Community discussions

Search found 2105 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 43
by mkx
Mon May 20, 2019 9:52 pm
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 10
Views: 392

Re: Mikrotik > Juniper VLAN trunk

Please post output of /interface bridge export ...
by mkx
Mon May 20, 2019 7:02 pm
Forum: Beginner Basics
Topic: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?
Replies: 10
Views: 390

Re: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?

hAP ac is no beast, its CPU might be a bottleneck here. Run tools->profile while tranfering data from/to internet full speed. Check which processes consume most CPU cycles. I don't see anything in firewall rule list to improve performance. Beware, though, that IPv6 is not fast-tracked meaning IPv6 t...
by mkx
Mon May 20, 2019 2:03 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 510
Views: 116639

Re: RouterOS v7.0 beta1 - when?

@Keyko, hold on there on the tree trunk, don't fall down! ;-)
by mkx
Mon May 20, 2019 1:23 pm
Forum: Beginner Basics
Topic: Virtual ap for IOT?
Replies: 2
Views: 109

Re: Virtual ap for IOT?

The reason I'm asking because I've seen many tutorials use vlans for virtual aps to do this which in failing to understand the reason behind! If you only have single AP (hAP ac2 in your case), then it's not necessary to fuss with VLANs. You probably even don't need separate bridges for VAPs, you co...
by mkx
Mon May 20, 2019 9:07 am
Forum: Wireless Networking
Topic: Problem with performance hAP ac
Replies: 1
Views: 85

Re: Problem with performance hAP ac

According to test results hAP ac may be capable of reaching 200 Mbps or not. More likely not, my experience is that the most "real life" relevant test results are the lower right figures from the table (routing with 25 ip filter rules and 64 or 512 byte packets). What does Tool->Profile show while u...
by mkx
Mon May 20, 2019 8:54 am
Forum: Beginner Basics
Topic: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?
Replies: 10
Views: 390

Re: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?

@lilw: if what you posted is really full config, then your router is wide open for hackers from WAN. As SRC-NAT is not in posted configuration, I kinda doubt this is whole config ... making it hard to provide any useful comment .... I’m sorry. The default config including firewall for both ipv4 and...
by mkx
Sun May 19, 2019 11:40 pm
Forum: RouterBOARD hardware
Topic: Airflow CRS317-1G-16S+RM
Replies: 2
Views: 156

Re: Airflow CRS317-1G-16S+RM

Even if air flow can be reverted, the unit when mounted on the rear of rack would be completely in hot zone because it's far from being deep enough for itsnrwar end to reach the front of rack where cold zone ends ... So even this setup might not be wellcome by co-lo staff.
by mkx
Sun May 19, 2019 11:32 pm
Forum: General
Topic: USB port + HUB summary amperage
Replies: 3
Views: 111

Re: USB port + HUB summary amperage

Powered USB hubs usually don't draw power from upstream USB port ...
by mkx
Sun May 19, 2019 11:10 pm
Forum: Beginner Basics
Topic: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?
Replies: 10
Views: 390

Re: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?

@lilw: if what you posted is really full config, then your router is wide open for hackers from WAN. As SRC-NAT is not in posted configuration, I kinda doubt this is whole config ... making it hard to provide any useful comment ....
by mkx
Sun May 19, 2019 12:48 pm
Forum: SwOS
Topic: SWOS or ROUTEROS: Confused
Replies: 3
Views: 156

Re: SWOS or ROUTEROS: Confused

CRS series can run both SwOS and ROS (one at the time) and generally switching functionality and performance is the same regardless OS. Choice of OS then depends on admin's preferences about management (SwOS only supports Web GUI, ROS supports CLI, Web GUI and winbox GUI)... And ROS adds routing fun...
by mkx
Sun May 19, 2019 12:25 pm
Forum: Beginner Basics
Topic: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?
Replies: 10
Views: 390

Re: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?

Mikrotik can deal with much higher throughput than 100Mbps. But it depends on device (CPU power) and configuration (some optimization for speed).

If you want to get some better answer, post device model and full configuration export (/export hide-sensitive and redact public IP and SSID/PSK).
by mkx
Sun May 19, 2019 12:21 pm
Forum: Beginner Basics
Topic: Use router as switch (switch chip), bridge needed? [SOLVED]
Replies: 7
Views: 316

Re: Use router as switch (switch chip), bridge needed? [SOLVED]

I'm running RB951G, featuring Atheros 8327, with ether port as hybrid. Configured like this: /interface ethernet switch port # port with index 4 below is ether5, which is hybrid: tagged VID=3999 # and untagged, which is tagged with VLAN tag VID=2 on ingress # and VID=2 frames get untagged on egress ...
by mkx
Sun May 19, 2019 12:04 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 510
Views: 116639

Re: RouterOS v7.0 beta1 - when?

we all hope that it will not be vaporware like Windows Phone...
Windows Phone was not vaporware, it was real ... shit. And that's why it disappeared real soon ...
by mkx
Sat May 18, 2019 7:15 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: At new releases
Replies: 7
Views: 439

Re: Suggestion: At new releases

Just got an RB4011iGS+RM. It has 512MB flash, so I might have been interested, but the online documentation states that it's only available for MIPS, TILE and PowerPC. Too bad. Could be that documentation is outdated. My RBD52G (ARM as well) has all the commands (as RB951G does and mine are having ...
by mkx
Sat May 18, 2019 5:04 pm
Forum: General
Topic: Block public proxy servers - HOW [SOLVED]
Replies: 12
Views: 324

Re: Block public proxy servers - HOW [SOLVED]

I don't think you can. .... But it's far from perfect. Indeed it is far from perfect. Probably it'll successfully block proxy requests, but will most probably block usual http requests as well (it probably won't interfere with direct https connections though). It's quite usual to see full GET http:...
by mkx
Sat May 18, 2019 3:47 pm
Forum: General
Topic: IPv6 Address Assignment Hint
Replies: 4
Views: 1594

Re: IPv6 Address Assignment Hint

It is implemented, but slightly buggy. My case: I receive a /56 prefix from my ISP and it's "stored" to a pool (dhcp-client does that), let's say pool name is "ipv6-pool". Then you can assign address to some interface using command /ipv6 address add address=::41:0:0:1/64 from-pool=ipv6-pool interfac...
by mkx
Sat May 18, 2019 3:21 pm
Forum: Beginner Basics
Topic: problems with port forwarding
Replies: 6
Views: 216

Re: problems with port forwarding

Command /ip firewall filter print without-paging where chain=forward will print out all firewall rules which affect traffic through router. If a rule is disabled, it'll show 'X' in column between sequential number and rule itself. I think it'd be easier to help you if you posted complete output of /...
by mkx
Sat May 18, 2019 1:32 pm
Forum: General
Topic: VLAN CCR to CRS 328
Replies: 14
Views: 417

Re: VLAN CCR to CRS 328

But I'm confused about the CCR VLAN configuration. Since you want the VLANs on a single Ethernet interface, your configuration is correct. As CCR1036 doesn't have a traditional switch-chip, VLANs have to be configured either directly on port (as OP has it) or using bridge vlan-filtering (which shou...
by mkx
Sat May 18, 2019 1:15 pm
Forum: General
Topic: [CRS125-24G-1S-2HnD] VLAN Switching
Replies: 3
Views: 130

Re: [CRS125-24G-1S-2HnD] VLAN Switching

You can upgrade to a newer ROS version, you can still configure VLAN switching in switch chip, the actual commands are still the same. This doesn't directly relate to "master port" functionality.
by mkx
Sat May 18, 2019 1:10 pm
Forum: Beginner Basics
Topic: problems with port forwarding
Replies: 6
Views: 216

Re: problems with port forwarding

Check settings in /ip firewall filter ... Default rule, which allows DST-NAT, is very similar to this one: add action=accept chain=forward comment="allow dst-nat connections from WAN" \ connection-nat-state=dstnat connection-state=new in-interface=ether1 It works together with a very generic one add...
by mkx
Fri May 17, 2019 11:57 pm
Forum: General
Topic: VLAN CCR to CRS 328
Replies: 14
Views: 417

Re: VLAN CCR to CRS 328

This must have been a mistake was a management VLAN. I have to remove the VLAN1 On the CRS I have configured 1 bridge and then created the VLANs. But the three VLANs don't work on the CRS. VLAN is not my strongest topic and I find it somewhat confusing with all the different switch chips I've got i...
by mkx
Fri May 17, 2019 11:50 pm
Forum: General
Topic: VLAN CCR to CRS 328
Replies: 14
Views: 417

Re: VLAN CCR to CRS 328

the three VLANs don't work on the CRS. I have no hands-on experience with a CRS , but I'd be afraid of the frame-types=admit-only-vlan-tagged setting of the bridge when you use access mode ports in that bridge. I think @plisken is right about this setting. Bridge only accepts VLAN-tagged frames for...
by mkx
Fri May 17, 2019 11:46 pm
Forum: General
Topic: VLAN CCR to CRS 328
Replies: 14
Views: 417

Re: VLAN CCR to CRS 328

Isn't CRS3xx family supposed to HW offload bridge vlan-filtering? Are you saying that it automatically translates the vlan-related behaviour defined for bridge-filtering=yes into switch chip configuration? User's manual seems to imply that. And CRS3xx is the only device family with this kind of cap...
by mkx
Fri May 17, 2019 10:39 pm
Forum: General
Topic: VLAN CCR to CRS 328
Replies: 14
Views: 417

Re: VLAN CCR to CRS 328

Other than that, using CRS as a software bridge is quite a waste of resources
Isn't CRS3xx family supposed to HW offload bridge vlan-filtering?
by mkx
Fri May 17, 2019 10:23 pm
Forum: General
Topic: SSTP + Win7 + Self signed cert.
Replies: 6
Views: 160

Re: SSTP + Win7 + Self signed cert.

As soon as CA cert is expired - no connection is possible?
That's the whole idea about certificate validity.
by mkx
Fri May 17, 2019 10:19 pm
Forum: Beginner Basics
Topic: Stop forwarding from default Bridge to Interface "etherX"
Replies: 2
Views: 87

Re: Stop forwarding from default Bridge to Interface "etherX"

If 10.0.100.1 is router's IP address on that VLAN interface ... then firewall rules 1 and 2 won't block pings because those pings go to chain=input (doesn't matter if they originate from another subnet) as their destination is router.
by mkx
Fri May 17, 2019 10:11 pm
Forum: Beginner Basics
Topic: winbox and vlan
Replies: 4
Views: 240

Re: winbox and vlan

(adjust LAN to your interface name)
Actually the proper way is to adjust /interface list member ports grouped in LAN list ... and WAN as well if WAN port is not the default one. This would fix firewall filter rules, NAT rules, MAC server rules ... all at the same time.
by mkx
Fri May 17, 2019 9:24 am
Forum: Wireless Networking
Topic: Bad Client on sector
Replies: 3
Views: 196

Re: Bad Client on sector

"Bad clients" surely affect the rest ... they degrade performance of whole sector because they consume larger than proportional air time leaving less air time (and hence capacity) for "good clients". And that's true for any wireless technology (plain 802.11, nstreme, ...), it just might affect some...
by mkx
Fri May 17, 2019 9:06 am
Forum: Wireless Networking
Topic: IP set manual but get from DHCP
Replies: 9
Views: 896

Re: IP set manual but get from DHCP

If you want to keep the DHCP client config at hand, you can disable it by running command
/ip dhcp-client
set [ find interface=ether1 ] disabled=yes
by mkx
Thu May 16, 2019 2:02 pm
Forum: RouterBOARD hardware
Topic: [mUPS] Powering PowerBOX Pro with 3 devices
Replies: 3
Views: 180

Re: [mUPS] Powering PowerBOX Pro with 3 devices

As I wrote: mUPS power output rating is a bit low for what you want to have, so you'll have to use some UPS solution other than mUPS. There were numerous problem reports, where it turned out that power supply was inadequate and all sort of random problems were happening (mostly random device restart...
by mkx
Thu May 16, 2019 12:42 pm
Forum: RouterBOARD hardware
Topic: [mUPS] Powering PowerBOX Pro with 3 devices
Replies: 3
Views: 180

Re: [mUPS] Powering PowerBOX Pro with 3 devices

You'll have to do some power budget calculation. mUPS brochure specifies maximum PoE out max 0.7A @ 24V, which is 16.8W ... or 1A @ 20V (when on battery) which is 20W. PowerBox Pro itself consumes up to 9W (typical power consumption is less, but definitely at least a few W). I don't think PoE in is ...
by mkx
Thu May 16, 2019 9:17 am
Forum: Wireless Networking
Topic: 40MHz channel on hAP Mini
Replies: 4
Views: 219

Re: 40MHz channel on hAP Mini

If you're referring to the third screenshot (list of connected clients) when you figure out that 40MHz channel doesn't work ... those numbers (Rx rate and Tx rate) change with time, depending on client usage ... and can be very different for different clients connected at the same time. In addition ...
by mkx
Thu May 16, 2019 8:50 am
Forum: General
Topic: Port Forward in r11e-lte
Replies: 2
Views: 84

Re: Port Forward in r11e-lte

In the rule it should probably be WAN IP of router in dst-address field, not its LAN IP ...

Where are you connecting from, LAN or WAN? If from LAN, then you should implement hair-pin NAT ... in addition to normal NAT or instead of it, depending on how you want to have it.
by mkx
Wed May 15, 2019 3:09 pm
Forum: General
Topic: Slow LAN between HAP AC2 and RB260GS
Replies: 4
Views: 181

Re: Slow LAN between HAP AC2 and RB260GS

First of all check what is the negotiated speed on the ethernet ports ...

Not to get lost in all different places where speed is mentioned and is not relevant to the problem ... the correct command to check current negotiated speed is
/interface ethernet monitor <port name> once
by mkx
Wed May 15, 2019 2:35 pm
Forum: General
Topic: hotspot + userman : how avoid to reach webfig ?
Replies: 4
Views: 161

Re: hotspot + userman : how avoid to reach webfig ?

Already tried, changing www port affects both userman and webfig, it would be easy if a port could be set for separate www services. Any other idea to allow/deny userman rather than webfig at firewall level ? You can't do it at firewall level ... if both userman and webfig use the same www service,...
by mkx
Wed May 15, 2019 2:31 pm
Forum: General
Topic: same MAC address in two mikrotik
Replies: 4
Views: 176

Re: same MAC address in two mikrotik

I just found out that there are 2 mikrotik sharing same MAC address.

If those devices are not in the same network (i.e. there's at least one or preferably two routers between them), then they should not interfere with each other ... in that case it's no hurry to reset MAC addresses.
by mkx
Wed May 15, 2019 2:19 pm
Forum: General
Topic: Port Forwarding to Web on LAN of RB2011
Replies: 1
Views: 57

Re: Port Forwarding to Web on LAN of RB2011

If the device has incorrect gateway, then it's quite understandable that communication with clients from other networks (including internet) doesn't work. Another possibility is that device has some kind of firewall blocking access from clients outside its own subnet (less likely). Both problems can...
by mkx
Tue May 14, 2019 3:36 pm
Forum: General
Topic: Unable to access webfig once I set to WISP AP
Replies: 4
Views: 375

Re: Unable to access webfig once I set to WISP AP

Just thinking: as the name suggests (WISP AP), could it be that webfig (and winbox) access is only available through "upstream" wireless interface? After all, if device is provided by (W)ISP, it's only logical that management is only available through "their" interface.
by mkx
Tue May 14, 2019 3:31 pm
Forum: Beginner Basics
Topic: If I use "src-nat" i can not ping external(internet) resources
Replies: 6
Views: 271

Re: If I use "src-nat" i can not ping external(internet) resources

In nat table you need to add another rule and specify the protocol:icmp in general tab, then you need to go to advanced tab and choose the icmp option and choose which icmp type and code that you want. Or, if you don't have a good reason to only src-nat some particular protocols, create src-nat rul...
by mkx
Tue May 14, 2019 12:58 pm
Forum: Announcements
Topic: v6.43.15 [long-term] is released!
Replies: 17
Views: 2281

Re: v6.43.15 [long-term] is released!

Is that really where we have gotten with long-term releases?

I say that this is exactly the reason for long-term branches. There are no other changes requiring releases in long-term branches where functionality of installed ROS is adequate.
by mkx
Tue May 14, 2019 9:21 am
Forum: General
Topic: ICMP host unknown - from router to router
Replies: 1
Views: 95

Re: ICMP host unknown - from router to router

ICMP Type 3 are "Destination Unreachable" class of packets ... Code 1 is "Host Unreachable". My explanation is that router is informing self that some host is unreachable. As to which host that might be and who is actually trying to access it[*], that's a completely different question. Some more in...
by mkx
Tue May 14, 2019 8:59 am
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 10
Views: 392

Re: Mikrotik > Juniper VLAN trunk

You're mentioning master ports. Which brings up a question: which version of RouterOS is your RB2011 running? Probably ancient and you should upgrade ROS to latest long-term (at least), which is 6.43.15 at this time. My configuration example was meant for recent ROS version ... Even if you don't upg...
by mkx
Mon May 13, 2019 11:21 pm
Forum: Wireless Networking
Topic: Webinterface of Remote PtP AP Bridge no longer accessible
Replies: 5
Views: 263

Re: Webinterface of Remote PtP AP Bridge no longer accessible

Can you connect to the remote SXT through its ether port? If yes, check firewall settings, could be that its wireless interface is somehow considered to be WAN.
by mkx
Mon May 13, 2019 11:16 pm
Forum: Wireless Networking
Topic: rx rate problem
Replies: 7
Views: 311

Re: rx rate problem

Actually I think that signal strength higher than around -45 is too strong and causes distortions in the receiver (driving pre-amp into non-linear range) causing drop in signal-to-noise ratio and hence reduced throughput. Try to maintain signal strength above -45 or -50 dBm.
by mkx
Mon May 13, 2019 8:19 pm
Forum: Wireless Networking
Topic: Bad Client on sector
Replies: 3
Views: 196

Re: Bad Client on sector

"Bad clients" surely affect the rest ... they degrade performance of whole sector because they consume larger than proportional air time leaving less air time (and hence capacity) for "good clients". And that's true for any wireless technology (plain 802.11, nstreme, ...), it just might affect some ...
by mkx
Mon May 13, 2019 8:13 pm
Forum: Wireless Networking
Topic: rx rate problem
Replies: 7
Views: 311

Re: rx rate problem

Signal actually rises from -50 to -39 (when measuring signal strength, more is more and -39 is less negative than -50, hence better signal). Is the Rx rate observed while link is utilized or (almost) idle? If while it's idle, then the number is meaningless...
by mkx
Mon May 13, 2019 5:13 pm
Forum: Beginner Basics
Topic: Trunk between RB1100 and CRS326 doesn`t work [SOLVED]
Replies: 6
Views: 344

Re: Trunk between RB1100 and CRS326 doesn`t work [SOLVED]

Things are slightly different: when using new style of vlan-filtering on bridge, on vast majority of devices everything is done in software. The only requirement is that appropriate ether ports are made members of bridge. CRS3xx is exception here as it can HW-offload bridge vlan-filtering setup to u...
by mkx
Mon May 13, 2019 4:54 pm
Forum: RouterBOARD hardware
Topic: mUPS with two different DC power inputs? [SOLVED]
Replies: 6
Views: 452

Re: mUPS with two different DC power inputs? [SOLVED]

... though when mUPS uses the battery (no DC in available), the voltage drops from 23.7V to 19V. So by monitoring DC voltage input on the PoE-powered device, we can determine if power comes from the battery or fom another power source, but we can't discriminate which one. Which is also according to...
by mkx
Mon May 13, 2019 4:38 pm
Forum: Beginner Basics
Topic: Trunk between RB1100 and CRS326 doesn`t work [SOLVED]
Replies: 6
Views: 344

Re: Trunk between RB1100 and CRS326 doesn`t work [SOLVED]

Are you suggest to use the same style as I use on CRS326? Yes. There's a big difference between CRS3xx and RB1100 is that CRS is a decent switch that can do VLAN stuff in hardware while the RB1100 can not. As your current setup does it in software already, the performance won't change for the worse.
by mkx
Mon May 13, 2019 4:09 pm
Forum: General
Topic: LAN and WAN on One PHysical port
Replies: 7
Views: 345

Re: LAN and WAN on One PHysical port

What kind of device it he right-most LAN infrastructure device (the one that connects to ISP 3 cloud), a switch or router? The most clean way of doing it would be to have all LAN infrastructure to convert ot full VLAN ... so any link between LAN infrastructure devices (trunk ports) would carry only ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 43