MikroTik

erlinden

Did you use the correct reset procedure?
https://wiki.mikrotik.com/wiki/Manual:Reset

erlinden

I prefer to start without configuration. In your case: create bridge (and add dhcp-client), add all interfaces and configure wireless. That's basically it...

erlinden

You have to think in days. In your case on friday from 8:00:00 till 23:59:59 an don saturday from 0:00:00 till 2:00:00. You can set the unlimited rate to the entire day and add the hours were the rate limit is not set. I didn't block Internet entirely, instead introduced rate limit (of 64k). This wa...

erlinden

Perhaps we can have a look at your config (/export hide-sensitive file=config)?
Sometimes we can advice some optimizations/improvements...

erlinden

I swear to god there wasn't. I'm so embarrassed now ffs. I should've stayed with Ruckus unleashed or ubiquiti.

I absolutely fully disagree...but choosing the correct product is necessary.

erlinden

My suggestion would be:

don't use ftp server, use ftps
get a dedicated server (as I assume you want to abuse a MikroTik device for this purpose)

erlinden

@Discmandj: can you please share your config /export hide-sensitive file=config
@kretzu77: works on my machine

erlinden

To start with...show your config: /export hide-sensitive file=router

Though being in Dutch (or Belgian if you wish), this sample might give you a good direction:
https://www.wirelessinfo.be/mikrotik-vl ... figuratie/

erlinden

In addition to santyx32, it is not device or MikroTik related, this is standard behavior.

erlinden

Okay, but, where are your IP addresses? Also, you are referring to MGMT interface in your config but I can't see where you create it. IP address is received by the DHCP client. The MGMT interface is a interface VLAN. By leaving the switch1-cpu out of the switch vlan no management traffic was possib...

erlinden

Found out that I was missing the switch1-cpu added as tagged port, herewith the full config. This config contains: ether1 - trunk (VLAN50/51/52) ether2 - accessport (VLAN50) ether3 - accessport (VLAN50) ether4 - accessport (VLAN50) ether5 - trunk (VLAN50/51) ether6 - trunk (VLAN50/51) ether7 - acces...

erlinden

Config would be helpful: /export hide-sensitive
At what speed are the pc and tv connected?

And...agree with pe1chl

erlinden

I'll give it a try later tonight, thank you very much for your help @thekinrar!

erlinden

No, no IP address yet. How would I do that (specifically: how can I assign an IP address on the VLAN)?

erlinden

Thanks @thekinrar, unfortunately this was left in the configuration. It does not affect it, as ether3 is the only connection I can use to manage. If I use any other (access) port it won't work.

erlinden

Just finished completing my network with VLAN's, everything changed to VLAN networks. I chose HOME (50), GUEST (51) and VIDEO (52). VLAN filtering makes my CRS112 peak on CPU, seems that there is a better way: https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples#Example_1_.28Tru...

erlinden

I thought that any 5GHz supporting device is able to communicate on channels 36 - 48. Only DFS channels (and sometimes 149 and above if applicable in selected country) gives problems sometimes. But...please correct me if I'm wrong.

erlinden

And again, someone must start telling the painful truth about Mikrotik wifi issues and warn others. Your fannboy attitude proves, that I'm on the right track. I guess sooner or later some fannboy will kick me out of this forum, but again, this proves, that I'm on the right track, telling the painfu...

erlinden

A sportscar requires better driving skills. How I know...? Never seen a sticker on those as well

In the end...it all comes down to fulfilling requirements. And mine are fulfilled by MikroTik (though Unifi was giving me higher speeds).

erlinden

I have spend a lot of time on the UBNT forum, mostly helping others. I think that forums in common are the best resource for solving problems. Especially because you get support from a community. And not only the community, there are some MikroTik employees giving good information as well. I believe...

erlinden

@ksuuk, it is obvious that you are disappointed in MikroTik. And I agree on some points. But, my experience and expectations differs from yours a lot: getting a decent 450Mbps through iperf on my Dell laptop (from a cAP AC). Besides, it outperforms UBNT on stability...a lot (have been using UAP-AC-L...

erlinden

Couple of things:

Upgrade the cAP ac's to at least latest LTS or 6.46.6
Follow the Wiki, currently your cAP ac's are not managed by CAPsMAN: https://wiki.mikrotik.com/wiki/Manual:S ... sMAN_setup

Tweaking can be done later (as the Wiki is a bit outdated)

erlinden

Were v6.46.6 and 6.47beta53 re-released today? Why?

For the v6.46.6 the date was "Tue Apr 28, 2020 1:03 pm", why re-released?

erlinden

In my opinion bandsteering is very much overrated, especially because: - In the WiF spoecifications it was never mentioned/described and therefor manufactures all have their own implementation (and they don't work as good as you might think) - All modern devices (Android/iOS/Windows/etc.) will prefe...

erlinden

Or better, use a VPN server for additional security (together with address list for allowed VPN IP's).

erlinden

Other option (don't know if the above will work) is to add a DHCP client. Or add an IP address manually (and set the gateway/DNS servers)). Think is required to make the update work.

erlinden

Please start by sharing your configuration: /export hide-sensitive
Besides...Canon has a lot of printers...model would be useful.

erlinden

Forget about DMZ, it will definitely weaken your security. You might want to consider using VLAN's to prevent your webserver from being able to connect with your private network. Add a hairpin NAT and you will be able to access your server on port 80 and 443. Only thing you have to think of is how t...

erlinden

Are both devices connected wirelessly while running iPerf?
In that case, can you at least have one device connected through cable?

erlinden

At what speed is the MB connected? Is it 3x3 capable?

erlinden

Hopefully this is of any use:
viewtopic.php?t=82462

erlinden

You don't want to use PPTP, please use any better option like L2TP over IPSEC.

erlinden

Couple of suggestions:

Turn of a, only use n/ac
Don't use anything other then WPA2-AES
Distance Indoors (if used indoors)
Turn on WMM
Rates: 12/24 (basic) and 12 - 54 (supported)
Choose channel manually
Lower (max) transmission power by 3dB

erlinden

You might want to tweak the transmission power setting. Make sure it is set 'as low as possible'. And just to be sure...channels are set non overlapping?

erlinden

I found this question was moot as the Mikrotik doesn't work very well as a repeater for a non mikrotik device. Mmmm...I have been using my hAP ac Lite as travel router for quiet some time...never had any problems on any wireless network. @TS: I would never combine multiple vendors for my wireless n...

erlinden

MikroTik is great stuff and it requires a learning curve. There community is great and really active. For any user from beginner to master. Good, in regards to your problem: your settings require optimization. Already mentioned by @heidarren there are some basic settings that have to be obeyed. In r...

erlinden

Run cables...always.

erlinden

Besides, please don't use extension channels on the 2G radio. And...do you really need 802.11b support?

erlinden

Couple of (related?) things:

Make sure you are running the same firmware and RouterOS version
Turn down the transmission power, especially on the 2G radio
Don't use extension channels on the 2G radio

erlinden

Could you please share your settings? (/export hide-sensitive)
Did you configure your channel manually?

erlinden

No answer to your initial question, but one thing you have to change: /caps-man security add authentication-types=wpa-psk,wpa2-psk disable-pmkid=yes encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=Security passphrase=12345678 Really really don't use wpa-psk ! Just use wpa2-psk a...

erlinden

I think that any game should be able to run without having to open ports. Only if you run a game server, ports need to be opened (which makes sense). Especially on game consoles some games require open ports and therefor rely on solutions like UPnP. It stinks. Back to the problem...could it be that ...

erlinden

I used to have Unifi, and switched to MikroTik. In my home I have two cAP ac's and outside a wAP ac. I would choose the latter if I would have 3x3 clients, but I don't. So I choose the cAP ac's, the wAP ac I already owned. Though band steering sounds great, it is completely useless if you configure ...

erlinden

At what speed is the device connected (both upstream and downstream)?
Differrence is that in the first scenario (download) the accesspoint is the sender and the device the receiver, in the latter its vice versa.

erlinden

What is the purpose of this switch? Or there any wired devices connected to the switch? Does it work when you only connect the router? I've restored the router to factory defaults and made the setup of wifi, and set IP as 192.168.88.1. DHCP is on. IP of the switch is 192.168.88.2. The address on the...

erlinden

I have same problem too, And i manage to successfully port foward ports for my PC and works now cool, but the problem is what I have and brother too, How to portfoward port 3074 to multiple PC's

You can't (if your public port must be 3074) unless you have multiple public IP addresses.

erlinden

Can you please share your configuration (/export hide-sensitive)?

erlinden

The AP is not configured as AP, but as router. Unless you posted the router export instead of the AP. What I prefer to do in case of configuring as AP: reset with no default configuration create a bridge add all interfaces to that bridge configure wireless (select channel manually either 1/6/11, and...

erlinden

I think you don't have a DDNS problem, but (as RouterOS is telling you) your MikroTik router is behind a NAT router. Therefor, it does not get a public IP address assigned on the WAN interface. Is it correct that the WAN interface of your MikroTik is connected to (i.e.) the ISP modem/router? Or is i...

erlinden

Perhaps you can share the way you have configured it now?

erlinden

No activity on the wireless interfaces as well?

erlinden

You can make x (i.e. 3 or 38) security configurations per SSID (containing the corresponding password of the SSID). Changing a password would be done in a single place.

Can you please explain: starting with 3 accesspoints and changing your question to a situation of 38 accesspoints!?

erlinden

Export a configuration and search for your MAC address. If you can find it, you can delete it.

erlinden

Make three configurations, 1 per accesspoint. That way you can specify a single SSID per accesspoint.
But...why? You are still on the same network (unless client isolation is activated).

What is the purpose? Perhaps the answer is not suitable for your problem...

erlinden

Don't use auto channel, select channels manually by choosing channel 1, 6 or 11 and make sure they are non overlapping. Also take into account other wireless networks in the neighborhood. May I ask...why (still) 2G radios? If you want to increase performance, please change to 5G radios.

erlinden

Thank you for your reply

Good to hear!

erlinden

Don't use auto, specify channel (i.e.) manually.
Rates: basic 12 Mbps, supported: 12/18/24/36/48/54
Country: select yours
Installation: indoors
Security: use aes only

What firmware version are you using? The latest stable is working very good for me.

erlinden

Lease time is configured in the DHCP server. It would surprise me if this is causing the problem.

Can you please share your configuration? Just make sure that there are no passwords in it...

erlinden

Any service you offer to the internet can be compromised. Especially the legacy stuff like PPTP is subject to attacks. As you are a MikroTik user, please consider using IPSEC of LT2P. This is offloaded (depending on your hardware) and supported by any device without the need of additional components...

erlinden

CAPsMAN lags just a few configuration possibilities, but it works great (at least, that is my experience).

erlinden

As also mentioned in the installer: remember to make a backup before you start upgrading. But you probably already know that...

Anything special in your configuration? Why is it still on the current version?

erlinden

Glad to see that more people recommend multiple accesspoints, having a single accesspoint in a house really makes no sense! Besides, MikroTik wireless is incredibly stable. But...you have to do a lot of tweaking and need some knowledge about WiFi. @TS: expectations are incorrect (in my opinion) and ...

erlinden

I would:

- put the PiHole IP address (as only address) in the DHCP options as DNS server
- use a second PiHole if it is required (I'm currently using Docker to host my PiHole) and have that as second DNS server in the DHCP scope
- block all traffic port 53 to the Internet, except for the PiHole(s)

erlinden

Do you have the MikroTik firewall inbetween the LAN connected computers and the server? - it is.

Configure the firewall for allowing access to the webserver.

erlinden

- why port 93? - I'm happy to switch it to 80, not an issue. Well, it requires users to add :93 in the URL. - IIS7...why? Think that version is ancient!? - Because it's what they have at the place i've just started My advice, don't make this a public facing webserver - What Windows version are you ...

erlinden

Could you please telnet to your server IP (from any computer other then the server running the website) on port 93 and check if you get a response? Besides that...a lot of questions: - why port 93? - IIS7...why? Think that version is ancient!? - What Windows version are you running? - Does your Wind...

erlinden

Could you please share you CAPsMAN settings as well? And perhaps your entire cofiguration would be beneficial too.

What is the purpose of giving your wireless interfaces an IP address? And why would you like to have two seperate interfaces the same IP? Are the wireless interfaces part of a bridge?

erlinden

Default wireless configuration is like not really optimized... To get best performance: - use 20MHz bandwidth - choose channel manually, either 2412/2437/2462 (perform a scan to get least used channel) - set encryption on aes-ccm Besides...what are you expecting? And what made you choose the RB2011 ...

erlinden

So you want to have some sort of failover. What makes it different from wired connections?

https://wiki.mikrotik.com/wiki/Load_Balancing#Failover

erlinden

English translation (thanks to Google translate): Hello, i have a problem with my mikrotik rb750gr3 and i need your help. Please help me please. my Mikrotik RB750Gr3 constantly reboots and I don't know what to do. I remind you that this is the second one I buy, the first one did the same thing and i...

erlinden

Is it possible to simulate two test links with a single internet?

With a router in front it is really easy (you might want to consider VLAN's) to simulate two links.

Can I configure two Internet Links as DHCP?

What do you mean by this question?

erlinden

What are you trying to accomplish functionally?

"I want it to act as a client "
Do you want to use a wireless backhaul on the RB?

Roaming is a client decision.

erlinden

VLAN can be configured through datapaths:
https://wiki.mikrotik.com/wiki/Manual:C ... figuration

Can you please share your current configuration so we can supply additional information?

erlinden

And with regards to the wireless part: - cAP ac and wAP ac are the obvious alternatives (the cAP ac has 2 x 2 where wAP ac and AC-Pro have 3x3) - though injectors are supplied, I would use a POE capable switch - CAPsMAN is great! Tuning is some work (learning curve is comparable with Unifi) Remote m...

erlinden

By adding static entries in the DNS server of the MikroTik. Did you do that? These entries will be supplied to the requesting clients locally.

erlinden

Again and Again, don't buy Mikrotik for Wireless, its outdated. Use Mikrotik for routing, ans nothing else.... I switched from Unifi to Mikrotik. Performance is decreased, but stability is increased. Really happy with my choice. Love the ability to configure...everything. Besides, with a well confi...

erlinden

Could you please add the following information:

- devices
- firmware version
- settings

erlinden

the NetMetal AC2 works over 100 km? or has it the same problem like the older AC that we get only about 80 MB throughput ??? no problem with the Old NetMetal AC tested 12.2 kilometers 232mbps TCP Speed....:-) M = Mega m = milli B = Byte b = bit s = seconds Usually throughput is measured in Mbps (i....

erlinden

What is your definition of better? What are the requirements?

erlinden

Interesting as I get these logging entries as well at around 3:00 AM, on a daily base. Does anyone have a clue who is behind these automated attempts?

erlinden

1. Set the Control Channel Width to 20MHz
2. Set Extension Channel to Ceee (for 80MHz) or lower for 40MHz or 20MHz

With these settings you will be able to use ac.

Here is a good read: https://wiki.mikrotik.com/wiki/Manual:C ... nel_Groups

erlinden

Are you trying to make http and winbox available on the WAN interface? Except for the http (hopefully port forwarded to a webserver and not the one integrated in the Mikrotik), I would like to advice you to only use these services locally or make them available through VPN. Can you please post an ex...

erlinden

Can you please post the output of /caps-man export hide-sensitive

erlinden

@mkx: strange indeed...I only tried to add it as channel, didn't try to provision it to a cap.

erlinden

If I try to add channel 5805 in CAPsMAN it works without any problems (country set to Netherlands):

/caps-man channel
name="channel1" frequency=5805 control-channel-width=20mhz band=5ghz-n/ac extension-channel=disabled

erlinden

A Google search gave me this topic:
viewtopic.php?t=100157

erlinden

WiFi is a bit tricky, but can be optimized quiet well (I get around 400Mbps on my cAP ac). Though I use CaPsMAN, it gives a good direction on settings on wireless. I use (which works fine in the Netherlands) these settings: Frequency: 5500 Control Channel Width: 20Mhz Band: 5ghz-a/n/ac Extension cha...

erlinden

Are you missing your routes? (/ip route)

erlinden

First thing I notice is that the CAP doesn't have a bridge configured. If you reset a device to be a Cap it is added. Can you try to set it manually on the Cap and see if it makes a difference? Next I prefer to have the TX power on the 5G band higher than the 2G band, just to have as many devices on...

erlinden

Can you please share your configuration (except for the sensitive information)?
Did you add a DHCP client to the CAP?

erlinden

By not configuring the channel, the channel is automatically configured by RouterOS.

erlinden

You have to create additional configurations (lets call them cfg3 and cfg4). On the datapath of these configurations you can configure the vlan id. Then, on /caps-man provisioning you set slave-configuration to cfg3 and cfg4 Please check: https://wiki.mikrotik.com/wiki/Manual:CAPsMAN_with_VLANs#CAPs...

erlinden

Interfaces are interfaces, whether with cable or wireless. First: You will have to create a virtual interface on one of the two wireless interfaces (depending on what band you want to use) and set is as wireless bridge. You can find a great blogpost on how to use a hAP ac Lite as traveling router: h...

erlinden

Surely, no problem.
You can have multiple configurations and provision the Guest as Slave Configuration. Don't forget to define your VLAN (datapath is a great location).

erlinden

Have you checked if the service is active?

erlinden

Can you please share all your wireless settings?

erlinden

This blogpost was very helpful for me:
https://blog.johannfenech.com/mikrotik- ... pn-server/

erlinden

Might be caused by the wireless settings...how did you configure wireless?

erlinden

Hey. I believe this SSID name. And it can be changed in a router settings in WiFi section.

Would make sense if it was a WiFi adapter.

As far as I know it is a workgroup name (configured on the server).

erlinden

You mean you would like to have an overview of the IP addresses in the registration table as well? In that case, may I ask why?
Or do you mean you want your Caps device to have an IP address? In that case you want to add a DHCP client to the bridge on your Caps device.

erlinden

erlinden

SSH with default credentials (admin/blank). Configuration can be done through cli easily.
Browser option sounds possible, does Apple support InPrivcate browsing? Then you can just start an InPrivate tab.

erlinden

Can you try by using either SSH or Winbox?

erlinden

Reset your device without configuration, and after that:

- create a bridge
- add all interfaces to that bridge
- configure wireless settings
- (optional) add dhcp-client to bridge

erlinden

Roaming with mikrotik is very easy. just add wifi and ethernet in mesh bridge then in any side of APs add WDS, it's romaing you between APs without disconnects.

That will cost some performance as all nodes share the same channel.

erlinden

You can't as there is no ac support on the 2G radio.
https://en.wikipedia.org/wiki/IEEE_802.11

erlinden

Two bands, two independant speeds. I red that by using n/ac on the 5G radio you get better performance. Rates are not fixed and can depend on a lot of sources of interference. You don't have to use quick setup, it can be configured on the wireless interface settings.

erlinden

Try adding on the wireless cap the bridge interface, you don't need to user discovery interface as you are using L3 mode ( you have set up the CapsMan IP )

Exactly this, took me a lot of time to find out...
https://wiki.mikrotik.com/wiki/Manual:C ... CAPsMAN_v2

erlinden

Create a bridge and add both eth1 and eth2 to this bridge.

erlinden

Surely you can...if you create a bridge connection on your PC. But that would require both your PC and the MikroTik running.

The M.T. router is not going to be able to receive a LAN I.P. from the router, only the the PC will.

Not even if you clone the MAC address?

erlinden

Besides the above remarks; make sure that your routers services are not publically available. If you want remote access to your router, please use VPN.

erlinden

Why did he ask this question? And why did he ask you?

erlinden

Can you please explain why you chose PPTP over (i.e.) L2TP IPSEC?

erlinden

Is 6.42.10 the current version you are running? You might want to consider updating.

Besides, would be helpfull if you share your configuration...

erlinden

What were you expecting?

WiFi is a shared medium, and both clients are connected wirelessly. So, I'm not really surprised by the outcome. How did you use iperf, did you use single stream or multiple streams?

In addition, I would always use fixed channels.

erlinden

Assuming you are using port forwards (which is in my opinion not a good option), you can only choose different public ports (translating to the private ports of the cameras.
In my network I only have VPN access from the Internet, any device can be reached on IP address while there is a VPN connection.

erlinden

Still puzzled by your topic, I'll just leave my two cents... wAP 2nD AP is 2G only, don't you want/need 5G (as well)? Why was CAPSMAN refused? Why use different SSID's? Wouldn't it make sense to have a single (and well configured => turn down transmission power) network? Different channels is a must...

erlinden

Did you configure routes?

erlinden

Don't use wpa-psk!

erlinden

Why don't you just resolve your VPN server to your private IP address (of the VPN server) instead of the public IP address? Or connect to the VPN server on (private) IP address? I assume this is only for testing purposes?

erlinden

How did you choose channel 2442? For 2G, only channel 2412, 2437 and 2462 (1, 6 and 11) are non overlapping. Did you perform an RF scan?

erlinden

Can you please share your exact WiFi settings? Even "enterprise" hardware can be miss configured (though I'm not saying you did).

erlinden

Do you have a spare powersupply that you can test with?

erlinden

What is your definition of "the best"?

erlinden

Do you really need your DNS server to be publically available? And the same question for LDAP?

erlinden

Most modern devices will prefer 5G radio over 2G radio. I do have Mikrotik wireless (while travelling) and Unifi (at home). The latter has band steering turned off. Because it doesn't work as smooth as one would expect and by turning down the 2G radio as low as possible all devices connect with the ...

erlinden

both. Need LAN and WIFI

Do you mean by LAN switching (and how many ports?), or is routing also required? Why did you come up with the RB4011 (will do fine in all cases, just not sure wether it is required)?

erlinden

Do you want to use the new devices as routers or as accesspoints. In case the latter, just use the cAP ac, hAP ac2 or Audience (wasn't aware of this new device...).

erlinden

Reset it without default configuration
Create a bridge and add all interfaces to it
Configure wireless settings (SSID/security/channels/transmission power/etc)
Add DHCP client to bridge (or you could leave this step and do configuration based on MAC address)

erlinden

I use my hAP AC Lite as travel router. Mostly using a wireless backhaul. Works perfectly, haven't had problems on connecting to any wireless network yet. So I fully disagree with @mkx (based on my experience).

erlinden

On the 2G radio only channel 1, 6 and 11 have no overlap (depending on country legislation, there could be more channels). Besides 2G has a higher penetration than 5G. To summarize: - lower transmission power to absolute minimum reuirements - select channels to get least interference - on 2G radio o...

erlinden

Do clients get a correct IP address (including gateway and DNS)?
Have you tried configuring the wAP manually instead of through CAPsMAN?
Could it be a regularity thing, because it is used outside (not all 5G channels are allowed to be used outside)?

erlinden

Please connect your Xbox to the cable that connects your house (and currently your TP-Link). Do the problems still occur?

Besides, can you post a tracert forum.mikrotik.com (do you know how to use the command prompt and how to copy from it)?

erlinden

Can you share some configs for those spam and virus rules?

https://www.howtoforge.com/amavisd_post ... ian_ubuntu
https://www.akadia.com/services/postfix_amavisd.html
https://blog.tinned-software.net/setup- ... h-postfix/

(first three hits on Google)

erlinden

Each channel is 20MHz wide, so you do the math. If I remember correct 40MHz is giving less problems...

erlinden

I probably would choose for cAP ac: https://mikrotik.com/product/cap_ac
But it depends on a lot more than being able to broadcast 6 SSID's (this gives overhead...sure you need 6?).
How many concurrent users per radio?
What are the performance requirements?

erlinden

It depends on the set country code (regulations) and channelwidth:

erlinden

Can you please post a /export hide-sensitive?
Assuming this is a serious topic?

erlinden

I prefer to use an internal DNS server to resolve private (internal) IP addresses instead of public IP addresses. This can be easily achieved by adding static entries.

erlinden

Please provide your config (export hide-sensitive).

erlinden

Who says I haven't sent the sup out info in already regarding the crash? You haven't said you did...and it does make sense to give the advice. Based on the information you supplied...this is not normal operation. Could you please share your config (as per requested by Dude2048)? What version are yo...

erlinden

You can have a site-2-site vpn with dynamic IP addresses.
In my situation I used this blog.: https://blog.pessoft.com/2016/05/29/mik ... s-and-nat/

In your case you have to run the script (for updating DDNS) only at the 20 sites.

erlinden

There is a WiKi page on how to upgrade a RB:
https://wiki.mikrotik.com/wiki/Manual:U ... g_RouterOS

I know that 6.45.2 (current stable) works flawless...not sure why the beta isn't.

Upgrading is not without risks. Make sure you have a backup before performing the upgrade.

erlinden

That's strange, especially as this seems to be a (your?) public IP address...
Your provider uses ns0.proxad.net and ns1.proxad.net (212.27.32.2 and 212.27.32.130).

Can you post a /export hide-sensitive please?
What version are you running?

erlinden

Can you show /ip dns print?

WebFig might have an caching thingie...

erlinden

/ip dhcp-client set use-peer-dns=no

(client is 0)

erlinden

Can you please share all hardware included (especially routers involved) and number of clients? To answer your question: it depends. You can switch this into on big network where you don't have to bother about routing. If you want to keep current configuration, your routing has to be done over the w...

erlinden

Can you please show all wireless settings (including security, password is not relevant)? At what speed is the client connected? Is there a line of sight while testing? How are you testing, iperf3 (preferably)? I prefer to avoid using auto: select a channel that is least used. And use WPA2 AES only....

erlinden

First: Reset your device, make sure "No Default Configuration" is checked. Then: - Reconnect (use MAC instead of IP, WinBox will find your device) - Create bridge and add all interfaces - Add DHCP client to your bridge (then your Mikoritk will be accessible through an IP address) - Configure your wi...

erlinden

Can you please share your current settings?

erlinden

Found this topic (have you tried the search option?): https://forum.mikrotik.com/viewtopic.php?t=86734 By selecting Ceee (or any orther 4 digit option) you will get 80MHz channel width. Make sure you select the channel manually ( I totaly dislike the auto option) and turn down tranmission power (sea...

erlinden

I prefer using fixed channels. That would definitely be my first change in this configuration. Why did you choose the hAP AC over i.e. the RB951G-HnD? How is the interference in your situation? Don’t you have 5G capable devices?

erlinden

You might want to consider turning off fouter functionality on the Mikoritik. Just use it as switch and accesspoint (by removing NAT and creating a bridge where all interfaces should be part of).

erlinden

If I enabled the default firewall in the Quick Config screen and I then went to IP->Cloud and setup a CNAME on my domain what rule to I need to add to the firewall to allow myself to access the router with WinBox remotely from (xxx.xxx.xx.xxx - my office IP) You don't because it is highly unwise. I...

erlinden

FTP uses both port 21 and a range of passive ports. Only forwarding port 21 will not be sufficient.

erlinden

http://lmgtfy.com/?q=how+to+configure+l2tp+mikrotik

erlinden

please tell me how to do. I use winbox only, not console.

From Winbox you can start a terminal, just use the /export hide-sensitive command.

erlinden

Can you please share your config?
What UAP do you use? Is it updated?

erlinden

Can you share your WiFi settings?

erlinden

Could you please provide channel/channelwidth/transmissionpower settings?

erlinden

What is the purpose of the RB if you already have an Asus router?

erlinden

Please correct me if I'm wrong, I would: 1) create a brdige on the hAP-ac and place the SFP and a network port in it 2) create a bridge on the hAP-ac and place the wireless interfaces together with a (different) port in it -> connect this with the hAP-ac2 3) configure the hAP-ac2 as a normal wifi ro...

erlinden

Besides name and password, also security settings have to be equal. And make sure that you choose different channels (don't use auto, 1,6 or 11 on the 2G radio).

Roaming can be achieved by setting the optimum tranmission power (again, don't use auto). Set it as low as possible.

erlinden

I would start by selecting channels manually. For 2G radio use either 1, 6 or 11 and make sure bandwidth is set to 20MHz.

erlinden

Could it be that 5G radio channel is set to auto and that the selected channel is not supported by your device? Or that it was in a DFS waiting state? Perhaps you can share your settings?

erlinden

If you want to configure your cAP ac as accesspoint, you shouldn't configure a DHCP server on it. If you create a bridge and add all interfaces to it (like you did), all devices will get the IP address from the corporate DHCP server (as well as the cAP ac if you define a DHCP client). Two additional...

erlinden

Have you rebooted the router yet?

erlinden

Haven't had problems with this. Could you please supply some information, how is the 2G radio configured? And what is "really bad performance"?

erlinden

What country have you selected? And have you selected regulatory-domain?

erlinden

It depends. What Internet bandwidth do you have, up- and downstream? What will your firewall look like? To summarize, what are your requirements besides number of users!

erlinden

Mikrotik would not give us WPS if it was not secure.

LOL! Do you really think Mikrotik will only provide functionality if it is secure!?

WPS is very secure as it is switched off after that.

Sounds like a valid reason, indeed WPS is only secure if it turned off.

erlinden

You are very wellcome, glad to hear about your progress.

I prefer to use DHCP reservation, this will give you static IP addresses as well.

erlinden

What version are you running on the mAP?
Please don't use the quicksettings...just don't.

erlinden

Reset the mAP (option in the menu), select no configuration

Login the mAP after it is rebooted

Create a bridge

Add all interfaces to the bridge

Add DHCP client if you want to have the mAP an IP address

So...leave the GL 750 as is, nothing to do there

erlinden

Reset it to default, no configuration. Afterwards, you can connect it to the router and configure it (connect to the mAP on MAC address). Next: Make a bridge and have all interfaces part of this bridge. Add a DHCP client (if you want the mAP to have an IP address. Configure your WiFi interfaces as w...

erlinden

I prefer to solve these problems with DNS, just have the service resolved to your internal IP address on your network (and your public IP address for the rest of the world).

erlinden

What client are you using for testing?
At what speed is the client connected?
Can you test with fixed channel?

erlinden

Why not do it properly and run a VPN service? Are you aware that there was (and still is depending on the version of RouterOS you are running) a huge security issue?

erlinden

Are you using fixed channels?
Why do you have two (overlapping) DHCP pools?
Why UPnP?

erlinden

I found this blog to be very helpfull:
https://justinho.com/blog/2017/07/15/hap-ac-lite.html

The benefit of the hAP ac² is CPU power. In the end it all depends on your requirements.

erlinden

[Update] It seems to work with the settings shown underneath... I want to use the Rate Limit in combination with Time For Rate Limited. My preferred schedule would be: 24x7 Internet access Every day, limit at these times: 00:00:00-07:30:00 11:30:00-16:00:00 20:00:00-00:00:00 Though it seems obvious,...

erlinden

It is not a problem, it is unexpected behaviour (for you). Switching channels is de Dynamic part in DFS. The Wiki: https://en.wikipedia.org/wiki/List_of_WLAN_channels gives you an overview on all allowed channels you can select. Perhaps you can do a WiFi scan with a client to find out the best chann...

erlinden

Why do you think the port is limited? What is the CPU load while testing? Could it be cable related (do you see a lot of CRC errors)?

erlinden

Can you please share your wireless settings?

erlinden

On the second router there are no devices connected is used only for WiFi, mobile users only. I thought it is better as it is, doesn't it cause more traffic on my LAN if i set it as acesspoint? Or should i set a different subnet if i set it as acesspoint? It is worse and you only created an additio...

erlinden

What is 'Best performance' for you?

Besides above reply, please configure your second hAP as accesspoint (create one bridge with all interfaces connected to it). It makes no sense to have double NAT.

erlinden

It seems my ISP is blocking port 80. I have changed port number and now all works fine! The problem is solved! Thanks to all! Actually I think you created yourself a bigger problem. Access to the router over a non-encrypted connection. You may want to reconsider your configuration, setting up VPN i...

erlinden

Was the MT supplied by your ISP? If Yes...sure they can. If Not...they won't touch it.
Sure the MT is not compromised by a hacker?

erlinden

Can you please post your public IP address?

erlinden

Lol, sorry. If your router has no gateway, how will it be able to use external DNS servers? Perhaps you can tell us a bit more of what you are doing, how things are connected and what you are trying to accomplish?

erlinden

Can you share a ipconfig /all? Probably you want to set your MirkoTik as (only) DNS server in the DHCP options.

erlinden

Great help here...just one thing (and it might be my preference...) that I want to share:

- Never use auto channel, just do a proper WiFi scan and select the best channels
- On the 2G radio choose either channel 1, 6 or 11. Never use 20/40mhz-Ce! Choose 20mhz.

erlinden

If a 2G WiFi network is sufficient, this is a good solution. Configuration is straight forward:
[*]factory reset without default configuration
[*]put all interfaces on the same switch (or bridge)
[*]configure wireless as required

erlinden

Or run a DNS server on your RB750 and have the website URL resolved to the internal IP address.

erlinden

Port forwarding is not like rocket sience. If you experience difficulties in the firewall and GUI you might want to come to the conclusion that neither MikroTik nor your basic networking knowledge is sufficient.

erlinden

This RB only supports 2G radio (as you know). Bandwidth depends on a ot of factors, the way I would solve it (besides all the steps you have done already) is by using 5G radio. Does the ZTE suport 5G? What speeds do you get with this modem/router? Why do you use the RB as well?

erlinden

What is the use of setting a fixed IP address to an accesspoint? I prefer to have all my IP related stuff done by a DHCP server, reservations for any device necessary.

And to answer you question: DNS is for name resolving. So in any case of name resolving you need a DNS server.

erlinden

Two options (as far as I know):

- Use Capsman
- Configure your cAP as accesspoint *)

*) Reset config with no default, create bridge and add all interfaces to this bridge (or switch), use DHCP client (for configuration options), configure wireless. That's about it.

erlinden

The difference I see with my router is that allow-remote-requests is set to yes while yours is set to no.

erlinden

Can you post the script you are using?

Search found 292 matches