Community discussions

MikroTik App

Search found 13328 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 45
by mkx
Sun Dec 01, 2024 9:56 pm
Forum: Beginner Basics
Topic: VLANs leaking behind a switch? [SOLVED]
Replies: 8
Views: 543

Re: VLANs leaking behind a switch? [SOLVED]

... and I still wanted several VLANs untagged on the same port (because my WiFi APs are not VLAN aware).
But does this really work for you? Only one VLAN can have bidirectional traffic (single PVID per port).
by mkx
Sun Dec 01, 2024 9:52 pm
Forum: Beginner Basics
Topic: Forward chain "drop all else"- counter is zero
Replies: 8
Views: 398

Re: Forward chain "drop all else"- counter is zero

In my case, accept (fasttrack counter) is at 2TB and another 2TB for "slow track"... 32MB drop invalid on input and 32MB drop invalid on forward ... and 178MB drop all else (on input ... nothing on forward).
by mkx
Sun Dec 01, 2024 1:53 pm
Forum: Beginner Basics
Topic: Forward chain "drop all else"- counter is zero
Replies: 8
Views: 398

Re: Forward chain "drop all else"- counter is zero

It does make sense to drop "invalid" packets early, they might match some allow rule down the chain.
by mkx
Sun Dec 01, 2024 1:49 pm
Forum: Beginner Basics
Topic: VLAN config help request for Mikrotik and Cisco
Replies: 2
Views: 155

Re: VLAN config help request for Mikrotik and Cisco

Configure port on router as trunk with all VLANs needed ... here's how to do VLANs in ROS: https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 ... Tutorial may be geared towards switch-like configs, but is usable also for routers (even router-on-a-stick variety). And a suggestion: upgrade you...
by mkx
Sun Dec 01, 2024 11:33 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 18
Views: 1202

Re: Difference between two Interface Lists

So why bother with a dual IPv4 when you can just have a route that works in either setup? Adding a /32 route doesn't work with peer which uses "normal" /24 addressing ... And, again, doesn't add to security. One has to treat modem as being hostile and adding interface, connecting modem, t...
by mkx
Sat Nov 30, 2024 8:03 pm
Forum: Wireless Networking
Topic: WAP60G: one vertical, other horizontal?
Replies: 1
Views: 118

Re: WAP60G: one vertical, other horizontal?

I don't think rotating drvices at angle would be a problem by itself. However there are at least two (minor?) issues to think about: wAP60G uses beam forming, so it can direct main lobe in "optimal" direction. But not in any direction, range span is 60° in horizontal direction and only 30°...
by mkx
Sat Nov 30, 2024 7:44 pm
Forum: General
Topic: Feature requests
Replies: 1782
Views: 671465

Re: Feature requests

Don't know if this has been discussed already ...
There's such a feature already: port extender. Not many devices are compatible ... and it comes with some serious gotchas. But it's here.
by mkx
Sat Nov 30, 2024 10:43 am
Forum: Beginner Basics
Topic: VLANs leaking behind a switch? [SOLVED]
Replies: 8
Views: 543

Re: VLANs leaking behind a switch? [SOLVED]

I didn't manage to get IPv6 addresses not leaking across VLANs when using SLAAC to assign addresses. Did you fix the switch VLAN settings according to @anav's instructions? If port is untagged member of multiple VLANs, then broadcasts of all VLANs will egress through that port (and being untagged o...
by mkx
Fri Nov 29, 2024 9:19 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

To better understand the process, could you clarify where exactly the packets get tagged in the WireGuard setup? :mrgreen: The smiley you used makes me wonder whether you expect an answer or not. But anyway, here it is: wireguard is IP tunnel so natively it doesn't carry (nor care about) VLAN tags....
by mkx
Fri Nov 29, 2024 9:12 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 560

Re: Bug in version in winbox and in routerboard

Again (and read my lips:) there's RouterOS version and Routerboot version. Both are distinct.
by mkx
Fri Nov 29, 2024 9:00 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 560

Re: Bug in version in winbox and in routerboard

RouterOS (as in windows OS) is at 7.16.2. But: RouterBoot (as in BIOS / UEFI) is at 7.16.1. RouterBoot upgrade files are shipped to device along with RouterOS but it's not installed automatically. Hit that "Upgrade" button and reboot device.
by mkx
Fri Nov 29, 2024 8:54 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 595

Re: Adding existing preformatted disks

In that case, the Linux kernel is GPL licensed code and as such we should be able to see the sources with modifications from MT ... I don't think that MT linux kernel contains many changes ... apart from some specific device drivers and some patches. I think it's more about missing features. E.g. d...
by mkx
Fri Nov 29, 2024 3:55 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 595

Re: Adding existing preformatted disks

The ROS uses Linux kernel underneath anyway and I assume the very same tools underneath as any usual Linux distro ... Here you assume wrong, so nothing you wrote after this point doesn't necessarily reflect reality. ROS indeed runs linux kernel ... but if we can believe MT guys around here (and I d...
by mkx
Fri Nov 29, 2024 3:49 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 860

Re: Setup mAP in reverse config from default

Yes DHCP client sends out broadcast packets when doing DHCP discover and bridge will send these frames out via all member ports. In principle only one DHCP server is necessary per L2 broadcast domain and if there are multiple servers in given L2 broadcast domain (not wrong by itself), it's expected...
by mkx
Fri Nov 29, 2024 1:12 pm
Forum: Beginner Basics
Topic: rb5009 sfp altibox fiber
Replies: 6
Views: 412

Re: rb5009 sfp altibox fiber

This gbic is working fine with a Ubiquiti Edgerouter X which i'm using right now. ROS is a bit notorious for not supporting properly just any SFP module, thrown at. So the positive experience when using same SFP in different device brand means very little in this case (it only proves that SFP can t...
by mkx
Fri Nov 29, 2024 1:05 pm
Forum: General
Topic: Stations connected to CRS310 switch cannot get IP from DHCP server connected to sfpplus port
Replies: 4
Views: 539

Re: Stations connected to CRS310 switch cannot get IP from DHCP server connected to sfpplus port

Try to check in depth what's going on with SFP+ port and module. ROS is a bit notorious for not supporting just any SFP/SFP+ module properly ...


Also verify as to which physical port corresponds to MAC address, set as bridge MAC address.
by mkx
Fri Nov 29, 2024 1:03 pm
Forum: General
Topic: DHCP issue on hAP ax3
Replies: 5
Views: 380

Re: DHCP issue on hAP ax3

Well, anyway. Logs don't show anything related to hardware issues (link downs or whatever) ... which likely means some L3 problem. In that case you'll have to troubleshoot the issue while problem persists ... like running traceroute (on a LAN PC) towards e.g. 8.8.8.8 and see where things break ... i...
by mkx
Fri Nov 29, 2024 12:57 pm
Forum: General
Topic: how to create a master port on crs
Replies: 4
Views: 326

Re: how to create a master port on crs

Errmm ... that's an article from 2014 ?!
That was my point exactly :wink:
by mkx
Fri Nov 29, 2024 12:42 pm
Forum: General
Topic: DHCP issue on hAP ax3
Replies: 5
Views: 380

Re: DHCP issue on hAP ax3

With default logging config, ethernet port link-downs are logged. Also PPPoE client outages are logged (and as far as my experience goes, they correlate 100% when there are problems with ethernet port connectivity). With logs you showed (and assuming you didn't filter any events ... either by reconf...
by mkx
Fri Nov 29, 2024 12:38 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 595

Re: Adding existing preformatted disks

Even with "plain" file systems (e.g. ext4) it's sometimes necessary to reformat drive (possibly due to lack of support for some type of partition table or some such). But with encrypted drives I'd say it's even more necessary to reformat drive ... it would be logical to me that encryption ...
by mkx
Fri Nov 29, 2024 10:57 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 26
Views: 1461

Re: IPv6 Configuration RB4011

Looked at cisco config and I think the problem lies there: interface GigabitEthernet0/1 description ** LAN ** ip address 201.201.201.201 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp duplex auto speed auto ipv6 address 2001:db8:20a0::1/56 anycast no cdp enable It effectively say...
by mkx
Fri Nov 29, 2024 10:53 am
Forum: Beginner Basics
Topic: rb5009 sfp altibox fiber
Replies: 6
Views: 412

Re: rb5009 sfp altibox fiber

IMO the problem is this:
advertising: 1G-baseX
link-partner-advertising:

Note the empty field "link-partner-advertising". Which means that autonegotiation doesn't happen. Try to set port speed to 1Gbps and disable autonegotiation on sfp-sfpplus1 port (under ethernet configuration).
by mkx
Fri Nov 29, 2024 8:51 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 26
Views: 1461

Re: IPv6 Configuration RB4011

You actually need to set advertise=yes on addresses on interfaces where there are devices which should use your router as their gateway ... without it, router will not send out RAs and SLAAC then doesn't work. In your opening post, you write "When I try to configure the LAN and define new prefi...
by mkx
Fri Nov 29, 2024 8:37 am
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

I just had a quick look at HUB configuration and it seems to me that routing configuration is flawed: /ip address # You probably don't need this: add address=192.168.0.223/24 comment=defconf interface=BR1 network=192.168.0.0 # and you probably don't need this either: add address=192.168.0.223/24 int...
by mkx
Fri Nov 29, 2024 8:16 am
Forum: General
Topic: DHCP issue on hAP ax3
Replies: 5
Views: 380

Re: DHCP issue on hAP ax3

Is there anything related in logs?
by mkx
Fri Nov 29, 2024 8:14 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 26
Views: 1461

Re: IPv6 Configuration RB4011

Can you post configuration from your MT router, at least the /ipv6 part? You can omit firewall part, it probably isn't important in the context of problems you're seeing.
by mkx
Fri Nov 29, 2024 7:00 am
Forum: General
Topic: how to create a master port on crs
Replies: 4
Views: 326

Re: how to create a master port on crs

Can you post the link to tutorial you're referring to? It's quite likely outdated, master port configuration style was abandoned in ROS 6.41 (quite a few years ago) and was replaced by bridge. And before you proceed, I recommend you to upgrade ROS to latest v6 stable (6.49.something), v7 is probably...
by mkx
Fri Nov 29, 2024 6:50 am
Forum: Beginner Basics
Topic: Firewall rule can't match packet by interface
Replies: 6
Views: 425

Re: Firewall rule can't match packet by interface

At least pist the exact rule which doesn't work for you. And a detail, it might be a hint: firewall rules may be executed before egress interface is known, routing decission is made after most firewall processing is done. Also: screenshot in opening post also hints that ping is originated from route...
by mkx
Thu Nov 28, 2024 3:26 pm
Forum: Virtualization
Topic: Are there prebuilt Linux Images for Metarouter? (OpenWrt or other Linux distros)
Replies: 2
Views: 373

Re: Are there prebuilt Linux Images for Metarouter? (OpenWrt or other Linux distros)

Metarouter is R.I.P. on RouterOS since many moons ago (at least in reality if not officially). It's replaced with container functionality ... but this functionality is not available on all platforms and if one seriously wants to use it (or wants to seriously use it) one better uses a very decent RB ...
by mkx
Thu Nov 28, 2024 3:20 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1598

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

Actualy ax hardware I tested on 7.16.2 on MikroTik have only fixed channels, example 5500 but not 5510 Yup, that's pretty normal on today's mainstream wireless stations (e.g. smart phones) ... they only support standard channel center frequencies. When creating MT-MT point-to-(multi)point link, thi...
by mkx
Thu Nov 28, 2024 3:12 pm
Forum: General
Topic: How to block webpages by URL?
Replies: 5
Views: 424

Re: How to block webpages by URL?

You can't block specific URLs (chosen between different URLs targeting same FQDN host or IP address). Generic reason is that there's no guarantee that whole URL will fit single IP packet. And FW (L7 as well) works with IP packet granularity. So if one uses IP packets with MTU size of 40 bytes, then ...
by mkx
Thu Nov 28, 2024 2:32 pm
Forum: General
Topic: Lightning Strike and Switch Lost Connection (temporarily)
Replies: 3
Views: 282

Re: Lightning Strike and Switch Lost Connection (temporarily)

In the meantime your devices probably have restarted ...

... or remained in some undefined state if the brief moment without power flowing lasted just the right duration. And in this case one has to reboot device.
by mkx
Thu Nov 28, 2024 8:38 am
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1598

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

But do think using default 20/40/80Mhz channel width might be cause of at least some of the frequent AX complaints... I don't think that 20/40/80MHz is causing complaints. After all, this kind of channel arrangement is (supposed to be) backwards compatible with devices supporting only narrower chan...
by mkx
Wed Nov 27, 2024 6:08 pm
Forum: General
Topic: PPPOE on Fiber: reduced download speed, while upload is full-speed
Replies: 7
Views: 512

Re: PPPOE on Fiber: reduced download speed, while upload is full-speed

If considering RB4011 and RB5009 ... then RB4011 is technically inferior in many aspects (slower CPU, uses 2 switch chips and SFP is connected directly to CPU, doesn't have USB port, etc.). Just thought to mention this to contrast higher WAF of RB4011 :wink: Regarding hEX S performance: that rule of...
by mkx
Wed Nov 27, 2024 6:01 pm
Forum: General
Topic: Complaints from v7.17rc [testing]
Replies: 42
Views: 1890

Re: Complaints from v7.17rc [testing]

about downgrades, there is ZERO logical reason to knowingly downgrade to a version with a known CVE, possibly allowing easy access to the device by a hacker. Zero. Do not try to find it. This is new to me ... that ROS upgrader has built in function to check certain ROS package against database of C...
by mkx
Wed Nov 27, 2024 11:00 am
Forum: Wireless Networking
Topic: Chateau 5G ax - 802.11ac and ax support [SOLVED]
Replies: 5
Views: 451

Re: Chateau 5G ax - 802.11ac and ax support [SOLVED]

You may want to look at output of command /interface/wifi/print and /interface/wifi/security/print (run them in terminal window ... you can start one from WinBox or connect to device using ssh) ... and look for "encryption" property in both outputs. Only then you'll see what is actually co...
by mkx
Wed Nov 27, 2024 9:04 am
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

After you uninstall wireless package and install wifi-qcom-ac package - verify that it's actually installed, cAP ac XL has only 16MB storage space which is really tight - (and upgrade routerboard firmware for good measure ... and cold boot device for another good measure), it may be good to reset de...
by mkx
Wed Nov 27, 2024 9:00 am
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1598

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

I just NEVER see anyone recommend narrowing channel width for AX... which got me questioning physics. My guess: none of the vocal AX supporters considers 2.4GHz band as viable WiFi band any more (everybody is looking at 6GHz now days). I've thought of a reason to go with 20MHz channels (instead of ...
by mkx
Wed Nov 27, 2024 8:52 am
Forum: General
Topic: CRS310 and issues with different speed/ports
Replies: 6
Views: 431

Re: CRS310 and issues with different speed/ports

The problem with communication pausing and/or packets being dropped when there's speed change (most notably from faster to slower, e.g. ingress port is 10Gbps and egress port is 2.5Gbps) is buffering. A switch has only certain amount of buffer and if there's a burst of frames, switch needs to buffer...
by mkx
Tue Nov 26, 2024 9:52 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1598

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

I know AX uses OFDMA to better handle this ... ... so do G and N (and A) ... actually only B uses DSSS with 22MHz-wide channels. So in this respect AX is nothing new. What AX adds is 1024QAM (N stops at 64QAM) so it can reach higher speeds when SINR is great. And reduces subcarrier spacing by facto...
by mkx
Tue Nov 26, 2024 1:49 pm
Forum: General
Topic: Doubt regarding network configuration with VLAN in AP
Replies: 7
Views: 425

Re: Doubt regarding network configuration with VLAN in AP

When doing L2 stuff, it's responsibility of device sending frame (can be originating host, can be router) to find out destination MAC address. And L2 entity (switch) then passes frame to correct port. If sender doesn't know destination MAC address, it can send it to broadcast MAC address. Both when ...
by mkx
Tue Nov 26, 2024 1:40 pm
Forum: General
Topic: Strange slow RX but not TX
Replies: 13
Views: 1363

Re: Strange slow RX but not TX

Problem with using public servers (including iperf3 servers) is that there might be bottlenecks other than "last mile". I tried iperf3 server from the screenshots of @CGGXANNX and I got shitty performance in both directions. In both directions I see fair amount of retransmissions ... and f...
by mkx
Tue Nov 26, 2024 1:31 pm
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 631

Re: bridge has stopped working, all ports marked as not running

Anything in logs regarding bridge or its ports?

Are ports, marked as "not running", connected to devices which are powered up?
by mkx
Tue Nov 26, 2024 11:11 am
Forum: General
Topic: Hairpin NAT - acces to my web site on local server [SOLVED]
Replies: 3
Views: 343

Re: Hairpin NAT - acces to my web site on local server [SOLVED]

And you're entirely sure that <public IP> is the exactly the same that browser uses when trying to connect to your web site?
by mkx
Tue Nov 26, 2024 9:20 am
Forum: Beginner Basics
Topic: Problem with WAX204 (AP mode) in VLAN setup and security questions [SOLVED]
Replies: 4
Views: 308

Re: Problem with WAX204 (AP mode) in VLAN setup and security questions [SOLVED]

Switch Configuration (Port 7 - AP): - Member of VLAN 1,100 - Tagged on VLAN 100 (WiFi) - Untagged on VLAN 1 (default) - PVID 100 The last two bullets contradict each other. Setting PVID on port means that anything untagged on physical media outside the device (e.g. ethernet cable), connected to thi...
by mkx
Tue Nov 26, 2024 9:14 am
Forum: Beginner Basics
Topic: Do source ports matter?
Replies: 1
Views: 224

Re: Do source ports matter?

Now here's my main question: do source ports matter? Generally source ports don't matter ... unless they do. As you found out, some ISPs block some well known ports and UDP 123 is often one of them (it used to be abused by some DDoS amplification attacks), UDP 53 is another one. Vast majority servi...
by mkx
Tue Nov 26, 2024 9:03 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 2834

Re: wAP coverage -- picture included

mANTbox has a pretty narrow-beam antenna. Have a look at diagrams, published in product's quick guide . Since Tx power is generally limited by country regulations, this means that decent signal strength is only available in directions with maximum antenna gain and elsewhere signal strength is pretty...
by mkx
Tue Nov 26, 2024 8:58 am
Forum: General
Topic: Doubt regarding network configuration with VLAN in AP
Replies: 7
Views: 425

Re: Doubt regarding network configuration with VLAN in AP

a switch and a router - generally speaking, are the same devices ... While we're generally speaking, switch and router are very different devices. (Ethernet) Switch does ethernet frame forwarding between ethernet ports based on SRC and DST MAC addresses and FDB (Forwarding DataBase). And router doe...
by mkx
Mon Nov 25, 2024 7:24 pm
Forum: General
Topic: WAN interface Passes more data than the LAN interface
Replies: 13
Views: 654

Re: WAN interface Passes more data than the LAN interface

Hmmm ... the way I read OP's screenshot is that WAN Rx is considerably larger than LAN Tx .... which means that router is dropping some of traffic comming to router from internet. Which means that firewall is doing its thing.
by mkx
Mon Nov 25, 2024 4:22 pm
Forum: General
Topic: Doubt regarding network configuration with VLAN in AP
Replies: 7
Views: 425

Re: Doubt regarding network configuration with VLAN in AP

If AP can add/remove VLAN tags as needed, then the switch in between doesn't have to know about VLAN tags at all. The only (minimum) requirement for that switch is that is supports using "baby jumbo frames" ... that is ethernet frames with payload size of 1504 bytes (VLAN header adds 4 byt...
by mkx
Mon Nov 25, 2024 12:28 pm
Forum: Wireless Networking
Topic: wAP ax as replacement for old UniFi AC Pro?
Replies: 9
Views: 648

Re: wAP ax as replacement for old UniFi AC Pro?

Now, if the off-center ball with a flat bottom shape is correct, if you mount a wAP in the center of the ceiling, the apartment below your room should enjoy better coverage than you? :shock: Probably not ... because apart from "back side" (where signal level is supposed to be like 20dB lo...
by mkx
Mon Nov 25, 2024 12:23 pm
Forum: Wireless Networking
Topic: How to increase wifi signal distance/strenght ?
Replies: 10
Views: 659

Re: How to increase wifi signal distance/strenght ?

For play use a cable, any other consideration is useless ... My guess: @OP doesn't have any wired network infrastructure available ... and/or he fell for "use wireless, it's better than fresh bread" motto of sellers of wireless equipment. Now his multi-player experience suffers but he'd p...
by mkx
Mon Nov 25, 2024 12:15 pm
Forum: Beginner Basics
Topic: Can I upgrade RB750 Version 5.25 [SOLVED]
Replies: 1
Views: 252

Re: Can I upgrade RB750 Version 5.25 [SOLVED]

The ancient ROS version is only supported by (almost) equally ancient versions of WinBox ... I'd go for something older than 3.20 (I don't remember exactly when ROS and winbox changed in this respect). Download link is e.g. https://download.mikrotik.com/routeros/winbox/3.20/winbox.exe (change "...
by mkx
Mon Nov 25, 2024 9:21 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 118
Views: 25495

Re: v7.17rc [testing] is released!

Why does the Winbox client share the same JSON file with the web interface? I can't understand this design choice. It is possible to create a "skin" ... like hiding certain interface items. And at least winbox 3 did conform to those skin settings. Which probably means that winbox is suppo...
by mkx
Mon Nov 25, 2024 9:11 am
Forum: Wireless Networking
Topic: How to increase wifi signal distance/strenght ?
Replies: 10
Views: 659

Re: How to increase wifi signal distance/strenght ?

- 60db is a pretty good signal already. @OP is not saying he's getting - 60 db , he's saying he's getting 60 % of signal. And only <insert your favourite deity here> knows what kind of signal that means. My experience with 3G and 4G phones says that some vendors set 100% at values where service onl...
by mkx
Mon Nov 25, 2024 9:00 am
Forum: General
Topic: Help diagnosing daily network outage at approximately the same time
Replies: 3
Views: 493

Re: Help diagnosing daily network outage at approximately the same time

Here's an article, somehow explaining different STP options: https://help.mikrotik.com/docs/spaces/ROS/pages/328068/Bridging+and+Switching#BridgingandSwitching-Per-portSTP According to my understanding, BPDU-guard is almost exactly opposite from setting port as edge: BPDU-guard disables port if it d...
by mkx
Mon Nov 25, 2024 8:27 am
Forum: Beginner Basics
Topic: ARP table
Replies: 3
Views: 624

Re: ARP table

Depending on setup, MAC addresses of "neighbouring" devices can be in different places: /ip/arp/print As already mentioned, this table contains MAC addresses and IP addresses of devices, which somehow communicated with RB device on IP layer. Values in Status column are explained in this ar...
by mkx
Sun Nov 24, 2024 2:33 pm
Forum: Beginner Basics
Topic: Could anyone audit my setup?
Replies: 2
Views: 315

Re: Could anyone audit my setup?

It seems fine. It's on a paranoid side, I'd do two more things: for performance reasons I'd enable fasttrack: /ip firewall filter add action=fasttrack-connection chain=forward comment="fasttrack established,related" connection-state=established,related It should be pushed to the top of rul...
by mkx
Sun Nov 24, 2024 12:03 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

The config you posted seems to be old one ... with capsman settings still under /caps-man ... but to provision your hAP ax2 you need to configure CAPsMAN under /interface/wifi ... e.g. /interface/wifi/capsman/set enabled=yes . Etc. I missed that your CAP device is hAP ax2 in your previous post. So y...
by mkx
Sun Nov 24, 2024 11:36 am
Forum: General
Topic: Bridge -> Bond -> 2x Ethernet MTU Setting?
Replies: 6
Views: 496

Re: Bridge -> Bond -> 2x Ethernet MTU Setting?

MTU is L3 setting ... which means at least these two things: switches (as L2 entities) don't have much to do with it, they just have to be able to pass those jumbo frames (L2MTU has to be at least MTU+ethernet overhead+VLAN overhead isf used) whole IP subnet has to use same MTU ... all devices and r...
by mkx
Sat Nov 23, 2024 2:07 pm
Forum: General
Topic: Device will use IP from Server
Replies: 17
Views: 889

Re: Device will use IP from Server

In addition: does any of LAN infratructure devices have proxy-ARP enabled? I see many people enable it without understanding what it does and then run into problems caused by it.
by mkx
Sat Nov 23, 2024 2:01 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 447
Views: 142796

Re: v7.16.1 [stable] is released!

There's been some kind of confusing situation. It doesn't make any sense. I have two 4011s with firmware 7.16.1 that were fine a week ago. Today I noticed that DHCPv6 client on both devices stopped working normally. I have not made any changes to the settings. Did devices reboot in between by any c...
by mkx
Fri Nov 22, 2024 5:08 pm
Forum: Beginner Basics
Topic: Need Help on PPPoE Over Trunk
Replies: 2
Views: 419

Re: Need Help on PPPoE Over Trunk

Assuming that ISP device (modem? GPON ONT?) is working as untagged ... you'll have to create something like this: switch port, connecting to ISP, needs to be configured as untagged/access port with PVID / native VLAN set to 41 switch port, connecting to router, has to be configured as tagged/trunk a...
by mkx
Fri Nov 22, 2024 12:14 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

Two things: you are running the new "wifi" driver on cAP (optional package wifi-qcom-ac installed I presume), so you'll have to configure the matching CAPsMAN on RB4011 ... and for that, you'll have to focus on /interface/wifi and its subtree (that's the place to configure new CAPsMAN). It...
by mkx
Thu Nov 21, 2024 11:43 pm
Forum: General
Topic: Beginner question about MTUs
Replies: 1
Views: 264

Re: Beginner question about MTUs

L2 devices (switches) don't fragment large frames, they silently discard them. And all devices inside same broadcast domain (most commonly this means same IP subnet) have to be set up with same MTU (traffic from small MTU towards large MTU is fine, traffic in opposite direction will get dropped). Th...
by mkx
Thu Nov 21, 2024 11:23 pm
Forum: General
Topic: DNS failover for redudancy
Replies: 5
Views: 411

Re: DNS failover for redudancy

Apparently, I speak truth. ;-)

Don't know about that ... your post was around 244 lines too long for me to even start reading it at full attentiveness.
by mkx
Thu Nov 21, 2024 11:12 pm
Forum: Beginner Basics
Topic: RB4011 wont run at default CPU frequency
Replies: 8
Views: 525

Re: RB4011 wont run at default CPU frequency

If I understand DDM he's trying to set frequency to "auto" ... which is default since around 6.47.

@DDM: read about device mode ... in particular, you'll have to enable routerboard property (i.e. set it to yes).

Edit: meh, have slow fingers
by mkx
Thu Nov 21, 2024 9:27 am
Forum: General
Topic: DNS failover for redudancy
Replies: 5
Views: 411

Re: DNS failover for redudancy

There are a few places where DNS servers are mentioned: /ip/dns/set servers=<list of IP addresses> This one is used for DNS process in router itself to be able to do any queries. If not for other things, it's important to be working for ROS update checks (and downloads). Or anything else that ROS ne...
by mkx
Thu Nov 21, 2024 9:09 am
Forum: General
Topic: Help diagnosing daily network outage at approximately the same time
Replies: 3
Views: 493

Re: Help diagnosing daily network outage at approximately the same time

It could be some rogue device somewhere on the edge of your network which initiates STP topology changes. And there are plenty of devices which can do it, e.g. any server running VMs can do it (they tend to run bridges for connecting VMs to network) or servers running any containers, etc. I'd start ...
by mkx
Thu Nov 21, 2024 8:50 am
Forum: Beginner Basics
Topic: CRS354-48P-4S+2Q+ replacement issues
Replies: 1
Views: 201

Re: CRS354-48P-4S+2Q+ replacement issues

First off: CRS354 (the whole CRS family of devices as a matter of fact) is a switch not a router. Yes, if running RouterOS, it can route and if carefully configured, it can route at wirespeed (if not carefully configured, it can route at very low speeds, like 200 M bps cumulative between any combina...
by mkx
Thu Nov 21, 2024 8:36 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 18
Views: 1202

Re: Difference between two Interface Lists

By setting an IP address on the WAN interface you negatively affect setups where upstream uses DHCP or static assignment as the interface will end up with multiple addresses. I don't exactly understand your argument. I guess that vast majority of devices use static IP subnet for LAN (just like ROS ...
by mkx
Wed Nov 20, 2024 5:09 pm
Forum: General
Topic: DNS failover for redudancy
Replies: 5
Views: 411

Re: DNS failover for redudancy

1) it entirely depends on DNS clients. But mostly they operate like this: start using first DNS server. As long as replies are getting back (even if negative answers), client will use same DNS server. If DNS server fails to reply, then client switches over to using second DNS server. And keeps using...
by mkx
Wed Nov 20, 2024 12:29 pm
Forum: General
Topic: How do I assign static IPv6 address to devices from the router?
Replies: 3
Views: 331

Re: How do I assign static IPv6 address to devices from the router?

This is mission "nearly impossible". One issue is DHCPv6 server on ROS ... it doesn't support giving out IPv6 addresses, it only hands out prefixes (there are some recent activities which may improve DHCPv6 server by adding address assignment functionality). And the big issue is client sup...
by mkx
Wed Nov 20, 2024 11:59 am
Forum: Announcements
Topic: v6.49.17 [stable] is released!
Replies: 18
Views: 61316

Re: v6.49.17 [stable] is released!

Well, why not just mention that in changelog?
When did MT make changelogs easily understandable?
by mkx
Wed Nov 20, 2024 9:48 am
Forum: Announcements
Topic: v6.49.17 [stable] is released!
Replies: 18
Views: 61316

Re: v6.49.17 [stable] is released!

Perhaps some of those v6-only hardware got R2 (with some slight HW changes, requiring minor changes in some device driver?) Since such change doesn't apply to already shipped hardware, ROS change can be factory-only (and it doesn't have to be publicly available since new devices can not be downgrade...
by mkx
Wed Nov 20, 2024 9:38 am
Forum: Beginner Basics
Topic: Trying to trunk between two switches [SOLVED]
Replies: 5
Views: 659

Re: Trying to trunk between two switches [SOLVED]

On both switches: if you're using VLAN Interface, anchored off bridge, then bridge CPU-facing port has to be tagged member of corresponging VLAN:


E.g.:
/interface bridge vlan
add bridge=SW1 tagged=SW1,ether8 vlan-ids=40
/ip dhcp-client
add interface=Management
by mkx
Wed Nov 20, 2024 9:31 am
Forum: Beginner Basics
Topic: Help DNS approach to Faster Browsing
Replies: 25
Views: 1694

Re: Help DNS approach to Faster Browsing

Do any ISPs still use squid proxy/cache servers ? Can't speak about ISPs, but in my company (with a few remote offices) we're forced to use proxy server (squid) for remote offices to be able to exit to internet (the connection between remote offices and main office is over some MAN which offers the...
by mkx
Wed Nov 20, 2024 9:25 am
Forum: Beginner Basics
Topic: LTE modem 4G (bands 3,20) and 5G (band n78) [SOLVED]
Replies: 3
Views: 427

Re: LTE modem 4G (bands 3,20) and 5G (band n78) [SOLVED]

There is any Mikrotik modem (only modem) that suports this 3 bands? If you're thinking of attaching modem directly to RB5009, then the only option would be USB modem ... and no, MT doesn't offer any USB modems what so ever. So the only option would be to go with models, mentioned by @gigabyte091 .....
by mkx
Wed Nov 20, 2024 9:18 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 18
Views: 1202

Re: Difference between two Interface Lists

So I added IP address (from modem's "LAN" IP subnet) to my ether port linking with modem. Any particular reason you chose this approach rather than adding <IP>/32 route? The latter should work for both PPPoE and bridged Simplicity. BTW, adding /32 route doesn't make it any more secure (th...
by mkx
Tue Nov 19, 2024 12:30 pm
Forum: Beginner Basics
Topic: WiFi router + cAP ax [SOLVED]
Replies: 3
Views: 299

Re: WiFi router + cAP ax [SOLVED]

Depending on requirements (WAN speed being one of more important ones) ... but hAP ax3 is generally one of better choices.
by mkx
Tue Nov 19, 2024 12:28 pm
Forum: Beginner Basics
Topic: Update to v7.17beta5 crashed several CCR2004-1G-12S+2XS devices - config recovery?
Replies: 2
Views: 404

Re: Update to v7.17beta5 crashed several CCR2004-1G-12S+2XS devices - config recovery?

It is possible to netinstall (older version, 7.17beta4) while keeping configuration. You can try this and see if it works out.
by mkx
Tue Nov 19, 2024 8:27 am
Forum: Wireless Networking
Topic: wAP ax?
Replies: 237
Views: 27621

Re: wAP ax?

Thanks for the image. So wAP AX seems to be directional. Correct antenna gains seem to be around ~7dBi in the frontal direction. Around 7 dBi for 2.4GHz band and around 5 dBi for 5GHz band. There's definition about "directionality": antenna beam width is angle where antenna gain drops by 3...
by mkx
Sun Nov 17, 2024 1:51 pm
Forum: RouterBOARD hardware
Topic: RB260GSP can power up by POE on port 1? [SOLVED]
Replies: 2
Views: 493

Re: RB260GSP can power up by POE on port 1? [SOLVED]

Your company switch most likely works as "802.3 af/at" and provides around 48V. Which is pretty much incompatible with RB260GSP PoE-in requirements. Provided power adapter is almost certainly 24V and RB260GSP only works as "passive PoE". Which is, again, completely incompatible w...
by mkx
Sun Nov 17, 2024 11:41 am
Forum: General
Topic: RB3011UiAS Slow Upload
Replies: 4
Views: 426

Re: RB3011UiAS Slow Upload

Try disabling LCD altogether. It's known that updating LCD contents affects router's performance quite signifficantly. You posted terse (or verbose?) expirt which includes all sorts of default settings making it much less readable ... at least zo me. So if you do another export (a "normal"...
by mkx
Sun Nov 17, 2024 11:31 am
Forum: General
Topic: CAPSMAN WiFi Wave2
Replies: 4
Views: 431

Re: CAPSMAN WiFi Wave2

As the complete bandwidth of 2.4GHz radio is 40MHz wide.... Not exactly true. WiFi 2.4GHz band extends from 2401MHz (lower boundary of channel 1) to 2473MHz (upper boundary of channel 11, relevant in NA) or 2483MHz (upper boundary of channel 13, relevant in EU and almost everywhere else than NA). W...
by mkx
Sun Nov 17, 2024 11:12 am
Forum: General
Topic: CRS-310-8G+2s as controller bridge
Replies: 1
Views: 193

Re: CRS-310-8G+2s as controller bridge

Port extender functionality (either CB or PE) has to be run by switch chip to be effective. So there are 3 possibilities: switch chip used in CRS310 doesn't support this feature support is not yet implemented in ROS documentation is outdated Whichever it is, you could get a definitive answer only di...
by mkx
Sun Nov 17, 2024 11:01 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 18
Views: 1202

Re: Difference between two Interface Lists

"off-topic": Why you should add the eth port that is connected to the isp modem to the WAN list? (I'm using PPPoE) It depends. In my case ISP's modem has management interface (Web-based UI) and for that it has "LAN" IP address. Even though I put it in bridge mode and run PPPoE c...
by mkx
Sat Nov 16, 2024 5:03 pm
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 18
Views: 1202

Re: Difference between two Interface Lists

My question is: In short: interface is the thing which delivers frame to RouterOS. Most often it has IP address set. This "property" is not passed to parent entities. E.g. if you have a few ether ports members of a bridge and teaffuc is tagged so there's also a VLAN interface anchored off...
by mkx
Sat Nov 16, 2024 10:31 am
Forum: Wireless Networking
Topic: trunk in bridge mode
Replies: 2
Views: 504

Re: trunk in bridge mode

If bridge configuration on SXT doesn't have any VKSN-related config, then its IP layer communicates strictly vua untagged frames. Diagram mentions VID 2 as being used as native on trunk between cisco snd SXT (at least the upper-left pair), which means that 192.168.2.0/24 should be used in VLAN 2 on ...
by mkx
Fri Nov 15, 2024 7:39 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

Commenting on config from attached rsc file ... You shouldn't set use-service-tag=yes , it switches over to different type of VLAN headers. And no tag stacking. All in all device config is a mess. So I suggest you to start over: install ROS 7.16.1 on your hAP ac2, it'll improve wifi performance quit...
by mkx
Fri Nov 15, 2024 7:07 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155394

Re: v7.17beta [testing] is released!

What does "D" mean in Current Channel?
I'd say it means DFS.
by mkx
Fri Nov 15, 2024 1:43 pm
Forum: General
Topic: Discovering rogue DHCP source WAN IP
Replies: 10
Views: 588

Re: Discovering rogue DHCP source WAN IP

However not knowing where they come from is troubling us, we only see the LAN ip and mac address of the source.
Find them ... as per advice by @tdw. Yes, it's manual work, but if you want to catch plaintiff, you need to do some detective work before you send out the guns.
by mkx
Fri Nov 15, 2024 1:39 pm
Forum: Beginner Basics
Topic: Chateau 5G free space problem
Replies: 8
Views: 712

Re: Chateau 5G free space problem

Not sure about the branding bloat ... it might be necessary to install different branding ... https://help.mikrotik.com/docs/spaces/R ... 4/Branding
by mkx
Fri Nov 15, 2024 12:21 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 2834

Re: wAP coverage -- picture included

Viktors says wAP stands for "wireless access point". 😉 I think that that is only to distinguish it from wired access points :roll: :wink: :lol: I don't know about you, but I have my Audience wired ... both for PoE and for backhaul. And it only works as AP (no routing or anything else). Wh...
by mkx
Fri Nov 15, 2024 12:11 pm
Forum: Beginner Basics
Topic: Chateau 5G free space problem
Replies: 8
Views: 712

Re: Chateau 5G free space problem

I kindly ask for some official answer will it be possible to receive updates for this device in future? You won't get any official answer. But experience with MT so far is that they are doing anything possible to provide software upgrades way beyond EOL date. The only problem with 16MB flash device...
by mkx
Fri Nov 15, 2024 12:00 pm
Forum: Beginner Basics
Topic: Chateau 5G free space problem
Replies: 8
Views: 712

Re: Chateau 5G free space problem

There's another path (possibly a tad easier) instead of netinstalling ... available from ROS version 7.13 onwards: mark package wireless / wifi-qcom / wifi-qcom-ac driver (whichever is installed on device, in case of @OP it may be wifi-qcom-ac or wireless) for uninstallation reboot device upgrade de...
by mkx
Fri Nov 15, 2024 11:48 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155394

Re: v7.17beta [testing] is released!

Those values are correct and same for me, but there are 3 issues: 1) In case of 5490-5710 I have only maximal power 26 dBm with 2.5 dBi antenna. 2) I can not set up manually or automatically any of frequencies beyond 5600 with 20 MHz channel or beyond 5580 with 20/40 MHz channel or beyond 5560 with...
by mkx
Thu Nov 14, 2024 8:31 pm
Forum: Wireless Networking
Topic: CAPsMam + VLAN on wifi-qcom-ac enviroment where CAPsMam it self has Wifi
Replies: 1
Views: 260

Re: CAPsMam + VLAN on wifi-qcom-ac enviroment where CAPsMam it self has Wifi

The intention is that local wifi interfaces are not provisiobed by CAPsMAN (running on same device). With new wifi, CAPsMAN and local wifi setup share same configuration profiles, one can apply same profile (e.g. security) both to CAPsMAN and local interfaces. Local radios will still work with other...
by mkx
Thu Nov 14, 2024 8:22 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155394

Re: v7.17beta [testing] is released!

Just guessing: you have to set address-pool to some existing pool for DHCPv6 server to hand out addresses (seems like it uses prefix-pool only to hand out prefixes). And quite likely you have to provide a pool with same prefix length as is used on interface (and probably router's address on that int...
by mkx
Thu Nov 14, 2024 8:09 pm
Forum: General
Topic: cannot remove directory
Replies: 12
Views: 14661

Re: cannot remove directory

I have the same problem. I once used a netinstall a few months ago and after flashing a different version of RouterOS, it left this flash folder (disk) and I can't remove it. It takes up all the space - 16MB and I can't install new certificates due to lack of space. Normally the root of storage, as...
by mkx
Thu Nov 14, 2024 7:22 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155394

Re: v7.17beta [testing] is released!

Hmmm ... what does /interface/wifi/radio/reg-info country=Czech show on your device? On my audience (running 7.15.3) it says ranges: 2402-2482/20 5170-5250/23/indoor 5250-5330/23/indoor/dfs 5490-5710/30/dfs Which more or less corresponds with limits from "your" document). BTW numbers in ab...
by mkx
Thu Nov 14, 2024 6:36 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

Two things which poke my eyes: disable detect-internet at least on PtMP devices ... I'd disable it on all devices since you're trying to configure things properly yourself. Function detect-internet may help in case when user connects WAN to a wrong ether port. But it also have potential to royally m...
by mkx
Thu Nov 14, 2024 6:20 pm
Forum: General
Topic: Bonding 802.3ad
Replies: 8
Views: 522

Re: Bonding 802.3ad

According to my experience, Tx hash policies on both ends of bond don't have to be the same. Receiver will accept frames no matter via which bond link they arrive. It'll only use Tx hash policy (as configured locally) when selecting between (working) links members of same bond for Tx. So it will be ...
by mkx
Thu Nov 14, 2024 5:32 pm
Forum: General
Topic: Sonos bridge RX looped packet.
Replies: 4
Views: 317

Re: Sonos bridge RX looped packet.

The problem is that Sonos mesh obviously doesn't care about hetwork loops (neither do unmanaged switches). All managed switches know about xSTP (most have it enabled by default) and those can block one of links creating a loop.
by mkx
Thu Nov 14, 2024 5:23 pm
Forum: General
Topic: CCR2004 sudden PSU1+PSU2+fan failed
Replies: 3
Views: 451

Re: CCR2004 sudden PSU1+PSU2+fan failed

Any SFP with DDC plugged in (and being queried about their state)? IIRC it's been mentioned that there's a I2C bus which connects all internal monitored parts (power supplies and fans) as well as DDC buses of SFP cages. And if any of those devices block I2C bus for too long, ROS can not poll statuse...
by mkx
Thu Nov 14, 2024 5:13 pm
Forum: General
Topic: CRS112-8P low voltage error for 24V POE devices
Replies: 8
Views: 562

Re: CRS112-8P low voltage error for 24V POE devices

Indeed MT PoE offering is pretty inconsistent ... but there are a few rare devices which fare a tad better: CRS328-24P-4S+ has internal dual-voltage power supply and offers per-port selectable voltage (24V passive PoE or 48V 802.3 af/at) ... unfortunately it has limit if around 24W per port CRS320-8...
by mkx
Thu Nov 14, 2024 9:57 am
Forum: Beginner Basics
Topic: Time problem all the time
Replies: 4
Views: 345

Re: Time problem all the time

Check settings in Cloud ... since you have NTP client running (hopefully it shows status synchronized), you should disable time option in cloud settings.

BTW, if you're running NTP only to keep time on router current, you can disable NTP server function.
by mkx
Thu Nov 14, 2024 9:55 am
Forum: General
Topic: CRS112-8P low voltage error for 24V POE devices
Replies: 8
Views: 562

Re: CRS112-8P low voltage error for 24V POE devices

Yes. CRS doesn't regulate voltage internally, it only passes whatever supplied. CRS112 is one of few MT devices with dual power input, allowing to select voltage for PoE-out. If one of inputs is missing, corresponding PoE-out voltage is missing as well.
by mkx
Thu Nov 14, 2024 9:43 am
Forum: RouterBOARD hardware
Topic: VLAN BRidge switch chip NAT Only using one core RB 3011 UiAS RM [SOLVED]
Replies: 36
Views: 3773

Re: VLAN BRidge switch chip NAT Only using one core RB 3011 UiAS RM [SOLVED]

Contrast this to the RB3011 where the only way to have hardware offloaded VLANs is to perform the configuration directly on the switch chips. But because each of the two switch chips of the RB3011 has no knowledge of the other one, there is no mechanism in the switch chip configuration to refer to ...
by mkx
Thu Nov 14, 2024 9:25 am
Forum: General
Topic: Bonding 802.3ad
Replies: 8
Views: 522

Re: Bonding 802.3ad

When bond does hash (and based on hash value selects bond link to transmit frame), it takes whatever info configured: L2 - MAC address of source and destination L3 - IP address of source and destination L4 - source and destination port (if L4 protocol, e.g TCP or UDP) uses them. So with L2+L3 any pa...
by mkx
Thu Nov 14, 2024 9:22 am
Forum: General
Topic: VLAN config: RB2011UiAS-2HnD to L009UiGS-2HaxD
Replies: 3
Views: 295

Re: VLAN config: RB2011UiAS-2HnD to L009UiGS-2HaxD

Bridge port has to be tagged member of any VLANs which there are corresponding vlan interfaces.
by mkx
Thu Nov 14, 2024 8:28 am
Forum: General
Topic: Bonding 802.3ad
Replies: 8
Views: 522

Re: Bonding 802.3ad

L3+L4 is less common tho, but it should work good between two mikrotiks L3+L4 can spread traffic between one pair of devices to both bond links ... if devices use multiple connections in parallel. However, a single connection (e.g. single file transfer using SMB - windows file sharing) will still o...
by mkx
Wed Nov 13, 2024 4:50 pm
Forum: General
Topic: Routeros V7.15.3 randomly deleted users once a day.
Replies: 16
Views: 898

Re: Routeros V7.15.3 randomly deleted users once a day.

You haven't mentioned what the log is currently mentioning.
/system logging action
...

We are actually waiting to see output of /log/print (anything which looks weird and a few lines before weird lines to get some context).
by mkx
Wed Nov 13, 2024 4:45 pm
Forum: General
Topic: RBmAPL-2nD admin access to ethernet
Replies: 10
Views: 502

Re: RBmAPL-2nD admin access to ethernet

It boils down to this: interface lists work for interfaces ... and interfaces are the L3 entities (anything with IP address set). In case when one creates a bridge, adds a few L2 entities (ethernet ports, wifi interfaces, etc.), those L2 entities should never be used directly as L3 stuff (this is th...
by mkx
Wed Nov 13, 2024 4:32 pm
Forum: Wireless Networking
Topic: 60GHZ link doesn't agree.
Replies: 4
Views: 384

Re: 60GHZ link doesn't agree.

It's actually shooting under / between the branches.

Good. So the problem won't happen in Spring of 2025, it'll happen in Spring of 2026 :wink:
by mkx
Wed Nov 13, 2024 4:31 pm
Forum: Wireless Networking
Topic: Wave2 - Bridge.Ports vs. Wifi.Datapath
Replies: 28
Views: 9102

Re: Wave2 - Bridge.Ports vs. Wifi.Datapath

In case when I connect AP's as a wireless bridge with trunk - no questions about it. I would put specific wlan interface in "admit all" mode. But for users WiFi I would like to avoid it. Well ... what you'd like in this case doesn't correspond with what you can. And since it's up to perso...
by mkx
Wed Nov 13, 2024 4:24 pm
Forum: General
Topic: RBmAPL-2nD admin access to ethernet
Replies: 10
Views: 502

Re: RBmAPL-2nD admin access to ethernet

2 - check LAN interface list, both ether1 and ether2 should be there 3 - add all interfaces to bridge (ether1/2 and wifi itf) Actually ... bridge interface should be member of interface list. Individual ports (ether1 and ether2), members of bridge, don't have to be members of any interface list.
by mkx
Wed Nov 13, 2024 1:57 pm
Forum: General
Topic: RB5009 and VLANs
Replies: 19
Views: 1097

Re: RB5009 and VLANs

Brief comments: # FIXME: Do I need to explicitly set this? # /interface/ethernet/switch set 0 l3-hw-offloading=yes No. Where did you get this from ? Certainly not from the VLAN guide... I think it's default with recent v7 ... even if device actually doesn't support L3HW which makes this setting irr...
by mkx
Wed Nov 13, 2024 12:18 pm
Forum: General
Topic: Questions about LAN setup [SOLVED]
Replies: 1
Views: 211

Re: Questions about LAN setup [SOLVED]

yes ... just hAP ac2 can't be powered from wAP ax (wAP ax doesn't have PoE-out) yes ... included PoE adapter is "PoE injector" which is plugged between switch and powered device. It is transparent for data passing between both sides. yes ... if hAP ac2 will be running wifi-qcom-ac package...
by mkx
Wed Nov 13, 2024 12:11 pm
Forum: General
Topic: Force DNS request [SOLVED]
Replies: 8
Views: 661

Re: Force DNS request [SOLVED]


Yes, this would help ... but you'd have to constantly update the list of DoH servers ... so it's a moving target.
by mkx
Wed Nov 13, 2024 12:10 pm
Forum: General
Topic: Routeros V7.15.3 randomly deleted users once a day.
Replies: 16
Views: 898

Re: Routeros V7.15.3 randomly deleted users once a day.

In such a case it _might_ also be worthwhile to export config, netinstall device and then re-apply config again.

With emphasis being "export ... re-apply config" ... which is very different from "backup ... restore".
by mkx
Wed Nov 13, 2024 12:08 pm
Forum: Beginner Basics
Topic: How to firewall when behind ISP modem
Replies: 13
Views: 669

Re: How to firewall when behind ISP modem

I have started from ground up, so I'm not using the defconf of the MT. IMO this is a pretty bad decision. Default MT firewall is quite good and allows for easy adaptation (e.g. for using PPPoE instead of DHCP client as WAN "technology"). It also allows to make adjustments (e.g for port fo...
by mkx
Wed Nov 13, 2024 12:03 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 447
Views: 142796

Re: v7.16.1 [stable] is released!

Will I loose the capsman configuration ? It is a possibility. As far as I remember wifiwave2 config structure is pretty close (if not the same) as the (new) wifi config structure. So even if you'll have to manually upgrade configuration after you upgrade ROS, it shouldn't be a big problem. Export (...
by mkx
Wed Nov 13, 2024 9:11 am
Forum: Wireless Networking
Topic: 60GHZ link doesn't agree.
Replies: 4
Views: 384

Re: 60GHZ link doesn't agree.

Distance is measured as round-trip time and difference of 9 m roughly translates to 30 nano seconds. I slightly doubt that timing resolution in WiFi chip is any better than this. RTT is measured by each radio independently ... so there can be slight differences. Other link properties are dynamic and...
by mkx
Wed Nov 13, 2024 8:58 am
Forum: General
Topic: Routeros V7.15.3 randomly deleted users once a day.
Replies: 16
Views: 898

Re: Routeros V7.15.3 randomly deleted users once a day.

Also check how much free space is on flash storage ... You didn't mention device model but some devices have tiny flash storage (16MB or even a bit less) and depending on amount of packages installed and complexity of configuration it may run out of space, which may cause ROS to loose configuration ...
by mkx
Wed Nov 13, 2024 8:55 am
Forum: General
Topic: about forward in cross switch chips?
Replies: 6
Views: 476

Re: about forward in cross switch chips?

MT doesn't provide separate documentation for particular device models. Several documents do include sections, which only apply to particular hardware, but often this is indicated in a way not really obvious to users not intimately familiar with devices (e.g. often they indicate that some section ap...
by mkx
Wed Nov 13, 2024 8:49 am
Forum: General
Topic: untagg multiple VLAN on ether port
Replies: 14
Views: 722

Re: untagg multiple VLAN on ether port

As already explained: you can't have multiple VLANs untagged on single port and having bidirectional communication (with exception of somehow implementing MAC VLAN which tags ingress packets based on source MAC addresses). I recommend you to rethink the network topology ... best would be to install ...
by mkx
Wed Nov 13, 2024 7:06 am
Forum: General
Topic: about forward in cross switch chips?
Replies: 6
Views: 476

Re: about forward in cross switch chips?

1. I don't know which exactly manual you're reading. But: RB4011 doesn't really belong in the group of devices mentioned. It's using RTL8367 switch chips and it didn't support VLAN switching configured by switch configuration (under /interface/ethernet/switch), the menu didn't exist. One could only ...
by mkx
Wed Nov 13, 2024 6:53 am
Forum: General
Topic: Force DNS request [SOLVED]
Replies: 8
Views: 661

Re: Force DNS request [SOLVED]

I think the problem is DOH, if I do a torch I see requests towards 8.8.8.8:443. so AdGuard is skipped. How do I manage these requests to process everything from AdGuard?

You don't manage DoH requests, you live with it.
by mkx
Tue Nov 12, 2024 7:29 pm
Forum: General
Topic: untagg multiple VLAN on ether port
Replies: 14
Views: 722

Re: untagg multiple VLAN on ether port

Only one vlan go pass untagged leaving ether 2 and that is predicated upon the pvid setting at /interface bridge port Wrong. Correct would be: All configured VLANs pass untagged leaving ether2 but only one VLAN offers bidirectional communication. Just because you don't see use case for something do...
by mkx
Tue Nov 12, 2024 7:22 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

6.40 is ancient and can miss some functionality. I highly recommend you to upgrade to 6.49.17 (latest v6). I understand you may struggle but IMO this is essential. And yes, netinstall is a almost certainly a must (lack of space likely indicates remnants of unwanted config and/or unnecessary files on...
by mkx
Tue Nov 12, 2024 7:11 pm
Forum: General
Topic: untagg multiple VLAN on ether port
Replies: 14
Views: 722

Re: untagg multiple VLAN on ether port

but also want to untagg VLAN-20 & (native VLAN-1) traffic on the ether port. Your main problem so far is that VLAN 20 is only mentioned in VLAN interface creation. Bridge doesn't kniw about VLAN 20, so it won't pass it between CPU and other bridge ports ... and other bridge ports are not config...
by mkx
Tue Nov 12, 2024 2:19 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

Did you manage to set up your PtMP into transparent operation? After this is done, you can add configuration to transparently pass 802.1Q headers (VLANs). Or you can decide not to go with VLANs and keep the whole network (all 3 sites) as one flat LAN. In any case, CAPsMAN / CAP configuration is exac...
by mkx
Tue Nov 12, 2024 2:13 pm
Forum: Wireless Networking
Topic: Wave2 - Bridge.Ports vs. Wifi.Datapath
Replies: 28
Views: 9102

Re: Wave2 - Bridge.Ports vs. Wifi.Datapath

I wonder why this bothers you? Let’s say I have obsessive-compulsive disorder ) My vision of an ideal world (mainly came from years of configuring various Cisco networks) is that user access edge should be always in “access mode”, that is tagged traffic should be avoided at all cost on access ports...
by mkx
Tue Nov 12, 2024 2:08 pm
Forum: Beginner Basics
Topic: Is sniffer cpu-port forbidden?
Replies: 1
Views: 200

Re: Is sniffer cpu-port forbidden?

switchX-cpu is a switch port and doesn't exist outside of /interface/ethernet/switch scope. Ether ports are (in ROS) different as ROS does have capability to work with individual switched ports (as if they were stand-alone interfaces). If you have a bridge and has any of there ports (run by that par...
by mkx
Tue Nov 12, 2024 2:04 pm
Forum: General
Topic: Discovering rogue DHCP source WAN IP
Replies: 10
Views: 588

Re: Discovering rogue DHCP source WAN IP

We only see the mac address and LAN ip of the device, is there a way to trace the source WAN IP or route over the radio link, at least this way we could work out who it might be. You can't see IP address of your device because (apart from acting as a switch) it doesn't collaborate in malicious acti...
by mkx
Tue Nov 12, 2024 1:56 pm
Forum: General
Topic: sfp-ignore-rx-los doesn't stick (and what exactly does it do?)
Replies: 2
Views: 1418

Re: sfp-ignore-rx-los doesn't stick (and what exactly does it do?)

It's not bug, it's how get works. Like this:
:put [ /interface/ethernet/get sfp-sfpplus1 sfp-ignore-rx-los ]
by mkx
Tue Nov 12, 2024 1:53 pm
Forum: General
Topic: Force DNS request [SOLVED]
Replies: 8
Views: 661

Re: Force DNS request [SOLVED]

3. if LAN clients are on same subnet as pi-hole, then you need to implement the SRC NAT part of hairpin NAT
by mkx
Tue Nov 12, 2024 1:51 pm
Forum: General
Topic: about forward in cross switch chips?
Replies: 6
Views: 476

Re: about forward in cross switch chips?

When traffic is bridged between both switch chip port groups, there are two bottlenecks: 2.5Gbps interconnect between switch chip and CPU ... if cumulative traffic between ether ports of single switch chip and the rest of RB4011 would exceed 2.5Gbps, then this will slow things down CPU processing p...
by mkx
Tue Nov 12, 2024 1:38 pm
Forum: General
Topic: MikroTik v.7.16.1 CAPsMAN, datapath doesn't work
Replies: 5
Views: 1110

Re: MikroTik v.7.16.1 CAPsMAN, datapath doesn't work

Settings from CAPsMAN (datapath as well) are applied on CAP device. In your setup, you're setting /interface wifi configuration add country=Serbia datapath.bridge=bridge2 disabled=no mode=ap name=cfg1 security.ft=yes .ft-mobility-domain=0x1 .ft-over-ds=yes ssid="EF WiFi" but CAP device onl...
by mkx
Tue Nov 12, 2024 12:33 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 447
Views: 142796

Re: v7.16 [stable] is released!

... best practice is to use MAC of the first ethernet interface that is part of the bridge ... While this might be one of best approaches, it's not flawless ... if one removes "first ethernet interface" from bridge and forgets to change bridge MAC address, it's possible that some problems...
by mkx
Tue Nov 12, 2024 12:28 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155394

Re: v7.17beta [testing] is released!

MikroTik should probably revise the policy on having default configuration? While it can be understood that a CCR does not have a "forward" firewall (and "NAT"), for sure it should always have an "input" firewall. So it does not hurt to have an example of that in the d...
by mkx
Mon Nov 11, 2024 9:03 pm
Forum: RouterBOARD hardware
Topic: RB951Ui-2HnD port Running (R- flag) without cable connected to it
Replies: 5
Views: 482

Re: RB951Ui-2HnD port Running (R- flag) without cable connected to it

What to do to resolve the issue?

Throw RB951 in trash can?
by mkx
Mon Nov 11, 2024 9:00 pm
Forum: Wireless Networking
Topic: Wave2 - Bridge.Ports vs. Wifi.Datapath
Replies: 28
Views: 9102

Re: Wave2 - Bridge.Ports vs. Wifi.Datapath

But I didn't like the fact that with usage of datapath I got a tagged wireless traffic

I wonder why this bothers you?
by mkx
Mon Nov 11, 2024 8:33 pm
Forum: Beginner Basics
Topic: how to achieve this setup?
Replies: 4
Views: 417

Re: how to achieve this setup?

You cannot have the rb5009 providing separate subnets without double NAT ...
You can. But TPlink has to perform NAT also for "alien" subnets on LAN side ... and I've no idea if that's possible or not.
by mkx
Mon Nov 11, 2024 2:35 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 883

Re: Configuring wireless on wAP R from zero

Also, I don't really understand the logic of the "update ROS first, then upgrade firmware at next reboot": https://forum.mikrotik.com/viewtopic.php?t=199442 As I wrote in the last post of linked topic, FWF files (containing routerboot images) are inside ROS disk image. Generally installer...
by mkx
Sun Nov 10, 2024 10:27 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

By setting both spoke devices to station instead of station-bridge mode things get less transparent. So I wonder why you can't set these devices into station-bridge ... what is error message? Seeing CCQ considerably less than say 90 (100 would be ideal) while link is in use means trouble for the lin...
by mkx
Sun Nov 10, 2024 10:12 pm
Forum: Beginner Basics
Topic: CRS354-48P-4S+2Q+RM Performance Issues with Light Load
Replies: 5
Views: 487

Re: CRS354-48P-4S+2Q+RM Performance Issues with Light Load

CRS line of devices are switches ... by running ROS they can route but at fairly low speed. If running recent versions of ROS v7, certain configurations can offload routing and some firewalling to switch chip, increasing routed throughput a lot. Have a look at documentation: https://help.mikrotik.co...
by mkx
Sun Nov 10, 2024 4:21 pm
Forum: General
Topic: Periodic connectivity issues to external WinBox
Replies: 15
Views: 740

Re: Periodic connectivity issues to external WinBox

... if L3 hashing policy is used by them

L3 hashing depends on IP addresses (src and dst) so multiple connections (different ports) will always pass same LACP member. Only if L3+L4 hashing is used, then different connections (different src/dst port numbers) might take different LACP members.
by mkx
Sun Nov 10, 2024 1:48 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 883

Re: Configuring wireless on wAP R from zero

Some "essential" new ROS features require routerboot upgrade. Such as device-mode. (IIRC there were no such changes in ROS v6, routerboot changes were only necessary when hardware initialization had some problems). Also to boot ROS v7, one had to run some minimum version of routerboot (som...
by mkx
Sun Nov 10, 2024 1:02 pm
Forum: Beginner Basics
Topic: Move Configuration
Replies: 6
Views: 341

Re: Move Configuration

Is there a guide I could follow that helps me to setup WiFi?

Not a guide, but refrence manual for WiFi config: https://help.mikrotik.com/docs/spaces/R ... 59120/WiFi
by mkx
Sun Nov 10, 2024 12:57 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 883

Re: Configuring wireless on wAP R from zero

... although personally I use the later ... Couldn't that be called "preaching virtue but practicing vice"? :shock: Nope, not in case of routerboot upgrades ... I've never imposed (ever so mildly) suggestion in any direction in any of my posts (I'll buy you a beer or any other beverage of...
by mkx
Sun Nov 10, 2024 12:48 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 66
Views: 6806

Re: Datasheet for new improved hEX?

do any of ARM devices have IPsec acceleration working yet? It's not just a matter of the CPU architecture. I know. IPsec can as well depend on some particular CPU instructions ... which may or may not be present in some particular CPU implementation ... this seems to be the case. OTOH necesary inst...
by mkx
Sun Nov 10, 2024 12:17 pm
Forum: RouterBOARD hardware
Topic: Support for external LTE antennas
Replies: 11
Views: 1179

Re: Support for external LTE antennas

If you don't mind "antenna connector surgery" and ugly-looking antennas on the outer building facade (or on roof top), then Iskra P-60 5G antenna set might fit the needs. They come with 5m or 10m of antenna cable, SMA connectors attached. And their gain is very decent for most of supported...
by mkx
Sun Nov 10, 2024 11:51 am
Forum: Wireless Networking
Topic: nRAYG-60 True Speed
Replies: 5
Views: 366

Re: nRAYG-60 True Speed

... if I'm reading the calculations correctly? Yup. And that's "required clearance" at the middle of link, it's less closer to either antenna. But it's a good rule of thumb to have such clearance along the whole length of link. Beware of trees, they (or at least some of them :wink:) tend ...
by mkx
Sun Nov 10, 2024 11:46 am
Forum: Beginner Basics
Topic: Move Configuration
Replies: 6
Views: 341

Re: Move Configuration

Are you sure your original device was hAP ax2 snd not hAP a c 2? With event of ax devices ROS now includes new wifi driver and config is under /interface/wifi . Older devices ran wireless driver (with config under /interface/wireless ) and some ac devices could run either of drivers (with default be...
by mkx
Sun Nov 10, 2024 11:34 am
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 883

Re: Configuring wireless on wAP R from zero

Now #6 might be added as either: 6) You set automatic updates for routerboard firmware but not for ROS. or 6) You do not set automatic updates. Since your rules are intended "for dummies" (seasoned MT admins already live by these rules, right?), I'd go for the former ... although personal...
by mkx
Sun Nov 10, 2024 11:30 am
Forum: Beginner Basics
Topic: Move Configuration
Replies: 6
Views: 341

Re: Move Configuration

No simple way. Exported config depends on packages installed and builds on defaults. But also includes some of default config. So best chance to apply config from export is to start from no config on "recipient" ... and likely there will still be lines which will fail. And if they fail, yo...
by mkx
Sun Nov 10, 2024 11:24 am
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 66
Views: 6806

Re: Datasheet for new improved hEX?

Then why are ipsec features listed as being tied to mt7621 on MT Help pages related to IPSEC ? MT7621 is a SoC ... which includes CPU (MMIPS architecture), switch chip and some other things. EN7562CT is a SoC as well ... which includes CPU (ARM architecture), switch chip (which is specced as EN7562...
by mkx
Sun Nov 10, 2024 11:12 am
Forum: General
Topic: inter vlan routing in CSS 326 24G
Replies: 6
Views: 417

Re: inter vlan routing in CSS 326 24G

CSS is strictly a switch, it can't do any routing. You'll have connect both routers together. You can use CSS and create an "interconnection" VLAN if you will, but both routers would then have to "speak" VLAN at least for interconnection VLAN. Or connect both touters with direct ...
by mkx
Sun Nov 10, 2024 10:56 am
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 66
Views: 6806

Re: Datasheet for new improved hEX?

I expect IPSEC performance will be at least on par, if not better (since same MT7621 is included). Your expectation may be correct, but it's based on wrong premise. IPsec acceleration depends on CPU features or included accelerators ... but not on switch chip emulation. The new SoC EN7562CT include...
by mkx
Sun Nov 10, 2024 10:40 am
Forum: Beginner Basics
Topic: Request for Assistance with Load Balancing Configuration Between MikroTik Router and BDCOM Switch
Replies: 2
Views: 506

Re: Request for Assistance with Load Balancing Configuration Between MikroTik Router and BDCOM Switch

Look into 802.3ad bonding (a.k.a LACP). This has to be configured (and, above all, supported) on both sides. Bonds work best if all bond members use same speed. And beware that 802.3ad doesn't provide any mode which evenly distributes traffic between bond members "no matter what", it's alw...
by mkx
Sun Nov 10, 2024 10:29 am
Forum: Beginner Basics
Topic: How to forward traffic to the router behind Mikrotik
Replies: 2
Views: 557

Re: How to forward traffic to the router behind Mikrotik

Perhaps: configure CHR with firewall rules (and SRC NAT rule) according to defaults for SoHo MT devices (they were posted a few times in last year or two in some posts on this forum, use your favourite search engine to find them). Those defaults generally offer decent base for customization ... Then...
by mkx
Sun Nov 10, 2024 10:18 am
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 883

Re: Configuring wireless on wAP R from zero

One addition: list by @amm0 in bullet #7 mentions QuickSet ... IMO it's worth mentioning that if user did anything according to bullets 3-11 outside of QuickSet (which is very likely), then use of QuickSet is a very avanturistic act since it can revert some of changes (but not all) and hence end res...
by mkx
Sat Nov 09, 2024 9:08 pm
Forum: General
Topic: Mikrotik GPON SFP Optimization
Replies: 10
Views: 637

Re: Mikrotik GPON SFP Optimization

If I'm wrong, please correct me then. If the PPPoE authentication is removed, logically, the product would only function like a switch and wouldn't be unnecessarily burdened.
If L3HW is configured, then your CRS could even route at wirespeed ... but yes, PPPoE is a deal-breaker here.
by mkx
Sat Nov 09, 2024 9:02 pm
Forum: General
Topic: Mikrotik GPON SFP Optimization
Replies: 10
Views: 637

Re: Mikrotik GPON SFP Optimization

The unclear thing is that they are using the same device with a 10 Gbps network. Probably as 10Gbps switch ... Thre's another thing: L3HW offload, which allows CRS3xx to route at wire speed. But it has many constraints. Read more at: https://help.mikrotik.com/docs/spaces/ROS/pages/62390319/L3+Hardw...
by mkx
Sat Nov 09, 2024 8:50 pm
Forum: General
Topic: Mikrotik GPON SFP Optimization
Replies: 10
Views: 637

Re: Mikrotik GPON SFP Optimization

SwitchOS offers only switching, no routing. But you probably need a router between internet and LAN. Regarding optimization: which part of my previous post is not clear to you? And a coment on "high-end device": a switch with MSRP of around $200 is hardly a high-end device. If retailers in...
by mkx
Sat Nov 09, 2024 7:56 pm
Forum: Wireless Networking
Topic: nRAYG-60 True Speed
Replies: 5
Views: 366

Re: nRAYG-60 True Speed

In theory link performance depends on how obstructed is Fresnel zone. Which is widest at the link midpoint and gets narrow at both antennas. Which means that for best performance clear direct line of sight is not enough, even some vicinity has to be obstruction-free. OTOH for link that has "som...
by mkx
Sat Nov 09, 2024 7:37 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 30
Views: 5582

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

The difference between license level 3 and 4 (when it comes to radio) is that level 3 device can only be connected to one peer ... so any of station modes or bridge (but not ap-bridge). In PtMP scenario this means it can only be "spoke", not "hub". As to the rest of performance t...
by mkx
Sat Nov 09, 2024 7:31 pm
Forum: Wireless Networking
Topic: CAPs compability issues
Replies: 1
Views: 180

Re: CAPs compability issues

Device running ROSv7 version 7.13+ with wireless package installed (ot contains legacy capsman) can act as capsman for both legacy and modern APs. But with a few gotchas: if capsman also has wireless interfaces, then it better requires legacy drivers (generally this means pre v7 device) because driv...
by mkx
Sat Nov 09, 2024 7:16 pm
Forum: General
Topic: Mikrotik GPON SFP Optimization
Replies: 10
Views: 637

Re: Mikrotik GPON SFP Optimization

Your basic error is in believing that CRS326-24G-2S+RM is a decent router. In reality it's a switch which has (a fairly slow) CPU and when device runs ROS (it can run SwitchOS as well) it can route. And based on official test results you're getting very decent routing speeds for this device.
by mkx
Sat Nov 09, 2024 5:04 pm
Forum: Wireless Networking
Topic: nRAYG-60 True Speed
Replies: 5
Views: 366

Re: nRAYG-60 True Speed

No, ethernet ports are 1Gbps. "Aggregate speed" is a marketing BS buzzword ... effectively saying that port is full-duplex and can transfer at 1Gbps in both directions simultaneously. Wireless, OTOH, is half-duplex with large "direction switching" overhead ... so in reality (real...
by mkx
Sat Nov 09, 2024 4:33 pm
Forum: General
Topic: DNS Cache issue
Replies: 3
Views: 300

Re: DNS Cache issue

How are LAN devices configured ... to use adguard directly or to use router? This config is likely buried in DHCP server config.
by mkx
Sat Nov 09, 2024 4:30 pm
Forum: RouterBOARD hardware
Topic: RB3011 really broken?
Replies: 8
Views: 522

Re: RB3011 really broken?

@holvoetn now you started to nitpick. Who cares about performance if it looks this great?

If @jvanhambelgium cared about performance, then he wouldn't even think about fixing RB3011 (6x routing speed at 80% power consumption).
by mkx
Sat Nov 09, 2024 4:24 pm
Forum: General
Topic: Remove/change user-agent of a client?
Replies: 2
Views: 239

Re: Remove/change user-agent of a client?

This is entirely L7 operation. And ROS can not rewrite L7 information. With encrypted traffic (httpS) ROS even doesn't see this information, let alone can it manipulate encrypted information. A decent proxy server (browsers would have to be configured to use one) could rewrite this information ... b...
by mkx
Sat Nov 09, 2024 4:16 pm
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 66
Views: 6806

Re: Datasheet for new improved hEX?

So it seems that hEX, with refresh, got degraded from a decent 5-port ethernet switch to a decent 4-port ethernet switch with management port :lol:
by mkx
Sat Nov 09, 2024 1:05 pm
Forum: RouterBOARD hardware
Topic: RB3011 really broken?
Replies: 8
Views: 522

Re: RB3011 really broken?

... brand new shiny RB5009
They may be shiny, but fun level is anywhere near what RB3011 provides: full 1U dimension, LCD display, two switch chips, etc. Only colour comes near RB3011's black :lol:
by mkx
Sat Nov 09, 2024 12:59 pm
Forum: Wireless Networking
Topic: Radio drops out occationally
Replies: 8
Views: 461

Re: Radio drops out occationally

Is there any way I can log those events?
I'm not sure. I some related tings (such as "received packet with own MAC address" or something like that) are logged even by default, not sure if there are some more extensive loggings available for STP.
by mkx
Sat Nov 09, 2024 12:10 pm
Forum: Wireless Networking
Topic: Radio drops out occationally
Replies: 8
Views: 461

Re: Radio drops out occationally

Logs are saying that there are some STP events which cause bridge to block wifi2 interface ... and 7 seconds later traffic resumes. As I wrote, those events don't necessarily originate from either of wifi bridge members, they could start somewhere else and got propagated across other switches and br...
by mkx
Sat Nov 09, 2024 11:44 am
Forum: RouterBOARD hardware
Topic: RB3011 really broken?
Replies: 8
Views: 522

Re: RB3011 really broken?

So ... what else is there to try execept for the trashcan ?

Replace RAM?
by mkx
Sat Nov 09, 2024 11:40 am
Forum: Wireless Networking
Topic: Radio drops out occationally
Replies: 8
Views: 461

Re: Radio drops out occationally

Is there any chance that you actually have some loop in your network? Not necessarily directly on either of these two wireless devices?

Another possibility is that there's an actual bug (in combination between L23UGSR and recent ROS), but only MT can tell that.
by mkx
Sat Nov 09, 2024 11:31 am
Forum: General
Topic: Where is my DHCPv6 clients ! ?
Replies: 5
Views: 421

Re: Where is my DHCPv6 clients ! ?

Do you have "detect-internet" active on any device other than "none"?
by mkx
Sat Nov 09, 2024 10:55 am
Forum: General
Topic: Datasheet for new improved hEX?
Replies: 66
Views: 6806

Re: Datasheet for new improved hEX?

That doesn't seem right if it's the 2024 model. Not really, basic switch chip functionality didn't change since ages ago. And Qualcomm does the same: my Audience uses IPQ4018 SoC ... and switch chip reported is Atheros-8327. My venerable RB951G uses discrete ethernet switch chip type ... Atheros-83...
by mkx
Fri Nov 08, 2024 9:13 pm
Forum: General
Topic: Issues with bandwidth [SOLVED]
Replies: 19
Views: 1114

Re: Issues with bandwidth [SOLVED]

bandwidth test is very CPU intensive, in your case slow CPU is bottle neck. You realky should test throughput through switches. Using two computers and running iperf3 between them is pretty common way of testing. I guess the only issue here is to get hold on two computers which are actually capable ...
by mkx
Fri Nov 08, 2024 8:41 pm
Forum: General
Topic: Issues with bandwidth [SOLVED]
Replies: 19
Views: 1114

Re: Issues with bandwidth [SOLVED]

How do you test bandwidth? By running bandwidth test function on switches them selves?
by mkx
Fri Nov 08, 2024 8:35 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 237
Views: 27621

Re: wAP ax?

... setting the order of those interfaces is something which is done by startup script. I don't think so ... script says :local ifcId [/interface wifi find where default-name=wifi1] set $ifcId configuration.mode=ap channel.band=2ghz-ax disabled=no ... So the script knows that wifi1 is 2GHz radio (....
by mkx
Fri Nov 08, 2024 8:12 pm
Forum: Wireless Networking
Topic: Radio drops out occationally
Replies: 8
Views: 461

Re: Radio drops out occationally

Anything in logs of both devices?
by mkx
Fri Nov 08, 2024 5:37 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 237
Views: 27621

Re: wAP ax?

anyone noticed the order of wifi1/2 has been changed ... AGAIN ?? Wifi1 = 2Ghz Wifi2 = 5Ghz It may have something to do with the fact, that IPQ-5010 has only 2.4GHz WiFi built in SoC and that 5GHz radio is added by attaching separate radio chip to PCIe interface. Previous AX hardware (at least some...
by mkx
Fri Nov 08, 2024 2:47 pm
Forum: Beginner Basics
Topic: Minor problems with hac ac lite as a wireless client
Replies: 9
Views: 723

Re: Minor problems with hac ac lite as a wireless client

That's explain why I can't connect to the hap from the main network? I can't ping it either. I've no idea. It might be due to the fact that static IP address is set on wlan2 instead of bridge1? From winbox only the frequency can erase. You can set frequency=auto , band=5ghz-a/n/ac and channel-width...
by mkx
Fri Nov 08, 2024 12:05 pm
Forum: Beginner Basics
Topic: FTP Rules in Firewall are apparently wrong
Replies: 13
Views: 672

Re: FTP Rules in Firewall are apparently wrong

Which is more likely: you're working on the right solution and merely need to find the right way to express it, or every one of us opposing this plan of yours is wrong? The former ... because everybody is jealous seeing the great plan of @OP and nobody else ever thought of going that way. BTW, grea...
by mkx
Fri Nov 08, 2024 11:56 am
Forum: Beginner Basics
Topic: Minor problems with hac ac lite as a wireless client
Replies: 9
Views: 723

Re: Minor problems with hac ac lite as a wireless client

Added to discussion in my previous post I have another suggestion: when configuring wireless interface into any of station modes, don't "pin point" radio settings to anything. If AP decides to change its own running values, station may not be able to follow those changes. In particular: se...
by mkx
Fri Nov 08, 2024 11:15 am
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 816

Re: Towards Optimization of Production Firewall Rules

I'll just jump on a fragment: Analyzer: #1101 add action=accept chain=forward in-interface=WAN protocol=udp dst-port=443 dst-address=<QUIC Server> #1102 add action=accept chain=forward in-interface=WAN protocol=udp dst-port=443 dst-address=!<QUIC Server> The second rule is using a "not" ma...
by mkx
Fri Nov 08, 2024 11:00 am
Forum: Beginner Basics
Topic: Minor problems with hac ac lite as a wireless client
Replies: 9
Views: 723

Re: Minor problems with hac ac lite as a wireless client

Any station mode, other than "station-bridge", has problems when transparent bridge between two wired islands is required. In particular: MAC address of wired computer is lost when frame is passing such wireless link and any service, which expects to see unique MAC address (DHCP server is ...
by mkx
Thu Nov 07, 2024 7:43 pm
Forum: Wireless Networking
Topic: Please Respond - About new CapsMan (wifi)
Replies: 4
Views: 413

Re: Please Respond - About new CapsMan (wifi)

Default cap config it's called bridgeLocal.

Interesting, I didn't know that.
by mkx
Thu Nov 07, 2024 7:38 pm
Forum: Beginner Basics
Topic: Help DNS approach to Faster Browsing
Replies: 25
Views: 1694

Re: Help DNS approach to Faster Browsing

Authoritativity of servers depends on whether they are declared (by SOA and NS records) as such for certain domain(s). All other servers are caching servers. Like DNS server at 8.8.8.8 is caching server for mikrotik.com ... and servers of @TomjNorthIdaho are exactly the same in tthis respect. So a ...
by mkx
Thu Nov 07, 2024 7:31 pm
Forum: General
Topic: Issues with bandwidth [SOLVED]
Replies: 19
Views: 1114

Re: Issues with bandwidth [SOLVED]

Basically you have 5 switches. Currently help.mikrotik.com doesn't work for me and I can't verify, but from the top of my head none are really good at L3 tasks (they do support L3 HW offload). Which device does have address 192.168.1.1, netgear?
by mkx
Thu Nov 07, 2024 7:14 pm
Forum: General
Topic: Router Rebooting Issue
Replies: 2
Views: 306

Re: Router Rebooting Issue

I'd say that if wireless router is rebooting (and it's not powered via PoE from your MT router), then it's likely an issue of wireless router. But my logic might be flawed, what do I know?
by mkx
Thu Nov 07, 2024 7:07 pm
Forum: Beginner Basics
Topic: Help DNS approach to Faster Browsing
Replies: 25
Views: 1694

Re: Help DNS approach to Faster Browsing

I maintain my own dedicated Linux BIND DNS servers. North Idaho Tom Jones Are these servers authoritative? Authoritativity of servers depends on whether they are declared (by SOA and NS records) as such for certain domain(s). All other servers are caching servers. Like DNS server at 8.8.8.8 is cach...
by mkx
Thu Nov 07, 2024 8:34 am
Forum: Wireless Networking
Topic: Please Respond - About new CapsMan (wifi)
Replies: 4
Views: 413

Re: Please Respond - About new CapsMan (wifi)

Not going into details, but ... wifi CAPsMAN doesn't offer "capsman forwarding" ... which means that anything, defined in datapath, is applied on each CAP device. In particular: your setting /interface wifi datapath add bridge=Bridge-CAPsMAN-202 disabled=no name=DP-VoIP-WLAN means that CAP...
by mkx
Thu Nov 07, 2024 8:22 am
Forum: General
Topic: Issues with bandwidth [SOLVED]
Replies: 19
Views: 1114

Re: Issues with bandwidth [SOLVED]

You'll have to be much more specific to get any valuable feedback: which device models, their intended use, add exported config. Generally: if "3 layer 2 48 ports" (assuming you're talking about some CRS switches) are running RouterOS (as opposed to running SwitchOS), then they can be conf...
by mkx
Thu Nov 07, 2024 8:14 am
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 816

Re: Towards Optimization of Production Firewall Rules

Personally I tend to avoid the ! matchers ... yes, they can be useful, but when one starts combining multiple "NOT" criteria, they are a bit counterintuitive and thus prone for errors. Or if one wants to have multiple rules with similar matchers, the only difference being the "NOT&quo...
by mkx
Wed Nov 06, 2024 7:47 pm
Forum: General
Topic: Towards Optimization of Production Firewall Rules
Replies: 13
Views: 816

Re: Towards Optimization of Production Firewall Rules

There is no magic in compilation and evaluation of firewall rules. They are strictly evaluated top-to-bottom, first matching executes. So the optimization trick is to reduce average number of rule evaluations (it was never explicitly stated whether all rules cost same CPU to evaluate or not, I'd exp...
by mkx
Wed Nov 06, 2024 7:08 pm
Forum: General
Topic: RB5009UG+S+ APC UPS Issues
Replies: 5
Views: 676

Re: RB5009UG+S+ APC UPS Issues

Could be that bug, which "freezes" display of UPS status, contributes to reboot as well. But anyway, I doubt you'll get any help about your problems on this forum, they don't seem to be due to configuration error, which is what we, fellow MT users, can help. But this forum is not one of of...
by mkx
Wed Nov 06, 2024 6:54 pm
Forum: Beginner Basics
Topic: Trying to wrap my head around VLANs
Replies: 17
Views: 1527

Re: Trying to wrap my head around VLANs

I just want to say that I have never been able to get a useful environment using VLANs. Well, VLAN is a tool ... Most people use tools because they have a task to do and certain tools fit the task perfectly (but one has to know different tools reasonably well to identify best tool for certain task)...
by mkx
Wed Nov 06, 2024 6:41 pm
Forum: Beginner Basics
Topic: Load balance between ether and wlan
Replies: 2
Views: 265

Re: Load balance between ether and wlan

Device with model name "RM950Ui-2HnD" doesn't exist. If, however, this is about RB951Ui-2HnD ... then it's an old and relatively slow device, ether ports are 100Mbps only, wireless is N so realistically around 100Mbps as well. CPU is no rocket either, it could route at around 200Mbps in si...
by mkx
Wed Nov 06, 2024 3:05 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 2834

Re: wAP coverage -- picture included

MIMO radios don't imply antenna layout. It's about making MIMO legs, transmitted over RF, distinguishable between each other as good as possible. Separate antenna ports ensure that ideally, the rest is up to antennas (and environment).
by mkx
Wed Nov 06, 2024 3:02 pm
Forum: General
Topic: RB5009UG+S+ APC UPS Issues
Replies: 5
Views: 676

Re: RB5009UG+S+ APC UPS Issues

Item #1 is a bug and you should report it to support@mikrotik.com

Item #2 ... did UPS provide power to RB's power adapter? If not, then it's a PEBKAC type of problem.
by mkx
Wed Nov 06, 2024 2:21 pm
Forum: General
Topic: Loopback interface sending DHCP broadcasts [SOLVED]
Replies: 7
Views: 595

Re: Loopback interface sending DHCP broadcasts [SOLVED]

Indeed MT failed to provide a good explanation so far. Below is my impression of it (it's limited as I disable the feature as soon as I remember doing it, which is around 2 seconds after I log in). From how it works (and from rare occasions when some MT staffer described some of it in some random fo...
by mkx
Wed Nov 06, 2024 2:05 pm
Forum: General
Topic: RB3011 White Blank Screen Issue on Startup [SOLVED]
Replies: 1
Views: 269

Re: RB3011 White Blank Screen Issue on Startup [SOLVED]

If it does function as a switch, then it does boot and applies come configuration. Which means you have to try harder to get it netinstalled (with current config wiped as well), process of netinstall is a pretty fragile and easily fails. If, when saying "blank white full screen", you're re...
by mkx
Wed Nov 06, 2024 2:00 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 2834

Re: wAP coverage -- picture included

What I don't understand is how the dual RP-SMA ports work? How does the AP (transceiver) look at those ports? Most probably those dual antenna ports are used for MIMO ... and for each MIMO leg (in WiFi they are called chains) one needs a separate antenna. Some antennas are dual-port (or MIMO) and a...
by mkx
Wed Nov 06, 2024 11:53 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 2834

Re: wAP coverage -- picture included

There are such antennas, but they don't come cheap, are large and (some of them) look ugly. Antenna gain is generally proportional to antenna size and antenna size for given gain is generally proportional to wavelength. Which in essence means that at certain gain antenna for 2.4GHz has to be 2-times...
by mkx
Wed Nov 06, 2024 11:45 am
Forum: General
Topic: Loopback interface sending DHCP broadcasts [SOLVED]
Replies: 7
Views: 595

Re: Loopback interface sending DHCP broadcasts [SOLVED]

I then set it to detect only the interface with the Internet state. Actually ... after you do any kind of manual configuration (and you know which of interfaces will be connected to WAN) it's useless to have detect-internet enabled in any way. Because the only thing it could potentially do is screw...
by mkx
Wed Nov 06, 2024 11:41 am
Forum: General
Topic: VLANs - there has to be a simpler way!
Replies: 17
Views: 1242

Re: VLANs - there has to be a simpler way!

I can understand your line of thought. However I guess that "VLAN wizard" will be out of scope of MT's tools for a while. The reason being: VLAN is feature which in principle spans whole LAN (or at least extensive parts), which includes several LAN infrastructure devices (possibly by diffe...
by mkx
Wed Nov 06, 2024 11:24 am
Forum: General
Topic: Router reset after reboot
Replies: 4
Views: 352

Re: Router reset after reboot

After netinstalling ... what did you do with configuration? Did you configure it from scratch? Or did you restore config from backup file? I configured from scratch, and yeah got deleted again when I just simply rebooted. This seems to me like a problem for support ticket. Contact MT support (you c...
by mkx
Wed Nov 06, 2024 11:16 am
Forum: Beginner Basics
Topic: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+
Replies: 6
Views: 467

Re: Problem connecting my CCR2004-16G-2S+ to my CSR328-24P-4S+

First, a suggestion: winbox4 is still a beta software and has quite a few teething problems ... so try using winbox3 and see if it works better for you. Next: CCR config has quite a few problems, but a few are pretty grave: try to set MAC address to "LAN Bridge" manually. Principle is to t...
by mkx
Tue Nov 05, 2024 8:11 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1096

Re: LtAP, Verizon, Quectel EC-25AF no worky

... i.e. it's like GRUB so once RouterOS boots, I'd think it go away once boot.

It's not like grub, it's like BIOS or UEFI ... it initializes all hardware and can put it into some weird state which can't be remedied by drivers.
by mkx
Tue Nov 05, 2024 8:08 pm
Forum: General
Topic: Router reset after reboot
Replies: 4
Views: 352

Re: Router reset after reboot

After netinstalling ... what did you do with configuration? Did you configure it from scratch? Or did you restore config from backup file?
by mkx
Tue Nov 05, 2024 6:32 pm
Forum: Wireless Networking
Topic: Requesting help regarding my device running MESH
Replies: 20
Views: 692

Re: Requesting help regarding my device running MESH

... there is a huge difference in price, the price of the MOCA would allow me to re-route a CAT5e cable from the first floor.
So there's a way ... and I sense you're getting some will ... to do it properly :wink:
by mkx
Tue Nov 05, 2024 6:13 pm
Forum: Wireless Networking
Topic: WiFi Radio Issue
Replies: 9
Views: 515

Re: WiFi Radio Issue

Configuration of CRS refers to old wireless CAPsMAN. You have to configure the new WiFi capsman (there's a section with such title in document linked by @grusu above). If there's still wireless package installed on CRS, uninstall it.
by mkx
Tue Nov 05, 2024 11:27 am
Forum: RouterBOARD hardware
Topic: Rescriere bootloader in routerboard hEX S (RB 760iGS) [SOLVED]
Replies: 1
Views: 443

Re: Rescriere bootloader in routerboard hEX S (RB 760iGS) [SOLVED]

All MT devices have "primary" routerboot and "backup" routerboot. When upgrading routerboot, one upgrades primary one. It's (almost) impossible to upgrade backup routerboot. There's a procedure (button press) which selects backup routerboot ... and in that case, it should be poss...
by mkx
Tue Nov 05, 2024 11:21 am
Forum: Wireless Networking
Topic: Requesting help regarding my device running MESH
Replies: 20
Views: 692

Re: Requesting help regarding my device running MESH

Again, in my view a real ethernet cable is always better but as alternative, powerline can be used as well. @holvoetn, being European guy, keeps forgetting about possibility to use coax cables for data transmission ... there are even two standards, which allow using TV coaxial cables for data trans...
by mkx
Tue Nov 05, 2024 11:15 am
Forum: Wireless Networking
Topic: Unlock Wireless power to pump up dBm-s
Replies: 11
Views: 994

Re: Unlock Wireless power to pump up dBm-s

You have channel.width and channel.band set in wifi configuration profiles ... BTW, settings, which affect physical radio interface (frequency, band, width, Tx power, etc.) are only applied on master interface ... setting them on slave interfaces doesn't make any difference (and can be thus misleadi...
by mkx
Tue Nov 05, 2024 11:06 am
Forum: General
Topic: Migrating config between two identical routers
Replies: 1
Views: 230

Re: Migrating config between two identical routers

I read that the Backup/Restore option is a binary operation and is only really designed to backup/restore the same exact router but, can I use it to backup/restore the exact same MODEL of router? In your particular case (same router model, same ROS version), restoring backup on stand-by device will...
by mkx
Mon Nov 04, 2024 10:26 pm
Forum: Beginner Basics
Topic: Added 2nd rb5009 to my setup and lost internet connectivity.
Replies: 4
Views: 545

Re: Added 2nd rb5009 to my setup and lost internet connectivity.

I'll have to find out how to attach the second rb5009 as a switch instead of a router and try again. SOP when comissioning new device is to connect management computer directly to comissioned device ... and nothing else. It may be necessary to configure IP address on management computer manually (i...
by mkx
Mon Nov 04, 2024 10:08 pm
Forum: Beginner Basics
Topic: no internet access
Replies: 9
Views: 556

Re: no internet access

Basic problem of your WiFi AP is incomplete IP address setting, it's missing subnet setting. Change it like this: /ip address add address=192.168.11.251 /24 interface=bridgeLocal network=192.168.11.0 After you fix IP address, you'll be able to enter router's IP address which is currently rejected.
by mkx
Mon Nov 04, 2024 9:40 pm
Forum: Beginner Basics
Topic: no internet access
Replies: 9
Views: 556

Re: no internet access

Thanks, I suspect this too. But where to set GW for Bridge? See pics attached.

Set your main router's IP address in Gateway field.
by mkx
Mon Nov 04, 2024 9:19 pm
Forum: Wireless Networking
Topic: Unlock Wireless power to pump up dBm-s
Replies: 11
Views: 994

Re: Unlock Wireless power to pump up dBm-s

The settings I mentioned can be set in two locations: directly on wifi interface or in channel profile ... so check both places.
by mkx
Mon Nov 04, 2024 9:15 pm
Forum: Wireless Networking
Topic: AX No Supported Channels
Replies: 3
Views: 354

Re: AX No Supported Channels

Specs of Netmetal 5 ax say it's WiFi 6th generation ... not generation 6e (which added support for 6GHz bands) nor 7th generation (which also builds on 6GHz band).

So no, you can't drive Netmetal 5 ax higher than around 5.8GHz.
by mkx
Mon Nov 04, 2024 9:08 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 237
Views: 27621

Re: wAP ax?

Why do clients then see weaker signal? Are higher gain antennas better for AP RX direction? Besides beeing more directional. Country limitation is about EIRP ... which is in most WiFi cases reduced to: Tx power + antenna gain. So the higher antenna gain, the lower Tx power ... but for clients the e...
by mkx
Mon Nov 04, 2024 8:00 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 237
Views: 27621

Re: wAP ax?

BTW, what does /interface/wifi/radio/print detail show set to min-antenna-gain ? Acvording to your observations it should be set to 7 for both radios. 2 cap="MikroTik@xxxx" radio-mac=xxx tx-chains=0,1 rx-chains=0,1 bands=2ghz-g:20mhz,2ghz-n:20mhz,20/40mhz,2ghz-ax:20mhz,20/40mhz ciphers=tk...
by mkx
Mon Nov 04, 2024 7:45 pm
Forum: Wireless Networking
Topic: Requesting help regarding my device running MESH
Replies: 20
Views: 692

Re: Requesting help regarding my device running MESH

RB951Ui-2HnD (1F) should be configured both ap-bridge (to connect to 2F) Actually as "station-bridge" ... And "RB951Ui-2HnD (2F)" has to be "ap-bridge" (not sure, if mode "ap" - without bridge - is available though). I hope @OP is aware that all mentioned WiF...
by mkx
Mon Nov 04, 2024 7:38 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 237
Views: 27621

Re: wAP ax?

And from these devices - all sharing the same SoC - you chose hap ax lite with the by far "lowest" values in the wireless specification table. I chose hAP ax lite because it poped up in my mind the first. Yes, it may be a poor choice ... but it does illustrate that Tx power can vary betwe...
by mkx
Mon Nov 04, 2024 7:23 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 237
Views: 27621

Re: wAP ax?

Unless someone names me one "super-loose" country I could test the maximum values. Brazil is a "super-loose" country when it comes zo 2.4GHz band (30dBm Tx power). Pretty high Tx powers on 5GHz as well. BTW, what does /interface/wifi/radio/print detail show set to min-antenna-ga...
by mkx
Mon Nov 04, 2024 7:10 pm
Forum: General
Topic: IPv6 and Comcast
Replies: 3
Views: 398

Re: IPv6 and Comcast

Completely unset property dhcp-options="" ... setting it to empty value is not the same as not setting it at all.

I wonder why this properry is listed twice in the output of /ipv6/dhcp-client/print ...
by mkx
Mon Nov 04, 2024 7:06 pm
Forum: General
Topic: Cannot ping between Mikrotik CloudSwitch and RouterBoard when using a VLAN [SOLVED]
Replies: 6
Views: 668

Re: Cannot ping between Mikrotik CloudSwitch and RouterBoard when using a VLAN [SOLVED]

Not sure if the next thought actally applies, but you still may want to fix it: LAN interface list membership, which can be important for firewall (it seems to be used in IPv6 firewall though). This interface list has to contain interfaces not bridge ports. Most of times interfaces are those which a...
by mkx
Mon Nov 04, 2024 3:11 pm
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 2834

Re: wAP coverage -- picture included

Maybe stupid question, but aren't the two HGO-antenna-OUT directly mounted too near to each other to do any good? Principle use of NetMetal ax is to attach good antennas to the RP-SMA connectors. The image with antennas attached shows secondary use, from product brochure: If necessary, you can adap...
by mkx
Mon Nov 04, 2024 2:58 pm
Forum: General
Topic: Cannot ping between Mikrotik CloudSwitch and RouterBoard when using a VLAN [SOLVED]
Replies: 6
Views: 668

Re: Cannot ping between Mikrotik CloudSwitch and RouterBoard when using a VLAN [SOLVED]

You didn't specify which ports on both devices are used to interconnect. So based on comments: port ether2 on RB5009 connects ether1 on CRS310. Which I guess should be trunk port, but you have on both ports set "frame-types=admit-only-untagged-and-priority-tagged" ?
by mkx
Mon Nov 04, 2024 2:49 pm
Forum: General
Topic: LHGG FG621-EA poor performance on Vodafone 4G [SOLVED]
Replies: 2
Views: 318

Re: LHGG FG621-EA poor performance on Vodafone 4G [SOLVED]

FG621-EA doesn't support carrier aggregation in uplink (while most contemporary smart devices do) ... and depending on MNO's configuration it may be forced to use cell with low capacity as serving cell which then limits UL speeds (for DL, where CA does work, this is not as big problem because the CA...
by mkx
Mon Nov 04, 2024 2:43 pm
Forum: General
Topic: CCR2004-1G-2XS-PCIe unexpected behavior
Replies: 6
Views: 2993

Re: CCR2004-1G-2XS-PCIe unexpected behavior

What I meant is that without knowing anything about networking and particular network layout in near vicinity of a networked device it's almost impossible to create a meaningful configuration ... specially if it includes advanced things (and having "Streaming Server" is advanced these days...
by mkx
Mon Nov 04, 2024 2:39 pm
Forum: General
Topic: New static route
Replies: 4
Views: 379

Re: New static route

Sorry, I don't use BTH (or WG), so I don't know how to set up default route via that kind of tunnels.
by mkx
Mon Nov 04, 2024 11:01 am
Forum: RouterBOARD hardware
Topic: Support for external LTE antennas
Replies: 11
Views: 1179

Re: Support for external LTE antennas

I'm just curious though... Why wouldn't you just use a LHGG or SXT outside (as opposed to external antennae)? The general problem with MT's antennas (and even more with directional ones) is that their gain chart is really shitty. Take a look at LHGG ... indeed antenna gain is specced at 17dBi, but ...
by mkx
Mon Nov 04, 2024 10:51 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 2834

Re: wAP coverage -- picture included

Dont forget: CRS: Cloud router switch ... ... which doesn't really belong into xAP family of devices, does it? And generally doesn't provide wireless coverage at all, does it? In case you missed: this thread was about wAP and @Normis tried to explain that wAP (due to being wall AP) doesn't really h...
by mkx
Mon Nov 04, 2024 10:49 am
Forum: General
Topic: Odd problem with DNS and VLANs
Replies: 2
Views: 338

Re: Odd problem with DNS and VLANs

You may want to add dns-server=<IP address> to settings under /ip dhcp-server network explicitly. Since you don't have them set explicitly, DHCP server might "invent" values for this property (as DHCP clients generally require it) and with automagically determined values is always potentia...
by mkx
Mon Nov 04, 2024 10:41 am
Forum: Beginner Basics
Topic: no internet access
Replies: 9
Views: 556

Re: no internet access

Also, unless I'm missing it, there isn't any masqerade stetting between the wan and lan. Not familiar with capsman, so could be in that already.

No, CAPsMAN doesn't do it. And since @OP is using this device as AP only, NAT is not something it is supposed to do (main router should do it).
by mkx
Mon Nov 04, 2024 9:25 am
Forum: Beginner Basics
Topic: no internet access
Replies: 9
Views: 556

Re: no internet access

The gateway should be set to the IP address of your router. This! You might want to consider using DHCP client (on the bridge) that handles correct IP addressing. There is one ... but as @OP writes, he's using static addressing, so likely he doesn't run DHCP server in his network. I agree that thes...
by mkx
Mon Nov 04, 2024 9:20 am
Forum: RouterBOARD hardware
Topic: Support for external LTE antennas
Replies: 11
Views: 1179

Re: Support for external LTE antennas

I took a photo of a wAPac with 4 pigtails and an external 4x4 antenna. It works, but it requires the pigtails being exposed with ethernet/SIM/power, so it kinda easy to damage and crossing power. Looks neat though. But yes, such things are almost always a problem with DIY projects (or if device des...
by mkx
Mon Nov 04, 2024 9:04 am
Forum: Wireless Networking
Topic: Unlock Wireless power to pump up dBm-s
Replies: 11
Views: 994

Re: Unlock Wireless power to pump up dBm-s

What happens if you set "channel.band=2ghz-n" and channel.width="20mhz" ? And only one of these (leaving the other as you currently have it)?
by mkx
Mon Nov 04, 2024 8:55 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 2834

Re: wAP coverage -- picture included

As in the name, it's a "wall acces point (wap)", Ah, so that's the meaning of initial letter in names of "xAP" devices ... so "cAP" means "ceiling AP". @Normins, do you mind explaining meaning of "h" in "hAP"? And are there any "pAP&q...
by mkx
Mon Nov 04, 2024 8:53 am
Forum: General
Topic: New static route
Replies: 4
Views: 379

Re: New static route

Your question is not very clear. So here's a "misty" (conceptual) answer: if next hop is not known this way or another (either IP address of next hop or point-to-point interface towards next hop), then it's not possible to create a route which would be helpful to router. You might get a mo...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 45