MikroTik

mdkberry

if your whole uplink is less than 100Mbps, I would not worry too much, the difference in performance is not much it is showing traffic on the NAT but I have not experienced any obvious speed issues since posting intially. the SQLite has boosted overall performance hugely anyway, so I am happy with ...

mdkberry

If you only want to use the RB2011 as a switch , NAT needs to be disabled on the RB2011. Thanks for the detailed explanation. I was expecting it to be more simple, like setting NAT to accept or passthrough on the RB2011. Before I do all that you advised, what is the negative impact of leaving it wi...

mdkberry

I'd personaly use the SXT as CPE and router, make the RB2011 to a bridge, Keep it Simple. Okay, have taken this approach and I have now got it working so thank you, I will mark this as solved. One main problem was that I had not changed the default gateway on the SXT DHCP Server when I changed it t...

mdkberry

two things I have picked up: 1. both the sXT and the RB2011 are using the same LAN subnet. so for the RB2011, the WAN gateway is 192.168.88.x and the LAN subnet is also 192.168.88.0/24 I would change one of the subnet to something different. 2. on the RB2011, you are using bridge1 as your WAN inter...

mdkberry

Post the current configurations of both devices (see the hint on anonymisation in my automatic signature below). What you want to do is simple, and I wouldn't recommend to move the firewall from the 2011 to the sxtsq lite, as the CPU of the sxtsq is just a tiny bit better whilst the RAM size is dou...

mdkberry

Hi I am struggling with a setup. I was using my RB2011 to access a wireless WAN using mode=station-pseudobridge and then provision it to my local Wifi LAN for internet access using a virtual wan port setup. To seperate out the WAN Wifi from the LAN Wifi so the RB2011 is not doing both tasks, I have ...

mdkberry

Use a directional (Important) outdoor AP (SXT 5 something something (if they support 5GHz).) to get internet from outdoor service . Place this high on your house so you have a clear line of sight. Cable from this to an indoor AP with separate WLAN for your client machines. This will make a heap of ...

mdkberry

I currently use an RB2011 at home and it is getting rather old (7 years) and tired too as it has to sit outside being cooked by the Australian sun. I thought I would look at hardware upgrade options and wanted to some advice. I use the RB2011 to provide a home wifi by connecting it wirelessly to my ...

mdkberry

problem fixed and for anyone who runs into this, maybe what I did will help the virtual Wlan2 interface (192.168.88.1) had decided to drop the auto-route to 192.186.88.1 as the gateway for all 192.168.88.0 traffic, and for some reason it had changed the route table to 192.168.88.3 (Eth3 int) instead...

mdkberry

I have an RB2011 on 6.42.12 I use it to access a Telstra wifi AIR network and then provide a wifi internally to access that for my home pc's. the network dropped off today and after a router restart, I cannot ping any local IP addresses in or out of the router. the problem is the same on local wifi ...

mdkberry

If ports carrying same VLAN don't belong to same switch chip, then you'll have to use a CPU bridge between them. There are two possibilities: a) create dedicated bridge for particular VLAN or b) use common bridge (which, if configured that way, will transparently carry on VLAN). Which way is better...

mdkberry

still not working. I added the following in and as soon as I enabled it, the traffic doesnt get through interface Ether6, and it is unreachable beyond. (even without changing to secure, it is still set to fallback at this point) Really odd. I must be missing something else. ports 1 to 5 are on switc...

mdkberry

The setting of /interface ethernet switch port vlan-mode to secure restricts the VLANs allowed on that port to those for which the port is placed on the ports list of the corresponding /interface ethernet switch vlan row. So to permit only VLANs 3,17,29 on port ether6, you have to configure /interf...

mdkberry

You can post relevant part of configuration (e.g. /interface export ) and we can have a look. When I set the switch port to secure and observed traffic on the interface, nothing was passing across the interface except discovery packets and when observing the interface tx and rx levels tx remained a...

mdkberry

unfortunately this hasnt worked, in fact setting the port to "secure" effectively disconnected all the phones going through it. I used torch to observe the traffic and could see only rx traffic and no tx. the switch is an Alloy unmanaged, but works with VLAN and the VLAN ID tagging is code...

mdkberry

router: RB2011 , ROs 6.40.9 Got a VLAN setup on Ether 6 connecting to an unmanaged Alloy switch, and the setting has automatically chosen fallback as the setting in the /switch/port/vlan mode. This all works fine for devices that have their VLAN ID set correctly, but I wanted to lock the ether6 inte...

mdkberry

/tool e-mail set address="smtp.gmail.com"

haha, works perfectly. I honestly didnt think to just try using the URL, I assumed it was still IP only, as per the wiki on it. thanks.

mdkberry

smtp.gmail.com resolves to another IP (173.194.79.108, depending on location and used dns service). Just set hostname as address and you should be fine.

thanks I will try both methods suggested when I can.

mdkberry

thanks I will try that when I can. I am curious why this of all places does not make use of the DNS and URL option, since smtp.gmail.com is not a permanent/single ip address. Surely it would be of benefit and make sense to have URL option in the email configuration, why would it be detrimental? ther...

mdkberry

nothing changed on my router that i am aware of but regular emails sent from RB2011 (6.40.9) via gmail no longer go out, they give a time out error. it has been working fine for over a year. I dont use the gmail account for anything else, so I dont log in to it. but when troubleshooting this issue I...

mdkberry

Be aware that VLANs do not normally work over wireless. VLANs used in association with wireless normally terminate (get untagged) at the wireless access point. Every SSID or every connection get tagged with the used VLAN and sent on to the wired side. . Not a problem, it's just for wired side traff...

mdkberry

When you have some different VLANs and an external switch there should be no need to have the MikroTik-side VLAN interfaces in a bridge. Just configure your different subnets (addresses) on the VLAN interface directly and you can define the member of the network on the switch. . OK that makes sense...

mdkberry

You have to decide if you want a true trunk (everything tagged) or a hybrid (one VLAN tagged and the other untagged) on your link. ... Don't put the MikroTik-side VLAN interface in a bridge. For clarity the hybrid will allow multiple VLANS and untagged as well, or only x1 VLAN and untagged traffic?...

mdkberry

Thanks for reply. I would prefer to change the existing connection to a Trunk as you suggest. I think my concern is that some traffic will stop going through the connection or that it may impact traffic on the switches that do not support VLAN elsewhere in the network. So to be clear, if I change th...

mdkberry

I have a network running 4 LAN ip subnets, with DHCP server provision from a Mikrotik RB2011 router. ROS 6.40.9 Traffic between the subnets is seperated by firewalling, but I am not currently using VLANS because some of the switches were not VLAN compatible. I wish to start to migrate the network to...

mdkberry

Hi I am using an RB2011 in station-pseudobridge mode as an access point to a Wireless WAN, it creates WAN1 interface for this connection. I then have WAN2 which provides the wifi SSID for my machines to access, and traffic is routed to WAN1 and out to the internet and is working fine. because WAN1 i...

mdkberry

I am trying to get Mikrotik Rb2011 to work with Security Onion IDS without having to use port mirroring. trafr should do it but I am running into a problem getting it to work. I have followed the article from Rob Penz but it is for Suricata alone, and SOnion has a slightly different than standard Su...

mdkberry

Usually setting no admin address means ROS will auto select it. Funny I didn't suggest trying that as caring about this was an issue of the past, seems 6.38 needs some help in this regard. do you still have the logs? which MAC address was being used by DHCP previously? Good job! not kept them. with...

mdkberry

thanks for suggestions. FYI there is a solution for the DHCP issue I mentioned (also I posted it in the thread link I attached) basically on the wireless bridge settings on the RB2011 add in the MAC address of the bridge to its own Admin MAC address, which in my case was empty. this then allows the ...

mdkberry

thanks to user Tulluk on Reddit where I also posted this issue, it seem there is a fix for this, in the bridge settings on the RB2011 set the 'admin MAC' of the wireless bridge0 to be the same as its actual MAC. This results in the DHCP packets having the right source MAC for return from the AP devi...

mdkberry

ok this is my bodge work around (not confirmed whether this works with wireless devices as yet, only worked for the RB922AUG AP device. I wont know until after the weekend if the clients have problems getting new DHCP leases. Old leases seem to be mostly ok, new ones fail. I am hoping this bodge wil...

mdkberry

Turns out this looks like it may be a bug in the current upgrade 6.38.5 as others are expressing the same problem here
viewtopic.php?f=2&t=116963

mdkberry

I am having this problem on RB2011 connecting to an AP RB922AUG the AP is not returning the DHCP handshake in some way or cannot get it through. logs show up on the RB2011 showing error "dhcp_wireless offering lease xxxxx without success" This started happening right after reboot after upg...

mdkberry

spoke too soon. This has worked to fix the CPU since the reboot, but now the RB912UAG CAPSMAN AP cannot get DHCP from the RB2011 router. I have managed to access it remotely from the RB2011 using MAC-Telnet and can see no settings have changed in the config but it wont pick up its ip from the DHCP S...

mdkberry

astounded that worked but it did. I honestly rebooted those suckers at the time after the upgrade, and yet a restart today fixed the issue. thanks

mdkberry

Hi I have a RB2011 router and a DuxSpot-IN with RB912UAG-‐ 2HPnD Wireless CAP AP I upgraded both to routerOS 6.38.5 (from 6.33.5 where it was fine) and just noticed from the graphs that since then (2 days now) they are both at CPU 100% with no let up. EDIT: just checked interfaces and all other gra...

mdkberry

here is the last 24 hour temp graph (I couldnt seem to add any more attachments in the original post for some reason) this was a day as any other with people in the office from 8am to 5pm so you can see there is some expected temp increase in use but sometimes it tips 70 deg. (In all honesty I dont ...

mdkberry

Hi I have an RB912UAG-‐ 2HPnD serving as a stand alone Wireless AP using CapsMan in an office environment with about 15 people on it using both 5ghz and 2ghz radio. RouterOS is vrs 6.33.5 , CapsMan is Vrs 2 The ISP is a 400mbps fibre service connected to an RB2011 using same vrs OS which manages th...

mdkberry

Hi I have a PBX behind a Mikrotik RB2011 and it has been protected by restricting inbound NAT to Voip Provider IP addresses only so no need for firewalling the traffic as such. They now want to have personal mobile phones of the staff use SIP apps (3CX system) to dial out from their extensions when ...

mdkberry

Hi I am using PRTG for monitoring network traffic and have setup traffic flow on RB2011. It works great, but I am running into a problem in trying to work out which interface the sensor is reading on the RB2011. the PRTG sensors require the field 'Interface[x]' to be put in the sensor. Where x is th...

mdkberry

cant seem to edit my post above, but the images havent uploaded properly hopefully this is them....

dummy_rules1.jpg

dummy_rules2.jpg

mdkberry

Hi been a bit confused by the introduction of dummy rules since I last setup a routerOS, and have attached a couple of print screens of them in the firewall and NAT on my router which I just migrated to a new router and discovered these showing up on the new RouterOS. 1. what are they doing and shou...

mdkberry

like you see on the illustration next to the arrow, it is the lowest level of signal. ok, thanks for that. any ideas on how to get the signal up higher? there is not much interference where I am from other wifi sources, and the laptop is right next to the AP and yet I am only ever seeing that level.

mdkberry

the arrow is showing the one that is lighting up. I had to restart it to take the photo and clear all the wireless connections. where can I find info on the various lights?

redlight.jpg

mdkberry

Hi I keep having a red light go on in the rb912G-2HPnD (photo attached) it has 2Ghz and 5GHz 802.11ac capability. it is setup as a CapsMan controlled AP device attached to the RB2011 router running CapsManager. the red light goes off when I re-provision the AP but pretty quickly comes back on again....

mdkberry

just to offer some observations on this change. it worked so thanks, and now both 2Ghz and 5GHz are auto-provisioning. but ... even though the provision tab has only ac set in the hardware supported mode for the 5Ghz, having '5GHZ a/n/ac' set in the configuration tab at the same time actually allows...

mdkberry

create-enabled - create enabled static interfaces. I.e., the interfaces will be bound to the radio and the radio will be operational; create-dynamic-enabled - create enabled dynamic interfaces. I.e., the interfaces will be bound to the radio, and the radio will be operational; and the difference be...

mdkberry

Hi Try to change provisioning to: /caps-man provisioning add action=create-enabled hw-supported-modes=gn add action=create-enabled hw-supported-modes=an thanks I will try it, but if I want the 5GHz wlan to only provision 802.11ac and no other mode. while 2GHz wlan provides anything else will the ab...

mdkberry

Hi I have a Mikrotik RB2011 router running CAPsMan and connected to a rb912G-2HPnD as the CAP. (both on RouterOS 6.33.5 and Capsman vrs 2) I have them communicating and provisioning ok until I try to seperate the 5GHZ from the 2GHZ for seperate SSID access points via the CapsMan config and provision...

mdkberry

Would appreciate some comments on this setup for the PCQ queue. I have a bunch of internal vlans (one per client in a serviced office) that need to be restricted to say max limit of 5/5mbps each vlan on a 20/20mbps fibre line. They rarely go over. I was having a go at marking the traffic per vlan th...

mdkberry

Ok been a while since I was on this thread but I have tried the above setup and run into a strange problem where marking the packets stops some web sites being available. I am not sure what is causing it and hoped someone could look at the below Mangle rules and tell me. I have enabled everything ex...

mdkberry

Hi router: RB2011 OS. 6.7 I am trying to setup a second public ip address for a PBX server and I am running into some issues. is this the correct method to do it. for reference I have used the below info; PPPoE-TPG_EFM = virtual interface connected to ISP a.a.a.a = default public ip from ISP service...

mdkberry

thanks for all the input those that have posted that really helps. I will test it TikUser ideas out and let you know how it goes. one thing I noticed when I tried pcunite's script tailored in the way I mentioned. once the PBX started distributing calls outbound all the VoIP traffic ended up marked w...

mdkberry

Hi router: RB2011 OS: 6.7 I am having a problem with blocking DHCP requests between subnets. It seems the only way with the Mikortik is to create a bridge and filter it there, but that is not an option for me. is anyone aware of a solution for this. it logs the udp info fine, but doenst drop it, so ...

mdkberry

another router setup using the same script and I am seeing HTTP_D traffic which is supposed to be priority 1 being dropped before the other traffic in Level C which is lower priority.
any thoughts? piccy attached.

dropped_packets.tiff

mdkberry

interestingly I can set it via the terminal using /system ntp client so it is now working , but if I access it from the GUI Webfig 6.7 it triggers the error message I am wondering if this is related to what pcunite has suggested in a recent post that maybe the GUI itself is the cause of a lot of iss...

mdkberry

Hi RB2011 routerOS downgraded from 6.9 to 6.7 now when I try and add an NTP ip address into SYSTEM/ SNTP CLIENT I get the message 'Couldn't change SNTP Client - feature is not implemented (2)' an internet search suggested the package is missing but I downloaded all_packages-mipsbe-6.7.zip uploaded t...

mdkberry

yea but when I had some mangle rule issues it was showing me chaotic info also useful was watching the Queue traffic rates and build up. still want to know a way to see the Queues in graphs to track when it gets near to max-limit but probably end up using PRTG netflow for that, or maybe The Dude can...

mdkberry

my bad...somehow when I copy-pasted it from your script into the terminal on my router, the UDP mangle didnt copy the protocol for just that mangle. I just fixed it and everything looks to be ok. another question, when I copy-pasted, all the mark-connection mangle rules defaulted to "passthroug...

mdkberry

Hi pcunite in testing your script using YouTube media , I am finding that instead of port 80 traffic getting marked with HTTP or HTTP_BIG mark it is ending up getting marked by the UDP rule in mangle. if I disable UDP in mangle then it correctly marks the traffic with HTTP or HTTP_BIG any thoughts o...

mdkberry

I'll just keep answering my own questions as I get them; setting the mangle rule to action: log, is one way to observe the effect of a rule. example, UDP_Mark_Connection prerouting: in:ether2 out:(none), src-mac 00:15:c5:49:59:8e, proto UDP, 192.168.20.2:137->10.10.10.10:137, NAT (192.168.20.2:137->...

mdkberry

Hi I am trying to figure out QoS for a PBX and some other traffic and working from the script and queue setup based on this link by pcunite http://forum.mikrotik.com/viewtopic.php?f=13&t=73214 I am trying to mark UDP packets coming from a PBX using this code; # Mark all UDP traffic for an IP-PBX...

mdkberry

I would like to adapt pcunite's script to my scenario. and would welcome any suggestions. my router is RB2011 routerOS 6.7 ISP service is 5mbps up and 5mbps down on EFM (4 wire symmetrical). this is connected on Eth1 of the router. I have a VoIP PBX which will make 25 calls max at a time. this is on...

mdkberry

Hi pcunite great, post and pretty much the only thing out there on VoIP QoS at this level that I can find for Router OS. have you progressed any yet. There seem to be some key issues still outstanding. I am about to setup QoS for a VoIP network on an RB2011 which will be competing with other subnet ...

mdkberry

this issue appears to be resolved since I had to reconfigure the router setup without 'bridge-local' (the default bridge that comes with RB2011 setup to bridge all the interfaces)

since removing it, for other reasons, I no longer have this issue.

mdkberry

aha...finally...This problem is explained here http://forum.mikrotik.com/viewtopic.php?f=2&t=23324

mdkberry

Hi I am setting up a Mikrotik RB2011 in test before it goes live. it has 3 subnets, all firewall blocked from each other. (not using VLANS as the switch will not support it, they cant afford to buy one that does at this time) 192.168.10.0/24 192.168.20.0/24 192.168.30.0/24 (wifi with DHCP on router)...

mdkberry

thought I would update this in case someone else has the same problem. I found a work around but definitely not a fix. The issue seems to be with DHCP server settings on the box. It seems I can only really use the default scope and if I add more in and try to use them for the Hotspot then it turns t...

mdkberry

Hi plisken thanks for suggestion. I tried it that way and it did work but it also locked me out of the Mikrotik router as 192.168.88.1 is the default ip address on the bridge-local. Even if it worked ok, I need it to work on the WLAN1 interface for wireless users, and so far if I try the same setup ...

mdkberry

Hi I have tried everything on my RB2011U router with OS 6.5 trying to get hotspot working on wlan 1 (or any interface) i have now reset the configuration and still hitting the same problem; when I make the hotspot it appears greyed out and when I look into the settings it says 'invalid not https' I ...

Search found 70 matches