MikroTik

petardo

I had to replicate a config to two simular devices (cAP ac). In the exported config there is a command which causes error when trying to import: add disabled=no keepalive-frames=disabled \ master-interface=wlan1 multicast-buffering=disabled name=wlan3 \ security-profile=guest ssid=somessid wds-cost-...

petardo

Yeah if you enable "Allow Remote Connections" in /ip/dns, that will add the Mikrotik router as DNS. If that's disabled, it be only the dynamic DNS (or any static DNS servers set). Now I understand, thanks for clarification. Still remains the question whether it brings any advantage to hav...

petardo

Yes, but I noticed that even if I leave blank the first item in the DNS addresses supplied will be the DHCP server's own IP in any case e.g. a) left blank: 192.168.88.1 (the DHCP server's IP) 192.168.0.1 (forwarded from dynamic servers DNS entry in IP/DNS) b) filling with 192.168.88.1 192.168.88.1 S...

petardo

What is best praxis by setting up dhcp server's network?
a) leaving the DNS field blank -> clients get the DHCP server's own IP as DNS server AND the DNS servers given in the router's DNS setting or
b) supplying a single DNS - the DHCP server IP

petardo

I think I found the answer myself: DHCP server and client must exist on the same vlan. With vlan filtering turned off no PVID tagging on the ETH1 port (the port the ISP is connected to) is taking place hence the DHCP client on the bridge's vlan1 interface doesn't get reply to it's broadcasting from ...

petardo

Thanks, the second link contained a lot of useful info (I couldn't read it all yet). For me the essence is that my approach is right: I add the bridge port to the 'tagged' list of all vlan rows. What I still don't understand is why dhcp client on a vlan interface of a bridge only works with vlan fil...

petardo

:D Thanks, I experienced it, i had to reset I noticed also that if I don't add the bridge port to the ' tagged ' list of the respective vlan in the vlan table it not only stops working (ip services like dhcp server or client) but I also lose MAC access despite the respective VLAN was added to the MA...

petardo

Maybe a last question for the future: i shouldn´t really worry about not accessing the router because of missconfiguration of vlan filtering until i have mac address winbox acces to the device, should i?

petardo

Thanks for your effort.
In the mean time the problem has been solved

I was afraid to switch on vlan filtering because of losing connectivity.
After switching on everything started to work like charm

petardo

Yes exactly (except that the first mt router doesn´t have to have on some of its own ports the isp´s subnet but yes it has to pass both subnets to the second mt router)

petardo

No. I want to be able to get an ip from both the service provider˙s dhcp and the first mt routers˙s dhcp on two different port on the second mt. Actually it worked already with two bridges but now i want to learn vlan bridging and solve it with one multivlan bridge. In praxis the service provider˙s ...

petardo

I want to make available my router's WAN and LAN on a second router as well. I want to use a single vlan bridge for best performance. ETH1 is the WAN port, ETH3 is the trunk port to the next MT router. WAN traffic is VLAN100, LAN traffic is VLAN200 on the trunk. Both VLANS are defined on the bridge ...

petardo

Thank you for the explanation!

petardo

You say: "and device is one of ax/ac devices" - It means it do analyses the type of device, doesn't it

petardo

Ok, than why not
4) device families w/o wireless -> uninstall any wireless package

petardo

Ok, than the next question: why the installer does not analize the HW, but again, understood and accepted

petardo

Thanks.
Well, this is not a clear answer for the why for me, but of course one can live with it.

petardo

Thanks,
Still the other question remains: why the installer does not recognize that this HW is without wireless? Why is it installed?

petardo

Since RouterOS 13 there are separate routeros and wireless packages.
Wireless is automatically installed on hEX router as well despite it has no wireless.
Why?
Can I safely uninstall it?
Thanks

petardo

fragtion, Thanks for reply. Unless Mikrotik can implement a native inbuilt solution for this (maybe randomize source port for each connection attempt if the interface port isn't explicitly set, as this would be an ideal solution for such wg endpoints behind double nat) Someone from Mikrotik, are you...

petardo

Hi, I had a strange wg issue (actually with 7.12.1, but the behavior didn't change after upgrading to 7.14.1 either): Configuration: Peer A initiates a connection to peer B on peer B's given public address : port. Issue: There was a network reconfiguration by the service provider on site A. After th...

petardo

Question: Drivers for older wireless and 60GHz interfaces, as well as the wireless management system CAPsMAN, are now part of a separate "wireless" package instead of being a part of the bundle package. This package can be uninstalled if not needed. How do we know whether a package is need...

petardo

Thanks. In the mean time I have solved it with lowering the MTU.

petardo

Did you find the solution? - I have exactly the same issue

petardo

No BTH option in IP/CLOUD

petardo

https://1drv.ms/i/s!Aukw5KCzXdEthpw4MTLTn3wqXMmLDQ?e=L6hcwG Rother mixed picture, dependency from pocket size. What do you think? Additional thoughts: As I just noticed, hAP AC2 is not much more expensive and outperforms both hEX and hAP AX Lite. I just don't like it because it's warming issue. Howe...

petardo

I didn't find any hEX results in that thread

petardo

Thanks for reply. So, not that worse means worse? - I didn't find any info regarding this. If worse, in which parameter worse? My use case is simple wired router / firewall / Wireguard VPN. If hAP ax lite is not worse for that use case I'll buy that instead of hEX in the future - hence cheaper and B...

petardo

BTH doesn't support mips cpu.
At most of our premises we have hEX as the main router - which is not supported yet.
Is is a good idea to use hAP ax lite instead of hEX? Does it have the same throughput?

petardo

After the upgrade to v7.10 (stable). The ovpn client will no longer emerge into the the ip/address table. Also there will be a missing entry in the routing table, i.e. there is no gateway. Due to this, the router is no longer able to exchange ip packets between the network and the ovpn client. same...

petardo

There is a separate checkmark "No DNS" to remove the automatic DNS servers from the list of DNS servers distributed via DHCP. You can still distribute statically configured DNS servers. Thanks. I had a look at my other installations, and I recognized that that pushing received or set DNS ...

petardo

I mean, the behaviour can be overwritten by setting the DNS server explicitely: /ip dhcp-server network add address=192.168.128.0/24 dns-server=192.168.128.1 comment=defconf gateway=192.168.128.1 netmask=24 Yes, thanks, that works, but it is then just a workaround, I would like to unterstand the be...

petardo

I think it can be overwritten by setting DNS server in /ip dhcp-server network

It is not overwritten:

/ip dhcp-server network print
Columns: ADDRESS, GATEWAY
# ADDRESS           GATEWAY      
;;; defconf
0 192.168.128.0/24  192.168.128.1

petardo

MT router behind provider's router receives dynamic DNS 192.168.0.1 MT router IP: 192.168.128.1 Settings: /ip dns set allow-remote-requests=yes /ip dns static add address=192.168.128.1 name=router.lan /ip dhcp-server add address-pool=dhcp interface=bridge name=defconf /ip dhcp-server network add add...

petardo

"ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets" Doesn't seem to work : I had to withdraw my statement about "HW encryption not working" I found out that even with cipher=null I have the same poor result compared that of the Windows Ovpn cl...

petardo

Auth SHA512 works fine by me :)
When can we calculate with TLS AUTH support? - that is the only missing point regarding openvpn for me by now

petardo

I think it is not possible to solve it with a simple bridge and no WAN interface. Source NAT is needed.
I have solved it with defining two separate bridges (one for WAN and one for LAN) and NAT-ing.
It works now.

petardo

Hi, I have a Mikrotik 951G-2HnD in Bridge mode (all 5 ports and the Wireless bridged) and want to use it as a switch, AP and as a VPN Internet gateway as well. I configured the OpenVPN the same way I used to do it in case of router mode, however - if connected remotely through OpenVPN - now I don't ...

petardo

Same here in Hungary

petardo

Same here. Cannot access any of my customer's Routers.
Any experience how often and how long such outages occur?

petardo

It seems that IP Cloud service is down again.
"Error: request timed out" on all of my routers.

Search found 41 matches