MikroTik

flynno

Can the Reolink NVR not be put in bridge mode?
no control on the internal router whatsoever !!

That's a pity, the system I have you can change the ports in the NVR into a switch

flynno

Its it stuck @18.1MB? I use these devices at a site and the traffic seems to be stuck and does not change

flynno

wireless-protocol=nv2

NV2 is not supported on ax devices

flynno

Can the Reolink NVR not be put in bridge mode?

flynno

You could get a small piece of pve pipe and drill two holes through it and screw it to the wall, then use the clamps that come with the powerbox to attached to the pipe. That shower handle is expensive

flynno

Factory reset device with no default config

Create a new bridge and all add all ports to bridge

Set dhcp client to bridge

Plug ethernet cable from NVR in powerbox port 1

Powerbox will request IP from NVR

flynno

Check the logs of capsman device to see what is happening

flynno

PowerBox Pro should work, I have one in my attic powered via POE out on NVR to power two outdoor cameras, also you could check out the GPER14i

flynno

Do you have to use vlan1?

No special config needed for the 60ghz, can you post your config on the 60ghz AP hide any sensitive stuff

flynno

Your issue might be that you are using vlan1

flynno

/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan

Change to correct subnet

flynno

Why not use SXT AC units?

flynno

Schedule this: :if ([/ip ipsec policy get [find where peer="NordVPN"] ph2-state] = "estabilished") do={ /ip firewall nat enable [find where comment="defconf: masquerade" and disabled] } else={ /ip firewall nat disable [find where comment="defconf: masquerade"...

flynno

important comment about flynnos config: you should have a "no default configuration" device. Aka: System -> Reset Configuration and check "no default configuration" checkbox. Will try that next as it seems the config doesn't work as is, what should the CAPsMAN config be? Maybe I...

flynno

Look up capsmanv2, plenty of YT videos and topics on this forum to help you Honestly I have tried, even managed to get to a decent stage where at least the AP is reporting it cannot see any CAPsMAN on the network, but its just too hard. Most wikis forgot to define terms and acronyms so I spend 20mi...

flynno

1. In the current line-up of wireless products MikroTik wireless is inferior to Unifi AP's in every way shape and form ; 2. For wired MikroTik is excellent - for wireless <> especially if you want happy clients stay with Ubiquiti The hardware feels so much better and it reboots in a 1/10th of the t...

flynno

This looks like a big project to start learning Mikrotik equipment on

flynno

Guys everyone knows wifi isnt as good as running an ethernet cable, why all the fuss? even new houses are been built with data cables and fibre in the wall. The end user is cheap and wont pay expensive price for these wifi 7 devices, who is buying all these devices? definitely nobody buying them in ...

flynno

Hello hello everyone :) Seems like there were tons of topics like this but as every case is different, logs are required etc and after two weeks of trying I decided to start a new one. Sooo... I have a fiberwire internet from my operator (Orange in Poland), 1 Mbit. Operator's router is known as a v...

flynno

Give your pc a static IP within that subnet say 10.0.0.184 with gateway 10.0.0.1 and see if you can reach it using the PC I can't connect, sorry disabled the ethernet driver by mistake, i can ping 10.0.0.1, but i cant ping 10.0.0.123. I torched ether 4 that is where the router is and i got that 10....

flynno

You just disable the lan port on the CPE and go collect it

flynno

How does that even happen?

flynno

Give your pc a static IP within that subnet say 10.0.0.184 with gateway 10.0.0.1 and see if you can reach it using the PC

flynno

How is the device getting that IP address?

flynno

Yes remove from dhcp then flush pc using command prompt command ipconfig /release then ipconfig /renew

You might have to reboot router as you set long lease times on that dhcp

flynno

I don't see any failover script or setup in the config export, the mikrotik is behind another router that likely has a firewall on it. If you used googles dns as test for failover, this could be the issue. Have you tried removing googles dns and just accept the dns from the ISP ether1 is listed as W...

flynno

On your PC can you run command prompt and type into command prompt ipconfig /all

Check and see what DNS servers appear on the list displayed

flynno

Disable address 192.168.100.85/24 on bridge1 inside the address list

flynno

192.168.100.85 is the mikrotik router IP that your ISP modem is handing out to it. Looking @ your route list u can see 192.168.100.0/24 ether1 and bridge1 The dhcp client should be on ether1 since that is the WAN port connect to the modem and ether1 should be removed from the bridge1 Can you post a ...

flynno

Can you post a picture of your IP Routes > Routes List

flynno

set [ find default-name=ether4 ] comment= "#UPLINK CBO UTP 100MB RESTAURANTE #" You connect to ether4 and have no internet, is your PC not getting an IP from the DHCP server? No actually ether4 is configured as static ip 172.16.20.69, the dhcp pool starts after 172.16.20.70-254. "I c...

flynno

set [ find default-name=ether4 ] comment= "#UPLINK CBO UTP 100MB RESTAURANTE #"

You connect to ether4 and have no internet, is your PC not getting an IP from the DHCP server?
Is there any errors in the log?

flynno

"5 pppoe connections active"

Do any of the IP's these clients have look duplicated or the same, ignore the gateway IP?

flynno

The network config does not look very good, everything is on the same bridge.
Have you got any backup scripts of the router before you made the changes that messed it up?

flynno

Thank you for reply, How exactly I check this? And I found that ether2 and 3 does not have access and the routers connected on the switches tha are connected on those interfaces. Check in DHCP server > leases Check in PPP > Active Connections Also you have /ip dns set servers=8.8.8.8,8.8.6.6,1.1.1....

flynno

Did u check for any IP conflicts?

flynno

R u using capsman to manage the hap ax³ wifi also?

Not sure if this still works with capsman v2
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=cfg1 \
radio-mac=00:00:00:00:00:00

flynno

on hAP ax lite, create a bridge called br /interface bridge add name=br Add all ports to br you may disconnect from hap, reconnect again and check if all ports have been added /interface bridge port add bridge=local.br interface=ether1 add bridge=local.br interface=ether2 add bridge=local.br interfa...

flynno

hap ax lite only has 2.4G

flynno

maybe an option like mANTBox ax 15s can be considered, i know is not so cheap as the wAP but can be very useful https://mikrotik.com/product/mantbox_ax_15s Yep, but I think OP is already beyond the WAP, a Netmetal Ax (+antenna(s)) is going to cost much more. What is not clear (to me) is how wide th...

flynno

Dont forget: CRS: Cloud router switch ... ... which doesn't really belong into xAP family of devices, does it? And generally doesn't provide wireless coverage at all, does it? In case you missed: this thread was about wAP and @Normis tried to explain that wAP (due to being wall AP) doesn't really h...

flynno

I had this issue before, cant remember how I solved it,

Go to system > Users > SSH Keys - Import SSH Key

Then

Go to system > Users > SSH Private Keys - Import SSH Private Key

flynno

This will for sure be a controversial topic, and mostly based on how I feel at this time. I feel MikroTik should shift their priorities and focus on hardware and verticals . Given the current state of their technology and shit show with their current wireless products, IE: Outdoor AX and AX drivers...

flynno

Hi all, First, let me apologise up front for posting this here. It's general in the sense that it is about Mikrotik, but maybe not in the sense it is intended, but as there is no chat section it seems to be the best place for this topic. Mods, please feel free to move it elsewhere. I recently close...

flynno

configuration.antenna-gain=20

Can you lower it down, 20 is high

flynno

cool story

flynno

Have you tried daloRADIUS

flynno

R u running Capsman?>

flynno

Maybe the pins are damaged, check see they look the same as the other working ports

flynno

SA Query timeout issue is still there unfortunately. I had my Zoom video meeting disconnected multiple times after the upgrade to 7.16. I use hAP ax3 with WPA3 disabled (that kind of helped at 7.15.3) and the laptop with AX203 card running the latest drivers. Interestingly my old hAP ac2 with wifi-...

flynno

This is my export: /interface wifi channel add band=5ghz-ax disabled=no frequency=5660,5700,5680 name=5Ghz-Andrea \ skip-dfs-channels=10min-cac width=20/40/80mhz add disabled=no frequency=2412,2437,2472 name=2Ghz-Default width=20mhz add disabled=no frequency=5180,5260,5500 name=5Ghz-Default width=2...

flynno

I have only hap AX3. I don't use Capsman

Can you export wireless config here?

flynno

HI,

I was also hoping to resolve the problem with the Wifi:
SA Query timeout....
I keep having disconnections
Is the only solution to downgrade to 7.14.3?

Thanks

How many AP's do you have?

flynno

PPPoE is not adding a default gateway?

flynno

/interface wifi channel add band=5ghz-ax disabled=no frequency=5220,5180-5320,5660-5845 name=5ghz skip-dfs-channels=10min-cac width=20/40/80mhz /interface wifi security add authentication-types=wpa2-psk disabled=no management-protection=disabled name=home-private /interface wifi set [ find default-...

flynno

i have lots of screen shots to show you but i wont do it here on OP m8 go to wifi config and put DTIM period up to 8 on the 2.4 and 3 on the 5g try it works for me i get hardly any disconects now if not i will do a new post with my config so you can try my settings Ok I will try this tonight, I'm l...

flynno

Hi, Thanks for your suggestion. I prefer not to pull the coax from workshop room to bedroom. Also on my workshop room i have pc will running 24 hours, maybe we can connect the TV box to this PC and build this PC as streaming server so another device can stream from this PC? What kind of TV box is i...

flynno

cheers My GURU did the address list version see if i did it correctly and if it works for me lol so far it is give it a couple days to test more but ty for the help thats above my pay grade i have created a drop to wan like this add action=drop chain=input comment="Blocked ports" protocol...

flynno

is yours 2.4 or 5g?? as i was having same problems but i dont have hardly any anymore im on the 7.17 beta but i had it working and roaming before this beta i found it is the 2.4 that seem to be having all the issues but i hardly get any now with my config changes I have same issues Seems to be with...

flynno

Might be an option for you, Triax HDMI to COFDM DVB-T Modulator
Run a coaxial cable to your bedroom

flynno

ok so fun fact i dropped to wan these ports guess what i cant log into the router via winbox with the ip address?? i can only log in via the mac id so it is winbox trying to open /connect to ports in the router i disabled the ports i was dropping to wan and i can now log in to the router again with...

flynno

I have same issues

flynno

Strange, but I got this error on devices inside the local network (wireless access points and switches):
Code: Select all
possible SYN flooding on tcp port 8291

Setup up a firewall rule to log addresses trying to reach these ports

flynno

wtf.JPG This has been going on since installed, capsmanv2 with 2x cAPGi-5HaxD2HaxD and 1x C52iG-5HaxD2HaxD All running 7.15.3 10 wireless devices have no issue and do not disconnect and about 4-5 devices keep disconnecting and reconnecting, Basic settings applied below /interface wifi channel add b...

flynno

7.17beta2

*) wifi - re-word the "SA Query timeout" log message to "not responding";

Fixing typo's

flynno

Might be an easier solution to create SSID's for the users that you want to have no internet, that way you can create a script to disable the interface and enable it

flynno

Yeah, I am also getting alot of disconnects with good signal at a clients location using 7.15.3 with 3 ax AP's, I cant seeem to replcate the issue in lab using same config and connected devices roam as they should, could be some interference somewhere at clients location. I will turn down the AP TX ...

flynno

STABLE IS IT! 09:19:57 wireless,info 6C:A1:00:23:77:DE@cap-wifi1 disconnected, SA Query timeout, signal strength -65 09:19:57 wireless,info 6C:A1:00:23:77:DE@wifi2 connected, signal strength -84 09:20:39 wireless,info 6C:A1:00:23:77:DE@wifi2 disconnected, SA Query timeout, signal strength -82 09:20...

flynno

Is roaming fixed in this firmware, running v7.15.3 at the moment and wireless roaming working correctly, devices are disconnecting and reconnecting with no internet for 10 seconds, alot of disassociated, connection lost, signal strength -49

flynno

"When they are on cable they will get full download and upload speed" Does this mean when they connect a device via ethernet cable?

flynno

Ok, I tried using telnet with ssh to to remote device but I was getting permission denied, very strange. I then regenerate host key and export to remote device.
The command now works as it should, I wonder with the SSH keys stopped working and I have to create new keys

flynno

Hi guys, I want to use ssh to run a script that is stored on a remote mikrotik device. Local device I run below; :local Status ([/system ssh-exec address=192.168.88.26 user=admin command="/system script run disablePort"]) :log info $Status I can see the device making the SSH connection but...

flynno

Was the unify device wifi6?

flynno

Maybe try another power supply

flynno

/ip dns set servers=1.1.1.2,9.9.9.9 allow-remote-requests=yes

Do you really need "allow-remote-requests=yes" ?

flynno

Are you using the hAP as a router or switch?
if as switch the bridge all ports, if as router remove ether1 from bridge and change dhcp client to ether1 and create a dhcp server on bridge
Set ether1 as WAN and bridge as LAN then apply firewall and nat

flynno

Are all ports bridged?
If so, then dhcp client should be set to bridge not ether1

flynno

what kind of issue?
post config

flynno

Some devices use random mac addresses when connecting to hotspot, mac address will be different each time user connects

flynno

Thanks Sindy, pity I set the clients to add allow=mschap1,mschap2

flynno

Hi guys, Is it possble to see the password the user is trying to use in the logs? I can see the username but not the password "user blabla authentication failed" My secrets got erased due to netwatch issue, is there anyway to bypass the password to allow the user entry to retreive the vali...

flynno

Where is the wAP AX???

Considering the "features" and "quirks" a long with the actual radio performance...

I took down the wAP AC and swapped it for XV2-23T on our patios.
PXL_20240819_144039340~2.jpg

WAP AX coming soon

flynno

I tested the netinstall on a router that had a basic config, the config was restored using netinstall but when I used netinstall on the router that had a VPN L2TP server with all secrets, the router got wiped clean. I guess avoid using Netwatch on lower firmware packages

flynno

Ok, I done the same netwatch on another device running 7.15.2 and it seems to have a built in probe for 5mins and this seems to prevent the boot loop.
Is it safe to netinstall the bootloop device with 7.15.2 or higher and keep configuration?

flynno

I powered up another mikrotik device and set the netwatch to ping 192.168.0.1 and when down /system reboot

The device also gets stuck in a bootloop, I even set the port facing the device with IP 192.168.0.1 so the device can ping it to prevent the reboot but this does not stop it

flynno

HI guys,

I setup netwatch to ping an IP and if down reboot, now the router is stuck in a bootloop.
I tried setting another router as the IP the netwatch looks to ping but no joy.

Is there a way to use wireshark to see the ICMP pings coming from the bootloop router to check what is happening?

flynno

RBD53iG-5HacD2HnD Firmware 7.15.3 { "Safe Mode": 0, "Undo": 0, "Redo": 0, "Quick Set": 0, "WebFig": 0, "Terminal": 0, "Hide Passwords": 0, "Manual": 0, "WinBox": 0, "Graphs": 0, "License": 0...

flynno

Hey guys,

I'm looking for the best firmware release for the CubeG-5ac60ay-SA that fixes random drops issue?
Also is it possible to run 2 x CubeG-5ac60ay-SA on same pole without causing interference?

flynno

Thank you for quick reply

flynno

Hi guys, Just looking for some information regarding the MTP250-26V94-OD, I want to put an outdoor plug ABB 16A 2P+E Connector 250V onto the input AC end of the MTP250-26V94-OD. Looking at the brochure it says AC powering (Max current) 3.5 A but the outdoor plug ABB is 16A is this safe to do? Also i...

flynno

Hey,

You have wifi interfaces bridged, try removing them from bridge

flynno

Can anyone confirm if these devices are safe to use outside at this date? It's such a weird design to have to point a device upwards to prevent water ingress. I live in Ireland and was thinking about buying these products, not sure if these devices would last long with the rain we get over here.

flynno

Have you tried using antenna gain to reduce wifi signal from reaching outside the building?

flynno

Devices can use randomise mac addresses while using a hotspot, you might need to use a login username and password

flynno

Possibly an IP conflict, can you change the mac address on port facing ISP on the mikrotik to the previous ISP router mac address

flynno

Why do you need WiFi to be so fast?

flynno

Can you see any port drops on interfaces that the radios are connected to?

flynno

Hey guys, I have an LtAP device and having issues sending the longitude readings to a webserver, I can send the Latitude readings. If I use /tool fetch http-method=post http-header-field="Content-Type:application/json" http-data="{\"lat\":\"$lat\",\"lon\"...

flynno

Had the same issue today, sector went down last night and I drove to site with replacement wireless card but found that the gesp had water ingress and corrosion had set in on the pins. The grommet seems to trap the water once it gets in, this is not good as I have quiet a few of these in operation. ...

flynno

Is the Tik LTE connecting to 3G or 4G, turn off 3G on the device

flynno

Try reducing the DNS cache size, that will free up space

flynno

Could be firewall blocking BT, add input rule accept with port 2000 for BT on both devices, disbale rule once tests are complete

flynno

/interface vlan add comment="VLAN 1 - CCTV" interface=Trunk name=_CCTV vlan-id=1 add comment="VLAN 88 - PPoE" interface=Trunk name=_PPoE vlan-id=88 ether5 is named interface=Trunk and on ether2 is ppoe what port is ether2 been used for? it's named ppoe /interface pppoe-server ser...

flynno

Ok, you have your pppoe server set on a vlan and its set on interface Trunk which is ether5 from what I can see in your config. /interface vlan add comment="VLAN 88 - PPoE" interface=Trunk name=_PPoE vlan-id=88 Can you remove this /ip address add address=192.168.88.1/24 comment="PPoE ...

flynno

I have noticed this also when I use a RoMon secret, I can only see few devices not sure is it a bug

flynno

Have you tried removing the IP address set on the pppoe server? you dont need to have an address set for the pppoe interface just a ip pool for clients

flynno

Hi,
add the route 0.0.0.0/0 via the gateway IP of the main router and try ping 8.8.8.8

flynno

Edited above script to add telegram #set lowvoltalarm to desired alarm voltage in tenths of a volt. 125 = 12.5v :global lowvoltalarm 233 :global highvoltalarm 280 :global highvolt :global lowvolt :global starttime :global hivolttime :global lovolttime :global vh :global lastvoltage :global telegramB...

flynno

What is Eero? :shock: mesh WiFi https://eero.com/ I have 2 in bridge mode. Excellent wireless coverage. I did order Audience to give it a try. Eero is what the guy who has NO BUSINESS AT ALL TOUCHING A NETWORK, is bringing into a commercial install. Sparky, "I use this all the time." Me, ...

flynno

What are you trying to do that needs wifi?

flynno

/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0

Try make the change above

flynno

what vlan does your ISP use for fibre?

flynno

It's possible that the antenna gain has changed on the radio to contry regulations reducing the power causing the signal to change. Did you upgrade both radios or just one?

flynno

6.46beta16 installed on hap mini (smips) using PEAR2\Net\RouterOS; api no longer works to login. PEAR2\Net\RouterOS\DataFlowException: Invalid username or password supplied. in /var/www/html/PEAR2/Net/RouterOS/Client.php:175 Stack trace: #0 /var/www/html/index.php(71):PEAR2\Net\RouterOS\Client->__co...

flynno

In DHCP Client have you set 'Add Default Route:' to yes along with use peer dns

flynno

Add a dhcp client on ether1 in IP >DHCP Client

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN

/ip dns
set servers=8.8.8.8,8.8.4.4

flynno

Set PPPOE to WAN interface and ether1 to LAN if it's an SXT device you are using /ip firewall address-list add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet add add...

flynno

You should get somebody to hold it in the direction of the tower outside the house, then run your tests.

flynno

Have you tried removing the src-address=102.177.16X.X from /radius
add address=102.177.160.3 secret=XXXXXXXXXXXX service=ppp,login src-address=102.177.16X.X

flynno

Is the TP link in bridge mode or router mode?

flynno

Why don't you put routers at the towers and terminate the pppoe connections on the tower that the clients are connected to?
Are the VPLS tunnels back to the core with one PPPoE server and all your clients are terminating at the core?

flynno

That's great glad you got it sorted

flynno

Are you using the dns provided by the sim? try add 8.8.8.8 and 8.8.4.4 as the dns servers
You can remove the LTE dns from the LTE APNs menu untick Use Peer DNS and default route distance to 1

Or in the DHCP add dns servers into the network

flynno

/export config here

flynno

When you say "Access Mikrotik Router Externally" do you mean access from devices that are connected to the modem or from anywhere in the world? I use below rules on my Tik device along with port knocking and VPN In terminal copy paste below, It disables services except for winbox and www /...

flynno

Check antenna gain on SXT

flynno

add rule
/ip firewall filter add chain=input action=accept protocol=tcp dst-port=8291
move rule to just below the first input drop rule

flynno

You should just email or text the client and tell her that the internet will end on such a date unless payment is received and reconnection fee will incurr if payment is not made nake the text look automatic and robotic like

flynno

Open Terminal on router and paste firewall rules below /ip firewall address-list add list=Nextiva address=208.73.144.0/21 comment="Nextiva IP Range 208.73.144.0/21" /ip firewall address-list add list=Nextiva address=208.89.108.0/22 comment="Nextiva IP Range 208.89.108.0/22" /ip f...

flynno

You must be suffering from some kind of mac spoofing, if the clients are connecting to the hotspot from AP's, turn off default forward on the AP's If you try connect to the hotspot using your device and see if you can ping other devices connected to the hotspot, if you can ping the devices you will ...

flynno

When did this start to happen?
How are your clients connecting to the hotspot? wireless / wired
Is your hotspot running on a bridge?
What is the IP pool of the hotspot?

flynno

Ok try set it to 2 and see if that helps you out

flynno

Is Addresses Per Mac = 2

flynno

Hotspot Server
Addresses Per Mac ?

flynno

Ok I taught you had FTTB. Might be best to give your ISP a call and see what is going on. It could be something at there end

flynno

Ah ok now I understand your design, the SXT LTE kit has LEDS on it for alignment so you can just adjust it each time you dock. Why dont you try build a custom solution using below; mANT LTE 5o (LTE ANTENNA) 5dBi LTE antenna with 2 x SMA connectors x1 RBM33G Powerful OEM board with three Gigabit LAN ...

flynno

The WAP AC is an access point only, so you connect devices to it. SXT LTE is for internet, you could power up the WAP AC on the second POE port and put the WAP AC outside maybe setup a hotspot on a vlan for other dock users. You could put another indoor Tik device inside the cabin, if you need hardw...

flynno

Do you have a fibre terminal ont with fibre in and ethernet cable out to run to ISP modem? Can you remove the ISP modem and just have the mikrotik device? Alot of fibre connections run on vlan10 so it would just be a matter of you creating a vlan10 on ether1 and request dhcp client using vlan10. You...

flynno

Hey Patrick,

The Groove 52 ac has only single chain and is L3 device, L3 meaning you can only connect one device to it.
If you need the access point to be outside and waterproof you would be best off going for
The SXT 4G kit and a wAP ac (wAP ac duel band 2.4 - 5ghz outdoor or indoor device)

flynno

Is the Tik device to be used as a bridge or main router?

flynno

Disable "allow remote requests" on DNS unless you add a firewall input rule to drop port 53 from wan side You have a vlan 10 on bridge, what is this vlan to be used for? /interface vlan add interface=bridge name=vlan10 vlan-id=10 What type of internet connection do you have i.e. FFTH. FTTC...

flynno

It's possible that you have an ip conflict, check for the mikrotik for duplicate IP's

flynno

PTP link
R2 - R4

R2 side UltraDishTM TP 550 with MikroTik RouterBOARD RB922UAGS 5HPacD 802.11ac 866Mbps
R4 side UltraDishTM TP 400 with MikroTik RouterBOARD RB911G 5HPacD 802.11ac 866Mbps
AP on R4 is QRT AC L4

Detect Radar is causing a lot of issues with frequency selection

flynno

5785/20/an(33dBm) is R2-R4 PTP link 5745/20-Ceee/ac(33dBm) is an AP on R4 facing opposite direction to the PTP R2-R4 link R4 AP was set to AUTO frequency and it set itself to 5745/20-Ceee/ac(33dBm) The AP is running routeros-mipsbe-6.42.11, do I need to change installation is set to "Outdoor&qu...

flynno

PPPoE server on R4 see image attached I left MTU blank on the pppoe server. The client cpe I have it set it to 1480 The client is having the traffic shaping done on R4 and I see very few packet drops in the queue tab, its set to wireless default queue type. The connection to the client cpe is a qrt ...

flynno

R1-R2 5805 5Ghz only AC 5805/20-Ceee/ac(33dBm) Tx / Rx Signal Strenght -29/-28 dBm distance is set to dynamic but the link is 1KM in distance TX fluctuates up and down between 50 to 80% and the RX is fairly consistent between 80% to 90% there is always traffic going through the link Signal to noise...

flynno

Hey Petrb, R1 - R2: 802.11 ac wireless R2 - R4 is set to NV2 as I was creating self interference on the R1 - R2 link NV2 is all I can use on R2 - R4 as nstreme drops to many times due to interference. The link is passing over a small town and is picking up alot of access points in the 5ghz band. I c...

flynno

Hey guys, I'm using this firewall on wireless clients CPE's, anyone have anything else that I should include into it? /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=accept c...

flynno

Hey guys, Just a question in relation to the CCR1016-12S-1S+ PSU. Is it possible to remove the second power supply and connect the pins to a din rail DC 24v 4A output supply? I have the option of battery supply and would like to be able to use it with the CCR1016-12S-1S+ in case of mains power suppl...

flynno

Hey guys, I'm having issues with my network, if anyone can take a look at the design layout and may be able to help with below issues. Bandwidth tests between routers R2-R1 Download speed 100M + (R2 - R1 is over wireless) R4-R2 Download speed 100M + (R4 - R2 is over wireless) R4-R1 Fluctuates betwee...

flynno

Ok see image of network, R4 is router that client is connected to that is having the speed issues

flynno

Hey CZFan,

I forgot to mention that it also goes lower than 10MB also, so it's a high 10M - 11M or can be as low as 3M etc... but never higher than 12M

flynno

Hey guys, I have a LHG XL 5 ac with ROS package v6.42.11 on clients premises. LHG XL 5 ac upgraded with v6.42.11 Client speed is set to 20M download 5M upload download but cannot pass 10MB on the speedtest.net app or website. Bandwidth tests from CPE to Main router show 20M download 5 Upload, so no ...

flynno

The SXT you are using is has a licensed 3 so the wireless will be set to "bridge" mode for one only one wireless device to connect which is the workshop device. The script below has set the wireless security to workshopconnect so on the TP device in the work shop you will need to search fo...

flynno

Ok, what is it you are trying to do with the SXTsq Lite2?
Is it possible for you to reset the device and remove the default setup script.
I can assist you to setup the device without the help of quickset.

flynno

Hi Derek,

Can you do a command export file=PTP-AC hide-sensitive in the terminal of the SXT
Open the file with notepad++ and copy paste contents here or attach the file.

flynno

Can you post the config you are running on it?

Could be something to do with the interface lists and winbox access set to the wlan

flynno

if the sale bad product goberment punish them.

Pure quality stuff right here

flynno

Have you added the nat rule and place it above the current nat rule on your CCR

/ip firewall nat
add action=accept chain=srcnat comment="Client Static IP" src-address=111.111.111.111

111.111.111.111 been the public ip you want to assign to the client

flynno

DHCP. Don't want anything to do with PPPoE.

Have you tried assigning the IP via DHCP leases to the MAC of the clients CPE?

flynno

Are you using PPPoE or DHCP?

flynno

Do you mean setup a nat rule?
/ip firewall nat add action=src-nat chain=srcnat out-interface-list=WAN to-addresses=YOUR PUBLIC IP

flynno

Have you tried using a mangle rule for MTU /ip firewall mangle add chain=forward out-interface= pppoe-out1 protocol=tcp tcp-mss=1440-65535 tcp-flags=syn action=change-mss new-mss=1440 passthrough=yes /ip firewall mangle add chain=forward in-interface= pppoe-out1 protocol=tcp tcp-mss=1440-65535 tcp-f...

flynno

Solution // Receiving variables @$device_name = addslashes($_POST['device_name']); @$profile_select = addslashes($_POST['profile_select']); use PEAR2\Net\RouterOS; require_once 'PEAR2/Autoload.php'; try { $util = new RouterOS\Util( $client = new RouterOS\Client($_SESSION['user']['remoteadd'],$_SESSI...

flynno

Anyone have the correct API to update a current profile to another profile without deleting the existing one. Here is what I have so far; <?php // Receiving variables from filled form @$device_name = addslashes($_POST['device_name']); @$profile_select = addslashes($_POST['profile_select']); use PEAR...

flynno

$util->setMenu('/ip/kid-control/device');
$util->remove(($_POST['device_remove']));

Solved using util

flynno

Hey guys, i require help removing a device using the Pear2 api Two lines of code below that I am using to remove the device. I have a form created to get the name of the device to be removed that passes the variable $device_remove $addRequest = new RouterOS\Request('/ip kid-control device remove'); ...

flynno

Did you try adding the ether port that the ubnt device is connected to the pppoe server bridge

flynno

Is the UBNT connected to the RB750 in the same bridge with the PPPoE server?

flynno

Hi Johannes33, pub and skins are OK in the files, just look out for the mikrotik.php file, also any scripts or schedulers you did not add yourself. Go to IP > SOCK and disable if active. Go to Users and delete any user you did not add, make a new user in a different name other than "admin"...

flynno

Have you correct SFP modules for send and receive? normally blue and yellow bars on them

flynno

Have you tried disable the SIP in ip firewall service ports?

flynno

Hey Mistry7, have you any rules that I can use to prevent this from happening?

flynno

I think I fell victim to this attack yesterday, my clients had problems watching netflix and appeared to have two IP addresses. One IP was fake and one was the real IP address. Netflix reported the IP as using a proxy or VPN and denied the clients access. My main router was breached before because o...

flynno

Good morning Normis, I amended the Nat rules on the main router to /ip firewall nat add action=src-nat chain=srcnat out-interface=<Public> to-addresses=<Public_IP> on the clients cpe's I have chain=srcnat action=masquerade out-interface=pppoe-out1 log=no log-prefix="" unless they have a st...

flynno

Clients are showing they have two IP addresses instead of one on whatsmyip.net, one real IP and the other IP's are fake here is three IPs that showed up 66.249.81.232, 66.249.81.228, 66.249.81.234. They are not using VPN;s or proxies. I changed the IP of the main router for now and added firewall ru...

flynno

Hey guys,

I masquerade my clients out behind one IP and for some reason Netflix has banned that IP now.

error message
Whoops, something went wrong.Streaming error.You seem to be using an unblocker or proxy. Please turn off any of these services and try again.”

Anyone else having the same problem?

flynno

Ok not sure if it's a bug but when I check "add default route" it auto adds route with the office public IP into route list as dst.address x.x.x.x and as gateway x.x.x.x and is unreachable. I have to add static route 0.0.0.0/0 gateway l2tp-out1 which is reachable, now the vpn is working co...

flynno

The issue I'm having is that LTE device is using its own public IP instead of the public IP of the remote office when browsing the internet. When I visit whatsmyip.net when the vpn is active on the LTE device, the IP is not the IP of the remote office. 0.0.0.0/0 via L2TP gateway or 0.0.0.0/0 via 172...

flynno

The SPF port failed on my RB3011 today, it was working for about 6 months straight. The setup was SC fibre with opton 125G SM WDM31 S3D modules. The RB3011 was connected to a mikrotik powerbox by fibre, I had the sfp port bonded with an ether port but no Ethernet cable connected to that ether port. ...

flynno

see image

flynno

Strange thing happens when I try to use the add default route with the ppp dial out add default route. The office public ip is added to the ip routes but is unreachable. It adds a route Dst gateway x.x.x.x Gateway x.x.x.x which is unreachable so the public ip is been used as the dst address and the ...

flynno

Hi Bram, What kind of dns settings do you use? /ppp secret print Flags: X - disabled # NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS LOCAL-ADDRESS ROUTES 0 test l2tp 1234 default 172.16.0.10 172.16.0.1 172.16.0.0/12 LTE reachable now via 172.16.0.10 LTE local network 192.168.1.0/24 Office r...

flynno

Office Router DNS /ip dns print servers: 172.16.0.1 dynamic-servers: 89.101.160.5,89.101.160.4 allow-remote-requests: yes max-udp-packet-size: 4096 query-server-timeout: 2s query-total-timeout: 10s max-concurrent-queries: 100 max-concurrent-tcp-sessions: 20 cache-size: 2048KiB cache-max-ttl: 1w cach...

flynno

LTE Device Office Public IP = X.X.X.X /interface ethernet set [ find default-name=ether1 ] arp=proxy-arp /ip neighbor discovery set lte1 discover=no /interface list add name=discover add name=mactel add name=mac-winbox /interface wireless security-profiles set [ find default=yes ] supplicant-identit...

flynno

Still no luck with the nat rules. When I enable mangle on the LTE device for the private network, I cannot access websites but I can see dns requests populating on the office router

flynno

Hi Chris,

Remote office router nat

/firewall filter nat
srcnat scr address 172.168.1.0/24 action masquerade

New below;

I modified pool to 172.16.0.0/12

/firewall filter nat
srcnat scr address 172.16.0.0/12 action masquerade

flynno

I can reach all devices on the remote office network. I want the LTE device to have its public IP address cloaked as the office network public IP and use the office router as the main gateway for all internet traffic

flynno

I can see the dns populating in the remote office router cache but the websites won't load, I have remote requests turned on for both routers, and the dns on the LTE is 172.168.1.1 which is the private ip of the remote office router

flynno

Hi Bram,

LTE Device Route
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=172.168.1.1 reachable l2tp-out1 routing-mark= PPTP

172.168.1.1 is the address of remote office mikrotik device, it's the private address of the device

flynno

Is it possible to do this, I must be missing something

flynno

Have you created a loopback bridge with a /32 IP address on it and add the IP address to the PIM RP
On the PIM interfaces you can change the interface IGMP version to the version you need.

flynno

I can winbox into both routers from each end, Remote office side and LTE side.
When I enable the mangle rule on the LTE device the only thing that I cant do is browse a website or ping 8.8.8.8 from the lan PC
Winbox still works from each side

flynno

Have you tried another power supply?

flynno

I bought two of these units, they are now in a landfill

flynno

Turn on multicast helper on the wireless of the hap device, that should fix it

flynno

I can see the traffic going out the L2TP gateway with torch, when the mangle rule is enabled on the LTE device.
On the remote office router dns cache I can see the LTE devices requests in the cache.

Anyone have any input as to how I can get this working?

flynno

I setup a L2TP VPN on a mikrotik LTE device to access my office router Lan. The tunnel is established and I can ping both sides of the tunnel and reach the office router via the LTE device. I want to be able to use the office connection as the main internet connect for the mikrotik LTE device, send ...

flynno

I think you need to check setting poe in long cable, turn it on if it's off

flynno

Hotspot server profiles

Login via Mac, Cookie, Mac Cookie are these ticked?

Search found 348 matches