Community discussions

MikroTik App

Search found 12207 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 41
by mkx
Fri May 17, 2024 10:43 pm
Forum: General
Topic: LHGGR underperforming LTE speeds
Replies: 25
Views: 864

Re: LHGGR underperforming LTE speeds

I'm just not convinced it's a device/antenna selection issue in this case. e.g. SINR is 15db. SINR of 15dB in LTE means about 50% of max throughput ... so this is not exactly great figure. I don't think that MTU mismatch would explain shitty download and decent upload ... because this would mean a ...
by mkx
Fri May 17, 2024 7:35 pm
Forum: General
Topic: LHGGR underperforming LTE speeds
Replies: 25
Views: 864

Re: LHGGR underperforming LTE speeds

That MTU is very often lower than standard internet/ethernet 1500 MTU. i.e. tower backhauls are sometimes tunneled over internet, and also underlying SS7 network employs more tunneling. I very much doubt that reduced MTU (if it really is) is result of backbone topology. S1 interfaces (between nodeB...
by mkx
Fri May 17, 2024 7:12 pm
Forum: General
Topic: Feature Request: Ed25519-SK SSH keys
Replies: 5
Views: 264

Re: Feature Request: Ed25519-SK SSH keys

I'm not sure what would be best feature request submission ... this forum is primarily users-to-users forum, MT staff occasionally pass by. So posting it here doesn't guarantee that it'll be seen by MT. Higher probability of making it seen by at least some MT staffer would be submitting it via offic...
by mkx
Fri May 17, 2024 4:13 pm
Forum: General
Topic: Feature Request: Ed25519-SK SSH keys
Replies: 5
Views: 264

Re: Feature Request: Ed25519-SK SSH keys

You can file a feature request and you may get surprised by getting it done. Based on past experience (we were begging for anything besides RSA) it's likely to take a long while (so don't hold your breathe while waiting for it to happen).
by mkx
Fri May 17, 2024 4:10 pm
Forum: General
Topic: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks
Replies: 9
Views: 668

Re: Wireguard stops handshaking out of sudden - Change of port (only) solves it for weeks

Let's say that the wg "server" is on the datacenter with a static IP and the client is behind CGNAT. Are you completely sure that the network between both WG peers is as transparrent as you'd want it to be (i.e. the only thing playing games with packets is the CG NAT on the "client&q...
by mkx
Fri May 17, 2024 3:56 pm
Forum: General
Topic: LHGGR underperforming LTE speeds
Replies: 25
Views: 864

Re: LHGGR underperforming LTE speeds

.... not all carriers can operate with 4x4 MIMO. General rule of thumb is: sub-2GHz carriers are never 4x4, they are mostly 2x2 (if not 1x1) ... with possible exception of 1.8GHz band (B3) in Europe on modernized towers. The above-2GHz carriers may be 4x4 or not, depends on age (and legacy) of cell...
by mkx
Fri May 17, 2024 3:35 pm
Forum: General
Topic: Factory firmware upgrade
Replies: 7
Views: 488

Re: Factory firmware upgrade

Maybe I wrote wrong but I would upgrade factory firmare as attached picture. Is it possible? No, the info you marked is immutable. In practice it's used to determine earliest version of firmware that can be installed on a device (yes, it's possible to downgrade firmware). And same principle applies...
by mkx
Fri May 17, 2024 10:10 am
Forum: General
Topic: LHGGR underperforming LTE speeds
Replies: 25
Views: 864

Re: LHGGR underperforming LTE speeds

Then I'm relly unsure why would I be using Mikrotik LTE devices at all.... Neither do I. Personally, I'd follow advice by @igorr29 ... get yourself a mediocre (but modern!) LTE modem with antenna ports. Then attach a pair of Iskra P-56 antennae (the page I linked is about a bundle of two antennae w...
by mkx
Fri May 17, 2024 10:03 am
Forum: Wireless Networking
Topic: Why Androids keep disconnecting?
Replies: 5
Views: 498

Re: Why Androids keep disconnecting?

As the "recipe" says, it doesn't work any more since Android 7. And no, you can't do it in "plain" ROS as it can't do the fancy http stuff (like lighthttp does). If you ran a container with some more proper http server (lighthttp or nginx or apache or ...), then you could do the ...
by mkx
Fri May 17, 2024 9:52 am
Forum: General
Topic: LHGGR underperforming LTE speeds
Replies: 25
Views: 864

Re: LHGGR underperforming LTE speeds

LTE CAT6 should suffice getting 100mbit DL But I believe with that QoS settings you may be onto somenting. Is there a way I can manually set them? LTE CAT6 only does 2CA ... and there's always possibility that device either doesn't support frequency band MNO uses at all ... or that it doesn't suppo...
by mkx
Fri May 17, 2024 9:08 am
Forum: General
Topic: LHGGR underperforming LTE speeds
Replies: 25
Views: 864

Re: LHGGR underperforming LTE speeds

The problem with MT's offerings in LTE/5G group is that included (and supported in general) modems tend to be a generation or two old. Which means they will almost always perform worse (or even much worse) than any contemporary smart phone. Because they don't support carrier aggregation to nearly th...
by mkx
Thu May 16, 2024 10:54 pm
Forum: Beginner Basics
Topic: Increasing wireless range?
Replies: 73
Views: 6995

Re: Increasing wireless range?

Also verify that package is enabled (it can be installed but disabled).
by mkx
Thu May 16, 2024 9:25 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 136
Views: 9432

Re: [Discussion] MikroTik configuration abstraction complexity

I cannot imagine a situation where you would usefully have a port as an untagged member of multiple VLANs, which is a flexibility that this config provides. Most other manufacturers do not even allow such a configuration. I can't even imagine how such a config would work in practice. Destination IP...
by mkx
Thu May 16, 2024 11:58 am
Forum: Beginner Basics
Topic: Secondary IPv6 route weirdness with Hurricane Electric tunnel [SOLVED]
Replies: 13
Views: 3302

Re: Secondary IPv6 route weirdness [SOLVED]

I think that some recent ROS version added support for deprecation RAs ... which are sent out when IPv6 address disappears from LAN interface. It's meant to happen if delegated prefix changes which makes change in DHCPv6 pool and consequently change in LAN interface IPv6 address. May be this solves ...
by mkx
Thu May 16, 2024 11:51 am
Forum: Wireless Networking
Topic: Upload Speed Impact on Download Performance
Replies: 5
Views: 298

Re: Upload Speed Impact on Download Performance

I'm not an expert on QoS in ROS, so I don't know if there are any mechanisms which would prioritize ACKs over full-payload packets. The additional problem here is that it seems that it's DL direction where congestion affects the bi-di throughputs. And DL direction is in ISP's hands. The only thing t...
by mkx
Thu May 16, 2024 11:26 am
Forum: RouterBOARD hardware
Topic: Switch Synergistic Research UEF
Replies: 4
Views: 308

Re: Switch Synergistic Research UEF

I think that after you purchase device, it's legally yours. So you can repackage it in a different case and place any kind of stickers on it. And you can sell it further (specially so if you also provide warranty services for the sold device). When it comes to software, things are different. You're ...
by mkx
Thu May 16, 2024 10:58 am
Forum: Wireless Networking
Topic: Upload Speed Impact on Download Performance
Replies: 5
Views: 298

Re: Upload Speed Impact on Download Performance

I've noticed that whenever I initiate an upload, there is a significant drop in download speed. This seems counterintuitive, as I would expect both upload and download activities to operate efficiently in parallel. The way TCP works (and most connections nowdays are TCP) is that every packet in for...
by mkx
Thu May 16, 2024 10:45 am
Forum: Beginner Basics
Topic: Secondary IPv6 route weirdness with Hurricane Electric tunnel [SOLVED]
Replies: 13
Views: 3302

Re: Secondary IPv6 route weirdness [SOLVED]

... if it were true, how come fallback to my ISP's native IPv6 feels instant?
As I wrote I don't have any 1st hand experience. Since this is an issue which involves both router and clients, it would be necessary to do analysis on both ...
by mkx
Thu May 16, 2024 9:14 am
Forum: General
Topic: Cannot ping public wan IP from lan network [SOLVED]
Replies: 13
Views: 3813

Re: Cannot ping public wan IP from lan network [SOLVED]

... perhaps you can mark my post as the solution (instead of your own post) 8)
Why? It was @pajsije who did the job on his router :-P
by mkx
Thu May 16, 2024 9:12 am
Forum: Beginner Basics
Topic: NAT driving me nuts
Replies: 6
Views: 426

Re: NAT driving me nuts

Would a hairpin NAT be required for other subnets managed on the same router? No. hair-pin NAT is requirement because server (seeing clients on the same subnet) doesn't know it should send return traffic over router (which is necessary to un-do the dst-nat) ... which makes client see return traffic...
by mkx
Thu May 16, 2024 9:01 am
Forum: Beginner Basics
Topic: Secondary IPv6 route weirdness with Hurricane Electric tunnel [SOLVED]
Replies: 13
Views: 3302

Re: Secondary IPv6 route weirdness [SOLVED]

The problem with IPv6 (as compared to IPv4 with NAT) is that IPv6 normally doesn't do NAT. So when you have two public IPv6 prefixes, every client needs to have IPv6 addresses from different prefixes and then it's up to client to select which IPv6 address it wants to use for a particular connection....
by mkx
Thu May 16, 2024 8:54 am
Forum: Beginner Basics
Topic: Wifi speed very low on L900UiGS
Replies: 23
Views: 837

Re: Wifi speed very low on L900UiGS

What are you expecting? With old TPlink router was 60-100Mbps, i don't know how... The channel scan you posted shows, that the 2.4GHz spectrum is quite heavily used in your neighbourhood. So it to be expected that performance is not stellar. Your "old TPlink" might have used more Tx power...
by mkx
Wed May 15, 2024 11:24 am
Forum: Beginner Basics
Topic: NAT driving me nuts
Replies: 6
Views: 426

Re: NAT driving me nuts

You need hair-pin NAT when clients, residing in same IP subnet as server, want to use public IP address to connect to.
by mkx
Wed May 15, 2024 11:20 am
Forum: General
Topic: Factory firmware upgrade
Replies: 7
Views: 488

Re: Factory firmware upgrade

It's easy. Just use the built-in upgrade in Winbox. You might have to do it a few times. The first time it will upgrade to the newest 6.x and then do it again and it will go to somewhere around 7.12, and then do it again and it will go to 7.14 IIRC, hitting upgrade in v6 will only go up to latest v...
by mkx
Wed May 15, 2024 11:02 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 297
Views: 76104

Re: v7.15rc [testing] is released!

... when a user process (like the DNS resolver, the proxy, etc) allocates memory, it normally does so by requesting a block of memory from the kernel, giving out small pieces of that to the program requiring them (e.g. a cache, some buffers, some other data structure), and when the program decides ...
by mkx
Wed May 15, 2024 9:23 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 297
Views: 76104

Re: v7.15rc [testing] is released!

Yes, but what do you want to happen? Should the router not add more entries to the list when that would consume all memory ... Yes, that's exactly what I'd expect. At the same time I'd expect to start flooding log with error message about inability to add new entries due to low memory state. Having...
by mkx
Tue May 14, 2024 11:03 am
Forum: General
Topic: ISP network communication x Internal network with Mikrotik
Replies: 1
Views: 233

Re: ISP network communication x Internal network with Mikrotik

If your router's config is more or less default (and you're using one of SOHO-line routers, not the pro-line, which mostly includes CCR routers), then firewall filter config prevents any communication started from WAN side towards LAN (so started from 192.168.15.0/24 in your case). If the firewall c...
by mkx
Mon May 13, 2024 11:15 pm
Forum: RouterBOARD hardware
Topic: I cant solve bufferbloat issue with my hap ac2 router.
Replies: 12
Views: 1808

Re: I cant solve bufferbloat issue with my hap ac2 router.

So I did some "measurements" of bufferbloat. I did it using waveform web test. It was 3 quite distinct setups with very distinct results. What was in common for all tests was my router and ISP line (router is hAP ac2, running 7.14.3; ISP line is 1000/100 GPON). So here are results: testing...
by mkx
Mon May 13, 2024 6:18 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ Broken Reset Button
Replies: 7
Views: 399

Re: CCR1009-7G-1C-1S+ Broken Reset Button

If it doesn't melt the tweezers it'll probably be fine.
by mkx
Mon May 13, 2024 5:56 pm
Forum: Wireless Networking
Topic: AP in L2 mode with CAPsMAN Guest Wi-Fi problem [SOLVED]
Replies: 13
Views: 4217

Re: AP in L2 mode with CAPsMAN Guest Wi-Fi problem [SOLVED]

Because you have this construct: add bridge=bridge comment=defconf frame-types=\ admit-only-untagged-and-priority-tagged interface=wlan1 \ internal-path-cost=10 path-cost=10 pvid=1300 Even though radio part is provisioned by CAPsMAN, the bridge config is still in force. If you remove this line, then...
by mkx
Mon May 13, 2024 2:41 pm
Forum: Wireless Networking
Topic: AP in L2 mode with CAPsMAN Guest Wi-Fi problem [SOLVED]
Replies: 13
Views: 4217

Re: AP in L2 mode with CAPsMAN Guest Wi-Fi problem [SOLVED]

I think you have to set datapath.vlan-mode to "use-tag". Otherwise VLAN headers won't be handled by wireless driver when passing between wireless interface and bridge. And as far as I remember (I'm not running capsman ATM) capsman doesn't do anything about bridge when provisioning wireless...
by mkx
Mon May 13, 2024 8:51 am
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 590

Re: hAP ax2 - best WiFi configuration for range?

set country USA If one is located in one of ETSI countries, then setting to "United States" will prevent them to use otherwise legal channels 12 and 13 (on 2.4GHz band). The example I provided is better than US in this aspect. It does miss U-NII-4 channels, but these tend to make problems...
by mkx
Mon May 13, 2024 8:46 am
Forum: Wireless Networking
Topic: hAP AX2 - broken wifi (no SSID can be found)
Replies: 17
Views: 1479

Re: hAP AX2 - broken wifi (no SSID can be found)

In addition to what @bpwl wrote (or to emphasize statement "802.11ax is advanced in possible frequencies"): it is possible that your ax2 selects frequency which is not supported by wifi clients. So when in doubt, try to manually set frequency to 5180 ... it's a channel available since The ...
by mkx
Mon May 13, 2024 8:40 am
Forum: Wireless Networking
Topic: Wireless Wire kit license upgrade question
Replies: 4
Views: 343

Re: Wireless Wire kit license upgrade question

RBwAPG-60adkit only has 60GHz radio ... I highly doubt your wifi stations you want to use in the garage have 60GHz radios as well. So converting one of wireless wire devices to AP bridge wouldn't change a tiniest bit. Unless you're thinking of adding a wireless wire link inside garage ... that would...
by mkx
Mon May 13, 2024 8:33 am
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 590

Re: hAP ax2 - best WiFi configuration for range?

As I understand lowering the antenna-gain will boost the antenna range, is there a limit for the "highest power" setting on the ax2? E.g. setting it to 0 should make the signal the strongest ? ax2 has (almost certainly) set min-antenna-gain property to whatever you can set the lowest valu...
by mkx
Mon May 13, 2024 8:17 am
Forum: General
Topic: Firewall site
Replies: 3
Views: 357

Re: Firewall site

If the site, which should be allowed, is hosted on some "old school" server (i.e. not on some super fancy cloud provider but rather on a server with static IP which is not shared with other sites), then this should be easy. Otherwise it's next to impossible as others already stated. So it ...
by mkx
Sun May 12, 2024 6:42 pm
Forum: RouterBOARD hardware
Topic: Fan Speed at 5k RPM [SOLVED]
Replies: 18
Views: 4048

Re: Fan Speed at 5k RPM [SOLVED]

It just seems weird to me... a more sensible cooling solution or hardware than runs less hot would have opened the market tremendously. I can't say if it would make a big difference (I dont have this switch so I don't know how loud it is), but: SFP+ modules for FO run quite much cooler, so if this ...
by mkx
Sun May 12, 2024 6:36 pm
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 590

Re: hAP ax2 - best WiFi configuration for range?

Ok thanks for the tips. I should have bought the ax3 then... :/ As long as you want to remain within country regulatory limits, device with big ugly array of antennae won't help much with range (in principle it is only allowed to enhance reception). Even more, with high gain antennae it's important...
by mkx
Sun May 12, 2024 5:21 pm
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 590

Re: hAP ax2 - best WiFi configuration for range?

Should I use 20/40MHz channel width for optimal performance?
Using narrower channel (i.e. 20MHz only) will give you slightly longer range.

But as @gotsprings wrote: use wires (and/or multiple APs).
by mkx
Sun May 12, 2024 4:46 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 136
Views: 9432

Re: [Discussion] MikroTik configuration abstraction complexity

We are, this way or another, forced to use both documentation systems. The old wiki may be more readable (this is subjective of course) and describes v6 (for those still using it). The new help is a must when using new features of v7. Most contents is the same in both (but can be presented different...
by mkx
Sun May 12, 2024 4:35 pm
Forum: General
Topic: VLAN distribution over bridges / basic VLAN configuration hints
Replies: 7
Views: 385

Re: VLAN distribution over bridges / basic VLAN configuration hints

So if understand you right, both port 1 and port 13 will connect to the switch. If this is so, then set port 13 to be edge port. You will probably have to do similar thing on switch. Otherwise you may have issues with RSTP blocking one of these ports.
by mkx
Sun May 12, 2024 2:24 pm
Forum: General
Topic: VLAN distribution over bridges / basic VLAN configuration hints
Replies: 7
Views: 385

Re: VLAN distribution over bridges / basic VLAN configuration hints

Yup, I've had this in my mind. So in event of power loss, does this behaviour pose a threat to security of your LAN devices? If you're going to connect ISP and VoIP to these two ports, then described behaviour might even be wanted (if port connects dedicated VoIP infrastructure ... VoIP phones would...
by mkx
Sun May 12, 2024 2:19 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 634

Re: How to configure trunk port on CCR1009?

I'm out of ideas, hopefully somebody with CCR1009 experience will chime in.
by mkx
Sun May 12, 2024 1:34 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 634

Re: How to configure trunk port on CCR1009?

Doesn't seem off either.

Did you perform a cold boot of CCR since finalizing its config? In some rare cases this does seem to be necessary.
by mkx
Sun May 12, 2024 1:29 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 391
Views: 203498

Re: Mikrotik VDSL / DSL Modem?

Is possible obtain RouterOS 6.41rc20 from somewhere please?
Why on earth would anyone want a 2017 version with tons of bugs and security issues?
And above all a Release Candidate even.
by mkx
Sun May 12, 2024 1:26 pm
Forum: RouterBOARD hardware
Topic: Fan Speed at 5k RPM [SOLVED]
Replies: 18
Views: 4048

Re: Fan Speed at 5k RPM [SOLVED]

With rack ears attached and mounted inside a communication rack it's not as bad :wink:
by mkx
Sun May 12, 2024 1:20 pm
Forum: General
Topic: VLAN distribution over bridges / basic VLAN configuration hints
Replies: 7
Views: 385

Re: VLAN distribution over bridges / basic VLAN configuration hints

If you're passing VLAN 40 to switch, then by using single bridge you may run into issues with STP/RSTP (these don't take VLANs into account). But OTOH nothing is stopping you from adding VLAN 40 to the trunk connection with single-bridge approach. Beware of specifics of ether11/12 on RB1100AHx4 ... ...
by mkx
Sun May 12, 2024 1:06 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 634

Re: How to configure trunk port on CCR1009?

Can you show CSS config as well?
by mkx
Sun May 12, 2024 1:00 pm
Forum: General
Topic: TCP port forwarding not working [SOLVED]
Replies: 7
Views: 3361

Re: TCP port forwarding not working [SOLVED]

Apparently, the UDP and TCP routing works very different No, routing is exactly the same for whole L3 family ... in your case IP. When it comes to routing, L4 (TCP vs. UDP) is a payload which doesn't affect the decissions. (it does matter when it comes to firewalling though, which obviously include...
by mkx
Sun May 12, 2024 12:38 pm
Forum: General
Topic: VLAN distribution over bridges / basic VLAN configuration hints
Replies: 7
Views: 385

Re: VLAN distribution over bridges / basic VLAN configuration hints

When it comes to bridge HW offload to underlying switch(es), it's important to keep in mind a few facts: one bridge can be offloaded to single switch chip. If ports, connected to a switch chip, belong to different bridges, then only a part of ports will actually enjoy benefits of HW offload one brid...
by mkx
Sun May 12, 2024 12:11 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 634

Re: How to configure trunk port on CCR1009?

It doesn't seem to be too off to me. With possible discrepancy in overall config: you have VLAN interfaces for VIDs 10 and 11 ... TRUNK is not member of VID 10 and there's VID 12 used as bridge VLAN (without any other related config). These are not necessarily wrong, it really depends on the overall...
by mkx
Sat May 11, 2024 9:34 pm
Forum: General
Topic: How to configure trunk port on CCR1009?
Replies: 14
Views: 634

Re: How to configure trunk port on CCR1009?

All mikrotik devices since ROS v6.42 can do bridge VLAN . Some can offload it to hardware (switch chip; RB750Gr3 is one of them), others do it with their general-purpose CPU. But the end effect is the same. If configured properly. So why your hEX config, transplanted to CCR, doesn't work is a big qu...
by mkx
Sat May 11, 2024 4:10 pm
Forum: Wireless Networking
Topic: L22UGS-5HaxD2HaxD chanel width?
Replies: 3
Views: 380

Re: L22UGS-5HaxD2HaxD chanel width?

Tx power is (hard) limited by Tx power amplifier capability (it seems to be 28dBm for mANTBox ax), by country regulations which take antenna gain into consideration (15dBi for 5FHz band is probably hard coded), that's EIRP. If country regulation for your whole channel span used is at e.g. EIRP=30dBm...
by mkx
Sat May 11, 2024 3:45 pm
Forum: General
Topic: Connect two network segments (LAN and EV charging management)
Replies: 1
Views: 241

Re: Connect two network segments (LAN and EV charging management)

How do I connect the two LANs so that I can access the controller API, but it cannot access the Internet and other devices from the controller LAN cannot access my LAN? Use dedicated subnet for charging network on your router (e.g. remove one port from bridge, connect charging LAN to that port, add...
by mkx
Sat May 11, 2024 3:05 pm
Forum: Beginner Basics
Topic: Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD
Replies: 5
Views: 496

Re: Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD

wireless package on L009 probably came with upgrade from pre-7.13 to current version. Previously wireless was integrsl verdion of routeros package and upgrade (blindly) installs it (unless wifiwave2 driver was installed previously). The station disconnects seem to be caused by station devices themse...
by mkx
Fri May 10, 2024 9:09 pm
Forum: RouterBOARD hardware
Topic: Any plans for a hEX PoE+?
Replies: 11
Views: 1144

Re: Any plans for a hEX PoE+?

So basically you can power the the RB960PGS-PB and its 4 PoE-out ports using a single PoE-In cable? I'm curious because I tried using a 48 V injector to power my hEX S (on eth1) and then hooked up a 48 V PoE access point (TP-Link EAP653) to eth5 and the access point wouldn't power on at all. hEX S ...
by mkx
Fri May 10, 2024 8:58 pm
Forum: General
Topic: DNS Issues in Station Mode [SOLVED]
Replies: 2
Views: 2569

Re: DNS Issues in Station Mode [SOLVED]

A few things:
  1. move IP address from wifi1 interface to bridge interface (probably not the show stopper, but it's wrong anyway)
  2. add default route, e.g.
    /ip/route/add gateway=10.62.14.1
    
    (I'm assuming this is the address of your main router)
by mkx
Fri May 10, 2024 8:38 pm
Forum: Beginner Basics
Topic: Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD
Replies: 5
Views: 496

Re: Packages and configs on L009UiGS and cAPGi-5HaxD2HaxD

As you have ax cAPs, they are running wifi-qcom drivers. So on CAPsMAN (L009) you don't need wireless package (on L009 it only provides support for legacy capsman which you don't need). Basis routeros package already provides support for new capsman. And it's configured exclusively in /interface/wif...
by mkx
Fri May 10, 2024 4:02 pm
Forum: Wireless Networking
Topic: Apple Devices not roaming correctly?
Replies: 12
Views: 808

Re: Apple Devices not roaming correctly?

13:59:47 wireless,info 70:31:7F:DE:D9:E2@Wifi-AP1 disconnected, connection lost, signal strength -66 13:59:47 wireless,debug 70:31:7F:DE:D9:E2@Wifi-AP1 disassociated, connection lost, signal strength -66 13:59:55 wireless,debug 70:31:7F:DE:D9:E2@Wifi-AP1 associated, signal strength -62 13:59:55 wir...
by mkx
Fri May 10, 2024 3:33 pm
Forum: RouterBOARD hardware
Topic: help buying equipment
Replies: 12
Views: 599

Re: help buying equipment

Not likely. My hAP ac2 can do around 300Mbps of IPv6 (no fasttrack support for IPv6) while it can easily do 1Gbps of IPv4 (with fasttrack fully used). @OP wants to use queues, so fasttrack is not really an option (unless using hardware queues but I don't know if these can be used when limiting throu...
by mkx
Fri May 10, 2024 2:56 pm
Forum: RouterBOARD hardware
Topic: Can't find a suitable router... product lines a mess
Replies: 26
Views: 1806

Re: Can't find a suitable router... product lines a mess

... for the saved wireless card ... Not even that, in hAP ax2 and hAP ax3 wireless is part of SoC. With possible exception of power amplifier (if even that). So the manufacturing cost drop would only come from missing antennae. If those are procured from some Chinese fruit market, this would probab...
by mkx
Fri May 10, 2024 2:41 pm
Forum: General
Topic: Slow FTP upload speed via GRE Tunnel
Replies: 16
Views: 996

Re: Slow FTP upload speed via GRE Tunnel

Could be wrong, but I don't think you can use fast-track with IPSec-enabled GRE tunnel. No, you can't. Default firewall has these two rules add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defco...
by mkx
Fri May 10, 2024 2:37 pm
Forum: General
Topic: serious problem with arp table!
Replies: 8
Views: 672

Re: serious problem with arp table!

I found that manually removing the IP from the ARP table immediately restored connectivity. Upon checking my DHCP server settings, I noticed that "Add ARP for Leases" was enabled. Playing with non-default ARP settings (both in DHCP server and bridge properties) is most often not necessary...
by mkx
Thu May 09, 2024 8:47 am
Forum: RouterBOARD hardware
Topic: Can't find a suitable router... product lines a mess
Replies: 26
Views: 1806

Re: Can't find a suitable router... product lines a mess

Regarding disabling wireless, I think there is some psychological barrier to shutting down capability deliberately compared with simply not using performance. We're (kind of) engineers here, so psychological reasons should not be considered, right? I'm using hAP ac2 (with the problem of having too ...
by mkx
Thu May 09, 2024 8:44 am
Forum: RouterBOARD hardware
Topic: HAP AC3 not performing well (Can't reach max WiFi) [SOLVED]
Replies: 8
Views: 3203

Re: HAP AC3 not performing well (Can't reach max WiFi) [SOLVED]

I do a frequency scan but don't see any overlaps. Some proprietary protocols don't shown on 802.11 devices ... IIRC nstream is such protocol (normal wifi devices won't detect it, they might show higher noise floor though) but nv2 does show (it's a while since I did those scans so I forgot about det...
by mkx
Thu May 09, 2024 8:40 am
Forum: RouterBOARD hardware
Topic: help buying equipment
Replies: 12
Views: 599

Re: help buying equipment

It's not really about number of users, it's more about combined throughput and the processing burden you'd like to place on router. Look at test results. The problem with test results is that they rely on using fast track heavily. In real life things are not as ideal, so one has to take results with...
by mkx
Thu May 09, 2024 8:30 am
Forum: RouterBOARD hardware
Topic: hAP ax² - PoE in
Replies: 1
Views: 268

Re: hAP ax² - PoE in

It should be possible, both devices support 24V and passive PoE. Power budget of both devices is fine as well (hAP ax2 max PoE out current is 600mA, CSS610 uses up to 11W, at 24V that's around 460mA). The only constraint is that CSS has to be connected with erther1 (labeled as "PoE in") to...
by mkx
Thu May 09, 2024 8:27 am
Forum: RouterBOARD hardware
Topic: Fan Speed at 5k RPM [SOLVED]
Replies: 18
Views: 4048

Re: Fan Speed at 5k RPM [SOLVED]

The RJ-45 SFP+ module is at over 70 degrees C and looping in and out of existence on the switch. Indeed fan speed depends also on SFP modules temperatures. And yes, RJ-45 modules (specially SFP+, so speeds up to 10Gbps) tend to run hot, so yes, fans tend to run faster than needed for switch electro...
by mkx
Thu May 09, 2024 8:11 am
Forum: General
Topic: RouterOS crash upon importing Wireguard config
Replies: 3
Views: 350

Re: RouterOS crash upon importing Wireguard config

First of all, I recommend you to upgrade ROS to the most recent stable version (7.14.3 ATM).

Next: how exactly are you "importing a known-good Wireguard config" to your router?
by mkx
Thu May 09, 2024 8:03 am
Forum: Announcements
Topic: Long range wireless links - share your experience
Replies: 35
Views: 28563

Re: Long range wireless links - share your experience

My current 27km AirFiber 5XHD link on 3' (1m) 34dBi antennas and 100MHz of spectrum ... This setup hardly qualifies as "wifi based link". While it does use frequency from U-NII-3 band, it obviously doesn't use 802.11-compliant channel width (which would be either 80MHz or 160MHz) ... and ...
by mkx
Wed May 08, 2024 9:01 pm
Forum: RouterBOARD hardware
Topic: HAP AC3 not performing well (Can't reach max WiFi) [SOLVED]
Replies: 8
Views: 3203

Re: HAP AC3 not performing well (Can't reach max WiFi) [SOLVED]

TxRx rate in the "Status" page of the WLAN2 interface shows to be 585Mbs. This shows you that signal loss between both devices is considerable. And apart from removing the obstacle there isn't much that can be done. Then it comes to efficiency of using the "raw interface rate" f...
by mkx
Wed May 08, 2024 8:38 pm
Forum: RouterBOARD hardware
Topic: Fan noise under SwOS on CRS310-8G+2S+
Replies: 3
Views: 323

Re: Fan noise under SwOS on CRS310-8G+2S+

I always assumed SwOS being way simpler might also lead to less CPU load and thus power consumption ... If configured properly, then handling of actual traffic would be done by switch ASIC in both cases. The difference is in management (but that's only effective when management is on-going ... and ...
by mkx
Wed May 08, 2024 7:59 pm
Forum: General
Topic: CRS310-8G+2S+IN brick
Replies: 7
Views: 574

Re: CRS310-8G+2S+IN brick

I'm out of ideas. You may want to ask support@mikrotik.com if there are any other options (if device had serial console, then you'd have option to boot back into ROS and proceed from there).
by mkx
Wed May 08, 2024 7:32 pm
Forum: General
Topic: RB5009 + SFP DFP-34X-2C2. How to get 2,5Gbps?
Replies: 2
Views: 355

Re: RB5009 + SFP DFP-34X-2C2. How to get 2,5Gbps?

Are you sure it's not optimally performing already? SFP+ has 10Gbps line rate ... AFAIK host and module always talk at this rate. What then module negotiates with its fiber peer is pretty differrent thing. And quite possibly it negotiates 2.5Gbps as well ... and that 500Mbps service you're subscribe...
by mkx
Wed May 08, 2024 6:53 pm
Forum: Beginner Basics
Topic: Netinstall
Replies: 1
Views: 225

Re: Netinstall

After picking router, netinstall may only show packages applicable to your router. Check hardware platform, it has to match ...
by mkx
Wed May 08, 2024 9:23 am
Forum: General
Topic: CRS310-8G+2S+IN brick
Replies: 7
Views: 574

Re: CRS310-8G+2S+IN brick

CRS devices which can dual boot ROS or SwOS are a bit nastier beasts. You said you netinstalled device with "7.11.1-4" which doesn't conform to Mikrotik version notation ... so not sure what exactly did you netinstall, but it might indicate you installed ROS. Indeed winbox should help acce...
by mkx
Wed May 08, 2024 9:14 am
Forum: Beginner Basics
Topic: How to block IP range when NATed?
Replies: 11
Views: 598

Re: How to block IP range when NATed?

I get this BL WL. I will try to make it that way. src-address-list is a path from the root or from some specific dir? I'm not sure I'm getting your question. src-address-list acts similarly to src-address ... but takes name of address list as parameter. You have a feasible address list in your conf...
by mkx
Tue May 07, 2024 10:49 pm
Forum: RouterBOARD hardware
Topic: Fan noise under SwOS on CRS310-8G+2S+
Replies: 3
Views: 323

Re: Fan noise under SwOS on CRS310-8G+2S+

I'd go with ROS without a second thought.

CRS310 can be quite a beast of a router when running ROS v7 (with L3HW) ... when you only need the device as a (higher-end) switch, this may compare to a a pile of chrome and huge alloy rims on a family sedan ... but why not if it's for free? :wink:
by mkx
Tue May 07, 2024 10:45 pm
Forum: Beginner Basics
Topic: How to block IP range when NATed?
Replies: 11
Views: 598

Re: How to block IP range when NATed?

Oh my, what a convoluted firewall. It would be much easier, if you'd have explicit ultimate rule in the line of chain=forward action=drop ... preceeded by explicit allow rules. Now, if you build a black list of addresses, it's wise to have white list as well. So you first accept connections from whi...
by mkx
Tue May 07, 2024 6:43 pm
Forum: General
Topic: Switch VLAN Table Dynamic entries or invalid ports
Replies: 1
Views: 210

Re: Switch VLAN Table Dynamic entries or invalid ports

I think that we should simply forget about anything changing for CRS1xx or CRS2xx. If these were made by any other vendor, they would be long since end of support (probably stuck at running v6.42 or something). Quite a few other devices are in the same boat (all having Qualcomm switch chips or Qualc...
by mkx
Tue May 07, 2024 6:38 pm
Forum: General
Topic: Debian installer (Preseed) fom dhcp
Replies: 1
Views: 258

Re: Debian installer (Preseed) fom dhcp

DHCP server in ROS lacks any of non-essential functionalities.
by mkx
Tue May 07, 2024 6:37 pm
Forum: General
Topic: CRS310-8G+2S+IN brick
Replies: 7
Views: 574

Re: CRS310-8G+2S+IN brick

Winbox and SwOS are two quite distinct things. Winbox is OK for ROS-running devices, one needs web browser for SwOS.
by mkx
Tue May 07, 2024 4:08 pm
Forum: Beginner Basics
Topic: How to block IP range when NATed?
Replies: 11
Views: 598

Re: How to block IP range when NATed?

Show us firewall configuration (execute /ip firewall export file=anynameyouwish from UI, fetch the file off device, open it with text editor and copy-paste it here inside [code] [/code] environment).
by mkx
Tue May 07, 2024 10:59 am
Forum: SwOS
Topic: Features SwOS RB260GS/RB260GSP
Replies: 6
Views: 584

Re: Features SwOS RB260GS/RB260GSP

I think if you better must go for a CRS switch which can offer much better management features because works using RouterOS, is worth the price increase Switching is SOOOO much easier to deal with in SwitchOS... Better and easier can be quite much anti-correlated. And easier can be subjective ... e...
by mkx
Tue May 07, 2024 10:50 am
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 8
Views: 777

Re: NetMetal ax / L23-UGSR — initial feedback from specs

1. Any reason it does not support USB 3.0?
USB3.0 can kill 2.4GHz WiFi. USB2.0 can do up to (realistically) 400Mbps, which is not that bad either.
by mkx
Tue May 07, 2024 10:45 am
Forum: RouterBOARD hardware
Topic: 48V or 57V power supply for hEX PoE?
Replies: 7
Views: 597

Re: 48V or 57V power supply for hEX PoE?

Q(PSE): Hi, is there a device on the other end of this cable A(PD): Yes, I am here Q(PSE):Good, which kind of device are you? A(PD): I am an 802.3at device. Q(PSE):That's what you say, let me make sure, are you a 802.3at device? A:(PD):Yes, I am an 802.3at (class 4) device. A:(PSE):Ah, ok, I am giv...
by mkx
Tue May 07, 2024 10:40 am
Forum: RouterBOARD hardware
Topic: I cant solve bufferbloat issue with my hap ac2 router.
Replies: 12
Views: 1808

Re: I cant solve bufferbloat issue with my hap ac2 router.

When fasttrack is disabled on hAP ac2, then max throughput is severely limited. My experience with IPv6 (no fasttrack support) shows that hAP ac2 can do somewhere around 350Mbps (give or take). Processing queues adds to CPU workload. So I guess you'd have to drastically reduce queue throughput (to s...
by mkx
Tue May 07, 2024 9:09 am
Forum: RouterBOARD hardware
Topic: RB450Gx4 Performance and POE out
Replies: 4
Views: 2407

Re: RB450Gx4 Performance and POE out

If max power consumption is maximum 16 W, how can the poe out be 57 V x 0.5 A = 18.5 W + 4 W internal use = 22.5 W. I guess that power consumption is calculated with offered powering options (18POW and 24HPOW) in mind, they both supply 24V. So 0.5A * 24V = 12W .. and 4W+12W=16W ... I guess that max...
by mkx
Tue May 07, 2024 9:01 am
Forum: Wireless Networking
Topic: Local vs Capsman Forwarding
Replies: 5
Views: 431

Re: Local vs Capsman Forwarding

So what the goal mikrotik have capsman feature if with this configuration the performance degraded? This feature was just fine with 802.11g (max 54Mbps code rate, 30Mbps actual data throughput) cAPs. A nice feature: CAPsMAN connection can be routed over MAN/WAN links and capsman forwarding in this ...
by mkx
Mon May 06, 2024 12:31 pm
Forum: Beginner Basics
Topic: Different Software-ID on same Model
Replies: 1
Views: 268

Re: Different Software-ID on same Model

I don't think software ID has anything with hardware[*]. I've got two devices RB951G, both purchased around the same time, both came with similar factory installed ROS and firmware, AFAIK there weren't different revisions of this model. And yet they have completely different software ID. [*]it might...
by mkx
Mon May 06, 2024 9:15 am
Forum: Beginner Basics
Topic: Trying to understand the need for MSS Clamping [SOLVED]
Replies: 5
Views: 2466

Re: Trying to understand the need for MSS Clamping [SOLVED]

MTU/MSS/MRU was an issue from beginning of internet. In IPv4, packet fragmentation was allowed and until certain point in time, all routers did it if needed. However, it's burden for routers and fragmentation slowly ceased to happen, instead routers started to drop packets which exceeded MTU of next...
by mkx
Sun May 05, 2024 6:39 pm
Forum: RouterBOARD hardware
Topic: Any plans for a hEX PoE+?
Replies: 11
Views: 1144

Re: Any plans for a hEX PoE+?

I bought a 48V PoE+ injector hoping I could feed the hEX S PoE-in (this worked) and simultaneously the AP using on eth5 using the PoE-out featuere, only to learn that this doesn't work when the hEX S is powered using PoE-in, even though the injector has more than enough power to supply the two devi...
by mkx
Sun May 05, 2024 6:27 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 297
Views: 76104

Re: v7.15rc [testing] is released!

@kcarhc ... free storage space on 15.3MiB ARM devices is a different issue than RAM memory leak. It's common knowledge (without any speciffic insights) that hAP ac2 running ROS v7 should either be used as pretty simple AP or as router without any wireless package intalled. In both cases it runs pret...
by mkx
Sun May 05, 2024 6:10 pm
Forum: Beginner Basics
Topic: Mopidy issue
Replies: 9
Views: 862

Re: Mopidy issue

... mopidy needs now IP in config. Unless you configured web proxy on Mikrotik, it doesn't change payload of packets ... it can block them (firewall rules) or change source and destination IP address and/or port (NAT rules). As I already wrote, it's client which includes server FQDN in application ...
by mkx
Sun May 05, 2024 4:00 pm
Forum: Beginner Basics
Topic: Mopidy issue
Replies: 9
Views: 862

Re: Mopidy issue

If that's so then it seems mopidy doesn't seem to like being used with that particular name.

Does mopidy have any logs? Anything in them when you're unable to access mopidy using name?
by mkx
Sun May 05, 2024 3:13 pm
Forum: General
Topic: Changing MTU of 10G SFP Port Drops All Traffic On CCR2216
Replies: 4
Views: 557

Re: Changing MTU of 10G SFP Port Drops All Traffic On CCR2216

Thought not sure why you can't connect to it via IP.

My thinking is packets, transmitted by CCR, are too big for management station if that one is not set for jumbo frames as well. Wireshark might tell (probably not), some diagnostic counters on management station's NIC as well.
by mkx
Sun May 05, 2024 3:08 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 662
Views: 191913

Re: v7.14.3 [stable] is released!

Is there anything about wlan2 in logs since reboot?
by mkx
Sat May 04, 2024 9:13 pm
Forum: General
Topic: Changing MTU of 10G SFP Port Drops All Traffic On CCR2216
Replies: 4
Views: 557

Re: Changing MTU of 10G SFP Port Drops All Traffic On CCR2216

Changing MTU has to be done carefully ... and on all devices in same L3 network (subnet) as every member of eubnet has to be able to receive jumbo packets (MRU usually closely follows MTU). and this relies on all devices being able to use large L2MTU.
by mkx
Fri May 03, 2024 2:23 pm
Forum: RouterBOARD hardware
Topic: Cascading switches
Replies: 9
Views: 575

Re: Cascading switches

@jvanhambelgium - Just curious, why do you want to turn off STP considering there will likely be multiple devices connected to each switch? STP has nothing to do with number of devices connected to each switch, it has to do with loop detection and prevention. While one can never be sure there won't...
by mkx
Fri May 03, 2024 1:52 pm
Forum: General
Topic: [Feather Request] Ignore bad DHCPv6 DUID
Replies: 6
Views: 1945

Re: [Feather Request] Ignore bad DHCPv6 DUID

As @strods explained: the DUID sent out by ISP of @OP is not DUID value , it's only DUID type. So strictly speaking ROS can't treat "DUID as opaque VALUE" because value in this case is NULL. Yeah, probably wouldn't hurt anybody if ROS accepted NULL as DUID value ... but since ROS is doing ...
by mkx
Fri May 03, 2024 1:40 pm
Forum: Beginner Basics
Topic: Mopidy issue
Replies: 9
Views: 862

Re: Mopidy issue

Passing name, with which client is trying to connect server (e.g. SNI), is the matter of application layer, it has nothing to do with router or firewall (which work on lower layers). So why mopidy client doesn't tell mopidy server it's trying to access "music.lan" is up to mopidy client. Y...
by mkx
Fri May 03, 2024 1:28 pm
Forum: Beginner Basics
Topic: PPPoE Connection over SFP Port
Replies: 19
Views: 1525

Re: PPPoE Connection over SFP Port

sfp-sfpplus1 interface doesn't seem to be in connected/running state. What does ODI UI say about GPON status? You'll have to verify it's established between SFP+ module and OLT.
by mkx
Thu May 02, 2024 9:13 pm
Forum: Wireless Networking
Topic: What download/upload can I get having such parameters.
Replies: 1
Views: 263

Re: What download/upload can I get having such parameters.

Signal strength and quality are good, there's CA available. If you were the only user in these two cells, you could get something like 150/35 Mbps (R11e-LTE6 doesn't do CA in uplink). Actual performance will very much depend on cell load which varies with time of day and is usually the worst during ...
by mkx
Thu May 02, 2024 4:16 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 136
Views: 9432

Re: [Discussion] MikroTik configuration abstraction complexity

Configuration abstraction complexity stems from the simple fact that MikroTik never built their own custom data-plane, they relied on Linux kernel data-plane all these years instead ... Well, Mikrotik obviously doesn't have in-house development resources to go for custom anything large scale. They ...
by mkx
Thu May 02, 2024 11:36 am
Forum: Wireless Networking
Topic: Receive UDP packets without established connection
Replies: 7
Views: 428

Re: Receive UDP packets without established connection

Even though L4 data is unacknowledged type (UDP), WiFi layer (L2 in particular) still requires some bi-directional communication (ACKs of wireless frames for example) when data is sent to unicast destination address. Which means that jamming transmitting side effectively blocks it from transmitting ...
by mkx
Thu May 02, 2024 12:13 am
Forum: Wireless Networking
Topic: Receive UDP packets without established connection
Replies: 7
Views: 428

Re: Receive UDP packets without established connection

What in particular does mean "Mikrotik A is jammed"?
by mkx
Wed May 01, 2024 11:40 pm
Forum: Wireless Networking
Topic: Receive UDP packets without established connection
Replies: 7
Views: 428

Re: Receive UDP packets without established connection

UDP is state-less L4 protocol ... meaning that UDP connections are not really established, there is no connection handshake. Instead one side starts to transmit packets and the other side may (or may not) transmit packets in the opposite direction. Whether traffic is bidirectional or not entirely de...
by mkx
Wed May 01, 2024 8:55 pm
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 9
Views: 1043

Re: iperf3 in docker container not showing 10Gb/sec speed

It was my understanding that CRS309-1G-8S+IN can switch at 10Gb/sec on ALL ports, and RB5009UG+S+IN router can handle 10Gb/sec across its SFP+ port. According to my understainding of official test results for RB5009 (and many other long-time forum members' understanding as well) it can route in rea...
by mkx
Wed May 01, 2024 8:45 pm
Forum: Beginner Basics
Topic: bad command name wireless
Replies: 4
Views: 323

Re: bad command name wireless

Where can I read more about it?
This post/thread might be interesting for a start: viewtopic.php?t=202578
by mkx
Wed May 01, 2024 7:08 pm
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1558

Re: wifi-qcom(-ac) and VLAN-filtering

The day I enable capsman on any of my devices, means my brain has been taken over by fungi! It's not very friendly for sure. But worth noting that there is no fast roaming without CAPsMAN... @anav is roaming between Nova Scotia and Italy. No amount of MT's "Fast Transition" will expedite ...
by mkx
Wed May 01, 2024 7:05 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2157

Re: Low performance on RB5009 with machine behind NAT

Cut the shite and allow official ONIE flashing, and let us install our own NOS. If you don't want to use ROS ... and you're saying other vendors provide whitebox devices with similar hardware ... so why would you want to use anything by Mikrotik? I'm guessing you're still intrigued by MT's price ta...
by mkx
Wed May 01, 2024 6:56 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 136
Views: 9432

Re: [Discussion] MikroTik configuration abstraction complexity

Many industry folks (outside Latvia) are of the opinion that MikroTik operates using Soviet economic/business model ... It's often very hard to get rid of some mental petterns if they are given (or enforced) to a few generations in a row. One of them is "USA are the greatest in known Universe ...
by mkx
Wed May 01, 2024 6:45 pm
Forum: Beginner Basics
Topic: bad command name wireless
Replies: 4
Views: 323

Re: bad command name wireless

6 S wifi1 wifi 1500 48:A9:8A:F2:68:BC
7 RS wifi2 wifi 1500 48:A9:8A:F2:68:BD

Your device is running new wifi driver, so the config is under /interface/wifi ...

Old driver names interfaces as wlanX ...
by mkx
Wed May 01, 2024 5:24 pm
Forum: Wireless Networking
Topic: Regular Link Outages
Replies: 4
Views: 440

Re: Regular Link Outages

I didn't say it's detecting actual radar, it might be something else which (to ROS) slightly resembles shape of a radar pulse (could be some BlueTooth gadget, could be some microwave owen, could be some other WiFi device transmitting a burst of energy not decodable by your devices, etc. So check log...
by mkx
Wed May 01, 2024 5:14 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2034

Re: /tool wol - target IP address?

@libove is stating an almost sensible reason. I don't know why exactly would MSI break standard behaviour (could be they are trying to "enhance security" by ignoring broadcast frames ... or they are trying to skip processing usual broadcast packets, such as DHCP handshake and what not whil...
by mkx
Wed May 01, 2024 12:21 pm
Forum: Wireless Networking
Topic: hAP ax²: clients connection stability issue
Replies: 36
Views: 2651

Re: hAP ax²: clients connection stability issue

Maybe not coincidence because whilst the access point carries out the physical radar check, it could be CAPsMAN that decides what to do with the radar event and which frequency to move to? My reasoning here is that CAPsMAN holds the configuration data on frequency, not the access point? CAPsMAN ind...
by mkx
Wed May 01, 2024 12:08 pm
Forum: Wireless Networking
Topic: Regular Link Outages
Replies: 4
Views: 440

Re: Regular Link Outages

Did logs mention DFS/CAC?

It could be false positive radar detection based on some actual external interference (which appears on some schedule) ...
by mkx
Wed May 01, 2024 12:06 pm
Forum: Wireless Networking
Topic: Wrong TX power wifi-qcom-ac antenna gain missing
Replies: 3
Views: 316

Re: Wrong TX power wifi-qcom-ac antenna gain missing

Missing minimum antenna gain is not something universal, my Audience running wifi-qcom-ac shows (and uses) it. So you may want to create supout.rif and open trouble ticket with support@mikrotik.com ...
by mkx
Wed May 01, 2024 12:02 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2034

Re: /tool wol - target IP address?

... at a minimum just please implement the (already submitted) feature request to do unicast instead of only broadcast. Please elaborate on the following two questions: What would be the benefit of using unicast ethernet frames instead of broadcasts? What would be benefit of using unicast IP addres...
by mkx
Wed May 01, 2024 11:58 am
Forum: General
Topic: ipv4 to ipv6
Replies: 1
Views: 236

Re: ipv4 to ipv6

You need NAT46 gateway inside your LAN. I'm pretty sure that ROS doesn't support NAT46 so you'll have to find some other solution.
by mkx
Wed May 01, 2024 11:51 am
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2034

Re: /tool wol - target IP address?

I am not even convinced that the encapsulated UDP packet may work ... It won't work without the "last mile router" collecting IP/MAC mappings. Without support on router it'll try to deliver UDP packet just like it was ordinary packet ... and will try to do ARP whohas inquiry which will ob...
by mkx
Tue Apr 30, 2024 8:54 pm
Forum: Wireless Networking
Topic: hAP ax²: clients connection stability issue
Replies: 36
Views: 2651

Re: hAP ax²: clients connection stability issue

Or does the AP that is controlled by capsman do the check.

Radar checks are always done by device which does Tx/Rx ... which means AP.
by mkx
Tue Apr 30, 2024 8:24 pm
Forum: General
Topic: Tool fetch returns error "status: failed" when trying to reach endpoint at localhost program [SOLVED]
Replies: 2
Views: 1218

Re: Tool fetch returns error "status: failed" when trying to reach endpoint at localhost program [SOLVED]

Can you fetch data from X.Y.Z.T:7250 using another computer from same subnet? It is possible that your API server only binds to loopback interface (127.0.0.1 a.k.a. localhost).
by mkx
Tue Apr 30, 2024 5:55 pm
Forum: RouterBOARD hardware
Topic: mikrotik mUPS?
Replies: 14
Views: 1237

Re: mikrotik mUPS?

not a bad idea, just to put a lead acid akku instead of li-ion. You can't just replace batteries with different chemistry, each chemistry has different charging profile and (unsuspecting) charger may destroy batteries very soon. Batteries may suffer from undercharge (and usable authonomy is the lea...
by mkx
Tue Apr 30, 2024 5:23 pm
Forum: General
Topic: what can be done to improve RSRQ and SINR
Replies: 1
Views: 202

Re: what can be done to improve RSRQ and SINR

RSRQ (and consequently SINR) could indeed be better. Low RSRQ may indicate interference from other cell towers. If those are in same direction as your serving cell, then you can't do anything. If tce interferring cells are not in the same direction, then you might be able to improve RSRQ by changing...
by mkx
Mon Apr 29, 2024 9:30 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 136
Views: 9432

Re: [Discussion] MikroTik configuration abstraction complexity

All old text books circa 1980s LOL At which time Latvia was still part of Soviet Union. So those western (US in particular) books were probably banned ... or at least ignored because Soviet communism did things differently. So it might be that all of these concepts are somehow unknown to MT managem...
by mkx
Mon Apr 29, 2024 9:12 pm
Forum: General
Topic: ONT - SWITCH - Router [SOLVED]
Replies: 3
Views: 1665

Re: ONT - SWITCH - Router [SOLVED]

Single bridge with vlan-filtering enabled.

Performance wise all options are similar, CPU will have to deal with VLAN tags in any case.

But: configuration of single bridge is more compact, more elegant and (to me) easier to read ... all of it means lesser probability to make an error in config.
by mkx
Mon Apr 29, 2024 9:02 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2034

Re: /tool wol - target IP address?

The WoL magic is all inside the packet payload, meaning ffffffffffff plus the destination MAC address repeated N times. Ethernet headers are only of interest of L2 devices on the way (switches) ... if these (still) have dst-mac in their FDB tables, then they will pass frame on (hopefully) correct eg...
by mkx
Sun Apr 28, 2024 2:01 pm
Forum: General
Topic: date format in console
Replies: 2
Views: 353

Re: date format in console

In historical list of changelogs it's listed in changelog for 7.10 for console and webfig.
by mkx
Sat Apr 27, 2024 3:30 pm
Forum: Beginner Basics
Topic: Constant traffic between Mikrotik and computer
Replies: 8
Views: 596

Re: Constant traffic between Mikrotik and computer

Generally when winbox is connected to RIS device, there will be some traffic. How much depends on windows open in winbox, some get constantly updated with statistics, some don't cause a lot (or any) traffic. Depending on windows open and CPU power in ROS device also CPU load can increase considerabl...
by mkx
Sat Apr 27, 2024 12:32 pm
Forum: Beginner Basics
Topic: Cisco VLAN to Mikrotik
Replies: 1
Views: 309

Re: Cisco VLAN to Mikrotik

Is this enough for make it work? All wrong. Have a (very good) look at this tutorial: https://forum.mikrotik.com/viewtopic.php?t=143620 Your "ROSish" cludge doesn't seem to follow Cisco config (not closely at least), so I'm not trying to show correct config tor MT. If you won't be able to...
by mkx
Sat Apr 27, 2024 12:20 pm
Forum: RouterBOARD hardware
Topic: Adding a cooling fan to CRS326
Replies: 67
Views: 29055

Re: Adding a cooling fan to CRS326

I mean, it's subtle, but I can hear the low hum unless I turn on the radio or TV to drown it out... Congratuations, you found out why legal noise levels in night time are lower than in daytime. Because if there are no other noises present, then sound/noise with certain (low) level is more audible t...
by mkx
Sat Apr 27, 2024 12:11 pm
Forum: General
Topic: Any solution for admit-only-VLAN-tagged misconfiguration
Replies: 16
Views: 828

Re: Any solution for admit-only-VLAN-tagged misconfiguration

But @anav brings up a valid point. If the switch was 100 miles away, how were you managing it before?

It doesn't really matter. If L2 configuration gets screwed, then no amount of L3/L4/L6 connectivity helps. Because all of it depends on working L2.
by mkx
Sat Apr 27, 2024 12:04 pm
Forum: General
Topic: Unable to find wifi radio data after upgrade to 7.14.3
Replies: 3
Views: 541

Re: Unable to find wifi radio data after upgrade to 7.14.3

It is kind of interesting, why device decided to use wrong package. I saw different files in packages then what was before, so I uploaded all of them within one and the same place, expecting routerOS to be intelligent enough to use correct package, but apparently it has happened the other way aroun...
by mkx
Sat Apr 27, 2024 11:49 am
Forum: Beginner Basics
Topic: carry vlans PTP
Replies: 2
Views: 335

Re: carry vlans PTP

Wireless drivers by default don't touch 802.1Q headers ... so if they receive frame with such header on one side (either radio or CPU side), they will pass it to the other side. So what you have to do is to bridge wired and wireless interface on each of SXT and make both interfaces (wired and wirele...
by mkx
Fri Apr 26, 2024 2:04 pm
Forum: General
Topic: This very simple firewall ruleset SHOULD work-- but.....
Replies: 4
Views: 426

Re: This very simple firewall ruleset SHOULD work-- but.....

Sure the dst-address- list is an IP address? This. dst-address-list property expects name of address list as parameter ... and doesn't complain if there isn't such list at the time of creating the rule. So in your case NAT rule expects address list with name "199.181.204.130" and containi...
by mkx
Fri Apr 26, 2024 8:31 am
Forum: RouterBOARD hardware
Topic: Mikrotik CCR1072 PSU1 & PSU2 Question
Replies: 3
Views: 417

Re: Mikrotik CCR1072 PSU1 & PSU2 Question

If you can do a "lab test", then remove PSU2 and see if device keeps running afterwards ... without any hiccups. With failing PSU you'd see strange things happen quite soon.
by mkx
Fri Apr 26, 2024 8:25 am
Forum: Wireless Networking
Topic: hAP ax²: clients connection stability issue
Replies: 36
Views: 2651

Re: hAP ax²: clients connection stability issue

It's called compression ... basic idea behind all compression algorithms is to remove any redundant information from data set ... even if that information doesn't seem redundant to humans' minds.
by mkx
Fri Apr 26, 2024 8:24 am
Forum: Wireless Networking
Topic: External 5G routers
Replies: 3
Views: 380

Re: External 5G routers

5G as in "WiFi 5GHz band" or as in "5G the mobile technology"? If the former, then there are a few models. If the later, then I guess we'll have to wait a bit longer, 5G is still not very mature technology and suitable (to MT) modem modules may not have price tag as low as MT's m...
by mkx
Fri Apr 26, 2024 8:20 am
Forum: General
Topic: Unreachable IPv6 ping from localhost
Replies: 7
Views: 1070

Re: Unreachable IPv6 ping from localhost

This way we see that there is a SLAAC (g) and a DHCP (d) route, which are identical. Only when the the DHCP route is set with the next-hop does the routing actually work. IMO when having two identical routes, either should work (and flags don't matter, they are metadata not routing information). It...
by mkx
Fri Apr 26, 2024 8:02 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 297
Views: 76104

Re: v7.15rc [testing] is released!

Where did wifi-qcom-ac package go? can't seems to find in extra package and why?
It's in the extras package archive, where it had always been. However, AFAIK it's only available for ARM architecture(s).
by mkx
Fri Apr 26, 2024 12:03 am
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1558

Re: wifi-qcom(-ac) and VLAN-filtering

So ax products supports bridge VLAN filtering, right?

All products support bridge VLAN filtering. What wifi-qcom-ac doesn't support is being a tagged trunk (or hybrid for that matter) port of a bridge (but wifi-qcom for ax devices does ... in certain scenarios).
by mkx
Fri Apr 26, 2024 12:01 am
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1558

Re: wifi-qcom(-ac) and VLAN-filtering

It should be consistent. It just feels unfinished.

I whole heartedly agree ... and hope that they'll bring them up to the same level eventually.
by mkx
Thu Apr 25, 2024 11:57 pm
Forum: Beginner Basics
Topic: Dynamic port forwarding
Replies: 4
Views: 362

Re: Dynamic port forwarding

Why does a server go down? Makes no sense. There are many reasons for server to go down ... one is that it emits smoke. Snd what @OP wants to do is a "poor man's high-availability". I'm affraid that out of the box, ROS doesn't have such functionality. But there's always possibility to cre...
by mkx
Thu Apr 25, 2024 11:39 pm
Forum: General
Topic: Help with inter VLAN routing (seems to work except web interface?)
Replies: 2
Views: 329

Re: Help with inter VLAN routing (seems to work except web interface?)

This NAT rule add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=\ 192.168.188.170 to-ports=80 is very greedy. It takes every connection attempt towards standard HTTP port 80 in any direction (from any of LAN subnets towards any other subnet and internet) and forwards it to the co...
by mkx
Thu Apr 25, 2024 11:24 pm
Forum: General
Topic: Unreachable IPv6 ping from localhost
Replies: 7
Views: 1070

Re: Unreachable IPv6 ping from localhost

Even when the "add-default-route" option is set to "yes", why would the DHCP client not add the correct IPv6 default route if it only requests an address and not a prefix? Because DHCPv6 protocol doesn't support passing routing information to client. And it doesn't matter if cli...
by mkx
Thu Apr 25, 2024 10:55 pm
Forum: General
Topic: RB911G-5HPacD Time Problem
Replies: 6
Views: 794

Re: RB911G-5HPacD Time Problem

I've seen system time to drift wildly on some computer when CPU frequency was not stable (e.g. due to thermal issues). But it was never at only half speed. So I think it's really up to MT support to shed some light here.
by mkx
Thu Apr 25, 2024 4:44 pm
Forum: Beginner Basics
Topic: hap AX3 - HW offloaded Bridge - traffic leak [SOLVED]
Replies: 3
Views: 1543

Re: Non-STP Bridge forrwards traffic to other ports [SOLVED]

In theory that has nothing to do with bridge mode (none, STP, RSTP, MSTP). Bridge mode is about loop detection (and blocking ports where loops are detected). What you see is likely effect of improper FDB[*] handling and/or L2 hardware offload. The basic functionality of a bridge (or switch) is that ...
by mkx
Thu Apr 25, 2024 3:56 pm
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 9
Views: 548

Re: Web Proxy - FTP Protocol

If I try to connect to this FTP I can connect with proxy I cannot. But we need to use proxy because our security department will deploy netskope and limit access to the internet and ports including FTP There may be a bit of misunderstanding here. It's well known that FTP is an awfully outdated prot...
by mkx
Wed Apr 24, 2024 2:20 pm
Forum: General
Topic: Why Mikrotik decided to get rid of their Power Lan devices
Replies: 11
Views: 866

Re: Why Mikrotik decided to get rid of their Power Lan devices

Never heard about "devolo", nor even interested in. There are tons of such devices in the market.
If that's true for one random vendor (devolo), why isn't it also true for another random vendor (mikrotik)?
by mkx
Wed Apr 24, 2024 2:10 pm
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 9
Views: 548

Re: Web Proxy - FTP Protocol

OK, you did UDP traceroute, which is not really representative for your case (any firewall may let TCP 21 = FTP through, but not UDP 21 which doesn't map to anything). But even if it is representative, it's some host on active24 network edge which seems to drop connection, the last node which replie...
by mkx
Wed Apr 24, 2024 8:57 am
Forum: Beginner Basics
Topic: a basic (I think...) VLAN problem.
Replies: 11
Views: 739

Re: a basic (I think...) VLAN problem.

Traffic does not (and should) not leak from one VLAN to another. If traffic from one VLAN is intended to pass to another VLAN, then normally it should be routed. Config of switch you're showing doesn't include routing features. IEEE1588 (PTP) is normally multicast from GM. And it's normally not rout...
by mkx
Tue Apr 23, 2024 10:03 pm
Forum: General
Topic: Performances issue with PPPoe Client
Replies: 1
Views: 246

Re: Performances issue with PPPoe Client

Yes, it's known that using PPPoE seems to drop throughput more than one would expect (probably not as much as you're observing though). And yes, it is known that running bandwidth test on the device itself does stress CPU to the point it becomes the bottleneck (and taking precious CPU cycles away fr...
by mkx
Tue Apr 23, 2024 9:59 pm
Forum: General
Topic: RB911G-5HPacD Time Problem
Replies: 6
Views: 794

Re: RB911G-5HPacD Time Problem

ROS v6 without optional ntp package runs a SNTP client ... which obtains time every now and then using NTP protocol and adjusts clock (often this means stepping time). You may want to install ntp package which comes with NTP service (you don't have to allow clients to connect), but also tries to adj...
by mkx
Tue Apr 23, 2024 9:51 pm
Forum: General
Topic: RB 2011 UiAS vs RB 3011 UiAs
Replies: 5
Views: 391

Re: RB 2011 UiAS vs RB 3011 UiAs

on /export show-sensitive file=export
expected end of command (line 1 column 9)
export command in ROS v6 doesn't have property show-sensitive ... it's default behaviour. So simply re-run command without this property set.
by mkx
Tue Apr 23, 2024 4:04 pm
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 9
Views: 548

Re: Web Proxy - FTP Protocol

Personally I'm mostly advising against using ROS device for any high-level service (such as DNS server, web proxy server, file server, ...) if possible. They are, due to space constraints and MT in-house development, mostly quite limited functionality-wise, so using some general-purpose server machi...
by mkx
Tue Apr 23, 2024 3:55 pm
Forum: General
Topic: Cant load a older rsc script after updating to 7.14.3. [SOLVED]
Replies: 4
Views: 1409

Re: Cant load a rsc script after updating to 7.14.3. [SOLVED]

Export scripts are not immutable between ROS versions. So there isn't necessarily anything wrong, it could be that there are some changes between both ROS versions which affect the way comands are executed. To see what exactly is wrong, you'll have to debug things. One way would be to post actual er...
by mkx
Tue Apr 23, 2024 12:06 pm
Forum: Wireless Networking
Topic: Wireless communication between 2 Mikrotik Routers
Replies: 7
Views: 488

Re: Wireless communication between 2 Mikrotik Routers

To me the crucial question is: are those devices supposed to connect with each other freely (as if they were connected to same ethernet hub) regardless the side of wireless link they are?
by mkx
Tue Apr 23, 2024 12:02 pm
Forum: Beginner Basics
Topic: invalid mtu 1492 on pppoe-out1
Replies: 5
Views: 473

Re: invalid mtu 1492 on pppoe-out1

PPPoE server may (erroneously) advertise incorrect MTU (in your case it seems as a viable number, sometimes the value is crazily high). At some version, ROS started to log such advetisements, but it otherwise ignores it. In your particular case you may want to try setting 1492 as MTU on your pppoe-o...
by mkx
Tue Apr 23, 2024 11:58 am
Forum: Beginner Basics
Topic: Web Proxy - FTP Protocol
Replies: 9
Views: 548

Re: Web Proxy - FTP Protocol

Web proxy is dealing with HTTP protocol ... specifically when clients are configured to use web proxy they use some extensions of HTTP protocol (so transparent proxying may not work even with unencrypted connections let alone with encrypted ones). FTP is completely different protocol ... and AFAIK R...
by mkx
Tue Apr 23, 2024 9:24 am
Forum: General
Topic: RB 2011 UiAS vs RB 3011 UiAs
Replies: 5
Views: 391

Re: RB 2011 UiAS vs RB 3011 UiAs

And I'll go even further: since the old router is running ancient version of ROS, its config is very likely either customized (to the point of being butchered) or based on ancient defaults. Specially if it's the later case I'd recommend to start from default config on new router (reset to factory de...
by mkx
Tue Apr 23, 2024 9:18 am
Forum: General
Topic: Unreachable IPv6 ping from localhost
Replies: 7
Views: 1070

Re: Unreachable IPv6 ping from localhost

You're doing IPv6 addressing wrong. Your router doesn't really need GUA (global) address on WAN port. However you do need a prefix to make enabling IPv6 on your LAN subnets possible. So instead of your DHCPv6 client config you should use something like this: /ipv6/dhcp-client add interface=ether1_WA...
by mkx
Tue Apr 23, 2024 9:08 am
Forum: General
Topic: Suggestion concerning recently exposed loopback interface. [SOLVED]
Replies: 3
Views: 1453

Re: Suggestion concerning recently exposed loopback interface. [SOLVED]

The loopback interface was always there (vital for some operations so removing it would very probably cause some problems), but was hidden up to recent ROS versions. So seeing it is a feature. I'm afraid you'll have to learn to turn the blind eye to it if you don't see any use for it.
by mkx
Tue Apr 23, 2024 9:00 am
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 662
Views: 191913

Re: v7.14.3 [stable] is released!

E.g. on other manufacturer's equipment, one chain can remain operational while the other scans or surveys the band, monitors neighboring APs, etc. Out of curiosity: what's the price tag of that piece of equipment? And, unless it's got N+1 receivers (where N is MIMO rank), performance of live connec...
by mkx
Mon Apr 22, 2024 11:13 pm
Forum: General
Topic: PPPoE terminating and interfaces shutting down
Replies: 4
Views: 386

Re: PPPoE terminating and interfaces shutting down

recently i started having issues with my mikrotik router. It terminate pppoe, all interfaces shut down for 1 or 2 seconds and they come up again. I'd say that first 4 posted log lines belong to previous event sequence. Events sequence logically begins with flapping all ether ports. Which in turn dr...
by mkx
Mon Apr 22, 2024 11:03 pm
Forum: General
Topic: No DHCP on Bridge VLAN interface.
Replies: 21
Views: 1234

Re: No DHCP on Bridge VLAN interface.

Two things strike me: you only mention adding ether1 to bridge br0 as port in step #2. You don't mention enabling vlan-filtering on br0? Without it, pvid setting doesn't get enforced. The VLAN table definition is borked. Most important: you have to add bridge port as tagged VLAN member for all VLANs...
by mkx
Mon Apr 22, 2024 10:38 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 662
Views: 191913

Re: v7.14.3 [stable] is released!

This would only be possible if device would have two receivers ... But todays devices all have two, three or four receivers! You know all too well what I meant. And you also know well that chains of a radio (i.e. MIMO legs) are not independent and are not meant to be tuned individually (even if the...
by mkx
Mon Apr 22, 2024 7:38 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 662
Views: 191913

Re: v7.14.3 [stable] is released!

It would be nice when the AP would make (more) effort to monitor several channels at the same time while looking for a candidate channel... This would only be possible if device would have two receivers ... or DSP software which would allow receiving whole band at the same time. Radars tend to show...
by mkx
Mon Apr 22, 2024 7:27 pm
Forum: Beginner Basics
Topic: Routing/firewalling exceptions
Replies: 4
Views: 292

Re: Routing/firewalling exceptions

Sometimes it's easier not to mess with raw (and notrack) because raw rules are very rigid compared to filter rules (and, AFAIK, connection tracking is crucial for NAT). Instead it's possible to add another accept rule which matches traffic which should not be fasttracked and place it above the fastt...
by mkx
Mon Apr 22, 2024 7:12 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 662
Views: 191913

Re: v7.14.3 [stable] is released!

It seems to be related to DFS (hence only 5 GHz) and the specific position that they are located in, but definitely not hardware and/or config. If DFS is playing games, then it's mostly configuration (if device admin sees radar detections, then he should set other channels to operate on) and only p...
by mkx
Sun Apr 21, 2024 11:44 pm
Forum: Beginner Basics
Topic: CHATEAU LTE12 MIMO1 and MIMO2
Replies: 40
Views: 21478

Re: CHATEAU LTE12 MIMO1 and MIMO2

Antenna feeder cables should always be as short as possible. It depends on cable quality and frequency used, but it easily exceeds 5dB per 10m. As for the antenna, the almost only important thing is antenna gain (the higher the better), which again depends on frequency used. LTE can use anything bet...
by mkx
Sun Apr 21, 2024 1:38 pm
Forum: General
Topic: fasttrack x86
Replies: 4
Views: 423

Re: fasttrack x86

Fasttrack HW-Offloads established connections to the switch-chip, Wrong. It's one of possibilities, but (currently) it's a niche use. Fasttrack was available way before first devices with L3HW offload came to life. The old fasttrack manual page describes its behaviour nicely. The new help system do...
by mkx
Sun Apr 21, 2024 1:23 pm
Forum: Wireless Networking
Topic: cAP ax as Wi-Fi externder / Ethernet bridge?
Replies: 2
Views: 434

Re: cAP ax as Wi-Fi externder / Ethernet bridge?

CAPsMAN can only provision wifi interfaces after CAP connects to CAPsMAN. From your description I understand that there won't be any wired connection between hAP ax3 and cAP ax, so you'll have to use one of radios on cAP ax for uplink. If you can, I suggest you to dedicate one of radios on cAP ax to...
by mkx
Sun Apr 21, 2024 12:50 pm
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1558

Re: wifi-qcom(-ac) and VLAN-filtering

The recommendation is about setting VLANs in wifi-qcom driver (and wifi-qcom-ac lacks it). This compares to using switch chip part of config for wired ports. The way you worded the recommendation is no the way I understand it, so I can't comment directly on the wording you chose. Alas, the general i...
by mkx
Sun Apr 21, 2024 12:37 pm
Forum: General
Topic: Space ran out on Hap ac2 - is it safe to run it like that long term?
Replies: 3
Views: 445

Re: Space ran out on Hap ac2 - is it safe to run it like that long term?

... wondered if it's safe to run it as is with 0 space available? No, it's not safe, so you should act on it as soon as possible. Very likely it won't just crash (but it might), however it is very likely that it'll experience some problems if it happens to reboot for some reason (e.g. power outage ...
by mkx
Sun Apr 21, 2024 12:29 pm
Forum: General
Topic: fasttrack x86
Replies: 4
Views: 423

Re: fasttrack x86

Mikrotik Know this ?????
I bet they know this. But this is an user-to-user forum, so you have to ask MT directly, e.g. by sending them e-mail to support@mikrotik.com .
by mkx
Sun Apr 21, 2024 12:22 pm
Forum: Beginner Basics
Topic: Which PoE out switch for AX2/AX3 hap's?
Replies: 2
Views: 294

Re: Which PoE out switch for AX2/AX3 hap's?

As both devices only accept 18V-28V, you clearly need PoE switch which does "passive" PoE and is powered with 24V (or there about) power adapter. Next you have to carefully read power specifications of both devices and consider how you're going to use them. If you'll use them as simple APs...
by mkx
Sun Apr 21, 2024 12:14 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 662
Views: 191913

Re: v7.14.3 [stable] is released!

it hAP ac2 in screenshot? doubts

No, screenshots are from Audience (the other half of setup). @OP never claimed they were from hAP ac2.
by mkx
Sat Apr 20, 2024 11:37 pm
Forum: RouterBOARD hardware
Topic: hEX PoE (RB960PGS)
Replies: 10
Views: 636

Re: hEX PoE (RB960PGS)

Just out of curiosity, would an 802.3af device work plugged in the hEX S passive poe out port? Probably yes. The power negotiation phase (which is the basic difference between passive PoE and 802.3 PoE) in 802.3 af/at is there for PSE (PoE out device) to make sure that power can safely be enabled o...
by mkx
Sat Apr 20, 2024 11:27 pm
Forum: Wireless Networking
Topic: Silly constant wireless roaming breaks internet connection
Replies: 7
Views: 619

Re: Silly constant wireless roaming breaks internet connection

There should be a slight delay for subsequent handovers (to make one and then wait what happens), and/or the signal difference required to initiate one must be much higher. We should be able to specify both parameters. Three handovers within few seconds is way too much and almost never an appropria...
by mkx
Sat Apr 20, 2024 12:51 pm
Forum: Beginner Basics
Topic: Diff configurations or configuration history?
Replies: 3
Views: 451

Re: Diff configurations or configuration history?

The only history (and not really complete) is in logs ... until they persist. What many people do is they periodically create textual export and store them somwhere off device and use appropriate tool to compare different export files. One can use git to store files and use built-in tools to see dif...
by mkx
Sat Apr 20, 2024 12:30 pm
Forum: Wireless Networking
Topic: Silly constant wireless roaming breaks internet connection
Replies: 7
Views: 619

Re: Silly constant wireless roaming breaks internet connection

Roaming is always a RPITA, even on public mobile networks (e.g. LTE) where roaming/handover mechanizms are waaay better that what we have in WiFi. And the only solution is to design wireless signal coverage so that AP signal overlap (areas with similar signal strengths where stations want to roam to...
by mkx
Sat Apr 20, 2024 12:17 pm
Forum: General
Topic: [Feasibility] 6-16 devices with the same IP + computer that wants to access them
Replies: 3
Views: 383

Re: [Feasibility] 6-16 devices with the same IP + computer that wants to access them

You need one L3 interface per device with same IP address. It can either be a router with multiple routed ports or a VLAN-enabled switch with each pirt set as access port to different VLAN and backed with router using many VLANs. There were a few discussions about the same issue before (solutions we...
by mkx
Fri Apr 19, 2024 8:21 pm
Forum: RouterBOARD hardware
Topic: RB5009 - eth 1 (2.5G) keep appears on log with link down - link up several times
Replies: 3
Views: 418

Re: RB5009 - eth 1 (2.5G) keep appears on log with link down - link up several times

Would you recommend any brand?

I only have experience with one particular model (some not-so-recent model by Fluke), so my recommendations aren't very relevant.
by mkx
Fri Apr 19, 2024 2:47 pm
Forum: RouterBOARD hardware
Topic: RB5009 - eth 1 (2.5G) keep appears on log with link down - link up several times
Replies: 3
Views: 418

Re: RB5009 - eth 1 (2.5G) keep appears on log with link down - link up several times

It could be either of devices. But it could be the cable between the two devices. Ideally you'd check the cable using a professional UTP cable tester to verify that the cable is made according to specs (also frequency response and crosstalk, these tend to become a problem with high-speed links). Eve...
by mkx
Fri Apr 19, 2024 2:36 pm
Forum: Beginner Basics
Topic: AP Repeater setup
Replies: 2
Views: 568

Re: AP Repeater setup

I managed to have one ap (A) and the second mikrotik (B) configured as wds slave, but then, when A is off, B doesn't provide an access point. MT doesn't have anything like "fallback" for repeater AP. What often repeater AP does is that it uses radio (master wifi interface) to connect to s...
by mkx
Fri Apr 19, 2024 2:05 pm
Forum: Wireless Networking
Topic: Problems with connecting Samsung Orsay Smart TV to my WIFI network [SOLVED]
Replies: 5
Views: 1708

Re: Problems with connecting Samsung Tizen Smart TV to my WIFI network [SOLVED]

Also many (older) IoT devices don't like seeing anything modern being broadcast in their SSID ... such as WPA3 or FT or similar.
by mkx
Fri Apr 19, 2024 12:29 pm
Forum: Wireless Networking
Topic: hAP ac - Slower wifi after RouterOS update
Replies: 11
Views: 666

Re: hAP ac - Slower wifi after RouterOS update

Out of curiosity, though. An antenna gain of 0 is, in my understanding, the maximum gain possiblr. Wouldn't increasing it to another number just make my connection even worse? In theory, antenna gain can be anything between negative infinity and large positive number. In reality most antennas have ...
by mkx
Thu Apr 18, 2024 8:17 pm
Forum: General
Topic: Interface activity doesn't count VLAN traffic
Replies: 4
Views: 372

Re: Interface activity doesn't count VLAN traffic

I am talking about the front LEDs yeah ?
Ah, right.

It could be that leds functionality refers to L3 interface (when configured so). And that excludes tagged traffic. You may want to open a ticket with support@mikrotik.com and have them clarify (and update/ammend help page as well).
by mkx
Thu Apr 18, 2024 7:35 pm
Forum: Beginner Basics
Topic: Upgrade not booting
Replies: 7
Views: 413

Re: Upgrade not booting

When you upliaded all packages, ROS tried to install all. And probably ran out of flash space.

You can do the upgrade, but this time only upload routeros package (base package) and wireless package (from accompanying extras packages). Nothing more.
by mkx
Thu Apr 18, 2024 2:15 pm
Forum: General
Topic: Interface activity doesn't count VLAN traffic
Replies: 4
Views: 372

Re: Interface activity doesn't count VLAN traffic

Actually it does show ... it shows all traffic, passing a physical port (tagged or untagged). If you are not seeing the same way, then explain actual topology and setup so we can see if there's misunderstanding or a possible bug. And what exactly you're observing, it could be I'm referring to someth...
by mkx
Wed Apr 17, 2024 7:49 pm
Forum: Beginner Basics
Topic: Upgrade not booting
Replies: 7
Views: 413

Re: Upgrade not booting

There was a breaking change between 7.12 and 7.13 regarding wireless package: it used to be part of base package before but now it's a separate package. If you use ROS built-in upgrade procedure (/system/packages/upgrade...), it's required to go via 7.12 ... if you upgrade by manually uploading npk ...
by mkx
Wed Apr 17, 2024 4:50 pm
Forum: Beginner Basics
Topic: Loading ONIE images on Mikrotik Switches
Replies: 6
Views: 612

Re: Loading ONIE images on Mikrotik Switches

Another aspect: MT is primarily software company (developing and marketing RouterOS). The rest (hardware, even SwitchOS) is "supporting activities". And they definitely are not heavily into hardware production (AFAIK they design their devices, but manufacturing is outsourced; I may be wron...
by mkx
Wed Apr 17, 2024 4:43 pm
Forum: Beginner Basics
Topic: Firewall rules not applying to bridge
Replies: 3
Views: 413

Re: Firewall rules not applying to bridge

However when trying to make a firewall rule to disallow traffic between the two hosts, it doesn't seem to apply and can still ping to device connected to port 11. Firewall rules act on L3 (IP) ... and that happens when router does routing between two devices. Routing is when both devices are aware ...
by mkx
Tue Apr 16, 2024 8:09 pm
Forum: Wireless Networking
Topic: RB4011iGS+5HacQ2HnD setup with cAP AX [SOLVED]
Replies: 2
Views: 1479

Re: RB4011iGS+5HacQ2HnD setup with cAP AX [SOLVED]

I'd like to setup capsman, but I've seen that there are 2 versions. When I look into new one I don't see any interfaces which is suspicious to me. Is that ok? Would it be possible to run RB4011 as capsman server even for cAP AX? If capsman isn't the right way to go, what would be the easiest way to...
by mkx
Tue Apr 16, 2024 7:42 pm
Forum: General
Topic: Downgrade remote station over PtP link
Replies: 4
Views: 403

Re: Downgrade remote station over PtP link

I'm affraid you may have to drive. Unless the following succeeeds. You can try (in lab first!) to do both uninstall and downgrade in single step: upload the routeros package (desired version, e.g. 6.49.14) mark wireless package for uninstallation request downgrade reboot ... and keep fingers crossed
by mkx
Tue Apr 16, 2024 7:30 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2034

Re: /tool wol - target IP address?

According to wikipedia article , the WoL magic frame is basically broadcast on ethernet layer, but as payload it does contain MAC address of device which is supposed to wake-up. Then there are extensions which make WoL packets routable (using destination IP address), but need support from "vict...
by mkx
Tue Apr 16, 2024 5:54 pm
Forum: General
Topic: Double destination NAT [SOLVED]
Replies: 2
Views: 1431

Re: Double destination NAT [SOLVED]

It's doable, but slightly more complicate, it includes packet marking and using multiple routing tables (which helps ROS to select correct egress interface for each packet). Start by reading this topic.
by mkx
Tue Apr 16, 2024 5:47 pm
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2034

Re: /tool wol - target IP address?

Theoretically WOL could be on a BMC with an IP address ... In this case BMC is fully up & running, accepting HTTP / API / whatever conbections and one can use appropriate command to power on the whole system. WOL stands for Wake On LAN, meaning that host's NIC is half alive and ready to receive...
by mkx
Tue Apr 16, 2024 12:08 am
Forum: General
Topic: Network topology for bootstraping. [SOLVED]
Replies: 11
Views: 1768

Re: Network topology for bootstraping. [SOLVED]

If you're thinking of a combo "interface is bridge port, but is anchor for a vlan interface" ... then no, it shouldn't be done like that (it falls into category "it shouldn't be used as interface"). The problem in your setup procedure is that you're effectively changing L2 topolo...
by mkx
Mon Apr 15, 2024 11:53 pm
Forum: SwOS
Topic: Create a Native VLAN?
Replies: 1
Views: 341

Re: Create a Native VLAN?

"Trunk with native VLAN" in Cisco is "hybrid" in Mikrotik. So configure port to: "vlan receive - any" and set "default vlan id" to "native VLAN ID" of your choice (e.g. 4000). You have to mark such port as member of VLAN with "native VLAN ID&quo...
by mkx
Mon Apr 15, 2024 11:42 pm
Forum: Wireless Networking
Topic: WiFi AC AR9888
Replies: 1
Views: 327

Re: WiFi AC AR9888

It seems that the only Mikrotik's own wifi card supporting 802.11 ac is R11e-5HacD. And that one is built around QCA9882. If you find a card built around same chipset, chances are that it'll work. Or go for this card if miniPCIe format suits you.
by mkx
Mon Apr 15, 2024 11:26 pm
Forum: General
Topic: Network topology for bootstraping. [SOLVED]
Replies: 11
Views: 1768

Re: Network topology for bootstraping. [SOLVED]

I did another test incorporating the changes in my last post and I've now positively identified the point at which I lose connection to be enabling ether1 as a port on br0. It shouldn't come as a surprise. After an interface is "enslaved" as port of a bridge, it shouldn't be used as inter...
by mkx
Mon Apr 15, 2024 3:22 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 662
Views: 191913

Re: v7.14.2 [stable] is released!

wifi-qcom-ac doesn't support "native" VLAN tagging. So how do you make wifi interface a bridge port?
by mkx
Mon Apr 15, 2024 3:20 pm
Forum: General
Topic: ROS Downgrade issue
Replies: 4
Views: 401

Re: ROS Downgrade issue

Two things to check: list of currently installed packages. In order for downgrade/upgrade to succeed, files with all currently installed packages have to be uploaded to device. After performing next downgrade attempt and after you see it failed, check logs. It will always contain something about upg...
by mkx
Mon Apr 15, 2024 12:30 pm
Forum: General
Topic: Mikrotik RB1100 IP Conflict
Replies: 1
Views: 271

Re: Mikrotik RB1100 IP Conflict

Proxy-ARP might explain that ...
by mkx
Mon Apr 15, 2024 11:31 am
Forum: General
Topic: Network topology for bootstraping. [SOLVED]
Replies: 11
Views: 1768

Re: Network topology for bootstraping. [SOLVED]

I'll comment on "just before loosing contact" config on hAP: you should never add vlan interface back to anchor. Like this: /interface vlan add comment=team451 interface=br0 name=team451 vlan-id=500 /interface bridge port add bridge=br0 comment=team451 interface=team451 internal-path-cost=...
by mkx
Mon Apr 15, 2024 9:00 am
Forum: General
Topic: Network topology for bootstraping. [SOLVED]
Replies: 11
Views: 1768

Re: Network topology for bootstraping. [SOLVED]

Can you post the "bootstrapped" config of hEX? The one before trying to add ether1 to bridge (which breaks your connectivity)?
by mkx
Mon Apr 15, 2024 8:54 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2157

Re: Low performance on RB5009 with machine behind NAT

Yes, and as I pointed out, that's a multi-port aggregate test, not a single-stream single-port test. mkx's point builds atop that. What you're saying makes no sense. It's not like each interface is dedicated to it's own single CPU core, so using more ports won't make the CPU process the packets any...
by mkx
Sun Apr 14, 2024 4:25 pm
Forum: Beginner Basics
Topic: router to mail.hamilton.com
Replies: 9
Views: 556

Re: router to mail.hamilton.com

I just configure ntp client server as pool.ntp.org, so, nothing to do with hamilton.com pool.ntp.org points at a few IP addresses, where public NTP servers reside. Addresses, to which pool.ntp.org resolves, can vary with subsequent DNS queries. And, again: the NTP servers arr volunteered by differe...
by mkx
Sun Apr 14, 2024 3:57 pm
Forum: General
Topic: Marvell 98DX3236 Slow Bandwidth
Replies: 2
Views: 378

Re: Marvell 98DX3236 Slow Bandwidth

Your screenshots show that you're using built-in bandwidth test. It is a well known fact (you're excused since you're new to ROS) that bandwidth test is heavy on CPU and on many device models it itself is a bottleneck. It is recommended to run tests using two external devices, known to be able to cr...
by mkx
Sun Apr 14, 2024 3:48 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2157

Re: Low performance on RB5009 with machine behind NAT

Is it possible to disable connection tracking for the scanner, while still swapping the LAN IP with WAN IP?

Nope, NAT relies on connection tracking. So no connection tracking, no NAT. At least in ROS.
by mkx
Sun Apr 14, 2024 10:47 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2157

Re: Low performance on RB5009 with machine behind NAT

Take a look at the RB5009 test results . Your application is the lower rightmost number in the first table, ... Not even that. Tests are using normal long-living connections, so even tests which use tiny packets, can benefit of fast-tracking. OP is doing port scanning, which means that every third ...
by mkx
Sat Apr 13, 2024 11:20 pm
Forum: General
Topic: MSS-clamp equivalent for udp?
Replies: 3
Views: 430

Re: MSS-clamp equivalent for udp?

Just manually override MTU setting of EOIP interface. EOIP does fragment/defragment frames, which are otherwise too large to fit the outer MTU, if needed.
by mkx
Sat Apr 13, 2024 5:11 pm
Forum: Beginner Basics
Topic: netinstall for ax2
Replies: 7
Views: 489

Re: netinstall for ax2

Concentrate on working with ether1, other ports aren't used for netinstall process. Then follow this sequence (it worked most of times on all of my devices): connect cable between ether1 and PC setup PC appropriately (e.g. disable firewall, excess network interfaces, ...) start netinstall executable...
by mkx
Sat Apr 13, 2024 5:02 pm
Forum: RouterBOARD hardware
Topic: hAP ac2 essentially dead after a RouterOS update and multiple resets
Replies: 3
Views: 907

Re: hAP ac2 essentially dead after a RouterOS update and multiple resets

If nothing else helps you'll have to netinstall the device. Note that the process is very fragile and sometimes takes lots of experimenting with different details before it succeeds.
by mkx
Sat Apr 13, 2024 4:57 pm
Forum: RouterBOARD hardware
Topic: Mikrotik DAC between SFP and SFP+ ports
Replies: 2
Views: 593

Re: Mikrotik DAC between SFP and SFP+ ports

I think that passive DACs require both connected devices to be of same SFP generation/variety ... as these DACs more or less simply connect appropriate SFP signal lines together. Many devices have SFP ports that are actually single rate (e.g. SFP+ only supports 10Gbps ... it's the module which can n...
by mkx
Sat Apr 13, 2024 4:25 pm
Forum: Beginner Basics
Topic: Using RB5009 in bridge mode [SOLVED]
Replies: 14
Views: 2598

Re: Using RB5009 in bridge mode [SOLVED]

PPPoE can't really be in bridge mode because bridge is L2 and PPPoE is L3. IP address is "integral part" of L3 interface, it can't be "forwarded" elsewhere. What usually "put in bridge mode" means is that that device is L2-transparrent ... passing either DHCP handshake ...
by mkx
Sat Apr 13, 2024 4:23 pm
Forum: Beginner Basics
Topic: forwarding incoming UPD traffic addressed to the router itself
Replies: 26
Views: 1115

Re: forwarding incoming UPD traffic addressed to the router itself

NATed traffic also gets fasttracked if appropriate rules are set. And in this case indeed rules, which handle traffic initially, don't get hit any more and thus counters don't increment.
by mkx
Sat Apr 13, 2024 10:15 am
Forum: General
Topic: VLAN filtering blocks DHCP Client on trunk port [SOLVED]
Replies: 8
Views: 1832

Re: VLAN configuration with active changes [SOLVED]

Clearly 'hiding' the true mac address............ Perhaps you prefer "FU:FU:FU:FU:FU:FU" "=) Yup, I figured as much. But every time I see somebody playing this game (not knowing that MAC addresses are almost the least sensitive information a config can contain), I always wonder what ...
by mkx
Sat Apr 13, 2024 10:12 am
Forum: General
Topic: VLAN filtering blocks DHCP Client on trunk port [SOLVED]
Replies: 8
Views: 1832

Re: VLAN filtering blocks DHCP Client on trunk port [SOLVED]

I'll pay close attention to this versus the link you sent me. In particular pay attention to these details: bridge CPU-facing port VLAN membership has to be configured explicitly as well frame-types, tagged/untagged and PVID properties have to be consistent distinction between different properties ...
by mkx
Fri Apr 12, 2024 7:12 pm
Forum: General
Topic: VLAN filtering blocks DHCP Client on trunk port [SOLVED]
Replies: 8
Views: 1832

Re: VLAN configuration with active changes [SOLVED]

You have a number of errors in VLAN-related config. I suggest you to go through the definitive guide to ROS VLANing.

BTW, I don't think FF:FF:FF:FF:FF:FF is a valid MAC address for bridge.
by mkx
Fri Apr 12, 2024 7:07 pm
Forum: General
Topic: wifi-qcom-ac Package for 802.11r Fast Transition [SOLVED]
Replies: 2
Views: 692

Re: wifi-qcom-ac Package for 802.11r Fast Transition [SOLVED]

For FT to work, CAP devices have to run wifi-qcom (or wifi-qcom-ac) driver. Which means ROS 7.13+ and ARM architecture. As to CAPsMAN device: it has to run ROS 7.13+ as well. But it doesn't have to run wifi-qcom (or wifi-qcom-ac) as these are "only" wireless chipset drivers. Core functiona...
by mkx
Fri Apr 12, 2024 12:23 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 9
Views: 673

Re: Problem mac telnet into hEX

All devices I mentioned, run 7.13.2. None are hEX. Here's export from one of them: /interface bridge add admin-mac=E6:8D:8C:49:EE:4A auto-mac=no name=bridge port-cost-mode=short /interface bridge port add bridge=bridge interface=ether1 internal-path-cost=10 path-cost=10 add bridge=bridge interface=e...
by mkx
Fri Apr 12, 2024 8:44 am
Forum: Wireless Networking
Topic: CAPsMANv2 configuration for secondary SSIDs on different VLANs
Replies: 40
Views: 10344

Re: CAPsMANv2 configuration for secondary SSIDs on different VLANs

- cAP ax: reset config and set it in CAPs mode (this is enough) - CAPsMAN: config datapaths with corresponding VLAN id's Use a hybrid port with management VLAN untagged, Corporate and Guest tagged. Just to clarify: the last line (regarding hybrid port) refers to port to which cAP ax devices are con...
by mkx
Fri Apr 12, 2024 8:32 am
Forum: Virtualization
Topic: P1 license on CHR instance after deadline date
Replies: 3
Views: 533

Re: P1 license on CHR instance after deadline date

I guess you should ask support@mikrotik.com to clarify what happens after 60 days of internet unavailability to licensed CHR. And report back their answer as it'll be probably interesting for a few other people.
by mkx
Thu Apr 11, 2024 9:27 pm
Forum: Beginner Basics
Topic: DHCP client dynamic entries.
Replies: 2
Views: 358

Re: DHCP client dynamic entries.

I guess you have "detect internet" feature enabled ... and adding a DHCP client to interface, which is determined to be a WAN interface, is one of "magic" things which happen. If you have incentive (and knowledge) to fine-tune router's config, then I suggest you to disable "...
by mkx
Thu Apr 11, 2024 3:34 pm
Forum: General
Topic: Issues with inter vlan routing
Replies: 2
Views: 398

Re: Issues with inter vlan routing

Having "connection-state" property set to empty string "" is not the same as not having it set at all. So unset connection-state property on your inter-VLAN firewall rules.
by mkx
Thu Apr 11, 2024 3:29 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 9
Views: 673

Re: Problem mac telnet into hEX

Well, by default there is only one bridge. Called, bridge. so I don't know what you mean by "manually set MAC addresses on all bridges" ... I have a few Mikrotik devices on the LAN, each have one bridge and I manually set MAC addresses on each and every bridge. Hence use of plural "b...
by mkx
Thu Apr 11, 2024 3:25 pm
Forum: General
Topic: does the mynetname expires after a while?
Replies: 5
Views: 871

Re: does the mynetname expires after a while?

If you replace old router with a new one and the public IP address is the same, then you'll end up with two A records: <old_SN>.sn.mynetname.net and <new_SN>.sn.mynetname.net ... both pointing at same address. I don't see how this is a problem, if you know <new SN>, then old record won't make any ha...
by mkx
Thu Apr 11, 2024 3:14 pm
Forum: General
Topic: 1-to-1 Nat when outside/public interface is a layer 2 connection [SOLVED]
Replies: 3
Views: 646

Re: 1-to-1 Nat when outside/public interface is a layer 2 connection [SOLVED]

With lots of fiddling it is possible to replace the two 1783-NATR devices with a single "multi purpose" router. But it's not easy as both "private" LANs use same IP address space and this is actually problem from routing point of view. So it is actually much easier to use one NAT...
by mkx
Thu Apr 11, 2024 3:11 pm
Forum: General
Topic: Mikrotik CRS326 RM - WebUI & Winbox disconections
Replies: 5
Views: 680

Re: Mikrotik CRS326 RM - WebUI & Winbox disconections

Are there any of devices you listed in your previous post which are interconnected with more than single UTP cable? In particular I'm thinking of connection between AX88U and CRS326 ... To be on the "fast" side: please ammend the description with exhastive list of connection between the de...
by mkx
Thu Apr 11, 2024 3:02 pm
Forum: Beginner Basics
Topic: Can't ping with firewall (nat)
Replies: 9
Views: 601

Re: Can't ping with firewall (nat)

why is this working and : chain=srcnat action=src-nat to-addresses=10.10.5.50 src-address=10.10.1.0/24 out-interface=ether5 did not work? Because you used wrong address setting for to-address property. The "to-address" property of src-nat rule sets the IP address which will replace the or...
by mkx
Thu Apr 11, 2024 2:55 pm
Forum: Beginner Basics
Topic: port forwarding problem [SOLVED]
Replies: 21
Views: 2923

Re: port forwarding problem [SOLVED]

Are you sure that cameras provide their service on ports 8001 and 8002? I'd guess they are actually using standard port 80 ... in which case NAT rules should have "to-ports=80" set.
by mkx
Thu Apr 11, 2024 2:50 pm
Forum: Beginner Basics
Topic: Slow connections across vlans with hex [SOLVED]
Replies: 12
Views: 2333

Re: Slow connections across vlans with hex [SOLVED]

This is wrong: /interface vlan add interface=ether3 name=CAM88 vlan-id=88 add interface=ether3 name=IoT687 vlan-id=687 add interface=ether3 name=VLAN82 vlan-id=82 add interface=ether3 name=VLAN3000 vlan-id=3000 add interface=ether3 name=WIFI20 vlan-id=20 add interface=ether3 name=WORK999 vlan-id=999...
by mkx
Wed Apr 10, 2024 9:36 pm
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 145
Views: 20729

Re: hAP ax3 wireless problem [SOLVED]

usually the antennas should be vertical, no matter how you install the device Nope. MIMO works best if reception from both Tx antennas is as uncorrelated as possible. Antennas are polarized and with 2x2 MIMO, different polarization makes best possible diversity ... and that's when both antennas are...
by mkx
Wed Apr 10, 2024 3:33 pm
Forum: SwOS
Topic: How to VLAN? [SOLVED]
Replies: 7
Views: 3398

Re: How to VLAN? [SOLVED]

You should set Egress setting on access ports (on SwOS device ports 2-5) to "Always Strip".
by mkx
Wed Apr 10, 2024 3:25 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 9
Views: 673

Re: Problem mac telnet into hEX

Mikrotik (and members of the board) advise is that of assigning manually a mac address to the bridge, but it has to be seen if - even if doing that - it would be listed on another device with /tool/mac-telnet ... Just checked ... I have manually set MAC addresses on all bridges ... and /tool/mac-te...
by mkx
Wed Apr 10, 2024 2:46 pm
Forum: General
Topic: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?
Replies: 4
Views: 381

Re: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?

Not only in ROS, also elsewhere. VLANs work between devices, if one uses them but the rest don't then they are either no good or interfere with traffic. Here kicks in the suggestion by @loloski: show us the physical/logical network topology (which includes ISP gear) so we can suggest you all the nec...
by mkx
Wed Apr 10, 2024 2:43 pm
Forum: Beginner Basics
Topic: Firewall rule to share device among subnets [SOLVED]
Replies: 8
Views: 1701

Re: Firewall rule to share device among subnets [SOLVED]

In Firewall / Address list I create 2 new records with the same name and each should have the subnet? Is this the way?
Yes, enter address with subnet mask, e.g. "192.168.4.0/23"
by mkx
Wed Apr 10, 2024 2:33 pm
Forum: General
Topic: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?
Replies: 4
Views: 381

Re: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?

PPPoE works directly over ethernet ... so VRRP and routing etc. doesn't affect it. So yes, ISP's and your own PPPoE servers can interfere with each other. You should separate WAN and LAN on L2 (it seems you don't have it right now, only on L3), VLANs seem a natural solution to your problem (in this ...
by mkx
Wed Apr 10, 2024 2:29 pm
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 9
Views: 829

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

So far I didn't stumble upon setup where DHCPv6 server was dynamic, so I'm a bit lost here. In your case, how does DHCPv6 server pppoe-sn_dsnw2845b110 get created? Since pools are all static, you should be able to create static DHCPv6 serve as well ... and in that case, you should be able to make le...
by mkx
Wed Apr 10, 2024 2:22 pm
Forum: Beginner Basics
Topic: Firewall rule to share device among subnets [SOLVED]
Replies: 8
Views: 1701

Re: Firewall rule to share device among subnets [SOLVED]

I have created a Firewall rule which works, but it gives access also from these subnets 192.168.0.x, 192.168.1.x , 192.168.2.x as well Is it possible to give access only to 192.168.4.0/23 and 192.168.10.0/23 with another way? You'll have to use two rules, each targeting individual subnet. Problem w...
by mkx
Wed Apr 10, 2024 12:26 pm
Forum: RouterBOARD hardware
Topic: Is the RB1100x4 still actively in production?
Replies: 3
Views: 526

Re: Is the RB1100x4 still actively in production?

RB1100AHx4 is still listed as "current device" on Mikrotik web page. So it should be able to buy it. Whether it's from old stock of from production line ... that can only Mikrotik answer (but I highly doubt they would). As to local distributor's stock: they tend to keep in stock models tha...
by mkx
Wed Apr 10, 2024 12:19 pm
Forum: Wireless Networking
Topic: hAP ax3 no internet connection for mobile clients
Replies: 4
Views: 443

Re: hAP ax3 no internet connection for mobile clients

This is really weird. In your opening post you wrote that wireless client can ping gateway (router), but the rest of (internet?) traffic is blocked for a while. But if device wants to communicate with internet, it is sending traffic to router ... and that works as you are saying. You can try to torc...
by mkx
Wed Apr 10, 2024 12:06 pm
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 9
Views: 829

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

Show config ... the /ipv6/dhcp-server/export part at least.
by mkx
Wed Apr 10, 2024 11:59 am
Forum: General
Topic: Mikrotik CRS326 RM - WebUI & Winbox disconections
Replies: 5
Views: 680

Re: Mikrotik CRS326 RM - WebUI & Winbox disconections

Your topology description is a bit fuzzy ... but combined with log entry it indicates you might have some misconfiguration of your device ...
by mkx
Wed Apr 10, 2024 11:58 am
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 9
Views: 829

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

Is the prefix pool ... which DHCPv6 uses to fetch prefixes for clients ... a dynamic (i.e. fetched from upstream DHCPv6 server) or a static one?
by mkx
Wed Apr 10, 2024 8:03 am
Forum: Wireless Networking
Topic: hAP ax3 no internet connection for mobile clients
Replies: 4
Views: 443

Re: hAP ax3 no internet connection for mobile clients

The way you explain the symptoms, the problem might be also in ARP entry aging on switches/bridges ... all mentioned devices are part of it, including the TP-link switch. If you can, connect both hAPs to hEX directly just to make sure that TP-link isn't playing games.
by mkx
Wed Apr 10, 2024 7:04 am
Forum: Beginner Basics
Topic: [SOLVED] Prevent connections to IP address
Replies: 4
Views: 401

Re: Prevent connections to IP address

Where are you accessing 192.168.1.40:8123 from, the rest of LAN? If that's so, you can't block traffic on router because traffic between two LAN devices doesn't pass router.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 41