Community discussions

MikroTik App

Search found 2408 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9
by erlinden
Mon Sep 16, 2024 11:48 am
Forum: Wireless Networking
Topic: Capsman loosing connection when connected through switch
Replies: 11
Views: 401

Re: Capsman loosing connection when connected through switch

Could it be roaming related? Do you have RSTP configured?
by erlinden
Mon Sep 16, 2024 11:31 am
Forum: Wireless Networking
Topic: Capsman loosing connection when connected through switch
Replies: 11
Views: 401

Re: Capsman loosing connection when connected through switch

One VLAN? What is the purpose of having a single VLAN?
Can you share the config?
/export file=anynameyoulike
Remove serial and any other private info and post between code tags by using the </> button.
by erlinden
Sun Sep 15, 2024 4:50 pm
Forum: Wireless Networking
Topic: capsman roaming
Replies: 1
Views: 192

Re: capsman roaming

Running both 5GHz radios on the same frequency is terrible for roaming. As well your 2.4GHz radios might transmit on the same frquency...

Next, accesslist rules I prefer to order as filter rules: specify what is accepted, block (reject) what isn't on the end of the chain.
by erlinden
Fri Sep 13, 2024 10:17 am
Forum: Wireless Networking
Topic: Queue Capsman
Replies: 3
Views: 235

Re: Queue Capsman

Get the export:
/export file=anynameyoulike
Remove serial and any other private info, post in between code tags by using the </> button.
by erlinden
Fri Sep 13, 2024 8:44 am
Forum: RouterBOARD hardware
Topic: RB5009 Port Lockup
Replies: 4
Views: 393

Re: RB5009 Port Lockup

The things I noticed is that you have two bridges, please remove bridge1-Public, it serves no purpose. Are you sure you want to have all ports on the same bridge? Could there be a loop in the network? Could you provide a network diagram? My first guess would be introducing spanning tree protocol: ht...
by erlinden
Thu Sep 12, 2024 5:42 pm
Forum: RouterBOARD hardware
Topic: RB5009 Port Lockup
Replies: 4
Views: 393

Re: RB5009 Port Lockup

Can you share the config, just to rule out anything on that part?
/export file=anynameyoulike
Remove serial and any other private info and post in between code tags by using the </> button.
by erlinden
Thu Sep 12, 2024 3:12 pm
Forum: General
Topic: VLANs unable to do DNS lookup [SOLVED]
Replies: 5
Views: 339

Re: VLANs unable to do DNS lookup [SOLVED]

You might want to change this: add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN into: add action=accept chain=input comment="allow access from LAN" in-interface-list=LAN add action=accept chain=input comment="DNS from VLAN&qu...
by erlinden
Wed Sep 11, 2024 10:03 am
Forum: General
Topic: Adding a second /24 network troubles
Replies: 7
Views: 386

Re: Adding a second /24 network troubles

Any reason why you are not using 10.172.12.0/23 ?
by erlinden
Wed Sep 11, 2024 8:41 am
Forum: Beginner Basics
Topic: Connecting hAP ac3 and cAP ax - Setup Help Needed [SOLVED]
Replies: 2
Views: 283

Re: Connecting hAP ac3 and cAP ax - Setup Help Needed [SOLVED]

I would use CAPsMAN, that will give you the option to manage the network with one device. There are some thing to make it work great: Use latest stable, currently 7.15.3 Install wifi-qcom-ac on the hAP ac3 (instead of wireless package) Set the cAP ax into CAPS Mode Resources on this topic: https://m...
by erlinden
Wed Sep 11, 2024 8:29 am
Forum: General
Topic: Fixed IP for Switch Port
Replies: 2
Views: 219

Re: Fixed IP for Switch Port

Perhaps having a DHCP scope consisting of a single IP address can do this for you? Bind the DHCP server to this interface (port) and set a short lease time.
by erlinden
Tue Sep 10, 2024 6:06 pm
Forum: Beginner Basics
Topic: HAP AC3 as CapsMan for 2x HAP AX2
Replies: 5
Views: 327

Re: HAP AC3 as CapsMan for 2x HAP AX2

There is only one correct CAPsMAN version managing ax (wifi-qom) devices. This is part of RouterOS version 7.13 and up.
No need to install anything additional (like wifi-qcom-ac or wireless) for having CAPsMAN.
by erlinden
Tue Sep 10, 2024 2:42 pm
Forum: Beginner Basics
Topic: HAP AC3 as CapsMan for 2x HAP AX2
Replies: 5
Views: 327

Re: HAP AC3 as CapsMan for 2x HAP AX2

Very good combination, the wifi-qcom-ac is only beneficial if you need wireless on your hAP ac3. Otherwise, @infabo mentioned, you can uninstall it.
by erlinden
Tue Sep 10, 2024 11:36 am
Forum: General
Topic: How to stop/block pinging from outsider
Replies: 3
Views: 305

Re: How to stop/block pinging from outsider

If I recall correctly however, ping (ICMP) is allowed inbound by default. I prefer to block this via firewall rule.
Actually, ICMP traffic is accepted. It is used for more then ping only.
by erlinden
Tue Sep 10, 2024 10:22 am
Forum: General
Topic: IOT devices won't connect using VLAN [SOLVED]
Replies: 4
Views: 525

Re: IOT devices won't connect using VLAN [SOLVED]

I have found this: /interface bridge vlan add bridge=bridge comment=Gasten tagged=bridge vlan-ids=30 add bridge=bridge comment=IOT tagged=bridge vlan-ids=20 I would expect to see VLAN filtering on the port(s) as well. Currently the VLAN config is incomplete. Is there a trunk/hybrid port to the switc...
by erlinden
Tue Sep 10, 2024 8:57 am
Forum: Wireless Networking
Topic: Wifi core and repeaters config - Setup issue
Replies: 10
Views: 630

Re: Wifi core and repeaters config - Setup issue

For feedback or help, the config is required:
/export file=anynameyoulike
Remove serial and any other private info.

There is no option to run wired? Wireless backhaul is consuming a lot (at least halve) of your wireless bandwidth.
by erlinden
Mon Sep 09, 2024 4:24 pm
Forum: Wireless Networking
Topic: Capsman beginner help
Replies: 2
Views: 216

Re: Capsman beginner help

If you run the wifi-qcom-ac package on the cAP ac (instead of the wireless package) you should be fine. Here you can find the documentation: https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPsMAN-CAPsimpleconfigurationexample: Could you add the ouput of this command as well? /interface/wifi ex...
by erlinden
Mon Sep 09, 2024 12:53 pm
Forum: Wireless Networking
Topic: CAPsMAN - Problem unable to see Radios
Replies: 3
Views: 402

Re: CAPsMAN - Problem unable to see Radios

I would like to advise you to reset the CAP to CAPS Mode:
https://help.mikrotik.com/docs/display/UM/cAP+XL+ac
by erlinden
Mon Sep 09, 2024 11:29 am
Forum: Beginner Basics
Topic: how to forward port for wireguard tunnel
Replies: 1
Views: 185

Re: how to forward port for wireguard tunnel

This explenation, which is part of the official MikroTik documentation, will explain exactely how to configure this setup:
https://help.mikrotik.com/docs/display/ ... uardtunnel
by erlinden
Thu Sep 05, 2024 3:57 pm
Forum: General
Topic: IOT devices won't connect using VLAN [SOLVED]
Replies: 4
Views: 525

Re: IOT devices won't connect using VLAN [SOLVED]

Can you share the config?
/export file=anynameyoulike
Remove serial and any other private info and post between code tags by using the </> button.
by erlinden
Wed Sep 04, 2024 5:17 pm
Forum: General
Topic: Mikrotik Vlan
Replies: 2
Views: 268

Re: Mikrotik Vlan

Can you share the config:
/export file=anynameyoulike
Remove serial and post between code tags by using the </> button.

Also, here is a great reference when it comes to VLAN:
viewtopic.php?t=143620
by erlinden
Wed Sep 04, 2024 4:05 pm
Forum: Wireless Networking
Topic: Slow WiFi [SOLVED]
Replies: 31
Views: 2296

Re: Slow WiFi [SOLVED]

If no VLAN's are involved, the D-Link will do just fine (assuming it has gigabit ports). The cAP ac does handle the wifi-qcom-ac pretty well (in my experience), though I red someone having out of memory problems (therefor a daily reboot was introduced). Haven't seen that problem myself (uptime over ...
by erlinden
Wed Sep 04, 2024 11:28 am
Forum: Wireless Networking
Topic: Legacy and new CAPsMan on the same x86 device
Replies: 6
Views: 831

Re: Legacy and new CAPsMan on the same x86 device

Can someone help?
Depends on how you want it to work exactly. Fyi, legacy supports CAPsMAN forwarding, wifi-qcom(-ac) doesn't.
by erlinden
Wed Sep 04, 2024 9:24 am
Forum: Beginner Basics
Topic: Email Spams problem due to malware in some device in the network
Replies: 3
Views: 368

Re: Email Spams problem due to malware in some device in the network

And how can i disable the port for everyone else
Add a drop rule on the forward chain that drops everything else:
add action=drop chain=forward
Make sure this rule is at the end of your rules.

I prefer the "allow specific traffic and drop everything else" way of thinking.
by erlinden
Tue Sep 03, 2024 5:38 pm
Forum: Beginner Basics
Topic: Email Spams problem due to malware in some device in the network
Replies: 3
Views: 368

Re: Email Spams problem due to malware in some device in the network

Allow on Source Address List, with dst port 587, protocol 6 (tcp), on the forward chain. This should be sufficient information...
by erlinden
Tue Sep 03, 2024 4:13 pm
Forum: Beginner Basics
Topic: Stuck in new setup
Replies: 6
Views: 772

Re: Stuck in new setup

Now I see...you don't want to have your IP address of the accesspoint in the same range as the office IP. Normally (I assumed because of the VLAN ID) you would have a management VLAN where you do the IP assignement of all hardware involved. To get it to work you can set the BAS_VLAN to ID 100. Not s...
by erlinden
Tue Sep 03, 2024 3:25 pm
Forum: Beginner Basics
Topic: Stuck in new setup
Replies: 6
Views: 772

Re: Stuck in new setup

Looks like MGT and CORP VLAN are messed up. I.e. the different network ranges are incorrect. Start with a basic setup and follow the topic by the letter. Then make changes as desired.

In regards to no access, are you using Winbox? Does it show up on discovery?
by erlinden
Tue Sep 03, 2024 8:44 am
Forum: General
Topic: netinstall ethernet port of hap ax3?
Replies: 4
Views: 411

Re: netinstall ethernet port of hap ax3?

Did you follow this wiki step by step?
https://wiki.mikrotik.com/wiki/Manual:Netinstall

As far as I know all ax devices are v7. Any reason for wanting to run v6?
by erlinden
Tue Sep 03, 2024 8:03 am
Forum: General
Topic: Which firmware is better, V6 or V7
Replies: 4
Views: 553

Re: Which firmware is better, V6 or V7

Gentlemen, what is the difference between firmware V6 and V7, which is better?
better?
by erlinden
Mon Sep 02, 2024 10:13 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 75
Views: 7530

Re: hap ax3 random wireless disconnects

Yes, I know. And I'll tell my corporate laptop it should disconnect more often :D
by erlinden
Mon Sep 02, 2024 10:09 pm
Forum: Scripting
Topic: DuckDNS on Mikrotik
Replies: 1
Views: 369

Re: DuckDNS on Mikrotik

If you post an export of your config, we can have a look:
/export file=anynameyoulike
Post the content here without serial and any other private info en place it in between code tags by using the </> button.
by erlinden
Mon Sep 02, 2024 10:01 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 75
Views: 7530

Re: hap ax3 random wireless disconnects

Would be beneficial if all people with problems share their config (at least the /interface/wifi part) to validate settings. Additional tip: when going up and down in versions you might run into some strange problems. Actually, I did...hence some steps that might be of use. I would advise (in case y...
by erlinden
Mon Sep 02, 2024 9:55 pm
Forum: Beginner Basics
Topic: capsman stops working after 7.14 upgrade [SOLVED]
Replies: 4
Views: 1774

Re: capsman stops working after 7.14 upgrade [SOLVED]

And in addition to @holvoetn complete answer: when upgrading through CAPsMAN, all packages are required (and installed). Manual upgrade is, as far as I know, the only way to miss packages.
by erlinden
Mon Sep 02, 2024 4:30 pm
Forum: SwOS
Topic: RB260GS login shows error after reset
Replies: 2
Views: 1189

Re: RB260GS login shows error after reset

Could it be a cache problem? Have you tried using an InPrivate session?
by erlinden
Fri Aug 30, 2024 11:48 am
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1263

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Removing and adding the slave interfaces did the trick...working as expected and befor.
Will stick to MikroTik longer.
by erlinden
Fri Aug 30, 2024 11:26 am
Forum: General
Topic: Wifi Interface with no channel
Replies: 6
Views: 422

Re: Wifi Interface with no channel

It is indeed, hence you should install the wireless-7.xx.x-mipsbe.npk package (which is located in the \MIPSBE\Extra packages file.
by erlinden
Fri Aug 30, 2024 10:37 am
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1263

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

I did configure it with VLAN on the bridge, and the HOME network is working perfectly with VLAN ID 50, GUEST on VLAN ID 51 isn't (actually, it created interfaces dynamically with VLAN ID 1 for the GUEST network, hence there were MGT VLAN IP addresses assigned, as that is the untagged VLAN on eth0 of...
by erlinden
Thu Aug 29, 2024 8:14 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1263

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Thanks as well, @mkx. Really appreciate your help! This is my current config: /interface bridge add admin-mac=xxxxxxxxxxxx auto-mac=no name=bridge-lan /interface ethernet set [ find default-name=ether1 ] name=ether1-trunk set [ find default-name=ether2 ] name=ether2-camera-rechts set [ find default-...
by erlinden
Thu Aug 29, 2024 5:39 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1263

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Ok, I have adjusted as you configured it and removed the learning part.
Will monitor if this is of any help...thanks!
by erlinden
Thu Aug 29, 2024 5:16 pm
Forum: Beginner Basics
Topic: Default SOHO Firewall Rules
Replies: 10
Views: 746

Re: Default SOHO Firewall Rules

The default rules are enough for protection. Because your picture is no showing (better post /ip/firewall export), it is hard to say what you did. And I'm not going to read some website.
by erlinden
Thu Aug 29, 2024 3:33 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1263

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

The only thing I see in your config that jumps out at me is the independent-learning value.
Thanks gotsprings !

Another difference I notice is that you have switch1-cpu added to all your /interface ethernet switch vlan
May I ask what is the purpose of that?
by erlinden
Thu Aug 29, 2024 1:43 pm
Forum: Wireless Networking
Topic: Recommendations for replacement for Ubiquiti Picostation
Replies: 13
Views: 892

Re: Recommendations for replacement for Ubiquiti Picostation

Can you please add the requirements (apart from being outside and handling 20 caravans)?
by erlinden
Thu Aug 29, 2024 1:02 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1263

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Bringing this topic back to live. I made all the adjustments to get rid of the VLAN ID = 1 necessity. All is working well, except for wireless and VLAN. For some reason I see in ARP and DHCP (leases) that wireless clients do sometimes get both IP addresses from the HOME or Guest VLAN AND the MGT VLA...
by erlinden
Thu Aug 29, 2024 9:23 am
Forum: General
Topic: CRS3X Switches and storm control/LoopProtect
Replies: 2
Views: 338

Re: CRS3X Switches and storm control/LoopProtect

This could very well be a user problem. Could you share the switch's config?
/export file=anynameyoulike
Remove serial and any other private info and place in between code tags by using the </> button.
by erlinden
Thu Aug 29, 2024 9:21 am
Forum: Beginner Basics
Topic: Need assistance with VLAN Firewall and NAT rules
Replies: 4
Views: 448

Re: Need assistance with VLAN Firewall and NAT rules

Your life would be much easier if you choose to go VLAN all the way. Lots of (correct) and great examples can be found in this topic: https://forum.mikrotik.com/viewtopic.php?t=143620 In regards to the firewall, you could consider allowing explicitely and dropping everything else. Just make sure tha...
by erlinden
Thu Aug 29, 2024 9:17 am
Forum: General
Topic: CapXL simple VLAN tagging [SOLVED]
Replies: 15
Views: 942

Re: CapXL simple VLAN tagging [SOLVED]

Sorry for missing the link. And thanks @jadaz!

The explanation of any setting can be found here:
https://help.mikrotik.com/docs/display/ROS/WiFi
by erlinden
Wed Aug 28, 2024 4:14 pm
Forum: Beginner Basics
Topic: Wireguard Persistent keep alive, Responder
Replies: 5
Views: 492

Re: Wireguard Persistent keep alive, Responder

Keepalive should be set on the "client" peer (as well as the is-responder).
by erlinden
Wed Aug 28, 2024 1:04 pm
Forum: Beginner Basics
Topic: Wireguard Persistent keep alive, Responder
Replies: 5
Views: 492

Re: Wireguard Persistent keep alive, Responder

From the documentation: is-responder (yes | no; Default: no) Specifies if peer is intended to be connection initiator or only responder. Should be used on WireGuard devices that are used as "servers" for other devices as clients to connect to. Otherwise router will all repeatedly try to co...
by erlinden
Wed Aug 28, 2024 12:37 pm
Forum: Wireless Networking
Topic: Slow WiFi [SOLVED]
Replies: 31
Views: 2296

Re: Slow WiFi [SOLVED]

If a wired conneciton is fast, then it is not related to the routing part of the router. I also notice that the 2.4GHz radio is broadcasting on channels 1, 3 and 6. In an ideal world (funny in the 2.4GHz context) you would only use channels 1, 6 and 11. Might want to configure frequencies 2412, 2437...
by erlinden
Wed Aug 28, 2024 11:41 am
Forum: Wireless Networking
Topic: NV2 on AX
Replies: 6
Views: 1006

Re: NV2 on AX

Not only that, but the new capsman is not compatible with the older one. So if you have older devices and you buy a new one, you are SOL. Bit harsh, there are two paths you can walk in this use case: - if only ARM devices involved, upgrade them with the wifi-qcom-ac driver. - it is possible to run ...
by erlinden
Wed Aug 28, 2024 11:37 am
Forum: Wireless Networking
Topic: Ether: bridge port receiving packet with its own MAC address
Replies: 17
Views: 1336

Re: Ether: bridge port receiving packet with its own MAC address

Can you add both the logging and the config?
/export file=anynameyoulike
Remove serial and any other private info, post in between code tags by using the </> button.
by erlinden
Wed Aug 28, 2024 11:27 am
Forum: General
Topic: Dynamic DNS [SOLVED]
Replies: 12
Views: 776

Re: Dynamic DNS [SOLVED]

You have to come up with your requirements first. If you are aiming for 99.99% uptime, there might be better solutions.
I can tell you it is working perfectly for me, and that might give you the impression it is perfect for you too. But again, only you can tell.
by erlinden
Wed Aug 28, 2024 11:02 am
Forum: General
Topic: Dynamic DNS [SOLVED]
Replies: 12
Views: 776

Re: Dynamic DNS [SOLVED]

So, "down a couple of times" during a period of years can be considered acceptable, right?
Is it acceptable to you? That is all that matters.
by erlinden
Wed Aug 28, 2024 9:41 am
Forum: General
Topic: Dynamic DNS [SOLVED]
Replies: 12
Views: 776

Re: Dynamic DNS [SOLVED]

Have been using it for years. Setup is very easy (checkbox), I noticed that the service has been down a couple of times.
by erlinden
Wed Aug 28, 2024 9:14 am
Forum: General
Topic: CapXL simple VLAN tagging [SOLVED]
Replies: 15
Views: 942

Re: CapXL simple VLAN tagging [SOLVED]

You would need to implement VLAN filtering on the bridge.
If you read this topic, you can find the AccessPoint.rsc which contains an example. In this example, all wifi interfaces are VLAN filtered, you just have to make the guest wifi interfaces so called "access ports".
by erlinden
Tue Aug 27, 2024 6:05 pm
Forum: Wireless Networking
Topic: Big Campus Networking help
Replies: 2
Views: 338

Re: Big Campus Networking help

It depends, especially as these requirements are far from complete.

And where does the maximum number of accesspoints come from?
Why are you assigned with this task?
What is the budget?

Choosing hardware is the least difficult part of this job.
by erlinden
Tue Aug 27, 2024 5:39 pm
Forum: Wireless Networking
Topic: Slow WiFi [SOLVED]
Replies: 31
Views: 2296

Re: Slow WiFi [SOLVED]

Well, then start by describing the issue you need to resolve first.
The topic name might give an indication :D
But agreed, both problem description and the requirements are very welcome!
by erlinden
Tue Aug 27, 2024 5:19 pm
Forum: Wireless Networking
Topic: Slow WiFi [SOLVED]
Replies: 31
Views: 2296

Re: Slow WiFi [SOLVED]

Some feedback requires insights into the config:
/export file=anynameyoulike
Remove serial and any other private info and post here inbtween code tags by using the </> button.
by erlinden
Tue Aug 27, 2024 2:50 pm
Forum: General
Topic: VLAN and Passthrough
Replies: 3
Views: 440

Re: VLAN and Passthrough

A topic which is really going to help you:
viewtopic.php?t=143620
by erlinden
Mon Aug 26, 2024 7:43 pm
Forum: Wireless Networking
Topic: SA Query timeout
Replies: 86
Views: 21836

Re: SA Query timeout

Giving this a go! Disabled it on 5Ghz interface and switched back from WPA2/3 to WPA/WPA2.
Why use WPA (when you can use open)?
8)
by erlinden
Sun Aug 25, 2024 10:16 am
Forum: Beginner Basics
Topic: Stuck in new setup
Replies: 6
Views: 772

Re: Stuck in new setup

Better (best?) idea is using VLAN's. Please read this great topic to get loads of informations and examples:
viewtopic.php?t=143620
by erlinden
Sun Aug 25, 2024 12:30 am
Forum: Beginner Basics
Topic: New router but no 5GHz - broken?
Replies: 3
Views: 437

Re: New router but no 5GHz - broken?

Because the frequency isn't set, it could take up to 10 minutes until the 5GHz radio is broadcasting.
You can set the frequency to 5180 (channel 36) manually to avoid this situation.

Does the log give any info?
At what frequency is the radio broadcasting?
by erlinden
Sat Aug 24, 2024 5:59 pm
Forum: Wireless Networking
Topic: HAP AX2 no connection to CAPsMAN
Replies: 10
Views: 654

Re: HAP AX2 no connection to CAPsMAN

How do I enable the capsman server on one of the AX2? I dont see a Capman option to enable it and set certificate options.
https://help.mikrotik.com/docs/display/ ... ionexample:
by erlinden
Fri Aug 23, 2024 7:29 pm
Forum: Beginner Basics
Topic: New router but no 5GHz - broken?
Replies: 3
Views: 437

Re: New router but no 5GHz - broken?

Yeah...or misconfigured. You make it a bit challenging coming up with a reason with the little info you provide.
Can you post:
/export file=annameyoulike
Remove serial and any other private info.
by erlinden
Thu Aug 22, 2024 2:49 pm
Forum: Wireless Networking
Topic: Mikrotik or others on AX wifi access point
Replies: 160
Views: 7763

Re: Mikrotik or others on AX wifi access point

As I mentioned in the article above, I really don't understand it very well, but maybe I can write the config details here as soon as possible and get ideas from you. Thank you.
Sure, no problem. It would be really great to have the config of the cAP ac as well, just to compare.
by erlinden
Thu Aug 22, 2024 2:44 pm
Forum: Wireless Networking
Topic: Mikrotik or others on AX wifi access point
Replies: 160
Views: 7763

Re: Mikrotik or others on AX wifi access point

What makes you think it is better and what makes you think it is not. Might be interesting to lower transmission power to get better performance.
by erlinden
Thu Aug 22, 2024 11:32 am
Forum: General
Topic: Port 445 is open even though samba is disabled
Replies: 8
Views: 572

Re: Port 445 is open even though samba is disabled

Then it would be interesting to see your complete config:
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Thu Aug 22, 2024 9:53 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 259
Views: 91025

Re: v7.16rc [testing] is released!

Standalone AP or using CAPsMan?
CAPsMAN:

RB4011, 2x RB960 (v6.49.13), 1x Powerbox Pro (v6.49.13), 2x cAP AX, 1x wAP ac
by erlinden
Wed Aug 21, 2024 4:37 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 259
Views: 91025

Re: v7.16rc [testing] is released!

I ran into a problem with VLAN's: wireless clients got MGT VLAN addresses assigned as well as HOME VLAN addresses. Found out from looking at the DHCP leases and IP ARP entries. After downgrading to 7.15.3 the problem was solved.

Yes, all information was supplied to support.
by erlinden
Wed Aug 21, 2024 4:04 pm
Forum: General
Topic: CRS 317-1G-16S+ Inter-VLAN routing problems (Solved)
Replies: 3
Views: 618

Re: CRS 317-1G-16S+ Inter-VLAN routing problems

Don't use VLAN ID = 1 explicitely /interface vlan add comment="Core infrastructure/Management VLAN" interface=Bridge name=VLAN1 vlan-id=1 add comment="Servers' VLAN" interface=Bridge name=VLAN250 vlan-id=250 Also, I'm missing VLAN 3249 as part of the /interface vlan (while it is ...
by erlinden
Wed Aug 21, 2024 1:53 pm
Forum: General
Topic: VLAN considerations along with CapsMan
Replies: 20
Views: 1452

Re: VLAN considerations along with CapsMan

By using hybrid ports to the CAPs, one can leave them in defaults CAPS Mode. Only identity can be adjusted (if wanted).
by erlinden
Wed Aug 21, 2024 1:51 pm
Forum: General
Topic: manual winbox upgrade
Replies: 5
Views: 421

Re: manual winbox upgrade

Indeed, just replace the existing executable with the new one.
by erlinden
Wed Aug 21, 2024 1:34 pm
Forum: General
Topic: manual winbox upgrade
Replies: 5
Views: 421

Re: manual winbox upgrade

Winbox can be downloaded on the download page:
https://mikrotik.com/download

https://mt.lv/winbox64 (64 bit)
https://mt.lv/winbox (32 bit)
by erlinden
Wed Aug 21, 2024 12:13 pm
Forum: General
Topic: VLAN considerations along with CapsMan
Replies: 20
Views: 1452

Re: VLAN considerations along with CapsMan

One disadvantage of this config, @neki, is that you have to manually adjust the CAPs (as they expect to be able to reach the CAPsMAN untagged by default).
As far as I know, you can't enable bridge VLAN filtering on ax devices. Only on ac devices, using the wifi-qcom-ac driver, this is supported.
by erlinden
Wed Aug 21, 2024 11:30 am
Forum: Wireless Networking
Topic: Legacy and new CAPsMan on the same x86 device
Replies: 6
Views: 831

Re: Legacy and new CAPsMan on the same x96 device

From v7.13.x you get the "new" CAPsMAN (capable of managing ax devices) "for free". It is added in the menu under wifi. The documentation will give you some more insights: https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-WiFiCAPsMAN The "old" CAPsMAN is part of the ...
by erlinden
Tue Aug 20, 2024 5:46 pm
Forum: General
Topic: Router OS 7 on RBD52G-5HacD2HnD (hAP ac^2)
Replies: 3
Views: 620

Re: Router OS 7 on RBD52G-5HacD2HnD (hAP ac^2)

Downgrade is nearly as easy as upgrading: you have to manually copy the (current) packages to the router en press the downgrade button.
As always, make a complete export (/export file=anynameyoulike) that can be restored any time.
by erlinden
Tue Aug 20, 2024 2:30 pm
Forum: General
Topic: Canon network printing issues
Replies: 2
Views: 341

Re: Canon network printing issues

Bit of an assumption: connect everything to the MikroTik and you will be fine.
If not (possible), make a small network diagram including all clients.
by erlinden
Tue Aug 20, 2024 2:28 pm
Forum: Virtualization
Topic: BTH vpn
Replies: 3
Views: 509

Re: BTH vpn

Here you can find the official documentation including an example:
https://help.mikrotik.com/docs/display/ ... uardtunnel
by erlinden
Tue Aug 20, 2024 11:52 am
Forum: Beginner Basics
Topic: New to Mikrotik
Replies: 19
Views: 1291

Re: New to Mikrotik

Then I found out you have to install QCOM package. So might try updating again.
The disadvantage of upgrading manually is that you could miss an additional package.
You can add it later any time, just add package.

When upgrading automatically, this won't happen.
by erlinden
Mon Aug 19, 2024 5:22 pm
Forum: General
Topic: Low speed via CAPsMAN
Replies: 18
Views: 1252

Re: Low speed via CAPsMAN

It isn't...at least, it shouldn't be.
Please test with iPerf to get better insights on the wireless speed. Using speedtest does include a lot of (possible) influencing factors.

To get best performance, please consider using the wifi-qcom-ac driver.
by erlinden
Mon Aug 19, 2024 4:33 pm
Forum: General
Topic: I have problem with microtick 750GL
Replies: 1
Views: 340

Re: I have problem with microtick 750GL

Might be a cashing thingy...have you tried reinstalling winbox?
What RouterOS and what Winbox version are you using?
by erlinden
Mon Aug 19, 2024 12:10 pm
Forum: Beginner Basics
Topic: Some ports on switches are slow
Replies: 6
Views: 510

Re: Some ports on switches are slow

Are you using RouterOS or SwOS?
Can you share the config of the switch?

Could there be any queue active on the port (or VLAN)?
by erlinden
Mon Aug 19, 2024 9:28 am
Forum: General
Topic: Problem with connecting new cap ax to the Capsman
Replies: 19
Views: 1900

Re: Problem with connecting new cap ax to the Capsman

Looks like your CAPsMAN has some errors: /interface wifi provisioning add action=create-dynamic-enabled disabled=no master-configuration=*4 \ slave-configurations=*3 supported-bands=5ghz-ac add action=create-dynamic-enabled disabled=yes identity-regexp=.*AC.* \ master-configuration=*3 name-format=2G...
by erlinden
Mon Aug 19, 2024 9:16 am
Forum: General
Topic: Allowing a VLAN to Access WAN(Internet)
Replies: 6
Views: 1095

Re: Allowing a VLAN to Access WAN(Internet)

A complete export of /ip/firewall would be very helpfull. Even better...a complete export:
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Sat Aug 17, 2024 6:23 pm
Forum: General
Topic: Problem with connecting new cap ax to the Capsman
Replies: 19
Views: 1900

Re: Problem with connecting new cap ax to the Capsman

The wireless interfaces look disabled, can you enable them?
by erlinden
Sat Aug 17, 2024 9:17 am
Forum: Wireless Networking
Topic: Issue with roaming
Replies: 4
Views: 541

Re: Issue with roaming

Happy to hear, you can mark your topic as solved. Will probably give me some karma points 8)
by erlinden
Sat Aug 17, 2024 9:14 am
Forum: Beginner Basics
Topic: WireGuard or OpenVPN [SOLVED]
Replies: 32
Views: 3271

Re: WireGuard or OpenVPN [SOLVED]

If the IPS is blocking the ports , and even if you play with 443 that will not help to establish connections. Not sure why is that,
Are you stating that on the same port and with same protocol OpenVPN will work while Wireguard does (sometimes) not?
by erlinden
Fri Aug 16, 2024 2:20 pm
Forum: General
Topic: Firmware Upgrade
Replies: 4
Views: 555

Re: Firmware Upgrade

Have you checked the log?
by erlinden
Fri Aug 16, 2024 1:55 pm
Forum: General
Topic: Firmware Upgrade
Replies: 4
Views: 555

Re: Firmware Upgrade

Incorrect cpu architecture? Bit more info would be usefull...
by erlinden
Fri Aug 16, 2024 1:00 pm
Forum: Wireless Networking
Topic: Issue with roaming
Replies: 4
Views: 541

Re: Issue with roaming

You can add "fast transition", which should make it more easy for clients to roam: /interface wifi security add authentication-types=wpa2-psk ft=yes ft-over-ds=yes name=JUJUMAESIN-SEC passphrase=[whatever you use] What signal does the client have when connected to the CAP instead of the ro...
by erlinden
Fri Aug 16, 2024 12:35 pm
Forum: General
Topic: Low speed via CAPsMAN
Replies: 18
Views: 1252

Re: Low speed via CAPsMAN

Signal is okay! Frequency was my mistake, please try eiher 5180 or leave it empty (for automatic selection). The latter will choose based on a scan.
by erlinden
Fri Aug 16, 2024 11:23 am
Forum: General
Topic: Low speed via CAPsMAN
Replies: 18
Views: 1252

Re: Low speed via CAPsMAN

Seems a bit low(er) than possible. What is the signal value?
Could you change frequency to 5120 (channel 36)?
Did you perform a frequency scan? Any other wifi networks that could be interferring?
by erlinden
Fri Aug 16, 2024 8:39 am
Forum: General
Topic: Low speed via CAPsMAN
Replies: 18
Views: 1252

Re: Low speed via CAPsMAN

If that is the device you test with...yes.
This information can be found either on /interface/wifi/registration (are you using Winbox?) or on the laptop (are you using Windows?).
by erlinden
Fri Aug 16, 2024 8:30 am
Forum: Wireless Networking
Topic: New CAPsMAN, VLAN and error with provisioning "--- SSID not set"
Replies: 16
Views: 1764

Re: New CAPsMAN, VLAN and error with provisioning "--- SSID not set"

I have found out several topics as well in cookbook, but it seems that it will be not for my setup, so I have to read and find something else.
Here in the documentation you can find it:
https://help.mikrotik.com/docs/display/ ... %22package:
by erlinden
Thu Aug 15, 2024 6:05 pm
Forum: General
Topic: Low speed via CAPsMAN
Replies: 18
Views: 1252

Re: Low speed via CAPsMAN

Can you post at what connection rate the client is connected?
by erlinden
Thu Aug 15, 2024 4:55 pm
Forum: General
Topic: Low speed via CAPsMAN
Replies: 18
Views: 1252

Re: Low speed via CAPsMAN

Can you set local-forwarding to true:

/caps-man datapath
add bridge=bridge-guest name=guest local-forwarding=yes
by erlinden
Thu Aug 15, 2024 1:43 pm
Forum: Wireless Networking
Topic: Mikrotik or others on AX wifi access point
Replies: 160
Views: 7763

Re: Mikrotik or others on AX wifi access point

Within days/weeks the wAP AX will be introduced. Which, if I understood correct, will be smaller.

Accorindg to @Normis:
wAP ax will be a very small device and is coming very very soon (question of days or weeks)
by erlinden
Thu Aug 15, 2024 1:02 pm
Forum: Wireless Networking
Topic: Missing wAP ax successor to wAP ac, what are outdoor AX WiFi alternatives?
Replies: 29
Views: 2821

Re: Missing wAP ax successor to wAP ac, what are outdoor AX WiFi alternatives?

wAP ax will be a very small device and is coming very very soon (question of days or weeks)
:-D :-D :-D
by erlinden
Thu Aug 15, 2024 12:08 pm
Forum: Wireless Networking
Topic: Connecting v6 Device to CAPsMAN v7 [SOLVED]
Replies: 3
Views: 758

Re: Connecting v6 Device to CAPsMAN v7 [SOLVED]

The new CAPsMAN does only support wifi-qcom and wifi-qcom-ac devices. The latter is supported on ac devices, using the ARM processor. Unfortunately, the RB951 is a MIPSBE device, hence you can't find it. If you want it to be managed by your switch, you have to add the wireless package and run two in...
by erlinden
Thu Aug 15, 2024 11:51 am
Forum: General
Topic: Low speed via CAPsMAN
Replies: 18
Views: 1252

Re: Low speed via CAPsMAN

Set extension-channel to either Ce (40MHz) or Ceee (80MHz) on the 5GHz radio to get higher conenction rates. You might as well let the CAPsMAN (actually the CAP) choose a channel itself, as is configured on the hAP ac3.
by erlinden
Thu Aug 15, 2024 9:54 am
Forum: General
Topic: Low speed via CAPsMAN
Replies: 18
Views: 1252

Re: Low speed via CAPsMAN

Why did you set bandwidth to 20MHz on the 5GHz radio? This will probably make a huge difference, when set to 80MHz (Ceee). No need to set VLAN ID 1 on the datapath. Instead of using "2412,2422,2432,2442,2462", you better use 2412,2437,2462 for non overlapping channels. When setting transmi...
by erlinden
Thu Aug 15, 2024 9:15 am
Forum: Beginner Basics
Topic: VLAN on Wifi - Have Unifi AP w no Cloud Key - will it work ? [SOLVED]
Replies: 5
Views: 778

Re: VLAN on Wifi - Have Unifi AP w no Cloud Key - will it work ?

Please elaborate , why are you asking this question on a other vendors forum? Seems to me this is a good question for the UBI forum (or perhaps you already asked there?). Or just join the MikroTik community (as I did) and get proper support. 8) I would expect that the Windows Unifi Controller/Docker...
by erlinden
Wed Aug 14, 2024 8:51 pm
Forum: Wireless Networking
Topic: New CAPsMAN, VLAN and error with provisioning "--- SSID not set"
Replies: 16
Views: 1764

Re: New CAPsMAN, VLAN and error with provisioning "--- SSID not set"

Well... Start by removing this radio MAC address: /interface wifi provisioning add action=create-enabled common-name-regexp="" disabled=no identity-regexp=\ "" master-configuration=config_internal_users radio-mac=00:00:00:00:00:00 \ slave-configurations=config_guests This will pr...
by erlinden
Wed Aug 14, 2024 5:11 pm
Forum: Scripting
Topic: Mac no asignada a dhcp
Replies: 2
Views: 376

Re: Mac no asignada a dhcp

English translation (thanks to Google): Hello, I want to make a foreach based on a list of IPs to check if they are assigned in the dhcp and take action to be positive No answers here...you might get some (paid) support here: https://mikrotik.com/consultants OR What have you done so far. What is wor...
by erlinden
Wed Aug 14, 2024 4:49 pm
Forum: Beginner Basics
Topic: Switch IP address at VLAN [SOLVED]
Replies: 6
Views: 1068

Re: Switch IP address at VLAN [SOLVED]

Can you share the config?
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Wed Aug 14, 2024 4:11 pm
Forum: Beginner Basics
Topic: Can't change network
Replies: 11
Views: 713

Re: Can't change network

Can you show exactely what IP addresses should be available for DHCP? You are aware that you can configure multiple pools? In addition, can you please share your (relevant part of the) config: /export hide-sensitive file=anynameyoulike Remove serial and any other private info and post here between c...
by erlinden
Wed Aug 14, 2024 3:57 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 259
Views: 91025

Re: v7.16rc [testing] is released!

Do you have examples on what changes you have made that weren't provisioned?
by erlinden
Wed Aug 14, 2024 3:46 pm
Forum: Beginner Basics
Topic: Can't change network
Replies: 11
Views: 713

Re: Can't change network

Have you changed the IP pool? This is where you define the IP addresses that are available.
by erlinden
Wed Aug 14, 2024 3:25 pm
Forum: Wireless Networking
Topic: WIFI 6 AX
Replies: 1
Views: 454

Re: WIFI 6 AX

Could you also show the provisioning?
https://help.mikrotik.com/docs/display/ ... ovisioning
by erlinden
Wed Aug 14, 2024 1:20 pm
Forum: General
Topic: modes and wifi
Replies: 5
Views: 780

Re: modes and wifi

First step, forget Quickset (except for initial config...but then, still forget it). Do it manually, you will get so much more options (besides the knowledge you gain). As soon as I change anything in Winbox, the configuration is gone, I have to repeat everything over and over. This shouldn't be the...
by erlinden
Wed Aug 14, 2024 10:42 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM wirespeed switching?
Replies: 3
Views: 534

Re: CRS328-24P-4S+RM wirespeed switching?

Are you refering to the part where this switch is (ab)used as router?
by erlinden
Wed Aug 14, 2024 9:41 am
Forum: Wireless Networking
Topic: Is there a guid for setting up multiple CAP AX with 1 controller
Replies: 5
Views: 629

Re: Is there a guid for setting up multiple CAP AX with 1 controller

Just follow this help page: https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-WiFiCAPsMAN My tips: - use fixed channels for the 5GHz channels, 40MHz bandwidth (by creating a config/provision rule per CAPS filtered by MAC address) - when not using EAP, use wpa2-psk only with CCMP (only) as encrypt...
by erlinden
Wed Aug 14, 2024 9:26 am
Forum: General
Topic: enable switch chip.. more bandwidth in use?
Replies: 2
Views: 470

Re: enable switch chip.. more bandwidth in use?

Can you show the config as well?
/export file=anynameyoulike
Remove serial and any other private info en post between code tags by using the </> button.
by erlinden
Wed Aug 14, 2024 9:25 am
Forum: Wireless Networking
Topic: WIFI connecting issues
Replies: 6
Views: 1001

Re: WIFI connecting issues

Can you give it a try with:

WPA2-PSK (only) and CCMP (as encryption)?
by erlinden
Tue Aug 13, 2024 1:46 pm
Forum: General
Topic: Frequent Crashes After Updates on MikroTik hAP ac3 – Seeking Solutions
Replies: 8
Views: 596

Re: Frequent Crashes After Updates on MikroTik hAP ac3 – Seeking Solutions

Really would like to have a peek at your config:
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Tue Aug 13, 2024 10:55 am
Forum: Beginner Basics
Topic: CAPsMAN through Switch under VLAN [SOLVED]
Replies: 15
Views: 1914

Re: CAPsMAN through Switch under VLAN [SOLVED]

Are you running the CAP's in default CAPS Mode? Are the CAP's connected to a hybrid port (where MGT VLAN is untagged)? Would you be willing to share your config?

Thanks! :-D
by erlinden
Tue Aug 13, 2024 10:44 am
Forum: Beginner Basics
Topic: CAPsMAN through Switch under VLAN [SOLVED]
Replies: 15
Views: 1914

Re: CAPsMAN through Switch under VLAN [SOLVED]

I agree except I ran into the problem that clients also received MGT VLAN IP addresses when connecting with a wifi-qcom-ac CAP. Then I started over following the CAPsMAN VLAN description in the help pages (https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPsMAN-CAPVLANconfigurationexample:). Th...
by erlinden
Tue Aug 13, 2024 10:26 am
Forum: Beginner Basics
Topic: CAPsMAN through Switch under VLAN [SOLVED]
Replies: 15
Views: 1914

Re: CAPsMAN through Switch under VLAN [SOLVED]

For me it works when adding VLAN ID 1 on the switch.
by erlinden
Mon Aug 12, 2024 4:45 pm
Forum: General
Topic: Can't get UPnP to work in RouterOS 7.14.1 (Worked in RouterOS 6.x)
Replies: 15
Views: 1345

Re: Can't get UPnP to work in RouterOS 7.14.1 (Worked in RouterOS 6.x)

Can you post the ouput of:
/ip/upnp print
/ip/upnp/interfaces print
by erlinden
Mon Aug 12, 2024 3:26 pm
Forum: General
Topic: Cap devices only: "Check for updates" error - timeouts
Replies: 5
Views: 505

Re: Cap devices only: "Check for updates" error - timeouts

When using CAPsMAN you can push upgrades. Set package-path and place the packages in that path.
See here:

https://www.youtube.com/watch?v=1Ct6aJXTE5g
by erlinden
Mon Aug 12, 2024 2:48 pm
Forum: General
Topic: How can I access remotely MT behind a modem?
Replies: 13
Views: 744

Re: How can I access remotely MT behind a modem?

Can you change this rule, where the to port is the default Winbox port?

And change this rule in the firewall as well:
/ip firewall filter
add action=accept chain=input dst-port=8291 in-interface=ether1 protocol=tcp
by erlinden
Mon Aug 12, 2024 2:33 pm
Forum: General
Topic: How can I access remotely MT behind a modem?
Replies: 13
Views: 744

Re: How can I access remotely MT behind a modem?

Yes it is behind NAT and does not have a public IP address.
Did you do port forwarding on the NAT device as well?
by erlinden
Mon Aug 12, 2024 1:12 pm
Forum: General
Topic: How can I access remotely MT behind a modem?
Replies: 13
Views: 744

Re: How can I access remotely MT behind a modem?

I would prefer through VPN over making a service available publically.
Is your MT behind NAT, or does it have a publically available IP address?
Who removed all filter rules that are part of the default?
by erlinden
Mon Aug 12, 2024 11:39 am
Forum: Beginner Basics
Topic: Struggling to hard reset and provision cAP-2nD
Replies: 2
Views: 409

Re: Struggling to hard reset and provision cAP-2nD

If you can't access it after a reset (sure the credentials are correct?) and it won't go into CAPS Mode, you could consider to perform a netinstall:
https://help.mikrotik.com/docs/display/ROS/Netinstall
by erlinden
Sun Aug 11, 2024 2:28 pm
Forum: General
Topic: site-site Wiregaurd Setup
Replies: 13
Views: 852

Re: site-site Wiregaurd Setup

As the wireguard interface isn't part of the LAN interface list AND doesn't have an accept rule on the input chain, it is blocked (hence you can't ping it). You can test this by either adding an additional rule: /ip firewall filter add action=accept chain=input comment="defconf: accept ICMP&quo...
by erlinden
Sun Aug 11, 2024 2:14 pm
Forum: Beginner Basics
Topic: Weird filtering issue on 7.15.3
Replies: 2
Views: 431

Re: Weird filtering issue on 7.15.3

Enable logging on the drop rule to get insights why this rule isn't working.

I would expect the double quotes are the problem.
by erlinden
Sun Aug 11, 2024 11:26 am
Forum: Beginner Basics
Topic: First time hAP ax3 setup with VLANs, no traffic going upstream
Replies: 5
Views: 565

Re: First time hAP ax3 setup with VLANs, no traffic going upstream

These are the default firewall rules, with some irrelevant ones removed. :? If you want this device to work as router, you want a masquerade rule. But there is a lot more that is missing. If you want to have it working as switch, please read this great topic: https://forum.mikrotik.com/viewtopic.ph...
by erlinden
Sun Aug 11, 2024 10:07 am
Forum: Beginner Basics
Topic: CAPsMAN through Switch under VLAN [SOLVED]
Replies: 15
Views: 1914

Re: CAPsMAN through Switch under VLAN [SOLVED]

Aah, thanks for the explanation. You are referring to the old version (which is part of the wireless package), while TS is using the new version. The new version lacks the forwarding options.
by erlinden
Sun Aug 11, 2024 10:04 am
Forum: Beginner Basics
Topic: First time hAP ax3 setup with VLANs, no traffic going upstream
Replies: 5
Views: 565

Re: First time hAP ax3 setup with VLANs, no traffic going upstream

Besides a lot of firewall rules....VLAN filtering isn't enabled on the bridge.
by erlinden
Sun Aug 11, 2024 9:57 am
Forum: Wireless Networking
Topic: Too many interfaces for radio (CAPsMAN)
Replies: 3
Views: 444

Re: Too many interfaces for radio (CAPsMAN)

Seems to me that there are more SSID/interfaces configured than can be handled. A quick peek on your config will give better insights, can you pleas share it? /interface/wifi export file=anynameyoulike Remove serial and any other private info and post in between code tags by using the </> button.
by erlinden
Sun Aug 11, 2024 9:54 am
Forum: Beginner Basics
Topic: hAP ax3 with issues after reset
Replies: 8
Views: 1138

Re: hAP ax3 with issues after reset

My tips:
Change power supply (just to be sure)
Netinstall the device:
https://help.mikrotik.com/docs/display/ROS/Netinstall
by erlinden
Sun Aug 11, 2024 9:52 am
Forum: Wireless Networking
Topic: cAPs name in CAPsMan
Replies: 2
Views: 380

Re: cAPs name in CAPsMan

I have: - set identity on the CAP - use %I in the Name Format (as part of the provisioning From the documentation : name-format (string) Base string to use when constructing names of provisioned interfaces. Each new interface will be created by taking the base string and appending a number to the en...
by erlinden
Sat Aug 10, 2024 11:17 pm
Forum: Beginner Basics
Topic: CAPsMAN through Switch under VLAN [SOLVED]
Replies: 15
Views: 1914

Re: CAPsMAN through Switch under VLAN [SOLVED]

Local forwarding should be enabled on the datapaths because the AP is not directly connected behind the CAPsMAN Not sure what exactely you are referring to, but from the wiki: WiFi CAPsMAN only passes wireless configuration to the CAP, all forwarding decisions are left to the CAP itself - there is ...
by erlinden
Sat Aug 10, 2024 7:01 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1263

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Yeah...as it seams. Remains the question...why should I add the "independent-learning=yes" for VLAN 1 on the switch?

And thanks for the addition, I added this indeed.
by erlinden
Sat Aug 10, 2024 5:56 pm
Forum: General
Topic: site-site Wiregaurd Setup
Replies: 13
Views: 852

Re: site-site Wiregaurd Setup

Checked your conig (better to place it inbetween code tags by using the </> button): /ip address add address=192.168.10.1/24 interface=" WG-HQ" network=192.168.10.0 Should be: /ip address add address=192.168.10.1/32 interface=" WG-HQ" network=192.168.10.0 AND /ip address add addr...
by erlinden
Sat Aug 10, 2024 4:55 pm
Forum: General
Topic: site-site Wiregaurd Setup
Replies: 13
Views: 852

Re: site-site Wiregaurd Setup

Mikrotik has a great explanation: https://help.mikrotik.com/docs/display/ROS/WireGuard#WireGuard-SitetoSiteWireGuardtunnel Did you add this part to the firewall as well (don't mind the used IP addresses...)? Additionally, it is possible that the "forward" chain restricts the communication ...
by erlinden
Sat Aug 10, 2024 1:48 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1263

CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

I need some VLAN help. I run a router with 2 VLAN's: 50 (HOME) and 51 (Guests). I use CAPsMAN to manage my 2 cAP AX and 1 wAP ac. One cAP AX is connected to the RB4011 directly, the second (and the wAP ac) are conencted through the RB 960PGS. All devices are connected through trunk ports (VLAN 50 an...
by erlinden
Thu Aug 08, 2024 6:52 pm
Forum: Beginner Basics
Topic: Wi-Fi connection randomly drops, then reconnects in seconds [SOLVED]
Replies: 21
Views: 2356

Re: Wi-Fi connection randomly drops, then reconnects in seconds [SOLVED]

Can you try setting encryption to, mbach:
encryption=ccmp,gcmp,ccmp-256,gcmp-256
And use wpa2-psk only.

And enable debug, wifi logging to get some additional information.
by erlinden
Thu Aug 08, 2024 11:12 am
Forum: General
Topic: HAP AX2 dead
Replies: 7
Views: 899

Re: HAP AX2 dead

by erlinden
Mon Aug 05, 2024 5:48 pm
Forum: Beginner Basics
Topic: tagged and untagged in one vlan table
Replies: 10
Views: 756

Re: tagged and untagged in one vlan table

The VLAN bible of Mikrotik:
viewtopic.php?t=143620

Thanks snippan for the addition. I just wanted to add it...
by erlinden
Mon Aug 05, 2024 1:38 pm
Forum: General
Topic: DoH configured but apparently not working
Replies: 3
Views: 535

Re: DoH configured but apparently not working

Did you succesfully import the certificate that is used? Anything in the log that might give an indication? Does it work if you (temporarily) disable certificate check?
Can you also check if https://1.1.1.1/dns-query does work?
by erlinden
Sun Aug 04, 2024 11:13 am
Forum: Wireless Networking
Topic: 7.15.x CAPsMAN Setup
Replies: 32
Views: 3639

Re: 7.15.x CAPsMAN Setup

OK so if I'm reading this page right, I have to do specific config on -each- CAP in order for wifi to work on a VLAN. No, you don't. What is shown is a config if you want to do it manually from scratch. If you either reset it to CAPS Mode through the reset button or the menu option it will give you...
by erlinden
Sat Aug 03, 2024 6:52 pm
Forum: Beginner Basics
Topic: wifi-qcom/AX manual WiFi uplink
Replies: 4
Views: 1118

Re: wifi-qcom/AX manual WiFi uplink

If memory serves me well, it shows that there are no clients connected to the radio.

Do you want to have feedback on your config?
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Sat Aug 03, 2024 12:37 am
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 174
Views: 36236

Re: hAP ax3 wireless problem [SOLVED]

What reasons could there be for the “Link downs” of a 5Ghz meter to trigger?
If you want some feedback, just share the config:
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Fri Aug 02, 2024 11:23 pm
Forum: General
Topic: Hello, please help. DHCP Issues.
Replies: 1
Views: 507

Re: Hello, please help. DHCP Issues.

From your config: /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa-psk,wpa2-psk management-protection=allowed mode=\ dynamic-keys name=profile1 supplicant-identity=MikroTik Either remove wpa-psk or don't set any security. /inter...
by erlinden
Fri Aug 02, 2024 11:06 am
Forum: Wireless Networking
Topic: CAPSMAN issues managing many existing configured CAP-AC
Replies: 1
Views: 492

Re: CAPSMAN issues managing many existing configured CAP-AC

Looks like VLAN filtering is not enabled on the bridge. From the documentation: https://help.mikrotik.com/docs/pages/viewpage.action?pageId=46759946#WifiWave2(7.12andolder)-CAPsMAN-CAPVLANconfigurationexample: Here there is a distinction between 2.4GHz and 5GHz. Can you try to do the same? Are the S...
by erlinden
Tue Jul 30, 2024 10:52 am
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 174
Views: 36236

Re: hAP ax3 wireless problem [SOLVED]

I hope the manufacturer will be able to fix all the errors and shortcomings of hAP ax3 with updates.
That would involve the users as well 8)

If you want some feedback, just share the config:
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Tue Jul 30, 2024 10:49 am
Forum: General
Topic: how to identify which ip is infected and being used for a DDoS? [SOLVED]
Replies: 16
Views: 2710

Re: how to identify which ip is infected and being used for a DDoS? [SOLVED]

Turn it off and see if you can open the /ip/firewall/connections tab. That should be a good indication.
by erlinden
Tue Jul 30, 2024 10:47 am
Forum: Beginner Basics
Topic: Wi-Fi connection randomly drops, then reconnects in seconds [SOLVED]
Replies: 21
Views: 2356

Re: Wi-Fi connection randomly drops, then reconnects in seconds [SOLVED]

so it's unlikely that I misconfigured something. What could be the problem? What are some ways to troubleshoot this issue? By default WPA2 and WPA3 are enabled. That gave me a lot of problems. To troubleshoot (together with you): What RouterOS version are you running? Can you share the config? /exp...
by erlinden
Mon Jul 29, 2024 5:39 pm
Forum: Beginner Basics
Topic: Just installed and having troubles with DNS
Replies: 2
Views: 703

Re: Just installed and having troubles with DNS

/ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254 /ip address add address=192.168.1.11/24 comment=defconf interface=bridge network=192.168.1.0 /ip dhcp-server network add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.99 gateway=192.168.0.99 netmask=24 Looks like three...
by erlinden
Sun Jul 28, 2024 10:21 am
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 116920

Re: v7.16beta [testing] is released!

if u want to get to the trouble, then use the new CapsMan
Can you eleborate this? I'm onto the beta in my home environment (I know, just a small network). Haven't had any strange CAPsMAN things, at least for me it is working not any less stable than the stable version.
by erlinden
Fri Jul 26, 2024 3:25 pm
Forum: Wireless Networking
Topic: Netbox 5 AX Frequency Settings
Replies: 4
Views: 645

Re: Netbox 5 AX Frequency Settings

To use all frequencies, just buy another 10 (or something) Netboxes. Or understand how wifi is working.
Furthermore, why don't you want to set a country?
by erlinden
Fri Jul 26, 2024 3:15 pm
Forum: Wireless Networking
Topic: disconnecting wifi clients
Replies: 4
Views: 589

Re: disconnecting wifi clients

Are there more clients suffering from this?

You could add wireless debug logging to get some additional information.
Besides, can you perhaps share your config:
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Thu Jul 25, 2024 7:33 pm
Forum: General
Topic: DoH certificate handshake failed (Quad9)
Replies: 7
Views: 837

Re: DoH certificate handshake failed (Quad9)

Could it be that the imported certificate is expired or renewed?
by erlinden
Thu Jul 25, 2024 7:10 pm
Forum: General
Topic: DoH certificate handshake failed (Quad9)
Replies: 7
Views: 837

Re: DoH certificate handshake failed (Quad9)

If you want to check "Verify DoH Certificate" (which you obviously do), you hwave to make sure the MikroTik has the Root CA installed.

Check this blog that explains the steps to get it to work:
https://www.shellhacks.com/mikrotik-dns ... loudflare/
by erlinden
Tue Jul 23, 2024 7:46 pm
Forum: Wireless Networking
Topic: 7.15.x CAPsMAN Setup
Replies: 32
Views: 3639

Re: 7.15.x CAPsMAN Setup

At least reset the accesspoint to CAPS Mode. Do you see any radios on /wifi/radios (that is on the CAPsMAN)?

Currently on smartphone, going through the config isn't easy.
by erlinden
Mon Jul 22, 2024 11:41 am
Forum: Beginner Basics
Topic: Allow Outgoing UDP TCP connections
Replies: 1
Views: 363

Re: Allow Outgoing UDP TCP connections

In a default situation the router won't block this (any) traffic outgoing.
Can you share your config (at least the /ip/firewall part)?
/ip/firewall export

or

/export file=anynameyoulike
Are you using LTE? Could be that the provider is blocking the traffic.
by erlinden
Sun Jul 21, 2024 11:58 pm
Forum: Beginner Basics
Topic: DNS issue hAP ax3 [SOLVED]
Replies: 2
Views: 1638

Re: DNS issue hAP ax3 [SOLVED]

Looks like the DNS server is disabled. To turn it on:
/ip dns
set allow-remote-requests=yes
by erlinden
Sun Jul 21, 2024 6:10 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 653
Views: 243692

Re: v7.15 [stable] is released!

I was also getting the script error in my logs after upgrading to 7.15. "executing script from scheduler failed, please check it manually" The solution was to replace the word "system" with "routeros" Old - :set Var1 "$[/system package get system version]" Ne...
by erlinden
Sun Jul 21, 2024 6:02 pm
Forum: RouterBOARD hardware
Topic: wAP ac (RBwAPG-5HacT2HnD) rebooting every 10 seconds
Replies: 3
Views: 614

Re: wAP ac (RBwAPG-5HacT2HnD) rebooting every 10 seconds

Either get a new wAP ac or, if time wouldn't be of an issue, wait for a wAP ax.
by erlinden
Sun Jul 21, 2024 3:10 pm
Forum: General
Topic: MikroTik hAP ac2 cant login
Replies: 4
Views: 518

Re: MikroTik hAP ac2 cant login

Assuming you are using the wifi-qcom-ac driver:
https://help.mikrotik.com/docs/display/ROS/WiFi
by erlinden
Sat Jul 20, 2024 8:29 pm
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 2724

Re: The most arduous access point ever: hAP ax³

Use wpa2-aes only for the time being. And only ccmp. And turn on debug logging on wifi to get some more insights.
by erlinden
Sun Jul 14, 2024 10:52 am
Forum: Wireless Networking
Topic: wifi-qcom-ac package for wAP ac (mipsbe) [SOLVED]
Replies: 2
Views: 2051

Re: wifi-qcom-ac package for wAP ac (mipsbe) [SOLVED]

Wifi-qcom-ac is only supported on ARM devices.
by erlinden
Thu Jul 11, 2024 1:29 pm
Forum: Scripting
Topic: Routing rules for dynamic IP addresses
Replies: 16
Views: 3847

Re: Routing rules for dynamic IP addresses

I use address list, create a list (i.e. WAN-IP) and add the address (blahblah.sn.mynetname.net).
Then you can refer to the address list (with its name).
by erlinden
Thu Jul 11, 2024 10:52 am
Forum: General
Topic: Could not resolve dns name [SOLVED]
Replies: 5
Views: 1812

Re: Could not resolve dns name [SOLVED]

Does the switch have an IP address, gateway and access to the Internet?
Can you ping router/public DNS server?
by erlinden
Wed Jul 10, 2024 6:04 pm
Forum: The User Manager
Topic: cannot login to user manager
Replies: 3
Views: 748

Re: cannot login to user manager

Are there any files that remained on the filesystem? You might need to delete them manually.
Or better...netinstall it with the latest v6 LTS (currently 6.49.13)
by erlinden
Wed Jul 10, 2024 5:33 pm
Forum: Beginner Basics
Topic: Am I being port scanned?
Replies: 9
Views: 832

Re: Am I being port scanned?

If you are worried with security, you might want to reconsider this:
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
Ports are scanned, up to you if you want to have it logged...or not.
by erlinden
Wed Jul 10, 2024 5:13 pm
Forum: Beginner Basics
Topic: Am I being port scanned?
Replies: 9
Views: 832

Re: Am I being port scanned?

Also wanted to know why (default mikrotik rules) drop all not incoming from LAN supersede drop from wan not dstnated? It does not matter what order are they in, drop not dstnated is just not working. I also have hairpin NAT, might that be a problem? There is a difference between the input chain (ac...
by erlinden
Wed Jul 10, 2024 9:37 am
Forum: General
Topic: cache full, not storing since 7.14
Replies: 28
Views: 9427

Re: cache full, not storing since 7.14

Cache size is configurable, you might want to increase the memory (if you haven't tried already?):
/ip dns
set cache-size=20480KiB
by erlinden
Tue Jul 09, 2024 9:41 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 653
Views: 243692

Re: v7.15.2 [stable] is released!

Something is wrong with the initial scan for 5 GHz. Every time at boot, the frequency is set to 5500 on all APs. This does not happen for 2.4 GHz where APs receive different frequencies. That is something that is bothering me as well. This frequency is checked for 1 min before used, hence this situ...
by erlinden
Tue Jul 09, 2024 9:37 am
Forum: Wireless Networking
Topic: wlan1: failed to select channel
Replies: 3
Views: 983

Re: wlan1: failed to select channel

/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap eap-methods="" \ group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys \ name=kokoriko supplicant-identity="&quo...
by erlinden
Mon Jul 08, 2024 5:40 pm
Forum: Wireless Networking
Topic: Capsman: AP Behavior on very basic config
Replies: 7
Views: 754

Re: Capsman: AP Behavior on very basic config

/caps-man channel add band=2ghz-b/g/n name=2g4 Does the above really make sense to you? All you do here is set the band, not the channels. Ie, you wnat to set: frequency=2412,2437,2462 I never use auto, I want to decide which frequency gets used. How do you handle this, a config per radio? How do y...
by erlinden
Mon Jul 08, 2024 2:41 pm
Forum: Wireless Networking
Topic: cap ax3 unable to connect to cap manager on RB751G
Replies: 8
Views: 717

Re: cap ax3 unable to connect to cap manager on RB751G

can wifi capsman be run on a mipsbe device?
Sure (comes with 7.13 and up), but it won't be able to manage its own wireless interfaces.
by erlinden
Sat Jul 06, 2024 10:04 am
Forum: Wireless Networking
Topic: Roaming not working
Replies: 4
Views: 677

Re: Roaming not working

Good that you have found the forum! More interesting information can be found on YouTube (though there is a lot of garbage on it as well). Make sure to follow MikorTik and have a lok at this video:

https://www.youtube.com/watch?v=37aff6d14Xk
by erlinden
Fri Jul 05, 2024 4:25 pm
Forum: General
Topic: Internet suddenly stopped working for inner network - [SOLVED]
Replies: 11
Views: 2313

Re: Internet suddenly stopped working for inner network - [SOLVED]

I think in the end that is most important.

In regards to doing wrong...your firewall config has some space for improvement. Being polite on this.
In addition, are you sure you want to have port 22 available publically?
Who manages this router? This due to the fact it is running 7.6.
by erlinden
Fri Jul 05, 2024 1:49 pm
Forum: General
Topic: General ISP IP question.. [SOLVED]
Replies: 2
Views: 1276

Re: General ISP IP question.. [SOLVED]

The answer is either 42 or NAT.
by erlinden
Thu Jul 04, 2024 12:47 pm
Forum: Beginner Basics
Topic: New dns addlist functionality and it doesn't work - I'm not even mad.
Replies: 9
Views: 2360

Re: New dns addlist functionality and it doesn't work - I'm not even mad.

Hmm, methinks someone is upset Italy crashed out of the EuroCup! ;-) Canada wasn't part of it in the first place :lol: Too bad my RB760iGS isn't able to download the file due to too little flash memory. Does anyone have a solution to that? Apart from downloading it as file and load it from file, as...
by erlinden
Thu Jul 04, 2024 9:50 am
Forum: Wireless Networking
Topic: WiFi-qcom 7.15.2 auth-config not fully implemented
Replies: 1
Views: 575

Re: WiFi-qcom 7.15.2 auth-config not fully implemented

Can you share your (relevant part of the) config in a working and non working situation?

Something like:
/interface/wifi export
by erlinden
Wed Jul 03, 2024 4:10 pm
Forum: General
Topic: Configuring cAP AX connected to CRS328 [SOLVED]
Replies: 5
Views: 1479

Re: Configuring cAP AX connected to CRS328 [SOLVED]

Well, as long as the bridge doesn't have VLAN filtering enabled, this won't work.
Have a look at this great topic for all your VLAN questions (and answers):

viewtopic.php?t=143620
by erlinden
Wed Jul 03, 2024 4:03 pm
Forum: Wireless Networking
Topic: Trying to configure capsman for wifi 6 devices
Replies: 24
Views: 2439

Re: Trying to configure capsman for wifi 6 devices

Can you check wether both routeros and wifi-qcom packages are installed (/system/packages) on both cAP AX's?
If they are...can you share the export of both cAP AX's?
by erlinden
Wed Jul 03, 2024 2:09 pm
Forum: Beginner Basics
Topic: ISP provided static IP, how to setup?
Replies: 4
Views: 588

Re: ISP provided static IP, how to setup?

In that case, please share your current config. Then we can do a quick check. Especially the firewall would be interesting.
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Wed Jul 03, 2024 11:36 am
Forum: Beginner Basics
Topic: Setup additional Mikrotik as Ap and Switch
Replies: 4
Views: 618

Re: Setup additional Mikrotik as Ap and Switch

I think by resetting B to CAPS Mode your problem will be solved.

If you post the current B config, we can know for sure:
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Wed Jul 03, 2024 10:40 am
Forum: Beginner Basics
Topic: Using the router as DNS for the guest network
Replies: 23
Views: 1346

Re: Using the router as DNS for the guest network

Can you share your current config?
/export file=anynameyoulike
Remove serial and any other private info.
by erlinden
Tue Jul 02, 2024 2:29 pm
Forum: Beginner Basics
Topic: How to open ports?
Replies: 12
Views: 1392

Re: How to open ports?

And less expensive (but more time consuming):
https://help.mikrotik.com/docs/display/ ... forwarding

If that doesn't work, port your complete config without serial and any other priivate info and post it here:
/export file=anynameyoulike
by erlinden
Mon Jul 01, 2024 9:15 pm
Forum: Wireless Networking
Topic: CAPsMAN AP disconnect
Replies: 6
Views: 658

Re: CAPsMAN AP disconnect

Never mix country, in your case France and United States. Why did you specify two (instead of four) channels? Is there no interference? On a slave configuration you can't specify Country and Tx-Power, this is only set on the master radio/interface. @meiki, if you want to have fixed channels, there i...
by erlinden
Mon Jul 01, 2024 2:49 pm
Forum: Wireless Networking
Topic: sector client bandwidth test - fast upload - miserable download
Replies: 10
Views: 993

Re: sector client bandwidth test - fast upload - miserable download

How do you do bandwidth test? When using the builtin test, it will consume cpu power (and hence loose performance). In that case, better to use a tool like iPerf.

In regards to the antenna gain...just use the antenna gain. This will make sure that you remain within regulations.
by erlinden
Thu Jun 27, 2024 9:53 am
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 116920

Re: v7.16beta [testing] is released!

Thanks @holvoetn, will try this later today.

Update: Yes, this is indeed solving the issue I had.
by erlinden
Thu Jun 27, 2024 9:18 am
Forum: General
Topic: RB4011 + GPON
Replies: 2
Views: 373

Re: RB4011 + GPON

It depends (as always...).

Does your ISP support this?
Does your ISP use AON or XGS-PON? Both are supported but the latter is more expensive.
by erlinden
Wed Jun 26, 2024 10:13 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 116920

Re: v7.16beta [testing] is released!

I'm running into the "client was disconnected because could not assign vlan". Is this due to the fact I'm running hybrid (both wifi-qcom and wifi-qcom-ac? Didn't have this with an wifi-qcom-ac only environment. Yes, I'm using FT. Would setting ft-preserve-vlanid to yes make sense in this c...
by erlinden
Wed Jun 26, 2024 3:43 pm
Forum: General
Topic: Dynamic Isp dhcp address
Replies: 3
Views: 277

Re: Dynamic Isp dhcp address

Can you please share your config (hAP ax3):
/export file=anynameyoulike
Remove serial and any other private info and post in between code tags by using the </> button.
by erlinden
Wed Jun 26, 2024 11:41 am
Forum: General
Topic: Dynamic Isp dhcp address
Replies: 3
Views: 277

Re: Dynamic Isp dhcp address

This process should be automatic. Do you use a PPPoE connection, or is it standard DHCP?
Where is the RB connected to (and how)?
Are there any requirements from the ISP in regards to running your own router?
What ISP do you have?
by erlinden
Tue Jun 25, 2024 1:36 pm
Forum: Wireless Networking
Topic: Trouble Configuring CAPsMAN for Public Wi-Fi with VLAN on Mikrotik and Fortigate
Replies: 17
Views: 1533

Re: Trouble Configuring CAPsMAN for Public Wi-Fi with VLAN on Mikrotik and Fortigate

Just to summarize: Fortigate offers VLAN ID 3 for public Wi-Fi. Any other VLAN ID (or untagged) for anything else? That is offered to the RB5009, right? But there is no VLAN set on the WAN interface, right? You have to come up with a network diagram, showing all VLAN ID's and the Fortigate, RB5009 a...
by erlinden
Tue Jun 25, 2024 10:15 am
Forum: General
Topic: Weird Wifi connection
Replies: 4
Views: 389

Re: Weird Wifi connection

Can you also post the config of the cAP AX?
If you post it in between code tags (by using the </> button), it will become more readable.
by erlinden
Mon Jun 24, 2024 3:59 pm
Forum: Beginner Basics
Topic: Port Forwarding not working
Replies: 8
Views: 1052

Re: Port Forwarding not working

add action=dst-nat chain=dstnat comment=NAT_To_Qbittorrent dst-address-list=PublicDNS dst-port=55111 log=yes protocol=tcp to-addresses=192.168.5.39 to-ports=8080 Is your PublicDNS indeed your public IP address? Which rule is logging the mentioned log entry? Is there anything responding on 192.168.5...
by erlinden
Mon Jun 24, 2024 1:19 pm
Forum: Beginner Basics
Topic: Port Forwarding not working
Replies: 8
Views: 1052

Re: Port Forwarding not working

add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1 Because you are using a pppoe connection, your in-interface above is incorrect. Why was the connection-state added? It will probably work w...
by erlinden
Mon Jun 24, 2024 10:32 am
Forum: Wireless Networking
Topic: Trying to configure capsman for wifi 6 devices
Replies: 24
Views: 2439

Re: Trying to configure capsman for wifi 6 devices

In my opinion, the error(s) lies in the CAP. For example, it lacks configuration.manager=capsman on the wifi devices of the CAP. Please add it. Or, better, reset to CAP mode. Fully agree on this, reset the cAP ax's to CAPS Mode: https://help.mikrotik.com/docs/display/UM/cAP+ax or /system/reset conf...
by erlinden
Mon Jun 24, 2024 9:18 am
Forum: Wireless Networking
Topic: AX device won't show TX power in Wifi
Replies: 12
Views: 1006

Re: AX device won't show TX power in Wifi

It is able with the new driver, have you added the Tx Power as column?
by erlinden
Fri Jun 21, 2024 8:43 am
Forum: General
Topic: cAPax - think and passion!
Replies: 24
Views: 1560

Re: cAPax - think and passion!

I don't know, but the conditions are the same, ~15m. distance and one wall. cAPac works at both frequencies better, achieving double and triple the data transfer!
Then I can make you a great offer: I'll trade my cAP ac's for your cAP AX's.
Everyone happy!

:-D
by erlinden
Fri Jun 21, 2024 8:25 am
Forum: Beginner Basics
Topic: Mikrotik Switch - How to bind to VLAN and make itself (e.g. webfig) accessible to devices connected to it? [SOLVED]
Replies: 4
Views: 1838

Re: Mikrotik Switch - How to bind to VLAN and make itself (e.g. webfig) accessible to devices connected to it? [SOLVED]

An export of the current attempt would be very helpfull:
/export file=anynameyoulike
Remove serial and any other private info.

Also add model number and version of RouterOS.

Your (anyones) VLAN reference (which should be obliged to read):
viewtopic.php?t=143620
by erlinden
Thu Jun 20, 2024 3:53 pm
Forum: General
Topic: cAPax - think and passion!
Replies: 24
Views: 1560

Re: cAPax - think and passion!

In addition to holvoetn great respons:

Specifically on the 2.4GHz radio, you want to use frequencies 2412, 2437 and 2462 and a channelwidth of 20MHz.
This will prefent interference as much as possible, but still be present.
by erlinden
Thu Jun 20, 2024 1:33 pm
Forum: Wireless Networking
Topic: WIfiWave2 capAC
Replies: 2
Views: 642

Re: WIfiWave2 capAC

For those interested: Hello dear people, I have a mixed environment cap AC, cap AC XL and cap AX. My Capsman runs on an RB5009, currently as Capsmanv1 and a CapsmanV2. All AX are integrated in v2 and work there without any problems. The AC and AC XL are still running in v1 because I have big problem...
by erlinden
Thu Jun 20, 2024 1:21 pm
Forum: General
Topic: CSR310-8G+2S+IN dead on arrival?
Replies: 2
Views: 285

Re: CSR310-8G+2S+IN dead on arrival?

You pressed the reset button before power is applied? Hold this button during boot time until the user LED light starts flashing, and release the button to reset the RouterOS configuration. Keep holding the button for 5 more seconds or until the user LED turns off, then release it to make the Router...
by erlinden
Thu Jun 20, 2024 1:18 pm
Forum: Wireless Networking
Topic: WiFi repeater
Replies: 4
Views: 992

Re: WiFi repeater

Connect the two with cable and let CAPsMAN do its magic:
https://help.mikrotik.com/docs/display/ ... ionexample:

If the backbone has to be wireless, let one wifi interface work as station:
https://help.mikrotik.com/docs/display/ROS/WiFi (and search for station)
by erlinden
Thu Jun 20, 2024 9:47 am
Forum: General
Topic: cAPax - think and passion!
Replies: 24
Views: 1560

Re: cAPax - think and passion!

Seems there is a huge missmatch in experience between users.
Can you please show how you did configure the cAP AX, @JohnTRIVOLTA?
by erlinden
Wed Jun 19, 2024 6:11 pm
Forum: General
Topic: Too tight firewall rules? I'm lost!
Replies: 15
Views: 1549

Re: Too tight firewall rules? I'm lost!

Can you please post an export instead of a print?
/ip/firewall export
by erlinden
Wed Jun 19, 2024 6:09 pm
Forum: Wireless Networking
Topic: MikroTik hap ac lite slow wireless speed
Replies: 8
Views: 1086

Re: MikroTik hap ac lite slow wireless speed

Also set country code on both wifi interfaces.
by erlinden
Wed Jun 19, 2024 10:00 am
Forum: Wireless Networking
Topic: Capsman, ip from bridge before take from vlan
Replies: 7
Views: 1625

Re: Capsman, ip from bridge before take from vlan

Check the documentation and have a very good look at the "CAP using "wifi-qcom" package:" part: https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-CAPsMAN-CAPVLANconfigurationexample: /interface bridge add name=bridgeLocal /interface wifi datapath add bridge=bridgeLocal comment...
by erlinden
Wed Jun 19, 2024 9:58 am
Forum: Wireless Networking
Topic: CAPSMan with RB4011 and hAPax3
Replies: 2
Views: 553

Re: CAPSMan with RB4011 and hAPax3

No need for wireless package on the CAPsMAN. Make sure you are running 7.15.1 on all devices and configure through the wifi menu item. Make sure that the CAPses are in CAPS Mode (/system/reset configuration and check CAPS Mode). Here is the documentation: https://help.mikrotik.com/docs/display/ROS/W...
by erlinden
Wed Jun 19, 2024 9:54 am
Forum: Wireless Networking
Topic: WiFiWave2 Setup Help [SOLVED]
Replies: 2
Views: 1593

Re: WiFiWave2 Setup Help [SOLVED]

hAP ac lite is MIPSBE architecture. Indeed not possible to run wifiwave2.
by erlinden
Tue Jun 18, 2024 4:47 pm
Forum: Wireless Networking
Topic: WIFI Wave2 WPA2/WPA3
Replies: 11
Views: 9407

Re: WIFI Wave2 WPA2/WPA3

Turn on wireless debug logging, perhaps that will give you some insights.
by erlinden
Tue Jun 18, 2024 3:40 pm
Forum: Wireless Networking
Topic: Capsman, ip from bridge before take from vlan
Replies: 7
Views: 1625

Re: Capsman, ip from bridge before take from vlan

First thing I notice is that there is no VLAN filtering active on the CAPs bridge. Besides, there is a lot of non CAP config. What hardware do you use as CAP?
by erlinden
Tue Jun 18, 2024 12:24 pm
Forum: General
Topic: share wifi for mobile
Replies: 4
Views: 443

Re: share wifi for mobile

SXT 5 is a low cost, high transmit power 5GHz outdoor wireless device. SXT 5 can be used for point to point links or as a CPE for point to multipoint installations.
Think you are better of with an accesspoint:
https://mikrotik.com/products/group/wir ... and-office
by erlinden
Tue Jun 18, 2024 8:28 am
Forum: Wireless Networking
Topic: Capsman, ip from bridge before take from vlan
Replies: 7
Views: 1625

Re: Capsman, ip from bridge before take from vlan

By opening a new topic you did the first step.
Now, add some relevant information (export from CAPsMAN and CAP) to give us a clue:
/export file=anynameyoullike
Remove serial and any other private information.
by erlinden
Mon Jun 17, 2024 2:35 pm
Forum: General
Topic: Access to Mikrotik from wireguard peer
Replies: 6
Views: 460

Re: Access to Mikrotik from wireguard peer

Am I introducing any security issue with such solution?
That depends. Do you want all Wireguard peers to be able to connect to your router?
Why Wireguard not added to LAN by default?
Well...because that would be a very stupid default.
by erlinden
Mon Jun 17, 2024 1:19 pm
Forum: General
Topic: Multiple CAP radios causing problems for legacy devices?
Replies: 12
Views: 883

Re: Multiple CAP radios causing problems for legacy devices?

Are the radios using the same frequency?
by erlinden
Mon Jun 17, 2024 1:05 pm
Forum: General
Topic: Access to Mikrotik from wireguard peer
Replies: 6
Views: 460

Re: Access to Mikrotik from wireguard peer

Sounds like your firewall is blocking this traffic (which it should). Have you added the Wireguard interface to the LAN Interface List? Assuming you are using this Interface List in the firewall? Otherwise, please share your config: /export file=anynameyoulike Remove serial and any other private inf...
by erlinden
Mon Jun 17, 2024 10:29 am
Forum: General
Topic: Multiple CAP radios causing problems for legacy devices?
Replies: 12
Views: 883

Re: Multiple CAP radios causing problems for legacy devices?

I have both WPA2 PSK and WPA3 PSK enabled. What can be the problem here? Why? I ran into problems (with Apple) and decided to stick to WPA2-PSK only. I you enable wireless debug logging, you might get some additional information. Meanwhile, can you please share your config (/interface/wifi export)?
by erlinden
Sat Jun 15, 2024 9:29 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 653
Views: 243692

Re: Upgrade Problems

Did anybody had a similar issue with this upgrade step?
Dude never worked for me (errors about incorrect files), upgrade through CAPsMAN works like a charm.

Sure that the path is correct and that the files are indeed in the correct folder?
by erlinden
Fri Jun 14, 2024 4:48 pm
Forum: Beginner Basics
Topic: Cap XL ac (no network) [SOLVED]
Replies: 16
Views: 2634

Re: Cap XL ac (no network) [SOLVED]

How did you power the cap?
by erlinden
Thu Jun 13, 2024 10:32 pm
Forum: General
Topic: Two Mikrotik wifi-lan sites in one subject
Replies: 2
Views: 314

Re: Two Mikrotik wifi-lan sites in one subject

Site-2-site VPN using i.e. Wireguard where all internet traffic is via VPN routed through one router. Something like that!?
by erlinden
Thu Jun 13, 2024 5:34 pm
Forum: Wireless Networking
Topic: Stuck with new wifi-"capsman"
Replies: 37
Views: 3520

Re: Stuck with new wifi-"capsman"

DHCP and Apple...could be lease time. Would help if you share the latest complete config of the device(s) running DHCP server and CAPsMAN.
Or combined WPA2-PSK and WPA3-PSK.

Yes...been there, done that.
by erlinden
Thu Jun 13, 2024 3:33 pm
Forum: General
Topic: Native vlan
Replies: 4
Views: 485

Re: Native vlan

You might want to consider not using VLAN ID 1.
Have a look at this topic with lots of explanation and examples:
viewtopic.php?t=143620
by erlinden
Thu Jun 13, 2024 3:10 pm
Forum: Wireless Networking
Topic: Stuck with new wifi-"capsman"
Replies: 37
Views: 3520

Re: Stuck with new wifi-"capsman"

really, this is not ready, mikrotik... I can assure you, based upon my experience, that it can be stable as rock. And that it has an incredible amount of options that can be (mis)configured. If you run into connection problems, there seems to be "something" that is interfering with your n...
by erlinden
Thu Jun 13, 2024 1:11 pm
Forum: Beginner Basics
Topic: ISP Bridge Mode cause issue on RB5009 [SOLVED]
Replies: 21
Views: 2728

Re: ISP Bridge Mode cause issue on RB5009 [SOLVED]

(to address or to port is mandatory for src-nat, so i couldn't apply this rule) That is new to me...the default rule is: /ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN Can you export a complete config? /export file=anynameyoulike Make sure to remove serial and any other ...
by erlinden
Thu Jun 13, 2024 11:32 am
Forum: General
Topic: Firewall doesn't drop new connections in forward (or did I do something wrong?)
Replies: 16
Views: 2418

Re: Firewall doesn't drop new connections in forward (or did I do something wrong?)

Can you use the export instead of print (to make it read friendly)?
/ip/firewall export
by erlinden
Thu Jun 13, 2024 11:29 am
Forum: Beginner Basics
Topic: ISP Bridge Mode cause issue on RB5009 [SOLVED]
Replies: 21
Views: 2728

Re: ISP Bridge Mode cause issue on RB5009 [SOLVED]

I would expect your client to use 10.0.0.1 as DNS server (as specified in /ip dhcp-server network). Why is it showing 9.9.9.9? Can you perform nslookup forum.mikrotik.com ? Can you post an ipconfig /all from this client? Can you also post a tracert 9.9.9.9 from this client? Assuming the client is a ...
by erlinden
Wed Jun 12, 2024 3:00 pm
Forum: Beginner Basics
Topic: ISP modem in bridge mode no internet coming from router
Replies: 5
Views: 765

Re: ISP modem in bridge mode no internet coming from router

I know that sometimes you have to wait some time befor you get an IP address behind a cable modem. What you can try is duplicate the MAC address of a working device to your MikroTik. Or just turn off the modem for 5 minutes, and (while the MikroTik is connected) turn the modem back on.
by erlinden
Wed Jun 12, 2024 2:04 pm
Forum: Wireless Networking
Topic: Upgrading CAP ax [SOLVED]
Replies: 5
Views: 1971

Re: Upgrading CAP ax [SOLVED]

Looks fine, might need to remove the backslash at the end:
/packages
by erlinden
Wed Jun 12, 2024 11:14 am
Forum: Wireless Networking
Topic: Stuck with new wifi-"capsman"
Replies: 37
Views: 3520

Re: Stuck with new wifi-"capsman"

HAP AX^3 Can you follow this link by the letter to see if you get it to work: https://youtu.be/37aff6d14Xk?feature=shared ok, so we can say, it doesn't make a difference if the capsman has its own wireless integrated, or, like my situation, the capsman is a vm with just 2 ethernetports and no own w...
by erlinden
Wed Jun 12, 2024 10:24 am
Forum: Wireless Networking
Topic: Stuck with new wifi-"capsman"
Replies: 37
Views: 3520

Re: Stuck with new wifi-"capsman"

Did you do this manually on the CAPsMAN?
/interface wifi
add name=cap-wifi1 radio-mac=D4:01:C3:94:99:A2
add name=cap-wifi2 radio-mac=D4:01:C3:94:99:A1
by erlinden
Wed Jun 12, 2024 10:04 am
Forum: Wireless Networking
Topic: Stuck with new wifi-"capsman"
Replies: 37
Views: 3520

Re: Stuck with new wifi-"capsman"

Can you please do a standard export instead of verbose?
by erlinden
Wed Jun 12, 2024 9:41 am
Forum: Beginner Basics
Topic: Config Thoughts?
Replies: 5
Views: 1001

Re: Verify my Firewall Config

Hi anav, thanks for your reply, I've updated the OP with the details you requested, thank you.
If you can put code tags around the config, it is more readable. Use the </> button to establish in the editor.
by erlinden
Wed Jun 12, 2024 9:39 am
Forum: Wireless Networking
Topic: Stuck with new wifi-"capsman"
Replies: 37
Views: 3520

Re: Stuck with new wifi-"capsman"

Tha CAPs config isn't complete, did you remove anything from it? If not, please reset the device to CAPS Mode (/system/reset configuration). Otherwise, please post full config. In regards to your server, start from a bare minimum: #create a security profile /interface wifi security add authenticatio...
by erlinden
Wed Jun 12, 2024 9:27 am
Forum: Wireless Networking
Topic: Migrating from CapsMan to wifi-CapsMan
Replies: 13
Views: 1808

Re: Migrating from CapsMan to wifi-CapsMan

Any further hints what we can look for?
Think you did the right thing:
viewtopic.php?t=208360
by erlinden
Tue Jun 11, 2024 6:21 pm
Forum: General
Topic: v. 7.14.3 - 7.15RC3 - 7.15RC4 router was rebooted without proper shutdown, probably kernel failure
Replies: 29
Views: 3094

Re: v. 7.14.3 - 7.15RC3 - 7.15RC4 router was rebooted without proper shutdown, probably kernel failure

Did you use its powersupply? Or was the powersupply the only thing that remained the same.
by erlinden
Tue Jun 11, 2024 5:43 pm
Forum: General
Topic: hAP-AC2 convert to Legacy Wireless?
Replies: 6
Views: 888

Re: hAP-AC2 convert to Legacy Wireless?

Check what "Factory Firmware" version is shown at /system/routerboard.
If that starts with 6.4x you can just install the latest 6.x LTS (which is currently 6.49.13).

When done, you get identical menu.

Other option is to upgrade both devices to 7.12.1 and enjoy the new menu.
by erlinden
Tue Jun 11, 2024 5:36 pm
Forum: Beginner Basics
Topic: Web server not accessible with Wireguard
Replies: 2
Views: 1162

Re: Web server not accessible with Wireguard

Think the DNS name is resolved to its public IP address. Correct?

In that case you have to use hairpin nat/nat loopback:
https://help.mikrotik.com/docs/display/ ... HairpinNAT
While you are at it, also do a sanity check on your current firewall...it has some room for improvement!
by erlinden
Tue Jun 11, 2024 10:31 am
Forum: Wireless Networking
Topic: Migrating from CapsMan to wifi-CapsMan
Replies: 13
Views: 1808

Re: Migrating from CapsMan to wifi-CapsMan

I would suggest resetting your CAP to CAPS Mode (/System/Reset Configuration), there are a couple of unnecessary items which could interfere.
by erlinden
Mon Jun 10, 2024 8:14 pm
Forum: Beginner Basics
Topic: Mixed Capsman
Replies: 3
Views: 517

Re: Mixed Capsman

You would run two instances of CAPsMAN, both wireless and wifi.
by erlinden
Mon Jun 10, 2024 9:49 am
Forum: Wireless Networking
Topic: Extreme low TX Power for HAP AX3 2.4G Band
Replies: 5
Views: 917

Re: Extreme low TX Power for HAP AX3 2.4G Band

At least you have to have both radios use the same country code. What TX power are you expecting? Sure you want to use 40MHz bandwidth (which is decreasing the power that can be used in the frequency band you use? Isn't this the maximum due to regulations? I know there is a command that shows maximu...
by erlinden
Sat Jun 08, 2024 12:55 pm
Forum: General
Topic: Upgrading Switches using CAPSMAN
Replies: 3
Views: 654

Re: Upgrading Switches using CAPSMAN

Dude...use Dude :D
by erlinden
Sat Jun 08, 2024 9:14 am
Forum: Wireless Networking
Topic: Mesh vs. Separate APs (yet another handoff discussion) [SOLVED]
Replies: 5
Views: 2716

Re: Mesh vs. Separate APs (yet another handoff discussion) [SOLVED]

What hardware are you using? To get the 802.11 k/r/v, you need to run the wifi wave2 drivers. And use CAPsMAN.
by erlinden
Thu Jun 06, 2024 4:47 pm
Forum: SwOS
Topic: Can't access CSS106 connected through SFP
Replies: 1
Views: 737

Re: Can't access CSS106 connected through SFP

Set a fixed IP address (same network as the CSS) on the computer and connect with Winbox on the default IP address of the CSS.
by erlinden
Thu Jun 06, 2024 4:04 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 75
Views: 7530

Re: hap ax3 random wireless disconnects

Winbox (and terminal) will show with what rates devices are connected. That will indicate the protocol used (866 for ac, 1200 for ax). Adding a new config is not much of work (you can disable current if you want). Then you can be sure all settings are correct. But setting it to default manually will...
by erlinden
Thu Jun 06, 2024 1:27 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 75
Views: 7530

Re: hap ax3 random wireless disconnects

Strange, as the MikroTik is supplying and the laptop is capable. Have you checked with an app like Wifi Analyzer?
I also notice you use "disable-pmkid=yes", can you start again from the basic configuration (disable current /interface wifi configuration and add a new one)?
by erlinden
Thu Jun 06, 2024 12:41 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 75
Views: 7530

Re: hap ax3 random wireless disconnects

What exact wireless card is in the laptop?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9