MikroTik

Exiver

Not entirely true: [...] hAP ac lite TC on the left and hAP ac² on the right: [...] To an user not familiar with Mikrotiks they may seem quite alike. This is not correct, hap ac ² and hap ac lite TC look exactly the same, only difference is the name written on it and hap ac² has a mode-button next ...

Exiver

The correct way to see the link-speed and duplex-state in CLI is the command /interface ethernet monitor sfp-sfpplus2 . You only printed the interface settings in CLI while you are looking at the interface statistics in Winbox. Ps.: Interface-setting "speed" is only used when auto-negotiat...

Exiver

You can follow the wiki-article to flash a factory image on your router. You can grab the correct routerOS (arm!) from the Download page

Exiver

The Tenable Blogpost gives some more insight: Affected Products: RouterOS 6.43 and above WinBox 3.20 and below ... Version 6.43 of RouterOS included a changelog indicating: !) winbox - improved authentication process excluding man-in-the-middle possibility; The change involved the RouterOS WinBox in...

Exiver

Hi, i recently installed a Fritzbox with Firmware Version 7.12 and built a site2site ipsec tunnel with a mikrotik device. Please delete the pfs-group from your proposal as Fritzboxes are not able to make use of pfs in Phase 2. Can you show us the output of /ip ipsec remote-peer as well as /ip ipsec ...

Exiver

You can distribute the update to single or multiple access points. That does not solve the PoE-problem though but you will be able to upgrade only a handful devices at the same time.

 /caps-man remote-cap> upgrade numbers=1

Exiver

To be fair: I never tried this myself. And im not sure if the packet will reach the ip-firewall or just bridge-firewall. You will need to check this out. But Mangle is the wrong place - you need to try firewall-filter with "chain=forward". (you maybe need to enable the setting "use-ip...

Exiver

Im not 100% sure about defconf after factory reset on CRS devices but it should be similar to Routerboards i guess. That means the ip address (defconf: 192.168.88.1) you are using to connect to the mikrotik is bound to the bridge. If you remove one or more ports from the bridge you wont be able to u...

Exiver

CRS3xx series switches have ACL functionality. You can use the "redirect-to-cpu" parameter to send all icmpv6 packets to the cpu. The decision whether the packet matches the icmp-type can be done with a suitable firewall rule

Exiver

You are not just able to match access points by mac address, supported hw modes, ip address ranges but also by routers identity (/system identity print). That means if you dont want to setup different dhcp ranges for multiple profiles you could rename the respective routers and chose them by their n...

Exiver

It looks like at least a few (i didnt check all of your ips) routers are still running 6.40.9 which is vulnerable to winbox exploitation to harvest credentials and gain admin-acces on the router afterwards. To be honest: Its your fault that your routers are running that old, vulnerable software. If ...

Exiver

What is considered a high amount of caps?

In our case ~200 access points, ~1000 interfaces and we are using capsman forwarding and not local forwarding.

Exiver

We had this happen with high amount of connected caps, static interfaces and generally high load because of high traffic (firewalling, nat-ing etc). We asked the support whether capsman is multi-threaded or single-threaded and they recommended to use CHR with higher cpu power to avoid getting into u...

Exiver

We do have about 10 routers exposing their SSH service directly to the internet without any restrictions. They are running version 6.42.9, 6.44.5 and 6.44.2. None of those routers has been hit. But we do not have any other services running, everything is disabled except SSH. Leads me to the conclusi...

Exiver

I really dont want to offend you - but it looks like you are not that experienced with MikroTik. If you are trying to setup a ISP grade network i would strongly recommend you to contact a consultant.

Exiver

Im sorry - i have missed your configuration. It looks like you have set "authorative=after-2sec-delay" to your client vlans. This means the router will ignore all dhcp-requests from a device if the requests are not coming in bigger time intervals than 2 seconds. If we look at your screensh...

Exiver

From an external view your setup is relatively complex. This means without seeing your configuration it would be just a guess into the blue. And that does not help at all since it just wastes your and our time

If you expect help - post your complete configuration.

Exiver

Can you please share your full /export hide-sensitive ? How are these dns requests made? By clients with router set as DNS-Server or directly from client to google-dns (or others)?

Exiver

You have already enabled Connection Tracking which is needed to achieve this goal. Your firewall rules should look for example like this: add chain=forward action=accept connection-state=new,established,related in-interface=ether1 out-interface=ether2 src-address=1.1.1.10 dst-address=2.2.2.10 commen...

Exiver

You could use the Scheduler: https://wiki.mikrotik.com/wiki/Manual:System/Scheduler Setup a scheduler like this: add name=reboot-notification start-time=startup interval=0 on-event="/tool e-mail send from=\"admin@yourmikrotik.com\" to=\"notifications@yourdomain.com\" subject...

Exiver

Learned something new, thanks. Since we are using only action=create-enabled i didnt know about the restrictions for dynamic interfaces. But maybe lambert is using static interfaces already? Disabling and enabling works great for us, even within scripts

Exiver

Or just disable them and re-enable them later when needed?

/cap interface disable [find where configuration="guest-cfg"]
/cap interface enable [find where configuration="guest-cfg"]

Exiver

Which ip address is assigned to the MikroTiks WAN-port (lte)?
Can you please show us your full configuration (/export hide-sensitive) - as Sob mentioned the "in-interface" option is most likely blocking the wanted behavior.

Exiver

If you are not in the same L2-network you can not tell how many devices are sitting behind that customers CPE router.

Exiver

How are you testing the speed? Are you using direct http-downloads or some specific tools? Is there any other traffic flowing through the hap ac^2? The switch chipset is limited to 2Gbit when transferring data to or from the CPU.

Exiver

There are a few options to check your processors usage. First one would be the Profiler: https://wiki.mikrotik.com/wiki/Manual:Tools/Profiler As second option you could check the cpu usage with /system resource cpu print interval=0.5 The profiler may be even able to tell you where the bottleneck is....

Exiver

Great, now we can see what you have configured. To understand your problem better there are a few things you need to clear up: - Are you connected to one of the ether2-ether5 ports and you are trying to measure the internet speed or are you testing your internal network speed? - Since you have "...

Exiver

Nobody is able to guess what you have really configured. If you refuse to post the actual configuration everyone will be only able to guess thus consuming your and our time.. So please be so gentle and post your configuration export (/export hide-sensitive)

Exiver

Im not 100percent sure but on one router (main device) you are using 192.168.30.15 as local address while this address is bound to the bridge you are binding the eoip tunnel to. Sounds logical wrong to me - can you try to set this local address to your main routers wan address? If that doesnt work p...

Exiver

Without seeing your configuration no one can really tell you whats wrong here

Exiver

Can you please provide more information? Draw a network diagram and please show us the whole configuration

Exiver

The logic behind my example is that you add different clients to different named address lists (wan1 and wan2). Afterwards you mark all packets coming from addresses on list wan1 with a wan1-routing mark. The same is done to addresses from list wan2. Afterwards you can define which upstream should t...

Exiver

In our provisioning process some hap ac lites and recently a few hap ac 2s were "bricked" after installing them via Flashfig. They showed the same behavior (LEDs not showing up, sometimes the ethernet link flaps sometimes you do not see anything from the device when connected to either a s...

Exiver

Can you try to set the speed on your laptops side manually to 1000Mbit-full? We have seen links where one side reported as up (but only with fibre) and the other side does not see anything. That heavily depends on the configuration of both sides speeds and flow control if you do not use auto negotia...

Exiver

Please dont forget that people here are spending their free time to support other users and - in this case - you. So you cannot really demand that people will tell you "how to configure your router properly", but you may ask for help. As anav has stated: This setup is not that uncommon and...

Exiver

How do these Backups look like? If you have set mac addresses on bridges or interfaces manually these will be exported (and imported) as well. You could either remove those entries (/interface ethernet ...) from your backups or reset the ports automatically after you have imported the backup via a s...

Exiver

Depends on your other firewall configuration but most likely you are missing the return path - means right now you are allowing ips from 10.8.0.0/23 to send packets to 10.6.0.151. But if 10.6.0.151 wants to answer any packet it will be dropped by your deny-rule. Setup a second rule with something li...

Exiver

Yes your configuration is logically correct. You may need to check whether the Switch allows you to use Hardware Offloading ( https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Hardware_Offloading ) on two different bridges on the same switch chipset. If it does not you may see performanc...

Exiver

The good news is: Every MikroTik device running RouterOS is able to make use of different VPN-methods (IPSEC, Openvpn[tcp only], SSTP, L2TP and so on). If your only purpose is to connect multiple printers together you wont need that much speed going over your VPN - but if you are unsure what your de...

Exiver

You should go with the ip-firewall configuration under /ip firewall filter. Best way is to block everything and allow only protocols and ports you want to be accessed. That means you can filter everything except clients source-address to your RDP servers destination address and port (as well as the ...

Exiver

Can't login via linux MAC-Telnet 0.4.4. after update to this version. Connecting to.......done Login failed, incorrect username or password ROS log: echo: system,error,critical login failure for user admin from XX:XX:XX:XX:XX:XX via mac-telnet. The password is correct. Seems like you did not read t...

Exiver

We do provide LAN based access in at least one hotel here in Germany (additional to wifi) ;o) But you are right this is not really common i guess. You can give it a try - even in your home network. Set the SSID on wlan1 to your private SSID at home, change the psk-passphrase and check whether it wor...

Exiver

You could definitely do that. But there are a few things that need to be changed: -> Add a second bridge called something like "external" and change the name of the existing bridge from "bridge" to something more intuitive like "internal" -> Remove "ether1" fr...

Exiver

There are a few things to mention here: -> It doesnt matter if the router has two or one radio - but it looks like you have already configured a slave wifi interface (wlan2). -> Set the mode for wlan1 to "station" -> Set the mode for wlan2 to "ap-bridge" and delete entries "...

Exiver

As always: post your configuration. Otherwise people can just guess and that wont help you that much

Exiver

@wolfktl pls post your whole configuration (Original Router, Backup Router and Client) - otherwise its just a guess into the blue..

-> /export hide-sensitive

Exiver

In RouterOS v6.39 and newer the EC25-MiniPCIe module can be configured as a LTE Interface which can support local IP address from modem. Use this AT command to enable it and after that reset the module: at+qcfg="usbnet",1 Source: https://wiki.mikrotik.com/wiki/Cellular_Quectel_modems_01#S...

Exiver

@Kampfwurst:
Please open a new thread with your hardware details and configuration. A few things have changed between 6.34 and 6.44

Exiver

Did you read your Clients log file? Fri Jun 07 10:10:59 2019 VERIFY ERROR: depth=0, error=self signed certificate: CN=myCa Fri Jun 07 10:10:59 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed You have set myCa as server certificate on your mikrotik i...

Exiver

Post your configs. Everything else will only lead to guessing and that does not really help

There are a few things you could check with that error but they all depend on configurations of your routerboard and pfsense.

Exiver

Perhaps there is a Router God, that can see configurations over long distances?? haha nice jok, you are all right but i think at end i will solve it by putting new wifi router behind mikrotik and disable wifi from ISP thank you all for patience and understanding You could have posted your configura...

Exiver

We had several problems with hap ac lites (RB952Ui-5ac2nD) and some of them bootlooping after software upgrades. We normally do have protected-routerboot activated to avoid erased devices when customers really like to press reset buttons. We have learned a few things from this, since hap ac lite and...

Exiver

That seems to be windows specific:

https://serverfault.com/questions/53738 ... sistencies

Exiver

Just a little bit more input after @IPATEAM has posted the correct link to give you more information about bonding. It looks like you would not really want bonded interfaces but some kind of loadbalancing. First: There is a little misunderstanding out there about having multiple uplinks on one route...

Exiver

You should consider that you have posted as little information about your setup / configuration as possible. Others, who have not been involved with your setup may only guess right now since it could be everything or nothing. So please make sure you post everything which is needed (network diagram, ...

Exiver

Please check whether Capsman or the Client has something about the upgrade in the systems log. Sometimes we have seen a message stating that upgrade was not possible.

Exiver

I think there is an error in your configuration. The external ip address of your router is bound to the physical interface "combo1" but this port is member of the bridge "bridge-wan". Can you please try to fix this (if you are remote you should consider doing that with safe mode)...

Exiver

It looks like you are using a pppoe-connection. That means the active pppoe-connection is an additional "interface" on your router. ether1 is only the physical link but not the interface where your router receives the traffic coming from the internet. Thats why your interface-list works (e...

Exiver

The error is written right there ;-) Loop means that your network has two or more ways to reach the destination. Normally you would use something like spanning-tree-protocol (or the faster version rstp) so that your switches or bridges know where to send the packages. That requires your network equi...

Exiver

I was asking for the output of capsmanager because my guess is that the old "wlan2" interface is still listed there (but not visible on the cap since it is not active anymore). That means if capsman still knows about "wlan2" he will increment this number for your newly created in...

Exiver

I think that looks good. Are you able to add the debug-cap rule on that cap which isnt working? We most likely need the part when it stops working so you could maybe log to a file and upload it after you see that its not working anymore?

debug-log rule would be topics=caps,debug

Exiver

Does the actual-interface-configuration show the applied changes? Can you please try to remove the network from one of these wifi-client-devices (for example the apple device 30:35:AD:AC:28:08) and readd it? Just to make sure we are not running after a ghost

Exiver

0.0.0.0/1 or 128.0.0.0/1 is not working. To be honest i have never seen anyone using a netmask of 1. Why did you do that? dst-address should be 0.0.0.0/0 .... This is not the root cause of the issue. 0.0.0.0/1 covers "the lower half of the IPv4 internet", i.e. IP addresses from 0.0.0.0 to...

Exiver

There are some things you can try to make your setup better. But that mostly relies on some kind of experience. I have learned much just from testing it out in our small lab and getting overwhelmed how difficult it can be in the real world ;-) What has really helped me are the presentations of MUMs ...

Exiver

Totally depends on the location of the caps. If they are all in the same room you wont have much fun. If you need a high density setup you could consider lowering the tx-power. But im not sure where this goes. If you have a specific question for a setup why dont you just ask it completly (for exampl...

Exiver

How is your router connected to the internet? Is it behind NAT? Is your IP a public or a private one? This is wrong: /ip ipsec policy set 0 dst-address=0.0.0.0/1 proposal=L2TP src-address=0.0.0.0/0 add dst-address=128.0.0.0/1 proposal=L2TP src-address=0.0.0.0/0 template=yes 0.0.0.0/1 or 128.0.0.0/1 ...

Exiver

As far as i know it will use the same algorithm to chose a channel like using the option "auto" for channel-frequency. If you set a list it will only chose from those entries but always chose the one capsman founds looking best suitable. It depends on the amount of other devices on these c...

Exiver

I dont think this will be necessary on your client-devices (smartphones, tablets, computers and so on) but on your mikrotik cap-clients. Restarting the caps should be enough. You can always check if the changes have applied on your capsman with the command

/caps-man actual print detail

Exiver

No. You should set a channel-list for your caps and not a single channel ;-) The capsman will decide which client uses which frequency. If you have a small amount of caps and you know the location you could maybe set the channels each for every access point. But as i said earlier i think its better ...

Exiver

As far as i can say: yes. You most likely need to re-provision the clients.

Ps.: Your wpa-passphrase is visible in both of your posts. You maybe want to remove it.

Exiver

Its up to you. You can either set every channel for every access point by hand - or let capsman decide. If you decide to let capsman do the decision you could either set a channel-list (example 2,4ghz: 1,7,13 or 1,5,9,13 or whatevery you like) or just dont set any channels. For us the channel-lists ...

Exiver

@planetcaravan: Please dont use tkip as cipher if you are using only wpa/wpa2. Set encryption=aes-ccm and group-encryption=aes-ccm and check if that solves your problem. @others: We need to see your configuration. Otherwise we are just guessing into the blue which doesnt help you and just wastes eve...

Exiver

Glad to hear that it worked for you!

Exiver

Im really sure (1) will happen - but as i said i never tried this

But option (2) and (3) would use a different logic behind this check. Its more easy for the Router to check whether there are already 200 connections and just dont accept the next one until that number is < 200.

Exiver

I have never tried but from logical side i would say no users can be logged in if there are already 200 active users in /ip hotspot active That means you could help yourself with a script which checks on a regularly basis if there are more than (just an example) 175 users connected. If its true you ...

Exiver

You can use whatever ports you like. Since you are using the option to have master- and slave-ports you are most likely not on a newer firmware ( i guess they made the changes to the bridge somewhere on 6.40.xx or 6.42.xx) Maybe you should upgrade to the latest long-term (or stable?) software releas...

Exiver

Without giving us more input all we can do is just guessing what maybe could be wrong...

Please post the output of

-> on capsmanager:
/caps-man interface print detail

-> on cap-client
/int wire print detail

Exiver

If i understand correctly your cap-client shows you the interface names under /interface wireless print ? I guess that happens when you change the configuration / provisioning rule on your capsman but you didnt delete the old interfaces. Can you check whether there are still "older" interf...

Exiver

Can you please check the "current-state" listed on interface-list printable with "/caps-man interfaces print detail" ? It should show you whether the access point is in state "running-ap" (thats the status you would want) or in some other status like radar-detection and...

Exiver

Since it looks like your setup is a little bit more complex i would go with the "easy" way. Add a second virtual configuration to your access points either with or without passphrase (WPA-Personal AND/OR WPA2-Personal) and setup access lists with mac-address matching rules. https://wiki.mi...

Exiver

To be honest i have never tried this. But the caps mode should just have the advantage that the router is directly searching for a capsman server. Which firewall rules are applied needs to be tested tho. Do you need the caps mode or did you just ask because you have seen that option?

Exiver

If you have phisical access and you dont want to use the reset button there is most likely no option to do that. Is there any reason you are not allowed to press the reset button? Netinstall would be one option - but that only works with pressing the button as well so..

Exiver

You should just add the specific routes for both other networks. Example: Network #1: 192.168.0.0/24 (Router 192.168.0.1 has route to 192.168.1.0/24 via <l2tp-interface>) Network #2: 192.168.1.0/24 (Router 192.168.1.1 has route to 192.168.0.0/24 via <l2tp-interface>) Each VPN endpoints should have a...

Exiver

Thank you for your input, i think everything looks good here.

The following link is interesting for you:

viewtopic.php?t=88372

Did you set a CRL while creating these certificates? If yes, can you try it without CRL?

Exiver

Original post was about sstp (other author), kadety uses openvpn.

Exiver

Im not sure if you read what i have written or if you just skim through my messages. Right now i will try it once more, if you keep ignoring me i will not answer anymore. This sounds harsh - im sorry for that but its my free time and what we are doing here is wasting my and your time. No one wants t...

Exiver

The device is not in your network... Some other device has tested whether this ip is active or not. It seems to be not active. If you want to know which device asked for that ip you need to log arp messages on your L2 network and search them when somthing similar happens again..

Exiver

You missed the clients side logs... Thus guessing into the wild again: Is the Hostname on your server the same as on your original router? Must be since the certificate is only valid for identity "server_MK" so if your backup system has a different /system identity the client wont accept t...

Exiver

Can you please make sure that your date and time is set correct on both routers? Looks like a certificate problem - this may be caused by "not valid" certificates since your router shows in picture (2) that time is not set thus resulting in unix standard time (01.01.1970 00:00) Is that Log...

Exiver

It doesnt mean that only your router tried to reach that address. Could be some device in another subnet for example. The timeout is expected since that device is not reachable. It was just to show you that the entry appears in dhcp-server leases with only "D"-Flag and without mac-address...

Exiver

That happens when your router tries to reach that address but no device is answering (ARP)

You can easily try this out:

* Check /ip arp
* Try to ping an address which is not in use
* Check /ip arp again

Exiver

You should understand that my howto steps werent in random order but i had a plan telling you so. After you have restored the configuration there is some setting relying on a certificate which is indeed there at this time. But if you delete it afterwards it wont be there - your settings are maybe sc...

Exiver

Hi Exiver, I have two CCR1016, firts in production and second in backup. Same Hardware end RouterOS 6.44.3. When I restore the backup, the certificates do not have the "K" of privete key, see. MK1.jpg After restore backup, I Export certificate of MK Production end import to backup (.crt a...

Exiver

Do you use the exact same configuration on the second hex as on the first one? Since OP has selected "Verify Server Address from Certificate" the DNS must match the second hex as well (so if you use another IP for the second router and the Hostname is different this wont work). @kadety: We...

Exiver

Your config looks a little bit "unfinished" if im allowed to say that. You have one dhcp-server running on ether1 while having a dhcp client on the same interface? It looks like your uplink interface is indeed ether1 so this should be not needed. I guess the problem is occuring because of ...

Exiver

There are some howtos accessible via Google and there is the wiki article which explains how to setup a master/slave configuration: https://wiki.mikrotik.com/wiki/Manual:CAPsMAN#Examples There are different setups possible: Which router are you using as a capsman? I would suggest to setup the config...

Exiver

Please post your configuration:

/export hide-sensitive

Exiver

Sorry i forgot something. The Neighbor Discovery Protocol.. My bad..

See:
https://wiki.mikrotik.com/wiki/Manual:I ... _discovery

Exiver

I remember that we had those problems as well. Our workaround was to setup a scheduler in the flashfig config file only. This scheduler adds an ip address, downloads the real config (and updated routeros via FTP), creates another scheduler and reboots. The new scheduler disables unneeded packages, a...

Exiver

There are different options to discover your router. First there is the Winbox Service (tcp 8291) - can be blocked by firewall (allow your management ip addresses and disallow everything else for example) Second there is the mac-winbox service which you can find under /tool mac-server mac-winbox . T...

Exiver

[...] About the gateway configured, what do you mean? I only had configured the 192.168.2.1 ip in the pc's interface, because there is no gateway in that network.... I have seen MikroTik employes and wiki mentioning it multiple times. They tell you to set a gateway (even if there is none, you could...

Exiver

We also observed this behavior with a few hap ac lites. Since we have over 1500 units deployed and it happened to about 10-20 we never bothered about it. You can import the capsman CA Certificate on your client and the error will be gone. I guess it happened after software updates but im not 100% su...

Exiver

Never seen this error before.. Maybe you should do a /supout when this occurs again and send it to mikrotik support..

Exiver

Please make sure, your host has the ip 192.168.2.1 and a gateway address set. Also make sure, the computer is not connected to another network (for example: we had problems when the used computer was also connected to a wireless network). Next would be to check your firewall settings (just disable i...

Exiver

Please show us your firewall rules. Is the site opening when you try to access it directly (enter the IP-address in your browsers url bar)?

Exiver

NV2 and nstream features are not working with capsman at the moment (not sure if mikrotik will introduce that feature later), see:
https://wiki.mikrotik.com/wiki/Manual:CAPsMAN#Overview

MISSING CAPsMAN features
[*]Nstreme AP support
[*]Nv2 AP support
[*]TBA

Exiver

Okay, there are a few things which are odd in my opinion.. First: You specify the slave-configurations in your provisioning rule: /caps-man provisioning add action=create-dynamic-enabled master-configuration=VLAN1 name-format=prefix name-prefix=InoptimAP radio-mac=74:4D:28:12:9D:23 slave-configurati...

Exiver

Can you please post your full capsman configuration as well as the caps client configurations?

On your capsmanager device:

 /cap export hide-sensitive

On the Client:

 /export hide-sensitive

Exiver

Please do not set the ip addresses of your vpn (neither local nor the remote one) to one of the ips from the cisco net (10.10.10.0/28). You should just setup the vpn as you would do for a normal road-warrior routed setup (example: https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#Basic_L2TP.2FIpS...

Exiver

Im not sure why this question gets posted here 1:1, after it was already answered on reddit:
It is a spamming account. Posts get edited and filled with spam links after a while.

Thanks for the clarification. I heard about this but never seen it tho.

Exiver

Im not sure why this question gets posted here 1:1, after it was already answered on reddit:

https://www.reddit.com/r/mikrotik/comme ... _bad_idea/

RB2011 -> Only SFP -> no 10Gb/s

Exiver

Please check whether the following link may help you since the error isnt that common:

http://blog.schmoigl-online.de/?p=787

Exiver

Please post at least your filter / mangle rules and routes. Better would be the whole configuration - otherwise its just guessing.

Exiver

I can confirm that Wireless Wire is indeed giving me full Gigabit capacity (~970M in both directions). Im using it in a setup where the links are about 70m away from each other. So you should be definitely good to got with the kit

Exiver

First of all you need to provide more information, for example: What did you change when you implemented the CCR. Did you just add one lan cable from your old router(switch?) to the CCR? Please tell us, which configuration change was made to the existing network. And additionally it would be great t...

Exiver

Its not possible to add the dhcp server on a bridged interface because those ports are logically connected like on a switch. That means the dhcp service on slave interface (ether6) would also listen on slave interface (ether7). That results into the problem that the service cannot distinguish from w...

Exiver

Okay thats weird but maybe export hide-sensitive doesnt print everything interesting.

Can you please provide the output for

/ip service export
and
/ip firewall export

Please make sure you hide anything containing personal stuff like serial number of the router and so on.

Exiver

There is a problem with your configuration. You added the wifi and the lan port to your bridge "bridge" /interface bridge add name=bridge [...] /interface bridge port add bridge=bridge interface=ether add bridge=bridge interface=wlan-2GHz add bridge=bridge interface=wlan-5GHz [...] Everyth...

Exiver

Almost.. You have to power it on while holding the Reset Button to allow yourself a configuration via the ethernet port. That takes much more time than just plugging it into our POE Switch and adding the config to multiple devices in one go.. Edit: Something else: There is most likely a problem with...

Exiver

We ordered multiple of these wAP AC Devices. The configuration method is horrible in my opinion. Why change a good system to wifi configuration?? Whatever.. We have another problem: One Device is unresponsive right now. Its booting and after five seconds the "eth" and "pwr" LED t...

Exiver

Hey again,

after a week im trying to bump my post because after i posted it it needed almost a day to be activated by the moderators. I think it was already on the lower part of the site when everyone was able to see it. So my second try.

Thanks for your help

Exiver

Hey guys, im new to mikrotik and now trying to configure my RB951Ui-2HnD properly. All ports from outside are blocked by my provider, so i have to use portfordwarding via my server. I set up the VPN with OpenVPN and its working without problems until here. I do a dstnat on my server who sends the pa...

Search found 122 matches