Community discussions

MikroTik App

Search found 842 matches

by erlinden
Fri Jul 09, 2021 9:11 am
Forum: Beginner Basics
Topic: L2TP/IPSEC
Replies: 2
Views: 323

Re: L2TP/IPSEC

Can you please share your config?
/export hide-sensitive file=anythingyoulike

I have no clue if the VPN service is prohibited to a single interface...
by erlinden
Wed Jul 07, 2021 4:47 pm
Forum: General
Topic: DHCP server Over VLAN and making two ports as access and trunk
Replies: 3
Views: 314

Re: DHCP server Over VLAN and making two ports as access and trunk

This tutorial will definitely help you:
viewtopic.php?f=23&t=143620

If you want specific help with your configuration, please share it:
/export hide-sensitive file=anynameyoulike
by erlinden
Wed Jul 07, 2021 11:06 am
Forum: Beginner Basics
Topic: AC2 VLANs - no DHCP address
Replies: 5
Views: 395

Re: AC2 VLANs - no DHCP address

In your config I can't see the tagged bridge (BR). You might want to leave this part out: # Ensure only visibility and availability from BASE_VLAN, the MGMT network /ip neighbor discovery-settings set discover-interface-list=BASE /tool mac-server mac-winbox set allowed-interface-list=BASE /tool mac-...
by erlinden
Wed Jul 07, 2021 10:03 am
Forum: Beginner Basics
Topic: AC2 VLANs - no DHCP address
Replies: 5
Views: 395

Re: AC2 VLANs - no DHCP address

Can you please post your current configuration (/export hide-sensitive file=anynameyoulike).
by erlinden
Tue Jul 06, 2021 9:01 am
Forum: Beginner Basics
Topic: hostname to ip:port
Replies: 3
Views: 376

Re: hostname to ip:port

Assuming that the URL is a website, you would have to forward port 80 and/or 443 (are you using certificate?) to internal IP 192.168.10.25 and port 5520, with TCP as protocol. Have a look at the wiki:
https://wiki.mikrotik.com/wiki/Manual:I ... forwarding
by erlinden
Mon Jul 05, 2021 3:03 pm
Forum: General
Topic: HAP AC3 Slow
Replies: 9
Views: 513

Re: HAP AC3 Slow

Strange...can you supply all relevant information:
  • ISP
  • modem
  • Any other network equipment
  • Testing method (preferably iperf)
  • testing client
Besides, have you checked the viewtopic.php?f=1&t=175369 topic for similar problems?
by erlinden
Mon Jul 05, 2021 2:06 pm
Forum: General
Topic: HAP AC3 Slow
Replies: 9
Views: 513

Re: HAP AC3 Slow

Tested through wire or wireless? If the latter, you should configure your wireless settings.
by erlinden
Mon Jul 05, 2021 1:24 pm
Forum: General
Topic: HAP AC3 Slow
Replies: 9
Views: 513

Re: HAP AC3 Slow

It helps when you add a question ;-)

Though Gigabit is really fast (not sure if the RB is capable of Gigabit routing), your RB should be able to handle more than 1M or 500KB.
Can you please share your config (/export hide-sensitive file=anynameyoulike)?
by erlinden
Wed Jun 30, 2021 8:38 am
Forum: Beginner Basics
Topic: How do I find the IP address of my WAP? [SOLVED]
Replies: 6
Views: 555

Re: How do I find the IP address of my WAP? [SOLVED]

My goal with the wide netmask is to be able to identify devices by IP address quickly.
Ehm...perhaps you can explain a bit more...?
by erlinden
Tue Jun 29, 2021 2:57 pm
Forum: Beginner Basics
Topic: Upnp stuck [SOLVED]
Replies: 13
Views: 841

Re: Upnp stuck [SOLVED]

UPnP opens ports and forwards them to the client. Theoretically all 65k ports might be publicly open on your router and mapped to any device running in your network. Network wide open. We don't have to agree on this, but be aware with what you advise.
by erlinden
Tue Jun 29, 2021 1:20 pm
Forum: Beginner Basics
Topic: Upnp stuck [SOLVED]
Replies: 13
Views: 841

Re: Upnp stuck [SOLVED]

UPnP is better because (if the program is well coded) use random ports changed everitime, instead using a static port everytime open is less secure... So you don't mind that any application (either being "well coded" or not) is allowed to open inbound ports? And you call that secure?? Ple...
by erlinden
Tue Jun 29, 2021 1:07 pm
Forum: Beginner Basics
Topic: Upnp stuck [SOLVED]
Replies: 13
Views: 841

Re: Upnp stuck [SOLVED]

Why don't you just forward ports? UPnP is pretty evil (at least from a security perspective).
by erlinden
Tue Jun 29, 2021 9:38 am
Forum: Beginner Basics
Topic: How do I find the IP address of my WAP? [SOLVED]
Replies: 6
Views: 555

Re: How do I find the IP address of my WAP? [SOLVED]

Would make sense that your Synology doesn't have a DHCP client if run in WAP modus. Did you connect the WAP through one of the LAN connectors? In that case...assign a fixed IP address to the WAP, outside of your DHCP scope (but within netmask) to be able to manage it. And have a look at your current...
by erlinden
Mon Jun 28, 2021 4:07 pm
Forum: Wireless Networking
Topic: 5GHz wifi disappeared after power loss...
Replies: 12
Views: 686

Re: 5GHz wifi disappeared after power loss...

Could be that it is still radar scanning, which can take up to 10 minutes before starting to work.
Can you please provide your wireless settings?

/interface wireless export hide-sensitive file=anynameyoulike
by erlinden
Fri Jun 25, 2021 11:43 am
Forum: Beginner Basics
Topic: Port Forwarding Not working
Replies: 11
Views: 794

Re: Port Forwarding Not working

Do you see the packet counter of this rule increasing?
Sure there is a SSH server listening on 10.0.0.2?

Could you export your firewall (/ip firewall export)?
by erlinden
Fri Jun 25, 2021 11:00 am
Forum: Beginner Basics
Topic: 2nd router can't read my firewall rule [SOLVED]
Replies: 5
Views: 728

Re: 2nd router can't read my firewall rule [SOLVED]

Why two routers?
Where is the config (/export hide-sensitive file=anynameyoulike)?
by erlinden
Fri Jun 25, 2021 10:59 am
Forum: Beginner Basics
Topic: Port Forwarding Not working
Replies: 11
Views: 794

Re: Port Forwarding Not working

You should be using the Action tab for selecting the destination:
add action=dst-nat chain=dstnat comment="SSH server" dst-address=159.54.54.54 dst-port=3999 protocol=tcp src-address=[fill in the allowed IP address] to-addresses=10.0.0.2 to-ports=22
by erlinden
Thu Jun 24, 2021 1:23 pm
Forum: General
Topic: IPsec site to site (fw rules)
Replies: 2
Views: 324

Re: IPsec site to site (fw rules)

Why running v6.47.4?

Just to be sure...this router should connect to the office router?
Is the connection established?
What communication is being dropped (from LAN to Office/from Office to LAN)?
by erlinden
Sun Jun 20, 2021 12:24 pm
Forum: General
Topic: hAP AC2 Wifi fault
Replies: 5
Views: 492

Re: hAP AC2 Wifi fault

30dbm output power on 2.4. Say what...? If this is really what you want to accomplish...might be time to hire someone with Wifi knowledge. Nowadays, you want: all clients on 5GHz (unless incapable) turn transmission power as low as possible (to get a decent coverage) configure correct antenna gain ...
by erlinden
Fri Jun 18, 2021 11:46 am
Forum: General
Topic: Cant Open Ports
Replies: 9
Views: 544

Re: Cant Open Ports

Can you please share your configuration?
/export hide-sensitive file=anynameyoulike
I have no Firewall Rules Configured.
Hopefully you mean no additional rules?
by erlinden
Tue Jun 15, 2021 1:09 pm
Forum: General
Topic: Intervlan RB4011
Replies: 5
Views: 528

Re: Intervlan RB4011

By default it should work. You would have to check your firewall for rules blocking intervlan communication. Perhaps you can share your configuration: /export hide-sensitive file=anynameyoulike Please have a look at this great VLAN tutorial (as well): https://forum.mikrotik.com/viewtopic.php?t=143620
by erlinden
Mon Jun 14, 2021 8:49 am
Forum: SwOS
Topic: CRS317-1G-16S+RM - VLAN creation required?
Replies: 4
Views: 899

Re: CRS317-1G-16S+RM - VLAN creation required?

From what I understand from your topic start, you have to create VLAN's. Maybe you can add a network diagram?
by erlinden
Thu Jun 10, 2021 4:39 pm
Forum: General
Topic: /ip firewall filter drop not dropping IP
Replies: 19
Views: 879

Re: /ip firewall filter drop not dropping IP

Lol, being worried about sharing a config and at the same time running SSH publicly.
by erlinden
Tue Jun 08, 2021 8:00 pm
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 589

Re: port forwarding restrictions

Even without an (complete) export, set the Src. Address (or a list if you have multiple IP addresses) on your NAT rule.
by erlinden
Tue Jun 08, 2021 1:19 pm
Forum: General
Topic: Can't enable both 2.4 and 5GHz with CAPS
Replies: 5
Views: 458

Re: Can't enable both 2.4 and 5GHz with CAPS

Did you configure the CAP manually to become a CAP?
Instead of using (tiny) screenshots, can you please post the /export of the CAP?

Regarding the parameters...that is correct. But...which one are you (really) missing?
by erlinden
Tue Jun 08, 2021 12:36 pm
Forum: Wireless Networking
Topic: HAP AC2 WIFI connection jittery/lagging Oculus Quest 2 Airlink
Replies: 6
Views: 1129

Re: HAP AC2 WIFI connection jittery/lagging Oculus Quest 2 Airlink

Could you please share your /wireless export?
You only have the 2.4GHz interface exported, while you mentioned the problems occur on the 5GHz band.
by erlinden
Wed Jun 02, 2021 3:30 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 144
Views: 18828

Re: v6.47.10 [long-term] is released!

Upgraded:
  • RB4011
  • RB960PGS
  • RB760iGS
  • cAP ac
Upgrade went smooth, everything is up and running.
by erlinden
Wed Jun 02, 2021 2:00 pm
Forum: General
Topic: Bridge not getting IP address.
Replies: 7
Views: 482

Re: Bridge not getting IP address.

Easiest steps to follow:

https://wiki.mikrotik.com/wiki/Manual:R ... set_button
(and follow "Enabling CAPs mode" description)
by erlinden
Wed Jun 02, 2021 10:34 am
Forum: RouterOS v7 BETA
Topic: Router switch Firewall
Replies: 2
Views: 675

Re: Router switch Firewall

Block all, except IP address and port number on the forward chain.

Are you really sure that is what you are trying to accomplish? Because with this rule all packages are dropped (except the exception).
by erlinden
Mon May 31, 2021 9:02 pm
Forum: General
Topic: WLAN SSIDs attached to VLANs
Replies: 17
Views: 1051

Re: WLAN SSIDs attached to VLANs

Please use this great tutorial on how to configure VLAN's with MikroTik:
viewtopic.php?t=143620
by erlinden
Sat May 29, 2021 7:50 pm
Forum: Wireless Networking
Topic: RB4011 WIFI + Audience
Replies: 6
Views: 958

Re: RB4011 WIFI + Audience

Though CAPsMAN is a great solution, in my opinion it only benefits from an environment with more than 2 wireless devices. Besides the fact that running standalone provides more settings (lol, even more I should have said). Without CAPsMAN you can have perfect roaming as well. If you want roaming to ...
by erlinden
Fri May 28, 2021 1:27 pm
Forum: Wireless Networking
Topic: CAPS + Windows 10 clients
Replies: 2
Views: 611

Re: CAPS + Windows 10 clients

In my opinion it makes no sense to have a single standalone CAP besides the CAPsMAN managed CAPs.
Still...it should work if SSID and security is identical. Can you share both the wireless config of the standalone CAP and the export of CAPsMAN?
by erlinden
Wed May 26, 2021 5:32 pm
Forum: Beginner Basics
Topic: NAT/PortForward - server to also be accessible from within the LAN
Replies: 11
Views: 613

Re: NAT/PortForward - server to also be accessible from within the LAN

Instead of hairpin NAT (which is just fine), why not have this resolved by DNS.
Funny...this is my first English pun!
by erlinden
Wed May 26, 2021 5:27 pm
Forum: RouterOS v7 BETA
Topic: L2TP/IPSec crashes RB4011
Replies: 5
Views: 798

Re: L2TP/IPSec crashes RB4011

I already did, but this forum section is also specifically to report issues with v7.
Sorry, I always use "ACTIVE TOPICS", hence the misunderstanding. Hope support can help you, have you already created a support file?
https://wiki.mikrotik.com/wiki/Manual:S ... utput_File
by erlinden
Wed May 26, 2021 5:07 pm
Forum: RouterOS v7 BETA
Topic: L2TP/IPSec crashes RB4011
Replies: 5
Views: 798

Re: L2TP/IPSec crashes RB4011

You might better post this in the version specific topic:
viewtopic.php?f=1&t=175369
by erlinden
Wed May 26, 2021 4:11 pm
Forum: RouterOS v7 BETA
Topic: L2TP/IPSec crashes RB4011
Replies: 5
Views: 798

Re: L2TP/IPSec crashes RB4011

Just to confirm: on a "loadtest" using VPN your RB4011 reboots?

Perhaps you can share your configuration to have a better understanding of your environment?
/export hide-sensitive file=anythingyoulike
by erlinden
Tue May 25, 2021 4:31 pm
Forum: General
Topic: How to get a persistent site-to-site tunnel? (IPSEC drops connections)
Replies: 6
Views: 614

Re: How to get a persistent site-to-site tunnel? (IPSEC drops connections)

Could you provide:

- logging (filtered by IPSEC)
- /export hide-sensitive file=anynameyoulike

The latter for both routers
by erlinden
Sat May 22, 2021 7:20 pm
Forum: RouterOS v7 BETA
Topic: RB3011 memory leak and random crash
Replies: 5
Views: 798

Re: RB3011 memory leak and random crash

Would really like to see some relevant information:
  • RouterOS version
  • Firmware version
  • Configuration (/export hide-sensitive file=nynameyoulike)
by erlinden
Fri May 21, 2021 12:58 pm
Forum: Beginner Basics
Topic: Need to do Port Forwarding to make server accessible over the internet
Replies: 11
Views: 690

Re: Need to do Port Forwarding to make server accessible over the internet

add action=dst-nat chain=dstnat dst-address-list="" dst-port=5240 protocol=tcp \ to-addresses=10.0.0.31 to-ports=5240 add action=dst-nat chain=dstnat dst-address-list="" dst-port=22 protocol=tcp \ src-address-list="" to-addresses=10.0.0.31 to-ports=22 You are missing t...
by erlinden
Thu May 20, 2021 6:03 pm
Forum: Beginner Basics
Topic: allow icmp to routers gw
Replies: 9
Views: 620

Re: allow icmp to routers gw

So you want to block all ICMP messages except the gateway IP address (on the forward chain)?
by erlinden
Thu May 20, 2021 12:22 pm
Forum: Wireless Networking
Topic: CAPsMAN separate VLAN for Ethernet port [SOLVED]
Replies: 2
Views: 956

Re: CAPsMAN separate VLAN for Ethernet port [SOLVED]

I always configured it manually on the CAP itself. Think there is no option on CAPsMAN.
by erlinden
Tue May 18, 2021 5:52 pm
Forum: Beginner Basics
Topic: How safe is l2tp/ipsec VPN set on MikroTik by a noob?
Replies: 6
Views: 641

Re: How safe is l2tp/ipsec VPN set on MikroTik by a noob?

Would just use LT2P over IPSEC, that will do just fine.
by erlinden
Tue May 18, 2021 2:41 pm
Forum: Beginner Basics
Topic: How safe is l2tp/ipsec VPN set on MikroTik by a noob?
Replies: 6
Views: 641

Re: How safe is l2tp/ipsec VPN set on MikroTik by a noob?

I would be worried about the fact that besides L2TP over IPSEC, you are also hosting PPTP. I would disable the latter, that will safe you a lot of logmessages.
by erlinden
Sun May 16, 2021 1:45 pm
Forum: Wireless Networking
Topic: More power better unit for use case [SOLVED]
Replies: 2
Views: 660

Re: More power better unit for use case [SOLVED]

Your use case should be reconsidered...it is always the client that is limiting
by erlinden
Fri May 14, 2021 11:37 pm
Forum: General
Topic: DFS is making me nuts
Replies: 4
Views: 547

Re: DFS is making me nuts

What RouterOS version (and firmware version) are you running?
Can't you select a non DFS channel?
by erlinden
Fri May 14, 2021 9:53 am
Forum: RouterOS v7 BETA
Topic: L2TP/IPsec crashes with Android 11 client
Replies: 2
Views: 833

Re: L2TP/IPsec crashes with Android 11 client

Think support will be really interested in your supout file:
https://help.mikrotik.com/docs/display/ROS/Supout.rif
by erlinden
Thu May 13, 2021 3:59 pm
Forum: Wireless Networking
Topic: DHCP all zeros 00:00:00:00:00:00 on MAC address
Replies: 7
Views: 2386

Re: DHCP all zeros 00:00:00:00:00:00 on MAC address

Besides SSID, do both accesspoints have identical security settings?
by erlinden
Thu May 13, 2021 3:57 pm
Forum: Beginner Basics
Topic: Problems with streaming media over local network after moving to hAp ac2
Replies: 7
Views: 791

Re: Problems with streaming media over local network after moving to hAp ac2

If your laptop also has an ethernet adapter, are the problems still there while using it? Does things improve if the laptop is connected to the 5G radio? Can you set all wireless settings to default and only choose: 2.4GHz - TX Power 9 (at least a lot lower) - fixed channel - n only 5GHz - TX Power ...
by erlinden
Fri May 07, 2021 10:44 pm
Forum: Wireless Networking
Topic: Slow speed with Cap AC
Replies: 30
Views: 2972

Re: Slow speed with Cap AC

You missed the extensionchannel (to get an up to 80MHz bandwidth). Does the speed show connection speed, or is it real live speed tests? In the end...don't expect (much) more than your current speeds from this accesspoint. I used to use one and in the end switched to another brand (also because Wifi...
by erlinden
Fri May 07, 2021 1:51 pm
Forum: General
Topic: rb4011 vlan filtering and dhcp issues [SOLVED]
Replies: 8
Views: 930

Re: rb4011 vlan filtering and dhcp issues [SOLVED]

You are welcome...DHCP server can be bound to the VLAN interface as you already did.
by erlinden
Fri May 07, 2021 1:19 pm
Forum: General
Topic: rb4011 vlan filtering and dhcp issues [SOLVED]
Replies: 8
Views: 930

Re: rb4011 vlan filtering and dhcp issues [SOLVED]

If you want to have accessports (or hybrid ports) you have to set the vlan id on the bridge port while the trunk port should be left to default (with admit-only-vlan-tagged): trunk: /interface bridge port add bridge=bridge-LAN frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether9...
by erlinden
Thu May 06, 2021 12:22 pm
Forum: Wireless Networking
Topic: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]
Replies: 11
Views: 992

Re: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]

sad to say but omitting the channel did not help...
Do you mean on both radio's or on the 5G radio?
In case of the latter, just copy the working configs.

You might want to update your /caps-man export (or add a new one)
by erlinden
Thu May 06, 2021 10:53 am
Forum: Wireless Networking
Topic: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]
Replies: 11
Views: 992

Re: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]

Only select a channel on a master, on any slave you can leave channel empty (as it is already defined on the master). Per accesspoint per radio you can have only one channel selected (from a list).
by erlinden
Thu May 06, 2021 8:48 am
Forum: Wireless Networking
Topic: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]
Replies: 11
Views: 992

Re: CAPSMAN and MULTIPLE VLANs are working but I can only see 1 ssid [SOLVED]

First thing I see is that you are trying to assign a different channel to a slave config. That might be the issue as there is only one radio to be configured (on the master configuration). Can you try to remove anything radio-wise on the slave configs?
by erlinden
Wed May 05, 2021 4:20 pm
Forum: General
Topic: Guest VLAN issues
Replies: 8
Views: 522

Re: Guest VLAN issues

I prefer not to use VLAN 1 in a multi VLAN network. You might want to consider changing that in accordance to this great tutorial:
viewtopic.php?t=143620
by erlinden
Wed May 05, 2021 3:05 pm
Forum: Beginner Basics
Topic: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)
Replies: 7
Views: 713

Re: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)

At least this is a bit worrying:
tx-power=40
Gladly the radios are limited in transmission power, either set them to auto (for testing purposes) or 20 at most.

My best guess would be the configuration part...it looks a bit messy
by erlinden
Tue May 04, 2021 3:29 pm
Forum: Wireless Networking
Topic: Bad CAPsMAN on RB2011UiAS v. 6.47.9
Replies: 2
Views: 513

Re: Bad CAPsMAN on RB2011UiAS v. 6.47.9

I would complain for the network being 2.4GHz only. As that band is completely saturated (depending on the location and wireless networks and other sources of interference). Looking forward to the export (as well).
by erlinden
Tue May 04, 2021 3:25 pm
Forum: Beginner Basics
Topic: Problem with PPTP/L2TP clients pinging internal hosts.
Replies: 4
Views: 476

Re: Problem with PPTP/L2TP clients pinging internal hosts.

A config would be more than welcome, you can create it with: /export hide-sensitive file=anynameyoulike
by erlinden
Mon May 03, 2021 6:21 pm
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 1131

Re: VPN L2TP/IPSEC RouterOS 6.11

I can make a vpn pptp, but I really don't want to get to that point. I would, assuming this is a temporary situation, use this in combination with address list filter (allowing only listed IP addresses). Are you sure the router isn't compromised? How are you doing remote (or do you have access?) ma...
by erlinden
Mon May 03, 2021 5:44 pm
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 1131

Re: VPN L2TP/IPSEC RouterOS 6.11

Get rid of the vendor, though they are correct any company not prioritizing security should be left behind. In regards to the error, please have a look at my (working) configuration: /ip ipsec profile add dh-group=modp4096 enc-algorithm=aes-256,aes-128 hash-algorithm=sha512 name=\ secure-profile /ip...
by erlinden
Mon May 03, 2021 3:32 pm
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 1131

Re: VPN L2TP/IPSEC RouterOS 6.11

I wasn't aware that there was a version 6.11...why haven't you upgrade it to at least LTS (6.47.9 at this moment)? For anyone else who wants to know...6.11 was released in March 2014 (and has been cracked a lot). What does /interface l2tp-server export show (not interested in your password)? [Update...
by erlinden
Sun May 02, 2021 1:55 pm
Forum: Wireless Networking
Topic: Wifi between concrete walls
Replies: 10
Views: 1407

Re: Wifi between concrete walls


Mixed solution? Wireless bridge across road and utp cable from road to first client in garage?
Unfortunately only wifi is an option :(
Gladly a wireless bridge is...wireless.

I agree, you really want to use a point to point connection with line of sight.
What are the requirements?
by erlinden
Thu Apr 29, 2021 1:35 pm
Forum: Beginner Basics
Topic: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)
Replies: 7
Views: 713

Re: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)

Can you please share your config:
/caps-man export hide-sensitive
by erlinden
Thu Apr 29, 2021 1:10 pm
Forum: General
Topic: DDNS Port Forwarding RouterOS ver 6.48.1 not working [SOLVED]
Replies: 7
Views: 609

Re: Port Forwarding ver 6.48.1 [SOLVED]

Are you really really really sure you want your alarm directly available through the Internet!?
Can you connect/test on the LAN?
What is the exact problem you are running into?

Instead of using ether1, shouldn't you be using the pppoe interface for the forward?
by erlinden
Thu Apr 29, 2021 11:57 am
Forum: Beginner Basics
Topic: Internet low speed
Replies: 15
Views: 876

Re: Internet low speed

Though a great device, I think your RB is not up for these speeds:
https://mikrotik.com/product/RB751G-2Hn ... estresults
by erlinden
Mon Apr 26, 2021 5:03 pm
Forum: Beginner Basics
Topic: Mikrotik rebooted without any reason
Replies: 5
Views: 644

Re: Mikrotik rebooted without any reason

If you don't persist your logging...you can't.
by erlinden
Thu Apr 22, 2021 9:03 pm
Forum: General
Topic: Ookla Speed Test with RB750gr3 [SOLVED]
Replies: 6
Views: 809

Re: Ookla Speed Test with RB750gr3 [SOLVED]

Make sure that you use the same RouterOS version (and consider using LTS instead of stable).
To compare please post configs from both devices (/export hide-sensitive file=anynameyoulike)
by erlinden
Thu Apr 22, 2021 9:00 pm
Forum: Beginner Basics
Topic: Configuration Restore from RB3011 to RB4011
Replies: 6
Views: 1058

Re: Configuration Restore from RB3011 to RB4011

Instead of pasting, just copy the exported config file on the RB4011 device and perform:

/import file=thenameoftheconfigfile
by erlinden
Thu Apr 22, 2021 8:30 pm
Forum: General
Topic: Drop in bandwidth speed problem
Replies: 2
Views: 264

Re: Drop in bandwidth speed problem

Yes, there is 'a' setting.

Can you please share your configuration so we can find out what setting:
/export hide-sensitive file=anynameyoulike

The Routerboard should be able to handle this speed easily.
by erlinden
Thu Apr 22, 2021 11:45 am
Forum: Wireless Networking
Topic: Wireless disconnection after updating to routeros 6.48.2
Replies: 4
Views: 675

Re: Wireless disconnection after updating to routeros 6.48.2

There are some improvements that can be made on wireless:
  • Set country code (you might have to remove antenna gain before being able to)
  • Use fixed channels
  • Use 20MHz bandwidth on 2.4GHz channel
  • Don't use legacy (802.11a and 802.11b) if not necessary
These settings should improve your wireless.
by erlinden
Thu Apr 22, 2021 9:55 am
Forum: Wireless Networking
Topic: Wireless disconnection after updating to routeros 6.48.2
Replies: 4
Views: 675

Re: Wireless disconnection after updating to routeros 6.48.2

Can you share your configuration:
/export hide-sensitive file=anynameyoulike

While you are at it, you might want to upgrade firmware.
by erlinden
Sun Apr 18, 2021 8:10 pm
Forum: General
Topic: RB2011UiAS-RM VS Custom x86
Replies: 5
Views: 488

Re: RB2011UiAS-RM VS Custom x86

What are your requirements? As the RB2011 is...like...really really old, why not consider the hEX S:
https://mikrotik.com/product/hex_s
by erlinden
Sun Apr 18, 2021 7:21 pm
Forum: Beginner Basics
Topic: VPN gateway of client
Replies: 5
Views: 458

Re: VPN gateway of client

The term you are searching for is called Split Tunneling.
by erlinden
Fri Apr 16, 2021 9:08 pm
Forum: Wireless Networking
Topic: wireless, problem, android
Replies: 16
Views: 1366

Re: wireless, problem, android

Try it with Tkip instead of AES. Some Xiaomi models have the same problem, solved by switching to Tkip.
Though connection wise a good advice...I would never ever use TKIP.
by erlinden
Fri Apr 16, 2021 9:05 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47095

Re: v7.1beta5 [development] is released!

Would be thankful if support could comment if any fix is coming for 2.4ghz radios. My audience 2.4ghz radio is sometimes crashing multiple times a day, with random devices unable to join again and needing restarting. Use 20MHz bandwidth (unless there are no interference sources at all) and only WPA...
by erlinden
Fri Apr 16, 2021 11:33 am
Forum: Wireless Networking
Topic: wireless, problem, android
Replies: 16
Views: 1366

Re: wireless, problem, android

Then the only thing I can think of is interference...is Wifi crowded/saturated?
by erlinden
Fri Apr 16, 2021 10:56 am
Forum: Wireless Networking
Topic: 5GHz -not visible
Replies: 4
Views: 549

Re: 5GHz -not visible

Thats perfectly ok - but it would be nice if it said this on the package... "connect and wait 8 minutes for all services to start..".
Sure this isn't caused by the regulations on the DFS channels to scan for 10 minutes?
by erlinden
Fri Apr 16, 2021 10:54 am
Forum: Wireless Networking
Topic: wireless, problem, android
Replies: 16
Views: 1366

Re: wireless, problem, android

Configure it completely: fixed channel (choose wise from 1, 6 or 11 for 2.4GHz band) WAP2-AES (only) 20MHz bandwidth on 2.4GHz Disable any legacy like 802.11a/b After configuring these settings, forget the network on your mobile device and add it. What RouterOS and firmware version are you running?
by erlinden
Wed Apr 14, 2021 12:19 pm
Forum: General
Topic: no access out of firewall
Replies: 11
Views: 741

Re: no access out of firewall

what part of config ?
To be sure it covers it all...everything:
/export hide-sensitive file=anynameyoulike

You can remove MAC addresses manually
by erlinden
Tue Apr 13, 2021 2:20 pm
Forum: Wireless Networking
Topic: hAP AC + capsman performance
Replies: 12
Views: 1557

Re: hAP AC + capsman performance

Can you share: /wireless export hide-sensitive file=anynameyoulike
by erlinden
Tue Apr 13, 2021 10:05 am
Forum: RouterBOARD hardware
Topic: CRS309
Replies: 6
Views: 1319

Re: CRS309

I think single stream is limited, you might want to test with multiple streams:

iperf -c 192.168.9.21 -P 5
by erlinden
Fri Apr 09, 2021 10:47 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 77
Views: 24552

Re: v6.47.9 [long-term] is released!

It does on my hEX S, @yreks. Are you using the default power adapter? I thought it was either 24V or 48V (where I'm using an 48V adapter. Not sure if that is related.
by erlinden
Fri Apr 09, 2021 2:03 pm
Forum: General
Topic: ac2 vs ac3 wifi not over 200Mb
Replies: 13
Views: 1294

Re: ac2 vs ac3 wifi not over 200Mb

Can you please share your config (and only use WPA2 AES, nothing else)?
Did you test with one client connected through cable and the other client wireless connected?
What are the client specs?
by erlinden
Wed Apr 07, 2021 9:49 am
Forum: Wireless Networking
Topic: CAPSMan went to hell
Replies: 3
Views: 686

Re: CAPSMan went to hell

Please share your config: /export hide-sensitive file=anynameyoulike
by erlinden
Mon Apr 05, 2021 5:25 pm
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2374

Re: CAPsMAN 5G doesn't work

(But I still think having to manually define channels for CAPsMAN is a bug!)
You don't have to define channels (CAPsMAN can do auto), but you should want to. Good luck
by erlinden
Mon Apr 05, 2021 10:46 am
Forum: Beginner Basics
Topic: IKEv2 VPN
Replies: 26
Views: 3051

Re: IKEv2 VPN

My Mikrotik is on VMware Machine with 6.48 Version.
Current stable version is 6.48.1, there were a lot of problems with the 6.48 version. Might also consider LTS: 6.47.9.
by erlinden
Mon Apr 05, 2021 10:43 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2374

Re: CAPsMAN 5G doesn't work

On the screenshots I see Quickset, forget about quickset (unless you are using it for getting information). WPA should never ever be used anymore (and MikroTik should get rid of any screenshot using WPA), only use WPA2 and AES only. Choose your channels (or use lists as mentioned by rushlife), for 8...
by erlinden
Sat Apr 03, 2021 11:07 pm
Forum: Wireless Networking
Topic: ipone and sonos
Replies: 10
Views: 1095

Re: ipone and sonos

Funny as there is no channel configured according to your export.
In regards to the RouterOS version...it is old and should not be used from security perspective.

Did you miss the WPA security setting remark?
by erlinden
Sat Apr 03, 2021 11:02 pm
Forum: Beginner Basics
Topic: Yet another VLAN issues topic...
Replies: 22
Views: 1829

Re: Yet another VLAN issues topic...

Thank you, that is one of the guides I have read, but believe me or not, I struggle to adapt it... I believe about the struggle...it is a learning curve. This part relates to your router: https://forum.mikrotik.com/viewtopic.php?t=143620#p706998 Know that there are trunk ports and accessports: trun...
by erlinden
Sat Apr 03, 2021 10:32 pm
Forum: Beginner Basics
Topic: Yet another VLAN issues topic...
Replies: 22
Views: 1829

Re: Yet another VLAN issues topic...

Start with (only) this great topic:
viewtopic.php?t=143620

It describes a lot of situations and has helped a lot of people on the forum.
by erlinden
Sat Apr 03, 2021 9:42 pm
Forum: Wireless Networking
Topic: ipone and sonos
Replies: 10
Views: 1095

Re: ipone and sonos

Please do at least the following:
by erlinden
Sat Apr 03, 2021 11:54 am
Forum: Wireless Networking
Topic: ipone and sonos
Replies: 10
Views: 1095

Re: ipone and sonos

It would help if you share your configuration (using code tags, the brackets button):
/export hide-sensitive file=anynameyoulike
by erlinden
Fri Apr 02, 2021 9:46 pm
Forum: Beginner Basics
Topic: How do I configure a second AP (cAP AC) to my current home network?
Replies: 3
Views: 712

Re: How do I configure a second AP (cAP AC) to my current home network?

Thank you! Would I need to enable CAP for the new cAP AC and setup configuration container and provisioner?
That's correct.
by erlinden
Fri Apr 02, 2021 9:45 pm
Forum: RouterOS v7 BETA
Topic: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5
Replies: 8
Views: 1711

Re: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5

I upgraded through Winbox (/system > packages > check for updates) and upgraded to beta3 (if I remember correct). Aftrewards, the same for upgrades beta3 > beta4 > beta5
by erlinden
Fri Apr 02, 2021 10:24 am
Forum: Beginner Basics
Topic: How do I configure a second AP (cAP AC) to my current home network?
Replies: 3
Views: 712

Re: How do I configure a second AP (cAP AC) to my current home network?

I think the cAP ac has PoE passthrough, so you can connect it to the second ethernet port.
Dive into CAPsMAN for the configuration, to prefent interference, always use non overlapping channels.
by erlinden
Thu Apr 01, 2021 4:43 pm
Forum: Beginner Basics
Topic: How to connect CAP AP to existing router - the easiest way?
Replies: 3
Views: 433

Re: How to connect CAP AP to existing router - the easiest way?

Might be that the cAP ac is configured as router instead of accesspoint. I prefer to work from scratch: reset with no default configuration, create bridge (including DHCP client) and add all interfaces, configure wifi. That's basically enough to make the accesspoint work as requested.
by erlinden
Thu Apr 01, 2021 1:56 pm
Forum: RouterOS v7 BETA
Topic: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5
Replies: 8
Views: 1711

Re: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5

hAP ac2 128MB version, upgrade van beta4 to beta5 without problems. Could it be config related?
by erlinden
Mon Mar 29, 2021 11:53 am
Forum: Beginner Basics
Topic: Move WAN from ether1 to ether6? [SOLVED]
Replies: 10
Views: 921

Re: Move WAN from ether1 to ether6? [SOLVED]

QuickSet is, in my opinion, great for new MikroTik users to configure a basic configuration. After that, don't use it anymore at all.

In addition to your adjustments, in the IP > Firewall > NAT tab you have to change your masquerade rule as well.
by erlinden
Mon Mar 29, 2021 9:15 am
Forum: Wireless Networking
Topic: Is there a way to increase range/signal of cAP AC?
Replies: 4
Views: 1111

Re: Is there a way to increase range/signal of cAP AC?

Could you please profide your config (of the CAPsMAN):
/export hide-sensitive file=anynameyoulike
by erlinden
Sun Mar 28, 2021 12:09 pm
Forum: General
Topic: ISP speed is 200 MB but Mikrotik speed is 100 MB
Replies: 14
Views: 1842

Re: ISP speed is 200 MB but Mikrotik speed is 100 MB

I see a lot of incorrect use of definitions: M = Mega m = milli B = Byte b = bits Network speed is always defined in bits per second and has an addition of either M (Mega) or G (giga). Your ISP speed is (probably) 200Mbps, because 200MB would mean a 2Gbps speed (would love to have it, but 1 Gbps is ...
by erlinden
Wed Mar 24, 2021 5:27 pm
Forum: Beginner Basics
Topic: Date & Time from NTP Server [SOLVED]
Replies: 14
Views: 1283

Re: Date & Time from NTP Server [SOLVED]

216.239.35.0...
I know for sure that is not an NTP server.

[Update]
Oops...nevermind (shame)
by erlinden
Wed Mar 24, 2021 2:42 pm
Forum: Beginner Basics
Topic: Date & Time from NTP Server [SOLVED]
Replies: 14
Views: 1283

Re: Date & Time from NTP Server [SOLVED]

Can you please share /system ntp client export
by erlinden
Wed Mar 24, 2021 8:39 am
Forum: Wireless Networking
Topic: Wireless DL double slower than UL
Replies: 3
Views: 1053

Re: Wireless DL double slower than UL

At what rate (both up and down) is the device connected?
Could you also provide the wAP ac's configuration? /export hide-snesitive file=anynameyoulike
by erlinden
Fri Mar 19, 2021 9:57 pm
Forum: General
Topic: Why can't I make my hEX lite into a router?
Replies: 19
Views: 1499

Re: Why can't I make my hEX lite into a router?

I absolutely dislike (and would like to use another word...) Quick Set, but there is an easy solution: System > Reset Configration > Reset Configration This will reset the device to router. [Update] Why do you think it is in bridge mode? You can see that your WAN port is in another network segment f...
by erlinden
Fri Mar 19, 2021 4:18 pm
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN believe it or not
Replies: 6
Views: 1246

Re: CRS112-8P-4S-IN believe it or not

You have a CRS112-8G-4S-IN: https://mikrotik.com/product/CRS112-8G-4S-IN
This is a non PoE switch, at least...it can be powered by passive PoE

So...I believe it ;-)
by erlinden
Fri Mar 19, 2021 1:08 pm
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN believe it or not
Replies: 6
Views: 1246

Re: CRS112-8P-4S-IN believe it or not

Seeing is believing....what does it look like?
by erlinden
Fri Mar 19, 2021 11:48 am
Forum: General
Topic: Hacked or error?
Replies: 9
Views: 1150

Re: Hacked or error?

Do an export (/export file=anynameyoulike) and check the config file if it contains anything unknown (like scripts). You can also share this file (/export hide-sensitive file=anyothernameyoulike) here on the forum to have a second opinion.
by erlinden
Thu Mar 18, 2021 8:36 pm
Forum: Wireless Networking
Topic: 10Mhz channel on 5GHZ
Replies: 6
Views: 1035

Re: 10Mhz channel on 5GHZ

Ehm...why?
And...what error?

I think you would have to select 10MHz as Control Channel and disable extension channels, but still...why?
by erlinden
Thu Mar 18, 2021 1:56 pm
Forum: Beginner Basics
Topic: setup hap lite wifi
Replies: 9
Views: 663

Re: setup hap lite wifi

Thank you for your reply, I am not wanting to use it to broadcast any wifi rather to recieve network connection via wifi and then only use lan ports to provide network access?
So...then don't configure that part.
by erlinden
Thu Mar 18, 2021 1:10 pm
Forum: Beginner Basics
Topic: setup hap lite wifi
Replies: 9
Views: 663

Re: setup hap lite wifi

I have used this post, sure it can help you:
https://www.justinho.com/blog/2017/07/1 ... -lite.html
by erlinden
Thu Mar 18, 2021 12:27 pm
Forum: Wireless Networking
Topic: Mikrotik wifi mesh
Replies: 7
Views: 932

Re: Mikrotik wifi mesh

I need to build a mesh network with many nodes
Why? And more important, can you explain what mesh is according to you?
What are the requirements?
What is the context?
by erlinden
Thu Mar 18, 2021 11:11 am
Forum: Beginner Basics
Topic: [SOLVED] Google ChromeCast not working [SOLVED]
Replies: 8
Views: 1253

Re: Google ChromeCast not working [SOLVED]

Bit puzzled why one would buy an RB2011 in 2021. Though it is a great device, it lacks (at least) 5G wifi. In regards to your question: never use 20/40MHz bandwidth for 2.4G radio as it will interfere with...well, everything on that band. Instead, use 20MHz and and use a fixed channel (1, 6 or 11). ...
by erlinden
Wed Mar 17, 2021 1:58 pm
Forum: Beginner Basics
Topic: Configuration Restore from RB3011 to RB4011
Replies: 6
Views: 1058

Re: Configuration Restore from RB3011 to RB4011

You can't use a backup file for restoring to another device (other then itself I thought), you have to have an export instead. If you have that, you can import it into the new device.
by erlinden
Wed Mar 17, 2021 12:03 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 2775

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

You don't have to switch to DFS channels...it depends on the use of the band (use the CAPsMAN > Registration Table > CAPs Scanner to find least used channel).
Indeed missed the country settings.
by erlinden
Wed Mar 17, 2021 10:40 am
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 2775

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

On 5GHz I use 40MHz at least (Ce or Ceee) and am using DFS channels as they are less crowded than the 5180-5240 channels. But it has its disadvantages (as well as advantages). Depending on whether you need 6Mbps, you can set basic rates to 12Mbps & 24Mbps and supported 12Mbps and up. Didn't you ...
by erlinden
Wed Mar 17, 2021 9:19 am
Forum: Wireless Networking
Topic: cannot use 80Mhz with my realtek on asus laptop
Replies: 12
Views: 1071

Re: cannot use 80Mhz with my realtek on asus laptop

Can you please share the export (use i.e. putty): /export hide-sensitive
And don't forget to configure the wireless interfaces completely (including setting country code, but also: fixed channel/WAPA2-AES only)
by erlinden
Tue Mar 16, 2021 3:29 pm
Forum: Beginner Basics
Topic: hex s site to site vpn
Replies: 3
Views: 431

Re: hex s site to site vpn

By using the DDNS option (whatever.sn.mynetname.net) you can resolve your public IP's. You have to forward ports on the ISP router, if it can't be bridged.
by erlinden
Tue Mar 16, 2021 2:51 pm
Forum: General
Topic: Best Firewall Setting Allowing Most Speed
Replies: 6
Views: 569

Re: Best Firewall Setting Allowing Most Speed

The CRS112-8P-4S is a switch. You can run it as router, but it was not designed for this purpose.
Better choice would be RB4011 or the CCR1009-7G-1C-1S+PC, depending on your requirements.
by erlinden
Fri Mar 12, 2021 11:37 pm
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 97
Views: 85142

Re: Mikrotik wi-fi and Iphone = problem

Right now we will test some more but will eventually have to bite the bullet; should we stay or should we go.... If you start from default Wifi settings and change the following you will be ok when it comes to stability (and you will be good to go): 2.4GHz 2ghz-g/n Disable extension channel Reduce ...
by erlinden
Fri Mar 12, 2021 11:27 am
Forum: General
Topic: Double-check my first hAP ac2 configuration
Replies: 18
Views: 1363

Re: Double-check my first hAP ac2 configuration

Can you please have a look at this configuration: https://forum.mikrotik.com/download/file.php?id=45586 (it is referred to in this topic: https://forum.mikrotik.com/viewtopic.php?f=13&t=143620#p706997) This is an example of a switch with trunk port, access ports and hybrid ports. Tip: set vlan f...
by erlinden
Fri Mar 12, 2021 11:20 am
Forum: Wireless Networking
Topic: cAP to connect CAPSMAN layer3 instead layer2
Replies: 4
Views: 540

Re: cAP to connect CAPSMAN layer3 instead layer2

Can you please share both the configuration of the CAPsMAN and the CAP (and please post them between code tags):

CAPsMAN: /caps-man export
CAP: /export
by erlinden
Wed Mar 10, 2021 6:29 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 15
Views: 1015

Re: Port Forwarding

So you are experiencing the problems with port 65510-65515 and am showing only forward ports 65532 and 65520 (which both work)? Can you please show the port forwards for the port range? Or better, as anav suggested, show the entire /ip firewall export?
by erlinden
Wed Mar 10, 2021 6:15 pm
Forum: General
Topic: Double-check my first hAP ac2 configuration
Replies: 18
Views: 1363

Re: Double-check my first hAP ac2 configuration

I don't understand that part.
Have a look at the link that anav posted, their you will find all info you need.
by erlinden
Wed Mar 10, 2021 3:54 pm
Forum: General
Topic: Double-check my first hAP ac2 configuration
Replies: 18
Views: 1363

Re: Double-check my first hAP ac2 configuration

So you are trying to configure it as switch with 1 trunk port (eth1) and only accessports, correct? Because it makes no sense to use NAT... I think this would be sufficient (haven't tested it) to reset without default configuration and then add: /interface bridge add admin-mac=XX:XX:XX:XX:XX auto-ma...
by erlinden
Wed Mar 10, 2021 3:14 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 15
Views: 1015

Re: Port Forwarding

Unlike erlindan I refuse to speculate ;-PPPP
Writing code...nearly science fiction ;-)

Did you miss the log entry:
Message: dstnat: in:ether1 out:(unknown 0), src-mac xx:xx:xx:xx:xx:xx, ad:04:20, proto TCP (SYN), 198.199.98.246:449730->47.187.xxx.xxx:65532, len 60
by erlinden
Wed Mar 10, 2021 12:18 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 15
Views: 1015

Re: Port Forwarding

Looks to me like port 65532 is hit (because it is logging) and therefor seems to work. Why do you think it is not forwarding? Can you do logging on the service site (or use wireshark)?
by erlinden
Wed Mar 10, 2021 11:40 am
Forum: Beginner Basics
Topic: RouterOS and SwOS
Replies: 6
Views: 603

Re: RouterOS and SwOS

Would it be better to make a bridge for each vlan?
The preferred way is to filter the (single) bridge, please read the link I posted earlier carefully.
by erlinden
Tue Mar 09, 2021 6:52 pm
Forum: General
Topic: Double-check my first hAP ac2 configuration
Replies: 18
Views: 1363

Re: Double-check my first hAP ac2 configuration

/interface vlan add interface=ether1 name=vlan2 vlan-id=32 add interface=ether1 name=vlan3 vlan-id=33 add interface=ether1 name=vlan4 vlan-id=36 add interface=ether1 name=vlan5 vlan-id=39 Instead of using ehter1 I would expect to see the bridge. /interface bridge port add bridge=bridge1 frame-types...
by erlinden
Tue Mar 09, 2021 4:16 pm
Forum: Beginner Basics
Topic: RouterOS and SwOS
Replies: 6
Views: 603

Re: RouterOS and SwOS

For my plain simple switch. using ROS, its not accessible by winbox but by IP address only.
Correct, and will have a default IP address of 192.168.88.1. Don't forget to set a fixed IP address on your LAN adapter.
Winbox will show the switch though it can't be managed by Winbox.
by erlinden
Tue Mar 09, 2021 3:12 pm
Forum: Beginner Basics
Topic: RouterOS and SwOS
Replies: 6
Views: 603

Re: RouterOS and SwOS

by erlinden
Tue Mar 09, 2021 10:04 am
Forum: Beginner Basics
Topic: VLAN on L2 switches and Communication between VLANs Via Mikrotik
Replies: 4
Views: 441

Re: VLAN on L2 switches and Communication between VLANs Via Mikrotik

This topic is a great tutorial on how to implement VLAN with MikroTik:
viewtopic.php?t=143620
by erlinden
Mon Mar 08, 2021 3:37 pm
Forum: Wireless Networking
Topic: "No internet connection available" on CAPsMAN
Replies: 2
Views: 502

Re: "No internet connection available" on CAPsMAN

Couple of things (that might help): Only use WPA2-AES, nothing else Only use channels 1, 6 and 11. Anything in between will cause interference Get rid of the access-list...any (modern) client will handle this themselves Disable 802.11b, just keep 802.11g/n What version of RouterOS are you running? W...
by erlinden
Mon Mar 08, 2021 12:56 pm
Forum: General
Topic: Open ftp only for WAN-IP-range [SOLVED]
Replies: 12
Views: 862

Re: Open ftp only for WAN-IP-range [SOLVED]

FTPS is not the same as SFTP.
According to this forum you should be able to use SSL/TLS:
http://forums.dlink.com/index.php?topic=60539.0
by erlinden
Mon Mar 08, 2021 11:22 am
Forum: General
Topic: Open ftp only for WAN-IP-range [SOLVED]
Replies: 12
Views: 862

Re: Open ftp only for WAN-IP-range [SOLVED]

What NAS are you using? FTPS might be an option...
by erlinden
Mon Mar 08, 2021 11:02 am
Forum: General
Topic: Open ftp only for WAN-IP-range [SOLVED]
Replies: 12
Views: 862

Re: Open ftp only for WAN-IP-range [SOLVED]

For data you have to forward a passive port range (configured in the FTP server). You might want to consider SFTP (from a security perspective).
by erlinden
Mon Mar 08, 2021 10:23 am
Forum: General
Topic: L2tp-server not working
Replies: 5
Views: 499

Re: L2tp-server not working

Could you also post part of your configuration: /ip ipsec profile ?
by erlinden
Mon Mar 08, 2021 9:46 am
Forum: General
Topic: Open ftp only for WAN-IP-range [SOLVED]
Replies: 12
Views: 862

Re: Open ftp only for WAN-IP-range [SOLVED]

There are better options than FTP, but it is your choice. Port 21 is not sufficient for FTP, if it is working (the data part) you might want to investigate why.
by erlinden
Mon Mar 08, 2021 9:43 am
Forum: General
Topic: L2tp-server not working
Replies: 5
Views: 499

Re: L2tp-server not working

To me, 3.24 sounds like the Winbox version...correct? What software version is the Routerboard running...6.45.6?
You have to have a look in the logging to get a first clue.
by erlinden
Fri Mar 05, 2021 7:57 pm
Forum: General
Topic: Routing Problem [SOLVED]
Replies: 24
Views: 1981

Re: Routing Problem [SOLVED]

Can you please show your /ip routes?
by erlinden
Wed Mar 03, 2021 6:38 pm
Forum: Beginner Basics
Topic: MikroTik WAP
Replies: 5
Views: 423

Re: MikroTik WAP

Why don't you stop posting messages if you can't give an interesting answer? That's the second question I am also interested in. As far as I know this is a forum and anav is not part of the helpdesk (correct me if I'm wrong). And a forum is for starting discussions, not a place to just drop questio...
by erlinden
Tue Mar 02, 2021 5:09 pm
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 1198

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

I'm using a recent cAP ac with 6.49beta11, and a hEX S also with 6.49beta11. Currently I'm running LTS (6.47.9) which works best for me. Why are you running beta? Could be beta related (though I have no clue). Great addition, biomesh. I alreay wondered why there was a /caps-man interface section in...
by erlinden
Tue Mar 02, 2021 4:51 pm
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 1198

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

What version Routerboard and firmware are you running?
Haven't seen the L2MTU size set before (except in very old configuration examples), do you need it? I prefer to use as much default as possible, leave everything (i.e. L2MTU) empty, etc
by erlinden
Tue Mar 02, 2021 10:06 am
Forum: Wireless Networking
Topic: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]
Replies: 14
Views: 1198

Re: cAP ac only has 1 tx chain, but 2 rx chains [SOLVED]

Can you please share your configuration?
/caps-man export

I'm sure the cAP ac is capable of two streams (up and down), might be a configuration thing.

In regards to your expectations...500Mbps is a bit enthousiastic.
by erlinden
Thu Feb 25, 2021 10:47 am
Forum: Wireless Networking
Topic: Network Mesh?? How To?
Replies: 7
Views: 1033

Re: Network Mesh?? How To?

It is REALLY easy to find out the SSID of a hidden network. Though conceptionally it sounds better to make it hidden.
Transmission power can be set in de Advanced mode of the wireless interface.
by erlinden
Thu Feb 25, 2021 8:39 am
Forum: Forwarding Protocols
Topic: vpn public ip cant ping
Replies: 18
Views: 1971

Re: vpn public ip cant ping

Having a Windows machine publicly available is not really good practice security wise. You better only forward ports that are absolutely necessary. And...start running a VPN server on your router for management purposes and making resources available. By the way, to show your config use /export hide...
by erlinden
Thu Feb 25, 2021 8:31 am
Forum: Wireless Networking
Topic: Network Mesh?? How To?
Replies: 7
Views: 1033

Re: Network Mesh?? How To?

Lots of recommendations here: - don't use hidden SSID, it really makes no sense at all - besides SSID and password, the security settings have to be identical - as mentioned above, always use non-overlapping channels - optimize transmission power, "as low as possible" (especially in the 2....
by erlinden
Tue Feb 23, 2021 6:57 pm
Forum: Wireless Networking
Topic: cAP AC Access Points... best quick set? (resolved with no quick set as best option, but solution provided) [SOLVED]
Replies: 22
Views: 1746

Re: cAP AC Access Points... best quick set? [SOLVED]

Sounds like it is not in caps mode, by default it is not broadcasting any SSID's.

From Winbox you can put it in caps mode as well:
viewtopic.php?t=148207
by erlinden
Tue Feb 23, 2021 12:00 pm
Forum: Beginner Basics
Topic: help please
Replies: 10
Views: 683

Re: help please

Though I fully agree, erkexzcx, first we have to know if this is unwanted.
by erlinden
Tue Feb 23, 2021 9:22 am
Forum: Beginner Basics
Topic: help please
Replies: 10
Views: 683

Re: help please

I read port 25 and 587, looks like someone/something is trying to connect to it. Do you have a mail server behind the router? Unfortunately your screenshot isn't showing the source IP address clearly, therefor can't say who is doing this. If you are not running a mailserver, you might want to blokck...
by erlinden
Sun Feb 21, 2021 6:48 pm
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 74
Views: 26991

Re: Band Steering implementation?

I think there are not many good working implementations of bandsteering. Besides, any modern device will choose 5G over 2.4G, especially if you tweak the TX power. Any effort on implementing this would be a total waste of time in my opinion. While there are so many other relevant implementations tha...
by erlinden
Sat Feb 20, 2021 5:21 pm
Forum: General
Topic: Can't Make New NAT Rules Work [SOLVED]
Replies: 13
Views: 655

Re: Can't Make New NAT Rules Work [SOLVED]

Can you please share your NAT rules (/ip firewall nat export)? Do you have the default filter rules (while you are at it: /ip firewall filter export)?
by erlinden
Thu Feb 18, 2021 3:28 pm
Forum: General
Topic: NAT https with aditional port
Replies: 3
Views: 296

Re: NAT https with aditional ports

This can be handled by /ip firewall nat:
add action=dst-nat chain=dstnat comment="Port translation (or any other comment)" dst-address-list=[fill in the public IP address] dst-port=443 log=yes protocol=tcp to-addresses=[fill in the private IP address] to-ports 9152
by erlinden
Tue Feb 16, 2021 2:27 pm
Forum: Beginner Basics
Topic: Upgrade path from 6.40.5
Replies: 3
Views: 336

Re: Upgrade path from 6.40.5

I would:
  • Make a full export (/export file=anynameyoulike *))
  • Reset device
  • Upgrade to latest version
  • Import the export file
*) Do not forget to copy the export to a computer
by erlinden
Sun Feb 14, 2021 2:13 pm
Forum: General
Topic: Help 3 router one behind the other
Replies: 4
Views: 425

Re: Help 3 router one behind the other

Why?

In my opinion it makes absolutely no sense (based on the supplied information) to have it configured like this.
Why not configure your MikroTiks as accesspoints with build in switches?
by erlinden
Sat Feb 13, 2021 9:27 pm
Forum: SwOS
Topic: CRS 112 Slow Throughput
Replies: 17
Views: 1875

Re: CRS 112 Slow Throughput

Better share a complete configuration, can you please share yours (by /export hide-sensitive file=anynameyoulike)?
And...did you check the URL posted before: https://wiki.mikrotik.com/wiki/Manual:C ... s_examples
Because that exactly describes how this CRS112 should be configured.
by erlinden
Sat Feb 13, 2021 8:48 am
Forum: General
Topic: created VLAN but cannot route through to internet from it.
Replies: 4
Views: 332

Re: created VLAN but cannot route through to internet from it.

Please read this tutorial very carefully, it is the best resource (in my opinion) on VLAN and RouterOS:
viewtopic.php?t=143620
by erlinden
Fri Feb 12, 2021 10:34 am
Forum: General
Topic: Home Network is Failing
Replies: 10
Views: 763

Re: Home Network is Failing

I switched to LTS, currently version 6.47.9. Great performance, might help you as well.
by erlinden
Thu Feb 11, 2021 11:58 am
Forum: Beginner Basics
Topic: Confused how to do VLAN Firewall filters? [SOLVED]
Replies: 8
Views: 618

Re: Confused how to do VLAN Firewall filters? [SOLVED]

Volgens mij volstaat het om de volgende regel aan te maken:
add action=drop chain=forward comment="Block guest network except WAN" in-interface=GUEST_VLAN out-interface-list=!WAN
Herewith my guest network is blocked from any other network (VLAN), WAN is allowed
by erlinden
Wed Feb 10, 2021 9:10 pm
Forum: Beginner Basics
Topic: hAP AC Lite Setup as Access Point Only
Replies: 3
Views: 575

Re: hAP AC Lite Setup as Access Point Only

That is a perfect approach, don't forget to configure the wireless interfaces (WPA2/AES, fixed channels, correct bandwidths, country code, etc.).
by erlinden
Tue Feb 09, 2021 4:03 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 77
Views: 24552

Re: v6.47.9 [long-term] is released!

Got it installed on my RB4011/CRS112/2xcAP ac/wAP ac (coming from 6.478.1), will monitor. Upgrade went very smooth!
by erlinden
Tue Feb 09, 2021 8:37 am
Forum: Beginner Basics
Topic: hAP AC Lite Setup as Access Point Only
Replies: 3
Views: 575

Re: hAP AC Lite Setup as Access Point Only

Answers:

1. It depends on what you prefer to use (I never use Quickset), but the result is the same. You probably have firewall rules, but they are not hit.
2. you can do a lot of security improvements, but the question is what is required (for you).
by erlinden
Mon Feb 08, 2021 10:14 am
Forum: RouterBOARD hardware
Topic: "fcs error on link", every day
Replies: 10
Views: 1100

Re: "fcs error on link", every day

First thing I notice is that the SFP's have different wavelengths...sure that will work?
What RouterOS version are you running?
by erlinden
Sun Feb 07, 2021 11:31 am
Forum: Beginner Basics
Topic: Need help with port openings
Replies: 5
Views: 566

Re: Need help with port openings

Still in doubt whether I should help you or not (and especially if you are helped by getting the ports in place). By the choice of ports I'm not convinced of sufficient knowledge about security (let alone that port 20 FTP should be set outbound instead of inbound). Besides, there are tons of tutoria...
by erlinden
Fri Feb 05, 2021 2:58 pm
Forum: Wireless Networking
Topic: No wlan interface
Replies: 1
Views: 382

Re: No wlan interface

It might be caused by the fact that the hEX S doesn't have wireless interfaces.
To "solve" this you might want to consider getting an RB with wireless interfaces, like a hAP AC2 (or 3).
by erlinden
Wed Feb 03, 2021 1:45 pm
Forum: Beginner Basics
Topic: Help please!
Replies: 7
Views: 644

Re: Help please!

Can you please first share your configuration (via terminal):

/export hide-sensitive file=anynameyoulike
by erlinden
Wed Feb 03, 2021 1:00 pm
Forum: Beginner Basics
Topic: Help please!
Replies: 7
Views: 644

Re: Help please!

Could not resolve DNS name...that means that there is a problem with DNS. Is the device connected to a network? Did it get a proper IP address? Does it have Internet access? I thought this might be easy. Welcome to MikroTik ;-) Tip: Instead of a cry for help, please use a proper description as title...
by erlinden
Tue Feb 02, 2021 9:01 pm
Forum: General
Topic: website responds ping but does not navigate
Replies: 6
Views: 648

Re: website responds ping but does not navigate

ICMP doens't say anything about webserver (though the webserver could theoretically respond to the ICMP request).
Can you please share the websites you encounter problems.

Things that come to my mind:
  • IPv6
  • DNS
  • Block
by erlinden
Tue Feb 02, 2021 8:59 pm
Forum: Beginner Basics
Topic: My last hope.
Replies: 10
Views: 923

Re: My last hope.

Just to be sure, the RB receives a public IP address?
Are you gaming through Wifi or through cable?
by erlinden
Tue Feb 02, 2021 4:40 pm
Forum: General
Topic: NEW STABLE VERSION 6.47.3 DOES NOT RECEIVE IP FOR INTERFACE AT 10 mbps?
Replies: 2
Views: 370

Re: NEW STABLE VERSION 6.47.3 DOES NOT RECEIVE IP FOR INTERFACE AT 10 mbps?

Luckily you managed to disengage the Caps-Lock key in the end. Actually, that caused additional confusion (as m = milli)... @Holden1: Without proper information it will be difficult. Can you al least share the configuration? /export hide-sensitive file=anynameyoulike By default all ports should be ...
by erlinden
Tue Feb 02, 2021 3:07 pm
Forum: Wireless Networking
Topic: CAPsMAN / Local forwarding - Roaming Apple devices
Replies: 1
Views: 443

Re: CAPsMAN / Local forwarding - Roaming Apple devices

Do you have both 2.4G and 5G radios enabled? It could be caused by too high TX Power on the 2.4G radio.
Perhaps you can share your CAPsMAN configuration: /caps-man export hide-sensitive file=anynameyoulike
by erlinden
Tue Feb 02, 2021 12:23 pm
Forum: Beginner Basics
Topic: Route VLAN to seperate public IP
Replies: 1
Views: 278

Re: Route VLAN to seperate public IP

My guess would be by having three masquerade rules.
Here is a topic that can be helpful:
viewtopic.php?t=142214
by erlinden
Tue Feb 02, 2021 11:00 am
Forum: Beginner Basics
Topic: My last hope.
Replies: 10
Views: 923

Re: My last hope.

Do you experience the same problems when your computer is connected directly to the Netgear (by cable!)? Why would you use multiple routers (NAT after NAT)?
by erlinden
Mon Feb 01, 2021 2:22 pm
Forum: Forwarding Protocols
Topic: public ip ping
Replies: 4
Views: 834

Re: public ip ping

For responding to ping, you have to have this line in your firewall filter rules: /ip firewall filter add action=accept chain=input comment="accept ICMP" protocol=icmp What do you mean by you can ping your gateway...is this from the internal network? i dont have firewall i dont know whats ...
by erlinden
Thu Jan 28, 2021 12:40 pm
Forum: General
Topic: Can´t get routing to work [SOLVED]
Replies: 7
Views: 460

Re: Can´t get routing to work [SOLVED]

ok I understand, but then I have to reconfigure ASUS Wlan to be an AP instead of an router. In AP Mode NAT is not required. Is that correct ?
Correct, there are a lot of reasons why you don't want multiple NAT in your network (and you have found one of them ;-)).
by erlinden
Thu Jan 28, 2021 12:30 pm
Forum: General
Topic: Can´t get routing to work [SOLVED]
Replies: 7
Views: 460

Re: Can´t get routing to work [SOLVED]

yes the ASUS Router is configured as router, therefore NAT is active and required.
There is your problem: because of NAT on the Asus, all traffic is blocked (as should be) from WAN to LAN. Please reread my earlier reply.
by erlinden
Thu Jan 28, 2021 12:14 pm
Forum: General
Topic: Can´t get routing to work [SOLVED]
Replies: 7
Views: 460

Re: Can´t get routing to work [SOLVED]

You have to allow these requests in the Asus router. Is NAT required on the Asus?
by erlinden
Thu Jan 28, 2021 11:28 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135368

Re: Using RouterOS to VLAN your network

Is that correct? Yes I tried to implement the great tutorial, unfortunately I get an error when defining the WAN IP # Yellow WAN facing port with IP Address provided by ISP /ip address add interface=ether1 address=a.a.a.a/aa network=a.a.a.0 get me this error back "error while running run-after...
by erlinden
Wed Jan 27, 2021 3:50 pm
Forum: General
Topic: Hex S & cAP ac - Powered with PoE?
Replies: 4
Views: 462

Re: Hex S & cAP ac - Powered with PoE?

Have been using Hex S with cAP ac (powered by the Hex S) for some time now...without any problems. I would first check cable, what exact cable is in between the two? Can you try with a short patch cable in between?
by erlinden
Wed Jan 27, 2021 10:18 am
Forum: General
Topic: pptp vpn client cannot connect
Replies: 6
Views: 6957

Re: pptp vpn client cannot connect

Topci Author, did you find a solution?
In those nearly 7 years he probably did...
Hope you are not overthinking PPTP!?
by erlinden
Tue Jan 26, 2021 9:29 am
Forum: General
Topic: CAPSMAN + cap VLAN + namagement vlan
Replies: 7
Views: 669

Re: CAPSMAN + cap VLAN + namagement vlan

Just add multiple frequencies: https://dub01pap001files.storage.live.com/y4mMev_QoU1Pr8O977z6UYHvcvyRmUTIRdjnX-6uT52GNTbotLyhmI6LB2k-Dlln68OtSExaE56N8Vzwci6GWE-8vyUT65PSxzc6akjYHaKgLLMXKR4V1h1-IQnb1R2LaNUw6gyky_pZxQfj41u-vTtEzzeS_Dyg4EK5Iskk9RT9_bG3KPHeEEiVohVPaelxwTj?width=376&height=270&cr...
by erlinden
Tue Jan 26, 2021 9:11 am
Forum: Wireless Networking
Topic: Can't get only 40MHz 2.4GHz
Replies: 2
Views: 577

Re: Can't get only 40MHz 2.4GHz

As far as I know by using extension channels you are able to choose for 40MHz bandwidth. And depending on the selected extension channel (Ce or eC) you can manually select the combined channels used (where XX gives you random channels). You can explain both the use case and the problems you are runn...
by erlinden
Mon Jan 25, 2021 9:47 am
Forum: General
Topic: Migration from CCR1016 to CCR1036
Replies: 1
Views: 246

Re: Migration from CCR1016 to CCR1036

Configuration can be exported using /export file=mycurrentconfig (or any other name you like).
This export can be imported into a different Routerboard, passwords won't be exported unfortunately (and I think users aren't as well).
by erlinden
Sun Jan 24, 2021 4:47 pm
Forum: General
Topic: CAPSMAN + cap VLAN + namagement vlan
Replies: 7
Views: 669

Re: CAPSMAN + cap VLAN + namagement vlan

Please use the code tags (from the menu, select "brackets") to make it more readable. First thing I would change is using a single bridge with VLAN filtering on it (both on the CAPsMAN and the CAP). Assign IP addresses to the VLAN interfaces. Don't use auto frequencies, ever. You can add c...
by erlinden
Thu Jan 21, 2021 2:43 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 156
Views: 84096

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

Yep, they are designed to pass good traffic for further processing by firewall
Thank you very much Chupaka, all I had to do is add the internal DNS server to the list that iukatech quoted. It is now working!
by erlinden
Thu Jan 21, 2021 2:17 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 156
Views: 84096

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

01/13/2021 Still works like a charm on the newer firm as we just went through the same issue
Do these rules have to be at the top of the firewall?
by erlinden
Thu Jan 21, 2021 10:06 am
Forum: General
Topic: dhcp1 offering lease xxx.xxx.xxx.xxx for xx:xx:xx:xx:xx:xx without success
Replies: 3
Views: 319

Re: dhcp1 offering lease xxx.xxx.xxx.xxx for xx:xx:xx:xx:xx:xx without success

Where is the DHCP client on the RB3011 connected to?
Can you please share the config of the RB3011: /export hide-sensitive file=anynameyoulike
by erlinden
Wed Jan 20, 2021 5:28 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3359

Re: NAT not working...

Masquerade is for handling NAT.
by erlinden
Wed Jan 20, 2021 2:06 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3359

Re: NAT not working...

OK have done it.
Will be a problem with the disabled Masquerade? Is needed to delete it or it can be disabled?
Disabled is disabled...so it won't interfere.

Is both masquerade and port forwarding working now?
by erlinden
Wed Jan 20, 2021 11:45 am
Forum: Beginner Basics
Topic: Dividing one routerboard making it two separate wan routers
Replies: 6
Views: 641

Re: Dividing one routerboard making it two separate wan routers

Like the Hex S has port 1 as WAN and the other ports a LAN, does this mean that this is a hardware or is it just a convenience marking on the case. Convenience only, you can have any port(s) as WAN port. It just requires the proper configuration. Agree with @quackyo, I would actually use VLAN's (bu...
by erlinden
Wed Jan 20, 2021 10:41 am
Forum: RouterBOARD hardware
Topic: hAP ac³
Replies: 34
Views: 6180

Re: hAP ac³

Did you found any solution to that problem or I purchased a dummy wifi router with big antennas?
Can you please share your config?
/interface wireless export hide-sensitive file=anythingyoulike
by erlinden
Tue Jan 19, 2021 4:08 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3359

Re: NAT not working...

Can you change
add action=masquerade chain=srcnat src-address=10.0.10.0/24
add action=masquerade chain=srcnat disabled=yes src-address=10.20.11.0/24
to:
add chain=srcnat action=masquerade out-interface-list=WAN
by erlinden
Tue Jan 19, 2021 3:44 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3359

Re: NAT not working...

I have change it to the WAN, but no change. Its the same.
Can you please post your configuration here:
/export hide-sensitive file=anythingyoulike
by erlinden
Tue Jan 19, 2021 1:51 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3359

Re: NAT not working...

Ok and what should I choose in the out. Interface (list)? - LAN, Wan, all, dynamic, none and static
You can choose either the interface "Orange Optic" or the interface list WAN (assuming the interface is added tot the list as WAN).
by erlinden
Tue Jan 19, 2021 12:15 pm
Forum: Beginner Basics
Topic: NAT not working...
Replies: 45
Views: 3359

Re: NAT not working...

I was expecting an masquerade rule with an Out. Interface (List) specified. And I think the src-address can be left empty.
Are you sure you want to have your DNS server publicly available?
by erlinden
Mon Jan 18, 2021 9:38 am
Forum: Beginner Basics
Topic: querry on mikrotik hotspot status page
Replies: 4
Views: 876

Re: querry on mikrotik hotspot status page

If you want to use an name instead of using IP address, you will have to solve this by DNS. And...that's about it, I think.
by erlinden
Mon Jan 18, 2021 9:16 am
Forum: General
Topic: help
Replies: 7
Views: 696

Re: help

Can you please share your config: /export hide-sensitive file=anythingyoulike?
by erlinden
Mon Jan 18, 2021 9:14 am
Forum: Wireless Networking
Topic: Capsman issues
Replies: 1
Views: 377

Re: Capsman issues

Would be very helpful if you could share the config of the CAPsMAN here:
/export hide-sensitive file=anythingyoulike

What is the CPU usage on the CAPsMAN?
by erlinden
Sun Jan 17, 2021 5:20 pm
Forum: General
Topic: Full disk on empty router hAP ac^2
Replies: 4
Views: 560

Re: Full disk on empty router hAP ac^2

What is the fix-space package? And why is the version different from your ROS?
by erlinden
Sat Jan 16, 2021 10:54 pm
Forum: The User Manager
Topic: DHCP server problem
Replies: 13
Views: 14791

Re: DHCP server problem

@Buelo, Kid Control is MAC Address based. You might run into problems because a lot of devices are using random MAC addresses for privacy purposes. @borislav, can you share your config ( /export hide-sensitive file=anythingyoulike )? Only situation where I ran into DHCP problems, it was because of m...
by erlinden
Fri Jan 15, 2021 8:59 pm
Forum: Wireless Networking
Topic: WIFI - Poor Performance on RBwAPG-5HacT2HnD
Replies: 5
Views: 3664

Re: WIFI - Poor Performance on RBwAPG-5HacT2HnD

Indeed it is difficult to configure wireless properly, it requires a steep learning curve. From your configuration I see a lot is either wrong or missing. Beside, your firmware is outdated, you will get much better performance on the LTS (stable has some problems with the RB3011). For the 5G radio p...
by erlinden
Fri Jan 15, 2021 4:53 pm
Forum: Beginner Basics
Topic: MikroTik 328-24P-4S+RM as a router? [SOLVED]
Replies: 3
Views: 411

Re: MikroTik 328-24P-4S+RM as a router? [SOLVED]

The RB4011 will handle Gigabit just fine, unlike the crs328_24p_4s.
See also: https://mikrotik.com/product/crs328_24p ... estresults
by erlinden
Fri Jan 15, 2021 12:42 pm
Forum: Beginner Basics
Topic: Crs 112 Proplem
Replies: 8
Views: 607

Re: Crs 112 Proplem

Then why are you trying to run SQL statements?
Can you reset with the option "No Default Configuration"?
Can you post the contents of /file (/file print or screenshot)?
by erlinden
Fri Jan 15, 2021 12:18 pm
Forum: Beginner Basics
Topic: Crs 112 Proplem
Replies: 8
Views: 607

Re: Crs 112 Proplem

Sure you want to you use your switch as database server?
by erlinden
Fri Jan 15, 2021 12:14 pm
Forum: Beginner Basics
Topic: NAT Loopback / DNS
Replies: 9
Views: 948

Re: NAT Loopback / DNS

Indeed Hairpin NAT or a proper DNS configuration. Wonder what services on the NAS you would like to publish to the Internet. There might be a better way.
by erlinden
Thu Jan 14, 2021 10:20 am
Forum: General
Topic: Site-to-site VPN with dynamic DNS
Replies: 3
Views: 541

Re: Site-to-site VPN with dynamic DNS

I would use IPSEC, here is a great blogpost I found (and am using):
https://blog.pessoft.com/2016/05/29/mik ... s-and-nat/
by erlinden
Thu Jan 14, 2021 8:55 am
Forum: The User Manager
Topic: Mikrotik app [SOLVED]
Replies: 3
Views: 1330

Re: Mikrotik app [SOLVED]

Why would you want the port changed?
by erlinden
Wed Jan 13, 2021 12:29 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 75203

Re: v6.48 [stable] is released!

any ideas why upgrade causes full of errors regarding IKE2 rekey?
search.php?keywords=rekey&t=171035&sf=msgonly
by erlinden
Tue Jan 12, 2021 5:19 pm
Forum: General
Topic: How to setup Mikrotik router and TTL
Replies: 14
Views: 1698

Re: How to setup Mikrotik router and TTL

Can you please share the configuration (/export hide-sensitive file=anythingyoulike)?
What have you tried, what are you trying and what problems are you running into?
by erlinden
Mon Jan 11, 2021 3:51 pm
Forum: General
Topic: Migrate from 1100 to 3011
Replies: 2
Views: 272

Re: Migrate from 1100 to 3011

Export is the best option, make sure that the 3011 is Reset to Defaults with No Default Configuration before importing the export file. Be aware (please check the export file before importing it into the 3011) that the 1100 has more ethernet ports than the 3011. You will have to remove them from the...
by erlinden
Mon Jan 11, 2021 3:38 pm
Forum: General
Topic: Limiting time in mikrotik for employees
Replies: 2
Views: 249

Re: Limiting time in mikrotik for employees

Because you treat your employees like kids...try kid control ;-)
First part was a little joke, kid control will do this just fine.
by erlinden
Mon Jan 11, 2021 1:17 pm
Forum: Wireless Networking
Topic: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station??
Replies: 4
Views: 482

Re: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station??

@bwpl, agree at first sight...it is actually the second (802.11n/green) column shown in the table on your URL.
by erlinden
Mon Jan 11, 2021 11:06 am
Forum: Wireless Networking
Topic: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station??
Replies: 4
Views: 482

Re: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station??

I think it should work if you set the frequency to 5785 MHz (which is channel 157) and extension channel to Ce (to combine it with 161). In what country are you? See also: https://www.silextechnology.com/hs-fs/hubfs/Blog_Images/5GHz_40MHz%20Channel%20Update%20for%20UK.png?width=954&height=410&am...
by erlinden
Thu Jan 07, 2021 6:55 pm
Forum: Beginner Basics
Topic: Speed of internet not working on RB951G-2HnD
Replies: 9
Views: 910

Re: Speed of internet not working on RB951G-2HnD

Be aware that this RB is not really new...ther CPU usage is a good indicator that something is limiting.
Do you use queues? Can you share your config?
/export hide-sensitive file=anythingyoulike
by erlinden
Thu Jan 07, 2021 5:46 pm
Forum: Beginner Basics
Topic: Speed of internet not working on RB951G-2HnD
Replies: 9
Views: 910

Re: Speed of internet not working on RB951G-2HnD

I would expect better results...how are you testing? What is the CPU usage on the RB while testing? Anything special in your configuration?
by erlinden
Thu Jan 07, 2021 9:52 am
Forum: General
Topic: mikrotik audience best wireless performance
Replies: 2
Views: 380

Re: mikrotik audience best wireless performance

Perhaps you can share your configuration?
/export hide-sensitive flie=anythingyoulike (and place the outcome between [])
by erlinden
Thu Jan 07, 2021 9:30 am
Forum: General
Topic: DHCP client on bridge interface with a VLAN DHCP not working
Replies: 5
Views: 1192

Re: DHCP client on bridge interface with a VLAN DHCP not working

It should be working...can you please share your configs: /export hide-sensitive file=anythingyoulike?
And please use the [] tags to make it readable.
by erlinden
Mon Jan 04, 2021 2:58 pm
Forum: Beginner Basics
Topic: FTP connecting from WAN without open port on router
Replies: 10
Views: 901

Re: FTP connecting from WAN without open port on router

Do you have UPnP enabled?
By default everything is blocked unless a port is forwarded.
by erlinden
Mon Jan 04, 2021 9:26 am
Forum: Wireless Networking
Topic: Force users to swap to 5Ghz
Replies: 5
Views: 931

Re: Force users to swap to 5Ghz

There is a TX Power setting in CAPsMAN.
by erlinden
Sun Jan 03, 2021 10:32 pm
Forum: General
Topic: vlan over multriple mikrotik devices
Replies: 2
Views: 418

Re: vlan over multriple mikrotik devices

Please read this great tutorial:
viewtopic.php?t=143620
by erlinden
Sun Jan 03, 2021 12:46 am
Forum: Beginner Basics
Topic: Enable 5Ghz band for wifi
Replies: 6
Views: 890

Re: Enable 5Ghz band for wifi

Did you read it at all?
Using RouterOS to VLAN your network
by erlinden
Sun Jan 03, 2021 12:29 am
Forum: Beginner Basics
Topic: Enable 5Ghz band for wifi
Replies: 6
Views: 890

Re: Enable 5Ghz band for wifi

There is no 5G radio in this device, hence it is missing.
There is a great tutorial on VLAN, just use the search option or Google.

Here you go: viewtopic.php?p=781603
by erlinden
Sat Jan 02, 2021 1:40 pm
Forum: General
Topic: Mikrotik Error when generating external PDF file
Replies: 8
Views: 2645

Re: Mikrotik Error when generating external PDF file

Hey, I have the same ptroblem, but I'm not that handy with stuff like this, so I just feel lost at the moment.
Open a new topic with your specific environment and all the information that is relevant. Unless you are also failing on trying to export pdf and have a compromised RB.
by erlinden
Fri Jan 01, 2021 3:55 pm
Forum: General
Topic: Guest Wifis for two separate VLANs
Replies: 10
Views: 764

Re: Guest Wifis for two separate VLANs

Agree, but then I would need (in my special setup) an additional pieces of hardware "combining" vlan 10 and guest-vlan for internet access... I tried to avoid it and with my setup described in second post I was able to do so :) If only a router could do this... Can you please give an over...
by erlinden
Fri Jan 01, 2021 2:07 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 75203

Re: v6.48 [stable] is released!

I absolute love the wireless improvement I'm experiencing. More stability and higher speeds. Unfortunately I noticed periodic "link down", strangely enough only between my RB4011 and my CRS112-8P-4S. This is not occurring between the RB4011 and a cAP ac and not between CRS112-8P-4S and the...
by erlinden
Thu Dec 31, 2020 1:22 pm
Forum: Wireless Networking
Topic: cAP ac power consumption
Replies: 7
Views: 1287

Re: cAP ac power consumption

It states "Max power consumption" which is different from consuming 13 Watt. My cAP ac is consuming below 5 Watt, both WLAN's and one LAN active.
by erlinden
Wed Dec 30, 2020 12:09 pm
Forum: General
Topic: Guest Wifis for two separate VLANs
Replies: 10
Views: 764

Re: Guest Wifis for two separate VLANs

Can't you just make two additional VLAN's for the Guest network?
With four VLAN's you will be able to separate (or share) any combination of sharing/blocking you like.
by erlinden
Tue Dec 29, 2020 1:11 pm
Forum: General
Topic: Can't see my Mikrotik hAP ac in Winbox
Replies: 8
Views: 2215

Re: Can't see my Mikrotik hAP ac in Winbox

You might want to check how to perform a factory reset, @paul4:
https://wiki.mikrotik.com/wiki/Manual:Reset
by erlinden
Sun Dec 27, 2020 10:17 am
Forum: General
Topic: DHCP lease unsuccessful after upgrade to 6.48 [SOLVED]
Replies: 10
Views: 1227

Re: DHCP lease unsuccessful after upgrade to 5.48 [SOLVED]

I have configured my VLANs in a different way, I configured all VLANs on the bridge instead of on the interface:
viewtopic.php?t=143620
by erlinden
Sat Dec 26, 2020 10:07 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 75203

Re: v6.48 [stable] is released!

Yes, that's what should be set to none IMHO.
Look at first line, dh-group=modp4096 is used for dh in phase 1 and for PFS in phase 2.
Thanks, saved my day! Got it working!!
by erlinden
Sat Dec 26, 2020 5:35 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 75203

Re: v6.48 [stable] is released!

With IKEv2 the pfs group is inherited from phase 1, have a look at dh group in profiles. Perfect forward secret should be used even if set to none in proposals. Correct me if I am wrong, but I think you should set pfs-group to none in proposals on all devices for IKEv2. My current settings: /ip ips...
by erlinden
Fri Dec 25, 2020 10:59 am
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2869

Re: Inconsistent speed HAP AC2 vs HAP Lite

Make sure you are using local forwarding, not CAPsMAN forwarding. You will get the highest data rate with local forwarding. CAPsMAN forwarding involves tunneling all traffic back to the CAPsMAN which adds a lot of overhead. Local forwarding is a CAPsMAN setting, you'll find it in the "Datapath...
by erlinden
Thu Dec 24, 2020 9:00 pm
Forum: Beginner Basics
Topic: Changing internet provider
Replies: 3
Views: 494

Re: Changing internet provider

No, it does not depend...
Well, actually...

Perhaps you forgot the situation that the ISP requires a PPPoE configuration?
Or it requires VLAN configuration on the WAN side (in case of fiber)?
And there might be more situations that a change is required.
by erlinden
Thu Dec 24, 2020 4:05 pm
Forum: Beginner Basics
Topic: Changing internet provider
Replies: 3
Views: 494

Re: Changing internet provider

It depends... What medium (cable/xDSL/Fibre), current and future? Do you have any other hardware involved on being able to connect to the Internet (like a modem)? If so, what modem do you currently have (from your current provider)? What modem will you get from your new provider? How is the router c...
by erlinden
Thu Dec 24, 2020 3:54 pm
Forum: Beginner Basics
Topic: Upgrade via a LAN port [SOLVED]
Replies: 4
Views: 631

Re: Upgrade via a LAN port [SOLVED]

THere are multiple ways to upgrade your device:
https://wiki.mikrotik.com/wiki/Manual:U ... g_RouterOS
by erlinden
Thu Dec 24, 2020 12:37 pm
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2869

Re: Inconsistent speed HAP AC2 vs HAP Lite

What speed is the client connected on both CAP's?
by erlinden
Wed Dec 23, 2020 10:03 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 75203

Re: v6.48 [stable] is released!

I see the following error in the log (every 30 min): IPsec-SA expired before finishing rekey Haven't seen this issue in the current LTS and the 6.47.x releases. Found this answer in the topic, hope it helps: https://forum.mikrotik.com/viewtopic.php?f=2&t=159536&p=783686&hilit=IPsec+SA+ex...
by erlinden
Wed Dec 23, 2020 1:22 pm
Forum: RouterBOARD hardware
Topic: seek help
Replies: 5
Views: 574

Re: seek help

What is the current state of the RB?
Is the device running?

Are you aware of using Netinstall (as last resort)?
https://wiki.mikrotik.com/wiki/Manual:Netinstall
by erlinden
Wed Dec 23, 2020 12:21 pm
Forum: RouterBOARD hardware
Topic: seek help
Replies: 5
Views: 574

Re: seek help

If you run into problems, you might want:
  1. export your configuration (/export file=anythingyoulike)
  2. Save file to local computer
  3. Reset RB to defaults
  4. Upgrade
  5. upload config file
  6. import your configuration (/import file=anythingyoulike)
Do you get any errors (check in the log)?
by erlinden
Tue Dec 22, 2020 9:32 am
Forum: General
Topic: RB3011UIAS-RM: how to make it tag VLANs?
Replies: 5
Views: 652

Re: RB3011UIAS-RM: how to make it tag VLANs?

Please read this tutorial carefully...it helped me a lot understanding VLAN:
viewtopic.php?t=143620
by erlinden
Tue Dec 22, 2020 9:10 am
Forum: Beginner Basics
Topic: Server access through firewall
Replies: 6
Views: 614

Re: Server access through firewall

Can you please post your complete firewall configuration (/ip firewall export)?
by erlinden
Tue Dec 22, 2020 8:44 am
Forum: Wireless Networking
Topic: Signal Range
Replies: 3
Views: 540

Re: Signal Range

It is the signal strength of the client, measured on the CAP.
Think here you can find some good (additional) information:
https://help.mikrotik.com/docs/display/ROS/CAPsMAN
by erlinden
Mon Dec 21, 2020 3:38 pm
Forum: General
Topic: Different DHCP ranges with Mikrotik with Cisco AiroNet [SOLVED]
Replies: 17
Views: 1421

Re: Different DHCP ranges with Mikrotik with Cisco AiroNet [SOLVED]

So...you want to configure the Cisco AiroNet? Can you please share your routers config (/export hide-sensitive file=anythingyoulike)?
On what port is the AiroNet connected? Assuming the AiroNet is wired connected to the router!?
by erlinden
Mon Dec 21, 2020 3:03 pm
Forum: Beginner Basics
Topic: Server name resolution over L2TP
Replies: 3
Views: 463

Re: Server name resolution over L2TP

What DNS server IP do clients get on the VPN?
by erlinden
Sun Dec 20, 2020 12:56 pm
Forum: The Dude
Topic: Hide delete icon in network maps
Replies: 5
Views: 1266

Re: Hide delete icon in network maps

Is the map created by this user or by another user?
And, as I don't know anything about Dude, are there any Dude settings in regards to this?

And to be honest...not much time to upgrade, it is all about priorities. In my opinion, the problem your describing is of less importance.
by erlinden
Sun Dec 20, 2020 9:16 am
Forum: Wireless Networking
Topic: CAPsMan handling devices moving around a home
Replies: 3
Views: 580

Re: CAPsMan handling devices moving around a home

Instead of adding an additional cAP, you might want to consider introducing VLAN's. Where you can have a standard VLAN and an additional VPN VLAN. That would make any additional hardware (for this purpose) unnecessary. If you want to find out more about VLAN (I'm using it for guest network and IoT),...
by erlinden
Sun Dec 20, 2020 9:11 am
Forum: The Dude
Topic: Hide delete icon in network maps
Replies: 5
Views: 1266

Re: Hide delete icon in network maps

Not a direct answer to your question...why are you still running this version? It is 2,5 years old and I'm pretty sure there are some vulnerabilities in this version.
by erlinden
Sun Dec 20, 2020 12:32 am
Forum: RouterBOARD hardware
Topic: New wapAC
Replies: 4
Views: 772

Re: New wapAC

Disadvantage of the dual chain is that triple chain clients will perform less in comparison with the old wAP ac.
But in my opinion the improvements outweigh this drawback.