup 1 bridge with 2 vlans. I want to have 2 dhcp servers on the 2 vlans. But I cant get it to work. What is the proper way. Do I need to create a bridge per vlan? export: router o...
by stormeporm
Tue Apr 16, 2019 12:20 pm
Forum: RouterBOARD hardware
Topic: RB3011UiAS-RM
Replies: 102
Views: 67156

Re: RB3011UiAS-RM

The hardware acceleration for ipsec is here
https://download2.mikrotik.com/news/news_88.pdf
by stormeporm
Sun Jan 20, 2019 2:09 am
Forum: General
Topic: dhcp en bridge vlan filtering
Replies: 5
Views: 1647

dhcp en bridge vlan filtering

I'm lost on the bridge vlan filtering and dhcp. I know how to to this with the switch chip but I wanted to try it with a bridge. I have 3 vlans. Zo I set up a bridge with all interfaces needed in it. Add vlans to the bridge and configure tagged and untagged ports. this al works different ports are i...
by stormeporm
Tue Jul 10, 2018 6:52 pm
Forum: General
Topic: Bridge VLAN Filtering
Replies: 22
Views: 17428

Re: Bridge VLAN Filtering

Is there any chance that the bridge vlan filtering with hardware offloading will be expanded to the devices that at this moment are capable of doing it in the switch chip like the crs, rb2011, rb3011? I was used to doing it in the switch chip then the new bridge thing came along and I to thought tha...
by stormeporm
Sun Sep 10, 2017 11:10 pm
Forum: General
Topic: Nat rule not working for internal network
Replies: 3
Views: 3564

Re: Nat rule not working for internal network

Thanx the hairpin nat was the info I needed it works now!
by stormeporm
Sun Sep 10, 2017 2:18 pm
Forum: General
Topic: Nat rule not working for internal network
Replies: 3
Views: 3564

Nat rule not working for internal network

I have server on a local ip address and a dstnat rule that forwards traffic from the wan to the local ip adres on a single port. chain=dstnat action=dst-nat to-addresses=192.168.69.10 to-ports=119 protocol=tcp dst-address=xx.xx.xx.xx dst-port=119 I can access it just fine on that port from the outsi...
by stormeporm
Wed Jan 25, 2017 6:23 pm
Forum: SwOS
Topic: filter out multicast
Replies: 10
Views: 14067

Re: filter out multicast

Guess like this cant test it.
/interface ethernet switch rule add ports=ether1 switch=switch1 dst-address=224.0.0.0/4 new-dst-ports=

You should check your switch en and port nr.
Let met know if it works.
by stormeporm
Tue May 03, 2016 3:26 pm
Forum: General
Topic: does mikrotik use multiple arp tables
Replies: 1
Views: 778

does mikrotik use multiple arp tables

I was wondering what happens if you have the same mac addresses on different vlans.
If mikrotik uses an arp table for each vlan it should all word fine but does it do that?
by stormeporm
Thu Apr 21, 2016 10:30 am
Forum: General
Topic: multiple wan adresses and dmz
Replies: 0
Views: 703

multiple wan adresses and dmz

I cant figure out how to do this properly I have multiple external ip addresses 1 (.177) is for my router and the other 5 are going to be used on my dmz for servers. I have xx.xx.xx.176/29 over adsl. I connect over ether1 with pppoe. The dmz is on ether2 with a switch connected. All servers use a st...
by stormeporm
Wed Feb 17, 2016 10:51 pm
Forum: General
Topic: Feature Request: shutdown script
Replies: 1
Views: 1877

Re: Feature Request: shutdown script

you could create a script that ends with a shutdown.
by stormeporm
Wed Feb 17, 2016 10:25 am
Forum: General
Topic: feature request ros 7
Replies: 3
Views: 1923

Re: feature request ros 7

I meant it as an visual change just to make the list of firewall rules shorter and more organized. I use the CLI a lot and when the list gets long its gets pretty annoying to find where a rule is. When I have this random list of firewall rules I would like to collapse the first 9 rules into one line...
by stormeporm
Tue Feb 16, 2016 11:45 pm
Forum: General
Topic: feature request ros 7
Replies: 3
Views: 1923

feature request ros 7

Could you add the possibility to create firewall filter sets? When I create a ssh brute force block set of rules to show them as 1 rule an add the possibility to watch inside the set and see the different rules this set is build on. It would make the firewall rule list a lot more organized and easie...
by stormeporm
Fri Aug 22, 2014 1:13 pm
Forum: RouterBOARD hardware
Topic: New product CRS 109
Replies: 48
Views: 19252

Re: New product CRS 109

Which switch chip is it using?
Wil it get the exact same features as the crs-125? This would be nice because I would like to play with the 125 but I don't need 24 ports. The 109 would be a nice test platform.
by stormeporm
Mon Jun 02, 2014 10:52 am
Forum: General
Topic: Trunking support
Replies: 6
Views: 2009

Re: Trunking support

Ok It worked with your old switch so you're shure the esxi part is configured correctly. And you want to connect your esxi machine to your mikrotik with one cable? And then divide the vlans over several ports on your mikrotik? Do you want to have inter vlan traffic, to be able to connect a server on...
by stormeporm
Mon Jun 02, 2014 10:36 am
Forum: General
Topic: RB2011UiAS-2HnD-IN
Replies: 7
Views: 4263

Re: RB2011UiAS-2HnD-IN

Thanks everybody for the information!
I didn't notice the "i" in the name.
by stormeporm
Fri May 23, 2014 2:33 pm
Forum: General
Topic: RB2011UiAS-2HnD-IN
Replies: 7
Views: 4263

RB2011UiAS-2HnD-IN

I noticed that the new RB2011UiAS-2HnD-IN has a poe out on port 10 these days.
But I cant find any information about it.
Is is passive poe?
Is it only available on the new RB2011UiAS-2HnD-IN or does the old one support it as well.
by stormeporm
Tue May 20, 2014 7:42 am
Forum: General
Topic: Trunking support
Replies: 6
Views: 2009

Re: Trunking support

I Would use the switch chip for what your doing. But what is it exactly what your trying to accomplish?
Do you want to team the 2 interfaces of esxi? Or do you want the traffic from esxi to the router and back to esxi?
by stormeporm
Mon May 19, 2014 9:59 am
Forum: General
Topic: where are the 3 cpu ports on the switch for on rb2011
Replies: 2
Views: 1217

Re: where are the 3 cpu ports on the switch for on rb2011

I've mailed mikrotik and they had some very detailed answers thanx for that mikrotik! > To get my wifi connected to the switch you need to connect a cpu port to > the switch. This port will be connected to the interface that is the master > interface on the switch. But there are 3 cpu ports to the s...
by stormeporm
Mon May 12, 2014 4:14 pm
Forum: General
Topic: where are the 3 cpu ports on the switch for on rb2011
Replies: 2
Views: 1217

where are the 3 cpu ports on the switch for on rb2011

I was changing my vlan setup to let the switch chip to do all the hard word instead of the cpu. This is working great but it left me with some questions. To get my wifi connected to the switch you need to connect a cpu port to the switch. This port will be connected to the interface that is the mast...
by stormeporm
Tue Dec 24, 2013 12:54 pm
Forum: RouterBOARD hardware
Topic: crs-125 dynamic mac based vlan
Replies: 1
Views: 1164

Re: crs-125 dynamic mac based vlan

Ok found it it was already in the examples :?
http://wiki.mikrotik.com/wiki/Manual:CR ... Based_VLAN
by stormeporm
Fri Dec 20, 2013 4:30 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G Performance Expectations
Replies: 5
Views: 2208

Re: CRS125-24G Performance Expectations

The rb2011 wich has the same cpu and memory can do a throughput of +- 270/250Mbit with firewall, not to many rules and NAT. This is not based on the official test so it might differ a bit this is from somebody with a 500/500 connection I know. Mikrotik used to have the throughput numbers on there pr...
by stormeporm
Fri Dec 20, 2013 4:12 pm
Forum: RouterBOARD hardware
Topic: crs-125 dynamic mac based vlan
Replies: 1
Views: 1164

crs-125 dynamic mac based vlan

Since the crs is a layer 3 switch is it possible to configure ports with dynamic mac based vlan? I want to be possible to connect certain known pc's in a different vlan when they plug in. But I don't know where they will plug in. That is where the dynamic part is useful. The known systems go in a di...
by stormeporm
Tue Oct 01, 2013 1:00 pm
Forum: General
Topic: vlan hopping and ingress filtering
Replies: 2
Views: 2592

Re: vlan hopping and ingress filtering

vlan hopping http://en.wikipedia.org/wiki/VLAN_hopping VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that wo...
by stormeporm
Wed Sep 25, 2013 2:35 pm
Forum: General
Topic: vlan hopping and ingress filtering
Replies: 2
Views: 2592

vlan hopping and ingress filtering

I was wondering is it possible to do vlan hopping on a mikrotik device. This is because I cant find any ingress filtering so it should be possible to double tag a packet. Is it also possible to vlan tag your packets over wifi? If the above is possible I'ts dangerous to use vlans on you mikrotik devi...
by stormeporm
Mon May 13, 2013 4:29 pm
Forum: Wireless Networking
Topic: Cant authenticate Groove A-2Hn-32??
Replies: 3
Views: 1933

Re: Cant authenticate Groove A-2Hn-32??

Ok it was just broken got a replacement
by stormeporm
Sun May 12, 2013 1:45 pm
Forum: Wireless Networking
Topic: Cant authenticate Groove A-2Hn-32??
Replies: 3
Views: 1933

Re: Cant authenticate Groove A-2Hn-32??

Nobody knows a way to check what is causing the problem?
by stormeporm
Fri May 03, 2013 11:11 am
Forum: Wireless Networking
Topic: Is mikrotik is secured ...
Replies: 14
Views: 4194

Re: Is mikrotik is secured ...

If your going to add ipsec dont do it with a pre shared key but use a certificate.
Ms chap is compromised
http://msmvps.com/blogs/harrywaldron/ar ... ccess.aspx
by stormeporm
Thu May 02, 2013 1:36 pm
Forum: Wireless Networking
Topic: Cant authenticate Groove A-2Hn-32??
Replies: 3
Views: 1933

Cant authenticate Groove A-2Hn-32??

I have a mikrotik Groove A-2Hn-32 with a 14db panel antenna on it. It has been working fine but suddenly I cant connect to it anymore. It just shows extensive data loss in the logs and I cant authenticate. So I reseted it did not help. updated the firmware nothing changed. I dropped all security but...
by stormeporm
Mon Feb 04, 2013 11:34 pm
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 11621

Re: Cant connect to internet with pppoe client

Ok this is really weird it just works now.
Ive changed nothing, ive just connected everything again and it now works.
Probably the reboots of modem and router did it.

So the lesson learned here is if pppoe is not working when your sure it should reboot everything and try again.
by stormeporm
Fri Jan 11, 2013 11:02 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 11621

Re: Cant connect to internet with pppoe client

Nobody knows whats wrong?
by stormeporm
Thu Jan 10, 2013 10:06 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 11621

Re: Cant connect to internet with pppoe client

Yes i can ping the internet when i do it from my router over the pppoe interface.
I cannot ping the internet when I do it from a computer. Its no dns problem pinging an ipmadres does not make any difference
by stormeporm
Thu Jan 10, 2013 12:00 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 11621

Re: Cant connect to internet with pppoe client

As you requested Firewall 0 ;;; Drop Invalid connections chain=input action=drop connection-state=invalid 1 ;;; Allow Established connections chain=input action=accept connection-state=established 2 ;;; Allow ICMP chain=input action=accept protocol=icmp 3 ;;; laat alleen verkeer van zakelijk netwerk...
by stormeporm
Wed Jan 09, 2013 12:42 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 11621

Re: Cant connect to internet with pppoe client

I've cleaned up my firewall rules see post below for current ones interfaces 0 sfp1-gateway ether 1500 1598 4074 1 ether1-trunk ether 1500 1598 4074 2 ether2 bedrijf ether 1500 1598 4074 3 ether3 ether 1500 1598 4074 4 ether4 ether 1500 1598 4074 5 R ether5 ether 1500 1598 4074 6 ether6-wan ether 15...
by stormeporm
Mon Jan 07, 2013 2:26 pm
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 11621

Re: Cant connect to internet with pppoe client

I will post my firewall rules tonight. It might be something in the firewall.
The firewall rules have not been changed since I it was working on dhcp as wan.
Accept changing the wan interface in my rules to the pppoe interface.
by stormeporm
Mon Jan 07, 2013 12:53 am
Forum: Beginner Basics
Topic: Cant connect to internet with pppoe client
Replies: 15
Views: 11621

Cant connect to internet with pppoe client

I have the following problem. I have set up my router with an pppoe client as wan. This works up to the point that it connects and I get an ipadres and a gateway. I've added the gateway to my default route. I've setup masquerading on the pppoe interface. But I cant use it to connect to the internet ...
by stormeporm
Fri Jan 04, 2013 2:20 pm
Forum: Beginner Basics
Topic: alias for a bunch of ipaddresses
Replies: 3
Views: 1857

Re: alias for a bunch of ipaddresses

thnx

I had been looking at it but I could not find a way to add multiple addresses to one list.
Is the correct way to do this add multiple addresses with the same addresslist name?

Like this
list1 - 192.168.1.1
list1 - 192.168.1.2
by stormeporm
Fri Jan 04, 2013 1:38 pm
Forum: Beginner Basics
Topic: alias for a bunch of ipaddresses
Replies: 3
Views: 1857

alias for a bunch of ipaddresses

In pfsense you can make groups of a lot of things by grouping them in an alias. I was wondering if routeros has a same feature.
I want to make a alias with the ipaddresses of my printers so I can make a single firewall rule to access them from different networks.
Is this possible?

Thanx in advance