RouterOS version is 6.44.6, device is a CCR1036-8G-2S+
I think 6.44.x was vulnerable, so I don't think this is a new'ish hack. Here is a post about it. I updated to 6.47.x a while back to play it safe.
RouterOS version is 6.44.6, device is a CCR1036-8G-2S+
Not gonna happen. With that port spec, it would be CRS320-16P-4S+RM.
All working fine when setting Wan to ether1.
Intel AX200 connected at 1.2Gbit/s at Aruba AP-555 with 80 MHz channel == stable 800 Mbit/s up and down while copy a big file to and from a SMB file server.
The PoE issue was introduced in 6.46.8, as the comments from that release prove it.
I upgraded a hAP mini from 6.47.8 and got the same WiFi problem as with 6.48, fixed by downgrading.
normis says: You can adjust Tx-power by selecting "all rates fixed" in Tx Power Mode and afterwards setting a lower Tx power.
All MikroTik routers should be running
or 7.0beta6 [testing]
due to CVE-2020-11881
To run the scan on Groove there are prerequisites
Sure, but does the RB3011 have wifi? I think he wants devices at both sites to provide wifi!
A crs318-16P-2S+ would be great. I would like it in an "IN" desktop form factor, although I am sure a RM version would be popular too.
The best option would be for the bridge to be able to strip VLAN 0, but isn't that something MT needs to fix?
Can someone measure its idle power usage? Preferably with one or two 10g ports connected (optical sfp+ or DAC).
Also, how loud is it under low load circumstances?
... for CCRs, what model switches have people been using in front it to take care of the vlan 0 tagging?
I'm surprised the hEX/RB750Gr3 isn't recommended especially for people on 300/300 or 100/100. Does it not work well with wpa_supplicant despite having a switch chip?
Both? The Bridge Method and the Supplicant Method?
So, I picked up a hEX and ... the boards are identical size and layout - ports, power, usb, LEDs, etc. The hAP board will fit very nicely into the hEX case for anyone interested .
Own certificates are ok, but for own use (personal or some closed group). They are useless for services that have random visitors, because they would have to trust your CA to be able to verify them.
is the only advantage of going with the supplicant method to prevent having the actual ATT Gateway powered on and active at all times?
in the topic Switch with a separate router (RoaS), what is the difference between the Switch Config file and the Router Config file?
I tried this on an RB4011 using certs from an NVG510. Unfortunately I kept getting "rejected" after "authenticating", I did make sure I set the clock properly.
Shouldn't the topic be moved to viewforum.php?f=23?
what about when there are several LAN interfaces?
This is amazing. 802.1x method was incredibly easily once converted to .pem.
do you prefer to put highest priority 1 (in my situation game : Apex) to fast track?
add name=DOWN max-limit=1M parent=LAN queue=default
add name=UP max-limit=100k parent=WAN queue=default
I will still get : Download Mbps 9.68, Upload Mbps 0.56
How is this possible?
Can anyone post reasonable reason why it's important? Verification that file is downloaded is plain strange.
... is buying the certs themselves possible or do I need to specifically buy a NVG510 ... ?
For the purposes of hooking up a PC on port 4 when needed for management, yes I'd thought leaving it as untagged on VLAN 99 as no-one else will have physical access to this and it was purely a quick way should I be locked out.
How the heck do you get into this thing?
I found the free DNS servers at AdGuard to be very good. They seem to have more locations and the roundtrip is only 50ms. They also have some "family friendly" DNS servers which may interest some households.
i have tested that with no better results.
I have just tested a config on the 3011 and it don't seem to be able to get the vlan0 working like the rb4011 does.
/interface ethernet switch port set ether1 vlan-mode=fallback
After all I returned it and bought an RB4011. Wish everything works fine when I receive the new model.
Why do you recommend the RB4011 but without wireless?
Here is my configuration with my modification. I removed the real MAC address for this post.
I added DSCP into my Wireshark columns, and it shows CS6 level for all packets coming from the ONT.
The PoE injector supplied with cAP ac is a passive one. So, powering it from RB4011 should be fine ...
Thanks for the info, I need to buy a new one. Any progress with using wpa_supplicant (Dot1x) to completely remove the use of the AT&T RG gateway?
... while doing speed tests the CPU never goes over 20% ... now 34Mbps is the limit?
To be honest, it’s pure speculation that the config is the cause. But I’m happy to send you my config to look at. Can I email it?
Although not good, but also learning with mistakes.
It's not uncommon - Cisco call it Unicast mode as documented here.
I changed wlan1's MAC address, but this doesn't' fix the problem. 5Ghz still randomly disappearing. Log is clean.
Why is so complicated to get VLANs right on SwOS? There should only exist 3 cases: Trunk, Hybrid (with a PVID), and Access. It should not be that hard.
You can mount two CRS112 in 1U right? Since they're exactly half U?
An important difference - cAP AC has separate antennas for each chain /4/ and better wireless performance for that! hAP AC2 has 2 combined antennas for both frequencies!
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
Do you still need to set the RG into bypass mode or should I reset that to defaults, too?
So, would I apply this same configuration on the SWITCH? What would you recommend for the access points?
I have also tried to manually decrease the TX power on the radios in the cAP-ac units, but when I do, I get an error that the feature is not supported.