Community discussions

MikroTik App

Search found 12052 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 41
by mkx
Tue Apr 23, 2024 4:04 pm
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 4
Views: 126

Re: Web Proxy - FTP Protocol

Personally I'm mostly advising against using ROS device for any high-level service (such as DNS server, web proxy server, file server, ...) if possible. They are, due to space constraints and MT in-house development, mostly quite limited functionality-wise, so using some general-purpose server machi...
by mkx
Tue Apr 23, 2024 3:55 pm
Forum: General
Topic: Cant load a rsc script after updating to 7.14.3.
Replies: 3
Views: 64

Re: Cant load a rsc script after updating to 7.14.3.

Export scripts are not immutable between ROS versions. So there isn't necessarily anything wrong, it could be that there are some changes between both ROS versions which affect the way comands are executed. To see what exactly is wrong, you'll have to debug things. One way would be to post actual er...
by mkx
Tue Apr 23, 2024 12:06 pm
Forum: Wireless Networking
Topic: Wireless communication between 2 Mikrotik Routers
Replies: 6
Views: 223

Re: Wireless communication between 2 Mikrotik Routers

To me the crucial question is: are those devices supposed to connect with each other freely (as if they were connected to same ethernet hub) regardless the side of wireless link they are?
by mkx
Tue Apr 23, 2024 12:02 pm
Forum: Beginner Basics
Topic: invalid mtu 1492 on pppoe-out1
Replies: 2
Views: 124

Re: invalid mtu 1492 on pppoe-out1

PPPoE server may (erroneously) advertise incorrect MTU (in your case it seems as a viable number, sometimes the value is crazily high). At some version, ROS started to log such advetisements, but it otherwise ignores it. In your particular case you may want to try setting 1492 as MTU on your pppoe-o...
by mkx
Tue Apr 23, 2024 11:58 am
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 4
Views: 126

Re: Web Proxy - FTP Protocol

Web proxy is dealing with HTTP protocol ... specifically when clients are configured to use web proxy they use some extensions of HTTP protocol (so transparent proxying may not work even with unencrypted connections let alone with encrypted ones). FTP is completely different protocol ... and AFAIK R...
by mkx
Tue Apr 23, 2024 9:24 am
Forum: General
Topic: RB 2011 UiAS vs RB 3011 UiAs
Replies: 2
Views: 123

Re: RB 2011 UiAS vs RB 3011 UiAs

And I'll go even further: since the old router is running ancient version of ROS, its config is very likely either customized (to the point of being butchered) or based on ancient defaults. Specially if it's the later case I'd recommend to start from default config on new router (reset to factory de...
by mkx
Tue Apr 23, 2024 9:18 am
Forum: General
Topic: Unreachable IPv6 ping from localhost
Replies: 2
Views: 423

Re: Unreachable IPv6 ping from localhost

You're doing IPv6 addressing wrong. Your router doesn't really need GUA (global) address on WAN port. However you do need a prefix to make enabling IPv6 on your LAN subnets possible. So instead of your DHCPv6 client config you should use something like this: /ipv6/dhcp-client add interface=ether1_WA...
by mkx
Tue Apr 23, 2024 9:08 am
Forum: General
Topic: Suggestion concerning recently exposed loopback interface. [SOLVED]
Replies: 3
Views: 209

Re: Suggestion concerning recently exposed loopback interface. [SOLVED]

The loopback interface was always there (vital for some operations so removing it would very probably cause some problems), but was hidden up to recent ROS versions. So seeing it is a feature. I'm afraid you'll have to learn to turn the blind eye to it if you don't see any use for it.
by mkx
Tue Apr 23, 2024 9:00 am
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.3 [stable] is released!

E.g. on other manufacturer's equipment, one chain can remain operational while the other scans or surveys the band, monitors neighboring APs, etc. Out of curiosity: what's the price tag of that piece of equipment? And, unless it's got N+1 receivers (where N is MIMO rank), performance of live connec...
by mkx
Mon Apr 22, 2024 11:13 pm
Forum: General
Topic: PPPoE terminating and interfaces shutting down
Replies: 4
Views: 215

Re: PPPoE terminating and interfaces shutting down

recently i started having issues with my mikrotik router. It terminate pppoe, all interfaces shut down for 1 or 2 seconds and they come up again. I'd say that first 4 posted log lines belong to previous event sequence. Events sequence logically begins with flapping all ether ports. Which in turn dr...
by mkx
Mon Apr 22, 2024 11:03 pm
Forum: General
Topic: No DHCP on Bridge VLAN interface.
Replies: 6
Views: 268

Re: No DHCP on Bridge VLAN interface.

Two things strike me: you only mention adding ether1 to bridge br0 as port in step #2. You don't mention enabling vlan-filtering on br0? Without it, pvid setting doesn't get enforced. The VLAN table definition is borked. Most important: you have to add bridge port as tagged VLAN member for all VLANs...
by mkx
Mon Apr 22, 2024 10:38 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.3 [stable] is released!

This would only be possible if device would have two receivers ... But todays devices all have two, three or four receivers! You know all too well what I meant. And you also know well that chains of a radio (i.e. MIMO legs) are not independent and are not meant to be tuned individually (even if the...
by mkx
Mon Apr 22, 2024 7:38 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.3 [stable] is released!

It would be nice when the AP would make (more) effort to monitor several channels at the same time while looking for a candidate channel... This would only be possible if device would have two receivers ... or DSP software which would allow receiving whole band at the same time. Radars tend to show...
by mkx
Mon Apr 22, 2024 7:27 pm
Forum: Beginner Basics
Topic: Routing/firewalling exceptions
Replies: 4
Views: 183

Re: Routing/firewalling exceptions

Sometimes it's easier not to mess with raw (and notrack) because raw rules are very rigid compared to filter rules (and, AFAIK, connection tracking is crucial for NAT). Instead it's possible to add another accept rule which matches traffic which should not be fasttracked and place it above the fastt...
by mkx
Mon Apr 22, 2024 7:12 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.3 [stable] is released!

It seems to be related to DFS (hence only 5 GHz) and the specific position that they are located in, but definitely not hardware and/or config. If DFS is playing games, then it's mostly configuration (if device admin sees radar detections, then he should set other channels to operate on) and only p...
by mkx
Sun Apr 21, 2024 11:44 pm
Forum: Beginner Basics
Topic: CHATEAU LTE12 MIMO1 and MIMO2
Replies: 40
Views: 21030

Re: CHATEAU LTE12 MIMO1 and MIMO2

Antenna feeder cables should always be as short as possible. It depends on cable quality and frequency used, but it easily exceeds 5dB per 10m. As for the antenna, the almost only important thing is antenna gain (the higher the better), which again depends on frequency used. LTE can use anything bet...
by mkx
Sun Apr 21, 2024 1:38 pm
Forum: General
Topic: fasttrack x86
Replies: 4
Views: 356

Re: fasttrack x86

Fasttrack HW-Offloads established connections to the switch-chip, Wrong. It's one of possibilities, but (currently) it's a niche use. Fasttrack was available way before first devices with L3HW offload came to life. The old fasttrack manual page describes its behaviour nicely. The new help system do...
by mkx
Sun Apr 21, 2024 1:23 pm
Forum: Wireless Networking
Topic: cAP ax as Wi-Fi externder / Ethernet bridge?
Replies: 1
Views: 205

Re: cAP ax as Wi-Fi externder / Ethernet bridge?

CAPsMAN can only provision wifi interfaces after CAP connects to CAPsMAN. From your description I understand that there won't be any wired connection between hAP ax3 and cAP ax, so you'll have to use one of radios on cAP ax for uplink. If you can, I suggest you to dedicate one of radios on cAP ax to...
by mkx
Sun Apr 21, 2024 12:50 pm
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 1
Views: 238

Re: wifi-qcom(-ac) and VLAN-filtering

The recommendation is about setting VLANs in wifi-qcom driver (and wifi-qcom-ac lacks it). This compares to using switch chip part of config for wired ports. The way you worded the recommendation is no the way I understand it, so I can't comment directly on the wording you chose. Alas, the general i...
by mkx
Sun Apr 21, 2024 12:37 pm
Forum: General
Topic: Space ran out on Hap ac2 - is it safe to run it like that long term?
Replies: 2
Views: 258

Re: Space ran out on Hap ac2 - is it safe to run it like that long term?

... wondered if it's safe to run it as is with 0 space available? No, it's not safe, so you should act on it as soon as possible. Very likely it won't just crash (but it might), however it is very likely that it'll experience some problems if it happens to reboot for some reason (e.g. power outage ...
by mkx
Sun Apr 21, 2024 12:29 pm
Forum: General
Topic: fasttrack x86
Replies: 4
Views: 356

Re: fasttrack x86

Mikrotik Know this ?????
I bet they know this. But this is an user-to-user forum, so you have to ask MT directly, e.g. by sending them e-mail to support@mikrotik.com .
by mkx
Sun Apr 21, 2024 12:22 pm
Forum: Beginner Basics
Topic: Which PoE out switch for AX2/AX3 hap's?
Replies: 2
Views: 211

Re: Which PoE out switch for AX2/AX3 hap's?

As both devices only accept 18V-28V, you clearly need PoE switch which does "passive" PoE and is powered with 24V (or there about) power adapter. Next you have to carefully read power specifications of both devices and consider how you're going to use them. If you'll use them as simple APs...
by mkx
Sun Apr 21, 2024 12:14 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.3 [stable] is released!

it hAP ac2 in screenshot? doubts

No, screenshots are from Audience (the other half of setup). @OP never claimed they were from hAP ac2.
by mkx
Sat Apr 20, 2024 11:37 pm
Forum: RouterBOARD hardware
Topic: hEX PoE (RB960PGS)
Replies: 10
Views: 530

Re: hEX PoE (RB960PGS)

Just out of curiosity, would an 802.3af device work plugged in the hEX S passive poe out port? Probably yes. The power negotiation phase (which is the basic difference between passive PoE and 802.3 PoE) in 802.3 af/at is there for PSE (PoE out device) to make sure that power can safely be enabled o...
by mkx
Sat Apr 20, 2024 11:27 pm
Forum: Wireless Networking
Topic: Silly constant wireless roaming breaks internet connection
Replies: 7
Views: 525

Re: Silly constant wireless roaming breaks internet connection

There should be a slight delay for subsequent handovers (to make one and then wait what happens), and/or the signal difference required to initiate one must be much higher. We should be able to specify both parameters. Three handovers within few seconds is way too much and almost never an appropria...
by mkx
Sat Apr 20, 2024 12:51 pm
Forum: Beginner Basics
Topic: Diff configurations or configuration history?
Replies: 3
Views: 387

Re: Diff configurations or configuration history?

The only history (and not really complete) is in logs ... until they persist. What many people do is they periodically create textual export and store them somwhere off device and use appropriate tool to compare different export files. One can use git to store files and use built-in tools to see dif...
by mkx
Sat Apr 20, 2024 12:30 pm
Forum: Wireless Networking
Topic: Silly constant wireless roaming breaks internet connection
Replies: 7
Views: 525

Re: Silly constant wireless roaming breaks internet connection

Roaming is always a RPITA, even on public mobile networks (e.g. LTE) where roaming/handover mechanizms are waaay better that what we have in WiFi. And the only solution is to design wireless signal coverage so that AP signal overlap (areas with similar signal strengths where stations want to roam to...
by mkx
Sat Apr 20, 2024 12:17 pm
Forum: General
Topic: [Feasibility] 6-16 devices with the same IP + computer that wants to access them
Replies: 3
Views: 330

Re: [Feasibility] 6-16 devices with the same IP + computer that wants to access them

You need one L3 interface per device with same IP address. It can either be a router with multiple routed ports or a VLAN-enabled switch with each pirt set as access port to different VLAN and backed with router using many VLANs. There were a few discussions about the same issue before (solutions we...
by mkx
Fri Apr 19, 2024 8:21 pm
Forum: RouterBOARD hardware
Topic: RB5009 - eth 1 (2.5G) keep appears on log with link down - link up several times
Replies: 3
Views: 361

Re: RB5009 - eth 1 (2.5G) keep appears on log with link down - link up several times

Would you recommend any brand?

I only have experience with one particular model (some not-so-recent model by Fluke), so my recommendations aren't very relevant.
by mkx
Fri Apr 19, 2024 2:47 pm
Forum: RouterBOARD hardware
Topic: RB5009 - eth 1 (2.5G) keep appears on log with link down - link up several times
Replies: 3
Views: 361

Re: RB5009 - eth 1 (2.5G) keep appears on log with link down - link up several times

It could be either of devices. But it could be the cable between the two devices. Ideally you'd check the cable using a professional UTP cable tester to verify that the cable is made according to specs (also frequency response and crosstalk, these tend to become a problem with high-speed links). Eve...
by mkx
Fri Apr 19, 2024 2:36 pm
Forum: Beginner Basics
Topic: AP Repeater setup
Replies: 2
Views: 494

Re: AP Repeater setup

I managed to have one ap (A) and the second mikrotik (B) configured as wds slave, but then, when A is off, B doesn't provide an access point. MT doesn't have anything like "fallback" for repeater AP. What often repeater AP does is that it uses radio (master wifi interface) to connect to s...
by mkx
Fri Apr 19, 2024 2:05 pm
Forum: Wireless Networking
Topic: Problems with connecting Samsung Tizen Smart TV to my WIFI network [SOLVED]
Replies: 5
Views: 425

Re: Problems with connecting Samsung Tizen Smart TV to my WIFI network [SOLVED]

Also many (older) IoT devices don't like seeing anything modern being broadcast in their SSID ... such as WPA3 or FT or similar.
by mkx
Fri Apr 19, 2024 12:29 pm
Forum: Wireless Networking
Topic: hAP ac - Slower wifi after RouterOS update
Replies: 11
Views: 565

Re: hAP ac - Slower wifi after RouterOS update

Out of curiosity, though. An antenna gain of 0 is, in my understanding, the maximum gain possiblr. Wouldn't increasing it to another number just make my connection even worse? In theory, antenna gain can be anything between negative infinity and large positive number. In reality most antennas have ...
by mkx
Thu Apr 18, 2024 8:17 pm
Forum: General
Topic: Interface activity doesn't count VLAN traffic
Replies: 4
Views: 327

Re: Interface activity doesn't count VLAN traffic

I am talking about the front LEDs yeah ?
Ah, right.

It could be that leds functionality refers to L3 interface (when configured so). And that excludes tagged traffic. You may want to open a ticket with support@mikrotik.com and have them clarify (and update/ammend help page as well).
by mkx
Thu Apr 18, 2024 7:35 pm
Forum: Beginner Basics
Topic: Upgrade not booting
Replies: 7
Views: 367

Re: Upgrade not booting

When you upliaded all packages, ROS tried to install all. And probably ran out of flash space.

You can do the upgrade, but this time only upload routeros package (base package) and wireless package (from accompanying extras packages). Nothing more.
by mkx
Thu Apr 18, 2024 2:15 pm
Forum: General
Topic: Interface activity doesn't count VLAN traffic
Replies: 4
Views: 327

Re: Interface activity doesn't count VLAN traffic

Actually it does show ... it shows all traffic, passing a physical port (tagged or untagged). If you are not seeing the same way, then explain actual topology and setup so we can see if there's misunderstanding or a possible bug. And what exactly you're observing, it could be I'm referring to someth...
by mkx
Wed Apr 17, 2024 7:49 pm
Forum: Beginner Basics
Topic: Upgrade not booting
Replies: 7
Views: 367

Re: Upgrade not booting

There was a breaking change between 7.12 and 7.13 regarding wireless package: it used to be part of base package before but now it's a separate package. If you use ROS built-in upgrade procedure (/system/packages/upgrade...), it's required to go via 7.12 ... if you upgrade by manually uploading npk ...
by mkx
Wed Apr 17, 2024 4:50 pm
Forum: Beginner Basics
Topic: Loading ONIE images on Mikrotik Switches
Replies: 6
Views: 545

Re: Loading ONIE images on Mikrotik Switches

Another aspect: MT is primarily software company (developing and marketing RouterOS). The rest (hardware, even SwitchOS) is "supporting activities". And they definitely are not heavily into hardware production (AFAIK they design their devices, but manufacturing is outsourced; I may be wron...
by mkx
Wed Apr 17, 2024 4:43 pm
Forum: Beginner Basics
Topic: Firewall rules not applying to bridge
Replies: 3
Views: 330

Re: Firewall rules not applying to bridge

However when trying to make a firewall rule to disallow traffic between the two hosts, it doesn't seem to apply and can still ping to device connected to port 11. Firewall rules act on L3 (IP) ... and that happens when router does routing between two devices. Routing is when both devices are aware ...
by mkx
Tue Apr 16, 2024 8:09 pm
Forum: Wireless Networking
Topic: RB4011iGS+5HacQ2HnD setup with cAP AX [SOLVED]
Replies: 2
Views: 342

Re: RB4011iGS+5HacQ2HnD setup with cAP AX [SOLVED]

I'd like to setup capsman, but I've seen that there are 2 versions. When I look into new one I don't see any interfaces which is suspicious to me. Is that ok? Would it be possible to run RB4011 as capsman server even for cAP AX? If capsman isn't the right way to go, what would be the easiest way to...
by mkx
Tue Apr 16, 2024 7:42 pm
Forum: General
Topic: Downgrade remote station over PtP link
Replies: 4
Views: 338

Re: Downgrade remote station over PtP link

I'm affraid you may have to drive. Unless the following succeeeds. You can try (in lab first!) to do both uninstall and downgrade in single step: upload the routeros package (desired version, e.g. 6.49.14) mark wireless package for uninstallation request downgrade reboot ... and keep fingers crossed
by mkx
Tue Apr 16, 2024 7:30 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 11
Views: 727

Re: /tool wol - target IP address?

According to wikipedia article , the WoL magic frame is basically broadcast on ethernet layer, but as payload it does contain MAC address of device which is supposed to wake-up. Then there are extensions which make WoL packets routable (using destination IP address), but need support from "vict...
by mkx
Tue Apr 16, 2024 5:54 pm
Forum: General
Topic: Double destination NAT [SOLVED]
Replies: 2
Views: 350

Re: Double destination NAT [SOLVED]

It's doable, but slightly more complicate, it includes packet marking and using multiple routing tables (which helps ROS to select correct egress interface for each packet). Start by reading this topic.
by mkx
Tue Apr 16, 2024 5:47 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 11
Views: 727

Re: /tool wol - target IP address?

Theoretically WOL could be on a BMC with an IP address ... In this case BMC is fully up & running, accepting HTTP / API / whatever conbections and one can use appropriate command to power on the whole system. WOL stands for Wake On LAN, meaning that host's NIC is half alive and ready to receive...
by mkx
Tue Apr 16, 2024 12:08 am
Forum: General
Topic: Network topology for bootstraping. [SOLVED]
Replies: 11
Views: 622

Re: Network topology for bootstraping. [SOLVED]

If you're thinking of a combo "interface is bridge port, but is anchor for a vlan interface" ... then no, it shouldn't be done like that (it falls into category "it shouldn't be used as interface"). The problem in your setup procedure is that you're effectively changing L2 topolo...
by mkx
Mon Apr 15, 2024 11:53 pm
Forum: SwOS
Topic: Create a Native VLAN?
Replies: 1
Views: 261

Re: Create a Native VLAN?

"Trunk with native VLAN" in Cisco is "hybrid" in Mikrotik. So configure port to: "vlan receive - any" and set "default vlan id" to "native VLAN ID" of your choice (e.g. 4000). You have to mark such port as member of VLAN with "native VLAN ID&quo...
by mkx
Mon Apr 15, 2024 11:42 pm
Forum: Wireless Networking
Topic: WiFi AC AR9888
Replies: 1
Views: 277

Re: WiFi AC AR9888

It seems that the only Mikrotik's own wifi card supporting 802.11 ac is R11e-5HacD. And that one is built around QCA9882. If you find a card built around same chipset, chances are that it'll work. Or go for this card if miniPCIe format suits you.
by mkx
Mon Apr 15, 2024 11:26 pm
Forum: General
Topic: Network topology for bootstraping. [SOLVED]
Replies: 11
Views: 622

Re: Network topology for bootstraping. [SOLVED]

I did another test incorporating the changes in my last post and I've now positively identified the point at which I lose connection to be enabling ether1 as a port on br0. It shouldn't come as a surprise. After an interface is "enslaved" as port of a bridge, it shouldn't be used as inter...
by mkx
Mon Apr 15, 2024 3:22 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.2 [stable] is released!

wifi-qcom-ac doesn't support "native" VLAN tagging. So how do you make wifi interface a bridge port?
by mkx
Mon Apr 15, 2024 3:20 pm
Forum: General
Topic: ROS Downgrade issue
Replies: 4
Views: 330

Re: ROS Downgrade issue

Two things to check: list of currently installed packages. In order for downgrade/upgrade to succeed, files with all currently installed packages have to be uploaded to device. After performing next downgrade attempt and after you see it failed, check logs. It will always contain something about upg...
by mkx
Mon Apr 15, 2024 12:30 pm
Forum: General
Topic: Mikrotik RB1100 IP Conflict
Replies: 1
Views: 217

Re: Mikrotik RB1100 IP Conflict

Proxy-ARP might explain that ...
by mkx
Mon Apr 15, 2024 11:31 am
Forum: General
Topic: Network topology for bootstraping. [SOLVED]
Replies: 11
Views: 622

Re: Network topology for bootstraping. [SOLVED]

I'll comment on "just before loosing contact" config on hAP: you should never add vlan interface back to anchor. Like this: /interface vlan add comment=team451 interface=br0 name=team451 vlan-id=500 /interface bridge port add bridge=br0 comment=team451 interface=team451 internal-path-cost=...
by mkx
Mon Apr 15, 2024 9:00 am
Forum: General
Topic: Network topology for bootstraping. [SOLVED]
Replies: 11
Views: 622

Re: Network topology for bootstraping. [SOLVED]

Can you post the "bootstrapped" config of hEX? The one before trying to add ether1 to bridge (which breaks your connectivity)?
by mkx
Mon Apr 15, 2024 8:54 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 14
Views: 1009

Re: Low performance on RB5009 with machine behind NAT

Yes, and as I pointed out, that's a multi-port aggregate test, not a single-stream single-port test. mkx's point builds atop that. What you're saying makes no sense. It's not like each interface is dedicated to it's own single CPU core, so using more ports won't make the CPU process the packets any...
by mkx
Sun Apr 14, 2024 4:25 pm
Forum: Beginner Basics
Topic: router to mail.hamilton.com
Replies: 9
Views: 507

Re: router to mail.hamilton.com

I just configure ntp client server as pool.ntp.org, so, nothing to do with hamilton.com pool.ntp.org points at a few IP addresses, where public NTP servers reside. Addresses, to which pool.ntp.org resolves, can vary with subsequent DNS queries. And, again: the NTP servers arr volunteered by differe...
by mkx
Sun Apr 14, 2024 3:57 pm
Forum: General
Topic: Marvell 98DX3236 Slow Bandwidth
Replies: 2
Views: 319

Re: Marvell 98DX3236 Slow Bandwidth

Your screenshots show that you're using built-in bandwidth test. It is a well known fact (you're excused since you're new to ROS) that bandwidth test is heavy on CPU and on many device models it itself is a bottleneck. It is recommended to run tests using two external devices, known to be able to cr...
by mkx
Sun Apr 14, 2024 3:48 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 14
Views: 1009

Re: Low performance on RB5009 with machine behind NAT

Is it possible to disable connection tracking for the scanner, while still swapping the LAN IP with WAN IP?

Nope, NAT relies on connection tracking. So no connection tracking, no NAT. At least in ROS.
by mkx
Sun Apr 14, 2024 10:47 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 14
Views: 1009

Re: Low performance on RB5009 with machine behind NAT

Take a look at the RB5009 test results . Your application is the lower rightmost number in the first table, ... Not even that. Tests are using normal long-living connections, so even tests which use tiny packets, can benefit of fast-tracking. OP is doing port scanning, which means that every third ...
by mkx
Sat Apr 13, 2024 11:20 pm
Forum: General
Topic: MSS-clamp equivalent for udp?
Replies: 3
Views: 364

Re: MSS-clamp equivalent for udp?

Just manually override MTU setting of EOIP interface. EOIP does fragment/defragment frames, which are otherwise too large to fit the outer MTU, if needed.
by mkx
Sat Apr 13, 2024 5:11 pm
Forum: Beginner Basics
Topic: netinstall for ax2
Replies: 7
Views: 434

Re: netinstall for ax2

Concentrate on working with ether1, other ports aren't used for netinstall process. Then follow this sequence (it worked most of times on all of my devices): connect cable between ether1 and PC setup PC appropriately (e.g. disable firewall, excess network interfaces, ...) start netinstall executable...
by mkx
Sat Apr 13, 2024 5:02 pm
Forum: RouterBOARD hardware
Topic: hAP ac2 essentially dead after a RouterOS update and multiple resets
Replies: 3
Views: 787

Re: hAP ac2 essentially dead after a RouterOS update and multiple resets

If nothing else helps you'll have to netinstall the device. Note that the process is very fragile and sometimes takes lots of experimenting with different details before it succeeds.
by mkx
Sat Apr 13, 2024 4:57 pm
Forum: RouterBOARD hardware
Topic: Mikrotik DAC between SFP and SFP+ ports
Replies: 2
Views: 512

Re: Mikrotik DAC between SFP and SFP+ ports

I think that passive DACs require both connected devices to be of same SFP generation/variety ... as these DACs more or less simply connect appropriate SFP signal lines together. Many devices have SFP ports that are actually single rate (e.g. SFP+ only supports 10Gbps ... it's the module which can n...
by mkx
Sat Apr 13, 2024 4:25 pm
Forum: Beginner Basics
Topic: Using RB5009 in bridge mode [SOLVED]
Replies: 14
Views: 1307

Re: Using RB5009 in bridge mode [SOLVED]

PPPoE can't really be in bridge mode because bridge is L2 and PPPoE is L3. IP address is "integral part" of L3 interface, it can't be "forwarded" elsewhere. What usually "put in bridge mode" means is that that device is L2-transparrent ... passing either DHCP handshake ...
by mkx
Sat Apr 13, 2024 4:23 pm
Forum: Beginner Basics
Topic: forwarding incoming UPD traffic addressed to the router itself
Replies: 26
Views: 997

Re: forwarding incoming UPD traffic addressed to the router itself

NATed traffic also gets fasttracked if appropriate rules are set. And in this case indeed rules, which handle traffic initially, don't get hit any more and thus counters don't increment.
by mkx
Sat Apr 13, 2024 10:15 am
Forum: General
Topic: VLAN filtering blocks DHCP Client on trunk port [SOLVED]
Replies: 8
Views: 775

Re: VLAN configuration with active changes [SOLVED]

Clearly 'hiding' the true mac address............ Perhaps you prefer "FU:FU:FU:FU:FU:FU" "=) Yup, I figured as much. But every time I see somebody playing this game (not knowing that MAC addresses are almost the least sensitive information a config can contain), I always wonder what ...
by mkx
Sat Apr 13, 2024 10:12 am
Forum: General
Topic: VLAN filtering blocks DHCP Client on trunk port [SOLVED]
Replies: 8
Views: 775

Re: VLAN filtering blocks DHCP Client on trunk port [SOLVED]

I'll pay close attention to this versus the link you sent me. In particular pay attention to these details: bridge CPU-facing port VLAN membership has to be configured explicitly as well frame-types, tagged/untagged and PVID properties have to be consistent distinction between different properties ...
by mkx
Fri Apr 12, 2024 7:12 pm
Forum: General
Topic: VLAN filtering blocks DHCP Client on trunk port [SOLVED]
Replies: 8
Views: 775

Re: VLAN configuration with active changes [SOLVED]

You have a number of errors in VLAN-related config. I suggest you to go through the definitive guide to ROS VLANing.

BTW, I don't think FF:FF:FF:FF:FF:FF is a valid MAC address for bridge.
by mkx
Fri Apr 12, 2024 7:07 pm
Forum: General
Topic: wifi-qcom-ac Package for 802.11r Fast Transition [SOLVED]
Replies: 2
Views: 435

Re: wifi-qcom-ac Package for 802.11r Fast Transition [SOLVED]

For FT to work, CAP devices have to run wifi-qcom (or wifi-qcom-ac) driver. Which means ROS 7.13+ and ARM architecture. As to CAPsMAN device: it has to run ROS 7.13+ as well. But it doesn't have to run wifi-qcom (or wifi-qcom-ac) as these are "only" wireless chipset drivers. Core functiona...
by mkx
Fri Apr 12, 2024 12:23 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 9
Views: 619

Re: Problem mac telnet into hEX

All devices I mentioned, run 7.13.2. None are hEX. Here's export from one of them: /interface bridge add admin-mac=E6:8D:8C:49:EE:4A auto-mac=no name=bridge port-cost-mode=short /interface bridge port add bridge=bridge interface=ether1 internal-path-cost=10 path-cost=10 add bridge=bridge interface=e...
by mkx
Fri Apr 12, 2024 8:44 am
Forum: Wireless Networking
Topic: CAPsMANv2 configuration for secondary SSIDs on different VLANs
Replies: 40
Views: 9588

Re: CAPsMANv2 configuration for secondary SSIDs on different VLANs

- cAP ax: reset config and set it in CAPs mode (this is enough) - CAPsMAN: config datapaths with corresponding VLAN id's Use a hybrid port with management VLAN untagged, Corporate and Guest tagged. Just to clarify: the last line (regarding hybrid port) refers to port to which cAP ax devices are con...
by mkx
Fri Apr 12, 2024 8:32 am
Forum: Virtualization
Topic: P1 license on CHR instance after deadline date
Replies: 3
Views: 469

Re: P1 license on CHR instance after deadline date

I guess you should ask support@mikrotik.com to clarify what happens after 60 days of internet unavailability to licensed CHR. And report back their answer as it'll be probably interesting for a few other people.
by mkx
Thu Apr 11, 2024 9:27 pm
Forum: Beginner Basics
Topic: DHCP client dynamic entries.
Replies: 2
Views: 316

Re: DHCP client dynamic entries.

I guess you have "detect internet" feature enabled ... and adding a DHCP client to interface, which is determined to be a WAN interface, is one of "magic" things which happen. If you have incentive (and knowledge) to fine-tune router's config, then I suggest you to disable "...
by mkx
Thu Apr 11, 2024 3:34 pm
Forum: General
Topic: Issues with inter vlan routing
Replies: 2
Views: 330

Re: Issues with inter vlan routing

Having "connection-state" property set to empty string "" is not the same as not having it set at all. So unset connection-state property on your inter-VLAN firewall rules.
by mkx
Thu Apr 11, 2024 3:29 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 9
Views: 619

Re: Problem mac telnet into hEX

Well, by default there is only one bridge. Called, bridge. so I don't know what you mean by "manually set MAC addresses on all bridges" ... I have a few Mikrotik devices on the LAN, each have one bridge and I manually set MAC addresses on each and every bridge. Hence use of plural "b...
by mkx
Thu Apr 11, 2024 3:25 pm
Forum: General
Topic: does the mynetname expires after a while?
Replies: 5
Views: 784

Re: does the mynetname expires after a while?

If you replace old router with a new one and the public IP address is the same, then you'll end up with two A records: <old_SN>.sn.mynetname.net and <new_SN>.sn.mynetname.net ... both pointing at same address. I don't see how this is a problem, if you know <new SN>, then old record won't make any ha...
by mkx
Thu Apr 11, 2024 3:14 pm
Forum: General
Topic: 1-to-1 Nat when outside/public interface is a layer 2 connection [SOLVED]
Replies: 3
Views: 438

Re: 1-to-1 Nat when outside/public interface is a layer 2 connection [SOLVED]

With lots of fiddling it is possible to replace the two 1783-NATR devices with a single "multi purpose" router. But it's not easy as both "private" LANs use same IP address space and this is actually problem from routing point of view. So it is actually much easier to use one NAT...
by mkx
Thu Apr 11, 2024 3:11 pm
Forum: General
Topic: Mikrotik CRS326 RM - WebUI & Winbox disconections
Replies: 4
Views: 345

Re: Mikrotik CRS326 RM - WebUI & Winbox disconections

Are there any of devices you listed in your previous post which are interconnected with more than single UTP cable? In particular I'm thinking of connection between AX88U and CRS326 ... To be on the "fast" side: please ammend the description with exhastive list of connection between the de...
by mkx
Thu Apr 11, 2024 3:02 pm
Forum: Beginner Basics
Topic: Can't ping with firewall (nat)
Replies: 9
Views: 532

Re: Can't ping with firewall (nat)

why is this working and : chain=srcnat action=src-nat to-addresses=10.10.5.50 src-address=10.10.1.0/24 out-interface=ether5 did not work? Because you used wrong address setting for to-address property. The "to-address" property of src-nat rule sets the IP address which will replace the or...
by mkx
Thu Apr 11, 2024 2:55 pm
Forum: Beginner Basics
Topic: port forwarding problem [SOLVED]
Replies: 21
Views: 1681

Re: port forwarding problem [SOLVED]

Are you sure that cameras provide their service on ports 8001 and 8002? I'd guess they are actually using standard port 80 ... in which case NAT rules should have "to-ports=80" set.
by mkx
Thu Apr 11, 2024 2:50 pm
Forum: Beginner Basics
Topic: Slow connections across vlans with hex [SOLVED]
Replies: 12
Views: 1152

Re: Slow connections across vlans with hex [SOLVED]

This is wrong: /interface vlan add interface=ether3 name=CAM88 vlan-id=88 add interface=ether3 name=IoT687 vlan-id=687 add interface=ether3 name=VLAN82 vlan-id=82 add interface=ether3 name=VLAN3000 vlan-id=3000 add interface=ether3 name=WIFI20 vlan-id=20 add interface=ether3 name=WORK999 vlan-id=999...
by mkx
Wed Apr 10, 2024 9:36 pm
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 145
Views: 17696

Re: hAP ax3 wireless problem [SOLVED]

usually the antennas should be vertical, no matter how you install the device Nope. MIMO works best if reception from both Tx antennas is as uncorrelated as possible. Antennas are polarized and with 2x2 MIMO, different polarization makes best possible diversity ... and that's when both antennas are...
by mkx
Wed Apr 10, 2024 3:33 pm
Forum: SwOS
Topic: How to VLAN? [SOLVED]
Replies: 7
Views: 1149

Re: How to VLAN? [SOLVED]

You should set Egress setting on access ports (on SwOS device ports 2-5) to "Always Strip".
by mkx
Wed Apr 10, 2024 3:25 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 9
Views: 619

Re: Problem mac telnet into hEX

Mikrotik (and members of the board) advise is that of assigning manually a mac address to the bridge, but it has to be seen if - even if doing that - it would be listed on another device with /tool/mac-telnet ... Just checked ... I have manually set MAC addresses on all bridges ... and /tool/mac-te...
by mkx
Wed Apr 10, 2024 2:46 pm
Forum: General
Topic: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?
Replies: 4
Views: 332

Re: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?

Not only in ROS, also elsewhere. VLANs work between devices, if one uses them but the rest don't then they are either no good or interfere with traffic. Here kicks in the suggestion by @loloski: show us the physical/logical network topology (which includes ISP gear) so we can suggest you all the nec...
by mkx
Wed Apr 10, 2024 2:43 pm
Forum: Beginner Basics
Topic: Firewall rule to share device among subnets [SOLVED]
Replies: 8
Views: 569

Re: Firewall rule to share device among subnets [SOLVED]

In Firewall / Address list I create 2 new records with the same name and each should have the subnet? Is this the way?
Yes, enter address with subnet mask, e.g. "192.168.4.0/23"
by mkx
Wed Apr 10, 2024 2:33 pm
Forum: General
Topic: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?
Replies: 4
Views: 332

Re: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?

PPPoE works directly over ethernet ... so VRRP and routing etc. doesn't affect it. So yes, ISP's and your own PPPoE servers can interfere with each other. You should separate WAN and LAN on L2 (it seems you don't have it right now, only on L3), VLANs seem a natural solution to your problem (in this ...
by mkx
Wed Apr 10, 2024 2:29 pm
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 9
Views: 731

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

So far I didn't stumble upon setup where DHCPv6 server was dynamic, so I'm a bit lost here. In your case, how does DHCPv6 server pppoe-sn_dsnw2845b110 get created? Since pools are all static, you should be able to create static DHCPv6 serve as well ... and in that case, you should be able to make le...
by mkx
Wed Apr 10, 2024 2:22 pm
Forum: Beginner Basics
Topic: Firewall rule to share device among subnets [SOLVED]
Replies: 8
Views: 569

Re: Firewall rule to share device among subnets [SOLVED]

I have created a Firewall rule which works, but it gives access also from these subnets 192.168.0.x, 192.168.1.x , 192.168.2.x as well Is it possible to give access only to 192.168.4.0/23 and 192.168.10.0/23 with another way? You'll have to use two rules, each targeting individual subnet. Problem w...
by mkx
Wed Apr 10, 2024 12:26 pm
Forum: RouterBOARD hardware
Topic: Is the RB1100x4 still actively in production?
Replies: 3
Views: 443

Re: Is the RB1100x4 still actively in production?

RB1100AHx4 is still listed as "current device" on Mikrotik web page. So it should be able to buy it. Whether it's from old stock of from production line ... that can only Mikrotik answer (but I highly doubt they would). As to local distributor's stock: they tend to keep in stock models tha...
by mkx
Wed Apr 10, 2024 12:19 pm
Forum: Wireless Networking
Topic: hAP ax3 no internet connection for mobile clients
Replies: 4
Views: 388

Re: hAP ax3 no internet connection for mobile clients

This is really weird. In your opening post you wrote that wireless client can ping gateway (router), but the rest of (internet?) traffic is blocked for a while. But if device wants to communicate with internet, it is sending traffic to router ... and that works as you are saying. You can try to torc...
by mkx
Wed Apr 10, 2024 12:06 pm
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 9
Views: 731

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

Show config ... the /ipv6/dhcp-server/export part at least.
by mkx
Wed Apr 10, 2024 11:59 am
Forum: General
Topic: Mikrotik CRS326 RM - WebUI & Winbox disconections
Replies: 4
Views: 345

Re: Mikrotik CRS326 RM - WebUI & Winbox disconections

Your topology description is a bit fuzzy ... but combined with log entry it indicates you might have some misconfiguration of your device ...
by mkx
Wed Apr 10, 2024 11:58 am
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 9
Views: 731

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

Is the prefix pool ... which DHCPv6 uses to fetch prefixes for clients ... a dynamic (i.e. fetched from upstream DHCPv6 server) or a static one?
by mkx
Wed Apr 10, 2024 8:03 am
Forum: Wireless Networking
Topic: hAP ax3 no internet connection for mobile clients
Replies: 4
Views: 388

Re: hAP ax3 no internet connection for mobile clients

The way you explain the symptoms, the problem might be also in ARP entry aging on switches/bridges ... all mentioned devices are part of it, including the TP-link switch. If you can, connect both hAPs to hEX directly just to make sure that TP-link isn't playing games.
by mkx
Wed Apr 10, 2024 7:04 am
Forum: Beginner Basics
Topic: [SOLVED] Prevent connections to IP address
Replies: 4
Views: 345

Re: Prevent connections to IP address

Where are you accessing 192.168.1.40:8123 from, the rest of LAN? If that's so, you can't block traffic on router because traffic between two LAN devices doesn't pass router.
by mkx
Tue Apr 09, 2024 4:22 pm
Forum: Announcements
Topic: WinBox v3.40 released!
Replies: 143
Views: 133100

Re: WinBox v3.40 released!

I'm not trying to diss it (too much) but defending the existing isn't too helpful when you're trying to think outside the existing box. It would really help if you stated what are your wishes/requirements from the new web app. Because there are many things that can already be done, but using a few ...
by mkx
Tue Apr 09, 2024 3:49 pm
Forum: Beginner Basics
Topic: filtering big local lan
Replies: 4
Views: 339

Re: filtering big local lan

Can I improve the rules further?

I don't really have much experience with switch chip ACLs so I can't give you any further assistance.
by mkx
Tue Apr 09, 2024 3:46 pm
Forum: Announcements
Topic: WinBox v3.40 released!
Replies: 143
Views: 133100

Re: WinBox v3.40 released!

I see native WinBox on Linux in my dream when i sleep ))) Which is why IMO effort should be directed at web applications, not native apps. There's already WebFig ... functionality-wise it's on par with WinBox, so no need to re-invent the wheel. But there's a very important difference, which can not...
by mkx
Tue Apr 09, 2024 7:26 am
Forum: Beginner Basics
Topic: I can't ping the external network
Replies: 5
Views: 354

Re: I can't ping the external network

I'm out of ideas ... sorry.
by mkx
Mon Apr 08, 2024 10:07 pm
Forum: Beginner Basics
Topic: I can't ping the external network
Replies: 5
Views: 354

Re: I can't ping the external network

Your config shows that your ROS is using 192.168.10.1 as gateway. Is this correct? Is gateway allowing traffic?
by mkx
Mon Apr 08, 2024 9:55 pm
Forum: General
Topic: UTF-8 representation problem?
Replies: 8
Views: 689

Re: UTF-8 representation problem?

Mikrotik is purported to be working on a "multiplatform client" ... US-ASCII works on all modern platforms just fine :wink: For the record: my native language doesn't fit in any western 8-bit encodings, even less in 7-bit US-ASCII, so I'm grateful for UTF-8. But when it comes to networkin...
by mkx
Mon Apr 08, 2024 9:46 pm
Forum: Beginner Basics
Topic: filtering big local lan
Replies: 4
Views: 339

Re: filtering big local lan

Since both ports connect devices in same subnet, they clearly have to be in same bridge. But: simple bridge (no VLANs, etc.) is by default offloaded to hardware so bridge filters can't catch traffic (bridge is executed by CPU, HW offloaded traffic never leaves switch chip). There are two options: 1)...
by mkx
Mon Apr 08, 2024 9:31 pm
Forum: Beginner Basics
Topic: I can't ping the external network
Replies: 5
Views: 354

Re: I can't ping the external network

If you run comnand
/tool/traceroute 8.8.8.8
what does it show?
by mkx
Mon Apr 08, 2024 11:45 am
Forum: Beginner Basics
Topic: Cloud detects WAN IP, but says it is behind NAT
Replies: 2
Views: 267

Re: Cloud detects WAN IP, but says it is behind NAT

On your router, look in "IP address" and check which IP address is listed for your WAN interface. Then compare it to pubic IP address, reported in various places (cloud is one thing, there are several web pages telling you this information). If they are not the same, then your WAN IP addre...
by mkx
Sun Apr 07, 2024 9:32 pm
Forum: Beginner Basics
Topic: VLAN traffic stalls after starting/stopping flow
Replies: 5
Views: 777

Re: VLAN traffic stalls after starting/stopping flow

If you want any feedback from MT support, then you'll have to open support ticket. This is merely an user forum, hosted on MT's servers ... and occasionally visited by MT staffers. It is not means of official support.
by mkx
Sun Apr 07, 2024 6:29 pm
Forum: Wireless Networking
Topic: hAP AX3 5G range troubleshooting
Replies: 62
Views: 3341

Re: hAP AX3 5G range troubleshooting

Out of interest, inSSIDer is reporting signal strength of ~-50 but the hAP ax2 log shows about -20 lower. Why the difference? Each device reports strength of signal received from the link peer . inSSIDer is reporting signal strength of AP, received by laptop. And hAP ax3 reports signal strength of ...
by mkx
Sun Apr 07, 2024 6:15 pm
Forum: Beginner Basics
Topic: Cannot access HAPax3 wireless config html/webpage [SOLVED]
Replies: 2
Views: 361

Re: Cannot access HAPax3 wireless config html/webpage [SOLVED]

By default, device considers ether1 to be WAN port and management is not possible via that port. Management is possible via all other ports (including wireless). However: by default it also serves as router and its LAN address is 192.168.88.1/24 ... which conflicts with your existing LAN. The best w...
by mkx
Sun Apr 07, 2024 2:10 pm
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 145
Views: 17696

Re: hAP ax3 wireless problem [SOLVED]

WAF?

It doesn't hurt either, so why do you bother?
by mkx
Sun Apr 07, 2024 10:52 am
Forum: General
Topic: DNS in NTP client?
Replies: 16
Views: 6229

Re: DNS in NTP client?

What's wrong with server-dns-names property? Used instead of primary-ntp and secondary-ntp?
by mkx
Sat Apr 06, 2024 3:02 pm
Forum: RouterBOARD hardware
Topic: RB5009 2,5Gbe problems [SOLVED]
Replies: 22
Views: 8544

Re: RB5009 2,5Gbe problems [SOLVED]

I am one of these "others" as well :) I connect to ISP using SFP module ...
Ah, OK, that explains it.
by mkx
Sat Apr 06, 2024 1:39 pm
Forum: RouterBOARD hardware
Topic: RB5009 2,5Gbe problems [SOLVED]
Replies: 22
Views: 8544

Re: RB5009 2,5Gbe problems [SOLVED]

I cannot tell difference when it comes to CPU usage on RB5009. Both before and after disabling HW offload it's ~30% when transferring between WAN and LAN @ 2Gbit speed. That's because vast majority of CPU resourdes are used for firewalling, some for routing and only minor portion for interface hand...
by mkx
Sat Apr 06, 2024 11:14 am
Forum: Wireless Networking
Topic: hAP Reset After Power Outage and Don't Reconnect
Replies: 2
Views: 473

Re: hAP Reset After Power Outage and Don't Reconnect

One of possible outcomes of using reset button is configuration reset to factory defaults (which doesn't include CAPsMAN). Another one is to put device into CAP mode.

You can do that also via any of UIs (I'd suggest you winbox as it allows connection even if device doesn't have usable IP setup).
by mkx
Sat Apr 06, 2024 11:09 am
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 145
Views: 17696

Re: hAP ax3 wireless problem [SOLVED]

For many years we have been using "United states" here in Ukraine )) ... We can use 12,13 channels in 2,4GHz, but in real life we have a lot of American gadgets IMO the first one explains the second one. But the second one doesn't explain the first one, using Ukraine country settings does...
by mkx
Sat Apr 06, 2024 11:01 am
Forum: General
Topic: 1x RB5009 + 3x hAP ax^3 - Hotspot VLAN Radius Help
Replies: 9
Views: 633

Re: 1x RB5009 + 3x hAP ax^3 - Hotspot VLAN Radius Help

While we wait to be joined by @mkx

Nah, not my piece of pie. There are too many buzzwords in the thread title which I don't do (hotspot, radius, ...).
by mkx
Sat Apr 06, 2024 10:46 am
Forum: Beginner Basics
Topic: Can't use IPv6 provider prefix [SOLVED]
Replies: 1
Views: 311

Re: Can't use IPv6 provider prefix [SOLVED]

Better ask your ISP about possibilities. Either they could configure their router to hand out prefixes (preferrably larger than /64, /60 would be fine), or to bridge mode do that your MT would be talking to tgeir core directly (I guess tgat in this case your MT would receive prefixes). The way it is...
by mkx
Sat Apr 06, 2024 10:38 am
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.2 [stable] is released!

When someone disables that graphic... doesn't it get removed from the storage?
Only the stats data ... which I guess is a few kB. But graphics library and anything else needed stays installed ... probably most of it is needed for WebFig graphs anyway.
by mkx
Sat Apr 06, 2024 10:36 am
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.2 [stable] is released!

If someone want to partition, I'd say 64MB would be the minimum acceptable. It might if ROS was changed to use RAM disks more aggressivelly. As it is now, 128MB on audience isn't enough (or it wasn't back in v7.5 times), with 64MB partitions upgrade didn't succeed due to lack of flash space. It's b...
by mkx
Fri Apr 05, 2024 8:38 pm
Forum: General
Topic: Firewall/Routing Question
Replies: 19
Views: 820

Re: Firewall/Routing Question

At Router A, what does the router see.......... It should see source being user from RouterB with destination IP of server on Router A LAn, ( if traffic is sourcenatted, the source IP would be the wireguard IP of B ). The rule I suggested for site B is a dst-nat ... so src-address is not changed. T...
by mkx
Fri Apr 05, 2024 3:22 pm
Forum: Wireless Networking
Topic: mAntBox 15ax superchannel is missing...
Replies: 10
Views: 584

Re: mAntBox 15ax superchannel is missing...

Can we expect some solution in this problem? The only solution is to forget about superchannel altogether ... it wasn't obeying country-specific regulatory constraints and as such is illegal. Since majority of users didn't care about country regulations (and created havoc), EU (and many other count...
by mkx
Fri Apr 05, 2024 3:15 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.2 [stable] is released!

subprofile can be assigned to main configuration profile, which can be assigned to interface. Subprofile values can be overwritten in main configuration profile, and all values can be overwritten on the interface itself. The problem I an see is that often users consider properties set to empty valu...
by mkx
Fri Apr 05, 2024 3:10 pm
Forum: General
Topic: Firewall/Routing Question
Replies: 19
Views: 820

Re: Firewall/Routing Question

You can make the NAT rule as general as you want. But it may soon break something else. For example establishment of wireguard tunnel (tunnel might drop momentarily while siteA address doesn't change and then wireguard connection may get NAT-ed to 192.168.0.1 which is not accessible until after wire...
by mkx
Fri Apr 05, 2024 2:53 pm
Forum: General
Topic: CCR abnormal interface status
Replies: 4
Views: 336

Re: CCR abnormal interface status

What is connected to such a port?

It could be some device in sleep mode ... often LAN interfaces are configured into 10Mbps half-duplex mode (which seems to require least amount of power). But seeing it go up for a second and then down again is a bit weird.
by mkx
Fri Apr 05, 2024 12:42 pm
Forum: General
Topic: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]
Replies: 15
Views: 893

Re: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]

But only with an L2 misconfiguration, i.e. if I put, say, ether1 through ether4 in bridge1, set up a few VLAN interfaces on bridge1 and then put them all in bridge2. The problem will be that the moment a packet actually gets bridged between VLANs, it will need to first get flooded to all ports in b...
by mkx
Fri Apr 05, 2024 12:24 pm
Forum: General
Topic: IPv6 trouble [SOLVED]
Replies: 19
Views: 1594

Re: IPv6 trouble [SOLVED]

The ether1-gateway WAN interface has RA effectively disabled (ra-lifetime=none) On my routers I set "advertise=no" to addresses which are not supposed to be advertised (so no RA for that particular address). And it seems that if an interface doesn't have any address without this setting, ...
by mkx
Fri Apr 05, 2024 12:12 pm
Forum: General
Topic: Firewall/Routing Question
Replies: 19
Views: 820

Re: Firewall/Routing Question

No, hairpin NAT is not the problem here, communication between client on site B and server on Site A has to pass router (actually both of them) in both directions (if it doesn't, then one needs hairpin NAT). The problem here is selection of the route from site B to site A (and back) when client uses...
by mkx
Fri Apr 05, 2024 9:20 am
Forum: Beginner Basics
Topic: Not getting wireline speeds
Replies: 28
Views: 1245

Re: Not getting wireline speeds

So it is the usual case of two very different things that - in order to better distinguish them - are called in Mikrotikish with the same or a very similar name. Sort of homonyms or homographs. Well not really. Routing is pure L3 function and according to that, all devices which MT says support L3H...
by mkx
Fri Apr 05, 2024 12:06 am
Forum: Beginner Basics
Topic: Not getting wireline speeds
Replies: 28
Views: 1245

Re: Not getting wireline speeds

Mkx posted that this switch supports L3HW offloading. You just re-stated that it doesn't. One of the two must be accurate, not both. We're both right ... I already mentioned that L3HW offload in this switch only covers routing, not firewalling. And @chechito is talking about firewalling in his late...
by mkx
Thu Apr 04, 2024 11:36 pm
Forum: General
Topic: HW Offloading
Replies: 11
Views: 1072

Re: HW Offloading

None of the CRS3XX series of switches then has L3HW offloading if I had to base it on ethernet test results ( very slow ).

Generally I don't really trust test results from MT. So in this case I'd go with documentation, like official L3HW offload manual with its L3HW Device Support section.
by mkx
Thu Apr 04, 2024 11:32 pm
Forum: General
Topic: HW Offloading
Replies: 11
Views: 1072

Re: HW Offloading

Didn't somebody mention routers a few posts higher?
Just to be clear is HW offloading possible on some routers regarding its chip, completetely different from L3HW offloading discussed for switches?
by mkx
Thu Apr 04, 2024 11:25 pm
Forum: General
Topic: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]
Replies: 15
Views: 893

Re: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]

I can create a VLAN interface with id=1, that's for sure. But it appears that it's either not capturing traffic, You're right, it's not capturing traffic. Reason being that native VLAN comes untagged off bridge interface while any VLAN interface expects tagged frames on "anchor" side. If ...
by mkx
Thu Apr 04, 2024 11:12 pm
Forum: General
Topic: HW Offloading
Replies: 11
Views: 1072

Re: HW Offloading

RB5009 doesn't support L3HW offload. On routers that do (those have capable switch chips built in), the L3GW offload concept is the same as on switches. The difference is in the effectiveness of handling traffic which for some reason (e.g. route prefixes already offloaded use up all the ASIC route p...
by mkx
Thu Apr 04, 2024 10:49 pm
Forum: General
Topic: Firewall/Routing Question
Replies: 19
Views: 820

Re: Firewall/Routing Question

Is there a way to make it so that I can browse to A.dyndns.org:81 It may be possible to construct a DST-NAT combination on router of site B which would work most of time ... except in time periods after change of A public IP address (because A.dyndns.org has to be updated and TTL of the old record ...
by mkx
Thu Apr 04, 2024 9:01 am
Forum: Beginner Basics
Topic: wifi24 in italics, dhcp server gives invalid..
Replies: 6
Views: 621

Re: wifi24 in italics, dhcp server gives invalid..

Have seen this when you have removed names from userlist and they are pointed at from another setting. I know. I was hinting @OP to remove those because clearly they are remnants of something not needed any more. Probably they are not the reason for problems though, but it's always good to have cle...
by mkx
Thu Apr 04, 2024 8:28 am
Forum: Beginner Basics
Topic: Not getting wireline speeds
Replies: 28
Views: 1245

Re: Not getting wireline speeds

Sirbyran, lets make it real, ..................... @Sirbyran is referring to CRS310 capability of doing L3HW offloading: https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading#L3HardwareOffloading-L3HWDeviceSupport That makes CRS310 a wirespeed router. But, as he also noted, it can suppo...
by mkx
Thu Apr 04, 2024 8:24 am
Forum: Beginner Basics
Topic: wifi24 in italics, dhcp server gives invalid..
Replies: 6
Views: 621

Re: wifi24 in italics, dhcp server gives invalid..

What are these two entries? /interface bridge port add bridge=bridge comment=defconf interface= *6 /interface bridge port add bridge=bridge comment=defconf disabled=yes interface= *7 Does log have anything about wifi24 and DHCP server? Best to reboot device and check log immediately after it comes u...
by mkx
Thu Apr 04, 2024 8:07 am
Forum: General
Topic: WiFi Isolation Using VLANs
Replies: 2
Views: 265

Re: WiFi Isolation Using VLANs

Additionally, I've noticed in some tutorials that firewalls are used to block access between VLANs. If I'm required to use a firewall, what's the purpose of using VLANs? This is a common knowledge, the same for all network vendors (in no way specific to Mikrotik): OSI layers can explain some of you...
by mkx
Wed Apr 03, 2024 10:43 pm
Forum: Wireless Networking
Topic: hAP ac3 5GHz antenna-gain locked, using 6
Replies: 20
Views: 1087

Re: hAP ac3 5GHz antenna-gain locked, using 6

What if I use long feeder cables? How can I compensate attenuation? Minimum antenna gain is only fixed for devices with permanently attached antennas. Devices, which only have antenna connectors and one has to use external antennas, don't have it set (or they have it set to 0). I don't think that u...
by mkx
Wed Apr 03, 2024 9:47 pm
Forum: General
Topic: Downgrading RouterOS
Replies: 10
Views: 5444

Re: Downgrading RouterOS

Did you check log after reboot (which was supposed to downgrade but failed to do so)?
by mkx
Wed Apr 03, 2024 9:36 pm
Forum: General
Topic: CCR2004-1G-12S+2XS: IPv4 routing performance less than IPv6?
Replies: 4
Views: 415

Re: CCR2004-1G-12S+2XS: IPv4 routing performance less than IPv6?

Both sfp-sfpplus8 and bond/9+10 are trunk (all tagged) ports. So how are hosts configured regarding VLANs? And, BTW, you didn't post full config. So I'll assume you're just trolling and not expecting to get any usable advice if you won't post full config (sensitive data obfuscated, not left out).. I...
by mkx
Wed Apr 03, 2024 1:02 pm
Forum: General
Topic: EoIP Log Entries explanation requested
Replies: 2
Views: 194

Re: EoIP Log Entries explanation requested

I'd say it's normal. I see similar stuff on my IPIP links (it also uses IPsec under the hood).
by mkx
Wed Apr 03, 2024 12:47 pm
Forum: Beginner Basics
Topic: Any idea?
Replies: 1
Views: 243

Re: Any idea?

Do all leases show all-zero MAC addresses or just some? Lease list showing such MAC address usually indicates that the lease was offered but the handshake did not finish. Could be that the devices (webcams) only perform first part of handshake (getting lease offer) but not the second part (mutual ac...
by mkx
Wed Apr 03, 2024 12:42 pm
Forum: General
Topic: Downgrading RouterOS
Replies: 10
Views: 5444

Re: Downgrading RouterOS

when i /system/packages/downgrade the system reboots but doesnt downgrade to 7.13 You have to manually upload NPKs for all packages currently running (e.g. routeros and wireless) for the target version and correct architecture. then execute "downgrade" and reboot. After router boots up, i...
by mkx
Wed Apr 03, 2024 10:16 am
Forum: General
Topic: bridge vlan across a routed network
Replies: 3
Views: 270

Re: bridge vlan across a routed network

You want to use EOIP to bridge vlan500 interface on HQ mikrotik and whatever vlan interface (can be 500 as well, I don't see a reason to have it different) on branch office mikrotik.
by mkx
Wed Apr 03, 2024 9:23 am
Forum: General
Topic: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]
Replies: 15
Views: 893

Re: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]

(I also don't quite like how the router has to have a separate address for each VLAN, this seems pretty unnecessary) It seems that you don't quite understand the (V)LAN concept, do you? I haven't read your explanation in depth, just skimmed it ... and it seems to me you want to have a flat LAN, so ...
by mkx
Wed Apr 03, 2024 9:20 am
Forum: General
Topic: CCR2004-1G-12S+2XS: IPv4 routing performance less than IPv6?
Replies: 4
Views: 415

Re: CCR2004-1G-12S+2XS: IPv4 routing performance less than IPv6?

Show us the config. From what is shown so far and what you explained it seems like IPv4 is being routed while IPv6 is being bridged ... but only look at config can tell what you actually have.
by mkx
Wed Apr 03, 2024 9:16 am
Forum: Beginner Basics
Topic: Using CRS309-1G-8S+IN as switch with MLAG [SOLVED]
Replies: 4
Views: 664

Re: Using CRS309-1G-8S+IN as switch with MLAG [SOLVED]

How about showing complete config of your switches? What you've shown is not complete. And since you don't know where the error is, I don't think you can decide which part of config is relevant and which isn't. But I agree that you have lots of holes in your VLAN setup (and errors as well), so it's ...
by mkx
Wed Apr 03, 2024 7:09 am
Forum: Beginner Basics
Topic: DHCP Server - DNS blank or router IP [SOLVED]
Replies: 8
Views: 533

Re: DHCP Server - DNS blank or router IP [SOLVED]

Generally the argument to give clients real DNS is some clients is additional caching slows upstream changes from appearing as quickly (e.g. since there cached, clients have to wait for the TTL to expire and unable to "force" DNS to re-resolve)... Every recursive DNS resolver (including y...
by mkx
Tue Apr 02, 2024 3:17 pm
Forum: General
Topic: bridge vlan across a routed network
Replies: 3
Views: 270

Re: bridge vlan across a routed network

You can't bridge L2 networks (that's what VALNs are) over L3 (IP) just like that. You need some L2 tunnel, running on top of L3 ... in MT world (both routers are MT according to your description) that's EIOP. Beware that EOIP alone doesn't encrypt traffic, so you may want to run EIOP on top of IPsec...
by mkx
Tue Apr 02, 2024 3:12 pm
Forum: Beginner Basics
Topic: Does "Detect Internet" actually do anything?
Replies: 15
Views: 8408

Re: Does "Detect Internet" actually do anything?

As @normis said: this function is intended to detect (and autoconfigure to certain extent) WAN-facing interfaces (which is a very good thing). However, the experience is that detection success rate is lower than we would all love to see and when it fails, then the whole router starts to behave in ra...
by mkx
Tue Apr 02, 2024 12:15 pm
Forum: SwOS
Topic: netpower SwitchOS - fiber ring topology
Replies: 1
Views: 187

Re: netpower SwitchOS - fiber ring topology

You can do the ring. But make sure RSTP is enabled. And I suggest you to make bridge priority on CSS, connected to uplink, lower than the rest of devices (e.g. to (0x)4000) so that it wins root bridge selection ... selection about which segment of your fiber ring will be disabled will be made relati...
by mkx
Tue Apr 02, 2024 11:20 am
Forum: Wireless Networking
Topic: 802.11b required for me but missing in ROS7 WiFi [SOLVED]
Replies: 12
Views: 963

Re: 802.11b required for me but missing in ROS7 WiFi [SOLVED]

But, a few devices now cant connect to the new wireless network: Another thought: did you try to remove those devices from your wireless network and re-add them? I seem to remember this was necessary on certain smart phones (but not all of them ... all running various versions of Android) when I st...
by mkx
Tue Apr 02, 2024 10:40 am
Forum: Wireless Networking
Topic: 802.11b required for me but missing in ROS7 WiFi [SOLVED]
Replies: 12
Views: 963

Re: 802.11b required for me but missing in ROS7 WiFi [SOLVED]

You should enable CCMP cipher - screenshot shows that note of ciphers are selected and I don't know what's default.

Also try to disable FT, it's another AP capability which some clients may trip over.
by mkx
Tue Apr 02, 2024 10:35 am
Forum: General
Topic: [ask] how to check mac address on vlan
Replies: 4
Views: 333

Re: [ask] how to check mac address on vlan

If you have bridge with vlan-filtering, then something like /interface/bridge/host/print where vid=<vlan id> where <vlan id> is VLAN ID you want to query. Another possibility (not sure if it's available on all ROS devices): /interface/ethernet/switch/host/print where vlan-id=<vlan id>
by mkx
Tue Apr 02, 2024 9:24 am
Forum: Wireless Networking
Topic: 802.11b required for me but missing in ROS7 WiFi [SOLVED]
Replies: 12
Views: 963

Re: 802.11b required for me but missing in ROS7 WiFi [SOLVED]

There are a few settings available in new wifi configuration which might upset older stations (in no particular order): enabling wpa3 authentication type enabling anything but "ccmp" and "ccmp-256" as encryption type setting "management-protection" to anything other tha...
by mkx
Tue Apr 02, 2024 9:17 am
Forum: Wireless Networking
Topic: configure "cAP ac" to "RB4011iGS+RM" router
Replies: 4
Views: 309

Re: configure "cAP ac" to "RB4011iGS+RM" router

One prerequisite is to have wireless package installed on RB4011 (not wifi-qcom-ac ... which drops support for 2.4GHz radio on RB4011 anyway). Then you have to configure things in /capsman configuration subtree. When everything is configured there correctly, you should be able to put your cAP ac int...
by mkx
Tue Apr 02, 2024 9:06 am
Forum: Beginner Basics
Topic: VLANs seems not to isolate each other [SOLVED]
Replies: 3
Views: 433

Re: VLANs seems not to isolate each other [SOLVED]

... but I can ping and get access from VLAN 10 to 11 ... In addition to what @CGGXANNX wrote also note that due to how firewall works, router will respond to pings regardless which of its IP address is being targeted (e.g. pinging router's address in VLAN 11 from a client inside VLAN 10). It is pos...
by mkx
Mon Apr 01, 2024 5:29 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.2 [stable] is released!

Could the "memory leak" be due to 0 disk space available?
It might ... because ROS might be caching writes to flash. AFAIK that's not what linux kernel usually does though.
by mkx
Mon Apr 01, 2024 5:25 pm
Forum: General
Topic: IPv6 trouble [SOLVED]
Replies: 19
Views: 1594

Re: IPv6 trouble [SOLVED]

I've set pool-prefix-lenght=64 on the dhcpv6 client, but did not made a difference. From various posts about my KPN ipv6 settings, I always found 48 to be used and I see the prefix I get is also /48. My feeling tells me that 48 is all I will get? The pool-prefix-length property sets the prefix size...
by mkx
Mon Apr 01, 2024 3:58 pm
Forum: General
Topic: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]
Replies: 7
Views: 701

Re: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]

The port that you should NOT (normally) use for netinstall is ether1 (or anyway WAN ports) try one of ether2+. See: https://forum.mikrotik.com/viewtopic.php?t=206301 Wrong. Netinstall is always done via ether1 (which is usually WAN port) ... and this includes devices with single (management) ether ...
by mkx
Mon Apr 01, 2024 3:56 pm
Forum: General
Topic: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]
Replies: 7
Views: 701

Re: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]

Try these steps:
  1. Disconnect everything
  2. Start netinstall on linux machine
  3. Connect ethernet cable brtween PC and ether1
  4. Press reset and keep pressing it until step #6
  5. Plug in power plug
  6. When netinstall executable on linux machine detects hAP ac2, release reset button
by mkx
Mon Apr 01, 2024 3:52 pm
Forum: General
Topic: I'm trying to setup VLANs but I get no gateway
Replies: 4
Views: 321

Re: I'm trying to setup VLANs but I get no gateway

Guess it is a good idea to set up the router from scratch. Before[*] starting from scratch, have a look at this tutorial to get an idea about how VLANs are properly done in ROS. [*] I wrote "before" not because you shouldn't tear your config apart but to learn how to do it properly from s...
by mkx
Mon Apr 01, 2024 3:47 pm
Forum: General
Topic: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]
Replies: 7
Views: 701

Re: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]

Netinstall does work in vast majority of cases. But it's a very fragile process (a bit less so if using linux netinstall) so it may take some (or many) tries to make evrything click together.
by mkx
Mon Apr 01, 2024 2:15 pm
Forum: General
Topic: IPv6 trouble [SOLVED]
Replies: 19
Views: 1594

Re: IPv6 trouble [SOLVED]

Set pool-prefix-length=64 on your DHCPv6 client.

And why all those advertise-*=no in ipv6 nd setup?
by mkx
Mon Apr 01, 2024 10:02 am
Forum: General
Topic: DHCP Lease Status Offered
Replies: 3
Views: 302

Re: DHCP Lease Status Offered

Post MT's config. Without it it's not clear what you mean by saying "I am using DHCP on VLAN"...
by mkx
Sun Mar 31, 2024 11:38 pm
Forum: Beginner Basics
Topic: WAN and LAN passthrough to second MT - VLAN Question [SOLVED]
Replies: 12
Views: 715

Re: WAN and LAN passthrough to second MT - VLAN Question [SOLVED]

With incorrect VLAN filtering setup you can easily loose MAC access to device ... so if doing something you're not comfortable with, it's smart to take one port off bridge and add it to the list with allowed MAC access ... that port would then be immune to whatever errors one might do in bridge conf...
by mkx
Sun Mar 31, 2024 11:29 pm
Forum: RouterBOARD hardware
Topic: CRS317 vs CRS326 Performance
Replies: 4
Views: 515

Re: CRS317 vs CRS326 Performance

That's right. CRS326 is not bad (its L3HW offload is impressive) but CRS317 is way better.
by mkx
Sun Mar 31, 2024 1:24 pm
Forum: RouterBOARD hardware
Topic: CRS317 vs CRS326 Performance
Replies: 4
Views: 515

Re: CRS317 vs CRS326 Performance

For L2 they both do wirespeed on all ports simultaneously. Difference is in bridging (software L2, usually not necessary) and routing.
by mkx
Sun Mar 31, 2024 1:22 pm
Forum: RouterBOARD hardware
Topic: CCR2004-16G-2S+PC NO USB, WHYYY!??
Replies: 28
Views: 7381

Re: CCR2004-16G-2S+PC NO USB, WHYYY!??

The idea is to have some storage to run few networking containers like traefik, dns server, mdns repeater As I wrote elsewhere before: why forcing router to become general-purpose device while there exist more cost-effective and versatile solutions (from Raspberry PI to x86-based servers of various...
by mkx
Sun Mar 31, 2024 11:40 am
Forum: Beginner Basics
Topic: MikroTik Fiber-to-Copper converter FTC11XG
Replies: 1
Views: 218

Re: MikroTik Fiber-to-Copper converter FTC11XG

FTC11XG is a SwOS device so it provides very little management possibilities by itself. Since your SFP module is ONU, it needs quite some configuration (and that can't be done via SwOS). The only thing that SwOS can do is adjust SFP+ port speed to what ONT module expects/requires. Many of those SFP ...
by mkx
Sun Mar 31, 2024 11:31 am
Forum: Wireless Networking
Topic: configure "cAP ac" to "RB4011iGS+RM" router
Replies: 4
Views: 309

Re: configure "cAP ac" to "RB4011iGS+RM" router

For one it very much depends on ROS version running on both devices. In addition it depends on which of optional packages are installed on cAP ac. After you provide this information, we can go further.
by mkx
Sun Mar 31, 2024 11:19 am
Forum: Wireless Networking
Topic: Antenna showdown with my Nano VNA
Replies: 2
Views: 465

Re: Antenna showdown with my Nano VNA

When using polarized antennas (they all are) it's important to perform measurements when polarization planes of both antennas match exactly. If using 2 chains on one side and both antennas are at some angle (ideally at 90° angle), then they'll both contribute to reception even if the other party onl...
by mkx
Sun Mar 31, 2024 11:03 am
Forum: Wireless Networking
Topic: Which bluetooth
Replies: 3
Views: 289

Re: Which bluetooth

I'd say that ROS only supports BT hardware vased on chipsets akso used by hardware made by Mikrotik. I could only find references to Quectel's BG77 in this context. So I guess that if you find a BT modem, based on this chipset, it might work. What you see is not ROS support, only generic USB enunera...
by mkx
Sun Mar 31, 2024 10:49 am
Forum: General
Topic: NAT with several public IPs
Replies: 2
Views: 260

Re: NAT with several public IPs

If the other WAN addresses are not router towards your NAT device[*], then you need to set those addresses explicitly on WAN interface. NAT only kicks into action after packet was already delivered to the device. NAT configuration does not affect the way packets are handled before they are received ...
by mkx
Sun Mar 31, 2024 10:35 am
Forum: Beginner Basics
Topic: Fresh DHCP Client Test
Replies: 7
Views: 465

Re: Fresh DHCP Client Test

I would expect the DHCP client to have gotten an IP as well? Where from? That would work only if you had another DHCP server running on network, attached to bridge. But then I'm why woukd you need anotger DHCP server (running on your L009). No, it doesn't have any sense to run both DHCP server and ...
by mkx
Sat Mar 30, 2024 4:28 pm
Forum: General
Topic: How insecure of 8791?
Replies: 39
Views: 1804

Re: How insecure of 8791?

So if the EoIP terminated at some central router, it be able to see anything with RoMON enabled – even if it's two hops aways (e.g. hub router --(eoip)--> remote --(etherX)--> ap).
Wouldn't this require bridge between eoip and etherX on remote device?
by mkx
Sat Mar 30, 2024 4:25 pm
Forum: Beginner Basics
Topic: VLAN'ising an existing configuration without disrupting service
Replies: 23
Views: 1239

Re: VLAN'ising an existing configuration without disrupting service

Was just hoping for some shortcuts here, is all. No, there are no shortcuts. Adding VLANs is the same as building a completely new physical network (including laying cables and adding switches). Even worse, you have to break things "to make space" for new setup. When doing that, it's hard...
by mkx
Sat Mar 30, 2024 12:31 pm
Forum: RouterBOARD hardware
Topic: hAP ac2 not working after 7.14 update.
Replies: 20
Views: 3086

Re: hAP ac2 not working after 7.14 update.

But I'm very curious as to what Mikrotik support has to say on this. In release change logs for 7.14 MT repeatedly states that wireless package size got smaller. The issue is that during ROS upgrade, storage usage is temporarily slightly increased and if storage is almost full before upgrade, the u...
by mkx
Sat Mar 30, 2024 12:25 pm
Forum: Wireless Networking
Topic: CAPsMANv2 and Wireless Backhaul with 2 Audiences [SOLVED]
Replies: 10
Views: 889

Re: CAPsMANv2 and Wireless Backhaul with 2 Audiences [SOLVED]

Intended behaviour is to provision local interfaces on CAPsMAN devices locally. This is not a problem since local wifi provisioning and capsman (can) actually share same configuration profiles. This wasn't a case with legacy wireless where it did make sense to let capsman provision also local interf...
by mkx
Sat Mar 30, 2024 12:16 pm
Forum: Wireless Networking
Topic: hAP ax2 randomly drops WiFi SSIDs (both 2,4 and 5Ghz)
Replies: 134
Views: 26126

Re: hAP ax2 randomly drops WiFi SSIDs (both 2,4 and 5Ghz)

Just try 5180 and see if it works. For some reason now it works but I haven't put anything in the frequency field yet. In the Status tab it says Channel: "5220/ax/eeCe" Yup, it's the same "sweet" 80MHz band (between 5170 and 5250 MHz; mind that frequencies shown and used through...
by mkx
Sat Mar 30, 2024 12:07 pm
Forum: General
Topic: DHCP Lease Status Offered
Replies: 3
Views: 302

Re: DHCP Lease Status Offered

Are Tenda routers, on their WAN side, configured to use tagged VLANs? If they are not, then you have to configure access switches (the ones between ONUs and Tendas) and nake Tenda-facing ports as access ports for appropriate VLANs (and keep ONU-facing ports configured as trunk/tagged-only ports).
by mkx
Sat Mar 30, 2024 11:57 am
Forum: Beginner Basics
Topic: dstnat to host on LAN times out
Replies: 5
Views: 352

Re: dstnat to host on LAN times out

thanks for the response. When you say I'd say that gateway address in /ip dhcp-server network should be 10.10.10.1 ... does that mean that the "gateway" address is always on the near end of the link in the separate subnet? Gateway setting in DHCP setup informs DHCP client (i.e. the far en...
by mkx
Sat Mar 30, 2024 11:29 am
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.2 [stable] is released!

forward: in:bridge out:up-etisalat, connection-state:invalid src-mac 30:9c:23:28:5e:0d, proto TCP (ACK,RST), 192.168.88.19:52394->52.210.81.44:443, len 40 or forward: in:bridge out:up-etisalat, connection-state:invalid src-mac 30:9c:23:28:5e:0d, proto TCP (ACK,FIN), 192.168.88.19:52383->52.210.81.4...
by mkx
Fri Mar 29, 2024 9:25 pm
Forum: Beginner Basics
Topic: how to assign static IP of choice on LAN host
Replies: 2
Views: 234

Re: how to assign static IP of choice on LAN host

After the lease is made static, it's possible to edit it, e.g. set a different IP address. Just keep in mind that changes in lease settings aren't pushed to client, they are only taken into account after client tries to renew the old lease.
by mkx
Fri Mar 29, 2024 9:15 pm
Forum: Beginner Basics
Topic: dstnat to host on LAN times out
Replies: 5
Views: 352

Re: dstnat to host on LAN times out

This doesn't seem quite right to me: /ip dhcp-server lease add address= 10.10.10.10 client-id=1:b8:69:///:aa mac-address=\ B8:69:F4:47:5D:AA server=server10 /ip dhcp-server network add address=10.10.10.0/24 gateway= 10.10.10.10 netmask=24 I'd say that gateway address in /ip dhcp-server network shoul...
by mkx
Fri Mar 29, 2024 8:25 pm
Forum: General
Topic: Which features are NOT essential to RouterOS?
Replies: 8
Views: 538

Re: Which features are NOT essential to RouterOS?

Mikrotik could have not made a "wifi-qcom-ac" driver

I'm glad they did ... because it allows me to get rid of all wireless drivers, I'm using my hAP ac2 as router only. And it allows me to unleash full wireless power of Audience (OK, this was achieved by wifiwave2 already).
by mkx
Fri Mar 29, 2024 7:14 pm
Forum: General
Topic: How insecure of 8791?
Replies: 39
Views: 1804

Re: How insecure of 8791?

EOIP works between two IP addresses and doesn't care about how its packets move from point A to point B. So one can use any kind of connectivity to do the job. Since EOIP doesn't do any encryption, it's wise to use something that does it. IPsec is fine, wireguard is fine, etc.
by mkx
Fri Mar 29, 2024 6:58 pm
Forum: RouterBOARD hardware
Topic: hAP ax3 temperature at 58-60 degrees...
Replies: 18
Views: 995

Re: hAP ax3 temperature at 58-60 degrees...

Default firewall fiter rule set folliws the "allow needed, drop the rest" concept, although the last rule in chain=forward is formulated in a bit cryptical way. Too bad that some people eradicate the default firewall setup only to replace it with a pile of garbage. Instead of adjusting def...
by mkx
Fri Mar 29, 2024 5:46 pm
Forum: General
Topic: Purchasing on Amazon
Replies: 11
Views: 697

Re: Purchasing on Amazon

Anav where did you get the 15% from?

Seems that VAT rate for fire-breathing donkeys is higher in NS ?
by mkx
Fri Mar 29, 2024 5:37 pm
Forum: Beginner Basics
Topic: NAT and reach dhcp clients in router mode from main network
Replies: 5
Views: 331

Re: NAT and reach dhcp clients in router mode from main network

I'm not saying that I'm not ubiquiti man ... you may find one mkx on the forum you linked :-P (no, you won't, not this one)
by mkx
Fri Mar 29, 2024 4:55 pm
Forum: Beginner Basics
Topic: NAT and reach dhcp clients in router mode from main network
Replies: 5
Views: 331

Re: NAT and reach dhcp clients in router mode from main network

I've no idea how nanostation is to be configured ... I don't know any Mikrotik by that name ...
by mkx
Fri Mar 29, 2024 1:13 pm
Forum: Beginner Basics
Topic: NAT and reach dhcp clients in router mode from main network
Replies: 5
Views: 331

Re: NAT and reach dhcp clients in router mode from main network

No need for NAT on nanostation. However, often firewall config on client computers considers anything outside own subnet (as determined by network address and mask) to be "evil internet" and is thus blocked. NAT on nanostation would help to overcome this problem (making clients believe it'...
by mkx
Fri Mar 29, 2024 1:05 pm
Forum: Beginner Basics
Topic: IPTV and VLAN
Replies: 1
Views: 232

Re: IPTV and VLAN

You'll have to add WAN interface to bridge and convert bridge into VLAN-aware entity. Tge untagged internet access you have currently on separate interface will become access port of a dedicated VLAN, current LAN ports will become access ports of another dedicated VLAN. Actually your current WAN por...
by mkx
Fri Mar 29, 2024 9:45 am
Forum: RouterBOARD hardware
Topic: hAP ax3 temperature at 58-60 degrees...
Replies: 18
Views: 995

Re: hAP ax3 temperature at 58-60 degrees...

I have some suggestions that the reboot is due to overheating of the processor, the frequency is once every 3-4 days... The suggestion you are mentioning goes directly against the log line saying "out of memory condition was detected" ... which indicates a memory leak (and there are repor...
by mkx
Fri Mar 29, 2024 9:36 am
Forum: Wireless Networking
Topic: cAP ax 5 GHz not working
Replies: 15
Views: 3243

Re: cAP ax 5 GHz not working

Check the actual 5GHz frequency used while your hAP ax2 seems not to be working. With recent ROS releases, ax devices seem to prefer highest frequencies (when left at auto selection) and not every client supports those.
by mkx
Fri Mar 29, 2024 8:59 am
Forum: General
Topic: [CRS518] Very Basic MLAG / ICCP Question
Replies: 2
Views: 233

Re: [CRS518] Very Basic MLAG / ICCP Question

The ALCATEL "LACP" part - that is MLAG and not LACP. I disagree. From Alcatel device point if view the links are in LACP mode. Even if all three devices were by same vendor, the bottom one would have to be configured as LACP peer of the upper pair. However, both CRS518 have to be aware th...
by mkx
Thu Mar 28, 2024 9:26 pm
Forum: Wireless Networking
Topic: Can I safely uninstall wireless package - hEX [SOLVED]
Replies: 17
Views: 816

Re: Can I safely uninstall wireless package - hEX [SOLVED]

It might have model names hard coded (so it might not perform hardware detection routines). And it's different than your case: if device had wifiwave2 installed previously, then legacy wireless (was part of core package back in time) was disabled ... hence legacy capsman could not be in use (and thi...
by mkx
Thu Mar 28, 2024 7:23 pm
Forum: Wireless Networking
Topic: Can I safely uninstall wireless package - hEX [SOLVED]
Replies: 17
Views: 816

Re: Can I safely uninstall wireless package - hEX [SOLVED]

Because installer is a very simple one ... in most ROS versions (up and including 7.11 and 7.13 and later) it simply downloads and installs the very same packages as already installed. MT went all overboard with installer in 7.12 which knows the following 3 cases: wifiwave2 installed and device is o...
by mkx
Thu Mar 28, 2024 7:14 pm
Forum: General
Topic: Netinstall Help: lost at final step can't select package.
Replies: 14
Views: 808

Re: Netinstall Help: lost at final step can't select package.

In screenshot 2 ... select router first and then package ... or this still doesn't do the trick?

Also make sure that the routeros npk file you have available is for the CPU architecture of your RB750 (it seems that RB750 is MIPSBE but verify yourself).
by mkx
Thu Mar 28, 2024 7:07 pm
Forum: RouterBOARD hardware
Topic: Old RB750 V1 (Not RB750G) will not update to firmware 7.X [SOLVED]
Replies: 9
Views: 879

Re: Old RB750 V1 (Not RB750G) will not update to firmware 7.X [SOLVED]

Personally I'd upgrade using ROS built-in updater as far as it goes ... and upgrade routerboot as it goes. Running ROS v7 requires routerboot which is not ancient (6.45.7 might be fine, but to be on safe side ...). Next: if you want to upgrade from v6 to v7 using built-in updater, you have to set ch...
by mkx
Thu Mar 28, 2024 6:46 pm
Forum: Wireless Networking
Topic: Can I safely uninstall wireless package - hEX [SOLVED]
Replies: 17
Views: 816

Re: Can I safely uninstall wireless package - hEX [SOLVED]

The installer doesn't analyze actual configuration of the device hence it doesn't know whether capsman functionality, included in now separate package wireless, is needed or not. To be on safe side the package is installed even though device doesn't have wireless hardware.
by mkx
Wed Mar 27, 2024 8:33 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.2 [stable] is released!

@Amm0: exactly, proper setting would be something like propagation-delay-max with integer setting (>=1) and unit of microseconds (and 10km would roughly translate into 33 microseconds). But imagine chaos this would cause among most AP admins. Constant indoor would translate into 1 microsecond or aro...
by mkx
Wed Mar 27, 2024 7:44 pm
Forum: Wireless Networking
Topic: 7.14 breaks wifi
Replies: 8
Views: 799

Re: 7.14 breaks wifi

The signal strength, reported with disconnection events (around -30dBm), is very high. Does the same happen when there's some distance between AP and station? Healthy signal strengths are between -50dBm and -60dBm.
by mkx
Wed Mar 27, 2024 7:38 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 614
Views: 149871

Re: v7.14.2 [stable] is released!

But would then it be speed of light in vacuum or in some thick air with large refractive index?
by mkx
Wed Mar 27, 2024 7:32 pm
Forum: General
Topic: NAT 1:1 on Mikrotik - without gateway on the client device
Replies: 1
Views: 263

Re: NAT 1:1 on Mikrotik - without gateway on the client device

These NAT rules should be fine. If you can set up routes on "WAN" side and PLC address space doesn't clash with addresses on WAN side, then you could set route (dst 192.168.0.0/24 gateway 10.40.100.X (where this address is router's WAN IP address). Then you only need single SRC-NAT rule: /...
by mkx
Wed Mar 27, 2024 7:23 pm
Forum: General
Topic: AX3 Wifi confusion
Replies: 9
Views: 720

Re: AX3 Wifi confusion

well, your issue is all about "skip-dfs-channels=all". In the heart of an incredibly RF and people dense city, in a huge apartment building, I don't have a choice but to use DFS channels. Well, then set this to skip-dfs-channels=disabled ... only then will your ax3 try to use DFS channels...
by mkx
Wed Mar 27, 2024 6:22 pm
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1835

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

First of all, I'm glad you found the problem. BTW, when I tried updating software it said 7.12.1 is the highest version possible. However, when I want to download netinstall there is 7.14.1 Stable available as default... Should I go with that or rather use 7.12.1? 7.13 came with breaking change (wir...
by mkx
Wed Mar 27, 2024 9:23 am
Forum: Beginner Basics
Topic: ONU terminal on PoE-out issue
Replies: 5
Views: 481

Re: ONU terminal on PoE-out issue

Does Mikrotik have some models with PoE-out with 12V? Any device with passive PoE out and which can be powered using 12V power adapter. But I suggest you not to go this way. If you absolutely have to power ZTE via PoE, use passive PoE injector (MT's own RBGPOE might do the trick) and use dedicated ...
by mkx
Wed Mar 27, 2024 9:21 am
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1835

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

I'll start from the scratch and check step by step when the connectivity fails, hope I'll find out. That's something I was about to suggest you. Start by netinstalling the switch and try to progress at desired setup without taking turns. There were cases where visible configuration of device (the o...
by mkx
Wed Mar 27, 2024 9:15 am
Forum: Beginner Basics
Topic: CAPsMAN across "wireless" and "wifi-qcom" package
Replies: 2
Views: 632

Re: CAPsMAN across "wireless" and "wifi-qcom" package

CAPsMAN for legacy (wireless) and wave2 (wifi-qcom ...) radios are two distinct entites and have to be configured separately. With ROS 7.13+ it is possible to run both CAPsMAN instances on the same device, but it needs legacy wireless package installed (even if device itself doesn't have any wireles...
by mkx
Tue Mar 26, 2024 6:00 pm
Forum: General
Topic: RB952Ui was hacked
Replies: 3
Views: 502

Re: RB952Ui was hacked

If reset button is indeed disabled[*] (a.k.a. protected routerboot), then your RB951Ui just became e-waste. [*] In theory it's not possible to enable protected routerboot without physical access to device, so it's unlikely that remote hacker did it. If you didn't do it yourself, then it still should...
by mkx
Tue Mar 26, 2024 4:58 pm
Forum: Wireless Networking
Topic: Too strong signal - wifi client flapping (7.13+)
Replies: 5
Views: 494

Re: Too strong signal - wifi client flapping (7.13+)

Signal strength of 50 is quiet impossible as far as I know. In theory it's possible, but in practice not so much. It would mean that Rx antenna is pumping 100W worth of signal into receiver. Not many WiFi devices can transmit at that kind of EIRP and as soon as there's some air gap between Tx and R...
by mkx
Tue Mar 26, 2024 4:44 pm
Forum: General
Topic: Config returning after reboot
Replies: 5
Views: 707

Re: Config returning after reboot

If flash is full (or there's only very little free space), then changes in config are not (successfully) saved to flash any more. One has to make some more space. Either by removing some files (e.g. old backup files). Or if there are some optional package files installed, uninstall one (it can very ...
by mkx
Tue Mar 26, 2024 4:36 pm
Forum: General
Topic: HW Offloading
Replies: 11
Views: 1072

Re: HW Offloading

L3HW offloading only works between if all routes reside on same bridge. It seems your WAN is on off-bridge interface sfp-sfpplus1 .
by mkx
Mon Mar 25, 2024 7:43 pm
Forum: General
Topic: How does RouterOS prioritize domain name servers?
Replies: 3
Views: 471

Re: How does RouterOS prioritize domain name servers?

Your wish goes against established operation and good practice. All configured DNS servers are supposed to return same results to any query. Hence when multiple servers are configured, then DNS client (resolver) is free to use any of them with no particular affinity. Most use one server for all quer...
by mkx
Mon Mar 25, 2024 8:39 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1831

Re: Audience different revisions showing different current tx-rates

I think it was said that min-antenna-gain depends on factory software version (or was it routerboot version? ... lately it's the same, so ...). My audience says "factory-software: 6.45.8" and "factory-firmware: 6.47.9" (which strikes me odd to see such a huge discrepancy in these...
by mkx
Mon Mar 25, 2024 8:26 am
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 960

Re: CRS317 + CRS328 - InterVLAN routing with L3HW

Are your LAN devices (in all VLANs) set up to use CRS317 as gateway?
by mkx
Sun Mar 24, 2024 3:35 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1623

Re: Where's my bottleneck?

I found one that works: 5735-5895

Beware that these high channels are recent addition and not all station devices support them.
by mkx
Sun Mar 24, 2024 3:32 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1623

Re: Where's my bottleneck?

You can't "invent" frequency settings ... so go for 5260.

Frequency setting in MT is center frequency of control channel (so if setting frequency to 5260, set band to Ceee).
by mkx
Sun Mar 24, 2024 3:28 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 127286

Re: v7.15beta [testing] is released!

Management often equals winbox connection with multiple windows open and refreshing stats.
by mkx
Sun Mar 24, 2024 3:25 pm
Forum: General
Topic: CHR or Ethernet router?
Replies: 5
Views: 664

Re: CHR or Ethernet router?

Now when you say single core CPU, the systems I have in mind will definitely have 6 cores at least, not because I have some absolute requirement but simply because they come with these and there is no way around...Since I will be using VMware Workstation pro with the CHR (if I go with it) are you s...
by mkx
Sun Mar 24, 2024 3:15 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1623

Re: Where's my bottleneck?

2.4ghz Scan shows that neighbours are well educated and mostly operate in 1-6-11 pattern. You should stick to it as well, channel 11 (2462MHz) seems slightly less loaded. And don't try to use 40MHz channel 2.4GHz band (outside deserted areas) simply doesn't have enough band width. Channel utilizati...
by mkx
Sun Mar 24, 2024 3:06 pm
Forum: Beginner Basics
Topic: What happens to an interface that is not part of any bridge?
Replies: 7
Views: 666

Re: What happens to an interface that is not part of any bridge?

On layer2 interfaces are isolated. So possibility of leaking frames is slim. If frames do leak, it's probably due to errors in configuration.

Also note that without special config, router will pass packets in all directions and L2 isolation alone can't do magic.
by mkx
Sun Mar 24, 2024 3:01 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 127286

Re: v7.15beta [testing] is released!

. . . For extras there are USB ports, SD slots, M.2 slots, mountable disks, etc. . . . On the ax2 device ? Let me quote @strods for you: Usually, if you need more, then you most likely need more powerful device. And "power", in a sense, is also ability to attach useful peripherials. In th...
by mkx
Sun Mar 24, 2024 10:55 am
Forum: SwOS
Topic: Feature suggestion - FW Upgrade availability through SNMP
Replies: 2
Views: 427

Re: Feature suggestion - FW Upgrade availability through SNMP

I recently upgraded my CSS610 to SwOS Lite 2.18 after just looking at the web gui for an unrelated thing. Had no idea there was an update available and was thinking, since the web-GUI does a check for a new version and also finds the version and release date, can this info not also become available...
by mkx
Sun Mar 24, 2024 10:48 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1831

Re: Audience different revisions showing different current tx-rates

Now I wonder if it was legit pumping a watt worth of signal into the antenna. It wasn't legit. Country regulations are limiting EIRP which includes antenna gain (and cable losses if there are any) and with antenna gain of 4.5dBi this means your Audience transmitted with EIRP of 34.5dBm (which would...
by mkx
Sun Mar 24, 2024 10:39 am
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 960

Re: VLAN switching and routing with bonds

1) Default setting is frame-types=admit-all ... so if it's not changed explicitly according to needs, it'll remain that way. 2) Do as you see fit. IMO access to management VLAN should be as restricted as possible but also depends on particular use case. 3) Bridge is (also) interface which allows ROS...
by mkx
Sat Mar 23, 2024 6:00 pm
Forum: Wireless Networking
Topic: 7.14 wifi-qcom no superchannel?
Replies: 10
Views: 1288

Re: 7.14 wifi-qcom no superchannel?

My Audience running 7.13 says about Panama: ranges: 2402-2472/36 5735-5835/30 5170-5250/30 5490-5730/24 5250-5330/24 And that's what ROS will observe. Yes, it may happen that allowed EIRP table in ROS is not correct. But also sometimes there are certain limitations (e.g. TPC) and if device doesn't c...
by mkx
Sat Mar 23, 2024 5:41 pm
Forum: Beginner Basics
Topic: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]
Replies: 35
Views: 4523

Re: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]

The goal is to reduce MSS to value which fits MTU. Because many routers don't do fragmentation (it's CPU intensive and IPv6 doesn't allow it), MSS has to be low enough to allow packets pass end-to-end. Since a working value for MTU is 1420, this translates to MSS value of 1380 (1420 minus TCP and IP...
by mkx
Sat Mar 23, 2024 3:39 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1623

Re: Where's my bottleneck?

Is there a way of running an Internet speed test directly from a RouterOS device ... ROS' own bandwidth test is a pretty CPU demanding application and is often limited due to that. So in essence it doesn't correspond to device performance (when device is used as switch/router) and frequently it doe...
by mkx
Sat Mar 23, 2024 3:31 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 127286

Re: v7.15beta [testing] is released!

It simply means that when these ARM devices were designed and released, such package did not exist yet. Neither did exist the advanced SMB (from ROSE) nor DLNA nor wireguard ... and yet you (MT) are pushing these (among other things) into base package. If anything has to be done (and I'm glad it's ...
by mkx
Sat Mar 23, 2024 12:42 pm
Forum: Wireless Networking
Topic: hAP-ax3 vs cAP ax
Replies: 11
Views: 1497

Re: hAP-ax3 vs cAP ax

Is it possible to do roaming between asus and mikrotik? If yes then maybe you could use both on different channels. As long as all security settings (and SSID) are equal, you should be able. Just beware of what "roaming" means. In answer by @erlinden, "roaming" means that statio...
by mkx
Sat Mar 23, 2024 12:22 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 127286

Re: v7.15beta [testing] is released!

For now, 16 MB are still enough for each and every device with 16 MB chip to run the system as intended for the particular model device. So you're saying that e.g. hAP ac2 was intended to offer wifi4 performance even though it's got wifi5 hardware? Because that's what one essentially gets when usin...
by mkx
Fri Mar 22, 2024 4:08 pm
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1835

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

This setting /interface/bridge/add pvid=4094 frame-types=admit-only-vlan-tagged name=bridge # Best practice don't set pvid=1 doesn't change a thing ... PVID setting is irrelevant when frame-types property is set to admit-only-vlan-tagged . In addition, it only applies to bridge CPU-facing port , not...
by mkx
Fri Mar 22, 2024 8:28 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 113
Views: 36473

Re: CCR1036 Power Supply

CCR2116 sounds a great upgrade, may i know what's the limitation, please? The price is even cheaper than my CCR1036, most important of all, any PSU failure posts about CCR2116? As I said, the switch chip.. CCR2116 can do L3 HW offload, so in certain (almost trivial?) conditions, ASIC (switch chip) ...
by mkx
Fri Mar 22, 2024 8:22 am
Forum: RouterBOARD hardware
Topic: CCR1036 temperature "issue" cause reboot.
Replies: 19
Views: 8957

Re: CCR1036 temperature "issue" cause reboot.

I checked my faulty replaced PSU with multimeter, it shows 23.6v... Marginal PSUs, which cause issues with connected devices, tend to show acceptable output voltage when idle. However, they tend to drop voltage when they are loaded. And they tend to supply voltage which is not very well regulated a...
by mkx
Fri Mar 22, 2024 8:15 am
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2397

Re: Many PSU failures in CCR1036

1. My CCR1036 is not in high demand, only a few people will connect through it, therefore, i already adjust down the CPU frequency to lower the operating temperature. However, consider the capacitor overheating theory, the heat comes from the nearby power transistors to regulate the current, it see...
by mkx
Fri Mar 22, 2024 8:04 am
Forum: Wireless Networking
Topic: cAP ac Disk Space
Replies: 4
Views: 428

Re: cAP ac Disk Space

Yup, devices with less than 32MB flash and more than 32MB RAM have their "storage root" in RAM. To verify that this is indeed true, check contents of storage root ( /file print ), if it contains folder "flash", then this scheme is in power. And upgrade packages are always downloa...
by mkx
Fri Mar 22, 2024 7:56 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1831

Re: Audience different revisions showing different current tx-rates

Setting locally on the 'offender' and then re-provisioning it, it didn't help. I am wondering why not, and is this a bug?
Probably it's a feature. After all, CAPsMAN is supposed to provision radio interfaces (to their fullest), leaving antenna gain out would be a bug I guess.
by mkx
Fri Mar 22, 2024 7:53 am
Forum: General
Topic: MASTER INTERFACE UNKNOWN
Replies: 4
Views: 613

Re: MASTER INTERFACE UNKNOWN

As the linked article says: on your device, you need basic routeros installed and optional package named "wifi-qcom". After you get these packages installed, I suggest you to reset router to factory default config. The rest of configuration is done in /interface/wifi (I believe that's WiFi...
by mkx
Fri Mar 22, 2024 7:44 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 127286

Re: v7.15beta [testing] is released!

And the "wifi-qcom-ac" can still be used on Audience and RB4011, even if it has "unneeded" drivers for IPQ-4019 since that prevent breaking folks already using wifi-qcom-ac on 16MB today. Audience has both IPQ-4018 (used as SoC and for 2.4GHz + lower 5GHz radio) and QCA9984 (for...
by mkx
Thu Mar 21, 2024 10:50 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 1944

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

The required upgrade path is expressly for in-ROS upgrade (because old ROS needs to fetch extra packages / packages with different names). Has nothing to do with installation of packages, manually uploaded to device. A gotcha though: IIRC one had to upload package files for all currently installed p...
by mkx
Thu Mar 21, 2024 10:39 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 127286

Re: v7.15beta [testing] is released!

... is necessary to have QCA9984 which is only for RB4011iGS+5HacQ2HnD-IN ...
... and for RBD25G-5HPacQD2HPnD (Audience). Admittedly Audience has flash larger than 16MB as well.
by mkx
Thu Mar 21, 2024 10:36 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 127286

Re: v7.15beta [testing] is released!

Mikrotik L009 port 1 of the switch disappears, adding the port on a bridge makes it have no HW.

Block diagram for L009 shows that ether1 is not controlled by switch chip, it is instead controlled directly by CPU. Which means that L2 HW offload is physically impossible for this port.
by mkx
Thu Mar 21, 2024 9:38 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 1944

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

I am not 100% sure you can drop both when upgrading.

It worked like this in v6 and I don't see any readon why it wouldn't work in 7.12 (or any other v7).
by mkx
Thu Mar 21, 2024 2:42 pm
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2397

Re: Many PSU failures in CCR1036

[admin@MikroTik] > system/health/print Columns: NAME, VALUE, TYPE # NAME VALUE TYPE 0 power-consumption 50.8 W CCR1036 (the CCR1036-12G-4S variant) has rated max power consumption at 60W. So the reported power consumption indicates that power supply is running at 80%+ capacity and I'd expect it to ...
by mkx
Thu Mar 21, 2024 2:09 pm
Forum: Wireless Networking
Topic: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]
Replies: 10
Views: 3112

Re: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]

I haven't tried the new capsman (yet; I only have one wave2 device running wireless at the moment), but in old capsman one could configure location of upgrade packages ... which could contain files for different architectures. And CAP upgrade would then still happen automatically. And, as @holvoetn ...
by mkx
Thu Mar 21, 2024 2:02 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1831

Re: Audience different revisions showing different current tx-rates

I'd say this means that it's possible to set antenna-gain to 0 (AFAIK default is unset which means minimum allowed value or 0 if there's no minimum) and hence you can see 5dB higher actual Tx power. If you want to "align" Tx powers between units (and to actual country regulations), then yo...
by mkx
Thu Mar 21, 2024 1:49 pm
Forum: General
Topic: CHR or Ethernet router?
Replies: 5
Views: 664

Re: CHR or Ethernet router?

Surely there are MT routers which can do IPsec with throughputs higher than 200Mbps. But only if they support appropriate HW offload functions (not all of them do). All MT routers have product pages and one of sections there is "Test results". And a part of test result page is "IPsec ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 41