Community discussions

MikroTik App

Search found 800 matches

by erlinden
Sun May 16, 2021 1:45 pm
Forum: Wireless Networking
Topic: More power better unit for use case [SOLVED]
Replies: 2
Views: 105

Re: More power better unit for use case [SOLVED]

Your use case should be reconsidered...it is always the client that is limiting
by erlinden
Fri May 14, 2021 11:37 pm
Forum: General
Topic: DFS is making me nuts
Replies: 3
Views: 207

Re: DFS is making me nuts

What RouterOS version (and firmware version) are you running?
Can't you select a non DFS channel?
by erlinden
Fri May 14, 2021 9:53 am
Forum: RouterOS v7 BETA
Topic: L2TP/IPsec crashes with Android 11 client
Replies: 2
Views: 181

Re: L2TP/IPsec crashes with Android 11 client

Think support will be really interested in your supout file:
https://help.mikrotik.com/docs/display/ROS/Supout.rif
by erlinden
Thu May 13, 2021 3:59 pm
Forum: Wireless Networking
Topic: DHCP all zeros 00:00:00:00:00:00 on MAC address
Replies: 7
Views: 1569

Re: DHCP all zeros 00:00:00:00:00:00 on MAC address

Besides SSID, do both accesspoints have identical security settings?
by erlinden
Thu May 13, 2021 3:57 pm
Forum: Beginner Basics
Topic: Problems with streaming media over local network after moving to hAp ac2
Replies: 6
Views: 324

Re: Problems with streaming media over local network after moving to hAp ac2

If your laptop also has an ethernet adapter, are the problems still there while using it? Does things improve if the laptop is connected to the 5G radio? Can you set all wireless settings to default and only choose: 2.4GHz - TX Power 9 (at least a lot lower) - fixed channel - n only 5GHz - TX Power ...
by erlinden
Fri May 07, 2021 10:44 pm
Forum: Wireless Networking
Topic: Slow speed with Cap AC
Replies: 22
Views: 1425

Re: Slow speed with Cap AC

You missed the extensionchannel (to get an up to 80MHz bandwidth). Does the speed show connection speed, or is it real live speed tests? In the end...don't expect (much) more than your current speeds from this accesspoint. I used to use one and in the end switched to another brand (also because Wifi...
by erlinden
Fri May 07, 2021 1:51 pm
Forum: General
Topic: rb4011 vlan filtering and dhcp issues [SOLVED]
Replies: 8
Views: 520

Re: rb4011 vlan filtering and dhcp issues [SOLVED]

You are welcome...DHCP server can be bound to the VLAN interface as you already did.
by erlinden
Fri May 07, 2021 1:19 pm
Forum: General
Topic: rb4011 vlan filtering and dhcp issues [SOLVED]
Replies: 8
Views: 520

Re: rb4011 vlan filtering and dhcp issues [SOLVED]

If you want to have accessports (or hybrid ports) you have to set the vlan id on the bridge port while the trunk port should be left to default (with admit-only-vlan-tagged): trunk: /interface bridge port add bridge=bridge-LAN frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether9...
by erlinden
Thu May 06, 2021 12:22 pm
Forum: Wireless Networking
Topic: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]
Replies: 11
Views: 506

Re: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]

sad to say but omitting the channel did not help...
Do you mean on both radio's or on the 5G radio?
In case of the latter, just copy the working configs.

You might want to update your /caps-man export (or add a new one)
by erlinden
Thu May 06, 2021 10:53 am
Forum: Wireless Networking
Topic: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]
Replies: 11
Views: 506

Re: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]

Only select a channel on a master, on any slave you can leave channel empty (as it is already defined on the master). Per accesspoint per radio you can have only one channel selected (from a list).
by erlinden
Thu May 06, 2021 8:48 am
Forum: Wireless Networking
Topic: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]
Replies: 11
Views: 506

Re: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]

First thing I see is that you are trying to assign a different channel to a slave config. That might be the issue as there is only one radio to be configured (on the master configuration). Can you try to remove anything radio-wise on the slave configs?
by erlinden
Wed May 05, 2021 4:20 pm
Forum: General
Topic: Guest VLAN issues
Replies: 8
Views: 382

Re: Guest VLAN issues

I prefer not to use VLAN 1 in a multi VLAN network. You might want to consider changing that in accordance to this great tutorial:
viewtopic.php?t=143620
by erlinden
Wed May 05, 2021 3:05 pm
Forum: Beginner Basics
Topic: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)
Replies: 7
Views: 490

Re: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)

At least this is a bit worrying:
tx-power=40
Gladly the radios are limited in transmission power, either set them to auto (for testing purposes) or 20 at most.

My best guess would be the configuration part...it looks a bit messy
by erlinden
Tue May 04, 2021 3:29 pm
Forum: Wireless Networking
Topic: Bad CAPsMAN on RB2011UiAS v. 6.47.9
Replies: 2
Views: 260

Re: Bad CAPsMAN on RB2011UiAS v. 6.47.9

I would complain for the network being 2.4GHz only. As that band is completely saturated (depending on the location and wireless networks and other sources of interference). Looking forward to the export (as well).
by erlinden
Tue May 04, 2021 3:25 pm
Forum: Beginner Basics
Topic: Problem with PPTP/L2TP clients pinging internal hosts.
Replies: 4
Views: 280

Re: Problem with PPTP/L2TP clients pinging internal hosts.

A config would be more than welcome, you can create it with: /export hide-sensitive file=anynameyoulike
by erlinden
Mon May 03, 2021 6:21 pm
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 795

Re: VPN L2TP/IPSEC RouterOS 6.11

I can make a vpn pptp, but I really don't want to get to that point. I would, assuming this is a temporary situation, use this in combination with address list filter (allowing only listed IP addresses). Are you sure the router isn't compromised? How are you doing remote (or do you have access?) ma...
by erlinden
Mon May 03, 2021 5:44 pm
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 795

Re: VPN L2TP/IPSEC RouterOS 6.11

Get rid of the vendor, though they are correct any company not prioritizing security should be left behind. In regards to the error, please have a look at my (working) configuration: /ip ipsec profile add dh-group=modp4096 enc-algorithm=aes-256,aes-128 hash-algorithm=sha512 name=\ secure-profile /ip...
by erlinden
Mon May 03, 2021 3:32 pm
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 795

Re: VPN L2TP/IPSEC RouterOS 6.11

I wasn't aware that there was a version 6.11...why haven't you upgrade it to at least LTS (6.47.9 at this moment)? For anyone else who wants to know...6.11 was released in March 2014 (and has been cracked a lot). What does /interface l2tp-server export show (not interested in your password)? [Update...
by erlinden
Sun May 02, 2021 1:55 pm
Forum: Wireless Networking
Topic: Wifi between concrete walls
Replies: 7
Views: 573

Re: Wifi between concrete walls


Mixed solution? Wireless bridge across road and utp cable from road to first client in garage?
Unfortunately only wifi is an option :(
Gladly a wireless bridge is...wireless.

I agree, you really want to use a point to point connection with line of sight.
What are the requirements?
by erlinden
Thu Apr 29, 2021 1:35 pm
Forum: Beginner Basics
Topic: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)
Replies: 7
Views: 490

Re: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)

Can you please share your config:
/caps-man export hide-sensitive
by erlinden
Thu Apr 29, 2021 1:10 pm
Forum: General
Topic: DDNS Port Forwarding RouterOS ver 6.48.1 not working [SOLVED]
Replies: 7
Views: 426

Re: Port Forwarding ver 6.48.1 [SOLVED]

Are you really really really sure you want your alarm directly available through the Internet!?
Can you connect/test on the LAN?
What is the exact problem you are running into?

Instead of using ether1, shouldn't you be using the pppoe interface for the forward?
by erlinden
Thu Apr 29, 2021 11:57 am
Forum: Beginner Basics
Topic: Internet low speed
Replies: 15
Views: 642

Re: Internet low speed

Though a great device, I think your RB is not up for these speeds:
https://mikrotik.com/product/RB751G-2Hn ... estresults
by erlinden
Mon Apr 26, 2021 5:03 pm
Forum: Beginner Basics
Topic: Mikrotik rebooted without any reason
Replies: 5
Views: 472

Re: Mikrotik rebooted without any reason

If you don't persist your logging...you can't.
by erlinden
Thu Apr 22, 2021 9:03 pm
Forum: General
Topic: Ookla Speed Test with RB750gr3 [SOLVED]
Replies: 6
Views: 565

Re: Ookla Speed Test with RB750gr3 [SOLVED]

Make sure that you use the same RouterOS version (and consider using LTS instead of stable).
To compare please post configs from both devices (/export hide-sensitive file=anynameyoulike)
by erlinden
Thu Apr 22, 2021 9:00 pm
Forum: Beginner Basics
Topic: Configuration Restore from RB3011 to RB4011
Replies: 5
Views: 500

Re: Configuration Restore from RB3011 to RB4011

Instead of pasting, just copy the exported config file on the RB4011 device and perform:

/import file=thenameoftheconfigfile
by erlinden
Thu Apr 22, 2021 8:30 pm
Forum: General
Topic: Drop in bandwidth speed problem
Replies: 2
Views: 192

Re: Drop in bandwidth speed problem

Yes, there is 'a' setting.

Can you please share your configuration so we can find out what setting:
/export hide-sensitive file=anynameyoulike

The Routerboard should be able to handle this speed easily.
by erlinden
Thu Apr 22, 2021 11:45 am
Forum: Wireless Networking
Topic: Wireless disconnection after updating to routeros 6.48.2
Replies: 4
Views: 411

Re: Wireless disconnection after updating to routeros 6.48.2

There are some improvements that can be made on wireless:
  • Set country code (you might have to remove antenna gain before being able to)
  • Use fixed channels
  • Use 20MHz bandwidth on 2.4GHz channel
  • Don't use legacy (802.11a and 802.11b) if not necessary
These settings should improve your wireless.
by erlinden
Thu Apr 22, 2021 9:55 am
Forum: Wireless Networking
Topic: Wireless disconnection after updating to routeros 6.48.2
Replies: 4
Views: 411

Re: Wireless disconnection after updating to routeros 6.48.2

Can you share your configuration:
/export hide-sensitive file=anynameyoulike

While you are at it, you might want to upgrade firmware.
by erlinden
Sun Apr 18, 2021 8:10 pm
Forum: General
Topic: RB2011UiAS-RM VS Custom x86
Replies: 5
Views: 406

Re: RB2011UiAS-RM VS Custom x86

What are your requirements? As the RB2011 is...like...really really old, why not consider the hEX S:
https://mikrotik.com/product/hex_s
by erlinden
Sun Apr 18, 2021 7:21 pm
Forum: Beginner Basics
Topic: VPN gateway of client
Replies: 5
Views: 333

Re: VPN gateway of client

The term you are searching for is called Split Tunneling.
by erlinden
Fri Apr 16, 2021 9:08 pm
Forum: Wireless Networking
Topic: wireless, problem, android
Replies: 16
Views: 988

Re: wireless, problem, android

Try it with Tkip instead of AES. Some Xiaomi models have the same problem, solved by switching to Tkip.
Though connection wise a good advice...I would never ever use TKIP.
by erlinden
Fri Apr 16, 2021 9:05 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 40036

Re: v7.1beta5 [development] is released!

Would be thankful if support could comment if any fix is coming for 2.4ghz radios. My audience 2.4ghz radio is sometimes crashing multiple times a day, with random devices unable to join again and needing restarting. Use 20MHz bandwidth (unless there are no interference sources at all) and only WPA...
by erlinden
Fri Apr 16, 2021 11:33 am
Forum: Wireless Networking
Topic: wireless, problem, android
Replies: 16
Views: 988

Re: wireless, problem, android

Then the only thing I can think of is interference...is Wifi crowded/saturated?
by erlinden
Fri Apr 16, 2021 10:56 am
Forum: Wireless Networking
Topic: 5GHz -not visible
Replies: 4
Views: 280

Re: 5GHz -not visible

Thats perfectly ok - but it would be nice if it said this on the package... "connect and wait 8 minutes for all services to start..".
Sure this isn't caused by the regulations on the DFS channels to scan for 10 minutes?
by erlinden
Fri Apr 16, 2021 10:54 am
Forum: Wireless Networking
Topic: wireless, problem, android
Replies: 16
Views: 988

Re: wireless, problem, android

Configure it completely: fixed channel (choose wise from 1, 6 or 11 for 2.4GHz band) WAP2-AES (only) 20MHz bandwidth on 2.4GHz Disable any legacy like 802.11a/b After configuring these settings, forget the network on your mobile device and add it. What RouterOS and firmware version are you running?
by erlinden
Wed Apr 14, 2021 12:19 pm
Forum: General
Topic: no access out of firewall
Replies: 10
Views: 571

Re: no access out of firewall

what part of config ?
To be sure it covers it all...everything:
/export hide-sensitive file=anynameyoulike

You can remove MAC addresses manually
by erlinden
Tue Apr 13, 2021 2:20 pm
Forum: Wireless Networking
Topic: hAP AC + capsman performance
Replies: 12
Views: 1216

Re: hAP AC + capsman performance

Can you share: /wireless export hide-sensitive file=anynameyoulike
by erlinden
Tue Apr 13, 2021 10:05 am
Forum: RouterBOARD hardware
Topic: CRS309
Replies: 6
Views: 825

Re: CRS309

I think single stream is limited, you might want to test with multiple streams:

iperf -c 192.168.9.21 -P 5
by erlinden
Fri Apr 09, 2021 10:47 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 75
Views: 20705

Re: v6.47.9 [long-term] is released!

It does on my hEX S, @yreks. Are you using the default power adapter? I thought it was either 24V or 48V (where I'm using an 48V adapter. Not sure if that is related.
by erlinden
Fri Apr 09, 2021 2:03 pm
Forum: General
Topic: ac2 vs ac3 wifi not over 200Mb
Replies: 13
Views: 1111

Re: ac2 vs ac3 wifi not over 200Mb

Can you please share your config (and only use WPA2 AES, nothing else)?
Did you test with one client connected through cable and the other client wireless connected?
What are the client specs?
by erlinden
Wed Apr 07, 2021 9:49 am
Forum: Wireless Networking
Topic: CAPSMan went to hell
Replies: 3
Views: 434

Re: CAPSMan went to hell

Please share your config: /export hide-sensitive file=anynameyoulike
by erlinden
Mon Apr 05, 2021 5:25 pm
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1802

Re: CAPsMAN 5G doesn't work

(But I still think having to manually define channels for CAPsMAN is a bug!)
You don't have to define channels (CAPsMAN can do auto), but you should want to. Good luck
by erlinden
Mon Apr 05, 2021 10:46 am
Forum: Beginner Basics
Topic: IKEv2 VPN
Replies: 25
Views: 2142

Re: IKEv2 VPN

My Mikrotik is on VMware Machine with 6.48 Version.
Current stable version is 6.48.1, there were a lot of problems with the 6.48 version. Might also consider LTS: 6.47.9.
by erlinden
Mon Apr 05, 2021 10:43 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1802

Re: CAPsMAN 5G doesn't work

On the screenshots I see Quickset, forget about quickset (unless you are using it for getting information). WPA should never ever be used anymore (and MikroTik should get rid of any screenshot using WPA), only use WPA2 and AES only. Choose your channels (or use lists as mentioned by rushlife), for 8...
by erlinden
Sat Apr 03, 2021 11:07 pm
Forum: Wireless Networking
Topic: ipone and sonos
Replies: 10
Views: 796

Re: ipone and sonos

Funny as there is no channel configured according to your export.
In regards to the RouterOS version...it is old and should not be used from security perspective.

Did you miss the WPA security setting remark?
by erlinden
Sat Apr 03, 2021 11:02 pm
Forum: Beginner Basics
Topic: Yet another VLAN issues topic...
Replies: 22
Views: 1604

Re: Yet another VLAN issues topic...

Thank you, that is one of the guides I have read, but believe me or not, I struggle to adapt it... I believe about the struggle...it is a learning curve. This part relates to your router: https://forum.mikrotik.com/viewtopic.php?t=143620#p706998 Know that there are trunk ports and accessports: trun...
by erlinden
Sat Apr 03, 2021 10:32 pm
Forum: Beginner Basics
Topic: Yet another VLAN issues topic...
Replies: 22
Views: 1604

Re: Yet another VLAN issues topic...

Start with (only) this great topic:
viewtopic.php?t=143620

It describes a lot of situations and has helped a lot of people on the forum.
by erlinden
Sat Apr 03, 2021 9:42 pm
Forum: Wireless Networking
Topic: ipone and sonos
Replies: 10
Views: 796

Re: ipone and sonos

Please do at least the following:
by erlinden
Sat Apr 03, 2021 11:54 am
Forum: Wireless Networking
Topic: ipone and sonos
Replies: 10
Views: 796

Re: ipone and sonos

It would help if you share your configuration (using code tags, the brackets button):
/export hide-sensitive file=anynameyoulike
by erlinden
Fri Apr 02, 2021 9:46 pm
Forum: Beginner Basics
Topic: How do I configure a second AP (cAP AC) to my current home network?
Replies: 3
Views: 648

Re: How do I configure a second AP (cAP AC) to my current home network?

Thank you! Would I need to enable CAP for the new cAP AC and setup configuration container and provisioner?
That's correct.
by erlinden
Fri Apr 02, 2021 9:45 pm
Forum: RouterOS v7 BETA
Topic: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5
Replies: 8
Views: 1314

Re: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5

I upgraded through Winbox (/system > packages > check for updates) and upgraded to beta3 (if I remember correct). Aftrewards, the same for upgrades beta3 > beta4 > beta5
by erlinden
Fri Apr 02, 2021 10:24 am
Forum: Beginner Basics
Topic: How do I configure a second AP (cAP AC) to my current home network?
Replies: 3
Views: 648

Re: How do I configure a second AP (cAP AC) to my current home network?

I think the cAP ac has PoE passthrough, so you can connect it to the second ethernet port.
Dive into CAPsMAN for the configuration, to prefent interference, always use non overlapping channels.
by erlinden
Thu Apr 01, 2021 4:43 pm
Forum: Beginner Basics
Topic: How to connect CAP AP to existing router - the easiest way?
Replies: 3
Views: 374

Re: How to connect CAP AP to existing router - the easiest way?

Might be that the cAP ac is configured as router instead of accesspoint. I prefer to work from scratch: reset with no default configuration, create bridge (including DHCP client) and add all interfaces, configure wifi. That's basically enough to make the accesspoint work as requested.
by erlinden
Thu Apr 01, 2021 1:56 pm
Forum: RouterOS v7 BETA
Topic: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5
Replies: 8
Views: 1314

Re: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5

hAP ac2 128MB version, upgrade van beta4 to beta5 without problems. Could it be config related?
by erlinden
Mon Mar 29, 2021 11:53 am
Forum: Beginner Basics
Topic: Move WAN from ether1 to ether6? [SOLVED]
Replies: 10
Views: 778

Re: Move WAN from ether1 to ether6? [SOLVED]

QuickSet is, in my opinion, great for new MikroTik users to configure a basic configuration. After that, don't use it anymore at all.

In addition to your adjustments, in the IP > Firewall > NAT tab you have to change your masquerade rule as well.
by erlinden
Mon Mar 29, 2021 9:15 am
Forum: Wireless Networking
Topic: Is there a way to increase range/signal of cAP AC?
Replies: 4
Views: 779

Re: Is there a way to increase range/signal of cAP AC?

Could you please profide your config (of the CAPsMAN):
/export hide-sensitive file=anynameyoulike
by erlinden
Sun Mar 28, 2021 12:09 pm
Forum: General
Topic: ISP speed is 200 MB but Mikrotik speed is 100 MB
Replies: 14
Views: 1729

Re: ISP speed is 200 MB but Mikrotik speed is 100 MB

I see a lot of incorrect use of definitions: M = Mega m = milli B = Byte b = bits Network speed is always defined in bits per second and has an addition of either M (Mega) or G (giga). Your ISP speed is (probably) 200Mbps, because 200MB would mean a 2Gbps speed (would love to have it, but 1 Gbps is ...
by erlinden
Wed Mar 24, 2021 5:27 pm
Forum: Beginner Basics
Topic: Date & Time from NTP Server [SOLVED]
Replies: 14
Views: 1071

Re: Date & Time from NTP Server [SOLVED]

216.239.35.0...
I know for sure that is not an NTP server.

[Update]
Oops...nevermind (shame)
by erlinden
Wed Mar 24, 2021 2:42 pm
Forum: Beginner Basics
Topic: Date & Time from NTP Server [SOLVED]
Replies: 14
Views: 1071

Re: Date & Time from NTP Server [SOLVED]

Can you please share /system ntp client export
by erlinden
Wed Mar 24, 2021 8:39 am
Forum: Wireless Networking
Topic: Wireless DL double slower than UL
Replies: 3
Views: 833

Re: Wireless DL double slower than UL

At what rate (both up and down) is the device connected?
Could you also provide the wAP ac's configuration? /export hide-snesitive file=anynameyoulike
by erlinden
Fri Mar 19, 2021 9:57 pm
Forum: General
Topic: Why can't I make my hEX lite into a router?
Replies: 19
Views: 1319

Re: Why can't I make my hEX lite into a router?

I absolutely dislike (and would like to use another word...) Quick Set, but there is an easy solution: System > Reset Configration > Reset Configration This will reset the device to router. [Update] Why do you think it is in bridge mode? You can see that your WAN port is in another network segment f...
by erlinden
Fri Mar 19, 2021 4:18 pm
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN believe it or not
Replies: 6
Views: 845

Re: CRS112-8P-4S-IN believe it or not

You have a CRS112-8G-4S-IN: https://mikrotik.com/product/CRS112-8G-4S-IN
This is a non PoE switch, at least...it can be powered by passive PoE

So...I believe it ;-)
by erlinden
Fri Mar 19, 2021 1:08 pm
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN believe it or not
Replies: 6
Views: 845

Re: CRS112-8P-4S-IN believe it or not

Seeing is believing....what does it look like?
by erlinden
Fri Mar 19, 2021 11:48 am
Forum: General
Topic: Hacked or error?
Replies: 9
Views: 972

Re: Hacked or error?

Do an export (/export file=anynameyoulike) and check the config file if it contains anything unknown (like scripts). You can also share this file (/export hide-sensitive file=anyothernameyoulike) here on the forum to have a second opinion.
by erlinden
Thu Mar 18, 2021 8:36 pm
Forum: Wireless Networking
Topic: 10Mhz channel on 5GHZ
Replies: 6
Views: 762

Re: 10Mhz channel on 5GHZ

Ehm...why?
And...what error?

I think you would have to select 10MHz as Control Channel and disable extension channels, but still...why?
by erlinden
Thu Mar 18, 2021 1:56 pm
Forum: Beginner Basics
Topic: setup hap lite wifi
Replies: 9
Views: 570

Re: setup hap lite wifi

Thank you for your reply, I am not wanting to use it to broadcast any wifi rather to recieve network connection via wifi and then only use lan ports to provide network access?
So...then don't configure that part.
by erlinden
Thu Mar 18, 2021 1:10 pm
Forum: Beginner Basics
Topic: setup hap lite wifi
Replies: 9
Views: 570

Re: setup hap lite wifi

I have used this post, sure it can help you:
https://www.justinho.com/blog/2017/07/1 ... -lite.html
by erlinden
Thu Mar 18, 2021 12:27 pm
Forum: Wireless Networking
Topic: Mikrotik wifi mesh
Replies: 7
Views: 721

Re: Mikrotik wifi mesh

I need to build a mesh network with many nodes
Why? And more important, can you explain what mesh is according to you?
What are the requirements?
What is the context?
by erlinden
Thu Mar 18, 2021 11:11 am
Forum: Beginner Basics
Topic: [SOLVED] Google ChromeCast not working [SOLVED]
Replies: 8
Views: 1047

Re: Google ChromeCast not working [SOLVED]

Bit puzzled why one would buy an RB2011 in 2021. Though it is a great device, it lacks (at least) 5G wifi. In regards to your question: never use 20/40MHz bandwidth for 2.4G radio as it will interfere with...well, everything on that band. Instead, use 20MHz and and use a fixed channel (1, 6 or 11). ...
by erlinden
Wed Mar 17, 2021 1:58 pm
Forum: Beginner Basics
Topic: Configuration Restore from RB3011 to RB4011
Replies: 5
Views: 500

Re: Configuration Restore from RB3011 to RB4011

You can't use a backup file for restoring to another device (other then itself I thought), you have to have an export instead. If you have that, you can import it into the new device.
by erlinden
Wed Mar 17, 2021 12:03 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 1911

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

You don't have to switch to DFS channels...it depends on the use of the band (use the CAPsMAN > Registration Table > CAPs Scanner to find least used channel).
Indeed missed the country settings.
by erlinden
Wed Mar 17, 2021 10:40 am
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 1911

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

On 5GHz I use 40MHz at least (Ce or Ceee) and am using DFS channels as they are less crowded than the 5180-5240 channels. But it has its disadvantages (as well as advantages). Depending on whether you need 6Mbps, you can set basic rates to 12Mbps & 24Mbps and supported 12Mbps and up. Didn't you ...
by erlinden
Wed Mar 17, 2021 9:19 am
Forum: Wireless Networking
Topic: cannot use 80Mhz with my realtek on asus laptop
Replies: 12
Views: 886

Re: cannot use 80Mhz with my realtek on asus laptop

Can you please share the export (use i.e. putty): /export hide-sensitive
And don't forget to configure the wireless interfaces completely (including setting country code, but also: fixed channel/WAPA2-AES only)
by erlinden
Tue Mar 16, 2021 3:29 pm
Forum: Beginner Basics
Topic: hex s site to site vpn
Replies: 3
Views: 363

Re: hex s site to site vpn

By using the DDNS option (whatever.sn.mynetname.net) you can resolve your public IP's. You have to forward ports on the ISP router, if it can't be bridged.
by erlinden
Tue Mar 16, 2021 2:51 pm
Forum: General
Topic: Best Firewall Setting Allowing Most Speed
Replies: 6
Views: 496

Re: Best Firewall Setting Allowing Most Speed

The CRS112-8P-4S is a switch. You can run it as router, but it was not designed for this purpose.
Better choice would be RB4011 or the CCR1009-7G-1C-1S+PC, depending on your requirements.
by erlinden
Fri Mar 12, 2021 11:37 pm
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 97
Views: 81217

Re: Mikrotik wi-fi and Iphone = problem

Right now we will test some more but will eventually have to bite the bullet; should we stay or should we go.... If you start from default Wifi settings and change the following you will be ok when it comes to stability (and you will be good to go): 2.4GHz 2ghz-g/n Disable extension channel Reduce ...
by erlinden
Fri Mar 12, 2021 11:27 am
Forum: General
Topic: Double-check my first hAP ac2 configuration
Replies: 18
Views: 1242

Re: Double-check my first hAP ac2 configuration

Can you please have a look at this configuration: https://forum.mikrotik.com/download/file.php?id=45586 (it is referred to in this topic: https://forum.mikrotik.com/viewtopic.php?f=13&t=143620#p706997) This is an example of a switch with trunk port, access ports and hybrid ports. Tip: set vlan f...
by erlinden
Fri Mar 12, 2021 11:20 am
Forum: Wireless Networking
Topic: cAP to connect CAPSMAN layer3 instead layer2
Replies: 4
Views: 394

Re: cAP to connect CAPSMAN layer3 instead layer2

Can you please share both the configuration of the CAPsMAN and the CAP (and please post them between code tags):

CAPsMAN: /caps-man export
CAP: /export
by erlinden
Wed Mar 10, 2021 6:29 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 15
Views: 872

Re: Port Forwarding

So you are experiencing the problems with port 65510-65515 and am showing only forward ports 65532 and 65520 (which both work)? Can you please show the port forwards for the port range? Or better, as anav suggested, show the entire /ip firewall export?
by erlinden
Wed Mar 10, 2021 6:15 pm
Forum: General
Topic: Double-check my first hAP ac2 configuration
Replies: 18
Views: 1242

Re: Double-check my first hAP ac2 configuration

I don't understand that part.
Have a look at the link that anav posted, their you will find all info you need.
by erlinden
Wed Mar 10, 2021 3:54 pm
Forum: General
Topic: Double-check my first hAP ac2 configuration
Replies: 18
Views: 1242

Re: Double-check my first hAP ac2 configuration

So you are trying to configure it as switch with 1 trunk port (eth1) and only accessports, correct? Because it makes no sense to use NAT... I think this would be sufficient (haven't tested it) to reset without default configuration and then add: /interface bridge add admin-mac=XX:XX:XX:XX:XX auto-ma...
by erlinden
Wed Mar 10, 2021 3:14 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 15
Views: 872

Re: Port Forwarding

Unlike erlindan I refuse to speculate ;-PPPP
Writing code...nearly science fiction ;-)

Did you miss the log entry:
Message: dstnat: in:ether1 out:(unknown 0), src-mac xx:xx:xx:xx:xx:xx, ad:04:20, proto TCP (SYN), 198.199.98.246:449730->47.187.xxx.xxx:65532, len 60
by erlinden
Wed Mar 10, 2021 12:18 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 15
Views: 872

Re: Port Forwarding

Looks to me like port 65532 is hit (because it is logging) and therefor seems to work. Why do you think it is not forwarding? Can you do logging on the service site (or use wireshark)?
by erlinden
Wed Mar 10, 2021 11:40 am
Forum: Beginner Basics
Topic: RouterOS and SwOS
Replies: 6
Views: 528

Re: RouterOS and SwOS

Would it be better to make a bridge for each vlan?
The preferred way is to filter the (single) bridge, please read the link I posted earlier carefully.
by erlinden
Tue Mar 09, 2021 6:52 pm
Forum: General
Topic: Double-check my first hAP ac2 configuration
Replies: 18
Views: 1242

Re: Double-check my first hAP ac2 configuration

/interface vlan add interface=ether1 name=vlan2 vlan-id=32 add interface=ether1 name=vlan3 vlan-id=33 add interface=ether1 name=vlan4 vlan-id=36 add interface=ether1 name=vlan5 vlan-id=39 Instead of using ehter1 I would expect to see the bridge. /interface bridge port add bridge=bridge1 frame-types...
by erlinden
Tue Mar 09, 2021 4:16 pm
Forum: Beginner Basics
Topic: RouterOS and SwOS
Replies: 6
Views: 528

Re: RouterOS and SwOS

For my plain simple switch. using ROS, its not accessible by winbox but by IP address only.
Correct, and will have a default IP address of 192.168.88.1. Don't forget to set a fixed IP address on your LAN adapter.
Winbox will show the switch though it can't be managed by Winbox.
by erlinden
Tue Mar 09, 2021 3:12 pm
Forum: Beginner Basics
Topic: RouterOS and SwOS
Replies: 6
Views: 528

Re: RouterOS and SwOS

by erlinden
Tue Mar 09, 2021 10:04 am
Forum: Beginner Basics
Topic: VLAN on L2 switches and Communication between VLANs Via Mikrotik
Replies: 4
Views: 390

Re: VLAN on L2 switches and Communication between VLANs Via Mikrotik

This topic is a great tutorial on how to implement VLAN with MikroTik:
viewtopic.php?t=143620
by erlinden
Mon Mar 08, 2021 3:37 pm
Forum: Wireless Networking
Topic: "No internet connection available" on CAPsMAN
Replies: 2
Views: 362

Re: "No internet connection available" on CAPsMAN

Couple of things (that might help): Only use WPA2-AES, nothing else Only use channels 1, 6 and 11. Anything in between will cause interference Get rid of the access-list...any (modern) client will handle this themselves Disable 802.11b, just keep 802.11g/n What version of RouterOS are you running? W...
by erlinden
Mon Mar 08, 2021 12:56 pm
Forum: General
Topic: Open ftp only for WAN-IP-range [SOLVED]
Replies: 12
Views: 701

Re: Open ftp only for WAN-IP-range [SOLVED]

FTPS is not the same as SFTP.
According to this forum you should be able to use SSL/TLS:
http://forums.dlink.com/index.php?topic=60539.0
by erlinden
Mon Mar 08, 2021 11:22 am
Forum: General
Topic: Open ftp only for WAN-IP-range [SOLVED]
Replies: 12
Views: 701

Re: Open ftp only for WAN-IP-range [SOLVED]

What NAS are you using? FTPS might be an option...
by erlinden
Mon Mar 08, 2021 11:02 am
Forum: General
Topic: Open ftp only for WAN-IP-range [SOLVED]
Replies: 12
Views: 701

Re: Open ftp only for WAN-IP-range [SOLVED]

For data you have to forward a passive port range (configured in the FTP server). You might want to consider SFTP (from a security perspective).
by erlinden
Mon Mar 08, 2021 10:23 am
Forum: General
Topic: L2tp-server not working
Replies: 5
Views: 417

Re: L2tp-server not working

Could you also post part of your configuration: /ip ipsec profile ?
by erlinden
Mon Mar 08, 2021 9:46 am
Forum: General
Topic: Open ftp only for WAN-IP-range [SOLVED]
Replies: 12
Views: 701

Re: Open ftp only for WAN-IP-range [SOLVED]

There are better options than FTP, but it is your choice. Port 21 is not sufficient for FTP, if it is working (the data part) you might want to investigate why.
by erlinden
Mon Mar 08, 2021 9:43 am
Forum: General
Topic: L2tp-server not working
Replies: 5
Views: 417

Re: L2tp-server not working

To me, 3.24 sounds like the Winbox version...correct? What software version is the Routerboard running...6.45.6?
You have to have a look in the logging to get a first clue.
by erlinden
Fri Mar 05, 2021 7:57 pm
Forum: General
Topic: Routing Problem [SOLVED]
Replies: 24
Views: 1693

Re: Routing Problem [SOLVED]

Can you please show your /ip routes?
by erlinden
Wed Mar 03, 2021 6:38 pm
Forum: Beginner Basics
Topic: MikroTik WAP
Replies: 5
Views: 382

Re: MikroTik WAP

Why don't you stop posting messages if you can't give an interesting answer? That's the second question I am also interested in. As far as I know this is a forum and anav is not part of the helpdesk (correct me if I'm wrong). And a forum is for starting discussions, not a place to just drop questio...
by erlinden
Tue Mar 02, 2021 5:09 pm
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 929

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

I'm using a recent cAP ac with 6.49beta11, and a hEX S also with 6.49beta11. Currently I'm running LTS (6.47.9) which works best for me. Why are you running beta? Could be beta related (though I have no clue). Great addition, biomesh. I alreay wondered why there was a /caps-man interface section in...
by erlinden
Tue Mar 02, 2021 4:51 pm
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 929

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

What version Routerboard and firmware are you running?
Haven't seen the L2MTU size set before (except in very old configuration examples), do you need it? I prefer to use as much default as possible, leave everything (i.e. L2MTU) empty, etc
by erlinden
Tue Mar 02, 2021 10:06 am
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 929

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

Can you please share your configuration?
/caps-man export

I'm sure the cAP ac is capable of two streams (up and down), might be a configuration thing.

In regards to your expectations...500Mbps is a bit enthousiastic.
by erlinden
Thu Feb 25, 2021 10:47 am
Forum: Wireless Networking
Topic: Network Mesh?? How To?
Replies: 7
Views: 742

Re: Network Mesh?? How To?

It is REALLY easy to find out the SSID of a hidden network. Though conceptionally it sounds better to make it hidden.
Transmission power can be set in de Advanced mode of the wireless interface.
by erlinden
Thu Feb 25, 2021 8:39 am
Forum: Forwarding Protocols
Topic: vpn public ip cant ping
Replies: 18
Views: 1354

Re: vpn public ip cant ping

Having a Windows machine publicly available is not really good practice security wise. You better only forward ports that are absolutely necessary. And...start running a VPN server on your router for management purposes and making resources available. By the way, to show your config use /export hide...
by erlinden
Thu Feb 25, 2021 8:31 am
Forum: Wireless Networking
Topic: Network Mesh?? How To?
Replies: 7
Views: 742

Re: Network Mesh?? How To?

Lots of recommendations here: - don't use hidden SSID, it really makes no sense at all - besides SSID and password, the security settings have to be identical - as mentioned above, always use non-overlapping channels - optimize transmission power, "as low as possible" (especially in the 2....
by erlinden
Tue Feb 23, 2021 6:57 pm
Forum: Wireless Networking
Topic: cAP AC Access Points... best quick set? (resolved with no quick set as best option, but solution provided) [SOLVED]
Replies: 22
Views: 1321

Re: cAP AC Access Points... best quick set? [SOLVED]

Sounds like it is not in caps mode, by default it is not broadcasting any SSID's.

From Winbox you can put it in caps mode as well:
viewtopic.php?t=148207
by erlinden
Tue Feb 23, 2021 12:00 pm
Forum: Beginner Basics
Topic: help please
Replies: 10
Views: 613

Re: help please

Though I fully agree, erkexzcx, first we have to know if this is unwanted.
by erlinden
Tue Feb 23, 2021 9:22 am
Forum: Beginner Basics
Topic: help please
Replies: 10
Views: 613

Re: help please

I read port 25 and 587, looks like someone/something is trying to connect to it. Do you have a mail server behind the router? Unfortunately your screenshot isn't showing the source IP address clearly, therefor can't say who is doing this. If you are not running a mailserver, you might want to blokck...
by erlinden
Sun Feb 21, 2021 6:48 pm
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 74
Views: 25734

Re: Band Steering implementation?

I think there are not many good working implementations of bandsteering. Besides, any modern device will choose 5G over 2.4G, especially if you tweak the TX power. Any effort on implementing this would be a total waste of time in my opinion. While there are so many other relevant implementations tha...
by erlinden
Sat Feb 20, 2021 5:21 pm
Forum: General
Topic: Can't Make New NAT Rules Work [SOLVED]
Replies: 13
Views: 590

Re: Can't Make New NAT Rules Work [SOLVED]

Can you please share your NAT rules (/ip firewall nat export)? Do you have the default filter rules (while you are at it: /ip firewall filter export)?
by erlinden
Thu Feb 18, 2021 3:28 pm
Forum: General
Topic: NAT https with aditional port
Replies: 3
Views: 246

Re: NAT https with aditional ports

This can be handled by /ip firewall nat:
add action=dst-nat chain=dstnat comment="Port translation (or any other comment)" dst-address-list=[fill in the public IP address] dst-port=443 log=yes protocol=tcp to-addresses=[fill in the private IP address] to-ports 9152
by erlinden
Tue Feb 16, 2021 2:27 pm
Forum: Beginner Basics
Topic: Upgrade path from 6.40.5
Replies: 3
Views: 292

Re: Upgrade path from 6.40.5

I would:
  • Make a full export (/export file=anynameyoulike *))
  • Reset device
  • Upgrade to latest version
  • Import the export file
*) Do not forget to copy the export to a computer
by erlinden
Sun Feb 14, 2021 2:13 pm
Forum: General
Topic: Help 3 router one behind the other
Replies: 4
Views: 375

Re: Help 3 router one behind the other

Why?

In my opinion it makes absolutely no sense (based on the supplied information) to have it configured like this.
Why not configure your MikroTiks as accesspoints with build in switches?
by erlinden
Sat Feb 13, 2021 9:27 pm
Forum: SwOS
Topic: CRS 112 Slow Throughput
Replies: 17
Views: 1207

Re: CRS 112 Slow Throughput

Better share a complete configuration, can you please share yours (by /export hide-sensitive file=anynameyoulike)?
And...did you check the URL posted before: https://wiki.mikrotik.com/wiki/Manual:C ... s_examples
Because that exactly describes how this CRS112 should be configured.
by erlinden
Sat Feb 13, 2021 8:48 am
Forum: General
Topic: created VLAN but cannot route through to internet from it.
Replies: 4
Views: 298

Re: created VLAN but cannot route through to internet from it.

Please read this tutorial very carefully, it is the best resource (in my opinion) on VLAN and RouterOS:
viewtopic.php?t=143620
by erlinden
Fri Feb 12, 2021 10:34 am
Forum: General
Topic: Home Network is Failing
Replies: 10
Views: 675

Re: Home Network is Failing

I switched to LTS, currently version 6.47.9. Great performance, might help you as well.
by erlinden
Thu Feb 11, 2021 11:58 am
Forum: Beginner Basics
Topic: Confused how to do VLAN Firewall filters? [SOLVED]
Replies: 8
Views: 539

Re: Confused how to do VLAN Firewall filters? [SOLVED]

Volgens mij volstaat het om de volgende regel aan te maken:
add action=drop chain=forward comment="Block guest network except WAN" in-interface=GUEST_VLAN out-interface-list=!WAN
Herewith my guest network is blocked from any other network (VLAN), WAN is allowed
by erlinden
Wed Feb 10, 2021 9:10 pm
Forum: Beginner Basics
Topic: hAP AC Lite Setup as Access Point Only
Replies: 3
Views: 434

Re: hAP AC Lite Setup as Access Point Only

That is a perfect approach, don't forget to configure the wireless interfaces (WPA2/AES, fixed channels, correct bandwidths, country code, etc.).
by erlinden
Wed Feb 10, 2021 10:35 am
Forum: Beginner Basics
Topic: Need some advice for a Mikrotik beginner
Replies: 3
Views: 366

Re: Need some advice for a Mikrotik beginner

And your question is?
What is your definition of 'better'?
And what is your definition of mesh?
by erlinden
Tue Feb 09, 2021 4:03 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 75
Views: 20705

Re: v6.47.9 [long-term] is released!

Got it installed on my RB4011/CRS112/2xcAP ac/wAP ac (coming from 6.478.1), will monitor. Upgrade went very smooth!
by erlinden
Tue Feb 09, 2021 8:37 am
Forum: Beginner Basics
Topic: hAP AC Lite Setup as Access Point Only
Replies: 3
Views: 434

Re: hAP AC Lite Setup as Access Point Only

Answers:

1. It depends on what you prefer to use (I never use Quickset), but the result is the same. You probably have firewall rules, but they are not hit.
2. you can do a lot of security improvements, but the question is what is required (for you).
by erlinden
Mon Feb 08, 2021 10:14 am
Forum: RouterBOARD hardware
Topic: "fcs error on link", every day
Replies: 10
Views: 780

Re: "fcs error on link", every day

First thing I notice is that the SFP's have different wavelengths...sure that will work?
What RouterOS version are you running?
by erlinden
Sun Feb 07, 2021 11:31 am
Forum: Beginner Basics
Topic: Need help with port openings
Replies: 5
Views: 476

Re: Need help with port openings

Still in doubt whether I should help you or not (and especially if you are helped by getting the ports in place). By the choice of ports I'm not convinced of sufficient knowledge about security (let alone that port 20 FTP should be set outbound instead of inbound). Besides, there are tons of tutoria...
by erlinden
Fri Feb 05, 2021 2:58 pm
Forum: Wireless Networking
Topic: No wlan interface
Replies: 1
Views: 330

Re: No wlan interface

It might be caused by the fact that the hEX S doesn't have wireless interfaces.
To "solve" this you might want to consider getting an RB with wireless interfaces, like a hAP AC2 (or 3).
by erlinden
Wed Feb 03, 2021 1:45 pm
Forum: Beginner Basics
Topic: Help please!
Replies: 7
Views: 584

Re: Help please!

Can you please first share your configuration (via terminal):

/export hide-sensitive file=anynameyoulike
by erlinden
Wed Feb 03, 2021 1:00 pm
Forum: Beginner Basics
Topic: Help please!
Replies: 7
Views: 584

Re: Help please!

Could not resolve DNS name...that means that there is a problem with DNS. Is the device connected to a network? Did it get a proper IP address? Does it have Internet access? I thought this might be easy. Welcome to MikroTik ;-) Tip: Instead of a cry for help, please use a proper description as title...
by erlinden
Tue Feb 02, 2021 9:01 pm
Forum: General
Topic: website responds ping but does not navigate
Replies: 6
Views: 573

Re: website responds ping but does not navigate

ICMP doens't say anything about webserver (though the webserver could theoretically respond to the ICMP request).
Can you please share the websites you encounter problems.

Things that come to my mind:
  • IPv6
  • DNS
  • Block
by erlinden
Tue Feb 02, 2021 8:59 pm
Forum: Beginner Basics
Topic: My last hope.
Replies: 10
Views: 858

Re: My last hope.

Just to be sure, the RB receives a public IP address?
Are you gaming through Wifi or through cable?
by erlinden
Tue Feb 02, 2021 4:40 pm
Forum: General
Topic: NEW STABLE VERSION 6.47.3 DOES NOT RECEIVE IP FOR INTERFACE AT 10 mbps?
Replies: 2
Views: 306

Re: NEW STABLE VERSION 6.47.3 DOES NOT RECEIVE IP FOR INTERFACE AT 10 mbps?

Luckily you managed to disengage the Caps-Lock key in the end. Actually, that caused additional confusion (as m = milli)... @Holden1: Without proper information it will be difficult. Can you al least share the configuration? /export hide-sensitive file=anynameyoulike By default all ports should be ...
by erlinden
Tue Feb 02, 2021 3:07 pm
Forum: Wireless Networking
Topic: CAPsMAN / Local forwarding - Roaming Apple devices
Replies: 1
Views: 385

Re: CAPsMAN / Local forwarding - Roaming Apple devices

Do you have both 2.4G and 5G radios enabled? It could be caused by too high TX Power on the 2.4G radio.
Perhaps you can share your CAPsMAN configuration: /caps-man export hide-sensitive file=anynameyoulike
by erlinden
Tue Feb 02, 2021 12:23 pm
Forum: Beginner Basics
Topic: Route VLAN to seperate public IP
Replies: 1
Views: 248

Re: Route VLAN to seperate public IP

My guess would be by having three masquerade rules.
Here is a topic that can be helpful:
viewtopic.php?t=142214
by erlinden
Tue Feb 02, 2021 11:00 am
Forum: Beginner Basics
Topic: My last hope.
Replies: 10
Views: 858

Re: My last hope.

Do you experience the same problems when your computer is connected directly to the Netgear (by cable!)? Why would you use multiple routers (NAT after NAT)?
by erlinden
Mon Feb 01, 2021 2:22 pm
Forum: Forwarding Protocols
Topic: public ip ping
Replies: 4
Views: 611

Re: public ip ping

For responding to ping, you have to have this line in your firewall filter rules: /ip firewall filter add action=accept chain=input comment="accept ICMP" protocol=icmp What do you mean by you can ping your gateway...is this from the internal network? i dont have firewall i dont know whats ...
by erlinden
Thu Jan 28, 2021 12:40 pm
Forum: General
Topic: Can´t get routing to work [SOLVED]
Replies: 7
Views: 398

Re: Can´t get routing to work [SOLVED]

ok I understand, but then I have to reconfigure ASUS Wlan to be an AP instead of an router. In AP Mode NAT is not required. Is that correct ?
Correct, there are a lot of reasons why you don't want multiple NAT in your network (and you have found one of them ;-)).
by erlinden
Thu Jan 28, 2021 12:30 pm
Forum: General
Topic: Can´t get routing to work [SOLVED]
Replies: 7
Views: 398

Re: Can´t get routing to work [SOLVED]

yes the ASUS Router is configured as router, therefore NAT is active and required.
There is your problem: because of NAT on the Asus, all traffic is blocked (as should be) from WAN to LAN. Please reread my earlier reply.
by erlinden
Thu Jan 28, 2021 12:14 pm
Forum: General
Topic: Can´t get routing to work [SOLVED]
Replies: 7
Views: 398

Re: Can´t get routing to work [SOLVED]

You have to allow these requests in the Asus router. Is NAT required on the Asus?
by erlinden
Thu Jan 28, 2021 11:28 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 175
Views: 121480

Re: Using RouterOS to VLAN your network

Is that correct? Yes I tried to implement the great tutorial, unfortunately I get an error when defining the WAN IP # Yellow WAN facing port with IP Address provided by ISP /ip address add interface=ether1 address=a.a.a.a/aa network=a.a.a.0 get me this error back "error while running run-after...
by erlinden
Wed Jan 27, 2021 3:50 pm
Forum: General
Topic: Hex S & cAP ac - Powered with PoE?
Replies: 4
Views: 388

Re: Hex S & cAP ac - Powered with PoE?

Have been using Hex S with cAP ac (powered by the Hex S) for some time now...without any problems. I would first check cable, what exact cable is in between the two? Can you try with a short patch cable in between?
by erlinden
Wed Jan 27, 2021 10:18 am
Forum: General
Topic: pptp vpn client cannot connect
Replies: 6
Views: 6571

Re: pptp vpn client cannot connect

Topci Author, did you find a solution?
In those nearly 7 years he probably did...
Hope you are not overthinking PPTP!?
by erlinden
Tue Jan 26, 2021 9:29 am
Forum: General
Topic: CAPSMAN + cap VLAN + namagement vlan
Replies: 7
Views: 617

Re: CAPSMAN + cap VLAN + namagement vlan

Just add multiple frequencies: https://dub01pap001files.storage.live.com/y4mMev_QoU1Pr8O977z6UYHvcvyRmUTIRdjnX-6uT52GNTbotLyhmI6LB2k-Dlln68OtSExaE56N8Vzwci6GWE-8vyUT65PSxzc6akjYHaKgLLMXKR4V1h1-IQnb1R2LaNUw6gyky_pZxQfj41u-vTtEzzeS_Dyg4EK5Iskk9RT9_bG3KPHeEEiVohVPaelxwTj?width=376&height=270&cr...
by erlinden
Tue Jan 26, 2021 9:11 am
Forum: Wireless Networking
Topic: Can't get only 40MHz 2.4GHz
Replies: 2
Views: 484

Re: Can't get only 40MHz 2.4GHz

As far as I know by using extension channels you are able to choose for 40MHz bandwidth. And depending on the selected extension channel (Ce or eC) you can manually select the combined channels used (where XX gives you random channels). You can explain both the use case and the problems you are runn...
by erlinden
Mon Jan 25, 2021 9:47 am
Forum: General
Topic: Migration from CCR1016 to CCR1036
Replies: 1
Views: 209

Re: Migration from CCR1016 to CCR1036

Configuration can be exported using /export file=mycurrentconfig (or any other name you like).
This export can be imported into a different Routerboard, passwords won't be exported unfortunately (and I think users aren't as well).
by erlinden
Sun Jan 24, 2021 4:47 pm
Forum: General
Topic: CAPSMAN + cap VLAN + namagement vlan
Replies: 7
Views: 617

Re: CAPSMAN + cap VLAN + namagement vlan

Please use the code tags (from the menu, select "brackets") to make it more readable. First thing I would change is using a single bridge with VLAN filtering on it (both on the CAPsMAN and the CAP). Assign IP addresses to the VLAN interfaces. Don't use auto frequencies, ever. You can add c...
by erlinden
Thu Jan 21, 2021 2:43 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 151
Views: 81092

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

Yep, they are designed to pass good traffic for further processing by firewall
Thank you very much Chupaka, all I had to do is add the internal DNS server to the list that iukatech quoted. It is now working!
by erlinden
Thu Jan 21, 2021 2:17 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 151
Views: 81092

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

01/13/2021 Still works like a charm on the newer firm as we just went through the same issue
Do these rules have to be at the top of the firewall?
by erlinden
Thu Jan 21, 2021 10:06 am
Forum: General
Topic: dhcp1 offering lease xxx.xxx.xxx.xxx for xx:xx:xx:xx:xx:xx without success
Replies: 3
Views: 278

Re: dhcp1 offering lease xxx.xxx.xxx.xxx for xx:xx:xx:xx:xx:xx without success

Where is the DHCP client on the RB3011 connected to?
Can you please share the config of the RB3011: /export hide-sensitive file=anynameyoulike
by erlinden
Wed Jan 20, 2021 5:28 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3087

Re: NAT not working...

Masquerade is for handling NAT.
by erlinden
Wed Jan 20, 2021 2:06 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3087

Re: NAT not working...

OK have done it.
Will be a problem with the disabled Masquerade? Is needed to delete it or it can be disabled?
Disabled is disabled...so it won't interfere.

Is both masquerade and port forwarding working now?
by erlinden
Wed Jan 20, 2021 11:45 am
Forum: Beginner Basics
Topic: Dividing one routerboard making it two separate wan routers
Replies: 6
Views: 517

Re: Dividing one routerboard making it two separate wan routers

Like the Hex S has port 1 as WAN and the other ports a LAN, does this mean that this is a hardware or is it just a convenience marking on the case. Convenience only, you can have any port(s) as WAN port. It just requires the proper configuration. Agree with @quackyo, I would actually use VLAN's (bu...
by erlinden
Wed Jan 20, 2021 10:41 am
Forum: RouterBOARD hardware
Topic: hAP ac³
Replies: 31
Views: 4499

Re: hAP ac³

Did you found any solution to that problem or I purchased a dummy wifi router with big antennas?
Can you please share your config?
/interface wireless export hide-sensitive file=anythingyoulike
by erlinden
Tue Jan 19, 2021 4:08 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3087

Re: NAT not working...

Can you change
add action=masquerade chain=srcnat src-address=10.0.10.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.20.11.0/24
to:
add chain=srcnat action=masquerade out-interface-list=WAN
by erlinden
Tue Jan 19, 2021 3:44 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3087

Re: NAT not working...

I have change it to the WAN, but no change. Its the same.
Can you please post your configuration here:
/export hide-sensitive file=anythingyoulike
by erlinden
Tue Jan 19, 2021 1:51 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3087

Re: NAT not working...

Ok and what should I choose in the out. Interface (list)? - LAN, Wan, all, dynamic, none and static
You can choose either the interface "Orange Optic" or the interface list WAN (assuming the interface is added tot the list as WAN).
by erlinden
Tue Jan 19, 2021 12:15 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3087

Re: NAT not working...

I was expecting an masquerade rule with an Out. Interface (List) specified. And I think the src-address can be left empty.
Are you sure you want to have your DNS server publicly available?
by erlinden
Mon Jan 18, 2021 9:38 am
Forum: Beginner Basics
Topic: querry on mikrotik hotspot status page
Replies: 3
Views: 515

Re: querry on mikrotik hotspot status page

If you want to use an name instead of using IP address, you will have to solve this by DNS. And...that's about it, I think.
by erlinden
Mon Jan 18, 2021 9:16 am
Forum: General
Topic: help
Replies: 7
Views: 622

Re: help

Can you please share your config: /export hide-sensitive file=anythingyoulike?
by erlinden
Mon Jan 18, 2021 9:14 am
Forum: Wireless Networking
Topic: Capsman issues
Replies: 1
Views: 335

Re: Capsman issues

Would be very helpful if you could share the config of the CAPsMAN here:
/export hide-sensitive file=anythingyoulike

What is the CPU usage on the CAPsMAN?
by erlinden
Sun Jan 17, 2021 5:20 pm
Forum: General
Topic: Full disk on empty router hAP ac^2
Replies: 4
Views: 506

Re: Full disk on empty router hAP ac^2

What is the fix-space package? And why is the version different from your ROS?
by erlinden
Sat Jan 16, 2021 10:54 pm
Forum: The User Manager
Topic: DHCP server problem
Replies: 13
Views: 13685

Re: DHCP server problem

@Buelo, Kid Control is MAC Address based. You might run into problems because a lot of devices are using random MAC addresses for privacy purposes. @borislav, can you share your config ( /export hide-sensitive file=anythingyoulike )? Only situation where I ran into DHCP problems, it was because of m...
by erlinden
Fri Jan 15, 2021 8:59 pm
Forum: Wireless Networking
Topic: WIFI - Poor Performance on RBwAPG-5HacT2HnD
Replies: 5
Views: 3489

Re: WIFI - Poor Performance on RBwAPG-5HacT2HnD

Indeed it is difficult to configure wireless properly, it requires a steep learning curve. From your configuration I see a lot is either wrong or missing. Beside, your firmware is outdated, you will get much better performance on the LTS (stable has some problems with the RB3011). For the 5G radio p...
by erlinden
Fri Jan 15, 2021 4:53 pm
Forum: Beginner Basics
Topic: MikroTik 328-24P-4S+RM as a router? [SOLVED]
Replies: 3
Views: 345

Re: MikroTik 328-24P-4S+RM as a router? [SOLVED]

The RB4011 will handle Gigabit just fine, unlike the crs328_24p_4s.
See also: https://mikrotik.com/product/crs328_24p ... estresults
by erlinden
Fri Jan 15, 2021 12:42 pm
Forum: Beginner Basics
Topic: Crs 112 Proplem
Replies: 8
Views: 535

Re: Crs 112 Proplem

Then why are you trying to run SQL statements?
Can you reset with the option "No Default Configuration"?
Can you post the contents of /file (/file print or screenshot)?
by erlinden
Fri Jan 15, 2021 12:18 pm
Forum: Beginner Basics
Topic: Crs 112 Proplem
Replies: 8
Views: 535

Re: Crs 112 Proplem

Sure you want to you use your switch as database server?
by erlinden
Fri Jan 15, 2021 12:14 pm
Forum: Beginner Basics
Topic: NAT Loopback / DNS
Replies: 9
Views: 756

Re: NAT Loopback / DNS

Indeed Hairpin NAT or a proper DNS configuration. Wonder what services on the NAS you would like to publish to the Internet. There might be a better way.
by erlinden
Thu Jan 14, 2021 10:20 am
Forum: General
Topic: Site-to-site VPN with dynamic DNS
Replies: 3
Views: 391

Re: Site-to-site VPN with dynamic DNS

I would use IPSEC, here is a great blogpost I found (and am using):
https://blog.pessoft.com/2016/05/29/mik ... s-and-nat/
by erlinden
Thu Jan 14, 2021 8:55 am
Forum: The User Manager
Topic: Mikrotik app [SOLVED]
Replies: 3
Views: 596

Re: Mikrotik app [SOLVED]

Why would you want the port changed?
by erlinden
Wed Jan 13, 2021 12:29 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 69516

Re: v6.48 [stable] is released!

any ideas why upgrade causes full of errors regarding IKE2 rekey?
search.php?keywords=rekey&t=171035&sf=msgonly
by erlinden
Tue Jan 12, 2021 5:19 pm
Forum: General
Topic: How to setup Mikrotik router and TTL
Replies: 14
Views: 1230

Re: How to setup Mikrotik router and TTL

Can you please share the configuration (/export hide-sensitive file=anythingyoulike)?
What have you tried, what are you trying and what problems are you running into?
by erlinden
Mon Jan 11, 2021 3:51 pm
Forum: General
Topic: Migrate from 1100 to 3011
Replies: 2
Views: 247

Re: Migrate from 1100 to 3011

Export is the best option, make sure that the 3011 is Reset to Defaults with No Default Configuration before importing the export file. Be aware (please check the export file before importing it into the 3011) that the 1100 has more ethernet ports than the 3011. You will have to remove them from the...
by erlinden
Mon Jan 11, 2021 3:38 pm
Forum: General
Topic: Limiting time in mikrotik for employees
Replies: 2
Views: 232

Re: Limiting time in mikrotik for employees

Because you treat your employees like kids...try kid control ;-)
First part was a little joke, kid control will do this just fine.
by erlinden
Mon Jan 11, 2021 1:17 pm
Forum: Wireless Networking
Topic: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station??
Replies: 4
Views: 427

Re: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station??

@bwpl, agree at first sight...it is actually the second (802.11n/green) column shown in the table on your URL.
by erlinden
Mon Jan 11, 2021 11:06 am
Forum: Wireless Networking
Topic: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station??
Replies: 4
Views: 427

Re: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station??

I think it should work if you set the frequency to 5785 MHz (which is channel 157) and extension channel to Ce (to combine it with 161). In what country are you? See also: https://www.silextechnology.com/hs-fs/hubfs/Blog_Images/5GHz_40MHz%20Channel%20Update%20for%20UK.png?width=954&height=410&am...
by erlinden
Thu Jan 07, 2021 6:55 pm
Forum: Beginner Basics
Topic: Speed of internet not working on RB951G-2HnD
Replies: 9
Views: 827

Re: Speed of internet not working on RB951G-2HnD

Be aware that this RB is not really new...ther CPU usage is a good indicator that something is limiting.
Do you use queues? Can you share your config?
/export hide-sensitive file=anythingyoulike
by erlinden
Thu Jan 07, 2021 5:46 pm
Forum: Beginner Basics
Topic: Speed of internet not working on RB951G-2HnD
Replies: 9
Views: 827

Re: Speed of internet not working on RB951G-2HnD

I would expect better results...how are you testing? What is the CPU usage on the RB while testing? Anything special in your configuration?
by erlinden
Thu Jan 07, 2021 9:52 am
Forum: General
Topic: mikrotik audience best wireless performance
Replies: 2
Views: 306

Re: mikrotik audience best wireless performance

Perhaps you can share your configuration?
/export hide-sensitive flie=anythingyoulike (and place the outcome between [])
by erlinden
Thu Jan 07, 2021 9:30 am
Forum: General
Topic: DHCP client on bridge interface with a VLAN DHCP not working
Replies: 5
Views: 853

Re: DHCP client on bridge interface with a VLAN DHCP not working

It should be working...can you please share your configs: /export hide-sensitive file=anythingyoulike?
And please use the [] tags to make it readable.
by erlinden
Mon Jan 04, 2021 2:58 pm
Forum: Beginner Basics
Topic: FTP connecting from WAN without open port on router
Replies: 10
Views: 799

Re: FTP connecting from WAN without open port on router

Do you have UPnP enabled?
By default everything is blocked unless a port is forwarded.
by erlinden
Mon Jan 04, 2021 9:26 am
Forum: Wireless Networking
Topic: Force users to swap to 5Ghz
Replies: 5
Views: 817

Re: Force users to swap to 5Ghz

There is a TX Power setting in CAPsMAN.
by erlinden
Sun Jan 03, 2021 10:32 pm
Forum: General
Topic: vlan over multriple mikrotik devices
Replies: 2
Views: 382

Re: vlan over multriple mikrotik devices

Please read this great tutorial:
viewtopic.php?t=143620
by erlinden
Sun Jan 03, 2021 12:46 am
Forum: Beginner Basics
Topic: Enable 5Ghz band for wifi
Replies: 6
Views: 740

Re: Enable 5Ghz band for wifi

Did you read it at all?
Using RouterOS to VLAN your network
by erlinden
Sun Jan 03, 2021 12:29 am
Forum: Beginner Basics
Topic: Enable 5Ghz band for wifi
Replies: 6
Views: 740

Re: Enable 5Ghz band for wifi

There is no 5G radio in this device, hence it is missing.
There is a great tutorial on VLAN, just use the search option or Google.

Here you go: viewtopic.php?p=781603
by erlinden
Sat Jan 02, 2021 1:40 pm
Forum: General
Topic: Mikrotik Error when generating external PDF file
Replies: 8
Views: 2223

Re: Mikrotik Error when generating external PDF file

Hey, I have the same ptroblem, but I'm not that handy with stuff like this, so I just feel lost at the moment.
Open a new topic with your specific environment and all the information that is relevant. Unless you are also failing on trying to export pdf and have a compromised RB.
by erlinden
Fri Jan 01, 2021 3:55 pm
Forum: General
Topic: Guest Wifis for two separate VLANs
Replies: 10
Views: 711

Re: Guest Wifis for two separate VLANs

Agree, but then I would need (in my special setup) an additional pieces of hardware "combining" vlan 10 and guest-vlan for internet access... I tried to avoid it and with my setup described in second post I was able to do so :) If only a router could do this... Can you please give an over...
by erlinden
Fri Jan 01, 2021 2:07 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 69516

Re: v6.48 [stable] is released!

I absolute love the wireless improvement I'm experiencing. More stability and higher speeds. Unfortunately I noticed periodic "link down", strangely enough only between my RB4011 and my CRS112-8P-4S. This is not occurring between the RB4011 and a cAP ac and not between CRS112-8P-4S and the...
by erlinden
Thu Dec 31, 2020 1:22 pm
Forum: Wireless Networking
Topic: cAP ac power consumption
Replies: 7
Views: 1154

Re: cAP ac power consumption

It states "Max power consumption" which is different from consuming 13 Watt. My cAP ac is consuming below 5 Watt, both WLAN's and one LAN active.
by erlinden
Wed Dec 30, 2020 12:09 pm
Forum: General
Topic: Guest Wifis for two separate VLANs
Replies: 10
Views: 711

Re: Guest Wifis for two separate VLANs

Can't you just make two additional VLAN's for the Guest network?
With four VLAN's you will be able to separate (or share) any combination of sharing/blocking you like.
by erlinden
Tue Dec 29, 2020 1:11 pm
Forum: General
Topic: Can't see my Mikrotik hAP ac in Winbox
Replies: 8
Views: 1921

Re: Can't see my Mikrotik hAP ac in Winbox

You might want to check how to perform a factory reset, @paul4:
https://wiki.mikrotik.com/wiki/Manual:Reset
by erlinden
Sun Dec 27, 2020 10:17 am
Forum: General
Topic: DHCP lease unsuccessful after upgrade to 6.48 [SOLVED]
Replies: 10
Views: 1044

Re: DHCP lease unsuccessful after upgrade to 5.48 [SOLVED]

I have configured my VLANs in a different way, I configured all VLANs on the bridge instead of on the interface:
viewtopic.php?t=143620
by erlinden
Sat Dec 26, 2020 10:07 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 69516

Re: v6.48 [stable] is released!

Yes, that's what should be set to none IMHO.
Look at first line, dh-group=modp4096 is used for dh in phase 1 and for PFS in phase 2.
Thanks, saved my day! Got it working!!
by erlinden
Sat Dec 26, 2020 5:35 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 69516

Re: v6.48 [stable] is released!

With IKEv2 the pfs group is inherited from phase 1, have a look at dh group in profiles. Perfect forward secret should be used even if set to none in proposals. Correct me if I am wrong, but I think you should set pfs-group to none in proposals on all devices for IKEv2. My current settings: /ip ips...
by erlinden
Fri Dec 25, 2020 10:59 am
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2705

Re: Inconsistent speed HAP AC2 vs HAP Lite

Make sure you are using local forwarding, not CAPsMAN forwarding. You will get the highest data rate with local forwarding. CAPsMAN forwarding involves tunneling all traffic back to the CAPsMAN which adds a lot of overhead. Local forwarding is a CAPsMAN setting, you'll find it in the "Datapath...
by erlinden
Thu Dec 24, 2020 9:00 pm
Forum: Beginner Basics
Topic: Changing internet provider
Replies: 3
Views: 456

Re: Changing internet provider

No, it does not depend...
Well, actually...

Perhaps you forgot the situation that the ISP requires a PPPoE configuration?
Or it requires VLAN configuration on the WAN side (in case of fiber)?
And there might be more situations that a change is required.
by erlinden
Thu Dec 24, 2020 4:05 pm
Forum: Beginner Basics
Topic: Changing internet provider
Replies: 3
Views: 456

Re: Changing internet provider

It depends... What medium (cable/xDSL/Fibre), current and future? Do you have any other hardware involved on being able to connect to the Internet (like a modem)? If so, what modem do you currently have (from your current provider)? What modem will you get from your new provider? How is the router c...
by erlinden
Thu Dec 24, 2020 3:54 pm
Forum: Beginner Basics
Topic: Upgrade via a LAN port [SOLVED]
Replies: 4
Views: 571

Re: Upgrade via a LAN port [SOLVED]

THere are multiple ways to upgrade your device:
https://wiki.mikrotik.com/wiki/Manual:U ... g_RouterOS
by erlinden
Thu Dec 24, 2020 12:37 pm
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2705

Re: Inconsistent speed HAP AC2 vs HAP Lite

What speed is the client connected on both CAP's?
by erlinden
Wed Dec 23, 2020 10:03 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 69516

Re: v6.48 [stable] is released!

I see the following error in the log (every 30 min): IPsec-SA expired before finishing rekey Haven't seen this issue in the current LTS and the 6.47.x releases. Found this answer in the topic, hope it helps: https://forum.mikrotik.com/viewtopic.php?f=2&t=159536&p=783686&hilit=IPsec+SA+ex...
by erlinden
Wed Dec 23, 2020 1:22 pm
Forum: RouterBOARD hardware
Topic: seek help
Replies: 5
Views: 525

Re: seek help

What is the current state of the RB?
Is the device running?

Are you aware of using Netinstall (as last resort)?
https://wiki.mikrotik.com/wiki/Manual:Netinstall
by erlinden
Wed Dec 23, 2020 12:21 pm
Forum: RouterBOARD hardware
Topic: seek help
Replies: 5
Views: 525

Re: seek help

If you run into problems, you might want:
  1. export your configuration (/export file=anythingyoulike)
  2. Save file to local computer
  3. Reset RB to defaults
  4. Upgrade
  5. upload config file
  6. import your configuration (/import file=anythingyoulike)
Do you get any errors (check in the log)?
by erlinden
Tue Dec 22, 2020 9:32 am
Forum: General
Topic: RB3011UIAS-RM: how to make it tag VLANs?
Replies: 5
Views: 602

Re: RB3011UIAS-RM: how to make it tag VLANs?

Please read this tutorial carefully...it helped me a lot understanding VLAN:
viewtopic.php?t=143620
by erlinden
Tue Dec 22, 2020 9:10 am
Forum: Beginner Basics
Topic: Server access through firewall
Replies: 6
Views: 574

Re: Server access through firewall

Can you please post your complete firewall configuration (/ip firewall export)?
by erlinden
Tue Dec 22, 2020 8:44 am
Forum: Wireless Networking
Topic: Signal Range
Replies: 3
Views: 478

Re: Signal Range

It is the signal strength of the client, measured on the CAP.
Think here you can find some good (additional) information:
https://help.mikrotik.com/docs/display/ROS/CAPsMAN
by erlinden
Mon Dec 21, 2020 3:38 pm
Forum: General
Topic: Different DHCP ranges with Mikrotik with Cisco AiroNet [SOLVED]
Replies: 17
Views: 1293

Re: Different DHCP ranges with Mikrotik with Cisco AiroNet [SOLVED]

So...you want to configure the Cisco AiroNet? Can you please share your routers config (/export hide-sensitive file=anythingyoulike)?
On what port is the AiroNet connected? Assuming the AiroNet is wired connected to the router!?
by erlinden
Mon Dec 21, 2020 3:03 pm
Forum: Beginner Basics
Topic: Server name resolution over L2TP
Replies: 3
Views: 405

Re: Server name resolution over L2TP

What DNS server IP do clients get on the VPN?
by erlinden
Sun Dec 20, 2020 12:56 pm
Forum: The Dude
Topic: Hide delete icon in network maps
Replies: 5
Views: 692

Re: Hide delete icon in network maps

Is the map created by this user or by another user?
And, as I don't know anything about Dude, are there any Dude settings in regards to this?

And to be honest...not much time to upgrade, it is all about priorities. In my opinion, the problem your describing is of less importance.
by erlinden
Sun Dec 20, 2020 9:16 am
Forum: Wireless Networking
Topic: CAPsMan handling devices moving around a home
Replies: 3
Views: 530

Re: CAPsMan handling devices moving around a home

Instead of adding an additional cAP, you might want to consider introducing VLAN's. Where you can have a standard VLAN and an additional VPN VLAN. That would make any additional hardware (for this purpose) unnecessary. If you want to find out more about VLAN (I'm using it for guest network and IoT),...
by erlinden
Sun Dec 20, 2020 9:11 am
Forum: The Dude
Topic: Hide delete icon in network maps
Replies: 5
Views: 692

Re: Hide delete icon in network maps

Not a direct answer to your question...why are you still running this version? It is 2,5 years old and I'm pretty sure there are some vulnerabilities in this version.
by erlinden
Sun Dec 20, 2020 12:32 am
Forum: RouterBOARD hardware
Topic: New wapAC
Replies: 4
Views: 706

Re: New wapAC

Disadvantage of the dual chain is that triple chain clients will perform less in comparison with the old wAP ac.
But in my opinion the improvements outweigh this drawback.
by erlinden
Sun Dec 20, 2020 12:27 am
Forum: Wireless Networking
Topic: Better home CAPsMAN setup?
Replies: 3
Views: 605

Re: Better home CAPsMAN setup?

A way to improve roaming experience is by lowering transmission power. To start with, set the 2G radios 7dB lower than 5G radios.
Next, extension channels (5G) can be better set to Ceee instead of XXXX because you have better control.
by erlinden
Fri Dec 18, 2020 11:07 pm
Forum: Beginner Basics
Topic: CAPsMAN or not? [SOLVED]
Replies: 2
Views: 396

Re: CAPsMAN or not? [SOLVED]

Central management, which is definitely an advantage. I switched from CAPsMAN to local configuration which is more stable in my experience. Big disadvantage of CAPsMAN is when rebooting the router (or other device that is running CAPsMAN) the entire wireless network drops. There seems to be an optio...
by erlinden
Fri Dec 18, 2020 9:58 am
Forum: General
Topic: TCP retransmissions & low performance while bridging
Replies: 5
Views: 709

Re: TCP retransmissions & low performance while bridging

I prefer (and I thought it was recommended) to use a single bridge with filters, see also this great tutorial:
viewtopic.php?t=143620

Not sure if it is completely related, but it is at least worth the try.
by erlinden
Wed Dec 16, 2020 9:27 am
Forum: Beginner Basics
Topic: Trouble setting up port forwarding
Replies: 14
Views: 1206

Re: Trouble setting up port forwarding

Do you see any hits on the rule? Are port forwards supported by your ISP (especially because of the two IP addresses)?
In addition, you might want to test without the dst-address.
by erlinden
Wed Dec 16, 2020 9:06 am
Forum: Beginner Basics
Topic: Trouble setting up port forwarding
Replies: 14
Views: 1206

Re: Trouble setting up port forwarding

My rule looks like this: add action=dst-nat chain=dstnat dst-port=[public port] in-interface-list=WAN protocol=tcp src-address=[public IP] to-addresses=[private IP] to-ports=[private port] [public port]: the port that the remote computer will connect to [public IP]: the public IP address that is all...
by erlinden
Tue Dec 15, 2020 12:07 pm
Forum: General
Topic: Mikrotik Vlan configuration - recommended config
Replies: 6
Views: 468

Re: Mikrotik Vlan configuration - recommended config

That is the correct approach. Please this (really good) tutorial on VLAN's:
viewtopic.php?t=143620
by erlinden
Tue Dec 15, 2020 10:15 am
Forum: Beginner Basics
Topic: setting up router with two AP
Replies: 7
Views: 550

Re: setting up router with two AP

I’ve got it running and both seem to be transmitting ok but will the wireless device automatically switch to the strongest signal? Depending on the threshold of the device, the device will search for the strongest signal. To prevent that it will connect to the 2.4G radio, make sure it's transmissio...
by erlinden
Tue Dec 15, 2020 8:47 am
Forum: Wireless Networking
Topic: slow wifi speed via 5Ghz - RBcAPGi-5acD2nD
Replies: 3
Views: 546

Re: slow wifi speed via 5Ghz - RBcAPGi-5acD2nD

The 866Mbps is the maximum connection speed that a client can get. In the wireless registration tab you can see the speed of the connection (together with some more information). At what speed is your client connected? There is also some tweaking to do on the settings: Use fixed channel (and be awar...
by erlinden
Fri Dec 11, 2020 12:48 pm
Forum: RouterBOARD hardware
Topic: RB3011 took hit from the storm [SOLVED]
Replies: 4
Views: 1015

Re: RB3011 took hit from the storm [SOLVED]

It would really surprise me if, by replacing the chip, the Routerboard will work again. But always good to give it a try!
by erlinden
Fri Dec 11, 2020 10:43 am
Forum: RouterBOARD hardware
Topic: 10 second reset does not put CapAC into CAP mode!!
Replies: 7
Views: 1213

Re: 10 second reset does not put CapAC into CAP mode!!

Alternatively you can Reset Configuration and choose CAPS Mode from there.
by erlinden
Fri Dec 11, 2020 10:41 am
Forum: Wireless Networking
Topic: CAPsMAN and local AP settings
Replies: 13
Views: 1715

Re: CAPsMAN and local AP settings

Good question and as far as I know only CAPsMAN settings are used for the CAP's. Meaning there are some settings missing...
by erlinden
Thu Dec 10, 2020 5:32 pm
Forum: General
Topic: Vlan Tagging not working (/interface bridge vlan) [SOLVED]
Replies: 3
Views: 740

Re: Vlan Tagging not working (/interface bridge vlan) [SOLVED]

VLAN1 is default vlan and therefor should not be used.
For more information on VLAN's, please read this topic: viewtopic.php?t=143620
by erlinden
Thu Dec 10, 2020 10:58 am
Forum: Beginner Basics
Topic: on premise website as https
Replies: 7
Views: 637

Re: on premise website as https

would it be possible that all infos i entern to the website will be encrypted or secure? even if its internal? that's why I'm asking how to make my internal website use https There is no difference between internally hosted and externally hosted websites when it comes to encryption. What webserver ...
by erlinden
Thu Dec 10, 2020 10:28 am
Forum: Beginner Basics
Topic: on premise website as https
Replies: 7
Views: 637

Re: on premise website as https

I prefer to have all my internal run services resolved to the internal (private) IP address. Let's assume: your server has IP 192.168.88.2 your website is called www.clydie.local All you have to do is: run a DNS server (MikroTik is running it by default) have all clients resolve through this DNS ser...
by erlinden
Thu Dec 10, 2020 9:36 am
Forum: Beginner Basics
Topic: on premise website as https
Replies: 7
Views: 637

Re: on premise website as https

HTTPS requires a certificate. A very good (and free) supplier is Let's Encrypt: https://letsencrypt.org/
Are you referring to a website you are hosting on a server? What is the relation with MikroTik?
by erlinden
Wed Dec 09, 2020 10:27 am
Forum: Beginner Basics
Topic: Slow LAN transfer speeds through RB4011. [SOLVED]
Replies: 5
Views: 543

Re: Slow LAN transfer speeds through RB4011. [SOLVED]

I would start by testing network speed with iPerf.
by erlinden
Tue Dec 08, 2020 6:30 pm
Forum: General
Topic: Block access to specific IPs
Replies: 3
Views: 441

Re: Block access to specific IPs

InterVLAN traffic is possible by default. You have to add firewall rules to block any inter VLAN traffic.
Something like:
add action=drop chain=forward comment="Block intervlan traffic" in-interface=VLAN1 out-interface-list=VLAN2
by erlinden
Tue Dec 08, 2020 10:48 am
Forum: Beginner Basics
Topic: L2PT server won't work - Local clients won't connect
Replies: 4
Views: 483

Re: L2PT server won't work - Local clients won't connect

Could be DNS related, how is the domain name translated? And did you (in case of public IP address) configure NAT loopback?
by erlinden
Mon Dec 07, 2020 5:34 pm
Forum: Beginner Basics
Topic: Mikrotik DHCP server is assigning multiply IP addresses for the same MAC address. Why it happens?
Replies: 5
Views: 598

Re: Mikrotik DHCP server is assigning multiply IP addresses for the same MAC address. Why it happens?

Virtualization would be my best guess.
But...why Windows 7? This OS is really outdated.
by erlinden
Mon Dec 07, 2020 12:59 pm
Forum: General
Topic: What is main differences between stable and long-term? [SOLVED]
Replies: 9
Views: 14528

Re: What is main differences between stable and long-term? [SOLVED]

Currently I have 6.47.8 Stable and I want ro know if I can change to 6.46.8 Long term directly from Winbox without loose my configuration. It is safe ? it is a good ideea ? Or should I remain on Stable? Why? Really...why? You can export to a configuration file that will contain near all configurati...
by erlinden
Sun Dec 06, 2020 11:41 am
Forum: Beginner Basics
Topic: travel router
Replies: 14
Views: 1608

Re: travel router

I think this blog post is a great example to start with: https://www.justinho.com/blog/2017/07/15/hap-ac-lite.html It can perform, just as any other Routerboard, everything you require. Just don't expect too much of it performance wise. To help you a bit further, can you please share your current co...
by erlinden
Fri Dec 04, 2020 2:44 pm
Forum: General
Topic: Problem with admin password
Replies: 2
Views: 314

Re: Problem with admin password

Reset the device and reconfigure it (or import from configuration backup).
by erlinden
Fri Dec 04, 2020 1:35 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

Isn't it also the only way to reduce TX Power? By specifying a higher antenna gain? Yes, there are situations where you might want to lower TX Power.
No, it is not. In advanced mode on your wireless interface you can specify TX Power. No need (anymore) to use the gain setting.
by erlinden
Fri Dec 04, 2020 9:49 am
Forum: General
Topic: Vlan Interface Drops?
Replies: 2
Views: 302

Re: Vlan Interface Drops?

Can you please share your configuration: /export hide-sensitive file=anythingyoulike
How do you do VLAN filtering?
by erlinden
Fri Dec 04, 2020 9:20 am
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

Why?
I assume because 1) most Mikrotik devices have fixed antennas (with corresponding gain) and 2) it is no longer required for "tx power abuse", as tx power can be set manually.
by erlinden
Thu Dec 03, 2020 11:42 am
Forum: Beginner Basics
Topic: Help to define 2x cAP AC to achieve WiFi bridge + WiFi distribution [SOLVED]
Replies: 14
Views: 914

Re: Help to define 2x cAP AC to achieve WiFi bridge + WiFi distribution [SOLVED]

I used this blogpost to configure my travel router. I think it will answer all of your questions on the "wireless bridge" site:
https://www.justinho.com/blog/2017/07/1 ... -lite.html
by erlinden
Wed Dec 02, 2020 6:11 pm
Forum: General
Topic: segmenting with VLAN's
Replies: 4
Views: 288

Re: segmenting with VLAN's

Fairly simple:

- trunk ports should be tagged
- accessports should be untagged *)

It is not necessary to mark untagged explicitly as they are dynamically added (configured by the pvid in /interface bridge port).

Please also read this post carefully: viewtopic.php?t=143620
by erlinden
Wed Dec 02, 2020 12:30 pm
Forum: General
Topic: MY Windows Show Primary DNS Problem
Replies: 2
Views: 294

Re: MY Windows Show Primary DNS Problem

Can you please share:
  • your ipconfig /all output
  • your config: /export hide-sensitive file=anythingyoulike
by erlinden
Tue Dec 01, 2020 10:06 am
Forum: Beginner Basics
Topic: Can not ping 8.8.8.8 from VLAN. no internet. New to Vlan's Help
Replies: 13
Views: 1117

Re: Can not ping 8.8.8.8 from VLAN. no internet. New to Vlan's Help

I thought that the pvid on the bridge could be left set to 1, not sure if it is of any influence?
Could you please add <code></code> tags (with square brackets) to make your config more readable?

Are you familiar with this topic:
viewtopic.php?t=143620
by erlinden
Mon Nov 30, 2020 6:37 pm
Forum: General
Topic: decrease TX-Power
Replies: 13
Views: 8246

Re: decrease TX-Power

I added channels with the corresponding TX Power setting. Might be a bit hard in a big environment, but for my three accesspoints it works great!
/caps-man channel
by erlinden
Thu Nov 26, 2020 5:32 pm
Forum: Wireless Networking
Topic: CAPsMan on RB4011 + CAP AC
Replies: 15
Views: 2383

Re: CAPsMan on RB4011 + CAP AC

In case of a single unit the central management purpose is a bit contradicting. It is introducing some overhead, I think (my opinion) when you have over 2 CAPS-es it makes sense to use CAPsMAN.
by erlinden
Thu Nov 26, 2020 12:04 pm
Forum: Announcements
Topic: v6.47.8 [stable] is released!
Replies: 56
Views: 14242

Re: v6.47.8 [stable] is released!

Upgrade went smooth...really interested in the "arm - improved system stability"!
by erlinden
Wed Nov 25, 2020 1:47 pm
Forum: Beginner Basics
Topic: No way to get safe wpa wireless working on hapac2 [SOLVED]
Replies: 10
Views: 796

Re: No way to get safe wpa wireless working on hapac2 [SOLVED]

Very strange, are you sure about the key?
Could you please post /export hide-sensitive file=anythingyoulike?
by erlinden
Wed Nov 25, 2020 1:15 pm
Forum: Beginner Basics
Topic: No way to get safe wpa wireless working on hapac2 [SOLVED]
Replies: 10
Views: 796

Re: No way to get safe wpa wireless working on hapac2 [SOLVED]

I would:
  • only use WPA2
  • set channel manually
  • only use Ceee as channel width
  • set country
  • upgrade firmware
  • never ever use quick set
by erlinden
Wed Nov 25, 2020 10:11 am
Forum: Wireless Networking
Topic: EAP245 + hAP ac^2
Replies: 4
Views: 552

Re: EAP245 + hAP ac^2

I always choose channels manually. Don't like auto...
by erlinden
Wed Nov 25, 2020 9:50 am
Forum: Wireless Networking
Topic: EAP245 + hAP ac^2
Replies: 4
Views: 552

Re: EAP245 + hAP ac^2

Besides SSID and password, you have to make sure that encryption is identical (WA+PA2/AES only).
Channels should never overlap. And make sure that tx power is optimized.
by erlinden
Mon Nov 23, 2020 11:24 am
Forum: Wireless Networking
Topic: CAPSMAN issue (cAP ac & CRS326-24G-2S+) - wlan interfaces not coming up
Replies: 11
Views: 704

Re: CAPSMAN issue (cAP ac & CRS326-24G-2S+) - wlan interfaces not coming up

Can you please share your /caps-man export hide-sensitive?
Are you using DFS channels? That could explain why not all radios are up.
by erlinden
Sun Nov 22, 2020 2:49 pm
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 857

Re: Problems getting VLANs between two Mikrotik devices

Your trunk port (the one between the Audience and the cAP ac) should be a trunk port. Therefor, on /interface bridge port this port should be be marked on the bridge with default pvid 1 and VLAN tagged only). Same on the trunk port of the cAP ac. Please check again the samples I provided. On /interf...
by erlinden
Sun Nov 22, 2020 2:32 pm
Forum: General
Topic: decrease TX-Power
Replies: 13
Views: 8246

Re: decrease TX-Power

Proper way to set TX power is by setting TX power ;-)

On the WLAN interface, enable 'advanced mode' and select the Tx Power tab. Here you can set the Tx Power Mode and corresponding power.
Don't forget to configure country code first.
by erlinden
Sat Nov 21, 2020 12:05 pm
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 857

Re: Problems getting VLANs between two Mikrotik devices

Your wish... /interface bridge add name=bridge-LAN protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] name=ether1-wan set [ find default-name=ether2 ] name=ether2-nas set [ find default-name=ether3 ] name=ether3-solar set [ find default-name=ether5 ] name=ethe...
by erlinden
Sat Nov 21, 2020 11:33 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 857

Re: Problems getting VLANs between two Mikrotik devices

I spent an hour reading this and still got nowhere. I know how VLANs work, I just dont know how to implement in routerOS. To summarize your wishes: You want to have a trunk between the two devices You want to separate your network into 3 VLAN's (and perhaps an additional management lan?) Here is a ...
by erlinden
Sat Nov 21, 2020 10:29 am
Forum: Wireless Networking
Topic: Can't exceed 200mbps on WiFi cAP ac
Replies: 5
Views: 929

Re: Can't exceed 200mbps on WiFi cAP ac

In addition to your settings I also set things like rates and WMM spupport: set [ find default-name=wlan2 ] band=5ghz-a/n/ac basic-rates-a/g=12Mbps \ channel-width=20/40/80mhz-Ceee country=netherlands disabled=no frequency=\ 5500 mode=ap-bridge rate-set=configured security-profile=Profile \ ssid=MY-...
by erlinden
Sat Nov 21, 2020 10:14 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 857

Re: Problems getting VLANs between two Mikrotik devices

This topic taught me a lot about VLAN's on MikroTik devices:
viewtopic.php?t=143620