MikroTik

mkx

It is possible and I'm sure there are many ways to do it. From L2 (connectivity) point of view, you can use separate VLANs to separate different networks (WAN v.s. LAN) passing the same wire. From L3 point kf view, you may want to consider if firewalling the WAN-addressed virtual server should be do...

mkx

Most LTE modems playing smart by doing NAT themselves are not configurable enough to do netmap-style of NAT ... even if they do, you should find a way to configure that on the LTE modem thingy, nothing to be done on RB. And since you want to perform NAT on CCR in a smart way, you can't do netmap-sty...

mkx

How are PCs set-up ... IP address, subnet mask, default gateway? Is there a DHCP server involved or you set them up manually?

mkx

Did you tey to reboot CRS after change of IP? It shouldn't matter, but who knows ...

Does /interface bridge port print show 'H' in flags column for ether and sfp ports?

mkx

When you're testing ping from PfSense, does counter of the appropriate masquerade rule increase?

mkx

Please post output of command /export hide-sensitive (run it from a command window) ... and obfuscate public addresses ... paste it inside [code][/code] environment for better readability.

No need for verbosity, but do post complete setup, sometimes problems are hidden elsewhere.

mkx

Option with two bridges allows HW offload on ether ports of one of bridges (probably you want this on LAN bridge), while single-bridge-multiple-VLAN does not if VLANs are configured on bridge.. If functionality-wise you're happy with your current setup, then you should stick to it. If you stick to t...

mkx

Does PfSense know about 172.16.2.0/24? Or it treats it as "normal" WAN address?

Can your RB ping Vigor?

mkx

Thanks - and is there a simple way to "tie" the two subnets together so that everything (including broadcast) works across them both? Subnets and common broadcast domains don't go together. Unless you know well what you're doing ... but then you wouldn't be asking this particular question here ...

mkx

By default, connections from LAN to WAN are not restricted in any way. The only requirement us a working SRC-NAT configuration (which is there by default on SOHO models as well unless WAN connectivity type is a non-common one). You're mentioning a /25 WAN subnet which indicates a non-common setup (f...

mkx

Router needs IP address for each subnet it should be routing to/from.

Read up some IP routing basics ... when you do, don't skip the part with multiple routers in same network, this is the part where fun begins.

mkx

CRS line are switches with L3 functionality. It's fine to use them with ROS as switches (you don't have to boot SwOS for that). You should go for RB line, such as RB750Gr3 (which probably barely reaches your requirements) or some faster model (those typically come with bigger number of ports) such a...

mkx

CRSes will be as good as any other managed switch with regard to iSCSI...

mkx

I can see a communication noise happening around here. How about MT guys writing a few lines of technical description about GPeR ... what is it, how it works. Doesn't really have to disclose some patented technology ... I guess it's about a fairly simple (electrical) signal shaper with some DC bypas...

mkx

1. I prefer the classic or Hex-S (!) style

Say hello to Flintstones next time you meet them

Black is new white

mkx

This could happen if NAND was partitioned (for fall-back) and the backup partition never got updated (neither ROS nor config). The mechanism is such that routerboot starts device from the other partition if there's an error making RB to reboot. Power outage counts as such (personally I don't think p...

mkx

Other technologies like 4G use a lot more power and they can do it. Just a tad of nitpicking: user's equipment in 4G operates at similar Tx powers as WiFi (max Tx power at around 20dBm) and also uses similarly shitty antennae (with gain around 0dBi) ... the difference is in the base stations: those...

mkx

So did you try to add lte1 interface to WAN interface list? Did it do the trick or not?

mkx

None of your routing information/config is there?? Probably because all of it is dynamic. /ip route print and /ip address print would reveal lots of things. Before posting output of these commands do obfuscate public IP addresses ... but do it consistently so that it will be obvious what belongs to...

mkx

Probably your DST-NAT rule is too general. Execute command /ip firewall nat export in a terminal window and post result here.

mkx

When setting in-interface=bridge NAT should stop working for connections from WAN ...

mkx

Signal strength has its meaning for the receiving party. When device is in station mode, it only talks to single peer and signal strength of that peer is a fairly good indication of the two-way connection quality. When device is in ap mode (any of them), it's talking to many peers and none of them c...

mkx

cAP ac supports PoE-out ... connected PoE client would count as attachment. Some other devices feature USB ports which can be used to connect some power-hungry peripherials, such as LTE modems or flash sticks... Or miniPCIe slots to add wireless or LTE interfaces ... All of those count as attachments.

mkx

Routeros is about data (IP in particular) routing. If you're talking about VoIP, then many people did it. If you're talking about GSM circuit-switched voice, then ROS won't help you. Not many GSM chipsets support digital voice break-out ... and even if some does, it is 64kbps ADPCM or something simi...

mkx

1) Of course it matters (and two port has nothing to do with it) Really ... what's the big difference between 2-port ethernet hub and 2-port ethernet switch? And yes, port count has everything to do with it. Instead of forwarding frame to the other port because forwarding table (MAC address list) o...

mkx

How about searching for mikrotik dual wan failover using your favourite internet search page? One of top results is this manual page, seems promissing to me.

mkx

Old thread, I know, but I think its worth bumping. I had same thing happen to me. There were 2 ptty scripts in my scheduler. I had my router exposed to WAN with default username only a matter of minutes but didnt notice the script until a few days later. I deleted scripts, the admin user, the new r...

mkx

API login method has changed.

mkx

There are many points where things might have turned wrong way. Post output of /export hide-sensitive after you've mangled any remaining sensitive data such as public IP addresses ...

mkx

IMHO LAN infrastructure devices should for very same reason have their IP addresses set statically.

mkx

Powering is not a problem...i have power outlet on balcony. A what to use for device in building 1? I'm not sure if supplied power adapter is weatherproof as well ... For the building1 any routerboard with 2.4GHz wireless would do. In absence of other ideas/reasons I'd go with second wAP ac (for no...

mkx

I think you should properly separate ether2 from the rest of LAN on L2 by removing ether2 from brudge and then assure needed communication by routing and firewalling. You'd need separate subnet (probably a /30 would do) for connection between RB and the "untrusted network"'s gateway. If you go this ...

mkx

Are you testing connectivity from LAN device from one subnet towards router's address in another subnet or you're testing between LAN devices?
Post complete configuration (output of command /export hide-sensitive and obfuscate sensitive data, such as public IP address)

mkx

If we set aside problem with powering (wireless powering wasn't seriously developed ever since Tesla failed to extort more money from J.P.Morgan), a wAP ac would make a good wireless hop.

As both hops (2.4 and 5GHz) would essentially be point-to-point, I'd configure them as nstreme bridges.

mkx

Depends on how things are set up currently. If AP tags the traffic itself, then you can set port vlan security so that on ingress it only accepts tagged frames. A random passer-by won't know it needs to tag packets so for him the port will seem useless. If one knows to tag frames with correct VID, h...

mkx

Need feature to detect if device have poe-out interfaces - now any poe-command (even print command) causes error in script if HW doesn't have poe-out interfaces... I don't know how to script it, but possibility is available already: /interface print where type=pppoe-out pppoe has no relation to poe...

mkx

If the reason for avoiding LAN cables is fear for interference from power lines to UTP cables or fear for some power surges, then you could use fibre connection between the "main wireless hop" (building-2-building) and their hAP ac2 ... dumb media converters supporting multi-mode fibre and 10/100 Mb...

mkx

As far as I understand, x86 is not actively developed anymore ... hence no new drivers. Hence no support for newer hardware. MT suggests to switch over to CHR ... for one thing MT down't have to develop tons of drivers, VM abstraction layer takes care of that. With ROS7 things might change - who kno...

mkx

Need feature to detect if device have poe-out interfaces - now any poe-command (even print command) causes error in script if HW doesn't have poe-out interfaces...

I don't know how to script it, but possibility is available already: /interface print where type=pppoe-out

mkx

My thinking: ports ether23 and ether24 are set up equally. As VLANs seemingly work as they should on ether24 (Sonicwall trunk ... when connecting to different access ports computer becomes part of correct VLAN) - you might want to verify this by connecting Sonicwall to ether23 ... it serms that CRSe...

mkx

LAN IP address is bound to ether2 which is slave device of bridge ... and that's wrong. Move it to bridge interface. Where would I change this setting? I found the WAN ethernet but according to winbox it is already linked to the bridge. Perhaps I am looking in the wrong spot? That would be in /ip a...

mkx

LAN IP address is bound to ether2 which is slave device of bridge ... and that's wrong. Move it to bridge interface. Any good reason to limit advertised speeds on ether ports only to 1000-full? Autonegotiation will select it if both link partners support it, negotiation of anything else indicates pr...

mkx

Check it yourself, specs for all switches are here . I guess they call them switches even though they run ROS because their CPU is weak and unable of routing anywhere near wirespeed, but they feature decent switch chip capable of wirespeed switching. Anyway, on most dual-OS devices ROS offers same s...

mkx

First thing is to profile CPUs to get idea whether CPU is bottleneck ... and which subsystem is hit most.

mkx

OK,I'll assume then the print-out is fine. What I just noticed: ether21 and ether22 are not set to be members of VLAN 100 (neither tagged nor untagged) on any of switches. Which explains why clients of third SSID don't get anything ... when AP is connected to any of ether21 or ether22 ports. It does...

mkx

What you posted as output of /interface bridge vlan print doesn't correspond to how it should be configured (nor how you wanted it configured). The difference between /interface bridge vlan export and /interface bridge vlan print is that the former shows configuration directives and the later shows ...

mkx

You can use Woobm USB gadget to connect to router's console ... I can't vouch that it works with all RB devices but I haven't heard it doesn't either.

mkx

For RB750Gr3 it's not so important the number of wireless clients, more important is how active those clients will be ... in particular number of open connections. If those clients will be decently non-active, they'd have a few thousand connections in total open at any given time ... which is not a ...

mkx

One thing that strikes me odd: /interface bridge vlan add bridge=bridge tagged= " ether23-TRUNK,ether24-TRUNK,sfpplus1-TRUNK,sfpplus2-\ TRUNK,ether21-TRUNK,ether22-TRUNK " untagged= " ether1-VLAN10,ether2-VLAN10,e\ ther3-VLAN10,ether4-VLAN10,ether5-VLAN10,ether6-VLAN10,ether7-VLAN10,ether\ 8-VLAN10,...

mkx

When I capturing with Wireshark, I see also the Multicast package on Members which are not subscriping the Multicast. So IGMP Snooping ist not working, is that right? Of course IGMP Snooping is activated. In our Cisco Enviroment its all working perfectly. IGMP snooping seems to be borken on Mikroti...

Search found 2569 matches