Community discussions

MikroTik App

Search found 2626 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9
by erlinden
Fri Nov 08, 2024 6:51 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

Wasn't this introduced in the 7.17 beta release? Only available through the beta channel, which has to be selected manually? But I might not understand you correctly...
by erlinden
Fri Nov 08, 2024 5:54 pm
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 8
Views: 243

Re: Help me with port forwarding troubleshooting

/ip address add address=192.168.0.2/24 interface=bridge1 network=192.168.0.0 add address=192.168.11.2/24 interface=sfp-sfpplus1 network=192.168.11.0 /ip dhcp-client add interface=sfp-sfpplus1 From the above, I get the feeling that on the sfp you set an IP manually and you get an IP through DHCP. As...
by erlinden
Fri Nov 08, 2024 5:03 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

Both my wAP AX's where supplied with 7.15.x.
by erlinden
Fri Nov 08, 2024 5:02 pm
Forum: General
Topic: DNS Adlist match counter
Replies: 3
Views: 324

Re: DNS Adlist match counter

Okay. It actually makes sense, when I think of it: all lists are consulted in parallel. Thanks for the info.
by erlinden
Fri Nov 08, 2024 9:04 am
Forum: Beginner Basics
Topic: Help me with port forwarding troubleshooting
Replies: 8
Views: 243

Re: Help me with port forwarding troubleshooting

Can you show your config?
/export file=anynameyoulike
Remove serial and any other private info, post between code tags by using the </> button.
by erlinden
Fri Nov 08, 2024 9:02 am
Forum: Beginner Basics
Topic: FTP Rules in Firewall are apparently wrong
Replies: 13
Views: 404

Re: FTP Rules in Firewall are apparently wrong

It is indeed, though IP spoofing is possible. Couple of things: FTP can be run active and passive (if memory serves me well). Active means that the other site has to have port 20 open, passive would require an additional range of ports open on the router. The reason for advising to netinstall is tha...
by erlinden
Thu Nov 07, 2024 9:15 pm
Forum: Beginner Basics
Topic: Use hap ax lite as access point
Replies: 7
Views: 270

Re: Use hap ax lite as access point

From the documentation:
https://help.mikrotik.com/docs/spaces/R ... ionexample:

If you prefer video, check YouTube:
https://youtu.be/bHotZT41w3E?si=PiGRpP_0vQHPQzyd

Feel free to ask additional questions if you fail configuring.
by erlinden
Thu Nov 07, 2024 8:03 pm
Forum: Beginner Basics
Topic: Help DNS approach to Faster Browsing
Replies: 22
Views: 681

Re: Help DNS approach to Faster Browsing

What is the exact purpose of running your own DNS server?
by erlinden
Thu Nov 07, 2024 7:59 pm
Forum: Beginner Basics
Topic: Help DNS approach to Faster Browsing
Replies: 22
Views: 681

Re: Help DNS approach to Faster Browsing

any help to setup my own dns server?
Please first confirm your problem, is it DNS?
by erlinden
Thu Nov 07, 2024 7:55 pm
Forum: Wireless Networking
Topic: Please Respond - About new CapsMan (wifi)
Replies: 4
Views: 246

Re: Please Respond - About new CapsMan (wifi)

Why do you use a (single) VLAN? To understand (more?) about VLAN, please have a look at this great topic: https://forum.mikrotik.com/viewtopic.php?t=143620 Next, configure CAPsMAN as mentioned here: https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-CAPsMAN-CAPsimpleconfigurationexa...
by erlinden
Thu Nov 07, 2024 3:23 pm
Forum: Beginner Basics
Topic: Help DNS approach to Faster Browsing
Replies: 22
Views: 681

Re: Help DNS approach to Faster Browsing

Is DNS the problem? Did you do a proper analyses on why it takes a long time? In such a case I like to use the Developer Tools (F12) which can give you a good indication on where the problem is. From your config: /ip dhcp-client add interface=ether8-WAN You can expand that with use-peer-dns=no to ma...
by erlinden
Thu Nov 07, 2024 12:44 pm
Forum: Beginner Basics
Topic: Filter by IP address list
Replies: 2
Views: 136

Re: Filter by IP address list

Haven't tested, can you add more lines? By using the + simbole and using the same field to filter on?
by erlinden
Thu Nov 07, 2024 12:22 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

Besides lots of improvements (though not working for you), MikroTik is constantly requensting their users to provide information. So I don't agree with you, @woland.
by erlinden
Thu Nov 07, 2024 9:26 am
Forum: General
Topic: how to block youtube shorts?
Replies: 10
Views: 397

Re: how to block youtube shorts?

Still?
MikroTik (or its community) can't help you on this.
by erlinden
Wed Nov 06, 2024 4:43 pm
Forum: Beginner Basics
Topic: Is my hAP ac broken?
Replies: 9
Views: 366

Re: Is my hAP ac broken?

What do you mean test multiple files? Also what logs? In hAP logs I don't see anything suspicious. What if you start multiple downloads, is the combined speed higher? iperf3 -c proof.ovh.net -p 5206 -R -P 8 (gets you 8 streams), does that make a difference? As the hAP ac is single core, that is not...
by erlinden
Wed Nov 06, 2024 4:38 pm
Forum: General
Topic: PPTP no longer working
Replies: 4
Views: 185

Re: PPTP no longer working

No need to get picky, you are on a user forum with professionals. Though they might react a bit direct (as a Dutchman I think they do), they also provide you valuable information. I'll try to be as polite as I can...perhaps you can do the same? From the post from @tangent: Use L2TP (which works perf...
by erlinden
Wed Nov 06, 2024 3:03 pm
Forum: General
Topic: MT SSH login bug???
Replies: 2
Views: 141

Re: MT SSH login bug???

The log should show which user failed logging in and which user did succeed.
Can you confirm this?
by erlinden
Wed Nov 06, 2024 2:58 pm
Forum: Beginner Basics
Topic: Is my hAP ac broken?
Replies: 9
Views: 366

Re: Is my hAP ac broken?

How do you exactly test? Have you tried with multiple files? What protocol is used? Does the log give any hints?
by erlinden
Wed Nov 06, 2024 2:33 pm
Forum: Beginner Basics
Topic: Is my hAP ac broken?
Replies: 9
Views: 366

Re: Is my hAP ac broken?

From the test results (https://mikrotik.com/product/RB962UiGS- ... estresults) you should be able to reach a bit over 300 Mbps.
What RouterOS version and firmware version are you running?
by erlinden
Tue Nov 05, 2024 3:24 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 664

Re: Why is there no decent security on FTP Server on MK?

In the end it is all about supply and demand. Asus is targeting a different audience then MikroTik. Either make a suggestion to MikroTik for implemention or accept it. it stands to reason that common sense should prevail and it should be implemented on the MT as well. it stands to reason that common...
by erlinden
Tue Nov 05, 2024 9:44 am
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 664

Re: Why is there no decent security on FTP Server on MK?

Mmmm...FTP and security in one sentence. Can you elaborate a bit more why you want to use FTP? And why on a router? Would a container perhaps solve this problem? What is the purpose? Do you consider file sharing a routers task?

Next to that, would you consider FTP to be secure...at all?
by erlinden
Tue Nov 05, 2024 9:22 am
Forum: Wireless Networking
Topic: CAPSMAN Setup Help for better roaming
Replies: 29
Views: 1470

Re: CAPSMAN Setup Help for better roaming

At a signal of -60dB, why would you expect it to roam?
by erlinden
Tue Nov 05, 2024 8:38 am
Forum: Wireless Networking
Topic: CAPSMAN Setup Help for better roaming
Replies: 29
Views: 1470

Re: CAPSMAN Setup Help for better roaming

I even tested with a live tv channel playing on the tablet and there was abojt a second drop off when it switched. Is that good?
What is the logging showing? It doesn't sound as fast transitioning.

Thanks @holvoetn, wasn't aware of that.
by erlinden
Mon Nov 04, 2024 3:43 pm
Forum: Wireless Networking
Topic: Requesting help regarding my device running MESH
Replies: 20
Views: 479

Re: Requesting help regarding my device running MESH

Nice picture! We should start with the correct terminology. Mesh means wireless backhaul. So in your case, RB951Ui-2HnD (2F) should only be configured as ap. RB951Ui-2HnD (1F) should be configured both ap-bridge (to connect to 2F) and have a virtual adapter configured as a,p assuming you want to mak...
by erlinden
Mon Nov 04, 2024 2:09 pm
Forum: Beginner Basics
Topic: Wireguard client don't have internet
Replies: 19
Views: 1530

Re: Wireguard client don't have internet

Where is the bridge on both routers? Any asterisk in a config should be examined carefully, i.e. (specifically the out-interface): /ip firewall filter add action=accept chain=forward disabled=yes dst-address=192.168.12.240 dst-port=80 in-interface=ether4 out-interface=*A protocol=tcp src-address=188...
by erlinden
Mon Nov 04, 2024 9:16 am
Forum: Beginner Basics
Topic: no internet access
Replies: 9
Views: 374

Re: no internet access

The gateway should be set to the IP address of your router. You might want to consider using DHCP client (on the bridge) that handles correct IP addressing. By using static leases, you can use dedicated IP addresses.
by erlinden
Sun Nov 03, 2024 12:01 pm
Forum: General
Topic: wap AX -- recommended?
Replies: 4
Views: 282

Re: wap AX -- recommended?

Good for you!
by erlinden
Sun Nov 03, 2024 12:00 pm
Forum: Wireless Networking
Topic: Capsman not provisioning one of two identical cAP ax [SOLVED]
Replies: 5
Views: 246

Re: Capsman not provisioning one of two identical cAP ax [SOLVED]

Are their provisioning rules which match the new radios?
Can you share the wifi config of the CAPsMAN?

/interface wifi export file=anynameyoulike

Remove any private info, post between code tags by using the </> button.
by erlinden
Sun Nov 03, 2024 11:13 am
Forum: RouterBOARD hardware
Topic: Hap AX3 as an access point
Replies: 15
Views: 1360

Re: Hap AX3 as an access point

Feel free to share your config to get some feedback. Also, by playing with the antenna orientation, different results can be expected. /export file=anynameyoulike [or] /interface wifi export file=anynameyoulike Remove serial and any other private info, post between code tags by using the </> button.
by erlinden
Sun Nov 03, 2024 10:56 am
Forum: Wireless Networking
Topic: worst performance of NetBox 5AX.. Is there any user who uses this NetBox 5AX??
Replies: 23
Views: 3381

Re: worst performance of NetBox 5AX.. Is there any user who uses this NetBox 5AX??

Can you set country code in correspondence with the country you are in (the NTP setting indicates something else)?
What is the status of the radio of the Netbox?
/interface/wifi/radio/print detail 
/interface wifi print
by erlinden
Sun Nov 03, 2024 10:44 am
Forum: General
Topic: wap AX -- recommended?
Replies: 4
Views: 282

Re: wap AX -- recommended?

YES! I have replaced a wAP ac (outside) and a cAP AX (inside) with the wAP AX. Can see any difference inside, the connection is stable (which is most important to me) and the wife is also happy (by the looks in comparison with the cAP AX). It is available (at least in Europe), where do you live? The...
by erlinden
Sun Nov 03, 2024 10:15 am
Forum: General
Topic: [7.6] CAP mode fails after custom netinstall
Replies: 3
Views: 703

Re: [7.6] CAP mode fails after custom netinstall

Were both RouterOS and wireless package included during netinstall?
by erlinden
Fri Nov 01, 2024 11:25 pm
Forum: General
Topic: 7.16 DHCP Issues
Replies: 1
Views: 133

Re: 7.16 DHCP Issues

Can you share the configs:
/export file=anynameyoulike
Remove serial and any other private info, post between code tags by usnig the </> button.
by erlinden
Fri Nov 01, 2024 3:09 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 188
Views: 22529

Re: wAP ax?

Turned out my provision rules did not meet the new MAC address on the 5GHz radio and therefore wasn't provisioned. The 2.4GHz provision rule wasn't bound to a MAC address "filter" and could therefore be provisioned.
by erlinden
Fri Nov 01, 2024 11:11 am
Forum: Wireless Networking
Topic: CAPSMAN Setup Help for better roaming
Replies: 29
Views: 1470

Re: CAPSMAN Setup Help for better roaming

Difficult to advise, as some relevant information is missing. What is the signal and what are the tx and rx rates in that case?
Ofcourse you can play with tx power, as well you can add access lists to block clients when a thresshold is reached.
by erlinden
Thu Oct 31, 2024 10:16 pm
Forum: Wireless Networking
Topic: Apple Devices not roaming correctly? [SOLVED]
Replies: 18
Views: 2856

Re: Apple Devices not roaming correctly? [SOLVED]

Why do your AP have a firewall? I prefer to follow the documentation on the CAP, in combination with bridge VLAN filtering for the ethernet ports. By leaving the 5GHz channel to auto, it is possible that the AP's are using the same frequencies. That could be a reason for having bad roaming experienc...
by erlinden
Thu Oct 31, 2024 10:13 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 188
Views: 22529

Re: wAP ax?

Received 2 wAP AX's. Really like them (same case as wAP ac). One strange thing: I had to manually provision the 5GHz radio to get that to work. Not sure what caused this.
by erlinden
Thu Oct 31, 2024 1:08 pm
Forum: Beginner Basics
Topic: Separate internet while using 3 modems
Replies: 12
Views: 614

Re: Separate internet while using 3 modems

Have a look at this great topic:
viewtopic.php?t=192736
by erlinden
Thu Oct 31, 2024 12:05 pm
Forum: Wireless Networking
Topic: CAPSMAN Setup Help for better roaming
Replies: 29
Views: 1470

Re: CAPSMAN Setup Help for better roaming

Can't help you on that. CAPsMAN is what I have most experience with (besides VLAN). Only remark I have, I would use VLAN's instead of multiple bridges. Think it will simplify the firewall as well. (Simple) Queues with VLAN's is pretty easy (like setting minimum bandwidth), but not sure if that solve...
by erlinden
Thu Oct 31, 2024 11:33 am
Forum: Wireless Networking
Topic: CAPSMAN Setup Help for better roaming
Replies: 29
Views: 1470

Re: CAPSMAN Setup Help for better roaming

Perfect, thank you very much. I will do the configuration and report back.
You are very welcome. The radio mac address van be found on the Radios tab (in Winbox).
by erlinden
Thu Oct 31, 2024 11:20 am
Forum: RouterBOARD hardware
Topic: Hap AX3 as an access point
Replies: 15
Views: 1360

Re: Hap AX3 as an access point

Is the power supply provided with the RB5009 sufficient? That is a 24V 1,5A power adapter.
by erlinden
Thu Oct 31, 2024 9:54 am
Forum: Wireless Networking
Topic: CAPSMAN Setup Help for better roaming
Replies: 29
Views: 1470

Re: CAPSMAN Setup Help for better roaming

By leaving a lot on auto, you never know what will happen. I.e. all frequencies can be equal making roaming terrible. What I would do, is configure per radio: /interface wifi channel add disabled=no frequency=2412 name="CH 1 (2412)" width=20mhz add disabled=no frequency=2437 name="CH ...
by erlinden
Wed Oct 30, 2024 6:48 pm
Forum: Wireless Networking
Topic: Connection lost when lease extended?
Replies: 14
Views: 915

Re: Connection lost when lease extended?

A lease time of 10 minutes is :lol:
Adjust it to what makes sense, i.e. 4 or 8 hours. Or more.

Is adding to the address list necessary?
by erlinden
Wed Oct 30, 2024 3:05 pm
Forum: Wireless Networking
Topic: Connection lost when lease extended?
Replies: 14
Views: 915

Re: Connection lost when lease extended?

To rule out DHCP, can you change lease time?
Could you share your config?
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Wed Oct 30, 2024 12:20 pm
Forum: General
Topic: Slow Device after upgrading from 6.x to 7.6, anything we can do to improve?
Replies: 6
Views: 1023

Re: Slow Device after upgrading from 6.x to 7.6, anything we can do to improve?

i think what it really slows down is 100% cpu all the time
What is it doing? What is consuming all the cpu cycles?
Can you share your config?
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Wed Oct 30, 2024 11:40 am
Forum: General
Topic: VLAN Config to/on Mikrotik HexS
Replies: 9
Views: 358

Re: VLAN Config to/on Mikrotik HexS

InterVLAN is accepted by default, you would have to add a filter rule on the forward chain, blocking this traffic. Or...accept only what is allowed and drop verything else (as last rule on the forward chain).
by erlinden
Wed Oct 30, 2024 10:51 am
Forum: General
Topic: VLAN Config to/on Mikrotik HexS
Replies: 9
Views: 358

Re: VLAN Config to/on Mikrotik HexS

VLAN all the way, hybrid is not preferred. This way you can keep your config clean and readable.
by erlinden
Wed Oct 30, 2024 10:48 am
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 126
Views: 13236

Re: hap ax3 random wireless disconnects

Is there a chance to escalate this issue? It seems that the developers of RouterOS 7.x do not know anything about this.
As you know, assumption is the mother...etc.
Just contact support to address your problem.
by erlinden
Wed Oct 30, 2024 9:50 am
Forum: Beginner Basics
Topic: What's wrong with my firewall rules? [SOLVED]
Replies: 9
Views: 565

Re: What's wrong with my firewall rules? [SOLVED]

Are the current rules “good enough”?
Yes
by erlinden
Wed Oct 30, 2024 9:27 am
Forum: General
Topic: VLAN Config to/on Mikrotik HexS
Replies: 9
Views: 358

Re: VLAN Config to/on Mikrotik HexS

Must read: viewtopic.php?t=143620

Can you share your config?
/export file=anynameyoulike
Remove serial and any other proivate info.
by erlinden
Tue Oct 29, 2024 3:37 pm
Forum: Beginner Basics
Topic: SSID Name for WiFi 2GHz and 5Ghz
Replies: 10
Views: 411

Re: SSID Name for WiFi 2GHz and 5Ghz

I always keep the SSID identical and play with transmission power (lower 2.4GHz transmission power a lot). My client devices are smart enough to select the 5GHz radio, or roam to it when available. Another disadvantage of having different SSID's is the lack of roaming. You have to change manually, u...
by erlinden
Tue Oct 29, 2024 3:00 pm
Forum: Beginner Basics
Topic: How to acess my router in DHCP
Replies: 2
Views: 266

Re: How to acess my router in DHCP

What is up with the quotation marks?
Can you share your config?
/export file=anynameyoulike
Remove serial and any other provate info.
by erlinden
Tue Oct 29, 2024 1:43 pm
Forum: Beginner Basics
Topic: SSID Name for WiFi 2GHz and 5Ghz
Replies: 10
Views: 411

Re: SSID Name for WiFi 2GHz and 5Ghz

It depends on what you want. I.e. you could have a edicated IoT network on the 2.4GHz, while your corporate/home network is on 5GHz (or both 2.4GHz and 5GHz). Shared SSID on two radios will support more clients. At the same time you have no control with what radio the client connects. So...what do y...
by erlinden
Tue Oct 29, 2024 11:30 am
Forum: General
Topic: Unable to update Firmware to 7.16.1
Replies: 6
Views: 389

Re: Unable to update Firmware to 7.16.1

Update fails due to a missing package (wireless to be precise). Step one: identify currently installed packages (routeros and at least wireless in your case) Step two: download all installed packages and drop them in folder. Then reboot. Alternatively, update through /system/packages/ automatically ...
by erlinden
Tue Oct 29, 2024 10:20 am
Forum: Beginner Basics
Topic: Routing between VLANs on RB4011 [SOLVED]
Replies: 6
Views: 389

Re: Routing between VLANs on RB4011 [SOLVED]

You could order your firewall rules, would make it more readable. Start with input chain, then forward chain. Currently it is a complete mess (to me). This rule should allow traffic from VLAN100 to VLAN200. Is it hit (either counters or log entries when logging is enabled)? Where do the spaces come ...
by erlinden
Tue Oct 29, 2024 10:13 am
Forum: RouterBOARD hardware
Topic: Hap AX3 as an access point
Replies: 15
Views: 1360

Re: Hap AX3 as an access point

Just give it a try and make sure it is configured properly.
by erlinden
Mon Oct 28, 2024 5:14 pm
Forum: Wireless Networking
Topic: Roaming fail DHCP
Replies: 1
Views: 177

Re: Roaming fail DHCP

Don't use VLAN ID 1, this can cause (these kind of) problems. Check all asterikses, especially on /interface list member. Internet detect can cause strange problems, probably not related (but turn it off anyway). On /interface bridge port, set frame-types: Access ports - frame-types=admit-only-untag...
by erlinden
Mon Oct 28, 2024 5:06 pm
Forum: Beginner Basics
Topic: SSID Not Broadcasting?
Replies: 3
Views: 185

Re: SSID Not Broadcasting?

Did you have a look at the log? Enabled wifi debug logging?
In regards to your question, could it be DFS check (of up to 10 minutes, depending on the selected frequency)?
Sure you want to use 40MHz bandwidth on the (saturated?) 2.4GHz radio?
by erlinden
Mon Oct 28, 2024 5:03 pm
Forum: General
Topic: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch
Replies: 8
Views: 374

Re: 2 x Mikrotik CRS326-24G-2S+RM, one as router, other as a switch

I want to use one as the main router and the other as a regular switch, creating an uplink between the two via the SFP port.
Is this possible?
Sure you want to have a switch act as a router?
What WAN-LAN throughput do you require?
by erlinden
Mon Oct 28, 2024 4:45 pm
Forum: Wireless Networking
Topic: CAPSMAN Setup Help for better roaming
Replies: 29
Views: 1470

Re: CAPSMAN Setup Help for better roaming

Transmission power is set on: /interface/wifi/configuration/tx-power Frequency is set on: /interface/wifi/channel/frequency Can you share your config? /export file=anynameyoulike I have made a config (and provision rule) per radio, so I can set everything the way I want it exactly. I.e. all channels...
by erlinden
Mon Oct 28, 2024 4:00 pm
Forum: Wireless Networking
Topic: CAPSMAN Setup Help for better roaming
Replies: 29
Views: 1470

Re: CAPSMAN Setup Help for better roaming

You could play with transmission power, by default it is set to maximum. Lowering could improve roaming.
by erlinden
Mon Oct 28, 2024 12:32 pm
Forum: Beginner Basics
Topic: Unable to route via VLANs
Replies: 16
Views: 934

Re: Unable to route via VLANs

Don't use VLAN ID 1.
If you want to do VLAN filtering oin the bridge, you should enable it.
by erlinden
Mon Oct 28, 2024 12:27 pm
Forum: General
Topic: Mikrotik router should connect to Opnsense via WG.
Replies: 8
Views: 351

Re: Mikrotik router should connect to Opnsense via WG.

You should set the correct IP address information to the wireguard interface.
It should be 10.90.200.4/32 but is currently 192.168.177.2/24

Also, Allowed IP's should be set to 0.0.0.0/0, ::/0, currently you only set ::/0.
by erlinden
Mon Oct 28, 2024 11:09 am
Forum: Wireless Networking
Topic: Wireless AP Powered From RB4011 [SOLVED]
Replies: 4
Views: 286

Re: Wireless AP Powered From RB4011 [SOLVED]

Thanks. Just to be specific both CAP AX and WAP AX data sheets state "PoE in .. 802.3af/at". Can they in fact also be powered by passive PoE?
Yes
by erlinden
Mon Oct 28, 2024 10:51 am
Forum: Wireless Networking
Topic: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates
Replies: 8
Views: 1134

Re: WiFi Disconnect Issues with hAP ax² - Seeking Advice on Stable Version and Future Updates

Newer is not always better. You can read changelogs to consider upgrading or not.

Can you provide us with a complete export?
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Mon Oct 28, 2024 10:05 am
Forum: General
Topic: CAP AX vs WAP AX (indoors)
Replies: 12
Views: 647

Re: CAP AX vs WAP AX (indoors)

Why size would influence the decision? Being bigger I mean. Trying to understand
Do you have a partner?
by erlinden
Mon Oct 28, 2024 10:02 am
Forum: Wireless Networking
Topic: Legacy wifi client does not connect to AX AP
Replies: 8
Views: 992

Re: Legacy wifi client does not connect to AX AP

Agree with @infabo.

Can you also change
/interface wifi channel add band=2ghz-ax disabled=no name=2ghz skip-dfs-channels=10min-cac width=20/40mhz
to
/interface wifi channel add disabled=no name=2ghz frequency=2412,2437,2462 width=20mhz
by erlinden
Sun Oct 27, 2024 7:36 pm
Forum: RouterBOARD hardware
Topic: Please launch hAP with AX3000 or above
Replies: 17
Views: 4566

Re: Please launch hAP with AX3000 or above

Wifi marketing shizzle is one way, while the wired connection is two way. Though I do agree the benefits...not all traffic is always through a single wired port. If you, i.e. use a NAS it could be beneficial. In the end, the shizzle is about theoretical maximum connection speed and has nothing to do...
by erlinden
Sun Oct 27, 2024 7:32 pm
Forum: Beginner Basics
Topic: Fronius inverter can't access cloud services [SOLVED]
Replies: 14
Views: 845

Re: Fronius inverter can't access cloud services [SOLVED]

TLS is between client and server, the MikroTik has nothing to do with that. Is the date/time correct on all involved devices? Does it work when you (temporarily) test with IPv4 only? How is (one of the) domain names resolved? What did Fronius support answer? Remars: remove anything you have done adj...
by erlinden
Sun Oct 27, 2024 1:18 pm
Forum: General
Topic: CAP AX vs WAP AX (indoors)
Replies: 12
Views: 647

Re: CAP AX vs WAP AX (indoors)

cAP AX is nearly three times the size of a wAP ax.
If you search the forum, there is real time comparison between the two.
by erlinden
Sun Oct 27, 2024 1:15 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 126
Views: 13236

Re: hap ax3 random wireless disconnects

What is in itself the problem of remaining at 7.14.3 (at least for the time being)?
Is there specific functionality missing that was introduced from 7.15 upwards?
by erlinden
Sat Oct 26, 2024 2:43 pm
Forum: Beginner Basics
Topic: 2 Mikrotiks, one switch, vlans
Replies: 2
Views: 304

Re: 2 Mikrotiks, one switch, vlans

Apart from using VLAN ID 1...sure.
Have a good read: viewtopic.php?t=143620
by erlinden
Fri Oct 25, 2024 1:23 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 188
Views: 22529

Re: wAP ax?

I would like to install it on the ceiling instead of an old cAP, do you think it is suitable or is the antenna very directional?
wAP can be securely fixed to any external wall or roof from the inside of the case
by erlinden
Fri Oct 25, 2024 12:41 pm
Forum: Beginner Basics
Topic: DHCP servers are isolated from each other, lacking intercommunication.
Replies: 6
Views: 331

Re: DHCP servers are isolated from each other, lacking intercommunication.

/interface list member add interface=WAN-1 list=WAN add interface=bridge1 list=LAN Seems to me that, based on the config, the second bridge isn't part of the LAN address list. But from your config so many questions...why? Why multiple bridges (instead of using VLAN)? Why is your firewall so much ch...
by erlinden
Fri Oct 25, 2024 8:12 am
Forum: Wireless Networking
Topic: Iphone 11 wifi
Replies: 4
Views: 272

Re: Iphone 11 wifi

Can you post a complete export from both CAPsMAN and CAP (assuming they are different devices)? Currently it is incomplete, i.e. country code is missing (part of configuration). /export file=anynameyoulike Remove serial and any other private info and post between code tags by using the </> button.
by erlinden
Thu Oct 24, 2024 9:41 pm
Forum: Wireless Networking
Topic: bst configuration with capsman for 2 different accesspoints
Replies: 56
Views: 1574

Re: bst configuration with capsman for 2 different accesspoints

Either you want to be helped...or not. Provide all configs for all involved devices (I would expect four configs) and follow instructions afterwards by the letter. Again the hardware is capable, but it requires proper config. And from the error message you provided it is clear that your current conf...
by erlinden
Thu Oct 24, 2024 7:35 pm
Forum: Beginner Basics
Topic: cAP X and 2 DHCP on one network
Replies: 13
Views: 762

Re: cAP X and 2 DHCP on one network

Tell the cAP AX it is a router and configure it like one. Just make sure the cAP AX has a static IP address (or have its MAC address registered).
by erlinden
Thu Oct 24, 2024 7:32 pm
Forum: Wireless Networking
Topic: bst configuration with capsman for 2 different accesspoints
Replies: 56
Views: 1574

Re: bst configuration with capsman for 2 different accesspoints

Too bad it isn't working for you. Unfortunately, MikroTik is not the right tool for everyone. I would really have liked to get you a working environment, hte hardware is more than capable. Especially the code @meki provided should have given you a working environment. Apart from the fact that US has...
by erlinden
Thu Oct 24, 2024 2:35 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 50
Views: 5465

Re: Newsletter #121 | October 2024

Yes! wAP AX, finally!!
by erlinden
Thu Oct 24, 2024 12:32 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 188
Views: 22529

Re: wAP ax?

Is the regulation info hardware depending? I always thought that it was fixed?
by erlinden
Wed Oct 23, 2024 5:54 pm
Forum: General
Topic: Slave AP not providing IP addresses to end devices
Replies: 14
Views: 692

Re: Slave AP not providing IP addresses to end devices

Shouldn't wlan1 also be part of the bridge?
by erlinden
Wed Oct 23, 2024 3:54 pm
Forum: Beginner Basics
Topic: Access VPN Tunnel via VLAN
Replies: 5
Views: 311

Re: Access VPN Tunnel via VLAN

When I see "6.47.4", all alarm bells are ringing. Please consider upgrading the router while you are working on it.
by erlinden
Wed Oct 23, 2024 1:49 pm
Forum: Wireless Networking
Topic: bst configuration with capsman for 2 different accesspoints
Replies: 56
Views: 1574

Re: bst configuration with capsman for 2 different accesspoints

Can you please translate your responses to English? I now have to use Google Translate. Just use 20/40/80MHz as bandwidth (for 5GHz radios), they won't do more. Just use 20MHz bandwidth for 2.4GHz radios, the spectrum is already overcrowded. All configuration should be done on the CAPsMAN (that's wh...
by erlinden
Wed Oct 23, 2024 1:23 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

Does it all work now, yes all good, I was just trying to reason why!
Can't help you with that. Still, from a conceptual perspective I would use a /interface/wifi/security item per ssid. Personal preference...

But in the end...good to hear it works already.
by erlinden
Wed Oct 23, 2024 1:18 pm
Forum: Wireless Networking
Topic: bst configuration with capsman for 2 different accesspoints
Replies: 56
Views: 1574

Re: bst configuration with capsman for 2 different accesspoints

Channel can be set on the configuration, when selecting the corresponding radio (through it's MAC address) it will be set. If it shows incorrect frequency, it shows that you are assigning incorrect frequency to that radio (i.e. a 2.4GHz frequency to a 5GHz radio or vice versa). Auto is not that bad,...
by erlinden
Wed Oct 23, 2024 12:46 pm
Forum: Wireless Networking
Topic: bst configuration with capsman for 2 different accesspoints
Replies: 56
Views: 1574

Re: bst configuration with capsman for 2 different accesspoints

Just a couple of remarks that can be improved on your config: Use 20MHz bandwidth on the 2.4GHz radios Set fixed frequencies on all radios (and make them non-overlapping) When not setting band, it will support to newest supported standard: "Frequency band and wireless standard that will be used...
by erlinden
Wed Oct 23, 2024 12:23 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

Hope that helps! It seems that there is difference between security. And SSID (on purpose?). I would always make one item (per SSID) in /interface/wifi/security and use that on all interfaces. Because when specifying security items on /interface/wifi explicitely, it will override the selected secur...
by erlinden
Wed Oct 23, 2024 10:46 am
Forum: Beginner Basics
Topic: New subnets unable to route
Replies: 5
Views: 313

Re: New subnets unable to route

Rule 1: don't use VLAN ID 1
If you want to seperate networks (at least, I think that is the main reason for having multiple subnets), you might want to consider using VLAN's. Especially in the correct way, as described in the "Bible on VLAN":
viewtopic.php?t=143620
by erlinden
Wed Oct 23, 2024 10:30 am
Forum: Beginner Basics
Topic: I can't access the web interface for MikroTik hAP ac2 [SOLVED]
Replies: 14
Views: 10440

Re: I can't access the web interface for MikroTik hAP ac2 [SOLVED]

You do know the IP address of the router? Set a fixed IP address on the computer, within the same subnet, and connect? Last resort (if everything fails) is using netinstall to reset the device completely. Ofcourse the config is whiped, but you should be able to reconfigure. Check this topic (and fol...
by erlinden
Tue Oct 22, 2024 3:51 pm
Forum: Wireless Networking
Topic: worst performance of NetBox 5AX.. Is there any user who uses this NetBox 5AX??
Replies: 23
Views: 3381

Re: worst performance of NetBox 5AX.. Is there any user who uses this NetBox 5AX??

Does it help when gain is set to 19? And when you unset TX Power (setting it to max power in accordance with regulations implicitly)? Is the antenna well attached to the NetBox? Have you followed all suggestions? Can you post a new export (/interface/wifi/export is sufficient) after making all chang...
by erlinden
Tue Oct 22, 2024 3:31 pm
Forum: Wireless Networking
Topic: hAPx2 slow when compared to FritzBox [SOLVED]
Replies: 5
Views: 344

Re: hAPx2 slow when compared to FritzBox [SOLVED]

In an optimum situation (line of sight, no interference, no other clients) that is about the max you can expect. You can play with frequency to select the least crowded channel (i.e.5660).
by erlinden
Tue Oct 22, 2024 3:17 pm
Forum: Wireless Networking
Topic: Poor Wi-Fi range on cAP AX
Replies: 15
Views: 843

Re: Poor Wi-Fi range on cAP AX

Perhaps you can play a bit with orientation? Hope that helps. And did you configure the same channels?
And, instead of looking at number of bars, please check the (TX and RX) rates. Signal power is often confused with signal quality.
by erlinden
Tue Oct 22, 2024 1:44 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

Anything can be overridden, could that have been the case? Can you share your config?
by erlinden
Tue Oct 22, 2024 1:37 pm
Forum: Wireless Networking
Topic: worst performance of NetBox 5AX.. Is there any user who uses this NetBox 5AX??
Replies: 23
Views: 3381

Re: worst performance of NetBox 5AX.. Is there any user who uses this NetBox 5AX??

/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .frequency=5500 \ .skip-dfs-channels=all .width=20/40/80/160mhz configuration.antenna-gain=\ 20 .chains=0,1 .country=Russia .distance=2 .mode=ap .ssid=test \ .tx-chains=0,1 .tx-power=28 disabled=no Lets see: .frequency=5500 - Apar...
by erlinden
Tue Oct 22, 2024 1:27 pm
Forum: General
Topic: Mikrotik support please have a look!
Replies: 4
Views: 341

Re: Mikrotik support please have a look!

To start with:
https://mikrotik.com/support

Next, stick to a single topic:
viewtopic.php?t=211894
by erlinden
Tue Oct 22, 2024 12:34 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

i Just tried to add WPA3 via sec1 and apply to 3 of my wifi interfaces but it didn't work. What didn't work? I tend to perform an export when in doubt if settings are correct: /interface/wifi/export Alternatively you can use a wifi scanner for getting insights wether i.e. WPA3 is available. Fwiw, W...
by erlinden
Tue Oct 22, 2024 12:30 pm
Forum: Wireless Networking
Topic: hAPx2 slow when compared to FritzBox [SOLVED]
Replies: 5
Views: 344

Re: hAPx2 slow when compared to FritzBox [SOLVED]

But I mean, 5 GHz should be able to do 2.4 GBits.
:lol:
by erlinden
Mon Oct 21, 2024 10:08 pm
Forum: Beginner Basics
Topic: why my computer assigned IANA IP?
Replies: 39
Views: 1509

Re: why my computer assigned IANA IP?

/system logging
add topics=debug,dhcp
by erlinden
Mon Oct 21, 2024 9:55 pm
Forum: Wireless Networking
Topic: No default steering neighbour group with CAPsMAN [SOLVED]
Replies: 23
Views: 4028

Re: No default steering neighbour group with CAPsMAN [SOLVED]

You make a neighbour group in steering. Two locations (and from the GUI there is a tab steering:

/interface/wifi/configuration/steering
/interface/wifi/steering
by erlinden
Mon Oct 21, 2024 9:32 pm
Forum: Wireless Networking
Topic: worst performance of NetBox 5AX.. Is there any user who uses this NetBox 5AX??
Replies: 23
Views: 3381

Re: worst performance of NetBox 5AX. Is there any user who uses this NetBox 5AX

no result after spending a lot of time on this. Too bad Can anyone ask to Mikrotik? Have you already contacted support? Sent an supout file? Why should we ask MikroTik? Is there any user who uses this NetBox 5AX ?? Have you searched this forum, there are more topics about the NetBox. please share r...
by erlinden
Mon Oct 21, 2024 9:10 pm
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 540

Re: Issues with multi-SSID VLAN configuration on cAP ax

Still you need to learn basic VLAN setup. @anav did an incredible job in his reply to this post. You missed all the relevant stuff (/interface /bridge/port and /interface/bridge/vlan) and misconfigured /interface/vlan. Compare your config with the example of @anav, specifically on my mentioned parts.
by erlinden
Mon Oct 21, 2024 9:02 pm
Forum: Beginner Basics
Topic: why my computer assigned IANA IP?
Replies: 39
Views: 1509

Re: why my computer assigned IANA IP?

From the documentation: netmask (integer: 0..32; Default: 0 ) The actual network mask is to be used by the DHCP client. If set to '0' - netmask from network address will be used. When set to 0, it will not show up in the export. When set to 24 it will. Wasn't aware of this, @mkx. Still, it will use ...
by erlinden
Mon Oct 21, 2024 8:49 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 188
Views: 22529

Re: wAP ax?

Finally, the long awaited cAP AX product. However, lets hope MikroTik can release the needed AX driver improvements on their next ROS release...................... You mean wAP AX I assume? They are constantly improving and releasing new drivers and versions of RouterOS...no doubt it will become be...
by erlinden
Mon Oct 21, 2024 4:08 pm
Forum: Beginner Basics
Topic: why my computer assigned IANA IP?
Replies: 39
Views: 1509

Re: why my computer assigned IANA IP?

Change this...: /ip dhcp-server network add address=172.22.2.0/24 comment=VLAN2 gateway=172.22.2.1 add address=172.22.3.0/24 comment=VLAN3 gateway=172.22.3.1 add address=172.22.4.0/24 comment=VLAN4 gateway=172.22.4.1 add address=172.22.5.0/24 comment=VLAN5 gateway=172.22.5.1 ...to this: /ip dhcp-ser...
by erlinden
Mon Oct 21, 2024 1:55 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 188
Views: 22529

Re: wAP ax?

What do you mean by first day launch? The apperance on the several webshops?
I pre ordered today here in the Netherlands.
by erlinden
Mon Oct 21, 2024 10:00 am
Forum: Beginner Basics
Topic: Issues with multi-SSID VLAN configuration on cAP ax
Replies: 8
Views: 540

Re: Issues with multi-SSID VLAN configuration on cAP ax

First, the bridge on the router should have VLAN filtering enabled: /interface bridge add name=bridge port-cost-mode=short Change to: /interface bridge add name=bridge port-cost-mode=short vlan-filtering=yes Can continue on all other parts (accesspoint at least), but you should first start reading a...
by erlinden
Mon Oct 21, 2024 9:41 am
Forum: Wireless Networking
Topic: wAP ax?
Replies: 188
Views: 22529

Re: wAP ax?

I actually dont mind the AX3 now, setup is not intuitive and confusing with multiple menus that overlap and interfere with each other but once you stumble across a working config, and dont use capsman, it works well enough. For developers, used to program object oriented, the menu is actually prett...
by erlinden
Mon Oct 21, 2024 9:36 am
Forum: Beginner Basics
Topic: I can't access the web interface for MikroTik hAP ac2 [SOLVED]
Replies: 14
Views: 10440

Re: I can't access the web interface for MikroTik hAP ac2 [SOLVED]

Use Winbox, connect through MAC address instead of IP address.
by erlinden
Mon Oct 21, 2024 9:35 am
Forum: Beginner Basics
Topic: why my computer assigned IANA IP?
Replies: 39
Views: 1509

Re: why my computer assigned IANA IP?

there must be something else wrong.. could it be my docking station part of the problem?
Anything could be wrong. Just to make sure...can you share your config?
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Sun Oct 20, 2024 11:25 am
Forum: General
Topic: disconnected, register to other interface
Replies: 9
Views: 540

Re: disconnected, register to other interface

Most threads nowadays are about the wifi-qcom(-ac) driver. You are still using the legacy/old wireless driver. So...no, I don't see a lot of threads nowadays about this driver. For security settings, start with basic before using more advanced stuff: / interface wireless security-profiles set defaul...
by erlinden
Sat Oct 19, 2024 11:42 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

Can you please share:
/interface/wifi/export
Remove any private info.

Update: it works on my machine. Could it be a typo?
by erlinden
Sat Oct 19, 2024 7:20 pm
Forum: General
Topic: MikroTik v.7.16.1 CAPsMAN, datapath doesn't work
Replies: 2
Views: 478

Re: MikroTik v.7.16.1 CAPsMAN, datapath doesn't work

Any reason you want to work with multiple bridges (for wireless versus wired)? As there is nothing mapped on bridge2, my assumption would be that being the reason. If you want to make distinction, you might want to consider using VLAN's. For the time being, you can test with setting the brdige to br...
by erlinden
Sat Oct 19, 2024 1:06 pm
Forum: General
Topic: disconnected, register to other interface
Replies: 9
Views: 540

Re: disconnected, register to other interface

Could you share your config?
/export file=anynameyoulike
Remove serial and any other private info and post in between code tags by using the </> button.
by erlinden
Sat Oct 19, 2024 12:47 pm
Forum: Wireless Networking
Topic: Mikrotik or others on AX wifi access point
Replies: 173
Views: 10939

Re: Mikrotik or others on AX wifi access point

Anyway moving on... Has anyone tried WPA3 on 7.17 beta4 yet ?
Running 7.17 beta4, mixed WPA2/WPA3 on dual cAP AX and wAP ac using multiple VLAN's. Windows/Linux/Android/iOS devices. Seems pretty stable. Disconnection caused by too weak signal. Installed yesterday, still have to do some testing.
by erlinden
Thu Oct 17, 2024 4:03 pm
Forum: Announcements
Topic: v7.16.1 [stable] is released!
Replies: 411
Views: 101503

Re: v7.16.1 [stable] is released!

OpenVPN server generates debug messages with "unknown" topics. I'm not sure if this is the 7.16.1 issue, as I haven't run the OpenVPN server on previous versions of RouterOS. Show us the...config: /export file=anynameyoulike Remove serial and any other private info and post ebtween code t...
by erlinden
Thu Oct 17, 2024 4:02 pm
Forum: Beginner Basics
Topic: Ap - Station bridge winbox issue
Replies: 3
Views: 235

Re: Ap - Station bridge wincox issue

Show us the...config:
/export file=anynameyoulike
Remove serial and any other private info and post ebtween code tags by using the </> button.
by erlinden
Thu Oct 17, 2024 12:09 pm
Forum: General
Topic: RB4011iGS+5HacQ2HnD Password after Update.
Replies: 2
Views: 205

Re: RB4011iGS+5HacQ2HnD Password after Update.

Just to make sure: you leave the password empty and you get the message "incorrect password"? Did you reset by use of the reset button? Sure it is reset? You didn't specify a password for this device? Last resort: netinstall: https://help.mikrotik.com/docs/spaces/ROS/pages/24805390/Netinst...
by erlinden
Thu Oct 17, 2024 12:06 pm
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+IN or hAP ax³
Replies: 13
Views: 5323

Re: RB5009UPr+S+IN or hAP ax³

But, is hAP ax³ capable of routing a 1 GBIT internet at full speed ?
Yes it is:
https://mikrotik.com/product/hap_ax3#fndtn-testresults

Check Routing, 25 ip filter rules, 512 byte, Mbps to get a good indication of the WAN-LAN throughput.
by erlinden
Thu Oct 17, 2024 10:48 am
Forum: Scripting
Topic: where is the error?
Replies: 10
Views: 426

Re: where is the error?

I might misread (should use reading glasses), do you use ~ instead of = ?
by erlinden
Thu Oct 17, 2024 10:47 am
Forum: General
Topic: RB4011iGS
Replies: 4
Views: 297

Re: RB4011iGS

Do you do anything "special" like VLAN? I have had Grandstream, only had some "specialities" while using VLAN's...and I do that a lot. Can you share your (MT) config just to make sure there is nothing in there? /export file=anynameyoulike Remove serial and any other private info ...
by erlinden
Thu Oct 17, 2024 9:32 am
Forum: Beginner Basics
Topic: DHCP server now working for wireless clients on CAP device
Replies: 3
Views: 347

Re: Help needed with wireless setup of 2nd router in network

Install wifi-qcom-ac on the hAP ac2 (as far as you haven't yet). It's part of the extra package.
Configure CAPsMAN on hAP AX3.

https://help.mikrotik.com/docs/spaces/R ... iFiCAPsMAN
by erlinden
Wed Oct 16, 2024 4:05 pm
Forum: Beginner Basics
Topic: HEX S Router
Replies: 8
Views: 429

Re: HEX S Router

Reset to defaults (if it is not), upgrade to latest stable (currently V7.16.1 assuming you are also running V7) and that is it!

https://help.mikrotik.com/docs/display/ROS/Reset+Button
https://help.mikrotik.com/docs/display/ ... stallation
by erlinden
Wed Oct 16, 2024 3:53 pm
Forum: Wireless Networking
Topic: wifi cfg not applied to wifi interface?
Replies: 8
Views: 387

Re: wifi cfg not applied to wifi interface?

You can see it in WebFig? You did set the passphrase in WebFig?

If you add the configuration through terminal (either directly or through Winbox/WebFig), is it there?
by erlinden
Wed Oct 16, 2024 2:25 pm
Forum: Wireless Networking
Topic: AP works on router, but not on switch [SOLVED]
Replies: 7
Views: 514

Re: AP works on router, but not on switch [SOLVED]

There are a lot of topics on the forum telling you not to use it. Can cause unexpected behavior.
by erlinden
Wed Oct 16, 2024 1:02 pm
Forum: Beginner Basics
Topic: Ping spikes with CRS125-24G-1S-RM on LAN, not sure where to start debugging [SOLVED]
Replies: 10
Views: 779

Re: Ping spikes with CRS125-24G-1S-RM on LAN, not sure where to start debugging [SOLVED]

Can you elaborate a bit on this? CRS is Cloud Router Switch, isn't it? Can you elaborate on the Cloud part of the name? 8) If you have a look at test results: https://mikrotik.com/product/crs125_24g_1s_rm#fndtn-testresults You would see that when used as router (it is a switch) you would be able to...
by erlinden
Wed Oct 16, 2024 11:52 am
Forum: Beginner Basics
Topic: Router configuration
Replies: 8
Views: 690

Re: Router configuration

How can i do it? By far the easiest way is to get some help: https://mikrotik.com/consultants If you plan to do it yourself, please have a look at the documentation: https://help.mikrotik.com/docs/ And specifically: https://help.mikrotik.com/docs/display/ROS/NAT And (but you might have found this a...
by erlinden
Wed Oct 16, 2024 11:17 am
Forum: General
Topic: Is RouterOS a real-time system?
Replies: 5
Views: 480

Re: Is RouterOS a real-time system?

What is your definition of real-time? And "real-time system" specifically?
by erlinden
Wed Oct 16, 2024 10:49 am
Forum: Beginner Basics
Topic: Ping spikes with CRS125-24G-1S-RM on LAN, not sure where to start debugging [SOLVED]
Replies: 10
Views: 779

Re: Ping spikes with CRS125-24G-1S-RM on LAN, not sure where to start debugging [SOLVED]

Can you check CPU usage? (think it is on /system health)
You are currently using a switch as router, though it can be confiugured as one, it is not designed to do so.
by erlinden
Wed Oct 16, 2024 9:28 am
Forum: General
Topic: AP blocking a WiFi client - Bug?
Replies: 1
Views: 195

Re: AP blocking a WiFi client - Bug?

The truth lies in the config.

Can you share it?
/export file=anynameyoulike
Remove serial and any other private info and post between code tags by using the </> button.
by erlinden
Wed Oct 16, 2024 9:26 am
Forum: Wireless Networking
Topic: AP works on router, but not on switch [SOLVED]
Replies: 7
Views: 514

Re: AP works on router, but not on switch [SOLVED]

Good to hear it is solved.
Best practice, don't use VLAN ID 1.
by erlinden
Tue Oct 15, 2024 8:34 am
Forum: General
Topic: Problem trying to update firmware [SOLVED]
Replies: 3
Views: 338

Re: Problem trying to update firmware [SOLVED]

Is this a live running and public facing router? If so, consider using netinstall and (re)configure it manually. You can get an export to help you with this: /export file=anynameyoulike Download the file to a safe place on a computer. Reason: Version 6.42.10 is a bit old. Might be compromised. If no...
by erlinden
Sun Oct 13, 2024 9:54 pm
Forum: Beginner Basics
Topic: hAP ax^3 - access to NAS
Replies: 11
Views: 2092

Re: hAP ax^3 - access to NAS

I think in the firewall of the 192.168.0.1 you need a forward rule to allow 192.168.88.0/24 to the NAS.
Can you explain why you are using two routers in the network?
by erlinden
Thu Oct 10, 2024 6:16 pm
Forum: Beginner Basics
Topic: How to separate network?
Replies: 11
Views: 1631

Re: How to separate network?

Found a way to separate networks by Routing Rules
Other approach: block everything and only allow what is allowed.
by erlinden
Thu Oct 10, 2024 9:45 am
Forum: General
Topic: Firmware 7.16 [SOLVED]
Replies: 19
Views: 1082

Re: Firmware 7.16 [SOLVED]

Bit surprised to read that you rely a companies business on two discontinued products. If they are that important to you, I would expect you to have at least a testlab where upgrades are tested befor bringing to production. Especially while using these low-end devices (nothing wrong with them, don't...
by erlinden
Thu Oct 10, 2024 9:18 am
Forum: Wireless Networking
Topic: WiFi Wave2 and CAPsMan v3 and VLANs
Replies: 13
Views: 912

Re: WiFi Wave2 and CAPsMan v3 and VLANs

is vlan assignment for "slave configurations" working on wifi-qcom-ac in your setup? e.g. master config: - 1 5GHz SSID e.g. VLAN10 - 1 2.4GHz SSID e.g. VLAN10 slave config: - 1x 5GHz VLAN30 - 1x 2.4GHz VLAN31 - 1x 2.4GHz VLAN31 but other SSID never managed to get it working with 2 hAP AC2...
by erlinden
Tue Oct 08, 2024 10:34 am
Forum: General
Topic: Can't netinstall hAP ac2
Replies: 17
Views: 758

Re: Can't netinstall hAP ac2

Have you tried adding a dumb switch in between the hAP and your computer?
by erlinden
Tue Oct 08, 2024 10:31 am
Forum: Wireless Networking
Topic: WiFi Wave2 and CAPsMan v3 and VLANs
Replies: 13
Views: 912

Re: WiFi Wave2 and CAPsMan v3 and VLANs

Please have a good look at this part of the documentation: https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPusing%22wifi-qcom-ac%22package: Can you share the /interface wifi export of both the CAPsMAN and the CAP? /interface/wifi/export Remove serial and any other private info. I have both a ...
by erlinden
Mon Oct 07, 2024 5:26 pm
Forum: The User Manager
Topic: Custom Box Shipping Optimization Using MikroTik
Replies: 2
Views: 340

Re: Custom Box Shipping Optimization Using MikroTik

You better get some advise from a consultant (this is a user forum): https://mikrotik.com/consultants Router Configuration: What settings should I prioritize to enhance connectivity and stability during peak shipping hours? https://help.mikrotik.com/docs/display/ROS/Connection+rate Quality of Servic...
by erlinden
Mon Oct 07, 2024 11:07 am
Forum: Beginner Basics
Topic: Could you audit my firewall rules
Replies: 6
Views: 527

Re: Could you audit my firewall rules

Maybe you should propose and command to export what you want, but beside interface list or else I dont see what is really missing for you to take look at it. From my experience, @anav can be a bit direct (he/she could be Dutch :lol:). He is requesting the entire export, because that is the only way...
by erlinden
Mon Oct 07, 2024 11:02 am
Forum: Beginner Basics
Topic: Best practise for Pihole in Mikrotik VLAN behind ISP router (and Mikrotik router)
Replies: 2
Views: 454

Re: Best practise for Pihole in Mikrotik VLAN behind ISP router (and Mikrotik router)

The easiest way: Set the PiHole as only DNS server in the DHCP Network(s). Make sure the PiHole can be reached from all VLAN's. Another consideration would be letting the MikroTik work as DNS server (set its IP address in the DHCP Network(s)). THe only disadvantge is that PiHole only is aware of the...
by erlinden
Sat Oct 05, 2024 12:10 pm
Forum: Wireless Networking
Topic: Signal Strength Weakens for Each New Access Point Connected to CAPsMAN (RouterOS 7.16) [SOLVED]
Replies: 8
Views: 1078

Re: Signal Strength Weakens for Each New Access Point Connected to CAPsMAN (RouterOS 7.16) [SOLVED]

As the entire bandwidth on the 2.4GHz radio is 40 MHz (I will leave channel 12/13 out), you should understand that by using 20/40MHz bandwith you obviously have interference. The same is for using only non DFS channels on the 5GHz radio. There is not enough bandwidth on the 5GHz radio left to preven...
by erlinden
Fri Oct 04, 2024 10:46 pm
Forum: General
Topic: Max mikrotik uptime limit
Replies: 6
Views: 507

Re: Max mikrotik uptime limit

My best guess: over 999 days. But not sure if that is the reason.
If you have any public facing devices, I would advice you to keep (at least) that device updated with the latest LTS (currently 6.49.13).
by erlinden
Fri Oct 04, 2024 9:41 pm
Forum: Beginner Basics
Topic: Router configuration
Replies: 8
Views: 690

Re: Router configuration

Any MikroTik router with at least 3 LAN ports will be an option. Due to lacking requirements it's impossible to give more advice. All can be done from the GUI (both web or desktop, on any platform). I balance between Mikrotik and Ubiquiti switch. If you want flashy GUI and lots of marketing...the la...
by erlinden
Thu Oct 03, 2024 10:16 pm
Forum: General
Topic: Switch bleeding tagged multicast/broadcast frames from other vlan. Bug?
Replies: 9
Views: 780

Re: Switch bleeding tagged multicast/broadcast frames from other vlan. Bug?

/interface ethernet switch vlan
add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=90
add independent-learning=yes ports=ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=100
Sure the independent-learning is required?
by erlinden
Thu Oct 03, 2024 5:22 pm
Forum: Beginner Basics
Topic: How to reach WG client from LAN
Replies: 6
Views: 330

Re: How to reach WG client from LAN

Sure, just add a firewall filter rule on the forward chain.
by erlinden
Thu Oct 03, 2024 4:16 pm
Forum: General
Topic: Ether6 on RB5009 only working with 100 Mbps. Hardware fault?
Replies: 7
Views: 442

Re: Ether6 on RB5009 only working with 100 Mbps. Hardware fault?

Last step you could take befor RMA-ing it is using netinstall to do a fresh install.
by erlinden
Thu Oct 03, 2024 3:05 pm
Forum: General
Topic: Ether6 on RB5009 only working with 100 Mbps. Hardware fault?
Replies: 7
Views: 442

Re: Ether6 on RB5009 only working with 100 Mbps. Hardware fault?

Nothing in the config explaining this behavior? Like a fixed linkspeed?
by erlinden
Thu Oct 03, 2024 1:49 pm
Forum: General
Topic: No DHCP IP for VLAN on Wifi and eth port [SOLVED]
Replies: 1
Views: 249

Re: No DHCP IP for VLAN on Wifi and eth port [SOLVED]

What is the purpose of having a single VLAN?
Have you seen this "Bible of VLAN":
viewtopic.php?t=143620
by erlinden
Thu Oct 03, 2024 1:45 pm
Forum: SwOS
Topic: Can't Upgrade SWos out of SWos [SOLVED]
Replies: 4
Views: 562

Re: Can't Upgrade SWos out of SWos [SOLVED]

8) 8)
by erlinden
Thu Oct 03, 2024 1:26 pm
Forum: General
Topic: system,error,critical router was rebooted without proper shutdown
Replies: 2
Views: 321

Re: system,error,critical router was rebooted without proper shutdown

How often do you power off your device?
For me, power interruption is pretty critical.
by erlinden
Thu Oct 03, 2024 1:22 pm
Forum: SwOS
Topic: Can't Upgrade SWos out of SWos [SOLVED]
Replies: 4
Views: 562

Re: Can't Upgrade SWos out of SWos [SOLVED]

Have you tried using a different browser (and/or in-private mode)?
What device are you referring to?
by erlinden
Thu Oct 03, 2024 9:55 am
Forum: Beginner Basics
Topic: i need help with this error
Replies: 6
Views: 423

Re: i need help with this error

The amount of services you make avaiable publically is a bit worrying. Both through port forward but also on the router itself. Chances are that devices becomes (or already is) compromised...big red flag. I.e.: add action=accept chain=input dst-port=11337 protocol=tcp add action=accept chain=input d...
by erlinden
Wed Oct 02, 2024 2:41 pm
Forum: Wireless Networking
Topic: Unable to connect on 2.4GHZ 802.11n - any suggestions
Replies: 1
Views: 187

Re: Unable to connect on 2.4GHZ 802.11n - any suggestions

security setting are WPA/WPA2/WPA3
Why not leave it open?

Have you tried with WPA2-PSK only? And is the bandwidth set to 20MHz. And preferably frequency set to: 2412, 2437 or 2462?
by erlinden
Wed Oct 02, 2024 10:32 am
Forum: General
Topic: The mysteries of RouterOS
Replies: 5
Views: 362

Re: The mysteries of RouterOS

It's a real headache at times, isn't it?
Learning is...
by erlinden
Wed Oct 02, 2024 9:22 am
Forum: Beginner Basics
Topic: RB760IGS, can't connect to/ping websites/ DNS
Replies: 1
Views: 226

Re: RB760IGS, can't connect to/ping websites/ DNS

Can you share the config for that?
/export file=anynameyoulike
Remove serial and any other private info and post between code tags by using the </> button.
by erlinden
Tue Oct 01, 2024 5:29 pm
Forum: SwOS
Topic: Install SwOS on RouterOS [SOLVED]
Replies: 10
Views: 37212

Re: Install SwOS on RouterOS [SOLVED]

Not, as far as I know.
Though giving a lot of options, you don't have to use them...
by erlinden
Mon Sep 30, 2024 5:12 pm
Forum: General
Topic: How to force filter DNS
Replies: 4
Views: 347

Re: How to force filter DNS

The NAT rule is the main thing as a catch-all queries, if this shouldn't work, why does it work? Because the client is using 1) DNS servers supplied through DHCP or 2) public DNS servers that are intercepted by the rules. As soon as the client uses DoH or DoT (as @pe1chl mentioned), the requests ar...
by erlinden
Mon Sep 30, 2024 12:15 pm
Forum: Wireless Networking
Topic: CapsMan setup on ax2 & 2x cAP AX 7.15.3 with vlans
Replies: 17
Views: 962

Re: CapsMan setup on ax2 & 2x cAP AX 7.15.3 with vlans

Appart from using ether5 instead of wlan5 (typo?), indeed all you have to do is:
/interface bridge port
add bridge=bridge1 interface=ether5 pvid=10

# optional

/interface bridge vlan 
add bridge=BR1 tagged=bridge1 untagged=ether5 vlan-ids=10
by erlinden
Mon Sep 30, 2024 10:56 am
Forum: Beginner Basics
Topic: Slow internet when change IP pool address and DHCP server
Replies: 5
Views: 490

Re: Slow internet when change IP pool address and DHCP server

This shouldn't happen, as you understand. Did you change from 192.168.88.x to 192.168.0.x? Did you change on 3 locations: /ip address /ip dhcp-server network /ip pool Can you share your config after changing the subnet? /export hide-sensitive file=anynameyoulike Remove serial and any other private i...
by erlinden
Mon Sep 30, 2024 10:27 am
Forum: Beginner Basics
Topic: [SOLVED] Cannot connect to RB5009 V7.16
Replies: 5
Views: 515

Re: Cannot connect to RB5009 V7.16

Have you tried/are you familiair with netinstall?
https://help.mikrotik.com/docs/display/ROS/Netinstall
by erlinden
Mon Sep 30, 2024 9:42 am
Forum: Announcements
Topic: v7.16.1 [stable] is released!
Replies: 411
Views: 101503

Re: v7.16 [stable] is released!

I really hope this doesn't mean I once again have to set up everything from scratch.
Pretty sure you created an export, just in case this happens!? Especially after previous event...
by erlinden
Mon Sep 30, 2024 9:26 am
Forum: Wireless Networking
Topic: CAPsMAN
Replies: 9
Views: 861

Re: CAPsMAN

It helps when you speak out your doubts. If the current setup is working for you...leave it as it is. If the SSID per accesspoint is intended...leave it as it is. If there is anything you want to change, explain. I.e. roaming has some requirements; single SSID (and security and same subnet) is one o...
by erlinden
Sun Sep 29, 2024 7:10 pm
Forum: Wireless Networking
Topic: CapsMan setup on ax2 & 2x cAP AX 7.15.3 with vlans
Replies: 17
Views: 962

Re: CapsMan setup on ax2 & 2x cAP AX 7.15.3 with vlans

Sure...go ahead.

Like: share config:
/export file=anynameyoulike
Remove the serial and any other private info.

You did read the documentation?
https://help.mikrotik.com/docs/display/ ... ionexample:
by erlinden
Sun Sep 29, 2024 7:09 pm
Forum: Wireless Networking
Topic: Legacy wifi client does not connect to AX AP
Replies: 8
Views: 992

Re: Legacy wifi client does not connect to AX AP

Wpa-psk is not safe, betternot iuse it (opr use no encryption at all.
Probably (my best guess) is the 40MHz bandwidth, the entire bandwidth of 2.4GHz band is...40MHz. Not sure if that is configured in the CAPsMAN...Reconsider using encryption and bandwidth.
by erlinden
Sun Sep 29, 2024 10:11 am
Forum: Wireless Networking
Topic: CAPsMAN
Replies: 9
Views: 861

Re: CAPsMAN

by erlinden
Sat Sep 28, 2024 12:12 pm
Forum: Wireless Networking
Topic: cAP ax performance and problems
Replies: 33
Views: 14374

Re: cAP ax performance and problems

Wall mounted cAP AX running 7.17beta2, didn't bother getting of the couch to get any closer to the accesspoint(which will improve speed). Configured very basic with CAPsMAN. As client I'm using the Intel(R) Wi-Fi 6 AX200 using driver version 23.70.2.3. https://1drv.ms/i/s!AqxQT9uqCMGovOdPYVfk7Y5q9G9...
by erlinden
Sat Sep 28, 2024 11:03 am
Forum: Wireless Networking
Topic: Mikrotik cAP ax and tp-link SG2016P switch between - CAPsMAN problem, no network
Replies: 3
Views: 911

Re: Mikrotik cAP ax and tp-link SG2016P switch between - CAPsMAN problem, no network

Config is far from complete, hence vey difficult to advice.

In the documentation is a lot of information. I would start without VLAN and add that later.
https://help.mikrotik.com/docs/display/ ... iFiCAPsMAN
by erlinden
Sat Sep 28, 2024 10:56 am
Forum: General
Topic: rb4011 v7.9.2 Need downgrade but I cant
Replies: 4
Views: 522

Re: rb4011 v7.9.2 Need downgrade but I cant

Before importing the backup script, have you made sure that the device is reset with "No Default Configuration" is checked and wifi devices are enabled? You can also do the config with the script file line by line through terminal. At least you get feedback on where the script file is fail...
by erlinden
Sat Sep 28, 2024 10:51 am
Forum: Beginner Basics
Topic: DNS provider with malicious blocking
Replies: 3
Views: 617

Re: DNS provider with malicious blocking

Basically three approaches:

- use external DNS server with this functionality
- use internal DNS server with this functionality
- use AdList *)

*) https://help.mikrotik.com/docs/display/ ... DNS-Adlist
by erlinden
Fri Sep 27, 2024 5:18 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 611
Views: 111776

Re: v7.17beta [testing] is released!

Got it running, besides from working (as expected) I really like the Auth Type and Band in Wifi Registration!
by erlinden
Fri Sep 27, 2024 8:54 am
Forum: Wireless Networking
Topic: cAP ax performance and problems
Replies: 33
Views: 14374

Re: cAP ax performance and problems

I have been playing with Mikrotik OS since 2005.
And after 19 years you decided to create an account just to post this message...sure.
by erlinden
Fri Sep 27, 2024 8:41 am
Forum: Beginner Basics
Topic: Capsman on two ax2
Replies: 3
Views: 634

Re: Capsman on two ax2

Funny you missed i.e. this video:
https://www.youtube.com/watch?v=bHotZT41w3E
by erlinden
Fri Sep 27, 2024 8:39 am
Forum: Wireless Networking
Topic: CAPsMAN
Replies: 9
Views: 861

Re: CAPsMAN

I think that everything and more is possible by using CAPsMAN. Any specific doubts you have?
by erlinden
Thu Sep 26, 2024 4:31 pm
Forum: Announcements
Topic: Newsletter #120 | September 2024
Replies: 56
Views: 18061

Re: Newsletter #120 | September 2024

I absolutely love Winbox 4, have it running on both Windows and Debian!
by erlinden
Thu Sep 26, 2024 12:17 pm
Forum: General
Topic: Wireguard
Replies: 5
Views: 946

Re: Wireguard

Sooo many questions, so little information.

Please provide network diagram, purpose of the VPN and an export of the current config:
/export file=anynameyoulike
Remove serial and any other private info, post in between code tags by using the </> button.
by erlinden
Thu Sep 26, 2024 9:57 am
Forum: Wireless Networking
Topic: No Connection to CAPsMAN [SOLVED]
Replies: 17
Views: 3316

Re: No Connection to CAPsMAN [SOLVED]

Good find! You are very welcome, enjoy it!
by erlinden
Thu Sep 26, 2024 9:54 am
Forum: General
Topic: CCR1009 v7.16
Replies: 2
Views: 498

Re: CCR1009 v7.16

Anything in the log that might be of help? I.e. enough free disk space?
by erlinden
Wed Sep 25, 2024 10:16 pm
Forum: Announcements
Topic: v7.16.1 [stable] is released!
Replies: 411
Views: 101503

Re: v7.16 [stable] is released!

Can have someone any solution for this?
Do you have VLAN ID 1 configured?
Anything in the logging?
Or better, share your config?
/export file=anynameyoulike
Remove serial and any other private info.

I have the same MikroTik and this didn't happen for me.
by erlinden
Wed Sep 25, 2024 5:26 pm
Forum: Wireless Networking
Topic: No Connection to CAPsMAN [SOLVED]
Replies: 17
Views: 3316

Re: No Connection to CAPsMAN [SOLVED]

The reboot is not necessary for implementing CAPsMAN, it's just for clean up purposes.
Do you still have the config of the hAP ac2? Then it would be sufficient to just import the /interface wifi part of that device (ewxcepot for any local config).
by erlinden
Wed Sep 25, 2024 4:24 pm
Forum: Wireless Networking
Topic: No Connection to CAPsMAN [SOLVED]
Replies: 17
Views: 3316

Re: No Connection to CAPsMAN [SOLVED]

Aaah...sorry it took me this long :oops: :oops: :oops: You have the wireless package installed and are configuring the old CAPsMAN: /caps-man Remove the wireless package, it's useless. Then, follow the guide: #create a security profile /interface wifi security add authentication-types=wpa3-psk name=...
by erlinden
Wed Sep 25, 2024 3:58 pm
Forum: Wireless Networking
Topic: No Connection to CAPsMAN [SOLVED]
Replies: 17
Views: 3316

Re: No Connection to CAPsMAN [SOLVED]

By disabling the accept rule is disabled (and it is no longer accepting traffic). Instead, enable it and remove the in-interface. Again...just for testing. You can enable logging to see which traffic is passing that rule.
by erlinden
Wed Sep 25, 2024 3:48 pm
Forum: Wireless Networking
Topic: No Connection to CAPsMAN [SOLVED]
Replies: 17
Views: 3316

Re: No Connection to CAPsMAN [SOLVED]

You are absolutely right, @mkx!

Checked everything (I could), I doubt if this rule is correct:
add action=accept chain=input comment="admin access" in-interface=Bridge-LAN \
    src-address=192.168.0.0/24
Can you, at least as a test, remove the in-interface?
by erlinden
Wed Sep 25, 2024 3:24 pm
Forum: Wireless Networking
Topic: No Connection to CAPsMAN [SOLVED]
Replies: 17
Views: 3316

Re: No Connection to CAPsMAN [SOLVED]

add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \
    dst-address=127.0.0.1
Sure this has to be disabled?
by erlinden
Wed Sep 25, 2024 3:01 pm
Forum: General
Topic: Switch UNIFI whit Mikrotik
Replies: 8
Views: 1720

Re: Switch UNIFI whit Mikrotik

Then I think the IP configuration of the switch is incorrect. Doesn't explain why devices connected to the switch don't receive IP addresses. Have you already asked on the Unifi forum? Update The IP assignment is done through reservation (static lease). Hence the misinterpretation. On what port is t...
by erlinden
Wed Sep 25, 2024 2:26 pm
Forum: General
Topic: Switch UNIFI whit Mikrotik
Replies: 8
Views: 1720

Re: Switch UNIFI whit Mikrotik

Can the controller be reached from anywhere other in the network? It could be a route that is missing, could also be a misconfigured gateway on the switch. And what controller are the accesspoints configured to?
by erlinden
Wed Sep 25, 2024 1:40 pm
Forum: General
Topic: Switch UNIFI whit Mikrotik
Replies: 8
Views: 1720

Re: Switch UNIFI whit Mikrotik

This is a Unifi thing, set the controller IP address fixed through CLI:
set-inform http://[IP address of controller]:8080/inform
Your firewall rules have changed, order is a bit messed up and the forward chain is not complete. Please reconsider the current rules.
by erlinden
Wed Sep 25, 2024 12:41 pm
Forum: General
Topic: Switch UNIFI whit Mikrotik
Replies: 8
Views: 1720

Re: Switch UNIFI whit Mikrotik

Do you set the Unifi Controller address manually on the switch (or is it supplied through DHCP)? Does any other device get an IP address from the RB4011 (when directly connected to the RB)? Do you use VLAN's? Can you share the RB's config /expoort file=anynameyoulike Remove serial and any other priv...
by erlinden
Tue Sep 24, 2024 10:47 am
Forum: Announcements
Topic: v7.16.1 [stable] is released!
Replies: 411
Views: 101503

Re: v7.16 [stable] is released!

All my static leases for other Mikrotik devices got messed up after update to 7.16.
Have you set fixed Admin MAC Address on the bridge for these devices?

For me, upgrade went well on all devices (coming from either 7.16 RC5 or 7.15.3):
RB4011
hEX S
hAP AX 2
cAP AX
cAP XL ac
wAP ac
by erlinden
Tue Sep 24, 2024 8:47 am
Forum: Wireless Networking
Topic: Display connected WiFi clients?
Replies: 2
Views: 575

Re: Display connected WiFi clients?

Depends on the wifi driver you are using:

wifi-qcom(-ac)
/interface/wifi/registration-table/

wifiwave2

/interface/wifiwave2/registration-table/

wireless
/interface/wireless/registration-table/

All can be accessed through menu items and cli.
by erlinden
Mon Sep 23, 2024 5:01 pm
Forum: Beginner Basics
Topic: limit internet access
Replies: 1
Views: 585

Re: limit internet access

On your forward chain (in pseudo code):
  • allow access to specific site (by IP address?) for single device (by fixed IP address?).
  • drop everything else
by erlinden
Mon Sep 23, 2024 3:59 pm
Forum: General
Topic: Segregate an internal Wireguard server
Replies: 16
Views: 1032

Re: Segregate an internal Wireguard server

So you want to forward the remote users to a stand alone Wireguard server?
by erlinden
Mon Sep 23, 2024 3:31 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1403
Views: 315853

Re: 📣 WinBox 4 is here 📣

My best guess would be a security policy of some kind. Would that be possible? Have you tried asking support?
by erlinden
Mon Sep 23, 2024 3:15 pm
Forum: Beginner Basics
Topic: mikrotik as DHCP server with external DHCP Relay [SOLVED]
Replies: 3
Views: 726

Re: mikrotik as DHCP server with external DHCP Relay [SOLVED]

You should bind the DHCP servers to each VLAN's interface (/interface vlan) instead of binding it to the bridge.

Can you share your config?
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Mon Sep 23, 2024 3:03 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1403
Views: 315853

Re: 📣 WinBox 4 is here 📣

What OS are you using, @Hakens? I assume Windows, as you are referring to taskmanager. Is it shown on the taskbar? Where is the executable located? Have you tried removing it and afterwards, download it again (and start it from the Downloads folder)? I ran into the (different) problem that the windo...
by erlinden
Mon Sep 23, 2024 12:11 pm
Forum: General
Topic: Struggling with VLAN configuration (egress works but not ingress)
Replies: 16
Views: 1153

Re: Struggling with VLAN configuration (egress works but not ingress)

On port level you have three options: Per port you have three options: - Trunk (where all VLAN ID's will be tagged) - Accessport (where one VLAN ID will be untagged) - Hybrid (which is a combi of trunk and access) Here you find some more info and examples: https://help.mikrotik.com/docs/display/ROS/...
by erlinden
Mon Sep 23, 2024 10:23 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 73
Views: 7308

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

- .encryption=ccmp,gcmp,ccmp-256,gcmp-256. Is this something WinBox sets? Or is this on purpose? I found that @normis gave this as advice: 2) in "configuration" tab add one config template, that is all you need. don't enter anything else except SSID name and wireless password (select WPA2...
by erlinden
Sun Sep 22, 2024 12:10 pm
Forum: Beginner Basics
Topic: WiFi Setup for Access Point
Replies: 10
Views: 1192

Re: WiFi Setup for Access Point

Perhaps the interfaces are disabled?
by erlinden
Fri Sep 20, 2024 10:34 am
Forum: General
Topic: Trunk / Hybrid port - private VLAN for 1 VLAN only
Replies: 3
Views: 726

Re: Trunk / Hybrid port - private VLAN for 1 VLAN only

Intervlan communication can be blocked on a router. By default it will be accepted.
What router are you using?

Please consider not using VLAN ID 1, better assign a VLAN ID explicitely (except for ID 1).
by erlinden
Thu Sep 19, 2024 1:16 pm
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 73
Views: 7308

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

Same iPhone, upgraded to iOS 18; nothing changed with WiFi on ax^3.
Then it might be helpfull to share your (wireless) config :D
/interface wifi export
Remove serial and any other private info.
by erlinden
Thu Sep 19, 2024 11:56 am
Forum: General
Topic: Samsung TV - wifi working, ethernet does not [SOLVED]
Replies: 5
Views: 1032

Re: Samsung TV - wifi working, ethernet does not [SOLVED]

Does the TV get an IP address? Is the light of the port on?

The config would be helpfull:
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Thu Sep 19, 2024 10:49 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 73
Views: 7308

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

I remember some Apple devices (at least in the past) could have issues with mixed languages on APs within the same SSID domain.
What do you mean with mixed languages?
by erlinden
Thu Sep 19, 2024 9:36 am
Forum: Beginner Basics
Topic: only 1 lan device via wireguard
Replies: 3
Views: 856

Re: only 1 lan device via wireguard

Have you added the wireguard interface to the LAN interface list?
Made any changes to the firewall (forward chain)?
by erlinden
Thu Sep 19, 2024 9:29 am
Forum: Wireless Networking
Topic: Wifi wave 2 capsman not working lik old capsman
Replies: 1
Views: 563

Re: Wifi wave 2 capsman not working lik old capsman

If you are referring to CAPsMAN forwarding mode, you are correct. From the documentation: "WifiWave2 CAPsMAN only passes wireless configuration to the CAP, all forwarding decisions are left to the CAP itself - there is no CAPsMAN forwarding mode." and "WiFi CAPsMAN only passes wireles...
by erlinden
Thu Sep 19, 2024 9:25 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 73
Views: 7308

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

I have had lots of problems when setting encryption to everything except TKIP (Android and Windows). Can you give it a try (assuming you use Winbox) by unselecting everything, and collaps the encryption part?
by erlinden
Wed Sep 18, 2024 4:49 pm
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 73
Views: 7308

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

Can someone point me to instructions for enabling wireless debug logging?
/system logging rules
Add Topics :debug & wireless, Actions: memory.

That's it.

Can you share the wireless part of the config? Just to check current settings.
by erlinden
Wed Sep 18, 2024 2:56 pm
Forum: Beginner Basics
Topic: Lost permisions on router
Replies: 11
Views: 1006

Re: Lost permisions on router

Make an export if possible, that will help you reconfigure after netinstall.
by erlinden
Wed Sep 18, 2024 2:07 pm
Forum: Wireless Networking
Topic: CAPsMAN & CAP-AX Wireless issues
Replies: 10
Views: 990

Re: CAPsMAN & CAP-AX Wireless issues

Use fixed channels and lower their transmission power on the 2.4GHz radios .
Second best, add reselect-interval to let the radios periodically scan for best frequencies.
by erlinden
Wed Sep 18, 2024 9:38 am
Forum: Beginner Basics
Topic: Upgrading router, Wireguard not working
Replies: 4
Views: 710

Re: Upgrading router, Wireguard not working

The keys are useless in regards to the problem, but very usefull for unethical stuff.
by erlinden
Tue Sep 17, 2024 11:12 pm
Forum: Wireless Networking
Topic: CAPsMAN & CAP-AX Wireless issues
Replies: 10
Views: 990

Re: CAPsMAN & CAP-AX Wireless issues

Decrease to a max of 4 SSID's per radio.
by erlinden
Tue Sep 17, 2024 6:31 pm
Forum: Wireless Networking
Topic: CAPsMAN specific time connection [SOLVED]
Replies: 5
Views: 870

Re: CAPsMAN specific time connection [SOLVED]

No problem:

Use /system scheduler for the scheduling part and /sysstem/script for enabling/disabling the wifi interface.
by erlinden
Tue Sep 17, 2024 6:28 pm
Forum: General
Topic: Development of Wifi (qcom-ac) over Wireless
Replies: 15
Views: 1572

Re: Development of Wifi (qcom-ac) over Wireless

Without a doubt...use the wifi-qcom-ac driver. I have zero problems with Android and FT (as well as WPA3, I just disabled WPA3 for the time being). It all comes to configuration, you might want to give us the opportunity to help you get it to work. /export show-sensitive file=anynameyoulike Remove s...
by erlinden
Tue Sep 17, 2024 11:02 am
Forum: Wireless Networking
Topic: Guide: CAPsMAN configuration with management VLAN (RouterOS 7.14.3)
Replies: 15
Views: 6594

Re: Guide: CAPsMAN configuration with management VLAN (RouterOS 7.14.3)

Thanks for this post! I switched my hybrid ports to trunk ports on all devices (router/switches/accesspoints). Ran into the problem that from time to time management IP addresses were assigned to mobile devices. Hope this improves my situation.
by erlinden
Mon Sep 16, 2024 11:48 am
Forum: Wireless Networking
Topic: Capsman loosing connection when connected through switch
Replies: 32
Views: 2324

Re: Capsman loosing connection when connected through switch

Could it be roaming related? Do you have RSTP configured?
by erlinden
Mon Sep 16, 2024 11:31 am
Forum: Wireless Networking
Topic: Capsman loosing connection when connected through switch
Replies: 32
Views: 2324

Re: Capsman loosing connection when connected through switch

One VLAN? What is the purpose of having a single VLAN?
Can you share the config?
/export file=anynameyoulike
Remove serial and any other private info and post between code tags by using the </> button.
by erlinden
Sun Sep 15, 2024 4:50 pm
Forum: Wireless Networking
Topic: capsman roaming
Replies: 1
Views: 535

Re: capsman roaming

Running both 5GHz radios on the same frequency is terrible for roaming. As well your 2.4GHz radios might transmit on the same frquency...

Next, accesslist rules I prefer to order as filter rules: specify what is accepted, block (reject) what isn't on the end of the chain.
by erlinden
Fri Sep 13, 2024 10:17 am
Forum: Wireless Networking
Topic: Queue Capsman
Replies: 3
Views: 445

Re: Queue Capsman

Get the export:
/export file=anynameyoulike
Remove serial and any other private info, post in between code tags by using the </> button.
by erlinden
Fri Sep 13, 2024 8:44 am
Forum: RouterBOARD hardware
Topic: RB5009 Port Lockup
Replies: 4
Views: 774

Re: RB5009 Port Lockup

The things I noticed is that you have two bridges, please remove bridge1-Public, it serves no purpose. Are you sure you want to have all ports on the same bridge? Could there be a loop in the network? Could you provide a network diagram? My first guess would be introducing spanning tree protocol: ht...
by erlinden
Thu Sep 12, 2024 5:42 pm
Forum: RouterBOARD hardware
Topic: RB5009 Port Lockup
Replies: 4
Views: 774

Re: RB5009 Port Lockup

Can you share the config, just to rule out anything on that part?
/export file=anynameyoulike
Remove serial and any other private info and post in between code tags by using the </> button.
by erlinden
Thu Sep 12, 2024 3:12 pm
Forum: General
Topic: VLANs unable to do DNS lookup [SOLVED]
Replies: 5
Views: 982

Re: VLANs unable to do DNS lookup [SOLVED]

You might want to change this: add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN into: add action=accept chain=input comment="allow access from LAN" in-interface-list=LAN add action=accept chain=input comment="DNS from VLAN&qu...
by erlinden
Wed Sep 11, 2024 10:03 am
Forum: General
Topic: Adding a second /24 network troubles
Replies: 7
Views: 627

Re: Adding a second /24 network troubles

Any reason why you are not using 10.172.12.0/23 ?
by erlinden
Wed Sep 11, 2024 8:41 am
Forum: Beginner Basics
Topic: Connecting hAP ac3 and cAP ax - Setup Help Needed [SOLVED]
Replies: 2
Views: 721

Re: Connecting hAP ac3 and cAP ax - Setup Help Needed [SOLVED]

I would use CAPsMAN, that will give you the option to manage the network with one device. There are some thing to make it work great: Use latest stable, currently 7.15.3 Install wifi-qcom-ac on the hAP ac3 (instead of wireless package) Set the cAP ax into CAPS Mode Resources on this topic: https://m...
by erlinden
Wed Sep 11, 2024 8:29 am
Forum: General
Topic: Fixed IP for Switch Port
Replies: 2
Views: 545

Re: Fixed IP for Switch Port

Perhaps having a DHCP scope consisting of a single IP address can do this for you? Bind the DHCP server to this interface (port) and set a short lease time.
by erlinden
Tue Sep 10, 2024 6:06 pm
Forum: Beginner Basics
Topic: HAP AC3 as CapsMan for 2x HAP AX2
Replies: 5
Views: 621

Re: HAP AC3 as CapsMan for 2x HAP AX2

There is only one correct CAPsMAN version managing ax (wifi-qom) devices. This is part of RouterOS version 7.13 and up.
No need to install anything additional (like wifi-qcom-ac or wireless) for having CAPsMAN.
by erlinden
Tue Sep 10, 2024 2:42 pm
Forum: Beginner Basics
Topic: HAP AC3 as CapsMan for 2x HAP AX2
Replies: 5
Views: 621

Re: HAP AC3 as CapsMan for 2x HAP AX2

Very good combination, the wifi-qcom-ac is only beneficial if you need wireless on your hAP ac3. Otherwise, @infabo mentioned, you can uninstall it.
by erlinden
Tue Sep 10, 2024 11:36 am
Forum: General
Topic: How to stop/block pinging from outsider
Replies: 3
Views: 477

Re: How to stop/block pinging from outsider

If I recall correctly however, ping (ICMP) is allowed inbound by default. I prefer to block this via firewall rule.
Actually, ICMP traffic is accepted. It is used for more then ping only.
by erlinden
Tue Sep 10, 2024 10:22 am
Forum: General
Topic: IOT devices won't connect using VLAN [SOLVED]
Replies: 4
Views: 960

Re: IOT devices won't connect using VLAN [SOLVED]

I have found this: /interface bridge vlan add bridge=bridge comment=Gasten tagged=bridge vlan-ids=30 add bridge=bridge comment=IOT tagged=bridge vlan-ids=20 I would expect to see VLAN filtering on the port(s) as well. Currently the VLAN config is incomplete. Is there a trunk/hybrid port to the switc...
by erlinden
Tue Sep 10, 2024 8:57 am
Forum: Wireless Networking
Topic: Wifi core and repeaters config - Setup issue
Replies: 10
Views: 898

Re: Wifi core and repeaters config - Setup issue

For feedback or help, the config is required:
/export file=anynameyoulike
Remove serial and any other private info.

There is no option to run wired? Wireless backhaul is consuming a lot (at least halve) of your wireless bandwidth.
by erlinden
Mon Sep 09, 2024 4:24 pm
Forum: Wireless Networking
Topic: Capsman beginner help
Replies: 2
Views: 421

Re: Capsman beginner help

If you run the wifi-qcom-ac package on the cAP ac (instead of the wireless package) you should be fine. Here you can find the documentation: https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPsMAN-CAPsimpleconfigurationexample: Could you add the ouput of this command as well? /interface/wifi ex...
by erlinden
Mon Sep 09, 2024 12:53 pm
Forum: Wireless Networking
Topic: CAPsMAN - Problem unable to see Radios
Replies: 3
Views: 610

Re: CAPsMAN - Problem unable to see Radios

I would like to advise you to reset the CAP to CAPS Mode:
https://help.mikrotik.com/docs/display/UM/cAP+XL+ac
by erlinden
Mon Sep 09, 2024 11:29 am
Forum: Beginner Basics
Topic: how to forward port for wireguard tunnel
Replies: 1
Views: 421

Re: how to forward port for wireguard tunnel

This explenation, which is part of the official MikroTik documentation, will explain exactely how to configure this setup:
https://help.mikrotik.com/docs/display/ ... uardtunnel
by erlinden
Thu Sep 05, 2024 3:57 pm
Forum: General
Topic: IOT devices won't connect using VLAN [SOLVED]
Replies: 4
Views: 960

Re: IOT devices won't connect using VLAN [SOLVED]

Can you share the config?
/export file=anynameyoulike
Remove serial and any other private info and post between code tags by using the </> button.
by erlinden
Wed Sep 04, 2024 5:17 pm
Forum: General
Topic: Mikrotik Vlan
Replies: 2
Views: 416

Re: Mikrotik Vlan

Can you share the config:
/export file=anynameyoulike
Remove serial and post between code tags by using the </> button.

Also, here is a great reference when it comes to VLAN:
viewtopic.php?t=143620
by erlinden
Wed Sep 04, 2024 4:05 pm
Forum: Wireless Networking
Topic: Slow WiFi [SOLVED]
Replies: 31
Views: 3010

Re: Slow WiFi [SOLVED]

If no VLAN's are involved, the D-Link will do just fine (assuming it has gigabit ports). The cAP ac does handle the wifi-qcom-ac pretty well (in my experience), though I red someone having out of memory problems (therefor a daily reboot was introduced). Haven't seen that problem myself (uptime over ...
by erlinden
Wed Sep 04, 2024 11:28 am
Forum: Wireless Networking
Topic: Legacy and new CAPsMan on the same x86 device
Replies: 6
Views: 1021

Re: Legacy and new CAPsMan on the same x86 device

Can someone help?
Depends on how you want it to work exactly. Fyi, legacy supports CAPsMAN forwarding, wifi-qcom(-ac) doesn't.
by erlinden
Wed Sep 04, 2024 9:24 am
Forum: Beginner Basics
Topic: Email Spams problem due to malware in some device in the network
Replies: 3
Views: 575

Re: Email Spams problem due to malware in some device in the network

And how can i disable the port for everyone else
Add a drop rule on the forward chain that drops everything else:
add action=drop chain=forward
Make sure this rule is at the end of your rules.

I prefer the "allow specific traffic and drop everything else" way of thinking.
by erlinden
Tue Sep 03, 2024 5:38 pm
Forum: Beginner Basics
Topic: Email Spams problem due to malware in some device in the network
Replies: 3
Views: 575

Re: Email Spams problem due to malware in some device in the network

Allow on Source Address List, with dst port 587, protocol 6 (tcp), on the forward chain. This should be sufficient information...
by erlinden
Tue Sep 03, 2024 4:13 pm
Forum: Beginner Basics
Topic: Stuck in new setup
Replies: 6
Views: 1014

Re: Stuck in new setup

Now I see...you don't want to have your IP address of the accesspoint in the same range as the office IP. Normally (I assumed because of the VLAN ID) you would have a management VLAN where you do the IP assignement of all hardware involved. To get it to work you can set the BAS_VLAN to ID 100. Not s...
by erlinden
Tue Sep 03, 2024 3:25 pm
Forum: Beginner Basics
Topic: Stuck in new setup
Replies: 6
Views: 1014

Re: Stuck in new setup

Looks like MGT and CORP VLAN are messed up. I.e. the different network ranges are incorrect. Start with a basic setup and follow the topic by the letter. Then make changes as desired.

In regards to no access, are you using Winbox? Does it show up on discovery?
by erlinden
Tue Sep 03, 2024 8:44 am
Forum: General
Topic: netinstall ethernet port of hap ax3?
Replies: 4
Views: 658

Re: netinstall ethernet port of hap ax3?

Did you follow this wiki step by step?
https://wiki.mikrotik.com/wiki/Manual:Netinstall

As far as I know all ax devices are v7. Any reason for wanting to run v6?
by erlinden
Tue Sep 03, 2024 8:03 am
Forum: General
Topic: Which firmware is better, V6 or V7
Replies: 4
Views: 839

Re: Which firmware is better, V6 or V7

Gentlemen, what is the difference between firmware V6 and V7, which is better?
better?
by erlinden
Mon Sep 02, 2024 10:13 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 126
Views: 13236

Re: hap ax3 random wireless disconnects

Yes, I know. And I'll tell my corporate laptop it should disconnect more often :D
by erlinden
Mon Sep 02, 2024 10:09 pm
Forum: Scripting
Topic: DuckDNS on Mikrotik [SOLVED]
Replies: 2
Views: 1003

Re: DuckDNS on Mikrotik [SOLVED]

If you post an export of your config, we can have a look:
/export file=anynameyoulike
Post the content here without serial and any other private info en place it in between code tags by using the </> button.
by erlinden
Mon Sep 02, 2024 10:01 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 126
Views: 13236

Re: hap ax3 random wireless disconnects

Would be beneficial if all people with problems share their config (at least the /interface/wifi part) to validate settings. Additional tip: when going up and down in versions you might run into some strange problems. Actually, I did...hence some steps that might be of use. I would advise (in case y...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9