MikroTik

pukkita

Check System > Routerboard, does Current Firmware match Upgrade Firmware version? If not, upgrade and reboot. System > Logging, add DHCP. Try dhcp-client again on ether1, post the logs. What's the mac address of the bridge? and ether1? You can open a new terminal maximized, then issue /interface p T...

pukkita

if I've just 3 segments , e.g. DMZ, WAN, LAN in different networks, so none of them is bridged, why is there always a "bridge" involved? Because that's the way you build the "segments". Before 6.42 you had the option of either build a L2 segment by creating a bridge (by software, using CPU) or by u...

pukkita

64k is the best for gauging of raw CPU power, but again, it depends on the chores the router is carrying away, if you'll be using fasttrack or not, etc.

pukkita

Which port are you using to connect to it? Have you tried a port other than ether1? (as ether1 is usually WAN and so, firewalled on default config)? Do you see it on winbox neighbors tab? Can you connect to it from winbox if you double click on the MAC field while in neighbors tab? If you can't, wha...

pukkita

Does the CRS326 have a ip > DHCP Client entry setup? Looks like it's running a DHCP Server (not client)...

If so, disable DHCP Server, and set a DCHP Client on top of the bridge interface where all ports are.

pukkita

That's not a Routerboard, but what looks like a PC Engines Alix 2 Series board based on a 2D3 from mid 2000's. Wireless card is a 12+ year old ROS supported one, a CM9 (Atheros AR5213). Have one 2D2 still bouncing around, hw reliability vs an all-integrated routerboards is a joke (logical, this is a...

pukkita

Check your firewall (IP > Firewall > Filter) Your symptoms are the typical when being used as a DNS spoof amplification attack. If your wan port is not protected from Internet, attackers start querying your router DNS server pretending to be someone else, who gets blasted with your (and hundreds of ...

pukkita

Could be a damaged reset switch. I'd try a netinstall , try with the reset switch, keep it pressed, apply power, wait until cAP appears on netinstall. Alternatively, if reset switch doesn't seem to work, look for a reset pad on the PCB, short it with a screwdriver or something, power it on, and keep...

pukkita

Update: I've found a work-around, but I'd still like to know what's going on here. If I change the RB922 configuration from /ip address add address=192.168.3.73/24 interface=ether1 to /interface bridge add name=bridge-lan /interface bridge port add bridge=bridge-lan interface=ether1 /ip address add...

pukkita

If I connect Orange Pi and RB922 with a straight ethernet cable, I can see the link coming up on the RB922 (100M-half), but u-boot can't ping the RB922 and tftp times out. That's the first thing I'll troubleshoot, why half duplex? try issuing some "ip link" commands or whatever appropiate for the O...

pukkita

To recap in the meanwhile it gets to the Wiki: Concurrent Simultaneous Requests is now settable DNS Servers (RouteOS DNS Client Settings): goes through them sequentially passing on to the next only if it doesn't receive an answer (fails). Further clarification regarding this on the wiki would be gre...

pukkita

Just tested an EU XS with a hAP AC 6.40.9, works flawlessly, 100/115 MBps using 5GHz AC 40MHz.

Looks like device specific, definitely pointing to the iphone.

To rule everything out, Is System > Routerboard Current Firmware same version as Upgrade one?

pukkita

But I do see someone who is cruising around the forum looking for virtually irrelevant things to answer. I expect you're trying to "big yourself up" and up your post count for whatever reason. That's the only reason I can see for the post, unless you're just bored of course. And then you try and be...

pukkita

Ether port on the Groove comes as WAN port on default config, and thus is firewalled. Try this: 1.- Connect to its wireless. 2.- On winbox, go to neighbor tab. Double click on the MAC address, you should be able to connect. 3.- Once you can log in, reset it to no defaults. 4.- Set it up per your lik...

pukkita

Which specific device? Does it have a serial port?

pukkita

Yes, if using the stock Power adapter.

pukkita

Try this: On the Station (SXT5 Lite r2): 1.- Go to Bridge. 2.- Remove unknown port 3.- Add wlan1 port to the bridge Cannot say for sure as I'm missing some details about your config, but once you do that Layer 2 between both networks should be fixed, try pinging between any devices (but the antennas...

pukkita

RB2011 PoE Out is Passive only, not af nor at, you can't use a RB2011 to power the HP. Captura de pantalla 2018-09-02 a las 10.25.05.png You need to either get an standalone PoE af injector, or use a different Router which supports PoE Out af/at, like an hEX PoE Captura de pantalla 2018-09-02 a las...

pukkita

Yes, in all cases they were providing power to wap ac Do same 2011 port powers a 100BT device fine? I've experienced that, specifically when powering gigabit AC devices from 100BT PoE out ports. First time with a 951Ui and a Netbox. Something "broke" on the 951Ui which wasn't able to power a gigabi...

pukkita

However we noticed for all devices which we have set the static DHCP IP for, it will NOT show up in the DHCP Server (under leases). When we tried to manually add a lease for it by adding the IP with its MAC Address, it is always having the "waiting" status. DHCP Server will inspect the ARP table fo...

pukkita

I'm a bit new here and used to Redhat's bugzilla/etc. How do I easily find out if there is an issue Mikrotik is already fixing or if it is something that a post like this could be useful for? Sure, check Mikrotik Changelog Section . Searching the forum may lead to interesting findings, or as you ju...

pukkita

Yes, it is possible. No differences hardware-wise.

pukkita

Yes, you could go VPS and use CHR; if you prefer having your own on a NOC or Office, couldn't agree more: an hEX or hEX S are ideal, seem to be conceived with this duty in mind: generous RAM, powerful dual core processor, MicroSD... while drawing very little power, taking little space and generating...

pukkita

I would set up a VPN "hub" for those SXT LTE to call home possibly using SSTP; you can dial into the hub and by RoMON or L3 manage any of the SXT LTEs.

This also opens the possibility of running a dude server on the hub, to (mass) monitor and manage the SXT LTEs.

pukkita

6.40.8 is vulnerable to this? yes, check 6.40.9 changelog (or 6.42.7) again , CVE was added afterwards, guess due to coordination? late addition?. MAJOR CHANGES IN v6.40.9: ---------------------- !) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159; -------...

pukkita

Alex, were the 2011 powering AC CPEs?

Ondrej, did you include a supout.rif file taken while the problem was happening? do so...

pukkita

Not sure If I understood your scenario. 10.1.1.2 is a Caching DNS server? if so, let's say it's MAC is AA:BB:CC:DD:EE:FF. You need to publish the entry with the MAC of the real device having 10.1.1.2, on the interface where the queries will come. /ip arp add interface=hosting address=10.1.1.2 mac-ad...

pukkita

I see... agree with you, definitely looks like the hAP ac2 power draw at boot kicks the power draw protection. Which ROS version on the hEX? Firmware? (system > Routerboard?) This could be either a hardware limitation on the hEX S, or maybe something fixable by upgrading POE firmware, as it was the ...

pukkita

Christian, that RB1200 has some age... leaving a device for so long without upgrading rises a lot the chances of problems, moreso if the device (hardware) is old. How Old is it? ten years? ;) Looks to me like a damaged main booter. To fix: 1.- Connect a serial console to it, so that you can reach th...

pukkita

I've also setup the IP/Cloud feature but the DNS name is a little hard to remember! Use IP > Cloud. Purchase a domain, say my domain.com Setup as many CNAMEs on that domain pointing to the ip > cloud FQDN. From here onwards, no DNS query is gonna "resolve" to a port AFAIK; to manipulate based on re...

pukkita

You're not asking for help, but for someone to provide the whole (non trivial) setup for free, soo... wouldn't sweat waiting for that to happen, if ever. One thing is asking about specific issues, doubts etc on a user community forum, and a very different one is dropping a "I am a company and want t...

pukkita

Other Mikrotik PoE switches can output up to 1A per port. Don't know the specific case for the hEX S as is a recent device and not a word about output limits on its last port on the specs, so it may be the case... Again, this is the Maximum power draw by hAP ac2, won't be surprised if average draw i...

pukkita

Bestinwifi: please change your IPSec secret, you published enough details for someone to try brute forcing VPN accounts on your router... already edited your SN/soft id.

pukkita

hEX S max power draw = 11W hAP ac2 max power draw = 15W Total maximum power draw = 26W. hEX S PSU is 24V @ 1.2A = 28W. Tight, but these are maximum power draw values. Have you tried powering the hAP ac2 on its own to see if is still unstable? How long is the cable going to the hAP ac2? Yes, you can ...

pukkita

Bandwidth test tool is useless for SFP+. won't reach more than 2Gb ever.

Use iperf and two PCs...

pukkita

By using fasttrack, you will be able to get higher throughput, but I seriously doubt a CRS317 could reach 1Gbps of routed/natted traffic even with fasttrack enabled, guess a more realistic figure will be around 250-500Mbps max, though I never tested. Do not underestimate the hEX, it's a little mean ...

pukkita

Doesn't it appear on Neighbors tab of Winbox? If so, click on the router Mac-address to connect via Mac-winbox.

If it doesn't, you can gain access to the 3011 in order to reenable networking services by using the Serial Console port, RJ45 on the back of the RB3011.

pukkita

You can't AFAIK, dns name is made up from Routerboard serial.

pukkita

Your assumptions are correct, this is a programmable switch, whose CPU provides auxiliary functions, but it's not conceived to route 1Gbps. And no, specs mean that with traffic flowing to/from all ports, the device is capable to route 1270Mbps overall (not each port), if all packets were sized 1518 ...

pukkita

sid5632, no rudeness, even your gratuitous one, is allowed here.

You're Warned.

pukkita

Sure:

Captura de pantalla 2018-08-01 a las 14.00.23.png

pukkita

We have made a blog, where we will publish the most important announcements regarding security and other topics.
Bookmark this link for Security related news:

https://blog.mikrotik.com/security/

Here is the RSS feed link:
https://blog.mikrotik.com/rss/?cat=security

Great!!! Killer idea!

pukkita

Nothing special, on router just make sure the ether port where the AP is connected is in the bridge where DHCP runs on.

pukkita

Get a serial cable ( see Wiki ) and connect to the console. Try a netinstall using ether1 to latest bugfix version. To rule out the reset pressing time lottery, you can set that via the serial console (set the boot device to ether boot) having access to the console will be really useful to troublesh...

pukkita

No difference, the approach is the same. Just config all the APs as wired/wireless switch as described . Configure the same SSID and security settings on all of them. As long as the Cisco cable going to the Mikrotik connects to an ethernet port belonging to the same bridge as the DHCP server for you...

pukkita

I see... Agree with Sindy, this looks like a bug, your config looks fine to me with regards to being able to connect to other IPs but from the src/dst-natted ones. ROS version? Routerboard firmware version? How do you config the IPs, directly on the WAN interfaces (no private transit or loopback?) D...

pukkita

a wAP (or any Routerboard) can be be programmed to be whatever you want. Of course can be a wireless client. What it cannot be is a repeater (wireless client + Wireless AP at the same time) if the other device is not a Mikrotik. If your intention is placing the wAP as outdoors repeater with the Netg...

pukkita

Even if it has been set, the method of keep pressing should work... are them under warranty?

pukkita

I have got it back to a stage on Winbox with it showing the MAC address IP of 0.0.0.0, Idenity - preconfig , Version 6.37.3 and board RB952Ui-5ac2nd. Following other threads, I have also attempted to use NetInstall and cannot get it to see the router. To be on the safe side I have attempted it on a...

pukkita

For dual wan use you need to further use mangle to: - keep track of connections, so that what enters via one WAN, exits via the same one - Steer/balance traffic towards the two WANs Even if you aren't using both WANs for general internet traffic, (e.g. general traffic to Internet exits via a single ...

Search found 2964 matches