Community discussions

MikroTik App

Search found 13607 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 46
by mkx
Wed Jan 22, 2025 9:49 pm
Forum: Wireless Networking
Topic: Difference "Bridge Port" view using WiFi CapsMan and Wireless CapsMan
Replies: 1
Views: 120

Re: Difference "Bridge Port" view using WiFi CapsMan and Wireless CapsMan

When using old CAPsMAN, do/did you use capsman forwarding in datapath? It doesn't exist in new (wifi) CAPsMAN ...
by mkx
Wed Jan 22, 2025 9:20 pm
Forum: Beginner Basics
Topic: Optimizing Server Placement: MikroTik Router vs. Switch
Replies: 10
Views: 390

Re: Optimizing Server Placement: MikroTik Router vs. Switch

Not exactly an echo, rather explanation.
by mkx
Wed Jan 22, 2025 6:41 pm
Forum: General
Topic: CCR2004-16G-2S+ shows wrong cpu mhz
Replies: 9
Views: 1075

Re: CCR2004-16G-2S+ shows wrong cpu mhz

You can't set CPU frequency like this?
/system/routerboard/settings/set cpu-frequency=auto

(or press <TAB> before entering auto to see possible values)
by mkx
Wed Jan 22, 2025 6:30 pm
Forum: Beginner Basics
Topic: Optimizing Server Placement: MikroTik Router vs. Switch
Replies: 10
Views: 390

Re: Optimizing Server Placement: MikroTik Router vs. Switch

Generally speaking switches have switching capacity larger than any individual port (including swirch-router or switch-switch interconnect). Which means that connecting server to switch, which also directly connects "main" clients (or large subset of clients) of server, generally offers be...
by mkx
Wed Jan 22, 2025 6:23 pm
Forum: Beginner Basics
Topic: VLAN on a single port
Replies: 9
Views: 580

Re: VLAN on a single port

The RB2011 is a "special" device that has two switch chips: https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features Atheros8327 (ether1-ether5+sfp1); Atheros8227 (ether6-ether10) The "modern" way to do what you want to accomplish (good on *any* Mikrotik har...
by mkx
Wed Jan 22, 2025 3:58 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 130
Views: 10451

Re: v7.18beta [testing] is released!

> *) net - added initial support for automatic multicast tunneling (AMT) interface; Is this the solution to route mDNS over WireGuard without using an EOIP tunnel? AMT is a tunnel by itself ... not encrypted, only encapsulated into unicast UDP packets. My employer is using it to receive certain mul...
by mkx
Wed Jan 22, 2025 7:45 am
Forum: Beginner Basics
Topic: Hardware Switching on CCR2004-16G-2S+
Replies: 5
Views: 427

Re: Hardware Switching on CCR2004-16G-2S+

There's a general standard caveat in documentation saying only one ROS bridge can do hardware offloading, and default best-practice is "only one bridge total unless you know you need more". I actually kinda wonder if that's an accurate description of ROS software limitation, or is it a bi...
by mkx
Tue Jan 21, 2025 11:15 pm
Forum: General
Topic: Problem Scenario Regarding NAT in Mikrotik Router
Replies: 2
Views: 154

Re: Problem Scenario Regarding NAT in Mikrotik Router

NAT is connection tracking thing and as long as connection is active, NAT will do its job. And will do the inverse for return packets if they get delivered to router. There are two possibilities for SRC NAT: action=src-nat and action=masquerade. There are two important differences between both possi...
by mkx
Tue Jan 21, 2025 11:55 am
Forum: Wireless Networking
Topic: Help with Dual Band Steering and Roaming using Qcom Package (WiFi Wave 2)
Replies: 8
Views: 359

Re: Help with Dual Band Steering and Roaming using Qcom Package (WiFi Wave 2)

Haven't seen it yet, you should be using CAPsMAN to get this to work seamlessly.

Indeed to get roaming between different APs one needs CAPsMAN up and running. But to get roaming between radios of same AP one doesn't need CAPsMAN, relatively default config should suffice.
by mkx
Tue Jan 21, 2025 11:49 am
Forum: Wireless Networking
Topic: Help with Dual Band Steering and Roaming using Qcom Package (WiFi Wave 2)
Replies: 8
Views: 359

Re: Help with Dual Band Steering and Roaming using Qcom Package (WiFi Wave 2)

It's not OK to force devices to roam to certain APs. The problem is that whatever is configured (including the whole 802.11 r/k/v), it's still device which decides to move to another AP. The only difference between simply using same SSID and using the whole mobility suite is that in later case devic...
by mkx
Tue Jan 21, 2025 11:33 am
Forum: Beginner Basics
Topic: Can't log into switch from a Macintosh.
Replies: 8
Views: 333

Re: Can't log into switch from a Macintosh.

I remember a couple of reports of people that needed to reset the unit before being able to access it, you can try that, you have nothing to lose. Or it may be the opposite. I've received my brand new wAP ax and initially the password from the sticker worked, I've used it to log in using winbox 3.x...
by mkx
Tue Jan 21, 2025 11:28 am
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 3917

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

Well, I got it working. For some reason, setting the prefix hint to 0 fixed it. Nice to read that you have it now working ... I'm very curiouse as to the prefix size they actually gave you because a prefix hint to 0 in the IPv6 prefix field indicates that the requesting router has no preference for...
by mkx
Tue Jan 21, 2025 9:14 am
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 4
Views: 426

Re: RTFC11: how to power with PoE 802.11at/af?

Yup. Product page says



(emphasis is mine)
In addition to emphasis, can you also translate from Mikrotikish?

What (the heck) is a cross cable?
I've no idea ... perhaps @OP should ask MT support directly (and post their answer here, it should be interesting).
by mkx
Tue Jan 21, 2025 9:08 am
Forum: Wireless Networking
Topic: Is/Would be there support for client roaming (802.11k,802.11r,802.11v,802.11w) ...
Replies: 4
Views: 365

Re: Is/Would be there support for client roaming (802.11k,802.11r,802.11v,802.11w) ...

And on certain models of AC devices ... those which can run wifi-qcom-ac driver. As to how it works: mobility works between radios, controlled by same entity. Basic setup is single dual-radio device which controls both/all radios and mobility works between those radios. Advanced setup is network of ...
by mkx
Tue Jan 21, 2025 8:55 am
Forum: General
Topic: Understanding config /interface ethernet on Atheros8327 RBD52G HapAC2
Replies: 2
Views: 183

Re: Understanding config /interface ethernet on Atheros8327 RBD52G HapAC2

Question on the Atheros 8237 switch chip that is in my hap2ac (rdb52G). The documentation at this page https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features#SwitchChipFeatures-Introduction indicates that you can change the advertised speed of an interface to multip different...
by mkx
Tue Jan 21, 2025 8:29 am
Forum: General
Topic: CPU Problem with CRS112-8P-4S after Update to 7.17
Replies: 2
Views: 226

Re: CPU Problem with CRS112-8P-4S after Update to 7.17

You have vlan-filtering=yes on bridge and CRS1xx can't offload such bridge to underlying switch chip. So all traffic passes CPU. This was the case since forever, nothing changed with 7.17 ... so you can consider yourself lucky that it didn't bite you earlier. You have to configure VLAN stuff on swit...
by mkx
Mon Jan 20, 2025 6:14 pm
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 4
Views: 426

Re: RTFC11: how to power with PoE 802.11at/af?

In theory a 802.3af/at compliant PD should accept both Mode A and mode B (it is the PSE that decides on which pins to apply power). Your Cisco most probably uses mode A (1,2+/3,6-). It is possible that either the thingy is not fully 802.3af/at compatible or that (for whatever reasons) it is defecti...
by mkx
Mon Jan 20, 2025 6:09 pm
Forum: RouterBOARD hardware
Topic: hEX refresh (E50UG) - router for gigabit internet?
Replies: 29
Views: 5541

Re: hEX refresh (E50UG) - router for gigabit internet?

Is hAP AC2 free of the "ether1 as uplink" problem?

I stand by @holvoetn and his answer.

And a spoiler: hAP ac2 doesn't suffer from same problem, all of its wired ports are equal, all are controlled by (same) switch chip.
by mkx
Mon Jan 20, 2025 2:59 pm
Forum: General
Topic: USB port doesnt work on hAP ac lite
Replies: 4
Views: 279

Re: USB port doesnt work on hAP ac lite

You can verify that USB port works and that USB device attached does present to RouterOS kernel by running command /system/resource/usb/print It should shown your attached device along with a few devices with name xHCI Host Controller . Yet another thing is to get USB device working ... and with ROS...
by mkx
Sun Jan 19, 2025 2:23 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 1859

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

@jaclaz: even if that was possible, how would you do it for architecture you don't have at home (e.g. ampere)?
by mkx
Sun Jan 19, 2025 2:13 pm
Forum: Announcements
Topic: v7.17 [stable] is released!
Replies: 245
Views: 33090

Re: v7.17 [stable] is released!

running 2 hAP ac2 (one with the 256MB and one with the 128MB flash storage) this model is supposed to have 16MB of flash, how did you get 128 or 256MB? I guess poster is confusing flash and RAM (early units came with 256MB RAM, the rest came with 128MB RAM as it was always advertised). All units AF...
by mkx
Sun Jan 19, 2025 10:38 am
Forum: Beginner Basics
Topic: Setting up DHCP for beginners
Replies: 5
Views: 511

Re: Setting up DHCP for beginners

New pool won't be created automatically. So if you expect to have more than around 200 devices in your network, then you have to make subnet larger than /24 ... /23 allows for 510 addresses, /22 adds another 512, etc. Increasing subnet requires some dilligence (selecting the right DHCP address range...
by mkx
Sat Jan 18, 2025 11:35 pm
Forum: General
Topic: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]
Replies: 4
Views: 315

Re: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]

Ah, when looking at /interface/wifi/cap I wasn't looking good enough ... and didn't see the slaves-static setting. Thank you for pointing it out.
by mkx
Sat Jan 18, 2025 11:16 pm
Forum: General
Topic: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]
Replies: 4
Views: 315

Re: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]

  • 1×RB5009 as main router and CAPsMAN + 3×hAP ac² as APs and bridges,

So how do you handle slave wifi interfaces in this scenario?
by mkx
Sat Jan 18, 2025 11:05 pm
Forum: General
Topic: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2
Replies: 19
Views: 1773

Re: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2

I believe your guess-work is far more educated than mine. I've no idea about how ROS works around such cases.
by mkx
Sat Jan 18, 2025 10:59 pm
Forum: General
Topic: Unable to upgrade
Replies: 2
Views: 203

Re: Unable to upgrade

After upgrade-induced reboot, log usually has something about upgrade process outcome ... if it fails, log tells the reason (insufficient storage space is one of reasons, various problems with optional packages are showstoppers ad well).
by mkx
Sat Jan 18, 2025 10:53 pm
Forum: General
Topic: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]
Replies: 4
Views: 315

wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]

So I've got this scenario: my LAN is fully VLAN tagged, all MT gear is running 7.16.2 except wAP ax which is running 7.17 I have hAP ac2 configured as main router and lately CAPsMAN. It doesn't have wifi-qcom-ac drivers installed, so it's wired-only I have wAP ax which runs wifi-qcom and can, thus, ...
by mkx
Sat Jan 18, 2025 10:35 pm
Forum: General
Topic: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2
Replies: 19
Views: 1773

Re: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2

@mkx, let me disagree - it is actually not the same ...

I agree it's not the same, I used word "similar" ...
by mkx
Sat Jan 18, 2025 10:11 pm
Forum: General
Topic: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2
Replies: 19
Views: 1773

Re: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2

It's similar problem to having two devices with same IPv4 address (albeit with different MAC addresses) ... it's possible to have it but involves NAT and multiple routing tables. Since NAT in IPv6 is a different beast, I'm not sure if (and how) your problem can be solved.
by mkx
Sat Jan 18, 2025 10:02 pm
Forum: General
Topic: Routing Traffic Based on CNAME Addresses in MikroTik RouterOS [solved]
Replies: 1
Views: 165

Re: Routing Traffic Based on CNAME Addresses in MikroTik RouterOS [solved]

Just to be precise:

edit: I figured it out, I'm routing my traffic through nginx proxy manager that handles the domain based routing

nginx doesn't "domain route" traffic, it (reverse) proxies it. Which is L7 operation - contrasted to routing which is L3 operation.
by mkx
Fri Jan 17, 2025 5:43 pm
Forum: General
Topic: Ether1 (NetInstall) port - danger for WAN?
Replies: 14
Views: 554

Re: Ether1 (NetInstall) port - danger for WAN?

It can only be an issue when: IMO none of ifs help with OP's considerations ... because they're out of device admin's hands. But there's an up side: netinstall is not triggered without doing a few things and all involve physical access to device at some point: button press while cold booting device...
by mkx
Fri Jan 17, 2025 2:54 pm
Forum: Beginner Basics
Topic: CAP bend set to B/G and not B/G/N [SOLVED]
Replies: 8
Views: 534

Re: CAP bend set to B/G and not B/G/N [SOLVED]

The problem with using capsman is that checking config locally doesn't actually have to reflect running values. One thing that CAPsMAN definitely doesn't do is overwrite configuration stored on CAP devices. So running export doesn't show any of CAPsMAN-provisioned settings. Running "monitor&quo...
by mkx
Fri Jan 17, 2025 2:44 pm
Forum: Announcements
Topic: v7.17 [stable] is released!
Replies: 245
Views: 33090

Re: v7.17 [stable] is released!

But the only reason I have that is because I can't remember which South American country is better :D Was it Panama? Brazil is better than ETSI most of times: 30dBm vs 20dBm on 2.4GHz, 30dBm vs. 14dBm on 5735-5875 MHz ... but not always: ETSI has 30dBm vs. 24dBm on 5490-5730 MHz. According to reg-i...
by mkx
Mon Jan 13, 2025 9:26 am
Forum: General
Topic: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"
Replies: 22
Views: 4040

Re: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"

Have you been handed over a 7.18 nightly build amongst whose feature the aim was to fix this issue you also faced? No, @timemaster seems to have received it this time. And I know it happened before (although rarely). So you have nothing to worry, there are no 'exceptional' forum members which recei...
by mkx
Mon Jan 13, 2025 9:21 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139879

Re: v7.17rc [testing] is released!

Can we get v7.17 out the door and move to v7.18 beta so we can see what's new..... this version dragging now. I do appreciate stability and rigorous testing but I also want movement and new features as there are stuff I'm waiting for which may or may not be in next version. A counter proposal: can ...
by mkx
Mon Jan 13, 2025 9:18 am
Forum: General
Topic: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"
Replies: 22
Views: 4040

Re: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"

Where do you got your source then that 7.18 would feature a fix for this issue?
See my second paragraph (add while you were posting your latest post).
by mkx
Mon Jan 13, 2025 9:15 am
Forum: General
Topic: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"
Replies: 22
Views: 4040

Re: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"

Would you happen to have a link to the changelog to expectat in 7.18? Nightly builds are alpha/developers' versions and nothing is guaranteed to enter to beta of same version. So there's never any changelog for nightly builds. We've seen stuff removed from beta versions (rarely, but it did happen) ...
by mkx
Mon Jan 13, 2025 9:12 am
Forum: General
Topic: Mikrotik and APs VLAN
Replies: 24
Views: 2041

Re: Mikrotik and APs VLAN

UniFi: vlan 1, 400, 401 (tagged) Mikrotik port 4: tagged with vlan 1,400,401. vlan 400 and vlan 401 works fine (seperated dhcp servers on Mikrotik interfaces) But vlan 1 does not work - i I bind the ip address on Mikrotik to vlan 1 interface, the connection to the Unifi will be lost. Unifi expects ...
by mkx
Mon Jan 13, 2025 9:08 am
Forum: Virtualization
Topic: Dell R610 and x86 RouterOS
Replies: 5
Views: 621

Re: Dell R610 and x86 RouterOS

Everything works except VLANs.
Without posting your config nobody will be able to help you. So either post it or, if you know better, go ask help somewhere else (yes, it sounds rude, but that's how it is).
by mkx
Sun Jan 12, 2025 8:23 pm
Forum: RouterBOARD hardware
Topic: New/better router with old config
Replies: 2
Views: 551

Re: New/better router with old config

At least wireless config can't be applied in any of two mentiobed ways. hAP ax3 runs wifi-qcom driver while your old hAP lite runs wireless driver ... and configuration of both is completely different.
by mkx
Sun Jan 12, 2025 5:19 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 874

Re: Is there a simple way to hang a virtual "Out of order" sign?

All employees have a cell phone......

How about using good ole public announcement system incude office building to announce internet outages? Those announcements will automatically reach only people physically present inside offices without them being stalked.
by mkx
Sun Jan 12, 2025 5:12 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 874

Re: Is there a simple way to hang a virtual "Out of order" sign?

Simple captive portals (almost) never work for intercepting anything encrypted. They work nicely when "a friendly" device first obrains connectivity and starts to check if it can access (certain servers on) internet. Captive portals appropriately block connectivity and direct client to ope...
by mkx
Sun Jan 12, 2025 4:53 pm
Forum: General
Topic: Mikrotik DDNS not working
Replies: 5
Views: 468

Re: Mikrotik DDNS not working

Are you, otherwise, able to access internet sites from router?

And another consideration: right now this forum feels sluggish to me (with 500 errors as well) which likely means that MT servers are under some kind of DDoS attack. And that likely includes DDNS servers as well.
by mkx
Sun Jan 12, 2025 3:42 pm
Forum: General
Topic: Brocade ICX 6450-24P w/ Mikrotik 5009: InterVLAN routing
Replies: 1
Views: 338

Re: Brocade ICX 6450-24P w/ Mikrotik 5009: InterVLAN routing

Your Brocade config indicates that Brocade will do the routing between VLANs. Are you sure about it? If yes, then you'll have to configure DHCP relay on Brocade. If not, then Brocade needs "router interface" only on management VLAN.
by mkx
Sun Jan 12, 2025 10:57 am
Forum: Beginner Basics
Topic: SSH out via dst-nat [SOLVED]
Replies: 3
Views: 1276

Re: SSH out via dst-nat [SOLVED]

I expected NAT rule with action dst-nat not to catch any connection from my local network unless it is changed to src-nat. So I guess connections outside goes thru both src-nat and then dst-nat? SRC-NAT and DST-NAT are very distinct operations, they happen at very different times (dst-nat is pretty...
by mkx
Sat Jan 11, 2025 7:30 pm
Forum: Beginner Basics
Topic: Auto Redirect IP with Port [SOLVED]
Replies: 6
Views: 742

Re: Auto Redirect IP with Port [SOLVED]

a dstnat port remapping seems like a possible solution, it should be something *like*: Very likely full hair-pin NAT is required as well if the non-standard port is to mapped to standard one for LAN access as well. And hair-pin NAT comes with a bag of annoyances (e.g. "why don't I see real cli...
by mkx
Sat Jan 11, 2025 4:05 pm
Forum: Beginner Basics
Topic: Auto Redirect IP with Port [SOLVED]
Replies: 6
Views: 742

Re: Auto Redirect IP with Port [SOLVED]

Not really (@OP is asking how to instruct browser to connect to non-standard port). Whenever client app needs to access server app, it has to know which port to use. In your case client app is browser and they assume standard port for http (80) and lately they assume https (443). Browsers are perfec...
by mkx
Sat Jan 11, 2025 1:25 pm
Forum: General
Topic: Throughput issues with PPPoE over 10Gbit XGS-PON
Replies: 11
Views: 3337

Re: Throughput issues with PPPoE over 10Gbit XGS-PON

It's strange some ISPs hold on to 20 year old concepts. I guess it suits them well for a few purposes ... one of them is user management (less fuss to e.g. assign static IP address and IPv6 prefix). And obviously they don't bother about (under)performance of 3rd party routers, they just care about ...
by mkx
Sat Jan 11, 2025 12:03 pm
Forum: Wireless Networking
Topic: Problems connecting to Wifi as a client - hAP AX lite LTE6 [SOLVED]
Replies: 2
Views: 672

Re: Problems connecting to Wifi as a client - hAP AX lite LTE6 [SOLVED]

If you want to use hAP ax as client to hotel's wireless network, then wifi interface has to be running in mode=station. Also channel settings have to be on default (auto) settings. And then there are higher-level settings which are wrong/missing, e.g. DHCP client tunning on wifi1 interface (now it's...
by mkx
Sat Jan 11, 2025 12:18 am
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 1572

Re: Mgmt vlan not available (Crs 328 24p 4s)

You have to set pvid=99 on ether8 ... currently these are not correctly related: /interface bridge port add bridge=Bridge interface=ether8 /interface bridge vlan add bridge=Bridge comment=MGMT tagged=ether23,Bridge,ether1 untagged=ether8 \ vlan-ids=99 Default pvid setting (and thus not shown in expo...
by mkx
Fri Jan 10, 2025 6:38 pm
Forum: RouterBOARD hardware
Topic: HEX S sometimes fails to start properly [SOLVED]
Replies: 13
Views: 3186

Re: HEX S sometimes fails to start properly [SOLVED]

the adapter is OK (24V). Idle or under load? Marginal power adapter might output close to 24V when idle but drop voltage under load. And failing capacitors also mean very uneven output voltage which isn't shown by normal voltmeters, oscilloscope does OTOH. The uneven supply voltage can disrupt devi...
by mkx
Fri Jan 10, 2025 3:47 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 3917

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

I'm using 6to4, but I'm assuming there's probably a way to switch it to 6to6 as I can get a single IP6 address and it's probably going to be a little better? Actually not likely. No because IPv6 (the outer layer added by tunnel) has larger headers which means lower payload per same MTU ... which ul...
by mkx
Fri Jan 10, 2025 3:41 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 3917

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

Their network team cannot see the ONT (cryptic wall box) and the IP allocation is not coming through it anymore. They cannot see very much because of this. This is wrong …. If the network team cannot see the ONT …. Another possibility (very common where optical network owner is different than ISP) ...
by mkx
Fri Jan 10, 2025 3:36 pm
Forum: General
Topic: Won't connect without DHCP...?
Replies: 6
Views: 561

Re: Won't connect without DHCP...?

While waiting to see configuration export, just a comment: "static ARP" is calling for problems ... while it doesn't really provide any security (setting MAC address on interface is only too easy).
by mkx
Fri Jan 10, 2025 3:29 pm
Forum: General
Topic: DHCP Server - Domain [SOLVED]
Replies: 3
Views: 693

Re: DHCP Server - Domain [SOLVED]

This setting sets DHCP Option 15 (the domain name that client should use as suffix when resolving hostnames via the Domain Name System) ... and it's entirely up to clients on how they use them. Definitely nothing to do with DHCP server or DHCP client. So normally yes, <my.domain.tld> can be "ho...
by mkx
Fri Jan 10, 2025 3:25 pm
Forum: General
Topic: Automatically updating DST NAT when IP changes
Replies: 8
Views: 852

Re: Automatically updating DST NAT when IP changes

I suggest using/setting CNAME records in your main DNS for each DDNSed router item. This only helps with naming (e.g. when router changes, it's DDNS name changes ... and it then has to be changed in many places. If one uses CNAME records, then change has to be done only for that particular CNAME). ...
by mkx
Fri Jan 10, 2025 3:10 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139879

Re: v7.17rc [testing] is released!

... so IGMP Snooping is now disabled again. And it's a feature that I actually need (IPTV usage). It depends. My ISP offers IPTV over tagged VLAN ... so I pass that VLAN only to required ports (connecting TV boxes). Even without IGMP snooping, only those few ports get active streams. Indeed all act...
by mkx
Fri Jan 10, 2025 9:08 am
Forum: Wireless Networking
Topic: WIFI won't turn on(R) after upgrade and downgrade [SOLVED]
Replies: 2
Views: 823

Re: WIFI won't turn on(R) after upgrade and downgrade [SOLVED]

wireless interface shows "R" status only if there's at least one wireless client (station) connected to it. Are you saying that SSID is actually not broadcasted? This is best verified by using some kind of wireless debugging application on wireless client (there are plenty of usable apps f...
by mkx
Fri Jan 10, 2025 9:02 am
Forum: Wireless Networking
Topic: old and new Capsmann with VLAN- no conecction with the new Capsmann
Replies: 6
Views: 1241

Re: old and new Capsmann with VLAN- no conecction with the new Capsmann

New CCMP is same as old AES CCM ... CCMP256 and GCMP* are new ones (not widely supported by wireless stations though, some even barf on seeing these supported by AP).
by mkx
Fri Jan 10, 2025 8:55 am
Forum: General
Topic: Mikrotik and APs VLAN
Replies: 24
Views: 2041

Re: Mikrotik and APs VLAN

UniFi: vlan 1, 400, 401 (tagged) Mikrotik port 4: tagged with vlan 1,400,401. "Native VLANs" (whatever that means) should never be tagged on wires ... also devices on both ends of same cable have to have same config ... and in your case UniFi has "native" (whichever that is) VLA...
by mkx
Fri Jan 10, 2025 8:52 am
Forum: General
Topic: DHCP Server - Domain [SOLVED]
Replies: 3
Views: 693

Re: DHCP Server - Domain [SOLVED]

Domain is domain name ... without leading dot. So if your host names are e.g. "host.my.domain.tld", then you should set domain property of DHCP server network entries to domain=my.domain.tld
by mkx
Fri Jan 10, 2025 8:46 am
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 1500

Re: Printer on different VLAN

Unfortunately I receive the following error message: "failure: incoming interface matching not possible in output and postrouting chains". Any ideas? Then just omit the in-interface property from NAT rule definition. You can instead use src-address property (e.g. src-address=!192.168.30.0...
by mkx
Thu Jan 09, 2025 8:15 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 37501

Re: wAP ax?

I'm waiting the day when @anav will post that he replaced tplink APs with Mikrotiks and want some advice on CAPsMAN :D :lol:

That will follow the act of Canada becoming part of US a.k.a. when the hell freezes :lol:
by mkx
Thu Jan 09, 2025 8:09 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 3917

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

Just to make sure: your WAN is connected to ether1?
by mkx
Thu Jan 09, 2025 6:10 pm
Forum: General
Topic: Automatically updating DST NAT when IP changes
Replies: 8
Views: 852

Re: Automatically updating DST NAT when IP changes

.. why not just set the dst-nat rule to use in-interface where the in-interface = your WAN interface?

Hairpin-NAT doesn't work with in-interface, it's got to be dst-address.
by mkx
Thu Jan 09, 2025 12:19 pm
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 1500

Re: Printer on different VLAN

You need a second firewall rule that also allows the traffic from IOT / Print as in interface to the out interface home. Basically the "return traffic". It's already there, this is the one: add action=accept chain=forward comment=\ "accept established,related,untracked" connecti...
by mkx
Thu Jan 09, 2025 12:16 pm
Forum: General
Topic: DHCP server problem
Replies: 6
Views: 622

Re: DHCP server problem

How in particular did you export and import config? Did you use backup and restore commands ... or export and import ? If the former ... then it's known (apparently not well though) that binary backups (results of backup ) are not intended to move config from one device to another one. Specially so ...
by mkx
Thu Jan 09, 2025 12:11 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 506
Views: 225125

Re: v7.16.2 [stable] is released!

- Dude server (I can confirm that after upgrading it to 7.16.2 you can upgrade routerOS devices from Dude (it does not upgrade the routerboard though and in my case I had to install extra packages manually (upgrading from 7.12.1 to 7.16.2) - but I was doing it for the first time, maybe I don't know...
by mkx
Thu Jan 09, 2025 11:24 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139879

Re: v7.17rc [testing] is released!

You could try to change some memory settings in BIOS regarding mapping memory of PCI peripherial devices ... Another thing to try is to increase memory size on PC, the number says it needs a bit less than 4M of contiguous space (not sure if that's possible with your hardware). But the error does see...
by mkx
Thu Jan 09, 2025 11:17 am
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1916

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

SPF connection is no-go for me, as the infrastructure is already buried in the walls.

It's always option to take down the walls :wink:

You never mentioned how the 3 devices are placed physically, so I (wrongly it seems) assumed they are in same place.
by mkx
Thu Jan 09, 2025 11:12 am
Forum: Wireless Networking
Topic: Wi-Fi unstable hAP ax3
Replies: 6
Views: 788

Re: Wi-Fi unstable hAP ax3

Which SSID is used while you experience problems? What is signal strength, indicated by wireless station at the spot you normally use it? If you check WiFi environment (use some WiFi diagnostic AP on your phone), are there many other APs seen? You have left channel selection to automatic ... does it...
by mkx
Thu Jan 09, 2025 11:01 am
Forum: General
Topic: Routing issue
Replies: 3
Views: 567

Re: Routing issue

You don't need any additional routing on switch (as all packets outside it's own subnet - 192.168.88.0/24 - will have to pass over router anyway). Do you have appropriate SRC-NAT rules established on router? Not that when both routes are up and running, the "normal" masquerade rule will li...
by mkx
Thu Jan 09, 2025 9:18 am
Forum: Wireless Networking
Topic: iPhone bouncing between AP's
Replies: 6
Views: 709

Re: iPhone bouncing between AP's

Signal strength, mentioned in CAPsMAN's logs, is signal strength of station as received by CAP. Ideally it should be quite similar to what station receives from AP but can be lower due to lower device Tx power (battery-powered devices are entitled to use lower power in order to prolong battery life ...
by mkx
Thu Jan 09, 2025 8:58 am
Forum: General
Topic: My LHG - LTE18 is having a Stroke. :D
Replies: 12
Views: 981

Re: My LHG - LTE18 is having a Stroke. :D

It's hard to trouble shoot behaviour which happens only rarely. When it happens next time, don't forget to thoroughly check the logs, there might be something in it. Another thing to do is to create supout.rif file and send it to Mikrotik support ... they might decode the device state and comment on...
by mkx
Thu Jan 09, 2025 8:50 am
Forum: General
Topic: Automatically updating DST NAT when IP changes
Replies: 8
Views: 852

Re: Automatically updating DST NAT when IP changes

Solution will work ... but with some delay which depends on DDNS provider settings. Mikrotik's own DDNS solution, which creates <serial_number>.sn.mynetname.net DNS entries, have TTL set to 60 seconds. And option with adding DNS name as member of address lists does observe TTL. Which means that if o...
by mkx
Wed Jan 08, 2025 9:41 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 3917

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

/ipv6/settings/set accept-router-advertisements: yes expected end of command (line 1 column 20) Sorry, it should be /ipv6/settings/set accept-router-advertisements=yes If it doesn't allow you to unset prefix-length, then set it to 64. You can omit requesting address ... it's not always needed and s...
by mkx
Wed Jan 08, 2025 9:30 pm
Forum: Beginner Basics
Topic: Hotspot on Bridge VLAN
Replies: 12
Views: 1426

Re: Hotspot on Bridge VLAN

You have quite some settings on L2 entities (bridge ports, etc.), which IMO border on paranoia ... and might affect hotspot operations. You might want to create a very simplified lab setup, starting from defaults and then add settings toward your intended setup ... while checking if hotspot still wo...
by mkx
Wed Jan 08, 2025 9:16 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 3917

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

I don't know if that would fix the problem, but: don't create IPv6 pool manually. DHCPv6 client will create it automatically after it receives prefix. don't use prefix-length=48 (either set it to 64 or omit it altogether), it doesn't do what you probabky think it does. It's about prefix length when ...
by mkx
Wed Jan 08, 2025 7:56 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1916

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Regarding loop between yellow and green parts: if you're careful not to pass same VLAN (tagged or as native) via multiple ports, then there won't be a loop. RSTP or plain STP would detect a loop (their BPDUs disregard VLAN IDs), MSTP would be fine. Another remark (it can be called personal preferenc...
by mkx
Wed Jan 08, 2025 7:38 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2158

Re: NORMUNDS FOR PRIME MINISTER

Attempt4: Why did I volunteer to attend this event for Viktors......
I think the PM's drug-sniff dogs excluded him from the event.
... it reads "volunteer" ... which begs for question: whom did drug-sniffing dogs exclude: Normunds, Viktors, both or themselves?
by mkx
Wed Jan 08, 2025 7:25 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2158

Re: NORMUNDS FOR PRIME MINISTER

I heard they were discussing Latvia buying Cloudflare...

Or is it the other way around? :lol:
by mkx
Wed Jan 08, 2025 7:15 pm
Forum: Beginner Basics
Topic: Hotspot on Bridge VLAN
Replies: 12
Views: 1426

Re: Hotspot on Bridge VLAN

this device does not have a switch chip you can use multiple bridges if you do not use STP. True. But then there will be a ton of vlan interfaces (one per VLAN and per port) plus multitude of bridges (one per vlan) ... compared to one bridge and few vlan interfaces (one per VLAN with which device h...
by mkx
Wed Jan 08, 2025 7:00 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 37501

Re: wAP ax?

wAP ax Christmas edition season 2024/2025 :D :D Decorated by me, approved by wife :lol: As Christmass season 2024/25 is almost over, is there any new decoration available? I have my wAP ax ordered and I'm wondering if I have to order some WAF enhancement kit as well? I guess it'll be a close call s...
by mkx
Wed Jan 08, 2025 2:36 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1916

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

EDIT2 : Would a proper term be, that instead of saying native VLAN or VLAN 1, I should rather say, that tv boxes require also untagged traffic? Maybe this way it makes more sense - from ISP the iptv broadcast comes on VLAN 5 as tagged frames, and ISP performed updates and configuration of the tvbox...
by mkx
Wed Jan 08, 2025 2:23 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1916

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

So, it still boils down to "do not use VLAN1" (unless you really know where your towel is), right? :lol:

That's about it. So when in doubt, it's 42.
by mkx
Wed Jan 08, 2025 1:29 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ ethernet status led not working
Replies: 4
Views: 801

Re: CCR1009-7G-1C-1S+ ethernet status led not working

I saw that netinstall flash does not affect bootloader. Do you happen to know if its the OS containing firmware that controls these leds or its something else other that could be flashed ? Flash is updated from within ROS via system-> routerboard submenu. ROS will always contain routerboot flash im...
by mkx
Wed Jan 08, 2025 9:25 am
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 1916

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Native VLAN doesn't necessarily mean VLAN1, do you mean that your ISP is using VLAN1 as "native"? Well, I'm not sure how to check that. When I was trying to find out which VLANs they use, I simply ran a torch on input interface to see which VLANs appear there. Most often "Native VLAN...
by mkx
Wed Jan 08, 2025 9:12 am
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ ethernet status led not working
Replies: 4
Views: 801

Re: CCR1009-7G-1C-1S+ ethernet status led not working

The device you're looking at is pretty old now. It's likely that it's starting to fail ... there have been numerous cases where capacitors (both in power adapter and on device's board) have bulged and then device experienced very random ways of misbehaviour. It's likely that configuration isn't at f...
by mkx
Tue Jan 07, 2025 8:21 pm
Forum: Beginner Basics
Topic: Bridge usage with VLAN setups
Replies: 10
Views: 1176

Re: Bridge usage with VLAN setups

IMO it doesn't make much sense to use bridge with single port. The only functionality bridge could offer are bridge filters ... for simplicity sake most things done by bridge filters can be done by L3 firewall. But using bridge does insert additional step in frame/packet processing (even if CPU cycl...
by mkx
Tue Jan 07, 2025 7:18 pm
Forum: General
Topic: Can somebody help me understand IPv6 subnets?
Replies: 6
Views: 949

Re: Can somebody help me understand IPv6 subnets?

I set request=address,prefix, and I'm getting both a /60 prefix and an unrelated /128 address for my router. Do I need the address? Could I (and should I) just use request=prefix instead? Is there a benefit to my router having both? From what I remember of how layer-3 works, from the ISP's perspect...
by mkx
Tue Jan 07, 2025 6:46 pm
Forum: Beginner Basics
Topic: Bridge usage with VLAN setups
Replies: 10
Views: 1176

Re: Bridge usage with VLAN setups

How I understood: If you want to benefit from HW offload where possible (for those devices where it is supported), using bridge for setting up VLANs is the default way already for quite some years. I'm specifically talking about the use-case where I have a Trunk Port on my MikroTik Router which goe...
by mkx
Tue Jan 07, 2025 3:38 pm
Forum: RouterBOARD hardware
Topic: RB260GSP POE Switch
Replies: 6
Views: 869

Re: RB260GSP POE Switch

In shoret: very likely RB260GSP can't be used to power your camera. There are two kinds of PoE: standard 802.3 af/at/bt It operates at 48V, different generations (af vs. at vs. bt) differ in maximum power allowed (and number of UTP pairs used to pass power) and in some minor details. Your camera is ...
by mkx
Tue Jan 07, 2025 9:06 am
Forum: General
Topic: Can somebody help me understand IPv6 subnets?
Replies: 6
Views: 949

Re: Can somebody help me understand IPv6 subnets?

To add subnets, should I just add more /ipv6 addresses but instead of ::1 do ::1:0000:0000:0000:0001, ::2:0000:0000:0000:0001, etc. for each subnet? Unfortunately it's not really possible to set those "S" bits in IPv6 address assignment. So you have to go with example by @ConradPino above...
by mkx
Mon Jan 06, 2025 7:17 pm
Forum: Beginner Basics
Topic: bridge mac address flooding on all the vlans passed in crs
Replies: 1
Views: 656

Re: bridge mac address flooding on all the vlans passed in crs

Bridge doesn't "flood" its MAC address on trafgic passing via debice ... because MAC address (neither src nor dst) doesn't get rewritten by bridge or switch. So you'll have to be more speciffic as to what you think is a problem. Could be STP/RSTP BPDU frames ... those aren't VLAN tagged by...
by mkx
Sun Jan 05, 2025 12:01 pm
Forum: Beginner Basics
Topic: Did the Mikrotik firewall block the open ports?
Replies: 38
Views: 3167

Re: Did the Mikrotik firewall block the open ports?

Because of this rule, all incoming tcp traffic to port 443 is answered by the router: add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp The input chain is used for traffic to the router, the forward chain for traffice between networks (like WAN and LAN). Not com...
by mkx
Sun Jan 05, 2025 11:50 am
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 80
Views: 40069

Re: Newsletter #122 | December 2024

Probably price is just a matter of scale for the ONT, but of course they are more complex. Less cabling and less active components however are definitely cheaper. Well ... I don't think they can be cheaper to manufacture than plain FTTH SFPs ... no matter the production scale. The price may come cl...
by mkx
Sat Jan 04, 2025 10:44 pm
Forum: General
Topic: Chateau Pro AX slow speed [SOLVED]
Replies: 17
Views: 1927

Re: Chateau Pro AX slow speed [SOLVED]

It is not (completely) default config. I.e. the IPv6 rules are not there by default. No problem...
Yes they are in ROS v7 (where IPv6 is not optional any more). And yes they are if ipv6 optional package in v6 is installed and enabled when ROS config is reset to factory default.
by mkx
Sat Jan 04, 2025 10:26 pm
Forum: Wireless Networking
Topic: Use SXT6 LTE units as point to points
Replies: 5
Views: 1101

Re: Use SXT6 LTE units as point to points

SXT LTE kit and SXT LTE6 kit devices come with ROS licence level 3 ... which doesn't allow to configure its wifi interface as AP or AP-bridge. So these units are only usable for PtP links (one is bridge, the other is station-bridge) or as spoke devices in PtMP (where hub is AP-bridge and spokes are ...
by mkx
Sat Jan 04, 2025 10:16 pm
Forum: Beginner Basics
Topic: Reduce wifi signal strength [SOLVED]
Replies: 5
Views: 1415

Re: Reduce wifi signal strength [SOLVED]

1. Suggestion to increase antenna gain was the best available option before ROS version around 6.44 (or something like that) ... until that certain version, setting Tx power in absolute numbers had been both complicated (it had to be a table with different powers for different rates) and had potenti...
by mkx
Sat Jan 04, 2025 10:04 pm
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 80
Views: 40069

Re: Newsletter #122 | December 2024

PON is way cheaper than individual links. Especially in rural areas, deploying PON is also extremly fast&easy. The cost of the last mile is very high, especially if you consider the economy of scale (1user for 1 link). PON saves costs on "the first mile" part of it ... single optical ...
by mkx
Fri Jan 03, 2025 2:14 pm
Forum: General
Topic: NTP Synchronization Issue with HMI in a Router-Switch Setup
Replies: 6
Views: 1493

Re: NTP Synchronization Issue with HMI in a Router-Switch Setup

It could be that your ISP is blocking UDP traffic with dst port 123 towards your router. Have a look at this thread for a work around: viewtopic.php?t=208791
by mkx
Fri Jan 03, 2025 2:03 pm
Forum: General
Topic: Supported SSH MACs
Replies: 3
Views: 2470

Re: Supported SSH MACs

Now at https://help.mikrotik.com/docs/spaces/ROS/pages/132350014/SSH or https://wiki.mikrotik.com/Manual:IP/SSH . But it doesn't seem to work on RouterOS v6 (tested with v6.49.8 ). Unfortunately Mikrotik's documentation doesn't include history ... e.g. which ROS version brought certain feature or c...
by mkx
Fri Jan 03, 2025 12:50 pm
Forum: General
Topic: Connect and Disconnect (continuing)
Replies: 14
Views: 2123

Re: Connect and Disconnect (continuing)

... especially because you use the complete bandwidth of wifi at 2.4GHz.

Half (give or take) actually. 2.4GHz band (for anything newer than 802.11B) is 70MHz wide (in NA and related parts of universe) or 80MHz wide (elsewhere) ... and 2462/n/eC channel is 40MHz wide.
by mkx
Fri Jan 03, 2025 12:38 pm
Forum: General
Topic: MT Firewall & DST NAT question [SOLVED]
Replies: 10
Views: 1918

Re: MT Firewall & DST NAT question [SOLVED]

A bit annoying and uncommon to do security related filtering on the NAT side of things.. One thing to keep in mind: NAT is not about security ... although it does seem to help some times. So one thing is to introduce NAT rules and a separate thing is to add appropriate firewall rules. It's up to ad...
by mkx
Thu Jan 02, 2025 4:17 pm
Forum: General
Topic: MT Firewall & DST NAT question [SOLVED]
Replies: 10
Views: 1918

Re: MT Firewall & DST NAT question [SOLVED]

are there supposed to be hits on DST NAT rules for traffic that is not permitted by the FW? Yes, there are. According to packet flow , DST-NAT is part of pre-routing ... and firewall filter rules are part of either input or forward packet path ... which both come after pre-routing. Sometimes it's p...
by mkx
Tue Dec 31, 2024 7:11 pm
Forum: General
Topic: Troubles with performance of CAPsMAN-managed WIFI on RoS 7.16.2 with vlans
Replies: 19
Views: 1655

Re: Troubles with performance of CAPsMAN-managed WIFI on RoS 7.16.2 with vlans

On networks with any kind of problems (real or perceived, e.g. packet loss or large RTT), TCP and UDP connections behave very much differently. For UDP connections packet drop is fine and stats show high throughput with high packet loss. Usually throughput shown on Tx side reflects throughput of fir...
by mkx
Tue Dec 31, 2024 1:06 pm
Forum: Beginner Basics
Topic: IPv6 struggle
Replies: 3
Views: 970

Re: IPv6 struggle

Two things: disable add-default-gateway on /ipv6 dhcp-client . The way it's now might work (depends on how your ISP does things), but it's not the correct way. Instead set accept-router-advertisements=yes under /ipv6/settings . more crucially: assign IPv6 address to LAN interface (bridge) to enable ...
by mkx
Tue Dec 31, 2024 10:45 am
Forum: Beginner Basics
Topic: Router and Switch configuration. Why can I ping the router but not the switch?
Replies: 2
Views: 866

Re: Router and Switch configuration. Why can I ping the router but not the switch?

In short: being able to access router's IP address via "non-native" interface is more or less cosmetic thing. A longer explanation: looking at packet flow it becomes obvious that one of early things that stateful firewall does is to classify ingress packets to firewall chains. If packet is...
by mkx
Mon Dec 30, 2024 5:18 pm
Forum: Wireless Networking
Topic: CAPsMAN DHCP Server for CAP AX Client
Replies: 15
Views: 2523

Re: CAPsMAN DHCP Server for CAP AX Client

Are those HP switches configured with VLANs? No sir, this unmanaged switch, As @holvoetn already wrote, unmanaged / non-VLAN-aware switches are a problem in your intended setup. Managed switches are not absolute requirement in VLANed network, but they have to be able to pass "mini-jumbo" ...
by mkx
Mon Dec 30, 2024 3:34 pm
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 80
Views: 40069

Re: Newsletter #122 | December 2024

PON is used to limit the amount of equipment in street cabinets, which reduces costs. If FTTx is regulated, then PON makes more sense to infrastructure owner ... because in this case competitor can't lease dark fiber, it can only rent bit stream and infrastructure owner has more control over whatev...
by mkx
Sun Dec 29, 2024 4:49 pm
Forum: General
Topic: CCR2004-16G-2S+ shows wrong cpu mhz
Replies: 9
Views: 1075

Re: CCR2004-16G-2S+ shows wrong cpu mhz

Also check settings in /system/device-mode ... I think you have to enable routerboard property to change cpu frequency setting ... just don't know which particular ROS version started to require that (could be it's 7.17).
by mkx
Sun Dec 29, 2024 2:57 pm
Forum: General
Topic: DOH certificate verify issue
Replies: 7
Views: 2269

Re: DOH certificate verify issue

which is, to be frank, unnecessary to know about half of millions revoked certificates :-)

They were revoked for a reason and it's only the right thing to be able to verify if certificate of server our device is talking to is one of those. If you don't care, then that's your problem (or wisdom).
by mkx
Sun Dec 29, 2024 2:49 pm
Forum: General
Topic: dstnat doesn't work on L009UiGS-RM Router [SOLVED]
Replies: 40
Views: 2841

Re: dstnat doesn't work on L009UiGS-RM Router [SOLVED]

Okay, in this case, I can see that all my ports are open, but is this the right way to open ports?

If you want ports open, then this is the right way. If you're concerned about security, then don't open them. Or restrict access to those ports.
by mkx
Sun Dec 29, 2024 1:48 pm
Forum: General
Topic: CCR2004-16G-2S+ shows wrong cpu mhz
Replies: 9
Views: 1075

Re: CCR2004-16G-2S+ shows wrong cpu mhz

Nominal CPU frequency is 1700MHz. But it's possible to overclock it by setting /system/routerboard/settings set cpu-frequency=<value> . Nowdays default setting is auto which allows ROS to scale frequency up or down depending on CPU core load. Sometimes this doesn't work too well (it takes sone time ...
by mkx
Sun Dec 29, 2024 12:20 pm
Forum: General
Topic: Where are the packages
Replies: 2
Views: 767

Re: Where are the packages

How do I remove the packages from RouterOS now?

If they are not listed under Packages, then they are not installed. New CAPsMAN is included in core (routeros) package since version 7.13 (so running new CAPsMAN doesn't require any optional package).
by mkx
Sat Dec 28, 2024 1:25 pm
Forum: Wireless Networking
Topic: CAPsMAN DHCP Server for CAP AX Client
Replies: 15
Views: 2523

Re: CAPsMAN DHCP Server for CAP AX Client

Are those HP switches configured with VLANs? BTW, as soon as cAP is provisioned by CAPsMAN, local settings under /interface/wifi largrly don't sppky. Which includes datapath. Settings from CAPsMAN apply, including bridge name (and yours don't match). So I wonder how on earth could anything work actu...
by mkx
Sat Dec 28, 2024 1:10 pm
Forum: General
Topic: DHCPv6 client not assigning the received address on NIC
Replies: 5
Views: 950

Re: DHCPv6 client not assigning the received address on NIC

Which ROS version? Only newer v7 versions correctly display dynamic IPv6 addresses and routes, older versions (including all v6 versions) omit them from print command. Addresses and routes are there or else IPv6 wouldn't work in certain aspects.
by mkx
Sat Dec 28, 2024 1:00 pm
Forum: General
Topic: [solved] Restrict IPv6 access
Replies: 7
Views: 1199

Re: Restrict IPv6 access

What I don't understand: why reply-only work for IPv4, but not for IPv6 ? Because address acquisition for IPv6 works very differently than for IPv4. For starters there's SLAAC (which is based on RAs and those are elementary for getting routing working) and networked devices assign addresses them se...
by mkx
Fri Dec 27, 2024 4:58 pm
Forum: Wireless Networking
Topic: Mikrotik AX PTP Netmetal AX
Replies: 38
Views: 4694

Re: Mikrotik AX PTP Netmetal AX

Check setting of property configuration.distance . Here's description: The distance is setted for 22km, check the first photo in the first message. This was replying to @MulderSK. Looking at ping responses is mostly useless. I don't agree. You have every right to disagree. But so do I :wink: Did yo...
by mkx
Fri Dec 27, 2024 4:45 pm
Forum: Wireless Networking
Topic: CAPsMAN DHCP Server for CAP AX Client
Replies: 15
Views: 2523

Re: CAPsMAN DHCP Server for CAP AX Client

Your network is obviously not as flat as you're trying to imply. There are 3 VLANs mentioned next to CAPsMAN device (and possibly the "untagged" subnet). You're also writing about "hubs" ... these days nobody uses ethernet hubs, everybody is using ethernet switches, quite possibl...
by mkx
Thu Dec 26, 2024 9:30 pm
Forum: Wireless Networking
Topic: Audience backhaul issues
Replies: 8
Views: 1948

Re: Audience backhaul issues

As far as I can tell, you're heading in the right direction with the latest config snippet.
by mkx
Tue Dec 24, 2024 11:58 pm
Forum: Wireless Networking
Topic: Mikrotik AX PTP Netmetal AX
Replies: 38
Views: 4694

Re: Mikrotik AX PTP Netmetal AX

not only does the ping drop, but the connection is also interrupted
Which connection? The wireless link? Winbox management connection?
by mkx
Tue Dec 24, 2024 3:51 pm
Forum: Wireless Networking
Topic: Mikrotik AX PTP Netmetal AX
Replies: 38
Views: 4694

Re: Mikrotik AX PTP Netmetal AX

Looking at ping responses is mostly useless. If link is fully utilized, then those pings will get queued and seemingly dropped ... in reality they will likely get around but with round trip delay larger than 1s (which is usual timeout value), responses will be ignored by ping application. Try to run...
by mkx
Tue Dec 24, 2024 3:33 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139879

Re: v7.17rc [testing] is released!

New beta 7.18 for christmas? I wish Not likely. So far, beta only came out after previous version was released as stable. 7.17 is still Release Candidate and folks @MT are running out of time ... it's almost Christmas eve, Latvia is at UTC+2 which means it's 3:30 PM and almost end of office time.
by mkx
Tue Dec 24, 2024 12:09 pm
Forum: General
Topic: Question related to "RouterOS bridge mysteries explained"
Replies: 8
Views: 1170

Re: Question related to "RouterOS bridge mysteries explained"

@HeptaZ, did you read through excellent Using RouterOS to VLAN your network tutorial?

Because most of discussion in this thread is about VLANs and they are explained pretty well in the tutorial I linked above.
by mkx
Tue Dec 24, 2024 12:02 pm
Forum: General
Topic: Problem with smtp gmail and tls setting
Replies: 3
Views: 918

Re: Problem with smtp gmail and tls setting

There are things to be set-up on gmail side, check their article: https://support.google.com/a/answer/2520500?hl=en

Then it could be TLS support mismatch. AFAIK ROS supports up to TLS 1.2 and some sites already require minimum of TLS 1.3 (not sure if gmail does).
by mkx
Tue Dec 24, 2024 11:23 am
Forum: Wireless Networking
Topic: Mikrotik AX PTP Netmetal AX
Replies: 38
Views: 4694

Re: Mikrotik AX PTP Netmetal AX

Check setting of property configuration.distance . Here's description: distance () Maximum link distance in kilometers, needs to be set for long-range outdoor links. The value should reflect the distance to the AP or station that is furthest from the device. Unconfigured value allows usage of 2 km l...
by mkx
Tue Dec 24, 2024 11:18 am
Forum: General
Topic: access to MKT even though its offline
Replies: 6
Views: 995

Re: access to MKT even though its offline

If there's a chain of accessibility (i.e. you can access R1 but cant access R2 directly, while R1 can access R2), then you can use CLI (ssh, MAC telnet, normal telnet) if any of these is allowed on R2. ROS includes clients for all mentioned protocols. The only issue is with MAC telnet, ancient versi...
by mkx
Tue Dec 24, 2024 11:13 am
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 185
Views: 26168

Re: hap ax3 random wireless disconnects

Mikrotik app for Android shows the following value of dtim-period setting:

It might be artifact (by Tik app) for not having property set at all ... in which case default value (1) would be used.

When in doubt, always use CLI to verify ... and report a bug in UI to MT to get it fixed.
by mkx
Tue Dec 24, 2024 10:36 am
Forum: Wireless Networking
Topic: HAP ax3 : still support 2.4G standard B or not ?
Replies: 8
Views: 1188

Re: HAP ax3 : still support 2.4G standard B or not ?

Setting of band property on new wifi actually only limits the newest generation of wifi technology but allows all the older. So by setting band=2ghz-n one is allowing B, G and N, but not AX. When constructing AP for really old devices, one has to be extra careful with security settings: B-only devic...
by mkx
Tue Dec 24, 2024 9:27 am
Forum: General
Topic: Rb 951 configuration
Replies: 2
Views: 748

Re: Rb 951 configuration

I'm trying to configure my rb951 to access Internet from ISP router but after setting the static IP ( 192.168.100.100/24) and checking routes and when I try to ping google.com Does your ISP support DHCP as means of obtaining IP config for clients? If it does, then use it, it's usually less error-pr...
by mkx
Tue Dec 24, 2024 9:15 am
Forum: Beginner Basics
Topic: Help needed - How to mitigate DDOS atacks with dns
Replies: 21
Views: 2614

Re: Help needed - How to mitigate DDOS atacks with dns

I’m sure I listened to a MuM talk once that forwarding a packet to black hole takes less CPU than dropping? If there's a very effective way of doing it. Otherwise I doubt it. But whatever one does, packets definitely have to be silently dropped (as opposed to rejecting them with ICMP port unavailab...
by mkx
Mon Dec 23, 2024 2:23 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 185
Views: 26168

Re: hap ax3 random wireless disconnects

Had same issues, changed DTIM values to 3 for 5GHz (it was 10 by default), the same was proposed upper in the thread, 2 days - no disconnects so far. A random thread from quite some time ago ... which concluded that DTIM interval longer than around 3 can (and will) cause problems with certain stati...
by mkx
Mon Dec 23, 2024 12:58 pm
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 80
Views: 40069

Re: Newsletter #122 | December 2024

But it seems the CRS304 can FastTrack at 1700 which would be acceptable for a 2.5G WAN. Not in my book. I'm paying monthly fee to ISP and I certainly want to have hardware which can use all of what I'm paying for. Otherwise I can save a few euros (every month) and live with slightly slower WAN link...
by mkx
Mon Dec 23, 2024 12:50 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139879

Re: v7.17rc [testing] is released!

Don't know how far 2.4ghz interference can go for USB3. The test computer is around 2/3 meters away from the next AP. The big problem is interference between locally connected interfaces (i.e. hAP ax3 with flakey USB3 stick plugged in and 2.4GHz radio ... USB3 activity will interfere with Rx path o...
by mkx
Mon Dec 23, 2024 12:26 pm
Forum: RouterBOARD hardware
Topic: Expanding the storage capacity of CRS520 [SOLVED]
Replies: 4
Views: 2392

Re: Expanding the storage capacity of CRS520 [SOLVED]

I'm here with @chechito wondering why TF? CRS520 comes with list price of almost 2200$ and power consumption exceeding 120W. So one doesn't really save much by not adding a small server to the network, a high-end raspberry pi would dance around CRS520 when it comes to server functions (stock samba v...
by mkx
Mon Dec 23, 2024 12:14 pm
Forum: Wireless Networking
Topic: WiFi Access Points Maxes at 300mbps D/L
Replies: 18
Views: 1703

Re: WiFi Access Points Maxes at 300mbps D/L

... so I don't see how the hEX could have any influence on the problem Some interference in form of timing jitter affecting TCP window scaling? Experience with official test results says that figure listed under "Ethernet test results -> Routing -> 25 ip filter rules -> 512 bytes [packet size]...
by mkx
Mon Dec 23, 2024 11:54 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139879

Re: v7.17rc [testing] is released!

CPU in hAP ax3 can shuffle around 2.5Gbps (look at test results for bridging) and that's pretty lean on CPU (no packet processing, only passing between two ethernet interfaces). With SMB there's plenty of processing involved. And USB in SoC IPQ-6010 is 3.0, so max 5Gbps (including overhead) possible...
by mkx
Mon Dec 23, 2024 11:45 am
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 80
Views: 40069

Re: Newsletter #122 | December 2024

What you showed looks like a really old product for legacy customers. 40G and very slow at routing. CRS devices are switches (remember this fact by heart!) ... and many can route at wirespeed if properly configured for L3HW offload (with certain limitations which are device class dependent). If any...
by mkx
Mon Dec 23, 2024 10:51 am
Forum: General
Topic: Question related to "RouterOS bridge mysteries explained"
Replies: 8
Views: 1170

Re: Question related to "RouterOS bridge mysteries explained"

When port is used as stand-alone, then switch-chip passes frames to CPU (via cpu-facing bridge port) as they are ... then CPU does VLAN header manipulations (via VLAN interfaces attached to such stand alone port). So in this case no L2HW offload. It's rather similar when bridge is used ... and L2HW ...
by mkx
Mon Dec 23, 2024 9:25 am
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 80
Views: 40069

Re: Newsletter #122 | December 2024

One can get a 2x 25G card for 135 euro. Add processing power, necessary to route at 25+ Gbps and price tag is easily around 1000€ ... and you've got a mere 2-port router. And I'm pretty sure that such price tag is outside of MT users' comfort zone. So my guess is that we won't be seeing full 10Gbps...
by mkx
Sun Dec 22, 2024 6:57 pm
Forum: Wireless Networking
Topic: Audience backhaul issues
Replies: 8
Views: 1948

Re: Audience backhaul issues

What do I need to consider for the additional units? The problem is that one wireless station can only be connected to one bridge at a time. This problem kicks in when e.g. you need a chain of APs like this: ethernet -> AP1 <- wireless1 -> AP2 <- wireless2 -> AP3 <- wireless3 -> AP4 (etc) Let's say...
by mkx
Sun Dec 22, 2024 5:01 pm
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 93
Views: 36601

Re: RouterOS bridge mysteries explained

@sindy if I understood correctly, there should be two "entities" capable of switching, the switch chip and the switching functional block in the cpu? In the context of bridge nyszeries explanation forget about switch chip (the real, piece of hardware). In this context, there's only switch...
by mkx
Sun Dec 22, 2024 4:25 pm
Forum: RouterBOARD hardware
Topic: Run Multiple VLAN With Single DHCP Server
Replies: 3
Views: 985

Re: Run Multiple VLAN With Single DHCP Server

Because we use existing device from several brand on our client, we need follow their default VID for their management. If it's only management, then you can bridge all 3 VLANs. I'll assume you have ether5 off-bridge and have something like this: /interface/vlan add interface=ether5 vlan-id=98 name...
by mkx
Sun Dec 22, 2024 4:07 pm
Forum: Wireless Networking
Topic: Audience backhaul issues
Replies: 8
Views: 1948

Re: Audience backhaul issues

Also 50 cm can be too close. This. Depending on channel selected, but ... As I mentioned, I've got single Audience, so the 4x4 radio is used in AP mode as well ... and my tablet, which currently resides around 3m away (and 1.5m below) with LOS, shows signal strength of -35dBm. Which is on the highe...
by mkx
Sat Dec 21, 2024 1:06 pm
Forum: General
Topic: Problem with lower ports on CGNAT LTE conn
Replies: 4
Views: 900

Re: Problem with lower ports on CGNAT LTE conn

IMO it would be smart to ask MNO if they can give a public IP address and how much would that cost. I know a few MNOs who provide public IP addresses to those asking for one at small cost (or no cost at all).
by mkx
Sat Dec 21, 2024 11:16 am
Forum: General
Topic: How to reach a router behind a CGNAT? [SOLVED]
Replies: 23
Views: 3480

Re: How to reach a router behind a CGNAT? [SOLVED]

BTH function is done exactly for such cases.
by mkx
Sat Dec 21, 2024 11:08 am
Forum: General
Topic: Problem with lower ports on CGNAT LTE conn
Replies: 4
Views: 900

Re: Problem with lower ports on CGNAT LTE conn

Some MNOs run firewall blocking certain types of traffic (typically with low destination port numbers because these are often used by servers). And some do CGNAT in a senseless manner. When those two worlds collide, anything can happen. Basically wireless broadband is mostly not fit for anything els...
by mkx
Fri Dec 20, 2024 11:52 pm
Forum: General
Topic: Moving Audience CAPsMAN config to RB5009 while retaining mesh functionality
Replies: 4
Views: 1008

Re: Moving Audience CAPsMAN config to RB5009 while retaining mesh functionality

Using CAPsMAN to provision audiences' "public radios" (i.e. the ones serving normal client devices) gives opportunity of better client mobility ... APs, participating in client mobility, have to be controlled by single entity (e.g. CAPsMAN) for all the mobility features (802.11 r/k/v) to w...
by mkx
Fri Dec 20, 2024 11:41 pm
Forum: Beginner Basics
Topic: Unale to get OpenVPN to work on RBD52G-5HacD2HnD (Firmware: 6.49.17)
Replies: 9
Views: 1434

Re: Unale to get OpenVPN to work on RBD52G-5HacD2HnD (Firmware: 6.49.17)

hAP ac2 can run v7 pretty fine. But : its 16MB flash is tiny and it's very likely it'll get full (and then all sorts of funny things start to happen). Base routeros v7 uses around 13MB of it, any wireless (legacy or new wifi) another 2MB or slightly more ... so not much free for config and/or additi...
by mkx
Fri Dec 20, 2024 1:46 pm
Forum: Wireless Networking
Topic: difference between vlan tag on wifi driver and bridge
Replies: 2
Views: 852

Re: difference between vlan tag on wifi driver and bridge

Generally it doesn't matter which way you do it if you configure wifi manually. In this case the only difference is if one uses multiple VLANs with single SSID, such scenario can't be implemented with bridge handling all VLAN tagging. If you use CAPsMAN and VLANs, then it takes lots of fussing (and ...
by mkx
Fri Dec 20, 2024 1:36 pm
Forum: General
Topic: The IP of the bridge is occasionally unavailable [SOLVED]
Replies: 16
Views: 2472

Re: The IP of the bridge is occasionally unavailable [SOLVED]

How does profile output look like while pings are timing out?
by mkx
Fri Dec 20, 2024 1:31 pm
Forum: General
Topic: Moving Audience CAPsMAN config to RB5009 while retaining mesh functionality
Replies: 4
Views: 1008

Re: Moving Audience CAPsMAN config to RB5009 while retaining mesh functionality

CAPsMAN doesn't configure backhaul ... which in usual AP installation is ethernet while in mesh it's the 4x4 radio (I guess it's called wlan2 when running wireless drivers, it's wifi2 when running wifi-qcom-ac drivers). Further more, radios loose their setup if they loose connectivity towards CAPsMA...
by mkx
Fri Dec 20, 2024 10:18 am
Forum: General
Topic: NAT cannot record real IP addresses
Replies: 8
Views: 1093

Re: NAT cannot record real IP addresses

The second rule hints at use of hairpin NAT because in-interface=bridge to-addresses=192.168.88.244 ... default config has 192.168.88.0/24 on LAN and bridge is the interface used by roouter to talk to LAN. And if that's how you need it, then you need the masquerade rule which obfuscates actual src-a...
by mkx
Fri Dec 20, 2024 9:23 am
Forum: General
Topic: NAT cannot record real IP addresses
Replies: 8
Views: 1093

Re: NAT cannot record real IP addresses

It's the last rule (masquerade) which messes src-address. In principle it's not needed unless you require "hairpin NAT" ... in which case thrte's no way around it.

Unless you create separate IP subnet fot the server.
by mkx
Fri Dec 20, 2024 9:17 am
Forum: Beginner Basics
Topic: RB5009 in the hands of a newbie, Gateway problem
Replies: 19
Views: 2562

Re: RB5009 in the hands of a newbie, Gateway problem



Don't think so.
Not on RB5009 with 8 ether ports :lol:
Then they should have called it the RB5008 LOL
Then use port 8, use your imagination, drink some moose milk!!!
5009 is indeed an odd number for a router ... specially because it's even :lol:
by mkx
Thu Dec 19, 2024 11:08 pm
Forum: General
Topic: NTP Synchronization Issue with HMI in a Router-Switch Setup
Replies: 6
Views: 1493

Re: NTP Synchronization Issue with HMI in a Router-Switch Setup

Verify on Mikrotik that NTP client is properly synchronized. Without that, NTP server won't allow further clients to synchronize to it. ROS NTP server doesn't use own RTC as time source (among other reasons because MT hardware doesn't have RTC).
by mkx
Thu Dec 19, 2024 7:23 pm
Forum: Beginner Basics
Topic: Wireless Bridge
Replies: 9
Views: 1293

Re: Wireless Bridge

Move DHCP client from ether1 to "JJMarketing Wireless Bridge". Also remove comment on DHCP client as your device doesn't have WAN interface. Two other minor things: remove bridge with name bridge1 ... it's not used at all setting names of items to settings with spaces in them makes config ...
by mkx
Thu Dec 19, 2024 4:28 pm
Forum: Beginner Basics
Topic: Wireless Bridge
Replies: 9
Views: 1293

Re: Wireless Bridge

As I wrote: provide us with actual configuration and we'll proceed from there.
by mkx
Thu Dec 19, 2024 4:27 pm
Forum: Beginner Basics
Topic: problem with vlan configuration
Replies: 10
Views: 1167

Re: problem with vlan configuration

You've set 192.168.10.1/24 to one interface and 192.168.10.2/24 to the other interface. Every normal device will assume these two addresses are in same subnet and hence directly accessible without explicitly using router. And bridge is here to pass traffic from ether1 to ether2 (with appropriate VLA...
by mkx
Thu Dec 19, 2024 4:17 pm
Forum: General
Topic: Issues with MikroTik Router Upgrades
Replies: 6
Views: 1052

Re: Issues with MikroTik Router Upgrades

I have some problems with my MikroTik Routers. I plan to upgrade all MKT devices from version 6.46.6 to 7.16.1. I think that MT would recommend you to use ROS built-in updater (under /system/packages/update). As already mentioned, there will be a few steps: while running 6.46.6, upgrade it to lates...
by mkx
Thu Dec 19, 2024 4:05 pm
Forum: Beginner Basics
Topic: Wireless Bridge
Replies: 9
Views: 1293

Re: Wireless Bridge

Basically your list of tasks performed seems about right for an AP/switch combo ... which then needs another device acting as router / DHCP server / etc in same ethernet network. Can you post current configuration? Open terminal window (from GUI) or connect to device using SSH. Then execute command ...
by mkx
Thu Dec 19, 2024 11:01 am
Forum: RouterBOARD hardware
Topic: 5009 version with wifi ?
Replies: 63
Views: 5510

Re: 5009 version with wifi ?

I have no closet solution. There are devices with better form factor (and WAF) than RB5009 when it comes to placing/mounting anywhere else than inside rack. To be absolutely clear: I'm not saying that there's no place for wireless routers any more ... my main point being that RB5009 / L009 form fac...
by mkx
Thu Dec 19, 2024 10:59 am
Forum: General
Topic: Is my routerboard RB750r2 Bricked? No response from router for netinstall
Replies: 4
Views: 851

Re: Is my routerboard RB750r2 Bricked? No response from router for netinstall

I have tried doing a netinstall as follows: 1. Press and hold reset button 2. Insert power cable. 3. Wait for flashing act light, continue to wait for On act light, continue to wait act light off. then release reset button. [snip] Running wireshark on the used ethernet I can see the routerboard sen...
by mkx
Thu Dec 19, 2024 8:33 am
Forum: RouterBOARD hardware
Topic: 5009 version with wifi ?
Replies: 63
Views: 5510

Re: 5009 version with wifi ?

IMO the big problem with powerfull wireless routers is the fact that with increasing "mainstream" wifi frequencies (5GHz now, 6GHz coming) it's necessary to deploy multiple APs on the same area where with 2.4GHz APs it was enough to have single AP. And those multiple APs have to be positio...
by mkx
Thu Dec 19, 2024 8:08 am
Forum: Wireless Networking
Topic: CapsMan - can't get 20Mhz channels on 2.4Ghz [SOLVED]
Replies: 6
Views: 1587

Re: CapsMan - can't get 20Mhz channels on 2.4Ghz [SOLVED]

About 160MHz channel width, that's for APs capable of using it. First one which can is wAP AX (and it works just fine 8) ). Actually ... audience was first 8) : 2 L radio-mac=2C:C8:1B:77:DE:EA tx-chains=0,1,2,3 rx-chains=0,1,2,3 bands=5ghz-a:20mhz,5ghz-n:20mhz,20/40mhz,5ghz-ac:20mhz,20/40mhz, 20/40...
by mkx
Wed Dec 18, 2024 11:39 pm
Forum: General
Topic: The IP of the bridge is occasionally unavailable [SOLVED]
Replies: 16
Views: 2472

Re: The IP of the bridge is occasionally unavailable [SOLVED]

To the topic: so basically your core switch doesn't respond to every ping sent at, regardless of where it was sent from. So it might be something about core switch IP configuration (or it might actually be overloaded ... run CPU profiler and see if that might be the case). CPU total is about 16-24 ...
by mkx
Wed Dec 18, 2024 4:01 pm
Forum: General
Topic: The IP of the bridge is occasionally unavailable [SOLVED]
Replies: 16
Views: 2472

Re: The IP of the bridge is occasionally unavailable [SOLVED]

Is it normal that the first interface has the same mac as the bridge? This is default behaviour if you don't set bridge MAC manually (bridge assumes MAC address of first member port). To the topic: so basically your core switch doesn't respond to every ping sent at, regardless of where it was sent ...
by mkx
Wed Dec 18, 2024 8:46 am
Forum: Beginner Basics
Topic: Assign IP address to a bridge?
Replies: 5
Views: 1296

Re: Assign IP address to a bridge?

Can you provide some basic real world examples on when I need L3 access to the bridge from the CPU?

Management of said device (used as switch) from network connected to one of bridged ports.

Routing between single off-bridge port (WAN) and bridged ports (LAN).

Etc.
by mkx
Tue Dec 17, 2024 10:53 pm
Forum: Beginner Basics
Topic: Assign IP address to a bridge?
Replies: 5
Views: 1296

Re: Assign IP address to a bridge?

Bridge has a few personalities, neatly explained in this tutorial: https://forum.mikrotik.com/viewtopic.php?t=173692 One of personalities is interface allowing CPU to communicate with L2 network joined together by bridge (the switch-like personality). If CPU is to communicate on L3 with devices memb...
by mkx
Tue Dec 17, 2024 8:42 pm
Forum: Wireless Networking
Topic: Help with creating wireless access to switch with managment VLAN
Replies: 3
Views: 864

Re: Help with creating wireless access to switch with managment VLAN

The DE FACTO guide on setting up VLAN for ROS https://forum.mikrotik.com/viewtopic.php?t=143620 Configuration, based on linked tutorial, will work fine ... but sloooowly because CRS1xx can't offload bridge config to switch chip. Instead one has to configure things directly on switch chip: https://h...
by mkx
Tue Dec 17, 2024 8:34 pm
Forum: General
Topic: When the WAN network card is bound to multiple IPs, there is an issue with the source IP for system remote logging
Replies: 6
Views: 1028

Re: When the WAN network card is bound to multiple IPs, there is an issue with the source IP for system remote logging

It's possible to set pref-src property on static routes, e.g. /ip/route add dst-address=0.0.0.0/0 gateway=172.16.1.1 pref-src=172.16.1.30 Then router uses this address when making new connection using that particular route. But I don't know if the same selection applies if destination is in same IP ...
by mkx
Mon Dec 16, 2024 9:48 pm
Forum: General
Topic: "no enough permission" Error
Replies: 5
Views: 867

Re: "no enough permission" Error

... restore config from export (not backup!).

Or, better yet, start from default config and apply minimum changes required. It's possible that flakey config allowed exploit to succeed.
by mkx
Mon Dec 16, 2024 9:45 pm
Forum: Wireless Networking
Topic: No CAPsMan forwarding on new CAPsMan?
Replies: 17
Views: 1990

Re: No CAPsMan forwarding on new CAPsMan?

Whatever datapath settings from capsman config are enforced on CAP side. E.g. bridge name ...

How to split traffic? Most straight forward using VLANs (if not using wifi-qcom-ac driver on CAP) or some L2 tunneling (e.g. EoIP) if VLANs absolutely aren't possible.
by mkx
Mon Dec 16, 2024 9:37 pm
Forum: Wireless Networking
Topic: Replaced Router, must re-enter WiFi passphrase? [SOLVED]
Replies: 6
Views: 1402

Re: Replaced Router, must re-enter WiFi passphrase? [SOLVED]

Some devices try to identify the network to set appropriate firewall setup (e.g. home/work/public) ... e.g. winfows does that. And among other information gateway's MAC address is taken into account. And I guess some (paranoid) devices might require re-entering pass phrase simply to make owner aware...
by mkx
Mon Dec 16, 2024 9:26 pm
Forum: Wireless Networking
Topic: CAPsMAN DHCP Server for CAP AX Client
Replies: 15
Views: 2523

Re: CAPsMAN DHCP Server for CAP AX Client

... when using the previous generation access point, I only need to configure a profile in CAPsMAN that goes to each datapath. As I wrote: with new CAPsMAN there is no capsman-forwarding any more. Wireless interfaces, even though provisioned by CAPsMAN, are attached locally to CAP's bridge and loca...
by mkx
Mon Dec 16, 2024 9:04 pm
Forum: Beginner Basics
Topic: DHCP client - keep having link down [SOLVED]
Replies: 13
Views: 2077

Re: DHCP client - keep having link down [SOLVED]

Can you please point me where are the defaults firewall rules?
Open terminal and execute
/system/default-configuration/print

(as user with admin privileges)
by mkx
Mon Dec 16, 2024 8:57 am
Forum: RouterBOARD hardware
Topic: hEX refresh (E50UG) - router for gigabit internet?
Replies: 29
Views: 5541

Re: hEX refresh (E50UG) - router for gigabit internet?

wifi-qcom is an extra package. Dont install it. No drivers - no radio. I think the point is that WiFi module costs money that could have been spent elsewhere (better CPU, 2 Gbps eth1-CPU link etc) or just excluded to make the price less. Commodity hardware, used as heart of MT devices, often alread...
by mkx
Mon Dec 16, 2024 8:49 am
Forum: Wireless Networking
Topic: CAPsMAN DHCP Server for CAP AX Client
Replies: 15
Views: 2523

Re: CAPsMAN DHCP Server for CAP AX Client

New wifi CAPsMAN doesn't offer capsman forwarding. Which means that without VLANs CAP is joining normal LAN. And traffic then normally doesn't hit CAPsMAN. When it comes to DHCP ... when DHCP client (WiFi station in your case) sends out DHCP Discovery , every DHCP server in same L2 broadcast domain ...
by mkx
Mon Dec 16, 2024 8:39 am
Forum: Wireless Networking
Topic: Band steering - "priority" to 5Ghz [SOLVED]
Replies: 55
Views: 42139

Re: Band steering - "priority" to 5Ghz [SOLVED]

Seems that connect-priority 0/1 improved the situation. Devices now do switch to 5ghz, but it does not seem due to actual steering, but because they eventually take that decision themselves. WiFi standards (802.11 anything ) don't standardize handovers (at decision of network entity), they standard...
by mkx
Mon Dec 16, 2024 8:24 am
Forum: General
Topic: ROS 6.49 - Device Discovery issue when VLAN is used
Replies: 4
Views: 1883

Re: ROS 6.49 - Device Discovery issue when VLAN is used

Does this problem still exist in Ros 7? This problem never existed for me, neither in v6 nor in v7. I cannot delete PVID on the bridge interface. You can't delete PVID ... but if you set bridge CPU-facing port with frame-types=admit-only-vlan-tagged , then PVID setting will become irrelevant. After...
by mkx
Sat Dec 14, 2024 8:57 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 37501

Re: wAP ax?

It shows who has everything to say in your household.

As if it's not the same in your household :-P


We are speaking about WAF here, not about HAlF :wink:
by mkx
Sat Dec 14, 2024 8:50 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1884

Re: L009 - don't like it...

Set aside the whining, I don't see a difference between hexs and L009: I don't have either hEX S nor L009 ... so only guessing: it could be that L009 doesn't allow PoE out if it's powered via PoE in ... while hEX S did? The fact is that PoE 802.3 comes with some stringent spcifications (which MT mo...
by mkx
Sat Dec 14, 2024 8:36 pm
Forum: General
Topic: How to configure bond with 2 switches and NAS [SOLVED]
Replies: 8
Views: 1595

Re: How to configure bond with 2 switches and NAS [SOLVED]

What are my options to achieve 20gbps speeds ? I thought 802.3ad would give this with layer3+4 hashing, but even with multiple-streams (iperf3 -P) I get capped at 10gbps. I noticed that iperf3 is using same port for all streams, so I guess that can explain it. IMO you should stick to 802.3ad ... wi...
by mkx
Sat Dec 14, 2024 8:21 pm
Forum: Beginner Basics
Topic: DHCP client - keep having link down [SOLVED]
Replies: 13
Views: 2077

Re: DHCP client - keep having link down [SOLVED]

Generally I'd say that your current firewall is .... inadequate. IMO default rules are much better than yours. So I guess you have very good reasons for ditching default and implementing .... what you have now. However, it does seem weird if DDoS attack would cause your router to drop ethernet link....
by mkx
Sat Dec 14, 2024 12:16 am
Forum: General
Topic: How to configure bond with 2 switches and NAS [SOLVED]
Replies: 8
Views: 1595

Re: How to configure bond with 2 switches and NAS [SOLVED]

My other Linux server that is 2x2.5G bonded on Linux side and is connected to Layer3 TP-link switch. I didn't have to do any config changes on switch to make this bond work. There are some bond modes, available in linux, which don't require switch to know there's bond involved ... but it works well...
by mkx
Sat Dec 14, 2024 12:03 am
Forum: Beginner Basics
Topic: DHCP client - keep having link down [SOLVED]
Replies: 13
Views: 2077

Re: DHCP client - keep having link down [SOLVED]

I can't see anything weird...

One line above the message about loosing DHCP lease it mentions link down on ether8-WAN ... so you'll have to investigate why link between your router and ISP device drops. There are plenty of possible reasons for that ...
by mkx
Fri Dec 13, 2024 4:55 pm
Forum: Beginner Basics
Topic: DHCP client - keep having link down [SOLVED]
Replies: 13
Views: 2077

Re: DHCP client - keep having link down [SOLVED]

... but randomly appears
dhcp-client on ether8-WAN lost IP address 89.XXX.XX.18 - lease stopped locally

Can you show us log lines immediately preceding the quoted message (a few tens of seconds of history should do it) ... in general anything related to ether8-WAN port or DHCP.
by mkx
Fri Dec 13, 2024 4:49 pm
Forum: General
Topic: CCR2004-1G-12S+2XS - Hardware switching features
Replies: 4
Views: 4809

Re: CCR2004-1G-12S+2XS - Hardware switching features

I bought this thing. It has 25G interfaces to be a typical bridge, but there is no way to transfer even 10G in bridge mode. Is this some kind of joke? You bought router which happens to have 2x 25Gbps ports (and some others). Official test results tell that thing can route at speeds between 5Gbps a...
by mkx
Fri Dec 13, 2024 3:34 pm
Forum: General
Topic: How to configure bond with 2 switches and NAS [SOLVED]
Replies: 8
Views: 1595

Re: How to configure bond with 2 switches and NAS [SOLVED]

So nothing to be done on Linux itself ? Of course there is, bonds have to be configured on both sides of logical link. And bond mode (e.g. 802.3ad) has to match (Tx hash strategy can be different on both ends). I guess you didn't get feedback on linux-side config because that is largely of scope of...
by mkx
Fri Dec 13, 2024 8:26 am
Forum: RouterBOARD hardware
Topic: Where is the Audience AX?
Replies: 10
Views: 1891

Re: Where is the Audience AX?

Let's assume they are working on it.

You know what they say: assumption is mother of all f**ups. So let's not assume anything ... not with Mikrotik :wink:
by mkx
Fri Dec 13, 2024 8:18 am
Forum: General
Topic: Still no TLS 1.3?
Replies: 11
Views: 1475

Re: Still no TLS 1.3?

As long as TLS 1.2 is still considered secure and ROS supports secure ciphers, I couldn't care less. Everything else is compliance BS. It's is not just about security, TLS 1.3 have more optimal handshake, less round trips. True. But when it comes to managing your router/switch/AP, how many hundreds...
by mkx
Fri Dec 13, 2024 8:14 am
Forum: Beginner Basics
Topic: Is device damage possible when using PoE switch?
Replies: 5
Views: 1069

Re: Is device damage possible when using PoE switch?

... if for whatever reasons you applied an excessive voltage to ether1 I would expect It to fry, not the other ports.

If this happened, then this is quite a problem ... because netinstall works only ether1.
by mkx
Thu Dec 12, 2024 6:52 pm
Forum: RouterBOARD hardware
Topic: Where is the Audience AX?
Replies: 10
Views: 1891

Re: Where is the Audience AX?

I don't understand why mikrotik doesn't have some kind of roadmap...

Wait ... Mikrotik has a roadmap?

I'd love to buy an Audience ax or two as long as it's as good as current Audience (I simply love it).
by mkx
Thu Dec 12, 2024 6:44 pm
Forum: RouterBOARD hardware
Topic: CCR1016 / Temperature sensor defect?
Replies: 2
Views: 963

Re: CCR1016 / Temperature sensor defect?

There have been previous reports on this forum about CCRs with similar symptoms. All have been resolved by replacing capacitors in PSU and/or main board, which showed signs of failing (bulged ends). When doing it, make sure that replacement capacitors match capacity of original ones (too big differe...
by mkx
Thu Dec 12, 2024 9:09 am
Forum: Wireless Networking
Topic: mANT Box 52 15s setup
Replies: 1
Views: 588

Re: mANT Box 52 15s setup

Are ether1 and wlan2 members of same bridge? Broadcast packets are in principle not routed, only switched/bridged.

And possible misconception: if only traffic flowing is broadcast, then it'll only affect Tx counters not Rx (only port connecting to broadcast source(s) will show Rx activity).
by mkx
Thu Dec 12, 2024 9:06 am
Forum: Beginner Basics
Topic: Share 10Gb Internet connection ccr2004-1G-12S+2XS
Replies: 7
Views: 1248

Re: Share 10Gb Internet connection ccr2004-1G-12S+2XS

Bridge is only necessary if one wants to switch between bridge member ports. If device is used as pure router (strictly routing between ports), then bridge is not needed (and if it's used then one has to take extra steps to block L2 communication between different ports).
by mkx
Thu Dec 12, 2024 8:37 am
Forum: Beginner Basics
Topic: RB960PGS as internal routers
Replies: 1
Views: 647

Re: RB960PGS as internal routers

Post textual export of configuration of your RB960PGS. I suspect that the problem is in routing indeed. Either you have to add routes to different remote locations on main router or you have to configure SRC-NAT on each of remote location routers. Personally I'd go for first option as it allows you ...
by mkx
Wed Dec 11, 2024 12:19 pm
Forum: General
Topic: IP Cloud (Dynamic DNS) down?
Replies: 101
Views: 15874

Re: mynetname is down ?

just use your own dns, set up a cname to the ugly domain name and problem solved. Is not. Even if your own DNS server can reply with CNAME record, clients still won't be able to resolve the serial.sn.mynetname.net ... the only way around it is to actually update A record on your DNS server whenever...
by mkx
Wed Dec 11, 2024 12:15 pm
Forum: Beginner Basics
Topic: Issue with Layer7 Protocol and Address List in RouterOS v7.16
Replies: 11
Views: 1457

Re: Issue with Layer7 Protocol and Address List in RouterOS v7.16

It should match http://youtube.com but not a lot more.
AFAIK not even protocol (http), only host name, e.g. youtube.com ...
by mkx
Wed Dec 11, 2024 12:14 pm
Forum: Beginner Basics
Topic: Issue with Layer7 Protocol and Address List in RouterOS v7.16
Replies: 11
Views: 1457

Re: Issue with Layer7 Protocol and Address List in RouterOS v7.16

As I already wrote: if those domain names are not sent from client towards server in plain text, then L7 matcher won't be able to match them. You can verify if this is indeed a problem by doing a wireshark recording (on client machine would be fine) and check initial few packets, sent from client to...
by mkx
Wed Dec 11, 2024 11:43 am
Forum: RouterBOARD hardware
Topic: Has Mikrotik finally solved port flapping issue in the newer hardware?
Replies: 43
Views: 21070

Re: Has Mikrotik finally solved port flapping issue in the newer hardware?

I have mentioned about this problem in 2019, fife years passed and still the same. CRS326 is unusable at all. Do you actually have problems with CRS326 or is only the stats which are worrying you? And an idea: screenshot shows really low port speeds (10Mbps, 100Mbps) for ports with most link downs....
by mkx
Wed Dec 11, 2024 11:29 am
Forum: General
Topic: Blocking Static IP assignments
Replies: 3
Views: 864

Re: Blocking Static IP assignments

Only on the bridge, as that's what the IP stack is linked to. The Ethernet interfaces are just member ports of the bridge in this setup. ... which also means that access to other networks (including internet) can be controlled in this way. But: communication between devices on same IP subnet (even ...
by mkx
Wed Dec 11, 2024 11:28 am
Forum: Beginner Basics
Topic: Issue with Layer7 Protocol and Address List in RouterOS v7.16
Replies: 11
Views: 1457

Re: Issue with Layer7 Protocol and Address List in RouterOS v7.16

Almost definitely the two rules you showed are not full firewall config. Or is it? Regarding L7: almost everything now days works over encrypted communications (httpS) and almost every server/client combination supports TLS v1.3. In TLS v1.3 also SNI is encrypted, hence L7 regex rule in ROS can not ...
by mkx
Wed Dec 11, 2024 8:53 am
Forum: RouterBOARD hardware
Topic: Serving GPS data from a LAN-connected receiver?
Replies: 2
Views: 993

Re: Serving GPS data from a LAN-connected receiver?

Unfortunately, one drawback of my setup is that my location data is random. At one point websites think I'm in southern California, and then a day or two later I'm supposedly outside Chicago. AFAIK this has nothing to do with your actual physical location, it's got to do with some GeoIP databases ....
by mkx
Wed Dec 11, 2024 8:42 am
Forum: General
Topic: Limited Bandwidth on Thunderbird? [SOLVED]
Replies: 6
Views: 1378

Re: Limited Bandwidth on Thunderbird? [SOLVED]

My experience with Gmail and IMAP is that when there are many messages in inbox (several thousand which in my case translates into a couple of gigabytes of space consumed), then sync rate plummets. IMO nothing to do with router.
by mkx
Tue Dec 10, 2024 3:42 pm
Forum: General
Topic: Winbox on arm64
Replies: 8
Views: 1697

Re: Winbox on arm64

Drawback: you probably can not use MAC access (I'm not even sure you can do that using Wine, never used it myself). It's possible to use winbox over MAC using wine (just tried winbox 3.35 x64 in linux). For CLI over MAC I guess there's no real option now, MT doesn't provide MAC telnet client for wi...
by mkx
Tue Dec 10, 2024 12:24 pm
Forum: General
Topic: VLAN Experts' help needed
Replies: 14
Views: 1690

Re: VLAN Experts' help needed

Can you set one of ISP router ports as trunk port? Routers, provided by Telekom Slovenije, have option to set each port as either "data", "IPTV" or "both" ... the later being trunk mode. This way you'll get IPTV already (natively) VLAN tagged (and internet probably unta...
by mkx
Tue Dec 10, 2024 12:15 pm
Forum: General
Topic: VLAN Experts' help needed
Replies: 14
Views: 1690

Re: VLAN Experts' help needed

Just seeing lots of devices on the interface with torch that should not be there at all, nothing to do with IPTV multicast. If IPTV of Makedonski Telekom is anything similar to same thing of Telekom Slovenije, then VLAN for IPTV is switched for many IPTV customers ... and you will be able to see so...
by mkx
Tue Dec 10, 2024 9:23 am
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2 [SOLVED]
Replies: 14
Views: 3720

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2 [SOLVED]

... translating it to new CAPsMAN and wave2 will most likely be the next challenge once I've established a working VALN setup. So one step at a time... :) Well ... support for VLANs in wifi-qcom-ac package is next to none (while wireless has pretty good support), so if you're struggling with VLANs ...
by mkx
Tue Dec 10, 2024 9:08 am
Forum: General
Topic: Do AP's come with all router functions?
Replies: 29
Views: 3228

Re: Do AP's come with all router functions?

Normally "AP" are strictly AP's. All Mikrotik's APs (all are running ROS) are "wireless router" in parlance of many other vendors. Mikrotik doesn't have any "AP only" device at the moment (and never did so far, can't say anything about future models). However, it's pos...
by mkx
Mon Dec 09, 2024 3:05 pm
Forum: Beginner Basics
Topic: Strange IPv4 behaviour in a local network
Replies: 6
Views: 1113

Re: Strange IPv4 behaviour in a local network

OK, post the config of your RB2011. Execute /export file=anynameyouwish from command line (terminal window), fetch resulting file off device, open it with your favourite text editor, redact any sensitive data (such as serial number, WiFi PSK, any other password) and copy-paste it here inside [ quote...
by mkx
Mon Dec 09, 2024 2:53 pm
Forum: General
Topic: Initial config of CRS304-4XG-IN?
Replies: 3
Views: 777

Re: Initial config of CRS304-4XG-IN?

I'm pretty sure that if you reset your CRS to defaults, it'll come out configured as "dumb switch" even when running ROS. The only item to be done after that is to adjust IP address if you don't like the one used by default. Shouldn't be too hard when using Webfig (just try to avoid Quicks...
by mkx
Mon Dec 09, 2024 2:50 pm
Forum: Beginner Basics
Topic: Strange IPv4 behaviour in a local network
Replies: 6
Views: 1113

Re: Strange IPv4 behaviour in a local network

Just edited my previous post ... check addressing, it seems odd.
by mkx
Mon Dec 09, 2024 2:31 pm
Forum: Beginner Basics
Topic: Strange IPv4 behaviour in a local network
Replies: 6
Views: 1113

Re: Strange IPv4 behaviour in a local network

The :ffff: notation of IPv4 addresses are not due to router, they are due to web server logging settings (quite usual if web server supports both IPv4 and IPv6). You're saying that communication across sebnets works using NAT? So where is the PC you're using to manage vacuum? And where's vacuum? Qui...
by mkx
Mon Dec 09, 2024 2:28 pm
Forum: General
Topic: CCR2216 - Issues
Replies: 11
Views: 1676

Re: CCR2216 - Issues

The text from product page you quoted was there before L3HW became available on CCR2216. It seems that L3HW got broken in latest stable ROS (7.16.2) ... it's likely it runs out of routes memory. And when using device "with several full tables", this likely gets triggered much faster than w...
by mkx
Mon Dec 09, 2024 2:21 pm
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2 [SOLVED]
Replies: 14
Views: 3720

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2 [SOLVED]

Apart from VLAN stuff (@anav already gave you some good advice) ... are you intending to use hAP ac lite as AP as well? If not, then you better remove wireless package and install wifi-qcom-ac on Audience, its wireless will really take off and fly. You'll have to use the new CAPsMAN (available under...
by mkx
Mon Dec 09, 2024 2:07 pm
Forum: General
Topic: DHCP server injects additional characters when using "DHCP Options"
Replies: 8
Views: 1311

Re: DHCP server injects additional characters when using "DHCP Options"

My concern with this workaround is that when you append this null character to the filename, it's going to change the length and might confuse some PXE clients ("pxelinux.0" has lenght "10", but with null added it's going to be 11 (hex 1A) and I assume some clients might not lik...
by mkx
Sun Dec 08, 2024 11:10 am
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 96
Views: 34829

Re: Wi‑Fi 7 / 802.11be

Guess who will be buying a tplink the first sale I see on their wifi7 products.......
No idea. Can you give us a hint?
by mkx
Sun Dec 08, 2024 11:00 am
Forum: General
Topic: Mangle and Fasttrack [SOLVED]
Replies: 12
Views: 4500

Re: Mangle and Fasttrack

What can I do?

By disabling fasttrack, processing gets much more CPU-intensive. Depending on router model used it often means that router is no more capable of routing at high speeds.
by mkx
Sun Dec 08, 2024 10:57 am
Forum: Beginner Basics
Topic: Help me to set a local domain.
Replies: 1
Views: 665

Re: Help me to set a local domain.

Basic thing is DNS ... and if you want to use domain name globaly, then you need to register your domain and name servers for it globally (through one of domain registrars). Your cloud provider can probably help you with it. This process is not RouterOS specific in any way.
by mkx
Sun Dec 08, 2024 10:50 am
Forum: Beginner Basics
Topic: Why can I nmap using public IP from LAN? [SOLVED]
Replies: 2
Views: 1193

Re: Why can I nmap using public IP from LAN? [SOLVED]

When running default config, ROS relies on ingress interfaces rather than source or destination address. So when you try to establish connection to any of router's addresses , ROS first determines it's a connection to be handled by router itself ... hence it'll use FW chain=input. And then rules che...
by mkx
Sun Dec 08, 2024 10:36 am
Forum: Beginner Basics
Topic: VLAN config help request for Mikrotik and Cisco
Replies: 5
Views: 1504

Re: VLAN config help request for Mikrotik and Cisco

Is it possible to keep the switch in default Vlan = 1 mode and configure the vlan(10, 20, 30) only to build the network between the cisco ap and mikrotik router. It is possible. If you configure MT with "native VLAN", then VID=1 is used as native VLAN by default. So just don't configure V...
by mkx
Sun Dec 08, 2024 10:30 am
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1913

Re: Help with setup issues on RB951

@anav is saying that RB951U is like 15 years old model and if somebody sold it to you as new, then that business has some seriously old stuff on stock. Never mind that it's not officially declared as EoL, it's old never the less.

You still didn't tell us about ROS version running on your RB.
by mkx
Sat Dec 07, 2024 3:35 pm
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1913

Re: Help with setup issues on RB951

It could be other reasons as well ... @OP did not start with too many details, e.g. he did not mention exact model (there are 951U and 951G ... not that it matters in this case). Neither he mentioned ROS version and if it's an old one, it may have some vulnerabilities (fixed in last few years) which...
by mkx
Sat Dec 07, 2024 12:02 pm
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1913

Re: Help with setup issues on RB951

Of course it's always possible that router was compromised from LAN side (some computer running malware) so if things happen again, check your LAN clients (or restrict access to router management to a dedicated management port). That would mean a real weak passwd was used or someone in the 'trust' ...
by mkx
Sat Dec 07, 2024 11:29 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139879

Re: v7.17rc [testing] is released!

I noticed that the "Total HDD size" is now reported as 16.0 MiB while I am sure it was like 15.2 MiB before, so that has changed in some recent release. Seeing your post I went to check my hAP ac2 running 7.16.2 ... and my hAP ac2 also shows 16.0MB total flash size. So this flash size inc...
by mkx
Sat Dec 07, 2024 11:22 am
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1913

Re: Help with setup issues on RB951

But just out of curiosity, what router would you recommend? Have a look at hAP ax2 (or hAP ax3). They have decent CPU built in and are not too expensive (wifi is a bonus, if you don't need it, you can completely disable it which reduces ROS footprint). Definitely come with one of best price/perform...
by mkx
Sat Dec 07, 2024 11:17 am
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1913

Re: Help with setup issues on RB951

3l I cannot backup, or change admin group permissions, I get not permitted (9). This item from your symptom list is consistent with several reports of router being compromised (atrackers created another account with full permissions whike permissions of admin account are reduced). The only proper w...
by mkx
Fri Dec 06, 2024 8:31 pm
Forum: Beginner Basics
Topic: 200k hrs @25C MTBF
Replies: 2
Views: 925

Re: 200k hrs @25C MTBF

That's ambient temperature.
by mkx
Fri Dec 06, 2024 7:07 pm
Forum: RouterBOARD hardware
Topic: Switch in RB509/L009 FormFactor
Replies: 8
Views: 2475

Re: Switch in RB509/L009 FormFactor

While waiting for a CRS in this form factor: L009 makes a decent switch with 8 ports (ether2-7+sfp) and with out-of-band management port (ether1). Its MSRP is the same as CSS610. Indeed CSS offers one ethernet port and one SFP+ port more ... and both SFP+ ports are 10Gbps (SFP on L009 is 2.5Gbps onl...
by mkx
Fri Dec 06, 2024 6:38 pm
Forum: General
Topic: DHCPv6 Stateful Server
Replies: 3
Views: 737

Re: DHCPv6 Stateful Server

Are you sure that all of your devices actually support use of DHCPv6? Android, for example, doesn't.
by mkx
Fri Dec 06, 2024 6:29 pm
Forum: General
Topic: CloudFlare DNS Not Blocking XXX sites
Replies: 6
Views: 1198

Re: CloudFlare DNS Not Blocking XXX sites

Some recent versions of some browsers use their own DoH ... ignoring system-wide DNS settings. So could it be a browser problem? If thus turns to be the case, then ... it's not a problem, it's a feature ... because it works around whatever limitations any ISP (or home owner) - possibly driven by ma...
by mkx
Thu Dec 05, 2024 10:06 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 134
Views: 76434

Re: CSS326-24G-2S+RM hangs until power cycle

If UTP cable doesn't affect bits passing too much (i.e. if it doesn't drop or invent bits or whole frames), then both link partners should see identical frames. So it shouldn't matter which side of UTP cable captures traffic.
by mkx
Thu Dec 05, 2024 9:37 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM
Replies: 34
Views: 8449

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM

That's mostly what I had in mind ... plus setting frame-types the same way as it's done for ether1
by mkx
Thu Dec 05, 2024 9:34 pm
Forum: General
Topic: CloudFlare DNS Not Blocking XXX sites
Replies: 6
Views: 1198

Re: CloudFlare DNS Not Blocking XXX sites

Some recent versions of some browsers use their own DoH ... ignoring system-wide DNS settings.
by mkx
Thu Dec 05, 2024 9:19 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1760

Re: hAP ax lite LTE6 how to set as repeater

Your device can not run v6, it's limited to v7. So you'll have to take tutorials with a few grains of salt. And while starting to think about your way forward, upgrade your device to latest v7 (7.16.2 at the time of writing this post) ... I recommend using built-in updater (webfig or winbox or CLI) ...
by mkx
Thu Dec 05, 2024 9:15 pm
Forum: Beginner Basics
Topic: Solum RNDIS device - not listed in interfaces
Replies: 3
Views: 1124

Re: Solum RNDIS device - not listed in interfaces

While ROS is based on linux kernel, it0s pretty trimmed down to fit tight storage and RAM. So typucally it ships with very few device drivers. And knowing name of device doesn't have anything with driver availability. Having written that: it's highly likely that your gadget is not supported in ROS. ...
by mkx
Wed Dec 04, 2024 10:14 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 134
Views: 76434

Re: CSS326-24G-2S+RM hangs until power cycle

I guess you could.
by mkx
Wed Dec 04, 2024 10:04 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM
Replies: 34
Views: 8449

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM

You have ether1 on hAP ac2 configured as trunk port. If you want to connect additional cAP ac to ether5 of hAP ac2, then you can simply configure ether5 identically to ether1 ... add it to bridge and set the same VLAN properties.
by mkx
Wed Dec 04, 2024 9:57 pm
Forum: General
Topic: hAP ac2 after update doesn't work [SOLVED]
Replies: 3
Views: 1164

Re: hAP ac2 after update doesn't work [SOLVED]

Netinstall is your next step.
by mkx
Wed Dec 04, 2024 9:46 pm
Forum: Beginner Basics
Topic: Problem with clients
Replies: 4
Views: 1921

Re: Problem with clients

The "active address" in that row seems to be assigned to MAC address 00:00:00:00:00:00, so maybe the base issue is not the missing client id, but the (empty) MAC. I can't imagine how could this happen. DHCP server does receive "DHCP discover" and "DHCP request" packets...
by mkx
Wed Dec 04, 2024 3:14 pm
Forum: General
Topic: Is mAP still relevant with RouterOS 7.16 ?
Replies: 5
Views: 885

Re: Is mAP still relevant with RouterOS 7.16 ?

It is more an issue with its routing speed, that may be too slow for your requirements, it should be in the 150-200 Mbit range. And how are you going to do that with only 100Mb ports ??? :lol: There are 2 ethernet interfaces and WiFi being (in theory) faster than 100Mbps. And ethernet ports are (ac...
by mkx
Wed Dec 04, 2024 3:02 pm
Forum: General
Topic: Random reboots on RB4011 since 7.13/7.14
Replies: 22
Views: 3970

Re: Random reboots on RB4011 since 7.13/7.14

"Or" is not an "exclusive or" so you can use "one of two" as well as "two of two" inputs. No, it's "use the one with higher voltage". Only if both supply voltages are almost exactly the same, then device will draw power from both (not necessarily ex...
by mkx
Wed Dec 04, 2024 2:55 pm
Forum: Beginner Basics
Topic: Problem with clients
Replies: 4
Views: 1921

Re: Problem with clients

Client ID is something DHCP clients supply to server (and not the other way around). When DHCP server decides on which lease to offer, it first checks "Client ID" ... and only if that value was not provided by client, it falls back to using client MAC address (as identifier). Indeed most D...
by mkx
Wed Dec 04, 2024 2:40 pm
Forum: Beginner Basics
Topic: Can't connect to one of my 2 RBSXT 5HnD
Replies: 13
Views: 2627

Re: Can't connect to one of my 2 RBSXT 5HnD

In CLI you can get radio link details by running command /interface wireless registration-table print stats IMO, signal strength of around -60dBm is pretty decent. Ideally signal-to-noise value will be as high as possible (30dB or more) which then should offer good service. One value which does show...
by mkx
Tue Dec 03, 2024 11:11 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 134
Views: 76434

Re: CSS326-24G-2S+RM hangs until power cycle

I don't have any CSS, but I'd expect it to have mirror functionality. However, since those frames break CSS, they might not come out of CSS via mirror port. Which means you'd have to use another managed switch between CSS and one of connected servers and configure mirror port on that switch.
by mkx
Tue Dec 03, 2024 11:07 pm
Forum: RouterBOARD hardware
Topic: RBM33G + USB console connection to external device
Replies: 1
Views: 887

Re: RBM33G + USB console connection to external device

Connecting USB hub to Mikrotik should work, so you should be able to connect multiple USB devices (mind the power output capability, MT devices usually don't allow much more than standard 500mA, you may have to use powered USB hub). I'm not sure though how many serial ports are supported in ROS ... ...
by mkx
Tue Dec 03, 2024 11:00 pm
Forum: Wireless Networking
Topic: Nstreme nv2 are not suported
Replies: 2
Views: 664

Re: Nstreme nv2 are not suported

AFAIK nv2 and nstreme are supported on all radios which run (now legacy) wireless driver. These protocols are not supported by new wifi driver (wifi-qcom and wifi-qcom-ac), which is required on AX devices (and supported on many AC devices). So in short: nstreme and nv2 work on older Mikrotik wifi de...
by mkx
Tue Dec 03, 2024 10:50 pm
Forum: General
Topic: CRS510-8XS-2XQ-IN High CPU Netwoking process
Replies: 11
Views: 1348

Re: CRS510-8XS-2XQ-IN High CPU Netwoking process

CRS devices are essentially switches ... as in L2 devices. Yes, running ROS on them does add L3 (routing), but without careful configuration those functions will be done by (slow) CPU. But: there's L3HW offload and it might work for you. Further reading: https://help.mikrotik.com/docs/spaces/ROS/pag...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 46