Community discussions

Search found 2433 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 49
by mkx
Wed Jul 17, 2019 8:27 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 394
Views: 51540

Re: v6.45.1 [stable] is released!

Is it me or 6.45.1 is giving everyone a different type of headache? Judging from posts in this tread it does seem that 6.45.1 is a troublesome child of MT. This is not my personal experience though, have updated 6 pieces (2x hAP ac lite, 1x hAP, 2x RB951G and 1xhAP ac2) from 6.44.x and I didn't hav...
by mkx
Tue Jul 16, 2019 11:50 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 31
Views: 1772

Re: 1wan + 2 lan isolated from each other

First to routing and firewalling: I don't see anything in RB4011 config which would prevent connectivity from 172.16.24.2 to 192.168.1.1. Firewall is very permissive (allows just anything in chain=forward, also everything on chain=input except for connections originating from internet). I wonder why...
by mkx
Tue Jul 16, 2019 4:30 pm
Forum: Beginner Basics
Topic: Routing betwe Mikrotik and Cisco ASA
Replies: 3
Views: 221

Re: Routing betwe Mikrotik and Cisco ASA

If I'm correct about ASA's firewall connection tracking engine tripping ... then the most correct way would be to turn off connection tracking for those connections on cisco ASA. I have no idea whatsoever how to do it (if that's possible at all, I'd expect it is). I've other ideas, but as they are m...
by mkx
Tue Jul 16, 2019 11:15 am
Forum: Beginner Basics
Topic: Routing betwe Mikrotik and Cisco ASA
Replies: 3
Views: 221

Re: Routing betwe Mikrotik and Cisco ASA

There are 2 potential problems: do firewalls on devices in both networks (cisco and RB) allow connections from the "alien" LANs? does cisco ASA perform as firewall as well? As replies from RB network towards cisco network won't pass ASA (unless you play with NAT on RB), this could screw connection t...
by mkx
Tue Jul 16, 2019 11:06 am
Forum: RouterBOARD hardware
Topic: CRS312-4C+8XG-RM questions
Replies: 6
Views: 436

Re: CRS312-4C+8XG-RM questions

We will update the CRS312-4C+8XG documentation regarding that.
You could update the Specifications table by mentioning those 4 combo ports as well ...
by mkx
Tue Jul 16, 2019 10:56 am
Forum: RouterBOARD hardware
Topic: Lost RouterOS due to major power failure - Netinstall doesn't work
Replies: 1
Views: 84

Re: Lost RouterOS due to major power failure - Netinstall doesn't work

Netinstall is very fragile and it is vital to follow procedure in official Netinstall manual ... including warnings about windows firewall and network interfaces. Netinstall is evolving as well so you may want to try different netinstall versions. As it is highly advisable to use same version of ROS...
by mkx
Tue Jul 16, 2019 10:48 am
Forum: Wireless Networking
Topic: LHG LTE kit overampllification [SOLVED]
Replies: 3
Views: 216

Re: LHG LTE kit overampllification [SOLVED]

It can become a problem if you get real close to the tower. You can remedy that by turning LHG dish slightly away from the cell tower - the LHG has quite narrow antenna beam (making it high gain) but slight miss-alignment will give additional signal degradation if needed. Most of LTE devices like to...
by mkx
Tue Jul 16, 2019 10:43 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 394
Views: 51540

Re: v6.45.1 [stable] is released!

All packages have to be the same version (and system package leads the game).
by mkx
Tue Jul 16, 2019 9:38 am
Forum: General
Topic: Printing in other network
Replies: 1
Views: 96

Re: Printing in other network

Just for clarification: if you want to print from a PC in 192.168.10.0/24, you are using printer at 192.168.8.10:9100? This can't work because of "routing triangle". Consider this: PC with address e.g. 192.168.10.142 decides to connect 192.168.8.10. Doesn't have direct connectivity, so it decides to...
by mkx
Tue Jul 16, 2019 9:16 am
Forum: General
Topic: Config wan pppe with block 8 ip static
Replies: 1
Views: 75

Re: Config wan pppe with block 8 ip static

Yes, you can. Just assign the second IP address to the LAN interface ... Beware: if you would use the IP address block as /29 subnet, then you'd loose two addresses: aaa.bbb.ccc. 200 would become network address and aaa.bbb.ccc. 207 would become broadcast address. As those addresses come as routed b...
by mkx
Tue Jul 16, 2019 8:50 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 31
Views: 1772

Re: 1wan + 2 lan isolated from each other

From all of the talking it's not really clear to me how things are configured. How about this: create configuration export from your RB4011 ... do it running command /export hide-sensitive inside a terminal window ... post the output here, but be sure to enclose it in [ code]...[/ code] environment....
by mkx
Tue Jul 16, 2019 8:40 am
Forum: Beginner Basics
Topic: Access devices in one VLAN from other VLAN
Replies: 3
Views: 218

Re: Access devices in one VLAN from other VLAN

I take it that updating the OS will not affect the actual configuration, but I would like to ask you one last question to make sure. In the router's menu, I did not find a menu item like "update OS", only "System/AutoUpgrade". Is this the same? Updating OS might change actual configuration ... if t...
by mkx
Tue Jul 16, 2019 8:31 am
Forum: Beginner Basics
Topic: 2 x Lan, 2 x DVR, 1 Problem
Replies: 9
Views: 444

Re: 2 x Lan, 2 x DVR, 1 Problem

Your WAN interface is not ether1 but rather pppoe-out1 (ether1 is only physical interface, carrying PPPoE traffic; the logical interface which carries WAN traffic, is pppoe-out1), so the NAT rule you have now add action=dst-nat chain=dstnat comment=DVR_1 dst-port=8000 in-interface=ether1 protocol=tc...
by mkx
Mon Jul 15, 2019 5:10 pm
Forum: Beginner Basics
Topic: 2 x Lan, 2 x DVR, 1 Problem
Replies: 9
Views: 444

Re: 2 x Lan, 2 x DVR, 1 Problem

There are some other minor errors in the configuation: /ip address add address=192.168.99.1/24 interface= ether2 network=192.168.99.0 The LAN address should really be bound to interface=bridge1 ... sometimes this kind of error causes weird behaviour. /ip dns set servers=192.168.99.1 This setting ins...
by mkx
Mon Jul 15, 2019 5:01 pm
Forum: Beginner Basics
Topic: 2 x Lan, 2 x DVR, 1 Problem
Replies: 9
Views: 444

Re: 2 x Lan, 2 x DVR, 1 Problem

The IP addresses used in configuration, don't correspond to IP addresses indicated on the chart (why did you bother writing them there if you didn't want to show exact addresses anyway?), I'll assume the addresses in the config export are correct. So: add action=dst-nat chain=dstnat comment=DVR_1 ds...
by mkx
Mon Jul 15, 2019 2:04 pm
Forum: RouterBOARD hardware
Topic: CRS312-4C+8XG-RM questions
Replies: 6
Views: 436

Re: CRS312-4C+8XG-RM questions

As the product naming page explains: CRS series: 3 total number of interfaces: 12 number of combo 10G Ethernet/SFP ports: 4 (4C+ part of name) number of 5G/10G Ethernet ports: 8 (8XG part of name) The mentioned CRS317-1G-16S+RM fetaures only 1Gbps ports (ethernet) or 10Gbps (SFP+). So it's like comp...
by mkx
Mon Jul 15, 2019 1:40 pm
Forum: General
Topic: VLAN and filtering on non-CRS3xx devices
Replies: 11
Views: 648

Re: VLAN and filtering on non-CRS3xx devices

I've no idea about STP, but Back to my main question: Is this understanding correct: So if understood/read this correctly, I can get VLAN filtering on non-CRS3xx devices like my RB3011, either by Using /interface bridge vlan and loosing hardware offload, or By using /interface ethernet switch More o...
by mkx
Mon Jul 15, 2019 12:47 pm
Forum: Beginner Basics
Topic: External DNS-server and Wake-On-Lan.
Replies: 4
Views: 232

Re: External DNS-server and Wake-On-Lan.

2. Mikrotik should switch to using the UbS16.04 as a DNS-server when it is turned on. Not related to the WoL problem, but ... the point above is not going to happen automatically. DNS services are expected to be available (semi) permanently. Surely services have problems and due to that one configu...
by mkx
Mon Jul 15, 2019 9:26 am
Forum: General
Topic: VLAN and filtering on non-CRS3xx devices
Replies: 11
Views: 648

Re: VLAN and filtering on non-CRS3xx devices

I'm already running bridge based VLAN, but using the pre 6.41 way, one bridge per VLAN, thinking to update that to the new way. You don't run bridge based VLAN. In ROS, bridge is "kind of a switch". In pre-6.41 times bridge was a "dumb switch" and passed traffic around without regard to VLAN tags, ...
by mkx
Mon Jul 15, 2019 9:09 am
Forum: Beginner Basics
Topic: 2 x Lan, 2 x DVR, 1 Problem
Replies: 9
Views: 444

Re: 2 x Lan, 2 x DVR, 1 Problem

Post output from command /ip firewall nat export (run it from terminal window). I suspect your port forward setting might be a tad too greedy and steals all connections, not only those destined at Network2 ...
by mkx
Sun Jul 14, 2019 9:47 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 31
Views: 1772

Re: 1wan + 2 lan isolated from each other

[Also, where is this in winbox? /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes I don't know where in winbox that is, in webfig it's in bridge->settings I reverted to the last step I showed you. The problem is the AP is not working on br...
by mkx
Sat Jul 13, 2019 11:27 pm
Forum: Wireless Networking
Topic: quick set pppoe
Replies: 6
Views: 458

Re: quick set pppoe

Status of the wireless link seems quite fine, radio-wise it should be able to transfer at least around 20Mbps in uplink (conservative estimate based on reported Tx-rate value of 78Mbps). I think that you should consult the administrator of the other end of the link, he might give some more insight a...
by mkx
Sat Jul 13, 2019 11:10 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 31
Views: 1772

Re: 1wan + 2 lan isolated from each other

No, you don't need anything special to set-up VLANs on RB4011, they are dealt by router's CPU. The price for that functionality is performance hit for traffic between different ethernet ports carrying same VLAN, which would be carried by switch chip if switch chip was at least half-decent. In your c...
by mkx
Sat Jul 13, 2019 10:48 pm
Forum: General
Topic: help to set ipv6 / 48
Replies: 13
Views: 871

Re: help to set ipv6 / 48

Can't you negotiate with your ISP about link-local address of your router? To use it instead of fe80::1234:5678:123 ?

When seeing such stories I become grateful that my ISP delivers IPv6 over PPPoE (together with IPv4) without fussing around with addresses for this and that ..
by mkx
Sat Jul 13, 2019 5:41 pm
Forum: Wireless Networking
Topic: quick set pppoe
Replies: 6
Views: 458

Re: quick set pppoe

Another thing: is there any good reason to limit data rates with rate-set=configured supported-rates-a/g=6Mbps,9Mbps,12Mbps ? I believe default setting is rate-set=default supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps ... at least that's default for 5GHz wireless interfac...
by mkx
Sat Jul 13, 2019 5:30 pm
Forum: Wireless Networking
Topic: quick set pppoe
Replies: 6
Views: 458

Re: quick set pppoe

While transfering some data, run command /interface wireless monitor wlan1 ... pay attention to the following items: tx-rate, all of *signal-strength* items, tx-ccq ... One thing that bites you quite likely: country regulations with regard to allowed EIRP ... LHG has a high-gain antenna and with rec...
by mkx
Sat Jul 13, 2019 1:45 pm
Forum: Beginner Basics
Topic: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]
Replies: 9
Views: 649

Re: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]

If you perform factory reset, then everything gets reset to factory defaults, including usrnames and passwords. How that what you said corresponds to FAQ which states: How can I recover a lost password? If you have forgotten the password, there is no recovery for it. You have to reinstall the route...
by mkx
Sat Jul 13, 2019 1:32 pm
Forum: Beginner Basics
Topic: Different networks (not part of bridge) can still see each other
Replies: 4
Views: 355

Re: Different networks (not part of bridge) can still see each other

You have to use chain=forward ...chain=input deals with connections targeting router itself. And you need a pair of drop rules because the replies are treated by "related" rule after connections they pass firewall in the forward direction. Edit: actually this is dependant on rules order. If the drop...
by mkx
Sat Jul 13, 2019 12:24 pm
Forum: RouterBOARD hardware
Topic: NetInstall RB1100 Kernel Panic
Replies: 1
Views: 281

Re: NetInstall RB1100 Kernel Panic

Use another version of netinstall ... Make sure that no other device is in the same physical network during netinstalling (read: use direst ethernet connection between PC and RB) and make sure you follow all instructions from netinstall manual ... which is vital as netinstall procedure is fairly fra...
by mkx
Sat Jul 13, 2019 12:20 pm
Forum: General
Topic: Product Request: Mode switch "Doorbell" trigger
Replies: 4
Views: 416

Re: Product Request: Mode switch "Doorbell" trigger

If you take any of the RBs with passive PoE out, you should be able to shunt the power out lines on that Ethernet port by a serial combination of a pushbutton and a resistor, so your script would monitor the power drain (yes/no). This is an interesting idea. However to make it truly work "like a do...
by mkx
Sat Jul 13, 2019 12:06 pm
Forum: Beginner Basics
Topic: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]
Replies: 9
Views: 649

Re: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]

If you perform factory reset, then everything gets reset to factory defaults, including usrnames and passwords. OK, perhaps not just everything, malicious code might survive :wink: There's a gotcha: it is possible to install custom defaults (after netinstalling device) and some ISPs deliver RBs to t...
by mkx
Sat Jul 13, 2019 12:02 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 59
Views: 8142

Re: v6.44.5 [long-term] is released!

Can't you connect via ssh but using administrative user name?
by mkx
Sat Jul 13, 2019 12:12 am
Forum: RouterBOARD hardware
Topic: PowerBox pro cannot upgrade from 44.2 to 45.1
Replies: 7
Views: 534

Re: PowerBox pro cannot upgrade from 44.2 to 45.1

My guess is that you'll have to perform netinstall. Make sure you create and save configuration export (the text version of it) before doing it. I also suggest that you start configuring it starting from default setup ... specially firewall settings ... and only add needed functionality (not just bl...
by mkx
Sat Jul 13, 2019 12:07 am
Forum: Beginner Basics
Topic: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]
Replies: 9
Views: 649

Re: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]

OK, so it's not Tenda after all. Default password on ROS is empty password. If that doesn't work, it might be set by whomever you got the router from and is highly unlikely for you to get correct answer from this forum. And, if you don't find out password, the only way getting in is netinstall device.
by mkx
Fri Jul 12, 2019 11:44 pm
Forum: Beginner Basics
Topic: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]
Replies: 9
Views: 649

Re: RouterOS v6.41.4 access to admin panel -password problem [SOLVED]

Does it matter that my router is Tenda?
Surely you call Apple customer support when you have issues with your HP laptop running Windows?
by mkx
Fri Jul 12, 2019 3:59 pm
Forum: General
Topic: CRS3xx hardware offload with split-horizon? or similar setup?
Replies: 6
Views: 440

Re: CRS3xx hardware offload with split-horizon? or similar setup?

If export doesn't show settings, then that's definitely a bug. On my RB951G export displays relevant settings: [user@RB951G] /interface ethernet> export # jul/12/2019 12:50:53 by RouterOS 6.45.1 # software id = QCG5-PSG8 # # model = 951G-2HnD # serial number = 642E05BB727B /interface ethernet set [ ...
by mkx
Fri Jul 12, 2019 1:55 pm
Forum: SwOS
Topic: three new CSS326 on existing network
Replies: 6
Views: 459

Re: three new CSS326 on existing network

On power up the management console starts at 192.168.88.1 (see documentation for the css326). As each of the three switches powers up with that default address, ... That's merely default. When your switches arrive and you start configuring them, you'll plug one at the time. It'll get some address f...
by mkx
Fri Jul 12, 2019 12:07 pm
Forum: General
Topic: VLAN VRRP
Replies: 18
Views: 1146

Re: VLAN VRRP

As I'll be unable to use my left hand for some time now ...

Wow, bummer! I certainly hope you'll get well soon ...
by mkx
Fri Jul 12, 2019 12:05 pm
Forum: General
Topic: Bug in Log when rotate log (6.40.1)
Replies: 6
Views: 613

Re: Bug in Log when rotate log (6.40.1)

However, I cannot reproduce your problem, maybe I understand incorrectly but my timezone is set to Europe/Amsterdam which is +01 with DST, so currently +02. When I now do a /log print I get messages from yesterday with date and messages from today (also in the 00:00-02:00 range) without date. Did y...
by mkx
Fri Jul 12, 2019 11:15 am
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 37
Views: 6393

Re: v6.46beta [testing] is released!

Do you have proper hair-pin NAT implemented? The single dstnat rule you've shown only does things half-way: UDP packet with dst-address=8.8.8.8 arrives at router (src-address=192.168.0.x) router uses dstnat rule to replace dst-address to dst-address=192.168.0.4 ... src-address remains set to 192.168...
by mkx
Fri Jul 12, 2019 9:58 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 31
Views: 1772

Re: 1wan + 2 lan isolated from each other

Nothing much points out to me as wrong in your configuration. One thing, that might affect how things behave: LAN2 IP address should be bount do interface bridge2 - now it's bound to it's slave interface ether10. Im' not sure you really need these set to yes: /interface bridge settings set use-ip-fi...
by mkx
Thu Jul 11, 2019 10:52 pm
Forum: SwOS
Topic: three new CSS326 on existing network
Replies: 6
Views: 459

Re: three new CSS326 on existing network

Don't use chains of switches. Don't use DHCP. Configure static addresses.

I don't see any problem with chain of switches, specially not in context presented by OP.

I do agree with the second part: don't use DHCP to configure management interfaces of network infrastructure devices.
by mkx
Thu Jul 11, 2019 10:48 pm
Forum: RouterBOARD hardware
Topic: Mikrotik RBGESP surge protector [SOLVED]
Replies: 1
Views: 241

Re: Mikrotik RBGESP surge protector [SOLVED]

It doesn't matter.

Surge protectors create conductive path between wires and PE when an overvoltage occurs. It doesn't matter from which side of surge protector such surge originates.
by mkx
Thu Jul 11, 2019 10:20 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 31
Views: 1772

Re: 1wan + 2 lan isolated from each other

Post full configuration as shown by running command /export hide-sensitive from a terminal window ... when posting config, put it into [code] .. [/code] environment. Combined that with the network schematics we might have an idea or two.
by mkx
Thu Jul 11, 2019 4:01 pm
Forum: General
Topic: IP Firewall Filter rule preference
Replies: 2
Views: 231

Re: IP Firewall Filter rule preference

Once I already wrote: potential malicious user can easily spoof src-address but can hardly spoof in-interface ... if you care about security, you have to keep this in mind. However, many times it's not this simple and one has to use a combination of both.
by mkx
Wed Jul 10, 2019 11:31 pm
Forum: Beginner Basics
Topic: Access WAN router from lan
Replies: 2
Views: 201

Re: Access WAN router from lan

You quite probably need a src-nat rule for connections from LAN towards 4G modem because 4G modem knows nothing about gateway to your LAN subnet. By configuring src-nat all those connections will appear to 4G modem as if they originated from router with which it can communicate directly.
by mkx
Wed Jul 10, 2019 10:09 pm
Forum: General
Topic: SFP RB4011
Replies: 17
Views: 948

Re: SFP RB4011

And such "intelligent" SFP modules need some support from router which router might not know how to provide. Due to this GPON by Bell might not work any better on Routerboards when they move to 10Gbps sync rate. Thanks @mkx ...... so what you're saying is that due to MikroTik's SFP[+] implementatio...
by mkx
Wed Jul 10, 2019 9:29 pm
Forum: Beginner Basics
Topic: how to set up isp vlan public ip ?????
Replies: 2
Views: 224

Re: how to set up isp vlan public ip ?????

Let's assume router's ether1 interface will be used for WAN. And let's assume ether1 is not member of any bridge. So the minimum config would be this: /interface vlan add name=wan interface=ether1 vlan-id=180 /ip address add address=81.244.55.234/30 interface=wan /ip route add dst-address=198.198.2....
by mkx
Wed Jul 10, 2019 4:28 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 5
Views: 452

Re: Wifi range is really bad for a reason

Surely you're aware that 5GHz signal drops quite quickly with the distance and doesn't run "around the corner".
by mkx
Wed Jul 10, 2019 4:22 pm
Forum: General
Topic: SFP RB4011
Replies: 17
Views: 948

Re: SFP RB4011

The following provides an exceptionally good overview of How Stuff Works: How Fiber-to-the-home Broadband Works @tdw has a point: from router's point of view, any SFP connection to optical network (regardless if it's active or passive) is using "active" SFP module. The problem here (which is not en...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 49