Community discussions

Search found 583 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 12
by pcunite
Wed Feb 21, 2018 11:37 pm
Forum: RouterBOARD hardware
Topic: HAP AC random reboots
Replies: 3
Views: 155

Re: HAP AC random reboots

Does kinda sound like a hardware issue.
by pcunite
Wed Feb 21, 2018 7:34 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 49
Views: 6793

Re: CRS328-24P-4S+RM is finally available

I've received information from our main Mikrotik supplier that CRS328 (24 PoE AF/AT) is already in production/sales.

Excellent, really looking forward to the CRS328-24P-4S+RM.
by pcunite
Wed Feb 21, 2018 5:41 am
Forum: Beginner Basics
Topic: Clearing up some gray areas with my current NAT rules.
Replies: 10
Views: 268

Re: Clearing up some gray areas with my current NAT rules.

You want to keep your other masquerade rule, that's what makes hairpin work. ... So personally I'd just keep two rules, one for main NAT and other for hairpin (like you had it before), it seems easier to understand to me. What I was talking about was the dstnat part. If you use rule with in-interfa...
by pcunite
Wed Feb 21, 2018 4:14 am
Forum: Beginner Basics
Topic: Clearing up some gray areas with my current NAT rules.
Replies: 10
Views: 268

Re: Clearing up some gray areas with my current NAT rules.

In short, one dstnat rule for both internal and external connections is enough. Okay, I get you now. Because my default masquerade specified an interface, I required the rule for the local interface. Please edit my rules down to a fully working example. /ip firewall filter add chain=input action=ac...
by pcunite
Wed Feb 21, 2018 1:56 am
Forum: Forwarding Protocols
Topic: DVR Forwarding
Replies: 5
Views: 197

Re: DVR Forwarding

When I try to forward wan to lan with out success ... I can not connect from outside of my house.
How are you verifying this? Are you trying to connect from inside your LAN to your external IP and trying to come back in that way?
by pcunite
Wed Feb 21, 2018 1:50 am
Forum: Beginner Basics
Topic: Clearing up some gray areas with my current NAT rules.
Replies: 10
Views: 268

Re: Clearing up some gray areas with my current NAT rules.

@pcunite: So if you'd want to forward e.g. external port 8080 to internal 80, and you'd want it work also from inside, you'd have two rules like this? /ip firewall nat add chain=dstnat action=dst-nat protocol=tcp dst-port=8080 to-addresses=10.1.0.2 to-ports=80 dst-address-type=local dst-address=!10...
by pcunite
Tue Feb 20, 2018 5:09 am
Forum: General
Topic: RB1100Dx4 Multicore issue ?
Replies: 18
Views: 654

Re: RB1100Dx4 Multicore issue ?

I just want you guys to know the CCR1009 just solved the problem. every single core works!

Good to hear.
by pcunite
Tue Feb 20, 2018 5:07 am
Forum: General
Topic: Router capacity
Replies: 14
Views: 447

Re: Router capacity

I would also consider using only G/N on the 2.4Ghz radio ... as opposed to B/G/N
by pcunite
Sun Feb 18, 2018 10:52 pm
Forum: Beginner Basics
Topic: Clearing up some gray areas with my current NAT rules.
Replies: 10
Views: 268

Re: Clearing up some gray areas with my current NAT rules.

the importance of setting in-interface If your port mapping is not one-to-one (8080 -> 80) you'll have issues if you don't set the in-interface to be your WAN interface. I challenge anyone to best these rules! Study them carefully, and be enlightened. # Hairpin and Standard port forwarding example ...
by pcunite
Sat Feb 17, 2018 1:38 am
Forum: Wireless Networking
Topic: Wireless tool suggestion (this could help everybody)
Replies: 6
Views: 223

Re: Wireless tool suggestion (this could help everybody)

As a WISP, I could really use a powerfull tool like this to speed up my entire wireless network of hundreds of APs and thousands of clients ...

I own a software consultancy. If you're serious, I'll build it for you. Won't be cheap.
by pcunite
Sat Feb 17, 2018 1:18 am
Forum: Beginner Basics
Topic: hAP AC + wAP R
Replies: 6
Views: 206

Re: hAP AC + wAP R

@pcunite: you talk about creating a bridge, but in what way? Configure the hAP to provide wifi, dhcp, routing to the internet, etc. On the wAP R, plug it's ether1 into hAP's ether2 (or whatever is available), and set up wAP something like so. /system identity set name=wAPR /interface bridge add nam...
by pcunite
Sat Feb 17, 2018 1:11 am
Forum: General
Topic: VoIP priorization DSCP [SOLVED]
Replies: 1
Views: 65

Re: VoIP priorization DSCP [SOLVED]

Read the posts in my signature.
by pcunite
Fri Feb 16, 2018 12:22 am
Forum: General
Topic: Suggestion to Mikrotik
Replies: 3
Views: 188

Re: Suggestion to Mikrotik

Very nice suggestion. Cash and hardware prizes, access to under development hardware.
by pcunite
Fri Feb 16, 2018 12:19 am
Forum: General
Topic: VoIP / SIP big problems [SOLVED]
Replies: 18
Views: 464

Re: VoIP / SIP big problems [SOLVED]

So I assume that my NAT rules are fine? If you want/need NAT rules, they should look like this. First a sample firewall script setup to allow NAT. Then a sample NAT rule. /ip firewall filter add chain=input action=accept connection-state=established,related comment="Accept established related" add ...
by pcunite
Thu Feb 15, 2018 5:38 pm
Forum: General
Topic: VoIP / SIP big problems [SOLVED]
Replies: 18
Views: 464

Re: VoIP / SIP big problems [SOLVED]

You shouldn't need to do anything special, no special firewall rules, no special nat rules, for things to work. Do turn off MikroTik's SIP ALG feature (ip / firewall / service ports, then disable SIP). Your PBX should have some settings for NAT which will keep an open connection over UDP to your pro...
by pcunite
Thu Feb 15, 2018 5:27 am
Forum: General
Topic: RB1100Dx4 Multicore issue ?
Replies: 18
Views: 654

Re: RB1100Dx4 Multicore issue ?

From Firewall / Connections / Tracking set TCP Established Timeout to something small, like 5 minutes to at least drop connections that aren't doing anything. This will not effect active connections. Does this help?
by pcunite
Wed Feb 14, 2018 8:59 pm
Forum: Beginner Basics
Topic: hAP AC + wAP R
Replies: 6
Views: 206

Re: hAP AC + wAP R

You don't need to do anything special on the wAP R. Give its interface an IP (you'll probably create a bridge, that is the interface I'm referring to), set the ip route and your DNS to be your hAP's IP, good to go.
by pcunite
Sat Feb 10, 2018 11:07 pm
Forum: General
Topic: DNS Server, port redirect?
Replies: 3
Views: 138

Re: DNS Server, port redirect?

Does this work for you?
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp  to-addresses=192.168.150.200 to-ports=8000
add action=dst-nat chain=dstnat dst-port=80 protocol=udp to-addresses=192.168.150.200 to-ports=8000
by pcunite
Fri Feb 09, 2018 8:44 pm
Forum: RouterBOARD hardware
Topic: HAP AC2 PERFORMANCE NUMBERS
Replies: 8
Views: 776

Re: HAP AC2 PERFORMANCE NUMBERS

Yep, looks good. Hoping we can see an 8 port+ router/switch all-in-one based on this.
by pcunite
Fri Feb 09, 2018 4:59 pm
Forum: General
Topic: adding a port with the vlanes to the bridge
Replies: 2
Views: 101

Re: adding a port with the vlanes to the bridge

I don't yet know how to use the new version 6.41 that changes all this. However, for 6.39.3 and lower, you can do something shown below. Not sure of what your goals are with your unit. # READ ME # This is the setup for a single unit with a wlan interface # Create VLAN Trunk port on wlan1 /interface ...
by pcunite
Fri Feb 09, 2018 4:53 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability
Replies: 16
Views: 824

Re: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability

Personally ... I don't want any configuration, have to reset them anyway. I connect with Winbox and set it up from there. However, I do understand that the first time connecting with a web browser, you'd need the MikroTik to have an IP, and that means at least some form of configuration. So, since n...
by pcunite
Fri Feb 09, 2018 4:41 pm
Forum: Beginner Basics
Topic: Configuring RB951Ui-2HnD Router.
Replies: 8
Views: 234

Re: Configuring RB951Ui-2HnD Router.

Take a look at this example configuration. Read all the comments and verify you're okay with it. Before applying this do a system reset configuration (no default, no backup). Then connect to it via WInbox over a MAC address. Notes: Apply this config in sections at a time. The Set interface names if ...
by pcunite
Fri Feb 09, 2018 4:13 pm
Forum: General
Topic: Exchange mailbox access on cell phones [SOLVED]
Replies: 4
Views: 102

Re: Exchange mailbox access on cell phones [SOLVED]

Hair pin example. NAT works in conjunction with your firewall rules. Although the DNS suggestion sounds nice. # Hairpin example # 10.1.0.1 is the router # 10.1.0.2 is your internal server /ip firewall filter add chain=input action=accept connection-state=established,related comment="Allow establishe...
by pcunite
Fri Feb 09, 2018 3:33 pm
Forum: Beginner Basics
Topic: MikroTik Home Setup
Replies: 6
Views: 316

Re: MikroTik Home Setup

You'll want to have at least a CRS1 or CRS3 type switch for VLAN creating and testing.
by pcunite
Fri Feb 09, 2018 1:06 am
Forum: General
Topic: SIP ALG doesn't work in a proper way
Replies: 16
Views: 414

Re: SIP ALG doesn't work in a proper way

I always disable SIP ALG on MikroTik and let my phones and PBX handle NAT (they have options for this). If your phones and PBX can handle it, forgo using the included SIP helper.
by pcunite
Fri Feb 09, 2018 1:04 am
Forum: General
Topic: CRS326 6.41.1 VLAN trunk to WAPAC no traffic
Replies: 2
Views: 124

Re: CRS326 6.41.1 VLAN trunk to WAPAC no traffic

Trim this down some more. You have the wAP config on network 192.168.0.x, yet the CSR326 says that vlan-id 102 is 192.168.2.x. Your firewall rules seem to be for a router, not a switch.

Simplify for me.

:-)
by pcunite
Fri Feb 09, 2018 12:01 am
Forum: Beginner Basics
Topic: Port blocking
Replies: 2
Views: 106

Re: Port blocking

Use the following example. It blocks by default. Change bridge-LAN and ether-WAN to match your interface names, naturally. /ip firewall filter add chain=input action=accept connection-state=established,related comment="Accept established related" add chain=input action=accept in-interface=bridge-LAN...
by pcunite
Thu Feb 08, 2018 11:48 pm
Forum: RouterBOARD hardware
Topic: Mikrotik hAP AC 2.4ghz utterly unusable?
Replies: 5
Views: 331

Re: Mikrotik hAP AC 2.4ghz utterly unusable?

Please help. Everyone is complaining about the internet never working. Export your configuration (pasting it between forum code tags) from this command: /export compact hide-sensitive file=MyFile.rsc The output will be under your "Files" option in the GUI. Here is an example config you should be us...
by pcunite
Sat Feb 03, 2018 10:36 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 49
Views: 6793

Re: MikroTik News February 2018 (Issue #80)

Excellent news on the PoE switch! Nice work, MikroTik. I have a 28 IP network camera installation coming up in May of this year. Could really use a rackmount 24 port PoE switch too!
by pcunite
Thu Jan 11, 2018 5:42 am
Forum: Scripting
Topic: Script implementing Active Congestion Control
Replies: 36
Views: 1201

Re: Script implementing Active Congestion Control

Interesting ... may give this a look when I get time.
by pcunite
Sat Jan 06, 2018 5:49 am
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S WHEN?
Replies: 5
Views: 426

Re: CRS112-8P-4S WHEN?

Will be needing the 24 port version soon.
by pcunite
Fri Oct 20, 2017 12:35 am
Forum: Beginner Basics
Topic: accessing NAS from behind mikrotik router
Replies: 3
Views: 253

Re: accessing NAS from behind mikrotik router

Your question does not seem to match the diagram. What is the main router? That is what the NAS is connected to. The secondary "Mikrotik" router has no effect here - if coming from the Internet.
by pcunite
Mon Oct 16, 2017 8:44 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 83291

Re: RouterOS NOT affected by WPA2 vulnerabilities

From the link : What if there are no security updates for my router? Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for m...
by pcunite
Wed Oct 11, 2017 8:23 pm
Forum: General
Topic: Service Ports, SIP Direct Media, SDP
Replies: 9
Views: 4199

Re: Service Ports, SIP Direct Media, SDP

I just gave a presentation on SIP ALG at the Mikrotik MUM in Denver Colorado 2017 explaining everything about SIP ALG in RouterOS watch here: https://youtu.be/tM7wyKdnIKA Thank you for the presentation. Helpful. One clarification. Grandstream phones and their PBX are both NAT aware - in the sense t...
by pcunite
Tue Oct 10, 2017 7:46 pm
Forum: General
Topic: Intel SFP+ support?
Replies: 5
Views: 479

Re: Intel SFP+ support?

The question is: are the Intel SFP+ optical modules compatible with Mikrotik CCR1072-1G-8S+?
After you buy them, test them, and confirm they are working, the answer to your question will be yes. Otherwise, no.
by pcunite
Tue Oct 10, 2017 7:45 pm
Forum: Wireless Networking
Topic: Default Forward Question
Replies: 2
Views: 232

Re: Default Forward Question

What was your question?
by pcunite
Tue Oct 10, 2017 12:39 am
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 494

Re: Odd VOIP Behavior on Mikrotik 3011

Are you talking about on the phone itself?
Yes
by pcunite
Mon Oct 09, 2017 10:52 pm
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 494

Re: Odd VOIP Behavior on Mikrotik 3011

I believe they re-register every 240 seconds, according to the vendor.
Change this to be less than 180 seconds, say 120. The remote server maybe terminating them. MikroTik's timeout is 300. Linux is 180 I think.
by pcunite
Fri Oct 06, 2017 2:58 pm
Forum: General
Topic: MikroTik Bandwidth Issues
Replies: 1
Views: 142

Re: MikroTik Bandwidth Issues

You don't mention the hardware, and I don't see an export of your configuration.
by pcunite
Fri Oct 06, 2017 5:48 am
Forum: Beginner Basics
Topic: Here is my last attempt - RB3011 - No Server outbound connection
Replies: 20
Views: 711

Re: Here is my last attempt - RB3011 - No Server outbound connection

Look at this script. I've minimized it down to something simpler to work on. Read slowly. I don't understand what you're doing with ether1 as opposed to SFP1. The SB4141 does not have a fiber interface. You have an issue there. Before testing this script, I recommend you do a System / Reset # apply ...
by pcunite
Fri Oct 06, 2017 5:41 am
Forum: Beginner Basics
Topic: Here is my last attempt - RB3011 - No Server outbound connection
Replies: 20
Views: 711

Re: Here is my last attempt - RB3011 - No Server outbound connection

How are you connected to your ISP's modem? Fiber or ether1? You have ether1 in the same bridge as your lan, which has a different subnet.
by pcunite
Fri Oct 06, 2017 2:51 am
Forum: Beginner Basics
Topic: Here is my last attempt - RB3011 - No Server outbound connection
Replies: 20
Views: 711

Re: Here is my last attempt - RB3011 - No Server outbound connection

We can help you. Post your configs by running a New Terminal within the Winbox tool, /export compact hide-sensitive file=MyFile.rsc. Post the output here between the code tag.
by pcunite
Thu Oct 05, 2017 7:13 pm
Forum: Beginner Basics
Topic: Mangle function for phones ?
Replies: 4
Views: 239

Re: Mangle function for phones ?

Not at all. You can mark in many different ways to identify traffic. VoIP is quite simple to "catch". See my sig.
by pcunite
Thu Oct 05, 2017 7:10 pm
Forum: RouterBOARD hardware
Topic: RB3011 in a desktop case with 5Ghz wifi replacement for RB2011UiAS-2HnD-IN
Replies: 10
Views: 854

Re: RB3011 in a desktop case with 5Ghz wifi replacement for RB2011UiAS-2HnD-IN

Currently there is no plan for this model, but we are working on other exciting new products that will have similar features and port number.
Thank you! I just needed a tiny ray of light in this deep dark cave.
:-)
by pcunite
Wed Oct 04, 2017 9:19 pm
Forum: General
Topic: switchport port-security maximum 1 for mikrotik
Replies: 1
Views: 246

Re: switchport port-security maximum 1 for mikrotik

I wonder as well. See learn-limit. Give it a try.
by pcunite
Wed Oct 04, 2017 8:59 pm
Forum: General
Topic: Router behind Router
Replies: 9
Views: 484

Re: Router behind Router

I would like to be able to access router 2 from the outside the same way I can access router 1. What ports, and on which routers, do I need to forward? Here is one way to do this. For Router1, set it up like so. Note that ip address 1.2.3.4 , is your work from home IP. Remove it if you want to allo...
by pcunite
Wed Oct 04, 2017 3:12 am
Forum: Beginner Basics
Topic: how to set a master port and a slave port
Replies: 10
Views: 3276

Re: how to set a master port and a slave port

A typical setup is where you have ether1 as your WAN interface. It's master is NONE and it is not a bridge port member. Then you have ether2 set to master None. It is, however, a member of a bridge. Then you get ether3-ether5 and make them slaves of ether2. Connect your AP to any port other than eth...
by pcunite
Wed Oct 04, 2017 3:10 am
Forum: General
Topic: Router behind Router
Replies: 9
Views: 484

Re: Router behind Router

We like graphs, we like diagrams.
by pcunite
Tue Oct 03, 2017 7:08 pm
Forum: Beginner Basics
Topic: Wifi Latency
Replies: 10
Views: 604

Re: Wifi Latency

Here's a screenshot from an Android spectrum analyzer, not sure if this helps:
That is only showing WiFi polite devices, not what is actually in the air. I don't know how to help you further. Sorry.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 12