MikroTik

Pea

Backup your config.
Reset to default an test.
If everything is ok then track which part of your config is causing the issue.

Pea

Maybe this:
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login

Pea

Many DHCP leases? Try:

/ip dhcp-server config set store-leases-disk=never

Edit: I see you have this already, so it must be something else...

Pea

Probably power related, if you have - try another power adapter or PoE to confirm the cause.

Pea

Why do you think someone hacked in?
Your log shows only failed logins due to your poor firewall. You should rethink your firewall and running services.

Pea

Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic. https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack If you want to process the traffic fast then you cannot apply to it any CPU intensive processing, it is that s...

Pea

Try this, works perfectly: On your main Mikrotik router (C DHCP SERVER) /interface wireless set mode=ap-bridge ssid=YOUR-SSID wds-default-bridge=bridge-local wds-mode=static-mesh /interface wireless wds add disabled=no master-interface=wlan1 wds-address=xx.xx.xx.xx.xx.xx (wifi MAC of remote Mikrotik...

Pea

This is to accept CAP from the same board where runs CAPsMAN.

Pea

Replace the cable.

Pea

Move the specific MAC rule in the provisioning list on top.

Pea

https://i.mt.lv/cdn/rb_files/PWR-line-190410141212.pdf The PWR-Line is a replacement power adapter for your microUSB powered MikroTik router. It’s compatible with all the latest microUSB powered devices made by MikroTik, a simple software upgrade to v6.44+ enables this feature (supported by the ment...

Pea

I usually buy hw in shops

Google for: MikroTik PWR-LINE PL7400

Pea

Try searching for "PoE web ethernet temperature sensor" instead or similar ready solutions.

Pea

Yes, this is correct, you can buy new PWR-LINE adapter, all details here:
https://i.mt.lv/cdn/rb_files/PWR-line-190401111404.pdf

Pea

Did you try /interface wireless station-roaming enabled? Station Roaming feature is available only for 802.11 wireless protocol and only for station mode s. When RouterOS wireless client is connected to the AP using 802.11 wireless protocol it will periodically perform the background scan with speci...

Pea

This is not a bug, it tells you that you must install DHCP package now, read carefully the change list:
*) upgrade - made security package depend on DHCP package

Pea

I do not know if this is the best, but it is reliable and simple wireless connection with Mikrotik on both ends: On your Mikrotik AP_01: /interface wireless set mode=ap-bridge ssid=YOUR-SSID wds-default-bridge=bridge-local wds-mode=static-mesh /interface wireless wds add disabled=no master-interface...

Pea

*) capsman - always accept connections from loopback address; Hi, I tested but I still need input firewall rule to accept router IP to get working CAP on the same board as CAPsMAN: /ip firewall filter add action=accept chain=input protocol=udp dst-address="router IP" src-address="router IP" /caps-ma...

Pea

We're in 2019 and mobile operators sell 50GB/month for 5€, who needs hotspots anymore?

And which mobile operators?

Czech Vodafone 50GB for about 97€/month

Pea

1) Do not use space in SSID, do "ScottsTest" or "Scotts-Test" (iOS devices had problem with space in SSID, this could be the case) 2) try band=5ghz- a/n/ac 3) try authentication-types=wpa 2 -psk and mode=dynamic-keys 4) try preamble-mode= both or reset wireless to default and then connect and only t...

Pea

1) update RouterOS
2) your firewall is open and wrong on input chain
3) rework your firewall in style: accept only needed, drop all else

Or do "/ip firewall export" or better "/export hide-sensitive" and post here for advises (screenshot is not sufficient)

Pea

1) The Band/Frequency will be different in both configurations 2) The Hw. Supported Modes (you can use gn for 2.4GHz or ac for 5GHz) and Master Configuration will be different in both provisionings Based on those provisioning rules will CAPsMAN send correct configuration to CAP interface. Example: /...

Pea

Make 2 configurations (2.4 and 5GHz) for 2 provisioning rules with different hw-supported-modes=

Pea

Push-button WPS seems secure, but the vulnerability being that anyone with physical access to the AP could push the button and connect, even if they didn't know the Wi-Fi pass.

Pea

You need to define which interface to set:

/interface wireless set wlan1 wps-mode=push-button

Recommendation: Do not use insecure WPS and keep it disabled.

Pea

For home use with public IP you normally get few thousands hits per month.
Try instead of your final drop rule use this reject rule and see if hits get reduced after time:

add action=reject chain=input reject-with=icmp-admin-prohibited

Pea

Always use latest version, only for specific needs:
https://download.mikrotik.com/routeros/ ... winbox.exe

Pea

I never had roaming station on WDS link.
But I guess it should be possible to set AP with wds-mode=dynamic-mesh which allows WDS links with devices (mode=station-wds) by creating required entries dynamically.

Pea

Maybe this helps:

/interface wireless info country-info japan

Pea

Connect your hAPlite by WDS to your router. Then all should work the same as cable connection.

Pea

/ip dhcp-server lease add address=10.0.0.1 mac-address=XX:XX:XX:XX:XX:XX ... /ip firewall address-list add address=10.0.0.1 list="my known devices" ... /ip firewall nat add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address-list="my known devices" to-addresses=1.1.1.1 add action=dst-n...

Pea

Yes, these are 2 different things:
1) RouterOS update - go to "System/Packages" menu, click on "Check for Updates"
2) Firmware (bootloader) upgrade - go to "System/Routerboard" menu and click "Upgrade"
The version number of Router OS and Firmware is synchronised now.

Pea

1. Do not open SSH and Winbox to wild internet (use e.g. address list, VPN, port knock)
2. Use Fast track for better throughput https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
3. Consider router upgrade

Pea

viewtopic.php?f=2&t=139351&p=707934#p707934

Pea

*) All tests are done with Xena Networks specialized test equipment (XenaBay),and done according to RFC2544 (Xena2544) Max throughput is determined with 30+ second attempts with 0,1% packet loss tolerance in 64, 512, 1518 byte packet sizes Test results show device maximum performance, and are reache...

Pea

Black tape is your friend to reduce LED brightness of whatever anytime

Pea

RB951G-2HnD: https://mikrotik.com/product/RB951G-2Hn ... estresults
hAP ac²: https://mikrotik.com/product/hap_ac2#fndtn-testresults

Pea

Maybe Fasttrack rule missing in your firewall?
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
/ip firewall filter add chain=forward action=accept connection-state=established,related

Pea

Your firmware is already upgraded. Move on.

Pea

Did you change this?

You need to use Station pseudo bridge

Pea

Factory Firmware is what was originally loaded at factory. You can ignore this. Installed version is under Current Firmware.

Pea

IMHO it's not illegal to change a MAC address.
It's only illegal to change a MAC address to do something illegal.

Pea

Both options are possible, but this is my point of view: 2.4GHz indoor PtP: will reach longer distance and through more obstacles, only one 2.4GHz channel occupied by the link 5GHz indoor PtP: better throughput, but on longer distance or more walls weak signal, two 2.4GHz channels occupied by APs fo...

Pea

local-forwarding=no => the interface is part of bridge on the CAPsMAN, the interface shows as disabled on CAP
local-forwarding=yes => the interface stays as part of bridge on the CAP

Pea

First connect by laptop and login with username and password.
Then change your Mikrotik wlan1 MAC to your laptop MAC.
And then try to connect your Mikrotik as client to the wifi network.

Pea

For best performance I recommend to connect both by Ethernet cable if somehow possible.
Or upgrade to dual band routers and use 2.4GHz only to connect both wirelessly and use the 5GHz for wifi sharing.

Pea

Did you read the website briefly?
There is no reason to worry if you are an Internet user without your own domain name. This change is affecting you only indirectly and you do not need to take any other steps.

Pea

Try this:

Create a new configuration for the VirtualAP

Specify the new configuration in Provisioning rule as Slave configuration

Remove all CAP interfaces

Initiate Manual Provisioning on all the CAPs

Pea

Did you try to reset to factory default and test? What was the result?
You are connected via 2.4GHz or 5GHz?
Did you try to change channel?

Pea

Remote device keep on auto, it will act as client and take frequency from AP. If you do not have any 802.11b only device (and you probably don't) try this: /interface wireless set band=2ghz-g/n channel-width=20mhz bridge-mode=disabled country="your country" distance=indoors frequency-mode=regulatory...

Search found 191 matches