Community discussions

Search found 132 matches

by toxicfusion
Thu Aug 15, 2019 5:21 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

Re: vlan bridge (new way) HW offload and performance

@ksteink - thank you, again! I may consider your approach to a RB as the router for WAN outbound and termination point, and then a MT switch for inter-vlan traffic and rules. Assuming you're more of a core + access layer style network designs? From the MT CRS switch you do an IP route 0.0.0.0/0 to t...
by toxicfusion
Thu Aug 15, 2019 12:57 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

Re: vlan bridge (new way) HW offload and performance

this wiki which was posted earlier was helpful: https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features amazing how MikroTik used best switch chips in prior RB1100ahx2 model, and for RB1100ahx4 (new) they used lesser vlan capable switch chip! Sigh.. . I loved the 1100ahx2 model, deployed many. Al...
by toxicfusion
Thu Aug 15, 2019 12:35 am
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

Re: vlan bridge (new way) HW offload and performance

@ksteink WOW - awesome, thank you for such big break down and config examples. I appreciate this. Will inter-vlan routing work by 'default' when configuring the switch chip in this manner? Or will I need ip route rules? As in some cases, some of the vlans need to be able to reach each other, others ...
by toxicfusion
Wed Aug 14, 2019 7:16 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

Re: vlan bridge (new way) HW offload and performance

So confusing as block diagram on RB3011 and RB4011 both show switch chips. RB3011 states ports 6-10 is 2Gb/s aggregated... but ports 1-5 show same 1Gb/s links to each CPU.. sigh. Also one is Realtek vs QCA. So just have to know which is 100% VLAN capable within switch chip itself and not using softw...
by toxicfusion
Wed Aug 14, 2019 7:05 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

Re: vlan bridge (new way) HW offload and performance

@Sindy - Thank you, great explanations and break down! You're always great with laying it out. I do more of a collapsed core configuration for most SMB networks. Some clients require ipsec tunnel between offices. Other clients single location and I'll do EOIP tunnel to my NOC router to perform netwo...
by toxicfusion
Wed Aug 14, 2019 6:31 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

Re: vlan bridge (new way) HW offload and performance

maybe Normis or another from MT and chime in to clarify... So if ALL software, it'll hammer or leverage the CPU... the RB4011 has ARM processor, so is it negated performance wise? Or is there sigificant performance boost in say RB3011 with the vlan aware switch chip ASIC (ASIC being faster than CPU?...
by toxicfusion
Wed Aug 14, 2019 5:05 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

Re: vlan bridge (new way) HW offload and performance

block diagram shows HW acceleration... is this ONLY for IPSec, or this mean HW acceleration on ethernet for wirespeed? If so, perhaps the RB4011 is an upgrade path over RB2011. The switch chips used in the 4011 are not VLAN-aware and don't support hardware rules so if you need L2 traffic to be hard...
by toxicfusion
Tue Aug 13, 2019 10:32 pm
Forum: General
Topic: Ready Voucher 2.15 [SOLVED]
Replies: 6
Views: 1361

Re: Ready Voucher 2.15 [SOLVED]

There any firewall black lists? Perhaps need to add to walled garden (allowed) within hotspot setup?

What about after a reboot of router, issue still same?

Create a new service account (user + pass) to be used for the API auth with ReadyVoucher?
by toxicfusion
Tue Aug 13, 2019 9:56 pm
Forum: General
Topic: Ready Voucher 2.15 [SOLVED]
Replies: 6
Views: 1361

Re: Ready Voucher 2.15 [SOLVED]

This probably due to API change

speak with developer of ReadyVoucher
by toxicfusion
Tue Aug 13, 2019 9:37 pm
Forum: The User Manager
Topic: UserMan+Hotspot - The Most Buggy
Replies: 2
Views: 877

Re: UserMan+Hotspot - The Most Buggy

It is buggy... But the vouchers work? lol. you can also manually create your radius users and assign. But once you set your profiles and do mass creation of vouchers(UserMan), I've had good luck.. I just ignore the webUI bugs. hopefully they fix. Otherwise, have to look for third party hotspot solut...
by toxicfusion
Tue Aug 13, 2019 9:24 pm
Forum: RouterBOARD hardware
Topic: RB4011 high, uneven CPU load and a crash.
Replies: 7
Views: 1009

Re: RB4011 high, uneven CPU load and a crash.

It might be the IPsec tunnel (HW Offload) with the type your using (Encryption type). Unsure if a bug and its loading up on single CPU core. I wouldnt worry if only single core being loaded up.
DH Group
SHA, MD5?
SHA-128, SHA-256?

What routerOS release? Try the 6.45 long term.
by toxicfusion
Tue Aug 13, 2019 6:49 pm
Forum: RouterBOARD hardware
Topic: RB4011 high, uneven CPU load and a crash.
Replies: 7
Views: 1009

Re: RB4011 high, uneven CPU load and a crash.

Interesting! Not to hijack, with PRTG you using? I like those graphs.

Do you have any ipsec tunnels? Are you using bridge vlan configuration? do your config export.... /export hide-sensitive
by toxicfusion
Tue Aug 13, 2019 5:49 pm
Forum: RouterBOARD hardware
Topic: RB US-LTE product - which is better?
Replies: 1
Views: 445

Re: RB US-LTE product - which is better?

Or wondering if should consider "RBLHGR&R11e-LTE-US" this dish antenna with the high 17db gain.... I can point toward cell tower location... cell coverage in this area is spotty in some area's due to city limited the addition and build of towers (beach side) Otherwise, with the RB912R-2nD-LT. device...
by toxicfusion
Tue Aug 13, 2019 5:24 pm
Forum: RouterBOARD hardware
Topic: RB US-LTE product - which is better?
Replies: 1
Views: 445

RB US-LTE product - which is better?

Questions: For USA-LTE-4G (mikrotik knows USA is 4G) I'm compairing two products. they appear to have the same 4G/LTE modem (R11e modem) RB912R-2nD-LTm&R11e-LTE-US and RBwAPR-2nD&R11e-LTE-US Second is same enclosure as the current outdoor wAP AC products. but has the R11e chip. questions: 1. which w...
by toxicfusion
Tue Aug 13, 2019 4:49 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

Re: vlan bridge (new way) HW offload and performance

By way - I see the RB4011 and RB1100ahx4 obviously share same ARM CPU, block diagram shows HW acceleration... is this ONLY for IPSec, or this mean HW acceleration on ethernet for wirespeed? If so, perhaps the RB4011 is an upgrade path over RB2011.
by toxicfusion
Tue Aug 13, 2019 4:41 pm
Forum: General
Topic: vlan bridge (new way) HW offload and performance
Replies: 19
Views: 2613

vlan bridge (new way) HW offload and performance

Hello, I know it has been mentioned here and also some snippets on the MikroTik Wiki.... Have some existing RB2011 out in field in production. I have a client (decent sized network, 4 attached switches) to the RB2011. Using RB2011 as router-on-stick, or functioning as collapsed core (RB2011 has all ...
by toxicfusion
Tue Jul 09, 2019 5:21 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro Poe Input
Replies: 1
Views: 291

PowerBox Pro Poe Input

Hello, Question - looking at documentation and datasheet. Can anyone confirm or deny if the PowerBox Pro can be Powered UP by 802.3af POE input? Looking to power up the Powerbox Pro with POE 802.3af input, and have it output the same voltage as applied to downstream devices attached to it. Otherwise...
by toxicfusion
Fri Jul 05, 2019 7:22 am
Forum: Wireless Networking
Topic: [ETA] new wireless driver?
Replies: 3
Views: 574

Re: [ETA] new wireless driver?

This is needed. All these new WAP/CAP products with the AC1200, AC1600, AC1800, AC2000 chipset.. But terrible 5Ghz performance. I fear its due to 6.0X RouterOS using older linux Kernel, thats limitation. Unless they backport the current drivers to the older kernel or they develop drivers in-house......
by toxicfusion
Fri Jul 05, 2019 6:58 am
Forum: Wireless Networking
Topic: Mikrotik WLAN & CAPsMAN - Bad download perfomance
Replies: 47
Views: 4707

Re: Mikrotik WLAN & CAPsMAN - Bad download perfomance

sigh... I"m experiencing the same exact issues and limitations! Using CAPsMAN as well with the WAPS. Very annoying. Love MikroTik - perhaps too much of a fanboy. But when UBT wireless kicks their ass... just hate their software and constant changes. But their cloud controller aspect is sweet - able ...
by toxicfusion
Fri Jul 05, 2019 2:49 am
Forum: Wireless Networking
Topic: CAPsMAN bandwidth problem
Replies: 1
Views: 252

Re: CAPsMAN bandwidth problem

I was having similar issues..... Hope someone has some answers as been crickets! With "Local Forwarding" performance is OK and close to wire speeds with AC (depending on AP). I'm finding the CAP AC's to perform worse than the wAP AC's. (different wireless chipset). But with "Client to Client forward...
by toxicfusion
Wed Jul 03, 2019 9:51 pm
Forum: Wireless Networking
Topic: CAPsMAN - config gripes and questions
Replies: 2
Views: 269

Re: CAPsMAN - config gripes and questions

I have a client about to send all these AP's back... Perhaps theres TOO many configuration options?!... makes want to just use Ubiq***... sigh. WTF, I'm losing patience and faith. Do I enable both local forwarding && client to client?? Or just local forwarding? Appears when I do not specify vlan in ...
by toxicfusion
Wed Jul 03, 2019 7:20 pm
Forum: Wireless Networking
Topic: CAPsMAN - config gripes and questions
Replies: 2
Views: 269

Re: CAPsMAN - config gripes and questions

little update: Disabled Caps manager on router, then removed all the CAP interfaces. Originally when the cAPS joined they were in red, I went and created copies and manually named the interfaces based on 2ghz or 5ghz "xxAP-2Ghz" "xxAP-5Ghz", and then copied again for the slave interface. But after r...
by toxicfusion
Wed Jul 03, 2019 6:22 pm
Forum: Wireless Networking
Topic: CAPsMAN - config gripes and questions
Replies: 2
Views: 269

CAPsMAN - config gripes and questions

Hello, Looking for explicit answers to CAPSMAN configuration for 'datapath' config. What is difference of 'local forwarding' and 'client to client forwarding'? The information on articles all contradict themselves. is client to client the same as 'default forwarding' on the ssid? Also having issues ...
by toxicfusion
Mon Jul 01, 2019 6:35 am
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

Ok fixed.. I was overthinking it. Considering the ether1 interface is 'untagged' and the native vlan on the network, I can tag the SSID with vlan via capsman config.

I reset the AP's and select CAP mode, then all is good. All AP's are now provisioned via CAPsMan

Thanks!
by toxicfusion
Sun Jun 30, 2019 9:25 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

all three(3) CAPS appear to connect with "CAP-764D285B8904" for name & common name. I prob have config issue. Realized I had a mgmt SSID (hidden SSID) on all the AP's, but the .rsc file had the same mad address specified. I just went and removed the virtual interface from all the AP's. Do I need to ...
by toxicfusion
Sun Jun 30, 2019 9:10 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

Ok, have two(2) access points connected to CAPSMAN Controller. The 3rd will not connect, or keeps dropping off due to 'ident conflict'. Mac Addresses are different. However, the WLAN interfaces appear to be identical to that of the bridged interface they're associated with...?? did /interface ethern...
by toxicfusion
Sun Jun 30, 2019 8:33 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

Gotcha. Found the AP that was causing a loop/conflict. Mac address burned are so close :88:8E and 84:8E. But believe a config made them both the same. Removed AP, and all is fine. However, using vlan-bridge and vlan tagging. Dont the CAP AP's need to have their bridge interface configured and vlans ...
by toxicfusion
Sun Jun 30, 2019 6:24 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

I just did wireless reset on two of the AP's and now DHCP server on main router is going crazy, as if the eth1 interface is suddenly flapping and handing out address over and over and complaining of conflict or loop. I may roll back the CCR to 'long term' build, as thought was bug with release and u...
by toxicfusion
Sun Jun 30, 2019 6:07 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

Have you restored configuration from another device, that you get mac conflict? If yes please you need to do MAC reset of interface Thanks, I will try this again. I tried the reset command, but the MAC stayed the same? "/interface wireless reset-configuration <wireless interface>" Is this the wrong...
by toxicfusion
Sun Jun 30, 2019 5:00 pm
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

What about the issue of the certificate error as well as 'removing stale connection' which happens constantly when not using certificate.
by toxicfusion
Sun Jun 30, 2019 7:07 am
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

Sigh.. CAPs will join when I do 'none' for certificate. But this is not secure.

More problem, the cAPS keep dropping off. See screenshot
Screen Shot 2019-06-30 at 12.05.57 AM.png
by toxicfusion
Sun Jun 30, 2019 6:46 am
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

Re: CAPSman - only single CAP will connect

Update: Just noticed two(2) of the CAP Ap's have the same MAC address configured or displaying for wlans. Howd this happen? When the .rsc file used does not have any mac="" specified... Further, these were brand new CAP AC's and I did reset routerboard with no-configuration save and no-default-confi...
by toxicfusion
Sun Jun 30, 2019 6:11 am
Forum: Wireless Networking
Topic: CAPSman - only single CAP will connect
Replies: 13
Views: 1311

CAPSman - only single CAP will connect

Hi, Have CapsMan on CCR1009-8S-1S router.... fine. new Mikrotik CAP AC units. Only a single CAP AC will connect. All other CAPS error out "Request certificate, but failed to issue: a valid certificate with the same common name already exists!" Why is this? The CAPS are generating the same certificat...
by toxicfusion
Tue Mar 26, 2019 9:39 pm
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 349

Re: wAP vlan bridge issue

vlan10 on trunk port is set as native. switchport trunk native, rest are tagged.

yes, switches, core are all on vlan10 subnet - no mgmt (yet). Its relatively small network here in contrast. Didnt feel need to further complicate it by adding mgmt vlan
by toxicfusion
Tue Mar 26, 2019 1:41 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 349

Re: wAP vlan bridge issue

haha.. wow - smh! I was exhausted other night when I connected this WAP. The switchport it was connected to was WRONG. config was correct, but port on switch was also correct, but i had it in wrong port. as the switch numbering was not (1up, 2up) etc. normally 1-24 are top, 25-48 below. all good! phew
by toxicfusion
Tue Mar 26, 2019 1:20 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 349

Re: wAP vlan bridge issue

@anav. - help me before like you did before with suggestions? I'm 100% baffled here... MikrotTik core router is working fine with bridge vlan filtering and the tagged/untagged. Unifi AP's with SSID vlan tag assignment is working fine as well for the various SSID's. But on the MikroTik WAP AC - is NO...
by toxicfusion
Sun Mar 24, 2019 12:05 am
Forum: General
Topic: wAP vlan bridge issue
Replies: 6
Views: 349

wAP vlan bridge issue

Hello, I am using the new VLAN method when configuring an wAP ac. Setup is essentially same as the MikroTik router (which is working). I have mikrotik router with interface ports acting as trunk ports (vlan10 is untagged), and to downstream switches. Those switches are working. Also have older Ubiqu...
by toxicfusion
Wed Mar 13, 2019 4:19 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

Awesome, Looking forward to seeing an RB2011 "WORKING" config with the vlans!! Cheers. hey anav! Success.. "/interface bridge add name=all-vlan-bridge vlan-filtering=yes add admin-mac= auto-mac=no fast-forward=no name=bridge-local /interface ethernet set [ find default-name=ether1 ] comment="TRNK t...
by toxicfusion
Wed Mar 06, 2019 4:40 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

question: Will inter-vlan routing work since all vlans are within the single bridge? I will need inter-vlan, and then can create firewall rules to block some traffic as needed. When within the same bridge or not on the same bridge, the answer is NO at layer 2, YES at layer IF, you make the proper f...
by toxicfusion
Wed Mar 06, 2019 4:38 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

anav - which working config would you like? I had it on a HEX & PowerBox Pro for a small campground, trunk ports back to a L3 switch. The 'unorthodox' method I did way back when I was naive and still learning the 'new way'. Which after grasping it... is much cleaner.. This new config I'm working on ...
by toxicfusion
Wed Mar 06, 2019 4:06 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

In the meantime it never hurts to go back to some decent references and this is the best.................. Pick the example which fits closest to your scenario (Router-Switch-AP (all in one)) https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 Appreciated! I did a similar setup ~6+ months ago wi...
by toxicfusion
Wed Mar 06, 2019 4:05 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

question:

Will inter-vlan routing work since all vlans are within the single bridge? I will need inter-vlan, and then can create firewall rules to block some traffic as needed.
by toxicfusion
Wed Mar 06, 2019 3:58 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

toxic, Look at my last config, I kept the bridge pvid at default ie 1 Yes. bridge itself has vlan filtering The bridge ports that are trunk cannot have pvid assigments its only for incoming untagged traffic that needs to be tagged. hence wlan1, wlan2 and eth3 Give that a try. If it doesnt work then...
by toxicfusion
Wed Mar 06, 2019 12:25 am
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

Basics, Trunk ports do not get pvid Access ports get pvid Your eth3 I thought was going to a managed switch first...........thus also a trunk port. BUT now I see its going to an un-managed switch....... You also dont mention an access point but have guest wifi now added as well??? Thanks for reply ...
by toxicfusion
Wed Mar 06, 2019 12:14 am
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

do i set the bridge port to pvid=10, along with the individual ports within the bridge to make untagged traffic the default native vlan? such as: /interface bridge add name=bridge-all-vlans vlan-filtering=yes pvid=10 /interface bridge port add bridge=bridge-all-vlans interface=ether1 pvid=10 add bri...
by toxicfusion
Tue Mar 05, 2019 10:45 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

reading on prior posts. I believe PVID=ID is equivelant to cisco switch trunk native (which sets vlan as access/untagged). Here is maybe more simple config (taken from prior post). Modified for my usage: /interface bridge add name=bridge-all-vlans vlan-filtering=yes pvid=1 /interface bridge port add...
by toxicfusion
Tue Mar 05, 2019 10:22 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

Device is an RB2011-uas-in, perhaps better if I just use built in switch-chip functionality??

I'm just so use to creating bridges, adding interfaces and the vlans be within the bridge interface so those packets are untagged. As creating bridge use to by default untag.
by toxicfusion
Tue Mar 05, 2019 10:07 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

Re: bridge vlan sanity [SOLVED]

Thanks! pvid=10 is default data vlan (untagged traffic, data lan) This is set for the cisco SG series switch as well (pvid=10), ports vlan10=untagged, all other vlans=tagged on switch. switch port going to mikrotik will untagged vlan10, and rest tagged. I was reading documentation on wiki. That I ca...
by toxicfusion
Tue Mar 05, 2019 9:18 pm
Forum: General
Topic: bridge vlan sanity [SOLVED]
Replies: 18
Views: 656

bridge vlan sanity [SOLVED]

Hey there, Just looking for some clarity on my brain fog when it comes to the new vlan method within bridge vlan. Historically, I would just create multiple vlan entries and rename them, and associate to interfaces. Topology > Mikrotik Router >> Cisco Switch(s) Mikrotik eth1 >> Sw1. (10,20,40,99) Mi...
by toxicfusion
Sat Mar 02, 2019 6:00 am
Forum: General
Topic: RB1100x4 not accessible!
Replies: 9
Views: 428

Re: RB1100x4 not accessible!

That was my mindset, I had 1100x2 locally. this was an x4. I was prepping to overnight a new one and re-config with config backups Howevr.. HUZZAH.. I was teamviewered to laptop, worked with client and set a local gateway - as was dual homed... then was able to netboot and re-install. Old config was...