Community discussions

MikroTik App

Search found 12786 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 43
by mkx
Thu Sep 19, 2024 7:56 pm
Forum: General
Topic: SIP ALG turned off, port changes!!!
Replies: 1
Views: 43

Re: SIP ALG turned off, port changes!!!

Show us config of R2 (for starters).
by mkx
Thu Sep 19, 2024 7:22 pm
Forum: Beginner Basics
Topic: ipv6 security
Replies: 7
Views: 487

Re: ipv6 security

Disabling IPv6 support on router is definitely a safer option ... with firewall rules it's always possible to screw something up. But as @Sob wrote: IPv6 is here to stay and it's only a matter of time when you'll have to bite into this nut ... so you better crack it open before biting it.
by mkx
Wed Sep 18, 2024 8:49 pm
Forum: Beginner Basics
Topic: Lost permisions on router
Replies: 11
Views: 444

Re: Lost permisions on router

@jaclaz: I'm not saying that default setup should block everything from LAN as well. I'm just saying that attacks from LAN are possible and one should not dismiss such possibility when doing a pist-mortem (with intent to harden router's config). Yes, I agree that attacks from WAN are whole lot more ...
by mkx
Wed Sep 18, 2024 8:26 pm
Forum: Beginner Basics
Topic: Lost permisions on router
Replies: 11
Views: 444

Re: Lost permisions on router

I still not understand why ROS does not give any possibility to re-gain access ... Possibly because that would enable users to steal CPEs from ISPs if the method of regaining access would be too straight-forward (such as password printed on a sticker attached to device itself). The basic problem in...
by mkx
Tue Sep 17, 2024 2:39 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 301
Views: 99248

Re: v7.16rc [testing] is released!

It's normal to have software release with known issues (even before releasing it), accompanying documentation just has to mention those clearly. On the other hand it's sometimes good (if not necessary) to release new version due to required new functionality ... while keeping to work on resolving kn...
by mkx
Tue Sep 17, 2024 2:31 pm
Forum: Beginner Basics
Topic: Not blocking IP / Raw on DNS !!!
Replies: 5
Views: 255

Re: Not blocking IP / Raw on DNS !!!

So are you saying that the other two rules, such as 1 chain=prerouting action=drop dst-port=53 log=no log-prefix="" protocol=udp dst-address=172.16.1.100 src-address-list=!dns are not working? According to packet flow , prerouting is executed before DST-NAT ... which means that for packets...
by mkx
Tue Sep 17, 2024 2:23 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 301
Views: 99248

Re: v7.16rc [testing] is released!

We are not in a hurry xD, we only saw that in its official documentation and we were surprised to see v7.17 with green markers. I guess that they are planning to introduce some additional functionality (e.g. " Starting from RouterOS v7.17, DHCP snooping is supported with hardware offloading bo...
by mkx
Tue Sep 17, 2024 2:19 pm
Forum: Wireless Networking
Topic: Capsman loosing connection when connected through switch
Replies: 25
Views: 968

Re: Capsman loosing connection when connected through switch

The problem is, that there realy isn't any disconnection, just Caps connection becomes suddenly "interrupted" and after few seconds starts working again. When frame loss happens, links don't disconnect ... in worst case they may renegotiate to lower speed (e.g. 100Mbps instead of 1Gbps) b...
by mkx
Tue Sep 17, 2024 1:59 pm
Forum: Beginner Basics
Topic: Not blocking IP / Raw on DNS !!!
Replies: 5
Views: 255

Re: Not blocking IP / Raw on DNS !!!

0 chain=prerouting action=add-dst-to-address-list dst-port=53 log=no log-prefix="" protocol=udp src-address-list=!dns dst-address-list=!dns address-list=dns!!! address-list-timeout=none-dynamic Did you thoroughly think about what this rule does? It says: if dst-port is 53 . AND . if proto...
by mkx
Tue Sep 17, 2024 12:08 pm
Forum: Wireless Networking
Topic: Capsman loosing connection when connected through switch
Replies: 25
Views: 968

Re: Capsman loosing connection when connected through switch

Some switches try to be smart (too smart as it turns out) ... and try to detect anomalous traffic. I have a Dlink manged switch and it was messing with NTP traffic (UDP to/from port 123) inside LAN. After disabling that "feature" I have zero problems (since more than a year ago). So check ...
by mkx
Tue Sep 17, 2024 10:56 am
Forum: General
Topic: Ubuntu proxy settings changed itself to all_proxy=socks://127.0.0.1:8888 while reading about socks on Mikrotik website
Replies: 9
Views: 765

Re: Ubuntu proxy settings changed itself to all_proxy=socks://127.0.0.1:8888 while reading about socks on Mikrotik websi

@User345135: since you're running ubunti, run sudo netstat -ntlp | grep 8888 If you don't have netstat installed, install it using command sudo apt install net-tools The output of netstat command should show you name of process listening on port 8888 ... and that should give you a hint as to what's ...
by mkx
Tue Sep 17, 2024 8:43 am
Forum: General
Topic: IPv6 Traffic Blocked
Replies: 1
Views: 159

Re: IPv6 Traffic Blocked

Not sure if this is ROS specific. With IPv6 there's some spcific configuration necessary on "client" router to make it work. Sometimes ISPs don't do the right thing and in those cases client has to work with ISP support to get things working.
by mkx
Tue Sep 17, 2024 8:41 am
Forum: General
Topic: IPv6 for SSH Tunnel Server
Replies: 17
Views: 1188

Re: IPv6 for SSH Tunnel Server

Does that mean I cannot make it IPv6-only? or at least IPv6 first then if timed out IPv4? You may ... by using firewall filter rules. Tunneled traffic would appear in chain=output when exiting SSH tunnel. But as @sindy already explained, you would not be able to distinguish tunneled traffic from tr...
by mkx
Tue Sep 17, 2024 8:38 am
Forum: General
Topic: Ubuntu proxy settings changed itself to all_proxy=socks://127.0.0.1:8888 while reading about socks on Mikrotik website
Replies: 9
Views: 765

Re: Ubuntu proxy settings changed itself to all_proxy=socks://127.0.0.1:8888 while reading about socks on Mikrotik websi

Blaming MikroTik for setting proxy properties in your browser. You need to improve your reading comprehension or be more honest. I did not blame Mikrotik. But since you were stating your problem on Mikrotik forum, it certainly did seem so. And @kleshki simply voiced his doubts ... yeah, he might ha...
by mkx
Tue Sep 17, 2024 8:27 am
Forum: Beginner Basics
Topic: Problem with VLANs and Bridge
Replies: 18
Views: 910

Re: Problem with VLANs and Bridge

Since the CHR has no switch ASICs, perhaps the same applies to it? The problem with RB4011 (and a few other devices) is that they have more than one switch chip and bridge does L2 HW offload to them. With CHR, there is no L2 HW offload AFAIK, so it's not the same case as in the thread you linked. N...
by mkx
Mon Sep 16, 2024 3:35 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

The error message doesn't come from Qt, it comes from XCB ... which is (one of) implementation of client side of X11 protocol ... and here 'client side' is, contrary to usual situation, the side where application is running (i.e. your Linux workstation). And it seems that it's Xtightvnc who uses XCP...
by mkx
Mon Sep 16, 2024 3:08 pm
Forum: RouterOS beta
Topic: L3HW not working properly
Replies: 19
Views: 10609

Re: L3HW not working properly

Maybe bug or something else? I seem to remember a discussion about this exact problem a while ago (could be many moths ago) and @Normis acknowledged the bug. I'm pretty sure it was supposed to be fixed since then, but I've no idea in which version this was fixed (if at all). So if the problem happe...
by mkx
Mon Sep 16, 2024 2:46 pm
Forum: Wireless Networking
Topic: Ax3 WiFi ignores access list [SOLVED]
Replies: 6
Views: 473

Re: Ax3 WiFi ignores access list [SOLVED]

My guess it operates a "matcher"/selector, not like the firewall "filter"/etc Both here and firewall filter rules have most properties "selectors" and only one property which does something (in both cases it's action ... to whatever it's set for a particular rule). In ...
by mkx
Mon Sep 16, 2024 8:59 am
Forum: Beginner Basics
Topic: Regarding the issue of NAT
Replies: 7
Views: 609

Re: Regarding the issue of NAT

I’m surprised you can’t do this using dst-nat rules by looking at dst-ip and dst-port and using those to match and send elsewhere. If DNS A records for server1.domain1.tld and server2.domain2.tld point at same IP address (and standard ports are in use), then L3/L4 firewall (which is what ROS runs[*...
by mkx
Mon Sep 16, 2024 8:45 am
Forum: Beginner Basics
Topic: Problem with VLANs and Bridge
Replies: 18
Views: 910

Re: Problem with VLANs and Bridge

I had some problems to make VLANs work as expected until I also set the bridge as a tagged port too. Bridge has multiple personalities (and the distinction between them in ROS configuration is not made at all). One of personalities is a "CPU-facing switch port" (and by "switch" ...
by mkx
Mon Sep 16, 2024 8:32 am
Forum: Beginner Basics
Topic: hAP AX2 POE issues
Replies: 8
Views: 472

Re: hAP AX2 POE issues

Yes, but the dubitative form is anyway appropriate when the standard power supply is used, the 24V/1.2A are IMHO very "tight" to power both the "main" device and another one via (passive) PoE. Well ... one always has to do power budget calculations when doing any kind of PoE ......
by mkx
Sun Sep 15, 2024 3:41 pm
Forum: Beginner Basics
Topic: hAP AX2 POE issues
Replies: 8
Views: 472

Re: hAP AX2 POE issues

Whether the Cap Ax can actually be powered with passive PoE at 24V is not written anywhere, it may work or it may not. You're right, the passive PoE-in is rarely mentioned for MT devices with 802.3 af/at PoE-in support. But it was explained multiple times (by MT staff) that all MT's PoE-in capable ...
by mkx
Sun Sep 15, 2024 1:14 pm
Forum: Beginner Basics
Topic: RB5009 VLANs [SOLVED]
Replies: 4
Views: 434

Re: RB5009 VLANs [SOLVED]

1. I cannot access the web-interface of RB5009 (or using WinBox) from ether7 after I add "vlan-filtering=yes" to the config. 2. I still cannot understand what is the right way to change the IP address of RB5009 from 192.168.88.1 to the Base VLAN range. More or less full access to your rou...
by mkx
Sat Sep 14, 2024 3:22 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

The benefit of having one statically compiled binary is that one can choose to package it as-is as an rpm, deb or flatpak without any further work required by Mikrotik devs. The cost is much bigger installable ... and some (functionality) problems when not using system-wide libc (and possibly some ...
by mkx
Sat Sep 14, 2024 2:23 pm
Forum: Beginner Basics
Topic: Failover script for DNS is working but PiHole only shows Router IP in queries [SOLVED]
Replies: 8
Views: 484

Re: Failover script for DNS is working but PiHole only shows Router IP in queries [SOLVED]

The only strategy, which is fast enough, is to handle it using dst-nat ... like you're doing it now. Using external DNS servers is no different in this aspect. Doing it directly on main router cones with a benefit: you are not adding another point of failure (router is already there and for differen...
by mkx
Sat Sep 14, 2024 1:32 pm
Forum: RouterBOARD hardware
Topic: Can hEX Lite / RBM11G handle multiple wireguard tunnels, OSPF, BGP (NOT full table) etc?
Replies: 2
Views: 546

Re: Can hEX Lite / RBM11G handle multiple wireguard tunnels, OSPF, BGP (NOT full table) etc?

With all of your config, even if backup solution doesn't have to be fast, any HW you throw at will struggle if flash and RAM are not large enough. hEX lite with 16MB flash and 64MB RAM is a bit tight. RBM11G with its 256MB RAM should do better but 16MB flash will be equally tight. You may want to ha...
by mkx
Sat Sep 14, 2024 1:01 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

Creating a flatpak manifest around a statically compiled binary as it is now is no problem at all. In this aspect, cresting deb packets is not much different. Only that executable doesn't have to be statically linked, instead it's possible to declare dependencies and apt/apt-get/... will resolve th...
by mkx
Sat Sep 14, 2024 12:51 pm
Forum: Beginner Basics
Topic: Failover script for DNS is working but PiHole only shows Router IP in queries [SOLVED]
Replies: 8
Views: 484

Re: Failover script for DNS is working but PiHole only shows Router IP in queries [SOLVED]

I would simply like to know if there is any way to identify each IP on the PiHole server instead of having all queries appear with the IP of the router itself. Curently you're running a thing called "hair-pin NAT" for PiHole DNS service (the src-nat/masquerade is essential part of it). As...
by mkx
Fri Sep 13, 2024 9:54 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

And all Cyrillic comments are unreadable in WinBox 4 It's a known issue and it'd due zo neglect of properly handling different encoding schemes ... all UIs simply accepted characters as bytecode and didn't interpret them according code page. So it was always a problem if one used different UIs (e.g...
by mkx
Fri Sep 13, 2024 9:35 pm
Forum: Beginner Basics
Topic: Is the Mikrotik CRS312-4C+8XG-RM correct for my 10 Gbps ethernet network?
Replies: 8
Views: 612

Re: Is the Mikrotik CRS312-4C+8XG-RM correct for my 10 Gbps ethernet network?

Broadcast traffic in typical LAN is traffic where devices are looking for others offering certain service. Some examples: DHCP a device sends query about available DHCP server to broadcast address, initial reply is sent unicast (to network interface's MAC address) ARP requests device has to find out...
by mkx
Fri Sep 13, 2024 8:38 pm
Forum: Announcements
Topic: Newsletter #114 | September 2023
Replies: 77
Views: 17772

Re: Newsletter #114 | September 2023

Any chance with the next update that will check the model number for example CRS309-1G-8S+, and NOT install any wifi packages and remove wifi from webcfg. Since wifi is not supported. ROS built-in updater never changed list of installed packages ... with notable exception of 7.12.x where updater ma...
by mkx
Fri Sep 13, 2024 5:58 pm
Forum: Wireless Networking
Topic: 370m, 1GBit, stable: LHG-60G, nRay, ...
Replies: 12
Views: 575

Re: 370m, 1GBit, stable: LHG-60G, nRay, ...

It absolutely makes sense to have those wireless interfaces in bond. Default monitoring mode is mii which relies on undelying interface hardware to announce link failure. Additionally bond will introduce additional delay (default is 100ms) because links status monitoring is done regularly and the de...
by mkx
Fri Sep 13, 2024 5:43 pm
Forum: Beginner Basics
Topic: CRS312-4C+8XG port mirroring [SOLVED]
Replies: 15
Views: 737

Re: CRS312-4C+8XG port mirroring [SOLVED]

I agree that it's only too confusing to have to configure one functionality in multiple places (VLANs is a good example of this lunacy). Instead here's my proposal: /interface ethernet switch port set ether2 mirroring=egress mirror-targets=ether3 set ether4 mirroring=ingress mirror-targets=ether3 se...
by mkx
Fri Sep 13, 2024 5:34 pm
Forum: General
Topic: Limit connections through web proxy
Replies: 2
Views: 290

Re: Limit connections through web proxy

The proxy service on ROS is not intended to be reverse proxy ... and even though it seems to work for you, it doesn't allow for proper configuration to operate as reverse proxy. You're saying that you have multiple web servers in your LAN. I suggest you to run a proper reverse proxy on one of them (...
by mkx
Fri Sep 13, 2024 5:26 pm
Forum: General
Topic: HIDDEN Wifi Networks
Replies: 9
Views: 476

Re: HIDDEN Wifi Networks

I can't say I understand why there is a need in my case for inventing mac addresses. I understand how ROS needs to invent mac addresses for virtual interfaces. I don't know how Ubiquitis are configuired for additional SSIDs on same radio, but the end result is the same as on Mikrotik. And that is m...
by mkx
Fri Sep 13, 2024 5:17 pm
Forum: Beginner Basics
Topic: CRS312-4C+8XG port mirroring [SOLVED]
Replies: 15
Views: 737

Re: CRS312-4C+8XG port mirroring [SOLVED]

Here you are:
sorry, but this doesn't scale ... and changes names of properties (to which you opposed).
by mkx
Fri Sep 13, 2024 5:09 pm
Forum: Wireless Networking
Topic: 370m, 1GBit, stable: LHG-60G, nRay, ...
Replies: 12
Views: 575

Re: 370m, 1GBit, stable: LHG-60G, nRay, ...

It would be inte4resting to see actual configuration from one of LHG-60 devices ... what I'd expect to see is either a bond (possibly active/backup mode) or simple RSTP hierarchy (which would switch over to 5GHz backup a little slower I guess). I thought the LHG-60 has no backup 5GHz?! Sorry, I mea...
by mkx
Fri Sep 13, 2024 3:46 pm
Forum: Wireless Networking
Topic: 370m, 1GBit, stable: LHG-60G, nRay, ...
Replies: 12
Views: 575

Re: 370m, 1GBit, stable: LHG-60G, nRay, ...

It would be inte4resting to see actual configuration from one of LHG-60 devices ... what I'd expect to see is either a bond (possibly active/backup mode) or simple RSTP hierarchy (which would switch over to 5GHz backup a little slower I guess).
by mkx
Fri Sep 13, 2024 3:34 pm
Forum: General
Topic: HIDDEN Wifi Networks
Replies: 9
Views: 476

Re: HIDDEN Wifi Networks

And in some other post you dare to call others "Nerd" ??
Tjeezz ... :shock:
I called others "Mikrotik nerds" specifically :lol:
by mkx
Fri Sep 13, 2024 3:01 pm
Forum: General
Topic: HIDDEN Wifi Networks
Replies: 9
Views: 476

Re: HIDDEN Wifi Networks

AA:16:9D is actually A8:16:9D and is a roku tv 1E:1E:E3 is actually 1C:1E:E3 and is also a roku TV 9E:05:D6 is actually 9C:05:D6 and is a U6+ AP The addresses on the left are all "locally administered addresses" (see wiki article on MAC addresses ) where the second most significant value ...
by mkx
Fri Sep 13, 2024 1:28 pm
Forum: General
Topic: RouterOS CHR limits bandwidth to ~400Mbit....
Replies: 25
Views: 1133

Re: RouterOS CHR limits bandwidth to ~400Mbit....

I know this seems to be related to a license at first, but maybe not. It's interesting to see if the problem persists on another type of hypervisor, especially in Hyper-V since it doesn't use virtio drivers for switches.

Which again points at CHR itself rather than at virtualization platform.
by mkx
Fri Sep 13, 2024 1:26 pm
Forum: General
Topic: HIDDEN Wifi Networks
Replies: 9
Views: 476

Re: HIDDEN Wifi Networks

BSSID is usually MAC address of a particular radio. So if you somehow create an inventory of all (real and virtual) radios in your network, then you should be able to figure out which SSID is transmitted by which AP.
by mkx
Fri Sep 13, 2024 1:22 pm
Forum: Beginner Basics
Topic: CRS312-4C+8XG port mirroring [SOLVED]
Replies: 15
Views: 737

Re: CRS312-4C+8XG port mirroring [SOLVED]

the new one is (IMHO without reason) stupidly complex The new one is (potentially) flexible, it may allow this scenario: /interface ethernet switch port set ether2 mirror-egress=yes mirror-ingress=no set ether4 mirror-egress=no mirror-ingress=yes set ether5 mirror-egress=yes mirror-ingress=yes /int...
by mkx
Fri Sep 13, 2024 11:27 am
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 38
Views: 5495

Re: NetMetal ax / L23-UGSR — initial feedback from specs

not sure i really follow that much. just considering a cheapo isp modem (speedport plus) that probably costs a few euro is giving me all 300mbit on wifi on default setup (80mhz channel, it's ac device). What I tried to explain (with perhaps too many words) is that many times less is more ... due to...
by mkx
Fri Sep 13, 2024 11:18 am
Forum: General
Topic: RouterOS CHR limits bandwidth to ~400Mbit....
Replies: 25
Views: 1133

Re: RouterOS CHR limits bandwidth to ~400Mbit....

I think that the most important take-away from this thread so far is that throughput drops after applying (high capacity) CHR license ... without changing any of configuration. As documented in post #10 above . Which means that the code, which enforces licensed limits inside CHR somehow misses its t...
by mkx
Fri Sep 13, 2024 10:34 am
Forum: RouterBOARD hardware
Topic: Upgrading older Mikrotik equipment
Replies: 16
Views: 1584

Re: Upgrading older Mikrotik equipment

Maybe select another brand for the SFP+ ?? MT devices can be a bit picky when it comes to working with SFP modules ... MT publishes compatibility list , but of course it only contains their own modules (and even there not every box is checked). XS+85LC01D seems to have many checks so it seems to be...
by mkx
Fri Sep 13, 2024 10:11 am
Forum: General
Topic: Static DNS type FWD to populate dynamic allowed address list: first request is blocked
Replies: 9
Views: 486

Re: Static DNS type FWD to populate dynamic allowed address list: first request is blocked

Which means that somebody configured it to do that. Again, the problem is that it does not do what it is configured to do Sherlock. And I asked you to show us how it's configured, Watson. I don't follow problems of any particular users so I don't know which bug you allegedly "encountered the l...
by mkx
Thu Sep 12, 2024 8:41 pm
Forum: General
Topic: Static DNS type FWD to populate dynamic allowed address list: first request is blocked
Replies: 9
Views: 486

Re: Static DNS type FWD to populate dynamic allowed address list: first request is blocked

The firewall blocks everything except the addresses in the dynamic list.
Which means that somebody configured it to do that.

So do you want us to start the guessing game? Otherwise post full config for review.
by mkx
Thu Sep 12, 2024 8:32 pm
Forum: General
Topic: VLAN considerations along with CapsMan
Replies: 20
Views: 1485

Re: VLAN considerations along with CapsMan

Base article to truly understand my answer that follows: viewtopic.php?t=173692

Setting of properties pvid and frame-types are settings for the router-facing port of the switch.
by mkx
Thu Sep 12, 2024 5:43 pm
Forum: General
Topic: Adding configurations to CAPSMAN
Replies: 4
Views: 225

Re: Adding configurations to CAPSMAN

One (relatively radical) possibility is to disable/re-enable capsman on hAP ac2. It should trigger all CAP devices to re-provision (CAPs get un-provisioned if they loose connection with CAPsMAN). You can also go around CAP devices and individually disable/re-enable cap client. And probably there are...
by mkx
Thu Sep 12, 2024 5:36 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 38
Views: 5495

Re: NetMetal ax / L23-UGSR — initial feedback from specs

Well, wifi in 5GHz sucks (almost as much as 2.4GHz). According to wifi channel allocations, there are only 3 160MHz channels available: channel 50 ranging from 5170 MHz to 5330 MHz (in ROS parlance that's center frequency 5180 with Ceeeeeee channels) channel 114 ranging from 5490 MHz to 5650 MHz (th...
by mkx
Thu Sep 12, 2024 10:55 am
Forum: SwOS
Topic: smaller version of Model CRS328-24P-48+RM
Replies: 2
Views: 393

Re: smaller version of Model CRS328-24P-48+RM

I'm looking for a small version of the Model CRS328-24P-48+RM for testing configs for a customer. I don't care about speed/sfp or dual boot. I only need switch OS. Would the CRS106-1C-5S work? I couldnt find a comparison guide. Depends on how similar the testing switch should be to the "real&q...
by mkx
Thu Sep 12, 2024 10:34 am
Forum: Wireless Networking
Topic: CAPS not showing in CAPsMAN
Replies: 7
Views: 426

Re: CAPS not showing in CAPsMAN

But if there is only 1 wace2 device, why bother ? As far as info in this thread goes, @OP runs a few RBD22UGS-5HPacD2HnD (which are ac devices) and now he threw an L22UGS-5HaxD2HaxD into the mix ... which is ax device. All of these are capable of running wifi drivers (L22 only this one), so @OP wou...
by mkx
Thu Sep 12, 2024 10:28 am
Forum: Beginner Basics
Topic: Caspman Config [SOLVED]
Replies: 21
Views: 1348

Re: Caspman Config [SOLVED]

If device is fully bridged it doesn't matter if ether1 and 2 are connected
Agree to that. I was just explaining to @OP why he can't manage device via ether1 if they're running factory default config (which doesn't bridge ether1 with the rest of ports AFAIK).
by mkx
Thu Sep 12, 2024 9:24 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

Thank you for the suggestion, Amm0. Added to wishlist. Behaviour should adhere to system settings. I don't use Mac, but on Windows and Linux I prefer not to have apps groupped ... and there's system-wide setting for that both in Windows and KDE (which is what I use on Linux if I can choose). In nor...
by mkx
Thu Sep 12, 2024 9:19 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

It's been a while since my devices were pushed in storage starvation ... but I don't remember seeing anything in the log. Specially so not after reboot (since by default all logging goes into RAM and even if one set up logging to built-in flash, that would be unsuccessfull as well due to same reason).
by mkx
Thu Sep 12, 2024 9:16 am
Forum: Beginner Basics
Topic: Caspman Config [SOLVED]
Replies: 21
Views: 1348

Re: Caspman Config [SOLVED]

Why can't I connect to the CAPs using Winbox from the router? Why do I have to physically go to each CAP just to apply my configuration? Because out of factory, default config for most MT models is "home router" mode ... in which first ether port (ether1) is used as WAN port and to protec...
by mkx
Thu Sep 12, 2024 9:08 am
Forum: Beginner Basics
Topic: Poor upload speeds with baby jumbo frames?
Replies: 7
Views: 487

Re: Poor upload speeds with baby jumbo frames?

While it's preferable to make MTU of all interfaces the same (i.e. 1500) and while it seems that @OPs ISP allows to play with these values, it could be that there's some segment in ISP's network which doesn't support full 1500 byte packets over PPPoE ... and fragmentation happens there (and also spe...
by mkx
Thu Sep 12, 2024 8:58 am
Forum: Beginner Basics
Topic: RSTP Scenario Question
Replies: 1
Views: 198

Re: RSTP Scenario Question

Not much to take care of. One major thing is to set priority on bridge of switch you want to use as "master" in STP hiearchy to value, lower than default (which is 0x8000) ... 0x2000 would be a safe value. This way you won't see topology changes if some switch changes its MAC address (if p...
by mkx
Thu Sep 12, 2024 8:43 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

If would be nice, if Winbox had told me about the full disk when saving a configuration.

I agree to that. AFAIK none of GUIs actually warn user about storage being depleted ...
by mkx
Wed Sep 11, 2024 10:30 pm
Forum: Wireless Networking
Topic: CAPS not showing in CAPsMAN
Replies: 7
Views: 426

Re: CAPS not showing in CAPsMAN

1. I uninstalled wireless package from CCR1036, but now I don't have an option for Capsman anymore. You do. It's under /interface/wifi (you have to use a few subtrees there from, capsman uses profiles). On devices with ac/ax radio and with wifi-qcom (or wifi-qcom-ac) drivers installed, one configur...
by mkx
Wed Sep 11, 2024 10:25 pm
Forum: Wireless Networking
Topic: hAP ax3 - Low Wireless Strength
Replies: 7
Views: 1248

Re: hAP ax3 - Low Wireless Strength

Be carefull with the fast (sponsored) answer of the Google (AI based?) search. :?
Gosh ... doesn't everybody (and their favourite pet) skip top results from search engines?
by mkx
Wed Sep 11, 2024 10:21 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

Which GUI do you use? There are WebFig (web based UI), Winbox3 (very stable) and new Winbox4 (early beta, so likely buggy) If you change detect-internet (to "none") in CLI, does it stick? And when you open that setting in GUI (which flips its setting) ... and close it without applying ... ...
by mkx
Wed Sep 11, 2024 10:15 pm
Forum: Beginner Basics
Topic: cap lite @ capsman
Replies: 3
Views: 230

Re: cap lite @ capsman

AND the hex is losing it's configuration, comments and also files I created. What is going on?! Doesn't it store those things on an internal device? Check hEX for flash utilization. If it's (almost) full, then configuration changes can get lost. But that happens after reboot, running copy of config...
by mkx
Wed Sep 11, 2024 10:12 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

When I close the dialog the value I get in the CLI is wrong again.
I just leave it at "LAN", that seems to work for me.

Why don't you change it via CLI if you've gotten that far? (big thumbs up for that!)
by mkx
Wed Sep 11, 2024 2:57 pm
Forum: Wireless Networking
Topic: hAP ax3 - Low Wireless Strength
Replies: 7
Views: 1248

Re: hAP ax3 - Low Wireless Strength

RBD53iG-5HacD2HnD = hAP AC3

How to tell a Mikrotik nerd from normal people: the former can recite product codes together with their marketing model names :wink: (while the later have to use their favourite internet search engine)
by mkx
Wed Sep 11, 2024 2:51 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

I think we can go back to "do NOT use quickset" ... if user comes to @holvoetn asking him about rules, then that user is already way past the IFs and BUTs which would potentially allow to use quickset.
by mkx
Wed Sep 11, 2024 2:39 pm
Forum: General
Topic: Adding a second /24 network troubles
Replies: 7
Views: 412

Re: Adding a second /24 network troubles

As for those two NAT rules - It's been a while since I set this up but if I remember correctly (and I can certainly test this..) without those DNS breaks and nothing resolves. From context of device config posted these rules are useless ... the TCP rule has potential to rewrite dst-port but actuall...
by mkx
Wed Sep 11, 2024 2:22 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

Avoiding it in total may be for most the wiser option. Exactly. If there were enough quickset profiles/schemes to cover like 98% of use cases, then I'd be all for quickset ... it is a corner stone for offering MT devices to people without ROS knowledge. However since many profiles are missing (and ...
by mkx
Wed Sep 11, 2024 2:14 pm
Forum: Beginner Basics
Topic: Vlan on crs125-24g-1s-2hnd-in
Replies: 4
Views: 510

Re: Vlan on crs125-24g-1s-2hnd-in

As I already hinted: does device, connected to ether7, expect tagged VLAN 200 or not? Required configuration on switch entirely depends on this "design decision". From your observation in last line of previous post it seems that device doesn't talk VLANs ... in which case you do need the i...
by mkx
Wed Sep 11, 2024 11:55 am
Forum: RouterBOARD hardware
Topic: Upgrading older Mikrotik equipment
Replies: 16
Views: 1584

Re: Upgrading older Mikrotik equipment

Why would I need TWO (2) SFP? Future expansions? Or some other similar excuse. See answer to your last question. anything in particular that I should watch out for when ordering the fiber? I have seen a bunch of different ones on Amazon just not sure which one to get. Just keep in mind that general...
by mkx
Wed Sep 11, 2024 11:39 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

4. Do NOT use quickset
This one should be made rule number -1 ... or whatever takes to make it to very top of rules.
by mkx
Wed Sep 11, 2024 11:35 am
Forum: Beginner Basics
Topic: Vlan on crs125-24g-1s-2hnd-in
Replies: 4
Views: 510

Re: Vlan on crs125-24g-1s-2hnd-in

These two settings are not coherent: /interface ethernet switch egress-vlan-tag add tagged-ports =ether2, ether7 vlan-id=200 /interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=200 new-service-vid=0 ports= ether7 The first one says that VLAN 200 has to remain tagg...
by mkx
Wed Sep 11, 2024 11:23 am
Forum: General
Topic: Adding a second /24 network troubles
Replies: 7
Views: 412

Re: Adding a second /24 network troubles

I can see one problem: /ip dhcp-server network add address=10.172.13.0/24 comment=defconf dns-server=10.172.12.1 gateway=10.172.12.1 In principle, gateway address has to be within device's subnet ... so when using 10.172.13.0/24, gw address should be e.g. 10.172.13.1. Mind that DNS server address ca...
by mkx
Wed Sep 11, 2024 9:14 am
Forum: Beginner Basics
Topic: QinQ Help needed
Replies: 1
Views: 177

Re: QinQ Help needed

Quite many windows NIC drivers automatically strip off (one layer of) 802.1Q headers ... and if running wireshark on such windows machine, lack of outer header is to be expected (in case of your 'tripple header' that would be 802.1Q header with VID set to 3000). Some NIC drivers allow you to properl...
by mkx
Wed Sep 11, 2024 9:04 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

... or causes random problems (worst case). Judging from the reports I have seen on the forum, the worst case seems to be the normality... Being an optimistic guy I tend to believe that most people, who have this **** enabled, don't see any problems (so they don't report anything on this forum) ......
by mkx
Tue Sep 10, 2024 7:14 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

Do yourself a favour and disable the detect internet thingy (set list to none). It's only good when one doesn't know which port is supposed to connect internet, otherwise it doesn't do anything (best case) or causes random problems (worst case). UDP flooding seems to be somewhere in between ...
by mkx
Tue Sep 10, 2024 3:41 pm
Forum: Beginner Basics
Topic: Beginner fail to port forwarding
Replies: 6
Views: 404

Re: Beginner fail to port forwarding

This combination of rules is dangerous: add action=drop chain=input comment="defconf: drop all not coming from LAN" \ disabled=yes in-interface-list=!LAN ... add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN port=2000 protocol=tc...
by mkx
Tue Sep 10, 2024 8:21 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1196

Re: Network traffic gets slower, when adding vlans

Any reason for using "arp=proxy-arp" setting on bridge? It does somehow defeat use of VLANs (as means to separate subnets). Can you quantify the "It gets so slow, that I can hardly work anymore." statement? Although hEX is a pretty decent little device, it's not very powerful aft...
by mkx
Mon Sep 09, 2024 3:10 pm
Forum: Beginner Basics
Topic: Ax3 with POE dlink switch
Replies: 2
Views: 309

Re: Ax3 with POE dlink switch

Nope. hAP ax3 supports passive PoE-in ... with allowed voltage range between 18V and 28V. See product info: https://mikrotik.com/product/hap_ax3 Your DLink is most probably a 803.2af/at/... compliant switch which requires proper handshake between PSE (PoE switch) and PD (powered device) ... and PD h...
by mkx
Mon Sep 09, 2024 3:02 pm
Forum: General
Topic: Slow-ish upload speeds on CCR2004-16G-2S+
Replies: 15
Views: 1056

Re: Slow-ish upload speeds on CCR2004-16G-2S+

I also don't see any high CPU usage, this is a screenshot while doing the upload part of a speedtest (I assume this is what you meant with profiler?):

Yup. But select "CPU: all" to see if one single core gets maxed out (CPU: total gives averages, which are useless in this case).
by mkx
Mon Sep 09, 2024 9:06 am
Forum: General
Topic: SOLVED | RouterOS bridge blocking traffic but not SwOS [SOLVED]
Replies: 8
Views: 687

Re: RouterOS bridge blocking traffic but not SwOS [SOLVED]

Are you sure you need these settings on bridge ports?
internal-path-cost=10 path-cost=10 trusted=yes
They are not set to these values in default config ... and trusted has potential to interfere with traffic.
by mkx
Mon Sep 09, 2024 9:02 am
Forum: General
Topic: www-ssl secure?
Replies: 5
Views: 412

Re: www-ssl secure?

Now, it be nice if the REST API support X.509 client certificates to avoid need to store the username/password on the calling machine, but it does not today. If remote side requires any sort of authentication, then it's necessary to store something on local side. If authentication requires username...
by mkx
Sun Sep 08, 2024 7:17 pm
Forum: RouterBOARD hardware
Topic: Upgrading older Mikrotik equipment
Replies: 16
Views: 1584

Re: Upgrading older Mikrotik equipment

Not sure where you got the performance figures. The number, which seems to resemble reality the best, is listed under "Routing -> 25 ip filter tules -> 512 byte packet size". For CCR2004-16G-2S+PC it's 2767.9 Mbps. For RB5009UG+S+IN it's 3096.2 Mbps. For RB3011UiAS-RM it's 452.6 Mbps. The ...
by mkx
Sun Sep 08, 2024 5:30 pm
Forum: General
Topic: Audience Boot Loop
Replies: 2
Views: 186

Re: Audience Boot Loop

My own audience runs fine at 7.15.3. It came with v6, so I netinstalled it to one of early v7 (to get wifiwave2 drivers running). After that ordinary ROS upgrades (using ROS built-in upgrader) did things just fine. So it could be your device is somehow damaged and fit for warranty replacement (I lov...
by mkx
Sun Sep 08, 2024 5:25 pm
Forum: Beginner Basics
Topic: order of fasttrack
Replies: 3
Views: 375

Re: order of fasttrack

Exactly.
by mkx
Sun Sep 08, 2024 4:15 pm
Forum: General
Topic: www-ssl secure?
Replies: 5
Views: 412

Re: www-ssl secure?

This requires /ip/services/www-ssl to be enabled. Is there any downside? Security risk? As with every ROS service, if enabled it's important to protect it from being available too widely. And that's achieved using firewall. Default firewall allows access to (all) router services from LAN. If firewa...
by mkx
Sun Sep 08, 2024 4:07 pm
Forum: Beginner Basics
Topic: order of fasttrack
Replies: 3
Views: 375

Re: order of fasttrack

A few things to remember: firewall filter rules are evaluated from top to bottom In second case this means that fasttrack rule never gets evaluated because it's "overshadowed" by regular accept rule it's a bit of a mystery as to how fasttrack rules work. One of theories is that fasttrack r...
by mkx
Sun Sep 08, 2024 1:04 pm
Forum: RouterBOARD hardware
Topic: Upgrading older Mikrotik equipment
Replies: 16
Views: 1584

Re: Upgrading older Mikrotik equipment

Both devices have ample of ports to be used as switches as well. Just beware that CRS2004 has actually 2 switches built in and traffic between both port groups passes CPU. The same is true for both SFP+ ports, tgey are handled directly by CPU. This is not the case with RB5009, all ports (including S...
by mkx
Sun Sep 08, 2024 12:55 pm
Forum: Wireless Networking
Topic: Ether: bridge port receiving packet with its own MAC address [SOLVED]
Replies: 19
Views: 1455

Re: Ether: bridge port receiving packet with its own MAC address [SOLVED]

... spanning trees protocols is that both RSTP and MSTP are compatible with each other so should it be the problem or part of it ? Various STP protocols may be compatible in a sense that message, created by one of those, can be processed by the others. However the way these protocols work out the h...
by mkx
Sun Sep 08, 2024 12:45 pm
Forum: General
Topic: Need some hardware recommendations for a router
Replies: 2
Views: 253

Re: Need some hardware recommendations for a router

Problems with multi-gig links are at least the following: transmitting more than 1Gbps over UTP is power-ineffective and makes transcievers hot. This is a particularly big problem with SFP+ RJ45 modules because SFP modules don't offer enough cooling. Which is then a problem when quiet operation is w...
by mkx
Sun Sep 08, 2024 12:18 pm
Forum: Wireless Networking
Topic: Ether: bridge port receiving packet with its own MAC address [SOLVED]
Replies: 19
Views: 1455

Re: Ether: bridge port receiving packet with its own MAC address [SOLVED]

Mixing MSTP and RSTP is at least part (if not the whole) if your problem. RSTP is not VLAN aware and blocks physical link if it detects a loop (the error message, mentioned in this thread's title, does indicate this condition), while with MSTP it's possible to distribute VLANs over multiple physical...
by mkx
Sat Sep 07, 2024 10:39 pm
Forum: Wireless Networking
Topic: Ether: bridge port receiving packet with its own MAC address [SOLVED]
Replies: 19
Views: 1455

Re: Ether: bridge port receiving packet with its own MAC address [SOLVED]

Try to set MAC of bridge manually ... to MAC different than any of bridge ports. For ideas about proper MAC address "invention", have a look at Universal vs. local (U/L bit) section of MAC address wikipedia article (use MAC address of one of bridge ports as a basis and apply the L bit to i...
by mkx
Sat Sep 07, 2024 10:16 pm
Forum: General
Topic: Request to upgrade SSH service in RouterOS 6.x branch
Replies: 1
Views: 263

Re: Request to upgrade SSH service in RouterOS 6.x branch

MT staff (I think it was @normis) clearly stated, that ROS v6 is feature-frozen, it'll receive only (some?) security fixes. Support for ellyptic cipher algorithms is IMO not security issue. After all, OpenSSH did not discontinue support for legacy algorithms, they were deprecated ... meaning they ar...
by mkx
Sat Sep 07, 2024 10:08 pm
Forum: General
Topic: ERR_CONNECTION_CLOSED
Replies: 4
Views: 805

Re: ERR_CONNECTION_CLOSED

You will definitely have to troubleshoot the whole path betwern API client and server. Start by running wireshark on both and compare the captured traffic. If captures are identical on both ends, then it's entirely between client and server. If they differ, tgen it's something in between that interf...
by mkx
Fri Sep 06, 2024 3:55 pm
Forum: General
Topic: Internet slow with Mikrotik router
Replies: 5
Views: 427

Re: Internet slow with Mikrotik router

Apart from making configuration as similar to default (as suggested by @tangent) ... I'd start by removing DHCP client from anything but vlan2 interface. If your router manages to obtain DHCP lease on more than one interface, it may get lost as to which default route it should use. removing vlan4 in...
by mkx
Fri Sep 06, 2024 3:23 pm
Forum: General
Topic: ERR_CONNECTION_CLOSED
Replies: 4
Views: 805

Re: ERR_CONNECTION_CLOSED

Mikrotik firewall is L4 firewall ... so it operates up to TCP/UDP - i.e. it blocks traffic passing to/from specific IP address/port combination. It does not look into contents (e.g. HTTP response codes)[*]. ROS might do something about it if you actually managed to (ab)use proxy service on ROS to se...
by mkx
Fri Sep 06, 2024 3:14 pm
Forum: General
Topic: IPv6 for SSH Tunnel Server
Replies: 17
Views: 1188

Re: IPv6 for SSH Tunnel Server

When creating ssh connection to your router, define "local port forwarding" with IPv6 address of remote host. Command line example in linux would look like this: ssh 192.168.88.5 -L 20202:[fe80::ae1f:6bff:feb0:26bc]:80 The trick on OpenSSH client is to enclose the IPv6 address in square br...
by mkx
Fri Sep 06, 2024 10:40 am
Forum: Beginner Basics
Topic: LAN to LAN basics
Replies: 21
Views: 2182

Re: LAN to LAN basics

@mkx Well, I paid 1.80 for that same cable, so it costs us nothing - combined - we are still ahead, and we can even afford to pay the unjust and unfair duty the Sheriff of Nottingham just imposed on us. If we're still ahead or not depends on tax rate that Sheriff (a.k.a. @anav) is trying to charge ...
by mkx
Fri Sep 06, 2024 9:25 am
Forum: Beginner Basics
Topic: hAP ax3 Routing stopped working
Replies: 4
Views: 440

Re: hAP ax3 Routing stopped working

Did you, by any chance, click around QuickSet? Using QuickSet (part of Webfig and Winbox, the "light version of UI") is pretty dangerous if one ever configures anything outside QuickSet (many of us think that when user clicks WebFig button the first time, QuickSet button should simply disa...
by mkx
Fri Sep 06, 2024 9:22 am
Forum: Beginner Basics
Topic: Connecting 2 cAP ac to hEXs using PoE
Replies: 2
Views: 323

Re: Connecting 2 cAP ac to hEXs using PoE

No. PoE-out limit on hEX S is 500mA and if using "stock" power adapter (at 24V), that translates into 12W. Single cAP ac power consumption is rated at 12W (without attachments). Additionally, "stock" pwoer adapter is rated at 1.2A, at 24V this is 28.8W. hEX S own consumption is 6...
by mkx
Fri Sep 06, 2024 9:08 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

Some devices simply do not support health monitoring. It's not a winbox bug! I can understand @maisondasilva where he'd like to have the "pull out" list of items invariant. So perhaps the items, not feasible for a particular connected device could be present on the list but inactive (and ...
by mkx
Thu Sep 05, 2024 8:40 pm
Forum: General
Topic: lo iface in LAN list
Replies: 11
Views: 548

Re: lo iface in LAN list

I'm pretty sure that router, when ND is enabled, sends out packets to broadcast address via all interfaces (which includes lo). And again, as I wrote, sending traffic to broadcast on lo won't yield any response. Which means that dropping such traffic doesn't do any harm. The only issue here is your ...
by mkx
Thu Sep 05, 2024 7:31 pm
Forum: General
Topic: DHCP is offered but not bound to Brother printers only [SOLVED]
Replies: 36
Views: 1874

Re: DHCP is offered but not bound to Brother printers only [SOLVED]

/interface bridge add admin-mac=48:A9:8A:XX:YY:ZZ auto-mac=no comment=defconf frame-types=admit-only-vlan-tagged name=bridge vlan-filtering=yes You can check it with either UI or by typing /interface bridge export verbose There is pvid=1 which is not exported since it's default value, but it is sti...
by mkx
Thu Sep 05, 2024 6:47 pm
Forum: General
Topic: lo iface in LAN list
Replies: 11
Views: 548

Re: lo iface in LAN list

And that traffic is being sent to broadcast address ... since only device, attached to that "network", is sender itself, it won't get any answer ... like ever. So dropping this traffic doesn't change anything. It would be different, if some service would try to connect another internal ser...
by mkx
Thu Sep 05, 2024 6:37 pm
Forum: Beginner Basics
Topic: LAN to LAN basics
Replies: 21
Views: 2182

Re: LAN to LAN basics

... VLAN1 ... leave it alone, since it costs nothing.

How can you say that not using VLAN 1 costs us nothing? I paid 1.85€ for an UTP patch cord for use with trunk connection. If I can't use VLAN 1, I'm loosing 0.00045 € due to reduced functionality !!!
by mkx
Thu Sep 05, 2024 6:21 pm
Forum: Wireless Networking
Topic: Legacy and new CAPsMan on the same x86 device
Replies: 6
Views: 846

Re: Legacy and new CAPsMan on the same x86 device

Depends on how you want it to work exactly. Fyi, legacy supports CAPsMAN forwarding, wifi-qcom(-ac) doesn't. Thanks, What I need to do is to add some ax devices in remote site and get the CAPsMAN forwarding work. Is that possibl No, capsman forwarding with new capsman is not possible. Period. You'l...
by mkx
Thu Sep 05, 2024 7:52 am
Forum: Wireless Networking
Topic: Slow WiFi [SOLVED]
Replies: 31
Views: 2352

Re: Slow WiFi [SOLVED]

I'm guessing then that we installed wifi-qcom-ac above wifi-qcom because its smaller and the settings are practically the same? Adding to post by @jaclaz: yes, you installed wifi-qcom-ac because it's smaller. And that's exactly the reason for its existence, some ac devices have the tiny 16MB flash ...
by mkx
Wed Sep 04, 2024 11:47 pm
Forum: General
Topic: TX/RX packet errors via lte rndis0 (usb)
Replies: 4
Views: 407

Re: TX/RX packet errors via lte rndis0 (usb)

You're right, coukd be a bug in android's ifconfig. Another possibility is (again android's) RNDIS stack which erroneously handles ethernet frame checksum ... but doesn't discard frame due to mismatch (could be RNDIS driver on MT to blame as well). But, as you may have guessed by now, I'm just guess...
by mkx
Wed Sep 04, 2024 4:08 pm
Forum: Beginner Basics
Topic: How communicate between router without involving WAN [SOLVED]
Replies: 7
Views: 750

Re: How communicate between router without involving WAN [SOLVED]

Shouldn't there also be 7. add ether5 on both routers to WAN interface list and remove from LAN (if present) Well, my post starts with "in a few words" :wink:. Of course actual list of things to do greatly depends on actual configuration of both routers and wanted end state (from function...
by mkx
Wed Sep 04, 2024 3:51 pm
Forum: General
Topic: TX/RX packet errors via lte rndis0 (usb)
Replies: 4
Views: 407

Re: TX/RX packet errors via lte rndis0 (usb)

Rx errors are often not detected on the other (Tx) side ... so the discrepancy in errors statistics is nothing weird. I can think of several reasons for Rx errors to happen ... ranging from "noisy" USB cable to (performance) problems in USB stack (and higher) on the android LTE device. If ...
by mkx
Wed Sep 04, 2024 3:44 pm
Forum: General
Topic: /31 through a IPSec over GRE tunnel
Replies: 7
Views: 529

Re: /31 through a IPSec over GRE tunnel

this is considered PtP addressing and works fine
Not everybody knows the name for it ... and certainly not everybody knows how to use it properly ... hence post by @TheCat12 (which is, unlike yours, useful)
by mkx
Wed Sep 04, 2024 3:32 pm
Forum: Beginner Basics
Topic: How communicate between router without involving WAN [SOLVED]
Replies: 7
Views: 750

Re: How communicate between router without involving WAN [SOLVED]

In a few words: remove ether5 from list of bridge ports on both routers assign IP addresses to ether5 on both routers. Use e.g. 192.168.42.1/30 on M1 and 192.168.42.2/30 on M2 add static routes to reach other LAN via opposite router. E.g. on M1 do /ip/route/add dst-address=192.168.1.0/24 gateway=192...
by mkx
Wed Sep 04, 2024 3:23 pm
Forum: Beginner Basics
Topic: best way to create vlan interface
Replies: 1
Views: 361

Re: best way to create vlan interface

Hey guys, i moved newly from opnsense to CHR ROs setup on proxmox, the concept of vlan seems much harder to wrap the head around. This is de-facto guide to how to VLAN on ROS: https://forum.mikrotik.com/viewtopic.php?t=143620 And, while at it, you might want to wrap your head around bridge and its ...
by mkx
Wed Sep 04, 2024 3:19 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 654
Views: 250408

Re: v7.15.3 [stable] is released!

The runtime is 20 days, and currently, the DNS cache has grown to 42,375 KiB. The DNS memory leak in RouterOS 7.15.3 is continuously occurring. Why have you set Cache size to 64MB? This. It's not a memory leak if service uses up to amount of RAM assigned. In this particular case, even if some DNS c...
by mkx
Wed Sep 04, 2024 3:13 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 301
Views: 99248

Re: v7.16rc [testing] is released!

... on 1 cap AC using wifi-qcom-ac driver...

Oddly enough, no such issue on ac2 with exact same config (same RAM amount so why ??).
hAP ac2 has 3 more ethernet ports, so more buffer on switch chip is in use ... perhaps that's a life saver? LOL
by mkx
Tue Sep 03, 2024 5:49 pm
Forum: SwOS
Topic: Configure SwOS as fully Unmanaged for SonicWALL HA
Replies: 1
Views: 679

Re: Configure SwOS as fully Unmanaged for SonicWALL HA

VLAN and "fully unmanaged" don't go together in same sentence.

The closest to fully unmanaged switch MT switch can get (both SwOS and ROS) is default switch config with xSTP fully disabled (both globally and per-port).
by mkx
Tue Sep 03, 2024 4:11 pm
Forum: Beginner Basics
Topic: Amazon Firestick issues
Replies: 8
Views: 808

Re: Amazon Firestick issues

If i connect directly to my ISP's router the firesticks (2) will work but not if behind the mikrotik

Sometimes wifi stations cache connection failures and refuse even to try to reconnect to AP with MAC remembered as "problematic".
by mkx
Tue Sep 03, 2024 9:17 am
Forum: General
Topic: netinstall ethernet port of hap ax3?
Replies: 4
Views: 416

Re: netinstall ethernet port of hap ax3?

I'll stick with v7, I believe it's v7.15.3. I don't see v7.5 on routeros download page. On v7 it's generally safest to stick to latest stable release. Indeed there are some problems with newest versions on certain devices and then it's wise to run slightly older (e.g. some people have some problems...
by mkx
Mon Sep 02, 2024 7:10 am
Forum: Wireless Networking
Topic: Wireless interference between devices in close vicinity
Replies: 17
Views: 1133

Re: Wireless interference between devices in close vicinity

The problem is power pre-amplifier (PPA) in receive path and its automatic gain control. It gas to amplufy analog received signals so that they enter the analog-digital converter at certain level. The problem is that PPA doesn't know the exact frequency used and amplifies the whole 2.4GHz band ... i...
by mkx
Sun Sep 01, 2024 10:32 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1499

Re: Newbie Configuration-RB3011UiAS

It seems that DHCP parameters are not meant to be received from both VLANs by the same routing instance. So now the question: what's the intended layout of your LAN devices (including VoIP devices)? I don't have VoIP, but my ISP delivers IPTV over tagged and multicast. It is possible to terminate th...
by mkx
Sun Sep 01, 2024 9:11 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1499

Re: Newbie Configuration-RB3011UiAS

10.50.131.150 does not fit into 10.126.0.0/17 (this one covers range 10.126.0.1 - 10.126.127.254) but you don't have any specific router which would match better than default via pppoe internet interface. You can try to add a route towards 10.50.131.150. Ideally you'd use some gateway address (which...
by mkx
Sun Sep 01, 2024 7:16 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

I have a problem with czech diacritics. In older version, was all good, but now I can see this: ? and corect is: č So new version doesn't know this diacritics. ěščřžýáíé and write only this ?????? Can you repair this bug, please? Thank you It's probably bug due to not handling non-ASCII characters ...
by mkx
Sun Sep 01, 2024 6:56 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1499

Re: Newbie Configuration-RB3011UiAS

PPPoE is a bit nifty for IPv6. One thing is that you don't need to request address from DHCPv6 server, only prefix. (Doesn't hurt requesting one, but it's useless) Another thing is that DHCPv6 server on ROS is not very useful, it can't hand out addresses (only prefixes). Alas, in IPv6 there are Rout...
by mkx
Sun Sep 01, 2024 5:11 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1499

Re: Newbie Configuration-RB3011UiAS

Is there perhaps a .fwf file lying around in files area? It's either this or a bug in firmware handling in 7.16rc4 ... I don't have any other explanation for the routerboard anomaly. In any case, having "current firmware" version same as running ROS version js a good sign and you should no...
by mkx
Sun Sep 01, 2024 3:06 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1499

Re: Newbie Configuration-RB3011UiAS

Post full config .. from terminal window execute /export filename=anynameyouwish , fetch resulting file, open it in your favourite text editor, redact any renaining srbsitivevdara (serial number, passwords, etc.) and post it inside [ code] [/code] tag pair. Also post output of /system/routerboard/pr...
by mkx
Sun Sep 01, 2024 3:00 pm
Forum: Beginner Basics
Topic: VLAN not working on CRS305-1G-4S+
Replies: 5
Views: 492

Re: VLAN not working on CRS305-1G-4S+

The setting for sfp-sfpplus2 (under bridge/port) lacks setting of PVID ... and default is PVID=1 ... OTOH it's set as untagged for VLAN 50 ... so you have a discrepancy here.
by mkx
Sun Sep 01, 2024 1:13 pm
Forum: Beginner Basics
Topic: Firewall Address List enhancement
Replies: 5
Views: 485

Re: Firewall Address List enhancement

If using webfig, then you have to create a new list when adding first address to it: IP -> firewall -> address lsits -> add new ... in the list field, don't select existing list from a drop down lsit, but rather type in name of new list. Also add (the first) address ... and click apply (or OK). For ...
by mkx
Sun Sep 01, 2024 1:04 pm
Forum: Beginner Basics
Topic: VLAN not working on CRS305-1G-4S+
Replies: 5
Views: 492

Re: VLAN not working on CRS305-1G-4S+

Unless bridge has vlan-filtering=yes set, all VLAN-related settings on bridge and member ports are ignored (this includes PVID setting).
by mkx
Sat Aug 31, 2024 11:19 pm
Forum: Wireless Networking
Topic: RB911G-5HPnD (2 x ant, WIFI4) VS. hAP ac lite (1 x ant, WIFI5)
Replies: 7
Views: 578

Re: RB911G-5HPnD (2 x ant, WIFI4) VS. hAP ac lite (1 x ant, WIFI5)

They cost roughly the same....which would be the best solution? Apart from suggestions for some more modern device ... base RB911 is only a board. You need a case (list price $15), power adapter (price around $10), antenna pigtails and antennae them selves (price for all together probably around $2...
by mkx
Sat Aug 31, 2024 9:23 pm
Forum: Beginner Basics
Topic: Bridge VLAN Filtering & Firewall [SOLVED]
Replies: 11
Views: 965

Re: Bridge VLAN Filtering & Firewall [SOLVED]

So you have 3 VLAN interfaces /interface/vlan add interface=bridge1 name=vlan88 vlan-id=88 add interface=bridge1 name=vlan10 vlan-id=10 add interface=bridge1 name=vlan20 vlan-id=20 and you have appropriate IP addresses set on all 3 vlan interfaces. Now device will route traffic between the 3 subnets...
by mkx
Sat Aug 31, 2024 9:09 pm
Forum: General
Topic: executing script from winbox failed, please check it manually
Replies: 13
Views: 1909

Re: executing script from winbox failed, please check it manually

I can't be certain, but you wrote: So I checked my Dude setup and, after *a lot* of testing, I found that I had a function for checking the number of capsman clients that was using a call for the previous version of capsman. If I understand this correctly, then it's not a script, configured in ROS d...
by mkx
Sat Aug 31, 2024 8:21 pm
Forum: General
Topic: Slow-ish upload speeds on CCR2004-16G-2S+
Replies: 15
Views: 1056

Re: Slow-ish upload speeds on CCR2004-16G-2S+

If observing CPU usage under system resources ... that one is average and single-core tasks won't trigger it to go very high (depending on number of CPU cored in your device). It's better to run CPU profiler to see, if one of CPU cores gets pegged and which process causes it.
by mkx
Sat Aug 31, 2024 3:53 pm
Forum: Wireless Networking
Topic: Upgraded brand new nRAY 60G master and lost all signs of W60G radio
Replies: 7
Views: 1690

Re: Upgraded brand new nRAY 60G master and lost all signs of W60G radio

Why the good Mikrotik guys like to potentially alienate a number of their customers over the lack of a copy-paste on each post 7.12.x release docs a single sentence *like*: Yes. But until when? For me this is already obsolete news, all of my devices, which deserve running v7, are already past 7.13....
by mkx
Sat Aug 31, 2024 2:04 pm
Forum: General
Topic: Slow-ish upload speeds on CCR2004-16G-2S+
Replies: 15
Views: 1056

Re: Slow-ish upload speeds on CCR2004-16G-2S+

How would I go about trying to enable fasttrack and see if that works? It's a firewall filter rule ... like this one: /ip/firewall/filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack" Since firewall filters are processed to...
by mkx
Sat Aug 31, 2024 10:27 am
Forum: Wireless Networking
Topic: Upgraded brand new nRAY 60G master and lost all signs of W60G radio
Replies: 7
Views: 1690

Re: Upgraded brand new nRAY 60G master and lost all signs of W60G radio

This is an absolute joke. To me, your post is joke. Mikrotik''s suggested way of upgrading ROS on devices is to execute ROS-builtin package updater. And this way works just fine. Sure there are other ways of doing it (dropping manually selected package files to device, netinstall), but whrn those w...
by mkx
Fri Aug 30, 2024 11:09 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 38
Views: 5495

Re: NetMetal ax / L23-UGSR — initial feedback from specs

can the frequency be selected with 5mhz step like in non-ax chips, or must follow strict "wifi channels" frequencies? It seems that it requires using proper channel frequencies. Just tried to set frequency to 5205 on my Audience (runing wifi-qcom-ac). CLI does allow to set it, but interfa...
by mkx
Fri Aug 30, 2024 10:53 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

As long there is a workspace with 🪟 ...
Many datacenters don't ... in which case the box part kocks in.
by mkx
Fri Aug 30, 2024 10:40 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1072
Views: 189638

Re: 📣 WinBox 4 is here 📣

If only you'd taken the opportunity to change that meaningless (if not entirely misleading) name, now that its Windoze shackles are finally off :)

Indeed. And here's my suggestion: ROSman
by mkx
Fri Aug 30, 2024 3:47 pm
Forum: General
Topic: New RB device password in digital form?
Replies: 3
Views: 411

Re: New RB device password in digital form?

... at least we have our own default config and password (which is unfortunately still shown in the /system/default-configuration/print). Isn't the default config only shown to user with administrative rights? That is so on my devices. And probably the reason for restriction is exactly this ... So ...
by mkx
Thu Aug 29, 2024 9:08 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1292

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Though it seems to be working better, VLAN assignment on the wifi-qcom-ac seems to be broken: Yup, that's a known "feature" of wifi-qcom-ac ... the only way to get its interfaces part of a VLAN is to use vlan-enabled bridge and set appropriate PVID to each of wifi interfaces (real and vir...
by mkx
Thu Aug 29, 2024 7:23 pm
Forum: General
Topic: How to Stop the DNS server and free port 53 [SOLVED]
Replies: 7
Views: 730

Re: How to Stop the DNS server and free port 53 [SOLVED]

It's not strictly necessary to "free port 53" ... DST-NAT (which is required to send traffic to different server) is one of early stages of packet processing ... only at later stage packet gets delivered to router's own service if destination address remains same as one of router's own IP ...
by mkx
Thu Aug 29, 2024 6:52 pm
Forum: Beginner Basics
Topic: Default SOHO Firewall Rules
Replies: 10
Views: 770

Re: Default SOHO Firewall Rules

.. it is hard to say what you did. I just had a quick glance at the page ... the first chapter is titled "Remove all configuration:" .. which makes me turn away from this thread. If @OP follows such a "cook book", then he should trust the author of the cookbook and discuss any m...
by mkx
Thu Aug 29, 2024 6:47 pm
Forum: Beginner Basics
Topic: Untagged access with VLAN filtering - should Bridge be tagged or untagged ? [SOLVED]
Replies: 5
Views: 614

Re: Untagged access with VLAN filtering - should Bridge be tagged or untagged ? [SOLVED]

As both variants, if properly set up, work, it's not possible to say which one is right and which one is wrong. It's a matter of personal taste. My way is this: as soon as I start with VLANs, I go with all-tagged within LAN infrastructure. Which includes connections between LAN devices (switches, ro...
by mkx
Thu Aug 29, 2024 6:24 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1292

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Another difference I notice is that you have switch1-cpu added to all your /interface ethernet switch vlan If using /interface/ethernet/switch config subtree for wired VLANs, then it's necessary to add all VLANs, somehow handled by CPU, to switchX-cpu switch port . Which includes VLANs for wifi int...
by mkx
Thu Aug 29, 2024 7:34 am
Forum: General
Topic: Wireless on HAP AC2
Replies: 3
Views: 394

Re: Wireless on HAP AC2

1. Since v7, there are two dtivers for wifi hardware: legacy wireless and new wifi ... New ax hardware is only supported by wifi drivers, pre-ac hardware is only supported by wireless. Ac hardware (including hAP ac2) is supported by either driver, but default being wireless (due to legacy reasons). ...
by mkx
Thu Aug 29, 2024 7:18 am
Forum: Beginner Basics
Topic: RouterOS config VLAN/segmentation [SOLVED]
Replies: 4
Views: 729

Re: RouterOS config VLAN/segmentation [SOLVED]

The new one is able to hardware accelerate more then one bridge and my problems have ceased.

Which is the "new modil" that can HW offload more than ond bridge? AFAIK there are models that could do it, but with series of gotchas ... so I wonder.
by mkx
Wed Aug 28, 2024 9:06 pm
Forum: Beginner Basics
Topic: HAP AX2 / AX3 Vlan settings [SOLVED]
Replies: 3
Views: 617

Re: HAP AX2 / AX3 Vlan settings [SOLVED]

So can HAP AX2 / AX3 be configured with Bridge VLAN Filtering (even without HW) - will they work with such configuration ? Will HAP AX2 be enough CPU power for that or better to buy AX3 for VLANs without HW? Yes and yes. And no, there is no other way of configuring VLANs on hAP ax2. My experience w...
by mkx
Wed Aug 28, 2024 4:00 pm
Forum: Beginner Basics
Topic: Upgraded from Ros6 to Ros7 and cant identify router anymore [SOLVED]
Replies: 2
Views: 400

Re: Upgraded from Ros6 to Ros7 and cant identify router anymore [SOLVED]

Your SXT should work fine with v7. There's a gotcha when netinstalling v7: you have to install optional package wireless, since 7.13 none of wireless driver packages are parts of base package (routeros). There are some funny details when it comes to netinstall ... e.g. sometimes some certain version...
by mkx
Wed Aug 28, 2024 12:15 pm
Forum: Wireless Networking
Topic: NV2 on AX
Replies: 6
Views: 1020

Re: NV2 on AX

I understand AX does not allow for NV2, but the radios does also support AC and N and i would think it possible to port NV2 at least for these standards that is compattable with NV2. AFAIK it's not radio hardware in AX devices which is incompatible with NV2, it's drivers issue: on AX devices it's o...
by mkx
Wed Aug 28, 2024 12:02 pm
Forum: General
Topic: (2) Different RB5009.. Different Max entries for conn tracking
Replies: 2
Views: 412

Re: (2) Different RB5009.. Different Max entries for conn tracking

It is possible that the one (or the other) Ros version and/or the one or the other configuration takes up a little bit or a little more RAM ... ... and that's what I'd expect to see when both (identical) devices run different versions of ROS. The next question is whether they both have identical se...
by mkx
Tue Aug 27, 2024 5:59 pm
Forum: Beginner Basics
Topic: hAP ac3 NAT forwarding issues [SOLVED]
Replies: 9
Views: 1217

Re: hAP ac3 NAT forwarding issues [SOLVED]

You already have implemented the first rule (two in your case, one per port). You still need the second one (one will cover all the dst-nat rules), but with correct addresses ... You can actually make it even more general and it likely won't bite your back: /ip firewall nat add action=masquerade cha...
by mkx
Tue Aug 27, 2024 3:44 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11355

Re: Default password Frustration

OT: You can't imagine what happens when you have to block DNS by law and use your own... Do you know how many Chinese things call home?... Korean things as well (I've got a Samsung smart TV which is constantly trying to call home). And probably things conceived elsewhere as well (I don't believe th...
by mkx
Tue Aug 27, 2024 3:38 pm
Forum: General
Topic: VLAN and Passthrough
Replies: 3
Views: 446

Re: VLAN and Passthrough

Apart from understanding the topic, mentioned by @erlinden, the only issue is to make a modem pass-trough configuration in each of RBM33G ... each using different VLAN ID for its "modem traffic" (article, linked below, uses plain ethernet port as passthrough interface, I guess you can crea...
by mkx
Tue Aug 27, 2024 3:31 pm
Forum: General
Topic: How to predefine hostnames for DHCP leases?
Replies: 9
Views: 863

Re: How to predefine hostnames for DHCP leases?

At least some really widely used one support this indeed: - ISC DHCP by using a "host" declaration - see https://kb.isc.org/docs/isc-dhcp-41-manual-pages-dhcpdconf From the cited document: It should be noted here that most DHCP clients completely ignore the host-name option sent by the DH...
by mkx
Tue Aug 27, 2024 3:24 pm
Forum: General
Topic: Seperate multiple public IPs to different devices [SOLVED]
Replies: 10
Views: 1274

Re: Seperate multiple public IPs to different devices [SOLVED]

As long as you can pull additional IP address (e.g. using MACVLAN interface), you can use that additional IP address simply for NAT ... both dst-nat (i.e. public clients can connect to secondary_address:port and those connections get NATed to internal server) and src-nat (for server's outgoing conne...
by mkx
Tue Aug 27, 2024 10:52 am
Forum: General
Topic: Can't access a single website
Replies: 12
Views: 764

Re: Can't access a single website

In another words - been there, seen that.

OMG Sindy, you're truly one of a kind. The rest of us would be "been there, done that."
by mkx
Tue Aug 27, 2024 10:51 am
Forum: General
Topic: IPv6 routing using VLANs [SOLVED]
Replies: 27
Views: 1481

Re: IPv6 routing using VLANs [SOLVED]

IPv6 addresses are set without prefix length, they should have /64 included. Without it, it's taken to be /128 (just like in IPv4 it's assumed to be /32). This also caught my eye so I've made a test, and the default behavior in IPv6 indeed differs from the one in IPv4, at least in 7.15.3: That's in...
by mkx
Tue Aug 27, 2024 10:48 am
Forum: Beginner Basics
Topic: Change internet port - RB2011UiAS-RM
Replies: 4
Views: 504

Re: Change internet port - RB2011UiAS-RM

Your setup currently uses ether2, ether3 and ether4 in a "switch group" for LAN purpose. Your setup also uses ether6 as WAN interface. The rest of ports seem to not be in use, but there are some remains of config (it seems that ether5 was used as WAN interface in some past). I'd use ether5...
by mkx
Tue Aug 27, 2024 6:58 am
Forum: General
Topic: IPv6 routing using VLANs [SOLVED]
Replies: 27
Views: 1481

Re: IPv6 routing using VLANs [SOLVED]

In @kobuki's configuration there's an error in LAN interface setting: IPv6 addresses are set without prefix length, they should have /64 included. Without it, it's taken to be /128 (just like in IPv4 it's assumed to be /32).
by mkx
Mon Aug 26, 2024 7:45 pm
Forum: Wireless Networking
Topic: Wireless AC & AX - CAPsMAN - FT with connect-priority
Replies: 20
Views: 1611

Re: Wireless AC & AX - CAPsMAN - FT with connect-priority

... and the 2024 award for the most inaccurate package name goes to ... :lol: Actually it shouldn't surprise us. After all, we have a thread, dedicated to the meaning of "C" in names of certain product families (and discussion about "R" in name of certain product family is not f...
by mkx
Mon Aug 26, 2024 6:55 pm
Forum: Wireless Networking
Topic: Wireless AC & AX - CAPsMAN - FT with connect-priority
Replies: 20
Views: 1611

Re: Wireless AC & AX - CAPsMAN - FT with connect-priority

And this new MikroTik ROSE... "MikroTik Enterprise" WHY?! Sorry, but ROSE is clearly not enterprise feature ... every decent enterprise will have some kind of specialized NAS or SAN ... probably any QNAP, Synology or <insert name of your favourite low-cost NAS vendor here> will do better ...
by mkx
Mon Aug 26, 2024 6:50 pm
Forum: Wireless Networking
Topic: PtP wirless bridge with 2 x cAP AC (performance) [SOLVED]
Replies: 11
Views: 1113

Re: PtP wirless bridge with 2 x cAP AC (performance) [SOLVED]

I do not expect to get theoretical 867 Mbit/s but I have expected something around 300Mbit/s. I have merely half of it. With legacy wireless driver in use, it's impossible to get more than around half of theoretical throughput ... in ideal radio conditions (that would be around 430Mbps). And then n...
by mkx
Mon Aug 26, 2024 6:38 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 71
Views: 22414

Re: Wi‑Fi 7 / 802.11be

The problem with roadmaps is that after you publish dates, you damn well stick to them. My impression is that MT has hard time when negotiating with manufacturers of MT's designs (because, let's face it, MT is a small vendor compared to some other well known low-end brands). And it might be that MT'...
by mkx
Mon Aug 26, 2024 6:26 pm
Forum: Beginner Basics
Topic: VLAN traffic in interface list [SOLVED]
Replies: 2
Views: 546

Re: VLAN traffic in interface list [SOLVED]

I have a Mikrotik Hex S, on its 4th and 5th port I have 2 Trunk ports (vlans 8, 100, 200, 999). The configuration of the vlans is done through Bridge. My question is why it is not showing me traffic on a particular VLAN in the interfaces? Is it because the switch-chip is taking care of it? Correct,...
by mkx
Mon Aug 26, 2024 6:16 pm
Forum: Beginner Basics
Topic: Change internet port - RB2011UiAS-RM
Replies: 4
Views: 504

Re: Change internet port - RB2011UiAS-RM

Post current config in full: open terminal window execute /export file=anynameyouwish hide-sensitive (the last command line option is necessary in ROS v6, in v7 that's default copy resulting file over to your management computer open it using favourite text editor, redact any remaining sensitive dat...
by mkx
Mon Aug 26, 2024 9:11 am
Forum: General
Topic: How to revert srcnat pre-routing instead of post-routing?
Replies: 3
Views: 399

Re: How to revert srcnat pre-routing instead of post-routing?

Probably you don't have to set protocol=tcp src-address=10.227.4.10 src-port=443 in mark-routing configuration ... if you properly apply connection mark. You'd probably have to add the route to 10.227.4.0/24 to the alternative routing table though to allow forward packets to reach their destination....
by mkx
Mon Aug 26, 2024 9:01 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11355

Re: Default password Frustration

There is no "initial connection" to change password. They never connect to it. Perhaps devices should ship with default config with internet connection (whichever it is) disabled. This would force users to connect at least once. During this initial connection, user would be forced to set ...
by mkx
Mon Aug 26, 2024 8:53 am
Forum: General
Topic: How to revert srcnat pre-routing instead of post-routing?
Replies: 3
Views: 399

Re: How to revert srcnat pre-routing instead of post-routing?

You have to mark connections, coming in via WAN2 ... then use connection mark to set routing mark ... and then use that routing mark to use alternate routing over WAN2 interface. Yes, it has to be connections marked, so that return packets (belonging to same connection) will get properly marked for ...
by mkx
Sun Aug 25, 2024 2:36 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11355

Re: Default password Frustration

Maybe ETSI TS 103 645? This is ETSI standard, not EC legislation. Standards may get into legislation (in which case laws/rules/directives/... don't have to go into technical details but rather refer to certain standard), but without some kind of regulation they are not mandatory. So my rant about E...
by mkx
Sun Aug 25, 2024 1:53 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11355

Re: Default password Frustration

The problem with EC legislation is that there are two kinds (actually there are more, but in this case two are relevant): regulations and directives. Regulations apply in all member states immediately after they enter in force, equally in whole EU. Directives, however, need to be transposed into nat...
by mkx
Sat Aug 24, 2024 3:56 pm
Forum: Wireless Networking
Topic: HAP AX2 no connection to CAPsMAN
Replies: 10
Views: 658

Re: HAP AX2 no connection to CAPsMAN

wave2 CAPsMAN settings are shared with local wifi settings (if device supports it and has one of wifi-qcom* packets installed) under /interface/wifi ... and you have to configure things using corresponding profiles (i.e. under ./channel/, ./security/, etc.). All devices, running ROS 7.13 and newer, ...
by mkx
Sat Aug 24, 2024 11:54 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11355

Re: Default password Frustration

I often like to cite the checklist on the original instruction manual of the Volkswagen T1: It's a very good checklist, too good to be useful nowdays. The thing is that when some kind of engineering marvel hits the mass market, everyone is wary of new thing and have to learn how to properly use it....
by mkx
Sat Aug 24, 2024 11:46 am
Forum: Virtualization
Topic: Admin user permissions issue with new CHR install on proxmox
Replies: 5
Views: 725

Re: Admin user permissions issue with new CHR install on proxmox

It seems that @OP created another user System with full permissions. So he has to use that user to perform certain tasks. Which is exactly the point of creating non-default user with full permissions (as means of strenghtening security of a device).
by mkx
Sat Aug 24, 2024 9:10 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11355

Re: Default password Frustration

"Password after reset that is printed on the device." - Devices are sometimes in public area's, like CUBE 60 are. - Password versus box table is stored in distributed databases. Those who are genuinely concerned about device security (I'm pretty sure you are as are most regulars on this f...
by mkx
Fri Aug 23, 2024 8:48 pm
Forum: RouterBOARD hardware
Topic: XS+DA001 don't work on RB3011 to CSS610
Replies: 1
Views: 302

Re: XS+DA001 don't work on RB3011 to CSS610

Direct attach cable generally only works when interfaces on both ends are the same generation, i.e. both are SFP (1Gbps) or both are SFP+ (10Gbps) or both are SFP28 (25Gbps). Sometimes it's possible to use DAC even if interfaces are different ... if both devices dupport setting interface rate manual...
by mkx
Fri Aug 23, 2024 8:34 pm
Forum: Beginner Basics
Topic: VLANs for home network - do I need changes ? [SOLVED]
Replies: 9
Views: 1076

Re: VLANs for home network - do I need changes ? [SOLVED]

Sorry, one more thing: Yes, this one ... unset default-vlan-id (i.e. set it to "auto") which will make CPU port (i.e. bridge) tagged for VLAN 88 as well. but I have only untagged traffic for VLAN88 - how does this "auto" setting set VLAN88 in such case - I thought that default-v...
by mkx
Fri Aug 23, 2024 2:28 pm
Forum: Beginner Basics
Topic: VLANs for home network - do I need changes ? [SOLVED]
Replies: 9
Views: 1076

Re: VLANs for home network - do I need changes ? [SOLVED]

/interface ethernet switch port set switch1-cpu vlan-mode=secure vlan-header=leave-as-is default-vlan-id=88 Yes, this one ... unset default-vlan-id (i.e. set it to "auto") which will make CPU port (i.e. bridge) tagged for VLAN 88 as well. 2. Can I use only VLANs (without bridge or ether i...
by mkx
Fri Aug 23, 2024 11:40 am
Forum: Beginner Basics
Topic: VLANs for home network - do I need changes ? [SOLVED]
Replies: 9
Views: 1076

Re: VLANs for home network - do I need changes ? [SOLVED]

The config is more or less fine. I have things configured only slightly differently on my RB951G, something like this: /interface ethernet switch port set ether2 vlan-mode=secure vlan-header= always-strip default-vlan-id=88 set ether3 vlan-mode=secure vlan-header= always-strip default-vlan-id=88 set...
by mkx
Fri Aug 23, 2024 6:51 am
Forum: Beginner Basics
Topic: Microtik hotspot with Wavlink AC1200 in mesh mode
Replies: 5
Views: 713

Re: Microtik hotspot with Wavlink AC1200 in mesh mode

Can you configure first wavelink as AP in mesh mode? Configuring it as router (mesh mode or not) is what causes all devices behind it to appear as wavelink to MT. As long as it's possible to mesh wireless and wired ports this should be possible ... even more, all mesh nodes can be set-up equally, bu...
by mkx
Thu Aug 22, 2024 9:57 pm
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 944

Re: LHG-60G firmware update issue

... total HDD space is 15.3 MiB and free HDD space is 4296 KiB. Since ROS is about 12.3 MiB by itself without packages, normal upgrade does not seem possible. How exactly are you trying to upgrade ROS and what exactly does log say after it fails to upgrade? How exactly are you uploading the npk fil...
by mkx
Thu Aug 22, 2024 9:52 pm
Forum: General
Topic: Packages upgrade in ’station bridge’ mode
Replies: 6
Views: 504

Re: Packages upgrade in ’station bridge’ mode

The default route setting on station brdige is wrong. It should be like this: /ip route add distance=1 gateway=192.168.88.1 Using interface name as gateway doesn't work too well for non-PtP interfaces. Other problems on station-bride device: you shouldn't run DHCP server on station bridge, DHCP serv...
by mkx
Thu Aug 22, 2024 8:46 pm
Forum: General
Topic: Packages upgrade in ’station bridge’ mode
Replies: 6
Views: 504

Re: Packages upgrade in ’station bridge’ mode

If station bridge device can ping your gateway, then it should be able to connect beyond gateway if default route is configured properly (and gateway doesn't block it somehow). You can post full config of station bridge device (in terminal window execute /export file=anynameyouwish hide-sensitive - ...
by mkx
Thu Aug 22, 2024 8:32 pm
Forum: General
Topic: Packages upgrade in ’station bridge’ mode
Replies: 6
Views: 504

Re: Packages upgrade in ’station bridge’ mode

Is there some particular setup needed on the ‘station bridge’ to get internet connectivity for the RouterOS on that wAP AC itself? Or is it possible at all in this mode?
Nothing special, just IP address, default route and DNS server address ... just like any other IP device in your network.
by mkx
Thu Aug 22, 2024 8:25 pm
Forum: General
Topic: On pluging in Internet cable goes in to bootloop.
Replies: 1
Views: 296

Re: On pluging in Internet cable goes in to bootloop.

On MT devices it's possible to use any port as WAN port. Reconfiguration is not trivial, but not too hard either.

Port, marked as internet, is on hEX special because it's PoE in as well ... so it's slightly different than the rest of ports. Perhaps this makes it more sensible to voltage surges?
by mkx
Wed Aug 21, 2024 4:34 pm
Forum: Wireless Networking
Topic: configuration.distance in wifi-qcom package
Replies: 3
Views: 451

Re: configuration.distance in wifi-qcom package

In PtMP setups you can have different values on different nodes: The value should reflect the distance to the AP or station that is furthest from the device. So on hub node (PtMP AP) you need to have e.g. 3km, on station nodes whatever needed (on the farthest node 3km, on nearer nodes something lowe...
by mkx
Wed Aug 21, 2024 4:16 pm
Forum: Beginner Basics
Topic: hAP ac3 NAT forwarding issues [SOLVED]
Replies: 9
Views: 1217

Re: hAP ac3 NAT forwarding issues [SOLVED]

add action=dst-nat chain=dstnat comment="Apache 80" dst-address=<PUBLIC IP> \ protocol=tcp src dst -port=80 to-addresses=192.168.88.22 to-ports=80 add action=dst-nat chain=dstnat comment="Apache 443" dst-address=\ <PUBLIC IP> protocol=tcp src dst -port=443 to-addresses=192.168.8...
by mkx
Wed Aug 21, 2024 11:40 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11355

Re: Default password Frustration

But as you probably understand: It is the responsibility of the customer or the customer's representative (the tech) to config the devices properly. A parallel from transportation industry: it's drivers' responsibility to avoid other parties in traffic. But this didn't work too well after a short w...
by mkx
Wed Aug 21, 2024 11:13 am
Forum: Beginner Basics
Topic: Create my first Mikrotik Network
Replies: 33
Views: 1990

Re: Create my first Mikrotik Network

So I would leave hAP ac2 ... Personally I'd avoid using any of ARM devices with 16MB flash space as "core" router ... because 16MB is tight specially when running ROS v7 (and eventually we all will run it). I know that with recent ROS version one can completely remove any of wireless driv...
by mkx
Wed Aug 21, 2024 10:28 am
Forum: Beginner Basics
Topic: hAP ac3 NAT forwarding issues [SOLVED]
Replies: 9
Views: 1217

Re: hAP ac3 NAT forwarding issues [SOLVED]

So we're guessing ... until @OP provides exported config as per instructions in post by @rplant ... I'm guessing that the "dst-address" property setting (which seems to be set, but @OP blacked it out) is wrong. The thing with DST-NAT is that dst-address property normally doesn't have to be...
by mkx
Mon Aug 19, 2024 5:03 pm
Forum: General
Topic: MAC Filter in Bridge 7.11.2 [SOLVED]
Replies: 2
Views: 672

Re: MAC Filter in Bridge 7.11.2 [SOLVED]

The bridge is offloaded to hardware switch chip (MT7621) ... which according to switch chip features table doesn't support rules. So if you want your bridge filter rules to actually work, you have to disable HW offload ... on all bridge ports set hw=no . This will, alas, cause all traffic to pass vi...
by mkx
Sat Aug 17, 2024 11:53 am
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 944

Re: LHG-60G firmware update issue

Almost seems like I need to manually increase the size of the Flash/directory so that it can hold more capacity for an update to be processed. That way remote updates could be feasible again. Does that sound correct to you? No. I'm pretty sure that flash disk is at its maximum (15.something MB) and...
by mkx
Fri Aug 16, 2024 11:25 pm
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 944

Re: LHG-60G firmware update issue

Any other thoughts? No, not without (near) hands-on diagnosis. It might be, that netinstall will be necessary ... yeah, I'd hate it too, but sometimes there's some hidden trash which can only be cleaned using netinstall ... and after that, drvice is healthy and ready for series of normal upgrades.
by mkx
Fri Aug 16, 2024 8:37 pm
Forum: Beginner Basics
Topic: IP and Routing: SFP GPON Module WebUI access [SOLVED]
Replies: 14
Views: 5976

Re: IP and Routing: SFP GPON Module WebUI access [SOLVED]

Just add sfp-sfpplus1 interface to WAN interface list:
/interface list member
add comment=defconf interface=sfp-sfpplus1 list=WAN

And you should be fine.
by mkx
Fri Aug 16, 2024 8:31 pm
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 944

Re: LHG-60G firmware update issue

The log entry is more likely about updater checking free space and finding out that it isn't sufficient. If there are any fikes under flash/ directory, you can possibly remove them (but come back and ask if they are safe to remove beforehand). Excessive config (e.g. bigger address lists or bigger st...
by mkx
Fri Aug 16, 2024 8:26 pm
Forum: General
Topic: Block tcp to a IP address
Replies: 5
Views: 505

Re: Block tcp to a IP address

Any device (be it Mikrotik or TPlink) can only filter traffic passing between its own ports. If only a part of traffic is passing Mikrotik (because devices, connected to TPlink, can communicate without MT ever knowing about it), then possibilities to filter traffic are limited. If your TPlink allows...
by mkx
Fri Aug 16, 2024 7:25 pm
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 944

Re: LHG-60G firmware update issue

Your LHG 60G has more than 64MB RAM, which means its "root" of storage (as you can see it) is on RAM disk. Just don't upload upgrade npks to flash/ subdir, they belong to root (and that's where ROS upgrader expects to find them). Did you actually try to upgrade ROS (and failed ... and if s...
by mkx
Fri Aug 16, 2024 7:13 pm
Forum: Beginner Basics
Topic: IP and Routing: SFP GPON Module WebUI access [SOLVED]
Replies: 14
Views: 5976

Re: IP and Routing: SFP GPON Module WebUI access [SOLVED]

Post your current config (output of /export file=anynameyouwish, redact sensitive data such as serial number, public IP address, passwords, etc.). Because proper advice can only be made after we see the rest of config.
by mkx
Fri Aug 16, 2024 7:10 pm
Forum: General
Topic: Block tcp to a IP address
Replies: 5
Views: 505

Re: Block tcp to a IP address

You can't block access to printer using router's firewall because printer is part of same LAN subnet and other drvices talk to printer directly. However, if that printer is connected directly to your router using dedicated network port (none other device is using it), then you could filter traffic. ...
by mkx
Fri Aug 16, 2024 7:05 pm
Forum: Beginner Basics
Topic: IP and Routing: SFP GPON Module WebUI access [SOLVED]
Replies: 14
Views: 5976

Re: IP and Routing: SFP GPON Module WebUI access [SOLVED]

please explain me how to setup the route thanks That entirely depends on SFP+ module management interface. If your router's firewall and NAT config is still more or less default (as in: small MT RB devices' default), then it should be enough to add sfp-sfpplus1 interface to WAN interface list and t...
by mkx
Fri Aug 16, 2024 4:36 pm
Forum: Wireless Networking
Topic: Wireless PTP link not passing Y.1564 certification Test
Replies: 1
Views: 377

Re: Wireless PTP link not passing Y.1564 certification Test

And how are thresholds set and which one doesn't pass?
by mkx
Fri Aug 16, 2024 4:28 pm
Forum: Beginner Basics
Topic: IP and Routing: SFP GPON Module WebUI access [SOLVED]
Replies: 14
Views: 5976

Re: IP and Routing: SFP GPON Module WebUI access [SOLVED]

Because you're using /32 addresses with wrong network address. Do yourself a favour and use /28 or less. If you don't know what I'm talking about, then use /24.

Another issue is setup of SFP+ module ... it needs a route back to your PC. If that can't be setup, then you have to perform SRC-NAT ...
by mkx
Thu Aug 15, 2024 10:07 pm
Forum: General
Topic: v4\v6 DNS
Replies: 5
Views: 552

Re: v4\v6 DNS

So you're saying that tunnel terminates directly on Hemeroid (sorry, Android) device? In that case I'm affraid you'll have to deal with lots of pain in the back. :?
by mkx
Thu Aug 15, 2024 9:50 pm
Forum: General
Topic: v4\v6 DNS
Replies: 5
Views: 552

Re: v4\v6 DNS

Basically you can't rely on having control over how applications work with DNS (e.g. some apps may use their own DNS over HTTPS connection to their own preferred servers). So if you want to force client's traffic through IPv4 tunnel, disable IPv6 on that site altogether.
by mkx
Thu Aug 15, 2024 9:40 pm
Forum: Beginner Basics
Topic: configuring RouterOS on CRS305-1G-4S+
Replies: 7
Views: 657

Re: configuring RouterOS on CRS305-1G-4S+

Look at official test results: https://mikrotik.com/product/crs305_1g_ ... estresults

Look at ethernet trst results, routing 25 ip filter rules, 512 byte packet size. The number stated there represents real-life performance the best.
And individual interface speed doesn't change it.
by mkx
Thu Aug 15, 2024 9:34 pm
Forum: Beginner Basics
Topic: Using a CRS326 as router (FTTH)
Replies: 7
Views: 1089

Re: Using a CRS326 as router (FTTH)

No.
by mkx
Thu Aug 15, 2024 5:52 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 301
Views: 99248

Re: v7.16rc [testing] is released!

So the "background" scan is clearly not a background one. It is clearly interrupting. Perhaps it's intended to be in background but it messes with timing of beacon frames? The only way of doing background scan with single radio is to transmit what's essential (beacons) but use the rest of...
by mkx
Thu Aug 15, 2024 1:29 pm
Forum: Wireless Networking
Topic: Connecting v6 Device to CAPsMAN v7 [SOLVED]
Replies: 3
Views: 781

Re: Connecting v6 Device to CAPsMAN v7 [SOLVED]

To continue where @neki stopped: even if both capsmans run on same device, they don't share config. And since support for better mobility (as in 802.11 r/k/v) is tied to wifi capsman, legacy cap devices don't benefit from that either. Which means that running legacy capsman for sake of single legacy...
by mkx
Thu Aug 15, 2024 9:14 am
Forum: General
Topic: SNMP Sending Wrong
Replies: 2
Views: 481

Re: SNMP Sending Wrong

Port number is yet another variable. So I wonder what exactly seems to be the problem?
by mkx
Thu Aug 15, 2024 9:10 am
Forum: General
Topic: Router OS 7 on RBD52G-5HacD2HnD (hAP ac^2)
Replies: 3
Views: 636

Re: Router OS 7 on RBD52G-5HacD2HnD (hAP ac^2)

If you use built-in ROS updater, then you have to change channel to "upgrade". It'll then upgrade version to (I guess) 7.12.x (and revert channel to "stable"). After upgrading to 7.12.x, you can further upgrade to newer version (7.15.x) by simply re-running upgrade). If you follo...
by mkx
Wed Aug 14, 2024 11:49 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM wirespeed switching?
Replies: 3
Views: 542

Re: CRS328-24P-4S+RM wirespeed switching?

L2 comes with its own overhead (ethernet frame headers and whatnot) and inter-frame gaps ... which take up relatively larger proportion of total capacity with smaller frame sizes (payload) compared to using larger frame sizes.

After all, that 1Gbps speed is L1 speed...
by mkx
Tue Aug 13, 2024 10:18 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 301
Views: 99248

Re: v7.16rc [testing] is released!

what is the intention or goal? The goal is to boo-boo. AFAIK the most optimistic feedback provided by support is "the issue was reproduced, it'll be fixed but we can't give any ETA". Except when the fix was already done and has passed whatever internal check points, in which case they'll ...
by mkx
Tue Aug 13, 2024 6:51 pm
Forum: General
Topic: Sector writes at ssh disconnection
Replies: 2
Views: 424

Re: Sector writes at ssh disconnection

Probably it writes new value for "last logged in" (or whatever it's called) so it can print critical logs which will happen between now and next login at next login.
by mkx
Mon Aug 12, 2024 10:01 pm
Forum: General
Topic: Cap devices only: "Check for updates" error - timeouts
Replies: 5
Views: 507

Re: Cap devices only: "Check for updates" error - timeouts

A rural legend goes that CAPsMAN can offer own installed packages to CAPs ... if architecture is the same and installed packages are superset of what's necessary on CAPs. I never ran a setup where this could work, so for me this is just a legend. But a safer way forward is to upload packages, needed...
by mkx
Sat Aug 10, 2024 9:54 pm
Forum: General
Topic: Packet Sniffer changes router behavior
Replies: 8
Views: 722

Re: Packet Sniffer changes router behavior

Sorry for OT, just remark on this (fasttrack and mangle are uncompatible). Depends on config, it can work in combination... I'm not saying that fasttrack can not be used ... I'm saying that mangling and fasttrack are uncompatible (or is it incompatible?) ... with addition: one connection can either...
by mkx
Sat Aug 10, 2024 9:19 pm
Forum: Beginner Basics
Topic: Default firewall config
Replies: 30
Views: 61930

Re: Default firewall config

Beginner question: Do I need to set up an interface list to make your firewall config effective ... Yes, if you largely re-use firewall, then you have to setup and maintain both interface lists. Your own approach (if executed carefully) works as well, but lacks flexibility (e.g. if your LAN is more...
by mkx
Sat Aug 10, 2024 9:02 pm
Forum: General
Topic: Packet Sniffer changes router behavior
Replies: 8
Views: 722

Re: Packet Sniffer changes router behavior

Packet sniffer disables fasttrack ... which in turn means that your mangle rules actually apply to all your traffic (fasttrack and mangle are uncompatible).
by mkx
Fri Aug 09, 2024 8:48 am
Forum: General
Topic: VLAN setup on CCR2004-16G-2S+
Replies: 5
Views: 620

Re: VLAN setup on CCR2004-16G-2S+

First off, you should go through this tutorial if you haven't already. Even though your device comes with two switch chips, the single bridge config should work mostly fine with two potential gotchas (one is concerning CPU load and one VLAN switching between both port groups). But I suggest to deal ...
by mkx
Fri Aug 09, 2024 8:40 am
Forum: General
Topic: Winbox: router not detected despite being on the same broadcast domain
Replies: 20
Views: 1277

Re: Winbox: router not detected despite being on the same broadcast domain

Does your linux run any kind of firewall or SElinux? These two may interfere with winbox and mac connectivity.
by mkx
Thu Aug 08, 2024 2:48 pm
Forum: General
Topic: Winbox: router not detected despite being on the same broadcast domain
Replies: 20
Views: 1277

Re: Winbox: router not detected despite being on the same broadcast domain

The 3rd party linux mactelnet client ia reportedly incompatible with recent (like: last few years) ROS versions.
by mkx
Wed Aug 07, 2024 10:22 pm
Forum: General
Topic: Steps to configure CRS326-24S+2Q+RM as a L3 Switch wihtout Router-on-a-stick
Replies: 23
Views: 1439

Re: Steps to configure CRS326-24S+2Q+RM as a L3 Switch wihtout Router-on-a-stick

Is it possible to create VLANs directly on the Switch Chip without creating a bridge?
No, not on CRS3xx devices (if you want wirespeed operations).
by mkx
Wed Aug 07, 2024 10:13 pm
Forum: General
Topic: problem with fasttrack [SOLVED]
Replies: 14
Views: 2364

Re: problem with fasttrack [SOLVED]

I am now thinking about activating L3 Hw Offloading, any suggestions?
Which device are you using?
by mkx
Tue Aug 06, 2024 9:14 pm
Forum: RouterBOARD hardware
Topic: What does the "Cloud" bit mean with Mikrotik switches?
Replies: 8
Views: 1450

Re: What does the "Cloud" bit mean with Mikrotik switches?

Almost as much as the second word (Smart or Router ... neither hold much essence in them).

So the only true one is the third one - Switch.
by mkx
Tue Aug 06, 2024 12:46 pm
Forum: Beginner Basics
Topic: Setup foe wAP ac for control my mixer
Replies: 6
Views: 536

Re: Setup foe wAP ac for control my mixer

Sorry. Here it is: viewtopic.php?t=143446
by mkx
Tue Aug 06, 2024 12:42 pm
Forum: General
Topic: 100G BiDi ER 40km | FEC 91 | No Link
Replies: 7
Views: 796

Re: 100G BiDi ER 40km | FEC 91 | No Link

Standards are there mostly for inter-vendor interoperability. In your case you have single vendor (one for SFPs and one for routers) so use whatever works for you.
Just keep a (mental) note just in case you have to replace any piece of equipment and things break then.
by mkx
Tue Aug 06, 2024 12:39 pm
Forum: General
Topic: GR3 "system" user is added after updating to v7
Replies: 3
Views: 518

Re: GR3 "system" user is added after updating to v7

I'd netinstall device now. ROS doesn't create any user (apart from admin) which means your debice might be tempered with. And you don't want that, do you?
by mkx
Tue Aug 06, 2024 12:37 pm
Forum: General
Topic: .alter file andstange timeout
Replies: 3
Views: 580

Re: .alter file andstange timeout

Are you sure it's not TR-069 "server" or some firewall in between that cuts TCP connection due to inactivity?
by mkx
Tue Aug 06, 2024 12:34 pm
Forum: Beginner Basics
Topic: Setup foe wAP ac for control my mixer
Replies: 6
Views: 536

Re: Setup foe wAP ac for control my mixer

That's probable, that single ethernet port may be configured as WAN by default.

Have a look a this thread, it explains how to make device a simple switch/ap (no routing). You may have to add DHCP server configuration though.
by mkx
Tue Aug 06, 2024 12:26 pm
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 40
Views: 19461

Re: RB3011 no more POE on port eth10


It seems to me like mtest001 is not blaming anyone.
And I didn't imply that. However, posting something about own disappointment on vendor's discussion forum may imply something (and it's everybody's guess what the implication might be).
by mkx
Mon Aug 05, 2024 11:14 pm
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 40
Views: 19461

Re: RB3011 no more POE on port eth10

Such are risks when using second hand gear.

Do you blame car manufacturer if your second-hand car has a failed cat?
by mkx
Mon Aug 05, 2024 11:10 pm
Forum: Wireless Networking
Topic: Wireless Wire - Increase Throughput [SOLVED]
Replies: 4
Views: 1784

Re: Wireless Wire - Increase Throughput [SOLVED]

My link is 10ft apart at 7 feet height, unobstructed line of sight. In short I am connecting one side of the my office with the other side.

You must have some serious WAF problems if you can't pull a CAT6 UTP cable (even CAT5e would do for this kind of distance) accross / around the office.
by mkx
Mon Aug 05, 2024 10:58 pm
Forum: General
Topic: RB2011uiAS upgrade backup-routerbooot
Replies: 9
Views: 1349

Re: RB2011uiAS upgrade backup-routerbooot

In the Protected Bootloader section, it shows v7 and v6, but I have version v3.41. What version should I add to the device? It doesn't matter which version your device currently shows, what matters is which version you want to have. If you plan to run ROS v7, then start with 7.6 ... first ROS (unde...
by mkx
Mon Aug 05, 2024 10:49 pm
Forum: General
Topic: Is there a way to install RouterOS on a ARMv8-A non-mikrotik hardware?
Replies: 6
Views: 829

Re: Is there a way to install RouterOS on a ARMv8-A non-mikrotik hardware?

So far, "alien" hardware with ARM architecture is not really supported. There's ARM CHR) AFAIK geared towards some particular cloud provider. And there are MT devices with ARM processors.
by mkx
Mon Aug 05, 2024 10:38 pm
Forum: Beginner Basics
Topic: Setup foe wAP ac for control my mixer
Replies: 6
Views: 536

Re: Setup foe wAP ac for control my mixer

The principle should be identical on both devices.

Your problem description is pretty vague, so that's how explicit advice I can provide. Anybody with working crystall ball around?
by mkx
Sun Aug 04, 2024 10:06 pm
Forum: General
Topic: New MAC address on the bridge after the update
Replies: 4
Views: 505

Re: New MAC address on the bridge after the update

Can I come up with some kind of MAC address or how do I make sure I don't have a duplicate? Read about Locally Adminiatered address (LAA) in article on MAC addresses . In short: take MAC address of ether1 and make the second digit from the left either 2, 6, A or E (which means you can construct 4 s...
by mkx
Sun Aug 04, 2024 10:53 am
Forum: SwOS
Topic: problem with Lock On First in swos
Replies: 5
Views: 1102

Re: problem with Lock On First in swos

... connected a pc to port 1 but after connecting new device to port 1 also new device can connected to network How exactly do you connect the new device to same port? Do you disconnect the first device? In which case the feature works as intended (it's designed against connecting a downstream swit...
by mkx
Sun Aug 04, 2024 10:49 am
Forum: SwOS
Topic: Wired Backhaul with SwOS and CSS326
Replies: 4
Views: 1009

Re: Wired Backhaul with SwOS and CSS326

... the backhaul traffic is somehow dropped in the switch. And the only explanation that I can come up with is that switch disables all backhaul ports (except one) due to detected loops (an STP feature). Perhaps you have to reboot CSS after disabling STP. If you know your network doesn't have loops...
by mkx
Sun Aug 04, 2024 10:37 am
Forum: Wireless Networking
Topic: Wi-Fi 2.4G limit 30mpbs
Replies: 17
Views: 1633

Re: Wi-Fi 2.4G limit 30mpbs

as you can see from the post I used the least used frequency but by running the speedtest I always get to 30mpbs Chart is clipped off at 30Mbps, text under it says that max was 42Mbps. So did your speedtest result also came back at 30Mbps? Are you sure there isn't sone other bottleneck beyond wifi ...
by mkx
Sun Aug 04, 2024 10:28 am
Forum: General
Topic: CRS326-24S+2Q+RM showing 2 Switch chips
Replies: 52
Views: 2963

Re: CRS326-24S+2Q+RM showing 2 Switch chips

Nice ...

... but: "Maximum Firewall Port to Port Throughput" is 21Gbps ... a bit less than wirespeed.
by mkx
Sun Aug 04, 2024 10:19 am
Forum: Beginner Basics
Topic: Wireless bridge questions
Replies: 12
Views: 1071

Re: Wireless bridge questions

Pretty simple config ... so just go ahead and change IP addresses on both devices. As I already warned, don0t torget to set subnet mask in address property ... just like it is now (the "/24" part). And if you're going to use GUI (ether winbox or webui), don't use quickset, use "normal...
by mkx
Sat Aug 03, 2024 10:32 pm
Forum: General
Topic: CRS326-24S+2Q+RM showing 2 Switch chips
Replies: 52
Views: 2963

Re: CRS326-24S+2Q+RM showing 2 Switch chips

Your CRS can do wirespeed routing between different VLANs ... the only limitation (when you're talking about large network) is number of connected hosts (total in all VLANs) ... if networks are IPv4 only, then limit is at 16.000 hosts. If networks are IPv6 only, then limit is at 8.000 hosts. If netw...
by mkx
Sat Aug 03, 2024 9:41 pm
Forum: RouterBOARD hardware
Topic: 10Gb connection
Replies: 4
Views: 1024

Re: 10Gb connection

No, what you describe won't do: NIC is SFP28, linked DAC is QSFP28 and CRS is SFP+. And all of them don't mix. If you really want to spend more money on server's NIC (to have 25Gbps intetface), then you'll have to go with SFP28 module which can work at 10Gbps ... and a 10Gbps SFP+ module (for CRS) ....
by mkx
Sat Aug 03, 2024 9:38 pm
Forum: RouterBOARD hardware
Topic: L009UiGS-RM power on from PoE-in when DC power already connected?
Replies: 7
Views: 935

Re: L009UiGS-RM power on from PoE-in when DC power already connected?

Use black self-adhesive tape and cover all the leds.
by mkx
Sat Aug 03, 2024 9:30 pm
Forum: Wireless Networking
Topic: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result
Replies: 6
Views: 849

Re: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result

It can get nasty for the LTE part, read the note 3) for the RG502Q-EA Cellular Antenna Mapping table. I'm not sure what exactly it means, but it might mean that it's either A1 or A7, depending on whether N78 5G NSA is used or not.
by mkx
Sat Aug 03, 2024 9:23 pm
Forum: General
Topic: /system/upgrade menu [SOLVED]
Replies: 10
Views: 3811

Re: /system/upgrade menu [SOLVED]

> scp ./routeros-7.15.3-mipsbe.npk username@192.0.2.1:/flash

No need to push files into flash subfolder. IIRC it's actually required to put NPK files to storage root (even if it's a RAM disk) for updater to act on them.
by mkx
Sat Aug 03, 2024 5:52 pm
Forum: SwOS
Topic: Wired Backhaul with SwOS and CSS326
Replies: 4
Views: 1009

Re: Wired Backhaul with SwOS and CSS326

I'm not sure if it's possible in SwOS, but try to disable STP snd RSTP on all ports connecting mesh system. Mesh will mess with topology (wired interconnects, wireless interconnects, one or both at the same time), possibly in ways which upset STP-enabled network.
by mkx
Sat Aug 03, 2024 5:44 pm
Forum: RouterBOARD hardware
Topic: L009UiGS-RM power on from PoE-in when DC power already connected?
Replies: 7
Views: 935

Re: L009UiGS-RM power on from PoE-in when DC power already connected?

No, it won't work ... regardless the DC jack voltage. When one cuts power on a port on PSE (RB5009), L009 will simply switch over to draw power from the source with lower voltage. It's very useful feature when one wants to have power source redundancy. And /system/shutdown doesn't actually power dow...
by mkx
Sat Aug 03, 2024 5:35 pm
Forum: Wireless Networking
Topic: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result
Replies: 6
Views: 849

Re: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result

Just googled up this page: https://confusedbird.com/thread-119.html If I understand things correctly, then for N78 device uses external antennas. But for LTE B7, which is a MHB (2600MHz), it uses internal antennas (A0-top right and A7-lower left). Which explains the signal strength difference you see.
by mkx
Sat Aug 03, 2024 5:21 pm
Forum: Wireless Networking
Topic: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result
Replies: 6
Views: 849

Re: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result

... it is 5G NSA (not stand alone). Exactly ... 5G NSA requires connection zo LTE cell for signalling. So in essence, 5G NSA is simply another CA carrier (with distinction that it can't be serving cell). As to the weak B7 LTE cell signal ... can you verify signal strength of both cells (LTE and 5G)...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 43