MikroTik

troffasky

The best we can say about these devices being released today with too little storage and RAM is that it will force Mikrotik to optimise the software, and then everybody will benefit.

troffasky

Ended up switching off the 60G radio. Simply couldn't find a firmware version that was stable. Did you try RouterOS v7.11 or higher? According to the changelog there were some changes in v7.11 to improve system stability for these devices: What's new in 7.11 (2023-Aug-15 09:33): *) w60g - improved ...

troffasky

Ended up switching off the 60G radio. Simply couldn't find a firmware version that was stable.

troffasky

Well took forever to see this Newsletter just to release an LTE router and 8 port switch. From May to September. That hopefully means they are focusing on bugfixing the existing products. I can tell you now that if they put out a newsletter containing three different 6G routers with PoE-over-fibre,...

troffasky

Would be great to see some progress from Mikrotik on this. Maybe the Back To Home thing is the first element of the Devices Controller, who knows.... It could even be a source of revenue as well, eg storing logging/traffic information for reporting on - you want more than 7d of data, you have to pay...

troffasky

Seems like he has done more than Mikrotik have for a cloud RouterOS controller...even if it turns out to be a botnet controller or a data harvesting exercise :D

troffasky

Reboots on the AP, ie, did not improve stability.

troffasky

*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;

The 7.11alpha I was given by support did not fix this one for me.

troffasky

I keep hoping to be surpised in release notes on MIPS support for ZeroTier – just be good to know if that hope is misplaced from Mikrotik.

Yeah, this! I search every new release thread posted for mentions of ZT. We live in hope.

troffasky

*) w60g - improved interface stability for PTMP setups;

Not helping me, unfortunately. autosupout.rif sent to support....

troffasky

Seemed OK on the test bench, although we know test bench != the real world.

Yeah, about that.....now it's installed my CubeSA 60Pro ac has rebooted 7 times so far today, max uptime is 33 minutes. It seems like weak stations will cause repeated reboots. Going to try 7.10rc!

troffasky

Thanks for putting the theme back, sanity is restored.

troffasky

OK that's odd...from the "Your Posts" search, the icon column is not clickable but if I browse to another section, eg Announcements then every thread is clickable in the icons column with latest#latest on the end of the URL so it jumps to the first new post in the thread.

troffasky

For me link to last post work by middle click the posts icon.

Posts icon, I get it now. i in a circle most of the time, sometimes it's a flame. So it's still there, phew.
I have this site zoomed to 30% [yes, 30%, not 130%] to try and fit a bit more on the screen.

troffasky

I hate this space-wasting theme. It also seems like jump to last-read-post doesn't work any more? Used to be a little icon in the link that would take you there, now I have to scroll through 200 posts to find last one.

troffasky

When I saw in the newsletter that this was single band, I *knew* that was what would attract the most comment in this thread :-) 5GHz does seem like an omission to me, but despite all the comment, I do wonder what practical difference it would make to the use of the product - it seems to me at this ...

troffasky

iperf3 tests using TCP are quite a bit lower then when using UDP (albeit some minor packet loss can be observed, which does usually not happen with TCP). iperf3 does not report [or, possibly even know about] packet loss in TCP mode. It will make itself known in the retransmits value for that segmen...

troffasky

@normis perhaps a quick documentation page on how to do mass deployment of blank devices after this change comes in, would be helpful.

troffasky

Thanks Gu457v, that's basically where I got to, pretty much because I couldn't work out what to do next. Sounds like it's going to be fine. Seemed OK on the test bench, although we know test bench != the real world.

troffasky

Reading this: https://help.mikrotik.com/docs/display/ROS/Fail-over+PtP+CLIexample It suggests to add primary=wlan60-station-1 slaves=wlan60-station-1,wlan1 to a bond interface. What should I do when there is more than one station [ie, PtMP]? Surely can't have wlan60-station1 as primary in the bond i...

troffasky

Any ideas @normis ? This one seems like a no-brainer. Teltonika manage to have Zerotier on all their architectures.

troffasky

I didn't specifically mean Winbox here, I meant the ROS CLI as well. Adding a ROS router to RANCID so I get config diffs when somebody makes a change is invaluable.

troffasky

EDIT: It would be very practical if one could have access directly to local.conf using the cli. In this way, it would be possible to configure all possible settings such as TrustedPath, Multipath, BondingProfiles, etc without having to add all bells and whistles to Winbox. I'll create a feature req...

troffasky

While I agree with many of the flaws, point #3 is generally referred to as SDWAN and is implemented in RoS using ZeroTier. Sure, so long as you're using ARM. Three times now we have deployed Zerotier for a customer and *not* used CHR for the soft-router element because it doesn't support Zerotier.

troffasky

MT will never play any role in any SDWAN unless the boxes can understand & detect (many) application and steer accordingly.

Ask three network engineers what "SDWAN" is and you will get at least three different answers.

troffasky

Page 5, it's spelt "MikroTik" not "MirkoTik" :-) Yes, yes, I know you're quoting STH, but still....

troffasky

What are those "loops" on either end of the RB5009?

troffasky

-It should definitely have a mode where the router reaches out to the controller, like how cnMaestro and UISP work. It allows devices behind NAT to be monitored and maintained without punching holes in a firewall.

Yes please, make sure endpoints work from behind CGN.

troffasky

New logo looks fine to me, looks like an arrow pointing up and to the right.

troffasky

In Newsletter say (write)"In our tests,the Cube 60Pro ac easily maintained a reliable connection over 2.4 km." Over means OVER 2,4 km. and not UNDER. Well it probably does mean "under", actually. I would be very surprised if it worked at 2.4km but not at 1.0km [although I wouldn...

troffasky

Seems unlikely, they stopped making Tile-GX 72 core in October 2021 with a suggested replacement part of "N/A". So price would be going up not down.

troffasky

Is the Cube 60Pro ac whether they would work at 7 km ?

If it worked at 7km then they wouldn't say 1km, would they? Or "as far as 2.4km" as it says in one of pictures...

troffasky

Well of course this happens when I am away in holidays.

You need to add to your "going away on holiday" checklist, right after "cancel the milk", an entry saying "Disable ****ing script that updates my router without me there to test it".

troffasky

You didn't respond to gotsprings's comment about local forwarding. That could account for lower performance with CAPsMAN.

troffasky

RANCID is a heap of scripts, with different collector plugins for different target platforms. It logs in on a schedule, executes whatever the native equivalent of "/export compact", "show run", etc, is and stores the output in a version control backend. It can email you a diff of...

troffasky

Not sure why you need an extra layer for authentication and encapsulation when you control the last mile? It's not just WISP networks, but in networks where the operator sells wholesale access, using PPP they can hand the login off to the relevant service provider's AAA server. I am sure you could ...

troffasky

Needing to know the speed is not some inherent trait of PPPoE, but the router can't really prioritise anything if it doesn't know how much bandwidth is available.

Try disabling discovery on the PPPoE interface:
viewtopic.php?p=767139#p767139

troffasky

Does the packet loss go away if you go back to your previous router? Are you sure the packet loss is at your end and not happening upstream at your ISP?

troffasky

Yep, working.

troffasky

Short the traces where the reset button was.

troffasky

forum.mikrotik.com is timing out on IPv6. Works fine on IPv4. $ wget 159.148.147.239 --2021-04-29 09:37:52-- http://159.148.147.239/ Connecting to 159.148.147.239:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://forum.mikrotik.com/ [following] --2021-0...

troffasky

I would take what the model-specific documentation says https://mikrotik.com/product/crs309_1g_8s_in over a more general wiki page. Specs say it's 802.3af/at in, so I would expect it to work. However, that page also says max power is 17W "without attachments" and max power for 802.3af is 1...

troffasky

It is quite simple implementation (only checks for single inter-wire resistence

Doesn't sound very "passive" to me :-D

Thanks for the explanation.

troffasky

With a no-name 802.3af injector [48v] that had previously been powering the handset directly. I think the cAP AC came with a 24v PSU [can't find it at the moment] so it's unlikely that would have powered the handset.

troffasky

Then you would need to revise the brochure as it is clearly stated:
"It also supports passive or standard 802.3at/af PoE input/output."

I guess they never got around to fixing the brochure, https://i.mt.lv/cdn/product_files/PowerBox_200318.pdf still says this today.

troffasky

I powered a cAP AC with a PoE injector, then connected a Mitel handset to the POE-out port of the cAP AC and it worked fine. I wasn't necessarily expecting the phone to power up as the cAP AC spec says it's passive PoE out.

troffasky

What is important is the size of the device (has to be be as small as possible) and establish multiple connections to Location A and receive as close as possible from it, the 200Mbits . Look at the "IPsec test results" section of any prospective router at mikrotik.com/routerboard. hEX S g...

troffasky

RB4011 will be fine. It may even outperform a slower-clocked 1st gen CCR for things that are single-threaded.

troffasky

IME with Talktalk VDSL they accept anything at all as the username/password.

troffasky

CLI has been changed a lot in ROS7, did they fix it there?

troffasky

Ok is that another fault with not seeing any down times too on the master unit, on the slave i get down time. I just checked a link [not nRay, 60GAPx3 + CubeLite 60 running 6.45.9], AP has 12 link downs, station has 17. So showing 0 sounds wrong to me. Can't help you with the alignment question unf...

troffasky

2.3G PHY rate and no link downs? Sounds fairly stable to me. Do you have an actual connectivity problem? How does the same view look in Winbox, rather than via the web interface?

troffasky

Start by testing internally with a tool like iperf, rather than to the internet.

troffasky

Yes, it's normal:
viewtopic.php?p=812183#p812183

troffasky

Looks like this is something that happens for 5-10 minutes following a reboot. Rebooted this 5 times now and the numbers fluctuate for a bit, then settle down. Shortly after reboot: https://i.imgur.com/qJlEin9.png A few minutes later: https://i.imgur.com/4MgR1JL.png This must just be normal for 60G ...

troffasky

wAP 60Gx3 AP, Cube Lite60 station. RouterOS 6.45.9. I can see that the tx-sector and tx-sector-info values are fluctuating rapidly. Does this indicate physical instability of the unit(s)? connected: yes frequency: 58320 remote-address: 48:8F:5A:88:97:6C tx-mcs: 1 tx-phy-rate: 385.0Mbps signal: 20 rs...

troffasky

https://wiki.mikrotik.com/wiki/Manual:I ... cteristics

troffasky

Yes, please add support for Zerotier. I love Mikrotiks, but they are seriously lacking in some kind of SDWAN solution. Zerotier would be a very cheap and easy way to set this up. How do you know it would be cheap? I don't see how they could comply with this license if they included it in ROS: https...

troffasky

I have requested a climbing wall for our office. Might be a while until it's approved, however...

troffasky

There will be wirespeed L2 switching on the CRS317. There will be no ASIC features, wirespeed L3 routing or MPLS switching. Some features may be added via software updates. Under-promise, over-deliver. Wirespeed L3 routing is "some feature", alright!: https://wiki.mikrotik.com/wiki/Manual...

troffasky

He means AP and station. To the OP: yes, you can change the IP there. They don't need their IPs for the bridging to work. I suggest you try out Winbox for management too. If you make a booboo with changing the IP you will still be able to get on to it with L2 management, and L2 management is not som...

troffasky

By all means Mikrotik, make a more beginner-friendly UI if you want, but do it to the web interface and leave Winbox well alone!

troffasky

It's a sensible idea and CAPsMAN seems like a logical enough place to start. The CAPs already get their wireless config from the CAPsMAN so why not extend it to other aspects of of the CAP's configuration?

troffasky

Outbound per-connection load balancing that groups source/dest connections onto the same WAN [so when client A visits site A, the first connection goes out of the least-loaded WAN - say WAN A - then all connections between client A and site A use WAN A until client A no longer has any connections to...

troffasky

Powerbox Pro.

troffasky

Was the product page updated? I don't see anything here about passive PoE:
https://mikrotik.com/product/gper
but
https://i.mt.lv/cdn/rb_files/GPeR-1568972172.pdf
says PoE out is "Jumper selectable passive PoE Passthrough".

troffasky

It is quite normal that wireless download speed is higher than upload speed.

Yes, that's why he's posted asking for help.

troffasky

But do I really need to get setup QoS just to get LCP echo requests? Your router *is* answering LCP echos, otherwise the graph would be solid red all the time. I think you want to limit your upload to slightly less than 100% of your available bandwidth. https://support.aa.net.uk/CQM_Graphs explains...

troffasky

Dear Mikrotik, Please, please, please could you make some DSL hardware? I am sick of having to use either low-quality+cheap+unsupported or high quality+overpriced+over-complex hardware to get DSL connectivity. I appreciate that there is little DSL in Latvia, but the world is crying out for a Mikroti...

troffasky

How about saying how your 3011 is coping with your workload? That will give anyone reading this thread a better idea of how an 1100AH [presumably x4] would handle your workload.

troffasky

IPv6 Connection Type: Passthrough WAN IPv6 Address: 2001:568:8561:3800:4a5b:38ff:fe27:120/64 WAN IPv6 Gateway: fe80::72f1:86ff:fe95:1530 LAN IPv6 Address: 2001:568:8561:3800:4a5b:38ff:fe25:120/64 LAN IPv6 Link-Local Address: fe80::4a5b:38ff:fe27:120/64 LAN IPv6 Prefix: 2001:568:8561:3800::/64 DNS S...

troffasky

/ipv6 address add address=2001:568:8561:39ff:82f1:86ff:fe85:1531 disabled=yes interface=ether1 add address=2001:568:8561:39ff:82f1:86ff:fe85:1530 interface=bridge Two IPs from same subnet on LAN and WAN interfaces? What are you expecting to happen here? Perhaps reconnect your old router and "i...

troffasky

is a common designation use the term tri band router referring to a 2 x 5ghz + 1 2.4 ghz router

Just because it's common doesn't mean that it isn't idiocy. Shame that Mikrotik perpetuate this. It's like calling gigabit ethernet 2Gbps because it's 1Gbps in each direction.

troffasky

There doesn't have to be 2 separate apps, Mikrotik can abandon WinBox, it's UI looks a little archaic anyway and release a cross-platform Qt app :) Let's hope Mikrotik don't fix the "archaic" appearance of Winbox by turning it into some low-contrast abomination with gradient blends and an...

troffasky

Is 'wireless wire dish' same thing as LHG 60G?:

https://www.mikrotik.com/download/share ... reDish.pdf

troffasky

I have considered some sort of back up scenario. Where the AP has the config in cap and it is set as the back up.

What we need is CAPsMANMAN to sync configs between main CAPsMAN and backup CAPsMAN. Maybe in v7.

troffasky

I agree. In scenarios where CAPsMAN is not involved heavily with station traffic [eg local forwarding, WPA2-Personal], CAPs should not freak out because they can't see CAPsMAN. Consider also a scenario where CAPsMAN is centralised and maybe WAN link is congested. There should be a way to tune how lo...

troffasky

Yes, you can keep both APs on the same network.

troffasky

Do you suggest choosing a phone specifically for the router? Because not all phones work well with your devices. Are you seriously??? He said "Either solution works fine", so you can choose a different phone if you must keep using the RB951, or choose a different AP if you must use a spec...

troffasky

ROS6 uses kernel 3.3.5.

troffasky

The MT should be a router. It should get the public IP. From there onwards the ASUS will be one of the clients of the MT and will be in Bridge mode (as advised by ExpressVPN) , then even more the devices will all be connected to the ASUS. How would the port forwarding look like? What type of VPN it...

troffasky

Should we increase the APs numbers? Should we place them in a certain way allowing users to evenly connect to one of them? Should we work with the hotel’s equipment? Other suggestions? Dual band AP for sure. Hopefully some clients end up on 5G radio and some on 2G. Also, high-density wifi design is...

troffasky

I just want you guys to know the CCR1009 just solved the problem. every single core works!

Did you log a ticket with support? I am sure they would be interested to know.

troffasky

"Reasonable" is a question that only you can answer because it's your network. If you explained why you want to use both routers at once, perhaps someone could hazard a guess.

troffasky

"Same" if you're not bothered about lack of ethernet ports, yeah.

troffasky

In case there's any lingering doubt about the economic viability of selling a DSL interface, look at how much red there is in the bar chart: https://www.ispreview.co.uk/index.php/2018/01/examining-countries-advertise-broadband-isp-speeds-vs-uk.html Two thirds of internet connections in the EU are su...

troffasky

How is the CRS112-8P-4S coming along?

troffasky

I changed my forum theme to a forum theme that doesn't allow changing the forum theme, but as soon as I login to reply to this post, theme has gone back to the old default!

troffasky

All hardware from Mikrotik that runs RouterOS ships with a license key.
License-key-on-HDD is only relevant to non-Mikrotik hardware running RouterOS.
Licensing is not related to management of the router and who has access to it.

troffasky

*) firewall - added "tls-host" firewall matcher (CLI only); Sweet. No more Layer 7 for HTTPS blocking :) How it works? Which packet matches? Does it support wildcards? I presume this is just a special case of a Layer 7 with some pre-defined pattern, and only works when SNI is used. No nee...

troffasky

Probably better to email support if a proper response is required.

troffasky

Dear Forum Users, I would like to change my two Cisco ASA 5520 for two MikroTik CCR1072-1G-8S+. The Cisco ASA 5520 firewall throughput 450Mbps. This value is few. I'm looking for a device that knows the following: - device redundancy ( High Availability / Failover ) Unfortunately there isn't native...

troffasky

Do you actually get better speeds/lower packet loss?

A few possibilities:
- Better RF design with improved filtering and rejection will get you a better noise floor
- Perhaps old card wasn't seated/connected properly
- Cards may not be calibrated the same
- Different cards may have different firmware

troffasky

You have 15 sites of a problematic type for which it costs $1000 to make a support visit and you don't have a way to test a similar site from home (a subscription to the same satellite service)? Don't need a satellite dish to emulate the behaviour of a typical satellite link: https://wiki.linuxfoun...

troffasky

BTW, are there any cheap mini-PCI VDSL

I haven't been able to find a mini-PCI(e) VDSL interface at any price, never mind cheap.

troffasky

Probably CPU can't saturate 10Gbps link, however, those results do seem a little low.
What happens if you try 1G copper link instead?
A more realistic result will be obtained by testing with a device connected to each switch.

troffasky

Any other destinations affected? Even though it is regularly used as such, 8.8.8.8 is not a "monitoring service". I had to switch a customer from pinging 8.8.8.8 to 8.8.4.4 for state tracking, because the former stopped responding [but only on one of their WANs].

troffasky

Look further up the page:

viewtopic.php?p=628352#p605812

troffasky

You could read between the lines as follows - this page has been obsoleted:

https://wiki.mikrotik.com/wiki/Supported_Hardware

in favour of this page:

https://wiki.mikrotik.com/wiki/Manual:Peripherals

so you could read that as no, no USB NIC support.

troffasky

Whats the procedure to cover network for whole area ? Can u mention Network diagram and devices ? You need to backhaul your APs with something. You will struggle if you try to provide access and do backhauling in 2.4GHz band. Sure, Wifi repeater products exist [maybe even RouterOS can be persuaded ...

troffasky

Ok, I understand now. is there is a expert way to trace the encrypted HTTPS requests? because I want to record all breached roles. You can monitor encrypted traffic but there are legal and technical obstacles. You need to a) work out if it's legal where you are b) get the monitored devices to trust...

troffasky

How is the squid transparently proxying https without the end user getting problems?

Having re-read the thread, I have misunderstood. I had assumed the OP was using an explicit proxy not a transparent one.

troffasky

This is not possible I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred. Hi troffasky, Could you please give me notes about squid logs to Monitoring of web searches and video viewing by employees especially &q...

troffasky

This is not possible

I have to disagree here. As an example, Squid logs the hostname that it proxied the connection to along with the number of bytes transferred.

troffasky

How different beacon intervals can assure that one will be always before another if none knows when a client starts to scan and at what frequency it will be and how long he will be scanning before he decides to select an ap to try to connect? You can't be assured [ie 100% certain], but you don't ne...

troffasky

If you literally mean "wifi repeater" then just give up now, because you won't get anywhere with it. If by "repeater" you mean "2.4GHz AP backhauled to <somewhere> with <something>" where <something> is a cable or a wireless connection on a different band, then you're g...

troffasky

Works for me.

troffasky

Off course someone can give login information to other people.

...which is an improvement on "other people" just taking your login without you knowing about it!

troffasky

You might want to state what kind of operating temperature range you're seeing and expecting to see.

troffasky

I didn't even know DXing on 5GHz was a thing until I saw this. Impressive stuff!

troffasky

wifi scanners scans for the ip range therefore if you prevent it from showing ip addresses mac addresses wont be listed too I think you are confused. I linked to a screenshot of a wifi scanner by the name of "kismet", a tool I have used myself [you can also verify this easily enough, beca...

troffasky

The only thing i can think is: from terminal in mikrotik the ping is sent from the WAN interface and that's why i see the hops like a traceroute to a normal site. I'm on the right way? Deunan. Yes, you're close. You will probably find that if you add src-address=<LAN IP> to your ping command, it wo...

troffasky

what you can do is prevent wifi scanners from showing your clients,s mac addresses by changing the network prefix lenghth from 24 to 32 MAC addresses are not encrypted on wifi. You can confirm this yourself with a tool like Kismet, eg: https://lh6.googleusercontent.com/VjbpXPoLPKGEjt-1WDc7QlOGP9an7...

troffasky

The definitive answer will come from your ISP, but generally speaking, 1500 if the service is delivered over ethernet, 1492 if it's coming over DSL. Also, blocking ICMP will prevent Path MTU Discovery from working and PMTUD can be helpful.

troffasky

Just looked at squid logs, CONNECT method shows bytes transferred as well. So not useless at all

troffasky

The issue with OpenVPN UDP and RouterOS is where RouterOS is terminating the OpenVPN connection, not with OpenVPN endpoints connecting through RouterOS.

troffasky

I would start by checking out MTU.

troffasky

Three points: Mikrotik need to focus on the fundamentals. Phone system probably doesn't belong in RouterOS. Mikrotik could build an "app store" of third-party RouterOS modules, of which one could be a phone system, I guess? The closest thing to a phone system that belongs in RouterOS is a)...

troffasky

I would start by just putting Squid on the LAN and blocking web access from everything else. This would require that you explicitly configure the clients to use the proxy server. You can then watch the router to see who is still trying to get out on to the internet directly rather than via the proxy...

troffasky

Have you looked in to PCI(e) passthrough? A quick Google suggests that it actually won't be easy, but it should be possible.

troffasky

The first thing you should do is re-read every reply you've had in this thread and make a list of all the terms you don't understand. Take each one you don't understand and Google it. Write down some notes about what you find to help cement your knowledge. Nobody is paid to post on these forums and ...

troffasky

Try emailing support.

troffasky

Did disabling the SIP ALG make any difference to the observed behaviour?
You need a packet capture of a phone that is failing to register. SIP is quite readable in Wireshark.

troffasky

BTW – MT Wiki says:
Fasttracked packets bypass firewall, connection tracking…
So now with Fasttrack conntrack works or not?

Connection tracking is essential for NAT, so either that page is wrong, or there is a subtlety to the phrase "connection tracking" as they use it.

troffasky

Your router only has one IP address and no link-local addresses. I am not 100% sure but I think you're not going be doing much routing if you only have one IP.
Does anything show up in the neighbour table? [/ipv6 neighbor print]

troffasky

If it didn't work when you connected your PC directly then you've eliminated the switches as the source of the issue.

troffasky

You're going to have to give more detailed diagnostic information than "web sites still won't open" if you want a useful response. What troubleshooting have you tried and what was the outcome?

troffasky

/ipv6 neighbour print

Doesn't really look like broadcast though as the destination is not a broadcast address. Perhaps include the port so you get an idea what the traffic is.

troffasky

keep in mind that 100mbps cable speed, on tcp protocol is approx 50-70 mbps.

Nah. I would expect 94Mbps TCP throughput on 100M ethernet. If you're getting 50-70M on 100M ethernet, something's wrong.

troffasky

You could NAT it, or you could specifically allow access to the printer's actual IP address.

troffasky

Do you have proxy-arp enabled on the interface?

troffasky

was the internal mikrotik codename xmaster?
Am I the only one that read 'xhamster'?

Yeah, looks like it!

troffasky

I can think of at least one reason why you'd want DNS queries to the virtual IP to work - high availability. If you give out one of the physical router IPs as the DNS server in DHCP options, what happens when that router fails over to the other one?

troffasky

Why use WDS if it's routed?

troffasky

If it's true that once speed is above 1000kbps, it shows as 1553.0... then report it to support@

troffasky

Fetch it with wget and see where the redirect goes, and use that.

troffasky

configure them in such a way that the wAP's with the same channel are as far as possible apart from each other. Have you verified that this has been effective? Also 5Ghz has been enabled. This setup is in a harbour, outside on the boot I've good WIFI connection, but inside the boot it still stays a...

troffasky

eCee is 4 channels. 4*20=80MHz.

viewtopic.php?t=105563

troffasky

With regards to the rest of the thread, my experience is that the Intel wifi drivers do not allow >20Mhz channels on 2.4GHz, eg: https://communities.intel.com/thread/51241 I poked and prodded the iwlwifi module and settings with iw all I could but it stubbornly stays on 20MHz. My cheap'n'nasty Dynam...

troffasky

So if I would use the same range of ip addresses on two networks there would be a problem if I bridge the two? You should bridge (or switch the two) if you want to use the same range of addresses (same L2 segment). I mean if I have one computer on one network with the ip address 192.168.1.10 and on...

troffasky

No, you don't need another CAPsMAN:

https://wiki.mikrotik.com/wiki/Manual:C ... Connection

troffasky

That's the "easy" answer but doesn't fulfil your original requirement of load balancing. Maybe bonding the two links would, however?

troffasky

Ideally to do what you want, the radio would be connectorised so you can have the two sets of antennae some distance apart [so that when one is obscured, the other isn't, hopefully]. You haven't mentioned which of the two bands you're using at present. Are you able to repeat the obstruction on deman...

troffasky

i used and It working Maybe i didn't clarify my requirements. The model we are using is only a 2pon OLT. Maybe you used a 4 PON model which may have this function What part of what jimmytam said don't you understand? The datasheet says it will do what you're asking, jimmytam says it will do what yo...

troffasky

What is difference between CPU usage on "plain internet" and VPN'ed internet?

Edit: TBH there is probably no point asking here. If an export of the config is identical before/after upgrade, then it's a RouterOS performance regression and nobody on the forums can help you with that.

troffasky

mind telling me the point of -> ac <- when your backbone is 100mbps?

If you are a performance junkie, you can either buy something else with gigabit ports, or trunk two 100M ports.

troffasky

There will be several different VLANs on all the 24 access ports and I like to use both 10G uplinks to other switches on the campus as trunk ports. I´m not able to configure "/interface ethernet switch egress-vlan-tag add tagged-ports" because I can only specify one of the SFP+ ports. Wha...

troffasky

I finally set it to blowfish and it's working, got around 50Mbps between Windows Station in TCP, but only 1Mbps in UDP From 'man iperf': CLIENT SPECIFIC OPTIONS -b, --bandwidth n[KMG] | npps set target bandwidth to n bits/sec (default 1 Mbit/sec) or n packets per sec. This may be used with TCP or U...

troffasky

What is the mode of printer/scanner ? B ? G? N ?

Unlikely to be B or G if it's connected at 58Mbps.

troffasky

af/at/passive are all supported
http://i.mt.lv/routerboard/files/wAP_ac ... 143210.pdf

Could you update this page accordingly?:

https://routerboard.com/RBwAPG-5HacT2HnD {,-BE}

Just says "PoE in 802.3at" [as do the websites of the usual vendors I have checked].

troffasky

Which is why I suggested trying to filter it.

troffasky

The idea with the bridge sounds weird, have you ever seen that live?

No, hence describing it as a long shot.

troffasky

Bit of a long shot....
Bridge your "crossover" link with your LAN uplink on each router. This is the long shot bit...can you apply a filter to just the LAN uplink that would block VRRP on that interface?

troffasky

Perhaps look at exporting flows to a netflow collector instead? Assuming you actually want to do something with this information once you've got it, a collector is a good place to start.

Using a different subinterface for each client won't scale well.

troffasky

One interesting thing is that it's possible to "mix protocols". Tell VRRP to use IPv6 and it will be happy with link-local addresses. And then you can add your single IPv4 address to virtual interface. I hadn't even thought of IPv6! A good justification for not using IPs in the same subne...

troffasky

"Yes", some years ago: https://forum.mikrotik.com/viewtopic.php?t=58420 "No", more recently: https://forum.mikrotik.com//viewtopic.php?f=2&t=95829 I don't see why the virtual IP needs to be in the same subnet as the real IPs. So long as the two real IPs can see each other, wh...

troffasky

Looks like reporting is part of ntopng now, after all:

http://www.ntop.org/ntopng/exploring-hi ... ng-ntopng/
http://www.ntop.org/ntopng/exploring-yo ... rchkibana/

troffasky

It seems it's my option to take the Cisco router or not however they cannot monitor the line without it.

What do you guys think?

Do you want them to monitor the line?
If you want them to monitor it, is the cost of having their router worth it to you?

troffasky

Don't quite see what the problem is?

Perhaps that's because there isn't one?

troffasky

ntopng has an AS view but it's not really for reporting, more for a real-time view of stats. Has to beat looking up stuff manually though.

troffasky

So what is actually happening, is that router does see the initial request from client and does redirect it, but client is not able to get the certificate and thus the browser displays an error, right? The client always gets a certificate but because the certificate offered doesn't have a common na...

troffasky

To start the SSL connection, doesn't the browser need first to connect to the server? By sending a request for connection, isn't it visible to the router on port 443 and as result redirected to hotspot login page? What am I missing here? When the client wants to connect to https://google.com, the c...

troffasky

Based on the hardware schematic and public available information, there is large chance that the module is more like a linux computer with two bridged interfaces.

This is fascinating, and a little bizarre. Surely running an entire OS on SFP is a massive overhead?

troffasky

The behaviour you're describing sounds like a bug and as it's a very simple scenario, try reporting it to Mikrotik, however...which behaviour are you expecting?
- Disable interface, reboot, interface is enabled
- Disable interface, reboot, interface is disabled [and lights stay off]

troffasky

What should level of CPU usage for management be?

troffasky

Did you perhaps import backup from SXT to the other to speed up your deployment [I know that's exactly what I would have done]? Backup contains MAC addresses so doing this will cause, ahem, interesting behaviour.

troffasky

backups are intended for a given routerboard device and ROS version. I sense a business opportunity here - many admins only discover that they should have done an 'export' instead of a 'backup'[1] when their original router dies and they need to restore it on replacement hardware! You could charge ...

troffasky

I won't claim to understand it, but certificate is not encrypted so common name/alt name can be read from it.

troffasky

If so, this needs to be accessible remotely, ie through the usual RouterOS management tools.

troffasky

So, in summary, can we pass 802.3af PoE in to the mAP2nD and get 802.3af PoE out of it? Not sure about 802.3af in ether2, but an active PoE device turns on instantly and works well... According to the manual for the Yealink W52P it is an 802.3af device, and I doubt that Cisco SB PoE switch is anyth...

troffasky

Changing OIDs after a reboot or interface down/up is not a RouterOS bug, it is a problem in understanding how SNMP works. Sure it is an often-made mistake to hardwire OIDs that end in an interface number, assuming that this number is fixed. This is not guaranteed. I think you're under the impressio...

troffasky

There is this small, not-well-known but very useful tool called "etckeeper" for Linux, which automatically commits all changes you do on your configuration to the version-control-system of your choice (git, svn...). An implementation of that for MikroTik would be interesting I suggest you...

troffasky

802.3af PoE is working OK this time.

So, in summary, can we pass 802.3af PoE in to the mAP2nD and get 802.3af PoE out of it?

troffasky

If it's big enough to fit a PCIE card in, then the box is too big for me. MicroPCIE would work.

troffasky

use two layers and apply one in a clockwise direction and at the end of first layer apply the second in a anti-clockwise direction

Pardon me if this is a silly question, but doesn't that mean that each layer's tendency would be to unwrap the other?

troffasky

anybody thinking this way about copper pair surely has not see the problems about isolation on outdoor cooper wires or/and induction ac or dc problems i think docsis has a better future because is more resistant to interference Which is all very well, but try explaining that to an ISP with millions...

troffasky

Hmm thats pretty low.

Again, is it? Could be well within the indicated performance envelope, but without knowing the specifics, who knows...

There is a known limit of 1Gb/s on a single tcp stream.

I am certain that somebody from Mikrotik has denied this but I can't find the thread right now.

troffasky

You say "only" but have you checked the "Performance test results" table for your model? Depending how you do it and how you have it configured [wot Revelation asked], 500Mbps could be well within the expected performance for this model.

troffasky

The answer to your question is probably "yes". http://wiki.mikrotik.com/wiki/Manual:CRS_features#Ingress.2FEgress_VLAN_Translation Here is a guess: /interface ethernet switch egress-vlan-translation customer-vid=100 new-customer-vid=1000 ports=??? /interface ethernet switch ingress-vlan-tr...

troffasky

I am actually not sure if I should be using a ppp client, a PPPTP client or a PPPoE client.

The example you linked says the Mikrotik would talk PPTP to the modem.

troffasky

Short answer: no. Long answer: Almost. 'strings' will reveal some info from a .backup file but it looks more like status than config, to me [for example, can't see any IPv6 addresses in it]. If you google, you will find a method [mtpass] involving OpenWRT that looks like a proper ball-ache. Actually...

troffasky

From what you've posted, this is almost certainly a bug, so you'd be better off emailing support@.

Perhaps some config is hidden in the GUI?

/interface pppoe-client export verbose

troffasky

If you can be bothered to post a response, why not include the answer to the question instead of just being a smart-ass?

troffasky

Check last few post on here also:

http://forum.mikrotik.com/viewtopic.php ... ue#p463429

troffasky

I think "The Dude" is better for your solution. This is a monitoring tool by MikroTik itself.

Quite - it sounds like the OP is trying to implement The Dude himself with scripts

troffasky

The only way to know is to test it. There is no reason to test on your live system either, as there are plenty of ways you can mock up a config in a virtual lab. Assign a test client with a selection of DNS servers, then create ACLs to block access to each DNS server in turn, and see how the client ...

troffasky

Would like to see from Mikrotik a DSL device that can be managed from RouterOS with some kind of module in ROS itself - similar I suppose to the way that CAPsMAN manages remote APs, although really only for local devices. If it could be powered with passive PoE from a Routerboard that would be great...

troffasky

...which is certainly not a problem the underlying OS has [64GB on 32-bit x86].

troffasky

RB1100AHx2 and CRS125 in the same rack running the same software. Polling temperatures with SNMP. Most of the time the temperatures track each other pretty closely, but occasionally the CRS125 jumps up by about 40 degrees, and then back to where it was on the next poll. This is obviously not the rea...

troffasky

In my opinion, you need get a professional in to come and have a look at your network. You aren't going to get this fixed via the medium of back-and-forth posts on a forum.

troffasky

I have been having issues at some but not all of my sites where the captive portal will fail because their default home page is at an https site mostly google.com. Not really sure what you can do about this if the client device doesn't trust you, ie you can't give them a fake certificate for their ...

troffasky

Most likely issue when trying to load balance voice is that you've registered with a SIP peer from one WAN but then the load balancing sends a subsequent connection [signalling or media] out of another IP. Try turning off the load balancing first and see if it's the load balancing or the NAT that's ...

troffasky

it's all default configuration

It isn't, because none of the IPs you've listed are the default.

troffasky

ARP is an essential part of IP + Ethernet networking, so no - unless you're prepared to create static ARP entries where required.

What is the security issue that you think a lack of ARP will solve?

troffasky

Email support.

But really, economic problem won't be fixed with technical workarounds. If you aren't charging enough to cover your costs, Mikrotik cannot fix this for you.

troffasky

If the clients get internet access then it's probably not a routing issue. Is there any NAT involved? When a client browses to the web, what public IP do they get? If it's not NAT or routing then perhaps it's a firewall rule.

troffasky

What settings were changed over those three days?

troffasky

I think perhaps the "backwards router" analogy has outlived it's usefulness. The thing that makes it work is the connection/state tracking. You don't have to use NAT to use state tracking.

troffasky

What you're doing is eminently possible. Think about it - it's just like a "home" router plugged in backwards; your home router wouldn't allow any traffic in unless it's related to an outbound connection. "What you're doing" should have said "What you're trying to do"....

troffasky

Scroll up?

Search found 456 matches