Community discussions

MikroTik App

Search found 1120 matches

by Steveocee
Fri Jul 15, 2022 8:34 am
Forum: General
Topic: AWS CHR Upgrade to 7.3.1 Fails to boot LoaE01
Replies: 12
Views: 3294

Re: AWS CHR Upgrade to 7.3.1 Fails to boot LoaE01

Dude is not required but I think it's probably time to kill it off and spin up a new one. Have you reached out to MT support on this?
by Steveocee
Fri Jul 15, 2022 8:31 am
Forum: Beginner Basics
Topic: Noob starting out with a few VLANs
Replies: 25
Views: 2668

Re: Noob starting out with a few VLANs

First thing I saw in your export is the VLAN is on the ether1 interface and your ether interfaces are part of a bridge. If you want to use all of your ether interfaces you'd need to move the VLANs onto the bridge. I think I go somewhat against most on the forum here, I do VLAN wrongly but it works p...
by Steveocee
Thu Oct 07, 2021 9:04 am
Forum: RouterOS beta
Topic: Has anyone rolled back?
Replies: 7
Views: 2246

Re: Has anyone rolled back?

Brill thanks all
by Steveocee
Tue Oct 05, 2021 3:27 pm
Forum: RouterOS beta
Topic: Has anyone rolled back?
Replies: 7
Views: 2246

Re: Has anyone rolled back?

Sure...do you have an export file of the 6 version?
Possibly somewhere buried away. Failing that a fresh config is fine, I'm more bothered about not wanting to roll back and brick the Hex it's on.
by Steveocee
Tue Oct 05, 2021 12:28 pm
Forum: RouterOS beta
Topic: Has anyone rolled back?
Replies: 7
Views: 2246

Has anyone rolled back?

Hi,

Just wondering if there is a known safe method of rolling back from v7 to v6?
by Steveocee
Fri Jan 29, 2021 12:21 pm
Forum: RouterOS beta
Topic: fq_codel or cake in v7
Replies: 68
Views: 41064

Re: fq_codel or cake in v7

Steveocee, That's cool that fq_codel works on a Hex. Are you able to determine whether it uses more, or less CPU, than your large queue tree, or is that not a fair comparison? Jeremy Upgraded my Hex last night and removed my extremely large queue tree for a simple FQ_CoDel queue. So far so good, on...
by Steveocee
Sat Jan 23, 2021 9:21 am
Forum: RouterOS beta
Topic: fq_codel or cake in v7
Replies: 68
Views: 41064

Re: fq_codel or cake in v7

Upgraded my Hex last night and removed my extremely large queue tree for a simple FQ_CoDel queue. So far so good, only anomaly was IP>Route not working correctly but I have more to read in that.

Thank you Mikrotik team for acknowledging your customers.

Question now is RB4011 or wait....
by Steveocee
Fri Jan 22, 2021 1:53 pm
Forum: RouterOS beta
Topic: v7.1beta3 [development] is released!
Replies: 261
Views: 78634

Re: v7.1beta3 [development] is released!

@normis Can I just say Thank You for MT listening to customer base and bringing in FQ_CoDel.
I have been waiting for this for so long!
by Steveocee
Tue Mar 31, 2020 4:31 am
Forum: General
Topic: [Feature request] Wireguard
Replies: 148
Views: 65517

Re: [Feature request] Wireguard

So... 2 years past and Mikrotik team did what all this time? Now , when Wireguard is officially in kernel , and for some times in zyxel routers and in openwrt - i cant call Mikrotik as innovative cool product company - they are [redacted] They were probably fixing real problems rather than bending ...
by Steveocee
Sun Mar 29, 2020 5:28 pm
Forum: Beginner Basics
Topic: Default routing and mangle with fasttrack
Replies: 3
Views: 3166

Re: Default routing and mangle with fasttrack

Thank you, for now I will keep as is with default routing disabled. So, what you recommend for a new router (withuot wifi,as now i'm using an external AP) for managing this kind of firewall rules considering that in a while I will have a new Gbit Internet connection and this is a home solution? RB4...
by Steveocee
Sun Mar 29, 2020 8:11 am
Forum: Beginner Basics
Topic: Default routing and mangle with fasttrack
Replies: 3
Views: 3166

Re: Default routing and mangle with fasttrack

FT stops connection tracking which is why your mangle is not being made use of.
I dare say swallow down and buy a more powerful router so the CPU isn't pinned.
by Steveocee
Fri Mar 27, 2020 5:22 am
Forum: RouterOS beta
Topic: FEATURE REQUEST: Add Basic Firewall Rule Wizard
Replies: 71
Views: 23250

Re: FEATURE REQUEST: Add Basic Firewall Rule Wizard

There is no possible scenario an “auto firewall” button would work. Where it may work for you, it won’t for another.

I share your sentiment entirely with not over complicating things but sometimes there is wanting to be spoon fed.
by Steveocee
Wed Mar 25, 2020 10:00 am
Forum: Beginner Basics
Topic: QoS for GeForce Now!
Replies: 2
Views: 3562

Re: QoS for GeForce Now!

Will work like any other QoS, if you don’t know what ports (likely udp) you will need to use torch to identify them, mangle and simple queue tree. Job done.
by Steveocee
Wed Mar 25, 2020 9:53 am
Forum: Beginner Basics
Topic: ddns problem please..me.. [SOLVED]
Replies: 7
Views: 10421

Re: ddns problem please..me.. [SOLVED]

Just a thought, if you are behind a NAT then the DDNS not working is not going to be an issue unless your ISP is going to forward some ports for you.

One of those problems where you change the batteries in the smoke alarm after the fire.
by Steveocee
Wed Mar 25, 2020 9:50 am
Forum: RouterOS beta
Topic: fq_codel or cake in v7
Replies: 68
Views: 41064

Re: fq_codel or cake in v7

Gentle nudge.
I need a new router, choice is 4011 or ER4, one has some features I need and the other has SQM. Please make my decision easier!
by Steveocee
Wed Mar 25, 2020 9:47 am
Forum: RouterOS beta
Topic: FEATURE REQUEST: Add Basic Firewall Rule Wizard
Replies: 71
Views: 23250

Re: FEATURE REQUEST: Add Basic Firewall Rule Wizard

That’s already included in the default config. The rules are freely available from the Wiki if you need to reference them.
by Steveocee
Tue Jan 14, 2020 5:00 pm
Forum: Beginner Basics
Topic: is this really a "cloud router" ?
Replies: 26
Views: 6345

Re: is this really a "cloud router" ?

I must be missing something here. So @OP you saw an image of the device, it had the word "cloud" on it and you assumed it was a cloud managed device and bought it? You didn't think to look at the specifications of the device and confirm it had a feature that you categorically were looking ...
by Steveocee
Tue Jan 07, 2020 6:20 pm
Forum: Virtualization
Topic: CHR WAN SSH on by Default?
Replies: 4
Views: 4965

Re: CHR WAN SSH on by Default?

Check under IP>Services to disable ssh or other services. https://help.mikrotik.com/docs/display/ROS7/Securing+your+router I want to be able to SSH into the unit on the LAN side, but why does it allow SSH access by default on the public WAN? I don't want to disable SSH completely Default config is ...
by Steveocee
Tue Jan 07, 2020 6:19 pm
Forum: RouterBOARD hardware
Topic: How Does the CRS328-24P-4S+RM Perform as a Router?
Replies: 8
Views: 6005

Re: How Does the CRS328-24P-4S+RM Perform as a Router?

It all depends on how you intend to configure said router. A CRS112 can route 150Mb using fast track and a minimal firewall but that isn't much fun if you intend to QoS and do other routing related exotic activities. This will also depend on how good your WAN speed is expected to be. Personally I'd ...
by Steveocee
Tue Jan 07, 2020 6:15 pm
Forum: Beginner Basics
Topic: Nested simple quque
Replies: 6
Views: 2318

Re: Nested simple quque

Show it....yes. Have I ever gotten it to work as intended? No.
by Steveocee
Tue Jan 07, 2020 6:14 pm
Forum: Beginner Basics
Topic: Invalid user/pass after reset
Replies: 16
Views: 4017

Re: Invalid user/pass after reset

Crazy idea, have you got any other RouterOS devices? Use Mac-Telnet from that to try and access the HexS.
Did you connect the Hex to the web after resetting but before you logged in? May be hacker already gained access?
by Steveocee
Wed Dec 18, 2019 7:26 pm
Forum: RouterOS beta
Topic: fq_codel or cake in v7
Replies: 68
Views: 41064

Re: fq_codel or cake in v7

+1 for FQ_Codel I really want this feature in RouterOS. It is probably one of the only reasons why I look outside of the MikroTik product range.
by Steveocee
Tue Oct 15, 2019 10:59 am
Forum: General
Topic: Mikotik routing marks
Replies: 13
Views: 3379

Re: Mikotik routing marks

Yes. I think you need to mark your inbound packets so that return traffic goes up the right interface. Similar to the below, I've tried to copy your routing mark to make it more relevant to you. You'll need to add these as well as your other rules, I'd put these above your other rules. /ip firewall ...
by Steveocee
Mon Oct 14, 2019 5:30 pm
Forum: General
Topic: Mikotik routing marks
Replies: 13
Views: 3379

Re: Mikotik routing marks

Can you show us an export of your mangle rules?

I think the issue is you are not marking inbound traffic, just outbound so there is a possibility traffic is coming in through one WAN and then back out another hence getting this error.
by Steveocee
Fri Oct 11, 2019 6:45 pm
Forum: General
Topic: Mikotik routing marks
Replies: 13
Views: 3379

Re: Mikotik routing marks

What happens if you swap the routing mark for the device getting this message? Does it work through other gateway?
by Steveocee
Wed Oct 09, 2019 11:56 am
Forum: Beginner Basics
Topic: queque trees..
Replies: 2
Views: 1317

Re: queque trees..

Yes.
It wouldn't be the "global" queue as such, you would just mark the packets in a different way ie in.interface=wlan1 etc.
by Steveocee
Tue Oct 08, 2019 7:03 pm
Forum: Virtualization
Topic: Basic CHR config - problems with ESXi, VLANs, CAPsMAN (not yet installed)
Replies: 4
Views: 7271

Re: Basic CHR config - problems with ESXi, VLANs, CAPsMAN (not yet installed)

Looking at your config, you haven't stated which interfaces VLAN traffic will be tagged or not tagged on. Turning filtering on would pretty much remove these interfaces from use as all VLANs are neither tagged or untagged on any interfaces. Yours: /interface bridge vlan add bridge=bridge1 comment=Ma...
by Steveocee
Tue Oct 08, 2019 6:59 pm
Forum: General
Topic: Best VPN for Mikrotik Router
Replies: 20
Views: 8100

Re: Best VPN for Mikrotik Router

If they support L2TP and will happily give you a username, password and IPSEC key then they should be fine.
by Steveocee
Tue Oct 08, 2019 6:03 pm
Forum: General
Topic: Why (not) use Hairpin NAT
Replies: 28
Views: 10139

Re: Why (not) use Hairpin NAT

Another issue I have with hairpin NAT'ing is when you have many different LANs. Either you have to make a very wide hairpin NAT rule, or keep adding a new hairpin NAT rule every time a new LAN is created. This is further complicated if your servers are also not all on one dedicated server LAN/DMZ, ...
by Steveocee
Mon Oct 07, 2019 12:19 pm
Forum: Wireless Networking
Topic: Point to Point Wireless Security
Replies: 10
Views: 5250

Re: Point to Point Wireless Security

Strong WPA2 password, hide SSID and one not mentioned yet, if you use MT then use NV2, if using UBNT then use Airmax. This makes using "any old 802.11" kit nigh on impossible as well.
by Steveocee
Sun Oct 06, 2019 10:48 am
Forum: General
Topic: /export hangs
Replies: 11
Views: 5206

Re: /export hangs

This sounds like a fault with the device.

That or you have a massive config in a very low powered router (which we know isn't the case).
by Steveocee
Fri Oct 04, 2019 3:25 pm
Forum: Beginner Basics
Topic: Help! How do I delete dynamic DNS servers? [SOLVED]
Replies: 13
Views: 26453

Re: Help! How do I delete dynamic DNS servers? [SOLVED]

Since I have DNS enabled on the router, should I add the router IP address to the:
IP
DNS Settings
Servers (The list now has two public DNS servers shown)
Absolutely not!
IP>DNS setting is to tell the router what DNS server you want IT to contact for name resolution and caching if you choose.
by Steveocee
Fri Oct 04, 2019 11:19 am
Forum: General
Topic: Remote connect to mikrotik behind NAT
Replies: 16
Views: 53587

Re: Remote connect to mikrotik behind NAT

its too easy 1- active dmz in the nat on your isp modem to wan ip on mikrotik 2- disable firewall on isp router 3- add line as the sam you see on Access Management >> ACL >> Lan but add other one as WAN on ISP rourer Done Nothing says that the carrier isn't doing NAT though so it's not "too ea...
by Steveocee
Fri Oct 04, 2019 11:14 am
Forum: Beginner Basics
Topic: Help! How do I delete dynamic DNS servers? [SOLVED]
Replies: 13
Views: 26453

Re: Help! How do I delete dynamic DNS servers? [SOLVED]

The router is picking up DNS servers in a dynamic way from *somewhere*. You've checked your DHCP-Client so that is one place checked off. Is there a pppoe_out1 client is similar? That has the ability to add dynamic servers. Also check for VPN client's which may also be adding in DNS. Your MikroTik i...
by Steveocee
Thu Oct 03, 2019 6:57 pm
Forum: Virtualization
Topic: VPS, experiences on running CHR on VPS [SOLVED]
Replies: 8
Views: 17078

Re: VPS, experiences on running CHR on VPS [SOLVED]

Hetzner was suggested to me by MT twitter account.
I have since decided to use AWS and that has worked very well.
by Steveocee
Mon Sep 30, 2019 6:18 pm
Forum: Beginner Basics
Topic: Static DNS server replies not handled as "related" by firewall
Replies: 12
Views: 2792

Re: Static DNS server replies not handled as "related" by firewall

May sound stupid but recreate your established and related rule as a totally new rule, drag it to the top and then see if it works. Had this very recently and the only reason I could think was #mikrotik.
by Steveocee
Mon Sep 30, 2019 6:15 pm
Forum: Beginner Basics
Topic: L2TP (IPSec) connection fails from MikroTik Client to MikroTik Server
Replies: 13
Views: 20404

Re: L2TP (IPSec) connection fails from MikroTik Client to MikroTik Server

Ensure the server side has firewall open for IPSEC-ESP. As you are going through NAT it may be that NAT-T isn't working correctly.
by Steveocee
Mon Sep 30, 2019 4:12 pm
Forum: General
Topic: Can RouterOS do throttling ?
Replies: 4
Views: 1902

Re: Can RouterOS do throttling ?

Another potential option would be to put a priority based QoS onto the router. Just push streaming (or the acks) down the list so that they can take bandwidth if it's available. Otherwise you will have these "abusers" able to cause network chaos for short periods of time where as a priorit...
by Steveocee
Wed Sep 25, 2019 10:59 am
Forum: General
Topic: /export hangs
Replies: 11
Views: 5206

Re: /export hangs

Can't say I've encountered this but what happens if you do /export filename=testexport ?? This puts the output into an rsc file in the root directory.
Does it still hang or does it complete?
by Steveocee
Tue Sep 24, 2019 12:59 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 313
Views: 92729

Re: wAP 60G experience

How are these smaller WAP60G's at doing around 250M?
Parents are moving very nearby and was going to throw a pair of NSM5Loco's up but then thought they might make a good target for an offsite backup location so Gigabit is tempting.
by Steveocee
Thu Sep 19, 2019 1:18 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 31
Views: 7906

Re: Hairpin not working

What if you temporarily add this rule? /ip firewall nat add action=masquerade chain=srcnat comment="TEMP" dst-port=2222 protocol=tcp dst-addresses=192.168.1.203 It will change source of all packets going to 192.168.1.203:2222, so that it will be router's internal address, same as it is wh...
by Steveocee
Wed Sep 18, 2019 11:02 am
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 31
Views: 7906

Re: Hairpin not working

You do not need both of these rules. add action=dst-nat chain=dstnat dst-address=routerWAN_IP dst-port=2222 protocol=tcp to-addresses=192.168.1.203 add action=dst-nat chain=dstnat comment="2222 from external" dst-port=2222 protocol=tcp to-addresses=192.168.1.203 If you are resolving by hos...
by Steveocee
Tue Sep 17, 2019 7:09 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 31
Views: 7906

Re: Hairpin not working

That was clearly the problem that i missed that part about destination IP and it`s quite logic :) Thank you! Now from LAN i can resolve with my external IP, BUT, now I can`t reach it from external network. The irony being that the DDNS/Address List part is in reference to directing to the dst-addre...
by Steveocee
Tue Sep 17, 2019 1:47 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 31
Views: 7906

Re: Hairpin not working

if heard right, he says that i`m finished if i do have static public IP Try watching further the entire video, it needs the port forward rules creating PROPERLY to work. He / I am quite sure if done properly it will work. Wont get it how adress list can help with hairpin. I have did as he shows wit...
by Steveocee
Tue Sep 17, 2019 11:04 am
Forum: Wireless Networking
Topic: hAP AC2+cAP AC Roaming is a joke [SOLVED]
Replies: 70
Views: 56904

Re: hAP AC2+cAP AC Roaming is a joke [SOLVED]

In the MikroTik world, roaming is still "up to the client to do" and this leads to all kinds of problems, especially when you are trying to carpet an area with WiFi coverage.
Which unfortunately usually puts you in a place where you have to specify the correct kit for the job.
by Steveocee
Tue Sep 17, 2019 10:59 am
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 23
Views: 10151

Re: GPeR question

Hello, 1) at what OSI layer this device work? at L1 like hub, or at L2 like switch? 2) what delay does this device add? 3) why distance is limited to 1500 m? 1) L2 although think of it more like L1. 2) None 3) Voltage droop It's actually incredible that the device is on the market. The closest I ha...
by Steveocee
Sun Sep 15, 2019 1:36 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 31
Views: 7906

Re: Hairpin not working

if heard right, he says that i`m finished if i do have static public IP
Try watching further the entire video, it needs the port forward rules creating PROPERLY to work.

He / I am quite sure if done properly it will work.
by Steveocee
Fri Sep 13, 2019 9:57 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 16
Views: 6711

Re: MikroTik CHR on AWS with IPSec [SOLVED]

This is all I have in mine. No need for anything else as I have a decent firewall on the CHR itself.
Capture.PNG
by Steveocee
Fri Sep 13, 2019 6:15 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 31
Views: 7906

Re: Hairpin not working

ok so I have added the rule to the top of my NAT rules:
add action=masquerade chain=srcnat comment="Hairpin" dst-address=\
192.168.1.0/24 src-address=192.168.1.0/24
and it`s not working
You clearly haven't done everything it says to then. There is more than just 1 line of srcnat.
by Steveocee
Fri Sep 13, 2019 6:13 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 16
Views: 6711

Re: MikroTik CHR on AWS with IPSec [SOLVED]

Why poke holes in a firewall you have little control over when you can forward all traffic to a firewall you have full control over? The option is easily accessible through MikroTik. If AWS don't give you option for it, make your life easier by putting a decent firewall on your CHR and pass everythi...
by Steveocee
Fri Sep 13, 2019 10:57 am
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 16
Views: 6711

Re: MikroTik CHR on AWS with IPSec [SOLVED]

The easiest way around that is to set Amazon AWS to forward "ALL" traffic onto the CHR istance rather than allowing specific ports and then control the firewall from the CHR. I did the registry hack on my laptop so it works from behind a NAT, my CHR at home works fine (+cool routing rules)...
by Steveocee
Thu Sep 12, 2019 6:18 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec [SOLVED]
Replies: 16
Views: 6711

Re: MikroTik CHR on AWS with IPSec [SOLVED]

I literally finished setting this up myself this morning. Absolutely as above. You get a private LAN which is 1:1 NAT with a real public IP. You need NAT traversal and the key for me was IPSEC-ESP being open in the firewall. My CHR at home connects no problem as well as parents RB750 but I had to do...
by Steveocee
Thu Sep 12, 2019 6:05 pm
Forum: General
Topic: RB951Ui 2HnD rebootiing spontaneously [SOLVED]
Replies: 4
Views: 1984

Re: RB951Ui 2HnD rebootiing spontaneously [SOLVED]

Sounds exactly like either wrong or faulting power supply. Make sure you have at least a 24v 500ma
by Steveocee
Thu Sep 12, 2019 12:13 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 31
Views: 7906

Re: Hairpin not working

Modify this to work as you need it:
https://www.youtube.com/watch?v=_kw_bQyX-3U






(Shameless plug but it DOES work)
by Steveocee
Wed Sep 11, 2019 5:20 pm
Forum: General
Topic: Public IP Routing
Replies: 6
Views: 2202

Re: Public IP Routing

What about a 1:1 NAT?
Would likely be the simplest option and easiest to implement.
by Steveocee
Wed Sep 11, 2019 3:50 pm
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 6253

Re: Bit confused by the existence of the hAP AC Lite?

I know it's been discussed before but it is a shame there isn't a consumer end with VDSL2 modem. You'd clean up in the UK - often the ISP provider WiFi routers are pretty unreliable esp. the older BT hubs. It is a crying shame 'Tik don't have anything with a combined modem however there are some ab...
by Steveocee
Tue Sep 10, 2019 7:04 pm
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 6253

Re: Bit confused by the existence of the hAP AC Lite?

The RBCAPAC (cAP ac) is probably the device I'd consider most often. Except I do rather like the simplicity of the Ubiquiti cloud controller - I need to have a look at Dude but my initial investigation suggests it runs on one of the devices, not in the cloud. Is MikroTik looking at something simila...
by Steveocee
Tue Sep 10, 2019 7:00 pm
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 6253

Re: Bit confused by the existence of the hAP AC Lite?

I agree for consumer use but MikroTik is also sold in the business space here where 100Mbit often isn't enough. I'm new to the MikroTik range and I'm simply evaluating replacing what I usually install (Ubiquiti) with their equipment. I love the power of RouterOS so I was looking through the range f...
by Steveocee
Tue Sep 10, 2019 12:28 pm
Forum: General
Topic: Is the RB3011 a good fit?
Replies: 8
Views: 2906

Re: Is the RB3011 a good fit?

The RB3011 had such potential and was severely let down. The RB4011 is the perfect successor to the RB2011 apart from coming in 1 form factor and being ugly as sin on 1U brackets.
by Steveocee
Tue Sep 10, 2019 11:24 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 255316

Re: RouterOS v7.0 beta1 - when?

There is no changelog, because this is the first and only release
Changelog:
v6.xx changed to reflect correct version v7.xx
by Steveocee
Mon Sep 09, 2019 10:15 pm
Forum: Wireless Networking
Topic: SXT LTE kit - nothing received on Band 20 (800 MHz)
Replies: 5
Views: 2831

Re: SXT LTE kit - nothing received on Band 20 (800 MHz)

Have you tried creating a specific APN? Was asked about one the other day operating similar and the solution was a specific APN needed adding in.
by Steveocee
Fri Sep 06, 2019 12:15 pm
Forum: Beginner Basics
Topic: Unstopable DSTNAT
Replies: 17
Views: 4869

Re: Unstopable DSTNAT

For future reference, the traffic between 2 IP addresses belonging to the same bridge and same subnet does NOT go through the firewall as it is a Layer-3 firewall (unless you have enabled the use-ip-firewall option under /interface bridge settings). @OP ^^^ this. Which is likely why none of your ro...
by Steveocee
Fri Sep 06, 2019 12:06 pm
Forum: Beginner Basics
Topic: Change DDNS name (Mikrotik cloud)
Replies: 11
Views: 10512

Re: Change DDNS name (Mikrotik cloud)

Just grab a domain and stick a CNAME on it.

You can think of any funky name you want then or go for the pro looking option router.mydomain.com
by Steveocee
Fri Sep 06, 2019 11:08 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 255316

Re: RouterOS v7.0 beta1 - when?

I don't speak Russian but I take it that the beta is now available? mt.lv/v7 ? Yes, only for ARM architecture and only for hap ac^2 and WAPGR LTE/4G/LTE-US testing, to get v7 ready for upcoming 5G products, according to Sergejs. support for remaining boards will gradually come out it has v6.45.5 fe...
by Steveocee
Fri Sep 06, 2019 10:49 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 255316

Re: RouterOS v7.0 beta1 - when?

I don't speak Russian but I take it that the beta is now available? mt.lv/v7 ?
by Steveocee
Wed Sep 04, 2019 11:08 am
Forum: Beginner Basics
Topic: CCR to CRS using S+DA0001 [SOLVED]
Replies: 7
Views: 2664

Re: CCR to CRS using S+DA0001

You won't be able to push that amount of traffic through the CPU on the CRS. The CRS is a switch, you can create the VLANs to be offloaded but if you are looking to start limiting speeds then really you want to be doing that from the CCR end.
by Steveocee
Wed Sep 04, 2019 11:05 am
Forum: Beginner Basics
Topic: Private IP on WAN interface - how to NAT incoming traffic?
Replies: 2
Views: 1124

Re: Private IP on WAN interface - how to NAT incoming traffic?

You don't need to do anything. The ISP is effectively NAT'ing all traffic with a destination of WAN.IP to your local WAN IP.

There is nothing complex about the scenario or that needs doing out of the ordinary.
by Steveocee
Wed Sep 04, 2019 11:01 am
Forum: Beginner Basics
Topic: Best VPN for Mikrotik / RouterOS
Replies: 10
Views: 17012

Re: Best VPN for Mikrotik / RouterOS

Good to know. I use third party VPNs on the client side devices themselves (pc- works on most browsers, and many streaming type devices aka Firestick). I am waiting for wireguard on the router and then life will be so much easier.
RouterOS v8.
by Steveocee
Mon Sep 02, 2019 2:56 pm
Forum: Beginner Basics
Topic: Firewall
Replies: 3
Views: 1378

Re: Firewall

Maybe post an export of your current firewall? It sounds like you don't have an accept established & related rule either.
by Steveocee
Fri Aug 30, 2019 2:39 pm
Forum: Beginner Basics
Topic: ping internal hostnames
Replies: 1
Views: 1166

Re: ping internal hostnames

That won't work as a DNS resolver for you unless you tick "Allow Remote Requests"
If you do that then make sure your firewall blocks requests from the WAN.

You should then be able to make static entries and ping them via hostname if you are using the MikroTik for DNS.
by Steveocee
Fri Aug 30, 2019 10:54 am
Forum: Beginner Basics
Topic: How can I Simutaneously apply QoS on my WLAN and LAN interfaces?
Replies: 1
Views: 1010

Re: How can I Simutaneously apply QoS on my WLAN and LAN interfaces?

A very open question. You'll get a lot of varying opinions on how to do this. Your hap lite isn't the strongest of CPU devices so really you want to use Mangle as little as possible as it will eat through CPU. Initially limit by interface using simple queues but the bigger question is what do you wa...
by Steveocee
Fri Aug 23, 2019 3:34 pm
Forum: RouterBOARD hardware
Topic: Connection between RB3011UiAS-RM & CSS326-24G-2S+RM via SFP
Replies: 2
Views: 2034

Re: Connection between RB3011UiAS-RM & CSS326-24G-2S+RM via SFP

I think you need to turn off auto negotiation on the CSS and force it to 1GB.
by Steveocee
Thu Aug 22, 2019 6:24 pm
Forum: Beginner Basics
Topic: How to effectively configure 6 hEX units ?
Replies: 5
Views: 1991

Re: How to effectively configure 6 hEX units ?

Configure 1 how you want it.
Do an /export and then do a full reset on the others and import the .rsc file you made from the first one.
by Steveocee
Wed Aug 21, 2019 1:16 pm
Forum: General
Topic: 100% CPU load in CCR 1009 [SOLVED]
Replies: 22
Views: 7727

Re: 100% CPU load in CCR 1009 [SOLVED]

Please check Tools>Profile and then click on the Start button.
It will show which process is causing high cpu usage.
^^^This
by Steveocee
Wed Aug 21, 2019 1:13 pm
Forum: General
Topic: Playstation NAT issues on 6.45.3
Replies: 3
Views: 2416

Re: Playstation NAT issues on 6.45.3

Firewall exactly the same on both units?

You really need to do a /export hide-sensitive so people can try to help.
by Steveocee
Wed Aug 21, 2019 1:10 pm
Forum: Beginner Basics
Topic: Network Making for (almost) Beginners
Replies: 10
Views: 2924

Re: Network Making for (almost) Beginners

A lot of what you have asked is something that will come with time/experience working with RouterOS and one or two of your points will require way more than a 1 post answer. Nearly a full tutorial for some. If your employer is serious about training you up and you will be using RB's day in and out t...
by Steveocee
Wed Aug 21, 2019 10:50 am
Forum: Beginner Basics
Topic: Bridge untagged ether1 with tagged vlan3 on ether1.
Replies: 10
Views: 3182

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Bridging isn't what is needed here. You have 2 separate segments on the same interface and you want to bring them together?

If you want the networks to talk to one another then you need to put a router between them.........so you have that bit sorted.
by Steveocee
Tue Aug 20, 2019 12:02 pm
Forum: Beginner Basics
Topic: Vlan first setup - help
Replies: 6
Views: 2402

Re: Vlan first setup - help

is ther any way to tag a computer? and make it be vlan 100 ? and then i could check it? or maybe there is another way yo check it's working? Thanks , Through the network manager you should be able to create a new interface, select VLAN, input the relevant VLAN ID and then you can choose DHCP client...
by Steveocee
Tue Aug 20, 2019 9:20 am
Forum: Beginner Basics
Topic: Vlan first setup - help
Replies: 6
Views: 2402

Re: Vlan first setup - help

It may work but I don’t think it was the reason why it wasn’t working. Simply you were trying to ping an ip within a vlan from outside of the vlan. You’re PC was not tagged therefore it was not on that network segment. Bridging the 3 interfaces is literally putting a cable from one network to anothe...
by Steveocee
Tue Aug 20, 2019 7:24 am
Forum: Beginner Basics
Topic: VPN
Replies: 4
Views: 1834

Re: VPN

Something along this kind of line should do what you need
/ip firewall nat add chain=srcnat src-address=10.0.0.2-10.0.0.20 dst-address=192.168.0.252 action=masquerade comment="VPN clients to LAN"
by Steveocee
Fri Aug 16, 2019 2:59 pm
Forum: General
Topic: I'm sure Mikrotik has a legit response to this...
Replies: 14
Views: 4657

Re: I'm sure Mikrotik has a legit response to this...

How many of these vulnerabilities though are still present when a competent person configures the router?
by Steveocee
Thu Aug 15, 2019 7:08 pm
Forum: General
Topic: QoS / Prioritisation on Variable Bandwidth Link
Replies: 6
Views: 2682

Re: QoS / Prioritisation on Variable Bandwidth Link

Thanks. That's a little disappointing. I was hoping there was a mechanism that would let the interface run at line rate, sending each outgoing packet as soon as the preceding one had been transmitted. Even quite basic routers will do that. I don't see how that could work with traffic types such as ...
by Steveocee
Wed Aug 14, 2019 3:36 pm
Forum: General
Topic: micro stutter and (probably) bufferbloat in certain INTERVALS
Replies: 4
Views: 1774

Re: micro stutter and (probably) bufferbloat in certain INTERVALS

It simply sounds like your carrier may be experiencing some intermittent interference. This likely won't be something you can mitigate with your own settings so ask them to investigate and provide some proof of jitter. A second point which unfortunately gets my fur up. If your career is dependant on...
by Steveocee
Wed Aug 14, 2019 12:41 pm
Forum: General
Topic: QoS / Prioritisation on Variable Bandwidth Link
Replies: 6
Views: 2682

Re: QoS / Prioritisation on Variable Bandwidth Link

You could script a bandwidth test to run every X amount of time and adjust your master queue limits to that. I do not know how you would get it to set 90% of the measured bandwidth though (as you don't want to set the full amount of speed for QoS) FQ_CoDel will do this without too much input but it ...
by Steveocee
Wed Aug 14, 2019 12:37 pm
Forum: Beginner Basics
Topic: MikroTik PPTP can access LAN but can not access internet
Replies: 1
Views: 1480

Re: MikroTik PPTP can access LAN but can not access internet

There should be an option in Windows to specify a route using the PPTP tunnel, you should just need to set it for 10.10.10.0/24 through the VPN.
by Steveocee
Tue Aug 13, 2019 5:05 pm
Forum: Beginner Basics
Topic: VPN
Replies: 4
Views: 1834

Re: VPN

You are on a different network so cannot natively reach the "LAN". Try creating a NAT rule from your VPN IP range as the traffic is from the WAN to the router and won't naturally go into your LAN.
by Steveocee
Wed Aug 07, 2019 2:05 pm
Forum: Wireless Networking
Topic: Question about antenna gain setting
Replies: 4
Views: 2647

Re: Question about antenna gain setting

I think it is dangerous the default antenna_gain is set to 0, as that will almost always result in illegal operation if the setting is not changed, especially for products with built-in antenna (here you would not expect the need to change any configuration, if you attached the antenna yourself you...
by Steveocee
Wed Aug 07, 2019 12:55 pm
Forum: Wireless Networking
Topic: Question about antenna gain setting
Replies: 4
Views: 2647

Re: Question about antenna gain setting

You need to enter the absolute value of the antenna gain.
RouterOS when factory defaulted has no way of knowing what antenna is connected to it so you need to input this data. RouterOS is an operating system which is deployed across various boards, it isn't device specific.
by Steveocee
Wed Aug 07, 2019 12:53 pm
Forum: General
Topic: marked routing not working
Replies: 5
Views: 2021

Re: marked routing not working

OK, Looking at Mangle, are you seeing both rules counters increment? Establish you are marking correctly first. Looking at your mangle rules, I would have probably approached it like this; #NAT (In my mind this adds another layer of security so you don't NAT traffic up the VPN that shouldn't go up t...
by Steveocee
Wed Aug 07, 2019 11:03 am
Forum: General
Topic: Mikrotik DNS Cache vs BIND9/Unbound server
Replies: 7
Views: 3698

Re: Mikrotik DNS Cache vs BIND9/Unbound server

Assuming you would still keep the central DNS server as a sort of primary? Would you then use the tower pppoe concentrators using the main central server to resolve and cache from?
by Steveocee
Wed Aug 07, 2019 10:57 am
Forum: General
Topic: marked routing not working
Replies: 5
Views: 2021

Re: marked routing not working

add distance=1 dst-address=0.0.0.0/0 gateway=tashivpn routing-mark=route_ta
That should work. You are specifying the dst-address as the LAN subnet which won't work.
Without self advertising too much I recently did a quick video on how to do policy based routing in the way you are using it here.
by Steveocee
Mon Aug 05, 2019 6:10 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 255316

Re: RouterOS v7.0 beta1 - when?

Forget v7.

v8 Needs to be rounded on. Use off the shelf drivers, get it out there, give the people what they want.

(I'll stick to my v6 though as it does almost everything I need).
by Steveocee
Fri Aug 02, 2019 3:56 pm
Forum: RouterBOARD hardware
Topic: RB3011 port flopping - bad design
Replies: 131
Views: 61813

Re: RB3011 port flopping - bad design

Have same problem on CRS326-24G-2S+ and CRS125-24G-1S
You have a different problem.
by Steveocee
Thu Aug 01, 2019 1:30 pm
Forum: General
Topic: Queuing bandwidth test [SOLVED]
Replies: 2
Views: 2080

Re: Queuing bandwidth test [SOLVED]

For a queue priority to work the tree needs to know it is getting to it's maximum. As you haven't set a max-limit then the tree won't ever prioritise one sub-tree (branch) over another.

Set a reasonable max-limit on "tree1" and it should start working.
by Steveocee
Thu Aug 01, 2019 11:32 am
Forum: Beginner Basics
Topic: Cannot get BT (UK) with PPPoE working :(
Replies: 5
Views: 1990

Re: Cannot get BT (UK) with PPPoE working :(

Are you certain the Draytek modem is acting as a modem and not routing to a DMZ'd IP address? I am UK based with similar setup (HG612 modem into a MikroTik) and when using BT had no issues at all. For a start don't use dial on demand, it's not needed. Can you post a /export hide-senstitive and I'll ...
by Steveocee
Fri Jul 19, 2019 6:00 pm
Forum: General
Topic: RB2011UiAS-RM - High CPU on Download
Replies: 6
Views: 2287

Re: RB2011UiAS-RM - High CPU on Download

Hate to be the one to ask.

Your WAN port is in 1-5 not 6-10? Only 1-5 are Gigabit.
by Steveocee
Fri Jun 28, 2019 12:48 pm
Forum: Beginner Basics
Topic: RB3011 Show LTE in Quickset
Replies: 13
Views: 3520

Re: WInBox Shuts down whenever I click on Quickset

I have a Mikrotik RB951Ui-2HnD Indoor Wireless Router and I installed winbox. However, whenever I login to my winbox and click on Quickset to configure my network, the winbox shuts down. How do I congigure my router without quickset I need ideas please. CHiditron Maybe try this https://forum.mikrot...
by Steveocee
Wed Jun 26, 2019 7:05 pm
Forum: Beginner Basics
Topic: make order in firewall rules
Replies: 7
Views: 1983

Re: make order in firewall rules

I like that, nice and simple
just like
Europe drop all for UK
UK drop all for Europe ;-P

Perhaps soon when landing in the UK, Canadian Citizens will join the quick colonials line at customs....... while the europeans wait in long peon lines!!
v7 will arrive before we leave!
by Steveocee
Wed Jun 26, 2019 7:03 pm
Forum: Beginner Basics
Topic: make order in firewall rules
Replies: 7
Views: 1983

Re: make order in firewall rules

NEVER use information from YouTube on managing a MikroTik router, it is full of crap advise.
Use the forum.
Apart from mine of course. I give crap advice on both YouTube AND the forum!!
by Steveocee
Wed Jun 26, 2019 5:46 pm
Forum: Beginner Basics
Topic: make order in firewall rules
Replies: 7
Views: 1983

Re: make order in firewall rules

Simply;
Allow related & established
Allow what you want to allow
Block everything else

Rules are processed in descending order so apply common sense.
by Steveocee
Tue Jun 25, 2019 5:30 pm
Forum: RouterBOARD hardware
Topic: hEX S & SFP S-RJ01
Replies: 5
Views: 5084

Re: hEX S & SFP S-RJ01

SFP port can be purposed however you need it to be.
Can you put the SFP into your :AN and connect a PC to it and access the router?
It sounds like hardware issue or negotiation problem between modem and SFP.
by Steveocee
Tue Jun 25, 2019 5:25 pm
Forum: General
Topic: RB3011 - PPPoE with 1 GbE?
Replies: 1
Views: 1109

Re: RB3011 - PPPoE with 1 GbE?

Are you using Fasttrack? The RB3011 can do this with FT.
by Steveocee
Fri Jun 14, 2019 4:37 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 10875

Re: single IP constantly trying to log to my Mikrotik

Create a firewall to drop it before any rules to accept PPTP input.
by Steveocee
Tue Jun 11, 2019 2:57 pm
Forum: RouterBOARD hardware
Topic: Mikrotik SFP / Cisco
Replies: 3
Views: 3360

Re: Mikrotik SFP / Cisco

Probably not massively helpful for you but I successfully use the Cisco GLC-SX-MM SFP's in all of my MT devices. Dirt cheap on the second hand market as well.
by Steveocee
Wed Jun 05, 2019 2:33 pm
Forum: Virtualization
Topic: How do i reinstall mikrotik license in new X86 VM
Replies: 3
Views: 6839

Re: How do i reinstall mikrotik license in new X86 VM

Older x86 licenses were done per installation per HDD. You'll be on an uphill struggle to get Mikrotik support to re-issue it for you as from what I've read they tend to only re-issue for damaged HDD's.
It will involve paying for a license but pay for a CHR license and never have this problem again.
by Steveocee
Mon Jun 03, 2019 4:04 pm
Forum: Beginner Basics
Topic: RB3011 Show LTE in Quickset
Replies: 13
Views: 3520

Re: RB3011 Show LTE in Quickset

Unhelpfully I'll echo the above. If the device is up and running and you can't bare to lose the config.
1)Back up your config NOW
2)Make changes manually and don't use quickset again
3)If you mess it up badly at least you have a backup now.
by Steveocee
Sat Jun 01, 2019 8:59 am
Forum: Forwarding Protocols
Topic: Qos playstation and xbox
Replies: 1
Views: 3470

Re: Qos playstation and xbox

Yes. Check IP>DHCP-SERVER>LEASES for the IP's of your devices, maybe make them static by double clicking and using "Make Static" IP>FIREWALL>MANGLE pre-routing mark src-address, one rule for one IP and another for the other. Mark connection and mark packet QUEUE>TREES> Create master upload...
by Steveocee
Sat Jun 01, 2019 8:48 am
Forum: Beginner Basics
Topic: HOW TO ADD GRANDSTREAM IP PHONE TO MIKROTIK ROUTEROS
Replies: 4
Views: 3426

Re: HOW TO ADD GRANDSTREAM IP PHONE TO MIKROTIK ROUTEROS

87.4 is the answer.....Well, that's the answer I've come to taking all of the specifics you've mentioned so far.

You are going to need to give a lot more information if you want help though. Maybe a diagram showing network layout, where the MikroTik is in relation to your phones and server?
by Steveocee
Sat Jun 01, 2019 8:41 am
Forum: General
Topic: Is CCR CPUs Physical Cores or threads?
Replies: 4
Views: 1744

Re: Is CCR CPUs Physical Cores or threads?

Cores. CCR is pure core quantity. That said, most tasks in RouterOS are single threaded so I'd argue that a strong Xeon would wipe the floor with Tilera in some applications. What are you planning on using the router for is the ultimate question? Are we talking as an Edge router or Firewall protecti...
by Steveocee
Sat Jun 01, 2019 8:38 am
Forum: Beginner Basics
Topic: Ban IP's / Drop connections of RDP Brute forcers
Replies: 6
Views: 2344

Re: Ban IP's / Drop connections of RDP Brute forcers

Exposing anything to that vast outside world will always incur hackers trying to be.......hackers. Usually but as you've already cut off, allowing only a set IP list is the answer. How about a VPN server? Then you don't have to expose any of your local devices directly to the internet?
by Steveocee
Sat Jun 01, 2019 8:34 am
Forum: Beginner Basics
Topic: Are these redundant dns firewall rules?
Replies: 2
Views: 1348

Re: Are these redundant dns firewall rules?

Without getting a look at all of your rules it's difficult to advise. Your setup must b vastly different to mine but I don't need either of those for local DNS to work.
by Steveocee
Thu May 16, 2019 10:53 am
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 1633

Re: How to PCQ this?

Target should point to internal subnet, rest looks good
I have 3 internal subnets so would that still work? If rather keep it a simple queue if I can, I know I could mangle & mark but if rather try to keep it simple.
by Steveocee
Wed May 15, 2019 8:06 pm
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 1633

Re: How to PCQ this?

OK, This is working as far as I speedtest from my PC and I can see the queue hitting limits. So it's correct in that it works, but is it correct in it's implementation?
/queue simple
add max-limit=55M/16M name=WAN_PCQ queue=pcq-download-default/pcq-upload-default target=pppoe-out1
by Steveocee
Wed May 15, 2019 8:01 pm
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 1633

How to PCQ this?

Hi, I just can't get my head around using PCQ to do what I want. Any help would be appreciated. This is for my internet connection which is a PPPoE client and I am using an SFQ rule as follows: /queue simple add max-limit=55M/16M name=WAN_CONTROL queue=default-sfq/default-sfq target=pppoe-out1 All I...
by Steveocee
Mon May 13, 2019 11:29 am
Forum: General
Topic: Got fq_codel yet?
Replies: 36
Views: 17476

Re: Got fq_codel yet?

I haven't found a suitable solution in other products either. The Ubiquiti solutions don't have enough throughput and have other problems. I don't IF/WHEN Mikrotik will ever get around to this, been waiting for a long time.. so I decided to bypass Mikrotik on this topic and built a Linux VM, passed...
by Steveocee
Fri May 10, 2019 1:57 pm
Forum: RouterBOARD hardware
Topic: Need more than one SFP interface at the level of $100 and $200
Replies: 8
Views: 2607

Re: Need more than one SFP interface at the level of $100 and $200

CRS326
CRS112
CRS305

?
Those are switches, not routers.
OP does not mention whether router or switch is needed, just that they want a cheap multi SFP unit.
Also CRS switches can route, maybe not a huge amount of traffic but can push over 100Mb with correct FT rules.
by Steveocee
Fri May 10, 2019 10:55 am
Forum: RouterBOARD hardware
Topic: mikrotik 4011 wot wifi - passes traffic but cannot login
Replies: 1
Views: 1273

Re: mikrotik 4011 wot wifi - passes traffic but cannot login

You need to give a bit more for people to be able to help you.
Can you post an /export hide-sensitive so people can see the problem?
by Steveocee
Fri May 10, 2019 10:52 am
Forum: Beginner Basics
Topic: cant view graphing
Replies: 6
Views: 2882

Re: cant view graphing

Do you have access to Winbox to the router? You can view the graphs through Winbox as well.
by Steveocee
Fri May 03, 2019 5:39 pm
Forum: General
Topic: CoDel support?
Replies: 46
Views: 20365

Re: CoDel support?

I have used fq_codel in multiple environments as solution when the internet connection is not fast enough for handling f.e. 100 computers under 100Mbps line needing it to be balanced that everyone has a small portion from the line and nobody can get full bandwith when somebody needs a little portio...
by Steveocee
Fri May 03, 2019 5:35 pm
Forum: Beginner Basics
Topic: Reset Factory Default without pressing Reset button [SOLVED]
Replies: 4
Views: 4601

Re: Reset Factory Default without pressing Reset button [SOLVED]

If you can't log into it then no you won't be able to reset it without using the button. If you could then it would be a huge risk for anyone with a MT router deployed.
by Steveocee
Wed May 01, 2019 9:17 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 255316

Re: RouterOS v7.0 beta1 - when?

Great idea but can’t see it happening.
Do Apple give updates on what their design and software team are working on?
by Steveocee
Tue Apr 30, 2019 10:57 am
Forum: Virtualization
Topic: Replaced 5yr old x86 with CHR (less than impressed)
Replies: 14
Views: 8155

Re: Replaced 5yr old x86 with CHR (less than impressed)

Maybe a conversation with Baltic networks as to what they'd expect to see?
If there are fundamental issues with the machine or the way it is set up, all you are doing is wasting your time trying to chase a potentially non existent problem around a user forum.
by Steveocee
Tue Apr 30, 2019 10:52 am
Forum: Virtualization
Topic: Why is there not a CHR ISO for bare metal ?
Replies: 5
Views: 7103

Re: Why is there not a CHR ISO for bare metal ?

I see this topic coming up time and again on here. Long & short of it is why no x64 build? The more I read about people wanting it the more I agree with them, I like many use the free ESXi installation and then visualise under that and would have happily ran x86 had it not been for the licensing...
by Steveocee
Sat Apr 20, 2019 9:32 am
Forum: Virtualization
Topic: CHR: Does Fast Track work? [SOLVED]
Replies: 2
Views: 15697

Re: CHR: Does Fast Track work? [SOLVED]

Correct. CHR does not support it as FT is done in hardware and MT cannot guarantee every CHR will have the relevant hardware to do this.
by Steveocee
Sat Apr 20, 2019 9:27 am
Forum: Beginner Basics
Topic: RB2011UiAS-RM WAN not achieve 1GBps
Replies: 4
Views: 2005

Re: RB2011UiAS-RM WAN not achieve 1GBps

The answer will undoubtedly be you need to use fast track but an example of your config is needed to ensure it's been put into place correctly.
by Steveocee
Wed Apr 10, 2019 2:04 pm
Forum: RouterBOARD hardware
Topic: Looping on ether3 on MikroTik RB951
Replies: 1
Views: 1080

Re: Looping on ether3 on MikroTik RB951

Try giving your bridge an admin MAC that isn't that of your ether interaces. I normally increment the first section of ether1 e.g. E4:XX:XX becomes E6:XX:XX
by Steveocee
Tue Apr 09, 2019 3:51 pm
Forum: General
Topic: Plex setup
Replies: 12
Views: 20936

Re: Plex setup

This is making me crazy. half the commands here don't even function in the Command line for some reason. either they have changed in the last year or ----hellifikknow. can this not be done through winbox? It can easily be done through Winbox however your problem is this: Annotation 2019-04-09 13481...
by Steveocee
Sat Apr 06, 2019 10:52 pm
Forum: Virtualization
Topic: CHR-Aws
Replies: 2
Views: 4672

Re: CHR-Aws

How can we answer your question if we don’t know what your going to use it for?
by Steveocee
Sat Apr 06, 2019 10:50 pm
Forum: Virtualization
Topic: CHR does not transmit frames with VLAN tags from bridge
Replies: 6
Views: 11400

Re: CHR does not transmit frames with VLAN tags from bridge

What happens if you change the vlan ID? Try using anything other than 1.

Sounds mad but in my mind I had a problem similar and it was caused by this and we’re talking about MikroTik.
by Steveocee
Wed Apr 03, 2019 3:52 pm
Forum: RouterBOARD hardware
Topic: Port Will Not Negotiate 1Gbps
Replies: 5
Views: 1952

Re: Port Will Not Negotiate 1Gbps

What PoE are you using? Air Fibres in my experience can be a bit touchy.
by Steveocee
Wed Apr 03, 2019 3:41 pm
Forum: Wireless Networking
Topic: Single SSID multiple passwords
Replies: 8
Views: 4447

Re: Single SSID multiple passwords

In short you can't have the same SSID with 2 different passwords on the same wireless chip. On the interface you set the security profile. A dual band router you can set the same SSID with different security profiles BUT if a device strays from one band to the other then it will get an error and dro...
by Steveocee
Tue Apr 02, 2019 6:54 pm
Forum: General
Topic: Raw disk image(img) - inpossible to booting from flash
Replies: 8
Views: 4121

Re: Raw disk image(img) - inpossible to booting from flash

It's likely CHR doesn't have drivers for your hardware (disk) so it can't find root filesystem and fails to boot. Sadly there are no kernel messages so you don't really know what's happening.
Or it's designed to be run virtually and not on bare metal.
by Steveocee
Tue Apr 02, 2019 6:52 pm
Forum: Wireless Networking
Topic: How to list devices around mk?
Replies: 5
Views: 1784

Re: How to list devices around mk?

Wireless scanner works well. It's under the wireless tab in Winbox.
by Steveocee
Tue Apr 02, 2019 6:51 pm
Forum: Wireless Networking
Topic: Single SSID multiple passwords
Replies: 8
Views: 4447

Re: Single SSID multiple passwords

I understand what you are trying to achieve but have to ask, Why?
Just spin a second WLAN up and let them have a "-Guest" of your main SSID.
by Steveocee
Tue Apr 02, 2019 6:50 pm
Forum: Wireless Networking
Topic: problem with 2hspn
Replies: 1
Views: 903

Re: problem with 2hspn

Are you connecting over wireless or through ethernet? Try connecting via ethernet and use MAC address not IP.
by Steveocee
Tue Apr 02, 2019 6:49 pm
Forum: Wireless Networking
Topic: LHG 60G default configuration for beginners
Replies: 1
Views: 1367

Re: LHG 60G default configuration for beginners

Reset the units, as a default pair they will talk to each other.
~Then discover safe mode.
by Steveocee
Tue Apr 02, 2019 6:48 pm
Forum: Wireless Networking
Topic: 34km link low CCQ
Replies: 13
Views: 3813

Re: 34km link low CCQ

Have you tried reducing channel width? Try it at 20Mhz and see if the CCQ improves. If it is fine, bump it up to 40Mhz and retry until you find where it is bad.
by Steveocee
Tue Apr 02, 2019 6:36 pm
Forum: Beginner Basics
Topic: DNS issue on vlan OR Not
Replies: 4
Views: 1137

Re: DNS issue on vlan OR Not

export hide-sensitive file=yourexport
:lol: Couldn't help myself.....Sorry.
by Steveocee
Tue Apr 02, 2019 2:52 pm
Forum: General
Topic: Raw disk image(img) - inpossible to booting from flash
Replies: 8
Views: 4121

Re: Raw disk image(img) - inpossible to booting from flash

They are designed to be used in a virtual environment, not directly installed on hardware.
by Steveocee
Sat Mar 30, 2019 2:17 pm
Forum: General
Topic: CoDel support?
Replies: 46
Views: 20365

Re: CoDel support?

I just spent this past weekend comparing fq_codel(smart queue) on a ubiquiti edgerouter with sfq on mikrotik. With all this talk of how great codel is I expected the performance difference to be huge. After doing extensive testing with various configs in different scenarios, I didn't find one syste...
by Steveocee
Wed Mar 27, 2019 11:02 pm
Forum: General
Topic: X86_64 ROS - 64bit Mikrotik [SOLVED]
Replies: 92
Views: 72013

Re: X86_64 ROS - 64bit Mikrotik [SOLVED]

I can’t see them doing it..... they’ve previously been very vocal that you should run CHR if you don’t want to use a routerboard.
by Steveocee
Wed Mar 27, 2019 10:34 am
Forum: Beginner Basics
Topic: What is the best outdoor wireless access point
Replies: 9
Views: 2622

Re: What is the best outdoor wireless access point

Perhaps think outside the container. :-) (1) WAN or MultiWAN input to main Router (2) Router ethernet too Outdoor Multipoint Omni TX device of some sort (in close proximity LOS) to containers. (3) Each Container equipped with a receiving antenna (to ethernet cable built-in) to AP inside container w...
by Steveocee
Wed Mar 27, 2019 10:31 am
Forum: Beginner Basics
Topic: Firewall rule Order
Replies: 3
Views: 2015

Re: Firewall rule Order

Rules are processed top down. Allow only what you want and block everything else.
Your most used rules at the top (established & related)
I stick a drop invalid packets here
Accept stuff you want
Drop everything else
by Steveocee
Wed Mar 27, 2019 10:28 am
Forum: Beginner Basics
Topic: How do you turn on hEX's DMZ?
Replies: 16
Views: 8149

Re: How do you turn on hEX's DMZ?

after trying a bunch of the command line suggestions from old threads
Does anyone know how to write the actual DMZ command?
It's just a port forward that forwards everything from your inbound WAN interface to an IP on your LAN.
by Steveocee
Wed Mar 27, 2019 10:26 am
Forum: General
Topic: CoDel support?
Replies: 46
Views: 20365

Re: CoDel support?

Not available (yet) but both SFQ and PCQ can provide a solution if you don't have brand flexibility. Correct me if I'm wrong (and I appreciate that you are trying to find a workaround), but my understanding is those require something with fixed bandwith that you can tune the settings to. Isn't the ...
by Steveocee
Mon Mar 25, 2019 6:46 pm
Forum: Beginner Basics
Topic: CRS328-24P-4S+RM as an internet router
Replies: 6
Views: 1901

Re: CRS328-24P-4S+RM as an internet router

I'm fairly sure you could push 300Mb+ using fast track. It won't ever really do BGP and be an edge router but would be more than capable for simple home and small office routing.
by Steveocee
Mon Mar 25, 2019 6:43 pm
Forum: General
Topic: IP is up on port that's down
Replies: 3
Views: 1468

Re: IP is up on port that's down

I kind of understand where you are coming from but that's not necessarily how it works.
By disabling the interface you are disabling the physical access on that side of the interface. Think of the IP sitting between the CPU and the interface you're assigning it to.
by Steveocee
Sun Mar 24, 2019 3:21 pm
Forum: RouterBOARD hardware
Topic: More "Power" for CRS112-8P-4S-IN
Replies: 4
Views: 2028

Re: More "Power" for CRS112-8P-4S-IN

Fast track should see you up to 150Mb
by Steveocee
Wed Mar 20, 2019 4:09 pm
Forum: Beginner Basics
Topic: RB3011UiAS-RM Speeds
Replies: 5
Views: 2139

Re: RB3011UiAS-RM Speeds

Something very wrong there. Even the RB2011 could do 350Mb without fast track!
Config will tell the story.
by Steveocee
Tue Mar 19, 2019 12:43 pm
Forum: Virtualization
Topic: CHR Hardware
Replies: 20
Views: 20489

Re: CHR Hardware

Will you be licensing your ESXi installations? If not you can only use 8 vCPU's per machine so you'd have a lot of redundant cores. Saying that it's better to run WITHOUT HT for CHR so only 4 over.
by Steveocee
Mon Mar 18, 2019 10:44 pm
Forum: Beginner Basics
Topic: RB2011UiAS-2HnD-IN antennas
Replies: 1
Views: 817

Re: RB2011UiAS-2HnD-IN antennas

You may have been better buying a connectorised radio such as a Netbox or Netmetal.
I would generally advise leaving the antennas alone on the RB2011
by Steveocee
Mon Mar 18, 2019 9:42 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 9125

Re: Block port tcp/udp

Your router is very vulnerable. If it is public facing you need to update it and at a minimum put a public facing firewall on it.
by Steveocee
Mon Mar 18, 2019 6:05 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 9125

Re: Block port tcp/udp

IP>Firewall>Service Port isn't "the" service. It's a service helper. A very bad one at that. Do you have any port forwards? Are you using UPnP? 5060 is generally used for VOIP/SIP, do you have anything that uses that on your network? You could make a rule to drop it however surely your fir...
by Steveocee
Mon Mar 18, 2019 4:00 pm
Forum: Beginner Basics
Topic: CCR1016-12G VPN to discover ubiquiti radios for UNMS
Replies: 4
Views: 1795

Re: CCR1016-12G VPN to discover ubiquiti radios for UNMS

You won't be able to use discovery tool unless you use some kind of EOIP solution. UBNT discovery requires being on the same broadcast network which you won't be going in through VPN even though you can access the IP's.
by Steveocee
Mon Mar 18, 2019 12:59 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM idle power consumption
Replies: 6
Views: 7705

Re: CRS328-24P-4S+RM idle power consumption

Here is my CRS328-24P-4S+RM Annotation 2019-03-18 105542.png This is running; 3 data only ports 3 48v ports running 2 UniFi AC Pro's and a PoE splitter for modem. 3 24v ports Running 2 UniFi CCTV cameras and an NSM5 3 SFP's I didn't think consumption was too bad to be fair bearing in mind I also run...
by Steveocee
Tue Mar 12, 2019 5:25 pm
Forum: General
Topic: Why (not) use Hairpin NAT
Replies: 28
Views: 10139

Re: Why (not) use Hairpin NAT

Firstly, thank you for linking my video 8) I use home.mydomain.com for getting into certain things remotely and from home. These are differentiated by port number. I can't do that with internal DNS so it suits me quite well. I shared what I found as I initially had a lot of problems getting a hairpi...
by Steveocee
Tue Mar 12, 2019 4:51 pm
Forum: Beginner Basics
Topic: Connecting two routers in two buildings with cable
Replies: 8
Views: 2887

Re: Connecting two routers in two buildings with cable

Hello, I'm assuming that the /16s are just to summarize local subnets and you don't have such a big network. Otherwise, break the subnet down to smaller ones (like /24). Also, I'd probably go with fiber regardless since your working with two buildings. Fiber will insulate you from grounding issues,...
by Steveocee
Mon Mar 11, 2019 1:25 pm
Forum: RouterBOARD hardware
Topic: CRS309-1G-8S+IN (General questions and experience)
Replies: 7
Views: 4010

Re: CRS309-1G-8S+IN (General questions and experience)

Liked & Subbed.
Nice to see well made content.
by Steveocee
Mon Mar 11, 2019 1:18 pm
Forum: Wireless Networking
Topic: 10Gb on RB2011 - bad idea?
Replies: 6
Views: 2240

Re: 10Gb on RB2011 - bad idea?

Great idea. Shame the RB2011 only has SFP and not SFP+ so won't do a 10Gb connection.
by Steveocee
Mon Mar 11, 2019 11:51 am
Forum: Beginner Basics
Topic: Firewall rules
Replies: 6
Views: 1585

Re: Firewall rules

You need hairpin NAT.
by Steveocee
Sun Mar 10, 2019 8:57 am
Forum: General
Topic: RB3011 and 10GB SFP
Replies: 3
Views: 3333

Re: RB3011 and 10GB SFP

Bummer, no worries. Thanks for the compatibility link! I'm not sure if anyone can verify or has tried but do the Cisco 1GB SFP's work with MikroTik routers? I've got a couple laying around at my parents i was thinking of having them ship me. Cisco GLC-SX-MM work absolutely fine. I picked a load up ...
by Steveocee
Sun Mar 10, 2019 8:31 am
Forum: Beginner Basics
Topic: HELP: how to per ip shaping?
Replies: 10
Views: 3888

Re: HELP: how to per ip shaping?

If i set 50m/50m in simple queue maxlimit, shaping will not work. Now, I set my values to 40m/40m and it worked. Why is that? Queue will only apply once you hit the max limit, if you set it higher than your connection can go then it will never apply itself. It going red only signifies traffic is ne...
by Steveocee
Sun Mar 10, 2019 8:21 am
Forum: Beginner Basics
Topic: Help with WAN bandwidth limiting
Replies: 12
Views: 3964

Re: Help with WAN bandwidth limiting

it's rx/tx , I think, so upload or download depending on that interface / target you apply it to.
Correct, however it is done from client of interface perspective so for pppoe interface the values do reverse.
by Steveocee
Fri Mar 08, 2019 3:52 pm
Forum: General
Topic: hEX S shows activity on disabled SFP port without a link
Replies: 6
Views: 1683

Re: hEX S shows activity on disabled SFP port without a link

Faulty hardware. Recently had similar with a CCR thinking ether5-7 was connected when they weren't.
by Steveocee
Fri Mar 08, 2019 2:35 pm
Forum: Wireless Networking
Topic: Configuring a Single SSID WLAN with Two wAP AC (RBwAPG-5HacT2HnD-US) and one hEX (RB750Gr3)
Replies: 6
Views: 1896

Re: Configuring a Single SSID WLAN with Two wAP AC (RBwAPG-5HacT2HnD-US) and one hEX (RB750Gr3)

Roaming is done by the client. You can only try to encourage it.
Make sure you use the same encryption method and key and try to separate the wireless channels as far as you can. It can help to stick a minimum RSSI of around -75 on to discourage sticky clients.
by Steveocee
Thu Mar 07, 2019 8:31 pm
Forum: General
Topic: RB4011 real world speed tests
Replies: 12
Views: 10332

Re: RB4011 real world speed tests

I think btest is limiting your results.
by Steveocee
Thu Mar 07, 2019 5:12 pm
Forum: General
Topic: RB4011 real world speed tests
Replies: 12
Views: 10332

Re: RB4011 real world speed tests

Just finished bandwidth test
What did you use to test?
25% on a quad core CPU device means 1 core was running at 100% whilst the others were idle.
by Steveocee
Thu Mar 07, 2019 4:49 pm
Forum: General
Topic: Interface shows R (running) when it's not
Replies: 9
Views: 5656

Re: Interface shows R (running) when it's not

You won't.

The interface on your CHR will always be connected to the vSwitch/port group in ESXi.
by Steveocee
Thu Mar 07, 2019 4:44 pm
Forum: RouterBOARD hardware
Topic: mikrotik 4011 not all ports leds are blinking
Replies: 1
Views: 1347

Re: mikrotik 4011 not all ports leds are blinking

Broken?

It does sound like there is a fault with the hardware there with the LED's being vertically stacked, bad track on the board probably.
by Steveocee
Thu Mar 07, 2019 1:57 pm
Forum: Wireless Networking
Topic: Back to back LHGG-60ad Ptp link (relay) [SOLVED]
Replies: 10
Views: 3814

Re: Back to back LHGG-60ad Ptp link (relay) [SOLVED]

This forum sometimes! The guy sis asking what seems a really simple question, can he back to back two of the 60Ghz links, the answer is yes. Who mentioned dual radios and PtMP? Radio A <WIRELESS> Radio B <CAT5> Radio C <WIRELESS> Radio D. Is there some additional text in the same colour as the page...
by Steveocee
Wed Mar 06, 2019 4:18 pm
Forum: RouterBOARD hardware
Topic: No beeper on HAP AC2
Replies: 6
Views: 7971

Re: No beeper on HAP AC2

Lets be honest though, the only use the beeper really gets is when you're bored and you want to play the Mario tune?
by Steveocee
Wed Mar 06, 2019 1:47 pm
Forum: General
Topic: How can i use datacenter multi ip on dsl?
Replies: 3
Views: 974

Re: How can i use datacenter multi ip on dsl?

You could set up a VPN in the datacenter. I need to ask though, why do you need that many IP's on your home connection? Have you heard of this amazing thing called NAT?
by Steveocee
Wed Mar 06, 2019 1:38 pm
Forum: Wireless Networking
Topic: wAP 60G AP to wAP 60G AP
Replies: 1
Views: 894

Re: wAP 60G AP to wAP 60G AP

Use bridge, not AP bridge and it will work.
Also ensure you have correctly set SSID and password.
by Steveocee
Wed Mar 06, 2019 10:37 am
Forum: Wireless Networking
Topic: New LHG 4G kit - RBLHGR&R11e-4G
Replies: 7
Views: 2124

Re: New LHG 4G kit - RBLHGR&R11e-4G

Hi Steveocee Thanks for your reply, have you found the new equipment gives greater range or is it about the same?. You might be better on EE as they use the 1800Mhz band where I can get clients pulling down up to 85Mb. O2 only work on the 800Mhz channel which I've found Ok but speeds rarely go abov...
by Steveocee
Wed Mar 06, 2019 10:34 am
Forum: Wireless Networking
Topic: Back to back LHGG-60ad Ptp link (relay) [SOLVED]
Replies: 10
Views: 3814

Re: Back to back LHGG-60ad Ptp link (relay) [SOLVED]

This forum sometimes! The guy sis asking what seems a really simple question, can he back to back two of the 60Ghz links, the answer is yes. Who mentioned dual radios and PtMP? Radio A <WIRELESS> Radio B <CAT5> Radio C <WIRELESS> Radio D. Is there some additional text in the same colour as the page ...
by Steveocee
Tue Mar 05, 2019 5:47 pm
Forum: Beginner Basics
Topic: RB4011 5Ghz Wifi unstable
Replies: 7
Views: 6524

Re: RB4011 5Ghz Wifi unstable

Having the device set to Auto is probably the worst way of operating the unit. It needs to be configured correctly otherwise it'll be all over the place.
Please give some details or config you have as an example (don't forget the country you are in) and I'm sure people on here will help you.
by Steveocee
Tue Mar 05, 2019 5:44 pm
Forum: Wireless Networking
Topic: Back to back LHGG-60ad Ptp link (relay) [SOLVED]
Replies: 10
Views: 3814

Re: Back to back LHGG-60ad Ptp link (relay) [SOLVED]

It will work as well as daisy-chaining switches will work.

As @mistry7 has already said, loosely there are 4 channels. 58, 60, 62 and 64 Ghz. Just don't reuse the same channel back to back and you'll be fine.
by Steveocee
Tue Mar 05, 2019 5:42 pm
Forum: Beginner Basics
Topic: 2 firmware update locations ?
Replies: 7
Views: 1732

Re: 2 firmware update locations ?

You are up to date.

You have a "current" firmware (think of as BIOS) and a "factory firmware" which you will never be able to upgrade and is there purely for in case of emergency.
by Steveocee
Tue Mar 05, 2019 5:32 pm
Forum: General
Topic: dynamic ip in a dst-nat rule
Replies: 5
Views: 2573

Re: dynamic ip in a dst-nat rule

This won't be totally applicable but it explains how to get the dynamic bit down far easier than my typing will do.
https://www.youtube.com/watch?v=_kw_bQyX-3U
by Steveocee
Tue Mar 05, 2019 5:31 pm
Forum: General
Topic: VPN & 2 pppoe issue
Replies: 3
Views: 1119

Re: VPN & 2 pppoe issue

You should probably post your config as this will give us a better idea of what you have done and where it can be fixed. Make sure to use "hide-sensitive" flag so no personal information is posted.
by Steveocee
Tue Mar 05, 2019 5:28 pm
Forum: Beginner Basics
Topic: problem connecting to cctv from my local wifi network
Replies: 2
Views: 1032

Re: problem connecting to cctv from my local wifi network

Sounds like you need hairpin NAT. Youtube has some excellent videos on how to do it (mine being one of them).
by Steveocee
Tue Mar 05, 2019 5:27 pm
Forum: Beginner Basics
Topic: Help with WAN bandwidth limiting
Replies: 12
Views: 3964

Re: Help with WAN bandwidth limiting

OP has stated line saturation is causing the PPPoE connection to drop and has sensibly suggested a limit of the PPPoE interface, I honestly don't know where the logic in limiting users individually came from there? @OP the solution from @solar77 is perfect for you. Be aware though I think when you s...
by Steveocee
Tue Mar 05, 2019 5:16 pm
Forum: Beginner Basics
Topic: I've locked myself out of the router admin interface.
Replies: 2
Views: 1065

Re: I've locked myself out of the router admin interface.

I'm sure this will be a vlaid reason why not but.....plug into ether9?
by Steveocee
Tue Mar 05, 2019 3:45 pm
Forum: Wireless Networking
Topic: New LHG 4G kit - RBLHGR&R11e-4G
Replies: 7
Views: 2124

Re: New LHG 4G kit - RBLHGR&R11e-4G

Have had one on test for a couple of weeks. As I move about from client to client I've been doing some very barbaric speedtest.net results and comparing.

The long and short of my findings was give up if you plan on using O2 network.

Awaiting an EE SIM to see if things improve.
by Steveocee
Tue Mar 05, 2019 10:52 am
Forum: Beginner Basics
Topic: Control kids iPad usage time
Replies: 9
Views: 2938

Re: Control kids iPad usage time

As a parent of a 2, 3, 5 and 8 year old speaking. Have you considered saying "No"? No scripting needed.
The only "script" you'd possibly need is a CD set to loop saying no :lol:
Tell me about it. Hindsight eh?
by Steveocee
Mon Mar 04, 2019 6:48 pm
Forum: General
Topic: Outgoing SSH traffic is blocked
Replies: 7
Views: 3114

Re: Outgoing SSH traffic is blocked

*Fixed* Don't think my problem was related. I have a route policy on site that tells it to send certain devices up a VPN. I managed to go "to" the device down the WAN and then it was trying to respond back up the VPN hence firewalls blocking packets from unexpected sources. Good luck to th...
by Steveocee
Mon Mar 04, 2019 6:46 pm
Forum: General
Topic: Outgoing SSH traffic is blocked
Replies: 7
Views: 3114

Re: Outgoing SSH traffic is blocked

How strange.
I have just come across this problem myself. I am port forwarding from a specific remote IP back into my network and using torch I can see the LAN device trying to get back to it with dst IP but it simply isn't available.
by Steveocee
Sat Mar 02, 2019 7:09 am
Forum: Wireless Networking
Topic: 60Ghz 2.4km - possible?
Replies: 41
Views: 14412

Re: 60Ghz 2.4km - possible?

Just use a weird 5GHz channel nobody else is using
Losing a bucket of throughput, opening yourself up to local noise and losing full duplex.

I currently have a 2.4Km link on trial, it's struggling.
by Steveocee
Fri Mar 01, 2019 5:26 pm
Forum: Beginner Basics
Topic: Introduction to RouterOS documentation
Replies: 13
Views: 2426

Re: Introduction to RouterOS documentation

Hi Colin, Welcome to the world of MikroTik. Very little official documentation, lots of user input (with multiple solutions to 1 issue normally) and an extremely steep learning curve. Use the default config to start with, adapt it to get you "online" and then study it from there to unders...
by Steveocee
Fri Mar 01, 2019 4:39 pm
Forum: General
Topic: 2x CRS112 Loop with single uplink? [SOLVED]
Replies: 1
Views: 1420

Re: 2x CRS112 Loop with single uplink? [SOLVED]

Your bridge is using the MAC address of your ether port.

Set an admin-mac of your ether interface (I always use ether1 for continuity) but increment the second character EG 00:AA: becomes 02:AA

Will get rid of the error for you.
by Steveocee
Fri Mar 01, 2019 4:35 pm
Forum: Beginner Basics
Topic: Introduction to RouterOS documentation
Replies: 13
Views: 2426

Re: Introduction to RouterOS documentation

Hi Colin, Welcome to the world of MikroTik. Very little official documentation, lots of user input (with multiple solutions to 1 issue normally) and an extremely steep learning curve. Use the default config to start with, adapt it to get you "online" and then study it from there to underst...
by Steveocee
Fri Mar 01, 2019 10:50 am
Forum: RouterBOARD hardware
Topic: Passive PoE: MikroTik and Ubiquiti
Replies: 6
Views: 7603

Re: Passive PoE: MikroTik and Ubiquiti

I use G3's connected to a CRS328, works fine with no problems. I changed from a UniFi 8 port switch last week and to be honest didn't even remember the G3's are 24v only. I've been really impressed with the CRS328 so far.
by Steveocee
Thu Feb 28, 2019 4:36 pm
Forum: Beginner Basics
Topic: Control kids iPad usage time
Replies: 9
Views: 2938

Re: Control kids iPad usage time

As a parent of a 2, 3, 5 and 8 year old speaking. Have you considered saying "No"? No scripting needed.
by Steveocee
Thu Feb 28, 2019 3:35 pm
Forum: General
Topic: hap Mini
Replies: 10
Views: 3050

Re: hap Mini

lil0's OP The free space thing could be a problem, remove all packages you don't need. Remove all files you don't need (or at least back them up). Let's face it, do you need MPLS and BGP on this device? Probably not, be brutal, remove everything you don't need. I use a hAP Mini as a travel router a...
by Steveocee
Thu Feb 28, 2019 3:33 pm
Forum: General
Topic: hap Mini
Replies: 10
Views: 3050

Re: hap Mini

To be honest, this shouldn't escalate to an last resort like netinstall - the small size is not good because does not allow to use all compatible features simultaneously, it's like installing Linux and only be able to execute X11 or Console(tty) but not both - it is damaging the brand, and SPI Flas...
by Steveocee
Thu Feb 28, 2019 3:20 pm
Forum: General
Topic: Remote SSH access Issue Via NAT
Replies: 4
Views: 1552

Re: Remote SSH access Issue Via NAT

If the modem is truly in bridge mode then you won't be able to access it via the WAN through SSH. Your SSH should be hitting the MikroTik. This would only not be the case if it wasn't actually in bridge mode and was routing and your MikroTIk was simply taking a LAN connection from it. I use a modem ...
by Steveocee
Thu Feb 28, 2019 3:12 pm
Forum: Beginner Basics
Topic: Need help opening ports for Torrents on RB2011iLS-IN
Replies: 11
Views: 9077

Re: Need help opening ports for Torrents on RB2011iLS-IN

I really can't begin to tell you what a bad idea that is. So you're downloading P2P, maybe one of the files is infected, this then generates multiple services on the host, all of which then tell your router to open up ports which it does because UPnP is on which then enables more malicious software ...
by Steveocee
Mon Feb 25, 2019 8:43 pm
Forum: Beginner Basics
Topic: CRS112-8G-4S-IN question
Replies: 1
Views: 1009

Re: CRS112-8G-4S-IN question

Bridge all ports and enable hardware offload so it uses switch chip rather than CPU.
Job done.
by Steveocee
Mon Feb 25, 2019 8:41 pm
Forum: Beginner Basics
Topic: Control kids iPad usage time
Replies: 9
Views: 2938

Re: Control kids iPad usage time

IP>Kid Control
Maybe it won't limit to 30 mins per day but it's a start to minimise watch time.
by Steveocee
Fri Feb 22, 2019 5:08 pm
Forum: RouterBOARD hardware
Topic: SFP in SFP+ question
Replies: 2
Views: 1138

Re: SFP in SFP+ question

Dropped a bunch of Cisco GLC-SX-MM's into a CRS328-24P-4S+RM yesterday and all worked absolutely fine with auto negotiation. The "B" end's were a CRS125, CRS112 and UniFi 8 port.
by Steveocee
Fri Feb 22, 2019 5:05 pm
Forum: General
Topic: Mikrotik RB951G USB Port
Replies: 2
Views: 2828

Re: Mikrotik RB951G USB Port

The menu is under IP>SMB, you can create the share in there but for an honest opinion, it will be hideous to use. As it is USB2 based the transfer speed will be very slow and you'll have far less headache with a "real" NAS unit.
by Steveocee
Thu Feb 21, 2019 12:32 pm
Forum: Beginner Basics
Topic: L2TP/IPsec connection without sharing internet [SOLVED]
Replies: 6
Views: 9446

Re: L2TP/IPsec connection without sharing internet [SOLVED]

You can use mangle to add routing marks then set the appropriate routing marks in your IP>Routes. Use mangle to identify either src or destination and then apply either an "in-vpn" or "out-vpn" mark to it. I use very similar to identify specific LAN devices to be able to use my w...
by Steveocee
Thu Feb 21, 2019 12:16 pm
Forum: Beginner Basics
Topic: 2 Public IP
Replies: 3
Views: 1115

Re: 2 Public IP

No problem at all. I've recently spun something similar up for a customer request. My use case was pppoe-out1 with static IP X.X.X.1 and then it had a /29 of routed IP's Y.Y.Y.0/29 of which each port in the router (RB3011) was going to have a different LAN range but traffic coming from a correspondi...
by Steveocee
Tue Feb 19, 2019 10:14 pm
Forum: Beginner Basics
Topic: Forum have BUG 5 (five) years.
Replies: 9
Views: 3264

Re: Forum have BUG 5 (five) years.

Yeah @support !!! Why didn't you know this guy had problems for 5 years? Be more like Huawei and spy on your users data so we can complain about that instead!
by Steveocee
Tue Feb 19, 2019 10:11 pm
Forum: Beginner Basics
Topic: hairpin nat/routing [SOLVED]
Replies: 9
Views: 9570

Re: hairpin nat/routing [SOLVED]

Have a watch through this. Will explain everything you need.
https://www.youtube.com/watch?v=_kw_bQyX-3U&t=1s
by Steveocee
Wed Feb 13, 2019 3:48 pm
Forum: Beginner Basics
Topic: RB4011 not working? [SOLVED]
Replies: 2
Views: 2248

Re: RB4011 not working? [SOLVED]

Download Winbox and try L2 connection, no IP needed.
by Steveocee
Tue Feb 05, 2019 11:35 am
Forum: General
Topic: DNS resolution vulnerability
Replies: 14
Views: 4048

Re: DNS resolution vulnerability

This just sounds like you didn't set up your firewall properly. Not a vulnerability. If you enable DNS cacheing then the router will do it regardless, it is up to you then as the user to ensure that only requests you want answered are responded to. Usually a dro pUDP-53 rule from the WAN interface i...
by Steveocee
Wed Jan 30, 2019 2:59 pm
Forum: RouterBOARD hardware
Topic: hap mini, is 'foot' removeable?
Replies: 5
Views: 1955

Re: hap mini, is 'foot' removeable?

Forgot I made that video.
by Steveocee
Wed Jan 30, 2019 2:57 pm
Forum: Beginner Basics
Topic: DNS server behaviour
Replies: 5
Views: 1858

Re: DNS server behaviour

Yeah your config sounds screwed up. With a drop rule there should be no need for an extra rule in there. Also after the drop rule there should be no hits on any input rules........ This. Unless you have an established & related rule and the requests are coming form the same hosts and by some wi...
by Steveocee
Tue Jan 29, 2019 6:59 pm
Forum: RouterBOARD hardware
Topic: hap mini, is 'foot' removeable?
Replies: 5
Views: 1955

Re: hap mini, is 'foot' removeable?

Yes it is. I have trouble keeping it on to be fair, the device is so light and once you have a cat5 and power cable plugged in it struggles to stand up with it's own weight.
by Steveocee
Mon Jan 28, 2019 5:36 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 191200

Re: LHG 60G experience

Finally got my link up! 64Ghz wasn't cutting it but when I've tried out 66Ghz we now have a link. There is still some more panning that needs to be done, still not quite the 4Km touted recently.
66g1.JPG
by Steveocee
Wed Jan 16, 2019 4:20 pm
Forum: Beginner Basics
Topic: Test user on Desktop computer.
Replies: 3
Views: 1176

Re: Test user on Desktop computer.

X86 isn't really a supported variant any more. "Real" hardware installations are now advised to be done using CHR through a Virtual Host.
by Steveocee
Tue Jan 15, 2019 12:29 pm
Forum: Beginner Basics
Topic: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)
Replies: 9
Views: 3750

Re: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)

CRS series are primarily switches with an amount of L3 capability. I think you'd need to use fast track and hardly anything else to get near the throughput you want. Ideally you'd need an RB3011 or upwards to route at those sorts of speeds.
by Steveocee
Wed Dec 26, 2018 11:18 pm
Forum: Virtualization
Topic: Problem buying a copy CHR
Replies: 1
Views: 4390

Re: Problem buying a copy CHR

You don't buy CHR. You can buy a CHR license though, is that what you mean?
by Steveocee
Wed Dec 26, 2018 11:05 pm
Forum: Beginner Basics
Topic: Configure RB3011 to work with Comcast SB6183
Replies: 5
Views: 2286

Re: Configure RB3011 to work with Comcast SB6183

Assuming Comcast work like most, you can connect a DHCP-client device to the modem and you're on the net. If so, reset the RB3011 to factory defaults and connect the modem to ether1. Should get you up and running (providing they don't have any weird MAC timeout restrictions on the services) and then...
by Steveocee
Mon Dec 24, 2018 11:52 am
Forum: RouterBOARD hardware
Topic: VDSL2
Replies: 5
Views: 2376

Re: VDSL2

Not heard any mumbles of it.
The SFP approach is the closest yet but there will be little appetite in going for VDSL now with the general lean towards fibre to the premises.
by Steveocee
Sun Dec 23, 2018 10:18 am
Forum: Wireless Networking
Topic: Config RB952UI-2nd with 4 NMS2 for captive portail project
Replies: 1
Views: 938

Re: Config RB952UI-2nd with 4 NMS2 for captive portail project

This will be a LOT for someone to write for you a step by step guide. Maybe watch some YouTube tutorials first? Setting up router, then hotspot, then come back with any configuration issues or changes that need making?
by Steveocee
Sun Dec 23, 2018 10:11 am
Forum: Wireless Networking
Topic: Broadcast Storm avoiding
Replies: 1
Views: 1636

Re: Broadcast Storm avoiding

Are you using client isolation? That would mitigate a lot for you, you should not get a storm across all ports though unless you add the ports to a bridge and then have a single pppoe server on the bridge.
by Steveocee
Sun Dec 23, 2018 9:58 am
Forum: RouterBOARD hardware
Topic: Problems with Mikrotik RB951Ui-2HnD
Replies: 2
Views: 2500

Re: Problems with Mikrotik RB951Ui-2HnD

Your router has been hacked and likely has a script running on startup.

You need to do a netinstall to latest version and then re on figure securely before connecting back to the web.
by Steveocee
Sun Dec 23, 2018 9:55 am
Forum: RouterBOARD hardware
Topic: Ethernet flapping on RB3011
Replies: 5
Views: 2939

Re: Ethernet flapping on RB3011

I’m on mobile but search this forum for the term “port flopping”. There is a large thread about it, why it is happening and how the problem hasn’t yet been fully solved.
by Steveocee
Sat Dec 22, 2018 11:08 am
Forum: Beginner Basics
Topic: Hairpin NAT is not working
Replies: 13
Views: 7991

Re: Hairpin NAT is not working

@Steveocee Thanks for wonderful and helpful video that you share in youtube, I am totally new user to Mikrotik but base on your guidance from the video, after some testing and reboot finally I able to get the loopback/ Hairpin NAT plus DYNDNS work perfectly with my Dynamic IP. Keep up the good job ...
by Steveocee
Wed Dec 19, 2018 1:55 pm
Forum: Beginner Basics
Topic: Locking down a Port Forward - noob question
Replies: 2
Views: 1013

Re: Locking down a Port Forward - noob question

Do you actually need the port open? Could the traffic be part of your established or related chain instead? If you are "dialling out" to this company then you shouldn't need this rule.

Can you do an export (hiding the addresses of course) so we can see and help?
by Steveocee
Tue Dec 18, 2018 3:09 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 6743

Re: Newbie: LHG 5ac only hitting 100mbps

Several people have already said, you are not missing anything. Your expectation of the product is too high. Either use an LHG60 to get gigabit or you will have to deal with the connection you are getting. The fact you are gettin 800+ burst rates is impressive to say the least, especially in the con...
by Steveocee
Tue Dec 18, 2018 3:05 am
Forum: General
Topic: Any alternatives for IP Cloud (DDNS)?
Replies: 1
Views: 1097

Re: Any alternatives for IP Cloud (DDNS)?

It was only temporary downtime, not full shut down. The current version is quite stable also.
You can script the router to pull WAN ip from your interface if you really need it to on net watch up but that is very long way around an easily solvable problem.
by Steveocee
Fri Dec 14, 2018 4:52 pm
Forum: Beginner Basics
Topic: Blocking traffic on the same NAT doesn't work
Replies: 10
Views: 2264

Re: Blocking traffic on the same NAT doesn't work

^^^^ Anav missed the easy solution. Although correct in that they are essentially in a L2 network, you can force L3 connectivity.

If the interfaces are in the same bridge you can use the bridge settings to use IP firewall or bridge filters and stop them from talking that way.
by Steveocee
Fri Dec 14, 2018 4:49 pm
Forum: Beginner Basics
Topic: Basic ROUTING [SOLVED]
Replies: 9
Views: 2759

Re: Basic ROUTING [SOLVED]

Should be doable with a dst-nat rule I think.
Need a bit more info from your side to give you a more exact answer though.
by Steveocee
Fri Dec 14, 2018 1:10 pm
Forum: Beginner Basics
Topic: Web filter for Childs
Replies: 7
Views: 3363

Re: Web filter for Childs

MikroTik Kid Control is brilliant for controlling who can access the net at what times and at what speeds across a grouped amount of devices.
No good for site control though.
by Steveocee
Fri Dec 14, 2018 12:34 pm
Forum: Beginner Basics
Topic: Mikrotik reserving some of my bandwith and I don't want that
Replies: 18
Views: 3843

Re: Mikrotik reserving some of my bandwith and I don't want that

I want to stream 4k high bitrate media, to 4 devices around the house if its possible I'd like to do that from a big external HDD hooked up to the router via usb 3.0 or something faster via NFS or something similar. If I can do this it basically means I can avoid buying a NAS which would be amazing...
by Steveocee
Fri Dec 14, 2018 12:16 pm
Forum: Beginner Basics
Topic: Web filter for Childs
Replies: 7
Views: 3363

Re: Web filter for Childs

Separate network for her devices and use something like OpenDNS to filter DNS requests?
by Steveocee
Thu Dec 13, 2018 5:13 pm
Forum: Wireless Networking
Topic: New 60ghz channel release expectation
Replies: 4
Views: 2179

Re: New 60ghz channel release expectation

The channel is not something MikroTik are releasing, the channel itself is already there. MikroTik are enabling the use of the channel through firmware which currently is only in the RC version but will ultimately release to current (whenever that may be). It is the 66000 channel which moves further...
by Steveocee
Tue Dec 11, 2018 1:03 pm
Forum: Beginner Basics
Topic: Remove port from the default brige [SOLVED]
Replies: 17
Views: 16266

Re: Remove port from the default brige [SOLVED]

Interesting
So I will then always set up bridges like this:
/interface bridge
add admin-mac=x[26AE]:xx:xx:xx:xx:xx auto-mac=no name=bridge
Where x are random[0-9A-F]
My MTCNA tutor taught to increment the first digit set by 2.
IE 00:AA:BB becomes 02:AA:BB
by Steveocee
Mon Dec 10, 2018 3:27 pm
Forum: Beginner Basics
Topic: Remove port from the default brige [SOLVED]
Replies: 17
Views: 16266

Re: Remove port from the default brige [SOLVED]

What happens if you use MAC address rather than IP? I always use MAC where I can as it means I don't lock myself out with L3 problems.
by Steveocee
Mon Dec 10, 2018 1:13 pm
Forum: Beginner Basics
Topic: Remove port from the default brige [SOLVED]
Replies: 17
Views: 16266

Re: Remove port from the default brige [SOLVED]

Are you plugged in to ether2 when you are doing this? If you are connecting to the router via IP, the IP sits on the bridge, if you remove the port from the bridge then you lose your IP connectivity.
by Steveocee
Mon Dec 10, 2018 8:56 am
Forum: Beginner Basics
Topic: DNS defaults to router gateway
Replies: 1
Views: 1966

Re: DNS defaults to router gateway

IP>DHCP-SERVER>NETWORKS

Click into your network and then use the DNS box to full in the DNS servers you want to hand to DHCP clients.

That should work, do an ipconfig release and renew just in case.
by Steveocee
Mon Dec 10, 2018 8:51 am
Forum: Wireless Networking
Topic: wAP ac is slow with manager forwarding and high CPU
Replies: 9
Views: 3363

Re: wAP ac is slow with manager forwarding and high CPU

Do you need to run the traffic locally through manager? The traffic is being tunneled back to the manager hence where the CPU usage is coming from, without tunneling you should get full speed.
by Steveocee
Mon Dec 10, 2018 8:48 am
Forum: Wireless Networking
Topic: Associate with two 5ghz networks at the same time in station mode(client) with SXTsq 5 ac
Replies: 2
Views: 1044

Re: Associate with two 5ghz networks at the same time in station mode(client) with SXTsq 5 ac

You can't connect to two networks as a client regardless of version.

If you had a board with 2 of the 5ghz chips then yes but certainly not through virtual. It simply can't do what you are asking.
by Steveocee
Mon Dec 10, 2018 8:45 am
Forum: Wireless Networking
Topic: Wireless Wire 60Ghz PTP link: weather problems?
Replies: 7
Views: 4984

Re: Wireless Wire 60Ghz PTP link: weather problems?

80m should be fine even with heavy rain. Maybe use the upper channels if you can.

Performance on these is great and I find the quoted distances to be a minimum.
by Steveocee
Sun Dec 09, 2018 11:12 am
Forum: General
Topic: Allow only one country to access router [SOLVED]
Replies: 3
Views: 3790

Re: Allow only one country to access router [SOLVED]

I use similar to exclude a few countries from reaching me and my router (and vice versa). Your router is most likely trying to reach DNS outside your country and updates will be coming from MT (Latvia?) so a different approach is probably needed. If this is for access control you would be better rea...
by Steveocee
Fri Dec 07, 2018 3:45 pm
Forum: RouterBOARD hardware
Topic: pleaaaas help :CCR1036 ether ports doen't respond
Replies: 6
Views: 2474

Re: pleaaaas help :CCR1036 ether ports doen't respond

Serial into it and see if anything is amiss. We use a standard USB-Serial adapter and then a Dev/Null cable in between to get access. Console you will see if ports are disabled or not. Recently had a similar problem not being able to netinstall a CCR and I ended up leaving it connected for around 15...
by Steveocee
Fri Dec 07, 2018 3:42 pm
Forum: Beginner Basics
Topic: SXT LTE traffic Monitor
Replies: 2
Views: 1444

Re: SXT LTE traffic Monitor

You could turn on graphing for the LTE interface, activate the www server (make sure you firewall it properly) and view it locally?
by Steveocee
Fri Dec 07, 2018 2:09 pm
Forum: General
Topic: block p2p on router os version 6.4
Replies: 7
Views: 3186

Re: block p2p on router os version 6.4

Very difficult in general now as most P2P uses encryption.
Hope they integrate IDS/IPS feature in RouterOS in v7.
I like your optimism.
by Steveocee
Fri Dec 07, 2018 2:06 pm
Forum: Beginner Basics
Topic: Ludvigs first experience with routeros, and Pihole.
Replies: 2
Views: 1493

Re: Ludvigs first experience with routeros, and Pihole.

IP > DHCP-Server > Networks Change the DNS server you are handing out to the IP of your Pi-Hole. Done. Be careful with Pi-Hole though, I would be more inclined to statically set the DNS in the client devices rather than blanket the network as I've read recently it has been a bit flakey with provider...
by Steveocee
Fri Dec 07, 2018 2:01 pm
Forum: General
Topic: PoE passive on port 5, same voltage as input
Replies: 1
Views: 724

Re: PoE passive on port 5, same voltage as input

Hex can do 48v in and out but does not have WiFi chip built in. You would need a separate AP.
https://mikrotik.com/product/RB960PGS
by Steveocee
Fri Dec 07, 2018 1:56 pm
Forum: RouterBOARD hardware
Topic: RB4011: wlan1 disabling itself [SOLVED]
Replies: 307
Views: 175260

Re: RB4011: wlan1 disabling itself [SOLVED]

Steveocee: The solution to this is to reduse the 2,4GHz transmit power a bit so that clients sees the 5GHz net as the strongest when close. This would reduce the 2,4GHz theoretical coverage, but normally not the actual/usable coverage, since coverage is normally limited by tx power on client. Yep, ...
by Steveocee
Fri Dec 07, 2018 1:31 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9278

Re: firewall is pushing the cpu

Are you sure it is not just somebody trying to attack your router and it's doing it's job? Does/Has the CPU usage subside(d)?
by Steveocee
Fri Dec 07, 2018 12:05 pm
Forum: RouterBOARD hardware
Topic: RB4011: wlan1 disabling itself [SOLVED]
Replies: 307
Views: 175260

Re: RB4011: wlan1 disabling itself [SOLVED]

Are you using the same SSID name for both your 5G network and 2G network? Devices roaming from 5G to 2G would leave the 5G AP as running but not active. My P20 Lite is a PITA as it's dual band and I have done everything I can to get it to prefer 5G but it always ends up on 2.4G
by Steveocee
Fri Dec 07, 2018 11:48 am
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9278

Re: firewall is pushing the cpu

With firewalls my personal ethos is drop everything and allow only what you want. Your firewall was allowing what you want and dropping "some" stuff. Your rules can be much simpler if you set them up as per below and that may transpire into better CPU utilisation. Nobody has asked what mod...
by Steveocee
Fri Dec 07, 2018 10:29 am
Forum: General
Topic: Interface-list VS firewall address-list best practices and approach?
Replies: 8
Views: 3037

Re: Interface-list VS firewall address-list best practices and approach?

Its worthwhile stating that one can make up numerous Interface Lists (subset1, newlist23, etc) but the options for each list is fixed at interfaces. Valid entries are: WAN entries, LAN entries, dynamic entries, or No entries They are applied as an Inclusion Entry or an Exclulsion entry. So there is...