Community discussions

Search found 472 matches

  • 1
  • 2
by lapsio
Wed Oct 16, 2019 9:15 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

Other idea I just had: stackable switches that get managed as a single device. Could be a good compromise. From what I understand actual stacking is work-in-progress. Iirc someone mentioned after MUM that QSFP+ ports in CRS326-24S+2Q+RM are supposed to be used for more advanced stacking/clustering ...
by lapsio
Wed Oct 16, 2019 9:02 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

I had suggested in a previous similar post to build a chassis with blades. Could be switch blades, routing blades, whatever port configuration/speed. Could even have a fan blade, just in case. Hot swappable power supplies. One blade is old? A faster one comes out? No problem, swap it. That would ad...
by lapsio
Thu Oct 03, 2019 4:31 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Can anyone tell me what I might expect routing between 10 subnets using just the sfp+ connected to CCS326 might give me? Currently, I have a FortiGate 200b as my Firewall/router and it will remain the firewall to the internet, but when I am running test on some of my esx hosts that are 10G capable ...
by lapsio
Sat Sep 21, 2019 12:45 am
Forum: Wireless Networking
Topic: Wifi station-mode for two SSIDs with virtualAP? [SOLVED]
Replies: 4
Views: 659

Re: Wifi station-mode for two SSIDs with virtualAP? [SOLVED]

It can't if different channels That's worrysome. I asked since I wanted to connect car equipment (each such accessory as dash cam or OBD2 dongle hosts own AP for management) using LtAP mini LTE which only has one wifi card. I strongly doubt those devices allow to choose channel. Even more so that t...
by lapsio
Fri Sep 20, 2019 5:53 am
Forum: RouterBOARD hardware
Topic: LtAP mini vs LtAP for regular car?
Replies: 4
Views: 600

Re: LtAP mini vs LtAP for regular car?

anyway. If you wired up some external antennas to that LtAP mini, and get those volts to 24V , that be a good place to start. LtAP mini doesn't seem to be affected since it accepts voltage starting from 5v iirc (allows USB power) so voltage drop only worries me in context of "big" LtAP. I'm primari...
by lapsio
Fri Sep 20, 2019 1:20 am
Forum: RouterBOARD hardware
Topic: LtAP mini vs LtAP for regular car?
Replies: 4
Views: 600

LtAP mini vs LtAP for regular car?

I'm considering AP for car and can't decide between LtAP and LtAP mini. I'm a bit worried that "big" LtAP will drain car battery too much to operate 24/7 in regular car. Does anyone have experience with those devices in terms of how much stress do they put on car battery? Especially in winter. Anoth...
by lapsio
Fri Sep 20, 2019 1:15 am
Forum: Wireless Networking
Topic: Wifi station-mode for two SSIDs with virtualAP? [SOLVED]
Replies: 4
Views: 659

Wifi station-mode for two SSIDs with virtualAP? [SOLVED]

Is it possible to be station for 2 WLANs the same way it's possible to be AP for two WLANs using virtualAPs?
by lapsio
Sat Aug 31, 2019 6:25 pm
Forum: General
Topic: dot1x on trunks?
Replies: 0
Views: 290

dot1x on trunks?

How does 802.1x implementation in MikroTik work for tagged ports? And how does it work for routers? It's especially complicated for routers - if I have VLAN interfaces attached to physical interface am I supposed to run 802.1x on physical interface or on VLAN interface? Wiki mentions untagged VLAN a...
by lapsio
Fri Aug 30, 2019 1:28 am
Forum: Scripting
Topic: Local Array initialization bug? [SOLVED]
Replies: 1
Views: 388

Local Array initialization bug? [SOLVED]

I made following script: :if ([:len [/system script job find where script=dnsreload]] = 1) do={ :local dyn [/ip firewall address-list find where dynamic=yes disabled=no] :local dynuniq 1 :local baddns 1 :local baddnsn 1 :put ("a".$dynuniq) :put $baddns :put $baddnsn :set dynuniq ({}) :set baddns ({}...
by lapsio
Mon Aug 12, 2019 9:47 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 5
Views: 892

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

I'm sure QSFP+ enabled routers (CCR2xxx) range will be in the pipeline, these switches are basically the introduction to them. A 1072 equivalent with 2x QSFP and 6+ SFP+ ports will be magical for core routing.
Now you got me hyped! xD
by lapsio
Mon Aug 12, 2019 4:44 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 5
Views: 892

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

These aren't marketed (or priced) as full L3 switches. Yes you can route ports to CPU and run some L3 functions, but it is not a fully featured / full wire rate L3 switch, so if thats what you want this product for then this product is not for you. You'd have to send in your recommendations to Mikr...
by lapsio
Sun Aug 11, 2019 7:05 pm
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 5
Views: 892

CRS312, CRS326-24S+2Q+ MIPSBE CPU?

Is there any particular reason why those switches have MIPSBE CPU as opposed to dual core ARM in CRS317 and CRS309? I mean well CRS317 and CRS309 may not be best routing performers but 3gbps, with 9k jumbo probably much closer to actual 10G is not too shabby for simple inter-vlan routing or uplink r...
by lapsio
Thu Aug 08, 2019 1:42 pm
Forum: RouterBOARD hardware
Topic: Woobm-USB How Much Can It Do?
Replies: 31
Views: 4570

Re: Woobm-USB How Much Can It Do?

Uhm..I was looking for a "cleaner" way than powered usb-hub with a bunch of serial to usb adapters - that's why i'm considering woobm. The alternative would be serial switch but costs would be too high. :lol: Would be nice to have a rack-mountable wireless device - like crs or a rb2011 chassis with...
by lapsio
Thu Aug 08, 2019 1:18 pm
Forum: RouterBOARD hardware
Topic: Woobm-USB How Much Can It Do?
Replies: 31
Views: 4570

Re: Woobm-USB How Much Can It Do?

Hi, What's the behavior of the console port when woobm is plugged in ? Do you still have console connection over rj port ? Since woobm can't follow the full boot cycle of the device, you'd use console port up to a point and then woobm ? MikroTik allows for up to 9 serial consoles iirc. So Woobm is ...
by lapsio
Sun Aug 04, 2019 9:38 pm
Forum: RouterBOARD hardware
Topic: hEX S - switch functionality?
Replies: 4
Views: 598

Re: hEX S - switch functionality?

Keep on living. You are seeking hardware vlan and Mikrotik does support vlan in software. So no need to jump of the cliff. I probably would complain less if I didn't find crapload of issues with NAT and connection tracking when using software VLANs and bridges when connection goes through router mo...
by lapsio
Sun Aug 04, 2019 8:37 pm
Forum: RouterBOARD hardware
Topic: hEX S - switch functionality?
Replies: 4
Views: 598

Re: hEX S - switch functionality?

hEX S has MT7621 switch chip onboard. And according to Mikrotik's wiki it does not support VLAN table in hardware. Check this page out. Yeah I hoped there's more to that. It's quite miserable. I mean hES S is half that bad since only 5 ports. But RB4011? 10 ethernet ports without VLANs? What the he...
by lapsio
Sun Aug 04, 2019 8:09 pm
Forum: RouterBOARD hardware
Topic: hEX S - switch functionality?
Replies: 4
Views: 598

hEX S - switch functionality?

I'm trying to find some info about switch chip used in hEX S (in partucular its support for hardware VLANs) but from what I see it does not support VLANs on switch level at all right? So the only way to use VLANs on this thing is to use software VLANs and bridge?
by lapsio
Fri Aug 02, 2019 4:31 pm
Forum: General
Topic: Policy based IPSec
Replies: 7
Views: 730

Re: Policy based IPSec

And there's option to apply mode-config to either src-address-list (not really what I want but that's what has been presented in official tutorial so I thought it's the only way) but also to connection-mark. I forgot about that. It's very new and I didn't test it yet. I just tested it in lab with s...
by lapsio
Fri Aug 02, 2019 1:50 pm
Forum: General
Topic: Policy based IPSec
Replies: 7
Views: 730

Re: Policy based IPSec

I just figured out I'm dumb I didn't check that in CHR lab before. It turns out that additional /ip ipsec mode-config options unlock after actually configuring IPSec till the end. And there's option to apply mode-config to either src-address-list (not really what I want but that's what has been pres...
by lapsio
Fri Aug 02, 2019 4:03 am
Forum: General
Topic: Policy based IPSec
Replies: 7
Views: 730

Re: Policy based IPSec

If you use different addresses for incoming and outgoing connections and policy reflects that, it would work. Either give those addresses to servers directly, or you can use NAT on router. I want servers to also go via VPN but only for server-initiated connections. So when user accesses server then...
by lapsio
Fri Aug 02, 2019 12:32 am
Forum: General
Topic: Policy based IPSec
Replies: 7
Views: 730

Policy based IPSec

Is it possible to make PBR for IPSec? I mean I'd like to push all new outgoing connections through IPSec tunnel, but all connections incoming from world to servers to return directly, not via VPN tunnel..
by lapsio
Fri Aug 02, 2019 12:15 am
Forum: General
Topic: IPSec and ppp tunnel precedence
Replies: 1
Views: 289

IPSec and ppp tunnel precedence

Hello I just bought NordVPN VPN and they prefer using IPSec. I'd also like to use PIA and daisy chain those 2 VPNs. At first I didn't like IPSec option since I have in general trust issues with IPSec and since OpenVPN client implementation has been fixed in last RouterOS update it sounds like viable...
by lapsio
Thu Aug 01, 2019 3:11 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming
Replies: 47
Views: 24525

Re: RouterBOARD naming

I'm afraid I must agree with LEDs argument. hAP ac² LEDs are barely visible under angle.
by lapsio
Tue Jul 16, 2019 11:11 pm
Forum: General
Topic: ROS ovpn-client doesn't verify server certificate.
Replies: 7
Views: 1392

Re: ROS ovpn-client doesn't verify server certificate.

It's supposedly been fixed 2 weeks ago in release 6.44.5

*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);

viewtopic.php?t=150045
by lapsio
Mon Jul 08, 2019 12:43 pm
Forum: Beginner Basics
Topic: /ip firewall NAT on bridge with use-ip-firewall not working
Replies: 4
Views: 463

Re: /ip firewall NAT on bridge with use-ip-firewall not working

If there is no IP address on an interface, then NAT cannot translate.
What are security implications of adding 'dummy' IP address (eg. 1.2.3.4) on interface that is supposed to work as pure L2 bridge, with drop all input on firewall, just to allow for NAT?
by lapsio
Mon Jul 08, 2019 12:30 am
Forum: Beginner Basics
Topic: /ip firewall NAT on bridge with use-ip-firewall not working
Replies: 4
Views: 463

Re: /ip firewall NAT on bridge with use-ip-firewall not working

Concur with the approach of simply stating the requirements in terms of desired functionality users will experience without mention of config/settings. I have users x and users y, I want to ensure that users X access the internet with the following limitations...................., I want to ensure ...
by lapsio
Sun Jul 07, 2019 10:21 pm
Forum: General
Topic: Interface lists include/exclude
Replies: 1
Views: 630

Re: Interface lists include/exclude

Are recursive interface lists there yet?
by lapsio
Sun Jul 07, 2019 8:32 pm
Forum: Beginner Basics
Topic: /ip firewall NAT on bridge with use-ip-firewall not working
Replies: 4
Views: 463

/ip firewall NAT on bridge with use-ip-firewall not working

I'm using use-ip-firewall on bridges and if I add any NAT rule that affects traffic on bridge it basically gets blackholed. Why is that? It only happens when there's no IP address on bridge. Would bridge NAT work in such scenario? I want to redirect port 53 to local DNS server on bridge level since ...
by lapsio
Sun Jul 07, 2019 3:54 pm
Forum: General
Topic: Cannot scp rsc file to router
Replies: 2
Views: 246

Re: Cannot scp rsc file to router

It seems to be caused by fish shell for whatever reason. When using plain bash, scp to MikroTik works fine
by lapsio
Sat Jul 06, 2019 11:45 pm
Forum: General
Topic: Cannot scp rsc file to router
Replies: 2
Views: 246

Cannot scp rsc file to router

I can't seem to properly transfer .rsc file to device. When I perform: scp ./file.rsc ac:/import.rsc upload hangs at 100%. If i interrupt it and try to import file it fails with bad command name 8 (line 1 column 1) When I download uploaded file back to PC it has 1 additional line at the beginning: 8...
by lapsio
Fri May 17, 2019 11:00 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

It is less than 10 meters CAT5E without shild. oh. Well... 10G SR module 15$ x2 : https://www.fs.com/de-en/products/74668.html 10m OM2 LC-LC patchcord 5$ : https://www.fs.com/de-en/products/74394.html total 35$ (or 42$ incl. VAT) S+RJ10 65$ x2 cat5 cable 0$ total 130$ actually even using original M...
by lapsio
Thu May 16, 2019 9:04 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

I can not use fiber because of my existing cables. The only one problem with RB4011 is the high working temperature of the SFP+ module. So I assume you use longer copper cables if replacement would be problematic? What cable length do you use? I was always interested in actual maximum cable length ...
by lapsio
Thu May 16, 2019 8:52 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Yes, i am using S+RJ10 modules between RB4011 and CRS328. Ouch. Any particular reason to go with such setup? Existing, long cabling? 10G-SR modules cost like 16$ plus few bucks for LC optical patchcords comparing to 65$ for S+RJ10. 10G copper seems to be insanely expensiive. Especially non-mikrotik...
by lapsio
Tue May 14, 2019 12:21 am
Forum: Beginner Basics
Topic: CCR1009-8G-1S-1S+, Smart card and Certificates
Replies: 10
Views: 4102

Re: CCR1009-8G-1S-1S+, Smart card and Certificates

I'd be interested to know more too if anyone has found a compatible product and some guidelines on how to set up. Thanks I got a reply from @support: Unfortunately, we cannot recommend any Smart Card for use in MikroTik devices. The Smart Card support in RouterOS requires significant rebuild and cu...
by lapsio
Sun May 12, 2019 8:01 pm
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

The older S+RJ10 are crap. Wrong DDM information, low MTU, ... There was a post showing newer with MTU size depending on negotiation speed. So it is guesswork and luck making it work ...
Is S-RJ01 also that troublesome?
by lapsio
Sat May 11, 2019 10:26 pm
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

Did anyone try actual 10/100 modules with CRS317? Or 10/100/1000 other than S-RJ01? I tried one 10/100 Cisco and some F5 Networks 1000 BASE-T but they don't seem to work with at 10/100 speed (not all that surprising). I used auto-negotiation=off speed=100mbps. S+RJ10 also doesn't work when configure...
by lapsio
Fri Apr 26, 2019 9:36 pm
Forum: RouterBOARD hardware
Topic: CRS317 10G -> 1G traffic slow, everything else fine
Replies: 21
Views: 7334

Re: CRS317 10G -> 1G traffic slow, everything else fine

Seriously Mikrotik team! When do you plan on fixing this shit, I have so much of your 10g switches ( all models ) collecting dust! It doesn’t work 10g to 1g On any switches 1g port gets 30mbps download speed If I negotiate it to 100base-t it does almost 100mbps Until mikrotik can fix this issue I d...
by lapsio
Tue Apr 23, 2019 12:40 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 9240

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

You can mount two CRS112 in 1U right? Since they're exactly half U?

It measures 200mm wide (7.875 inch). Would be nice to have a 1U case that holds both.
You can mount each one using 1 ear.
by lapsio
Mon Apr 22, 2019 8:42 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 9240

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

There is no any device with passive cooling from any vendor, right? You might be better served with two CRS112 . I use one for my PoE equipment. Very happy with it. Note you'll also need to purchase the 48POW or the 48V2A96W . You can mount two CRS112 in 1U right? Since they're exactly half U?
by lapsio
Wed Apr 03, 2019 2:18 am
Forum: Beginner Basics
Topic: CCR1009-8G-1S-1S+, Smart card and Certificates
Replies: 10
Views: 4102

Re: CCR1009-8G-1S-1S+, Smart card and Certificates

Any luck so far?
by lapsio
Mon Apr 01, 2019 1:44 am
Forum: RouterBOARD hardware
Topic: CRS317 and CRS326 - "fixing" slow LEDs with script
Replies: 0
Views: 333

CRS317 and CRS326 - "fixing" slow LEDs with script

If anyone is interested in fixing CRS326 and CRS317 slow LEDs here are scripts interpolating rx-bytes and tx-bytes stats to generate faster LED blinking:

viewtopic.php?f=9&t=147168&p=724305#p724305
by lapsio
Mon Apr 01, 2019 1:36 am
Forum: Scripting
Topic: Script "fixing" slow CRS3xx LEDs
Replies: 0
Views: 386

Script "fixing" slow CRS3xx LEDs

So I asked MikroTik support why LEDs in CRS3xx are so slow and if they're gonna do anything about it. They said that LEDs are controlled by CPU thus they're so slow and that newer CRS3xx devices will have LEDs controlled by switch chips itself so LEDs won't be slow but won't be programmable either. ...
by lapsio
Sat Mar 09, 2019 9:25 pm
Forum: General
Topic: CRS326 VLAN leakage to CPU?
Replies: 8
Views: 825

Re: CRS326 VLAN leakage to CPU?

I noticed similar issues with RB2011 switch. Some packets just for some reason leak to CPU even though I use RB2011 ethernet ports as pure switch (in theory VLANs don't even have access to switch-cpu port). Such incidents are extremely rare but they occur repeatedly. Over past several months around ...
by lapsio
Fri Mar 08, 2019 11:22 am
Forum: RouterBOARD hardware
Topic: Powerline with 1gbit
Replies: 10
Views: 1234

Re: Powerline with 1gbit

they make a decent enough devices https://www.devolo.com/ Though I'm afraid nobody except MikroTik makes managed powerline adapters. I'm tunneling 3 VLANs using PWR-Line with IPSec EoIP over pwr-line interface for additional security. will be nice to see how much throughput can you achieve with so ...
by lapsio
Thu Mar 07, 2019 5:26 pm
Forum: RouterBOARD hardware
Topic: Powerline with 1gbit
Replies: 10
Views: 1234

Re: Powerline with 1gbit

they make a decent enough devices https://www.devolo.com/
Though I'm afraid nobody except MikroTik makes managed powerline adapters. I'm tunneling 3 VLANs using PWR-Line with IPSec EoIP over pwr-line interface for additional security.
by lapsio
Wed Mar 06, 2019 7:25 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

Not a bad idea, but if mounted IN FRONT of other equipment. Cable management must be in front side of rack to avoid headaches when maintaning patch cord connections I though of rear mounting since we were talking about environment with long servers and servers always have rear facing network cards....
by lapsio
Wed Mar 06, 2019 7:23 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

dont think this concept will work. what i would like to see is a "port expander": a Master Switch with all the intelligence and 1 or 2 Expand-Ports a Expander with 24 or 48 Ports without intelligence Just expand the port count without the need to manage another switch (nexus like) +1 but it'd proba...
by lapsio
Wed Mar 06, 2019 12:07 am
Forum: RouterBOARD hardware
Topic: Using USB Hub with Router Mikrotik
Replies: 1
Views: 284

Re: Using USB Hub with Router Mikrotik

Yes. Usually... I mean I didn't test it specifically with 3G dongles but once I connected powered HUB, to which I attached second hub and plugged 3 gigabit ethernet dongles, 2 hard drives, usb RS232 serial adapter and some other random crap I had laying around. Everything worked and MikroTik properl...
by lapsio
Mon Mar 04, 2019 2:30 pm
Forum: RouterBOARD hardware
Topic: Issue with SFP+ Transceiver in CRS317-1G-16S+
Replies: 3
Views: 511

Re: Issue with SFP+ Transceiver in CRS317-1G-16S+

Yes I have tried all that. I ended up ordering a Transceiver that said it was compatible with mikrotik. I can recommend FS.COM optical modules (copper ones are not that good tho) since they work quite well with MikroTik and seem to be affordable. Also their 1G optical modules actually work with aut...
by lapsio
Mon Mar 04, 2019 12:14 pm
Forum: RouterBOARD hardware
Topic: Does an RB4011iGS+RM support a S-RJ01?
Replies: 8
Views: 842

Re: Does an RB4011iGS+RM support a S-RJ01?

Hi,

answer from the support:
S-RJ01 is supported in RB4011 since RouterOS v6.44.
We have corrected the information in the wiki.

Greeting Tobias
Not all heroes wear capes
by lapsio
Sun Mar 03, 2019 10:44 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

You're right, mounting two regular equipment pieces in same U-position is only possible for short equipment and that's what I've had in mind. But then I'd never mount just anything behind full server chasis which could obstruct warm air exhaust ... 1-U server can easily consume 500W+ (and generate ...
by lapsio
Sun Mar 03, 2019 6:45 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

how about... vertical switch >_> like only 5cm deep so that you could mount it behind normal equipment (especially shorter ones), somewhat like giant rackmount PDU. You can mount 19" equipment in front and back of a rack, the only notable problem can be air-flow if two devices share same U-position...
by lapsio
Sun Mar 03, 2019 3:55 pm
Forum: RouterBOARD hardware
Topic: Issue with SFP+ Transceiver in CRS317-1G-16S+
Replies: 3
Views: 511

Re: Issue with SFP+ Transceiver in CRS317-1G-16S+

I have several mikrotik/RB products. Currently I have a CRS326-24G-2S+ as my perimeter firewall, I have a CSS326-24G-2S+ in my office connected via Avago afbr-709smz transceivers, which are 10Gb 850nm Multimode fiber optic. This is working. Now I've added a CRS317-1G-16S+, and when I move the trans...
by lapsio
Sun Mar 03, 2019 3:41 pm
Forum: RouterBOARD hardware
Topic: Does an RB4011iGS+RM support a S-RJ01?
Replies: 8
Views: 842

Re: Does an RB4011iGS+RM support a S-RJ01?

The S-RJ01 is compatible with the RB4011, but will not operate at rate 1000, 100 or 10. https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table#S-RJ01 So.. not supported I guess? 2019-03-03_13-47-36.png it's hilarious xD Probably on RB4011 autonegotiation doesn't work at all. That's ...
by lapsio
Wed Feb 27, 2019 6:57 pm
Forum: RouterBOARD hardware
Topic: Powerline with 1gbit
Replies: 10
Views: 1234

Re: Powerline with 1gbit

Those devices barely reach 100 mbps in practice. Mine achieve 20mbps (connected to single phase). So Gigabit sounds unlikely. Still flexibility coming from ROS is worth more than raw speed to me at least
by lapsio
Mon Feb 25, 2019 8:44 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

Standard 1U 48 ports are already a mess when cable arrangement is not managed That layout would be a pain in the.......rack.... A front-side high density would be ok for a 3 or 4 rack units, but a lot of space wasted in depht. how about... vertical switch >_> like only 5cm deep so that you could mo...
by lapsio
Mon Feb 25, 2019 8:32 pm
Forum: RouterBOARD hardware
Topic: CRS3xx - ridiculously slow LEDs
Replies: 1
Views: 562

CRS3xx - ridiculously slow LEDs

I'm not sure if it's just me but did anyone notice how ridiculously slow activity LEDs are in CRS3xx series devices? I mean like holy crap I thought ports are down, sending only some STP, but actually even when ports are maxed they blink like once per second. It's... unsettling.
by lapsio
Mon Feb 25, 2019 8:29 pm
Forum: General
Topic: Q-in-Q vs tag stacking on CRS3xx
Replies: 1
Views: 462

Re: Q-in-Q vs tag stacking on CRS3xx

Yes, both methods are hardware accelerated on CRS3xx and they work.

Question regarding functional differences remains open.
by lapsio
Mon Feb 25, 2019 3:14 pm
Forum: General
Topic: Q-in-Q vs tag stacking on CRS3xx
Replies: 1
Views: 462

Q-in-Q vs tag stacking on CRS3xx

I have 3 MikroTik switches: 2x CRS317 + CRS326, 2 MikroTik routers: CCR1009 and hAP ac², 1 load balancer. Hardware resides in 2 racks and is connected in following manner: LB --- CRS317 --- | --- CRS317 --- CRS326 --- hAP ac² and CCR1009 | symbol is border between racks. LB has 4 physical gigabit in...
by lapsio
Fri Feb 22, 2019 1:31 am
Forum: RouterBOARD hardware
Topic: For real, what is with these blinding power leds?
Replies: 11
Views: 1266

Re: For real, what is with these blinding power leds?

Tfw rack has black dimmed glass and MikroTik still lights up everything around...
P_20190222_002255.jpg
MikroTik be like

Image
by lapsio
Thu Feb 21, 2019 7:13 pm
Forum: RouterBOARD hardware
Topic: PWR-Line incorrect manual
Replies: 0
Views: 410

PWR-Line incorrect manual

Manual for PWR-Line is incorrect. It says that device has 192.168.88.1/24 IP on wifi interface whereas it actually has DHCP client. It's extreme inconvenience for people who use Linux (WinBox doesn't work for mac based connections under wine) and didn't figure out there's dhcp client on eth interface.
by lapsio
Thu Feb 21, 2019 4:39 pm
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 14498

Re: February Newsletter #87

Dear all how can i receive on my mail information about critical router OS updates ? Im alreaady registered, but there is still no notifications
Holy crap, bots get smarter every day
by lapsio
Sat Feb 16, 2019 3:21 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29890

Re: Why people pair UBNT APs with MikroTik routers?

@mkx: Interesting! similar happened to me when I tried to limit bandwidth to one particular port via switch menu! Whole unit was disconnecting on regular basis.. I guess the switch in RBD52G is not that good after all I'm using hardware switch a lot in hAP ac², even with 9k jumbo and looping traffi...
by lapsio
Fri Feb 15, 2019 8:13 pm
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 14498

Re: February Newsletter #87

Does MikroTik have also other Twitter accounts?
by lapsio
Fri Feb 15, 2019 12:11 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29890

Re: Why people pair UBNT APs with MikroTik routers?

But all the complains about ARM are wireless related, right? A pure router (a true CCR) could do well, couldn't it? The 4011 has some problems with the FSP+ ports - but they are chipset related, not CPU related. Or I am missing something? https://forum.mikrotik.com/viewtopic.php?f=3&t=138613 Many m...
by lapsio
Thu Feb 14, 2019 9:08 pm
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29890

Re: Why people pair UBNT APs with MikroTik routers?

So it seems it's CCR versus ROS7 ... I wonder who's loosing? If this is the case, then Mikrotik urgently needs to introduce new line of high-end routers which will replace current CCR roster, based on some modern platform (I wonder if ARM is that platform). I don't think Mikrotik can survive with t...
by lapsio
Thu Feb 14, 2019 12:15 pm
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29890

Re: Why people pair UBNT APs with MikroTik routers?

Though I'd point out how UBNT fails to grasp concept of uplink interface in routers for router on the stick configs. That's something beyond me. I don't have any experience with Ubiquity, but I did use some other consumer-oriented devices. And I'd say that sticking to some (hard-coded?) concepts su...
by lapsio
Thu Feb 14, 2019 10:40 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29890

Re: Why people pair UBNT APs with MikroTik routers?

My 2 cents... I choose Mikrotik: - For routing when high performance-to-price ratio and advanced features are needed. - When configuration by the user is not required. - For the power of winbox. - For Wireless when MkTik routers are also in use and vendor standardization is important. - For the rea...
by lapsio
Wed Feb 13, 2019 2:36 am
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 14498

Re: February Newsletter #87

Dear all how can i receive on my mail information about critical router OS updates ? Im alreaady registered, but there is still no notifications.... thx Arek Security Announcements Blog with RSS feed https://forum.mikrotik.com/viewtopic.php?t=137284 Hi. Blog is outdated....i need some notification ...
by lapsio
Tue Feb 12, 2019 10:42 pm
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 14498

Re: February Newsletter #87

Dear all how can i receive on my mail information about critical router OS updates ? Im alreaady registered, but there is still no notifications....

thx

Arek
Security Announcements Blog with RSS feed
viewtopic.php?t=137284
by lapsio
Thu Feb 07, 2019 6:42 pm
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29890

Re: Why people pair UBNT APs with MikroTik routers?

Don't get the angryness of these posts. Every vendor has limited resources and focus on stuff they see their market. Take the best of every vendor to build your network. I am not from US but I like their approach to praise the goodies and don't keep on blaming stuff that is not good. MT has a lot o...
by lapsio
Thu Feb 07, 2019 5:58 pm
Forum: Scripting
Topic: script error not caught by do: {} on-error
Replies: 0
Views: 315

script error not caught by do: {} on-error

I have script for monitoring some network equipment but from time to time (once for several days/weeks) I'm getting error: script,error ac: script error: no such item (4) So I decided to add :do { ... } on-error do={ ... } construction around almost entire code but unfortunately I'm still getting th...
by lapsio
Thu Feb 07, 2019 6:07 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29890

Re: Why people pair UBNT APs with MikroTik routers?

Where does this stand now in 2019 after an entire 2018? I think series of recently released products (and I'm not talking last few months but last few years) kinda draws line where is mtk focus. And "office" devices don't seem to be that. cAP and wAP seem to be only filler in offer for those who wa...
by lapsio
Mon Feb 04, 2019 7:07 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions
Replies: 10
Views: 1254

Re: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions

If you need QoS then Queue Tree should work with fasttrack. From the manual : Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic. Yes but typically you use Queue Tree parented to interface, not global. Also you always fas...
by lapsio
Mon Feb 04, 2019 6:30 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions
Replies: 10
Views: 1254

Re: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions

I'm getting 10G easily with fasttrack, even without jumbo frames. Here's more detailed performance analysis for more home oriented usage: https://forum.mikrotik.com/viewtopic.php?t=138626 I think this really depends on config, I can also get my CCR1009 go with full 1Gbps with limited set of rules a...
by lapsio
Mon Feb 04, 2019 5:36 pm
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 14498

Re: February Newsletter #87

Hello it's possible to a SFP+ Ethernet Module to have POE-out capability ? Great choice of thread to ask such question! No it's not. SFP and SFP+ have standardized maximum power draw (which is relatively low) so unless you'd like to power some ultra low powered device there's no chance. Also SFP is...
by lapsio
Mon Feb 04, 2019 3:08 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions
Replies: 10
Views: 1254

Re: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions

I'm getting 10G easily with fasttrack, even without jumbo frames.

Here's more detailed performance analysis for more home oriented usage:
viewtopic.php?t=138626
by lapsio
Mon Feb 04, 2019 2:52 pm
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 14498

Re: January Newsletter #87

CRS332-32S+RM
CRS354-48P-4S+2Q+
CRS354-48G-4S+2Q+


still nothing ?
:"(
Iirc CRS332-32S+RM evolved into CRS326-24S+2Q+RM
by lapsio
Wed Jan 30, 2019 2:46 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 9240

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Hi, I upgraded from ROS 6.43.8 (stable) to 6.44beta61 . The fans now run on lower frequency and are relatively silent, but turn up and down all the time on low usage, which is a quite annoying whining high pitch sound. I look for a setting which either allows the switch to run on higher temperature...
by lapsio
Tue Jan 29, 2019 12:24 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM SFP
Replies: 4
Views: 668

Re: CRS328-24P-4S+RM SFP

Hi Thank you I missed the SFP"+" saw the compatibility was fine hence the confusion. Thank you for taking the time out to point me in the right direction. Also if you ever need autoneg enabled for whatever reason on SFP+ port with SFP module, then FS.COM makes magical Generic SFP SX modules that so...
by lapsio
Mon Jan 28, 2019 3:27 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM SFP
Replies: 4
Views: 668

Re: CRS328-24P-4S+RM SFP

CRS328-24P-4S+RM ... S-RJ01 ... 206SP CRS328-24P-4S+ 4S+ == 4x SFP+ (10G) 206SP has SFP (1G) S-RJ01 is SFP (1G) Here, look up section about using SFP modules compatibility with SFP+ ports: https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table TL;DR /interface ethernet set X auto-ne...
by lapsio
Mon Jan 21, 2019 1:42 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

Personally, I would be much happier if we finally get CRS354-48P-4S+2Q+ which was presented almost year ago. I actually had to buy switch from different company because we needed to clean up rack and there is not a single 48 port switch in mikrotik's range. :'( largest is 24 port and that is not en...
by lapsio
Sun Jan 20, 2019 11:01 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

Better to make front and back ports. And airflow from left to right. Hmm... Front and back ports are actually devious idea since some types of hardware (networking gear) have front facing ports while some types of hardware (servers) have back facing ports. Getting rid of cables routing from back to...
by lapsio
Thu Jan 17, 2019 2:23 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

The problem persist with disabled auto negotiation, even between two RB4011 devices. Issue reproduced between 2x RB4011, will be fixed in upcoming beta versions. I unfortunately can't turn off autoneg on my provider's side, so I hope a software-side fix is possible. I do not want to promise it, but...
by lapsio
Mon Jan 07, 2019 1:27 pm
Forum: General
Topic: CRS326 VLAN leakage to CPU?
Replies: 8
Views: 825

Re: CRS326 VLAN leakage to CPU?

Ah, I see now. To me it's kind of counter-intiutive that for ingress it's switch chip that does the tagging while for egress bridge is seemingly doing the untagging (as CRS3xx supports HW-offloading also VLAN ops, in reality it's switch chip doing also untagging ... it's just the place where it's c...
by lapsio
Mon Jan 07, 2019 11:57 am
Forum: General
Topic: CRS326 VLAN leakage to CPU?
Replies: 8
Views: 825

Re: CRS326 VLAN leakage to CPU?

Can you guess, from src IP address, to which VLAN that packed actually belongs? One thing, not really obvious: every ports has implicit setting of PVID=1 unless it's explicitly set to other value. And gets implicitly added to list of untagged ports for given bridge. If frame-types is not set to adm...
by lapsio
Mon Jan 07, 2019 9:05 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Gezz, this flapping issue is getting anyyoying as hek. I have this same issue and i've spent lot of hours into research , it came up " disable autonegotiation on both end" on every topic. Are you kidding me, i dont have access on that part. ISP stuff work everywhere but Mikrotik. Im using RB4011. M...
by lapsio
Mon Jan 07, 2019 8:47 am
Forum: General
Topic: CRS326 VLAN leakage to CPU?
Replies: 8
Views: 825

Re: CRS326 VLAN leakage to CPU?

Hi Just wondering if these are correct? And if so what is the effect? Are multiple subnets mixed on these interfaces? add bridge=br-hardware tagged=bond-crs untagged=ether15,ether16 vlan-ids=4000,4001,4002,4003,4004,4005,4006,4007,4008,4009 add bridge=br-hardware tagged=bond-crs untagged=ether17,et...
by lapsio
Mon Jan 07, 2019 12:25 am
Forum: General
Topic: CRS326 VLAN leakage to CPU?
Replies: 8
Views: 825

CRS326 VLAN leakage to CPU?

I'm using CRS326 as switch (disabled packet forwarding, only management connected to cpu port) but today one machine connected to it sent broadcast and I got firewall alert: Jan 6 19:37:43 192.168.10.6 firewall,info crs326: X_X val-net: in:ether12 out:(unknown 0), src-mac 00:90:f5:e5:26:14, proto UD...
by lapsio
Sat Dec 29, 2018 9:16 pm
Forum: General
Topic: V7 ALPHA/BETA Testers needed?
Replies: 45
Views: 10603

Re: V7 ALPHA/BETA Testers needed?

I only need ARM fixed versión :(
What's wrong with ARM? It looks fine on hAP ac2
by lapsio
Tue Dec 18, 2018 2:44 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

This module seems to work with higher MTU (ordered a second to do some more testing): https://www.amazon.de/dp/B01M8O3MAL/ref=cm_sw_em_r_mt_dp_U_C33fCb9X48VBW Speed report is wrong (always 10G as with the MT-Module) and it needs all autoneg-fields to be enabled to link up. I'm pretty certain most o...
by lapsio
Mon Dec 17, 2018 4:13 pm
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

This module seems to work with higher MTU (ordered a second to do some more testing): https://www.amazon.de/dp/B01M8O3MAL/ref=cm_sw_em_r_mt_dp_U_C33fCb9X48VBW Speed report is wrong (always 10G as with the MT-Module) and it needs all autoneg-fields to be enabled to link up. I'm pretty certain most o...
by lapsio
Fri Dec 14, 2018 11:07 pm
Forum: RouterBOARD hardware
Topic: PWR-Line block diagram - lack of PLC interface?
Replies: 3
Views: 788

PWR-Line block diagram - lack of PLC interface?

So uh... This diagram on website: https://i.mt.lv/cdn/rb_files/PWR-LINE_AP-181210114610.png Doesn't include powerline link interface. So how this device implement visibility of powerline link in ROS? Is it like PPP Serial similar to 3G modems? Or regular ethernet? Or something else? Does it allow fo...
by lapsio
Fri Dec 14, 2018 10:56 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8414

Re: hardware idea for a multiport switch

HOLY CRAP - how about SFP version??? Imagine using trunk cables for it like those: https://www.fs.com/products/33887.html https://img-en.fs.com/images/products/550x550/fs18lrble3qd20180917021525.jpg This wouldn't be nightmare to cable manage at all, Uniboot fiber patchcirds are incredibly thin, thou...
by lapsio
Fri Dec 14, 2018 10:19 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

FYI: S+RJ10 make problems with bigger packets. Seems MTU is not transfered/set to/from the SFP correctly so bigger packets are dropped silently. Killed our MPLS :-( Yes, S+RJ10 doesn't support jumbo at all. It's know issue which makes this module pretty crappy. The real problem is: The interface se...
by lapsio
Fri Dec 14, 2018 12:16 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

FYI: S+RJ10 make problems with bigger packets. Seems MTU is not transfered/set to/from the SFP correctly so bigger packets are dropped silently.
Killed our MPLS :-(
Yes, S+RJ10 doesn't support jumbo at all. It's know issue which makes this module pretty crappy.
by lapsio
Tue Dec 11, 2018 2:35 pm
Forum: RouterBOARD hardware
Topic: Why hAP ac² and CRS3xx boot significantly longer than "other" routerboards?
Replies: 5
Views: 1034

Re: Why hAP ac² and CRS3xx boot significantly longer than "other" routerboards?

+1 here! Funny you mention this because since couple of weeks I have exactly same impression on hap ac2! And each time you reboot, you think something is wrong and device is hanging! I just right now timed from pressing reboot to Wifi visible: 1Minute 48 seconds, hap ac2 with 6.43.7 (no additional ...
by lapsio
Tue Dec 11, 2018 12:34 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 9240

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Better they stay on, than stay off I agree. However, my previuous report with "unexpected crash when interface list has include itself and renamed to other name before saving" was resolved as quickly as possible, about 2 weeks and fixed in current stable ROS. I wouldn't expect quick fix with fans t...
by lapsio
Tue Dec 11, 2018 7:49 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Fun fact... According to https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table S+DA0001/S+DA0003 aren't supported but... Just tested S+DA0001 (SFP+DAC1M) with a Zyxel XGS 2210 the other side and using autoneg off, 10g fdx, and it seems to work (link up, data flow ok) iirc MikroTik ...
by lapsio
Mon Dec 10, 2018 10:53 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 9240

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Just hooked one up for testing. As soon as I applied power the fans spun up. After about 20 seconds... they stopped. Try wait for 2+ days without reboot, fans will turn on, regardless cool temperature. Mine has few weeks uptime and they spin-up-down-up-down properly (triggered by temp). Though I di...
by lapsio
Mon Dec 10, 2018 6:58 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 9240

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Just hooked one up for testing. As soon as I applied power the fans spun up. After about 20 seconds... they stopped.
It's normal. Fans always spin at 100% during booting and they spin down after ROS is up.
by lapsio
Mon Dec 10, 2018 6:28 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

We have a link between an RB2011 and an RB260 using two Net Insight NPA0022-LJ11 SFP fiber modules and it works fine no matter if it is configured for autonegotiation or fixed 1G/Fulldup at either end... (before it was configured for autoneg but I have disabled it because we plan to change to a bid...
by lapsio
Mon Dec 10, 2018 6:26 am
Forum: General
Topic: RouterOS pings devices - why? [SOLVED]
Replies: 7
Views: 562

Re: RouterOS pings devices - why? [SOLVED]

quoting https://tools.ietf.org/html/rfc2131 (DHCP specs) : RFC 2131, section 2.2 As a consistency check, the allocating server SHOULD probe the reused address before allocating the address, e.g., with an ICMP echo request, and the client SHOULD probe the newly received address, e.g., with ARP. RFC ...
by lapsio
Mon Dec 10, 2018 6:22 am
Forum: General
Topic: RouterOS pings devices - why? [SOLVED]
Replies: 7
Views: 562

Re: RouterOS pings devices - why? [SOLVED]

Also - check if Dude is enabled on the offending device, or even a discreet Dude server configured to send probes from this device. Ping is a common probe. Nope DUDE is not enabled. And such thing doesn't occur for all other networks including ones that have DHCP enabled but unused. I think it's ju...
by lapsio
Sun Dec 09, 2018 2:01 pm
Forum: General
Topic: RouterOS pings devices - why? [SOLVED]
Replies: 7
Views: 562

Re: RouterOS pings devices - why? [SOLVED]

Maybe it's part of route verification (check gateway)? Are you sure its ping? Some interfaces may have xSTP enabled which will send packets on interval. It's ICMP 8:0. According to firewall on mikrotik AP. I think it's maybe verification whether IP is free before assigning it to DHCP. I heard some ...
by lapsio
Sun Dec 09, 2018 6:23 am
Forum: RouterBOARD hardware
Topic: Why hAP ac² and CRS3xx boot significantly longer than "other" routerboards?
Replies: 5
Views: 1034

Why hAP ac² and CRS3xx boot significantly longer than "other" routerboards?

I noticed that hAP ac² reboots significantly longer after update than CCR1009 or RB2011. Is it because of 16mb flash thing?
by lapsio
Sun Dec 09, 2018 4:45 am
Forum: General
Topic: RouterOS pings devices - why? [SOLVED]
Replies: 7
Views: 562

RouterOS pings devices - why? [SOLVED]

I just noticed in firewall logs that mikrotik tries to ping random devices from public wifi network. I can't say what exactly is correlation between public wifi network and other networks. The only thing I can think of is that it's the only network that has actively used DHCP server (on that mikroti...
by lapsio
Fri Dec 07, 2018 8:16 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

You should not do it with copper ethernet, as I already wrote. But with fiber it appears to work OK. Maybe because it cannot work in halfduplex anyway and the speed can be selected to match. Yeah it really sucks because S+RJ10 doesn't autoneg to gigabit. Even if there's 1G on the other end it still...
by lapsio
Fri Dec 07, 2018 7:42 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

It appears that having autonegotiation on one end and not the other is not a problem on SFP. Of course on copper ethernet this is a definite no-no as it will end up in one side halfduplex and the other fullduplex. But on SFP it appears to work different. Did you actually try setting autonegotiation...
by lapsio
Sat Dec 01, 2018 8:01 pm
Forum: RouterBOARD hardware
Topic: Non-Microtik SFP+ DAC with CRS317... is it OK?
Replies: 5
Views: 891

Re: Non-Microtik SFP+ DAC with CRS317... is it OK?

Thank you guys very much for your responses. Would you recommend I only purchase items marked as 'Microtik" in the future, or do you think I'm safe continuing to buy these cables? I'm using 10Gtek (to connect to Intel because Intel gear doesn't work with non-Intel DACs and modules and 10Gtek makes ...
by lapsio
Sat Dec 01, 2018 7:51 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17757

Re: MUM Europe 2018 - New hardware incoming

Any info regarding CRS326-24S+2Q+RM? I'm not sure if it's worth to wait or should I just go with CRS317. By worth to wait I mean like 1Q2019
by lapsio
Sat Dec 01, 2018 7:44 am
Forum: RouterBOARD hardware
Topic: Product Request: USB Ethernet adapter with SFP+ port
Replies: 2
Views: 1206

Re: Product Request: USB Ethernet adapter with SFP+ port

You won't get SFP+ with USB3 because it's only 5G theoretical. There are plenty of SFP gigabit dongles though. I ordered Winyao one recently. It's quite cheap and supposedly works with Linux. I'll report compatibility once it arrives. Aquantia is working on 5G copper USB3 dongle. It should be availa...
by lapsio
Sat Dec 01, 2018 7:30 am
Forum: RouterBOARD hardware
Topic: Non-Microtik SFP+ DAC with CRS317... is it OK?
Replies: 5
Views: 891

Re: Non-Microtik SFP+ DAC with CRS317... is it OK?

MikroTik in general has quite good SFP+ compatibility (except RB4011). I haven't came across module that didn't work in mtk yet. Sometimes they require disabling autonegotiation but apart from that everything's fine.
by lapsio
Sat Dec 01, 2018 1:08 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Personally I am replacing a rb2011uias-2hnd-in, I never used LCD, USB or speaker, so this is not a big deal for me with the cpu power available. The upgrade on the wireless side is much more a thing for me. Ordered today the wifi version, found exactly one distributor who has like 40 on stock accor...
by lapsio
Fri Nov 30, 2018 12:17 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

This SFP mess is really annoying! Why can't it just work? If I connect cheap TP-Link switch to Cisco, auto negotiation on SFP works. Same with even cheaper Realtek cards, various Dell servers and other equipment. But no, for Mikrotik, you have to manually set the speeds on both ends. Where's the pr...
by lapsio
Thu Nov 29, 2018 8:57 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

first quick opinion - it's running hot. really hot, without any serious load.
No wonder - it's beefy yet passive. CCR1009-PC can give you actual burns if you touch heatsink while it's powered on. Even if idling (there's actually not that huge difference in thermals between idle and stress)
by lapsio
Wed Nov 28, 2018 11:16 pm
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

Did some testing. There are different revisions of S+RJ10. The revision 2 shows data and connection speed. Revision one does not.
That's interesting. It may suggest that at some point revision X of S+RJ10 won't suck balls anymore. At least not as much as it does now xD
by lapsio
Tue Nov 27, 2018 11:36 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

Which 1g copper modules from FS.com should work with 100Mbit? On the page there are two Generic SFP-GB-GE-T. I believe all of them are the same. Actually all FS.COM SFP modules are the same. I even ordered F5 compatible ones and still got generic ones because they just work, also in F5. The only di...
by lapsio
Tue Nov 27, 2018 12:21 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

Furthermore there is no option for sfp copper RJ45 modules available from MikroTik. Huh? What do you mean. There are both SFP and SFP+ copper modules from MikroTik - S+RJ10 and S-RJ01. MikroTik SFP modules are quite cheap but nothing extraordinary. Some other vendors like fs.com can get you cheaper...
by lapsio
Sun Nov 25, 2018 5:58 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 9240

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Mine is running v6.42.9 for a few weeks now and was doing the usual fan on/off bounce up to 40C on CPU, but is now stuck on this 24/7 for the last week. I guess it got tired of cycling fans. I can confirm this may happen. I have CRS317 and it also sometimes just gets stuck and stops spinning down f...
by lapsio
Wed Nov 21, 2018 12:13 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17757

Re: MUM Europe 2018 - New hardware incoming

No but seriously, can we expect some router with QSFP+? It'd be really nice to be able to get inter-vlan-routing on those QSFP+ switches at 40G speed. Maybe some port setup like 2x QSFP+ and 4x or 8x 10G. It'd be nice upgrade. Or at least 1x QSFP+ and lets say 8x 10G. 80G -> 120G capacity upgrade so...
by lapsio
Sun Nov 18, 2018 12:43 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

I am using FSP 1G modules to connect to a Zyxel switch. Works perfectly (using them in a LACP bond) Hmm I had to disable autonegotiation and now they work. I'm having all kinds of various autonegotiation issues with this CRS317. S+RJ10 always negotiating to 10G even if there's 1G on another side, l...
by lapsio
Sat Nov 17, 2018 5:38 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3492

Re: CRS317 Problems with 100MBit Devices / What a shame

Are there any caveats with 1G SFP modules as well? Because I obtained generic 1G SFP copper modules from fs.com and link doesn't get up. I'm not sure if it's just incompatibility with this particular module or more general incompatibility with anything except S-RJ01. Did you guys try any non-MikroTi...
by lapsio
Fri Nov 16, 2018 8:51 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17757

Re: MUM Europe 2018 - New hardware incoming

The chipset has been discontinued, linux dropped support for it, and the new RB4011 pulls down full BGP feeds faster than a CCR1072. It's time for something new in the 1036/1072 range. Tile is still on Mellanox's product pages and it can be reinstated in Linux if someone wants to support it. ROS 6....
by lapsio
Fri Nov 16, 2018 8:43 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17757

Re: MUM Europe 2018 - New hardware incoming

still no release date ? I'm actually more interested in pricing :D Especially that CRS326-24S+2Q+RM and CRS309-1G-8S+PC because they have opportunity to crush price per SFP+ ratio quite hard. CRS305 for now significantly exceeded my expectations regarding pricing, I thought it's gonna be like 200$+
by lapsio
Tue Nov 13, 2018 2:47 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17757

Re: MUM Europe 2018 - New hardware incoming

When will we see a new high end router like the CCR1072? Is CCR1072 already too weak? xD Currently developed switches sound like good foundation for stronger routers (QSFP+ uplinks). So maybe after they get released. It seems Mtk for now tries to fix their strong lacks in L2. But CRS326-24S+2Q+RM n...
by lapsio
Mon Oct 29, 2018 3:47 am
Forum: RouterBOARD hardware
Topic: S+RJ10 10Gb SFP module: Do they even work?
Replies: 8
Views: 4179

Re: S+RJ10 10Gb SFP module: Do they even work?

This module is a joke. Unfortunately I bought one. The only excuse for its crappyness is price which is like half of normal, properly working 10GBase-T SFP+ module. But well I guess it's good that such hardware exists for those who desperately need 10G copper and are broke af. Still it's terrible de...
by lapsio
Thu Oct 18, 2018 11:30 pm
Forum: RouterBOARD hardware
Topic: CRS305 as TAP?
Replies: 1
Views: 715

CRS305 as TAP?

Considering CRS305 seems to be released/announced - did anyone test it? I'm interested in its span capabilities (whether it supports separate Tx and Rx span like CRS2xx series used to) because it seems like perfect TAP device if it can mirror uplink / downlink to separate ports. Just look at it: htt...
by lapsio
Tue Oct 16, 2018 5:41 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

... and the power led is unnecessary bright
Welcome to like every mikrotik router ever... I always cover them with electrical tape...
by lapsio
Mon Oct 08, 2018 12:37 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Passive DAC is limited to 5 meter anyway, most common are 1 meter or 3 meter, but anything longer then 5m is active in theory. I saw 7m passive. And iirc it's actual max allowed by 10GBase-CR standard.for 10G passive DACs. Active copper DACs are up to 15m. Above you need AOC according to 10GBase-CR...
by lapsio
Sun Oct 07, 2018 2:47 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

So it's working fine with passive DAC? Strange that their own table says it's not supported. Maybe they mean by that, that it might be work, but they are not going to provide support for it. Weird... Maybe it works only with shorter ones aka ones that use less power. Though it works with S+RJ10 and...
by lapsio
Fri Oct 05, 2018 1:27 am
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 4175

Re: RB4011 - Poll - ONE thing you'd change

At a bare minimum it would have another 10G port or all LAN would be 2.5G (one switch). The sweet spot would be 2x SFP+, 2x 10GBase-T, 10x 2.5GBase-T. For 199$, fries included :P Such ports config would place it between CCR1036 and CCR1072 (or actually above CCR1072 because it'd give 85G theoretica...
by lapsio
Thu Oct 04, 2018 1:49 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Where did you get one? I'm desperately looking for one with WiFi in Europe
Only non-wifi version is available for now afaik.
by lapsio
Wed Oct 03, 2018 3:30 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Useless SFP+ for me without a 10G LAN port. It's for router on the stick scenario. It's meant to actually be LAN port, not really WAN port. I think it is WAN port for small office or internet-intensive family (not only one intensive user at a time). Well assuming someone has internet faster than 1g...
by lapsio
Wed Oct 03, 2018 1:27 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Useless SFP+ for me without a 10G LAN port.
It's for router on the stick scenario. It's meant to actually be LAN port, not really WAN port.
by lapsio
Tue Oct 02, 2018 7:15 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Wondering, if Cisco console cable would work on these...
It worked with RB2011
by lapsio
Thu Sep 27, 2018 2:43 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Has anyone been able to order one of these yet? Seems like the expected stock arrival dates keep getting pushed back.
All polish shops I checked claimed "Beginning of October". They claimed so since very beginning and they still do.
by lapsio
Wed Sep 26, 2018 3:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

They are offering 10GbE Multimode optics for 15€ while the competition is selling them for 50. There's got to be a catch. I'm using 10Gtek DACs which were even cheaper than MikroTik ones and work perfectly fine so I wouldn't judge by price. It's just generic chinese module that can be reprogrammed ...
by lapsio
Mon Sep 24, 2018 10:11 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

...
There was time when RB2011 was sold as barebone (without case) just like some current routerboards. Not sure why they abandoned it. Probably didn't sell well.
by lapsio
Mon Sep 24, 2018 9:52 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

unfortunately I cannot go for RB3011 due to space restrictions
Well technically I guess you could take RB3011 out of chassis if network cabinet is closed anyways... I guess...
by lapsio
Mon Sep 24, 2018 8:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

But that is an environment where you do not need (or want) a switch... Well sometimes you just want AIO box as cheap as possible. Eg. such RB4011 with wifi. It'd obviously make sense to give it decent switch chip, because come on - if someone buys 10G router with 10 gigabit ports and wifi he obviou...
by lapsio
Mon Sep 24, 2018 2:04 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Thanks for answers. Now I understand if I make vlan's on interfaces it will be handled in CPU(like now) and switch chip VLAN support not effect it. Because I need "transfer" VLAN's from sfpplus port to some ethernet ports switch chip VLAN support do not help me a lot ... I use VLAN's for VOIP and I...
by lapsio
Sun Sep 23, 2018 11:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

You only have to look at the table to switch chips and products to realise how much each range or device differs from each other, not to mention all the different CPU architectures - part of their sucess and weakness you could argue. And that's wrong. Naming schemes indicate something. If you saw i...
by lapsio
Sun Sep 23, 2018 11:46 pm
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN crippled by lightning strike
Replies: 2
Views: 577

Re: RB2011UiAS-2HnD-IN crippled by lightning strike

I'd use it as managed switch. I'm actually using RB2011 as switch for CCR1009. You could try to revive this device using usb wifi dongle. Or perhaps use it as 3g backup gateway (assuming USB still works). You may also use this device for various scripting and network monitoring / diagnose though lac...
by lapsio
Sun Sep 23, 2018 11:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

So maybe I'm missing some big points here but to me this RB4011 looks great for small business use or in a more demanding home situations. Plenty of power and passively cooled, great! I also really like that it can do hardware AES so you can tunnel all your traffic through a VPN tunnel in a work re...
by lapsio
Sun Sep 23, 2018 10:23 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17757

Re: MUM Europe 2018 - New hardware incoming

+1 on pricing and availability. CRS305-1G-4S+IN is definitely a weird one, but I have some ideas if it's cheap enough. Yes it's really weird one and actually it really reminds me of this: https://3p-resale.de/media/image/product/207/md/gigamon-g-tap-a-tx-active-network-tap-gtp-atx00.jpg Or more pre...
by lapsio
Sun Sep 23, 2018 10:11 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17757

Re: MUM Europe 2018 - New hardware incoming

Sorry to burst your bubble but anybody with so many 10g ports in their datacenter to justify going 40/100g is going to deploy CSS/CRS to use them as edge/access devices or remote site aggregation at best, where QSFP is a nice extra but not mission critical. If you are so bandwidth strapped to cry f...
by lapsio
Sun Sep 23, 2018 9:22 pm
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 4175

Re: RB4011 - Poll - ONE thing you'd change

Aaand necrobump :D

Because it's still hot topic until RB4011 actually comes out.
by lapsio
Sun Sep 23, 2018 9:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Too wait for proper upgrade from RB2011, but RB4011 is not my choise anymore, especially when removed USB port. Will switich to UBNT.
I don't think UBNT has USB either tho xD
They should just make RB3011 in desktop case. It'd be bilion times better idea than this joke.
by lapsio
Fri Sep 21, 2018 2:52 pm
Forum: Beginner Basics
Topic: Mikrotik SPF + unable to get full bandwidth
Replies: 5
Views: 720

Re: Mikrotik SPF + unable to get full bandwidth

Sounds reasonable. Please note that when packets are dropped there are more retransmissions and stuff so you may get better throughput if router can keep up than in situation where you exceed router capabilities and packets start to drop heavily. Did you try to enable fasttrack with Queue Tree rules...
by lapsio
Fri Sep 21, 2018 2:32 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

The device support active DAC cables.
Oh wonderful, so for example one like this for only 100 eur

https://www.redcorp.com/en/product/fibr ... 1/m852cq82

I can hardly find any 1m active DACs or anything below/equal 3m
by lapsio
Fri Sep 21, 2018 1:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Footnote 4 says you can only use a SFP+ DAC at 10Gb Doesn't it rather say that you cannot use passive SFP+ DAC at all? RB4011 seems to be the only Mikrotik SFP+ device which is incompatible with Mikrotik's own direct attach cables. Wait what. Dafaq. No DAC support? How is it even a thing?... It's r...
by lapsio
Thu Sep 20, 2018 12:12 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

It should. CPU is similar (the same arch) in hAP ac, CRS-326 and RB4011.
hAP AC is MIPSPBE, CRS-326 and RB4011 are ARM.
Ah srr, I was thinking about ac² as it's quad core ARM just like 4011. My bad.
by lapsio
Wed Sep 19, 2018 10:13 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Is there a recommended SFP+ 10G Copper module that is proven to negotiate to 1G reliably?
I believe it's ROS/routerboard issue. Not SFP modules issue.
by lapsio
Wed Sep 19, 2018 10:11 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Today Im copy configuration from HAP AC to CRS326-24G-2S+RM(RouterOS mode) and configure sfp+ as WAN insted of SFP(on hap ac) and pppoe, multicats, voip, iptv work normaly as in hap ac... Does this mean that it will also work on RB4011 or can different CPU/Switch chip produce some problems? Im chec...
by lapsio
Mon Sep 17, 2018 11:22 pm
Forum: Wireless Networking
Topic: Why is MikroTik's new product—S+RJ10 10GBASE-T module so cheap?
Replies: 10
Views: 4410

Re: Why is MikroTik's new product—S+RJ10 10GBASE-T module so cheap?

It doesn't support jumbo frames. That's 100$ cut from price. And improperly autonegotiates to non-10G speeds. That's remaining 35$ from price and voila - from 200$ to 65$ :D Plus it probably has 'meh' compatibility. Other MikroTik SFP+ modules I use didn't work with Intel X710-DA4 network card for e...
by lapsio
Mon Sep 17, 2018 10:45 pm
Forum: Beginner Basics
Topic: Mikrotik SPF + unable to get full bandwidth
Replies: 5
Views: 720

Re: Mikrotik SPF + unable to get full bandwidth

We found our simple queue is affecting our ports and also I enabled fastrack to get full throughput. But if i enable fastract our queue tree wouldn't work. I need to find a way to make this work. Thank you guys. To get 10G with CCR1009 without fasttrack you need jumbo 9k. And single connection will...
by lapsio
Mon Sep 17, 2018 10:36 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

You should probably use SFP+ module, not SFP one to avoid sloppyness. For example: https://mikrotik.com/product/s_rj10 It should support all link rates, including 10Mbps one :D Yes it should . Too bad it doesn't. I have this particular module. It negotiates to 10G when connected laptop. When I disa...
by lapsio
Mon Sep 17, 2018 9:38 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Thank you for the explanation. I know I'm getting ahead of myself on the config before the device is even shipping. But based on the 2.5Gb/s limitation for each switch chip, it would be best to place devices with a majority of internet traffic on the same switch chip as the port being used for WAN?...
by lapsio
Sun Sep 16, 2018 11:45 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1827

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The actual role of the optional fan is to reduce the heat transfer effect from one device (HDD) to another (CPU), which can create unstable operation of the device. Example - Condition of normal operation of the central processor is not more than 60 ° C; - The detected normal operating temperature ...
by lapsio
Sat Sep 15, 2018 5:35 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Or does it bridge the two switch groups together? ^ This 2. What is the performance impact bridging the two switch groups together? Does it disable hw acceleration (IPv4 forwarding, IPv6 forwarding, fast path, etc.)? Depends on CPU. In RB2011 performance hit was quite significant but second switch ...
by lapsio
Wed Sep 12, 2018 1:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Still it is a pity that we don't have proper switching available, you will never know when you would actually need it. I'm using RB2011 as small "ports extension" switch + AP for CCR1009. Because CCR1009 has significantly higher routing performance it made sense to use RB2011 switch just as switch ...
by lapsio
Tue Sep 11, 2018 11:08 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1827

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The 2013 University of Virginia study of 10,000 hard drives in a Microsoft datacenter found that the annual failure rate steadily increases with temperature , from about 4% per year at 27 °C to about 10% per year at 44 °C (Figure 5). Assuming an Arrhenius equation, that gives twice the number of fa...
by lapsio
Tue Sep 11, 2018 8:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

I have one question about WiFi version RB4011(RB4011iGS+5HacQ2HnD-IN). Currently I use hAP ac(RB962UiGS-5HacT2HnT) for my home network. Im remove ISP modem and put optical transciver into mikrotik and setup firewall rules, pppoe, vlan's, capsman, vpn's... For Internet I use pppoe on sfp1 interface....
by lapsio
Tue Sep 11, 2018 7:08 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1827

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The 70 deg. Celsius Mikrotik is saying the device can take might be true. But I am not willing to test the theory only to have to replace the routers every 1-2 years. In my experience, all electronics like to stay cool. Not too cool, but definitely not too warm for too long. My CCR1009 is idling at...
by lapsio
Tue Sep 11, 2018 3:22 pm
Forum: RouterBOARD hardware
Topic: CRS326 and 802.3ad / LACP bonding with VLANs, no HW offload
Replies: 5
Views: 2026

Re: CRS326 and 802.3ad / LACP bonding with VLANs, no HW offload

I'm on latest ROS (6.43.7 i think) and I have HW accelerated xor bonding between CRS317 and CRS326. It happened to me that bonding interface acceleration sometimes "derps" after you perform reconfiguration of interfaces and looses HW state. Putting interface down and up or rebooting device usually s...
by lapsio
Tue Sep 11, 2018 3:15 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1827

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

I'm not sure whether quad core ARM 1.4 ghz requires such cooling tho... You could at least try to mount low profile fan on the inside to keep U1 size compliance lol
by lapsio
Mon Sep 10, 2018 3:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

I wonder if mini-pcie toUSB adapter will work in this router? In such a way we could have had USB at the expense of 2ghz radio. why don't use any minipcie 2ghz capable wireless card? RB4011 has included 2.4 ghz card. Question was if we can get USB instead of 2.4 ghz. For example to get 3G/LTE USB m...
by lapsio
Mon Sep 10, 2018 12:44 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 9240

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

I agree, that likely the CPU won't need the fans, nevertheless MikroTik does control the fan speed via the CPU temperature. I also agree that I you don't find another POE switch with similar features/performance at that price point. I likely will give the Noctua fans a try. Please note that Noctua ...
by lapsio
Mon Sep 10, 2018 12:29 am
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 4175

Re: RB4011 - Poll - ONE thing you'd change

Whatever we request it is too late I guess... Note that RB2011 had multiple versions and they didn't come out all at once. More "full" versions with more bells and whistles came later, after most basic 2011L variant. Also this post is not only about telling what we don't like about RB4011 in partic...
by lapsio
Sun Sep 09, 2018 4:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Hey everyone! Let's have a poll :D

Let's tell MikroTik what we expect from RB4011 viewtopic.php?f=3&t=138969&p=684987#p684987
by lapsio
Sun Sep 09, 2018 4:11 pm
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 4175

RB4011 - Poll - ONE thing you'd change

So RB4011 is quite polarizing topic. There's a lot of excitement and happiness but also a lot of disappointment. Now let's imagine that MikroTik could make revision of RB4011 that would add ONE feature that you miss the most - what would it be? Let's make some poll, shall we? :D What is YOUR most mi...
by lapsio
Sat Sep 08, 2018 8:12 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

... will not come off without a fight... and warranty?
MikroTik has warranty? xD just rip off those antennas and call it a day. It shouldn't break :D, at least not before end of warranty.
by lapsio
Sat Sep 08, 2018 5:23 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Can anyone from MikroTik confirm the antenna are removable on SMA or something? 2.4 uses standard R11e card like this one: https://mikrotik.com/product/R11e-2HnD so it has the same connectors for antennas as R11e. 5ghz idk but I believe they'll be removable as well. Probably with the same connector...
by lapsio
Sat Sep 08, 2018 4:46 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Also because some people may get impression that removed things are insignificant "details" and nobody uses them I'd like to note that it's not entirely true and those are not just useless gimmicks: no USB - usage of 3G/LTE modems doesn't need any itroduction. Some people use 3G as backup WAN, somet...
by lapsio
Sat Sep 08, 2018 3:21 pm
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 4302

Re: Whats the best current home routerboard for a gigabit ISP?

It stopped passing traffic, I could not connect to it neither via ssh, webfig nor winbox. The only cure was to remove power. Nothing in logs afterwards (no surprise here). I'd recommend using watchdog. It should handle such incident in matter of seconds. https://wiki.mikrotik.com/wiki/Manual:System...
by lapsio
Sat Sep 08, 2018 2:51 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Besides the fact that it is a >1GHz quad-core ARM, though, in the list of "added features" compared to 2011 you also left out the following: Quad-core (like I said) 1GiB of RAM (same as 3011, 8x as much as 2011U, 16x as much as 2011L) 0.5GiB of NAND storage (4x as much as 2011 and 3011) I said that...
by lapsio
Sat Sep 08, 2018 2:25 pm
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 4302

Re: Whats the best current home routerboard for a gigabit ISP?

There's as slight bug in switch chip in IPQ4xxx which bit me and MT doesn't have a solution (yet). It also runs hot and my personal experience is that it might freeze due to that (vertical position seems to help). I'm interested as well. I'm using switch chip in ac² quite actively (vlans for loopba...
by lapsio
Sat Sep 08, 2018 3:04 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Anyone venture a guess if btest will work better on these things than the CCR1016's we use for extended stress testing as I recall a CCR tops out at around the 2.5gbit udp mark ? If btest really is single core then I believe it should perform better than CCRs. It should in general perform better th...
by lapsio
Sat Sep 08, 2018 2:15 am
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 4302

Re: Whats the best current home routerboard for a gigabit ISP?

In all seriousness I'd get hAP ac² over RB4011. Imho more versatile at waaay lower price. 4011 is not representative mikrotik as it's really targeted, single purpose device. You won't even connect 3g/lte modem to it. Nor use much of hardware switch. hAP ac² is really nice device with great switch ch...
by lapsio
Sat Sep 08, 2018 12:26 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

What for this router have 10G sfp+ port? All switches summary have only 5G throughput.
Router on the stick. Inter VLAN routing basically. It's common use case actually if you don't have proper L3 switch.
by lapsio
Fri Sep 07, 2018 8:45 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

I look at this a different way - now you have a router capable of routing 10 Gbps peak throughput which is very close to CCR1009 number for half the cost. I totally agree that it is needed device. Cheap 10G router to make 10G more popular. It's cool. I just don't find it successor of RB2011. Look a...
by lapsio
Fri Sep 07, 2018 8:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

For me it's an issue of perception. They gave the device an X011 part number, implying that it was an updated but comparable replacement for the 2011's and 3011. But it isn't; it's a completely different animal. It hits especially badly if you take into account that many people (including me) asked...
by lapsio
Fri Sep 07, 2018 8:01 pm
Forum: RouterBOARD hardware
Topic: CRS317 with Noctua NF-A4x20, pros, cons, caveats.
Replies: 0
Views: 735

CRS317 with Noctua NF-A4x20, pros, cons, caveats.

So I noticed that many people who bought CRS317 as "home" switch replaced fans with Noctua in order to reduce noise level. I decided to do that as well so I guess I'll make small write-up about this topic. Lets start from basics. If we want to replace something, first we should know what are we actu...
by lapsio
Fri Sep 07, 2018 5:34 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

There is no speaker So... at the end of the day... It's kind of one trick pony. It's basically really simple and basic router that can route buttload of traffic due to SFP+ port and hardware AES. The end. Things removed comparing to RB2011: no USB no screen no beeper no USR led no meaningful switch...
by lapsio
Fri Sep 07, 2018 1:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

does Realtek RTL8367 manageable switch and support acl? Nope. It's crap :( https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features I think the chip has several possibilities implemented in hardware but are not yet implemented in RouterOS: http://www.realtek.com.tw/products/productsView.aspx?Lang...
by lapsio
Fri Sep 07, 2018 9:08 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

OK, just give me a real life application - combination of fastpath and "router on a stick". As in real life average packet size will be closer to 512 than 1500, fastpath is only way to achieve 10Gbps+ speeds, but that requires no config, "router on a stick" requires at least some configuration, so ...
by lapsio
Thu Sep 06, 2018 10:08 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Regarding the lack of USB, as there are a miniPCI-slot for wifi. Russian site with pictures of the inside: https://weblance.com.ua/389-mikrotik-gotovit-platformu-rb4011-na-baze-processorov-alpine-zayavlena-podderzhka-dual-band-wi-fi-s-mimo-4x4.html If Mikrotik could make a version of the R11e-LTE w...
by lapsio
Wed Sep 05, 2018 5:09 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Finally:

RB4011iGSplusRM-180905135303.png
That looks like beef, not gonna lie :D I wonder where this 10G limit in charts comes from because it doesn't really look like "natural" limit.
by lapsio
Tue Sep 04, 2018 12:54 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

https://forum.mikrotik.com/download/file.php?id=33451 Anybody else wondering why RB4011 CPU-throughput appears to be capped to 10Gbit/s? Assuming both Realtek GbE switchgroups are connected at 2.5Gbit/s each to the CPU (like RB1100AHx4), this leaves only 5Gbit/s possible thoughput for the 10GbE SFP...
by lapsio
Mon Sep 03, 2018 6:47 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Likely nothing has changed in the actual capability but such specifications are made because of complaints about high internal temperature and/or short lifetimes of the caps. Internal temperature of the router is not the same as ambient temperature! It usually is 10-20 degrees higher (depending on ...
by lapsio
Sun Sep 02, 2018 11:17 pm
Forum: RouterBOARD hardware
Topic: CRS317 fans - 5V or 12V?
Replies: 0
Views: 331

CRS317 fans - 5V or 12V?

Does anyone know whether CRS317 fans are 5V or 12V? I'd like to replace them with some Noctuas as I saw many people doing that but I'm not sure which variant should I get.
by lapsio
Sun Sep 02, 2018 9:41 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

If you google the wireless model you get the fcc report, it has internal pictures: No Fans Case looks Matt like the AC^2, and plastic? The main problem for me... is I want a new router now and it’s not on sale yet! There's article on one site. Case is full metal. Only bottom is plastic. Case is bas...
by lapsio
Sun Sep 02, 2018 9:36 pm
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1472

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

I use the mangle chain to divide traffic between two WANs, and the fasttrack doesn't seen to cause problems with it.
I thought that routing-mark is per-packet, not per-connection. If you assign routing mark on connection level it's gonna persist and be taken into account in routing rules?
by lapsio
Sun Sep 02, 2018 3:43 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

One question: why you need to push all that through the router? Why not to switch the most part? Long story short - MikroTik switches don't support VEPA and I use VEPA. And datacenter switches that support VEPA cost more than MikroTik router that can handle 10G lol. And I want to have stateful fire...
by lapsio
Sun Sep 02, 2018 2:51 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1472

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

Why would fasttrack be less secure than no fasttrack? The streaming is marked to be fasttracked after the firewall looks into it, so I don't get this. in filter chain - yeah but there's plenty of caveats. For example mangle chain and packet marking. Iirc fasttracked packets don't get processed on p...
by lapsio
Sun Sep 02, 2018 12:46 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1472

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

i suppose you put the 10g NIC on the pci express x16 slot of your motherboard Technically x8 because it's P67 chipset so it has x8/x8 pci-e 2.0 but card has x8 connector anyways. As it's 4x10G NIC it has theoretical throughput of around 36 gbps in such config. In practice probably above 20 or somet...
by lapsio
Sat Sep 01, 2018 11:03 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

i think a CPU like Broadcom stingray (8 core arm cortex a 72 at 3.0ghz) can beat a a tilera 72 core CPU at 1.0 ghz (like ccr1072) because of the much better single core performance That's true for many use cases but please take into account that routers like those are in most cases used in backbone...
by lapsio
Sat Sep 01, 2018 9:49 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Being a CCR1009 owner I can confirm - it is way overkill for home use. I ended with it only because I found one used for nearly the price of 3011. Otherwise it makes no sense, especially now, when you can get 4011 + CRS326 for the price of 1009. Though even home user can kill CCR1009 if you use too...
by lapsio
Sat Sep 01, 2018 8:08 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that. i think with rb4011rm ccr1009 is dead That's brave statement :D Still CCR1009 has number of features that RB4011 doesn't. It still has significantly higher routing performance, p...
by lapsio
Sat Sep 01, 2018 7:18 pm
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1472

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

So yeah. It's CCR1009 issue. It really does bottleneck on single TCP connection, even with 9k jumbo at 3.5 gbps. With standard 1500 frames it bottlenecks at around 1.2gbps. When fasttrack is disabled and we use bridge ip firewall Removing bridge interface (so that ip is assigned directly to VLAN int...
by lapsio
Sat Sep 01, 2018 2:38 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Is there a header inside one can attach a USB cable to?
I didn't notice any. If you google 4011 there's some Russian article with photos of PCB
by lapsio
Fri Aug 31, 2018 4:07 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

I'm actually interested to test this router with a full BGP table given the high clock speed and 10 gig port. Who knows? Could be a diamond in the rough for a border router ;-) I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that.
by lapsio
Fri Aug 31, 2018 1:08 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1472

CCR1009 - low single tcp tunnel performance? [SOLVED]

I recently managed to get my hands on Intel X710-DA4, CRS317 and CCR1009. However unfortunately... Performance is quite disappointing and I don't know who to blame. When I enable multiple tunnels in iperf then everything is cool - full 10G. However with single tunnel... not so much. If I use UDP for...
by lapsio
Thu Aug 30, 2018 10:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Oh boy, it does look ugly with those rack-mount ears attached. Luckily I can close rack's door. I wonder if LCD would suffice to maintain minimum level of sexapeal ... Well... At least it's not full width rackmount case that is like idk... 10cm deep or something similarly comical like RB2011 used t...
by lapsio
Thu Aug 30, 2018 10:13 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

... So it is still closer to RB3011 than to RB1100. And keeping in mind SFP+ port, the price is quite good. Yep. I wonder how it compares to CCRs if we're handling single TCP tunnel. Because single TCP tunnels don't really scale well so ironically this device could perform better with single 10G TC...
by lapsio
Thu Aug 30, 2018 9:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

I wonder what processors will we see in future RB1100 and CCR series, as RBx011 has 4x1.4GHz now... Prices are probably estimated but from what resellers suggest RB4011 won't be direct RB2011 successor as it's gonna be priced significantly higher (which obviously makes sense, after all it has the s...
by lapsio
Thu Aug 30, 2018 7:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

Two versions: Rackmount: http://files.i4wifi.cz/inc/_doc/attach/StoItem/7148/en_datasheet_RB4011iGS_RM.pdf with wifi: http://files.i4wifi.cz/inc/_doc/attach/StoItem/7150/en_datasheet_RB4011iGS_5HacQ2HnD_IN.pdf It doesn't really look like prototype :/ I think there won't be usb for us this time. No ...
by lapsio
Thu Aug 30, 2018 6:56 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

Re: RB4011

LCDs are this tiny "premium" touch that makes device look better than it actually is xD I love them. It's not like they're super useful but they just feel nice. It's not common to see LCD screens in this kind of hardware. F5 puts similar LCDs in their newer appliances that are waaaaay more expensive...
by lapsio
Thu Aug 30, 2018 3:51 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70543

RB4011

So... Are we going to talk about it or is it tabu topic? :D

I'm personally quite disappointed with lack of LCD and USB.

NOTE: There's poll related to this thread: viewtopic.php?f=3&t=138969
by lapsio
Mon Aug 27, 2018 9:41 pm
Forum: Beginner Basics
Topic: quota Limit on WAN interfaces
Replies: 2
Views: 466

Re: quota Limit on WAN interfaces

Bump. Still relevant. for backup LTE links. I set up 128 kbps bandwidth limit but I calculated that it can still pretty easily use up whole per-month 10 GB data limit in around 1 week.
by lapsio
Mon Aug 27, 2018 8:06 pm
Forum: Wireless Networking
Topic: How to filter wifi traffic between AP stations on firewall? [SOLVED]
Replies: 6
Views: 1077

Re: How to filter wifi traffic between AP stations on firewall? [SOLVED]

... Well I actually just found even better solution - simply arp=local-proxy-arp. So just set default-forwarding=no on wireless interface and arp=local-proxy-arp on bridge where wlan interface is attached and where you have IP address and this way MikroTik will answer to all arp requests with own M...
by lapsio
Mon Aug 27, 2018 3:28 pm
Forum: RouterBOARD hardware
Topic: CRS3xx ingress+egress dual port mirror
Replies: 0
Views: 345

CRS3xx ingress+egress dual port mirror

How can I configure port lets say ether2 to mirror ingress to port 23 and egress to port 24 so that I won't have mirror link overcommit? If I recall it was possible in CRS2xx using mirror0 and mirror1.
by lapsio
Sun Aug 26, 2018 1:27 am
Forum: Wireless Networking
Topic: How to filter wifi traffic between AP stations on firewall? [SOLVED]
Replies: 6
Views: 1077

Re: How to pass traffic between AP stations through firewall? [SOLVED]

After all those years I finally solved this mystery. Solution was as simple as disabling default-forward and giving all stations /32 netmask via dhcp or static config (and probably enable ip-firewall on bridge). Now all packets go to router MAC and then router filters them on firewall in forward cha...
by lapsio
Sat Aug 25, 2018 10:33 pm
Forum: General
Topic: tls-host doesn't work in dstnat chain? [SOLVED]
Replies: 1
Views: 456

Re: tls-host doesn't work in dstnat chain? [SOLVED]

Okay it's pretty obvious. NAT decision is taken before 3-way handshake is finished as handshake is typically preformed by actual host and tls-host, layer-7-protocol, content and many other matchers can only be determined after handshake is finished because they base on connection packets content. So...
by lapsio
Sat Aug 25, 2018 10:01 pm
Forum: General
Topic: tls-host doesn't work in dstnat chain? [SOLVED]
Replies: 1
Views: 456

tls-host doesn't work in dstnat chain? [SOLVED]

I tried to kind of replicate nginx functionality using dstnat to different machines basing on tls-host (mostly to split openvpn on port 443 from https) however to my surprise this feature doesn't seem to work in dstnat chain. It works in prerouting chain though and according to: https://wiki.mikroti...
by lapsio
Sat Aug 25, 2018 6:52 pm
Forum: Wireless Networking
Topic: FreeRADIUS based MikroTik Wireless VLAN tagging
Replies: 0
Views: 647

FreeRADIUS based MikroTik Wireless VLAN tagging

I'm trying to assign users to different VLANs on wireless interface basing on RADIUS authentication. Basic RADIUS authentication works as expected but MikroTik-specific attributes don't seem to be assigned properly. This is my server side config of FreeRADIUS (mikrotik.dictionary is taken from here:...
by lapsio
Sat Aug 18, 2018 2:19 am
Forum: Wireless Networking
Topic: D-Link DWM-222 works only with CCR1009
Replies: 0
Views: 371

D-Link DWM-222 works only with CCR1009

I just bought Orange SIM card and D-Link DWM-222 usb modem for backup connection. I wanted to connect it to my edge router (hAP ac²) as backup gateway but it doesn't seem to work... I have really mixed results with it. At first I connected to hAP ac² and it didn't work. Then I connected to RB2011 an...
by lapsio
Fri Aug 17, 2018 5:56 pm
Forum: General
Topic: Loopback NAT is performed only once
Replies: 2
Views: 629

Re: Loopback NAT is performed only once

I just bought one more router dedicated as edge router... It was crappy idea anyways because RB2011 was really overloaded with tons of functionality it couldn't handle all at once. It's old and really obsolete router. I hope MikroTik makes refresh of RB2011 soon. With more recent CPU and perhaps two...
by lapsio
Fri Aug 17, 2018 5:45 pm
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 789

Re: Hairpin NAT bypasses firewall - potential security issue

Unless you reproduce it on router with exact config you posted, i.e. only that one drop rule in forward chain and nothing more , it must be some other rule allowing these packets to pass. Hmm. They don't pass with this exact config in CHR. But it does occur with my config when I add drop all as fir...
by lapsio
Fri Aug 17, 2018 4:59 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 556

Re: force push local address to gateway? (to avoid Hairpin NAT)

Look at this: https://forum.mikrotik.com/viewtopic.php?f=2&t=102483&p=509070&hilit=port#p508981 In the end I used srcnat to router's external IP so basically hairpin NAT just with public IP, not private. It works. Servers see in logs my external public IP and packets are "properly" forwarded. Excep...
by lapsio
Fri Aug 17, 2018 1:43 am
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 789

Re: Hairpin NAT bypasses firewall - potential security issue

... but even if it would send something back (it won't, because it has unconditional drop in forward, it won't route anything between any interfaces), bottom router wouldn't let it pass. The problem is - it would and it does. I didn't make this up from thin air. It's issue that occurs in my config....
by lapsio
Thu Aug 16, 2018 3:30 am
Forum: RouterBOARD hardware
Topic: S+RJ10 improperly auto negotiates to 10G
Replies: 3
Views: 932

Re: S+RJ10 improperly auto negotiates to 10G

This might help You: https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table#SFP.2B_interface_compatibility_settings_with_1G_links Oh okay. I read this bilion times in the past yet somehow I still forgot about this 1G sfp+ thingy. Still I believe that's not how autonegotiation is sup...
by lapsio
Thu Aug 16, 2018 1:37 am
Forum: RouterBOARD hardware
Topic: CRS317 10G -> 1G traffic slow, everything else fine
Replies: 21
Views: 7334

Re: CRS317 10G -> 1G traffic slow, everything else fine

SFP+RJ10 still reports up/down link state without a cable connected.
Still happens in August...
by lapsio
Thu Aug 16, 2018 1:29 am
Forum: RouterBOARD hardware
Topic: S+RJ10 improperly auto negotiates to 10G
Replies: 3
Views: 932

S+RJ10 improperly auto negotiates to 10G

I fairly doubt my laptop has 10G onboard NIC... especially that on laptop side it's negotiated to 1Gbps
P_20180816_001727_vHDR_On.jpg
by lapsio
Thu Aug 16, 2018 12:17 am
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2936

Re: S+RJ10 and Jumbo Frames

+1, why would jumbo frames not be supported on a 10G capable interface.... On the other hand... Name me one 10G copper SFP+ module other than mikrotik for 65$ brand new. Go on. I tried xD Until MikroTik saves us, 10G copper still costs kidney. Currently they saved us in 50% because no jumbo :P I bi...
by lapsio
Tue Aug 14, 2018 11:51 pm
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 789

Hairpin NAT bypasses firewall - potential security issue

I noticed that hairpin NAT on single interface bypasses firewall. net.png Let's assume following: bottom router: /ip address add address=192.168.0.1/30 interface=ether1 /ip address add address=192.168.4.1/24 interface=ether2 /ip address add address=192.168.2.1/24 interface=ether3 /ip firewall filter...
by lapsio
Tue Aug 14, 2018 10:46 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 556

Re: force push local address to gateway? (to avoid Hairpin NAT)

What is wrong with Harpin NAT? It is just name of technology which "other" routers do behind the scenes. One line for NAT. That is all. I just noticed that if I do what I just described MikroTik accepts all dst-nated packets, bypassing all firewall rules whatsoever ._. That's first thing. So basica...
by lapsio
Tue Aug 14, 2018 9:08 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 556

force push local address to gateway? (to avoid Hairpin NAT)

lets say I have public IP 66.66.66.66. I want to allow users from LAN access services exposed via public IP. Unfortunately there's quadrillion of zone-like firewall rules, PBR, QoS and tons of other crap. Adding exceptions everywhere for such traffic would be complete clusterf*ck and I'm trying to a...
by lapsio
Thu Aug 02, 2018 10:41 am
Forum: RouterBOARD hardware
Topic: Hap ac2 vs. Hex S
Replies: 8
Views: 7283

Re: Hap ac2 vs. Hex S

It's also worth to mention that hEX series has crappy switch chip while hAP ac2 has pretty decent one with VLANs support and stuff so you can also repurpose your device as managed L2 wire-speed switch. For me it was big deal as I wanted to loop traffic through IPS and ROS has issues with software br...
by lapsio
Mon Jul 30, 2018 11:48 pm
Forum: General
Topic: CRS317 - arp doesn't work
Replies: 3
Views: 457

Re: CRS317 - arp doesn't work

I assume the IP address is attached to the VLAN interface? Any ARP related settings? Maybe a full /export hide-sensitive I tied to isolate as tiny case as possible. So here I replicated issue with only 2 switches (without CCR involved): lapsio@linux-gjpj ~> cat SSHFS/Storage/mtk5 # jul/30/2018 22:3...
by lapsio
Mon Jul 30, 2018 10:13 pm
Forum: General
Topic: Loopback NAT is performed only once
Replies: 2
Views: 629

Loopback NAT is performed only once

I have two routers - CCR1009 and RB2011. I'd like to make CCR1009 core router and RB2011 edge router. However as CCR1009 doesn't have wifi I'd like to also repurpose RB2011 as AP, but still route networks on CCR1009. So in order to do so I bridged wifi interface with one of VLANs, withrout assigning...
by lapsio
Sun Jul 29, 2018 6:10 pm
Forum: General
Topic: How LACP affects ARP?
Replies: 0
Views: 312

How LACP affects ARP?

Recently I created multiple threads spinning around topic of ARP and LACP issues. I thought they're independent but after lots of testing I think I finally came to following conclusion: LACP affects ARP in some way in my setup. Every time I create LACP link there are some issues with propagating ARP...
by lapsio
Sat Jul 28, 2018 10:50 pm
Forum: Beginner Basics
Topic: How does MSTP work?
Replies: 0
Views: 542

How does MSTP work?

I thought that primary reason why we use MSTP is because it's VLAN-aware. However I made following switch config: /interface bridge add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=mstp vlan-filtering=yes /interface bridge port add bridge=br-hardware frame-types=admit-only-...
by lapsio
Sat Jul 28, 2018 9:06 pm
Forum: General
Topic: CRS317 - arp doesn't work
Replies: 3
Views: 457

CRS317 - arp doesn't work

I have following config on CRS317: /interface bridge add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] l2mtu=2028 name=ether1-rescue set [ find default-name=sfp-sfpplus1 ] l2mtu=9112 mtu=9000 set [ ...
by lapsio
Thu Jul 26, 2018 10:32 pm
Forum: RouterBOARD hardware
Topic: Affordable 10GBase-T for CRS317? [SOLVED]
Replies: 3
Views: 866

Re: Affordable 10GBase-T for CRS317? [SOLVED]

You should really be using fiber by the time you hit 10gig. /M I know, I'm mostly using DAC cables and LC uplinks because it's used as kind of "top-of-rack" switch interconnecting servers. Unfortunately one server has 10G copper onboard NIC. It'd be a bit of waste not to use it and our firewall wil...
by lapsio
Thu Jul 26, 2018 6:07 pm
Forum: RouterBOARD hardware
Topic: Affordable 10GBase-T for CRS317? [SOLVED]
Replies: 3
Views: 866

Affordable 10GBase-T for CRS317? [SOLVED]

Are there any affordable 10G copper SFP+ modules that should work with CRS317? The only sub 120$ module i could find is MikroTik S+RJ10 but it doesn't support jumbo frames so it doesn't count
by lapsio
Mon Jul 23, 2018 3:11 pm
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2936

Re: S+RJ10 and Jumbo Frames

anything changed in this topic? I'm in urge to get 10G routing with CCR1009 but I'm afraid it won't handle 10G on single connection (single core) without jumbo.
by lapsio
Sat Jul 21, 2018 4:13 pm
Forum: Beginner Basics
Topic: How to set 10G link speed without autonegotiation?
Replies: 2
Views: 582

Re: How to set 10G link speed without autonegotiation?

When I disable auto-negotiation on CCR1009 SFP+ cage I'm getting "no-link" at all. Not even 1G

Edit: Ok i't s because CCR1009 actually properly tries to establish 10G with autonegotiation disabled. Unlike CRS317 and CRS326
by lapsio
Sat Jul 21, 2018 3:50 pm
Forum: Beginner Basics
Topic: How to set 10G link speed without autonegotiation?
Replies: 2
Views: 582

How to set 10G link speed without autonegotiation?

I have CRS317 and CRS326. When auto-negotiation is enabled I'm getting both links to operate at 10G speed no problem. However if I set auto-negotiation to "no" they operate at 1G speed. How do I properly set fixed 10G speed? Here's config of interfaces on both switches and log: 25 RS name="sfp-sfppl...
by lapsio
Thu Jul 19, 2018 11:17 pm
Forum: RouterBOARD hardware
Topic: Are MikroTik 10G DAC cables "standard"? [SOLVED]
Replies: 7
Views: 2114

Re: Are MikroTik 10G DAC cables "standard"? [SOLVED]

Apparently they're not. Luckily I had Mikrotik 1m DAC laying around so I tested it before ordering more cables. It doesn't work. I also tried Mikrotik's SFP+ FC module and it doesn't work either. Card shows following error: 6205964200056624920.jpg I ordered Intel compatible DAC cable. I hope it's go...
by lapsio
Mon Jul 16, 2018 10:56 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming
Replies: 47
Views: 24525

Re: RouterBOARD naming

Why RB750G is not named RB750UG. The same about RB760iGS not being RB760UiGS? This naming scheme looks really inconsistent in practice :/ CRS and CCR naming schemes seem to be much more consistent. Also why those are not x2? They have 2 cores after all...
by lapsio
Sun Jul 15, 2018 6:26 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 661

Re: DST-NAT in bridge breaks forwarding [SOLVED]

Yes, you don't need an IP address but only a route that will direct ARP requests towards the correct interface. Unfortunately it doesn't work. Router already has address in 192.168.10.0/24 network as it's management one. It only doesn't have address in 192.168.4.0/24. NAT makes either 8.8.8.8 -> 19...
by lapsio
Sun Jul 15, 2018 5:07 pm
Forum: RouterBOARD hardware
Topic: CRS317 - any chance for bonding-rr offload?
Replies: 0
Views: 385

CRS317 - any chance for bonding-rr offload?

Is there any chance for bonding-rr to be hardware offloaded on CRS3xx series? Or it's not possible with currently used switch chip?
by lapsio
Sun Jul 15, 2018 5:36 am
Forum: Beginner Basics
Topic: Switching loop - why? [SOLVED]
Replies: 1
Views: 388

Re: Switching loop - why? [SOLVED]

It turns out sometimes VLAN interfaces on CCR1009 randomly don't get up and require disabling and reenabling... ._.
by lapsio
Sun Jul 15, 2018 3:55 am
Forum: Beginner Basics
Topic: Switching loop - why? [SOLVED]
Replies: 1
Views: 388

Switching loop - why? [SOLVED]

I'm quite new to Layer 2 (unfortunately i started from top of OSI and stepped down successively) so I decided to get some grip here. In order to test various more advanced configs I decided to create something like this: susecap607.png ports with dots represent tagged ports, colors represent untagge...
by lapsio
Sat Jul 14, 2018 11:23 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 661

Re: DST-NAT in bridge breaks forwarding [SOLVED]

So yes, as NAT is layer3 operation, box doing it should be part of a layer3 network. I blacklisted in-interface-list with unaddressed bridges from NAT to prevent NATing on unaddressed bridges. But another question is - how about mangle and PBR? Does assigning routing mark also force routing? I wond...
by lapsio
Sat Jul 14, 2018 6:28 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 661

DST-NAT in bridge breaks forwarding [SOLVED]

I have following setup: CRS326 --- CCR1009 --- RB2011 --- internet CCR1009 is bridging one network that spans between CRS326 and RB2011 (which is wifi network). RB2011 is router in this network there's DNS server connected to it. CCR doesn't have an IP address in this network. It just performs bridg...
by lapsio
Thu Jul 12, 2018 9:04 pm
Forum: RouterBOARD hardware
Topic: CRS317 keeps calling "home" (MikroTik cloud) [SOLVED]
Replies: 1
Views: 518

CRS317 keeps calling "home" (MikroTik cloud) [SOLVED]

I disabled MikroTik cloud time-update and ddns however my CRS317 still tries to send packets to UDP 81.198.87.240:15252, triggering alerts on firewall Why. Alerts: 18:04:19 firewall,info ccr: X_X service: in:br-service(vlan10-crs) out:br-service, src-mac cc:2d:e0:58:18:e0, proto UDP, 192.168.10.5:59...
  • 1
  • 2