Community discussions

MikroTik App

Search found 12737 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 43
by mkx
Thu Sep 12, 2024 5:43 pm
Forum: General
Topic: Adding configurations to CAPSMAN
Replies: 1
Views: 17

Re: Adding configurations to CAPSMAN

One (relatively radical) possibility is to disable/re-enable capsman on hAP ac2. It should trigger all CAP devices to re-provision (CAPs get un-provisioned if they loose connection with CAPsMAN). You can also go around CAP devices and individually disable/re-enable cap client. And probably there are...
by mkx
Thu Sep 12, 2024 5:36 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 33
Views: 4942

Re: NetMetal ax / L23-UGSR — initial feedback from specs

Well, wifi in 5GHz sucks (almost as much as 2.4GHz). According to wifi channel allocations, there are only 3 160MHz channels available: channel 50 ranging from 5170 MHz to 5330 MHz (in ROS parlance that's center frequency 5180 with Ceeeeeee channels) channel 114 ranging from 5490 MHz to 5650 MHz (th...
by mkx
Thu Sep 12, 2024 10:55 am
Forum: SwOS
Topic: smaller version of Model CRS328-24P-48+RM
Replies: 2
Views: 214

Re: smaller version of Model CRS328-24P-48+RM

I'm looking for a small version of the Model CRS328-24P-48+RM for testing configs for a customer. I don't care about speed/sfp or dual boot. I only need switch OS. Would the CRS106-1C-5S work? I couldnt find a comparison guide. Depends on how similar the testing switch should be to the "real&q...
by mkx
Thu Sep 12, 2024 10:34 am
Forum: Wireless Networking
Topic: CAPS not showing in CAPsMAN
Replies: 7
Views: 319

Re: CAPS not showing in CAPsMAN

But if there is only 1 wace2 device, why bother ? As far as info in this thread goes, @OP runs a few RBD22UGS-5HPacD2HnD (which are ac devices) and now he threw an L22UGS-5HaxD2HaxD into the mix ... which is ax device. All of these are capable of running wifi drivers (L22 only this one), so @OP wou...
by mkx
Thu Sep 12, 2024 10:28 am
Forum: Beginner Basics
Topic: Caspman Config [SOLVED]
Replies: 21
Views: 974

Re: Caspman Config [SOLVED]

If device is fully bridged it doesn't matter if ether1 and 2 are connected
Agree to that. I was just explaining to @OP why he can't manage device via ether1 if they're running factory default config (which doesn't bridge ether1 with the rest of ports AFAIK).
by mkx
Thu Sep 12, 2024 9:24 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 913
Views: 154556

Re: 📣 WinBox 4 is here 📣

Thank you for the suggestion, Amm0. Added to wishlist. Behaviour should adhere to system settings. I don't use Mac, but on Windows and Linux I prefer not to have apps groupped ... and there's system-wide setting for that both in Windows and KDE (which is what I use on Linux if I can choose). In nor...
by mkx
Thu Sep 12, 2024 9:19 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

It's been a while since my devices were pushed in storage starvation ... but I don't remember seeing anything in the log. Specially so not after reboot (since by default all logging goes into RAM and even if one set up logging to built-in flash, that would be unsuccessfull as well due to same reason).
by mkx
Thu Sep 12, 2024 9:16 am
Forum: Beginner Basics
Topic: Caspman Config [SOLVED]
Replies: 21
Views: 974

Re: Caspman Config [SOLVED]

Why can't I connect to the CAPs using Winbox from the router? Why do I have to physically go to each CAP just to apply my configuration? Because out of factory, default config for most MT models is "home router" mode ... in which first ether port (ether1) is used as WAN port and to protec...
by mkx
Thu Sep 12, 2024 9:08 am
Forum: Beginner Basics
Topic: Poor upload speeds with baby jumbo frames?
Replies: 6
Views: 338

Re: Poor upload speeds with baby jumbo frames?

While it's preferable to make MTU of all interfaces the same (i.e. 1500) and while it seems that @OPs ISP allows to play with these values, it could be that there's some segment in ISP's network which doesn't support full 1500 byte packets over PPPoE ... and fragmentation happens there (and also spe...
by mkx
Thu Sep 12, 2024 8:58 am
Forum: Beginner Basics
Topic: RSTP Scenario Question
Replies: 1
Views: 100

Re: RSTP Scenario Question

Not much to take care of. One major thing is to set priority on bridge of switch you want to use as "master" in STP hiearchy to value, lower than default (which is 0x8000) ... 0x2000 would be a safe value. This way you won't see topology changes if some switch changes its MAC address (if p...
by mkx
Thu Sep 12, 2024 8:43 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

If would be nice, if Winbox had told me about the full disk when saving a configuration.

I agree to that. AFAIK none of GUIs actually warn user about storage being depleted ...
by mkx
Wed Sep 11, 2024 10:30 pm
Forum: Wireless Networking
Topic: CAPS not showing in CAPsMAN
Replies: 7
Views: 319

Re: CAPS not showing in CAPsMAN

1. I uninstalled wireless package from CCR1036, but now I don't have an option for Capsman anymore. You do. It's under /interface/wifi (you have to use a few subtrees there from, capsman uses profiles). On devices with ac/ax radio and with wifi-qcom (or wifi-qcom-ac) drivers installed, one configur...
by mkx
Wed Sep 11, 2024 10:25 pm
Forum: Wireless Networking
Topic: hAP ax3 - Low Wireless Strength
Replies: 7
Views: 1074

Re: hAP ax3 - Low Wireless Strength

Be carefull with the fast (sponsored) answer of the Google (AI based?) search. :?
Gosh ... doesn't everybody (and their favourite pet) skip top results from search engines?
by mkx
Wed Sep 11, 2024 10:21 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

Which GUI do you use? There are WebFig (web based UI), Winbox3 (very stable) and new Winbox4 (early beta, so likely buggy) If you change detect-internet (to "none") in CLI, does it stick? And when you open that setting in GUI (which flips its setting) ... and close it without applying ... ...
by mkx
Wed Sep 11, 2024 10:15 pm
Forum: Beginner Basics
Topic: cap lite @ capsman
Replies: 3
Views: 140

Re: cap lite @ capsman

AND the hex is losing it's configuration, comments and also files I created. What is going on?! Doesn't it store those things on an internal device? Check hEX for flash utilization. If it's (almost) full, then configuration changes can get lost. But that happens after reboot, running copy of config...
by mkx
Wed Sep 11, 2024 10:12 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

When I close the dialog the value I get in the CLI is wrong again.
I just leave it at "LAN", that seems to work for me.

Why don't you change it via CLI if you've gotten that far? (big thumbs up for that!)
by mkx
Wed Sep 11, 2024 2:57 pm
Forum: Wireless Networking
Topic: hAP ax3 - Low Wireless Strength
Replies: 7
Views: 1074

Re: hAP ax3 - Low Wireless Strength

RBD53iG-5HacD2HnD = hAP AC3

How to tell a Mikrotik nerd from normal people: the former can recite product codes together with their marketing model names :wink: (while the later have to use their favourite internet search engine)
by mkx
Wed Sep 11, 2024 2:51 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

I think we can go back to "do NOT use quickset" ... if user comes to @holvoetn asking him about rules, then that user is already way past the IFs and BUTs which would potentially allow to use quickset.
by mkx
Wed Sep 11, 2024 2:39 pm
Forum: General
Topic: Adding a second /24 network troubles
Replies: 7
Views: 299

Re: Adding a second /24 network troubles

As for those two NAT rules - It's been a while since I set this up but if I remember correctly (and I can certainly test this..) without those DNS breaks and nothing resolves. From context of device config posted these rules are useless ... the TCP rule has potential to rewrite dst-port but actuall...
by mkx
Wed Sep 11, 2024 2:22 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

Avoiding it in total may be for most the wiser option. Exactly. If there were enough quickset profiles/schemes to cover like 98% of use cases, then I'd be all for quickset ... it is a corner stone for offering MT devices to people without ROS knowledge. However since many profiles are missing (and ...
by mkx
Wed Sep 11, 2024 2:14 pm
Forum: Beginner Basics
Topic: Vlan on crs125-24g-1s-2hnd-in
Replies: 4
Views: 431

Re: Vlan on crs125-24g-1s-2hnd-in

As I already hinted: does device, connected to ether7, expect tagged VLAN 200 or not? Required configuration on switch entirely depends on this "design decision". From your observation in last line of previous post it seems that device doesn't talk VLANs ... in which case you do need the i...
by mkx
Wed Sep 11, 2024 11:55 am
Forum: RouterBOARD hardware
Topic: Upgrading older Mikrotik equipment
Replies: 11
Views: 978

Re: Upgrading older Mikrotik equipment

Why would I need TWO (2) SFP? Future expansions? Or some other similar excuse. See answer to your last question. anything in particular that I should watch out for when ordering the fiber? I have seen a bunch of different ones on Amazon just not sure which one to get. Just keep in mind that general...
by mkx
Wed Sep 11, 2024 11:39 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

4. Do NOT use quickset
This one should be made rule number -1 ... or whatever takes to make it to very top of rules.
by mkx
Wed Sep 11, 2024 11:35 am
Forum: Beginner Basics
Topic: Vlan on crs125-24g-1s-2hnd-in
Replies: 4
Views: 431

Re: Vlan on crs125-24g-1s-2hnd-in

These two settings are not coherent: /interface ethernet switch egress-vlan-tag add tagged-ports =ether2, ether7 vlan-id=200 /interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=200 new-service-vid=0 ports= ether7 The first one says that VLAN 200 has to remain tagg...
by mkx
Wed Sep 11, 2024 11:23 am
Forum: General
Topic: Adding a second /24 network troubles
Replies: 7
Views: 299

Re: Adding a second /24 network troubles

I can see one problem: /ip dhcp-server network add address=10.172.13.0/24 comment=defconf dns-server=10.172.12.1 gateway=10.172.12.1 In principle, gateway address has to be within device's subnet ... so when using 10.172.13.0/24, gw address should be e.g. 10.172.13.1. Mind that DNS server address ca...
by mkx
Wed Sep 11, 2024 9:14 am
Forum: Beginner Basics
Topic: QinQ Help needed
Replies: 1
Views: 101

Re: QinQ Help needed

Quite many windows NIC drivers automatically strip off (one layer of) 802.1Q headers ... and if running wireshark on such windows machine, lack of outer header is to be expected (in case of your 'tripple header' that would be 802.1Q header with VID set to 3000). Some NIC drivers allow you to properl...
by mkx
Wed Sep 11, 2024 9:04 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

... or causes random problems (worst case). Judging from the reports I have seen on the forum, the worst case seems to be the normality... Being an optimistic guy I tend to believe that most people, who have this **** enabled, don't see any problems (so they don't report anything on this forum) ......
by mkx
Tue Sep 10, 2024 7:14 pm
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

Do yourself a favour and disable the detect internet thingy (set list to none). It's only good when one doesn't know which port is supposed to connect internet, otherwise it doesn't do anything (best case) or causes random problems (worst case). UDP flooding seems to be somewhere in between ...
by mkx
Tue Sep 10, 2024 3:41 pm
Forum: Beginner Basics
Topic: Beginner fail to port forwarding
Replies: 6
Views: 254

Re: Beginner fail to port forwarding

This combination of rules is dangerous: add action=drop chain=input comment="defconf: drop all not coming from LAN" \ disabled=yes in-interface-list=!LAN ... add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN port=2000 protocol=tc...
by mkx
Tue Sep 10, 2024 8:21 am
Forum: Beginner Basics
Topic: Network traffic gets slower, when adding vlans
Replies: 27
Views: 1006

Re: Network traffic gets slower, when adding vlans

Any reason for using "arp=proxy-arp" setting on bridge? It does somehow defeat use of VLANs (as means to separate subnets). Can you quantify the "It gets so slow, that I can hardly work anymore." statement? Although hEX is a pretty decent little device, it's not very powerful aft...
by mkx
Mon Sep 09, 2024 3:10 pm
Forum: Beginner Basics
Topic: Ax3 with POE dlink switch
Replies: 1
Views: 119

Re: Ax3 with POE dlink switch

Nope. hAP ax3 supports passive PoE-in ... with allowed voltage range between 18V and 28V. See product info: https://mikrotik.com/product/hap_ax3 Your DLink is most probably a 803.2af/at/... compliant switch which requires proper handshake between PSE (PoE switch) and PD (powered device) ... and PD h...
by mkx
Mon Sep 09, 2024 3:02 pm
Forum: General
Topic: Slow-ish upload speeds on CCR2004-16G-2S+
Replies: 15
Views: 971

Re: Slow-ish upload speeds on CCR2004-16G-2S+

I also don't see any high CPU usage, this is a screenshot while doing the upload part of a speedtest (I assume this is what you meant with profiler?):

Yup. But select "CPU: all" to see if one single core gets maxed out (CPU: total gives averages, which are useless in this case).
by mkx
Mon Sep 09, 2024 9:06 am
Forum: General
Topic: RouterOS bridge blocking traffic but not SwOS
Replies: 6
Views: 297

Re: RouterOS bridge blocking traffic but not SwOS

Are you sure you need these settings on bridge ports?
internal-path-cost=10 path-cost=10 trusted=yes
They are not set to these values in default config ... and trusted has potential to interfere with traffic.
by mkx
Mon Sep 09, 2024 9:02 am
Forum: General
Topic: www-ssl secure?
Replies: 5
Views: 335

Re: www-ssl secure?

Now, it be nice if the REST API support X.509 client certificates to avoid need to store the username/password on the calling machine, but it does not today. If remote side requires any sort of authentication, then it's necessary to store something on local side. If authentication requires username...
by mkx
Sun Sep 08, 2024 7:17 pm
Forum: RouterBOARD hardware
Topic: Upgrading older Mikrotik equipment
Replies: 11
Views: 978

Re: Upgrading older Mikrotik equipment

Not sure where you got the performance figures. The number, which seems to resemble reality the best, is listed under "Routing -> 25 ip filter tules -> 512 byte packet size". For CCR2004-16G-2S+PC it's 2767.9 Mbps. For RB5009UG+S+IN it's 3096.2 Mbps. For RB3011UiAS-RM it's 452.6 Mbps. The ...
by mkx
Sun Sep 08, 2024 5:30 pm
Forum: General
Topic: Audience Boot Loop
Replies: 2
Views: 135

Re: Audience Boot Loop

My own audience runs fine at 7.15.3. It came with v6, so I netinstalled it to one of early v7 (to get wifiwave2 drivers running). After that ordinary ROS upgrades (using ROS built-in upgrader) did things just fine. So it could be your device is somehow damaged and fit for warranty replacement (I lov...
by mkx
Sun Sep 08, 2024 5:25 pm
Forum: Beginner Basics
Topic: order of fasttrack
Replies: 3
Views: 315

Re: order of fasttrack

Exactly.
by mkx
Sun Sep 08, 2024 4:15 pm
Forum: General
Topic: www-ssl secure?
Replies: 5
Views: 335

Re: www-ssl secure?

This requires /ip/services/www-ssl to be enabled. Is there any downside? Security risk? As with every ROS service, if enabled it's important to protect it from being available too widely. And that's achieved using firewall. Default firewall allows access to (all) router services from LAN. If firewa...
by mkx
Sun Sep 08, 2024 4:07 pm
Forum: Beginner Basics
Topic: order of fasttrack
Replies: 3
Views: 315

Re: order of fasttrack

A few things to remember: firewall filter rules are evaluated from top to bottom In second case this means that fasttrack rule never gets evaluated because it's "overshadowed" by regular accept rule it's a bit of a mystery as to how fasttrack rules work. One of theories is that fasttrack r...
by mkx
Sun Sep 08, 2024 1:04 pm
Forum: RouterBOARD hardware
Topic: Upgrading older Mikrotik equipment
Replies: 11
Views: 978

Re: Upgrading older Mikrotik equipment

Both devices have ample of ports to be used as switches as well. Just beware that CRS2004 has actually 2 switches built in and traffic between both port groups passes CPU. The same is true for both SFP+ ports, tgey are handled directly by CPU. This is not the case with RB5009, all ports (including S...
by mkx
Sun Sep 08, 2024 12:55 pm
Forum: Wireless Networking
Topic: Ether: bridge port receiving packet with its own MAC address
Replies: 17
Views: 1275

Re: Ether: bridge port receiving packet with its own MAC address

... spanning trees protocols is that both RSTP and MSTP are compatible with each other so should it be the problem or part of it ? Various STP protocols may be compatible in a sense that message, created by one of those, can be processed by the others. However the way these protocols work out the h...
by mkx
Sun Sep 08, 2024 12:45 pm
Forum: General
Topic: Need some hardware recommendations for a router
Replies: 2
Views: 190

Re: Need some hardware recommendations for a router

Problems with multi-gig links are at least the following: transmitting more than 1Gbps over UTP is power-ineffective and makes transcievers hot. This is a particularly big problem with SFP+ RJ45 modules because SFP modules don't offer enough cooling. Which is then a problem when quiet operation is w...
by mkx
Sun Sep 08, 2024 12:18 pm
Forum: Wireless Networking
Topic: Ether: bridge port receiving packet with its own MAC address
Replies: 17
Views: 1275

Re: Ether: bridge port receiving packet with its own MAC address

Mixing MSTP and RSTP is at least part (if not the whole) if your problem. RSTP is not VLAN aware and blocks physical link if it detects a loop (the error message, mentioned in this thread's title, does indicate this condition), while with MSTP it's possible to distribute VLANs over multiple physical...
by mkx
Sat Sep 07, 2024 10:39 pm
Forum: Wireless Networking
Topic: Ether: bridge port receiving packet with its own MAC address
Replies: 17
Views: 1275

Re: Ether: bridge port receiving packet with its own MAC address

Try to set MAC of bridge manually ... to MAC different than any of bridge ports. For ideas about proper MAC address "invention", have a look at Universal vs. local (U/L bit) section of MAC address wikipedia article (use MAC address of one of bridge ports as a basis and apply the L bit to i...
by mkx
Sat Sep 07, 2024 10:16 pm
Forum: General
Topic: Request to upgrade SSH service in RouterOS 6.x branch
Replies: 1
Views: 212

Re: Request to upgrade SSH service in RouterOS 6.x branch

MT staff (I think it was @normis) clearly stated, that ROS v6 is feature-frozen, it'll receive only (some?) security fixes. Support for ellyptic cipher algorithms is IMO not security issue. After all, OpenSSH did not discontinue support for legacy algorithms, they were deprecated ... meaning they ar...
by mkx
Sat Sep 07, 2024 10:08 pm
Forum: General
Topic: ERR_CONNECTION_CLOSED
Replies: 4
Views: 731

Re: ERR_CONNECTION_CLOSED

You will definitely have to troubleshoot the whole path betwern API client and server. Start by running wireshark on both and compare the captured traffic. If captures are identical on both ends, then it's entirely between client and server. If they differ, tgen it's something in between that interf...
by mkx
Fri Sep 06, 2024 3:55 pm
Forum: General
Topic: Internet slow with Mikrotik router
Replies: 5
Views: 389

Re: Internet slow with Mikrotik router

Apart from making configuration as similar to default (as suggested by @tangent) ... I'd start by removing DHCP client from anything but vlan2 interface. If your router manages to obtain DHCP lease on more than one interface, it may get lost as to which default route it should use. removing vlan4 in...
by mkx
Fri Sep 06, 2024 3:23 pm
Forum: General
Topic: ERR_CONNECTION_CLOSED
Replies: 4
Views: 731

Re: ERR_CONNECTION_CLOSED

Mikrotik firewall is L4 firewall ... so it operates up to TCP/UDP - i.e. it blocks traffic passing to/from specific IP address/port combination. It does not look into contents (e.g. HTTP response codes)[*]. ROS might do something about it if you actually managed to (ab)use proxy service on ROS to se...
by mkx
Fri Sep 06, 2024 3:14 pm
Forum: General
Topic: IPv6 for SSH Tunnel Server
Replies: 13
Views: 796

Re: IPv6 for SSH Tunnel Server

When creating ssh connection to your router, define "local port forwarding" with IPv6 address of remote host. Command line example in linux would look like this: ssh 192.168.88.5 -L 20202:[fe80::ae1f:6bff:feb0:26bc]:80 The trick on OpenSSH client is to enclose the IPv6 address in square br...
by mkx
Fri Sep 06, 2024 10:40 am
Forum: Beginner Basics
Topic: LAN to LAN basics
Replies: 21
Views: 2058

Re: LAN to LAN basics

@mkx Well, I paid 1.80 for that same cable, so it costs us nothing - combined - we are still ahead, and we can even afford to pay the unjust and unfair duty the Sheriff of Nottingham just imposed on us. If we're still ahead or not depends on tax rate that Sheriff (a.k.a. @anav) is trying to charge ...
by mkx
Fri Sep 06, 2024 9:25 am
Forum: Beginner Basics
Topic: hAP ax3 Routing stopped working
Replies: 4
Views: 399

Re: hAP ax3 Routing stopped working

Did you, by any chance, click around QuickSet? Using QuickSet (part of Webfig and Winbox, the "light version of UI") is pretty dangerous if one ever configures anything outside QuickSet (many of us think that when user clicks WebFig button the first time, QuickSet button should simply disa...
by mkx
Fri Sep 06, 2024 9:22 am
Forum: Beginner Basics
Topic: Connecting 2 cAP ac to hEXs using PoE
Replies: 2
Views: 280

Re: Connecting 2 cAP ac to hEXs using PoE

No. PoE-out limit on hEX S is 500mA and if using "stock" power adapter (at 24V), that translates into 12W. Single cAP ac power consumption is rated at 12W (without attachments). Additionally, "stock" pwoer adapter is rated at 1.2A, at 24V this is 28.8W. hEX S own consumption is 6...
by mkx
Fri Sep 06, 2024 9:08 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 913
Views: 154556

Re: 📣 WinBox 4 is here 📣

Some devices simply do not support health monitoring. It's not a winbox bug! I can understand @maisondasilva where he'd like to have the "pull out" list of items invariant. So perhaps the items, not feasible for a particular connected device could be present on the list but inactive (and ...
by mkx
Thu Sep 05, 2024 8:40 pm
Forum: General
Topic: lo iface in LAN list
Replies: 11
Views: 483

Re: lo iface in LAN list

I'm pretty sure that router, when ND is enabled, sends out packets to broadcast address via all interfaces (which includes lo). And again, as I wrote, sending traffic to broadcast on lo won't yield any response. Which means that dropping such traffic doesn't do any harm. The only issue here is your ...
by mkx
Thu Sep 05, 2024 7:31 pm
Forum: General
Topic: DHCP is offered but not bound to Brother printers only [SOLVED]
Replies: 36
Views: 1673

Re: DHCP is offered but not bound to Brother printers only [SOLVED]

/interface bridge add admin-mac=48:A9:8A:XX:YY:ZZ auto-mac=no comment=defconf frame-types=admit-only-vlan-tagged name=bridge vlan-filtering=yes You can check it with either UI or by typing /interface bridge export verbose There is pvid=1 which is not exported since it's default value, but it is sti...
by mkx
Thu Sep 05, 2024 6:47 pm
Forum: General
Topic: lo iface in LAN list
Replies: 11
Views: 483

Re: lo iface in LAN list

And that traffic is being sent to broadcast address ... since only device, attached to that "network", is sender itself, it won't get any answer ... like ever. So dropping this traffic doesn't change anything. It would be different, if some service would try to connect another internal ser...
by mkx
Thu Sep 05, 2024 6:37 pm
Forum: Beginner Basics
Topic: LAN to LAN basics
Replies: 21
Views: 2058

Re: LAN to LAN basics

... VLAN1 ... leave it alone, since it costs nothing.

How can you say that not using VLAN 1 costs us nothing? I paid 1.85€ for an UTP patch cord for use with trunk connection. If I can't use VLAN 1, I'm loosing 0.00045 € due to reduced functionality !!!
by mkx
Thu Sep 05, 2024 6:21 pm
Forum: Wireless Networking
Topic: Legacy and new CAPsMan on the same x86 device
Replies: 6
Views: 809

Re: Legacy and new CAPsMan on the same x86 device

Depends on how you want it to work exactly. Fyi, legacy supports CAPsMAN forwarding, wifi-qcom(-ac) doesn't. Thanks, What I need to do is to add some ax devices in remote site and get the CAPsMAN forwarding work. Is that possibl No, capsman forwarding with new capsman is not possible. Period. You'l...
by mkx
Thu Sep 05, 2024 7:52 am
Forum: Wireless Networking
Topic: Slow WiFi [SOLVED]
Replies: 31
Views: 2203

Re: Slow WiFi [SOLVED]

I'm guessing then that we installed wifi-qcom-ac above wifi-qcom because its smaller and the settings are practically the same? Adding to post by @jaclaz: yes, you installed wifi-qcom-ac because it's smaller. And that's exactly the reason for its existence, some ac devices have the tiny 16MB flash ...
by mkx
Wed Sep 04, 2024 11:47 pm
Forum: General
Topic: TX/RX packet errors via lte rndis0 (usb)
Replies: 4
Views: 377

Re: TX/RX packet errors via lte rndis0 (usb)

You're right, coukd be a bug in android's ifconfig. Another possibility is (again android's) RNDIS stack which erroneously handles ethernet frame checksum ... but doesn't discard frame due to mismatch (could be RNDIS driver on MT to blame as well). But, as you may have guessed by now, I'm just guess...
by mkx
Wed Sep 04, 2024 4:08 pm
Forum: Beginner Basics
Topic: How communicate between router without involving WAN [SOLVED]
Replies: 7
Views: 683

Re: How communicate between router without involving WAN [SOLVED]

Shouldn't there also be 7. add ether5 on both routers to WAN interface list and remove from LAN (if present) Well, my post starts with "in a few words" :wink:. Of course actual list of things to do greatly depends on actual configuration of both routers and wanted end state (from function...
by mkx
Wed Sep 04, 2024 3:51 pm
Forum: General
Topic: TX/RX packet errors via lte rndis0 (usb)
Replies: 4
Views: 377

Re: TX/RX packet errors via lte rndis0 (usb)

Rx errors are often not detected on the other (Tx) side ... so the discrepancy in errors statistics is nothing weird. I can think of several reasons for Rx errors to happen ... ranging from "noisy" USB cable to (performance) problems in USB stack (and higher) on the android LTE device. If ...
by mkx
Wed Sep 04, 2024 3:44 pm
Forum: General
Topic: /31 through a IPSec over GRE tunnel
Replies: 7
Views: 495

Re: /31 through a IPSec over GRE tunnel

this is considered PtP addressing and works fine
Not everybody knows the name for it ... and certainly not everybody knows how to use it properly ... hence post by @TheCat12 (which is, unlike yours, useful)
by mkx
Wed Sep 04, 2024 3:32 pm
Forum: Beginner Basics
Topic: How communicate between router without involving WAN [SOLVED]
Replies: 7
Views: 683

Re: How communicate between router without involving WAN [SOLVED]

In a few words: remove ether5 from list of bridge ports on both routers assign IP addresses to ether5 on both routers. Use e.g. 192.168.42.1/30 on M1 and 192.168.42.2/30 on M2 add static routes to reach other LAN via opposite router. E.g. on M1 do /ip/route/add dst-address=192.168.1.0/24 gateway=192...
by mkx
Wed Sep 04, 2024 3:23 pm
Forum: Beginner Basics
Topic: best way to create vlan interface
Replies: 1
Views: 335

Re: best way to create vlan interface

Hey guys, i moved newly from opnsense to CHR ROs setup on proxmox, the concept of vlan seems much harder to wrap the head around. This is de-facto guide to how to VLAN on ROS: https://forum.mikrotik.com/viewtopic.php?t=143620 And, while at it, you might want to wrap your head around bridge and its ...
by mkx
Wed Sep 04, 2024 3:19 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 647
Views: 230607

Re: v7.15.3 [stable] is released!

The runtime is 20 days, and currently, the DNS cache has grown to 42,375 KiB. The DNS memory leak in RouterOS 7.15.3 is continuously occurring. Why have you set Cache size to 64MB? This. It's not a memory leak if service uses up to amount of RAM assigned. In this particular case, even if some DNS c...
by mkx
Wed Sep 04, 2024 3:13 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 235
Views: 79472

Re: v7.16rc [testing] is released!

... on 1 cap AC using wifi-qcom-ac driver...

Oddly enough, no such issue on ac2 with exact same config (same RAM amount so why ??).
hAP ac2 has 3 more ethernet ports, so more buffer on switch chip is in use ... perhaps that's a life saver? LOL
by mkx
Tue Sep 03, 2024 5:49 pm
Forum: SwOS
Topic: Configure SwOS as fully Unmanaged for SonicWALL HA
Replies: 1
Views: 566

Re: Configure SwOS as fully Unmanaged for SonicWALL HA

VLAN and "fully unmanaged" don't go together in same sentence.

The closest to fully unmanaged switch MT switch can get (both SwOS and ROS) is default switch config with xSTP fully disabled (both globally and per-port).
by mkx
Tue Sep 03, 2024 4:11 pm
Forum: Beginner Basics
Topic: Amazon Firestick issues
Replies: 8
Views: 732

Re: Amazon Firestick issues

If i connect directly to my ISP's router the firesticks (2) will work but not if behind the mikrotik

Sometimes wifi stations cache connection failures and refuse even to try to reconnect to AP with MAC remembered as "problematic".
by mkx
Tue Sep 03, 2024 9:17 am
Forum: General
Topic: netinstall ethernet port of hap ax3?
Replies: 4
Views: 390

Re: netinstall ethernet port of hap ax3?

I'll stick with v7, I believe it's v7.15.3. I don't see v7.5 on routeros download page. On v7 it's generally safest to stick to latest stable release. Indeed there are some problems with newest versions on certain devices and then it's wise to run slightly older (e.g. some people have some problems...
by mkx
Mon Sep 02, 2024 7:10 am
Forum: Wireless Networking
Topic: Wireless interference between devices in close vicinity
Replies: 17
Views: 998

Re: Wireless interference between devices in close vicinity

The problem is power pre-amplifier (PPA) in receive path and its automatic gain control. It gas to amplufy analog received signals so that they enter the analog-digital converter at certain level. The problem is that PPA doesn't know the exact frequency used and amplifies the whole 2.4GHz band ... i...
by mkx
Sun Sep 01, 2024 10:32 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1457

Re: Newbie Configuration-RB3011UiAS

It seems that DHCP parameters are not meant to be received from both VLANs by the same routing instance. So now the question: what's the intended layout of your LAN devices (including VoIP devices)? I don't have VoIP, but my ISP delivers IPTV over tagged and multicast. It is possible to terminate th...
by mkx
Sun Sep 01, 2024 9:11 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1457

Re: Newbie Configuration-RB3011UiAS

10.50.131.150 does not fit into 10.126.0.0/17 (this one covers range 10.126.0.1 - 10.126.127.254) but you don't have any specific router which would match better than default via pppoe internet interface. You can try to add a route towards 10.50.131.150. Ideally you'd use some gateway address (which...
by mkx
Sun Sep 01, 2024 7:16 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 913
Views: 154556

Re: 📣 WinBox 4 is here 📣

I have a problem with czech diacritics. In older version, was all good, but now I can see this: ? and corect is: č So new version doesn't know this diacritics. ěščřžýáíé and write only this ?????? Can you repair this bug, please? Thank you It's probably bug due to not handling non-ASCII characters ...
by mkx
Sun Sep 01, 2024 6:56 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1457

Re: Newbie Configuration-RB3011UiAS

PPPoE is a bit nifty for IPv6. One thing is that you don't need to request address from DHCPv6 server, only prefix. (Doesn't hurt requesting one, but it's useless) Another thing is that DHCPv6 server on ROS is not very useful, it can't hand out addresses (only prefixes). Alas, in IPv6 there are Rout...
by mkx
Sun Sep 01, 2024 5:11 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1457

Re: Newbie Configuration-RB3011UiAS

Is there perhaps a .fwf file lying around in files area? It's either this or a bug in firmware handling in 7.16rc4 ... I don't have any other explanation for the routerboard anomaly. In any case, having "current firmware" version same as running ROS version js a good sign and you should no...
by mkx
Sun Sep 01, 2024 3:06 pm
Forum: Beginner Basics
Topic: Newbie Configuration-RB3011UiAS
Replies: 10
Views: 1457

Re: Newbie Configuration-RB3011UiAS

Post full config .. from terminal window execute /export filename=anynameyouwish , fetch resulting file, open it in your favourite text editor, redact any renaining srbsitivevdara (serial number, passwords, etc.) and post it inside [ code] [/code] tag pair. Also post output of /system/routerboard/pr...
by mkx
Sun Sep 01, 2024 3:00 pm
Forum: Beginner Basics
Topic: VLAN not working on CRS305-1G-4S+
Replies: 5
Views: 462

Re: VLAN not working on CRS305-1G-4S+

The setting for sfp-sfpplus2 (under bridge/port) lacks setting of PVID ... and default is PVID=1 ... OTOH it's set as untagged for VLAN 50 ... so you have a discrepancy here.
by mkx
Sun Sep 01, 2024 1:13 pm
Forum: Beginner Basics
Topic: Firewall Address List enhancement
Replies: 5
Views: 458

Re: Firewall Address List enhancement

If using webfig, then you have to create a new list when adding first address to it: IP -> firewall -> address lsits -> add new ... in the list field, don't select existing list from a drop down lsit, but rather type in name of new list. Also add (the first) address ... and click apply (or OK). For ...
by mkx
Sun Sep 01, 2024 1:04 pm
Forum: Beginner Basics
Topic: VLAN not working on CRS305-1G-4S+
Replies: 5
Views: 462

Re: VLAN not working on CRS305-1G-4S+

Unless bridge has vlan-filtering=yes set, all VLAN-related settings on bridge and member ports are ignored (this includes PVID setting).
by mkx
Sat Aug 31, 2024 11:19 pm
Forum: Wireless Networking
Topic: RB911G-5HPnD (2 x ant, WIFI4) VS. hAP ac lite (1 x ant, WIFI5)
Replies: 7
Views: 551

Re: RB911G-5HPnD (2 x ant, WIFI4) VS. hAP ac lite (1 x ant, WIFI5)

They cost roughly the same....which would be the best solution? Apart from suggestions for some more modern device ... base RB911 is only a board. You need a case (list price $15), power adapter (price around $10), antenna pigtails and antennae them selves (price for all together probably around $2...
by mkx
Sat Aug 31, 2024 9:23 pm
Forum: Beginner Basics
Topic: Bridge VLAN Filtering & Firewall [SOLVED]
Replies: 11
Views: 898

Re: Bridge VLAN Filtering & Firewall [SOLVED]

So you have 3 VLAN interfaces /interface/vlan add interface=bridge1 name=vlan88 vlan-id=88 add interface=bridge1 name=vlan10 vlan-id=10 add interface=bridge1 name=vlan20 vlan-id=20 and you have appropriate IP addresses set on all 3 vlan interfaces. Now device will route traffic between the 3 subnets...
by mkx
Sat Aug 31, 2024 9:09 pm
Forum: General
Topic: executing script from winbox failed, please check it manually
Replies: 13
Views: 1705

Re: executing script from winbox failed, please check it manually

I can't be certain, but you wrote: So I checked my Dude setup and, after *a lot* of testing, I found that I had a function for checking the number of capsman clients that was using a call for the previous version of capsman. If I understand this correctly, then it's not a script, configured in ROS d...
by mkx
Sat Aug 31, 2024 8:21 pm
Forum: General
Topic: Slow-ish upload speeds on CCR2004-16G-2S+
Replies: 15
Views: 971

Re: Slow-ish upload speeds on CCR2004-16G-2S+

If observing CPU usage under system resources ... that one is average and single-core tasks won't trigger it to go very high (depending on number of CPU cored in your device). It's better to run CPU profiler to see, if one of CPU cores gets pegged and which process causes it.
by mkx
Sat Aug 31, 2024 3:53 pm
Forum: Wireless Networking
Topic: Upgraded brand new nRAY 60G master and lost all signs of W60G radio
Replies: 7
Views: 1637

Re: Upgraded brand new nRAY 60G master and lost all signs of W60G radio

Why the good Mikrotik guys like to potentially alienate a number of their customers over the lack of a copy-paste on each post 7.12.x release docs a single sentence *like*: Yes. But until when? For me this is already obsolete news, all of my devices, which deserve running v7, are already past 7.13....
by mkx
Sat Aug 31, 2024 2:04 pm
Forum: General
Topic: Slow-ish upload speeds on CCR2004-16G-2S+
Replies: 15
Views: 971

Re: Slow-ish upload speeds on CCR2004-16G-2S+

How would I go about trying to enable fasttrack and see if that works? It's a firewall filter rule ... like this one: /ip/firewall/filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack" Since firewall filters are processed to...
by mkx
Sat Aug 31, 2024 10:27 am
Forum: Wireless Networking
Topic: Upgraded brand new nRAY 60G master and lost all signs of W60G radio
Replies: 7
Views: 1637

Re: Upgraded brand new nRAY 60G master and lost all signs of W60G radio

This is an absolute joke. To me, your post is joke. Mikrotik''s suggested way of upgrading ROS on devices is to execute ROS-builtin package updater. And this way works just fine. Sure there are other ways of doing it (dropping manually selected package files to device, netinstall), but whrn those w...
by mkx
Fri Aug 30, 2024 11:09 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 33
Views: 4942

Re: NetMetal ax / L23-UGSR — initial feedback from specs

can the frequency be selected with 5mhz step like in non-ax chips, or must follow strict "wifi channels" frequencies? It seems that it requires using proper channel frequencies. Just tried to set frequency to 5205 on my Audience (runing wifi-qcom-ac). CLI does allow to set it, but interfa...
by mkx
Fri Aug 30, 2024 10:53 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 913
Views: 154556

Re: 📣 WinBox 4 is here 📣

As long there is a workspace with 🪟 ...
Many datacenters don't ... in which case the box part kocks in.
by mkx
Fri Aug 30, 2024 10:40 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 913
Views: 154556

Re: 📣 WinBox 4 is here 📣

If only you'd taken the opportunity to change that meaningless (if not entirely misleading) name, now that its Windoze shackles are finally off :)

Indeed. And here's my suggestion: ROSman
by mkx
Fri Aug 30, 2024 3:47 pm
Forum: General
Topic: New RB device password in digital form?
Replies: 3
Views: 388

Re: New RB device password in digital form?

... at least we have our own default config and password (which is unfortunately still shown in the /system/default-configuration/print). Isn't the default config only shown to user with administrative rights? That is so on my devices. And probably the reason for restriction is exactly this ... So ...
by mkx
Thu Aug 29, 2024 9:08 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1212

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Though it seems to be working better, VLAN assignment on the wifi-qcom-ac seems to be broken: Yup, that's a known "feature" of wifi-qcom-ac ... the only way to get its interfaces part of a VLAN is to use vlan-enabled bridge and set appropriate PVID to each of wifi interfaces (real and vir...
by mkx
Thu Aug 29, 2024 7:23 pm
Forum: General
Topic: How to Stop the DNS server and free port 53 [SOLVED]
Replies: 7
Views: 659

Re: How to Stop the DNS server and free port 53 [SOLVED]

It's not strictly necessary to "free port 53" ... DST-NAT (which is required to send traffic to different server) is one of early stages of packet processing ... only at later stage packet gets delivered to router's own service if destination address remains same as one of router's own IP ...
by mkx
Thu Aug 29, 2024 6:52 pm
Forum: Beginner Basics
Topic: Default SOHO Firewall Rules
Replies: 10
Views: 714

Re: Default SOHO Firewall Rules

.. it is hard to say what you did. I just had a quick glance at the page ... the first chapter is titled "Remove all configuration:" .. which makes me turn away from this thread. If @OP follows such a "cook book", then he should trust the author of the cookbook and discuss any m...
by mkx
Thu Aug 29, 2024 6:47 pm
Forum: Beginner Basics
Topic: Untagged access with VLAN filtering - should Bridge be tagged or untagged ? [SOLVED]
Replies: 5
Views: 556

Re: Untagged access with VLAN filtering - should Bridge be tagged or untagged ? [SOLVED]

As both variants, if properly set up, work, it's not possible to say which one is right and which one is wrong. It's a matter of personal taste. My way is this: as soon as I start with VLANs, I go with all-tagged within LAN infrastructure. Which includes connections between LAN devices (switches, ro...
by mkx
Thu Aug 29, 2024 6:24 pm
Forum: General
Topic: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]
Replies: 16
Views: 1212

Re: CAPsMAN, RB4011-RB960PGS-cAP AX/wAP ac [SOLVED]

Another difference I notice is that you have switch1-cpu added to all your /interface ethernet switch vlan If using /interface/ethernet/switch config subtree for wired VLANs, then it's necessary to add all VLANs, somehow handled by CPU, to switchX-cpu switch port . Which includes VLANs for wifi int...
by mkx
Thu Aug 29, 2024 7:34 am
Forum: General
Topic: Wireless on HAP AC2
Replies: 3
Views: 372

Re: Wireless on HAP AC2

1. Since v7, there are two dtivers for wifi hardware: legacy wireless and new wifi ... New ax hardware is only supported by wifi drivers, pre-ac hardware is only supported by wireless. Ac hardware (including hAP ac2) is supported by either driver, but default being wireless (due to legacy reasons). ...
by mkx
Thu Aug 29, 2024 7:18 am
Forum: Beginner Basics
Topic: RouterOS config VLAN/segmentation [SOLVED]
Replies: 4
Views: 685

Re: RouterOS config VLAN/segmentation [SOLVED]

The new one is able to hardware accelerate more then one bridge and my problems have ceased.

Which is the "new modil" that can HW offload more than ond bridge? AFAIK there are models that could do it, but with series of gotchas ... so I wonder.
by mkx
Wed Aug 28, 2024 9:06 pm
Forum: Beginner Basics
Topic: HAP AX2 / AX3 Vlan settings [SOLVED]
Replies: 3
Views: 558

Re: HAP AX2 / AX3 Vlan settings [SOLVED]

So can HAP AX2 / AX3 be configured with Bridge VLAN Filtering (even without HW) - will they work with such configuration ? Will HAP AX2 be enough CPU power for that or better to buy AX3 for VLANs without HW? Yes and yes. And no, there is no other way of configuring VLANs on hAP ax2. My experience w...
by mkx
Wed Aug 28, 2024 4:00 pm
Forum: Beginner Basics
Topic: Upgraded from Ros6 to Ros7 and cant identify router anymore [SOLVED]
Replies: 2
Views: 378

Re: Upgraded from Ros6 to Ros7 and cant identify router anymore [SOLVED]

Your SXT should work fine with v7. There's a gotcha when netinstalling v7: you have to install optional package wireless, since 7.13 none of wireless driver packages are parts of base package (routeros). There are some funny details when it comes to netinstall ... e.g. sometimes some certain version...
by mkx
Wed Aug 28, 2024 12:15 pm
Forum: Wireless Networking
Topic: NV2 on AX
Replies: 6
Views: 991

Re: NV2 on AX

I understand AX does not allow for NV2, but the radios does also support AC and N and i would think it possible to port NV2 at least for these standards that is compattable with NV2. AFAIK it's not radio hardware in AX devices which is incompatible with NV2, it's drivers issue: on AX devices it's o...
by mkx
Wed Aug 28, 2024 12:02 pm
Forum: General
Topic: (2) Different RB5009.. Different Max entries for conn tracking
Replies: 2
Views: 378

Re: (2) Different RB5009.. Different Max entries for conn tracking

It is possible that the one (or the other) Ros version and/or the one or the other configuration takes up a little bit or a little more RAM ... ... and that's what I'd expect to see when both (identical) devices run different versions of ROS. The next question is whether they both have identical se...
by mkx
Tue Aug 27, 2024 5:59 pm
Forum: Beginner Basics
Topic: hAP ac3 NAT forwarding issues [SOLVED]
Replies: 9
Views: 1166

Re: hAP ac3 NAT forwarding issues [SOLVED]

You already have implemented the first rule (two in your case, one per port). You still need the second one (one will cover all the dst-nat rules), but with correct addresses ... You can actually make it even more general and it likely won't bite your back: /ip firewall nat add action=masquerade cha...
by mkx
Tue Aug 27, 2024 3:44 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11035

Re: Default password Frustration

OT: You can't imagine what happens when you have to block DNS by law and use your own... Do you know how many Chinese things call home?... Korean things as well (I've got a Samsung smart TV which is constantly trying to call home). And probably things conceived elsewhere as well (I don't believe th...
by mkx
Tue Aug 27, 2024 3:38 pm
Forum: General
Topic: VLAN and Passthrough
Replies: 3
Views: 402

Re: VLAN and Passthrough

Apart from understanding the topic, mentioned by @erlinden, the only issue is to make a modem pass-trough configuration in each of RBM33G ... each using different VLAN ID for its "modem traffic" (article, linked below, uses plain ethernet port as passthrough interface, I guess you can crea...
by mkx
Tue Aug 27, 2024 3:31 pm
Forum: General
Topic: How to predefine hostnames for DHCP leases?
Replies: 9
Views: 807

Re: How to predefine hostnames for DHCP leases?

At least some really widely used one support this indeed: - ISC DHCP by using a "host" declaration - see https://kb.isc.org/docs/isc-dhcp-41-manual-pages-dhcpdconf From the cited document: It should be noted here that most DHCP clients completely ignore the host-name option sent by the DH...
by mkx
Tue Aug 27, 2024 3:24 pm
Forum: General
Topic: Seperate multiple public IPs to different devices [SOLVED]
Replies: 10
Views: 1201

Re: Seperate multiple public IPs to different devices [SOLVED]

As long as you can pull additional IP address (e.g. using MACVLAN interface), you can use that additional IP address simply for NAT ... both dst-nat (i.e. public clients can connect to secondary_address:port and those connections get NATed to internal server) and src-nat (for server's outgoing conne...
by mkx
Tue Aug 27, 2024 10:52 am
Forum: General
Topic: Can't access a single website
Replies: 12
Views: 719

Re: Can't access a single website

In another words - been there, seen that.

OMG Sindy, you're truly one of a kind. The rest of us would be "been there, done that."
by mkx
Tue Aug 27, 2024 10:51 am
Forum: General
Topic: IPv6 routing using VLANs [SOLVED]
Replies: 27
Views: 1401

Re: IPv6 routing using VLANs [SOLVED]

IPv6 addresses are set without prefix length, they should have /64 included. Without it, it's taken to be /128 (just like in IPv4 it's assumed to be /32). This also caught my eye so I've made a test, and the default behavior in IPv6 indeed differs from the one in IPv4, at least in 7.15.3: That's in...
by mkx
Tue Aug 27, 2024 10:48 am
Forum: Beginner Basics
Topic: Change internet port - RB2011UiAS-RM
Replies: 4
Views: 482

Re: Change internet port - RB2011UiAS-RM

Your setup currently uses ether2, ether3 and ether4 in a "switch group" for LAN purpose. Your setup also uses ether6 as WAN interface. The rest of ports seem to not be in use, but there are some remains of config (it seems that ether5 was used as WAN interface in some past). I'd use ether5...
by mkx
Tue Aug 27, 2024 6:58 am
Forum: General
Topic: IPv6 routing using VLANs [SOLVED]
Replies: 27
Views: 1401

Re: IPv6 routing using VLANs [SOLVED]

In @kobuki's configuration there's an error in LAN interface setting: IPv6 addresses are set without prefix length, they should have /64 included. Without it, it's taken to be /128 (just like in IPv4 it's assumed to be /32).
by mkx
Mon Aug 26, 2024 7:45 pm
Forum: Wireless Networking
Topic: Wireless AC & AX - CAPsMAN - FT with connect-priority
Replies: 20
Views: 1552

Re: Wireless AC & AX - CAPsMAN - FT with connect-priority

... and the 2024 award for the most inaccurate package name goes to ... :lol: Actually it shouldn't surprise us. After all, we have a thread, dedicated to the meaning of "C" in names of certain product families (and discussion about "R" in name of certain product family is not f...
by mkx
Mon Aug 26, 2024 6:55 pm
Forum: Wireless Networking
Topic: Wireless AC & AX - CAPsMAN - FT with connect-priority
Replies: 20
Views: 1552

Re: Wireless AC & AX - CAPsMAN - FT with connect-priority

And this new MikroTik ROSE... "MikroTik Enterprise" WHY?! Sorry, but ROSE is clearly not enterprise feature ... every decent enterprise will have some kind of specialized NAS or SAN ... probably any QNAP, Synology or <insert name of your favourite low-cost NAS vendor here> will do better ...
by mkx
Mon Aug 26, 2024 6:50 pm
Forum: Wireless Networking
Topic: PtP wirless bridge with 2 x cAP AC (performance) [SOLVED]
Replies: 11
Views: 1074

Re: PtP wirless bridge with 2 x cAP AC (performance) [SOLVED]

I do not expect to get theoretical 867 Mbit/s but I have expected something around 300Mbit/s. I have merely half of it. With legacy wireless driver in use, it's impossible to get more than around half of theoretical throughput ... in ideal radio conditions (that would be around 430Mbps). And then n...
by mkx
Mon Aug 26, 2024 6:38 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 64
Views: 21348

Re: Wi‑Fi 7 / 802.11be

The problem with roadmaps is that after you publish dates, you damn well stick to them. My impression is that MT has hard time when negotiating with manufacturers of MT's designs (because, let's face it, MT is a small vendor compared to some other well known low-end brands). And it might be that MT'...
by mkx
Mon Aug 26, 2024 6:26 pm
Forum: Beginner Basics
Topic: VLAN traffic in interface list [SOLVED]
Replies: 2
Views: 504

Re: VLAN traffic in interface list [SOLVED]

I have a Mikrotik Hex S, on its 4th and 5th port I have 2 Trunk ports (vlans 8, 100, 200, 999). The configuration of the vlans is done through Bridge. My question is why it is not showing me traffic on a particular VLAN in the interfaces? Is it because the switch-chip is taking care of it? Correct,...
by mkx
Mon Aug 26, 2024 6:16 pm
Forum: Beginner Basics
Topic: Change internet port - RB2011UiAS-RM
Replies: 4
Views: 482

Re: Change internet port - RB2011UiAS-RM

Post current config in full: open terminal window execute /export file=anynameyouwish hide-sensitive (the last command line option is necessary in ROS v6, in v7 that's default copy resulting file over to your management computer open it using favourite text editor, redact any remaining sensitive dat...
by mkx
Mon Aug 26, 2024 9:11 am
Forum: General
Topic: How to revert srcnat pre-routing instead of post-routing?
Replies: 3
Views: 371

Re: How to revert srcnat pre-routing instead of post-routing?

Probably you don't have to set protocol=tcp src-address=10.227.4.10 src-port=443 in mark-routing configuration ... if you properly apply connection mark. You'd probably have to add the route to 10.227.4.0/24 to the alternative routing table though to allow forward packets to reach their destination....
by mkx
Mon Aug 26, 2024 9:01 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11035

Re: Default password Frustration

There is no "initial connection" to change password. They never connect to it. Perhaps devices should ship with default config with internet connection (whichever it is) disabled. This would force users to connect at least once. During this initial connection, user would be forced to set ...
by mkx
Mon Aug 26, 2024 8:53 am
Forum: General
Topic: How to revert srcnat pre-routing instead of post-routing?
Replies: 3
Views: 371

Re: How to revert srcnat pre-routing instead of post-routing?

You have to mark connections, coming in via WAN2 ... then use connection mark to set routing mark ... and then use that routing mark to use alternate routing over WAN2 interface. Yes, it has to be connections marked, so that return packets (belonging to same connection) will get properly marked for ...
by mkx
Sun Aug 25, 2024 2:36 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11035

Re: Default password Frustration

Maybe ETSI TS 103 645? This is ETSI standard, not EC legislation. Standards may get into legislation (in which case laws/rules/directives/... don't have to go into technical details but rather refer to certain standard), but without some kind of regulation they are not mandatory. So my rant about E...
by mkx
Sun Aug 25, 2024 1:53 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11035

Re: Default password Frustration

The problem with EC legislation is that there are two kinds (actually there are more, but in this case two are relevant): regulations and directives. Regulations apply in all member states immediately after they enter in force, equally in whole EU. Directives, however, need to be transposed into nat...
by mkx
Sat Aug 24, 2024 3:56 pm
Forum: Wireless Networking
Topic: HAP AX2 no connection to CAPsMAN
Replies: 10
Views: 627

Re: HAP AX2 no connection to CAPsMAN

wave2 CAPsMAN settings are shared with local wifi settings (if device supports it and has one of wifi-qcom* packets installed) under /interface/wifi ... and you have to configure things using corresponding profiles (i.e. under ./channel/, ./security/, etc.). All devices, running ROS 7.13 and newer, ...
by mkx
Sat Aug 24, 2024 11:54 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11035

Re: Default password Frustration

I often like to cite the checklist on the original instruction manual of the Volkswagen T1: It's a very good checklist, too good to be useful nowdays. The thing is that when some kind of engineering marvel hits the mass market, everyone is wary of new thing and have to learn how to properly use it....
by mkx
Sat Aug 24, 2024 11:46 am
Forum: Virtualization
Topic: Admin user permissions issue with new CHR install on proxmox
Replies: 5
Views: 684

Re: Admin user permissions issue with new CHR install on proxmox

It seems that @OP created another user System with full permissions. So he has to use that user to perform certain tasks. Which is exactly the point of creating non-default user with full permissions (as means of strenghtening security of a device).
by mkx
Sat Aug 24, 2024 9:10 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11035

Re: Default password Frustration

"Password after reset that is printed on the device." - Devices are sometimes in public area's, like CUBE 60 are. - Password versus box table is stored in distributed databases. Those who are genuinely concerned about device security (I'm pretty sure you are as are most regulars on this f...
by mkx
Fri Aug 23, 2024 8:48 pm
Forum: RouterBOARD hardware
Topic: XS+DA001 don't work on RB3011 to CSS610
Replies: 1
Views: 290

Re: XS+DA001 don't work on RB3011 to CSS610

Direct attach cable generally only works when interfaces on both ends are the same generation, i.e. both are SFP (1Gbps) or both are SFP+ (10Gbps) or both are SFP28 (25Gbps). Sometimes it's possible to use DAC even if interfaces are different ... if both devices dupport setting interface rate manual...
by mkx
Fri Aug 23, 2024 8:34 pm
Forum: Beginner Basics
Topic: VLANs for home network - do I need changes ? [SOLVED]
Replies: 9
Views: 1025

Re: VLANs for home network - do I need changes ? [SOLVED]

Sorry, one more thing: Yes, this one ... unset default-vlan-id (i.e. set it to "auto") which will make CPU port (i.e. bridge) tagged for VLAN 88 as well. but I have only untagged traffic for VLAN88 - how does this "auto" setting set VLAN88 in such case - I thought that default-v...
by mkx
Fri Aug 23, 2024 2:28 pm
Forum: Beginner Basics
Topic: VLANs for home network - do I need changes ? [SOLVED]
Replies: 9
Views: 1025

Re: VLANs for home network - do I need changes ? [SOLVED]

/interface ethernet switch port set switch1-cpu vlan-mode=secure vlan-header=leave-as-is default-vlan-id=88 Yes, this one ... unset default-vlan-id (i.e. set it to "auto") which will make CPU port (i.e. bridge) tagged for VLAN 88 as well. 2. Can I use only VLANs (without bridge or ether i...
by mkx
Fri Aug 23, 2024 11:40 am
Forum: Beginner Basics
Topic: VLANs for home network - do I need changes ? [SOLVED]
Replies: 9
Views: 1025

Re: VLANs for home network - do I need changes ? [SOLVED]

The config is more or less fine. I have things configured only slightly differently on my RB951G, something like this: /interface ethernet switch port set ether2 vlan-mode=secure vlan-header= always-strip default-vlan-id=88 set ether3 vlan-mode=secure vlan-header= always-strip default-vlan-id=88 set...
by mkx
Fri Aug 23, 2024 6:51 am
Forum: Beginner Basics
Topic: Microtik hotspot with Wavlink AC1200 in mesh mode
Replies: 5
Views: 700

Re: Microtik hotspot with Wavlink AC1200 in mesh mode

Can you configure first wavelink as AP in mesh mode? Configuring it as router (mesh mode or not) is what causes all devices behind it to appear as wavelink to MT. As long as it's possible to mesh wireless and wired ports this should be possible ... even more, all mesh nodes can be set-up equally, bu...
by mkx
Thu Aug 22, 2024 9:57 pm
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 911

Re: LHG-60G firmware update issue

... total HDD space is 15.3 MiB and free HDD space is 4296 KiB. Since ROS is about 12.3 MiB by itself without packages, normal upgrade does not seem possible. How exactly are you trying to upgrade ROS and what exactly does log say after it fails to upgrade? How exactly are you uploading the npk fil...
by mkx
Thu Aug 22, 2024 9:52 pm
Forum: General
Topic: Packages upgrade in ’station bridge’ mode
Replies: 6
Views: 469

Re: Packages upgrade in ’station bridge’ mode

The default route setting on station brdige is wrong. It should be like this: /ip route add distance=1 gateway=192.168.88.1 Using interface name as gateway doesn't work too well for non-PtP interfaces. Other problems on station-bride device: you shouldn't run DHCP server on station bridge, DHCP serv...
by mkx
Thu Aug 22, 2024 8:46 pm
Forum: General
Topic: Packages upgrade in ’station bridge’ mode
Replies: 6
Views: 469

Re: Packages upgrade in ’station bridge’ mode

If station bridge device can ping your gateway, then it should be able to connect beyond gateway if default route is configured properly (and gateway doesn't block it somehow). You can post full config of station bridge device (in terminal window execute /export file=anynameyouwish hide-sensitive - ...
by mkx
Thu Aug 22, 2024 8:32 pm
Forum: General
Topic: Packages upgrade in ’station bridge’ mode
Replies: 6
Views: 469

Re: Packages upgrade in ’station bridge’ mode

Is there some particular setup needed on the ‘station bridge’ to get internet connectivity for the RouterOS on that wAP AC itself? Or is it possible at all in this mode?
Nothing special, just IP address, default route and DNS server address ... just like any other IP device in your network.
by mkx
Thu Aug 22, 2024 8:25 pm
Forum: General
Topic: On pluging in Internet cable goes in to bootloop.
Replies: 1
Views: 277

Re: On pluging in Internet cable goes in to bootloop.

On MT devices it's possible to use any port as WAN port. Reconfiguration is not trivial, but not too hard either.

Port, marked as internet, is on hEX special because it's PoE in as well ... so it's slightly different than the rest of ports. Perhaps this makes it more sensible to voltage surges?
by mkx
Wed Aug 21, 2024 4:34 pm
Forum: Wireless Networking
Topic: configuration.distance in wifi-qcom package
Replies: 3
Views: 429

Re: configuration.distance in wifi-qcom package

In PtMP setups you can have different values on different nodes: The value should reflect the distance to the AP or station that is furthest from the device. So on hub node (PtMP AP) you need to have e.g. 3km, on station nodes whatever needed (on the farthest node 3km, on nearer nodes something lowe...
by mkx
Wed Aug 21, 2024 4:16 pm
Forum: Beginner Basics
Topic: hAP ac3 NAT forwarding issues [SOLVED]
Replies: 9
Views: 1166

Re: hAP ac3 NAT forwarding issues [SOLVED]

add action=dst-nat chain=dstnat comment="Apache 80" dst-address=<PUBLIC IP> \ protocol=tcp src dst -port=80 to-addresses=192.168.88.22 to-ports=80 add action=dst-nat chain=dstnat comment="Apache 443" dst-address=\ <PUBLIC IP> protocol=tcp src dst -port=443 to-addresses=192.168.8...
by mkx
Wed Aug 21, 2024 11:40 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11035

Re: Default password Frustration

But as you probably understand: It is the responsibility of the customer or the customer's representative (the tech) to config the devices properly. A parallel from transportation industry: it's drivers' responsibility to avoid other parties in traffic. But this didn't work too well after a short w...
by mkx
Wed Aug 21, 2024 11:13 am
Forum: Beginner Basics
Topic: Create my first Mikrotik Network
Replies: 33
Views: 1915

Re: Create my first Mikrotik Network

So I would leave hAP ac2 ... Personally I'd avoid using any of ARM devices with 16MB flash space as "core" router ... because 16MB is tight specially when running ROS v7 (and eventually we all will run it). I know that with recent ROS version one can completely remove any of wireless driv...
by mkx
Wed Aug 21, 2024 10:28 am
Forum: Beginner Basics
Topic: hAP ac3 NAT forwarding issues [SOLVED]
Replies: 9
Views: 1166

Re: hAP ac3 NAT forwarding issues [SOLVED]

So we're guessing ... until @OP provides exported config as per instructions in post by @rplant ... I'm guessing that the "dst-address" property setting (which seems to be set, but @OP blacked it out) is wrong. The thing with DST-NAT is that dst-address property normally doesn't have to be...
by mkx
Mon Aug 19, 2024 5:03 pm
Forum: General
Topic: MAC Filter in Bridge 7.11.2 [SOLVED]
Replies: 2
Views: 615

Re: MAC Filter in Bridge 7.11.2 [SOLVED]

The bridge is offloaded to hardware switch chip (MT7621) ... which according to switch chip features table doesn't support rules. So if you want your bridge filter rules to actually work, you have to disable HW offload ... on all bridge ports set hw=no . This will, alas, cause all traffic to pass vi...
by mkx
Sat Aug 17, 2024 11:53 am
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 911

Re: LHG-60G firmware update issue

Almost seems like I need to manually increase the size of the Flash/directory so that it can hold more capacity for an update to be processed. That way remote updates could be feasible again. Does that sound correct to you? No. I'm pretty sure that flash disk is at its maximum (15.something MB) and...
by mkx
Fri Aug 16, 2024 11:25 pm
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 911

Re: LHG-60G firmware update issue

Any other thoughts? No, not without (near) hands-on diagnosis. It might be, that netinstall will be necessary ... yeah, I'd hate it too, but sometimes there's some hidden trash which can only be cleaned using netinstall ... and after that, drvice is healthy and ready for series of normal upgrades.
by mkx
Fri Aug 16, 2024 8:37 pm
Forum: Beginner Basics
Topic: IP and Routing: SFP GPON Module WebUI access [SOLVED]
Replies: 14
Views: 5840

Re: IP and Routing: SFP GPON Module WebUI access [SOLVED]

Just add sfp-sfpplus1 interface to WAN interface list:
/interface list member
add comment=defconf interface=sfp-sfpplus1 list=WAN

And you should be fine.
by mkx
Fri Aug 16, 2024 8:31 pm
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 911

Re: LHG-60G firmware update issue

The log entry is more likely about updater checking free space and finding out that it isn't sufficient. If there are any fikes under flash/ directory, you can possibly remove them (but come back and ask if they are safe to remove beforehand). Excessive config (e.g. bigger address lists or bigger st...
by mkx
Fri Aug 16, 2024 8:26 pm
Forum: General
Topic: Block tcp to a IP address
Replies: 5
Views: 471

Re: Block tcp to a IP address

Any device (be it Mikrotik or TPlink) can only filter traffic passing between its own ports. If only a part of traffic is passing Mikrotik (because devices, connected to TPlink, can communicate without MT ever knowing about it), then possibilities to filter traffic are limited. If your TPlink allows...
by mkx
Fri Aug 16, 2024 7:25 pm
Forum: General
Topic: LHG-60G firmware update issue
Replies: 11
Views: 911

Re: LHG-60G firmware update issue

Your LHG 60G has more than 64MB RAM, which means its "root" of storage (as you can see it) is on RAM disk. Just don't upload upgrade npks to flash/ subdir, they belong to root (and that's where ROS upgrader expects to find them). Did you actually try to upgrade ROS (and failed ... and if s...
by mkx
Fri Aug 16, 2024 7:13 pm
Forum: Beginner Basics
Topic: IP and Routing: SFP GPON Module WebUI access [SOLVED]
Replies: 14
Views: 5840

Re: IP and Routing: SFP GPON Module WebUI access [SOLVED]

Post your current config (output of /export file=anynameyouwish, redact sensitive data such as serial number, public IP address, passwords, etc.). Because proper advice can only be made after we see the rest of config.
by mkx
Fri Aug 16, 2024 7:10 pm
Forum: General
Topic: Block tcp to a IP address
Replies: 5
Views: 471

Re: Block tcp to a IP address

You can't block access to printer using router's firewall because printer is part of same LAN subnet and other drvices talk to printer directly. However, if that printer is connected directly to your router using dedicated network port (none other device is using it), then you could filter traffic. ...
by mkx
Fri Aug 16, 2024 7:05 pm
Forum: Beginner Basics
Topic: IP and Routing: SFP GPON Module WebUI access [SOLVED]
Replies: 14
Views: 5840

Re: IP and Routing: SFP GPON Module WebUI access [SOLVED]

please explain me how to setup the route thanks That entirely depends on SFP+ module management interface. If your router's firewall and NAT config is still more or less default (as in: small MT RB devices' default), then it should be enough to add sfp-sfpplus1 interface to WAN interface list and t...
by mkx
Fri Aug 16, 2024 4:36 pm
Forum: Wireless Networking
Topic: Wireless PTP link not passing Y.1564 certification Test
Replies: 1
Views: 368

Re: Wireless PTP link not passing Y.1564 certification Test

And how are thresholds set and which one doesn't pass?
by mkx
Fri Aug 16, 2024 4:28 pm
Forum: Beginner Basics
Topic: IP and Routing: SFP GPON Module WebUI access [SOLVED]
Replies: 14
Views: 5840

Re: IP and Routing: SFP GPON Module WebUI access [SOLVED]

Because you're using /32 addresses with wrong network address. Do yourself a favour and use /28 or less. If you don't know what I'm talking about, then use /24.

Another issue is setup of SFP+ module ... it needs a route back to your PC. If that can't be setup, then you have to perform SRC-NAT ...
by mkx
Thu Aug 15, 2024 10:07 pm
Forum: General
Topic: v4\v6 DNS
Replies: 5
Views: 530

Re: v4\v6 DNS

So you're saying that tunnel terminates directly on Hemeroid (sorry, Android) device? In that case I'm affraid you'll have to deal with lots of pain in the back. :?
by mkx
Thu Aug 15, 2024 9:50 pm
Forum: General
Topic: v4\v6 DNS
Replies: 5
Views: 530

Re: v4\v6 DNS

Basically you can't rely on having control over how applications work with DNS (e.g. some apps may use their own DNS over HTTPS connection to their own preferred servers). So if you want to force client's traffic through IPv4 tunnel, disable IPv6 on that site altogether.
by mkx
Thu Aug 15, 2024 9:40 pm
Forum: Beginner Basics
Topic: configuring RouterOS on CRS305-1G-4S+
Replies: 7
Views: 620

Re: configuring RouterOS on CRS305-1G-4S+

Look at official test results: https://mikrotik.com/product/crs305_1g_ ... estresults

Look at ethernet trst results, routing 25 ip filter rules, 512 byte packet size. The number stated there represents real-life performance the best.
And individual interface speed doesn't change it.
by mkx
Thu Aug 15, 2024 9:34 pm
Forum: Beginner Basics
Topic: Using a CRS326 as router (FTTH)
Replies: 7
Views: 1070

Re: Using a CRS326 as router (FTTH)

No.
by mkx
Thu Aug 15, 2024 5:52 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 235
Views: 79472

Re: v7.16rc [testing] is released!

So the "background" scan is clearly not a background one. It is clearly interrupting. Perhaps it's intended to be in background but it messes with timing of beacon frames? The only way of doing background scan with single radio is to transmit what's essential (beacons) but use the rest of...
by mkx
Thu Aug 15, 2024 1:29 pm
Forum: Wireless Networking
Topic: Connecting v6 Device to CAPsMAN v7 [SOLVED]
Replies: 3
Views: 717

Re: Connecting v6 Device to CAPsMAN v7 [SOLVED]

To continue where @neki stopped: even if both capsmans run on same device, they don't share config. And since support for better mobility (as in 802.11 r/k/v) is tied to wifi capsman, legacy cap devices don't benefit from that either. Which means that running legacy capsman for sake of single legacy...
by mkx
Thu Aug 15, 2024 9:14 am
Forum: General
Topic: SNMP Sending Wrong
Replies: 2
Views: 457

Re: SNMP Sending Wrong

Port number is yet another variable. So I wonder what exactly seems to be the problem?
by mkx
Thu Aug 15, 2024 9:10 am
Forum: General
Topic: Router OS 7 on RBD52G-5HacD2HnD (hAP ac^2)
Replies: 3
Views: 600

Re: Router OS 7 on RBD52G-5HacD2HnD (hAP ac^2)

If you use built-in ROS updater, then you have to change channel to "upgrade". It'll then upgrade version to (I guess) 7.12.x (and revert channel to "stable"). After upgrading to 7.12.x, you can further upgrade to newer version (7.15.x) by simply re-running upgrade). If you follo...
by mkx
Wed Aug 14, 2024 11:49 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM wirespeed switching?
Replies: 3
Views: 524

Re: CRS328-24P-4S+RM wirespeed switching?

L2 comes with its own overhead (ethernet frame headers and whatnot) and inter-frame gaps ... which take up relatively larger proportion of total capacity with smaller frame sizes (payload) compared to using larger frame sizes.

After all, that 1Gbps speed is L1 speed...
by mkx
Tue Aug 13, 2024 10:18 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 235
Views: 79472

Re: v7.16rc [testing] is released!

what is the intention or goal? The goal is to boo-boo. AFAIK the most optimistic feedback provided by support is "the issue was reproduced, it'll be fixed but we can't give any ETA". Except when the fix was already done and has passed whatever internal check points, in which case they'll ...
by mkx
Tue Aug 13, 2024 6:51 pm
Forum: General
Topic: Sector writes at ssh disconnection
Replies: 2
Views: 407

Re: Sector writes at ssh disconnection

Probably it writes new value for "last logged in" (or whatever it's called) so it can print critical logs which will happen between now and next login at next login.
by mkx
Mon Aug 12, 2024 10:01 pm
Forum: General
Topic: Cap devices only: "Check for updates" error - timeouts
Replies: 5
Views: 486

Re: Cap devices only: "Check for updates" error - timeouts

A rural legend goes that CAPsMAN can offer own installed packages to CAPs ... if architecture is the same and installed packages are superset of what's necessary on CAPs. I never ran a setup where this could work, so for me this is just a legend. But a safer way forward is to upload packages, needed...
by mkx
Sat Aug 10, 2024 9:54 pm
Forum: General
Topic: Packet Sniffer changes router behavior
Replies: 8
Views: 709

Re: Packet Sniffer changes router behavior

Sorry for OT, just remark on this (fasttrack and mangle are uncompatible). Depends on config, it can work in combination... I'm not saying that fasttrack can not be used ... I'm saying that mangling and fasttrack are uncompatible (or is it incompatible?) ... with addition: one connection can either...
by mkx
Sat Aug 10, 2024 9:19 pm
Forum: Beginner Basics
Topic: Default firewall config
Replies: 30
Views: 61516

Re: Default firewall config

Beginner question: Do I need to set up an interface list to make your firewall config effective ... Yes, if you largely re-use firewall, then you have to setup and maintain both interface lists. Your own approach (if executed carefully) works as well, but lacks flexibility (e.g. if your LAN is more...
by mkx
Sat Aug 10, 2024 9:02 pm
Forum: General
Topic: Packet Sniffer changes router behavior
Replies: 8
Views: 709

Re: Packet Sniffer changes router behavior

Packet sniffer disables fasttrack ... which in turn means that your mangle rules actually apply to all your traffic (fasttrack and mangle are uncompatible).
by mkx
Fri Aug 09, 2024 8:48 am
Forum: General
Topic: VLAN setup on CCR2004-16G-2S+
Replies: 5
Views: 598

Re: VLAN setup on CCR2004-16G-2S+

First off, you should go through this tutorial if you haven't already. Even though your device comes with two switch chips, the single bridge config should work mostly fine with two potential gotchas (one is concerning CPU load and one VLAN switching between both port groups). But I suggest to deal ...
by mkx
Fri Aug 09, 2024 8:40 am
Forum: General
Topic: Winbox: router not detected despite being on the same broadcast domain
Replies: 20
Views: 1246

Re: Winbox: router not detected despite being on the same broadcast domain

Does your linux run any kind of firewall or SElinux? These two may interfere with winbox and mac connectivity.
by mkx
Thu Aug 08, 2024 2:48 pm
Forum: General
Topic: Winbox: router not detected despite being on the same broadcast domain
Replies: 20
Views: 1246

Re: Winbox: router not detected despite being on the same broadcast domain

The 3rd party linux mactelnet client ia reportedly incompatible with recent (like: last few years) ROS versions.
by mkx
Wed Aug 07, 2024 10:22 pm
Forum: General
Topic: Steps to configure CRS326-24S+2Q+RM as a L3 Switch wihtout Router-on-a-stick
Replies: 23
Views: 1385

Re: Steps to configure CRS326-24S+2Q+RM as a L3 Switch wihtout Router-on-a-stick

Is it possible to create VLANs directly on the Switch Chip without creating a bridge?
No, not on CRS3xx devices (if you want wirespeed operations).
by mkx
Wed Aug 07, 2024 10:13 pm
Forum: General
Topic: problem with fasttrack [SOLVED]
Replies: 14
Views: 2237

Re: problem with fasttrack [SOLVED]

I am now thinking about activating L3 Hw Offloading, any suggestions?
Which device are you using?
by mkx
Tue Aug 06, 2024 9:14 pm
Forum: RouterBOARD hardware
Topic: What does the "Cloud" bit mean with Mikrotik switches?
Replies: 8
Views: 1423

Re: What does the "Cloud" bit mean with Mikrotik switches?

Almost as much as the second word (Smart or Router ... neither hold much essence in them).

So the only true one is the third one - Switch.
by mkx
Tue Aug 06, 2024 12:46 pm
Forum: Beginner Basics
Topic: Setup foe wAP ac for control my mixer
Replies: 6
Views: 516

Re: Setup foe wAP ac for control my mixer

Sorry. Here it is: viewtopic.php?t=143446
by mkx
Tue Aug 06, 2024 12:42 pm
Forum: General
Topic: 100G BiDi ER 40km | FEC 91 | No Link
Replies: 7
Views: 776

Re: 100G BiDi ER 40km | FEC 91 | No Link

Standards are there mostly for inter-vendor interoperability. In your case you have single vendor (one for SFPs and one for routers) so use whatever works for you.
Just keep a (mental) note just in case you have to replace any piece of equipment and things break then.
by mkx
Tue Aug 06, 2024 12:39 pm
Forum: General
Topic: GR3 "system" user is added after updating to v7
Replies: 3
Views: 512

Re: GR3 "system" user is added after updating to v7

I'd netinstall device now. ROS doesn't create any user (apart from admin) which means your debice might be tempered with. And you don't want that, do you?
by mkx
Tue Aug 06, 2024 12:37 pm
Forum: General
Topic: .alter file andstange timeout
Replies: 3
Views: 566

Re: .alter file andstange timeout

Are you sure it's not TR-069 "server" or some firewall in between that cuts TCP connection due to inactivity?
by mkx
Tue Aug 06, 2024 12:34 pm
Forum: Beginner Basics
Topic: Setup foe wAP ac for control my mixer
Replies: 6
Views: 516

Re: Setup foe wAP ac for control my mixer

That's probable, that single ethernet port may be configured as WAN by default.

Have a look a this thread, it explains how to make device a simple switch/ap (no routing). You may have to add DHCP server configuration though.
by mkx
Tue Aug 06, 2024 12:26 pm
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 40
Views: 19379

Re: RB3011 no more POE on port eth10


It seems to me like mtest001 is not blaming anyone.
And I didn't imply that. However, posting something about own disappointment on vendor's discussion forum may imply something (and it's everybody's guess what the implication might be).
by mkx
Mon Aug 05, 2024 11:14 pm
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 40
Views: 19379

Re: RB3011 no more POE on port eth10

Such are risks when using second hand gear.

Do you blame car manufacturer if your second-hand car has a failed cat?
by mkx
Mon Aug 05, 2024 11:10 pm
Forum: Wireless Networking
Topic: Wireless Wire - Increase Throughput [SOLVED]
Replies: 4
Views: 1672

Re: Wireless Wire - Increase Throughput [SOLVED]

My link is 10ft apart at 7 feet height, unobstructed line of sight. In short I am connecting one side of the my office with the other side.

You must have some serious WAF problems if you can't pull a CAT6 UTP cable (even CAT5e would do for this kind of distance) accross / around the office.
by mkx
Mon Aug 05, 2024 10:58 pm
Forum: General
Topic: RB2011uiAS upgrade backup-routerbooot
Replies: 9
Views: 1327

Re: RB2011uiAS upgrade backup-routerbooot

In the Protected Bootloader section, it shows v7 and v6, but I have version v3.41. What version should I add to the device? It doesn't matter which version your device currently shows, what matters is which version you want to have. If you plan to run ROS v7, then start with 7.6 ... first ROS (unde...
by mkx
Mon Aug 05, 2024 10:49 pm
Forum: General
Topic: Is there a way to install RouterOS on a ARMv8-A non-mikrotik hardware?
Replies: 6
Views: 805

Re: Is there a way to install RouterOS on a ARMv8-A non-mikrotik hardware?

So far, "alien" hardware with ARM architecture is not really supported. There's ARM CHR) AFAIK geared towards some particular cloud provider. And there are MT devices with ARM processors.
by mkx
Mon Aug 05, 2024 10:38 pm
Forum: Beginner Basics
Topic: Setup foe wAP ac for control my mixer
Replies: 6
Views: 516

Re: Setup foe wAP ac for control my mixer

The principle should be identical on both devices.

Your problem description is pretty vague, so that's how explicit advice I can provide. Anybody with working crystall ball around?
by mkx
Sun Aug 04, 2024 10:06 pm
Forum: General
Topic: New MAC address on the bridge after the update
Replies: 4
Views: 477

Re: New MAC address on the bridge after the update

Can I come up with some kind of MAC address or how do I make sure I don't have a duplicate? Read about Locally Adminiatered address (LAA) in article on MAC addresses . In short: take MAC address of ether1 and make the second digit from the left either 2, 6, A or E (which means you can construct 4 s...
by mkx
Sun Aug 04, 2024 10:53 am
Forum: SwOS
Topic: problem with Lock On First in swos
Replies: 5
Views: 1081

Re: problem with Lock On First in swos

... connected a pc to port 1 but after connecting new device to port 1 also new device can connected to network How exactly do you connect the new device to same port? Do you disconnect the first device? In which case the feature works as intended (it's designed against connecting a downstream swit...
by mkx
Sun Aug 04, 2024 10:49 am
Forum: SwOS
Topic: Wired Backhaul with SwOS and CSS326
Replies: 4
Views: 973

Re: Wired Backhaul with SwOS and CSS326

... the backhaul traffic is somehow dropped in the switch. And the only explanation that I can come up with is that switch disables all backhaul ports (except one) due to detected loops (an STP feature). Perhaps you have to reboot CSS after disabling STP. If you know your network doesn't have loops...
by mkx
Sun Aug 04, 2024 10:37 am
Forum: Wireless Networking
Topic: Wi-Fi 2.4G limit 30mpbs
Replies: 17
Views: 1609

Re: Wi-Fi 2.4G limit 30mpbs

as you can see from the post I used the least used frequency but by running the speedtest I always get to 30mpbs Chart is clipped off at 30Mbps, text under it says that max was 42Mbps. So did your speedtest result also came back at 30Mbps? Are you sure there isn't sone other bottleneck beyond wifi ...
by mkx
Sun Aug 04, 2024 10:28 am
Forum: General
Topic: CRS326-24S+2Q+RM showing 2 Switch chips
Replies: 52
Views: 2899

Re: CRS326-24S+2Q+RM showing 2 Switch chips

Nice ...

... but: "Maximum Firewall Port to Port Throughput" is 21Gbps ... a bit less than wirespeed.
by mkx
Sun Aug 04, 2024 10:19 am
Forum: Beginner Basics
Topic: Wireless bridge questions
Replies: 12
Views: 1042

Re: Wireless bridge questions

Pretty simple config ... so just go ahead and change IP addresses on both devices. As I already warned, don0t torget to set subnet mask in address property ... just like it is now (the "/24" part). And if you're going to use GUI (ether winbox or webui), don't use quickset, use "normal...
by mkx
Sat Aug 03, 2024 10:32 pm
Forum: General
Topic: CRS326-24S+2Q+RM showing 2 Switch chips
Replies: 52
Views: 2899

Re: CRS326-24S+2Q+RM showing 2 Switch chips

Your CRS can do wirespeed routing between different VLANs ... the only limitation (when you're talking about large network) is number of connected hosts (total in all VLANs) ... if networks are IPv4 only, then limit is at 16.000 hosts. If networks are IPv6 only, then limit is at 8.000 hosts. If netw...
by mkx
Sat Aug 03, 2024 9:41 pm
Forum: RouterBOARD hardware
Topic: 10Gb connection
Replies: 4
Views: 1002

Re: 10Gb connection

No, what you describe won't do: NIC is SFP28, linked DAC is QSFP28 and CRS is SFP+. And all of them don't mix. If you really want to spend more money on server's NIC (to have 25Gbps intetface), then you'll have to go with SFP28 module which can work at 10Gbps ... and a 10Gbps SFP+ module (for CRS) ....
by mkx
Sat Aug 03, 2024 9:38 pm
Forum: RouterBOARD hardware
Topic: L009UiGS-RM power on from PoE-in when DC power already connected?
Replies: 7
Views: 910

Re: L009UiGS-RM power on from PoE-in when DC power already connected?

Use black self-adhesive tape and cover all the leds.
by mkx
Sat Aug 03, 2024 9:30 pm
Forum: Wireless Networking
Topic: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result
Replies: 6
Views: 820

Re: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result

It can get nasty for the LTE part, read the note 3) for the RG502Q-EA Cellular Antenna Mapping table. I'm not sure what exactly it means, but it might mean that it's either A1 or A7, depending on whether N78 5G NSA is used or not.
by mkx
Sat Aug 03, 2024 9:23 pm
Forum: General
Topic: /system/upgrade menu [SOLVED]
Replies: 10
Views: 3658

Re: /system/upgrade menu [SOLVED]

> scp ./routeros-7.15.3-mipsbe.npk username@192.0.2.1:/flash

No need to push files into flash subfolder. IIRC it's actually required to put NPK files to storage root (even if it's a RAM disk) for updater to act on them.
by mkx
Sat Aug 03, 2024 5:52 pm
Forum: SwOS
Topic: Wired Backhaul with SwOS and CSS326
Replies: 4
Views: 973

Re: Wired Backhaul with SwOS and CSS326

I'm not sure if it's possible in SwOS, but try to disable STP snd RSTP on all ports connecting mesh system. Mesh will mess with topology (wired interconnects, wireless interconnects, one or both at the same time), possibly in ways which upset STP-enabled network.
by mkx
Sat Aug 03, 2024 5:44 pm
Forum: RouterBOARD hardware
Topic: L009UiGS-RM power on from PoE-in when DC power already connected?
Replies: 7
Views: 910

Re: L009UiGS-RM power on from PoE-in when DC power already connected?

No, it won't work ... regardless the DC jack voltage. When one cuts power on a port on PSE (RB5009), L009 will simply switch over to draw power from the source with lower voltage. It's very useful feature when one wants to have power source redundancy. And /system/shutdown doesn't actually power dow...
by mkx
Sat Aug 03, 2024 5:35 pm
Forum: Wireless Networking
Topic: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result
Replies: 6
Views: 820

Re: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result

Just googled up this page: https://confusedbird.com/thread-119.html If I understand things correctly, then for N78 device uses external antennas. But for LTE B7, which is a MHB (2600MHz), it uses internal antennas (A0-top right and A7-lower left). Which explains the signal strength difference you see.
by mkx
Sat Aug 03, 2024 5:21 pm
Forum: Wireless Networking
Topic: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result
Replies: 6
Views: 820

Re: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result

... it is 5G NSA (not stand alone). Exactly ... 5G NSA requires connection zo LTE cell for signalling. So in essence, 5G NSA is simply another CA carrier (with distinction that it can't be serving cell). As to the weak B7 LTE cell signal ... can you verify signal strength of both cells (LTE and 5G)...
by mkx
Sat Aug 03, 2024 5:13 pm
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 174
Views: 35759

Re: hAP ax3 wireless problem [SOLVED]

What reasons could there be for the “Link downs” of a 5Ghz meter to trigger? If you want some feedback, just share the config: /export file=anynameyoulike Remove serial and any other private info. And output of /log/print ... it just might tell something about those "link downs".
by mkx
Sat Aug 03, 2024 5:08 pm
Forum: General
Topic: problem with fasttrack [SOLVED]
Replies: 14
Views: 2237

Re: problem with fasttrack [SOLVED]

Fasttrack and mangle are mutually exclusive. Now, you can keep using fasttrack for traffic which doesn't have to be mangledmby adding accept rule (which accepts traffic to be mangled) and place it above fasttrack rule. This way traffic to be mangled won't escape being mangled via fasttrack, instead ...
by mkx
Sat Aug 03, 2024 4:57 pm
Forum: General
Topic: RB2011 vs hAP-ac2 (for parents)?
Replies: 4
Views: 610

Re: RB2011 vs hAP-ac2 (for parents)?

So be careful because traffic going from gigabit port to fast ethernet port must pass trough CPU. I know that can be a problem on RB4011 so i believe it's a problem on RB2011. RB2011 doesn't have the same problem as 4011 does ... it's a problem when there are VLANs in the mix ... and it's not a pro...
by mkx
Fri Aug 02, 2024 8:01 pm
Forum: General
Topic: UDP faster than TCP - why?
Replies: 11
Views: 2353

Re: UDP faster than TCP - why?

So which one would be more representative of a real world traffic bandwidth test? None. Because it depends way too much on router's CPU power. Always use testing through routers. IMO bandwidth test is yet another feature which shouldn't be made available in ROS ... because it's most often misleading.
by mkx
Fri Aug 02, 2024 9:02 am
Forum: Beginner Basics
Topic: Wireless bridge questions
Replies: 12
Views: 1042

Re: Wireless bridge questions

Just to ammend my previous answer: My question is, can I safely change the ip range of the devices to fit into my LAN's IP range without messing up the factory config? Or is it supposed to be this way to work properly? Yes. But try not to use QuickSet GUI option, it tends to mess with any custom con...
by mkx
Fri Aug 02, 2024 8:51 am
Forum: Beginner Basics
Topic: Wireless bridge questions
Replies: 12
Views: 1042

Re: Wireless bridge questions

If I'm not much mistaken, RBwAPG-60ad wireless wire kit comes preconfigured so that it serves as a transparent bridge between both wired ends (as if they were switches, connected with a high-delay cable). So IP addresses used in both wired ends doesn't matter, traffic between devices on both ends sh...
by mkx
Fri Aug 02, 2024 7:05 am
Forum: Virtualization
Topic: Router Os 7.15.3 on Qnap Nas
Replies: 14
Views: 1451

Re: Router Os 7.15.3 on Qnap Nas

RouterOS is a complete OS (including jernel and drivers) so it's not intended to be run inside a container. CHR is RouterOS variant intended to be run inside a VM (like Proxmox or Virtualization station) but expects to see certain type of (virtualized) hardware ... if virtualization engine can provi...
by mkx
Fri Aug 02, 2024 6:57 am
Forum: General
Topic: CRS326-24S+2Q+RM showing 2 Switch chips
Replies: 52
Views: 2899

Re: CRS326-24S+2Q+RM showing 2 Switch chips

Bridge mysteries explained: https://forum.mikrotik.com/viewtopic.php?t=173692 How to deal with VLANs: https://forum.mikrotik.com/viewtopic.php?t=143620 Inter-VLAN routing is just a (not so special) case of routing. L3HW offload: https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading (I al...
by mkx
Thu Aug 01, 2024 9:47 pm
Forum: Beginner Basics
Topic: No internet from Bridge?
Replies: 7
Views: 663

Re: No internet from Bridge?

I have devices connected to a bridge. DHCP is set up correctly. When I ping 8.8.8.8 from the ether1 (internet) in Tools-> Ping it works, but when I ping from bridge interface, it shows timeout. Do I need to add a firewall rule, or a NAT translation? Do I understand you correctly that you're trying ...
by mkx
Thu Aug 01, 2024 8:21 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN dual power power [SOLVED]
Replies: 15
Views: 10937

Re: RB5009UG+S+IN dual power power [SOLVED]

If RB5009 does the same (and I don't see why it wouldn't) Yeah, it should but it does not (unless poe is forced) Well, as already mentioned, that's up to PoE communication between PSE and RB5009 ... if PSE doesn't provide power (even if it's just because RB5009 doesn't request it), then for power c...
by mkx
Thu Aug 01, 2024 7:54 pm
Forum: Wireless Networking
Topic: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result
Replies: 6
Views: 820

Re: Chateau 5G R16 + ISKRA P-62 antennas signal test strange result

Are you sure that B7 cell (FDD 2600MHz) and N78 cell (TDD 3500MHz) are actually served from the same cell tower? They could actually be two different towers in different directions and your P62 antennas are directed at the N78 cell tower?
by mkx
Thu Aug 01, 2024 7:45 pm
Forum: General
Topic: Interpose router maintaining IP
Replies: 8
Views: 846

Re: Interpose router maintaining IP

No.

Basic idea of routing is that different interfaces have IP addresses belonging to different subnets.

Why do you want to keep IP addresses unchanged both on ISP router's LAN interface and in your actual LAN?
by mkx
Thu Aug 01, 2024 7:35 pm
Forum: Beginner Basics
Topic: New to modems, need custom rules
Replies: 2
Views: 571

Re: New to modems, need custom rules

Modems are pretty dumb devices, do what you want to do is beyond modems' intelligence. You can script things in RouterOS, but IMO scripting is not very flexible and you can't add nifty little tools which can help. Personally I'd go with a small general-purpose computer (e.g. raspberry PI) running li...
by mkx
Wed Jul 31, 2024 10:47 pm
Forum: Wireless Networking
Topic: Hide connections rejected by access-list
Replies: 3
Views: 544

Re: Hide connections rejected by access-list

Never mind. I'm afraid that's not a solution, It's a poorly worded excuse for post which didn't make much sense ... but couldn't be deleted by post author. So I fully agree it's not a solution ... not for everybody at least. To the topic: I don't think it's possible not to log only particular conne...
by mkx
Wed Jul 31, 2024 10:39 pm
Forum: General
Topic: CRS326-24S+2Q+RM showing 2 Switch chips
Replies: 52
Views: 2899

Re: CRS326-24S+2Q+RM showing 2 Switch chips

For full performance, configure a single Bridge and put all ports in it, with Bridge VLAN filtering enable. Right? I just have some VLANs with Inter VLAN Routing. No other requirement. Correct, single bridge with VLANs ... and appropriate routing rules so that this part can be L3HW offloaded. And, ...
by mkx
Wed Jul 31, 2024 9:06 pm
Forum: General
Topic: CRS326-24S+2Q+RM showing 2 Switch chips
Replies: 52
Views: 2899

Re: CRS326-24S+2Q+RM showing 2 Switch chips

Have a look at this help page, it lists features offered by devices with advanced switch chips, including CRS326: https://help.mikrotik.com/docs/display/ROS/CRS3xx%2C+CRS5xx%2C+CCR2116%2C+CCR2216+switch+chip+features Your switch can also do some IP routing in hardware, check this help page: https://...
by mkx
Wed Jul 31, 2024 8:00 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN dual power power [SOLVED]
Replies: 15
Views: 10937

Re: RB5009UG+S+IN dual power power [SOLVED]

My doubt is that, even if the good guys at Mikrotik were willing to change the way the RB5009 behaves as PD, after the "initial lie" the RB5009 must draw some (little) power from the PoE to "keep alive" the power from the PSE ... The way most MT devices with multiple power input...
by mkx
Wed Jul 31, 2024 6:48 pm
Forum: Wireless Networking
Topic: CAPsMAN and VLAN between ax3, ax2 and ac2
Replies: 6
Views: 822

Re: CAPsMAN and VLAN between ax3, ax2 and ac2

You already solved this, but for completeness sake ... - is there anyone who has already made an ax3 work as a CAP of itself? While technically local wifi interfaces can not be provisioned by CAPsMAN, the integration is possible never the less: both local provisioning and CAPsMAN can share same conf...
by mkx
Wed Jul 31, 2024 8:26 am
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 116575

Re: v7.16beta [testing] is released!

With that being said looking at the restore script from Mikrotik even if they manually set the admin mac they still pick the first available mac from the device itself. What exactly is that you're after? Your script explicitly sets bridge MAC address to address of first listed ethernet port (even i...
by mkx
Tue Jul 30, 2024 8:53 pm
Forum: General
Topic: CAPsMAN forwarding in new capsmanager
Replies: 12
Views: 904

Re: CAPsMAN forwarding in new capsmanager

You could create EOIP tunnels from CAPs to CAPsMAN and bridge wifi interfaces with those tunnels.
by mkx
Tue Jul 30, 2024 8:19 pm
Forum: Virtualization
Topic: Router Os 7.15.3 on Qnap Nas
Replies: 14
Views: 1451

Re: Router Os 7.15.3 on Qnap Nas

Just wondering why you want to run ROS in your storage device though

Because this way he'll be able to install ROSE package and turn his CHR into NAS :lol:.
by mkx
Tue Jul 30, 2024 7:59 am
Forum: General
Topic: Does the RB5009 machine have hardware NAT acceleration capability?
Replies: 5
Views: 794

Re: Does the RB5009 machine have hardware NAT acceleration capability?

Looks like the 88E6393X switch chip used in the 5009 can do basic L3 hardware routing. Hence the second paragraph in my post #2 above. In ROS nothing can be taken for granted until it's actually implemented. For example, allegedly MT7621A (SoC, used in Hex RB750Gr3) can do some L3 in hardware, ther...
by mkx
Tue Jul 30, 2024 6:50 am
Forum: General
Topic: Does the RB5009 machine have hardware NAT acceleration capability?
Replies: 5
Views: 794

Re: Does the RB5009 machine have hardware NAT acceleration capability?

So for RB5009 it is a pure software NAT router. I mean it doing NAT in Linux Kernel without using hardware accelerator in the soc,right?
Yes. So far.
by mkx
Mon Jul 29, 2024 12:32 pm
Forum: General
Topic: Does the RB5009 machine have hardware NAT acceleration capability?
Replies: 5
Views: 794

Re: Does the RB5009 machine have hardware NAT acceleration capability?

Is FastPath/FastTrack a pure software acceleration solution? Fastpath/fasttrack is in principle software feature. Some devices are capable of offloading, have a look at L3HW offloading , it has a section about which devices can offload what. There are devices which are supposedly to offer similar f...
by mkx
Mon Jul 29, 2024 7:57 am
Forum: Wireless Networking
Topic: 2 high gain antennas (LHGG LTE18) on the same pole? [SOLVED]
Replies: 2
Views: 768

Re: 2 high gain antennas (LHGG LTE18) on the same pole? [SOLVED]

In mobile networks having two antennas close to each other is usually not a big problem. The exception is if MNO uses TDD band (and even this is not allways a problem). The same is true even if the two antennas connect to different MNOs ... unless these two use frequency bands which are somehow &quo...
by mkx
Sun Jul 28, 2024 10:21 pm
Forum: General
Topic: how to identify which ip is infected and being used for a DDoS? [SOLVED]
Replies: 16
Views: 2584

Re: how to identify which ip is infected and being used for a DDoS? [SOLVED]

One thing to consider: with UDP packets it's pretty easy to spoof src-address because return packets don't have to be delivered to attacker to continue with attack. Packet dump, taken on attacked side, doesn't proove anything. So if you fail to find attacker in your LAN, ask your ISP to trace origin...
by mkx
Sun Jul 28, 2024 10:14 pm
Forum: General
Topic: Path MTU discovery problems with IPv6 on PPPoE [SOLVED]
Replies: 6
Views: 2089

Re: Path MTU discovery problems with IPv6 on PPPoE [SOLVED]

Every L3 device (e.g. IPv6 router) should be able to transmit ICMP messages if necessary. And pass them on of course. BTW, I'm not sure if a generated ICMPv6 message (such as packet too big) is considered as "related" in case of stateful firewall ... probably it should be. And it's probabl...
by mkx
Sun Jul 28, 2024 4:37 pm
Forum: General
Topic: how to identify which ip is infected and being used for a DDoS? [SOLVED]
Replies: 16
Views: 2584

Re: how to identify which ip is infected and being used for a DDoS? [SOLVED]

Disabling HW offload is not necessary for the raw rule approach, and affects LAN bridging performance, so only keep it disabled while sniffing.

Isn't sniffer tool disabling L2 HW offload in the first place?
by mkx
Sun Jul 28, 2024 11:57 am
Forum: General
Topic: Masquerade TCP port80 Not Working [SOLVED]
Replies: 4
Views: 1733

Re: Masquerade TCP port80 Not Working [SOLVED]

Are you trying to access HTTP service on public IP from a LAN client? If so, you'll have to implement hairpin NAT . Which involves both DST-NAT and SRC-NAT (with their respective gotchas), but I don't know if connection tracking table will show addresses you expect in a single row (both NATs are two...
by mkx
Sat Jul 27, 2024 7:05 pm
Forum: Wireless Networking
Topic: CapsMan datapath interfaces put not to bridge
Replies: 29
Views: 2958

Re: CapsMan datapath interfaces put not to bridge

Could be it's due to the fact that capsman forwarding puts quite some burden on both CAP device (which is manegeable by using faster CPU) and CAPsMAN device (less manageable if there's large number of CAPs involved), reducing CAP wireless performance. The benefits (in certain use cases thex were inv...
by mkx
Sat Jul 27, 2024 6:57 pm
Forum: General
Topic: Upgrading Rooterboot factory software
Replies: 25
Views: 6691

Re: Upgrading Rooterboot factory software

Okay, than is there any way to upgrade factory firmware? And is there any way to find out current rooterboot version? No, you can't upgrade "Factory firmware", as I explained it's simply an information about lowest pissibke firmware version to which routerboot can be downgraded ... and co...
by mkx
Sat Jul 27, 2024 3:39 pm
Forum: General
Topic: Packets for port 80 disappear before reaching NAT or filtering [SOLVED]
Replies: 6
Views: 1913

Re: Packets for port 80 disappear before reaching NAT or filtering [SOLVED]

I run Linux unfortunately lol Thanks for the "lol", I started to feel sorry for you. Anyway, a proper "tcptraceroute" exists for linux (at least debian-based, e.g. ubuntu) and it really is an invaluable tool for checking availability of a particular (TCP) service, normal ICMP (o...
by mkx
Sat Jul 27, 2024 12:06 pm
Forum: General
Topic: Upgrading Rooterboot factory software
Replies: 25
Views: 6691

Re: Upgrading Rooterboot factory software

I'm pretty sure that it's error in documentation. It says it's procedure for upgrading "backup routerboot" ... and then, out from a blue sky, it mentions change in "factory firmware" version. As far as I understand, the "factory firmware" version doesn't relate to any o...
by mkx
Sat Jul 27, 2024 11:11 am
Forum: SwOS
Topic: SNMPv3 Support
Replies: 3
Views: 1033

Re: SNMPv3 Support

Devices running SwOS only use "CPU" for managing ASIC ... so CPU stats are in this sense irrelevant for device performance.
by mkx
Sat Jul 27, 2024 12:46 am
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2897

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Well, I've read some (general) articles on VPP ... and I still don't get it: why is it orthogonal to embedded NOS such as ROS?
by mkx
Sat Jul 27, 2024 12:08 am
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2897

Re: Feature Request - CHR - VPP & ISO version CHR ROS

If I read the point correctly ... VPP = User space ... and does not fit with in and embedded network OS like ROS. Why do you think that embedded NOS can't run user space stuff? Running something inside kernel space doesn't make it any faster or smaller or anything ... it's just running with higher p...
by mkx
Fri Jul 26, 2024 11:29 pm
Forum: General
Topic: How to configure my Mikrotik as a router
Replies: 11
Views: 987

Re: How to configure my Mikrotik as a router

Honestly, from the learning point of view, I cannot see a big difference between starting from the actual default configuration of a mAP that one gets inside the actual mAP and starting from a "default configuration of a mAP" one copy-pastes from the forum to an empty CHR. If one owns a R...
by mkx
Fri Jul 26, 2024 4:16 pm
Forum: General
Topic: How to limit an IP address to a local IP [SOLVED]
Replies: 10
Views: 1857

Re: How to limit an IP address to a local IP [SOLVED]

Another remark, linked to your other post (about CHR running in ESX): I suspect that you have one port intended for WAN (connected to whatever gadget your ISP provided) and another port intended for LAN ... and that port is likely to be connected to some kind of a switch (can even be virtual switch ...
by mkx
Fri Jul 26, 2024 3:59 pm
Forum: General
Topic: How to configure my Mikrotik as a router
Replies: 11
Views: 987

Re: How to configure my Mikrotik as a router

Right. I guess minimum amount of RAM for v7 is 64MB (hAP lite has only 32MB which is pretty tight) ... and 16MB of storage space for architectures other than ARM (and ARM64) is almost enough ... if one doesn't plan to install many optional packages.

So we're talking about devices with MSRP of 30 USD.
by mkx
Fri Jul 26, 2024 3:54 pm
Forum: General
Topic: How to limit an IP address to a local IP [SOLVED]
Replies: 10
Views: 1857

Re: How to limit an IP address to a local IP [SOLVED]

As I indicated: either you have both interfaces bridged ... and without setting use-ip-firewall=yes on bridge settings traffic passing between different bridge ports won't be subject to IP firewall. BTW, if you want to filter according to input and output port, you can't use "in-interface"...
by mkx
Fri Jul 26, 2024 2:49 pm
Forum: General
Topic: How to configure my Mikrotik as a router
Replies: 11
Views: 987

Re: How to configure my Mikrotik as a router

Thanks, how can I find my MT model? That's not a physical router. I installed an MT as a VM on ESXi. OK, so it's a CHR. Comes without default config as well. Unfortunately it's not the best thing to start learning ROS. Perhaps you could purchase yourself the cheapest ROS device you can find (or not...
by mkx
Fri Jul 26, 2024 2:28 pm
Forum: General
Topic: How to configure my Mikrotik as a router
Replies: 11
Views: 987

Re: How to configure my Mikrotik as a router

Depends on Mikrotik device model either there's default config (selectable between different templates, those depend on type of WAN connection, e.g. "plain" DHCP vs. PPPoE) which does exactly what you're asking about (one WAN port, other wired ports are LAN and switched between). Or some M...
by mkx
Fri Jul 26, 2024 2:03 pm
Forum: General
Topic: How to limit an IP address to a local IP [SOLVED]
Replies: 10
Views: 1857

Re: How to limit an IP address to a local IP [SOLVED]

They may be in the same subnet ... I've never seen (so far) IP addressing where 192.168.100.75 and 192.168.100.76 belong to different IP subnets (these two addresses are in @OPs opening post and I have no reason to believe they are entirely made up). Apart from the case when /32 addressing is used,...
by mkx
Fri Jul 26, 2024 1:52 pm
Forum: Wireless Networking
Topic: 100+ mbit in 1way test, 3mbit in both way test
Replies: 5
Views: 633

Re: 100+ mbit in 1way test, 3mbit in both way test

if unidirectional goes 100-140mbit, then even with 10-15mbit uplink (if ever) the downlink should still go above 50. it's plenty enough. It might ... the thing is that it's not only raw speed, it's timing which plays huge role in bidirectional communication (any TCP connection is bidirectional). An...
by mkx
Fri Jul 26, 2024 1:36 pm
Forum: Beginner Basics
Topic: What solution do you do to limit ping (firewall filter)?
Replies: 15
Views: 1059

Re: What solution do you do to limit ping (firewall filter)?

what is your plan?

My plan? I don't bother, so essentially the same as by @anav in post #2 (plus similar for chain=forward in /ipv6/firewall/filter).
by mkx
Fri Jul 26, 2024 12:26 pm
Forum: Beginner Basics
Topic: What solution do you do to limit ping (firewall filter)?
Replies: 15
Views: 1059

Re: What solution do you do to limit ping (firewall filter)?

IMO in such case it's better to filter per ICMP type ... some are not really necessary (e.g. echo / echo request), some are. Filtering by rate can be added to basic filtering by type.
by mkx
Fri Jul 26, 2024 12:21 pm
Forum: Wireless Networking
Topic: 100+ mbit in 1way test, 3mbit in both way test
Replies: 5
Views: 633

Re: 100+ mbit in 1way test, 3mbit in both way test

And when you go over to using proper test setup (e.g. iperf running on computers, connected to wireless link endpoints) also keep in mind the following about bidirectional tests: wifi is a TDMA, so same air time is divided between both directions. In ideal case the sum of throughputs in both directi...
by mkx
Fri Jul 26, 2024 12:07 pm
Forum: Beginner Basics
Topic: What solution do you do to limit ping (firewall filter)?
Replies: 15
Views: 1059

Re: What solution do you do to limit ping (firewall filter)?

When dealing with ICMP, one should not forget that ICMP is way more than only "Echo" and "Echo Reply". Blindly blocking all ICMP traffic might severely interfere with normal IP communication (e.g. PMTUD doesn't work without ICMP working) ... specially so in IPv6. Additionally, so...
by mkx
Fri Jul 26, 2024 9:14 am
Forum: General
Topic: Management Port Route List?
Replies: 6
Views: 519

Re: Management Port Route List?

Yeah I was unsure about keeping the WAN on the bridge, just fully removed it now, updating the post For OOB management, you don't need any route (let alone default) pointing at that interface. It's assumed that any management device will only try to talk to router's management interface (so it real...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 43