Community discussions

MikroTik App

Search found 83 matches

by DanielJB
Sat Dec 30, 2023 12:25 pm
Forum: Wireless Networking
Topic: CAPsMANv2 with wifi-qcom-ac and vlans [SOLVED]
Replies: 13
Views: 6312

Re: CAPsMANv2 with wifi-qcom-ac and vlans [SOLVED]

I'm sure its a SW limitation since the chipset can be used in a VLAN setup, only it has to be done manually for now.
Give it some time.
Yes, I believe the same, however let's invite MikroTik to comment.
by DanielJB
Sat Dec 30, 2023 11:32 am
Forum: Wireless Networking
Topic: CAPsMANv2 with wifi-qcom-ac and vlans [SOLVED]
Replies: 13
Views: 6312

Re: CAPsMANv2 with wifi-qcom-ac and vlans [SOLVED]

Firstly, hats off to MikroTik for allowing using the Qualcom 802.11ac ath10k WiFi driver (wifi-qcom-ac); it has a lot of latency and fairness benefits on top of Wave 2 support. I have been hoping for this for a long time :) . This kind of user support and freedom is what makes MikroTik special! Will...
by DanielJB
Tue Mar 28, 2023 8:11 am
Forum: Wireless Networking
Topic: My experience and issues in hi-density networks at school [SOLVED]
Replies: 75
Views: 13801

Re: My experience and issues in hi-density networks at school [SOLVED]

You cant change wireless interface queue type while its managed by capsman.
One the cAP, use (eg) "/queue/type/set wireless-default kind=cake cake-flowmode=dual-dsthost cake-diffserv=diffserv4".

Dan
by DanielJB
Tue Mar 28, 2023 8:08 am
Forum: Wireless Networking
Topic: My experience and issues in hi-density networks at school [SOLVED]
Replies: 75
Views: 13801

Re: My experience and issues in hi-density networks at school [SOLVED]

Very interesting list @DanielJB Can we do better on aggregation? SFQ parameters or other queue type? Lack of good aggregation wastes a lot of valuable air-time. To get more aggregation, one could increase sfq-allot to the aggregation limit, however lack of airtime fairness might be problematic for ...
by DanielJB
Tue Mar 28, 2023 7:43 am
Forum: Wireless Networking
Topic: My experience and issues in hi-density networks at school [SOLVED]
Replies: 75
Views: 13801

Re: My experience and issues in hi-density networks at school [SOLVED]

A few interesting points: 1. I suggest running without adaptive-noise-immunity=ap-and-client-mode since this will trigger radio microcontroller firmware paths presumably when certain conditions are detected by the radio phy (spurs/low SNR or similar); my guess is this will adjust some phy parameter...
by DanielJB
Mon Mar 27, 2023 9:28 am
Forum: Wireless Networking
Topic: My experience and issues in hi-density networks at school [SOLVED]
Replies: 75
Views: 13801

Re: My experience and issues in hi-density networks at school [SOLVED]

For last 4 months I am battling whit WiFi stability issues in our school...cap acs, hap ac2s, wap acs + other cool switching stuff. Firstly, I appreciate you taking the time to document this, since it's worthwhile getting more visibility on some of these issues. I too have been having a challenging...
by DanielJB
Tue Nov 22, 2022 1:05 pm
Forum: General
Topic: Bridge queue on RouterOS 7.6 not working
Replies: 0
Views: 259

Bridge queue on RouterOS 7.6 not working

Is anyone using bridge queues, ie:
/queue/tree/add parent=bridgeLocal queue=default-small max-limit=20M
?

Despite disabling hardware offloads, fast-track, fast-path and related on RouterOS 7.6, I find traffic leaving the bridge isn't limited to 20Mb/s. Anyone find the same?
by DanielJB
Mon Nov 21, 2022 9:52 am
Forum: General
Topic: AQM performance measurements on cAP ac
Replies: 6
Views: 1286

Re: AQM performance measurements on cAP ac

I measured the performance of queuing algorithms on a cAP ac. I used RouterOS 7.6 and modified the default setting which is a basic firewall / NAT router. The WAN and LAN side were wired to computers running Fedora. The test were done with crusader over IPv4. Shapers were set to 1 Gbps. Good info Z...
by DanielJB
Wed Nov 02, 2022 4:02 am
Forum: General
Topic: [7.6] CAP mode fails after custom netinstall
Replies: 0
Views: 274

[7.6] CAP mode fails after custom netinstall

After netinstalling (eg RouterOS 7.6) with a custom script, "/system/reset-configuration caps-mode=yes" or using the reset button to the same effect results in no configuration change. Does the custom script need to be wrapped in a test of the global action variable, like the default scrip...
by DanielJB
Mon Oct 10, 2022 4:20 pm
Forum: General
Topic: cAP CAKE latency challenge
Replies: 3
Views: 786

cAP CAKE latency challenge

Are you up for the challenge? On a cAP ac, netinstalled to RouterOS 7.5 then put into cAP mode (local forwarding, datapath.vlan-id=10), I have these adjustments: /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-vlan=yes /ip firewall mangle add action=set-priority chain=forward ...
by DanielJB
Sat Jul 23, 2022 10:29 am
Forum: Wireless Networking
Topic: CAPsMAN interface scan memory leak and reboot
Replies: 0
Views: 503

CAPsMAN interface scan memory leak and reboot

With RouterOS 7.1 through 7.4, I see a memory leak ultimately causing reboot when performing a CAPsMAN interface scan with 'as-value' on a some radios, eg: :put [/caps-man/interface/scan 5g-ap6-1 as-value] I'm using cAP ac units with a RB5009 and see one processor core get to 100% after ~30s and mem...
by DanielJB
Mon Apr 11, 2022 10:21 am
Forum: Wireless Networking
Topic: WiFi issues with Apple devices since upgrade to 7.1
Replies: 2
Views: 1461

Re: WiFi issues with Apple devices since upgrade to 7.1

Ever since upgrading from 6.x branch to 7.1 I'm having issues with MacOS and iOS devices. Every once in a while, while connected to WiFi, the MacOS and iOS devices would lose internet connectivity. This happens even though the WiFi connection is active and the signal is strong. Quickly disconnectin...
by DanielJB
Mon Apr 11, 2022 10:16 am
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 60
Views: 30212

Re: Country Code [SOLVED]

I know it does that, but even if it does, why wouldn't it connect to a MikroTik device that has a statically set frequency? I have fallen into this hole with more than one site. When MacBook laptops were opened and first saw beacons from access points with misconfigured country code (default US in ...
by DanielJB
Wed Feb 16, 2022 5:19 am
Forum: Wireless Networking
Topic: ROS 7.1.1 and 5GHz WiFi upload problem
Replies: 43
Views: 11181

Re: ROS 7.1.1 and 5GHz WiFi upload problem

Disconnection under heavy could be due to the AP's beacons are held off by the medium being busy for too long; you can do an air capture to confirm this. If more than a few beacons aren't received, say for 400ms, the client will disconnect. For the throughput issues, it would be useful to see the ou...
by DanielJB
Sat Dec 25, 2021 5:59 am
Forum: Wireless Networking
Topic: Should Mikrotik achieve Wi-Fi Alliance certification on popular APs?
Replies: 9
Views: 5144

Re: Should Mikrotik achieve Wi-Fi Alliance certification on popular APs?

Does anyone actually ask for the alliance certification? In my opinion, it is an expensive sticker with no added value. Correct me if i'm wrong, because I have never ever seen one contract that asked for this. It's the right to use a sticker with their logo, nothing else. I believe it all comes dow...
by DanielJB
Fri Dec 17, 2021 7:58 am
Forum: Wireless Networking
Topic: Should Mikrotik achieve Wi-Fi Alliance certification on popular APs?
Replies: 9
Views: 5144

Should Mikrotik achieve Wi-Fi Alliance certification on popular APs?

I've had some larger Mikrotik AP designs based on cAP ac units rejected due to lack of WiFi Alliance certification. Is anyone else of the opinion that it is a win-win for Mikrotik to achieve Wi-Fi certification on their most popular units, ie cAP ac, perhaps hAP ac3? [Sidenote - Mikrotik can get ahe...
by DanielJB
Fri Dec 03, 2021 6:08 am
Forum: Wireless Networking
Topic: CAPsMAN channel optimisation/background frequency-monitor
Replies: 0
Views: 2451

CAPsMAN channel optimisation/background frequency-monitor

When optimising channel selection in larger live CAPsMAN networks, what do Mikrotik experts do? CAPsMAN background interface scan works great, but lists SSIDs rather than channels and their usage. Automatic channel selection doesn't consider adjacent channel interference (see the 802.11n RF mask) or...
by DanielJB
Sat Nov 20, 2021 1:08 pm
Forum: General
Topic: CRS3xx VLAN port isolation switch rule [SOLVED]
Replies: 4
Views: 2212

Re: CRS3xx VLAN port isolation switch rule [SOLVED]

The solution was retrospectively obvious; override the destination port to the trunk port(s):
/interface ethernet switch rule add switch=switch1 vlan-id=10 ports=ether1,..,ether48 new-dst-ports="sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4"
by DanielJB
Wed Nov 17, 2021 4:57 pm
Forum: General
Topic: CRS3xx VLAN port isolation switch rule [SOLVED]
Replies: 4
Views: 2212

CRS3xx VLAN port isolation switch rule [SOLVED]

Did anyone achieve hardware per-VLAN port isolation on a CRS 3xx? For example, to isolate unicast and broadcast layer 2 traffic on VLAN 10 among the RJ45 ethernet (access) ports, thereby allowing it to the SFP/QSFP (trunk) ports, we'd use something like: /interface ethernet switch rule add switch=sw...
by DanielJB
Wed Nov 17, 2021 3:50 pm
Forum: Wireless Networking
Topic: CAPsMAN and interface packets and retries (CCQ)
Replies: 1
Views: 2393

CAPsMAN and interface packets and retries (CCQ)

With CAPsMAN, there is no way to monitor interface load and retries (CCQ) at present. I propose submitting a v7 feature request to add /caps-man interface 'packets' and 'retries' fields, cumulative since interface-up. The same data could give a 10 second CCQ retry percentage. This would allow monito...
by DanielJB
Wed Nov 17, 2021 11:32 am
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 208
Views: 101766

Re: Future of LTE products, user feedback requested

For new product development (ie >9 months), 5G capability would be class-leading due to latency and jitter reduction; drop GPRS and 2G. Above all, please help engineer just enough buffering at each layer to cover internal latency, so queuing happens in the Linux kernel queuing discipline; this allow...
by DanielJB
Fri Nov 12, 2021 9:10 am
Forum: RouterOS beta
Topic: some quick comments on configuring cake
Replies: 285
Views: 102337

Re: some quick comments on configuring cake

Hi Dave (dtaht), Firstly, it's a testament to Mikrotik to see key developers such as yourself posting in the forums; secondly, your fine work on CAKE and related has made a global contribution to virtually everyone using the internet, so hats off! > A modern version of cake has support for the new d...
by DanielJB
Fri Sep 03, 2021 9:27 am
Forum: Wireless Networking
Topic: WiFi and VLANs...VLAN filtering, MSTP or not?
Replies: 1
Views: 1062

WiFi and VLANs...VLAN filtering, MSTP or not?

From time to time, in a simple network of router-switch-APs with VLANs, I am seeing layer 2 issues on RouterOS 6.47.10. DHCP replies are reaching a bridge, but not being transmitted on the port the DHCP request was received on; the bridge host entry correctly points to that port. VLAN filtering is e...
by DanielJB
Thu Dec 10, 2020 4:51 am
Forum: RouterOS beta
Topic: v7.1beta3 [development] is released!
Replies: 261
Views: 79164

Re: v7.1beta3 [development] is released!

I love the new features. Netinstalled routeros 7.1beta3 to an Audience LTE6 and I haven't had any downtime with it acting as a Wave2 WPA2/3 AP with CAKE traffic shaping :) With Wave2, I find one processor core saturates at ~300Mb/s over WiFi: /tool/profile Columns: NAME, USAGE NAME USAGE ethernet 0....
by DanielJB
Tue Dec 08, 2020 4:48 am
Forum: RouterOS beta
Topic: v7.1beta3 [development] is released!
Replies: 261
Views: 79164

Re: v7.1beta3 [development] is released!

Fantastic work Mikrotik! CAKE and Wave2 are both a big deal; I am very excited. Looking forward to Mikrotik adding testcases to your automated testing, so your users can detect only more complex cases. The resulting user feedback would then help Mikrotik progress their automated regression testing a...
by DanielJB
Mon Jun 08, 2020 5:25 pm
Forum: RouterOS beta
Topic: RouteOS v7beta8 vs RB4011iGS+5HacQ2HnD-IN
Replies: 2
Views: 1718

RouteOS v7beta8 vs RB4011iGS+5HacQ2HnD-IN

With netinstall 6.47, routeros-7.0beta8-arm.npk installs fine but router fails to boot from flash, so always etherboots.

With netintall 7.0beta8, routeros-7.0beta8-arm.npk transfers fully but gives "_open() package failed: The system cannot find the path specified. (3)".
by DanielJB
Wed Mar 11, 2020 3:23 pm
Forum: RouterOS beta
Topic: RB4011iGS+5HacQ2HnD-IN: 5 GHz "initializing"
Replies: 9
Views: 9742

Re: RB4011iGS+5HacQ2HnD-IN: 5 GHz "initializing"

I confirm no beacons are broadcast on the 5GHz radio on RB4011 with RouterOS 7b5.
by DanielJB
Wed Oct 23, 2019 8:05 am
Forum: General
Topic: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem
Replies: 22
Views: 20995

Re: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem

Also, please note that you will need
/ip settings set allow-fast-path=no
for queuing to work as you expect here.
by DanielJB
Thu Oct 17, 2019 5:41 pm
Forum: General
Topic: Simple Queue problem for Bridge/PPPoE Users
Replies: 5
Views: 6055

Re: Simple Queue problem for Bridge/PPPoE Users

I found disabling fast-path was the solution to get simple queues working:
/ip settings set allow-fast-path=no
by DanielJB
Mon Sep 23, 2019 1:13 pm
Forum: Wireless Networking
Topic: [SOLVED] WMM giving terrible throughput
Replies: 8
Views: 6905

[SOLVED] Re: WMM giving terrible throughput

When packets get a priority between 1 and 7, which maps to a WMM traffic class (eg with [1]), I can't get transmit more than 20-25Mbits/s UDP [2,3] shared to all clients. If I set the priority to 0 (or disable the rule), I get 440Mbits/s. ... The WMM enabled/disabled setting on the wlan interface d...
by DanielJB
Tue Jun 11, 2019 10:37 am
Forum: RouterBOARD hardware
Topic: RB4011: wlan1 disabling itself [SOLVED]
Replies: 307
Views: 176459

Re: RB4011: wlan1 disabling itself [SOLVED]

I have seen this for the first time in a couple of months with an RB4011-WiFi. Taking and decoding a supout, the kernel logs show: 2019.06.11-07:16:38.42@3: ath_beacon_tasklet: busy, reset 2019.06.11-07:16:38.42@3: ath_reset 2019.06.11-07:16:38.42@3: qca9984_tx_disable: timeout 2019.06.11-07:16:39.7...
by DanielJB
Wed May 15, 2019 6:19 pm
Forum: RouterBOARD hardware
Topic: RB4011: wlan1 disabling itself [SOLVED]
Replies: 307
Views: 176459

Re: RB4011: wlan1 disabling itself [SOLVED]

I received my RB4011 last friday. Very happy with the design of the device. I use it as a replacement for my RB2011 which has been running perfectly for about 5 years. I backupped the running config of the RB2011, and selectively imported this script to the RB4011. Everything seemed to be running f...
by DanielJB
Wed May 15, 2019 5:33 am
Forum: Wireless Networking
Topic: Mikrotik WLAN & CAPsMAN - Bad download perfomance
Replies: 47
Views: 16526

Re: Mikrotik WLAN & CAPsMAN - Spatial stream perfomance issue

The 40-60% processor load in your wAP ac is an average. Due to latency at various internal points (wireless microprocessor, kernel scheduler, hardware interrupts), the wAP ac processor is a limiting factor here. As the MIPSBE SoC is older and cost-optimised, some of the internal datapaths may be a b...
by DanielJB
Wed May 15, 2019 4:57 am
Forum: Wireless Networking
Topic: Sequentially increasing ping problem
Replies: 5
Views: 1950

Re: Sequentially increasing ping problem

This is behaviour on the shared media, however we need to understand if it is expected behaviour or not. You need to capture a trace using '/interface wireless sniffer', using another radio of the same generation configured on the same frequency and channel width, and interpret the trace according t...
by DanielJB
Wed May 08, 2019 10:08 am
Forum: Wireless Networking
Topic: CAPsMAN and CAP AC2 - 5Ghz stops working without any log message
Replies: 23
Views: 8592

Re: CAPsMAN and CAP AC2 - 5Ghz stops working without any log message

I am seeing the same issue with cAP ac2 and hAP ac2, and have an open support case with Mikrotik for ~10 months. We see SSID beacon frames (among other management frames) aren't transmitted for up to 10 seconds - this evidently occurs due to a compatibility issue with certain 5GHz clients (smartphon...
by DanielJB
Sun Mar 31, 2019 3:02 pm
Forum: General
Topic: SSH output truncated
Replies: 10
Views: 5298

Re: SSH output truncated [solved]

I believe this has been fixed 1 day after reporting it with the reproducer, wow!
What's new in 6.45beta22 (2019-Mar-29 08:37):
*) ssh - fixed multiline non-interactive command execution;
by DanielJB
Thu Mar 28, 2019 12:07 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 632131

Re: Feature requests - SSH autologout for security

For more security, automatically logging out after the SSH session was idle eg for 10 minutes would be great! I see that feature on some systems but frankly I just find it irritating (session has been logged out when you come back to it after studying how to solve some issue), and frankly I don't s...
by DanielJB
Thu Mar 28, 2019 8:27 am
Forum: General
Topic: SSH output truncated
Replies: 10
Views: 5298

Re: SSH output truncated

This has been impacting me for some time too. I found a way to reproduce it from Linux: $ while :; do ssh admin@demo.mt.lv /ip firewall filter print | wc -l; done 220 220 220 220 220 220 93 220 220 The block buffering in non-interactive mode exposes a bug which isn't seen in interactive SSH sessions...
by DanielJB
Thu Mar 28, 2019 4:42 am
Forum: General
Topic: Feature requests
Replies: 1740
Views: 632131

Re: Feature requests - SSH autologout for security

For more security, automatically logging out after the SSH session was idle eg for 10 minutes would be great!

On my Unix systems, I set TMOUT for root in a similar way.
by DanielJB
Wed Mar 27, 2019 1:47 pm
Forum: RouterBOARD hardware
Topic: RB4011 WiFi showing only 3 chains [SOLVED]
Replies: 5
Views: 2506

Re: RB4011 WiFi showing only 3 chains

The issue is resolved in 6.45beta20.
by DanielJB
Wed Mar 20, 2019 12:57 pm
Forum: RouterBOARD hardware
Topic: RB4011 WiFi showing only 3 chains [SOLVED]
Replies: 5
Views: 2506

Re: RB4011 WiFi showing only 3 chains

Thanks lipo. Can you check on RouterOS 6.44.1? It may be that Mikrotik removed the updated WiFi driver as on 6.44.1, I still see: /interface wireless registration-table print stats 0 interface=wlan1 mac-address=B0:23:43:F0:CA:09 ap=no wds=no bridge=no rx-rate="526.5Mbps-80MHz/2S" tx-rate=&...
by DanielJB
Wed Mar 20, 2019 12:51 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 632131

"/interface ppp-client at-chat" wait missing

It is extremely useful to use the 'wait' parameter in "/interface lte at-chat" eg wait=yes.

Please can it be added for "/interface ppp-client at-chat" also as is missing?
by DanielJB
Sun Mar 10, 2019 1:44 pm
Forum: RouterBOARD hardware
Topic: RB4011 WiFi showing only 3 chains [SOLVED]
Replies: 5
Views: 2506

Re: RB4011 WiFi showing only 3 chains

Yes, using RouterOS 6.44.
by DanielJB
Sat Mar 09, 2019 4:08 pm
Forum: RouterBOARD hardware
Topic: RB4011 WiFi showing only 3 chains [SOLVED]
Replies: 5
Views: 2506

RB4011 WiFi showing only 3 chains [SOLVED]

Does anyone else with a RB4011 WiFi variant on RouterOS 6.44 find stats shows only strength from only 3 out of 4 chains for the 5GHz radio, ie no signal-strength-ch3, despite rx-chains and tx-chains being set to 0,1,2,3? /interface wireless registration-table print stats 0 ... signal-strength-ch0=-7...
by DanielJB
Thu Nov 01, 2018 7:47 am
Forum: Wireless Networking
Topic: [SOLVED] WMM giving terrible throughput
Replies: 8
Views: 6905

[SOLVED] WMM giving terrible throughput

Chaps, When packets get a priority between 1 and 7, which maps to a WMM traffic class (eg with [1]), I can't get transmit more than 20-25Mbits/s UDP [2,3] shared to all clients. If I set the priority to 0 (or disable the rule), I get 440Mbits/s. I see the same to a range of 11ac clients, 5m from AP....
by DanielJB
Thu Jun 28, 2018 2:55 pm
Forum: General
Topic: How to exclude two ports in /toool sniffer?
Replies: 1
Views: 823

How to exclude two ports in /toool sniffer?

I find '/tool sniffer quick interface=ether1 port=!80,!443' doesn't exclude both port 80 and 443. Does anyone know the correct approach?
by DanielJB
Mon Jun 11, 2018 5:21 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 632131

Tuneable wireless keep-alive interval

By default, RouterOS pings all idle wireless clients every 60s. With many associated clients over a larger area (therefore low bitrates) with 1-2 active at any given time, network efficiency is reduced and client battery life is reduced. Disabling keepalive-frames causes issues wherein clients are l...
by DanielJB
Tue May 15, 2018 4:48 am
Forum: RouterBOARD hardware
Topic: hAP AC2 Wrong Setup Instructions
Replies: 9
Views: 6534

Re: hAP AC2 Wrong Setup Instructions

Keep in mind that the 5GHz radio will go into radar-detection mode for ~60s once RouterOS is booted.

There is very likely some first-boot scripts that run that add to this, including SSH key generation; this was deferred until first SSH connection in later RouterOS versions.
by DanielJB
Mon Apr 30, 2018 11:53 am
Forum: Wireless Networking
Topic: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi
Replies: 304
Views: 153213

Re: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi

1. where there is spectral congestion (eg 2.4GHz networks), I suggest using hw-protection-mode=cts-to-self and hw-protection-threshold=200 (to keep overhead low on TCP ack packets) 2. hw-protection-mode=rts-cts has higher overhead but may give better client->AP throughput if the AP transmit power is...
by DanielJB
Thu Apr 12, 2018 9:44 am
Forum: Announcements
Topic: Dual band AP for home use, SSID same or different?
Replies: 62
Views: 53312

Re: Dual band AP for home use, SSID same or different?

Owing to the lack of RouterOS band steering, I have consistently found the optimal solution is for the 2.4GHz radio to have SSID eg "Mikrotik" and the 5GHz radio to have SSIDs eg "Mikrotik" and "Mikrotik 5G", catering both for people who want simplicity and those who wa...
by DanielJB
Fri Mar 30, 2018 8:05 am
Forum: General
Topic: X86_64 ROS - 64bit Mikrotik [SOLVED]
Replies: 92
Views: 72954

Re: X86_64 ROS - 64bit Mikrotik [SOLVED]

there is a reason why RouterOS on x86 supports only 2GB - the speed of memory addressing. With high/low setups you would lose 5 to 10% of performance. The cost of PAE is way lower on modern x86 processors, since they have such large TLBs (as are optimised for much larger datasets with 4KB pages), a...
by DanielJB
Tue Mar 27, 2018 1:26 pm
Forum: Wireless Networking
Topic: Type of equipments (AP) needed for hotspot over 1000 users?
Replies: 11
Views: 8876

Re: Type of equipments (AP) needed for hotspot over 1000 users?

I have a project to create a free hotspot for approximately 1500 simultaneous users and would like to create it using Mikrotik but, can't find 2.4Gghz external AP to deploy using CapsMan. I don't want to use another vendor. The idea is to use about 10-20 ap (meshed) and use radius server with maybe...
by DanielJB
Fri Mar 16, 2018 11:45 am
Forum: Announcements
Topic: Securing your device is important
Replies: 50
Views: 42656

Re: Securing your device is important

One of the first steps I take when deploying Mikrotik kit, is generating a local certificate, signing it locally and enabling HTTPS with it, disabling HTTP. This gives the same level of protection that SSH affords. True, but that protection is absolutely zero. It only protects you against people sn...
by DanielJB
Fri Mar 16, 2018 11:22 am
Forum: Announcements
Topic: Securing your device is important
Replies: 50
Views: 42656

Re: Securing your device is important

One of the first steps I take when deploying Mikrotik kit, is generating a local certificate, signing it locally and enabling HTTPS with it, disabling HTTP. This gives the same level of protection that SSH affords. It would be a step forward if this was done at first boot. Clearly the chain of trust...
by DanielJB
Thu Feb 09, 2017 5:01 am
Forum: Wireless Networking
Topic: Inter-AP isolation [expert question]
Replies: 1
Views: 985

Inter-AP isolation [expert question]

Anyone have any experience in isolating multiple APs in the same broadcast domain? Eg say you have two APs on an switch without port isolation capability, which also connects to the router I guess one could use bridge filtering in the forward chain with a MAC address whitelist, but this is difficult...
by DanielJB
Tue Jan 31, 2017 5:33 am
Forum: General
Topic: Removing port number from CLI rule
Replies: 2
Views: 1121

Removing port number from CLI rule

Does anyone know how to modify rules eg in /ip firewall filter: chain=forward action=accept connection-state=new dst-address=10.1.1.62 protocol=tcp port=500 src-mac-address=aa:bb:cc:dd:ee:ff to: chain=forward action=accept connection-state=new dst-address=10.1.1.62 protocol=tcp src-mac-address=aa:bb...
by DanielJB
Sat Jan 21, 2017 5:36 pm
Forum: General
Topic: v6.38.1: Last Link Up/Down Time 2035
Replies: 3
Views: 2981

v6.38.1: Last Link Up/Down Time 2035

Chaps,

Does anyone else get whacky wireless link last up/down time with 6.38.1?

Last Link Down Time Dec/25/2035 21:34:28
Last Link Up Time Dec/25/2035 21:34:32

'/system clock print' shows the right date and time.
by DanielJB
Tue Jan 03, 2017 12:31 pm
Forum: General
Topic: split-horizon & local-proxy-arp
Replies: 1
Views: 1865

Re: split-horizon & local-proxy-arp

local-proxy-arp was added in RouterOS 6.38
by DanielJB
Tue Jan 03, 2017 5:34 am
Forum: Wireless Networking
Topic: Filtering traffic between wireless clients
Replies: 5
Views: 3834

Re: Filtering traffic between wireless clients

I was trying to achieve the same. Packets coming in on a bridge port are prevented going out on the same port. On linux (which RouterOS is based upon), bridges support 'hairpin' mode [1] (don't confuse with hairpin NAT), which would allow filtering between devices on the same AP/interface, but Route...
by DanielJB
Thu Dec 29, 2016 4:23 am
Forum: Wireless Networking
Topic: Wifi keeps mobile device awake? [keepalive packets]
Replies: 81
Views: 42361

Re: Wifi keeps mobile device awake? [keepalive packets]

I would say it's worthwhile trying to: - disable STP on all bridges (and hardware switch chip STP if enabled on certain models) - increase DHCP lease time to eg 4h - ensure group-key-update is eg 1h - disable keepalive-frames It's just a pity we can't adjust beacon frequency and DTIM: http://forum.m...
by DanielJB
Wed Dec 28, 2016 11:20 am
Forum: General
Topic: ^W CLI support
Replies: 0
Views: 1057

^W CLI support

In Unix systems SSH sessions, I use Ctrl-W all the time to delete the last word; it is really practical, but not implemented in RouterOS.

Can Mikrotik implement this simple enhancement for RouterOS? It does save time in the CLI.
by DanielJB
Wed Dec 28, 2016 11:17 am
Forum: Wireless Networking
Topic: Optimal RTS/CTS protection threshold (~500?)
Replies: 0
Views: 1614

Optimal RTS/CTS protection threshold (~500?)

In noisy network environments with many clients, I generally enable RTS/CTS protection for packets larger than 500 bytes [1], and find it very beneficial. I believe because other stations and APs on other SSIDs sharing the same channel also wait. The probability of collision is smaller with smaller ...
by DanielJB
Wed Dec 28, 2016 10:57 am
Forum: General
Topic: Wireless beacon interval and DTIM missing
Replies: 24
Views: 14397

Wireless beacon interval and DTIM missing

I think it is reasonable to be able to tune the wireless beacon interval and DTIM.

I my case, a 200ms beacon interval and DTIM count of 1 would be more optimal than the defaults.

Anyone else missing this feature with other basic APs feature?
by DanielJB
Fri Dec 23, 2016 5:50 pm
Forum: General
Topic: Invitation to FOSSASIA Open Tech Summit 2017, Mar 17 - 19
Replies: 0
Views: 763

Invitation to FOSSASIA Open Tech Summit 2017, Mar 17 - 19

Dear Mikrotik specialists, Since Mikrotik routers are based on GNU/Linux, I would like to invite any specialists using Mikrotik or in related network or routing fields to join the next FOSSASIA Open Tech Summit which will take place at the Science Centre Singapore, from March 17 to March 19, 2017. T...
by DanielJB
Mon Jun 20, 2016 3:14 pm
Forum: General
Topic: netInstall on CRS125 failure
Replies: 1
Views: 1149

Re: netInstall on CRS125 failure

I get this output from netinstall: recv bytes: 300 opcode: 1 htype: 1 hlen: 6 hops: 0 xid: 6b6e15f0 secs: 40 unused: 0 ciaddr: 0.0.0.0 yiaddr: 0.0.0.0 siaddr: 0.0.0.0 giaddr: 0.0.0.0 chaddr: 4c:5e:c:96:23:c6: sname:  (64) file:  (128) cookie: 63538263 35  01  03  3d  07  01  4c  5e  0c  96  23  c6  ...
by DanielJB
Mon Jun 20, 2016 6:19 am
Forum: General
Topic: netInstall on CRS125 failure
Replies: 1
Views: 1149

netInstall on CRS125 failure

I've been consistently unable to netinstall a CRS125 with 6.35.4 or 6.36rc28. I see the DHCP packets from the CRS arrive on the only network interface, but even after all the usual tricks (disable firewall, IP address assignment etc), netinstall doesn't reply. I have tried on two Windows 10 systems,...
by DanielJB
Mon Jun 20, 2016 6:04 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 169346

Re: Feature Req: IKEv2 server and client

I am also waiting for IKEv2 support from MikroTik, but caught between deploying EdgeRouters with IKEv2 or L2TP+IPSec on Mikrotik.
by DanielJB
Sat Apr 16, 2016 5:57 am
Forum: General
Topic: [6.34.4] USB disk poor performance (and solution)
Replies: 0
Views: 871

[6.34.4] USB disk poor performance (and solution)

While checking why USB disk performance on RouterOS 6.34.4 is so bad, I found ext3 format is default, and the partition is bady misaligned, so causes write amplification: # fdisk -l /dev/sdb Disk /dev/sda: 14.9 GiB, 16013942784 bytes, 31277232 sectors Units: sectors of 1 * 512 = 512 bytes Sector siz...
by DanielJB
Fri Apr 15, 2016 10:45 am
Forum: General
Topic: Feature request: AES-NI instruction set for x86 RouterOS
Replies: 15
Views: 7393

Re: Feature request: AES-NI instruction set for x86 RouterOS

It seems likely AES-NI instruction support will be available when Mikrotik do a 64-bit x86 build. AES-NI aside, we'd see a 15% performance increase (due to correspondingly higher IPC), which is important on low-end Atom boxes.
by DanielJB
Fri Apr 15, 2016 9:20 am
Forum: RouterBOARD hardware
Topic: HAP AC faulty seriers - very poor LAN performance? (switch problem)
Replies: 77
Views: 35960

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

Using another USB to Ethernet adapter with the Realtek RTL8153 chip (Dell "USB-C to Ethernet adapter"), I see wire-speed in both directions.

This correlates that the issue is a phy setup/programming issue.
by DanielJB
Wed Apr 06, 2016 5:17 am
Forum: RouterBOARD hardware
Topic: HAP AC faulty seriers - very poor LAN performance? (switch problem)
Replies: 77
Views: 35960

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

I have been experiencing the same issue on the excellent hAP ac and have found: - the low bandwith (17-57Mb/s) varies with temperature - it occurs with certain ethernet phys and not others - when it occurs, I see receive issues, suggesting the root cause is the transmit from the QCA8337 switch chip ...
by DanielJB
Wed Apr 29, 2015 8:18 am
Forum: General
Topic: CRS125 MAC-based-VLAN default VLAN
Replies: 1
Views: 1211

CRS125 MAC-based-VLAN default VLAN

MAC-based-VLAN (/interface ethernet switch mac-based-vlan) works great on my CRS125.

Where packets don't match an FDB entry, is it possible to assign a default VLAN?

Thanks!
Daniel
by DanielJB
Thu Jun 19, 2014 6:53 am
Forum: RouterBOARD hardware
Topic: RB953GS-5HnT announcement and 11ac
Replies: 3
Views: 2537

RB953GS-5HnT announcement and 11ac

Hi guys, Since the new RB953GS-5HnT is a single-chip QCA9558 solution, it supports 3-chain 802.11n at 5GHz: http://routerboard.com/RB953GS-5HnT In many access points, the QCA9880 chip is paired with this to give 3-chain 5GHz 11ac, and clearly when Mikrotik supports it on a mini-PCIe card, we can upg...
by DanielJB
Fri Jun 06, 2014 9:37 am
Forum: RouterBOARD hardware
Topic: Release date for CRS-226-24G-2S+RM?
Replies: 3
Views: 2069

Re: Release date for CRS-226-24G-2S+RM?

Been waiting to purchase this rackmount variant also and was told by support "in May"; seems a near-perfect product once L3 switching is available in RouterOS 6.14/15 or 7...
by DanielJB
Mon Mar 31, 2014 10:15 am
Forum: RouterBOARD hardware
Topic: CRS layer-3 switching questions
Replies: 0
Views: 1349

CRS layer-3 switching questions

I'm looking at getting a CRS226-24G-2S+RM for layer 3 switching between VLANs. Will L3 switching work if: 1. some connections are NAT'd out of one port (used for an external internet connection)? 2. there are firewall rules allowing only certain protocols and ports between VLANs? Also: 3. how would ...
by DanielJB
Sat Mar 22, 2014 11:50 am
Forum: General
Topic: Enable TCP ECN for bandwidth efficiency
Replies: 14
Views: 8353

Re: Enable TCP ECN for bandwidth efficiency

Indeed. With a significant number of competing TCP flows, Zheng and Kinicki demonstrate a 15% improvement in goodput (ie useful TCP segments, flow efficiency) through an ECN-capable router, page 15: http://web.cs.wpi.edu/~rek/ISCC02talk.ppt Anyway, let me know if anything more is needed to submit th...
by DanielJB
Thu Mar 20, 2014 7:48 am
Forum: General
Topic: Enable TCP ECN for bandwidth efficiency
Replies: 14
Views: 8353

Enable TCP ECN for bandwidth efficiency

We need a way to enable TCP Explicit Congestion Notification on RouterOS, so when eg TCP tunnels are established, we will get the increase in efficiency and reduction in packet loss. The current linux default is to accept ECN, but not request it when initiating connections. Thus, we need a config op...
by DanielJB
Thu Mar 20, 2014 4:46 am
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 125497

Re: Feature request: OpenVPN compression LZO and UDP

+1 I suspect that OpenVPN LZO compression isn't offered the due to the compression time for the MIPS processors in the most of the MikroTik routers. I'd expect ~50Mbits/s max, as we see around 200Mbit/s on an ARM Cortex-A9: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b0...
by DanielJB
Sat Dec 28, 2013 10:47 am
Forum: General
Topic: proxy webcache slowdown and ext3
Replies: 0
Views: 1354

proxy webcache slowdown and ext3

Normis, Chupaka,

RouterOS 6.7 uses ext3 on internal stores; this is known to have poor lookup scaling as many files are present in directories, and thus may be a significant factor in the RouterOS proxy webcache slowdown observed.

What is the rationale on not using ext4?
by DanielJB
Wed Dec 11, 2013 8:22 am
Forum: General
Topic: webcache performance degradation
Replies: 0
Views: 1716

webcache performance degradation

I see an interesting slowdown in webcache speed as it fills up eg to 1GB from 8GB, as tested with RouterOS v6.6 on a RB951G with a 'fast' USB3 stick (obviously operating at USB2 speed; it can maintain 75MB/s read and 18MB/s write). The slowdown manifests as large latency spikes of 1000-4000ms, which...
by DanielJB
Sun Aug 18, 2013 8:22 pm
Forum: General
Topic: 6.1/6.2 webproxy 'connection reset'
Replies: 0
Views: 1897

6.1/6.2 webproxy 'connection reset'

When running a caching webproxy on the excellent RB951G [1] with RouterOS 6.2, when the cache starts filling up (eg 1GB of data), I see a significant rate of 'connection reset by peer' messages in browsing sessions, around 5-10% of the time. This affects HTTP GETs, but worse HTTP POST, so form infor...
by DanielJB
Mon Jul 15, 2013 8:39 am
Forum: General
Topic: Request: Interface hardware queue length
Replies: 0
Views: 1146

Request: Interface hardware queue length

Hardware packet queues can introduce significant latency below Mikrotik's QoS queuing; this is particularly problematic for wireless interfaces where eg >1000ms delays can be introduced on congested networks. Linux exposes an ioctl (SIOCSIFTXQLEN) to control queue length or eg via: ifconfig eth0 txq...
by DanielJB
Mon Jul 15, 2013 8:10 am
Forum: General
Topic: per-flow SFQ causes DoS
Replies: 0
Views: 1269

per-flow SFQ causes DoS

At present, there is no way to specify the type of flow hashing used in Stochastic Fair Queuing. The flow hash is constructed from source-IP + port and dest-IP + port, with round-robin dequeuing. This gives per-flow (eg TCP session) fairness, so one host with 20 TCP connections can starve the other ...