Code: Select all
/export file=anynameyoulike
/export file=anynameyoulike
Actually, ICMP traffic is accepted. It is used for more then ping only.If I recall correctly however, ping (ICMP) is allowed inbound by default. I prefer to block this via firewall rule.
/export file=anynameyoulike
/export file=anynameyoulike
/export file=anynameyoulike
Depends on how you want it to work exactly. Fyi, legacy supports CAPsMAN forwarding, wifi-qcom(-ac) doesn't.Can someone help?
Add a drop rule on the forward chain that drops everything else:And how can i disable the port for everyone else
add action=drop chain=forward
better?Gentlemen, what is the difference between firmware V6 and V7, which is better?
/export file=anynameyoulike
Thanks gotsprings !The only thing I see in your config that jumps out at me is the independent-learning value.
/export file=anynameyoulike
/export file=anynameyoulike
Is it acceptable to you? That is all that matters.So, "down a couple of times" during a period of years can be considered acceptable, right?
The topic name might give an indicationWell, then start by describing the issue you need to resolve first.
/export file=anynameyoulike
Why use WPA (when you can use open)?Giving this a go! Disabled it on 5Ghz interface and switched back from WPA2/3 to WPA/WPA2.
https://help.mikrotik.com/docs/display/ ... ionexample:How do I enable the capsman server on one of the AX2? I dont see a Capman option to enable it and set certificate options.
/export file=annameyoulike
Sure, no problem. It would be really great to have the config of the cAP ac as well, just to compare.As I mentioned in the article above, I really don't understand it very well, but maybe I can write the config details here as soon as possible and get ideas from you. Thank you.
/export file=anynameyoulike
CAPsMAN:Standalone AP or using CAPsMan?
The disadvantage of upgrading manually is that you could miss an additional package.Then I found out you have to install QCOM package. So might try updating again.
/export file=anynameyoulike
Are you stating that on the same port and with same protocol OpenVPN will work while Wireguard does (sometimes) not?If the IPS is blocking the ports , and even if you play with 443 that will not help to establish connections. Not sure why is that,
Here in the documentation you can find it:I have found out several topics as well in cookbook, but it seems that it will be not for my setup, so I have to read and find something else.
wAP ax will be a very small device and is coming very very soon (question of days or weeks)
wAP ax will be a very small device and is coming very very soon (question of days or weeks)
/export file=anynameyoulike
/export file=anynameyoulike
/export file=anynameyoulike
/ip/upnp print
/ip/upnp/interfaces print
/ip firewall filter
add action=accept chain=input dst-port=8291 in-interface=ether1 protocol=tcp
Did you do port forwarding on the NAT device as well?Yes it is behind NAT and does not have a public IP address.
encryption=ccmp,gcmp,ccmp-256,gcmp-256
/export file=anynameyoulike
If you want some feedback, just share the config:What reasons could there be for the “Link downs” of a 5Ghz meter to trigger?
/export file=anynameyoulike
That would involve the users as wellI hope the manufacturer will be able to fix all the errors and shortcomings of hAP ax3 with updates.
/export file=anynameyoulike
Can you eleborate this? I'm onto the beta in my home environment (I know, just a small network). Haven't had any strange CAPsMAN things, at least for me it is working not any less stable than the stable version.if u want to get to the trouble, then use the new CapsMan
/export file=anynameyoulike
/ip/firewall export
or
/export file=anynameyoulike
/ip dns
set allow-remote-requests=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
/ip dns
set cache-size=20480KiB
Sure (comes with 7.13 and up), but it won't be able to manage its own wireless interfaces.can wifi capsman be run on a mipsbe device?
/interface/wifi export
/export file=anynameyoulike
/export file=anynameyoulike
/export file=anynameyoulike
/export file=anynameyoulike
/export file=anynameyoulike
Then I can make you a great offer: I'll trade my cAP ac's for your cAP AX's.I don't know, but the conditions are the same, ~15m. distance and one wall. cAPac works at both frequencies better, achieving double and triple the data transfer!
/export file=anynameyoulike
/ip/firewall export
Think you are better of with an accesspoint:SXT 5 is a low cost, high transmit power 5GHz outdoor wireless device. SXT 5 can be used for point to point links or as a CPE for point to multipoint installations.
/export file=anynameyoullike
That depends. Do you want all Wireguard peers to be able to connect to your router?Am I introducing any security issue with such solution?
Well...because that would be a very stupid default.Why Wireguard not added to LAN by default?
Dude never worked for me (errors about incorrect files), upgrade through CAPsMAN works like a charm.Did anybody had a similar issue with this upgrade step?
/ip/firewall export
/packages
/interface wifi
add name=cap-wifi1 radio-mac=D4:01:C3:94:99:A2
add name=cap-wifi2 radio-mac=D4:01:C3:94:99:A1
If you can put code tags around the config, it is more readable. Use the </> button to establish in the editor.Hi anav, thanks for your reply, I've updated the OP with the details you requested, thank you.
/export file=anynameyoulike
/interface/wireguard