Community discussions

MikroTik App

Search found 12301 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 42
by mkx
Mon Jun 17, 2024 10:07 pm
Forum: Wireless Networking
Topic: Audience wireless packages
Replies: 6
Views: 263

Re: Audience wireless packages

Feature-wise wifi-qcom(-ac) is not on par with legacy wireless and according to what MT staffers indicated it never will be (some features are gone forever). But for 99% of use cases, wifi-qcom(-ac) is fine and performs better than legacy wireless. As to meshing: I don't know what exactly mesh confi...
by mkx
Mon Jun 17, 2024 9:49 pm
Forum: General
Topic: webproxy
Replies: 3
Views: 161

Re: webproxy

I was referring specifically to MT's proxy implementation, this is the only relevant according to your question. It's not fair to compare full-blown software with "functionality-wise similar" parts in ROS ... because ROS functions are most of time severely space-restriced and often perform...
by mkx
Mon Jun 17, 2024 4:00 pm
Forum: General
Topic: Firewall doesn't drop new connections in forward (or did I do something wrong?)
Replies: 13
Views: 1160

Re: Firewall doesn't drop new connections in forward (or did I do something wrong?)

Why does this request reach the server 192.168.0.3, when the router firewall should drop all new connections in forward except those to the ports set in NAT (80,443,2203)? Maybe the internet host found open port 2203 and is now trying to brute-force in? I've seen that as well ... one has to keep in...
by mkx
Mon Jun 17, 2024 3:56 pm
Forum: General
Topic: ccr2004-1G-12S+2XS - performance
Replies: 3
Views: 197

Re: ccr2004-1G-12S+2XS - performance

Would a CRS504 (or more likely a CRS510) be able to solve my issues or is there an alternative? As long as it's plain routing without firewalling, then any switch with L3HW capability will be able to "route" at wire speed. Whatever that speed might be. As soon as one starts with firewall,...
by mkx
Mon Jun 17, 2024 3:51 pm
Forum: General
Topic: webproxy
Replies: 3
Views: 161

Re: webproxy

I don't know if "proxy software name" can be changed. And I highly doubt that this is the problem. When a web browser uses proxy (explicitly configured, not transparent proxy), then it actually requests proxy server to open a TCP connection towards https server and then it uses that connec...
by mkx
Mon Jun 17, 2024 3:41 pm
Forum: General
Topic: Let's Encrypt UPPER case issue
Replies: 4
Views: 381

Re: Let's Encrypt UPPER case issue

Sorry I don't understand. Why don't you just write it lowercase, just like everywhere on the internet?
Because he wants to name his routers properly ... and proper personal names are with capital initial (e.g. Normis, not normis). And he now needs some kind of work around the LE requirement.
by mkx
Mon Jun 17, 2024 11:07 am
Forum: General
Topic: Issues with IPv6 routing via WAN
Replies: 5
Views: 327

Re: Issues with IPv6 routing via WAN

I don't particularly like all the firewall stuff, it's dropping lots of traffic (perhaps even too much ... in IPv6 ICMP is very important to be working). I also don't know if the restrictive /ipv6/nd setup is OK (I have doubts about advertise-mac-address=no ). I don't see anything very off in the ad...
by mkx
Sun Jun 16, 2024 1:50 pm
Forum: General
Topic: Issues with IPv6 routing via WAN
Replies: 5
Views: 327

Re: Issues with IPv6 routing via WAN

Please describe in detail how your WAN connectivity looks like (plain DHCP vs. PPPoE) and provide full export of /ipv6 configuration subtree (as to sensitive data, don't omit it, obfuscate it and mention it when providing export). Also provide output of /ipv6/address/print and /ipv6/route/print (aga...
by mkx
Sun Jun 16, 2024 1:24 pm
Forum: General
Topic: hap aX3 performance issue?
Replies: 8
Views: 665

Re: hap aX3 performance issue?

I have such filling that the ethernet1 is somehow not working as it should. ether1 on hAP ax3 is a pretty different beast than the rest of ether ports. Although it's connected to same switch chip as the rest, it's 2.5Gbps port ... MT is quite notorious for having problems when ports with different ...
by mkx
Sat Jun 15, 2024 4:04 pm
Forum: General
Topic: Bridge firewall [SOLVED]
Replies: 15
Views: 879

Re: Bridge firewall [SOLVED]

Any clue about how the rate is being applied?

I've no idea. I guess you'll have to check.
by mkx
Sat Jun 15, 2024 3:28 pm
Forum: General
Topic: Bridge firewall [SOLVED]
Replies: 15
Views: 879

Re: Bridge firewall [SOLVED]

Try to remove (unset) the new-dst-ports property. Often setting some property to empty value means something different than not setting it at all. This particular one is used to redirect traffic which is matched to a different port ... and having it set to empty value might mean that traffic is redi...
by mkx
Sat Jun 15, 2024 2:56 pm
Forum: General
Topic: Help me understand why hairpin NAT rule didn't work but workaround did
Replies: 1
Views: 234

Re: Help me understand why hairpin NAT rule didn't work but workaround did

Why didn't the former rule work? Because dst-address property is a matcher ... and rule only acts if all the matchers match. And you likely used your public IP address when checking hairpin NAT. As to the rest of rule: if action is masquerade , then setting property to-addresses is not needed (masq...
by mkx
Sat Jun 15, 2024 1:57 pm
Forum: General
Topic: Bridge firewall [SOLVED]
Replies: 15
Views: 879

Re: Bridge firewall [SOLVED]

If that's the case, I guess I can create a switch rule to copy all the broadcast to the CPU and then create bridge rules? copying frames to CPU port doesn't directly affect normal frame paths ... so dropping some of copied frames with bridge firewall rules wouldn't prevent them from being forwarded...
by mkx
Sat Jun 15, 2024 1:51 pm
Forum: General
Topic: Bridge firewall [SOLVED]
Replies: 15
Views: 879

Re: Bridge firewall [SOLVED]

I've think I remember reading somewhere that you can only perform MAC-filtering in the forward-chain when HW Offloading is DISABLED , so the CPU can see the frames... Indeed, none of advanced bridge functionality is HW offloaded (AFAIK on any of MT devices). So at least the port in question has to ...
by mkx
Fri Jun 14, 2024 11:04 pm
Forum: Beginner Basics
Topic: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Replies: 19
Views: 812

Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os

Hmm ... I'm affraid you'll have to use reset button method to try to get your device under control again. I don't remember if wireless package was part of system bundle or not. After you gain access again, check list of packages installed (System -> Packages) and if you don't see wireless , you'll h...
by mkx
Fri Jun 14, 2024 10:28 pm
Forum: Beginner Basics
Topic: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Replies: 19
Views: 812

Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os

I suggested the way to get device upgraded in post #5 above. It's the most "fool proof" path, one can't miss with wrong packages/architecture/etc selection.
by mkx
Fri Jun 14, 2024 6:28 pm
Forum: Beginner Basics
Topic: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Replies: 19
Views: 812

Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os

I'd suggest to first upgrade to latest long-term and only later reset to defaults. As far as I remember there were some updates to default config since the ancient version your device is running.
by mkx
Fri Jun 14, 2024 6:23 pm
Forum: Wireless Networking
Topic: CAP ax Gen 6 mediocre performance
Replies: 15
Views: 1651

Re: CAP ax Gen 6 mediocre performance

From the wikipedia article detailing RCPI measurements (different acronym than RSSI but according to description this is what's actually being measured these days): For the most part, 802.11 RSSI has been replaced with received channel power indicator (RCPI). RCPI is an 802.11[5] measure of the rece...
by mkx
Fri Jun 14, 2024 8:33 am
Forum: Beginner Basics
Topic: Basic firewall hardening
Replies: 11
Views: 583

Re: Basic firewall hardening

why are people so afraid of ipv6?

Because it takes away a fraction of precious bandwidth due to larger packet overhead. And specifically to ROS it most often reduces router performance by factor of 3-4 due to lack of fasttrack.

And because it's an unfamiliar boo-hoo :wink:
by mkx
Fri Jun 14, 2024 8:29 am
Forum: Beginner Basics
Topic: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Replies: 19
Views: 812

Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os

As I already wrote: according to config you posted, this device is a switch, not a router. The other possibility is that you didn't post full config, in which case it's not possible to give you any sound advice.
by mkx
Thu Jun 13, 2024 9:02 pm
Forum: Beginner Basics
Topic: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Replies: 19
Views: 812

Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os

Sure thing. Configure wifi properties (SSID, password, etc.). Then add wifi1 interface as bridge port. Done. But in this case I'd suggest you to upgrade ROS to latest v6 (long-term channel is at 6.49.13 ATM). The simplest way of doing it would be to add IP setup to device and use System->Packages->U...
by mkx
Thu Jun 13, 2024 9:16 am
Forum: Beginner Basics
Topic: Basic firewall hardening
Replies: 11
Views: 583

Re: Basic firewall hardening

Anyone have a set of basic firewall hardening commands I can put into the routerOS? You're more than welcome to try to harden the firewall. But here is my 5 cents worth of advice: if your MT device (you didn't tell which one you're using) comes with default setup which features decently long list o...
by mkx
Thu Jun 13, 2024 6:45 am
Forum: Beginner Basics
Topic: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os
Replies: 19
Views: 812

Re: RB2011UiAS-2HnD-IN was already installed in a Business im helping first time using mikrotik os

If this config is the whole lot of it ... then this device is set up as a dumb switch, passing traffic between ether1, ether3 and ether4 (not ether2). And nothing more, e.g. wifi doesn't seem to be configured.

I don't think ROS version matters much in this setup.
by mkx
Wed Jun 12, 2024 6:29 pm
Forum: Wireless Networking
Topic: CAP ax Gen 6 mediocre performance
Replies: 15
Views: 1651

Re: CAP ax Gen 6 mediocre performance

As you can see, the wider you go, the more throughput you get, but with diminishing returns. Generally, for each doubling in bandwidth, you get a 50% increase in throughput. Not to forget that if transmitters work at EIRP limitation, then each doubling of bandwidth will reduce RSSI by 3dB. So going...
by mkx
Wed Jun 12, 2024 2:51 pm
Forum: General
Topic: Upgrade broke rules?
Replies: 9
Views: 796

Re: Upgrade broke rules?

How about posting full config ... and explaining what exactly started to fail? You have some minor mess with FW rules and it's hard to understand where are they supposed to fit. And you (obviously?) have some NAT rules which I don't find in the posted config. FW rules for different chains are interl...
by mkx
Wed Jun 12, 2024 11:55 am
Forum: General
Topic: Long Term release or new functions?
Replies: 22
Views: 1182

Re: Long Term release or new functions?

I'd love to see a v7 LTS release. It's been almost two years since we had a "contemporary" LTS release (it was in v6 around release date of v7). Since then many of us are doomed to running v7 due to various reasons and we don't have possibility to run an LTS version. I can remember that MT...
by mkx
Wed Jun 12, 2024 11:20 am
Forum: General
Topic: Why do I have to update twice each time? [SOLVED]
Replies: 4
Views: 382

Re: Why do I have to update twice each time? [SOLVED]

To add info posted by @patrikg Name Mikrotik World PC World Version installed shown in ---------------------------------------------------------------------------------------------------- Operating System RouterOS Windows 11 /system/package Firmware RouterBoot Bios/UEFI /system/routerboard If you ti...
by mkx
Tue Jun 11, 2024 7:01 am
Forum: General
Topic: subnet mask and gateway on SwOS Lite [SOLVED]
Replies: 5
Views: 325

Re: subnet mask and gateway on SwOS Lite [SOLVED]

On SwOS one doesn't enter subnet mask nor gateway, they are not needed due to the way SwOS communicates. SwOS doesn't ever start connections and it always replies to the connection initiator's apparent MAC address (which can be gateway's MAC address in reality).
by mkx
Mon Jun 10, 2024 8:38 pm
Forum: Beginner Basics
Topic: Mixed Capsman
Replies: 3
Views: 211

Re: Mixed Capsman

You would run two instances of CAPsMAN, both wireless and wifi. But forget about using hAP ac2 in such role ... it would have to run both wifi-qcom-ac and wireless drivers (the former for better performance, the later for legacy capsman) ... which is both unsupported (on any device) and impossible ...
by mkx
Sun Jun 09, 2024 10:52 am
Forum: Beginner Basics
Topic: Router in Hotspot mode does not perform more than 80 mbit
Replies: 3
Views: 261

Re: Router in Hotspot mode does not perform more than 80 mbit

You may want to compare manual config with the one by quickset to see which difference might cause the slowdown. Export config to text file by executing command from terminal window: /export file=anynameyouwish Fo it for both instances, fetch both resulting file off device and use your favourite pro...
by mkx
Sun Jun 09, 2024 10:49 am
Forum: Beginner Basics
Topic: Kid Control - tons of unknown devices
Replies: 4
Views: 527

Re: Kid Control - tons of unknown devices

Most smartphones these days have feature of using randomized MAC addresses (and they have it enabled by default).

The other thing for you to check is which router's interface do they map to?
by mkx
Sun Jun 09, 2024 12:45 am
Forum: RouterBOARD hardware
Topic: hAP AX2 with 2.5GBASE-T or 5GBASE-T
Replies: 4
Views: 3676

Re: hAP AX2 with 2.5GBASE-T or 5GBASE-T

- Asus AX6000 ... Preferably in the AC2/AX2 form factor aswel in the AC3/AX3 form factor. AX6000 is 30cm x 17cm x 22cm hAP ax2 is 12cm x 10cm x 4cm The difference in volume is around 20-times. Even if the last AX6000 measurement is with extended antennae and is height of the case more like 5cm, it ...
by mkx
Sat Jun 08, 2024 6:14 pm
Forum: SwOS
Topic: Passive POE out on CRS328-24P-4S+
Replies: 1
Views: 246

Re: Passive POE out on CRS328-24P-4S+

1. What does Low/High voltage actually do? As manual (you linked it): Voltage Level Feature which allows to manually switch between two voltage outputs on PoE-Out ports. Will take effect only on PSE with switchable voltage modes (CRS328-24P-4S+RM, netPower 16P, CRS354-48P-4S+2Q+RM). And high/low vo...
by mkx
Sat Jun 08, 2024 5:56 pm
Forum: Wireless Networking
Topic: Capsman vs Wireless - lots of questions
Replies: 6
Views: 401

Re: Capsman vs Wireless - lots of questions

Can I run wireless-capsman and wifi-capsman SERVER on the same RB1100?

Ad @infabo wrote: you can. But config will be completely separate, you'll have to do it twice.
by mkx
Sat Jun 08, 2024 12:37 pm
Forum: General
Topic: hAP-AC2 convert to Legacy Wireless?
Replies: 4
Views: 423

Re: hAP-AC2 convert to Legacy Wireless?

... that supports, my current setup?

What functionality of legacy wireless in particular are you missing on wifi device?
by mkx
Fri Jun 07, 2024 7:53 pm
Forum: RouterBOARD hardware
Topic: L009UiGS-RM SFP Connection with Others Brand Switch
Replies: 1
Views: 270

Re: L009UiGS-RM SFP Connection with Others Brand Switch

1) you answered it in 2) 2) yes 3) it might work ... MT doesn't fo vendor locks, but it doesn't do many interoperability tests, henceblack of information about compatibility 4) it's important that they are compatible on optical side: they are both multimode, they both work with 850nm light, they are...
by mkx
Fri Jun 07, 2024 7:43 pm
Forum: Wireless Networking
Topic: Capsman vs Wireless - lots of questions
Replies: 6
Views: 401

Re: Capsman vs Wireless - lots of questions

Go to https://mikrotik.com/download , select correct version and device architecture (arm), fetch the extra packages archive, open it and extract needed .npk file. Upload it to device and reboot. However, this doesn't work on your ac drvices because they have too small internal storage. So you have ...
by mkx
Fri Jun 07, 2024 7:30 pm
Forum: General
Topic: Setting MTU on trunk in upstream or downstream switch
Replies: 4
Views: 336

Re: Setting MTU on trunk in upstream or downstream switch

Switches always work on L2 ... and either accept frame (if its size doesn't exceed L2MTU or they drop it. And they usually have same L2MTU on all ports. When it comes to routers, they work on L3 and they have MTU set on each L3 interface (that's interface with IP address set). In your case these wou...
by mkx
Fri Jun 07, 2024 3:05 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 86
Views: 23608

Re: v7.16beta [testing] is released!

Are there any plans to bring features of wifi-qcom -ac on par with wifi-qcom ... the list of differences is growing with every new ROS version ... Probably not possible without bloating the size of the package, thus causing more problems for devices like hAP ac². wifi-qcom is over 3.5x the size of ...
by mkx
Fri Jun 07, 2024 9:23 am
Forum: General
Topic: Setting MTU on trunk in upstream or downstream switch
Replies: 4
Views: 336

Re: Setting MTU on trunk in upstream or downstream switch

Before you delve into technicalities of where and how to change MTU consider this: MTU should be the same on all hosts, members of same IP subnet. If it's not, then large packets will be dropped when sent from jumbo-frame device towards standard-frame device. The reason being that frames don't get f...
by mkx
Fri Jun 07, 2024 9:14 am
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 86
Views: 23608

Re: v7.16beta [testing] is released!

Are there any plans to bring features of wifi-qcom-ac on par with wifi-qcom ... the list of differences is growing with every new ROS version ...
by mkx
Thu Jun 06, 2024 9:08 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 1152

Re: Password length limit on SwOS? Seriously?

A sensible limit of that type will be based on a buffer size, as I indicated. 256 bytes is sensible. 1k is sensible. 64k is sensible. 18 smacks of a fixed-length plaintext field in a C structure stored as-is in the flash RAM; there are no common 144-bit hash functions. Keep in mind that we're talki...
by mkx
Wed Jun 05, 2024 8:49 pm
Forum: Wireless Networking
Topic: Rotating machine
Replies: 9
Views: 625

Re: Rotating machine

While geometry of leaky feeder forming "antenna" definitely definitely makes things more interesting, it's the observation of greatly reduced throughput when antenna starts to rotate that makes me think that rapid "antenna" revolution is making problems here. I'm thinking: leaky ...
by mkx
Wed Jun 05, 2024 8:26 pm
Forum: General
Topic: mAP lite continuinally rebooting
Replies: 2
Views: 223

Re: mAP lite continuinally rebooting

First thing to try is different power adapter.
by mkx
Wed Jun 05, 2024 10:24 am
Forum: Beginner Basics
Topic: CRS Switch Rule Rate [SOLVED]
Replies: 10
Views: 2277

Re: CRS Switch Rule Rate [SOLVED]

I'm testing iperf3 with TCP traffic, but even using BBR congestion control which is essentially just forcing as much through the pipe as possible As I wrote: dropped packets make havoc for TCP. The other phenomenon, which congestion control has to deal with, is varying/long RTT ... and that's somet...
by mkx
Wed Jun 05, 2024 6:54 am
Forum: Beginner Basics
Topic: CRS Switch Rule Rate [SOLVED]
Replies: 10
Views: 2277

Re: CRS Switch Rule Rate [SOLVED]

For example at 1G rate, the output you get with iperf3 is 100Mbits/s. Which type of traffic was this, TCP or UDP? You should try UDP ... the problem with ingress policer is that it can only drop excess frames and dropping packets causes havoc for TCP (egress shaper can delay packets which is pretty...
by mkx
Tue Jun 04, 2024 8:41 pm
Forum: Announcements
Topic: v7.15.1 [stable] is released!
Replies: 322
Views: 63673

Re: v7.15 [stable] is released!

Having the CPU-facing port automatically added as a tagged member when an /interface vlan is attached to a bridge does seem like a reasonable compromise
I agree with this idea.
by mkx
Tue Jun 04, 2024 8:39 pm
Forum: Wireless Networking
Topic: Rotating machine
Replies: 9
Views: 625

Re: Rotating machine

I can think of self-inflicted interferrnce due to rapid movement of antenna (the rotating leaky cable) relative to stationary AP. I'd expect a better behaviour if you used a simple dipole antenna, mounted in the center of rotation and directed across the axis of rotation ... if the antenna was reall...
by mkx
Tue Jun 04, 2024 8:14 pm
Forum: Announcements
Topic: v7.15.1 [stable] is released!
Replies: 322
Views: 63673

Re: v7.15 [stable] is released!

In fact, I think /interface/vlan should have some option/attribute that automatically adds tagged=bridge (as a dynamic .../bridge/vlan) – so Layer3/IP work without messing with bridge vlan table at all. So whole /interface/bridge/vlans complexity be only needed for hybrid ports or Layer2-only switc...
by mkx
Tue Jun 04, 2024 8:05 pm
Forum: Announcements
Topic: v7.15.1 [stable] is released!
Replies: 322
Views: 63673

Re: v7.15 [stable] is released!

Hopefully at some point the PVID per port will disappear and the "untagged ports" in the VLAN configuration will provide this config... As it's now, /interface/bridge/port defines ingress behaviour ... and PVID can correctly only be set to a single value. OTOH /interface/bridge/vlan defin...
by mkx
Tue Jun 04, 2024 12:06 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4 Dude Edition
Replies: 54
Views: 20867

Re: RB1100AHx4 Dude Edition

The only files on the 128MB internal storage should be RouterOS and the 2 log files. Internal storage hosts ROS installation and all the configuration. But that's hidden from users. So it's really hard to tell where those 50MB went. The bad thing about binary backups is that they aren't transparent...
by mkx
Tue Jun 04, 2024 12:01 pm
Forum: RouterBOARD hardware
Topic: Outdoors 5G receiver
Replies: 3
Views: 357

Re: Outdoors 5G receiver

All Mikrotik's devices, which can connect to mobile broadband, are listed on this product list . There aren't very many 5G products on the list, if I see correctly there's only a single 5G device listed: Chateau 5G ax which doesn't fit your requirements (it's not an outdoor device). So it does seem ...
by mkx
Tue Jun 04, 2024 11:49 am
Forum: General
Topic: Use ISP Static IP from ADSL Modem on Mikrotik
Replies: 1
Views: 167

Re: Use ISP Static IP from ADSL Modem on Mikrotik

If you want to use static public IP address on your own router, connected to ISP-provided gadget, then that gadget has to be configured into "bridge mode". And that's true for all vendors of your own router, not only Mikrotik. How to put ISP's gadget into "bridge mode" again depe...
by mkx
Tue Jun 04, 2024 11:39 am
Forum: Beginner Basics
Topic: hap ax3 wifi interfaces
Replies: 9
Views: 1695

Re: hap ax3 wifi interfaces

But if you install base package manually to go to 7.13 or higher, you also need to take care of wifi-qcom or otherwise you get no wifi. Also make sure that extra package is enabled for use. Also: if using netinstall, select both routeros and wifi-qcom packages for installation in one go. If any opt...
by mkx
Mon Jun 03, 2024 10:31 pm
Forum: General
Topic: CRS112 classic bridge vs. switch chip configuration
Replies: 5
Views: 298

Re: CRS112 classic bridge vs. switch chip configuration

I'll admit: I've no idea what Unifi APs are doing, hence I've no idea what switch chip config passes/blocks differently than the bridge.
by mkx
Mon Jun 03, 2024 9:59 pm
Forum: General
Topic: CRS112 classic bridge vs. switch chip configuration
Replies: 5
Views: 298

Re: CRS112 classic bridge vs. switch chip configuration

Another thing for switch chip variant: /interface ethernet switch egress-vlan-tag add tagged-ports=sfp12 vlan-id=1 <snip> /interface ethernet switch egress-vlan-translation add customer-vid=0 customer-vlan-format=untagged-or-tagged new-customer-vid=1 \ ports=ether1,ether2,ether3,ether4,ether5,ether6...
by mkx
Mon Jun 03, 2024 9:44 pm
Forum: General
Topic: CRS112 classic bridge vs. switch chip configuration
Replies: 5
Views: 298

Re: CRS112 classic bridge vs. switch chip configuration

In practice both configurations do the same job, but the APs (Ubiquiti UniFi) connected to ports ether1 - ether8 display subtle differences in behavior depending on the configuration method chosen. I don't see any difference which would make notable difference in behaviour. What are the "subtl...
by mkx
Mon Jun 03, 2024 6:23 pm
Forum: Beginner Basics
Topic: Adding an additonal network
Replies: 9
Views: 601

Re: Adding an additonal network

... I fell asleep reading your post ...

I'm glad that even you found my post useful, as a senior citizen you surely appreciate a good sleep :-P
by mkx
Mon Jun 03, 2024 6:20 pm
Forum: Beginner Basics
Topic: ipv6 firewall rules clients in LAN privacy/security thing? [SOLVED]
Replies: 8
Views: 540

Re: ipv6 firewall rules clients in LAN privacy/security thing? [SOLVED]

I am running the x86 version of RouterOS ...

Ah, yes, AFAIK CHR/x86 falls into "Pro" category, hence no default config.
by mkx
Mon Jun 03, 2024 12:17 pm
Forum: Beginner Basics
Topic: ipv6 firewall rules clients in LAN privacy/security thing? [SOLVED]
Replies: 8
Views: 540

Re: ipv6 firewall rules clients in LAN privacy/security thing? [SOLVED]

I'm strongly recommending you to have a look at default rules (execute /system/default-configuration/print ) for inspiration. I'd say they are waaay better than what you showed in your opening post. That wont show any default firewall rules. Is there anywhere I can find the default ipv6 firewall ru...
by mkx
Mon Jun 03, 2024 11:12 am
Forum: General
Topic: MVRP usage [SOLVED]
Replies: 10
Views: 715

Re: MVRP usage [SOLVED]

What I kind of understood is that you don't really need to add the Bridge as tagged, unless you want to have a Layer 3 (vlan interface) in that bridge? Is that correct? Exactly. Bridge port can be also set as untagged member of one VLAN by setting pvid property on bridge (the confusing part is that...
by mkx
Mon Jun 03, 2024 11:04 am
Forum: Beginner Basics
Topic: Adding an additonal network
Replies: 9
Views: 601

Re: Adding an additonal network

The problem with "normal" L2 device (i.e. ethernet switch) is that in principle it only handles single IP subnet ... L3 subnets (IP subnet) are in principle each tied to single L2 broadcast domain. So when you try to carry two L3 subnets over single L2 broadcast domain, you inevitably ente...
by mkx
Mon Jun 03, 2024 10:52 am
Forum: Beginner Basics
Topic: ipv6 firewall rules clients in LAN privacy/security thing? [SOLVED]
Replies: 8
Views: 540

Re: ipv6 firewall rules clients in LAN privacy/security thing? [SOLVED]

This one: 4 chain=forward action=accept in-interface=Freedom out-interface=LAN It's letting anything from internet to access your LAN. Making most of the rest of rules irrelevant. Remember that anything not handled by explicit rules will be implicitly allowed/accepted (and that includes chain=input,...
by mkx
Mon Jun 03, 2024 9:01 am
Forum: General
Topic: MVRP usage [SOLVED]
Replies: 10
Views: 715

Re: MVRP usage [SOLVED]

It does nothing to change the fact that one would have to manually untag the vlan for any specific port on a switch Untag the port and tag the bridge, I guess? [/quote] Setting bridge as tagged/untagged under /interface/bridge/vlan doesn't affect functionality of bridge the switch-like entity , it ...
by mkx
Sun Jun 02, 2024 7:47 pm
Forum: Beginner Basics
Topic: ipv6 firewall rules clients in LAN privacy/security thing? [SOLVED]
Replies: 8
Views: 540

Re: ipv6 firewall rules clients in LAN privacy/security thing? [SOLVED]

I did not check the IPv6 firewall rules in depth, so I don't know if they are MT default or something compeltely different (but from afar they do seem a very custom rules). My experience is that MT default IPv6 firewall rules are pretty secure. As to the privacy: in IPv6 working ICMP is way more imp...
by mkx
Sun Jun 02, 2024 3:25 pm
Forum: General
Topic: MVRP usage [SOLVED]
Replies: 10
Views: 715

Re: MVRP usage [SOLVED]

The basic logic behind VLANs is that ports are either trunk (carrying many/all VLANs tagged and optionally one - native - untagged) or access (carrying one VLAN untagged). It's clear that for the later some nanual config is necessary, somebody has to decide for a port of which VLANs (available) it's...
by mkx
Sun Jun 02, 2024 3:10 pm
Forum: Beginner Basics
Topic: Adding an additonal network
Replies: 9
Views: 601

Re: Adding an additonal network

Depending on configuration of "3rd party" devices you may be creating loop(s) in your LAN. One potential loop is between CRS328 and openSense router, another potential loop is between CRS328, CRS305 and unRAID. Any of these loops will break connectivity for one of involved VLANs. There's x...
by mkx
Fri May 31, 2024 5:50 pm
Forum: Wireless Networking
Topic: Basic Capsman, roaming, RouterOS questions
Replies: 5
Views: 496

Re: Basic Capsman, roaming, RouterOS questions

Am I correct so far? AFAIK yes. Does a regular backup include all the provisioning info? Yes. But if you want that "backup" to be usable for migrating capsman to another device, you have to create textual configuration exports. Binary backup is only good for restoring config back on the v...
by mkx
Fri May 31, 2024 5:28 pm
Forum: General
Topic: L2TP RouterOS 7.XX not working with SIM card
Replies: 3
Views: 599

Re: L2TP RouterOS 7.XX not working with SIM card

The issue is likely due to majority of MNOs using CGNAT ... meaning that mobile devices receive some private IP (either RFC1918 or RFC6598) and then does NAT to public addresses for outgoing connections. And there's not much a subscriber can do about it .... except using tunelling solution which wor...
by mkx
Fri May 31, 2024 5:09 pm
Forum: Beginner Basics
Topic: Can the firewall drop packets silently?
Replies: 8
Views: 631

Re: Can the firewall drop packets silently?

My experience is that FW with drop rule does successfully hide port (it's "stealth"). If, however, port is NATed (for a particular source address), then it's up to service on the backend to handle "unwanted connection requests" ... and mostly they respond in a way interpreted as ...
by mkx
Fri May 31, 2024 4:50 pm
Forum: Beginner Basics
Topic: RB3011 - switching does not work
Replies: 3
Views: 407

Re: RB3011 - switching does not work

Actually you didn't find the problem/solution. There are two distinct ways of configuring VLANs on MT devices: VLAN-aware bridge Everything is configured under /interface/bridge sub-tree. This is the preferred method and is available since ROS 6.42. It is supported by all devices (regardless actual ...
by mkx
Fri May 31, 2024 4:31 pm
Forum: Announcements
Topic: v7.15.1 [stable] is released!
Replies: 322
Views: 63673

Re: v7.15 [stable] is released!

!) system - added support for AMPERE (R) and ARM64 CHR installations (new ARM64 CHR image available);
--> So ROS will run on Raspberry Pi? That would be nice :)
As long as your R Pi runs a hypervisor (CHRs run as virtual machines, not on bare metal).
by mkx
Thu May 30, 2024 3:22 pm
Forum: Beginner Basics
Topic: RB3011 - switching does not work
Replies: 3
Views: 407

Re: RB3011 - switching does not work

You must set vlan-mode to something other than default (which is "disabled" IIRC, it might be "check" as well) in order for switch chip to manipulate VLAN headers. E.g.:
/interface ethernet switch port
set 2 default-vlan-id=17 vlan-header=always-strip mode=secure
by mkx
Thu May 30, 2024 8:49 am
Forum: General
Topic: Port forwarding not working anymore after switching to fibre connection
Replies: 7
Views: 1071

Re: Port forwarding not working anymore after switching to fibre connection

This is a show case of why it's better to use in-interface-list in firewall rules than in-interface (and likewise out-interface-list instead of out-interface) ... when physical interface for certain logical connection changes (e.g. WAN connection changing from ether1 to pppoe-out1) it's only necessa...
by mkx
Thu May 30, 2024 8:39 am
Forum: General
Topic: DNS high CPU usage
Replies: 13
Views: 6984

Re: DNS high CPU usage

What is important to note is that the default MK rule set does not have a rule to explicitly deny DNS from the WAN. The default (in recent ROS versions) firewall rules for chain=input are: filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: acc...
by mkx
Thu May 30, 2024 8:30 am
Forum: Beginner Basics
Topic: received dst-nat packet not seen after dst-nat and mangle
Replies: 34
Views: 2215

Re: received dst-nat packet not seen after dst-nat and mangle

The inclusion of ..55.0 in IP/DHCP/Networks I thought is how the router knows this subnet exists and where to reach it. If not here, where does this info come from? Knowledge of "foreign" IP subnets is passed to router through proper configuration in routing table, e.g. /ip/route add dst-...
by mkx
Wed May 29, 2024 2:57 pm
Forum: Wireless Networking
Topic: Cannot connect to AP in station bridge mode (but station works)
Replies: 3
Views: 397

Re: Cannot connect to AP in station bridge mode (but station works)

It's not likely to get solved. Right now bridge functionality is not compatible between different generations of wireless drivers. If compatibility was easy to achieve, I'd expect to happen already. Specially so as the backwards compatibility has to be added to new drivers, which are chipset vendor'...
by mkx
Tue May 28, 2024 8:21 am
Forum: Beginner Basics
Topic: The simplest NAT problem
Replies: 11
Views: 705

Re: The simplest NAT problem

The two NAT rules seem pretty cumbersome to me. And they possibly do only half of their job ... depending on configuration of both PCs. Or they are plain wrong ... For example: the first rule will kick in when PC 192.168.0.10 (or any other actually) tries to communicate with 192.168.0.1 (router's IP...
by mkx
Mon May 27, 2024 11:37 am
Forum: SwOS
Topic: [Feature Request] SwOS: Turning off LEDs
Replies: 5
Views: 462

Re: [Feature Request] SwOS: Turning off LEDs

This forum is monitored by MT staff only sparsely. So you should file the feature request via official support channels: https://mikrotik.com/support
by mkx
Mon May 27, 2024 7:08 am
Forum: Beginner Basics
Topic: CRS1XX Management VLAN Interface Issue [SOLVED]
Replies: 3
Views: 539

Re: CRS1XX Management VLAN Interface Issue [SOLVED]

Settings under /interface/ethernet/switch/egress-vlan-tag (and switch/vlan) are filling up a table which has one row per VLAN ID. In your case it already has a row with VID 90 before you trying to execute commands from your last post, hence failure. Instead you have to manipulate existing rows using...
by mkx
Sun May 26, 2024 8:28 pm
Forum: General
Topic: SXTsq Lite2 as access point
Replies: 3
Views: 370

Re: SXTsq Lite2 as access point

Could it be possible to at least connect one client directly to it (an iPad)? Not really. With license level 3 it can only be run in "bridge" mode[*] ... which is Mikrotik's proprietary extension of 802.11 standard and works in 4-address mode ... 802.11 stations/clients work in 3-address ...
by mkx
Sun May 26, 2024 7:22 pm
Forum: RouterBOARD hardware
Topic: PoE PSU for RB5000UPr+S and two more devices
Replies: 1
Views: 335

Re: PoE PSU for RB5000UPr+S and two more devices

I didn't find it written explicitly, it's there implicitky in product brochure ... the way selection of PoE out source is explained. Namely: PoE-in is only good for powering the device itself, but not for PoE-out. So if you want to power your two external devices via RB5009, you'll have to use power...
by mkx
Sun May 26, 2024 7:03 pm
Forum: Beginner Basics
Topic: how to change vlan tag for tagged? [SOLVED]
Replies: 7
Views: 675

Re: how to change vlan tag for tagged? [SOLVED]

Why would you want to change the tagging of a vlan? ( dont think its possible in your context ) I always considered this to be the basic functionality of VLAN. VLAN is Virtual LAN ... so one VID equals one ethernet infrastructure (in ancient legacy terms). If one builds multiple LANs, it's because ...
by mkx
Sun May 26, 2024 2:42 pm
Forum: General
Topic: Wi Fi is not discoverable
Replies: 1
Views: 285

Re: Wi Fi is not discoverable

Which device model is it? Screenshot is short .... says RBD5... which I gather is either hAP ac2 or hAP ac3. In which case you have to install wifi-qcom -ac driver package ... And you don't need wireless driver package (it's legacy and provides lower performance ... but does support some nice legacy...
by mkx
Sun May 26, 2024 1:59 pm
Forum: General
Topic: RouterOS v7+ BUG (on ROS6 working) - unrecognized 10Gb copper pigtail cable
Replies: 4
Views: 521

Re: RouterOS v7+ BUG (on ROS6 working) - unrecognized 10Gb copper pigtail cable

Yes, you should ooen a ticket with support.

I guess nobody here is able to help you also due to the particular setup you're running (e.g. I've no idea what "10Gb copper pigtail cable" might be ... I'm guessing a passive DAC but ...).
by mkx
Fri May 24, 2024 4:26 pm
Forum: General
Topic: Feature request:remove limit about "press of the reset button, or a cold reboot"
Replies: 14
Views: 996

Re: Feature request:remove limit about "press of the reset button, or a cold reboot"

This limit is here for security reasons, it makes harder to make some changes remotely. As such it's generally "a good thing" and I don't want to see it gone. I don't know if MT will hear you for container support (installing a random container can be a security issue as well). Besides, I'...
by mkx
Thu May 23, 2024 6:27 pm
Forum: Beginner Basics
Topic: AT&T FTTH, VLANs, CapsMAN Full Config (RouterOS 7 Updated)
Replies: 33
Views: 6513

Re: AT&T FTTH, VLANs, CapsMAN Full Config (RouterOS 7 Updated)

So like it, or not: it's what Mikrotik offers. And to setup multiple APs on Mikrotik, CAPsMAN is the "right way" to do it. No one said easy. And with "wifi capsman" the difference in setup complexity may shrink to none if one uses profiles even for local wifi ... and we all know...
by mkx
Thu May 23, 2024 3:18 pm
Forum: Beginner Basics
Topic: LTE/5G Modem RSRP, SINR, RSRQ ranges and labels (excellent, good, etc.)
Replies: 4
Views: 625

Re: LTE/5G Modem RSRP, SINR, RSRQ ranges and labels (excellent, good, etc.)

First: RSSI is completely useless quantity in 4G/5G as it contains everything ... including your microwave owen (and you probably imagine how much it helps your data transfers). Next: mapping between numbers and words are subjective and different between vendors, there is no 3GPP standard describing...
by mkx
Thu May 23, 2024 11:21 am
Forum: Wireless Networking
Topic: IoT devices disconnect from Wifi intermittently [SOLVED]
Replies: 10
Views: 1457

Re: IoT devices disconnect from Wifi intermittently [SOLVED]

Some IoT deviced (and a few others) are picky about DHCP lease validity time (lease-time property of DHCP server). You may want to play with it, for mostly static setups (i.e. devices don't come and go frequently) you can set it to 1d (one day) or even longer.
by mkx
Thu May 23, 2024 10:43 am
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2054

Re: LHGGR underperforming LTE speeds [SOLVED]

What I see is a couple of forum gurus/veterans debating each other to no result. I feel addressed with this sentence. And I'll defend myself by saying: without seeing the problematic setup in detail (and your own conclusion says it was an issue with physical installation of antenna) we can only gue...
by mkx
Thu May 23, 2024 10:23 am
Forum: General
Topic: NTP server
Replies: 3
Views: 473

Re: NTP server

Timing service, provided by "cloud", is inaccurate and only good enough for logs to show almost sensible time. It far too inaccurate to serve as source for NTP. It also doesn't offer information about stratum (which is integral part of NTP server selection, done by clients).
by mkx
Thu May 23, 2024 10:04 am
Forum: General
Topic: How to detect wrong tcp packet order?
Replies: 1
Views: 420

Re: How to detect wrong tcp packet order?

Reordering of TCP packets (if they are indeed delivered out-of-order) is done by final receiver (so typically it's not router's job to do it). TCP out-of-order delivery can affect throughput (if TCP stack NACKs packets which actually arrive a bit later ... which makes sender's transmit window shrink...
by mkx
Thu May 23, 2024 9:45 am
Forum: General
Topic: Creating Bridges in router mode - Router change mode
Replies: 1
Views: 379

Re: Creating Bridges in router mode - Router change mode

When you change anything outside the QuickSet window (and bridge manipulation is definitely something done outside QuickSet), you must never ever go back into QuickSet ... it will mess up the config in various random ways. Also beware of "detect internet" function ... it can misbehave and ...
by mkx
Fri May 17, 2024 10:43 pm
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2054

Re: LHGGR underperforming LTE speeds [SOLVED]

I'm just not convinced it's a device/antenna selection issue in this case. e.g. SINR is 15db. SINR of 15dB in LTE means about 50% of max throughput ... so this is not exactly great figure. I don't think that MTU mismatch would explain shitty download and decent upload ... because this would mean a ...
by mkx
Fri May 17, 2024 7:35 pm
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2054

Re: LHGGR underperforming LTE speeds [SOLVED]

That MTU is very often lower than standard internet/ethernet 1500 MTU. i.e. tower backhauls are sometimes tunneled over internet, and also underlying SS7 network employs more tunneling. I very much doubt that reduced MTU (if it really is) is result of backbone topology. S1 interfaces (between nodeB...
by mkx
Fri May 17, 2024 7:12 pm
Forum: General
Topic: Feature Request: Ed25519-SK SSH keys
Replies: 6
Views: 763

Re: Feature Request: Ed25519-SK SSH keys

I'm not sure what would be best feature request submission ... this forum is primarily users-to-users forum, MT staff occasionally pass by. So posting it here doesn't guarantee that it'll be seen by MT. Higher probability of making it seen by at least some MT staffer would be submitting it via offic...
by mkx
Fri May 17, 2024 4:13 pm
Forum: General
Topic: Feature Request: Ed25519-SK SSH keys
Replies: 6
Views: 763

Re: Feature Request: Ed25519-SK SSH keys

You can file a feature request and you may get surprised by getting it done. Based on past experience (we were begging for anything besides RSA) it's likely to take a long while (so don't hold your breathe while waiting for it to happen).
by mkx
Fri May 17, 2024 4:10 pm
Forum: General
Topic: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks
Replies: 16
Views: 1521

Re: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks

Let's say that the wg "server" is on the datacenter with a static IP and the client is behind CGNAT. Are you completely sure that the network between both WG peers is as transparrent as you'd want it to be (i.e. the only thing playing games with packets is the CG NAT on the "client&q...
by mkx
Fri May 17, 2024 3:56 pm
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2054

Re: LHGGR underperforming LTE speeds [SOLVED]

.... not all carriers can operate with 4x4 MIMO. General rule of thumb is: sub-2GHz carriers are never 4x4, they are mostly 2x2 (if not 1x1) ... with possible exception of 1.8GHz band (B3) in Europe on modernized towers. The above-2GHz carriers may be 4x4 or not, depends on age (and legacy) of cell...
by mkx
Fri May 17, 2024 3:35 pm
Forum: General
Topic: Factory firmware upgrade
Replies: 8
Views: 911

Re: Factory firmware upgrade

Maybe I wrote wrong but I would upgrade factory firmare as attached picture. Is it possible? No, the info you marked is immutable. In practice it's used to determine earliest version of firmware that can be installed on a device (yes, it's possible to downgrade firmware). And same principle applies...
by mkx
Fri May 17, 2024 10:10 am
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2054

Re: LHGGR underperforming LTE speeds [SOLVED]

Then I'm relly unsure why would I be using Mikrotik LTE devices at all.... Neither do I. Personally, I'd follow advice by @igorr29 ... get yourself a mediocre (but modern!) LTE modem with antenna ports. Then attach a pair of Iskra P-56 antennae (the page I linked is about a bundle of two antennae w...
by mkx
Fri May 17, 2024 10:03 am
Forum: Wireless Networking
Topic: Why Androids keep disconnecting?
Replies: 5
Views: 701

Re: Why Androids keep disconnecting?

As the "recipe" says, it doesn't work any more since Android 7. And no, you can't do it in "plain" ROS as it can't do the fancy http stuff (like lighthttp does). If you ran a container with some more proper http server (lighthttp or nginx or apache or ...), then you could do the ...
by mkx
Fri May 17, 2024 9:52 am
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2054

Re: LHGGR underperforming LTE speeds [SOLVED]

LTE CAT6 should suffice getting 100mbit DL But I believe with that QoS settings you may be onto somenting. Is there a way I can manually set them? LTE CAT6 only does 2CA ... and there's always possibility that device either doesn't support frequency band MNO uses at all ... or that it doesn't suppo...
by mkx
Fri May 17, 2024 9:08 am
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2054

Re: LHGGR underperforming LTE speeds [SOLVED]

The problem with MT's offerings in LTE/5G group is that included (and supported in general) modems tend to be a generation or two old. Which means they will almost always perform worse (or even much worse) than any contemporary smart phone. Because they don't support carrier aggregation to nearly th...
by mkx
Thu May 16, 2024 10:54 pm
Forum: Beginner Basics
Topic: Increasing wireless range?
Replies: 90
Views: 9034

Re: Increasing wireless range?

Also verify that package is enabled (it can be installed but disabled).
by mkx
Thu May 16, 2024 9:25 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11392

Re: [Discussion] MikroTik configuration abstraction complexity

I cannot imagine a situation where you would usefully have a port as an untagged member of multiple VLANs, which is a flexibility that this config provides. Most other manufacturers do not even allow such a configuration. I can't even imagine how such a config would work in practice. Destination IP...
by mkx
Thu May 16, 2024 11:58 am
Forum: Beginner Basics
Topic: Secondary IPv6 route weirdness with Hurricane Electric tunnel [SOLVED]
Replies: 13
Views: 6378

Re: Secondary IPv6 route weirdness [SOLVED]

I think that some recent ROS version added support for deprecation RAs ... which are sent out when IPv6 address disappears from LAN interface. It's meant to happen if delegated prefix changes which makes change in DHCPv6 pool and consequently change in LAN interface IPv6 address. May be this solves ...
by mkx
Thu May 16, 2024 11:51 am
Forum: Wireless Networking
Topic: Upload Speed Impact on Download Performance
Replies: 5
Views: 460

Re: Upload Speed Impact on Download Performance

I'm not an expert on QoS in ROS, so I don't know if there are any mechanisms which would prioritize ACKs over full-payload packets. The additional problem here is that it seems that it's DL direction where congestion affects the bi-di throughputs. And DL direction is in ISP's hands. The only thing t...
by mkx
Thu May 16, 2024 11:26 am
Forum: RouterBOARD hardware
Topic: Switch Synergistic Research UEF
Replies: 4
Views: 550

Re: Switch Synergistic Research UEF

I think that after you purchase device, it's legally yours. So you can repackage it in a different case and place any kind of stickers on it. And you can sell it further (specially so if you also provide warranty services for the sold device). When it comes to software, things are different. You're ...
by mkx
Thu May 16, 2024 10:58 am
Forum: Wireless Networking
Topic: Upload Speed Impact on Download Performance
Replies: 5
Views: 460

Re: Upload Speed Impact on Download Performance

I've noticed that whenever I initiate an upload, there is a significant drop in download speed. This seems counterintuitive, as I would expect both upload and download activities to operate efficiently in parallel. The way TCP works (and most connections nowdays are TCP) is that every packet in for...
by mkx
Thu May 16, 2024 10:45 am
Forum: Beginner Basics
Topic: Secondary IPv6 route weirdness with Hurricane Electric tunnel [SOLVED]
Replies: 13
Views: 6378

Re: Secondary IPv6 route weirdness [SOLVED]

... if it were true, how come fallback to my ISP's native IPv6 feels instant?
As I wrote I don't have any 1st hand experience. Since this is an issue which involves both router and clients, it would be necessary to do analysis on both ...
by mkx
Thu May 16, 2024 9:14 am
Forum: General
Topic: Cannot ping public wan IP from lan network [SOLVED]
Replies: 13
Views: 6898

Re: Cannot ping public wan IP from lan network [SOLVED]

... perhaps you can mark my post as the solution (instead of your own post) 8)
Why? It was @pajsije who did the job on his router :-P
by mkx
Thu May 16, 2024 9:12 am
Forum: Beginner Basics
Topic: NAT driving me nuts
Replies: 6
Views: 527

Re: NAT driving me nuts

Would a hairpin NAT be required for other subnets managed on the same router? No. hair-pin NAT is requirement because server (seeing clients on the same subnet) doesn't know it should send return traffic over router (which is necessary to un-do the dst-nat) ... which makes client see return traffic...
by mkx
Thu May 16, 2024 9:01 am
Forum: Beginner Basics
Topic: Secondary IPv6 route weirdness with Hurricane Electric tunnel [SOLVED]
Replies: 13
Views: 6378

Re: Secondary IPv6 route weirdness [SOLVED]

The problem with IPv6 (as compared to IPv4 with NAT) is that IPv6 normally doesn't do NAT. So when you have two public IPv6 prefixes, every client needs to have IPv6 addresses from different prefixes and then it's up to client to select which IPv6 address it wants to use for a particular connection....
by mkx
Thu May 16, 2024 8:54 am
Forum: Beginner Basics
Topic: Wifi speed very low on L900UiGS
Replies: 24
Views: 1306

Re: Wifi speed very low on L900UiGS

What are you expecting? With old TPlink router was 60-100Mbps, i don't know how... The channel scan you posted shows, that the 2.4GHz spectrum is quite heavily used in your neighbourhood. So it to be expected that performance is not stellar. Your "old TPlink" might have used more Tx power...
by mkx
Wed May 15, 2024 11:24 am
Forum: Beginner Basics
Topic: NAT driving me nuts
Replies: 6
Views: 527

Re: NAT driving me nuts

You need hair-pin NAT when clients, residing in same IP subnet as server, want to use public IP address to connect to.
by mkx
Wed May 15, 2024 11:20 am
Forum: General
Topic: Factory firmware upgrade
Replies: 8
Views: 911

Re: Factory firmware upgrade

It's easy. Just use the built-in upgrade in Winbox. You might have to do it a few times. The first time it will upgrade to the newest 6.x and then do it again and it will go to somewhere around 7.12, and then do it again and it will go to 7.14 IIRC, hitting upgrade in v6 will only go up to latest v...
by mkx
Wed May 15, 2024 11:02 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 109101

Re: v7.15rc [testing] is released!

... when a user process (like the DNS resolver, the proxy, etc) allocates memory, it normally does so by requesting a block of memory from the kernel, giving out small pieces of that to the program requiring them (e.g. a cache, some buffers, some other data structure), and when the program decides ...
by mkx
Wed May 15, 2024 9:23 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 109101

Re: v7.15rc [testing] is released!

Yes, but what do you want to happen? Should the router not add more entries to the list when that would consume all memory ... Yes, that's exactly what I'd expect. At the same time I'd expect to start flooding log with error message about inability to add new entries due to low memory state. Having...
by mkx
Tue May 14, 2024 11:03 am
Forum: General
Topic: ISP network communication x Internal network with Mikrotik
Replies: 1
Views: 285

Re: ISP network communication x Internal network with Mikrotik

If your router's config is more or less default (and you're using one of SOHO-line routers, not the pro-line, which mostly includes CCR routers), then firewall filter config prevents any communication started from WAN side towards LAN (so started from 192.168.15.0/24 in your case). If the firewall c...
by mkx
Mon May 13, 2024 11:15 pm
Forum: RouterBOARD hardware
Topic: I cant solve bufferbloat issue with my hap ac2 router.
Replies: 12
Views: 2200

Re: I cant solve bufferbloat issue with my hap ac2 router.

So I did some "measurements" of bufferbloat. I did it using waveform web test. It was 3 quite distinct setups with very distinct results. What was in common for all tests was my router and ISP line (router is hAP ac2, running 7.14.3; ISP line is 1000/100 GPON). So here are results: testing...
by mkx
Mon May 13, 2024 6:18 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ Broken Reset Button
Replies: 7
Views: 498

Re: CCR1009-7G-1C-1S+ Broken Reset Button

If it doesn't melt the tweezers it'll probably be fine.
by mkx
Mon May 13, 2024 5:56 pm
Forum: Wireless Networking
Topic: AP in L2 mode with CAPsMAN Guest Wi-Fi problem [SOLVED]
Replies: 13
Views: 7432

Re: AP in L2 mode with CAPsMAN Guest Wi-Fi problem [SOLVED]

Because you have this construct: add bridge=bridge comment=defconf frame-types=\ admit-only-untagged-and-priority-tagged interface=wlan1 \ internal-path-cost=10 path-cost=10 pvid=1300 Even though radio part is provisioned by CAPsMAN, the bridge config is still in force. If you remove this line, then...
by mkx
Mon May 13, 2024 2:41 pm
Forum: Wireless Networking
Topic: AP in L2 mode with CAPsMAN Guest Wi-Fi problem [SOLVED]
Replies: 13
Views: 7432

Re: AP in L2 mode with CAPsMAN Guest Wi-Fi problem [SOLVED]

I think you have to set datapath.vlan-mode to "use-tag". Otherwise VLAN headers won't be handled by wireless driver when passing between wireless interface and bridge. And as far as I remember (I'm not running capsman ATM) capsman doesn't do anything about bridge when provisioning wireless...
by mkx
Mon May 13, 2024 8:51 am
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 821

Re: hAP ax2 - best WiFi configuration for range?

set country USA If one is located in one of ETSI countries, then setting to "United States" will prevent them to use otherwise legal channels 12 and 13 (on 2.4GHz band). The example I provided is better than US in this aspect. It does miss U-NII-4 channels, but these tend to make problems...
by mkx
Mon May 13, 2024 8:46 am
Forum: Wireless Networking
Topic: hAP AX2 - broken wifi (no SSID can be found)
Replies: 17
Views: 1646

Re: hAP AX2 - broken wifi (no SSID can be found)

In addition to what @bpwl wrote (or to emphasize statement "802.11ax is advanced in possible frequencies"): it is possible that your ax2 selects frequency which is not supported by wifi clients. So when in doubt, try to manually set frequency to 5180 ... it's a channel available since The ...
by mkx
Mon May 13, 2024 8:40 am
Forum: Wireless Networking
Topic: Wireless Wire kit license upgrade question
Replies: 4
Views: 409

Re: Wireless Wire kit license upgrade question

RBwAPG-60adkit only has 60GHz radio ... I highly doubt your wifi stations you want to use in the garage have 60GHz radios as well. So converting one of wireless wire devices to AP bridge wouldn't change a tiniest bit. Unless you're thinking of adding a wireless wire link inside garage ... that would...
by mkx
Mon May 13, 2024 8:33 am
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 821

Re: hAP ax2 - best WiFi configuration for range?

As I understand lowering the antenna-gain will boost the antenna range, is there a limit for the "highest power" setting on the ax2? E.g. setting it to 0 should make the signal the strongest ? ax2 has (almost certainly) set min-antenna-gain property to whatever you can set the lowest valu...
by mkx
Mon May 13, 2024 8:17 am
Forum: General
Topic: Firewall site
Replies: 3
Views: 417

Re: Firewall site

If the site, which should be allowed, is hosted on some "old school" server (i.e. not on some super fancy cloud provider but rather on a server with static IP which is not shared with other sites), then this should be easy. Otherwise it's next to impossible as others already stated. So it ...
by mkx
Sun May 12, 2024 6:42 pm
Forum: RouterBOARD hardware
Topic: Fan Speed at 5k RPM [SOLVED]
Replies: 18
Views: 6862

Re: Fan Speed at 5k RPM [SOLVED]

It just seems weird to me... a more sensible cooling solution or hardware than runs less hot would have opened the market tremendously. I can't say if it would make a big difference (I dont have this switch so I don't know how loud it is), but: SFP+ modules for FO run quite much cooler, so if this ...
by mkx
Sun May 12, 2024 6:36 pm
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 821

Re: hAP ax2 - best WiFi configuration for range?

Ok thanks for the tips. I should have bought the ax3 then... :/ As long as you want to remain within country regulatory limits, device with big ugly array of antennae won't help much with range (in principle it is only allowed to enhance reception). Even more, with high gain antennae it's important...
by mkx
Sun May 12, 2024 5:21 pm
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 821

Re: hAP ax2 - best WiFi configuration for range?

Should I use 20/40MHz channel width for optimal performance?
Using narrower channel (i.e. 20MHz only) will give you slightly longer range.

But as @gotsprings wrote: use wires (and/or multiple APs).
by mkx
Sun May 12, 2024 4:46 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11392

Re: [Discussion] MikroTik configuration abstraction complexity

We are, this way or another, forced to use both documentation systems. The old wiki may be more readable (this is subjective of course) and describes v6 (for those still using it). The new help is a must when using new features of v7. Most contents is the same in both (but can be presented different...
by mkx
Sun May 12, 2024 4:35 pm
Forum: General
Topic: VLAN distribution over bridges / basic VLAN configuration hints
Replies: 7
Views: 461

Re: VLAN distribution over bridges / basic VLAN configuration hints

So if understand you right, both port 1 and port 13 will connect to the switch. If this is so, then set port 13 to be edge port. You will probably have to do similar thing on switch. Otherwise you may have issues with RSTP blocking one of these ports.
by mkx
Sun May 12, 2024 2:24 pm
Forum: General
Topic: VLAN distribution over bridges / basic VLAN configuration hints
Replies: 7
Views: 461

Re: VLAN distribution over bridges / basic VLAN configuration hints

Yup, I've had this in my mind. So in event of power loss, does this behaviour pose a threat to security of your LAN devices? If you're going to connect ISP and VoIP to these two ports, then described behaviour might even be wanted (if port connects dedicated VoIP infrastructure ... VoIP phones would...
by mkx
Sun May 12, 2024 2:19 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 750

Re: How to configure trunk port on CCR1009?

I'm out of ideas, hopefully somebody with CCR1009 experience will chime in.
by mkx
Sun May 12, 2024 1:34 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 750

Re: How to configure trunk port on CCR1009?

Doesn't seem off either.

Did you perform a cold boot of CCR since finalizing its config? In some rare cases this does seem to be necessary.
by mkx
Sun May 12, 2024 1:29 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 391
Views: 204824

Re: Mikrotik VDSL / DSL Modem?

Is possible obtain RouterOS 6.41rc20 from somewhere please?
Why on earth would anyone want a 2017 version with tons of bugs and security issues?
And above all a Release Candidate even.
by mkx
Sun May 12, 2024 1:26 pm
Forum: RouterBOARD hardware
Topic: Fan Speed at 5k RPM [SOLVED]
Replies: 18
Views: 6862

Re: Fan Speed at 5k RPM [SOLVED]

With rack ears attached and mounted inside a communication rack it's not as bad :wink:
by mkx
Sun May 12, 2024 1:20 pm
Forum: General
Topic: VLAN distribution over bridges / basic VLAN configuration hints
Replies: 7
Views: 461

Re: VLAN distribution over bridges / basic VLAN configuration hints

If you're passing VLAN 40 to switch, then by using single bridge you may run into issues with STP/RSTP (these don't take VLANs into account). But OTOH nothing is stopping you from adding VLAN 40 to the trunk connection with single-bridge approach. Beware of specifics of ether11/12 on RB1100AHx4 ... ...
by mkx
Sun May 12, 2024 1:06 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 750

Re: How to configure trunk port on CCR1009?

Can you show CSS config as well?
by mkx
Sun May 12, 2024 1:00 pm
Forum: General
Topic: TCP port forwarding not working [SOLVED]
Replies: 7
Views: 5688

Re: TCP port forwarding not working [SOLVED]

Apparently, the UDP and TCP routing works very different No, routing is exactly the same for whole L3 family ... in your case IP. When it comes to routing, L4 (TCP vs. UDP) is a payload which doesn't affect the decissions. (it does matter when it comes to firewalling though, which obviously include...
by mkx
Sun May 12, 2024 12:38 pm
Forum: General
Topic: VLAN distribution over bridges / basic VLAN configuration hints
Replies: 7
Views: 461

Re: VLAN distribution over bridges / basic VLAN configuration hints

When it comes to bridge HW offload to underlying switch(es), it's important to keep in mind a few facts: one bridge can be offloaded to single switch chip. If ports, connected to a switch chip, belong to different bridges, then only a part of ports will actually enjoy benefits of HW offload one brid...
by mkx
Sun May 12, 2024 12:11 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 750

Re: How to configure trunk port on CCR1009?

It doesn't seem to be too off to me. With possible discrepancy in overall config: you have VLAN interfaces for VIDs 10 and 11 ... TRUNK is not member of VID 10 and there's VID 12 used as bridge VLAN (without any other related config). These are not necessarily wrong, it really depends on the overall...
by mkx
Sat May 11, 2024 9:34 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 750

Re: How to configure trunk port on CCR1009?

All mikrotik devices since ROS v6.42 can do bridge VLAN . Some can offload it to hardware (switch chip; RB750Gr3 is one of them), others do it with their general-purpose CPU. But the end effect is the same. If configured properly. So why your hEX config, transplanted to CCR, doesn't work is a big qu...
by mkx
Sat May 11, 2024 4:10 pm
Forum: Wireless Networking
Topic: L22UGS-5HaxD2HaxD chanel width?
Replies: 4
Views: 821

Re: L22UGS-5HaxD2HaxD chanel width?

Tx power is (hard) limited by Tx power amplifier capability (it seems to be 28dBm for mANTBox ax), by country regulations which take antenna gain into consideration (15dBi for 5FHz band is probably hard coded), that's EIRP. If country regulation for your whole channel span used is at e.g. EIRP=30dBm...
by mkx
Sat May 11, 2024 3:45 pm
Forum: General
Topic: Connect two network segments (LAN and EV charging management)
Replies: 1
Views: 298

Re: Connect two network segments (LAN and EV charging management)

How do I connect the two LANs so that I can access the controller API, but it cannot access the Internet and other devices from the controller LAN cannot access my LAN? Use dedicated subnet for charging network on your router (e.g. remove one port from bridge, connect charging LAN to that port, add...
by mkx
Sat May 11, 2024 3:05 pm
Forum: Beginner Basics
Topic: Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD
Replies: 6
Views: 1012

Re: Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD

wireless package on L009 probably came with upgrade from pre-7.13 to current version. Previously wireless was integrsl verdion of routeros package and upgrade (blindly) installs it (unless wifiwave2 driver was installed previously). The station disconnects seem to be caused by station devices themse...
by mkx
Fri May 10, 2024 9:09 pm
Forum: RouterBOARD hardware
Topic: Any plans for a hEX PoE+?
Replies: 14
Views: 1704

Re: Any plans for a hEX PoE+?

So basically you can power the the RB960PGS-PB and its 4 PoE-out ports using a single PoE-In cable? I'm curious because I tried using a 48 V injector to power my hEX S (on eth1) and then hooked up a 48 V PoE access point (TP-Link EAP653) to eth5 and the access point wouldn't power on at all. hEX S ...
by mkx
Fri May 10, 2024 8:58 pm
Forum: General
Topic: DNS Issues in Station Mode [SOLVED]
Replies: 2
Views: 4560

Re: DNS Issues in Station Mode [SOLVED]

A few things:
  1. move IP address from wifi1 interface to bridge interface (probably not the show stopper, but it's wrong anyway)
  2. add default route, e.g.
    /ip/route/add gateway=10.62.14.1
    
    (I'm assuming this is the address of your main router)
by mkx
Fri May 10, 2024 8:38 pm
Forum: Beginner Basics
Topic: Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD
Replies: 6
Views: 1012

Re: Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD

As you have ax cAPs, they are running wifi-qcom drivers. So on CAPsMAN (L009) you don't need wireless package (on L009 it only provides support for legacy capsman which you don't need). Basis routeros package already provides support for new capsman. And it's configured exclusively in /interface/wif...
by mkx
Fri May 10, 2024 4:02 pm
Forum: Wireless Networking
Topic: Apple Devices not roaming correctly?
Replies: 12
Views: 1045

Re: Apple Devices not roaming correctly?

13:59:47 wireless,info 70:31:7F:DE:D9:E2@Wifi-AP1 disconnected, connection lost, signal strength -66 13:59:47 wireless,debug 70:31:7F:DE:D9:E2@Wifi-AP1 disassociated, connection lost, signal strength -66 13:59:55 wireless,debug 70:31:7F:DE:D9:E2@Wifi-AP1 associated, signal strength -62 13:59:55 wir...
by mkx
Fri May 10, 2024 3:33 pm
Forum: RouterBOARD hardware
Topic: help buying equipment
Replies: 12
Views: 749

Re: help buying equipment

Not likely. My hAP ac2 can do around 300Mbps of IPv6 (no fasttrack support for IPv6) while it can easily do 1Gbps of IPv4 (with fasttrack fully used). @OP wants to use queues, so fasttrack is not really an option (unless using hardware queues but I don't know if these can be used when limiting throu...
by mkx
Fri May 10, 2024 2:56 pm
Forum: RouterBOARD hardware
Topic: Can't find a suitable router... product lines a mess
Replies: 26
Views: 2060

Re: Can't find a suitable router... product lines a mess

... for the saved wireless card ... Not even that, in hAP ax2 and hAP ax3 wireless is part of SoC. With possible exception of power amplifier (if even that). So the manufacturing cost drop would only come from missing antennae. If those are procured from some Chinese fruit market, this would probab...
by mkx
Fri May 10, 2024 2:41 pm
Forum: General
Topic: Slow FTP upload speed via GRE Tunnel
Replies: 16
Views: 1181

Re: Slow FTP upload speed via GRE Tunnel

Could be wrong, but I don't think you can use fast-track with IPSec-enabled GRE tunnel. No, you can't. Default firewall has these two rules add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defco...
by mkx
Fri May 10, 2024 2:37 pm
Forum: General
Topic: serious problem with arp table!
Replies: 8
Views: 766

Re: serious problem with arp table!

I found that manually removing the IP from the ARP table immediately restored connectivity. Upon checking my DHCP server settings, I noticed that "Add ARP for Leases" was enabled. Playing with non-default ARP settings (both in DHCP server and bridge properties) is most often not necessary...
by mkx
Thu May 09, 2024 8:47 am
Forum: RouterBOARD hardware
Topic: Can't find a suitable router... product lines a mess
Replies: 26
Views: 2060

Re: Can't find a suitable router... product lines a mess

Regarding disabling wireless, I think there is some psychological barrier to shutting down capability deliberately compared with simply not using performance. We're (kind of) engineers here, so psychological reasons should not be considered, right? I'm using hAP ac2 (with the problem of having too ...
by mkx
Thu May 09, 2024 8:44 am
Forum: RouterBOARD hardware
Topic: HAP AC3 not performing well (Can't reach max WiFi) [SOLVED]
Replies: 8
Views: 5344

Re: HAP AC3 not performing well (Can't reach max WiFi) [SOLVED]

I do a frequency scan but don't see any overlaps. Some proprietary protocols don't shown on 802.11 devices ... IIRC nstream is such protocol (normal wifi devices won't detect it, they might show higher noise floor though) but nv2 does show (it's a while since I did those scans so I forgot about det...
by mkx
Thu May 09, 2024 8:40 am
Forum: RouterBOARD hardware
Topic: help buying equipment
Replies: 12
Views: 749

Re: help buying equipment

It's not really about number of users, it's more about combined throughput and the processing burden you'd like to place on router. Look at test results. The problem with test results is that they rely on using fast track heavily. In real life things are not as ideal, so one has to take results with...
by mkx
Thu May 09, 2024 8:30 am
Forum: RouterBOARD hardware
Topic: hAP ax² - PoE in
Replies: 1
Views: 390

Re: hAP ax² - PoE in

It should be possible, both devices support 24V and passive PoE. Power budget of both devices is fine as well (hAP ax2 max PoE out current is 600mA, CSS610 uses up to 11W, at 24V that's around 460mA). The only constraint is that CSS has to be connected with erther1 (labeled as "PoE in") to...
by mkx
Thu May 09, 2024 8:27 am
Forum: RouterBOARD hardware
Topic: Fan Speed at 5k RPM [SOLVED]
Replies: 18
Views: 6862

Re: Fan Speed at 5k RPM [SOLVED]

The RJ-45 SFP+ module is at over 70 degrees C and looping in and out of existence on the switch. Indeed fan speed depends also on SFP modules temperatures. And yes, RJ-45 modules (specially SFP+, so speeds up to 10Gbps) tend to run hot, so yes, fans tend to run faster than needed for switch electro...
by mkx
Thu May 09, 2024 8:11 am
Forum: General
Topic: RouterOS crash upon importing Wireguard config
Replies: 3
Views: 400

Re: RouterOS crash upon importing Wireguard config

First of all, I recommend you to upgrade ROS to the most recent stable version (7.14.3 ATM).

Next: how exactly are you "importing a known-good Wireguard config" to your router?
by mkx
Thu May 09, 2024 8:03 am
Forum: Announcements
Topic: Long range wireless links - share your experience
Replies: 50
Views: 50580

Re: Long range wireless links - share your experience

My current 27km AirFiber 5XHD link on 3' (1m) 34dBi antennas and 100MHz of spectrum ... This setup hardly qualifies as "wifi based link". While it does use frequency from U-NII-3 band, it obviously doesn't use 802.11-compliant channel width (which would be either 80MHz or 160MHz) ... and ...
by mkx
Wed May 08, 2024 9:01 pm
Forum: RouterBOARD hardware
Topic: HAP AC3 not performing well (Can't reach max WiFi) [SOLVED]
Replies: 8
Views: 5344

Re: HAP AC3 not performing well (Can't reach max WiFi) [SOLVED]

TxRx rate in the "Status" page of the WLAN2 interface shows to be 585Mbs. This shows you that signal loss between both devices is considerable. And apart from removing the obstacle there isn't much that can be done. Then it comes to efficiency of using the "raw interface rate" f...
by mkx
Wed May 08, 2024 8:38 pm
Forum: RouterBOARD hardware
Topic: Fan noise under SwOS on CRS310-8G+2S+
Replies: 3
Views: 446

Re: Fan noise under SwOS on CRS310-8G+2S+

I always assumed SwOS being way simpler might also lead to less CPU load and thus power consumption ... If configured properly, then handling of actual traffic would be done by switch ASIC in both cases. The difference is in management (but that's only effective when management is on-going ... and ...
by mkx
Wed May 08, 2024 7:59 pm
Forum: General
Topic: CRS310-8G+2S+IN brick
Replies: 7
Views: 645

Re: CRS310-8G+2S+IN brick

I'm out of ideas. You may want to ask support@mikrotik.com if there are any other options (if device had serial console, then you'd have option to boot back into ROS and proceed from there).
by mkx
Wed May 08, 2024 7:32 pm
Forum: General
Topic: RB5009 + SFP DFP-34X-2C2. How to get 2,5Gbps?
Replies: 2
Views: 470

Re: RB5009 + SFP DFP-34X-2C2. How to get 2,5Gbps?

Are you sure it's not optimally performing already? SFP+ has 10Gbps line rate ... AFAIK host and module always talk at this rate. What then module negotiates with its fiber peer is pretty differrent thing. And quite possibly it negotiates 2.5Gbps as well ... and that 500Mbps service you're subscribe...
by mkx
Wed May 08, 2024 6:53 pm
Forum: Beginner Basics
Topic: Netinstall
Replies: 1
Views: 261

Re: Netinstall

After picking router, netinstall may only show packages applicable to your router. Check hardware platform, it has to match ...
by mkx
Wed May 08, 2024 9:23 am
Forum: General
Topic: CRS310-8G+2S+IN brick
Replies: 7
Views: 645

Re: CRS310-8G+2S+IN brick

CRS devices which can dual boot ROS or SwOS are a bit nastier beasts. You said you netinstalled device with "7.11.1-4" which doesn't conform to Mikrotik version notation ... so not sure what exactly did you netinstall, but it might indicate you installed ROS. Indeed winbox should help acce...
by mkx
Wed May 08, 2024 9:14 am
Forum: Beginner Basics
Topic: How to block IP range when NATed?
Replies: 11
Views: 996

Re: How to block IP range when NATed?

I get this BL WL. I will try to make it that way. src-address-list is a path from the root or from some specific dir? I'm not sure I'm getting your question. src-address-list acts similarly to src-address ... but takes name of address list as parameter. You have a feasible address list in your conf...
by mkx
Tue May 07, 2024 10:49 pm
Forum: RouterBOARD hardware
Topic: Fan noise under SwOS on CRS310-8G+2S+
Replies: 3
Views: 446

Re: Fan noise under SwOS on CRS310-8G+2S+

I'd go with ROS without a second thought.

CRS310 can be quite a beast of a router when running ROS v7 (with L3HW) ... when you only need the device as a (higher-end) switch, this may compare to a a pile of chrome and huge alloy rims on a family sedan ... but why not if it's for free? :wink:
by mkx
Tue May 07, 2024 10:45 pm
Forum: Beginner Basics
Topic: How to block IP range when NATed?
Replies: 11
Views: 996

Re: How to block IP range when NATed?

Oh my, what a convoluted firewall. It would be much easier, if you'd have explicit ultimate rule in the line of chain=forward action=drop ... preceeded by explicit allow rules. Now, if you build a black list of addresses, it's wise to have white list as well. So you first accept connections from whi...
by mkx
Tue May 07, 2024 6:43 pm
Forum: General
Topic: Switch VLAN Table Dynamic entries or invalid ports
Replies: 1
Views: 247

Re: Switch VLAN Table Dynamic entries or invalid ports

I think that we should simply forget about anything changing for CRS1xx or CRS2xx. If these were made by any other vendor, they would be long since end of support (probably stuck at running v6.42 or something). Quite a few other devices are in the same boat (all having Qualcomm switch chips or Qualc...
by mkx
Tue May 07, 2024 6:38 pm
Forum: General
Topic: Debian installer (Preseed) fom dhcp
Replies: 1
Views: 296

Re: Debian installer (Preseed) fom dhcp

DHCP server in ROS lacks any of non-essential functionalities.
by mkx
Tue May 07, 2024 6:37 pm
Forum: General
Topic: CRS310-8G+2S+IN brick
Replies: 7
Views: 645

Re: CRS310-8G+2S+IN brick

Winbox and SwOS are two quite distinct things. Winbox is OK for ROS-running devices, one needs web browser for SwOS.
by mkx
Tue May 07, 2024 4:08 pm
Forum: Beginner Basics
Topic: How to block IP range when NATed?
Replies: 11
Views: 996

Re: How to block IP range when NATed?

Show us firewall configuration (execute /ip firewall export file=anynameyouwish from UI, fetch the file off device, open it with text editor and copy-paste it here inside [code] [/code] environment).
by mkx
Tue May 07, 2024 10:59 am
Forum: SwOS
Topic: Features SwOS RB260GS/RB260GSP
Replies: 6
Views: 678

Re: Features SwOS RB260GS/RB260GSP

I think if you better must go for a CRS switch which can offer much better management features because works using RouterOS, is worth the price increase Switching is SOOOO much easier to deal with in SwitchOS... Better and easier can be quite much anti-correlated. And easier can be subjective ... e...
by mkx
Tue May 07, 2024 10:50 am
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 14
Views: 1963

Re: NetMetal ax / L23-UGSR — initial feedback from specs

1. Any reason it does not support USB 3.0?
USB3.0 can kill 2.4GHz WiFi. USB2.0 can do up to (realistically) 400Mbps, which is not that bad either.
by mkx
Tue May 07, 2024 10:45 am
Forum: RouterBOARD hardware
Topic: 48V or 57V power supply for hEX PoE?
Replies: 7
Views: 750

Re: 48V or 57V power supply for hEX PoE?

Q(PSE): Hi, is there a device on the other end of this cable A(PD): Yes, I am here Q(PSE):Good, which kind of device are you? A(PD): I am an 802.3at device. Q(PSE):That's what you say, let me make sure, are you a 802.3at device? A:(PD):Yes, I am an 802.3at (class 4) device. A:(PSE):Ah, ok, I am giv...
by mkx
Tue May 07, 2024 10:40 am
Forum: RouterBOARD hardware
Topic: I cant solve bufferbloat issue with my hap ac2 router.
Replies: 12
Views: 2200

Re: I cant solve bufferbloat issue with my hap ac2 router.

When fasttrack is disabled on hAP ac2, then max throughput is severely limited. My experience with IPv6 (no fasttrack support) shows that hAP ac2 can do somewhere around 350Mbps (give or take). Processing queues adds to CPU workload. So I guess you'd have to drastically reduce queue throughput (to s...
by mkx
Tue May 07, 2024 9:09 am
Forum: RouterBOARD hardware
Topic: RB450Gx4 Performance and POE out
Replies: 4
Views: 2540

Re: RB450Gx4 Performance and POE out

If max power consumption is maximum 16 W, how can the poe out be 57 V x 0.5 A = 18.5 W + 4 W internal use = 22.5 W. I guess that power consumption is calculated with offered powering options (18POW and 24HPOW) in mind, they both supply 24V. So 0.5A * 24V = 12W .. and 4W+12W=16W ... I guess that max...
by mkx
Tue May 07, 2024 9:01 am
Forum: Wireless Networking
Topic: Local vs Capsman Forwarding
Replies: 5
Views: 495

Re: Local vs Capsman Forwarding

So what the goal mikrotik have capsman feature if with this configuration the performance degraded? This feature was just fine with 802.11g (max 54Mbps code rate, 30Mbps actual data throughput) cAPs. A nice feature: CAPsMAN connection can be routed over MAN/WAN links and capsman forwarding in this ...
by mkx
Mon May 06, 2024 12:31 pm
Forum: Beginner Basics
Topic: Different Software-ID on same Model
Replies: 1
Views: 304

Re: Different Software-ID on same Model

I don't think software ID has anything with hardware[*]. I've got two devices RB951G, both purchased around the same time, both came with similar factory installed ROS and firmware, AFAIK there weren't different revisions of this model. And yet they have completely different software ID. [*]it might...
by mkx
Mon May 06, 2024 9:15 am
Forum: Beginner Basics
Topic: Trying to understand the need for MSS Clamping [SOLVED]
Replies: 5
Views: 4480

Re: Trying to understand the need for MSS Clamping [SOLVED]

MTU/MSS/MRU was an issue from beginning of internet. In IPv4, packet fragmentation was allowed and until certain point in time, all routers did it if needed. However, it's burden for routers and fragmentation slowly ceased to happen, instead routers started to drop packets which exceeded MTU of next...
by mkx
Sun May 05, 2024 6:39 pm
Forum: RouterBOARD hardware
Topic: Any plans for a hEX PoE+?
Replies: 14
Views: 1704

Re: Any plans for a hEX PoE+?

I bought a 48V PoE+ injector hoping I could feed the hEX S PoE-in (this worked) and simultaneously the AP using on eth5 using the PoE-out featuere, only to learn that this doesn't work when the hEX S is powered using PoE-in, even though the injector has more than enough power to supply the two devi...
by mkx
Sun May 05, 2024 6:27 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 109101

Re: v7.15rc [testing] is released!

@kcarhc ... free storage space on 15.3MiB ARM devices is a different issue than RAM memory leak. It's common knowledge (without any speciffic insights) that hAP ac2 running ROS v7 should either be used as pretty simple AP or as router without any wireless package intalled. In both cases it runs pret...
by mkx
Sun May 05, 2024 6:10 pm
Forum: Beginner Basics
Topic: Mopidy issue
Replies: 9
Views: 915

Re: Mopidy issue

... mopidy needs now IP in config. Unless you configured web proxy on Mikrotik, it doesn't change payload of packets ... it can block them (firewall rules) or change source and destination IP address and/or port (NAT rules). As I already wrote, it's client which includes server FQDN in application ...
by mkx
Sun May 05, 2024 4:00 pm
Forum: Beginner Basics
Topic: Mopidy issue
Replies: 9
Views: 915

Re: Mopidy issue

If that's so then it seems mopidy doesn't seem to like being used with that particular name.

Does mopidy have any logs? Anything in them when you're unable to access mopidy using name?
by mkx
Sun May 05, 2024 3:13 pm
Forum: General
Topic: Changing MTU of 10G SFP Port Drops All Traffic On CCR2216
Replies: 4
Views: 609

Re: Changing MTU of 10G SFP Port Drops All Traffic On CCR2216

Thought not sure why you can't connect to it via IP.

My thinking is packets, transmitted by CCR, are too big for management station if that one is not set for jumbo frames as well. Wireshark might tell (probably not), some diagnostic counters on management station's NIC as well.
by mkx
Sun May 05, 2024 3:08 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 671
Views: 209730

Re: v7.14.3 [stable] is released!

Is there anything about wlan2 in logs since reboot?
by mkx
Sat May 04, 2024 9:13 pm
Forum: General
Topic: Changing MTU of 10G SFP Port Drops All Traffic On CCR2216
Replies: 4
Views: 609

Re: Changing MTU of 10G SFP Port Drops All Traffic On CCR2216

Changing MTU has to be done carefully ... and on all devices in same L3 network (subnet) as every member of eubnet has to be able to receive jumbo packets (MRU usually closely follows MTU). and this relies on all devices being able to use large L2MTU.
by mkx
Fri May 03, 2024 2:23 pm
Forum: RouterBOARD hardware
Topic: Cascading switches
Replies: 9
Views: 647

Re: Cascading switches

@jvanhambelgium - Just curious, why do you want to turn off STP considering there will likely be multiple devices connected to each switch? STP has nothing to do with number of devices connected to each switch, it has to do with loop detection and prevention. While one can never be sure there won't...
by mkx
Fri May 03, 2024 1:52 pm
Forum: General
Topic: [Feather Request] Ignore bad DHCPv6 DUID
Replies: 7
Views: 2319

Re: [Feather Request] Ignore bad DHCPv6 DUID

As @strods explained: the DUID sent out by ISP of @OP is not DUID value , it's only DUID type. So strictly speaking ROS can't treat "DUID as opaque VALUE" because value in this case is NULL. Yeah, probably wouldn't hurt anybody if ROS accepted NULL as DUID value ... but since ROS is doing ...
by mkx
Fri May 03, 2024 1:40 pm
Forum: Beginner Basics
Topic: Mopidy issue
Replies: 9
Views: 915

Re: Mopidy issue

Passing name, with which client is trying to connect server (e.g. SNI), is the matter of application layer, it has nothing to do with router or firewall (which work on lower layers). So why mopidy client doesn't tell mopidy server it's trying to access "music.lan" is up to mopidy client. Y...
by mkx
Fri May 03, 2024 1:28 pm
Forum: Beginner Basics
Topic: PPPoE Connection over SFP Port
Replies: 19
Views: 1696

Re: PPPoE Connection over SFP Port

sfp-sfpplus1 interface doesn't seem to be in connected/running state. What does ODI UI say about GPON status? You'll have to verify it's established between SFP+ module and OLT.
by mkx
Thu May 02, 2024 9:13 pm
Forum: Wireless Networking
Topic: What download/upload can I get having such parameters.
Replies: 1
Views: 318

Re: What download/upload can I get having such parameters.

Signal strength and quality are good, there's CA available. If you were the only user in these two cells, you could get something like 150/35 Mbps (R11e-LTE6 doesn't do CA in uplink). Actual performance will very much depend on cell load which varies with time of day and is usually the worst during ...
by mkx
Thu May 02, 2024 4:16 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11392

Re: [Discussion] MikroTik configuration abstraction complexity

Configuration abstraction complexity stems from the simple fact that MikroTik never built their own custom data-plane, they relied on Linux kernel data-plane all these years instead ... Well, Mikrotik obviously doesn't have in-house development resources to go for custom anything large scale. They ...
by mkx
Thu May 02, 2024 11:36 am
Forum: Wireless Networking
Topic: Receive UDP packets without established connection
Replies: 7
Views: 500

Re: Receive UDP packets without established connection

Even though L4 data is unacknowledged type (UDP), WiFi layer (L2 in particular) still requires some bi-directional communication (ACKs of wireless frames for example) when data is sent to unicast destination address. Which means that jamming transmitting side effectively blocks it from transmitting ...
by mkx
Thu May 02, 2024 12:13 am
Forum: Wireless Networking
Topic: Receive UDP packets without established connection
Replies: 7
Views: 500

Re: Receive UDP packets without established connection

What in particular does mean "Mikrotik A is jammed"?
by mkx
Wed May 01, 2024 11:40 pm
Forum: Wireless Networking
Topic: Receive UDP packets without established connection
Replies: 7
Views: 500

Re: Receive UDP packets without established connection

UDP is state-less L4 protocol ... meaning that UDP connections are not really established, there is no connection handshake. Instead one side starts to transmit packets and the other side may (or may not) transmit packets in the opposite direction. Whether traffic is bidirectional or not entirely de...
by mkx
Wed May 01, 2024 8:55 pm
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 1652

Re: iperf3 in docker container not showing 10Gb/sec speed

It was my understanding that CRS309-1G-8S+IN can switch at 10Gb/sec on ALL ports, and RB5009UG+S+IN router can handle 10Gb/sec across its SFP+ port. According to my understainding of official test results for RB5009 (and many other long-time forum members' understanding as well) it can route in rea...
by mkx
Wed May 01, 2024 8:45 pm
Forum: Beginner Basics
Topic: bad command name wireless
Replies: 4
Views: 396

Re: bad command name wireless

Where can I read more about it?
This post/thread might be interesting for a start: viewtopic.php?t=202578
by mkx
Wed May 01, 2024 7:08 pm
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1697

Re: wifi-qcom(-ac) and VLAN-filtering

The day I enable capsman on any of my devices, means my brain has been taken over by fungi! It's not very friendly for sure. But worth noting that there is no fast roaming without CAPsMAN... @anav is roaming between Nova Scotia and Italy. No amount of MT's "Fast Transition" will expedite ...
by mkx
Wed May 01, 2024 7:05 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2381

Re: Low performance on RB5009 with machine behind NAT

Cut the shite and allow official ONIE flashing, and let us install our own NOS. If you don't want to use ROS ... and you're saying other vendors provide whitebox devices with similar hardware ... so why would you want to use anything by Mikrotik? I'm guessing you're still intrigued by MT's price ta...
by mkx
Wed May 01, 2024 6:56 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11392

Re: [Discussion] MikroTik configuration abstraction complexity

Many industry folks (outside Latvia) are of the opinion that MikroTik operates using Soviet economic/business model ... It's often very hard to get rid of some mental petterns if they are given (or enforced) to a few generations in a row. One of them is "USA are the greatest in known Universe ...
by mkx
Wed May 01, 2024 6:45 pm
Forum: Beginner Basics
Topic: bad command name wireless
Replies: 4
Views: 396

Re: bad command name wireless

6 S wifi1 wifi 1500 48:A9:8A:F2:68:BC
7 RS wifi2 wifi 1500 48:A9:8A:F2:68:BD

Your device is running new wifi driver, so the config is under /interface/wifi ...

Old driver names interfaces as wlanX ...
by mkx
Wed May 01, 2024 5:24 pm
Forum: Wireless Networking
Topic: Regular Link Outages
Replies: 4
Views: 512

Re: Regular Link Outages

I didn't say it's detecting actual radar, it might be something else which (to ROS) slightly resembles shape of a radar pulse (could be some BlueTooth gadget, could be some microwave owen, could be some other WiFi device transmitting a burst of energy not decodable by your devices, etc. So check log...
by mkx
Wed May 01, 2024 5:14 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2247

Re: /tool wol - target IP address?

@libove is stating an almost sensible reason. I don't know why exactly would MSI break standard behaviour (could be they are trying to "enhance security" by ignoring broadcast frames ... or they are trying to skip processing usual broadcast packets, such as DHCP handshake and what not whil...
by mkx
Wed May 01, 2024 12:21 pm
Forum: Wireless Networking
Topic: hAP ax²: clients connection stability issue
Replies: 36
Views: 2850

Re: hAP ax²: clients connection stability issue

Maybe not coincidence because whilst the access point carries out the physical radar check, it could be CAPsMAN that decides what to do with the radar event and which frequency to move to? My reasoning here is that CAPsMAN holds the configuration data on frequency, not the access point? CAPsMAN ind...
by mkx
Wed May 01, 2024 12:08 pm
Forum: Wireless Networking
Topic: Regular Link Outages
Replies: 4
Views: 512

Re: Regular Link Outages

Did logs mention DFS/CAC?

It could be false positive radar detection based on some actual external interference (which appears on some schedule) ...
by mkx
Wed May 01, 2024 12:06 pm
Forum: Wireless Networking
Topic: Wrong TX power wifi-qcom-ac antenna gain missing
Replies: 3
Views: 401

Re: Wrong TX power wifi-qcom-ac antenna gain missing

Missing minimum antenna gain is not something universal, my Audience running wifi-qcom-ac shows (and uses) it. So you may want to create supout.rif and open trouble ticket with support@mikrotik.com ...
by mkx
Wed May 01, 2024 12:02 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2247

Re: /tool wol - target IP address?

... at a minimum just please implement the (already submitted) feature request to do unicast instead of only broadcast. Please elaborate on the following two questions: What would be the benefit of using unicast ethernet frames instead of broadcasts? What would be benefit of using unicast IP addres...
by mkx
Wed May 01, 2024 11:58 am
Forum: General
Topic: ipv4 to ipv6
Replies: 1
Views: 274

Re: ipv4 to ipv6

You need NAT46 gateway inside your LAN. I'm pretty sure that ROS doesn't support NAT46 so you'll have to find some other solution.
by mkx
Wed May 01, 2024 11:51 am
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2247

Re: /tool wol - target IP address?

I am not even convinced that the encapsulated UDP packet may work ... It won't work without the "last mile router" collecting IP/MAC mappings. Without support on router it'll try to deliver UDP packet just like it was ordinary packet ... and will try to do ARP whohas inquiry which will ob...
by mkx
Tue Apr 30, 2024 8:54 pm
Forum: Wireless Networking
Topic: hAP ax²: clients connection stability issue
Replies: 36
Views: 2850

Re: hAP ax²: clients connection stability issue

Or does the AP that is controlled by capsman do the check.

Radar checks are always done by device which does Tx/Rx ... which means AP.
by mkx
Tue Apr 30, 2024 8:24 pm
Forum: General
Topic: Tool fetch returns error "status: failed" when trying to reach endpoint at localhost program [SOLVED]
Replies: 2
Views: 2264

Re: Tool fetch returns error "status: failed" when trying to reach endpoint at localhost program [SOLVED]

Can you fetch data from X.Y.Z.T:7250 using another computer from same subnet? It is possible that your API server only binds to loopback interface (127.0.0.1 a.k.a. localhost).
by mkx
Tue Apr 30, 2024 5:55 pm
Forum: RouterBOARD hardware
Topic: mikrotik mUPS?
Replies: 14
Views: 1327

Re: mikrotik mUPS?

not a bad idea, just to put a lead acid akku instead of li-ion. You can't just replace batteries with different chemistry, each chemistry has different charging profile and (unsuspecting) charger may destroy batteries very soon. Batteries may suffer from undercharge (and usable authonomy is the lea...
by mkx
Tue Apr 30, 2024 5:23 pm
Forum: General
Topic: what can be done to improve RSRQ and SINR
Replies: 1
Views: 324

Re: what can be done to improve RSRQ and SINR

RSRQ (and consequently SINR) could indeed be better. Low RSRQ may indicate interference from other cell towers. If those are in same direction as your serving cell, then you can't do anything. If tce interferring cells are not in the same direction, then you might be able to improve RSRQ by changing...
by mkx
Mon Apr 29, 2024 9:30 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11392

Re: [Discussion] MikroTik configuration abstraction complexity

All old text books circa 1980s LOL At which time Latvia was still part of Soviet Union. So those western (US in particular) books were probably banned ... or at least ignored because Soviet communism did things differently. So it might be that all of these concepts are somehow unknown to MT managem...
by mkx
Mon Apr 29, 2024 9:12 pm
Forum: General
Topic: ONT - SWITCH - Router [SOLVED]
Replies: 3
Views: 2739

Re: ONT - SWITCH - Router [SOLVED]

Single bridge with vlan-filtering enabled.

Performance wise all options are similar, CPU will have to deal with VLAN tags in any case.

But: configuration of single bridge is more compact, more elegant and (to me) easier to read ... all of it means lesser probability to make an error in config.
by mkx
Mon Apr 29, 2024 9:02 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2247

Re: /tool wol - target IP address?

The WoL magic is all inside the packet payload, meaning ffffffffffff plus the destination MAC address repeated N times. Ethernet headers are only of interest of L2 devices on the way (switches) ... if these (still) have dst-mac in their FDB tables, then they will pass frame on (hopefully) correct eg...
by mkx
Sun Apr 28, 2024 2:01 pm
Forum: General
Topic: date format in console
Replies: 2
Views: 388

Re: date format in console

In historical list of changelogs it's listed in changelog for 7.10 for console and webfig.
by mkx
Sat Apr 27, 2024 3:30 pm
Forum: Beginner Basics
Topic: Constant traffic between Mikrotik and computer
Replies: 8
Views: 651

Re: Constant traffic between Mikrotik and computer

Generally when winbox is connected to RIS device, there will be some traffic. How much depends on windows open in winbox, some get constantly updated with statistics, some don't cause a lot (or any) traffic. Depending on windows open and CPU power in ROS device also CPU load can increase considerabl...
by mkx
Sat Apr 27, 2024 12:32 pm
Forum: Beginner Basics
Topic: Cisco VLAN to Mikrotik
Replies: 1
Views: 352

Re: Cisco VLAN to Mikrotik

Is this enough for make it work? All wrong. Have a (very good) look at this tutorial: https://forum.mikrotik.com/viewtopic.php?t=143620 Your "ROSish" cludge doesn't seem to follow Cisco config (not closely at least), so I'm not trying to show correct config tor MT. If you won't be able to...
by mkx
Sat Apr 27, 2024 12:20 pm
Forum: RouterBOARD hardware
Topic: Adding a cooling fan to CRS326
Replies: 67
Views: 29515

Re: Adding a cooling fan to CRS326

I mean, it's subtle, but I can hear the low hum unless I turn on the radio or TV to drown it out... Congratuations, you found out why legal noise levels in night time are lower than in daytime. Because if there are no other noises present, then sound/noise with certain (low) level is more audible t...
by mkx
Sat Apr 27, 2024 12:11 pm
Forum: General
Topic: Any solution for admit-only-VLAN-tagged misconfiguration
Replies: 16
Views: 902

Re: Any solution for admit-only-VLAN-tagged misconfiguration

But @anav brings up a valid point. If the switch was 100 miles away, how were you managing it before?

It doesn't really matter. If L2 configuration gets screwed, then no amount of L3/L4/L6 connectivity helps. Because all of it depends on working L2.
by mkx
Sat Apr 27, 2024 12:04 pm
Forum: General
Topic: Unable to find wifi radio data after upgrade to 7.14.3
Replies: 3
Views: 728

Re: Unable to find wifi radio data after upgrade to 7.14.3

It is kind of interesting, why device decided to use wrong package. I saw different files in packages then what was before, so I uploaded all of them within one and the same place, expecting routerOS to be intelligent enough to use correct package, but apparently it has happened the other way aroun...
by mkx
Sat Apr 27, 2024 11:49 am
Forum: Beginner Basics
Topic: carry vlans PTP
Replies: 2
Views: 370

Re: carry vlans PTP

Wireless drivers by default don't touch 802.1Q headers ... so if they receive frame with such header on one side (either radio or CPU side), they will pass it to the other side. So what you have to do is to bridge wired and wireless interface on each of SXT and make both interfaces (wired and wirele...
by mkx
Fri Apr 26, 2024 2:04 pm
Forum: General
Topic: This very simple firewall ruleset SHOULD work-- but.....
Replies: 4
Views: 470

Re: This very simple firewall ruleset SHOULD work-- but.....

Sure the dst-address- list is an IP address? This. dst-address-list property expects name of address list as parameter ... and doesn't complain if there isn't such list at the time of creating the rule. So in your case NAT rule expects address list with name "199.181.204.130" and containi...
by mkx
Fri Apr 26, 2024 8:31 am
Forum: RouterBOARD hardware
Topic: Mikrotik CCR1072 PSU1 & PSU2 Question
Replies: 3
Views: 466

Re: Mikrotik CCR1072 PSU1 & PSU2 Question

If you can do a "lab test", then remove PSU2 and see if device keeps running afterwards ... without any hiccups. With failing PSU you'd see strange things happen quite soon.
by mkx
Fri Apr 26, 2024 8:25 am
Forum: Wireless Networking
Topic: hAP ax²: clients connection stability issue
Replies: 36
Views: 2850

Re: hAP ax²: clients connection stability issue

It's called compression ... basic idea behind all compression algorithms is to remove any redundant information from data set ... even if that information doesn't seem redundant to humans' minds.
by mkx
Fri Apr 26, 2024 8:24 am
Forum: Wireless Networking
Topic: External 5G routers
Replies: 20
Views: 1179

Re: External 5G routers

5G as in "WiFi 5GHz band" or as in "5G the mobile technology"? If the former, then there are a few models. If the later, then I guess we'll have to wait a bit longer, 5G is still not very mature technology and suitable (to MT) modem modules may not have price tag as low as MT's m...
by mkx
Fri Apr 26, 2024 8:20 am
Forum: General
Topic: Unreachable IPv6 ping from localhost
Replies: 7
Views: 1190

Re: Unreachable IPv6 ping from localhost

This way we see that there is a SLAAC (g) and a DHCP (d) route, which are identical. Only when the the DHCP route is set with the next-hop does the routing actually work. IMO when having two identical routes, either should work (and flags don't matter, they are metadata not routing information). It...
by mkx
Fri Apr 26, 2024 8:02 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 109101

Re: v7.15rc [testing] is released!

Where did wifi-qcom-ac package go? can't seems to find in extra package and why?
It's in the extras package archive, where it had always been. However, AFAIK it's only available for ARM architecture(s).
by mkx
Fri Apr 26, 2024 12:03 am
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1697

Re: wifi-qcom(-ac) and VLAN-filtering

So ax products supports bridge VLAN filtering, right?

All products support bridge VLAN filtering. What wifi-qcom-ac doesn't support is being a tagged trunk (or hybrid for that matter) port of a bridge (but wifi-qcom for ax devices does ... in certain scenarios).
by mkx
Fri Apr 26, 2024 12:01 am
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1697

Re: wifi-qcom(-ac) and VLAN-filtering

It should be consistent. It just feels unfinished.

I whole heartedly agree ... and hope that they'll bring them up to the same level eventually.
by mkx
Thu Apr 25, 2024 11:57 pm
Forum: Beginner Basics
Topic: Dynamic port forwarding
Replies: 6
Views: 655

Re: Dynamic port forwarding

Why does a server go down? Makes no sense. There are many reasons for server to go down ... one is that it emits smoke. Snd what @OP wants to do is a "poor man's high-availability". I'm affraid that out of the box, ROS doesn't have such functionality. But there's always possibility to cre...
by mkx
Thu Apr 25, 2024 11:39 pm
Forum: General
Topic: Help with inter VLAN routing (seems to work except web interface?)
Replies: 2
Views: 381

Re: Help with inter VLAN routing (seems to work except web interface?)

This NAT rule add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=\ 192.168.188.170 to-ports=80 is very greedy. It takes every connection attempt towards standard HTTP port 80 in any direction (from any of LAN subnets towards any other subnet and internet) and forwards it to the co...
by mkx
Thu Apr 25, 2024 11:24 pm
Forum: General
Topic: Unreachable IPv6 ping from localhost
Replies: 7
Views: 1190

Re: Unreachable IPv6 ping from localhost

Even when the "add-default-route" option is set to "yes", why would the DHCP client not add the correct IPv6 default route if it only requests an address and not a prefix? Because DHCPv6 protocol doesn't support passing routing information to client. And it doesn't matter if cli...
by mkx
Thu Apr 25, 2024 10:55 pm
Forum: General
Topic: RB911G-5HPacD Time Problem
Replies: 6
Views: 832

Re: RB911G-5HPacD Time Problem

I've seen system time to drift wildly on some computer when CPU frequency was not stable (e.g. due to thermal issues). But it was never at only half speed. So I think it's really up to MT support to shed some light here.
by mkx
Thu Apr 25, 2024 4:44 pm
Forum: Beginner Basics
Topic: hap AX3 - HW offloaded Bridge - traffic leak [SOLVED]
Replies: 3
Views: 2614

Re: Non-STP Bridge forrwards traffic to other ports [SOLVED]

In theory that has nothing to do with bridge mode (none, STP, RSTP, MSTP). Bridge mode is about loop detection (and blocking ports where loops are detected). What you see is likely effect of improper FDB[*] handling and/or L2 hardware offload. The basic functionality of a bridge (or switch) is that ...
by mkx
Thu Apr 25, 2024 3:56 pm
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 9
Views: 616

Re: Web Proxy - FTP Protocol

If I try to connect to this FTP I can connect with proxy I cannot. But we need to use proxy because our security department will deploy netskope and limit access to the internet and ports including FTP There may be a bit of misunderstanding here. It's well known that FTP is an awfully outdated prot...
by mkx
Wed Apr 24, 2024 2:20 pm
Forum: General
Topic: Why Mikrotik decided to get rid of their Power Lan devices
Replies: 11
Views: 923

Re: Why Mikrotik decided to get rid of their Power Lan devices

Never heard about "devolo", nor even interested in. There are tons of such devices in the market.
If that's true for one random vendor (devolo), why isn't it also true for another random vendor (mikrotik)?
by mkx
Wed Apr 24, 2024 2:10 pm
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 9
Views: 616

Re: Web Proxy - FTP Protocol

OK, you did UDP traceroute, which is not really representative for your case (any firewall may let TCP 21 = FTP through, but not UDP 21 which doesn't map to anything). But even if it is representative, it's some host on active24 network edge which seems to drop connection, the last node which replie...
by mkx
Wed Apr 24, 2024 8:57 am
Forum: Beginner Basics
Topic: a basic (I think...) VLAN problem.
Replies: 11
Views: 823

Re: a basic (I think...) VLAN problem.

Traffic does not (and should) not leak from one VLAN to another. If traffic from one VLAN is intended to pass to another VLAN, then normally it should be routed. Config of switch you're showing doesn't include routing features. IEEE1588 (PTP) is normally multicast from GM. And it's normally not rout...
by mkx
Tue Apr 23, 2024 10:03 pm
Forum: General
Topic: Performances issue with PPPoe Client
Replies: 1
Views: 267

Re: Performances issue with PPPoe Client

Yes, it's known that using PPPoE seems to drop throughput more than one would expect (probably not as much as you're observing though). And yes, it is known that running bandwidth test on the device itself does stress CPU to the point it becomes the bottleneck (and taking precious CPU cycles away fr...
by mkx
Tue Apr 23, 2024 9:59 pm
Forum: General
Topic: RB911G-5HPacD Time Problem
Replies: 6
Views: 832

Re: RB911G-5HPacD Time Problem

ROS v6 without optional ntp package runs a SNTP client ... which obtains time every now and then using NTP protocol and adjusts clock (often this means stepping time). You may want to install ntp package which comes with NTP service (you don't have to allow clients to connect), but also tries to adj...
by mkx
Tue Apr 23, 2024 9:51 pm
Forum: General
Topic: RB 2011 UiAS vs RB 3011 UiAs
Replies: 5
Views: 433

Re: RB 2011 UiAS vs RB 3011 UiAs

on /export show-sensitive file=export
expected end of command (line 1 column 9)
export command in ROS v6 doesn't have property show-sensitive ... it's default behaviour. So simply re-run command without this property set.
by mkx
Tue Apr 23, 2024 4:04 pm
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 9
Views: 616

Re: Web Proxy - FTP Protocol

Personally I'm mostly advising against using ROS device for any high-level service (such as DNS server, web proxy server, file server, ...) if possible. They are, due to space constraints and MT in-house development, mostly quite limited functionality-wise, so using some general-purpose server machi...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 42