Community discussions

Search found 137 matches

by toxicfusion
Wed Sep 25, 2019 6:53 am
Forum: Useful user articles
Topic: Wi-Fi for 2,600 users using a wAP-60Gx3-AP to eight wAP-60G Stations over an ~130º field of view
Replies: 3
Views: 1217

Re: Wi-Fi for 2,600 users using a wAP-60Gx3-AP to eight wAP-60G Stations over an ~130º field of view

This is great, also beautiful place!

Question: How was power supplied to the station units and the attached Xirrus radio's? Was there battery power being fed, or have AC outlet poles/extension cables ran to the exact placement of the Mikrotik w60 slave units?
by toxicfusion
Wed Sep 25, 2019 6:08 am
Forum: RouterBOARD hardware
Topic: PowerBOX Pro - 4 pair PoE IN
Replies: 10
Views: 1671

Re: PowerBOX Pro - 4 pair PoE IN

bump
by toxicfusion
Thu Sep 19, 2019 5:46 pm
Forum: RouterBOARD hardware
Topic: PowerBOX Pro - 4 pair PoE IN
Replies: 10
Views: 1671

Re: PowerBOX Pro - 4 pair PoE IN

I'm looking for answers as well. I emailed Mikrotik support, but not sure of answer..

Like to power the 'PowerBox Pro' with 4-pair POE input from a Netonix WISP Switch. 48HV.

Will this work, or smoke the device?
by toxicfusion
Wed Aug 21, 2019 9:01 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

Correct. Router (L3 GW) --> Core Switch (L3 CRS switch with all the VLANs) --> Access Switches (downstream L2 switches) --> Devices Core switch has all your VLANS and trunk down to access layer switch(s). Core switch has a single uplink port to your RB gateway device. --> Correct and yes a single u...
by toxicfusion
Thu Aug 15, 2019 5:21 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

@ksteink - thank you, again! I may consider your approach to a RB as the router for WAN outbound and termination point, and then a MT switch for inter-vlan traffic and rules. Assuming you're more of a core + access layer style network designs? From the MT CRS switch you do an IP route 0.0.0.0/0 to t...
by toxicfusion
Thu Aug 15, 2019 12:57 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

this wiki which was posted earlier was helpful: https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features amazing how MikroTik used best switch chips in prior RB1100ahx2 model, and for RB1100ahx4 (new) they used lesser vlan capable switch chip! Sigh.. . I loved the 1100ahx2 model, deployed many. Al...
by toxicfusion
Thu Aug 15, 2019 12:35 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

@ksteink WOW - awesome, thank you for such big break down and config examples. I appreciate this. Will inter-vlan routing work by 'default' when configuring the switch chip in this manner? Or will I need ip route rules? As in some cases, some of the vlans need to be able to reach each other, others ...
by toxicfusion
Wed Aug 14, 2019 7:16 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

So confusing as block diagram on RB3011 and RB4011 both show switch chips. RB3011 states ports 6-10 is 2Gb/s aggregated... but ports 1-5 show same 1Gb/s links to each CPU.. sigh. Also one is Realtek vs QCA. So just have to know which is 100% VLAN capable within switch chip itself and not using softw...
by toxicfusion
Wed Aug 14, 2019 7:05 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

@Sindy - Thank you, great explanations and break down! You're always great with laying it out. I do more of a collapsed core configuration for most SMB networks. Some clients require ipsec tunnel between offices. Other clients single location and I'll do EOIP tunnel to my NOC router to perform netwo...
by toxicfusion
Wed Aug 14, 2019 6:31 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

maybe Normis or another from MT and chime in to clarify... So if ALL software, it'll hammer or leverage the CPU... the RB4011 has ARM processor, so is it negated performance wise? Or is there sigificant performance boost in say RB3011 with the vlan aware switch chip ASIC (ASIC being faster than CPU?...
by toxicfusion
Wed Aug 14, 2019 5:05 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

block diagram shows HW acceleration... is this ONLY for IPSec, or this mean HW acceleration on ethernet for wirespeed? If so, perhaps the RB4011 is an upgrade path over RB2011. The switch chips used in the 4011 are not VLAN-aware and don't support hardware rules so if you need L2 traffic to be hard...
by toxicfusion
Tue Aug 13, 2019 10:32 pm
Forum: General
Topic: Ready Voucher 2.15 [SOLVED]
Replies: 6
Views: 1521

Re: Ready Voucher 2.15 [SOLVED]

There any firewall black lists? Perhaps need to add to walled garden (allowed) within hotspot setup?

What about after a reboot of router, issue still same?

Create a new service account (user + pass) to be used for the API auth with ReadyVoucher?
by toxicfusion
Tue Aug 13, 2019 9:56 pm
Forum: General
Topic: Ready Voucher 2.15 [SOLVED]
Replies: 6
Views: 1521

Re: Ready Voucher 2.15 [SOLVED]

This probably due to API change

speak with developer of ReadyVoucher
by toxicfusion
Tue Aug 13, 2019 9:37 pm
Forum: The User Manager
Topic: UserMan+Hotspot - The Most Buggy
Replies: 2
Views: 1121

Re: UserMan+Hotspot - The Most Buggy

It is buggy... But the vouchers work? lol. you can also manually create your radius users and assign. But once you set your profiles and do mass creation of vouchers(UserMan), I've had good luck.. I just ignore the webUI bugs. hopefully they fix. Otherwise, have to look for third party hotspot solut...
by toxicfusion
Tue Aug 13, 2019 9:24 pm
Forum: RouterBOARD hardware
Topic: RB4011 high, uneven CPU load and a crash.
Replies: 9
Views: 1659

Re: RB4011 high, uneven CPU load and a crash.

It might be the IPsec tunnel (HW Offload) with the type your using (Encryption type). Unsure if a bug and its loading up on single CPU core. I wouldnt worry if only single core being loaded up.
DH Group
SHA, MD5?
SHA-128, SHA-256?

What routerOS release? Try the 6.45 long term.
by toxicfusion
Tue Aug 13, 2019 6:49 pm
Forum: RouterBOARD hardware
Topic: RB4011 high, uneven CPU load and a crash.
Replies: 9
Views: 1659

Re: RB4011 high, uneven CPU load and a crash.

Interesting! Not to hijack, with PRTG you using? I like those graphs.

Do you have any ipsec tunnels? Are you using bridge vlan configuration? do your config export.... /export hide-sensitive
by toxicfusion
Tue Aug 13, 2019 5:49 pm
Forum: RouterBOARD hardware
Topic: RB US-LTE product - which is better?
Replies: 2
Views: 816

Re: RB US-LTE product - which is better?

Or wondering if should consider "RBLHGR&R11e-LTE-US" this dish antenna with the high 17db gain.... I can point toward cell tower location... cell coverage in this area is spotty in some area's due to city limited the addition and build of towers (beach side) Otherwise, with the RB912R-2nD-LT. device...
by toxicfusion
Tue Aug 13, 2019 5:24 pm
Forum: RouterBOARD hardware
Topic: RB US-LTE product - which is better?
Replies: 2
Views: 816

RB US-LTE product - which is better?

Questions: For USA-LTE-4G (mikrotik knows USA is 4G) I'm compairing two products. they appear to have the same 4G/LTE modem (R11e modem) RB912R-2nD-LTm&R11e-LTE-US and RBwAPR-2nD&R11e-LTE-US Second is same enclosure as the current outdoor wAP AC products. but has the R11e chip. questions: 1. which w...
by toxicfusion
Tue Aug 13, 2019 4:49 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

Re: vlan bridge (new way) HW offload and performance

By way - I see the RB4011 and RB1100ahx4 obviously share same ARM CPU, block diagram shows HW acceleration... is this ONLY for IPSec, or this mean HW acceleration on ethernet for wirespeed? If so, perhaps the RB4011 is an upgrade path over RB2011.
by toxicfusion
Tue Aug 13, 2019 4:41 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 22
Views: 3613

vlan bridge (new way) HW offload and performance

Hello, I know it has been mentioned here and also some snippets on the MikroTik Wiki.... Have some existing RB2011 out in field in production. I have a client (decent sized network, 4 attached switches) to the RB2011. Using RB2011 as router-on-stick, or functioning as collapsed core (RB2011 has all ...
by toxicfusion
Tue Jul 09, 2019 5:21 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro Poe Input
Replies: 2
Views: 556

PowerBox Pro Poe Input

Hello, Question - looking at documentation and datasheet. Can anyone confirm or deny if the PowerBox Pro can be Powered UP by 802.3af POE input? Looking to power up the Powerbox Pro with POE 802.3af input, and have it output the same voltage as applied to downstream devices attached to it. Otherwise...
by toxicfusion
Fri Jul 05, 2019 7:22 am
Forum: Wireless Networking
Topic: [ETA] new wireless driver?
Replies: 3
Views: 695

Re: [ETA] new wireless driver?

This is needed. All these new WAP/CAP products with the AC1200, AC1600, AC1800, AC2000 chipset.. But terrible 5Ghz performance. I fear its due to 6.0X RouterOS using older linux Kernel, thats limitation. Unless they backport the current drivers to the older kernel or they develop drivers in-house......
by toxicfusion
Fri Jul 05, 2019 6:58 am
Forum: Wireless Networking
Topic: Mikrotik WLAN & CAPsMAN - Bad download perfomance
Replies: 47
Views: 5498

Re: Mikrotik WLAN & CAPsMAN - Bad download perfomance

sigh... I"m experiencing the same exact issues and limitations! Using CAPsMAN as well with the WAPS. Very annoying. Love MikroTik - perhaps too much of a fanboy. But when UBT wireless kicks their ass... just hate their software and constant changes. But their cloud controller aspect is sweet - able ...
by toxicfusion
Fri Jul 05, 2019 2:49 am
Forum: Wireless Networking
Topic: CAPsMAN bandwidth problem
Replies: 1
Views: 337

Re: CAPsMAN bandwidth problem

I was having similar issues..... Hope someone has some answers as been crickets! With "Local Forwarding" performance is OK and close to wire speeds with AC (depending on AP). I'm finding the CAP AC's to perform worse than the wAP AC's. (different wireless chipset). But with "Client to Client forward...
by toxicfusion
Wed Jul 03, 2019 9:51 pm
Forum: Wireless Networking
Topic: CAPsMAN - config gripes and questions
Replies: 2
Views: 362

Re: CAPsMAN - config gripes and questions

I have a client about to send all these AP's back... Perhaps theres TOO many configuration options?!... makes want to just use Ubiq***... sigh. WTF, I'm losing patience and faith. Do I enable both local forwarding && client to client?? Or just local forwarding? Appears when I do not specify vlan in ...
by toxicfusion
Wed Jul 03, 2019 7:20 pm
Forum: Wireless Networking
Topic: CAPsMAN - config gripes and questions
Replies: 2
Views: 362

Re: CAPsMAN - config gripes and questions

little update: Disabled Caps manager on router, then removed all the CAP interfaces. Originally when the cAPS joined they were in red, I went and created copies and manually named the interfaces based on 2ghz or 5ghz "xxAP-2Ghz" "xxAP-5Ghz", and then copied again for the slave interface. But after r...
by toxicfusion
Wed Jul 03, 2019 6:22 pm
Forum: Wireless Networking
Topic: CAPsMAN - config gripes and questions
Replies: 2
Views: 362

CAPsMAN - config gripes and questions

Hello, Looking for explicit answers to CAPSMAN configuration for 'datapath' config. What is difference of 'local forwarding' and 'client to client forwarding'? The information on articles all contradict themselves. is client to client the same as 'default forwarding' on the ssid? Also having issues ...
by toxicfusion
Mon Jul 01, 2019 6:35 am
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

Ok fixed.. I was overthinking it. Considering the ether1 interface is 'untagged' and the native vlan on the network, I can tag the SSID with vlan via capsman config.

I reset the AP's and select CAP mode, then all is good. All AP's are now provisioned via CAPsMan

Thanks!
by toxicfusion
Sun Jun 30, 2019 9:25 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

all three(3) CAPS appear to connect with "CAP-764D285B8904" for name & common name. I prob have config issue. Realized I had a mgmt SSID (hidden SSID) on all the AP's, but the .rsc file had the same mad address specified. I just went and removed the virtual interface from all the AP's. Do I need to ...
by toxicfusion
Sun Jun 30, 2019 9:10 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

Ok, have two(2) access points connected to CAPSMAN Controller. The 3rd will not connect, or keeps dropping off due to 'ident conflict'. Mac Addresses are different. However, the WLAN interfaces appear to be identical to that of the bridged interface they're associated with...?? did /interface ethern...
by toxicfusion
Sun Jun 30, 2019 8:33 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

Gotcha. Found the AP that was causing a loop/conflict. Mac address burned are so close :88:8E and 84:8E. But believe a config made them both the same. Removed AP, and all is fine. However, using vlan-bridge and vlan tagging. Dont the CAP AP's need to have their bridge interface configured and vlans ...
by toxicfusion
Sun Jun 30, 2019 6:24 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

I just did wireless reset on two of the AP's and now DHCP server on main router is going crazy, as if the eth1 interface is suddenly flapping and handing out address over and over and complaining of conflict or loop. I may roll back the CCR to 'long term' build, as thought was bug with release and u...
by toxicfusion
Sun Jun 30, 2019 6:07 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

Have you restored configuration from another device, that you get mac conflict? If yes please you need to do MAC reset of interface Thanks, I will try this again. I tried the reset command, but the MAC stayed the same? "/interface wireless reset-configuration <wireless interface>" Is this the wrong...
by toxicfusion
Sun Jun 30, 2019 5:00 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

What about the issue of the certificate error as well as 'removing stale connection' which happens constantly when not using certificate.
by toxicfusion
Sun Jun 30, 2019 7:07 am
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

Sigh.. CAPs will join when I do 'none' for certificate. But this is not secure.

More problem, the cAPS keep dropping off. See screenshot
Screen Shot 2019-06-30 at 12.05.57 AM.png
by toxicfusion
Sun Jun 30, 2019 6:46 am
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

Re: CAPSman - only single CAP will connect

Update: Just noticed two(2) of the CAP Ap's have the same MAC address configured or displaying for wlans. Howd this happen? When the .rsc file used does not have any mac="" specified... Further, these were brand new CAP AC's and I did reset routerboard with no-configuration save and no-default-confi...
by toxicfusion
Sun Jun 30, 2019 6:11 am
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1471

CAPSman - only single CAP will connect

Hi, Have CapsMan on CCR1009-8S-1S router.... fine. new Mikrotik CAP AC units. Only a single CAP AC will connect. All other CAPS error out "Request certificate, but failed to issue: a valid certificate with the same common name already exists!" Why is this? The CAPS are generating the same certificat...
by toxicfusion
Tue Mar 26, 2019 9:39 pm
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 394

Re: wAP vlan bridge issue

vlan10 on trunk port is set as native. switchport trunk native, rest are tagged.

yes, switches, core are all on vlan10 subnet - no mgmt (yet). Its relatively small network here in contrast. Didnt feel need to further complicate it by adding mgmt vlan
by toxicfusion
Tue Mar 26, 2019 1:41 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 394

Re: wAP vlan bridge issue

haha.. wow - smh! I was exhausted other night when I connected this WAP. The switchport it was connected to was WRONG. config was correct, but port on switch was also correct, but i had it in wrong port. as the switch numbering was not (1up, 2up) etc. normally 1-24 are top, 25-48 below. all good! phew
by toxicfusion
Tue Mar 26, 2019 1:20 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 394

Re: wAP vlan bridge issue

@anav. - help me before like you did before with suggestions? I'm 100% baffled here... MikrotTik core router is working fine with bridge vlan filtering and the tagged/untagged. Unifi AP's with SSID vlan tag assignment is working fine as well for the various SSID's. But on the MikroTik WAP AC - is NO...
by toxicfusion
Sun Mar 24, 2019 12:05 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 394

wAP vlan bridge issue

Hello, I am using the new VLAN method when configuring an wAP ac. Setup is essentially same as the MikroTik router (which is working). I have mikrotik router with interface ports acting as trunk ports (vlan10 is untagged), and to downstream switches. Those switches are working. Also have older Ubiqu...
by toxicfusion
Wed Mar 13, 2019 4:19 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

Awesome, Looking forward to seeing an RB2011 "WORKING" config with the vlans!! Cheers. hey anav! Success.. "/interface bridge add name=all-vlan-bridge vlan-filtering=yes add admin-mac= auto-mac=no fast-forward=no name=bridge-local /interface ethernet set [ find default-name=ether1 ] comment="TRNK t...
by toxicfusion
Wed Mar 06, 2019 4:40 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

question: Will inter-vlan routing work since all vlans are within the single bridge? I will need inter-vlan, and then can create firewall rules to block some traffic as needed. When within the same bridge or not on the same bridge, the answer is NO at layer 2, YES at layer IF, you make the proper f...
by toxicfusion
Wed Mar 06, 2019 4:38 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

anav - which working config would you like? I had it on a HEX & PowerBox Pro for a small campground, trunk ports back to a L3 switch. The 'unorthodox' method I did way back when I was naive and still learning the 'new way'. Which after grasping it... is much cleaner.. This new config I'm working on ...
by toxicfusion
Wed Mar 06, 2019 4:06 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

In the meantime it never hurts to go back to some decent references and this is the best.................. Pick the example which fits closest to your scenario (Router-Switch-AP (all in one)) https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Appreciated! I did a similar setup ~6+ months ago wi...
by toxicfusion
Wed Mar 06, 2019 4:05 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

question:

Will inter-vlan routing work since all vlans are within the single bridge? I will need inter-vlan, and then can create firewall rules to block some traffic as needed.
by toxicfusion
Wed Mar 06, 2019 3:58 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

toxic, Look at my last config, I kept the bridge pvid at default ie 1 Yes. bridge itself has vlan filtering The bridge ports that are trunk cannot have pvid assigments its only for incoming untagged traffic that needs to be tagged. hence wlan1, wlan2 and eth3 Give that a try. If it doesnt work then...
by toxicfusion
Wed Mar 06, 2019 12:25 am
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

Basics, Trunk ports do not get pvid Access ports get pvid Your eth3 I thought was going to a managed switch first...........thus also a trunk port. BUT now I see its going to an un-managed switch....... You also dont mention an access point but have guest wifi now added as well??? Thanks for reply ...
by toxicfusion
Wed Mar 06, 2019 12:14 am
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

do i set the bridge port to pvid=10, along with the individual ports within the bridge to make untagged traffic the default native vlan? such as: /interface bridge add name=bridge-all-vlans vlan-filtering=yes pvid=10 /interface bridge port add bridge=bridge-all-vlans interface=ether1 pvid=10 add bri...
by toxicfusion
Tue Mar 05, 2019 10:45 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

reading on prior posts. I believe PVID=ID is equivelant to cisco switch trunk native (which sets vlan as access/untagged). Here is maybe more simple config (taken from prior post). Modified for my usage: /interface bridge add name=bridge-all-vlans vlan-filtering=yes pvid=1 /interface bridge port add...
by toxicfusion
Tue Mar 05, 2019 10:22 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

Device is an RB2011-uas-in, perhaps better if I just use built in switch-chip functionality??

I'm just so use to creating bridges, adding interfaces and the vlans be within the bridge interface so those packets are untagged. As creating bridge use to by default untag.
by toxicfusion
Tue Mar 05, 2019 10:07 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

Re: bridge vlan sanity [SOLVED]

Thanks! pvid=10 is default data vlan (untagged traffic, data lan) This is set for the cisco SG series switch as well (pvid=10), ports vlan10=untagged, all other vlans=tagged on switch. switch port going to mikrotik will untagged vlan10, and rest tagged. I was reading documentation on wiki. That I ca...
by toxicfusion
Tue Mar 05, 2019 9:18 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 739

bridge vlan sanity [SOLVED]

Hey there, Just looking for some clarity on my brain fog when it comes to the new vlan method within bridge vlan. Historically, I would just create multiple vlan entries and rename them, and associate to interfaces. Topology > Mikrotik Router >> Cisco Switch(s) Mikrotik eth1 >> Sw1. (10,20,40,99) Mi...
by toxicfusion
Sat Mar 02, 2019 6:00 am
Forum: General
Topic: RB1100x4 not accessible!
Replies: 9
Views: 466

Re: RB1100x4 not accessible!

That was my mindset, I had 1100x2 locally. this was an x4. I was prepping to overnight a new one and re-config with config backups Howevr.. HUZZAH.. I was teamviewered to laptop, worked with client and set a local gateway - as was dual homed... then was able to netboot and re-install. Old config was...
by toxicfusion
Sat Mar 02, 2019 5:30 am
Forum: General
Topic: RB1100x4 not accessible!
Replies: 9
Views: 466

Re: RB1100x4 not accessible!

not good. NetInstall not detecting router on boot. Power cycled with reset held, did for 15-seconds. USR LED was off and port 13 came active and had activity. NetInstall did not show router, and then shortly after -timeout the routerboard rebooted. Then no activity. Cause? Or will I need to resort t...
by toxicfusion
Sat Mar 02, 2019 4:27 am
Forum: General
Topic: RB1100x4 not accessible!
Replies: 9
Views: 466

Re: RB1100x4 not accessible!

Central NY - upstate..
by toxicfusion
Sat Mar 02, 2019 3:42 am
Forum: General
Topic: RB1100x4 not accessible!
Replies: 9
Views: 466

Re: RB1100x4 not accessible!

Update: client reporting no activity lights on any of the ethernet ports on mikrotik router. I be able to open it up and perform reset, boot it and restore from saved backup file? I wonder if it blew up and uninstall actually removed perhaps I can get into it via another internet connection/wireless...
by toxicfusion
Sat Mar 02, 2019 3:29 am
Forum: General
Topic: RB1100x4 not accessible!
Replies: 9
Views: 466

Re: RB1100x4 not accessible!

PS: never have encountered such issue with as many routerboards & for as many years I've been working with MikroTik :(

Hopefully someone has some tips or ideas as to what happened.
by toxicfusion
Sat Mar 02, 2019 3:23 am
Forum: General
Topic: RB1100x4 not accessible!
Replies: 9
Views: 466

RB1100x4 not accessible!

Hello, Was remotely working on client that is 1,200 miles away.... RB1100ahx4 router. Has TheDude installed. Suddenly ran out of disk space.. Got logged in, was unable to delete files. had highlighted TheDude package and Clicked 'Uninstall'. Showed was scheduled for removal. Hope it wasnt removing R...
by toxicfusion
Tue Sep 04, 2018 6:39 pm
Forum: General
Topic: remotely manage MT's
Replies: 4
Views: 730

Re: remotely manage MT's

Thanks! Unfortunately, Not operating as an ISP or WISP at moment. CPE's I consider are more so managed routers I provide to clients (MT's I config and install for clients for their offices). Be nice if I was full on routed network for them (providing them Internet access) and I would 100% use MikroT...
by toxicfusion
Fri Aug 31, 2018 6:10 pm
Forum: General
Topic: remotely manage MT's
Replies: 4
Views: 730

Re: remotely manage MT's

bump
by toxicfusion
Thu Aug 30, 2018 3:19 pm
Forum: General
Topic: Hotspot Problem with iOS
Replies: 3
Views: 657

Re: Hotspot Problem with iOS

Most likely issue within the iPhone safari settings for tracking cookie / protection. Same with safari web browser on Mac OSX
by toxicfusion
Wed Aug 29, 2018 11:30 pm
Forum: General
Topic: remotely manage MT's
Replies: 4
Views: 730

remotely manage MT's

Looking for general idea's how others are managing their customers MikroTik devices. Either as a CPE device or a managed router I'm looking to setup a "jump box" central management server that has winbox, dude client as well as Radius. Then be seperate MikroTik CHR virtual machine. -Windows Server 2...
by toxicfusion
Wed Aug 29, 2018 9:06 pm
Forum: General
Topic: Hotspot with userman & auth settings
Replies: 0
Views: 294

Hotspot with userman & auth settings

Hey there, After many hours of working with MikroTIk hotspot and having user gripes.. Primarily ANDROID devices... Noticed that it is all within the configuration aspect. This is undocumented items.. At first i ONLY had: hotspot server Login configured with "Http Chap, cookie". This caused issues au...
by toxicfusion
Tue Aug 28, 2018 3:21 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

When configuring WiFi interfaces as VLAN tagged, you need to do configuration like this: # enable VLAN tagging on wlan interfaces ... all physical as well as virtual. VLAN IDs can be different on every wlan interface. # The commands below go on top of "regular" WiFi configuration. /interface wirele...
by toxicfusion
Tue Aug 28, 2018 4:46 am
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

last question - looking for tips or suggestions. Thinking about buying the MikroTik mANTbox 12s (2.4ghz 120* setor) setup as AP Bridge. This to replace an OLD engenius 2.4ghz N radio..... Would the vlan tagging be the same when associating to SSID's? As will need to associate / include the SSID & vl...
by toxicfusion
Tue Aug 28, 2018 4:23 am
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

Ok Cool.. I want to thank you all for your help. I was able to regain access to the Hex S device and reconfigure, along with the PowerBox Pro.. Caveat or bug in 6.41.3 (hex S). I tried to do PVID=1 on the /interface bridge all-vlan-bridge (as in example #1 provided by Sindy). I was not able to acces...
by toxicfusion
Mon Aug 27, 2018 11:48 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

When i config'd the device I created a new bridge. was /interface bridge name=vlan_master and under vlan_master ports, i had tagged=eth1, eth2, eth3, eth4, untagged=eth5 after your advice, i added 'vlan_master' to list of tagged members. broke when i removed PVID=10 to PVID=1 on the vlan_master brid...
by toxicfusion
Mon Aug 27, 2018 11:21 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

device IP is 192.168.128.251/24 (vlan 10 is subnet 192.168.128.0/24) secondary IP would be 192.168.88.251/24 which is vlan 88 /ip address=192.168.128.251/24 interface=all-vlan-bridge /ip address=192.168.88.251/24 interface=vlan-mgmt @Sindy - I will work to do regular bridging method as you have desc...
by toxicfusion
Mon Aug 27, 2018 10:55 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

Well, bridge can be a bit confusing due to it's twin personality I already described in one of my previous posts. So, if bridge is declared untagged (by setting PVID), then it's the interface personality of bridge that acts as untagged, while switch-like personality of bridge still carries those pa...
by toxicfusion
Mon Aug 27, 2018 9:16 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

I will add back PVID=10 to the all-vlan-bridge interface and correct the /bridge vlan settings. Will this effect the eth1 being a trunk port? Considering its going to untag vlan 10 on ingress? What about vlan 10 traffic egress, that'll re-tag and so the upstream Cisco will ingest it back as tagged t...
by toxicfusion
Mon Aug 27, 2018 9:12 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

All the VLANs on one line must have the identical tagged/untagged settings for all ports, and all member ports of the same VLAN must be on a single line. Which means that each VLAN with at least one untagged (access) port must have its own line. Hence two lines, one listing all the VLANs which have ...
by toxicfusion
Mon Aug 27, 2018 8:37 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

default route...


route all back to core switch IP or should I just route all to default IP of the Mikrotik RB1100 router?

ip route 0.0.0.0/24 to IP ADDR of router?
by toxicfusion
Mon Aug 27, 2018 8:33 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

Thanks Sindy! This is pretty much what I will have after fact. my missing component was I forgot (was naive to it) to have the vlan_master bridge interface set as tagged question: /interface bridge vlan add bridge=all-vlan-bridge vlan-ids=10 tagged=all-vlan-bridge,ether1,ether2 untagged=ether5 add b...
by toxicfusion
Mon Aug 27, 2018 8:12 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

Will get drawing real quick. Waiting on client to get laptop and connect (swap with phone) and see If I can regain access to this Hex S device here is quick topology: RB1100AHX4 (core) >> Cisco POE switch (SW01) >> HEX S >> MT PowerBox. >> AP RB1100AHX eth12 & 13 > trnk (bond lacp). vlans 10,20,40,6...
by toxicfusion
Mon Aug 27, 2018 7:54 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

so for configuration sake it appears I need following: /interface bridge vlan_master add all my physical interfaces that need to be tagged, as tagged ports add vlan_master bridge as tagged member add untagged port that will be access port add the list of VLAN ID's.. within /bridge ports add PVID=10 ...
by toxicfusion
Mon Aug 27, 2018 7:49 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

Mac-server is available - i used mac address to connect prior when I was onsite and locked myself out before. Switch is not showing within winbox as mac neighbor. I'll need client to go with laptop and unplug the phone (this is in port) and connect laptop via ethernet cable (just swapping with phone...
by toxicfusion
Mon Aug 27, 2018 7:25 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

Thank you... Wish I seen this a moment ago. I took remote connection to client computer and gained access to the Hex S Added the vlan_bridge interface to the /bridge vlan > tagged port. Was still able to ping and it dynamically displayed as tagged ports. I waited a minute as device was still accessi...
by toxicfusion
Mon Aug 27, 2018 6:46 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

@xvo Thank you for input. These MikroTik devices are really acting as switches -- they're hanging off a Cisco switch (upstream) and the core router is an RB1100ahx4.. So is my entire issue because I never added this master bridge interface to the list of interfaces that need to be set to tagged unde...
by toxicfusion
Mon Aug 27, 2018 6:23 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

also since I'm specifying VLAN ID's under the bridge vlan setup. Do I still need to create /interface vlan(s) and pop them under a bridge interface or physical?
by toxicfusion
Mon Aug 27, 2018 6:17 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

So just to clarify: I have a single bridge that contains the VLAN ID's (listed) and then I'm specifying the ports to be tagged, and the ports to be untagged. For the specified 'untagged' ports. I also under vlan > ports > I give it a PVID. And further clarification sake (I think this is my issue). I...
by toxicfusion
Sat Aug 25, 2018 6:08 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

soooooo...... did I totally only miss one(1) setting this entire time? I did NOT add the "master vlan_bridge" interface to the bridge >> ports >> vlan as interface to be tagged... is that entire issue?! As I only added the individual physical interfaces to the list of interfaces to be tagged. Then F...
by toxicfusion
Sat Aug 25, 2018 6:01 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

Client/friend is most likely going to return the PowerBox Pro and the Hex S and I'll install Netonix Switches.. due to odd POE requirements. switch in middle (hex X) was required as it accepted POE input (48dc), and outputted on port5 48dc - as there was a VOIP phone connected going into a camper/ca...
by toxicfusion
Sat Aug 25, 2018 5:55 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

Re: bridge vlan setup (new way) [SOLVED]

Thanks for input When I configured bridge >> Vlans >> and Vlan >> ports the bridge I added PVID and enabled vlan-filtering... I had vlan-id's listed all throughout the bridge interface and specfied which ports are tagged and specified the one port that was to be untagged. Further, on the port that w...
by toxicfusion
Sat Aug 25, 2018 5:17 am
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21306

bridge vlan setup (new way) [SOLVED]

Hey there, Since routerOS 6.41 - implementation of new vlan methodology. Took me awhile to wrap my head around the idea of it.. I think i understand. But upon me implementing it ad-hoc for a new customer of mine... Im struggling. Anyone help? As it made me look like a fool configuring a Mikrotik Pow...
by toxicfusion
Wed Aug 22, 2018 7:16 am
Forum: General
Topic: routeros hacked again
Replies: 17
Views: 3060

Re: routeros hacked again

Thank you for reply. I know the general security rule of thumb - to not allow winbox open to web. TO lock it down to a management ISP (IP) or use Radius + AAA, etc. But issue is when I'm on road, or no office with a static IP to have a strict winbox allow whitelist on WAN interface.. I'm small consu...
by toxicfusion
Wed Aug 22, 2018 6:43 am
Forum: General
Topic: routeros hacked again
Replies: 17
Views: 3060

Re: routeros hacked again

I will echo these statements. Just had devices with 6.40' & 6.42 hacked. 8291 open to interwebz, but locked with secure password... i guess I need to use longer than 12. sigh one of the hacked routers; the person setup web proxy rules and caused havok on network - causing machines to redirect and se...
by toxicfusion
Tue Jun 19, 2018 9:05 pm
Forum: Wireless Networking
Topic: MikroTik for RV Park
Replies: 0
Views: 394

MikroTik for RV Park

Hello, Looking to revamp a RV Park / Campground and their wifi. Reading nv2 has had much needed improvements since ROS release 6.42... Promising! Debating either to utilize all MikroTik products in this build, or goto Ubiquiti... I'm leaning more towards MikroTik as I can do hotspot + the dude and a...
by toxicfusion
Fri Dec 08, 2017 4:36 pm
Forum: Virtualization
Topic: CHR and use OpenVPN Server setup
Replies: 1
Views: 815

CHR and use OpenVPN Server setup

Hello, Curious, has anyone successfully hosted CHR and configured it as a OpenVPN Server VPN concentrator? I'd like to spin up a new CHR instance and it ONLY do OpenVPN (I can install purchased SSL cert). Like to do hosted VPN for clients of mine. Need to work as such: Client local SSL VPN >> intern...
by toxicfusion
Wed Apr 19, 2017 5:06 pm
Forum: Announcements
Topic: MUM Europe 2017 Live!
Replies: 64
Views: 12554

Re: MUM Europe 2017 Live!

Understood! No known issue's with the ARM cpus for the reordering? As ARM CPU is also in the RB3011

Be nice to also see a RB1100 series with SFP slots, or another CCR device with same ARM CPU and SFP's!
by toxicfusion
Tue Apr 18, 2017 5:31 pm
Forum: Announcements
Topic: MUM Europe 2017 Live!
Replies: 64
Views: 12554

Re: MUM Europe 2017 Live!

MikroTik showing some product love! I'm in love :) Love the new CRS328-24P-4S+RM Also refreshed classic RB1100ah -- x4! This is very awesome news. Question: I know since latest release, the IPSEC re-ordering has been fixed. Will this new X4 device with the new CPU chip be effected or uneffected -- a...
by toxicfusion
Thu Apr 06, 2017 5:50 pm
Forum: General
Topic: 50% bandwidth loss RB2011UiAS
Replies: 18
Views: 2193

Re: 50% bandwidth loss RB2011UiAS

for your "chain=input action=drop in-interface=ether1 log=yes log-prefix="DROP"

do not log this. eats up flash cycles / memory. Just my personal preference.

No need to run btest. try running www.speedtest.net
by toxicfusion
Wed Apr 05, 2017 6:51 pm
Forum: General
Topic: Mikrotik ROS7 or earlier BGP routing protocol
Replies: 4
Views: 651

Re: Mikrotik ROS7 or earlier BGP routing protocol

I presume for ROS7, as that's been spoke of and quite the unicorn for awhile?

I see recently there is a fix for Ipsec re-ordering on the CCR devices as well? 2017 be quite the year!
by toxicfusion
Wed Apr 05, 2017 6:41 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 106125

Re: Blacklist Filter update script

I just went ahead and downloaded your script and applied to one of my MikroTiks for testing. So far so good! I'll roll this out to my client devices very soon, added security is always welcomed.

Thanks for a great contribution!
by toxicfusion
Wed Apr 05, 2017 6:01 pm
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12232

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

Is this 6.38.5 and above only? Or does this also work on 6.37.5?

I'd also like to know this as well.....

Does this explicitly effect devices running 6.38.5 and above. Or would it apply to all devices running 6.38.5 and below?
by toxicfusion
Wed Apr 05, 2017 6:00 pm
Forum: General
Topic: 50% bandwidth loss RB2011UiAS
Replies: 18
Views: 2193

Re: 50% bandwidth loss RB2011UiAS

Do you have a drop all input rule?? Please create (Security reasons). Create your required DST-NAT rules beforehand. Furthermore, be sure have filter rule: (This to allow local LAN traffic) chain=forward action=accept src-address=172.16.33.0/24 I have numerous RB2011 out in production in the wild, n...
by toxicfusion
Wed Apr 05, 2017 5:37 pm
Forum: General
Topic: Mikrotik ROS7 or earlier BGP routing protocol
Replies: 4
Views: 651

Re: Mikrotik ROS7 or earlier BGP routing protocol

FRRouting was born or forked from prior developers of the Quagga team. They're currently implementing Multi core/threading.
by toxicfusion
Tue Apr 04, 2017 7:39 pm
Forum: General
Topic: Mikrotik ROS7 or earlier BGP routing protocol
Replies: 4
Views: 651

Mikrotik ROS7 or earlier BGP routing protocol

So I thought I would share this as a personal suggestion or a thought towards MikroTIK team. We all are aware of the BGP issues with the Cloud Core Routers (Single core performance) and other oddities. Would MikroTIK be interested in integrating with "FRRouting" https://frrouting.org/ I think this w...
by toxicfusion
Fri Feb 17, 2017 3:44 am
Forum: Virtualization
Topic: CHR on Linode - Any Pointers - Not booting
Replies: 3
Views: 835

Re: CHR on Linode - Any Pointers - Not booting

Glad I could help! Enjoy. Linode is great, used for years :)
by toxicfusion
Thu Feb 16, 2017 10:23 pm
Forum: RouterBOARD hardware
Topic: CSS326-24G-2S+RM benchmark on the routerboard.com
Replies: 5
Views: 1892

Re: CSS326-24G-2S+RM benchmark on the routerboard.com

Shout out to MIkroTik for suggestion: Why not get some White box switches (brocade silicon) and use MirkoTik SWOS ontop? use the ONIE boot/installer.... It makes me question! As some GREAT white box hardware out there. I would drool over MikroTik taking some whitebox switching hardware and making it...
by toxicfusion
Thu Feb 16, 2017 10:21 pm
Forum: RouterBOARD hardware
Topic: CSS326-24G-2S+RM benchmark on the routerboard.com
Replies: 5
Views: 1892

Re: CSS326-24G-2S+RM benchmark on the routerboard.com

I was looking to purchase this switch... what are the hardware specs?

Instead - I just picked up a used Quanta LB4m 48port (inc. 2 - 10Gbe SPF+ ports)....

I really want to use MikroTik SwOS -- howevever, without true LACP, I cannot. So for now it'll be MikroTik Routers and quanta switches.
by toxicfusion
Thu Feb 16, 2017 8:14 pm
Forum: Virtualization
Topic: CHR on Linode - Any Pointers - Not booting
Replies: 3
Views: 835

Re: CHR on Linode - Any Pointers - Not booting

Have to setup the Instance for Full-virtualization and not paravirtualization Boot Settings: Direct Disk Boot into recovery disk. And will have to download the .img file and then extract it to disk. example: sudo gunzip -c myversion.img | sudo dd of=/dev/sdb bs=1m Replace /dev/sdb with your actual d...
by toxicfusion
Thu Dec 08, 2016 6:24 pm
Forum: General
Topic: No audio on sip calls over VPN
Replies: 8
Views: 3131

Re: No audio on sip calls over VPN

You probably need to add the other subnet to your PBX to allow SIP traffic (on PBX side)

Your firewall rules should be fine if your're able to pass traffic over tunnel

Why not use site to site ipsec VPN?
by toxicfusion
Thu Dec 08, 2016 6:21 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2721

Re: input drop all rule - moved by accident!!

Thanks everyone!

Noted about the baud rate needing to be 115200...

Customer is all set, connected using MAC address method within Winbox

NOTE: we do provide them fiber to their office, however I have telnet service disabled on the customer MikroTiks

I'll keep this in mind for future though!!
by toxicfusion
Wed Dec 07, 2016 7:33 pm
Forum: General
Topic: RouterOS DHCP and windows clients
Replies: 7
Views: 1046

Re: RouterOS DHCP and windows clients

Do you have a switch connected to router and devices connected to said switch?

I've had this issue with MAC & windows PC -- was a switch and the POE autonegotiate issue, took longer for link to establish and acquire the IP address. Was even happening with Fortigate router.
by toxicfusion
Wed Dec 07, 2016 7:23 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2721

Re: input drop all rule - moved by accident!!

update: I just tested this scenario with a spare mikrotik i have in the office. Winbox worked perfectly using mac address, didnt even need to configure an IP on the laptop NIC interface. However, I tried a tripp-lite USB to Rj45 console cable -- this doesnt appear to work for console? Nothing displa...
by toxicfusion
Wed Dec 07, 2016 7:00 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2721

Re: input drop all rule - moved by accident!!

You guys were on fire today replying to post ;). Appreciated!
by toxicfusion
Wed Dec 07, 2016 6:43 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2721

Re: input drop all rule - moved by accident!!

safe mode is avalaible after you connect to a site. top left.
Correct - which I use when I make config changes. Just waiting for feature request to be added to winbox for 'connect with safemode'

Will let you guys know if i'm able to regain access
by toxicfusion
Wed Dec 07, 2016 6:39 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2721

Re: input drop all rule - moved by accident!!

Thanks guys! I'm aware of the Winbox MAC connect (Neighbor) This was my first guess to access the device, but was uncertain if it would 100% bypass the firewall filter rules. I have a cisco style rj45 console cable. Will go onsite and make it happen. FYI: I'm using Winbox version 3.7 -- there is no ...
by toxicfusion
Wed Dec 07, 2016 6:26 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2721

Re: input drop all rule - moved by accident!!

access via console... its a RB2011 device

There is a Mini USB port in front, can connect with mini-usb and use terminal?

Idea's?
by toxicfusion
Wed Dec 07, 2016 6:24 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2721

Re: input drop all rule - moved by accident!!

Absolutely love safe mode. However, unfortunately by default winbox does not connect via safe mode When i make any config changes, I'll enable safe mode prior to changes. However, it was one of those -- let me watch some VOIP traffic and look over my firewall rules. As last night I made some rule ch...
by toxicfusion
Wed Dec 07, 2016 6:13 pm
Forum: General
Topic: input drop all rule - moved by accident!!
Replies: 18
Views: 2721

input drop all rule - moved by accident!!

Hey there, I was in a customer router (Winbox) monitoring traffic and doing a review of the firewall rules.... SOMEHOW, when I was ready to close the firewall window -- the filter input = drop all rule, got moved to top of list. I realized this and tried to move it back below the filter accept rules...
by toxicfusion
Wed Aug 10, 2016 6:49 pm
Forum: Scripting
Topic: WAN failover script help
Replies: 2
Views: 714

Re: WAN failover script help

Hi Chris thanks for reply. At first was by design for masquerade out ether10-gateway. During testing, I removed the 'out interface' so would masquerade out any interface -- i could still ping websites from both WAN interfaces (ether9 & ether10). But trying to visit websites from ether9 route wouldnt...
by toxicfusion
Wed Aug 10, 2016 4:51 pm
Forum: Scripting
Topic: WAN failover script help
Replies: 2
Views: 714

WAN failover script help

Hey everyone So I'm growing very angry and upset, all emotions. Having issues with a WAN failover setup/script for a customer. It's making me look like an IDIOT and fool. So many confusing options and scripts. Nearly none of them work. As people post about them and all have issues? I guess I'm looki...
by toxicfusion
Thu Jul 14, 2016 11:45 pm
Forum: Virtualization
Topic: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues
Replies: 10
Views: 6706

Re: CHR + Hyper-V + Virtual Nic in Trunk Mode = VLAN issues

Not sure if similar issue for me I have CHR installed on a VPS provider that allows 'internal private network'  CHR instance has private network interface IP I have 3 other VM's with private network, along with eth interfaces configured. I have IPSEC vpn tunnel setup on CHR  and it terminates back t...
by toxicfusion
Wed Jul 06, 2016 9:19 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188256

Re: Cloud Hosted Router

If you are interested IN CHR on OVH VPS SSD, here you go: 1. Install any linux distro 2. From OVH control panel boot VPS to rescue mode 3. Type the magic from below :) : cd /root curl -O http://download2.mikrotik.com/routeros/6.35.2/chr-6.35.2.img.zip gunzip -S .zip chr-6.35.2.img.zip umount /mnt/v...
by toxicfusion
Wed Jul 06, 2016 8:01 pm
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 22149

Re: v6.35.4 [current] is released!

Does 6.35.4 fix the issue on RB2011 devices? There was a bug noted on version 6.34.6 with the 2nd switch group.

Is that fixed in this release?
by toxicfusion
Fri Jul 01, 2016 4:14 pm
Forum: Announcements
Topic: v6.34.6 [bugfix] is released!
Replies: 60
Views: 18915

Re: v6.34.6 [bugfix] is released!

NOTICE / BUG REPORT! RB1100Ahx2 Firmware 3.24 RouterOS 6.34.6 Upgrade went very well from 6.20....  However, this morning I've had phone calls of random workstations having issues accessing some remote resources.   We have MANY IPSEC VPN tunnels issue was people unable to access some mapped network ...
by toxicfusion
Fri Jun 17, 2016 11:22 pm
Forum: Announcements
Topic: v6.34.6 [bugfix] is released!
Replies: 60
Views: 18915

Re: v6.34.6 [bugfix] is released!

Just realized this 6.34.6 release.

Great news that another member posted "3 RB1100ahx2 upgrading all working well so far."  This give me a peace of mind

Planning to goto this version on  Tuesday evening.
by toxicfusion
Fri Jun 17, 2016 4:50 pm
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 22149

Re: v6.35.4 [current] is released!

@Basdno Thank you for the insight!  You're absolutely spot on, and no offense taken.  Definitely not planning the upgrade for a Friday!  Thinking I'll apply Monday or Tuesday evening (patch tuesday, bahaha!) I'll be sure to post back of any issues and or success with the upgrade on our production RB...
by toxicfusion
Fri Jun 17, 2016 3:47 pm
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 22149

Re: v6.35.4 [current] is released!

Good to know!  I will just 'buck up' and take the needed steps in precaution and load the update.  I want to take advantage of Fast Track and the ipsec enhancements.  6.20 has issues with SA-lifetimes and such. @MikroTik team does 6.35.4 make RB3011 (Arm CPU) completely stable and ready for producti...
by toxicfusion
Fri Jun 17, 2016 3:33 pm
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 22149

Re: v6.35.4 [current] is released!

Nice release on top of 6.35.  However, dynamic list to read only.. WTF??!

Anyone load 6.35 or the incremental updates on RB1100AHx2 devices?   I have had one online in production for 402 days current uptime....  Wanting to upgrade to latest rOS, but unsure if will break device. Currently on 6.20


 
by toxicfusion
Thu Apr 28, 2016 6:28 pm
Forum: Beginner Basics
Topic: Policy routing out one port and back in another on the same router
Replies: 1
Views: 613

Re: Policy routing out one port and back in another on the same router

Did you get this figured out? I'm looking to do something similar... Looking for idea's how to integrate MikroTik router with the powercode BMU
by toxicfusion
Tue Apr 05, 2016 5:55 pm
Forum: General
Topic: Mangle vs CoS for VOIP
Replies: 9
Views: 2581

Re: Mangle vs CoS for VOIP

Thank you for your insight and knowledge! noted! :)
by toxicfusion
Fri Apr 01, 2016 11:45 pm
Forum: General
Topic: Mangle vs CoS for VOIP
Replies: 9
Views: 2581

Re: Mangle vs CoS for VOIP

Ok So I have mangle rules to "mark" connection for the VOIP traffic and specific ports /ip firewall mangle add action=mark-connection chain=prerouting comment=VOIP_TRAFFIC dst-port=\ 5060-5099 new-connection-mark=VOIP protocol=udp add action=mark-packet chain=prerouting connection-mark=VOIP dst-port...
by toxicfusion
Fri Apr 01, 2016 11:39 pm
Forum: General
Topic: Mangle vs CoS for VOIP
Replies: 9
Views: 2581

Re: Mangle vs CoS for VOIP

Great points! I take care of an office with ~120 VOIP telephones on own voice VLAN. Sound quality is good, but at times it can sound a little 'rough' or seem as its degrading call quality over longer internal voice call. I can assume its network congestion/traffic across switches this network has HP...
by toxicfusion
Fri Apr 01, 2016 6:43 pm
Forum: General
Topic: Mangle vs CoS for VOIP
Replies: 9
Views: 2581

Re: Mangle vs CoS for VOIP

Understood As I can build a Queue Tree to "shape" the traffic over the WAN link; to give VOIP bandwidth requirements depending on network environment. in regards to DSCP > COS -- I can set this at the VOIP PBX level and specify for SIP/RTP. Most managed Swithces I can also define this on the VLAN le...
by toxicfusion
Fri Apr 01, 2016 6:02 am
Forum: General
Topic: Mangle vs CoS for VOIP
Replies: 9
Views: 2581

Mangle vs CoS for VOIP

Hey everyone I've been using MikroTik routers for quite awhile now 3+ years. Love them, they're my goto... with that being said; I've always used Mangle rules/tags to create a Queue Tree for traffic shaping with pretty good success. However, is there any added benefits or is it better to do CoS tagg...
by toxicfusion
Wed Apr 01, 2015 5:17 pm
Forum: Beginner Basics
Topic: Using RouterOS to prioritize (Qos) traffic for a Class C net
Replies: 111
Views: 186112

Re: Using RouterOS to prioritize (Qos) traffic for a Class C net

Thanks to know! I have RB2011 routers out in field with similar configuration, except VLAN's and they're using BRIDGES. So they might be fine. It might just be an issue with this RB1100AH as I'm using 'router on stick' configuration with VLAN's assigned to ether-trunks I'm worried that If I put the ...
by toxicfusion
Fri Mar 27, 2015 8:04 pm
Forum: Beginner Basics
Topic: Using RouterOS to prioritize (Qos) traffic for a Class C net
Replies: 111
Views: 186112

Re: Using RouterOS to prioritize (Qos) traffic for a Class C net

Below are my mangle rules I use similar / same QoS for customers and they experience same issues on local UPLOAD traffic being clamped. meaning, if I do a file transfer over the network from one computer to another -- that transfer gets capped. Mangle rules are essentially same for myself and i use ...
by toxicfusion
Tue Mar 17, 2015 8:57 pm
Forum: Beginner Basics
Topic: Using RouterOS to prioritize (Qos) traffic for a Class C net
Replies: 111
Views: 186112

Re: Using RouterOS to prioritize (Qos) traffic for a Class C net

Hi I've followed this guide... and have made adjustments to try and fix issues. However, when ever I have queue tree rules created for 'no-mark'. The router is ALSO clamping the LAN network file transfer speeds... not cool. /queue tree add max-limit=4M name=LEVEL_A_UP parent=ether1_wan01 queue=defau...
by toxicfusion
Thu Sep 26, 2013 6:32 pm
Forum: General
Topic: SIP mangle rules & queue's
Replies: 1
Views: 1422

Re: SIP mangle rules & queue's

well, found this article:
http://forum.mikrotik.com/viewtopic.php?f=13&t=73214

guess helpful.. customized it a little bit for our needs regarding the LEVELS max/min bandwidth (70meg x 5meg cable connection)

level A = 60meg down, 4Mmeg up

level B = 40meg down, 3meg up
by toxicfusion
Thu Sep 26, 2013 5:32 pm
Forum: General
Topic: SIP mangle rules & queue's
Replies: 1
Views: 1422

SIP mangle rules & queue's

Hello, Still learning MikroTik and growing extremely frustrated and confused with this configuration of firewall mangle rules and queues. I want to bash my head against a wall in this mass confusion. Trying to setup simple traffic shaping, and its a PITA (in my logic and though process) or I'm stupi...
by toxicfusion
Sat Jun 22, 2013 6:42 am
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 54067

Re: RouterOS 6.1 released

upgrade from 6.0 to 6.1 broke all IPSEC VPN connections on RB1100ahx2... downgrade back to 6.0 resolved issue. Thought 6.1 would fix IPSEC VPN issue of random VPN disconnects and inability to pass traffic to CISCO end points. issue with link aggregation speeds 802.3ad as well - inconsistent balancing
by toxicfusion
Tue Jan 15, 2013 4:04 pm
Forum: Beginner Basics
Topic: VLANS on trunk interface with DHCP
Replies: 3
Views: 2194

Re: VLANS on trunk interface with DHCP

Ok - I found the error on my own and corrected it. DHCP servers are assigned to the VLAN's now with address pools. However the DCHP server(s) are NOT providing the default gateway. Computers receive IP and mask, but no default gateway; why!!? Furthermore, Have VOIP phone (VLAN20 - 192.168.20.0) - us...
by toxicfusion
Mon Jan 14, 2013 6:12 pm
Forum: Beginner Basics
Topic: VLANS on trunk interface with DHCP
Replies: 3
Views: 2194

VLANS on trunk interface with DHCP

Hello, Just purchased RB1100ahx2 (awesome), replacing cisco ISR1921. Trying to get the configuration of VLAN's and DHCP server running on this device. Having some confusion with configuration, its fustrating. Bonded two(2) ethernet ports; eth5 ð6 to create a trunk interface. assigned vlan1, vlan2...