Community discussions

MikroTik App

Search found 13774 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 46
by mkx
Fri Feb 07, 2025 6:02 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 109
Views: 37409

Re: Wi‑Fi 7 / 802.11be

You know, when neighbouring guys gather around the BBQ and compare wifi speed between each other? It'll be the same, we'll just have to move to each front porch to hearvthat "Oh, you've got WiFi7. Damn!"
by mkx
Fri Feb 07, 2025 5:43 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 109
Views: 37409

Re: Wi‑Fi 7 / 802.11be

Try 9600 baud modem dialup ... roughly 20 years ago.
More likely 30 years ago. 20 years ago we were already past ISDN (at 2x64kbps) and 2G (with HSCSD/GPRS at around 64kbps) into ADSL (1Mbps/128kbps or something in that ballpark) and (legacy) 3G/UMTS with 384/64kbps speeds.
by mkx
Fri Feb 07, 2025 5:37 pm
Forum: Beginner Basics
Topic: PoE ether 8 for L009UiGS-RM.
Replies: 3
Views: 77

Re: PoE ether 8 for L009UiGS-RM.

I had a while ago a similar problem with wAP AX and L009. wAP AX requires 802.3 at/af. You sure about that? wAP ax ships with (passive PoE injector) RBGPOE and 24V power adapter. In my installation UTP cables cause 1V drop and wAP ax happily humms along with 23V supply volrage: [device] > /system/h...
by mkx
Fri Feb 07, 2025 5:09 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17.2 [stable] is released!

Its going forward when the deployment pipeline starts with routeros versions where the default device-mode does not allow the setting to be changed. The argument reminds me of discussion when devices started to ship with random admin password. Yes, it does hinder automatic configuration and deploym...
by mkx
Fri Feb 07, 2025 4:23 pm
Forum: General
Topic: Upgrading CCR2004
Replies: 4
Views: 127

Re: Upgrading CCR2004

The internal configuration database handling seems to be as clear as mud. It seems to contain some kind of history but it seems that in certain cases it can be cleared. My recent experience: hAP ac2, running 7.17 without wifi/wireless drivers, some 2.7MB flash free. Device did have it's history of u...
by mkx
Fri Feb 07, 2025 2:29 pm
Forum: General
Topic: Re: Backup/ Restore issue and duplicating Ethernet MAC address
Replies: 1
Views: 72

Re: Backup/ Restore issue and duplicating Ethernet MAC address

Backup files are intended to be restored on very same device. They might be restored on different device of very same model ... and if they are used to restore service after hardware breakdown, that works ... by keeping MAC addresses even better, other networked devices even won't notice hardware re...
by mkx
Fri Feb 07, 2025 12:56 pm
Forum: RouterBOARD hardware
Topic: Running out of space on hAP ac2 [SOLVED]
Replies: 77
Views: 24834

Re: Running out of space on hAP ac2 [SOLVED]

Well IMHO, 32MB would have been enough Experience with some newer devices (e.g. Audience) is that even 128MB might not be enough to allow for partitioning ... because upgrade packets get downloaded to flash. If the "RAM-disk as root of storage" strategy was revised to not depend on flash ...
by mkx
Fri Feb 07, 2025 12:17 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

... read other forum topics, where MTik users/admins listed a lot of problematic scenarios, to which the manufacturer did not respond in any meaningful way, or not at all, just repeatedly asking, "what scenario cause problem", we answered most of them with compelling arguments, and that's...
by mkx
Fri Feb 07, 2025 12:01 pm
Forum: Announcements
Topic: v6.49.18 [stable] is released!
Replies: 12
Views: 1857

Re: v6.49.18 [stable] is released!

As always - if a stable version is "okay", then after a while it is re-published as long-term. How long is "after a while"? Last long-term is 6.49.13. Previous stable was 6.49.17, released on 2024-08-07 ... which is quite a bit longer than half a year ago. Are you saying that ha...
by mkx
Thu Feb 06, 2025 10:37 pm
Forum: General
Topic: Switchport Fluke not always working
Replies: 1
Views: 78

Re: Switchport Fluke not always working

The switch data is derived from CDP packets, which are periodically broadcast by switch via all (active) ports. Why fluke received those during one session and not during the other session is beyond my knowledge.
by mkx
Thu Feb 06, 2025 10:28 pm
Forum: General
Topic: Upgrading from V6 to V7...
Replies: 8
Views: 332

Re: Upgrading from V6 to V7...

Is that the case even if I don't use the wireless packages? If you go the upgrade path using ROS buolt-in package updater, then 7.12.1 is required step. It's tge version which "knows" to install separate wireless package, existing from 7.13 onwards (which can then be uninstalled if you do...
by mkx
Thu Feb 06, 2025 10:16 pm
Forum: General
Topic: Restore from RSC
Replies: 12
Views: 489

Re: Restore from RSC

Export of default config creates non-empty RSC.

Which means that such export can't be applied to device with already applied default config - it causes errors about items already existing, etc.

Which in turn means that any exported RSC can only be applied to device with empty config.
by mkx
Thu Feb 06, 2025 8:48 pm
Forum: Beginner Basics
Topic: Mapping 2 different ports range
Replies: 4
Views: 168

Re: Mapping 2 different ports range

Generally, dst-port range has no relation with to-ports range. So I'm affraid that 100 rules it is.
by mkx
Thu Feb 06, 2025 8:44 pm
Forum: Beginner Basics
Topic: How to offer DHCP only on WIFI but not on ether
Replies: 9
Views: 357

Re: How to offer DHCP only on WIFI but not on ether

It may clarify the motive ... but doesn't make it any more doable.

And when I was asking about network description, I had technical details in mind, not sociological description. :wink:
by mkx
Thu Feb 06, 2025 6:49 pm
Forum: Beginner Basics
Topic: DHCP Server setup without WAN [SOLVED]
Replies: 5
Views: 309

Re: DHCP Server setup without WAN [SOLVED]

Bullet #3 is completely unnecessary in your case. If DHCP client was to receive a lease (from another DHCP server in same ethernet network), then other devices, connected to bridged ports, would as well. Since you need DHCP server I'm assuming there is no other DHCP server available, so bullet #3 sh...
by mkx
Thu Feb 06, 2025 6:35 pm
Forum: General
Topic: Restore from RSC
Replies: 12
Views: 489

Re: Restore from RSC

Do i start with the defaul config or an empty/blank/non-existent config? Since default config creates non-empty export, it's a sign that applying it requires blank starting state. And no, you can't instruct ROS to set something statically (e.g. bridge MAC address) without explicitly setting the val...
by mkx
Thu Feb 06, 2025 6:21 pm
Forum: General
Topic: Hw Offloading Vlan between 2 devices
Replies: 7
Views: 535

Re: Hw Offloading Vlan between 2 devices

Your L009 is still slightly faster than CRS when it comes to CPU-based routing/firewalling (according to official test results around 40%), so it still makes sense to use it as border gateway for your home network (while using CRS as core router). Keep in mind that number of L3HW offloaded connectio...
by mkx
Thu Feb 06, 2025 5:56 pm
Forum: General
Topic: Restore from RSC
Replies: 12
Views: 489

Re: Restore from RSC

Exported config is mostly troublesome for setting static MAC addresses. You can simply remove that particular property setting from rsc and ROS will come up with one automatically. For the bridge MAC also remove auto-mac=no setting. You can then manually set MAC addresses later on. Alternatively you...
by mkx
Thu Feb 06, 2025 4:49 pm
Forum: Wireless Networking
Topic: Trying to understand vlan-filtering + datapath.vlan-id in capsman AX
Replies: 6
Views: 1308

Re: Trying to understand vlan-filtering + datapath.vlan-id in capsman AX

Generally with bridge which is vlan enabled, there are two halves of the story, both halves are more or less unrelated (whether more or less depends on some config details): /interface/bridge/port is about ingress. PVID is set there and it affects the ingress untagged frames. If frame-types is set e...
by mkx
Thu Feb 06, 2025 3:57 pm
Forum: Beginner Basics
Topic: How to offer DHCP only on WIFI but not on ether
Replies: 9
Views: 357

Re: How to offer DHCP only on WIFI but not on ether

Generally you don't. DHCP handshake partly works over broadcasts and those pass throughout L2 broadcast domain (and bridge does transparrently join parts of network into same L2 broadcast domain). There are some tricks on how to block DHCP handshake with certain clients or via certain parts of netwo...
by mkx
Thu Feb 06, 2025 1:35 pm
Forum: General
Topic: Hw Offloading Vlan between 2 devices
Replies: 7
Views: 535

Re: Hw Offloading Vlan between 2 devices

One last question, if I setup all like that, does the firewall rules on the L009 still apply between the CRS VLANs? No, inter-VLAN traffic will bypass L009. If you want to control inter-VLAN traffic, you have to do it on CRS .. either routing rules (these are pretty coarse, but consume way less res...
by mkx
Thu Feb 06, 2025 1:17 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17.1 [stable] is released!

So, after remote upgrade to 7.17, install-any-version is disabled and it's impossible to downgrade without physical access if there are any issues found? It's partially true: no, it's not that you can't downgrade, you're just limited to certain minimum version. Default 7.17 setting is allowed-versi...
by mkx
Wed Feb 05, 2025 9:20 pm
Forum: Beginner Basics
Topic: DHCP Server setup without WAN [SOLVED]
Replies: 5
Views: 309

Re: DHCP Server setup without WAN [SOLVED]

Post config of hEX PoE (execute /export in terminal window ...). Without seeing config it's not possible to say what's wrong.

Generally DHCP server doesn't care about availability of WAN.
by mkx
Wed Feb 05, 2025 9:14 pm
Forum: RouterBOARD hardware
Topic: hap ax2 PoE-port suddenly limited to 100Mbps
Replies: 15
Views: 617

Re: hap ax2 PoE-port suddenly limited to 100Mbps

I guess that part of PoE-in, there are capacitors on each line between PoE-in power "ejector" and ethernet transformers. And broken capacitor (not shorted but burned) would effectively isolate that particular line. Or some soldered point simply developed a crack. I don't think it's easy to...
by mkx
Wed Feb 05, 2025 8:00 pm
Forum: RouterBOARD hardware
Topic: Running out of space on hAP ac2 [SOLVED]
Replies: 77
Views: 24834

Re: Running out of space on hAP ac2 [SOLVED]

When you consider that bad, look at my situation: I have a RB4011, once considered to be the flagship home router, 3.5 times as expensive as the ac2, but cannot use the new Wi-Fi driver because 2GHz Wi-Fi does not work then. Well, to paraphrase certain @pe1chl: install wifi-qcom-ac and move it to a...
by mkx
Wed Feb 05, 2025 7:55 pm
Forum: RouterBOARD hardware
Topic: hap ax2 PoE-port suddenly limited to 100Mbps
Replies: 15
Views: 617

Re: hap ax2 PoE-port suddenly limited to 100Mbps

IIRC if pins 4,5,7 or 8 aren't properly connected to the peer, then switch will show only speeds up to 100Mbps as advertised by peer ... even if peer advertises faster speeds. My guess is some (electrical?) damage to ether1. Does PoE-in still work? The passive PoE-in uses same cable pairs as are nee...
by mkx
Wed Feb 05, 2025 7:40 pm
Forum: Wireless Networking
Topic: wifiwave2 connect-list
Replies: 4
Views: 2416

Re: wifiwave2 connect-list

It seems that access-list subtree should allow to set device in station mode to behave similarly to legacy wireless with connect-list, I seem to remember a few discussions about it. Sadly I din't find any useful topic right now ... and I never tried it myself. So let's hope that somebody with right ...
by mkx
Wed Feb 05, 2025 5:23 pm
Forum: RouterBOARD hardware
Topic: Running out of space on hAP ac2 [SOLVED]
Replies: 77
Views: 24834

Re: Running out of space on hAP ac2 [SOLVED]

So... do you suggest that ....

With 16MB ARM devices there are two choices: either run device as wired-only router (by uninstalling either of wireless/wifi drivers) or run device as simple AP without sny kind of routing/firewalling setup.
It's sad, but that's how it is.
by mkx
Wed Feb 05, 2025 5:18 pm
Forum: Wireless Networking
Topic: wifiwave2 connect-list
Replies: 4
Views: 2416

Re: wifiwave2 connect-list

I tried to create a subinterface and make it in station mode.
Only master interface can realistically be used in station mode ... because only master interface can scan frequencies for APs.
by mkx
Wed Feb 05, 2025 2:18 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 1792

Re: A simple WAN/LAN/DMZ VLAN config to start off

As I already explained, VLAN ID 1 is used in implicit configuration which makes it non-obvious and even non-transparent. And that makes it insecure. Having the NoOp VLAN interface again makes things a bit muddy, users who don't understand how bridge and L2HW offload works might jump into wrong concl...
by mkx
Wed Feb 05, 2025 2:03 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17.1 [stable] is released!

... nobody understands the device mode on the routers ... I think many (or even most?) of us understand the device mode but most (almost all?) of us disagree with MT on how to handle upgrades other than netinstall. I guess this is what you're saying as well, but IMO your choice of words makes it so...
by mkx
Wed Feb 05, 2025 1:56 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 1792

Re: A simple WAN/LAN/DMZ VLAN config to start off

Your setup probably works fine for you and I'm glad for it. But the problem is when it gets published as a general template for newcomers to grab and blindly apply. Because generally it has a few problems and those will bite a few of those users. And that's the reason for it getting quite some negat...
by mkx
Wed Feb 05, 2025 1:11 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 1792

Re: A simple WAN/LAN/DMZ VLAN config to start off

Oh, and I forgot, the NoOp VLAN interface gives you a traffic monitor that only includes LAN traffic ... ... if that traffic hits CPU-facing bridge port (either due to being CPU communicating with devices on same VLAN or if it's broadcast traffic). Most of traffic between devices, connected to brid...
by mkx
Wed Feb 05, 2025 12:46 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 1792

Re: A simple WAN/LAN/DMZ VLAN config to start off

Just for illustration: two problems with your template: /interface bridge add ingress-filtering=no name=bridge vlan-filtering=yes /interface vlan add comment="1 LAN" interface=bridge name=lan vlan-id=1 Implicit configuration has bridge CPU-facing port set with pvid=1. Which makes bridge un...
by mkx
Wed Feb 05, 2025 12:33 pm
Forum: Wireless Networking
Topic: Add CAP AX as CAP to RB2011 CapsMan problem
Replies: 3
Views: 1217

Re: Add CAP AX as CAP to RB2011 CapsMan problem

Will it ever be unified into one version? No. It seems that MT will just let the legacy wireless CAPsMAN die of old age together with devices running legacy wireless driver. The main thing of the new wifi CAPsMAN is enhanced mobility (802.11 r/k/v) ... which is not supported by legacy wireless driv...
by mkx
Wed Feb 05, 2025 12:22 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 1792

Re: A simple WAN/LAN/DMZ VLAN config to start off

... VLAN 1 on Mikrotik devices has well-defined behavior. The main point for this particular configuration is that it is transparent. You're right about well-defined behaviour. The problem is that it's not apparent, default VLAN 1 config is not shown in exported config nor in most GUI screens (apar...
by mkx
Wed Feb 05, 2025 11:39 am
Forum: RouterBOARD hardware
Topic: RB951 does not start with poe-in
Replies: 3
Views: 515

Re: RB951 does not start with poe-in

>> PoE switch, 15 watts per port - maybe it is not enough for RB951 to start? RB951Ui is rated for input voltage 10V-28V and "passive PoE" ... So if your switch is 802.3 af (that's consistent with 15W power output), then it is using 48V and has potential to fry your RB951Ui. If your switc...
by mkx
Wed Feb 05, 2025 11:24 am
Forum: Wireless Networking
Topic: All my device prefer 2.4ghz over 5ghz. Mikrotik hap ax2 with capsman.
Replies: 6
Views: 426

Re: All my device prefer 2.4ghz over 5ghz. Mikrotik hap ax2 with capsman.

But some dual-band devices prefer 2.4GHz and don't roam to 5GHz if they're left to their own will and no amount of support for WiFi mobility (802.11 r/k/v) changes that. One example of such devices is Huawei MediaPad T5 ... which does work with 5GHz-only SSIDs just fine.
by mkx
Wed Feb 05, 2025 11:16 am
Forum: General
Topic: Undefined behavior & lost traffic on devices with switch without bridge VLAN offloading
Replies: 3
Views: 383

Re: Undefined behavior & lost traffic on devices with switch without bridge VLAN offloading

@mkx: And, as I already mentioned, the idea is to have gridge as complete as it gets. If certain L2 functions have to be configured elsewhere this doesn't mean that bridge can be left only partially built This is exactly my point here - the bridge makes sense if you want bridge on the CPU side. How...
by mkx
Wed Feb 05, 2025 11:05 am
Forum: General
Topic: Test Results for L3HW routing missing for CRS326-24S+2Q+RM
Replies: 1
Views: 168

Re: Test Results for L3HW routing missing for CRS326-24S+2Q+RM

is there a reason why there are no L3 hardware offloaded tests here: So far it seems that official benchmark is only done when device is introduced and they are not re-done after that. So it is likely that L3HW did not exist in ROS when CRS326 was introduced and they could not test it. The fact tha...
by mkx
Wed Feb 05, 2025 10:47 am
Forum: General
Topic: Hw Offloading Vlan between 2 devices
Replies: 7
Views: 535

Re: Hw Offloading Vlan between 2 devices

You want L3HW offload functional on CRS, so study this help document: https://help.mikrotik.com/docs/spaces/ROS/pages/62390319/L3+Hardware+Offloading You'll have to add IP address to every VLAN where you want CRS to route between. And set devices in those VLANs to use CRS's address as default gatewa...
by mkx
Wed Feb 05, 2025 10:34 am
Forum: Beginner Basics
Topic: Point to Point SXTsq 200m apart
Replies: 15
Views: 5763

Re: Point to Point SXTsq 200m apart

What folder is the config in?
The running config is on the part of built-in storage which is not accessible for users. So you can't delete it just like that.
by mkx
Wed Feb 05, 2025 10:30 am
Forum: Beginner Basics
Topic: DHCP Relay VS Bridge
Replies: 3
Views: 279

Re: DHCP Relay VS Bridge

I forgot to add that users will get dynamic VLAN assignemt from RADIUS server.

Which means that VLANs are in the mix already. IMO another point in favour of VLAN-enabled bridges (and against DHCP relay).
by mkx
Wed Feb 05, 2025 10:10 am
Forum: Beginner Basics
Topic: Slow Network Speeds via MikroTik CRS304-4XG
Replies: 2
Views: 170

Re: Slow Network Speeds via MikroTik CRS304-4XG

... but now I have an issue with excessive retries. Retransmissions are one of ways for TCP to throttle back. And they indicate that it's not the first leg from transmitter which has (performance) problems. You can try with UDP connectivity ... start with modest bandwidth setting (e.g. 2Gbps) and g...
by mkx
Tue Feb 04, 2025 8:19 pm
Forum: General
Topic: Very slow download speed - Please help!
Replies: 11
Views: 554

Re: Very slow download speed - Please help!

It would be under Tx stats and Rx stats ...
by mkx
Tue Feb 04, 2025 8:11 pm
Forum: General
Topic: Very slow download speed - Please help!
Replies: 11
Views: 554

Re: Very slow download speed - Please help!

IMO configuration from your latest post doesn't explain the extremely low throughput in download direction.

Can you check the stats on ether1 port? Does it show any errors?
by mkx
Tue Feb 04, 2025 8:00 pm
Forum: General
Topic: Free Up Space [SOLVED]
Replies: 1
Views: 219

Re: Free Up Space [SOLVED]

Netinstall is the only way out.
by mkx
Tue Feb 04, 2025 6:59 pm
Forum: Beginner Basics
Topic: DHCP Relay VS Bridge
Replies: 3
Views: 279

Re: DHCP Relay VS Bridge

If you can use one VLAN per building ... and bring them to main router, then this would give you most flexibility ... building routers would become switches (bridges). With bridge there might be more traffic on the connection towards main router (broadcasts mainly) then with routed traffic. If capac...
by mkx
Tue Feb 04, 2025 6:13 pm
Forum: General
Topic: Very slow download speed - Please help!
Replies: 11
Views: 554

Re: Very slow download speed - Please help!

Disabling fasttrack can have "delayed effect", the existing connectiins are still fasttracked. It's best to reboot router to get things reset to (new) settings. BTW, your router's test results indicate routing speed at around 900Mbps. But depending on actual configuration it can be much lo...
by mkx
Tue Feb 04, 2025 5:50 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax what Antenna Ports?
Replies: 11
Views: 2944

Re: Chateau LTE18 ax what Antenna Ports?

So it would be a bad thing to plop an antenna like this on my roof, attach it to ANT2 and call it a day? https://www.pctel.com/antenna-product/wlq-4g-directional-cellular-antenna-2g-3g-4g-5g-nb-iot-m2m-smart-city-smart-metering-sma/ Because the receiver hardware expects a certain signal from the bu...
by mkx
Tue Feb 04, 2025 5:29 pm
Forum: General
Topic: Very slow download speed - Please help!
Replies: 11
Views: 554

Re: Very slow download speed - Please help!

Mangle rules and fasttrack don't cooperate. So disable the fasttrack rule in firewall filter.
by mkx
Tue Feb 04, 2025 5:22 pm
Forum: General
Topic: Undefined behavior & lost traffic on devices with switch without bridge VLAN offloading
Replies: 3
Views: 383

Re: Undefined behavior & lost traffic on devices with switch without bridge VLAN offloading

The basic idea, mentioned everywhere in the docs, is that switched ports are members of bridge. The fact, that it works for you if not all ports are bridge members, is some kind of gray area ... and hence behaviour might change from version to version. And yes, it is normal that bridge config does a...
by mkx
Tue Feb 04, 2025 1:12 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax what Antenna Ports?
Replies: 11
Views: 2944

Re: Chateau LTE18 ax what Antenna Ports?

With MIMO radio systems (WiFi from N onwards, mobile broadband from 4G/LTE onwards) the distinction between "main" antenna and "aux"/"diversity" antenna doesn't exist any more. All antennas are equally important. Some chipsets/drivers simply hate it when signal levels, ...
by mkx
Tue Feb 04, 2025 11:55 am
Forum: General
Topic: Hw Offloading Vlan between 2 devices
Replies: 7
Views: 535

Re: Hw Offloading Vlan between 2 devices

Some basics: L2 offload works between different ports within same VLAN. Router is needed to pass between different VLANs. Only a few devices can do L3 (routing) HW ofgload and it'll work if that device is set up as router and other devices use it as their gateway. So it won't work by simply dropping...
by mkx
Tue Feb 04, 2025 11:32 am
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 914

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

**... it also means if you add a new bridge at the CLI — either from blank or even a 2nd bridge — any new bridge added will have auto-mac=yes ... which will use lowest MAC address as the bridge MAC automatically. With a pretty convoluted config this will end up having multiple bridges with same MAC...
by mkx
Tue Feb 04, 2025 10:51 am
Forum: Beginner Basics
Topic: Simple AP Bridge setup
Replies: 29
Views: 103354

Re: Simple AP Bridge setup

I'd explicitly add all interfaces as bridge ports onenvy one instead of using interface=all. It might or might not make any difference.
by mkx
Mon Feb 03, 2025 10:09 am
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 914

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

QuickSet is supported as far as initial/simple setup. If you have to set up anything outside QuickSet, you should never ever return to QuickSet page. Not even for unrelated things.
by mkx
Mon Feb 03, 2025 10:05 am
Forum: General
Topic: parsing the log for out:(unknown 0) is a disaster
Replies: 3
Views: 341

Re: parsing the log for out:(unknown 0) is a disaster

So why is this interface listed when the dropped packet does not pass this interface ? Because egress interface is not known when FW drops connection/packet. Why? It depends on rule itself and L3 networks layout on your router. So without knowing that and full log line it's impossible for us to tel...
by mkx
Mon Feb 03, 2025 9:54 am
Forum: Beginner Basics
Topic: Cannot change boot mode to SwOS
Replies: 4
Views: 420

Re: Cannot change boot mode to SwOS

Under device mode, you need routerboard=yes to be able to change anything in routerboard config menu.
by mkx
Sun Feb 02, 2025 7:57 pm
Forum: Beginner Basics
Topic: How to set up VLAN to pass traffic through a managed switch? [SOLVED]
Replies: 43
Views: 4536

Re: How to set up VLAN to pass traffic through a managed switch? [SOLVED]

However, connecting to the guest and iot WiFi doesn't grant me access to the internet now. Could be it's because you're blocking access to DNS server on router itself from !LAN subnets (blocked by general "drop input all not from LAN"). You'll have to create allow rules for both TCP and U...
by mkx
Sun Feb 02, 2025 7:30 pm
Forum: General
Topic: ethernet port on Guest Network [SOLVED]
Replies: 10
Views: 713

Re: ethernet port on Guest Network [SOLVED]

You've got this right (as far the scope of this topic).
by mkx
Sun Feb 02, 2025 7:26 pm
Forum: General
Topic: Cannot change back the CPU frequency [SOLVED]
Replies: 11
Views: 718

Re: Cannot change back the CPU frequency [SOLVED]

... but then it shouldn't allowed me to change the frequency from "Auto" in the first place.

At which ROS version did you set CPU frequency to 1400MHz? Versions lower than 7.17 allowed that without a hiccup ...
by mkx
Sun Feb 02, 2025 6:16 pm
Forum: Wireless Networking
Topic: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?
Replies: 6
Views: 896

Re: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?

It was a constant traffic (60-180kb/s) with no clients on CAP, too. Hmmm ... are you sure that it's all CAP<->CAPsMAN traffic? I just checked in my network with 2 CAPs (one Audience, one wAP ax) and CAPsMAN (hAP ac2 without wifi-qcom-ac driver, so essentially wired router) .... and traffic on manag...
by mkx
Sun Feb 02, 2025 6:08 pm
Forum: Wireless Networking
Topic: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?
Replies: 6
Views: 896

Re: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?

Why did they add this kind of status message, if local forwarding is the default and the only one mode in wifi-qcom-ac...? :D It's very misleading... I disagreeabout being misleading. It's saying that "traffic is bring processed on CAP". I guess they added the message to always inform use...
by mkx
Sun Feb 02, 2025 6:00 pm
Forum: Wireless Networking
Topic: 7.17.1
Replies: 2
Views: 480

Re: 7.17.1

Technically yes.

It largely depends on currently running version of ROS how exactly the installation will go.
by mkx
Sun Feb 02, 2025 5:55 pm
Forum: General
Topic: 1.3km Possible?
Replies: 49
Views: 2052

Re: 1.3km Possible?

One of the reasons I like the 300' roll is the lack of joints. When they laid GPON in my area, they joined shorter stretches of protective tubes into approx 1km stretches ... where they put in shallow shafts ... concrete sections of pipes placed verically,1m deep and 50cm of diameter (covered with ...
by mkx
Sun Feb 02, 2025 5:26 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 813

Re: hAP Lite, recoverable??

You'll have to press that button to get your device into netinstall mode ... and that involves prolonged depression of button. So you can start practicing :wink: As to netinstall machine: if you have access to a x86 laptop (regardless OS), you can try to boot it off a live linux USB stick ... with s...
by mkx
Sun Feb 02, 2025 5:19 pm
Forum: General
Topic: ATL suddenly says "sim not present"
Replies: 19
Views: 946

Re: ATL suddenly says "sim not present"

Could be temperature related ... IIRC your ATL is high in the mountains where night temperatures might be quite low. And if some moisture entered ATL, it could add water condensation to the "happy mix".
by mkx
Sun Feb 02, 2025 5:15 pm
Forum: General
Topic: 1.3km Possible?
Replies: 49
Views: 2052

Re: 1.3km Possible?

With the short distance, you can go for a super flexible multimode ... @OP mentioned 1.3km distance ... and that's direct distance. Which is way longer than 550m limit for multimode fiber. So if @OP decides for digging, it should be single-mode ... which is most often laid inside protective tube. D...
by mkx
Sun Feb 02, 2025 4:58 pm
Forum: General
Topic: 2gws, slowly internet [SOLVED]
Replies: 7
Views: 683

Re: 2gws, slowly internet [SOLVED]

My main suspect is fastrack too, but there is no option to disable fastrack via Winbox. It's a firewall filter rule with action=fasttrack-connection ... disable it (or remove it). Just beware, existing connections, which are already fasttracked, will remain fasttracked even if said rule is disabled...
by mkx
Sun Feb 02, 2025 3:54 pm
Forum: General
Topic: ethernet port on Guest Network [SOLVED]
Replies: 10
Views: 713

Re: ethernet port on Guest Network [SOLVED]

So any ideas on why going from tagged to untagged worked? My Virtual Wireless interfaces are tagged, but my ethernet interface is untagged. I would be grateful for help in understanding this. The tagged/untagged setting is about how frames are seen on the cable side of ethernet port. Unless device,...
by mkx
Sun Feb 02, 2025 3:48 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 813

Re: hAP Lite, recoverable??

So your hAP ac lite still has some config but seems not all of it. But who knows which part of config still works (or messes with you). First option is to perform configuration reset ... if that one fails, it's netinstall time. I'm just mentioning reset because of your "mac only" handicap ...
by mkx
Sat Feb 01, 2025 10:33 pm
Forum: RouterBOARD hardware
Topic: RB951 does not start with poe-in
Replies: 3
Views: 515

Re: RB951 does not start with poe-in

What exactly are the symptoms? Device doesn't show any signs of life? Or device starts to do something but never boots up properly? If the later: devices often draw more power at boot time than later when operating normally. Inadequate power source might not be able to provide power needed for booti...
by mkx
Sat Feb 01, 2025 10:13 pm
Forum: Wireless Networking
Topic: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?
Replies: 6
Views: 896

Re: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?

@kovacspro are you saying that with 7.16.2 you don't see traffic between CAP s and CAPsMAN on port 5246?

In principle there will be some traffic between them due to station steering etc. Quite probably station registration is also controlled by CAPsMAN and possibly other things.
by mkx
Sat Feb 01, 2025 9:56 pm
Forum: Beginner Basics
Topic: How to set up VLAN to pass traffic through a managed switch? [SOLVED]
Replies: 43
Views: 4536

Re: How to set up VLAN to pass traffic through a managed switch? [SOLVED]

You adapt CAPsMAN configuration to VLANs, not the other way around. So do the VLANs properly first, then worry about CAPsMAN. And yes, if one doesn't know exactly what he's doing, he will break things ... and probably break them hard. So it's questionable if it's worth doing things only partially in...
by mkx
Sat Feb 01, 2025 2:18 pm
Forum: General
Topic: RSTP Issue
Replies: 4
Views: 456

Re: RSTP Issue

Genrally multiple bonds work fine on ROS devices. So it might be domething about how you set them up ... both on CCR and both CRSes.

If you post config from all 3 devices (the /interface part will probably be enough), we may spot domething off ...
by mkx
Sat Feb 01, 2025 1:22 pm
Forum: Beginner Basics
Topic: CRS305 1G+4S+ not working after SwOS version 2.17 update.
Replies: 3
Views: 483

Re: CRS305 1G+4S+ not working after SwOS version 2.17 update.

Settings in ROS and SwOS are completely separate, as if they were running on different devices.

IP address shown as 0.0.0.0 is s sign of no address at all (it's just the way of winbox saying it doesn't have any information about that).
by mkx
Sat Feb 01, 2025 1:20 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

... IGMP snooping on both bridges and both devices on the latest 7.18-beta4

RAs are multicast ... so IGMP snooping might be playing foul game here. Try to disable it to see if that's the case.
by mkx
Sat Feb 01, 2025 1:17 pm
Forum: Beginner Basics
Topic: Forum rules
Replies: 35
Views: 144686

Re: Forum rules

Che differenza fa?
[What difference does it make?]
My ego isn't getting food to grow ...
by mkx
Fri Jan 31, 2025 10:49 pm
Forum: General
Topic: echo: system,error,critical could not save configuration changes, not enough storage space available.
Replies: 17
Views: 2745

Re: echo: system,error,critical could not save configuration changes, not enough storage space available.

that gave me healthy 2.8MB of free space before filling up the address lists ok, and that amount of free space does not "autonomously" change, i.e. remains the same unless you cnahge something in the configuration? The free space remained constant for some 4 months while running 7.16 (wit...
by mkx
Fri Jan 31, 2025 9:37 pm
Forum: General
Topic: echo: system,error,critical could not save configuration changes, not enough storage space available.
Replies: 17
Views: 2745

Re: echo: system,error,critical could not save configuration changes, not enough storage space available.

As in "the wifi-qcom-ac driver may have nothing to do with that". In my particular case the reason was obvious: with advent of 7.13 I felt adventurous and went ahead with replacing wireless with wifi-qcom-ac. After installation of base ROS and wifi-qcom-ac package only some 300kB of flash...
by mkx
Fri Jan 31, 2025 8:29 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17 [stable] is released!

The big problem of hAP ac2 and wifi-qcom-driver is lack of flash storage. @mkx, would you mind creating a dedicated topic to discuss the points above outside this 7.17.x related one? Actually I do. My use case for my hAP ac2 doesn't require any wireless driver and it's not available for experimenti...
by mkx
Fri Jan 31, 2025 3:39 pm
Forum: Wireless Networking
Topic: HAPax3 WiFi 2GHz Interface Not Running
Replies: 5
Views: 1048

Re: HAPax3 WiFi 2GHz Interface Not Running

And ... what does /log/print have to say about 2.4GHz interface?
by mkx
Fri Jan 31, 2025 3:23 pm
Forum: General
Topic: rb4011 bad irq to cpu affinity
Replies: 2
Views: 530

Re: rb4011 bad irq to cpu affinity

It's actually a bug in how GUIs (both winbox and webfig) handles missing information. If you check IRQ distribution in CLI, you may see something like this: [device] > /system/resource/irq/print Flags: o - READ-ONLY Columns: IRQ, USERS, CPU, ACTIVE-CPU, COUNT # IRQ USERS CPU ACTIVE-CPU COUNT 0 o 20 ...
by mkx
Fri Jan 31, 2025 3:10 pm
Forum: General
Topic: How to secure DarkFiber between 2 MikroTik
Replies: 17
Views: 4001

Re: How to secure DarkFiber between 2 MikroTik

Its strange that MT's favorite chip supplier MARVELL didn't offer MT one of there chips that has MACSEC integrated, as they have boat-loads of supported switching chips with it available. I'm pretty sure that Marvell isn't denying MT to use some of their MACSEC-enabled switch chips ... it's probabl...
by mkx
Fri Jan 31, 2025 3:07 pm
Forum: General
Topic: received NAK from dhcp server
Replies: 7
Views: 2047

Re: received NAK from dhcp server

Re blocking: since DHCP is typically done inside L2 broadcast domain, DHCP handshake doesn't go past routers. Which generally means that any DHCP handshake with ZTE thingy will generally originate from router itself (and not from some devices, connected to router's LAN segment). Unless you have all ...
by mkx
Fri Jan 31, 2025 3:01 pm
Forum: General
Topic: Mikrotik RB4011 - IPTV
Replies: 4
Views: 450

Re: Mikrotik RB4011 - IPTV

You need to find out how exactly your ISP delivers internet (you're mentioning PPPoE so this probably says it all) and how IPTV. Then you need to find out how ONT gets configured the ports. And you need to find out if IPTV boxes require untagged IPTV.

Then we'll be able to discuss things.
by mkx
Fri Jan 31, 2025 2:55 pm
Forum: General
Topic: ipv6 address in DDNS
Replies: 3
Views: 379

Re: ipv6 address in DDNS

... you normally get a /64 or /52 prefix that is enough for all your connected devices. /64 is most often not enough ... each LAN subnet needs separate /64 prefix while those brain-dead ISP who provide only /64 prefix often require that router uses one address from the same prefix on WAN interface ...
by mkx
Fri Jan 31, 2025 2:49 pm
Forum: General
Topic: Running DSNAKE protocol over two switches
Replies: 3
Views: 372

Re: Running DSNAKE protocol over two switches

I can't comment on 100BaseTx and SFP modules. So it remains to comment on compatibility with MT gear: if their solutions are truly L2 compatible with ethernet, then it shouldn't be a problem at all to use any kind of ethernet switch in between (apart from the timing constraints ... every switch can ...
by mkx
Fri Jan 31, 2025 2:39 pm
Forum: Beginner Basics
Topic: CRS305 1G+4S+ not working after SwOS version 2.17 update.
Replies: 3
Views: 483

Re: CRS305 1G+4S+ not working after SwOS version 2.17 update.

Try to use winbox and MAC access to device. It could be that default ROS config was deleted from your devices for some reason which would lead to device not being set up with any IP address. Winbox MAC connection works fine in such case.
by mkx
Fri Jan 31, 2025 2:34 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17 [stable] is released!

Do you have please any feedback how hap ac2 "cooperates" with 7.17+wifiwave2 ? I have some spare devices which i need to deploy, thinking about this config+capsman for one AP. Im just wondering how does it perform (registered in this topic some reboot issues during beta phase). The big pr...
by mkx
Fri Jan 31, 2025 2:22 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

You can display the defconf using: /system/default-configuration/print The fasttrack rule does not exist in the default configuration (you have to create it), it is not clear to me in which position it should go. If you follow advice by @pe1chl, you'll place it as the very first rule in chain=forwa...
by mkx
Thu Jan 30, 2025 9:11 pm
Forum: General
Topic: Running DSNAKE protocol over two switches
Replies: 3
Views: 372

Re: Running DSNAKE protocol over two switches

Disclaimer: I don't know a thing about dSNAKE. Once I had a closer look at a pair of USB/DP extender which uses UTP cables between them. They speak ethernet frames, so placing switch in between (with dedicated VLAN as well) still allowed them to communicate. Even though officially using ethernet swi...
by mkx
Thu Jan 30, 2025 8:53 pm
Forum: Beginner Basics
Topic: Locally administered MAC addresses
Replies: 3
Views: 477

Re: Locally administered MAC addresses

You're right, config doesn't contain anything which would explain behaviour you're observing.
by mkx
Thu Jan 30, 2025 12:22 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17 [stable] is released!

Writing that mikrotik locked out 3rd party OSes is quite a heavy statement. Not publishing bootloader specs is effectively the same thing as locking out IMO "locking out" is deliberate and active act, "not publishing" can only be called "negligence" towards 3rd parties...
by mkx
Thu Jan 30, 2025 11:56 am
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17 [stable] is released!

Mikrotik locked out 3rd party OS with RouterBOARD firmware version 7... Writing that mikrotik locked out 3rd party OSes is quite a heavy statement. Judging on MT's track record I'd rather say that with v7 MT introduced changes in routerboot (OS loader) which are in a way incompatible and nobody rev...
by mkx
Thu Jan 30, 2025 10:40 am
Forum: Beginner Basics
Topic: Locally administered MAC addresses
Replies: 3
Views: 477

Re: Locally administered MAC addresses

Is your CRS running ROS or SwOS? In principle devices running ROS don't have problems with LLAs. Unless there's some config interfering. You may post switch config so we can check for anything suspicious (execute /export file=anynameyouwish in terminal window, fetch file off device, open it with a t...
by mkx
Wed Jan 29, 2025 9:11 pm
Forum: General
Topic: echo: system,error,critical could not save configuration changes, not enough storage space available.
Replies: 17
Views: 2745

Re: echo: system,error,critical could not save configuration changes, not enough storage space available.

Your switch is one of devices with too little flash space ... and since you need optional package wireless to run old CAPsMAN, you'll have to consider moving legacy CAPsMAN elsewhere (and uninstall wireless package from switch). You can set up legacy CAPsMAN on one of devices which are currrenty CAP...
by mkx
Wed Jan 29, 2025 8:40 pm
Forum: General
Topic: High CPU usage
Replies: 12
Views: 763

Re: High CPU usage

/ip fi co tr pr IMO your post would be much better if you used full commands and properties instead of these obfuscated code snippets. If not for other thing, these snipets might stop working if some future ROS would add new configuration branch/command with name beginning with same two characters ...
by mkx
Wed Jan 29, 2025 6:48 pm
Forum: General
Topic: CCR2116 - Wrong traffic per vlan/port
Replies: 2
Views: 344

Re: CCR2116 - Wrong traffic per vlan/port

VLAN traffic is traffic between device's IP stack and that device. If device is used as a switch, then traffic shown for VLAN interfaces will be low.

Or is sfp-sfpplus1 being used in a "router on a stick" manner?
by mkx
Wed Jan 29, 2025 6:43 pm
Forum: Beginner Basics
Topic: Connecting mAP lite to a switch
Replies: 12
Views: 1497

Re: Connecting mAP lite to a switch

- why use interface lists without firewall ? Also conceptually, why connect WAN interface to bridge ? There is no WAN since everything is to be bridged... Even if we put concepts aside ... script makes both wlan1 and ether1 bridge ports ... and it's wrong to use slave interfaces (i.e. btidge ports)...
by mkx
Wed Jan 29, 2025 6:20 pm
Forum: General
Topic: Blocking admin services - Firewall rules
Replies: 15
Views: 1116

Re: Blocking admin services - Firewall rules

It's perfectly fine to obfuscate sensitive parts of config ... if that's done in consistent matter .... e.g. replace actual IP address with, say, X.Y.Z.W ... as long as all occurences of same IP address is replaced by same string of characters. And if you have different IPs, obfuscate them with diff...
by mkx
Wed Jan 29, 2025 4:14 pm
Forum: Beginner Basics
Topic: POE INJECTION
Replies: 10
Views: 860

Re: POE INJECTION

I thought that the new PoE switches were "smart" using “active” PoE (802.11af)and could negotiate power requirements with their "end user", so would automatically cater for 48V-12V step-down. Standard 802.3 af/at/bt/... PoE specifies voltage around nominal value of 48V (dependin...
by mkx
Wed Jan 29, 2025 3:53 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

Not saying it's not already ... but defconf is only applied when device is reset to factory defaults (where "factory" part is a bit misleading because it's not config applied in factory when manufacturing device, it's config set as default in any particular ROS version). I am still hoping...
by mkx
Wed Jan 29, 2025 3:41 pm
Forum: General
Topic: received NAK from dhcp server
Replies: 7
Views: 2047

Re: received NAK from dhcp server

It's perfectly normal for DHCP client to try to renew DHCP lease after half of lifetime expires. When doing it, DHCP client offers to renew lease with its current IP address. Normally DHCP server ACKs that and thing is done for another half of lease lifetime. DHCP server may decide to NAK client's &...
by mkx
Wed Jan 29, 2025 12:32 pm
Forum: General
Topic: MAC address table [SOLVED]
Replies: 6
Views: 835

Re: MAC address table [SOLVED]

Both tables, mentioned by @panisk0 ... with addition of /interface/ethernet/switch/host ... are serving different roles: /ip/arp (and /ipv6/neighbor for IPv6) lists hosts with which IP (or IPv6) stack of router communicated in near past. It contains both IP (or IPv6) address and MAC address of that ...
by mkx
Wed Jan 29, 2025 12:23 pm
Forum: General
Topic: MLAG and frame-types for the bridge-interface?
Replies: 3
Views: 502

Re: MLAG and frame-types for the bridge-interface?

If you set frame-types=admit-only-vlan-tagged , then pvid property of bridge port is entirely ignored ... so you can either leave it unset (in which case default setting of pvid=1 remains) or you can set it to some distinct unused value to have visual cue about that. Just be careful if you set same ...
by mkx
Wed Jan 29, 2025 10:57 am
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17 [stable] is released!

Download from ... FAILED: Idle timeout - receiving content
executing script ... from scheduler failed, please check it manually

What a meaningful trouble report. No context, no nothing. Damn, my crystal ball failed again.
by mkx
Wed Jan 29, 2025 10:56 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

Please add fasttrack ipv6 in defconf Not saying it's not already ... but defconf is only applied when device is reset to factory defaults (where "factory" part is a bit misleading because it's not config applied in factory when manufacturing device, it's config set as default in any parti...
by mkx
Wed Jan 29, 2025 10:42 am
Forum: General
Topic: MLAG and frame-types for the bridge-interface?
Replies: 3
Views: 502

Re: MLAG and frame-types for the bridge-interface?

If vlan-filtering on bridge is disabled, then all the vlan-related stuff is ignored by bridge. Which means that PVID won't get applied to untagged frames on ingress, VLAN headr won't be stripped on egress and no vlan-filtering is done (so effectively as frame-types=admit-all and allowed VLANs are 1-...
by mkx
Wed Jan 29, 2025 10:32 am
Forum: General
Topic: ESP32 CYD as a display for data traffic
Replies: 3
Views: 531

Re: ESP32 CYD as a display for data traffic

1. The interface to monitor is eth1 which has id 0, if I configure "const int graph_interface = 0" esp32 show me only a black screen; Index numbers (e.g. 0, 1, ...) ... are only valid after executing print command ... and are valid only until another print command is executed (even if in ...
by mkx
Wed Jan 29, 2025 10:23 am
Forum: General
Topic: Multiple AP's with same SSID, specify BSSID
Replies: 7
Views: 5521

Re: Multiple AP's with same SSID, specify BSSID

In principle it's possible to force device to connect to specific BSSID using ACL (in wifi/access-list) ... setting station-roaming=no to configuration does help afterwards (so that station doesn't even consider roaming to another BSSID).
by mkx
Wed Jan 29, 2025 8:51 am
Forum: General
Topic: Is there a reason the IPv6 subnets are not sequential?
Replies: 1
Views: 387

Re: Is there a reason the IPv6 subnets are not sequential?

Prefixes are handed out by pool sequentially. And ROS somehow remembers their assignment ... which is good because generally same prefixes are reassigned to same interface (e.g. after reboot). So it seems that while you were playing (or should we say: learning), some prefixes were assigned to interf...
by mkx
Wed Jan 29, 2025 8:43 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

Because this time with device-mode s–t no one want lock his devices, so less persons than before do tests... I almost don't want to report this... But noticed "cloud" or "file-share" are not selectable in device-mode. I agree with complaint about "cloud" not being sele...
by mkx
Tue Jan 28, 2025 10:08 pm
Forum: SwOS
Topic: Packet loss on mirror port on CRS326-24G-2S+ Rev. 2
Replies: 4
Views: 2461

Re: Packet loss on mirror port on CRS326-24G-2S+ Rev. 2

Excellent analysis. I dont know, why the packet loss is higher, when I download from my gamer than my laptop. My guess: it's likely that your gamer is pretty much faster than your laptop, so it could ACK packets with considerably lower latency ... and hence use (a bit) more of available bandwidth. I...
by mkx
Tue Jan 28, 2025 9:01 pm
Forum: General
Topic: Blocking admin services - Firewall rules
Replies: 15
Views: 1116

Re: Blocking admin services - Firewall rules

While waiting for config: generally it's good practice (required actually) to drop everything except bare minimum of allowed services (e.g. wireguard/IPsec tunnels from whitelisted remote addresses). And it's normal not to log dropped attempts ... because those log entries don't give any information...
by mkx
Tue Jan 28, 2025 9:00 am
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 1420

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

... and I think I have Rule #7:
I agree ...
by mkx
Mon Jan 27, 2025 3:00 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17 [stable] is released!

After reading this thread... I'm wondering... does Mikrotik actually TEST these updates on *actual* devices? As always: some tens of users, who have problems after upgrade, did come here and report problems. Hundreds (thousands), who upgraded and didn't have any problems, didn't write any praise. M...
by mkx
Mon Jan 27, 2025 9:28 am
Forum: General
Topic: Hotspot problem - /flash directory created
Replies: 8
Views: 1109

Re: Hotspot problem - /flash directory created

Directory flash/ is present on devices with less than 64MB flash disk and more than 64MB RAM ... where root of file storage is on RAM disk instead of flash. On those systems, the remaining portion of flash disk is mounted under flash directory (and is thus root of non-volatile storage). Since RB5009...
by mkx
Mon Jan 27, 2025 8:43 am
Forum: RouterBOARD hardware
Topic: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)
Replies: 12
Views: 6661

Re: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)

The FTC21 appears to be a 48v native device (and offers some more functions if you need it). It seems as 48V native as FTC11 ... both support passive PoE as well (FTC11 goes lower with minimum voltage). It's only that FTC21 seems to properly support 802.3 af/at (possibly both Alternatives as a dece...
by mkx
Mon Jan 27, 2025 8:40 am
Forum: RouterBOARD hardware
Topic: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)
Replies: 12
Views: 6661

Re: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)

Following up on this: Yes, it is poorly written. I reached out to Mikrotik and they explicitly suggested that I should use a crossover cable. I guess that everybody is puzzled as to how the "crossover" cable could possibly work in this scenario. The thing is the following: in normal cable...
by mkx
Mon Jan 27, 2025 8:15 am
Forum: General
Topic: What to buy
Replies: 31
Views: 1573

Re: What to buy

What @normis is saying (but in more words): in principle every device, running ROS, offers same functionality (apart from models with 16MB flash which is tight and doesn't allow to install all the optional ROS packages). But devices differ wildly when it comes to capacity when running those function...
by mkx
Mon Jan 27, 2025 8:09 am
Forum: Beginner Basics
Topic: Enable wireless wlan1 for a CRS109 cAP [SOLVED]
Replies: 3
Views: 809

Re: Enable wireless wlan1 for a CRS109 cAP [SOLVED]

Hmmm ... did you try to enable the wifi1 interface on CRS? I think this is one of "settings", which can be set on CAP itself and are in power even if interface is provisioned/controlled by CAPsMAN.
by mkx
Sun Jan 26, 2025 9:04 pm
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 1420

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

Even with just two, 8631, EEB5, CA8E, 468F are nowhere to be found in this list: Right, these are all locally administered MAC addresses . So it's anybody's guess where they are coming from, could be ROS as well. Let me know if this approach is indeed the right one. Yes, it is the right approach.
by mkx
Sun Jan 26, 2025 8:49 pm
Forum: Wireless Networking
Topic: Dual-band wireless repeater
Replies: 5
Views: 631

Re: Dual-band wireless repeater

What do you mean by "the same generation of drivers"? Either legacy wireless ... which is required on older generation of hardware, up to and (mostly) including AC. Or wifi (in particular either wifi-qcom and wifi-qcom-ac) ... which is rewuired on newest generatiin of devices ... AX and s...
by mkx
Sun Jan 26, 2025 8:34 pm
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 1420

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

After discussing with someone on the forum, it seems we’re not supposed to create multiple bridges. I don’t understand—why allow the possibility to do so then? It is possible and legitimate to create multiple bridges ... it's just that since ROS version 6.42 or there abouts (which added vlan-filter...
by mkx
Sun Jan 26, 2025 7:57 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

The whole concept of templates is riddled with bugs. Another one is that winbox will not keep inheritance of parameters from templates, it will just copy them (e.g. into the connection). The problem is similar with templates/profiles under /interface/wifi and is not exclusive for winbox ... in CLI ...
by mkx
Sun Jan 26, 2025 4:03 pm
Forum: General
Topic: New capsman and eoip cap help
Replies: 5
Views: 550

Re: New capsman and eoip cap help

As far as my experience goes, there are two things: capsman has to listen on interface where cap will eventually try to connect (see next bullet). Most often that's management interface but can ve multiple. They are set in /interface/wifi/capsman/set interfaces=<interface1>,<interface2> ... cap devi...
by mkx
Sun Jan 26, 2025 11:44 am
Forum: SwOS
Topic: Packet loss on mirror port on CRS326-24G-2S+ Rev. 2
Replies: 4
Views: 2461

Re: Packet loss on mirror port on CRS326-24G-2S+ Rev. 2

I have no experience with Securityonion, so I'm just speculating here ... Are you sure that the mini PC is able to process in real time whatever software requires? Unlike actual HTTP/FTP/etc protocol between client and server, where any of parties can slow down the transfer, your "sniffer"...
by mkx
Sun Jan 26, 2025 11:26 am
Forum: Wireless Networking
Topic: Dual-band wireless repeater
Replies: 5
Views: 631

Re: Dual-band wireless repeater

This is feasible way of doing it. As to wifi radio modes ... it's up to you, constraints are: both AP and station have to run same generation of drivers (wifi or wireless), mixed drivers are not compatible in station -bridge mode. Since each device can only run one generation of drivers, in case dep...
by mkx
Sat Jan 25, 2025 7:43 pm
Forum: Wireless Networking
Topic: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)
Replies: 13
Views: 2550

Re: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)

So does that mean there’s basically no difference in this particular scenario between using a wAP ax or the MikroTik Wireless Wire with 60 GHz? If you're thinking about going through concrete floors/ceilings, then lower frequency is likely to fare better ... and IMO 60GHz is guaranteed to go nowher...
by mkx
Sat Jan 25, 2025 7:38 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 1637

Re: speed problem with Mikrotik Hex model RB750Gr3

@MKX for the version 7 ECMP it uses L3 hash policy as depicted below. Can you explain these further?? I don't have any experience or knowledge of ECMP. The terms you're asking about sound similar to some terms from (L2) bonding (which I believe I understand well enough), but I've no idea whether th...
by mkx
Sat Jan 25, 2025 7:18 pm
Forum: Wireless Networking
Topic: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)
Replies: 13
Views: 2550

Re: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)

How about using a pair of PLC devices? MT doesn't have any contemporary offering, but there are other vendors offering it.

If there happens to be a (neglected) coaxial cable available, you could use a pair of MoCA devices (usually works way better than PLC ... again no MT offering).
by mkx
Sat Jan 25, 2025 7:07 pm
Forum: Wireless Networking
Topic: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)
Replies: 13
Views: 2550

Re: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)

And if you, despite advice by @sid5632, decide to beam data up ... you might have more success by using reflection from neighbouring building than through two concrete floors/ceilings ... if neighbouring building has large vertical surface facing towards "your" building and is not too far ...
by mkx
Sat Jan 25, 2025 6:50 pm
Forum: General
Topic: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]
Replies: 13
Views: 1236

Re: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]

Wanted to transition to (dual-stack) default IPv6 everywhere to check if there are any bugs in the long run. Perhaps it will give you a bit of incentive in this direction: I've been using IPv6 at home for almost 10 years and I've had no problems with it, all devices I use work with IPv6 just fine. ...
by mkx
Sat Jan 25, 2025 4:17 pm
Forum: General
Topic: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]
Replies: 13
Views: 1236

Re: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]

OK, so it's not possible to block RAs towards individual devices. But it is possible to block all IPv6 frames from individual devices using switch ACL. Drawback is that device in question will see RAs, it will configure self with GUA (based on SLAAC) but won't be able to use it. Which can cause a sl...
by mkx
Sat Jan 25, 2025 4:08 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 1637

Re: speed problem with Mikrotik Hex model RB750Gr3

with Fasttrack you can get Full Speed with the 750GR3
and with 7.18beta this is also working with IPv6

In some use cases fasttrack can't be used. E.g. in case by @OP.
by mkx
Sat Jan 25, 2025 2:48 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 1637

Re: speed problem with Mikrotik Hex model RB750Gr3

I was just looking at the hap lite tc test specifications. Its speed is very close to hex. It's really stupid. Hex has a 2-core, 2-thread processor, but hap lite has a single core with a low frequency! They are different architectures and hAP lite just might be using CPU which does more per core sn...
by mkx
Sat Jan 25, 2025 2:46 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 1637

Re: speed problem with Mikrotik Hex model RB750Gr3

No, not when device is running ROS. You'll simply have to accept that ROS is not the most performing OS on many of supported devices.
by mkx
Sat Jan 25, 2025 2:22 pm
Forum: Wireless Networking
Topic: Bonding 2.4G and 5G Wifi together for backhaul creation
Replies: 3
Views: 552

Re: Bonding 2.4G and 5G Wifi together for backhaul creation

Not sure why would EoIP be required? WiFi interfaces are L2 interfaces already, couldn't they be directly used as bond members? The only gothcha I can think of is link-monitoring setting, in this case it would probably have to be "arp" instead of "mii". Since such bonding will be...
by mkx
Sat Jan 25, 2025 2:13 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 1812

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

Your previous switch was 1Gbps (if I understand your opening post right) and your CRS304 is 10Gbps. Which is a huge difference when it comes to UTP cable. Even though you're using a cat7 cable (indicated on your chart), it might be of low quality, it might be improperly terminated, it might be (slig...
by mkx
Sat Jan 25, 2025 2:04 pm
Forum: Beginner Basics
Topic: Extending my CAPsMAN network wirelessly
Replies: 2
Views: 438

Re: Extending my CAPsMAN network wirelessly

You want to have a dual-band device as AP with wireless backhaul. Having both stations and backhaul on same radio creates major performance bottleneck (each frame gets transmitted over same radio twice, together with all the wireless overhead which increases with multiple devices trying to use airti...
by mkx
Sat Jan 25, 2025 12:56 pm
Forum: General
Topic: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]
Replies: 13
Views: 1236

Re: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]

Which particular model of router are you using? Not all models can do switch rules (even if the config subtree exists).
by mkx
Sat Jan 25, 2025 12:30 pm
Forum: RouterBOARD hardware
Topic: CRS310-8G-2S-N All ports dead
Replies: 9
Views: 1634

Re: CRS310-8G-2S-N All ports dead

There are many possible reasons for device to misbehave. Unfortunately one of them is (invisible) configuration corruption which is also saved in binary backup. If such backup is restored on (newly installed) device, corrupt setup is back in place and waiting to screw things. So if the problem will ...
by mkx
Sat Jan 25, 2025 12:08 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 1637

Re: speed problem with Mikrotik Hex model RB750Gr3

CPU in hEX Gr3 is not exactly speed monster. It's got 2 CPU cores (with 4 threads altogether but I don't know how ROS utilizes that). And the gotcha: all packets of same connection are handled by same CPU core/thread (processing may move between cores, but there's no parallel processing). And window...
by mkx
Fri Jan 24, 2025 9:42 pm
Forum: General
Topic: Unable to Downgrade RouterOS from 7.18beta2 to 7.16.2 on hAP ax3 ARM 64 [SOLVED]
Replies: 10
Views: 1062

Re: Unable to Downgrade RouterOS from 7.18beta2 to 7.16.2 on hAP ax3 ARM 64 [SOLVED]

It could be the new 'security' feature introduced in 7.17 - /system device-mode has been changed. By default install-any-version is set to no which prevents installation of anything with a lesser version than listed in allowed-versions ... Right, but default setting for allowed-versions is 7.13+ .....
by mkx
Fri Jan 24, 2025 9:26 pm
Forum: Wireless Networking
Topic: CAPSMAN access lists [SOLVED]
Replies: 3
Views: 738

Re: CAPSMAN access lists [SOLVED]

I didn't try ... but how about /interface/wifi/access-list on CAPsMAN device?
by mkx
Fri Jan 24, 2025 9:19 pm
Forum: General
Topic: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]
Replies: 13
Views: 1236

Re: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]

You can't block advertisments to some clients at the source, being multicast they are sent to all devices within a layer2 network Just to double-check, is it possible to block on L2 level via /interface ethernet switch rule, or multicast cannot be blocked per client (per MAC) even there? It might b...
by mkx
Fri Jan 24, 2025 9:13 pm
Forum: General
Topic: Unable to Downgrade RouterOS from 7.18beta2 to 7.16.2 on hAP ax3 ARM 64 [SOLVED]
Replies: 10
Views: 1062

Re: Unable to Downgrade RouterOS from 7.18beta2 to 7.16.2 on hAP ax3 ARM 64 [SOLVED]

For minimum ROS version you have to check this: /system/resource/print Sometimes it can be different than routerboot (I have a wAP ax with factory-firmware: 7.15.2 and factory-software: 7.15.1 ). Anyway, proper way for downgrading is to get list of installed packages (disabled as well) upload all co...
by mkx
Fri Jan 24, 2025 3:58 pm
Forum: General
Topic: Influence of clientid in defintion of IPv4 DHCP leases
Replies: 1
Views: 393

Re: Influence of clientid in defintion of IPv4 DHCP leases

So what's the Influence of clientid in the defintion of DHCP leases? In principle modern DHCP servers (I can't say anything about tens of years old DHCP servers) assign leases according to client ID value ... which is provided by clients. Vast majority of clients indicate that CLient ID is MAC addr...
by mkx
Fri Jan 24, 2025 3:43 pm
Forum: General
Topic: VLAN config RB760iGS??
Replies: 4
Views: 522

Re: VLAN config RB760iGS??

The problem is that on ports with 1003 vlan I cant get any traffic... accept if I add vlan as an interface to the bridge... then some how the traffic starts.. Config should allow switching between ports ether2, ether3 and ether4 without problems. The problem is probably communication to device(s) c...
by mkx
Fri Jan 24, 2025 2:53 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 58
Views: 12048

Re: Newsletter #121 | October 2024

It’s a shame they saved a few cents on this motherboard architecture. Quite often, even in cheap devices, the WAN port is connected directly to the SoC, but that’s not the case here. :( It's a feature: this way any of ports can be assigned any role and it's then done equally well. Which adds to ver...
by mkx
Fri Jan 24, 2025 12:01 pm
Forum: Wireless Networking
Topic: New PPSK functionality
Replies: 69
Views: 8515

Re: New PPSK functionality

The only issue I observe is the band steering from 2 to 5 and back that does not work very well and I would have liked to see some parameters I could tune myself. My experience goes that band steering works very well for some (mostly that's newer) stations and doesn't work for some (in particular H...
by mkx
Fri Jan 24, 2025 11:56 am
Forum: Wireless Networking
Topic: CAPsMAN layout
Replies: 2
Views: 510

Re: CAPsMAN layout

My question is where to run CAPsMAN to obtain the best performance. As @holvoetn already explained (using different words): CAPsMAN does very little[*] so it doesn't matter much which device runs it. I agree that some central router (or edge router in installations without central routers) would be...
by mkx
Fri Jan 24, 2025 11:38 am
Forum: General
Topic: Default values [SOLVED]
Replies: 15
Views: 1466

Re: Default values [SOLVED]

You can reset it to default by running same set command with different value. Finding out the default value for certain settings can be tricky though. One of them is e.g. L2MTU which can vary wildly depending on hardware type (and even device model, there are cases where different device models use ...
by mkx
Fri Jan 24, 2025 11:36 am
Forum: General
Topic: Router sends DHCPDISCOVER when it shouldn't.
Replies: 2
Views: 450

Re: Router sends DHCPDISCOVER when it shouldn't.

There's service "detect internet" which in theory helps to set router correctly for people who don't fiddle with manual settings (too much), but has potential to screw things up ... One of mechanizms is using DHCP client procedures even on interfaces where DHCP client is not configured. So...
by mkx
Fri Jan 24, 2025 11:09 am
Forum: General
Topic: VLAN config RB760iGS??
Replies: 4
Views: 522

Re: VLAN config RB760iGS??

It looks almost right (apart from the fact that ports ether1, ether5, sfp1 and bridge (the CPU-facing bridge port) accept untagged frames with PVID=1).

So what exactly are those "strange errors"?
by mkx
Fri Jan 24, 2025 9:23 am
Forum: Beginner Basics
Topic: Boundary Clocks on CRS317
Replies: 9
Views: 880

Re: Boundary Clocks on CRS317

I expect enabled CRS317 coming onlline may become grandmaster if none is present or current grandmaster loses an election. I'd expect that as well ... but I certainly hope that PtP implementation does check if device (which is about to become boundary clock) has a reliable and stable clock source. ...
by mkx
Thu Jan 23, 2025 8:25 pm
Forum: Wireless Networking
Topic: Powering of CubeSA 60Pro ac
Replies: 4
Views: 597

Re: Powering of CubeSA 60Pro ac

CubeSA 60Pro ac brochure says that PoE in can go up to 57V. Both btochure and product page mention 802.3 af/at which mandates input voltage range up to 57V. So the product page is likely incorrect.
by mkx
Thu Jan 23, 2025 8:14 pm
Forum: General
Topic: Extender gper
Replies: 12
Views: 1091

Re: Extender gper

If it bothers you that GPeR acts as PoE pass-through ... then follow advice by @sindy about PoE pass-through jumpers on GPeR device. SWITCH is CATALYST 9200L POE, and if i attach poe device on port out of GPER it ok, but if attach LAN PC gper it off. So I'll ask one last time: did you disable PoE p...
by mkx
Thu Jan 23, 2025 4:10 pm
Forum: Beginner Basics
Topic: Boundary Clocks on CRS317
Replies: 9
Views: 880

Re: Boundary Clocks on CRS317

Boundary clocks will have holdover capabilities to handle temporary loss of GM connection. So they can master time. So the question is: can boundary clock (cold) boot without seeing GM clock? IMO by definition it can't, but some implementations might allow it. Just like NTP server can't start servi...
by mkx
Thu Jan 23, 2025 2:40 pm
Forum: General
Topic: Extender gper
Replies: 12
Views: 1091

Re: Extender gper

You do have PoE switch (on the left of your diagram), which acts as PoE PSE. And you have PoE device (GPeR), which acts as PoE PD. So PoE negotiation (this way or another) will happen on the left segment of your "network". If it bothers you that GPeR acts as PoE pass-through ... then follo...
by mkx
Thu Jan 23, 2025 2:32 pm
Forum: General
Topic: Any hope for OAM CFM / 802.1ag support?
Replies: 2
Views: 439

Re: Any hope for OAM CFM / 802.1ag support?

I'm doubting that RouterOS 7.x has yet hit kernel version 6.x... but if and when it does, could this be looked at? Experience with move from ROS v6 to v7 shows that ROS v7 series will keep same kernel as it is in use now (5.6.3) until the end of series (just like v6 is still at kernel 3.3.5). So yo...
by mkx
Thu Jan 23, 2025 11:23 am
Forum: General
Topic: Extender gper
Replies: 12
Views: 1091

Re: Extender gper

GPeR has to be powered over PoE. But it's pretty flexible as what kind of PoE. It takes 802.3 af/at powering, it also takes passive PoE with voltage range between 24V and 57V. The gotcha with powering over long lines is that PoE load detection might not work reliably due to added UTP cable resistanc...
by mkx
Thu Jan 23, 2025 9:02 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

I guess that L2MTU setting affect number of frame buffers available. E.g.: if switch chip has 1MB of memory, if L2MTU is set to 1516 bytes, then this means space for 691 frames buffered. Setting L2MTU to 2000 bytes reduces number of buffered frames to maximum of 524. Not only that, it will halve th...
by mkx
Thu Jan 23, 2025 8:23 am
Forum: Beginner Basics
Topic: Boundary Clocks on CRS317
Replies: 9
Views: 880

Re: Boundary Clocks on CRS317

Boundary clocks are by definition only relays (smart because they include/add information about delay induced by device but nothing more) ... If there isn't an external GM device in your network, then you want your device to become GM. Then the only remaining question is what kind of timing source i...
by mkx
Thu Jan 23, 2025 8:12 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

Please stop setting MTU underlay as "just enough"! I guess that L2MTU setting affect number of frame buffers available. E.g.: if switch chip has 1MB of memory, if L2MTU is set to 1516 bytes, then this means space for 691 frames buffered. Setting L2MTU to 2000 bytes reduces number of buffe...
by mkx
Wed Jan 22, 2025 9:49 pm
Forum: Wireless Networking
Topic: Difference "Bridge Port" view using WiFi CapsMan and Wireless CapsMan
Replies: 2
Views: 851

Re: Difference "Bridge Port" view using WiFi CapsMan and Wireless CapsMan

When using old CAPsMAN, do/did you use capsman forwarding in datapath? It doesn't exist in new (wifi) CAPsMAN ...
by mkx
Wed Jan 22, 2025 9:20 pm
Forum: Beginner Basics
Topic: Optimizing Server Placement: MikroTik Router vs. Switch
Replies: 12
Views: 934

Re: Optimizing Server Placement: MikroTik Router vs. Switch

Not exactly an echo, rather explanation.
by mkx
Wed Jan 22, 2025 6:41 pm
Forum: General
Topic: CCR2004-16G-2S+ shows wrong cpu mhz
Replies: 9
Views: 1866

Re: CCR2004-16G-2S+ shows wrong cpu mhz

You can't set CPU frequency like this?
/system/routerboard/settings/set cpu-frequency=auto

(or press <TAB> before entering auto to see possible values)
by mkx
Wed Jan 22, 2025 6:30 pm
Forum: Beginner Basics
Topic: Optimizing Server Placement: MikroTik Router vs. Switch
Replies: 12
Views: 934

Re: Optimizing Server Placement: MikroTik Router vs. Switch

Generally speaking switches have switching capacity larger than any individual port (including swirch-router or switch-switch interconnect). Which means that connecting server to switch, which also directly connects "main" clients (or large subset of clients) of server, generally offers be...
by mkx
Wed Jan 22, 2025 6:23 pm
Forum: Beginner Basics
Topic: VLAN on a single port
Replies: 9
Views: 1129

Re: VLAN on a single port

The RB2011 is a "special" device that has two switch chips: https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features Atheros8327 (ether1-ether5+sfp1); Atheros8227 (ether6-ether10) The "modern" way to do what you want to accomplish (good on *any* Mikrotik har...
by mkx
Wed Jan 22, 2025 3:58 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 437
Views: 70893

Re: v7.18beta [testing] is released!

> *) net - added initial support for automatic multicast tunneling (AMT) interface; Is this the solution to route mDNS over WireGuard without using an EOIP tunnel? AMT is a tunnel by itself ... not encrypted, only encapsulated into unicast UDP packets. My employer is using it to receive certain mul...
by mkx
Wed Jan 22, 2025 7:45 am
Forum: Beginner Basics
Topic: Hardware Switching on CCR2004-16G-2S+
Replies: 6
Views: 928

Re: Hardware Switching on CCR2004-16G-2S+

There's a general standard caveat in documentation saying only one ROS bridge can do hardware offloading, and default best-practice is "only one bridge total unless you know you need more". I actually kinda wonder if that's an accurate description of ROS software limitation, or is it a bi...
by mkx
Tue Jan 21, 2025 11:15 pm
Forum: General
Topic: Problem Scenario Regarding NAT in Mikrotik Router
Replies: 2
Views: 430

Re: Problem Scenario Regarding NAT in Mikrotik Router

NAT is connection tracking thing and as long as connection is active, NAT will do its job. And will do the inverse for return packets if they get delivered to router. There are two possibilities for SRC NAT: action=src-nat and action=masquerade. There are two important differences between both possi...
by mkx
Tue Jan 21, 2025 11:55 am
Forum: Wireless Networking
Topic: Help with Dual Band Steering and Roaming using Qcom Package (WiFi Wave 2)
Replies: 8
Views: 788

Re: Help with Dual Band Steering and Roaming using Qcom Package (WiFi Wave 2)

Haven't seen it yet, you should be using CAPsMAN to get this to work seamlessly.

Indeed to get roaming between different APs one needs CAPsMAN up and running. But to get roaming between radios of same AP one doesn't need CAPsMAN, relatively default config should suffice.
by mkx
Tue Jan 21, 2025 11:49 am
Forum: Wireless Networking
Topic: Help with Dual Band Steering and Roaming using Qcom Package (WiFi Wave 2)
Replies: 8
Views: 788

Re: Help with Dual Band Steering and Roaming using Qcom Package (WiFi Wave 2)

It's not OK to force devices to roam to certain APs. The problem is that whatever is configured (including the whole 802.11 r/k/v), it's still device which decides to move to another AP. The only difference between simply using same SSID and using the whole mobility suite is that in later case devic...
by mkx
Tue Jan 21, 2025 11:33 am
Forum: Beginner Basics
Topic: Can't log into switch from a Macintosh.
Replies: 8
Views: 653

Re: Can't log into switch from a Macintosh.

I remember a couple of reports of people that needed to reset the unit before being able to access it, you can try that, you have nothing to lose. Or it may be the opposite. I've received my brand new wAP ax and initially the password from the sticker worked, I've used it to log in using winbox 3.x...
by mkx
Tue Jan 21, 2025 11:28 am
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 5351

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

Well, I got it working. For some reason, setting the prefix hint to 0 fixed it. Nice to read that you have it now working ... I'm very curiouse as to the prefix size they actually gave you because a prefix hint to 0 in the IPv6 prefix field indicates that the requesting router has no preference for...
by mkx
Tue Jan 21, 2025 9:14 am
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 6
Views: 1210

Re: RTFC11: how to power with PoE 802.11at/af?

Yup. Product page says



(emphasis is mine)
In addition to emphasis, can you also translate from Mikrotikish?

What (the heck) is a cross cable?
I've no idea ... perhaps @OP should ask MT support directly (and post their answer here, it should be interesting).
by mkx
Tue Jan 21, 2025 9:08 am
Forum: Wireless Networking
Topic: Is/Would be there support for client roaming (802.11k,802.11r,802.11v,802.11w) ...
Replies: 4
Views: 939

Re: Is/Would be there support for client roaming (802.11k,802.11r,802.11v,802.11w) ...

And on certain models of AC devices ... those which can run wifi-qcom-ac driver. As to how it works: mobility works between radios, controlled by same entity. Basic setup is single dual-radio device which controls both/all radios and mobility works between those radios. Advanced setup is network of ...
by mkx
Tue Jan 21, 2025 8:55 am
Forum: General
Topic: Understanding config /interface ethernet on Atheros8327 RBD52G HapAC2
Replies: 2
Views: 429

Re: Understanding config /interface ethernet on Atheros8327 RBD52G HapAC2

Question on the Atheros 8237 switch chip that is in my hap2ac (rdb52G). The documentation at this page https://help.mikrotik.com/docs/spaces/ROS/pages/15302988/Switch+Chip+Features#SwitchChipFeatures-Introduction indicates that you can change the advertised speed of an interface to multip different...
by mkx
Tue Jan 21, 2025 8:29 am
Forum: General
Topic: CPU Problem with CRS112-8P-4S after Update to 7.17
Replies: 3
Views: 868

Re: CPU Problem with CRS112-8P-4S after Update to 7.17

You have vlan-filtering=yes on bridge and CRS1xx can't offload such bridge to underlying switch chip. So all traffic passes CPU. This was the case since forever, nothing changed with 7.17 ... so you can consider yourself lucky that it didn't bite you earlier. You have to configure VLAN stuff on swit...
by mkx
Mon Jan 20, 2025 6:14 pm
Forum: RouterBOARD hardware
Topic: RTFC11: how to power with PoE 802.11at/af?
Replies: 6
Views: 1210

Re: RTFC11: how to power with PoE 802.11at/af?

In theory a 802.3af/at compliant PD should accept both Mode A and mode B (it is the PSE that decides on which pins to apply power). Your Cisco most probably uses mode A (1,2+/3,6-). It is possible that either the thingy is not fully 802.3af/at compatible or that (for whatever reasons) it is defecti...
by mkx
Mon Jan 20, 2025 6:09 pm
Forum: RouterBOARD hardware
Topic: hEX refresh (E50UG) - router for gigabit internet?
Replies: 34
Views: 8386

Re: hEX refresh (E50UG) - router for gigabit internet?

Is hAP AC2 free of the "ether1 as uplink" problem?

I stand by @holvoetn and his answer.

And a spoiler: hAP ac2 doesn't suffer from same problem, all of its wired ports are equal, all are controlled by (same) switch chip.
by mkx
Mon Jan 20, 2025 2:59 pm
Forum: General
Topic: USB port doesnt work on hAP ac lite
Replies: 6
Views: 1001

Re: USB port doesnt work on hAP ac lite

You can verify that USB port works and that USB device attached does present to RouterOS kernel by running command /system/resource/usb/print It should shown your attached device along with a few devices with name xHCI Host Controller . Yet another thing is to get USB device working ... and with ROS...
by mkx
Sun Jan 19, 2025 2:23 pm
Forum: General
Topic: Hot take on Botnets - How do you secure your Mikrotik while setting it up?
Replies: 40
Views: 2819

Re: Hot take on Botnets - How do you secure your Mikrotik while setting it up?

@jaclaz: even if that was possible, how would you do it for architecture you don't have at home (e.g. ampere)?
by mkx
Sun Jan 19, 2025 2:13 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17 [stable] is released!

running 2 hAP ac2 (one with the 256MB and one with the 128MB flash storage) this model is supposed to have 16MB of flash, how did you get 128 or 256MB? I guess poster is confusing flash and RAM (early units came with 256MB RAM, the rest came with 128MB RAM as it was always advertised). All units AF...
by mkx
Sun Jan 19, 2025 10:38 am
Forum: Beginner Basics
Topic: Setting up DHCP for beginners
Replies: 5
Views: 1022

Re: Setting up DHCP for beginners

New pool won't be created automatically. So if you expect to have more than around 200 devices in your network, then you have to make subnet larger than /24 ... /23 allows for 510 addresses, /22 adds another 512, etc. Increasing subnet requires some dilligence (selecting the right DHCP address range...
by mkx
Sat Jan 18, 2025 11:35 pm
Forum: General
Topic: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]
Replies: 4
Views: 990

Re: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]

Ah, when looking at /interface/wifi/cap I wasn't looking good enough ... and didn't see the slaves-static setting. Thank you for pointing it out.
by mkx
Sat Jan 18, 2025 11:16 pm
Forum: General
Topic: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]
Replies: 4
Views: 990

Re: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]

  • 1×RB5009 as main router and CAPsMAN + 3×hAP ac² as APs and bridges,

So how do you handle slave wifi interfaces in this scenario?
by mkx
Sat Jan 18, 2025 11:05 pm
Forum: General
Topic: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2
Replies: 19
Views: 2371

Re: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2

I believe your guess-work is far more educated than mine. I've no idea about how ROS works around such cases.
by mkx
Sat Jan 18, 2025 10:59 pm
Forum: General
Topic: Unable to upgrade
Replies: 2
Views: 583

Re: Unable to upgrade

After upgrade-induced reboot, log usually has something about upgrade process outcome ... if it fails, log tells the reason (insufficient storage space is one of reasons, various problems with optional packages are showstoppers ad well).
by mkx
Sat Jan 18, 2025 10:53 pm
Forum: General
Topic: wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]
Replies: 4
Views: 990

wifi CAPsMAN, wifi-qcom-ac CAPs and slave interfaces in VLAN environnent [SOLVED]

So I've got this scenario: my LAN is fully VLAN tagged, all MT gear is running 7.16.2 except wAP ax which is running 7.17 I have hAP ac2 configured as main router and lately CAPsMAN. It doesn't have wifi-qcom-ac drivers installed, so it's wired-only I have wAP ax which runs wifi-qcom and can, thus, ...
by mkx
Sat Jan 18, 2025 10:35 pm
Forum: General
Topic: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2
Replies: 19
Views: 2371

Re: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2

@mkx, let me disagree - it is actually not the same ...

I agree it's not the same, I used word "similar" ...
by mkx
Sat Jan 18, 2025 10:11 pm
Forum: General
Topic: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2
Replies: 19
Views: 2371

Re: Two bridges, two devices sharing the same MAC but one on bridge1 and another on bridge2

It's similar problem to having two devices with same IPv4 address (albeit with different MAC addresses) ... it's possible to have it but involves NAT and multiple routing tables. Since NAT in IPv6 is a different beast, I'm not sure if (and how) your problem can be solved.
by mkx
Sat Jan 18, 2025 10:02 pm
Forum: General
Topic: Routing Traffic Based on CNAME Addresses in MikroTik RouterOS [solved]
Replies: 1
Views: 523

Re: Routing Traffic Based on CNAME Addresses in MikroTik RouterOS [solved]

Just to be precise:

edit: I figured it out, I'm routing my traffic through nginx proxy manager that handles the domain based routing

nginx doesn't "domain route" traffic, it (reverse) proxies it. Which is L7 operation - contrasted to routing which is L3 operation.
by mkx
Fri Jan 17, 2025 5:43 pm
Forum: General
Topic: Ether1 (NetInstall) port - danger for WAN?
Replies: 14
Views: 975

Re: Ether1 (NetInstall) port - danger for WAN?

It can only be an issue when: IMO none of ifs help with OP's considerations ... because they're out of device admin's hands. But there's an up side: netinstall is not triggered without doing a few things and all involve physical access to device at some point: button press while cold booting device...
by mkx
Fri Jan 17, 2025 2:54 pm
Forum: Beginner Basics
Topic: CAP bend set to B/G and not B/G/N [SOLVED]
Replies: 8
Views: 1228

Re: CAP bend set to B/G and not B/G/N [SOLVED]

The problem with using capsman is that checking config locally doesn't actually have to reflect running values. One thing that CAPsMAN definitely doesn't do is overwrite configuration stored on CAP devices. So running export doesn't show any of CAPsMAN-provisioned settings. Running "monitor&quo...
by mkx
Fri Jan 17, 2025 2:44 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 521
Views: 98223

Re: v7.17 [stable] is released!

But the only reason I have that is because I can't remember which South American country is better :D Was it Panama? Brazil is better than ETSI most of times: 30dBm vs 20dBm on 2.4GHz, 30dBm vs. 14dBm on 5735-5875 MHz ... but not always: ETSI has 30dBm vs. 24dBm on 5490-5730 MHz. According to reg-i...
by mkx
Mon Jan 13, 2025 9:26 am
Forum: General
Topic: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"
Replies: 22
Views: 4673

Re: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"

Have you been handed over a 7.18 nightly build amongst whose feature the aim was to fix this issue you also faced? No, @timemaster seems to have received it this time. And I know it happened before (although rarely). So you have nothing to worry, there are no 'exceptional' forum members which recei...
by mkx
Mon Jan 13, 2025 9:21 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 144710

Re: v7.17rc [testing] is released!

Can we get v7.17 out the door and move to v7.18 beta so we can see what's new..... this version dragging now. I do appreciate stability and rigorous testing but I also want movement and new features as there are stuff I'm waiting for which may or may not be in next version. A counter proposal: can ...
by mkx
Mon Jan 13, 2025 9:18 am
Forum: General
Topic: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"
Replies: 22
Views: 4673

Re: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"

Where do you got your source then that 7.18 would feature a fix for this issue?
See my second paragraph (add while you were posting your latest post).
by mkx
Mon Jan 13, 2025 9:15 am
Forum: General
Topic: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"
Replies: 22
Views: 4673

Re: fetch error since 7.13: "failure: ERROR parsing http: there was no content-length or transfer-encoding"

Would you happen to have a link to the changelog to expectat in 7.18? Nightly builds are alpha/developers' versions and nothing is guaranteed to enter to beta of same version. So there's never any changelog for nightly builds. We've seen stuff removed from beta versions (rarely, but it did happen) ...
by mkx
Mon Jan 13, 2025 9:12 am
Forum: General
Topic: Mikrotik and APs VLAN
Replies: 26
Views: 3213

Re: Mikrotik and APs VLAN

UniFi: vlan 1, 400, 401 (tagged) Mikrotik port 4: tagged with vlan 1,400,401. vlan 400 and vlan 401 works fine (seperated dhcp servers on Mikrotik interfaces) But vlan 1 does not work - i I bind the ip address on Mikrotik to vlan 1 interface, the connection to the Unifi will be lost. Unifi expects ...
by mkx
Mon Jan 13, 2025 9:08 am
Forum: Virtualization
Topic: Dell R610 and x86 RouterOS
Replies: 6
Views: 1495

Re: Dell R610 and x86 RouterOS

Everything works except VLANs.
Without posting your config nobody will be able to help you. So either post it or, if you know better, go ask help somewhere else (yes, it sounds rude, but that's how it is).
by mkx
Sun Jan 12, 2025 8:23 pm
Forum: RouterBOARD hardware
Topic: New/better router with old config
Replies: 2
Views: 1080

Re: New/better router with old config

At least wireless config can't be applied in any of two mentiobed ways. hAP ax3 runs wifi-qcom driver while your old hAP lite runs wireless driver ... and configuration of both is completely different.
by mkx
Sun Jan 12, 2025 5:19 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1515

Re: Is there a simple way to hang a virtual "Out of order" sign?

All employees have a cell phone......

How about using good ole public announcement system incude office building to announce internet outages? Those announcements will automatically reach only people physically present inside offices without them being stalked.
by mkx
Sun Jan 12, 2025 5:12 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 1515

Re: Is there a simple way to hang a virtual "Out of order" sign?

Simple captive portals (almost) never work for intercepting anything encrypted. They work nicely when "a friendly" device first obrains connectivity and starts to check if it can access (certain servers on) internet. Captive portals appropriately block connectivity and direct client to ope...
by mkx
Sun Jan 12, 2025 4:53 pm
Forum: General
Topic: Mikrotik DDNS not working
Replies: 5
Views: 932

Re: Mikrotik DDNS not working

Are you, otherwise, able to access internet sites from router?

And another consideration: right now this forum feels sluggish to me (with 500 errors as well) which likely means that MT servers are under some kind of DDoS attack. And that likely includes DDNS servers as well.
by mkx
Sun Jan 12, 2025 3:42 pm
Forum: General
Topic: Brocade ICX 6450-24P w/ Mikrotik 5009: InterVLAN routing
Replies: 1
Views: 773

Re: Brocade ICX 6450-24P w/ Mikrotik 5009: InterVLAN routing

Your Brocade config indicates that Brocade will do the routing between VLANs. Are you sure about it? If yes, then you'll have to configure DHCP relay on Brocade. If not, then Brocade needs "router interface" only on management VLAN.
by mkx
Sun Jan 12, 2025 10:57 am
Forum: Beginner Basics
Topic: SSH out via dst-nat [SOLVED]
Replies: 3
Views: 2184

Re: SSH out via dst-nat [SOLVED]

I expected NAT rule with action dst-nat not to catch any connection from my local network unless it is changed to src-nat. So I guess connections outside goes thru both src-nat and then dst-nat? SRC-NAT and DST-NAT are very distinct operations, they happen at very different times (dst-nat is pretty...
by mkx
Sat Jan 11, 2025 7:30 pm
Forum: Beginner Basics
Topic: Auto Redirect IP with Port [SOLVED]
Replies: 6
Views: 1480

Re: Auto Redirect IP with Port [SOLVED]

a dstnat port remapping seems like a possible solution, it should be something *like*: Very likely full hair-pin NAT is required as well if the non-standard port is to mapped to standard one for LAN access as well. And hair-pin NAT comes with a bag of annoyances (e.g. "why don't I see real cli...
by mkx
Sat Jan 11, 2025 4:05 pm
Forum: Beginner Basics
Topic: Auto Redirect IP with Port [SOLVED]
Replies: 6
Views: 1480

Re: Auto Redirect IP with Port [SOLVED]

Not really (@OP is asking how to instruct browser to connect to non-standard port). Whenever client app needs to access server app, it has to know which port to use. In your case client app is browser and they assume standard port for http (80) and lately they assume https (443). Browsers are perfec...
by mkx
Sat Jan 11, 2025 1:25 pm
Forum: General
Topic: Throughput issues with PPPoE over 10Gbit XGS-PON
Replies: 11
Views: 4184

Re: Throughput issues with PPPoE over 10Gbit XGS-PON

It's strange some ISPs hold on to 20 year old concepts. I guess it suits them well for a few purposes ... one of them is user management (less fuss to e.g. assign static IP address and IPv6 prefix). And obviously they don't bother about (under)performance of 3rd party routers, they just care about ...
by mkx
Sat Jan 11, 2025 12:03 pm
Forum: Wireless Networking
Topic: Problems connecting to Wifi as a client - hAP AX lite LTE6 [SOLVED]
Replies: 2
Views: 1362

Re: Problems connecting to Wifi as a client - hAP AX lite LTE6 [SOLVED]

If you want to use hAP ax as client to hotel's wireless network, then wifi interface has to be running in mode=station. Also channel settings have to be on default (auto) settings. And then there are higher-level settings which are wrong/missing, e.g. DHCP client tunning on wifi1 interface (now it's...
by mkx
Sat Jan 11, 2025 12:18 am
Forum: Beginner Basics
Topic: Mgmt vlan not available (Crs 328 24p 4s)
Replies: 20
Views: 2208

Re: Mgmt vlan not available (Crs 328 24p 4s)

You have to set pvid=99 on ether8 ... currently these are not correctly related: /interface bridge port add bridge=Bridge interface=ether8 /interface bridge vlan add bridge=Bridge comment=MGMT tagged=ether23,Bridge,ether1 untagged=ether8 \ vlan-ids=99 Default pvid setting (and thus not shown in expo...
by mkx
Fri Jan 10, 2025 6:38 pm
Forum: RouterBOARD hardware
Topic: HEX S sometimes fails to start properly [SOLVED]
Replies: 13
Views: 4364

Re: HEX S sometimes fails to start properly [SOLVED]

the adapter is OK (24V). Idle or under load? Marginal power adapter might output close to 24V when idle but drop voltage under load. And failing capacitors also mean very uneven output voltage which isn't shown by normal voltmeters, oscilloscope does OTOH. The uneven supply voltage can disrupt devi...
by mkx
Fri Jan 10, 2025 3:47 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 5351

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

I'm using 6to4, but I'm assuming there's probably a way to switch it to 6to6 as I can get a single IP6 address and it's probably going to be a little better? Actually not likely. No because IPv6 (the outer layer added by tunnel) has larger headers which means lower payload per same MTU ... which ul...
by mkx
Fri Jan 10, 2025 3:41 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 5351

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

Their network team cannot see the ONT (cryptic wall box) and the IP allocation is not coming through it anymore. They cannot see very much because of this. This is wrong …. If the network team cannot see the ONT …. Another possibility (very common where optical network owner is different than ISP) ...
by mkx
Fri Jan 10, 2025 3:36 pm
Forum: General
Topic: Won't connect without DHCP...?
Replies: 6
Views: 1031

Re: Won't connect without DHCP...?

While waiting to see configuration export, just a comment: "static ARP" is calling for problems ... while it doesn't really provide any security (setting MAC address on interface is only too easy).
by mkx
Fri Jan 10, 2025 3:29 pm
Forum: General
Topic: DHCP Server - Domain [SOLVED]
Replies: 3
Views: 1400

Re: DHCP Server - Domain [SOLVED]

This setting sets DHCP Option 15 (the domain name that client should use as suffix when resolving hostnames via the Domain Name System) ... and it's entirely up to clients on how they use them. Definitely nothing to do with DHCP server or DHCP client. So normally yes, <my.domain.tld> can be "ho...
by mkx
Fri Jan 10, 2025 3:25 pm
Forum: General
Topic: Automatically updating DST NAT when IP changes
Replies: 8
Views: 1365

Re: Automatically updating DST NAT when IP changes

I suggest using/setting CNAME records in your main DNS for each DDNSed router item. This only helps with naming (e.g. when router changes, it's DDNS name changes ... and it then has to be changed in many places. If one uses CNAME records, then change has to be done only for that particular CNAME). ...
by mkx
Fri Jan 10, 2025 3:10 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 144710

Re: v7.17rc [testing] is released!

... so IGMP Snooping is now disabled again. And it's a feature that I actually need (IPTV usage). It depends. My ISP offers IPTV over tagged VLAN ... so I pass that VLAN only to required ports (connecting TV boxes). Even without IGMP snooping, only those few ports get active streams. Indeed all act...
by mkx
Fri Jan 10, 2025 9:08 am
Forum: Wireless Networking
Topic: WIFI won't turn on(R) after upgrade and downgrade [SOLVED]
Replies: 2
Views: 1546

Re: WIFI won't turn on(R) after upgrade and downgrade [SOLVED]

wireless interface shows "R" status only if there's at least one wireless client (station) connected to it. Are you saying that SSID is actually not broadcasted? This is best verified by using some kind of wireless debugging application on wireless client (there are plenty of usable apps f...
by mkx
Fri Jan 10, 2025 9:02 am
Forum: Wireless Networking
Topic: old and new Capsmann with VLAN- no conecction with the new Capsmann
Replies: 6
Views: 1886

Re: old and new Capsmann with VLAN- no conecction with the new Capsmann

New CCMP is same as old AES CCM ... CCMP256 and GCMP* are new ones (not widely supported by wireless stations though, some even barf on seeing these supported by AP).
by mkx
Fri Jan 10, 2025 8:55 am
Forum: General
Topic: Mikrotik and APs VLAN
Replies: 26
Views: 3213

Re: Mikrotik and APs VLAN

UniFi: vlan 1, 400, 401 (tagged) Mikrotik port 4: tagged with vlan 1,400,401. "Native VLANs" (whatever that means) should never be tagged on wires ... also devices on both ends of same cable have to have same config ... and in your case UniFi has "native" (whichever that is) VLA...
by mkx
Fri Jan 10, 2025 8:52 am
Forum: General
Topic: DHCP Server - Domain [SOLVED]
Replies: 3
Views: 1400

Re: DHCP Server - Domain [SOLVED]

Domain is domain name ... without leading dot. So if your host names are e.g. "host.my.domain.tld", then you should set domain property of DHCP server network entries to domain=my.domain.tld
by mkx
Fri Jan 10, 2025 8:46 am
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 2162

Re: Printer on different VLAN

Unfortunately I receive the following error message: "failure: incoming interface matching not possible in output and postrouting chains". Any ideas? Then just omit the in-interface property from NAT rule definition. You can instead use src-address property (e.g. src-address=!192.168.30.0...
by mkx
Thu Jan 09, 2025 8:15 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 39447

Re: wAP ax?

I'm waiting the day when @anav will post that he replaced tplink APs with Mikrotiks and want some advice on CAPsMAN :D :lol:

That will follow the act of Canada becoming part of US a.k.a. when the hell freezes :lol:
by mkx
Thu Jan 09, 2025 8:09 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 5351

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

Just to make sure: your WAN is connected to ether1?
by mkx
Thu Jan 09, 2025 6:10 pm
Forum: General
Topic: Automatically updating DST NAT when IP changes
Replies: 8
Views: 1365

Re: Automatically updating DST NAT when IP changes

.. why not just set the dst-nat rule to use in-interface where the in-interface = your WAN interface?

Hairpin-NAT doesn't work with in-interface, it's got to be dst-address.
by mkx
Thu Jan 09, 2025 12:19 pm
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 2162

Re: Printer on different VLAN

You need a second firewall rule that also allows the traffic from IOT / Print as in interface to the out interface home. Basically the "return traffic". It's already there, this is the one: add action=accept chain=forward comment=\ "accept established,related,untracked" connecti...
by mkx
Thu Jan 09, 2025 12:16 pm
Forum: General
Topic: DHCP server problem
Replies: 6
Views: 1145

Re: DHCP server problem

How in particular did you export and import config? Did you use backup and restore commands ... or export and import ? If the former ... then it's known (apparently not well though) that binary backups (results of backup ) are not intended to move config from one device to another one. Specially so ...
by mkx
Thu Jan 09, 2025 12:11 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 506
Views: 230227

Re: v7.16.2 [stable] is released!

- Dude server (I can confirm that after upgrading it to 7.16.2 you can upgrade routerOS devices from Dude (it does not upgrade the routerboard though and in my case I had to install extra packages manually (upgrading from 7.12.1 to 7.16.2) - but I was doing it for the first time, maybe I don't know...
by mkx
Thu Jan 09, 2025 11:24 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 144710

Re: v7.17rc [testing] is released!

You could try to change some memory settings in BIOS regarding mapping memory of PCI peripherial devices ... Another thing to try is to increase memory size on PC, the number says it needs a bit less than 4M of contiguous space (not sure if that's possible with your hardware). But the error does see...
by mkx
Thu Jan 09, 2025 11:17 am
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 3067

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

SPF connection is no-go for me, as the infrastructure is already buried in the walls.

It's always option to take down the walls :wink:

You never mentioned how the 3 devices are placed physically, so I (wrongly it seems) assumed they are in same place.
by mkx
Thu Jan 09, 2025 11:12 am
Forum: Wireless Networking
Topic: Wi-Fi unstable hAP ax3
Replies: 6
Views: 1366

Re: Wi-Fi unstable hAP ax3

Which SSID is used while you experience problems? What is signal strength, indicated by wireless station at the spot you normally use it? If you check WiFi environment (use some WiFi diagnostic AP on your phone), are there many other APs seen? You have left channel selection to automatic ... does it...
by mkx
Thu Jan 09, 2025 11:01 am
Forum: General
Topic: Routing issue
Replies: 3
Views: 1018

Re: Routing issue

You don't need any additional routing on switch (as all packets outside it's own subnet - 192.168.88.0/24 - will have to pass over router anyway). Do you have appropriate SRC-NAT rules established on router? Not that when both routes are up and running, the "normal" masquerade rule will li...
by mkx
Thu Jan 09, 2025 9:18 am
Forum: Wireless Networking
Topic: iPhone bouncing between AP's
Replies: 6
Views: 1237

Re: iPhone bouncing between AP's

Signal strength, mentioned in CAPsMAN's logs, is signal strength of station as received by CAP. Ideally it should be quite similar to what station receives from AP but can be lower due to lower device Tx power (battery-powered devices are entitled to use lower power in order to prolong battery life ...
by mkx
Thu Jan 09, 2025 8:58 am
Forum: General
Topic: My LHG - LTE18 is having a Stroke. :D
Replies: 13
Views: 1938

Re: My LHG - LTE18 is having a Stroke. :D

It's hard to trouble shoot behaviour which happens only rarely. When it happens next time, don't forget to thoroughly check the logs, there might be something in it. Another thing to do is to create supout.rif file and send it to Mikrotik support ... they might decode the device state and comment on...
by mkx
Thu Jan 09, 2025 8:50 am
Forum: General
Topic: Automatically updating DST NAT when IP changes
Replies: 8
Views: 1365

Re: Automatically updating DST NAT when IP changes

Solution will work ... but with some delay which depends on DDNS provider settings. Mikrotik's own DDNS solution, which creates <serial_number>.sn.mynetname.net DNS entries, have TTL set to 60 seconds. And option with adding DNS name as member of address lists does observe TTL. Which means that if o...
by mkx
Wed Jan 08, 2025 9:41 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 5351

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

/ipv6/settings/set accept-router-advertisements: yes expected end of command (line 1 column 20) Sorry, it should be /ipv6/settings/set accept-router-advertisements=yes If it doesn't allow you to unset prefix-length, then set it to 64. You can omit requesting address ... it's not always needed and s...
by mkx
Wed Jan 08, 2025 9:30 pm
Forum: Beginner Basics
Topic: Hotspot on Bridge VLAN
Replies: 12
Views: 2093

Re: Hotspot on Bridge VLAN

You have quite some settings on L2 entities (bridge ports, etc.), which IMO border on paranoia ... and might affect hotspot operations. You might want to create a very simplified lab setup, starting from defaults and then add settings toward your intended setup ... while checking if hotspot still wo...
by mkx
Wed Jan 08, 2025 9:16 pm
Forum: Beginner Basics
Topic: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]
Replies: 65
Views: 5351

Re: Struggling to receive IPv6 prefix delegation from ISP [SOLVED]

I don't know if that would fix the problem, but: don't create IPv6 pool manually. DHCPv6 client will create it automatically after it receives prefix. don't use prefix-length=48 (either set it to 64 or omit it altogether), it doesn't do what you probabky think it does. It's about prefix length when ...
by mkx
Wed Jan 08, 2025 7:56 pm
Forum: SwOS
Topic: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]
Replies: 17
Views: 3067

Re: VLANs, port isolation in switch OS - how does it all fit? [SOLVED]

Regarding loop between yellow and green parts: if you're careful not to pass same VLAN (tagged or as native) via multiple ports, then there won't be a loop. RSTP or plain STP would detect a loop (their BPDUs disregard VLAN IDs), MSTP would be fine. Another remark (it can be called personal preferenc...
by mkx
Wed Jan 08, 2025 7:38 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 15
Views: 3138

Re: NORMUNDS FOR PRIME MINISTER

Attempt4: Why did I volunteer to attend this event for Viktors......
I think the PM's drug-sniff dogs excluded him from the event.
... it reads "volunteer" ... which begs for question: whom did drug-sniffing dogs exclude: Normunds, Viktors, both or themselves?
by mkx
Wed Jan 08, 2025 7:25 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 15
Views: 3138

Re: NORMUNDS FOR PRIME MINISTER

I heard they were discussing Latvia buying Cloudflare...

Or is it the other way around? :lol:
by mkx
Wed Jan 08, 2025 7:15 pm
Forum: Beginner Basics
Topic: Hotspot on Bridge VLAN
Replies: 12
Views: 2093

Re: Hotspot on Bridge VLAN

this device does not have a switch chip you can use multiple bridges if you do not use STP. True. But then there will be a ton of vlan interfaces (one per VLAN and per port) plus multitude of bridges (one per vlan) ... compared to one bridge and few vlan interfaces (one per VLAN with which device h...
by mkx
Wed Jan 08, 2025 7:00 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 39447

Re: wAP ax?

wAP ax Christmas edition season 2024/2025 :D :D Decorated by me, approved by wife :lol: As Christmass season 2024/25 is almost over, is there any new decoration available? I have my wAP ax ordered and I'm wondering if I have to order some WAF enhancement kit as well? I guess it'll be a close call s...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 46