Community discussions

MikroTik App

Search found 3031 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 11
by pukkita
Fri Apr 15, 2022 4:08 pm
Forum: Beginner Basics
Topic: Can't connect to WAP LR8 using IP address [SOLVED]
Replies: 1
Views: 979

Re: Can't connect to WAP LR8 using IP address [SOLVED]

RouterOS default config firewalls the ethernet port, ethernet port being considered its "WAN". In order to reach the router, the fastest way is connecting to its wireless part: do a scan, you'll see an open Mikrotik_XXYYZZ SSID (XXZZYY being part of the interface MAC address, you can check...
by pukkita
Thu Mar 31, 2022 12:35 pm
Forum: Beginner Basics
Topic: PTP Bridge AP - no Internet [SOLVED]
Replies: 7
Views: 3185

Re: PTP Bridge AP - no Internet [SOLVED]

to add to @bpwl excellent explanation: Mikrotik station bridge implementation isn't standard 802.11 , and is that what makes possible to "transparently bridge" two segments regardless of number of clients at both sides w/o requiring WDS or alike when using Mikrotik at both sides. Applicabi...
by pukkita
Thu Mar 31, 2022 12:04 pm
Forum: General
Topic: Access Client Vpn From My Lan Address
Replies: 1
Views: 957

Re: Access Client Vpn From My Lan Address

The problem is the client receives traffic with source address on 192.168.1.0/24 range, and tries to reply to it directly; depending on scenario this is what may happen: - Attempts to reply via its local LAN, if it happens to be 192.168.1.0/24 also (pretty common): packets lost - If client local net...
by pukkita
Wed Mar 09, 2022 2:16 pm
Forum: General
Topic: 951Ui-2HnD not enabling 1000 Eth port?
Replies: 4
Views: 605

Re: 951Ui-2HnD not enabling 1000 Eth port?

951Ui ethernet ports are all 100Mbps.
by pukkita
Sun Feb 27, 2022 5:28 pm
Forum: Wireless Networking
Topic: WiFi6 solution for Mikrotik-based SOHO network
Replies: 8
Views: 3483

Re: WiFi6 solution for Mikrotik-based SOHO network

get Mikrotik APs and use them in CAPsMAN mode...

You can use any wireless routerboard for this... heX can be the CAPsMAN master.
by pukkita
Sun Feb 27, 2022 5:19 pm
Forum: General
Topic: Help, Mesh network configuration with GrooveA 52 ac
Replies: 1
Views: 597

Re: Help, Mesh network configuration with GrooveA 52 ac

While possible, I wouldn't advise going that route... If full dynamic Mesh is gonna be used, latencies and collisions will render it almost unusable. Static mesh could be used instead (if possible) for a more predictable performance; when I say if possible I mean this will depend on stations being s...
by pukkita
Sun Jan 30, 2022 1:22 pm
Forum: Wireless Networking
Topic: caps error - "removing stale connection" since 6.49.x [SOLVED]
Replies: 8
Views: 8636

Re: caps error - "removing stale connection" since 6.49.x [SOLVED]

So far no CAPsMAN issues for me on 6.49...

Those kind of symptoms point to intermitent L2 (or L3) issues: flapping port, bridge... are SFP modules involved?

Have you tried to set Admin Mac address on cAPs to the wired ether one??
by pukkita
Sun Jan 23, 2022 1:14 pm
Forum: Wireless Networking
Topic: Re: RB4011 internal WLAN - enabling CAPsMAN instantly halves speed
Replies: 14
Views: 4355

Re: RB4011 internal WLAN - enabling CAPsMAN instantly halves speed

i just figured if they're not going to give me a stacked switch management interface, managed wifi was a solid consolation prize ¯\_(ツ)_/¯
Regarding Stacked Switch Management interface, are you aware of https://help.mikrotik.com/docs/display/ ... t+Extender feature?
by pukkita
Fri Jan 21, 2022 4:41 pm
Forum: Wireless Networking
Topic: Re: RB4011 internal WLAN - enabling CAPsMAN instantly halves speed
Replies: 14
Views: 4355

Re: RB4011 internal WLAN - enabling CAPsMAN instantly halves speed

If you enable local-forwarding mode, you need to make sure cAPs have proper L3 configuration, i.e. have IPs and proper routing.... i.e. add a dhcp-client on cAPs so that they get IP and default route... local forwarding is what you want for maximum speeds, it also "spreads the load" as th...
by pukkita
Fri Jan 21, 2022 4:15 pm
Forum: Wireless Networking
Topic: Do i have a CapsMan issue? [SOLVED]
Replies: 2
Views: 2576

Re: Do i have a CapsMan issue? [SOLVED]

What kind of forwarding are you using? I have a small wifi network with only two AP´s for now one cAP ac and the Chateau LTE12 that runs CapsMan. I have about 15-20 devices connected to the cAP ac (mostly IoT stuf When in CAPsMAN mode, do the other 15-20 devices connect fine to wireless??? all same ...
by pukkita
Mon Jan 17, 2022 3:45 pm
Forum: Beginner Basics
Topic: Accessing multiple devices from lan via external IP [SOLVED]
Replies: 7
Views: 4227

Re: Accessing multiple devices from lan via external IP [SOLVED]

Quick question, if I use port forwarding and NAT mess, does that mean I am exposing devices IPCams to the internet?
Exactly. And they are also highly sought-after devices (embedded linux) for botnets etc.... bad practice.
by pukkita
Mon Jan 17, 2022 3:26 pm
Forum: Wireless Networking
Topic: Re: RB4011 internal WLAN - enabling CAPsMAN instantly halves speed
Replies: 14
Views: 4355

Re: RB4011 internal WLAN - enabling CAPsMAN instantly halves speed

specifying datapath.local-forwarding=yes on all the CAPsMAN configurations basically disabled the SSID defined by the master configuration in provisioning - they were still broadcast, but wouldn't deliver IP addresses over DHCP, and debug logging didn't show anything until the client gave up and tr...
by pukkita
Fri Jan 14, 2022 3:46 pm
Forum: Wireless Networking
Topic: MikroTik AP without DHCP - integrate in existing subnet
Replies: 11
Views: 13314

Re: MikroTik AP without DHCP - integrate in existing subnet

Fastest way is resetting the routerboard to blank settings, then applying the required ones, turning the routerboard into a wired/wireless switch. To do so: 1.- System > Reset Configuration: enable Keep User Configuration if you want to keep your admin user and password, and enable No Default Config...
by pukkita
Fri Dec 31, 2021 2:01 pm
Forum: Beginner Basics
Topic: No link between CRS305 and Media-Converter
Replies: 1
Views: 1018

Re: No link between CRS305 and Media-Converter

You probably need to disable autonegotiation on the CRS SFP interface Ethernet tab, and manually set it to 1Gbps + full duplex as that's what the MC220L supports.
by pukkita
Thu Dec 16, 2021 5:33 pm
Forum: Beginner Basics
Topic: Simple Wifi AP Only with external DHCP/Router
Replies: 8
Views: 3194

Re: Simple Wifi AP Only with external DHCP/Router

I have a Google Home WiFi system with 3 Access Points that works as OK for normal devices. But have had lots of issues trying to connect simple iot devices to this network due to them requiring 2.4GHz, and not liking mixed 2.4GHz/5GHz Do you mean "Smart" devices, like Smartplugs, etc and ...
by pukkita
Fri Dec 10, 2021 5:15 pm
Forum: Beginner Basics
Topic: Accessing multiple devices from lan via external IP [SOLVED]
Replies: 7
Views: 4227

Re: Accessing multiple devices from lan via external IP [SOLVED]

Instead of such port forwarding and NAT mess, exposing devices like DVRs or IPCams to the internet, with the potential threat of them being hacked (they're one of the first intrusion vectors nowadays) you could setup the customer router to act as a VPN server, and access their network via VPN. No ds...
by pukkita
Wed Dec 01, 2021 2:26 pm
Forum: Beginner Basics
Topic: Port Forwarding, firewall and self hosted game server help! [SOLVED]
Replies: 4
Views: 3441

Re: Port Forwarding, firewall and self hosted game server help! [SOLVED]

1.- I assume you're using default firewall config from ROS, which opens automatically forwarded ports, check this rule actually exists: /ip firewall filter [...] add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=...
by pukkita
Wed Dec 01, 2021 1:58 pm
Forum: General
Topic: dhcp client get`s wrong dns
Replies: 21
Views: 4120

Re: dhcp client get`s wrong dns

Looks like you don't have the DHCP client set to use the DNS servers handed... be sure to tick " Use peer DNS " , and DNS servers handed by your ISP will be used. Additionaly, you have the "wrong ones" (212.92.149.154 and 212.92.149.155) set statically in IP > DNS servers , you n...
by pukkita
Mon Nov 29, 2021 1:55 pm
Forum: RouterBOARD hardware
Topic: CRS109 as a main router for the grocery store. [SOLVED]
Replies: 2
Views: 3714

Re: CRS109 as a main router for the grocery store. [SOLVED]

CRS109 is a switch, not a router, even while it can do router duties. It may be enough, or not for your scenario. A typical application for CRS109 is act as a wired/wireless table or under table switch/AP on e.g. classrooms, labs, meeting rooms, etc. What's the Internet uplink bandwidth? A proper ro...
by pukkita
Thu Nov 25, 2021 7:29 pm
Forum: Wireless Networking
Topic: CRS354 CPU load 100% [SOLVED]
Replies: 4
Views: 4385

Re: CRS354 CPU load 100% [SOLVED]

You're using a low powered CPU switch (that has its strengths in its switch chips, PoE, etc and hardware features) to manage a decently sized CAPsMAN network. Check System > Profile most probably CPU will be 100% and there lies the problem. I'd add a router with good CPU and move the CAPsMAN duties ...
by pukkita
Wed Oct 27, 2021 8:28 pm
Forum: Forwarding Protocols
Topic: L2TP with Windows Server Radius
Replies: 7
Views: 5401

Re: L2TP with Windows Server Radius

Where's the radius specific config?
/radius export
Which PPP Profile is L2TP-server using??? Can you export it too?
by pukkita
Mon Sep 27, 2021 5:14 pm
Forum: Beginner Basics
Topic: 1:1 NAT working as espected only when torch is enabled
Replies: 8
Views: 2472

Re: 1:1 NAT working as espected only when torch is enabled

Seems that disabling hw acceleration (Fastpath) fixes it... (Torch disables it, see https://wiki.mikrotik.com/wiki/Manual:Fast_Path)

I'd take a supout with and w/o Torch running and submit it to support.

Try disabling fastpath on your interfaces, does it fix the issue? (w/o running torch)
by pukkita
Tue Sep 07, 2021 2:47 pm
Forum: General
Topic: Problem with ip cloud
Replies: 20
Views: 7726

Re: Problem with ip cloud

by pukkita
Tue Sep 07, 2021 11:23 am
Forum: RouterBOARD hardware
Topic: hAP ac lite (RB952Ui-5ac2nD-TC) antenna connector
Replies: 1
Views: 1582

Re: hAP ac lite (RB952Ui-5ac2nD-TC) antenna connector

Those are most likely factory PCB testing points, not external antenna connectors.
by pukkita
Tue Aug 10, 2021 2:25 pm
Forum: RouterBOARD hardware
Topic: 100% CPU on Cloud Core 36 CCR1036-8G-2S+ [SOLVED]
Replies: 2
Views: 2638

Re: 100% CPU on Cloud Core 36 CCR1036-8G-2S+ [SOLVED]

Is OPSF enabled on this router? If so, make sure you have interface "all" as passive in OSPF > Interfaces, otherwise it will look for neighbors on every not-passive interface (pppoe ones), causing CPU spikes. Another usual suspect is NAT (src-nat), make sure is not catching the pppoe inter...
by pukkita
Mon Feb 15, 2021 7:34 pm
Forum: Wireless Networking
Topic: Outdoor AP as a Long Range Client - External Antennas
Replies: 4
Views: 1623

Re: Outdoor AP as a Long Range Client - External Antennas

Sorry, I thought you meant a setup for the harbor to serve the boats! w32pamela is right, this would be overkill for a boat. For a boat inside a harbor, an omni is fine. If you want to connect also while out of the harbor, I'd go with a directional antenna, mounting it so that you can point it (manu...
by pukkita
Mon Feb 15, 2021 5:45 pm
Forum: Wireless Networking
Topic: Outdoor AP as a Long Range Client - External Antennas
Replies: 4
Views: 1623

Re: Outdoor AP as a Long Range Client - External Antennas

You are right, is it better to have three or four sector antennas, than a single omni one. But instead of looking for a routerboard that can be fitted three dual radios, I would go for a better solution: three standalone sector antennas + built in radio, and a router to act as CAPs manager; the sect...
by pukkita
Tue Feb 09, 2021 1:31 pm
Forum: Wireless Networking
Topic: Some help from you Mikrotik lovers please
Replies: 4
Views: 1562

Re: Some help from you Mikrotik lovers please

If you want to keep pfSense until you get more comfortable with ROS, but at the same time leverage user auth via radius, I'd keep provider edge duties (firewalling and NAT) on it, and set the Mikrotik as a pppoe concentrator, with either local accounts, User Manager, or external radius, and ditch DH...
by pukkita
Mon Feb 08, 2021 9:35 pm
Forum: Beginner Basics
Topic: hEX VPN cliet to site (Shrew) established connection but no trafic
Replies: 2
Views: 812

Re: hEX VPN cliet to site (Shrew) established connection but no trafic

/ip firewall nat add action=masquerade chain=srcnat There lies your problem. You should apply such masquerade/srcnat only to your WAN interface(s). Your router is basically srcnatting everything, i.e. changing source address of any and all connections traversing the router forward chain. This cause...
by pukkita
Mon Jan 11, 2021 4:17 pm
Forum: Scripting
Topic: MQTT client in routerOS
Replies: 23
Views: 18971

Re: MQTT client in routerOS

+1 for MQTT :-)
would also be interesting as transport protocol for LoRaWAN
Would be a perfect companion!
by pukkita
Thu May 21, 2020 4:45 pm
Forum: Beginner Basics
Topic: RB2011iL bottleneck to 400mbps internet connection
Replies: 5
Views: 1946

Re: RB2011iL bottleneck to 400mbps internet connection

A 2011iL isn't what I would use in 2020 for a 400Mbps line... definitely enabling fasttrack, and tuning the firewall would be a must, but even though, don't expect 400Mbps performance. How do you get your internet IP? pppoe? if so, expect around 150-250Mbps max with tuning. I'd get an HeX straight a...
by pukkita
Thu May 21, 2020 4:35 pm
Forum: Beginner Basics
Topic: Using CRS354-48G-4S+2Q+ to NAT Translate Allen Bradley PLCs: Full Setup
Replies: 1
Views: 944

Re: Using CRS354-48G-4S+2Q+ to NAT Translate Allen Bradley PLCs: Full Setup

What is the best strategy for the isolation of interfaces/ports from one another? -- So machine 1 can't send packets to machine 2. This would be bad . Given that PLCs/SCADA won't be sending Gbps of traffic, the most straightforward method I'd use is setting same horizon value on all the ports of th...
by pukkita
Mon May 11, 2020 7:16 pm
Forum: SwOS
Topic: CRS317 Bridge MTU not changing
Replies: 11
Views: 9914

Re: CRS317 Bridge MTU not changing

And my speculation about why vendors don't support huge MTUs just on all of their devices: if L2 device (switch) is a store&forward device (most of them are), then large configurable MTU sizes mean larger RAM (used as frame cache) is needed ... rising price of device (every penny counts) ... fo...
by pukkita
Sat May 09, 2020 1:52 pm
Forum: Beginner Basics
Topic: Building a 500+ apartment network for internet access
Replies: 7
Views: 2298

Re: Building a 500+ apartment network for internet access

This Serve The Home article with a $ per port and per Gbps analysis can help you out in picking the optimal ones for the application.

Well worth the read.
by pukkita
Sat May 09, 2020 11:11 am
Forum: Beginner Basics
Topic: Building a 500+ apartment network for internet access
Replies: 7
Views: 2298

Re: Building a 500+ apartment network for internet access

Regarding redundant number of links... difficult to say, that's something that has to be assessed considering multiple factors, then deciding what shall be the minimum SLA and design them. I remember an specific MUM presentation by fellow trainer Mihai Saftoiu, Fully Redundant Networks ( PDF ) that ...
by pukkita
Fri May 08, 2020 6:46 pm
Forum: Beginner Basics
Topic: Building a 500+ apartment network for internet access
Replies: 7
Views: 2298

Re: Building a 500+ apartment network for internet access

ccspdk, for this application I think a GPEN approach (Gigabit Passive Ethernet Network) can fit as a glove for building distribution to flats and keep costs down so that you can be competitive.

See newsletter and the GPEN concept)
Captura de pantalla 2020-05-08 a las 17.47.27.png
by pukkita
Fri May 08, 2020 6:37 pm
Forum: RouterBOARD hardware
Topic: RB962UiGS-5HacT2HnT (hAP ac) problem with PoE!
Replies: 4
Views: 2300

Re: RB962UiGS-5HacT2HnT (hAP ac) problem with PoE!

Thanks for the detailed post! This routerboard (hAP AC) supports passive PoE only. Dahua camera on the other hand, requires Active PoE (802.3af) according to its specs . If this is your only camera, the cheapest solution would be to purchase a standalone Active PoE (802-3af) injector, have seen UTEP...
by pukkita
Wed May 06, 2020 4:04 pm
Forum: Beginner Basics
Topic: Intervlan forwarding delay? Slow SSH/https across vlans [SOLVED]
Replies: 3
Views: 5965

Re: Intervlan forwarding delay? Slow SSH/https across vlans [SOLVED]

First thing that comes to mind is the typical reverse DNS query most linux distros do when accessed via SSH. If it cannot reverse-query the source IP, you may experience this delay.

Posting the 4011 config will definitely help.
by pukkita
Wed Apr 29, 2020 12:15 pm
Forum: Wireless Networking
Topic: Rural p2p link advice required [SOLVED]
Replies: 15
Views: 10822

Re: Rural p2p link advice required [SOLVED]

It is made of plastic and a really light wire mesh (dunno if steel or aluminum, I'd say an steel alloy) material: https://i.mt.lv/cdn/rb_images/1195_l.jpg Great point on the RBGESPs Zacharias! Definitely highly advisable to install them, moreso in this scenario. Robert, I'd contact LinITX, they're r...
by pukkita
Tue Apr 28, 2020 11:53 am
Forum: Wireless Networking
Topic: Rural p2p link advice required [SOLVED]
Replies: 15
Views: 10822

Re: Rural p2p link advice required [SOLVED]

That hill is obstructing the fresnel zone, I'd mount both as high as possible, play with antenna heights to see what would be the minimum...
by pukkita
Tue Apr 28, 2020 10:43 am
Forum: Wireless Networking
Topic: Rural p2p link advice required [SOLVED]
Replies: 15
Views: 10822

Re: Rural p2p link advice required [SOLVED]

In addition of Direct Line of Sight, you need to check if there's an obstacle in the first fresnel zone of the link. https://upload.wikimedia.org/wikipedia/commons/4/4b/1st_Fresnel_Zone_Avoidance.png What are the GPS coordinates of each point? I referred to a screenshot of a Link Planner calculator ...
by pukkita
Tue Apr 28, 2020 2:03 am
Forum: Wireless Networking
Topic: Rural p2p link advice required [SOLVED]
Replies: 15
Views: 10822

Re: Rural p2p link advice required [SOLVED]

Have you seen it? It has been designed to stand strong winds, frosts, snows... I also think it is a sturdier design for your conditions regarding moisture, etc... https://i.mt.lv/cdn/rb_images/1302_l.jpg Captura de pantalla 2020-04-28 a las 0.54.18.png Reference: Mikrotik PtP Guide a pair of this wi...
by pukkita
Mon Apr 27, 2020 10:53 pm
Forum: Forwarding Protocols
Topic: Latency on VPLS tunnel [SOLVED]
Replies: 10
Views: 10463

Re: Latency on VPLS tunnel [SOLVED]

Glad to hear of your success! :)
by pukkita
Mon Apr 27, 2020 10:49 pm
Forum: Wireless Networking
Topic: Rural p2p link advice required [SOLVED]
Replies: 15
Views: 10822

Re: Rural p2p link advice required [SOLVED]

0.- What a wonderful place to live! 1.- The link seems to be viable even with the water masses. I'd use an online calculator, or google earth to draw the PTP and see elevation/fresnel to research a little more, but in the end the proof is in the pudding. I guess also spectrum in your area is clean??...
by pukkita
Mon Apr 27, 2020 8:11 pm
Forum: Beginner Basics
Topic: Recommendations on high-speed wireless bridge
Replies: 1
Views: 1216

Re: Recommendations on high-speed wireless bridge

What's the distance between buildings? Seems like a good match for a 802.11ad (60GHz) PTP. For < 300m, Wireless Wire kit could be an option: https://mikrotik.com/product/wireless_wire For bigger distances, I'd look https://mikrotik.com/product/wireless_wire_dish Check Complete Mikrotik 802.11ad Devi...
by pukkita
Wed Apr 22, 2020 3:40 pm
Forum: General
Topic: Mikrotik Firewall Configuration for Game Provider
Replies: 1
Views: 1361

Re: Mikrotik Firewall Configuration for Game Provider

Hello Dracep,

You can look at https://mikrotik.com/consultants for a list of available ones and choose freely.

For the record, I'm there too (Francisco J. Montilla) :D
by pukkita
Wed Apr 22, 2020 2:22 pm
Forum: General
Topic: Bridge not forwarding fragmented packets?
Replies: 1
Views: 1236

Re: Bridge not forwarding fragmented packets?

Interesting find Lavaburn!

I'd generate a supout.rif while this is happening on each of the routers and send it to support.
by pukkita
Mon Apr 20, 2020 8:40 pm
Forum: General
Topic: [SOLVED] UPnP seems not working with PPPoE
Replies: 10
Views: 9005

Re: [SOLVED] UPnP seems not working with PPPoE

A thing I'd check is you have actually a "drop by default" default firewall filter rule on forward chain which upnp relies on: filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed&...
by pukkita
Mon Apr 20, 2020 8:22 pm
Forum: Wireless Networking
Topic: No 5GHz on hAP AC
Replies: 1
Views: 1641

Re: No 5GHz on hAP AC

You should see two radio devices, wlan1 (2.4GHz) and wlan2 (5GHz), they will only show the supported Band, looks like you're setting wlan1, or that QuickSet only sets it (or will set wlan2 with same SSID and parameters as 2.4GHz wlan1, haven't used QuickSet in a while). Look into Wireless > Interfac...
by pukkita
Fri Apr 17, 2020 11:53 am
Forum: Beginner Basics
Topic: RBmAP2nD shows no wifi interface [SOLVED]
Replies: 2
Views: 7638

Re: RBmAP2nD shows no wifi interface [SOLVED]

It should appear on a default from factory device, no need to add nor install anything special. Do you remember the ROS version it had originally? Things i would do: 1 - System > Routerboard. Check that Current Firmware is the same as Upgrade firmware version, click on Upgrade otherwise. It will ask...
by pukkita
Thu Apr 16, 2020 12:32 pm
Forum: Forwarding Protocols
Topic: Latency on VPLS tunnel [SOLVED]
Replies: 10
Views: 10463

Re: Latency on VPLS tunnel [SOLVED]

Hello Pukkita, Thanks for your reply. Why VPLS? Well, for educational purposes. Due to the current corona-situation I'm locked at home with some equipment, and I'm willing to learn more about it. Final plan would be trying to transport Dante over the wireless point-to-point links I use quite often....
by pukkita
Wed Apr 15, 2020 3:59 pm
Forum: Forwarding Protocols
Topic: Latency on VPLS tunnel [SOLVED]
Replies: 10
Views: 10463

Re: Latency on VPLS tunnel [SOLVED]

Why VPLS? From your network topology and addressing I can't see any benefit in using it? For your needs, what I would setup instead is a simple bridged network, making sure the ports are setup in an optimal way: 1.- Lay out ports on that will be communicating the most on the same switch chip . RB201...
by pukkita
Wed Apr 08, 2020 1:56 pm
Forum: General
Topic: Two EoIP tunnels with packet loss
Replies: 5
Views: 3680

Re: Two EoIP tunnels with packet loss

Bear in mind RB450G max L2MTU is 1520 (see https://wiki.mikrotik.com/wiki/Manual:Maximum_Transmission_Unit_on_RouterBoards#MAC.2FLayer-2.2FL2_MTU). With MPLS, qinq, EoIP (why EoIP with MPLS and not VPLS?) etc your RB450G L2MTU is falling short and inducing fragmentation... not the ideal device for t...
by pukkita
Wed Apr 08, 2020 1:25 pm
Forum: Wireless Networking
Topic: CAPsMAN multiple SSIDs, local forwarding, bridging on CAP
Replies: 4
Views: 6989

Re: CAPsMAN multiple SSIDs, local forwarding, bridging on CAP

I don't think local-forwarding mode is what you want, this is used when the cap has "closer" internet access than the master, or when the master is in the cloud and forwarding data back and forth doesn't make sense... No need either to define anything in the datapath tab for your applicati...
by pukkita
Wed Mar 25, 2020 9:19 pm
Forum: General
Topic: WinBox Connection error
Replies: 7
Views: 56051

Re: WinBox Connection error

You need to enable set Tools > Legacy Mode in WinBox

Once you log on, Make sure System > Routerboard Current vs Upgrade Firmware is the same, otherwise click on Upgrade and reboot.
by pukkita
Sun Mar 15, 2020 3:08 pm
Forum: Beginner Basics
Topic: Low IPSEC TCP Rate unless I use Torch
Replies: 3
Views: 1965

Re: Low IPSEC TCP Rate unless I use Torch

Are you using fasttrack??
by pukkita
Fri Mar 13, 2020 12:32 pm
Forum: Beginner Basics
Topic: Routerboard 951UI 2HnD as wired to wireless bridges
Replies: 2
Views: 1834

Re: Routerboard 951UI 2HnD as wired to wireless bridges

As you comment, if what you want is to create a wired to wireless bridge, all you need is adding all ether and wlan1 ports to the bridge, that's all, no need for any IP on the 951's, the 951's will extend Huawei L2 and hence L3 without requiring any other configuration. For management, you can still...
by pukkita
Tue Mar 10, 2020 12:48 pm
Forum: General
Topic: LoRaWAN forwarding with IPv6
Replies: 7
Views: 3542

Re: LoRaWAN forwarding with IPv6

fbl, I would also track this thread: viewtopic.php?t=158500&p=779019
by pukkita
Mon Mar 09, 2020 3:16 pm
Forum: General
Topic: LoRaWAN forwarding with IPv6
Replies: 7
Views: 3542

Re: LoRaWAN forwarding with IPv6

IPv6 support is installed, but disabled by default as of 6.46.4. First make a backup; you can export your config by clicking on New Terminal, then issue: /export file=myLoraWanGW.rsc Click on Files, locate myLoraWanGW.rsc, right click, download. You can open this file with any text editor (like Word...
by pukkita
Thu Mar 05, 2020 9:40 am
Forum: Beginner Basics
Topic: Default firewall rules and connecting using PPPoE
Replies: 4
Views: 3170

Re: Default firewall rules and connecting using PPPoE

This is false information. Default configuration for quite some blocks access on interfaces that are not in either LAN or WAN interface lists. I stand corrected... absolutely right on recent ROS releases. But may not be the situation always, even if the running ROS version is a recent one when defa...
by pukkita
Tue Mar 03, 2020 8:13 am
Forum: Beginner Basics
Topic: Default firewall rules and connecting using PPPoE
Replies: 4
Views: 3170

Re: Default firewall rules and connecting using PPPoE

No, default firewall rules won't protect if a new pppoe WAN interface is added afterwards. To be protected by the default firewall, go to Interfaces > Interface List and add the Bell pppoe interface to the WAN list. If you were using Quickset, then I guess it should have already added the pppoe inte...
by pukkita
Wed Feb 26, 2020 6:22 pm
Forum: Wireless Networking
Topic: Smart plug amazon continuously disconnect from wifi
Replies: 6
Views: 4273

Re: Smart plug amazon continuously disconnect from wifi

It is an interference problem. I have about a dozen smart plugs... I've had the issue of one struggling to connect to wireless while another one, one meter next to it kept wireless fine. If it were a mikrotik issue, I'd have issues with all of them, which is not the case. I have identified one that ...
by pukkita
Mon Feb 17, 2020 10:25 am
Forum: Wireless Networking
Topic: Smart plug amazon continuously disconnect from wifi
Replies: 6
Views: 4273

Re: Smart plug amazon continuously disconnect from wifi

Does it happen with the plug always in the same wall socket? Is there a powerstrip maybe? PLCs?

I've found the smart sockets Wireless are very susceptible to interference, try plugging straight to the wall socket (no powerstrip), or a different wall socket or powerstrip.
by pukkita
Sat Feb 15, 2020 1:16 pm
Forum: Beginner Basics
Topic: Network newbie trying to learn something new... [SOLVED]
Replies: 5
Views: 6095

Re: Network newbie trying to learn something new... [SOLVED]

So forgetting about the CRS for a moment... You said to take ether1 off of bridge1 and set it up as a DHCP-Client. What I'm gathering from doing this, is ether1 will be a DHCP-Client for my ISP which is the DHCP-Server, is this right? That would make sense. Yes. From there, data coming into ether1 ...
by pukkita
Thu Feb 06, 2020 9:55 am
Forum: Beginner Basics
Topic: Network newbie trying to learn something new... [SOLVED]
Replies: 5
Views: 6095

Re: Network newbie trying to learn something new... [SOLVED]

So we'll say my Gateway and DHCP server have IP Address 192.168.0.1 and will hand out addresses from 192.168.0.10 to 192.168.0.254 (Subnet is 255.255.255.0). Now Comcast sends my dynamic IP address to my modem (I use a personal Netgear modem with no routing capabilities) which in turn is sent to my...
by pukkita
Tue Jan 28, 2020 5:14 pm
Forum: Virtualization
Topic: RouterOS not detecting a LoRa card
Replies: 1
Views: 4483

Re: RouterOS not detecting a LoRa card

Try System > Routerboard Is there an USB button? (not USB power reset)? Try setting there USB Type for LoRa8 to Mini PCIe.
by pukkita
Fri Jan 17, 2020 3:09 pm
Forum: General
Topic: Slow speed through gre+ipsec tunnel
Replies: 15
Views: 11304

Re: Slow speed through gre+ipsec tunnel

Same behaviour observed with 6.46.1 between a CCR1032 and a 4011: on a speed-test tcp download fails sometimes, huge CPU peaks on 4011 (>70%) not reflected on speed-test, and obvious packet loss. EOIP+IPSec doesn't display this behaviour, tcp_download starts and finish smoothly. Measured speeds are ...
by pukkita
Fri Jan 17, 2020 12:02 pm
Forum: Wireless Networking
Topic: CAPSMAN + Guest WiFi
Replies: 16
Views: 19471

Re: CAPSMAN + Guest WiFi

On RB2011 CAP, unset Discovery Interface, and input 127.0.0.1 in CAPsMAN Addresses, RB2011 will recognize its wireless interface as a CAP.
by pukkita
Wed Jan 15, 2020 11:53 am
Forum: Wireless Networking
Topic: 60gHz link with 5gHz failover + Scotch Whisky
Replies: 16
Views: 6156

Re: 60gHz link with 5gHz failover + Scotch Whisky

Yes... as routers are required anyway definitely L3 is the optimal solution. Using L2 bonding will only get you a system throughput speed of the slowest of the two links unless you’ve seen different? That's why I suggested active/backup... though the problem on how to force 60GHz to be detected as f...
by pukkita
Tue Jan 14, 2020 7:55 pm
Forum: Wireless Networking
Topic: 60gHz link with 5gHz failover + Scotch Whisky
Replies: 16
Views: 6156

Re: 60gHz link with 5gHz failover + Scotch Whisky

OSPF is undoubtely the more flexible and powerful way, but requires a routed network, and didn't fit the "simple" requirement by the OP.

Going routed though is the best future-proof approach for scalability too, so even if it means a drastic revamp it will be time and money well invested.
by pukkita
Tue Jan 14, 2020 5:47 pm
Forum: Beginner Basics
Topic: Access internal web server with internet IP from the same LAN
Replies: 4
Views: 3350

Re: Access internal web server with internet IP from the same LAN

action=masquerade is the same as action=src-nat, but will automatically src-nat with the IP of the interface, so no to-addresses required. add action=masquerade chain=srcnat comment="Hairpin NAT to for motioneye" dst-address=192.168.1.9 src-address=192.168.1.0/24 out-interface=YourLanBridge
by pukkita
Mon Jan 13, 2020 9:43 pm
Forum: Beginner Basics
Topic: Access internal web server with internet IP from the same LAN
Replies: 4
Views: 3350

Re: Access internal web server with internet IP from the same LAN

Yes. Have a look at https://wiki.mikrotik.com/wiki/Hairpin_NAT for the packet-by-packet explanation. In summary, what happens is the internal device receives an answer from the internal, dst-natted IP when it expects the source IP it to come from the public IP it requested; hairpin nat does an addit...
by pukkita
Mon Jan 13, 2020 9:23 pm
Forum: Wireless Networking
Topic: 60gHz link with 5gHz failover + Scotch Whisky
Replies: 16
Views: 6156

Re: 60gHz link with 5gHz failover + Scotch Whisky

Is the powerbeam in router or bridge mode? I assumed yours was a routed setup, if two unmanaged switches are connected with two links what happens is that you create a network loop and a switch disables one of the interfaces, so if the powerbeam is in bridge mode this is what is happening. You'll ne...
by pukkita
Mon Jan 13, 2020 8:57 pm
Forum: Wireless Networking
Topic: 60gHz link with 5gHz failover + Scotch Whisky
Replies: 16
Views: 6156

Re: 60gHz link with 5gHz failover + Scotch Whisky

Could it be the powerbeam having the same IP as the 60Ghz link? Without knowing more specifics is difficult to assess... how is the 5GHz setup? is the Powerbeam in router mode? What happens if only the radio is turned off on the PowerBeam? Supposing that both work simultaneously, there is no simple ...
by pukkita
Mon Jan 13, 2020 2:19 pm
Forum: Wireless Networking
Topic: Using Hap Ac lite as wireless bridge with Hap Ac
Replies: 5
Views: 8567

Re: Using Hap Ac lite as wireless bridge with Hap Ac

ouch, forgot about that... Remove any IP > Firewall filter / nat rules and reboot, what you want is a pure L2 device... it will perform better as CPU will only be used to forward from wireless interface to the bridge; forwarding between its ether ports will be done by the switch chip with hw acceler...
by pukkita
Sun Jan 12, 2020 7:12 pm
Forum: Wireless Networking
Topic: Using Hap Ac lite as wireless bridge with Hap Ac
Replies: 5
Views: 8567

Re: Using Hap Ac lite as wireless bridge with Hap Ac

Post a configuration Export... Or, fix it manually: Connect using winbox, go to Neighbor tab, locate & double click on hAP Ac Lite Mac address. This sounds as if hAP AC Lite had its own DHCP: - Go to IP > DHCP server tab and delete/disable it. - Go to IP > Addresses and delete any Static IPs - G...
by pukkita
Tue Dec 24, 2019 12:39 pm
Forum: Beginner Basics
Topic: CRS VLAN Routing [SOLVED]
Replies: 28
Views: 9993

Re: CRS VLAN Routing [SOLVED]

Just set it to use RouterOS, and load default config (System > Reset Configuration); at next winbox login you can accept several different default configs, choose or agree with "Switch mode" configuration. This will create a bridge with all the ports in switch configuration (wirespeed), wh...
by pukkita
Fri Nov 29, 2019 8:33 pm
Forum: General
Topic: dst-nat with two servers and one public IP
Replies: 2
Views: 1029

Re: dst-nat with two servers and one public IP

my network is made up of 2 web servers, being apache 1, apache2 and one more mikrotik, i need that when receiving a WAN request on port 80 and with the content 'glpi.kstros.com' the mk redirects to apache1 and when receiving 'wiki.kstros.com' is redirected to apache2. Can I do this redirect using o...
by pukkita
Thu Nov 28, 2019 2:12 pm
Forum: General
Topic: Traffic flow capacity per second
Replies: 3
Views: 1473

Re: Traffic flow capacity per second

That will depend on the routerboard used (RAM & CPU).
by pukkita
Thu Nov 14, 2019 12:34 pm
Forum: General
Topic: Port forwarding through OVPN connection [SOLVED]
Replies: 3
Views: 2128

Re: Port forwarding through OVPN connection [SOLVED]

Thank you for the detailed explanation, your answer gave me a better understanding of networks. :)
:) Glad to hear that!
by pukkita
Thu Nov 14, 2019 11:57 am
Forum: General
Topic: Port forwarding through OVPN connection [SOLVED]
Replies: 3
Views: 2128

Re: Port forwarding through OVPN connection [SOLVED]

When fixing routing issues, you have to consider two routes always: 1.- The one going from the initiator to a given device, and 2.- The route that the reply will take back to the connection initiator. From initiator (server) to device (camera) seems to be working judging by the rule counters, I assu...
by pukkita
Tue Sep 03, 2019 12:38 pm
Forum: Beginner Basics
Topic: Best VPN for Mikrotik / RouterOS
Replies: 10
Views: 17435

Re: Best VPN for Mikrotik / RouterOS

Which is the easiest (and if possible cheapest) way to achieve this with the router? Is it possible to exclude a device from the VPN? For example, I watch Netflix with my TV and I do NOT wont to use the VPN for that. If you are looking for a cheapest option then CyberGhost VPN is good and less expe...
by pukkita
Sun Aug 18, 2019 1:38 pm
Forum: Beginner Basics
Topic: can only get a dynamic ip on bridge interface
Replies: 10
Views: 4137

Re: can only get a dynamic ip on bridge interface

The Mikrotik LAN IP is bound to a member of the bridge rather than the bridge itself, this often breaks things in strange ways. It should be /ip address add address=192.168.88.1/24 interface= bridge1 network=192.168.88.0 Good catch, missed that. As TDW pointed, when you create a bridge, any L3 addr...
by pukkita
Sat Aug 17, 2019 12:52 pm
Forum: Beginner Basics
Topic: can only get a dynamic ip on bridge interface
Replies: 10
Views: 4137

Re: can only get a dynamic ip on bridge interface

Check System > Routerboard, does Current Firmware match Upgrade Firmware version? If not, upgrade and reboot. System > Logging, add DHCP. Try dhcp-client again on ether1, post the logs. What's the mac address of the bridge? and ether1? You can open a new terminal maximized, then issue /interface p T...
by pukkita
Wed Mar 06, 2019 6:41 pm
Forum: General
Topic: The "bridge"
Replies: 2
Views: 1178

Re: The "bridge"

if I've just 3 segments , e.g. DMZ, WAN, LAN in different networks, so none of them is bridged, why is there always a "bridge" involved? Because that's the way you build the "segments". Before 6.42 you had the option of either build a L2 segment by creating a bridge (by software...
by pukkita
Mon Feb 25, 2019 1:28 pm
Forum: General
Topic: Max throughput for this RB [SOLVED]
Replies: 5
Views: 2769

Re: Max throughput for this RB [SOLVED]

64k is the best for gauging of raw CPU power, but again, it depends on the chores the router is carrying away, if you'll be using fasttrack or not, etc.
by pukkita
Thu Jan 03, 2019 1:47 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD-IN-US first time troubles
Replies: 14
Views: 4804

Re: RB4011iGS+5HacQ2HnD-IN-US first time troubles

Which port are you using to connect to it? Have you tried a port other than ether1? (as ether1 is usually WAN and so, firewalled on default config)? Do you see it on winbox neighbors tab? Can you connect to it from winbox if you double click on the MAC field while in neighbors tab? If you can't, wha...
by pukkita
Sun Dec 23, 2018 11:43 am
Forum: SwOS
Topic: CSS326-24G-2S+ does not accept dhcp-provided IP!?
Replies: 2
Views: 3414

Re: CSS326-24G-2S+ does not accept dhcp-provided IP!?

Does the CRS326 have a ip > DHCP Client entry setup? Looks like it's running a DHCP Server (not client)...

If so, disable DHCP Server, and set a DCHP Client on top of the bridge interface where all ports are.
by pukkita
Wed Nov 28, 2018 10:21 am
Forum: RouterBOARD hardware
Topic: Can anyone help me identify this routerboard?
Replies: 2
Views: 1389

Re: Can anyone help me identify this routerboard?

That's not a Routerboard, but what looks like a PC Engines Alix 2 Series board based on a 2D3 from mid 2000's. Wireless card is a 12+ year old ROS supported one, a CM9 (Atheros AR5213). Have one 2D2 still bouncing around, hw reliability vs an all-integrated routerboards is a joke (logical, this is a...
by pukkita
Wed Nov 14, 2018 10:44 am
Forum: Beginner Basics
Topic: Am I hacked?
Replies: 2
Views: 1873

Re: Am I hacked?

Check your firewall (IP > Firewall > Filter) Your symptoms are the typical when being used as a DNS spoof amplification attack. If your wan port is not protected from Internet, attackers start querying your router DNS server pretending to be someone else, who gets blasted with your (and hundreds of ...
by pukkita
Wed Oct 31, 2018 12:00 pm
Forum: RouterBOARD hardware
Topic: cAP Lite Powers on but inaccessible.
Replies: 6
Views: 7396

Re: cAP Lite Powers on but inaccessible.

Could be a damaged reset switch. I'd try a netinstall , try with the reset switch, keep it pressed, apply power, wait until cAP appears on netinstall. Alternatively, if reset switch doesn't seem to work, look for a reset pad on the PCB, short it with a screwdriver or something, power it on, and keep...
by pukkita
Wed Oct 17, 2018 2:24 pm
Forum: General
Topic: Trouble connecting u-boot to a RB922
Replies: 5
Views: 1665

Re: Trouble connecting u-boot to a RB922

Update: I've found a work-around, but I'd still like to know what's going on here. If I change the RB922 configuration from /ip address add address=192.168.3.73/24 interface=ether1 to /interface bridge add name=bridge-lan /interface bridge port add bridge=bridge-lan interface=ether1 /ip address add...
by pukkita
Wed Oct 17, 2018 2:21 pm
Forum: General
Topic: Trouble connecting u-boot to a RB922
Replies: 5
Views: 1665

Re: Trouble connecting u-boot to a RB922

If I connect Orange Pi and RB922 with a straight ethernet cable, I can see the link coming up on the RB922 (100M-half), but u-boot can't ping the RB922 and tftp times out. That's the first thing I'll troubleshoot, why half duplex? try issuing some "ip link" commands or whatever appropiate...
by pukkita
Sun Sep 30, 2018 2:49 pm
Forum: General
Topic: DNS utilization
Replies: 15
Views: 11420

Re: DNS utilization

To recap in the meanwhile it gets to the Wiki: Concurrent Simultaneous Requests is now settable DNS Servers (RouteOS DNS Client Settings): goes through them sequentially passing on to the next only if it doesn't receive an answer (fails). Further clarification regarding this on the wiki would be gre...
by pukkita
Tue Sep 25, 2018 6:23 pm
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 143
Views: 44485

Re: WAP ac 5GHz issues with iPhone XS

Just tested an EU XS with a hAP AC 6.40.9, works flawlessly, 100/115 MBps using 5GHz AC 40MHz.

Looks like device specific, definitely pointing to the iphone.

To rule everything out, Is System > Routerboard Current Firmware same version as Upgrade one?
by pukkita
Fri Sep 21, 2018 8:51 pm
Forum: General
Topic: After upgrade firmware 6.40.5, Can't change admin's group to full
Replies: 6
Views: 2208

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

But I do see someone who is cruising around the forum looking for virtually irrelevant things to answer. I expect you're trying to "big yourself up" and up your post count for whatever reason. That's the only reason I can see for the post, unless you're just bored of course. And then you ...
by pukkita
Thu Sep 06, 2018 12:30 pm
Forum: Beginner Basics
Topic: Can't connect to Groove AC [SOLVED]
Replies: 2
Views: 2206

Re: Can't connect to Groove AC [SOLVED]

Ether port on the Groove comes as WAN port on default config, and thus is firewalled. Try this: 1.- Connect to its wireless. 2.- On winbox, go to neighbor tab. Double click on the MAC address, you should be able to connect. 3.- Once you can log in, reset it to no defaults. 4.- Set it up per your lik...
by pukkita
Wed Sep 05, 2018 1:23 pm
Forum: Beginner Basics
Topic: Problems updating
Replies: 2
Views: 1111

Re: Problems updating

Which specific device? Does it have a serial port?
by pukkita
Tue Sep 04, 2018 8:38 pm
Forum: General
Topic: Can´t feed PoE accesspoint
Replies: 3
Views: 1309

Re: Can´t feed PoE accesspoint

Yes, if using the stock Power adapter.
by pukkita
Sun Sep 02, 2018 11:47 am
Forum: General
Topic: Point point connection - SXT 5HnD and SXT 5nd r2 lite 5
Replies: 1
Views: 1102

Re: Point point connection - SXT 5HnD and SXT 5nd r2 lite 5

Try this: On the Station (SXT5 Lite r2): 1.- Go to Bridge. 2.- Remove unknown port 3.- Add wlan1 port to the bridge Cannot say for sure as I'm missing some details about your config, but once you do that Layer 2 between both networks should be fixed, try pinging between any devices (but the antennas...
by pukkita
Sun Sep 02, 2018 11:27 am
Forum: General
Topic: Can´t feed PoE accesspoint
Replies: 3
Views: 1309

Re: Can´t feed PoE accesspoint

RB2011 PoE Out is Passive only, not af nor at, you can't use a RB2011 to power the HP. Captura de pantalla 2018-09-02 a las 10.25.05.png You need to either get an standalone PoE af injector, or use a different Router which supports PoE Out af/at, like an hEX PoE Captura de pantalla 2018-09-02 a las...
by pukkita
Sat Sep 01, 2018 11:26 am
Forum: General
Topic: POE Problem
Replies: 14
Views: 9414

Re: POE Problem

Yes, in all cases they were providing power to wap ac Do same 2011 port powers a 100BT device fine? I've experienced that, specifically when powering gigabit AC devices from 100BT PoE out ports. First time with a 951Ui and a Netbox. Something "broke" on the 951Ui which wasn't able to powe...
by pukkita
Fri Aug 31, 2018 12:20 pm
Forum: General
Topic: DHCP Static Assigned IP Issue [SOLVED]
Replies: 7
Views: 23924

Re: DHCP Static Assigned IP Issue [SOLVED]

However we noticed for all devices which we have set the static DHCP IP for, it will NOT show up in the DHCP Server (under leases). When we tried to manually add a lease for it by adding the IP with its MAC Address, it is always having the "waiting" status. DHCP Server will inspect the AR...
by pukkita
Thu Aug 30, 2018 11:10 am
Forum: Wireless Networking
Topic: 6.42.7 LTE Scan Broken
Replies: 3
Views: 2465

Re: 6.42.7 LTE Scan Broken

I'm a bit new here and used to Redhat's bugzilla/etc. How do I easily find out if there is an issue Mikrotik is already fixing or if it is something that a post like this could be useful for? Sure, check Mikrotik Changelog Section . Searching the forum may lead to interesting findings, or as you ju...
by pukkita
Wed Aug 29, 2018 12:36 pm
Forum: RouterBOARD hardware
Topic: SXTsq 5 ac Level4 licence AP? [SOLVED]
Replies: 2
Views: 2330

Re: SXTsq 5 ac Level4 licence AP? [SOLVED]

Yes, it is possible. No differences hardware-wise.
by pukkita
Mon Aug 27, 2018 11:09 am
Forum: General
Topic: Remote management of SXT LTEs
Replies: 3
Views: 1665

Re: Remote management of SXT LTEs

Yes, you could go VPS and use CHR; if you prefer having your own on a NOC or Office, couldn't agree more: an hEX or hEX S are ideal, seem to be conceived with this duty in mind: generous RAM, powerful dual core processor, MicroSD... while drawing very little power, taking little space and generating...
by pukkita
Sun Aug 26, 2018 11:21 am
Forum: General
Topic: Remote management of SXT LTEs
Replies: 3
Views: 1665

Re: Remote management of SXT LTEs

I would set up a VPN "hub" for those SXT LTE to call home possibly using SSTP; you can dial into the hub and by RoMON or L3 manage any of the SXT LTEs.

This also opens the possibility of running a dude server on the hub, to (mass) monitor and manage the SXT LTEs.
by pukkita
Thu Aug 23, 2018 12:14 am
Forum: Announcements
Topic: v6.40.9 [bugfix] is released!
Replies: 56
Views: 39184

Re: v6.40.9 [bugfix] is released!

6.40.8 is vulnerable to this? yes, check 6.40.9 changelog (or 6.42.7) again , CVE was added afterwards, guess due to coordination? late addition?. MAJOR CHANGES IN v6.40.9: ---------------------- !) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159; -------...
by pukkita
Wed Aug 22, 2018 11:57 am
Forum: General
Topic: POE Problem
Replies: 14
Views: 9414

Re: POE Problem

Alex, were the 2011 powering AC CPEs?

Ondrej, did you include a supout.rif file taken while the problem was happening? do so...
by pukkita
Tue Aug 21, 2018 1:33 pm
Forum: General
Topic: What is ARP-published feature for?
Replies: 24
Views: 19855

Re: What is ARP-published feature for?

Not sure If I understood your scenario. 10.1.1.2 is a Caching DNS server? if so, let's say it's MAC is AA:BB:CC:DD:EE:FF. You need to publish the entry with the MAC of the real device having 10.1.1.2, on the interface where the queries will come. /ip arp add interface=hosting address=10.1.1.2 mac-ad...
by pukkita
Tue Aug 21, 2018 1:22 pm
Forum: General
Topic: POE Problem
Replies: 14
Views: 9414

Re: POE Problem

I see... agree with you, definitely looks like the hAP ac2 power draw at boot kicks the power draw protection. Which ROS version on the hEX? Firmware? (system > Routerboard?) This could be either a hardware limitation on the hEX S, or maybe something fixable by upgrading POE firmware, as it was the ...
by pukkita
Tue Aug 21, 2018 1:10 pm
Forum: General
Topic: RB1200 Killed after updating to 6.4
Replies: 3
Views: 2152

Re: RB1200 Killed after updating to 6.4

Christian, that RB1200 has some age... leaving a device for so long without upgrading rises a lot the chances of problems, moreso if the device (hardware) is old. How Old is it? ten years? ;) Looks to me like a damaged main booter. To fix: 1.- Connect a serial console to it, so that you can reach th...
by pukkita
Tue Aug 21, 2018 12:13 pm
Forum: General
Topic: WAN to LAN NAT based on subdomain via DDNS!!!
Replies: 1
Views: 1924

Re: WAN to LAN NAT based on subdomain via DDNS!!!

I've also setup the IP/Cloud feature but the DNS name is a little hard to remember! Use IP > Cloud. Purchase a domain, say my domain.com Setup as many CNAMEs on that domain pointing to the ip > cloud FQDN. From here onwards, no DNS query is gonna "resolve" to a port AFAIK; to manipulate b...
by pukkita
Sun Aug 19, 2018 1:47 pm
Forum: Wireless Networking
Topic: WISP setup & IP Pools!
Replies: 2
Views: 1465

Re: WISP setup & IP Pools!

You're not asking for help, but for someone to provide the whole (non trivial) setup for free, soo... wouldn't sweat waiting for that to happen, if ever. One thing is asking about specific issues, doubts etc on a user community forum, and a very different one is dropping a "I am a company and w...
by pukkita
Sat Aug 18, 2018 12:08 pm
Forum: General
Topic: POE Problem
Replies: 14
Views: 9414

Re: POE Problem

Other Mikrotik PoE switches can output up to 1A per port. Don't know the specific case for the hEX S as is a recent device and not a word about output limits on its last port on the specs, so it may be the case... Again, this is the Maximum power draw by hAP ac2, won't be surprised if average draw i...
by pukkita
Thu Aug 16, 2018 11:59 am
Forum: Beginner Basics
Topic: Port Forwarding for the beginner
Replies: 8
Views: 7908

Re: Port Forwarding for the beginner

Bestinwifi: please change your IPSec secret, you published enough details for someone to try brute forcing VPN accounts on your router... already edited your SN/soft id.
by pukkita
Wed Aug 15, 2018 4:07 pm
Forum: General
Topic: POE Problem
Replies: 14
Views: 9414

Re: POE Problem

hEX S max power draw = 11W hAP ac2 max power draw = 15W Total maximum power draw = 26W. hEX S PSU is 24V @ 1.2A = 28W. Tight, but these are maximum power draw values. Have you tried powering the hAP ac2 on its own to see if is still unstable? How long is the cable going to the hAP ac2? Yes, you can ...
by pukkita
Tue Aug 14, 2018 12:48 pm
Forum: Beginner Basics
Topic: Mikrotik SPF + unable to get full bandwidth
Replies: 5
Views: 2105

Re: Mikrotik SPF + unable to get full bandwidth

Bandwidth test tool is useless for SFP+. won't reach more than 2Gb ever.

Use iperf and two PCs...
by pukkita
Sat Aug 11, 2018 12:13 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAT + routing capacity
Replies: 3
Views: 2340

Re: CRS317 NAT + routing capacity

By using fasttrack, you will be able to get higher throughput, but I seriously doubt a CRS317 could reach 1Gbps of routed/natted traffic even with fasttrack enabled, guess a more realistic figure will be around 250-500Mbps max, though I never tested. Do not underestimate the hEX, it's a little mean ...
by pukkita
Sat Aug 11, 2018 11:46 am
Forum: Beginner Basics
Topic: IP/Services is all disabled [SOLVED]
Replies: 2
Views: 2578

Re: IP/Services is all disabled [SOLVED]

Doesn't it appear on Neighbors tab of Winbox? If so, click on the router Mac-address to connect via Mac-winbox.

If it doesn't, you can gain access to the 3011 in order to reenable networking services by using the Serial Console port, RJ45 on the back of the RB3011.
by pukkita
Fri Aug 10, 2018 12:13 pm
Forum: General
Topic: IP Cloud
Replies: 112
Views: 86891

Re: IP Cloud

You can't AFAIK, dns name is made up from Routerboard serial.
by pukkita
Fri Aug 10, 2018 12:01 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAT + routing capacity
Replies: 3
Views: 2340

Re: CRS317 NAT + routing capacity

Your assumptions are correct, this is a programmable switch, whose CPU provides auxiliary functions, but it's not conceived to route 1Gbps. And no, specs mean that with traffic flowing to/from all ports, the device is capable to route 1270Mbps overall (not each port), if all packets were sized 1518 ...
by pukkita
Thu Aug 02, 2018 10:10 pm
Forum: General
Topic: How to display full time in the winbox log
Replies: 14
Views: 2698

Re: How to display full time in the winbox log

sid5632, no rudeness, even your gratuitous one, is allowed here.

You're Warned.
by pukkita
Wed Aug 01, 2018 3:01 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 117
Views: 74501

Re: Security announcement blog

Sure:
Captura de pantalla 2018-08-01 a las 14.00.23.png
by pukkita
Sun Jul 29, 2018 12:27 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 117
Views: 74501

Re: Security announcement blog

We have made a blog, where we will publish the most important announcements regarding security and other topics.
Bookmark this link for Security related news:

https://blog.mikrotik.com/security/

Here is the RSS feed link:
https://blog.mikrotik.com/rss/?cat=security
Great!!! Killer idea!
by pukkita
Fri Jul 27, 2018 3:39 pm
Forum: Beginner Basics
Topic: Basic setup for router with multiple AP's [SOLVED]
Replies: 22
Views: 30942

Re: Basic setup for router with multiple AP's [SOLVED]

Nothing special, on router just make sure the ether port where the AP is connected is in the bridge where DHCP runs on.
by pukkita
Fri Jul 27, 2018 2:29 pm
Forum: RouterBOARD hardware
Topic: CCR 1036 stuck on Starting Kernel
Replies: 1
Views: 4793

Re: CCR 1036 stuck on Starting Kernel

Get a serial cable ( see Wiki ) and connect to the console. Try a netinstall using ether1 to latest bugfix version. To rule out the reset pressing time lottery, you can set that via the serial console (set the boot device to ether boot) having access to the console will be really useful to troublesh...
by pukkita
Fri Jul 27, 2018 2:24 pm
Forum: Beginner Basics
Topic: Basic setup for router with multiple AP's [SOLVED]
Replies: 22
Views: 30942

Re: Basic setup for router with multiple AP's [SOLVED]

No difference, the approach is the same. Just config all the APs as wired/wireless switch as described . Configure the same SSID and security settings on all of them. As long as the Cisco cable going to the Mikrotik connects to an ethernet port belonging to the same bridge as the DHCP server for you...
by pukkita
Thu Jul 26, 2018 11:02 am
Forum: General
Topic: 2 WAN Port Forwarding with Multiple IP Public
Replies: 6
Views: 7285

Re: 2 WAN Port Forwarding with Multiple IP Public

I see... Agree with Sindy, this looks like a bug, your config looks fine to me with regards to being able to connect to other IPs but from the src/dst-natted ones. ROS version? Routerboard firmware version? How do you config the IPs, directly on the WAN interfaces (no private transit or loopback?) D...
by pukkita
Thu Jul 26, 2018 10:37 am
Forum: Beginner Basics
Topic: MikroTik wAP as wireless client?
Replies: 4
Views: 6317

Re: MikroTik wAP as wireless client?

a wAP (or any Routerboard) can be be programmed to be whatever you want. Of course can be a wireless client. What it cannot be is a repeater (wireless client + Wireless AP at the same time) if the other device is not a Mikrotik. If your intention is placing the wAP as outdoors repeater with the Netg...
by pukkita
Wed Jul 25, 2018 1:42 pm
Forum: RouterBOARD hardware
Topic: Hap ac Lite Reset
Replies: 7
Views: 11909

Re: Hap ac Lite Reset

Even if it has been set, the method of keep pressing should work... are them under warranty?
by pukkita
Wed Jul 25, 2018 11:53 am
Forum: RouterBOARD hardware
Topic: Hap ac Lite Reset
Replies: 7
Views: 11909

Re: Hap ac Lite Reset

I have got it back to a stage on Winbox with it showing the MAC address IP of 0.0.0.0, Idenity - preconfig , Version 6.37.3 and board RB952Ui-5ac2nd. Following other threads, I have also attempted to use NetInstall and cannot get it to see the router. To be on the safe side I have attempted it on a...
by pukkita
Wed Jul 25, 2018 11:34 am
Forum: General
Topic: 2 WAN Port Forwarding with Multiple IP Public
Replies: 6
Views: 7285

Re: 2 WAN Port Forwarding with Multiple IP Public

For dual wan use you need to further use mangle to: - keep track of connections, so that what enters via one WAN, exits via the same one - Steer/balance traffic towards the two WANs Even if you aren't using both WANs for general internet traffic, (e.g. general traffic to Internet exits via a single ...
by pukkita
Tue Jul 24, 2018 6:09 pm
Forum: Beginner Basics
Topic: New cAP ac / cannot access webfig on 192.168.88.1 [SOLVED]
Replies: 4
Views: 4892

Re: New cAP ac / cannot access webfig on 192.168.88.1 [SOLVED]

... I have problem setting up dual band, but that's another story (and maybe another question here after having exhausted what I can think of!) Solved! (how can I mark it as solved?) => OK, just found it! Thanks for marking it SOLVED! Re: dual band problem Looks like CAPsMAN provisioning setup issu...
by pukkita
Mon Jul 23, 2018 3:38 pm
Forum: General
Topic: 2 Wan but wich is the primary ?? [SOLVED]
Replies: 5
Views: 2835

Re: 2 Wan but wich is the primary ?? [SOLVED]

Default Route Distance can be set also on pppoe-client, vpn clients, etc: Dial-out tab.
by pukkita
Mon Jul 23, 2018 11:13 am
Forum: Beginner Basics
Topic: New cAP ac / cannot access webfig on 192.168.88.1 [SOLVED]
Replies: 4
Views: 4892

Re: New cAP ac / cannot access webfig on 192.168.88.1 [SOLVED]

You need to wipe your cAP config and set it up to be a L2 device, a simple wired/wireless switch: See this post for details.

Don't use webfig... use winbox neighbors tab, this way you can manage it in L2.
by pukkita
Tue Jul 17, 2018 4:15 pm
Forum: Beginner Basics
Topic: Howto POE HPac2 with bridged modem [SOLVED]
Replies: 4
Views: 2736

Re: Howto POE HPac2 with bridged modem [SOLVED]

PoE-in or PoE-out capabilities are physical port capabilities, they cannot be moved.

But you can move internet, or the WAN, to a different port, for example ether2 and leave ether1 only for powering the hAP ac2.

You can use the same method I explained here
by pukkita
Tue Jul 17, 2018 1:04 pm
Forum: General
Topic: mikrotik with PPPoe and real ip behind bridge modem [SOLVED]
Replies: 101
Views: 24410

Re: mikrotik with PPPoe and real ip behind bridge modem [SOLVED]

After disabling NAT on PPPoE interface, You need to setup RIP, but still details are missing. To set up RIP: routing rip> set redistribute-connected=yes redistribute-static=yes routing rip interface> add interface=YOURPPPoE_interface receive=v2 send=v2 passive=no routing rip network> add network=77....
by pukkita
Mon Jul 16, 2018 11:19 am
Forum: Beginner Basics
Topic: Configuring the SXT LTE (RRBSXTLTE3-7) with a Router / Access Point [SOLVED]
Replies: 4
Views: 3024

Re: Configuring the SXT LTE (RRBSXTLTE3-7) with a Router / Access Point [SOLVED]

The reasoning behind: - hap ac is a router board, and as such is 100% programmable - I can provide specific instructions - One of the best APs Mikrotik has for your application. - You may want a dual WAN setup in the future The Netgear (or any other "canned setup" AP) should be possible to...
by pukkita
Sun Jul 15, 2018 12:54 pm
Forum: Beginner Basics
Topic: Configuring the SXT LTE (RRBSXTLTE3-7) with a Router / Access Point [SOLVED]
Replies: 4
Views: 3024

Re: Configuring the SXT LTE (RRBSXTLTE3-7) with a Router / Access Point [SOLVED]

Hello, Yes, it is possible provided both are properly setup. Instead of the Netgear I'd go with a Mikrotik AP, like the Hap ac . The easiest configuration would be 1.- Set up the LTE using the wizard to provide Internet (HomeAP? setting). 2.- Plug the LTE to the Hap ac and set it up as wired/wireles...
by pukkita
Fri Jul 13, 2018 11:56 am
Forum: Beginner Basics
Topic: Replaced Mikrotik and change MAC for cablemodem
Replies: 1
Views: 1229

Re: Replaced Mikrotik and change MAC for cablemodem

Power everything off for > 10 minutes, then power on.

Failing that, call Ono as their system may have blacklisted your line in DHCP, not uncommon on Fixed IP lines.
by pukkita
Wed Jul 11, 2018 1:48 pm
Forum: Beginner Basics
Topic: MikroTik mAP 2nd and Groove 52HPN [SOLVED]
Replies: 6
Views: 3902

Re: MikroTik mAP 2nd and Groove 52HPN [SOLVED]

ROS will select a Mac address from the ports in the bridge, no need to specify any.

Looks like the .rsc file is not loading, try logging to the router after the reset, and issue
/import file-name=mymapR.rsc verbose=yes
Pasting any errors here.
by pukkita
Mon Jul 09, 2018 1:47 pm
Forum: General
Topic: Access DLNA server that is connected to main mikrotik from a switch mikrotik that has different IP & subent
Replies: 2
Views: 2382

Re: Access DLNA server that is connected to main mikrotik from a switch mikrotik that has different IP & subent

You provide very little info regarding your network...

If main Mikrotik has wireless interfaces, and DLNA client devices connect by wireless, first thing I'd do is go to Wireless, select interface, enable Advanced Mode, and set the multicast helper to full.
by pukkita
Mon Jul 09, 2018 1:40 pm
Forum: The Dude
Topic: The dude on RB760iGS
Replies: 5
Views: 4594

Re: The dude on RB760iGS

Hex S or RB760iGS is MMIPS, dude package should be for MMIPS Dude 6.40.8 MMIPS
I am surprised by this because how do you know which version of RouterOS is installed on the 760iGS?
Good catch, edited.
by pukkita
Mon Jul 09, 2018 1:22 pm
Forum: Beginner Basics
Topic: MikroTik mAP 2nd and Groove 52HPN [SOLVED]
Replies: 6
Views: 3902

Re: MikroTik mAP 2nd and Groove 52HPN [SOLVED]

As Pamela32 pointed out, you should watch out for voltage drops. However, the Groove doesn't support active PoE, only passive. The best approach is using a DC power adapter from 24V to max 30VDC (Groove limit), capable at least of 500mA. Power the mAP with it via it's DC-in jack with it, it will pow...
by pukkita
Sun Jul 08, 2018 11:34 am
Forum: Beginner Basics
Topic: Basic setup for router with multiple AP's [SOLVED]
Replies: 22
Views: 30942

Re: Basic setup for router with multiple AP's [SOLVED]

On Mikrotik #2: 1.- Upgrade to latest bugfix 2.- Reset to no defaults 3.- Create a bridge. Add all interfaces (wired and wireless) to the bridge. 4.- Configure wireless interfaces: same SSID, security (WPA2) and passphrase as on Mikrotik #1. Done. As long as you plug one ether from Mikrotik #2 to th...
by pukkita
Sat Jul 07, 2018 2:07 pm
Forum: General
Topic: Peculiar DHCP behavior between routers and power controllers
Replies: 3
Views: 1326

Re: Peculiar DHCP behavior between routers and power controllers

Please post the interface stats, Rx, Tx, overall. There has been lots if changes in L2 implementation in ROS recently. What happens if you put a switch in between? Any difference? I couldn't agree more with jarda, on top of that mikrotik tries to avoid spaguetti code to fix other's bugs. Post a pack...
by pukkita
Sat Jul 07, 2018 12:21 pm
Forum: General
Topic: Peculiar DHCP behavior between routers and power controllers
Replies: 3
Views: 1326

Re: Peculiar DHCP behavior between routers and power controllers

ROS Version? Is DHCP set to authoritative?

If using latest bug fix, take a support while experiencing the issue and write to support attaching it.

If not, try bug fix version. Are you creating static DHCP leases for the Synaccess?
by pukkita
Thu Jul 05, 2018 8:34 pm
Forum: Beginner Basics
Topic: Basic setup for router with multiple AP's [SOLVED]
Replies: 22
Views: 30942

Re: Basic setup for router with multiple AP's [SOLVED]

The only modification required would be adding the interfaces directly to the bridge, instead of setting the master-port.

ROS will enable HW offloading if suitable.
by pukkita
Thu Jul 05, 2018 8:19 pm
Forum: Wireless Networking
Topic: CAPsMAN "fun"
Replies: 35
Views: 11178

Re: CAPsMAN "fun"

RaynoP: I'd try 6.40.8 if it weren't for the cAPs ac, which were very recently released and require current branch (see changelog). I'd put the blame on them... thing's I'd try: - Check that System > Routerboard Upgrade Firmware matches Current Firmware, upgrading if it doesn't (all devices). - neti...
by pukkita
Thu Jul 05, 2018 7:55 pm
Forum: Beginner Basics
Topic: MikroTik mAP 2nd and Groove 52HPN [SOLVED]
Replies: 6
Views: 3902

Re: MikroTik mAP 2nd and Groove 52HPN [SOLVED]

Yes, Routerboards are 100% programmable. You could achieve what you want and learn during the process, this is what I'd do to "reverse" the ports w/o having to program it from scratch: Connect to your mAP using winbox. 1.- Create an configuration export: To do so, Open a New Terminal , and...
by pukkita
Wed Jul 04, 2018 1:58 pm
Forum: General
Topic: Ethermode on hAP ac
Replies: 2
Views: 3288

Re: Ethermode on hAP ac

If you're using a laptop, try disabling the wireless interface, to force the OS to make sure it's using the ethernet interface.

A tip: Keep pressing the rest button until you see the router appearing in netinstall.
by pukkita
Wed Jul 04, 2018 1:52 pm
Forum: Beginner Basics
Topic: Using a hAP ac lite as an access point [SOLVED]
Replies: 2
Views: 9072

Re: Using a hAP ac lite as an access point [SOLVED]

What I would do: 1.- Upgrade to latest bugfix 2.- Reset to no defaults 3.- Create a bridge. Add all interfaces (wired and wireless) to the bridge. 4.- Configure wireless interfaces: same SSID, security (WPA2) and passphrase as you pointed. Done. As long as you plug one ether from the hap ac lite to ...
by pukkita
Tue Jul 03, 2018 12:06 pm
Forum: General
Topic: Any plans to make cross-platform WinBox?
Replies: 33
Views: 8357

Re: Any plans to make cross-platform WinBox?

The developers could also add in small chunks of OS specific code where the wine APIs weren't good enough. I wish MikroTik could / would do that for the MacOS X / Linux binaries. Maybe they've tried and found it unworkable already. Couldn't agree more. Winbox works fine most of the time under wine,...
by pukkita
Wed Jun 27, 2018 12:52 pm
Forum: General
Topic: problem with Mikrotik CCR1009-8G-1S-1S +
Replies: 1
Views: 930

Re: problem with Mikrotik CCR1009-8G-1S-1S +

Are you using latest winbox (3.15)? It can upgrade itself, check Tools > Check For Updates in Main Winbox window. If you suspect the CCR is misbehaving, I'd take a full export out of that CCR, netinstall it, then import the export file back watching out for errors. If there are any, you can proceed ...
by pukkita
Mon Jun 25, 2018 7:06 pm
Forum: General
Topic: 2 Wan but wich is the primary ?? [SOLVED]
Replies: 5
Views: 2835

Re: 2 Wan but wich is the primary ?? [SOLVED]

As long as the default route uses the gateway it, you're done. Make sure is it masqueraded.
by pukkita
Mon Jun 25, 2018 3:23 pm
Forum: The Dude
Topic: The dude on RB760iGS
Replies: 5
Views: 4594

Re: The dude on RB760iGS

Hex S or RB760iGS is MMIPS, dude package should be for MMIPS and match the installed ROS version, e.g. if you have 6.40.8 installed: Dude 6.40.8 MMIPS
by pukkita
Tue Jun 12, 2018 8:10 pm
Forum: Beginner Basics
Topic: Suggestions for configuring GrooveA 52 ac
Replies: 3
Views: 2208

Re: Suggestions for configuring GrooveA 52 ac

I'd do this: 1.- Reset the groove to no defaults 2.- Connect to it using winbox Neighbors tab, as it will reboot without any ip 3.- Create a bridge on the Groove. Add wlan1 and ether1 to it. 4.- Configure wireless per your liking using a different channel than the one used by the Huawei, e.g. Huawei...
by pukkita
Tue Feb 27, 2018 1:06 pm
Forum: Beginner Basics
Topic: Trouble forwarding uTorrent ports [SOLVED]
Replies: 11
Views: 13126

Re: Trouble forwarding uTorrent ports [SOLVED]

No need for manual port redirection. 1.- Delete all those dst-nats 2.- IP > uPnP Tick: - Enabled - Show Dummy Rule Click on [Interfaces] button. Add ether1 as External Add your LAN bridge as Internal done. Enable uPnP on your torrent/skype/whatever client, close it and re-launch. Look at IP > Firewa...
by pukkita
Mon Feb 26, 2018 12:13 pm
Forum: Wireless Networking
Topic: Question on adding new wireless interface
Replies: 4
Views: 1761

Re: Question on adding new wireless interface

Yes, you could create one physical, one virtualAP SSID, then apply use mangle depending on traffic source interface to force exit through the desired WAN.
by pukkita
Fri Feb 16, 2018 3:38 pm
Forum: Beginner Basics
Topic: What hardware to use at home
Replies: 6
Views: 2037

Re: What hardware to use at home

You can't go wrong with the CCR... that said a 3011 will do for sure. If you want to save: RB3011. If you want to do an investment once for years to come: CCR1009. CRS326 is a great switch, but I have never used it personally as a router (I may for a 100Mbps WAN if budget were tight). IMHO 400/20Mbp...
by pukkita
Fri Feb 16, 2018 3:30 pm
Forum: Beginner Basics
Topic: Soft Brick hap lite
Replies: 2
Views: 1053

Re: Soft Brick hap lite

Which ROS version did you netinstall them to? Try 6.39.3...
by pukkita
Thu Feb 15, 2018 11:54 am
Forum: RouterBOARD hardware
Topic: MIPS or ARM?
Replies: 7
Views: 14644

Re: MIPS or ARM?

And MMIPS... :)

Router size is better determined by the WAN bandwidth you want to "move" first, and what kind of filtering, queueing, etc you'll want to apply.

Do you need a router with wireless capabilities? Will you go with a seperate router and AP?
by pukkita
Sun Feb 04, 2018 8:50 pm
Forum: Beginner Basics
Topic: Help a guy with no networking experience setup a network!
Replies: 1
Views: 905

Re: Help a guy with no networking experience setup a network!

Difficult to guess... but you probably need to: - Add all ether ports where APs (or switches where APs are connected to) a bridge (I assume all APs are in layer 2 towards the RB1100AHx2) - Setup a hotspot (there's a wizard) on such bridge - Fix usermanager (I assume RB1100AHx2 was running it as radi...
by pukkita
Sat Feb 03, 2018 11:14 am
Forum: General
Topic: Problems with proxy-arp after upgrade from 6.39.1 to 6.41
Replies: 6
Views: 3494

Re: Problems with proxy-arp after upgrade from 6.39.1 to 6.41

Make sure fast-forward on the bridge is enabled, I completely wiped out the bridge, recreated it with fast-forward set and proxy-arp/local-proxy-arp worked this time. No dice... reset it to defaults, loaded the config back, and it's not working now. Will try a netinstall, but looks some sort of issu...
by pukkita
Fri Feb 02, 2018 7:23 pm
Forum: General
Topic: Problems with proxy-arp after upgrade from 6.39.1 to 6.41
Replies: 6
Views: 3494

Re: Problems with proxy-arp after upgrade from 6.39.1 to 6.41

haven't had the time to have a thorough look, definitely proxy-ARP seems to break when upgrading both to ROS 6.41 or 6.41.1. Going back to 6.39.3 will only fix it if a pure software bridge is used. Use a master port adding it to the bridge and arp will break too. Looks like hardware acceleration iss...
by pukkita
Fri Feb 02, 2018 6:07 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 104
Views: 33182

Re: v6.41.1 [current]

Noticed today after upgrading to 6.41.1 that proxy-arp and local-proxy-arp seem to be broken both on 6.41 and 6.41.1 (FW upgraded to match) when set on a bridge. Device: hAP AC. Reverting back to 6.39.3 (FW 6.41.1), restores proxy-arp amd local-proxy-arp, but only on a full software bridge. Setting ...
by pukkita
Fri Feb 02, 2018 8:33 am
Forum: General
Topic: DNS utilization
Replies: 15
Views: 11420

Re: DNS utilization

Is this still the current behavior, as of 6.41 (jan/2018?)
No.

That concurrent hardcoded limit was removed some versions ago, and as sebastia posted now you can set up the max concurrent queries limit at will.
by pukkita
Wed Jan 31, 2018 10:32 pm
Forum: General
Topic: Host to Host Connection not happening via Mikrotik Router
Replies: 19
Views: 3831

Re: Host to Host Connection not happening via Mikrotik Router

Post
/ip address print
/ip route print
on the mikrotik also. We cannot guess what that dhcp-client on ether1 may end up doing to them.

You shouldn't have a dhcp-client on an interface with an static ip set...
by pukkita
Wed Jan 31, 2018 2:42 pm
Forum: General
Topic: Having trouble past 6.41
Replies: 10
Views: 2451

Re: Having trouble past 6.41

Apparently Bridge filters in/out doesn't work when hw-offload is active on the ports. Any Ideas? Correction: if using L2 bridge filters, there's no need to enable use ip firewall. Just tested on 6.41 (on a RB1100AHx2), and even with hw offload enabled, L2 filtering (.e.g manipulating priority, vlan...
by pukkita
Tue Jan 30, 2018 10:41 pm
Forum: General
Topic: Having trouble past 6.41
Replies: 10
Views: 2451

Re: Having trouble past 6.41

Apparently Bridge filters in/out doesn't work when hw-offload is active on the ports. Any Ideas? Did you enable "Use IP Firewall" (on Bridge [Settings])? Filters won't work otherwise AFAIK. If you did, maybe (as I still don't fully understand your requirements) is it possible that could b...
by pukkita
Tue Jan 30, 2018 11:41 am
Forum: General
Topic: Having trouble past 6.41
Replies: 10
Views: 2451

Re: Having trouble past 6.41

Wouldn't using no horizon at all but using Bridge filters allow what you want (prevent ether1,2 to see ether3,4 and ether5)? You can use interface lists... Same goes for Switch > ACLs Why the need to be in L2 to send traffic to monitor? IDS? Are you mirroring traffic and sending it towards your offi...
by pukkita
Tue Jan 30, 2018 11:32 am
Forum: General
Topic: Having trouble past 6.41
Replies: 10
Views: 2451

Re: Having trouble past 6.41

What do you mean with "monitor all ports at the same time"? Why is it needed to have ether5 in L2 with the rest?
by pukkita
Tue Jan 30, 2018 11:09 am
Forum: Wireless Networking
Topic: Help with mikrotik metal ac
Replies: 1
Views: 993

Re: Help with mikrotik metal ac

Are we talking about Cuba? On RouterOS, if license is L4 (as is already on your Metal52 AC, check System > License) you may create multiple virtual wireless interfaces (wireless mode station) on top of the phisical wireless one, each virtual one will have a different MAC address and will appear to t...
by pukkita
Tue Jan 30, 2018 10:12 am
Forum: Beginner Basics
Topic: how to route packets from an ip in a network to an other ip in the same network !(with diagram ) [SOLVED]
Replies: 9
Views: 3513

Re: how to route packets from an ip in a network to an other ip in the same network ! [SOLVED]

Post a diagram with all the devices involved at your side up to the AP, will help us to help you.
by pukkita
Tue Jan 30, 2018 10:08 am
Forum: General
Topic: Host to Host Connection not happening via Mikrotik Router
Replies: 19
Views: 3831

Re: Host to Host Connection not happening via Mikrotik Router

Please posts all the IPs along its masks.

On routerboard:
/ip address print
host1 and host2:
ip addr show (or ifconfig)
ip route show (or netstat -rn)
by pukkita
Wed Jan 10, 2018 12:14 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 1024
Views: 1149324

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

The thing is which CCR was used as btest client... has btest been fixed???
by pukkita
Sun Jan 07, 2018 11:33 pm
Forum: The User Manager
Topic: User Manager not supported on MMIPS and ARM [SOLVED]
Replies: 14
Views: 128150

Re: User Manager not supported on MMIPS and ARM [SOLVED]

750Gr3 == Hex.
by pukkita
Sun Jan 07, 2018 11:25 pm
Forum: Wireless Networking
Topic: Some Questions!!
Replies: 5
Views: 1558

Re: Some Questions!!

I said L4 because some configs used in public Cuban wifi require virtual interfaces to be used if you want to use several wireless credentials (to sum up more bandwidth, or for sharing with more people) with a single antenna, something not doable with L3 devices, and something that you may want to d...
by pukkita
Sun Jan 07, 2018 5:47 pm
Forum: Wireless Networking
Topic: Some Questions!!
Replies: 5
Views: 1558

Re: Some Questions!!

I assume WiFi is 2.4GHz? or there's dual 2.4 and 5GHz coverage? For 2.4GHz: https://mikrotik.com/product/lhg_2 (Unknown, L3 I guess) https://mikrotik.com/product/RBSXTG-2HnDr2-168 (L4) For 5GHz: https://mikrotik.com/product/RBLHG-5nD (L3) https://mikrotik.com/product/sxtsq_5_high_power (L4) Whatever...
by pukkita
Sun Jan 07, 2018 12:53 pm
Forum: General
Topic: Log messages: ssh auth timeout
Replies: 2
Views: 6722

Re: Log messages: ssh auth timeout

The real question is no sane admin will leave unrestricted access to a router from the Internet.

Best practice: prevent access completely to it from the internet, set up VPN access and allow only that.

If your router IP is not fixed, use IP > Cloud.
by pukkita
Wed Dec 06, 2017 3:02 pm
Forum: Beginner Basics
Topic: Configuring AP gets wrong
Replies: 5
Views: 1490

Re: Configuring AP gets wrong

Have a look at viewtopic.php?t=123380

Set the wAP AP as a wireless/wired switch as explained there.
by pukkita
Wed Dec 06, 2017 2:18 pm
Forum: Beginner Basics
Topic: 52ac + hAP ac - Is this enough for my RV?
Replies: 12
Views: 3729

Re: 52ac + hAP ac - Is this enough for my RV?

I think the hardware you have have selected is fine, since you are stationary in an RV park you can power it however you want. If you were trying to run off of the battery system in your RV I'd suggest not using the included power injectors, but instead to hardwire (with fuses and a switch, of cour...
by pukkita
Sun Dec 03, 2017 3:52 pm
Forum: General
Topic: I can not access a nanostation connected to omnitik
Replies: 5
Views: 1428

Re: I can not access a nanostation connected to omnitik

Are you sure the nano hasn't resetted itself to 192.168.1.20? Can you see it via IP > Neighbors?
by pukkita
Fri Dec 01, 2017 11:03 am
Forum: Wireless Networking
Topic: choosing an access point suitable for my needs
Replies: 1
Views: 904

Re: choosing an access point suitable for my needs

being mostly laptops, I'd go either for the Hap ac or wAP ac.
by pukkita
Fri Dec 01, 2017 10:36 am
Forum: General
Topic: I can not access a nanostation connected to omnitik
Replies: 5
Views: 1428

Re: I can not access a nanostation connected to omnitik

Move IP .5.200 from ether1 to bridge1.

I understand there's nothing on Ip > Firewall > Nat
by pukkita
Tue Nov 28, 2017 8:02 pm
Forum: Beginner Basics
Topic: logging to remote syslog
Replies: 2
Views: 2373

Re: logging to remote syslog

You need to configure it to suit your needs, default configuration logs to memory only.

See /System logging, you need to:

1.- Create a remote Action setup for your syslog collector
2.- Set up logging Rules for the topics you want, setting/changing its action to the remote one you set on step #1.
by pukkita
Sun Nov 26, 2017 12:50 pm
Forum: General
Topic: Mikrotik connectivity to FreeRadius
Replies: 6
Views: 1863

Re: Mikrotik connectivity to FreeRadius

Mikrotik doesn't check anything it simply asks freeradius: user X with password Z wants to login, should I allow it? Then is freeradius which checks on its tables and simply answers Mikrotik router if the user successfully authenticated, and any user related reply items. You need to check your freer...
by pukkita
Sun Nov 26, 2017 12:39 pm
Forum: Beginner Basics
Topic: 52ac + hAP ac - Is this enough for my RV?
Replies: 12
Views: 3729

Re: 52ac + hAP ac - Is this enough for my RV?

I wouldn't use the Metal52ac, reasons: - You need an antenna for it. Forget about using a omnidirectional antenna to pick on distant signals, that's the worst option possible. - only 1 chain. I would use LHG2 To "pick" on the distant signal, advantages: - 1/3d of the cost vs Metal52ac + an...
by pukkita
Sat Nov 25, 2017 1:17 pm
Forum: General
Topic: [HELP] Problem. I need 2 hotspots with 2 radius servers on one Mikrotik
Replies: 4
Views: 1531

Re: [HELP] Problem. I need 2 hotspots with 2 radius servers on one Mikrotik

RouterOS uses only 1 Radius client, you cannot have two hotspots using different radius servers on the same router. You can have several radius servers on /radius, but RouterOS will use the first, unless it's down; then it will try the second, and so on. You don't need two seperate radius servers fo...
by pukkita
Sat Nov 25, 2017 1:08 pm
Forum: General
Topic: Mikrotik connectivity to FreeRadius
Replies: 6
Views: 1863

Re: Mikrotik connectivity to FreeRadius

You cannot just tinker with the tables and expect it to work... Seems your freeradius configuration makes it interpret that table as radcheck, and you chose to store gender on the op field, which freeradius expects to be a two character field, containing Freeradius operators . radcheck table has to ...
by pukkita
Sat Nov 25, 2017 12:54 pm
Forum: General
Topic: Multiple VLAN on one port connected to AP
Replies: 1
Views: 1191

Re: Multiple VLAN on one port connected to AP

Run Tools > Torch on ether3, tick "Show VLAN id", do you see the expected VLAN IDs there?

Post a full export.
by pukkita
Sat Nov 25, 2017 10:28 am
Forum: RouterBOARD hardware
Topic: RB493G, 60.0% Bad Blocks!!! What should I do now? [SOLVED]
Replies: 18
Views: 20661

Re: RB493G, 60.0% Bad Blocks!!! What should I do now? [SOLVED]

Write to support linking to this post and explaining the situation, they'll work out the license issue.
by pukkita
Fri Nov 24, 2017 8:43 pm
Forum: General
Topic: Default configuration [SOLVED]
Replies: 4
Views: 3770

Re: Default configuration [SOLVED]

Yes, you're right: the wiki specifies it:
Configure script RouterOS export file produced by the export command). Any file supplied here will become the default configuration of the reinstalled router.
by pukkita
Tue Nov 21, 2017 5:56 pm
Forum: General
Topic: Issues w/ HTTPS
Replies: 10
Views: 2278

Re: Issues w/ HTTPS

This is usually MTU, or packet loss issues. Isolate and test that subnet and its uplink point to the rest of the network.
by pukkita
Tue Nov 21, 2017 11:12 am
Forum: General
Topic: L2TP/IPSEC meltdown?
Replies: 2
Views: 1130

Re: L2TP/IPSEC meltdown?

A weird thing noticed: the throughput improves considerably when I run the Packet Sniffer on the L2TP interface! Running Packet sniffer disables FastPath and Fasttrack . Check your firewall settings if you have fasttrack enabled. Similar thread: very strange slow web access but can be solved by pac...
by pukkita
Thu Nov 16, 2017 12:19 pm
Forum: General
Topic: /queue tree parent=global
Replies: 12
Views: 31940

Re: /queue tree parent=global

You don't need different packets for upload/download, just make sure that for a given traffic category, you mark traffic on both directions. It's the parent which will dictate if QoS will be applied on upload or download, depending on parent interface, you can use same packet marks. parent=global wi...
by pukkita
Wed Nov 15, 2017 2:36 pm
Forum: General
Topic: /queue tree parent=global
Replies: 12
Views: 31940

Re: /queue tree parent=global

Can I have a parent=global queue to handle all traffic towards the LAN while not intermixing the rates with the upload traffic to the two internet interfaces?
Yes, that's the way.
by pukkita
Sun Nov 12, 2017 12:49 pm
Forum: Beginner Basics
Topic: Before I buy questions
Replies: 21
Views: 3825

Re: Before I buy questions

For home use, options on increasing budget: - hAP ac: router + AP on single device. Drawback: you need to position it optimally for the AP. - RB3011 + wAP AC: Best of both worlds: router can be positioned on your comm cabinet, and wAP AC(s) optimally for best wireless coverage. - RB3011 + hAP AC: if...
by pukkita
Sat Nov 11, 2017 10:05 pm
Forum: General
Topic: License question: ROS 4.5 to 6.xx
Replies: 9
Views: 2710

Re: License question: ROS 4.5 to 6.xx

Which RB433? In these cases the best option is to netinstall.
by pukkita
Sat Nov 11, 2017 12:28 pm
Forum: Beginner Basics
Topic: Before I buy questions
Replies: 21
Views: 3825

Re: Before I buy questions

From RB1100AHx4 brochure:
Captura de pantalla 2017-11-11 a la(s) 11.23.24.png
So a difference on dude edition is it comes with a 60GB M.2 disk from factory.

Additionally, dude edition sports 3 switch groups, while non dude edition seems to have none.
by pukkita
Sat Nov 11, 2017 12:20 pm
Forum: General
Topic: not created tcp-mss rule in mangle
Replies: 3
Views: 2263

Re: not created tcp-mss rule in mangle

What's new in 6.39 (2017-Apr-27 10:06):
!) ppp - implemented internal algorithm for "change-mss", no mangle rules necessary;
by pukkita
Fri Nov 10, 2017 10:50 pm
Forum: Wireless Networking
Topic: Bridge design validation?
Replies: 4
Views: 1661

Re: Bridge design validation?

Only on the 750UP location, as allstarcomps said that's the only place where you need to connect more than one station. L4 is $45, but... SXT's are directional antennas, if you want to connect the two SXT lites to the AP on 750UP location, you'll need not only a radio that has L4 license, but also i...
by pukkita
Fri Nov 10, 2017 12:17 pm
Forum: Wireless Networking
Topic: Bridge design validation?
Replies: 4
Views: 1661

Re: Bridge design validation?

Post a diagram. I tried to configure all 3 in bridge mode but could only get the bridge to function over any 2 APs at one time. SXT Lite license level is L3, that means it's limited to act as an AP for only one device (wireless mode = bridge). You can either pay to raise its license to L4, or purcha...
by pukkita
Fri Nov 03, 2017 6:13 pm
Forum: Wireless Networking
Topic: Using Mikrotek at a backpackers hostel
Replies: 5
Views: 1916

Re: Using Mikrotek at a backpackers hostel

CAPsMAN requires certain knowledge, QoS definitely, you would be better hiring someone knowledgeable . I wouldn't limit per user (simple queue), but program a QoS (queue tree) that categorizes traffic, dynamically distributes available bandwidth depending on traffic category priority, then use PCQ q...
by pukkita
Wed Nov 01, 2017 12:35 pm
Forum: Wireless Networking
Topic: Using Mikrotek at a backpackers hostel
Replies: 5
Views: 1916

Re: Using Mikrotek at a backpackers hostel

When you say MI Repeater I understand it's a wireless repeater? If so, that's your first problem. I'd: - Put the Airtel router in bridge mode if possible - Deploy a internet router to manage users, speeds, QoS and CAPsMAN. Hex could be a budget candidate that fits the job nicely. - Deploy at least t...
by pukkita
Mon Oct 30, 2017 10:54 am
Forum: Wireless Networking
Topic: Could 10Mhz channel works with any Wireless Card?
Replies: 6
Views: 1856

Re: Could 10Mhz channel works with any Wireless Card?

Exactly. If you're setting up an AP for unknown wireless/mobile devices you'll have to set it up in the most widely compatible way.

For 2.4GHz that means 20MHz and default settings.
by pukkita
Sun Oct 29, 2017 8:58 pm
Forum: Wireless Networking
Topic: Could 10Mhz channel works with any Wireless Card?
Replies: 6
Views: 1856

Re: Could 10Mhz channel works with any Wireless Card?

You need

1.- Mikrotik radio that suports 5/10MHz (not all of them do)
2.- Client with radio with same capabilities
by pukkita
Sun Oct 29, 2017 5:52 pm
Forum: Wireless Networking
Topic: Quickly varying wireless communication rates
Replies: 5
Views: 2309

Re: Quickly varying wireless communication rates

Because there are two directions while communicating. Let's suppose this scenario: AP <-> STATION using frequency 5640. Interference may be local and affecting only the receiving side, (e.g. other antenna nearby STATION transmitting on 5640). while it could be possible that AP can "hear" S...
by pukkita
Sun Oct 29, 2017 5:39 pm
Forum: Beginner Basics
Topic: Cannot access PPTP VPN Client from LAN
Replies: 8
Views: 7583

Re: Cannot access PPTP VPN Client from LAN

Have you tried setting the src-address on the mikrotik router to 192.168.5.1? Windows PPTP client should get a route to 192.168.5.0 via the VPN, nothing else should be required. That's the point of using same network range on LAN and VPN + proxy-arp, no routing is necessary. Check a router print on ...
by pukkita
Sun Oct 29, 2017 2:36 pm
Forum: Beginner Basics
Topic: Cannot access PPTP VPN Client from LAN
Replies: 8
Views: 7583

Re: Cannot access PPTP VPN Client from LAN

Only place where proxy-arp is needed is on bridge1, nowhere else.

Reboot the router afterwards.
by pukkita
Sun Oct 29, 2017 12:57 pm
Forum: Beginner Basics
Topic: Cannot access PPTP VPN Client from LAN
Replies: 8
Views: 7583

Re: Cannot access PPTP VPN Client from LAN

please post
/interface export
/ip address export
by pukkita
Sun Oct 29, 2017 12:56 pm
Forum: General
Topic: Help with router configuration for Agascha
Replies: 6
Views: 1594

Re: Help with router configuration for Agascha

Not sure if I understood your situation right. If you want the laptop acting as server to have a fixed IP, you can still use DHCP. 1.- Go to IP > DHCP Server > Leases and locate the laptop one. 2.- Double click on it, and click on "Make static". From now on, the laptop will be always offer...
by pukkita
Sun Oct 29, 2017 12:41 pm
Forum: Wireless Networking
Topic: Quickly varying wireless communication rates
Replies: 5
Views: 2309

Re: Quickly varying wireless communication rates

6Mbps is the lowest of the so-called "basic rates", and the only basic-rate with default configuration. Radio switches to this basic rate when initially establishing or renegotiating the radio link; this indicates you're having interferences, SXTs may have moved, a new nearby obstacle, or ...
by pukkita
Sun Oct 29, 2017 12:29 pm
Forum: Beginner Basics
Topic: Cannot access PPTP VPN Client from LAN
Replies: 8
Views: 7583

Re: Cannot access PPTP VPN Client from LAN

shouldn't need this
chain=srcnat action=masquerade src-address=192.168.5.48/29 dst-address=!192.168.5.48/29 log=no log-prefix=""
if proxy-arp is properly set.
by pukkita
Sat Oct 28, 2017 12:50 pm
Forum: General
Topic: RB951G-2HND Reboot issues and system corruption [SOLVED]
Replies: 6
Views: 6006

Re: RB951G-2HND Reboot issues and system corruption [SOLVED]

No, USB external disk cannot be used as system partition, and I'm afraid it cannot be used for graphs storage either.

External storage can be used for web proxy cache, samba sharing, etc.
by pukkita
Fri Oct 27, 2017 7:02 pm
Forum: General
Topic: RB951G-2HND Reboot issues and system corruption [SOLVED]
Replies: 6
Views: 6006

Re: RB951G-2HND Reboot issues and system corruption [SOLVED]

Lots of power off/power on and bad electricity supply can corrupt the NAND format or damage it, specially if you're writing constantly to it (do you have graphs active?). If you're experiencing such electricity supply unstability, you'd better either get an UPS at least for the router... this router...
by pukkita
Fri Oct 27, 2017 11:05 am
Forum: General
Topic: RB951G-2HND Reboot issues and system corruption [SOLVED]
Replies: 6
Views: 6006

Re: RB951G-2HND Reboot issues and system corruption [SOLVED]

Looks like your NAND is gone, you'd better write support, short of netinstalling it again, resetting it to no defaults and reconfiguring it looking if it holds fine this time. Better than using a .backup, you could make an export, so that you can just copy & paste the config on this, or any rout...
by pukkita
Wed Oct 25, 2017 1:27 pm
Forum: General
Topic: Firewall logs [SOLVED]
Replies: 1
Views: 2062

Re: Firewall logs [SOLVED]

Len = Length (size).

You got it right for the rest.
by pukkita
Wed Oct 25, 2017 11:53 am
Forum: Wireless Networking
Topic: RB951G-2HnD: wireless 300Mbps, how to?
Replies: 7
Views: 5584

Re: RB951G-2HnD: wireless 300Mbps, how to?

300 is radio datarate, in TCP that would equal about half, 100-150Mbps TCP.

You need clients to be dual-chain / dual stream (2x2 MIMO) while most mobile devices are single chain.
by pukkita
Wed Oct 25, 2017 11:12 am
Forum: The Dude
Topic: CRS326-24G-2S+RM
Replies: 4
Views: 2942

Re: CRS326-24G-2S+RM

At this moment I have CRS125-24G-1S and I want to get 2nd device with spf, gigabit lan ports and with Dude support.
Sounds like RB3011 is what you are looking for. Next option would be a CCR.
by pukkita
Sun Oct 22, 2017 12:29 pm
Forum: Beginner Basics
Topic: Problem with very simple Route on Mikrotik RB750
Replies: 6
Views: 2162

Re: Problem with very simple Route on Mikrotik RB750

Another thing that you may need to ensure is that you are actually masquerading or dst-natting traffic from your .123 network to your .10 network. Nope, no need to. If 10.x clients use 10.x (10.1 or 10.200) as default gateway, and .123.x clients have .123.x as default gateway both networks will be ...
by pukkita
Sat Oct 21, 2017 12:06 pm
Forum: General
Topic: How to Check MikroTik with SN in Web
Replies: 3
Views: 2646

Re: How to Check MikroTik with SN in Web

Check System > License, if it's fine then I'd say you can rest asured is not a copy.
by pukkita
Sat Oct 21, 2017 11:44 am
Forum: The Dude
Topic: Export Dude DB as XML
Replies: 2
Views: 2060

Re: Export Dude DB as XML

Exported database is sqlite, you may use sqlite tools to create the XML export, like .e.g. sqlite-manager or SqliteStudio for once in a time operations. To program an automatic conversion process, you may use sqlite to export database to CSV, then use either your own code to convert, or use a CSV to...
by pukkita
Sat Oct 21, 2017 11:37 am
Forum: Beginner Basics
Topic: Problem with very simple Route on Mikrotik RB750
Replies: 6
Views: 2162

Re: Problem with very simple Route on Mikrotik RB750

This is the case right now. But tbh i don't understand why this must be the GW, when there is no device with that IP (should i give the RB750 this IP?) Yes, you should either change it to 192.168.10.1, or keep the current 192.168.10.200 AND set the clients to use 192.168.10.200 as gateway. Best app...
by pukkita
Fri Oct 20, 2017 3:06 pm
Forum: The Dude
Topic: CRS326-24G-2S+RM
Replies: 4
Views: 2942

Re: CRS326-24G-2S+RM

CRS326 is ARM platform, whereas most CRS line is mipsbe, where dude is not supported.

Have you tried uploading the dude arm package to it then rebooting (provided you're using RouterOS and not SwOS with the CRS326)?
by pukkita
Fri Oct 20, 2017 2:57 pm
Forum: Beginner Basics
Topic: Problem with very simple Route on Mikrotik RB750
Replies: 6
Views: 2162

Re: Problem with very simple Route on Mikrotik RB750

Sadly i'm on the edge of insanity, because i just can't seem to get it to work. I have a static Route on the AVM Fritzbox, which redirects every request etc. directed at the 10.xxx Network right to the RB750 (because the AVM is the Gateway for the 123.xxx Clients). Can you post that route? Check th...
by pukkita
Sun Oct 15, 2017 12:22 pm
Forum: Wireless Networking
Topic: ptp qrt 5ac 12.1 km
Replies: 8
Views: 2164

Re: ptp qrt 5ac 12.1 km

200Mbps is going to depend on available spectrum, contiguous free 40MHz-50MHz minimum required.

Suitable devices for this in order of preference:

- netmetal (dual chain) + mANT30-PA
- netbox + mANT30-PA
- QRT ac
- DynaDish
by pukkita
Sun Oct 15, 2017 12:13 pm
Forum: Beginner Basics
Topic: Replace OpenVPN Server/Client
Replies: 13
Views: 3144

Re: Replace OpenVPN Server/Client

GRE does not use a port!
I know... I meant ISPs are known/likely to throttle it down also, or even block it. The point of the OP was using a transport that was unlikely to be tinkered by the ISP...
by pukkita
Sat Oct 14, 2017 2:48 pm
Forum: Wireless Networking
Topic: ptp qrt 5ac 12.1 km
Replies: 8
Views: 2164

Re: ptp qrt 5ac 12.1 km

It's stated at the calculator, link it's possible, but you'll need an outrageously high tower (>70m height) to mount the Tx device. Either that, or use four devices to create 2 PTPs. First PTP will clear the elevation by Rx'ing at the edge; this first PTP Rx radio will be wired to second PTP back to...
by pukkita
Sat Oct 14, 2017 2:37 pm
Forum: Wireless Networking
Topic: CAPSMAN + Guest WiFi
Replies: 16
Views: 19471

Re: CAPSMAN + Guest WiFi

You seem to miss the IP > DHCP > Network entries. Also I think for your intended setup add address=10.35.0.1 interface=bridgeopen network=10.35.0.0 Should be add address=10.35.0.1/24 interface=bridgeopen network=10.35.0.0 . Do clients connected to the open network: 1.- Get an IP? 2.- post ipconfig/a...
by pukkita
Sat Oct 14, 2017 2:24 pm
Forum: Beginner Basics
Topic: Replace OpenVPN Server/Client
Replies: 13
Views: 3144

Re: Replace OpenVPN Server/Client

- L2tp works only on port UDP 500. This is a sad notice. In OpenVPN i don't use standard ports for connect. Some ISPs will slow down traffic on this common ports.
Similarly goes for GRE.

Would be nice having customizable L2TP port for ROS... of course only ROS devices could be used on both sides.
by pukkita
Fri Oct 13, 2017 2:09 pm
Forum: Forwarding Protocols
Topic: OSPF - one way neighbor
Replies: 2
Views: 2842

Re: OSPF - one way neighbor

Check your firewall for any filter o nat rules that may be getting into OSPF's way.
by pukkita
Fri Oct 13, 2017 1:14 pm
Forum: Beginner Basics
Topic: Replace OpenVPN Server/Client
Replies: 13
Views: 3144

Re: Replace OpenVPN Server/Client

Download the sstp-client-1.0.11.tar.gz package and look at the README inside, there's no need for X. You can create .deb packages rather easily, look inside the sources. pe1chl, SSTP may not be the optimal solution but giving the limitations gamba47 is facing, which SSTP dodges, there's nothing to l...
by pukkita
Wed Oct 11, 2017 3:35 pm
Forum: Wireless Networking
Topic: CAPSMAN + Guest WiFi
Replies: 16
Views: 19471

Re: CAPSMAN + Guest WiFi

When i connect to the private network, it's ok, i've got an ip address and have a n internet access, but when i tryed to connect to guest network, i also get ip address, but no internet access, and also i can't ping my router from the connected device. I assume you mean the internet router plugged ...
by pukkita
Wed Oct 11, 2017 3:12 pm
Forum: Beginner Basics
Topic: Replace OpenVPN Server/Client
Replies: 13
Views: 3144

Re: Replace OpenVPN Server/Client

No need for softether, SSTP Client is all you need.

What distribution are you using?

This provides a plugin for stock pppd and a sstp client tool (sstpc).

Typical area were you may find issues while setting up is the server certificate, watch out pppd client logs on Linux server.
by pukkita
Wed Oct 11, 2017 3:05 pm
Forum: Beginner Basics
Topic: Here is my last attempt - RB3011 - No Server outbound connection
Replies: 20
Views: 4580

Re: Here is my last attempt - RB3011 - No Server outbound connection

Your routing is fine. Did you issue the ping to 8.8.8.8 from the router??? Remove masquerade on bridge-LAN, only masquerade you need is the one already set: You posted: /ip firewall nat add action=masquerade chain=srcnat comment="default masquerade" \ out-interface=ether1_WAN add action=ds...
by pukkita
Wed Oct 11, 2017 3:00 pm
Forum: Wireless Networking
Topic: CAPsMAN errors in log
Replies: 11
Views: 18637

Re: CAPsMAN errors in log

Change its logic:
 chain=input action=drop in-interface-list=WAN
by pukkita
Tue Oct 10, 2017 11:47 am
Forum: Beginner Basics
Topic: Here is my last attempt - RB3011 - No Server outbound connection
Replies: 20
Views: 4580

Re: Here is my last attempt - RB3011 - No Server outbound connection

/ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 You should change that IP to interface=bridge-LAN /ip arp add address=192.168.88.248 interface=bridge-LAN mac-address=7C:05:07:10:04:AD Delete this. On Winbox, open a New Terminal and issue /ip address p...
by pukkita
Mon Oct 09, 2017 12:30 pm
Forum: Beginner Basics
Topic: Here is my last attempt - RB3011 - No Server outbound connection
Replies: 20
Views: 4580

Re: Here is my last attempt - RB3011 - No Server outbound connection

According to the SB6141 Manual , as pcunite says there's no SFP, you should wire it like this: I am confused? I bought this SFP Copper Module (Mikrotik Item model number S-RJ01). Now you are saying i cant use it with this router and modem? I am very confused now? It is an ethernet cord, it is nothi...
by pukkita
Sat Oct 07, 2017 12:00 pm
Forum: Wireless Networking
Topic: wireless repeater for two different SSIDs on different frequencies?
Replies: 4
Views: 1797

Re: wireless repeater for two different SSIDs on different frequencies?

Then you'll need to to it the not optimal way. It's not optimal because you're forcing the radio on the repeater to split its tasks in two, so it: - halves the bandwidth - doubles the latency - halves available spectrum efficiency for everyone. Say wired hAP is A, repeating hAP is B, and user C is c...
by pukkita
Sat Oct 07, 2017 11:35 am
Forum: Beginner Basics
Topic: Here is my last attempt - RB3011 - No Server outbound connection
Replies: 20
Views: 4580

Re: Here is my last attempt - RB3011 - No Server outbound connection

According to the SB6141 Manual, as pcunite says there's no SFP, you should wire it like this:
wiring.png
by pukkita
Fri Oct 06, 2017 12:58 pm
Forum: Wireless Networking
Topic: Unable to get IP on Virtual AP
Replies: 1
Views: 3031

Re: Unable to get IP on Virtual AP

Make sure that either - If you don't mind both SSIDs being bridged, ensure the VirtualAP interface is added as a port to the same interface (bridge) the DHCP server is running on ( Check IP > DHCP Server ). - If you want to keep both SSIDs isolated, you'll need to setup another DHCP server to be ded...
by pukkita
Fri Oct 06, 2017 12:29 pm
Forum: General
Topic: Authorize a single website with the proxy
Replies: 1
Views: 969

Re: Authorize a single website with the proxy

You cannot, exceptions to proxy access list are static, so unless there's a regex pattern that will catch both orange.fr and related CDNs (highly unlikely), you'll need to add a specific proxy ACL for each.
by pukkita
Fri Oct 06, 2017 12:27 pm
Forum: Wireless Networking
Topic: wireless repeater for two different SSIDs on different frequencies?
Replies: 4
Views: 1797

Re: wireless repeater for two different SSIDs on different frequencies?

Yes, but that wouldn't be optimal.

Best approach is wiring both Haps, then have both broadcast any SSIDs you want on any of the two bands.

Good scenario to use CAPsMAN.
by pukkita
Fri Oct 06, 2017 12:24 pm
Forum: General
Topic: Logging only src on NAT traslations
Replies: 6
Views: 2215

Re: Logging only src on NAT traslations

I can't see the usefulness of storing only the src-address and port if it cannot be cross-related to a dst-address... if you just want that info, use radacct.

Otherwise, you'll need to process the data at syslog receiving stage.
by pukkita
Fri Oct 06, 2017 12:15 pm
Forum: Beginner Basics
Topic: How to install Dude server on Routerboard 1100?
Replies: 23
Views: 29200

Re: How to install Dude server on Routerboard 1100?

There's no dude server for MIPSBE platform, it's only supported on Tile, ARM, MMIPS and x86/CHR.

You need to install it on a supported router, then by adding the RB433 as a device, (and as long as wireless cards used aren't AC chipset), you'll be able to do spectral scans from the main dude server.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 11