Community discussions

MikroTik App

Search found 11853 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 40
by mkx
Thu Mar 28, 2024 7:07 pm
Forum: RouterBOARD hardware
Topic: Old RB750 V1 (Not RB750G) will not update to firmware 7.X
Replies: 3
Views: 96

Re: Old RB750 V1 (Not RB750G) will not update to firmware 7.X

Personally I'd upgrade using ROS built-in updater as far as it goes ... and upgrade routerboot as it goes. Running ROS v7 requires routerboot which is not ancient (6.45.7 might be fine, but to be on safe side ...). Next: if you want to upgrade from v6 to v7 using built-in updater, you have to set ch...
by mkx
Thu Mar 28, 2024 6:46 pm
Forum: Wireless Networking
Topic: Can I safely uninstall wireless package - hEX
Replies: 7
Views: 218

Re: Can I safely uninstall wireless package - hEX

The installer doesn't analyze actual configuration of the device hence it doesn't know whether capsman functionality, included in now separate package wireless, is needed or not. To be on safe side the package is installed even though device doesn't have wireless hardware.
by mkx
Wed Mar 27, 2024 8:33 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92312

Re: v7.14.2 [stable] is released!

@Amm0: exactly, proper setting would be something like propagation-delay-max with integer setting (>=1) and unit of microseconds (and 10km would roughly translate into 33 microseconds). But imagine chaos this would cause among most AP admins. Constant indoor would translate into 1 microsecond or aro...
by mkx
Wed Mar 27, 2024 7:44 pm
Forum: Wireless Networking
Topic: 7.14 breaks wifi
Replies: 8
Views: 549

Re: 7.14 breaks wifi

The signal strength, reported with disconnection events (around -30dBm), is very high. Does the same happen when there's some distance between AP and station? Healthy signal strengths are between -50dBm and -60dBm.
by mkx
Wed Mar 27, 2024 7:38 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92312

Re: v7.14.2 [stable] is released!

But would then it be speed of light in vacuum or in some thick air with large refractive index?
by mkx
Wed Mar 27, 2024 7:32 pm
Forum: General
Topic: NAT 1:1 on Mikrotik - without gateway on the client device
Replies: 1
Views: 188

Re: NAT 1:1 on Mikrotik - without gateway on the client device

These NAT rules should be fine. If you can set up routes on "WAN" side and PLC address space doesn't clash with addresses on WAN side, then you could set route (dst 192.168.0.0/24 gateway 10.40.100.X (where this address is router's WAN IP address). Then you only need single SRC-NAT rule: /...
by mkx
Wed Mar 27, 2024 7:23 pm
Forum: General
Topic: AX3 Wifi confusion
Replies: 9
Views: 593

Re: AX3 Wifi confusion

well, your issue is all about "skip-dfs-channels=all". In the heart of an incredibly RF and people dense city, in a huge apartment building, I don't have a choice but to use DFS channels. Well, then set this to skip-dfs-channels=disabled ... only then will your ax3 try to use DFS channels...
by mkx
Wed Mar 27, 2024 6:22 pm
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1622

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

First of all, I'm glad you found the problem. BTW, when I tried updating software it said 7.12.1 is the highest version possible. However, when I want to download netinstall there is 7.14.1 Stable available as default... Should I go with that or rather use 7.12.1? 7.13 came with breaking change (wir...
by mkx
Wed Mar 27, 2024 9:23 am
Forum: Beginner Basics
Topic: ONU terminal on PoE-out issue
Replies: 4
Views: 318

Re: ONU terminal on PoE-out issue

Does Mikrotik have some models with PoE-out with 12V? Any device with passive PoE out and which can be powered using 12V power adapter. But I suggest you not to go this way. If you absolutely have to power ZTE via PoE, use passive PoE injector (MT's own RBGPOE might do the trick) and use dedicated ...
by mkx
Wed Mar 27, 2024 9:21 am
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1622

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

I'll start from the scratch and check step by step when the connectivity fails, hope I'll find out. That's something I was about to suggest you. Start by netinstalling the switch and try to progress at desired setup without taking turns. There were cases where visible configuration of device (the o...
by mkx
Wed Mar 27, 2024 9:15 am
Forum: Beginner Basics
Topic: CAPsMAN across "wireless" and "wifi-qcom" package
Replies: 1
Views: 239

Re: CAPsMAN across "wireless" and "wifi-qcom" package

CAPsMAN for legacy (wireless) and wave2 (wifi-qcom ...) radios are two distinct entites and have to be configured separately. With ROS 7.13+ it is possible to run both CAPsMAN instances on the same device, but it needs legacy wireless package installed (even if device itself doesn't have any wireles...
by mkx
Tue Mar 26, 2024 6:00 pm
Forum: General
Topic: RB952Ui was hacked
Replies: 3
Views: 400

Re: RB952Ui was hacked

If reset button is indeed disabled[*] (a.k.a. protected routerboot), then your RB951Ui just became e-waste. [*] In theory it's not possible to enable protected routerboot without physical access to device, so it's unlikely that remote hacker did it. If you didn't do it yourself, then it still should...
by mkx
Tue Mar 26, 2024 4:58 pm
Forum: Wireless Networking
Topic: Too strong signal - wifi client flapping (7.13+)
Replies: 5
Views: 390

Re: Too strong signal - wifi client flapping (7.13+)

Signal strength of 50 is quiet impossible as far as I know. In theory it's possible, but in practice not so much. It would mean that Rx antenna is pumping 100W worth of signal into receiver. Not many WiFi devices can transmit at that kind of EIRP and as soon as there's some air gap between Tx and R...
by mkx
Tue Mar 26, 2024 4:44 pm
Forum: General
Topic: Config returning after reboot
Replies: 3
Views: 304

Re: Config returning after reboot

If flash is full (or there's only very little free space), then changes in config are not (successfully) saved to flash any more. One has to make some more space. Either by removing some files (e.g. old backup files). Or if there are some optional package files installed, uninstall one (it can very ...
by mkx
Tue Mar 26, 2024 4:36 pm
Forum: General
Topic: HW Offloading
Replies: 1
Views: 322

Re: HW Offloading

L3HW offloading only works between if all routes reside on same bridge. It seems your WAN is on off-bridge interface sfp-sfpplus1 .
by mkx
Mon Mar 25, 2024 7:43 pm
Forum: General
Topic: How does RouterOS prioritize domain name servers?
Replies: 3
Views: 412

Re: How does RouterOS prioritize domain name servers?

Your wish goes against established operation and good practice. All configured DNS servers are supposed to return same results to any query. Hence when multiple servers are configured, then DNS client (resolver) is free to use any of them with no particular affinity. Most use one server for all quer...
by mkx
Mon Mar 25, 2024 8:39 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

I think it was said that min-antenna-gain depends on factory software version (or was it routerboot version? ... lately it's the same, so ...). My audience says "factory-software: 6.45.8" and "factory-firmware: 6.47.9" (which strikes me odd to see such a huge discrepancy in these...
by mkx
Mon Mar 25, 2024 8:26 am
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 849

Re: CRS317 + CRS328 - InterVLAN routing with L3HW

Are your LAN devices (in all VLANs) set up to use CRS317 as gateway?
by mkx
Sun Mar 24, 2024 3:35 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1458

Re: Where's my bottleneck?

I found one that works: 5735-5895

Beware that these high channels are recent addition and not all station devices support them.
by mkx
Sun Mar 24, 2024 3:32 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1458

Re: Where's my bottleneck?

You can't "invent" frequency settings ... so go for 5260.

Frequency setting in MT is center frequency of control channel (so if setting frequency to 5260, set band to Ceee).
by mkx
Sun Mar 24, 2024 3:28 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

Management often equals winbox connection with multiple windows open and refreshing stats.
by mkx
Sun Mar 24, 2024 3:25 pm
Forum: General
Topic: CHR or Ethernet router?
Replies: 5
Views: 587

Re: CHR or Ethernet router?

Now when you say single core CPU, the systems I have in mind will definitely have 6 cores at least, not because I have some absolute requirement but simply because they come with these and there is no way around...Since I will be using VMware Workstation pro with the CHR (if I go with it) are you s...
by mkx
Sun Mar 24, 2024 3:15 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1458

Re: Where's my bottleneck?

2.4ghz Scan shows that neighbours are well educated and mostly operate in 1-6-11 pattern. You should stick to it as well, channel 11 (2462MHz) seems slightly less loaded. And don't try to use 40MHz channel 2.4GHz band (outside deserted areas) simply doesn't have enough band width. Channel utilizati...
by mkx
Sun Mar 24, 2024 3:06 pm
Forum: Beginner Basics
Topic: What happens to an interface that is not part of any bridge?
Replies: 7
Views: 585

Re: What happens to an interface that is not part of any bridge?

On layer2 interfaces are isolated. So possibility of leaking frames is slim. If frames do leak, it's probably due to errors in configuration.

Also note that without special config, router will pass packets in all directions and L2 isolation alone can't do magic.
by mkx
Sun Mar 24, 2024 3:01 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

. . . For extras there are USB ports, SD slots, M.2 slots, mountable disks, etc. . . . On the ax2 device ? Let me quote @strods for you: Usually, if you need more, then you most likely need more powerful device. And "power", in a sense, is also ability to attach useful peripherials. In th...
by mkx
Sun Mar 24, 2024 10:55 am
Forum: SwOS
Topic: Feature suggestion - FW Upgrade availability through SNMP
Replies: 2
Views: 384

Re: Feature suggestion - FW Upgrade availability through SNMP

I recently upgraded my CSS610 to SwOS Lite 2.18 after just looking at the web gui for an unrelated thing. Had no idea there was an update available and was thinking, since the web-GUI does a check for a new version and also finds the version and release date, can this info not also become available...
by mkx
Sun Mar 24, 2024 10:48 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

Now I wonder if it was legit pumping a watt worth of signal into the antenna. It wasn't legit. Country regulations are limiting EIRP which includes antenna gain (and cable losses if there are any) and with antenna gain of 4.5dBi this means your Audience transmitted with EIRP of 34.5dBm (which would...
by mkx
Sun Mar 24, 2024 10:39 am
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 849

Re: VLAN switching and routing with bonds

1) Default setting is frame-types=admit-all ... so if it's not changed explicitly according to needs, it'll remain that way. 2) Do as you see fit. IMO access to management VLAN should be as restricted as possible but also depends on particular use case. 3) Bridge is (also) interface which allows ROS...
by mkx
Sat Mar 23, 2024 6:00 pm
Forum: Wireless Networking
Topic: 7.14 wifi-qcom no superchannel?
Replies: 10
Views: 1168

Re: 7.14 wifi-qcom no superchannel?

My Audience running 7.13 says about Panama: ranges: 2402-2472/36 5735-5835/30 5170-5250/30 5490-5730/24 5250-5330/24 And that's what ROS will observe. Yes, it may happen that allowed EIRP table in ROS is not correct. But also sometimes there are certain limitations (e.g. TPC) and if device doesn't c...
by mkx
Sat Mar 23, 2024 5:41 pm
Forum: Beginner Basics
Topic: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]
Replies: 29
Views: 3683

Re: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]

The goal is to reduce MSS to value which fits MTU. Because many routers don't do fragmentation (it's CPU intensive and IPv6 doesn't allow it), MSS has to be low enough to allow packets pass end-to-end. Since a working value for MTU is 1420, this translates to MSS value of 1380 (1420 minus TCP and IP...
by mkx
Sat Mar 23, 2024 3:39 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1458

Re: Where's my bottleneck?

Is there a way of running an Internet speed test directly from a RouterOS device ... ROS' own bandwidth test is a pretty CPU demanding application and is often limited due to that. So in essence it doesn't correspond to device performance (when device is used as switch/router) and frequently it doe...
by mkx
Sat Mar 23, 2024 3:31 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

It simply means that when these ARM devices were designed and released, such package did not exist yet. Neither did exist the advanced SMB (from ROSE) nor DLNA nor wireguard ... and yet you (MT) are pushing these (among other things) into base package. If anything has to be done (and I'm glad it's ...
by mkx
Sat Mar 23, 2024 12:42 pm
Forum: Wireless Networking
Topic: hAP-ax3 vs cAP ax
Replies: 11
Views: 1377

Re: hAP-ax3 vs cAP ax

Is it possible to do roaming between asus and mikrotik? If yes then maybe you could use both on different channels. As long as all security settings (and SSID) are equal, you should be able. Just beware of what "roaming" means. In answer by @erlinden, "roaming" means that statio...
by mkx
Sat Mar 23, 2024 12:22 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

For now, 16 MB are still enough for each and every device with 16 MB chip to run the system as intended for the particular model device. So you're saying that e.g. hAP ac2 was intended to offer wifi4 performance even though it's got wifi5 hardware? Because that's what one essentially gets when usin...
by mkx
Fri Mar 22, 2024 4:08 pm
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1622

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

This setting /interface/bridge/add pvid=4094 frame-types=admit-only-vlan-tagged name=bridge # Best practice don't set pvid=1 doesn't change a thing ... PVID setting is irrelevant when frame-types property is set to admit-only-vlan-tagged . In addition, it only applies to bridge CPU-facing port , not...
by mkx
Fri Mar 22, 2024 8:28 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 112
Views: 35484

Re: CCR1036 Power Supply

CCR2116 sounds a great upgrade, may i know what's the limitation, please? The price is even cheaper than my CCR1036, most important of all, any PSU failure posts about CCR2116? As I said, the switch chip.. CCR2116 can do L3 HW offload, so in certain (almost trivial?) conditions, ASIC (switch chip) ...
by mkx
Fri Mar 22, 2024 8:22 am
Forum: RouterBOARD hardware
Topic: CCR1036 temperature "issue" cause reboot.
Replies: 19
Views: 8741

Re: CCR1036 temperature "issue" cause reboot.

I checked my faulty replaced PSU with multimeter, it shows 23.6v... Marginal PSUs, which cause issues with connected devices, tend to show acceptable output voltage when idle. However, they tend to drop voltage when they are loaded. And they tend to supply voltage which is not very well regulated a...
by mkx
Fri Mar 22, 2024 8:15 am
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2178

Re: Many PSU failures in CCR1036

1. My CCR1036 is not in high demand, only a few people will connect through it, therefore, i already adjust down the CPU frequency to lower the operating temperature. However, consider the capacitor overheating theory, the heat comes from the nearby power transistors to regulate the current, it see...
by mkx
Fri Mar 22, 2024 8:04 am
Forum: Wireless Networking
Topic: cAP ac Disk Space
Replies: 4
Views: 373

Re: cAP ac Disk Space

Yup, devices with less than 32MB flash and more than 32MB RAM have their "storage root" in RAM. To verify that this is indeed true, check contents of storage root ( /file print ), if it contains folder "flash", then this scheme is in power. And upgrade packages are always downloa...
by mkx
Fri Mar 22, 2024 7:56 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

Setting locally on the 'offender' and then re-provisioning it, it didn't help. I am wondering why not, and is this a bug?
Probably it's a feature. After all, CAPsMAN is supposed to provision radio interfaces (to their fullest), leaving antenna gain out would be a bug I guess.
by mkx
Fri Mar 22, 2024 7:53 am
Forum: General
Topic: MASTER INTERFACE UNKNOWN
Replies: 4
Views: 423

Re: MASTER INTERFACE UNKNOWN

As the linked article says: on your device, you need basic routeros installed and optional package named "wifi-qcom". After you get these packages installed, I suggest you to reset router to factory default config. The rest of configuration is done in /interface/wifi (I believe that's WiFi...
by mkx
Fri Mar 22, 2024 7:44 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

And the "wifi-qcom-ac" can still be used on Audience and RB4011, even if it has "unneeded" drivers for IPQ-4019 since that prevent breaking folks already using wifi-qcom-ac on 16MB today. Audience has both IPQ-4018 (used as SoC and for 2.4GHz + lower 5GHz radio) and QCA9984 (for...
by mkx
Thu Mar 21, 2024 10:50 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 1846

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

The required upgrade path is expressly for in-ROS upgrade (because old ROS needs to fetch extra packages / packages with different names). Has nothing to do with installation of packages, manually uploaded to device. A gotcha though: IIRC one had to upload package files for all currently installed p...
by mkx
Thu Mar 21, 2024 10:39 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

... is necessary to have QCA9984 which is only for RB4011iGS+5HacQ2HnD-IN ...
... and for RBD25G-5HPacQD2HPnD (Audience). Admittedly Audience has flash larger than 16MB as well.
by mkx
Thu Mar 21, 2024 10:36 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

Mikrotik L009 port 1 of the switch disappears, adding the port on a bridge makes it have no HW.

Block diagram for L009 shows that ether1 is not controlled by switch chip, it is instead controlled directly by CPU. Which means that L2 HW offload is physically impossible for this port.
by mkx
Thu Mar 21, 2024 9:38 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 1846

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

I am not 100% sure you can drop both when upgrading.

It worked like this in v6 and I don't see any readon why it wouldn't work in 7.12 (or any other v7).
by mkx
Thu Mar 21, 2024 2:42 pm
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2178

Re: Many PSU failures in CCR1036

[admin@MikroTik] > system/health/print Columns: NAME, VALUE, TYPE # NAME VALUE TYPE 0 power-consumption 50.8 W CCR1036 (the CCR1036-12G-4S variant) has rated max power consumption at 60W. So the reported power consumption indicates that power supply is running at 80%+ capacity and I'd expect it to ...
by mkx
Thu Mar 21, 2024 2:09 pm
Forum: Wireless Networking
Topic: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]
Replies: 10
Views: 3020

Re: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]

I haven't tried the new capsman (yet; I only have one wave2 device running wireless at the moment), but in old capsman one could configure location of upgrade packages ... which could contain files for different architectures. And CAP upgrade would then still happen automatically. And, as @holvoetn ...
by mkx
Thu Mar 21, 2024 2:02 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

I'd say this means that it's possible to set antenna-gain to 0 (AFAIK default is unset which means minimum allowed value or 0 if there's no minimum) and hence you can see 5dB higher actual Tx power. If you want to "align" Tx powers between units (and to actual country regulations), then yo...
by mkx
Thu Mar 21, 2024 1:49 pm
Forum: General
Topic: CHR or Ethernet router?
Replies: 5
Views: 587

Re: CHR or Ethernet router?

Surely there are MT routers which can do IPsec with throughputs higher than 200Mbps. But only if they support appropriate HW offload functions (not all of them do). All MT routers have product pages and one of sections there is "Test results". And a part of test result page is "IPsec ...
by mkx
Thu Mar 21, 2024 1:37 pm
Forum: General
Topic: Dualboot, windows gets ip, linux does not [SOLVED]
Replies: 4
Views: 1581

Re: Dualboot, windows gets ip, linux does not [SOLVED]

That was it. In /interface bridge vlan, I didn't have my ethernet port set as untagged. Thank you very much! If a port of bridge has pvid set, then it's automatically added as untagged port to appropriate VLAN in the section you mentioned. But this doesn't work if the same port is explicitly config...
by mkx
Thu Mar 21, 2024 9:23 am
Forum: Beginner Basics
Topic: Proxmox CHR Lab, Layer7 not working
Replies: 3
Views: 374

Re: Proxmox CHR Lab, Layer7 not working

Which I can only surmise that although my FIOS router has static routes that work for ping/traceroute, that POS does not route L7 properly ??? Without seeing config of FIOS router (and understanding what it does) it's impossible to say why using default route path doesn't work. But if FIOS router w...
by mkx
Wed Mar 20, 2024 9:55 pm
Forum: Wireless Networking
Topic: bound client to specific AP by mac adress by CAPsMAN
Replies: 9
Views: 484

Re: bound client to specific AP by mac adress by CAPsMAN

No, you can't do that.

What you can do is to nake cAP-specific SSID and then configure those clients to connect to appropriate SSID.
by mkx
Wed Mar 20, 2024 9:52 pm
Forum: General
Topic: Dualboot, windows gets ip, linux does not [SOLVED]
Replies: 4
Views: 1581

Re: Dualboot, windows gets ip, linux does not [SOLVED]

The ethernet port that this machine is connected to on the CAP 2 is configured as a VLAN access port. Are you sure that ether port on cAP is properly access port? The big difference between windows (most ether drivers) and linux is that linux properly works wiith VLAN tags while windows (often) sim...
by mkx
Wed Mar 20, 2024 9:27 pm
Forum: Wireless Networking
Topic: hAP ax2 station mode [SOLVED]
Replies: 27
Views: 2161

Re: hAP ax2 station mode [SOLVED]

/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .width=20/40mhz-eC \ configuration.country=Netherlands .mode=station .ssid=WIFI-PUB disabled=\ no security.authentication-types=wpa2-psk Just throwing in some random idea: can you unset channel.band and channel.width? I guess that...
by mkx
Wed Mar 20, 2024 8:59 pm
Forum: General
Topic: MASTER INTERFACE UNKNOWN
Replies: 4
Views: 423

Re: MASTER INTERFACE UNKNOWN

Forget about "wireless" package on ax devices (hAP ax lite is one of them). You need wifi-qcom package. And then configure things under /interface/wifi.

More about wifi/wireless in 7.13 and later: viewtopic.php?t=202578
by mkx
Tue Mar 19, 2024 8:18 pm
Forum: Wireless Networking
Topic: VLAN for wireless clients to isolate virtual machines
Replies: 2
Views: 263

Re: VLAN for wireless clients to isolate virtual machines

Standard 802.11 (a.k.a. WiFi) doesn't foresee using VLAN tags over radio. Mikrotik does support sending those headers (with some smart configuration). It also supports delivering frames of different SSIDs (i.e. virtual WLANs) into different VLANs. But then there's the other end: windows machine with...
by mkx
Tue Mar 19, 2024 4:32 pm
Forum: Beginner Basics
Topic: I'm just not feeling Mikrotik's current product line-up
Replies: 20
Views: 1205

Re: I'm just not feeling Mikrotik's current product line-up

Yeah I thought that might be the reason. On the hAP ax3 though, the PoE port is also the only 2.5 gigabit port. Would this port normally be used as the WAN port or to connect an AP? I wouldn't use the fastest port on router to connect towards ISP ... But that's me, my ISP only offers 1000/100Mbps s...
by mkx
Tue Mar 19, 2024 4:21 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

There's another interesting output: /interface/wifi/radio/print detail On my audience it has to say about the 4x4 radio: 2 L radio-mac=<redacted> phy-id=2 tx-chains=0,1,2,3 rx-chains=0,1,2,3 bands=5ghz-a:20mhz,5ghz-n:20mhz,20/40mhz,5ghz-ac:20mhz,20/40mhz,20/40/80mhz,20/40/80/160mhz,20/40/80+80mhz ci...
by mkx
Tue Mar 19, 2024 4:12 pm
Forum: Beginner Basics
Topic: I'm just not feeling Mikrotik's current product line-up
Replies: 20
Views: 1205

Re: I'm just not feeling Mikrotik's current product line-up

... separate PoE in and out ports... This alone doesn't fly the pig. Generally PoE in can't really support both device's own consumption and PoE out ... if not for other things it's voltage constraints which generally can't be satisfied when daisy-chaining devices. Yes, it can work in some specific...
by mkx
Tue Mar 19, 2024 12:04 pm
Forum: Wireless Networking
Topic: 7.14 wifi-qcom no superchannel?
Replies: 10
Views: 1168

Re: 7.14 wifi-qcom no superchannel?

No, with wifi-qcom no "fancy" settings are available. No superchannel, no custom protocols (i.e. only 802.11, no nv2 nor nstreme).
by mkx
Tue Mar 19, 2024 11:58 am
Forum: Wireless Networking
Topic: hAP AX2 - broken wifi (no SSID can be found)
Replies: 13
Views: 897

Re: hAP AX2 - broken wifi (no SSID can be found)

Does RouterOS sort of do some check to see which extension band works best? ROS tends to use standard wide channel (e.g. 80MHz) ranges. The range defines 80MHz channel number 42. When it comes to channel layout (Ceee, eCee, ...), ROS again tends to select Ceee (and it seems that the picky clients p...
by mkx
Tue Mar 19, 2024 12:14 am
Forum: RouterBOARD hardware
Topic: hAP ac , poe, RB962UiGS-5HacT2HnT
Replies: 9
Views: 1958

Re: hAP ac , poe, RB962UiGS-5HacT2HnT

20m long cables should not kill PoE .... but at these lengths losses are not negligible. Voltage, available at power receiver's side will be lower, which means that receiver will draw higher current (to fulfill power budget requirements). And this in turn means that PSE (power provider) has to provi...
by mkx
Mon Mar 18, 2024 11:48 pm
Forum: General
Topic: IPv6 Prefixes [SOLVED]
Replies: 14
Views: 3851

Re: IPv6 Prefixes [SOLVED]

@karhill: You are using prefix-hint=::/60 in your example. What is that? I thought that we need to use Pool-Prefix-Length in DHCPv6 client. Two things: prefix-hint= hints to DHCPv6 server sbout what kind of prefix fo we want to receive. It is possible to set it to prefix we already received in hope...
by mkx
Mon Mar 18, 2024 11:38 pm
Forum: General
Topic: ipv6 routing config for ISP DHCP delegated prefix
Replies: 6
Views: 783

Re: ipv6 routing config for ISP DHCP delegated prefix

A bit of guessing here: if ISP assigns a prefix to CPE device, it somehow needs to know also where to route packets belonging to that prefix. In principle DHCPv6 server and ISP router are independent devices, hence ISP's router doesn't know where to route traffic. But it seems that most ISP solution...
by mkx
Mon Mar 18, 2024 9:20 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

I tried channel 36 and got an unsupported channel red message. Yup, as designed. The 2x2 radio supports channels between 5180MHz and 5320MHz (channels 36-64) ... and 4x4 radio supports channels between 5500MHz and 5720MHz (channels 100-144). All stated frequencies are center frequencies of 20MHz ch...
by mkx
Mon Mar 18, 2024 9:00 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 1114

Re: 'IPv6-only' connectivity issue

You can try accept-router-advertisements=yes. That shouldn't be necessary (or even advisable) on networks where you get the default route from DHCP ... It has been said that default route via DHCPv6 is a MT hack. DHCPv6 doesn't provide routers, RAs are used for delivering routers (ND is a must then...
by mkx
Sun Mar 17, 2024 5:19 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

The 4x4 radio only works from 149 up, from what I could tell. Nope, my Audience runs its 4x4 radio on 5500 Ceee just fine (that's channel 100). [user@wifi-audience] /interface/wifi> monitor 2 state: running channel: 5500/ac/Ceee registered-peers: 4 authorized-peers: 4 tx-power: 24 available-channel...
by mkx
Sun Mar 17, 2024 5:11 pm
Forum: RouterBOARD hardware
Topic: hAP ac , poe, RB962UiGS-5HacT2HnT
Replies: 9
Views: 1958

Re: hAP ac , poe, RB962UiGS-5HacT2HnT

Unfortunately, no, this setup is not working.
How long are UTP cables between RB5009 and powered devices?
by mkx
Sun Mar 17, 2024 5:01 pm
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 46
Views: 3075

Re: v7.15beta broke backup file naming

So, what are the characters not allowed? I'd rather ask "which characters are safe to use?" ... and the answer would be: the same as the last 50 years: US ASCII alphabet (a-z and A-Z), roman numerals (0-9), underscore (_), dash (-) ... and that's about it. So no punctuation marks, no othe...
by mkx
Sat Mar 16, 2024 10:53 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

So it's then down to frequency-related country regulations. My audience (it's an r2 revision), running 7.13, shows the following for one ETSI country: ranges: 2402-2482/20 5170-5250/23/indoor 5250-5330/23/indoor/dfs 5490-5710/30/dfs I believe that the 4-chain radio operates exclusively in the freque...
by mkx
Sat Mar 16, 2024 8:16 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1664

Re: Audience different revisions showing different current tx-rates

Used Tx power depends on country regulatory limits (I guess you have that setting same for the whole setup) and in 5GHz band also on particular frequency used. Another peculiarity is audience which has two 5GHz radios and these two have pretty distinct characteristics (one has 2 chains and Tx power ...
by mkx
Sat Mar 16, 2024 8:09 pm
Forum: Wireless Networking
Topic: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]
Replies: 10
Views: 3020

Re: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]

Is it possible to install WiFi package on L009UiGS-RM (ROS 7.13+) and use it as capsman controller for several hap ax for wifi6? Capsman in 7.13+ is part of core wifi functionality which is installed always. What is then left to install (as ootiobal package) are appropriate drivers for wireless chi...
by mkx
Sat Mar 16, 2024 1:47 pm
Forum: RouterBOARD hardware
Topic: Upgrade from RB750Gr3
Replies: 16
Views: 1174

Re: Upgrade from RB750Gr3

Note that philip8224 never mentioned "it should cost as little as possible"... Indeed. But a buck saved on previous project is a buck of budget increase for next project. Which is usually even more important when there's involvement of a financial controller in shape of better half :wink:
by mkx
Sat Mar 16, 2024 11:13 am
Forum: RouterBOARD hardware
Topic: Upgrade from RB750Gr3
Replies: 16
Views: 1174

Re: Upgrade from RB750Gr3

I didn't realize/notice that it has a faster CPU. :) It's hard to say which CPU is faster simply from the part number. But all MT products have published test results and that somehow relates to CPU performance. hEX - RB750Gr3 hAP ac² The tests with less processing (e.g. no firewall filters, large ...
by mkx
Fri Mar 15, 2024 3:52 pm
Forum: General
Topic: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]
Replies: 13
Views: 2105

Re: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]

Is it the hardware or am I missing something? Hardware is a big unknown with CHR, it really depends. But decent hardware, used to run hypervisors, tends to be much more capable for general processing (e.g. FW rules) than most of mikrotik's hardware. So I can imagine that CHR can outperform most (if...
by mkx
Fri Mar 15, 2024 11:43 am
Forum: General
Topic: RB4011 HWoffload + vlan aware bridge issues [SOLVED]
Replies: 7
Views: 1517

Re: RB4011 HWoffload + vlan aware bridge issues [SOLVED]

The main problem is, that bridge interface is not member of any of tagged VLANs: /interface bridge vlan add bridge=bridge tagged=ether4,ether5,sfp-sfpplus1 vlan-ids=50 add bridge=bridge tagged=ether5,sfp-sfpplus1 vlan-ids=200 add bridge=bridge tagged=sfp-sfpplus1,bonding1 vlan-ids=99 If you want rou...
by mkx
Fri Mar 15, 2024 9:22 am
Forum: General
Topic: Interface list for multiple bridges? [SOLVED]
Replies: 4
Views: 1636

Re: Interface list for multiple bridges? [SOLVED]

Creating an interface list that includes both "bridge_LAN" and "bridge_WiFi" was my first idea. However, even though it is called an interface " list ", I could only set one interface. Something like this: /interface list add name=list1 add name=list2 add name=list3 /i...
by mkx
Fri Mar 15, 2024 9:13 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

@larsa and @Railander really should align their pains. One has a pain with scripting (where using any names containing special charcters, including but not limited to space, comma, colon, quote, double quote, question mark, exclamation mark, etc. is a really bad idea in any context except "plai...
by mkx
Wed Mar 13, 2024 9:10 pm
Forum: RouterBOARD hardware
Topic: R11e-HacD max input power [SOLVED]
Replies: 1
Views: 251

Re: R11e-HacD max input power [SOLVED]

Product page at https://mikrotik.com/product/R11e-5HacD has the information under "Wireless specifications". Max Tx power depends on modulation used and varies between 27dBm (at most robust and thus slowest modulation) and 19dBm (highest performing modulation). Power numbers are total Tx p...
by mkx
Wed Mar 13, 2024 8:56 pm
Forum: General
Topic: Import DHCP leases [SOLVED]
Replies: 5
Views: 1414

Re: Import DHCP leases [SOLVED]

Yes; MK to MK.

I made them all static for simplicity. I exported to txt file, but I can copy and paste. Where do I paste?

The same place they were exported from ... /ip/dhcp-server/lease/ seems a sensible place.
by mkx
Wed Mar 13, 2024 8:46 pm
Forum: General
Topic: Backup restoration, wrong interfaces
Replies: 12
Views: 674

Re: Backup restoration, wrong interfaces

You can change that part so after 4 more times, you're back at square 1 :lol: Actually you're still stuck because set uses construct "[ find default-name=... ]" and default-name doesn't change. But if code was run from "default" state, then it would fail even the first time ... ...
by mkx
Wed Mar 13, 2024 8:25 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 1467

Re: Hex Lite and NTP client updates

ROUTER sends out a WAN signal to an existing NTP server with dst-port 123 BUT ALSO source port 123??? Yup. There are SNTP implementations, which are client-only and act as typicsl client: uses random high port as src-port and connects to server at port 123. And there are full NTP implementations wh...
by mkx
Wed Mar 13, 2024 8:06 pm
Forum: General
Topic: Backup restoration, wrong interfaces
Replies: 12
Views: 674

Re: Backup restoration, wrong interfaces

When the router restarted, I saw that the traffic goes through ether2 and ether4. I unplugged the Ethernet patch cable from port 1 and connected it to port 2. In interface window, I see that the traffic goes through ether5 interface. It is possible to rename router's interfaces and some (perverse) ...
by mkx
Wed Mar 13, 2024 7:58 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 844

Re: NAT port forwarding does not work

Does ssh server, by any chance, run its own firewall?
by mkx
Wed Mar 13, 2024 7:42 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 2410

Re: Redirect to external Public IP [SOLVED]

@anav: you're pretty close to how I understand it. Just that @OP wants to forward connection (initially targeting his router port 9999) to some host on intetnet (same port 9999). @RipperR: I'd try with this pair of NAT rules: /ip/firewall/nat add chain=dstnat action=dst-nat protocol=tcp dst-port=999...
by mkx
Wed Mar 13, 2024 3:33 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 2410

Re: Redirect to external Public IP [SOLVED]

The "red" traffic will likely only pass bi-directionally if you'll implement hairpin NAT for that "public to public" NAT. Without it, webserver 2 will try to reply to client (accessing abcabc.com:9999) directly, but client will reject this as it will try to talk to your router's ...
by mkx
Wed Mar 13, 2024 3:19 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

*) console - replace reserved characters to backup and certificate export file names with underscores; is there any reason this needs to be done? Yes, having spaces in file names breaks parameter parsing in all CLI implementations I've seen and one has to use workarounds (such as enclosing such fil...
by mkx
Wed Mar 13, 2024 8:01 am
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 844

Re: NAT port forwarding does not work

Are you sure that your ISP line is completely transparent? I.e. are you sure your ISP doesn't filter ingress connections?
by mkx
Wed Mar 13, 2024 7:59 am
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 46
Views: 3075

Re: v7.15beta broke backup file naming

It's a deliberate change, well published in change logs. Did you read through relevant "new version announcement post" before installing a beta version?
by mkx
Tue Mar 12, 2024 8:03 pm
Forum: Wireless Networking
Topic: VLANs / CAPsMANv2 / local datapath
Replies: 5
Views: 401

Re: VLANs / CAPsMANv2 / local datapath

What, from functionality point of view, are you trying to do?
by mkx
Tue Mar 12, 2024 7:46 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 543

Re: Hairpin NAT using Local DNS

Well, in such a convoluted setup you'll have to think it out yourself. I'm not willing to guess the size of your problem and all the interactions.

But the fact is that NAT isn't exactly piece'a'cake in certain conditions.
by mkx
Tue Mar 12, 2024 6:32 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 844

Re: NAT port forwarding does not work

Think on your dst-nat rule you are missing:
in-interface-list=WAN

Nah, this omission only makes DST-NAT rule more greedy. It doesn't make it non-working. Would it be useful to include this addition? Depends if @OP needs to use NAT-ed port from inside LAN or not.
by mkx
Tue Mar 12, 2024 6:18 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 844

Re: NAT port forwarding does not work

And from where are you trying to use the forwarded port? Public internet? Or from inside your LAN?
by mkx
Tue Mar 12, 2024 4:31 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 543

Re: Hairpin NAT using Local DNS

If servers need to communicate with each other, then ... I don't see why you couldn't configure them to communicate directly (over real ports)?
by mkx
Tue Mar 12, 2024 12:58 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 543

Re: Hairpin NAT using Local DNS

Some of my internal services run on different source ports and I would still require a dot-net to do the port translation Example service runs on port 1050 and the clients use 5050 In this case the best solution is to move server(s) into dedicated IP subnet. The dst-nat would then work the same way...
by mkx
Tue Mar 12, 2024 12:55 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92312

Re: v7.14.1 [stable] is released!

*) sfp - improved system stability for CR2004-1G-2XS-PCIe (introduced in v7.14); You should read the line for what it is: "SFP - improved stability" (on some certain device). You simply should not read it like "improved stability of CCR2004-1G-XS-PCIe" because it's not about it.
by mkx
Tue Mar 12, 2024 12:44 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

.... but you are not the only one using RouterOS so a moment of patience and let's see what will happen. I don't think that anybody said that this functionality should never ever be implemented. However it is pretty distracting if such a non-core functionality actually makes certain device types al...
by mkx
Tue Mar 12, 2024 12:39 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

I don't even need Samba service nor DLNA.

You're weird ... but so am I.
by mkx
Mon Mar 11, 2024 9:49 pm
Forum: Beginner Basics
Topic: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?
Replies: 7
Views: 629

Re: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?

... "Is there a way if creating, or assigning, a virtual port from the router to the switch, so as to negate the need to use a physical port in order to do this?" I'm pretty sure I don't understand your question. When one creates a bridge, one gets all the bells and whistles. Now let's as...
by mkx
Mon Mar 11, 2024 8:22 pm
Forum: Wireless Networking
Topic: Get supported channel list on 7.13+ wifi-qcom*
Replies: 1
Views: 252

Re: Get supported channel list on 7.13+ wifi-qcom*

/interface/wifi/radio/reg-info country=<country> number=0 Notes: it seems to be safe to always use "number=0" ... but it may matter on some awkward chipsets? be careful about capitalization of country name, it seems a capital initial character is required. For multi-word country names thi...
by mkx
Mon Mar 11, 2024 8:04 pm
Forum: Announcements
Topic: Newsletter #117 | March 2024
Replies: 22
Views: 18544

Re: Newsletter #117 | March 2024

It must be quite expensive to manufacture all that heatsink for nothing.

Perhaps the initial idea was to make device passively cooled but later it turned out it wasn't enough so they installed some fans. And somebody forgot to cancel the order of half a million of heat sinks?
by mkx
Mon Mar 11, 2024 8:00 pm
Forum: General
Topic: Not having wire speed transfer between same VLAN on CRS354!
Replies: 15
Views: 775

Re: Not having wire speed transfer between same VLAN on CRS354!

I have tested using file sharing from one pc to another and results are the same 30-50MB/s Samba / CIFS comes with lots of constraints. If you want to assess raw network speed, then use appropriate tools, such as iperf3 ... When testing through a router, you nay find out tgat single-threaded perfor...
by mkx
Mon Mar 11, 2024 7:55 pm
Forum: Wireless Networking
Topic: Feature Request: Simplified handling of Wifi Guest Networks in Capsman V2
Replies: 6
Views: 923

Re: Feature Request: Simplified handling of Wifi Guest Networks in Capsman V2

In legacy capsman it was possible to get it working in an easier way ... because there was local-forwarding=no ... which meant tgat all traffic from a CAP was tunneled to CAPsMAN. Which made the whole thing independent from LAN infrastructure. However, it came with a (hefty) price: wireless throughp...
by mkx
Mon Mar 11, 2024 7:38 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 543

Re: Hairpin NAT using Local DNS

If you want to see actual source IP addresses, then you must not use hairpin NAT ... i.e. use split DNS where A record for public internet points at your router's WAN IP address (and plain dst-nat is enough to have connection working). And A record for "same subnet" clients points directly...
by mkx
Mon Mar 11, 2024 5:14 pm
Forum: Wireless Networking
Topic: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]
Replies: 3
Views: 1021

Re: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]

Mb someone know is there "dynamic vlans in qcom-ac" in plans of smth like that?

Perhaps MT knows?
by mkx
Mon Mar 11, 2024 5:01 pm
Forum: Beginner Basics
Topic: Queues need help
Replies: 4
Views: 352

Re: Queues need help

Generally no ideas. As soon as one starts with non-trivial things (and queuing / traffic shaping is not trivial), router has to process each packet and that simply requires some CPU power.
by mkx
Mon Mar 11, 2024 4:58 pm
Forum: Beginner Basics
Topic: Need help with L3 VLAN [SOLVED]
Replies: 6
Views: 1329

Re: Need help with L3 VLAN [SOLVED]

Additionally, I find it peculiar that MikroTik treats the bridge as both a Layer 2 switch and a Layer 3 interface. If one is pedantic as to what a particular entity does, then bridge actually has 4 personalities ... and there's a good explanation of all of them . As to L3 VLANs: it's a pitty to (ab...
by mkx
Mon Mar 11, 2024 7:20 am
Forum: RouterBOARD hardware
Topic: map2nd mAP serial port
Replies: 4
Views: 378

Re: map2nd mAP serial port

If anything, this is TTL-level serial. You'd need something like MAX232 to convert levels to RS232 levels (which is 5V), without it you'd fry the board components.

Next problem is that this serial interface is not enabled in ROS on mAP ...
by mkx
Sun Mar 10, 2024 5:11 pm
Forum: Wireless Networking
Topic: CAPsMAN v2 update frequency
Replies: 5
Views: 358

Re: CAPsMAN v2 update frequency

Image

To me it seems it provisioned just fine. Missing "R" flag may simply mean that no client is currently connected to that AP.

Or is it that you actually don't see AP broadcasting SSID when using a client to search for WiFi signals?
by mkx
Sun Mar 10, 2024 4:00 pm
Forum: Beginner Basics
Topic: Queues need help
Replies: 4
Views: 352

Re: Queues need help

Disable fasttrack rule in firewall (chain=forward). Fasttrack bypasses lits of packet processing, most queues included. Torch disables fasttrack (in order to show anything), that's why queues work then. Be prepared to see CPU utilization go up considerably, depending on your WAN speed it may become ...
by mkx
Sun Mar 10, 2024 12:54 pm
Forum: General
Topic: Connection lost after 10 or more times
Replies: 5
Views: 354

Re: Connection lost after 10 or more times

My idea is that there might be some ARP misconfiguration (perhaps a proxy-arp or some such) and with a large LAN subnet (subnet mask shorter than /20) it may mean that switch FDBs get filled with invalid entries. In such case all traffic gets disrupted ... I see quite often that people play with ARP...
by mkx
Sun Mar 10, 2024 12:46 pm
Forum: Wireless Networking
Topic: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]
Replies: 3
Views: 1021

Re: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]

CAPsMAN only provisions wireless interface ... and userman only sets VID for a particular user (much like static ACLs would). So I would expect that you have to configure uplink ethernet port as tagged member of a number of VLANs (all that might be used by userman), but likewise the wireless interfa...
by mkx
Sun Mar 10, 2024 12:28 pm
Forum: Beginner Basics
Topic: hEXs and internet speed problem [SOLVED]
Replies: 13
Views: 2527

Re: hEXs and internet speed problem [SOLVED]

Generally I'd agree with @CGGXANNX ... but that 8Mbps of uplink smells rotten. Generally routers perform symmetrically unless there are rules (or interactions) which work asymmetrically. Since already MT's default setup reveals the asymmetry, I'd say that the problem lies somewhere between hEX's eth...
by mkx
Sun Mar 10, 2024 12:19 pm
Forum: General
Topic: Connection lost after 10 or more times
Replies: 5
Views: 354

Re: Connection lost after 10 or more times

You'll have to post (text export of) hotspot's configuration. As already mentioned, reasons for misbehaviour can be numerous and without seeing the config, we'd be only guessing.

BTW, the reason might not be in hotspot config, all network devices contribute in a LAN and any of them can break the LAN.
by mkx
Sun Mar 10, 2024 12:10 pm
Forum: General
Topic: Interface lists efficiency for firewall
Replies: 3
Views: 355

Re: Interface lists efficiency for firewall

I'd expect that one rule using interface-list would be more effective than multiple rules using interfaces. One aspect is overhead of executing a rule, which is the same for any rule (regardless the check types), and I assume it's not trivial. The other aspect is handling interface-lust members, the...
by mkx
Sun Mar 10, 2024 11:57 am
Forum: Beginner Basics
Topic: Firewall check
Replies: 7
Views: 554

Re: Firewall check

You're following the concept "allow what's needed, drop everything else", which is good. From performance point of view your rules would benefit of some reworking. Rules are evaluated top-to-bottom (inside each chain) so performance-wise it's good to make rules, which will deal with most p...
by mkx
Sun Mar 10, 2024 11:48 am
Forum: Beginner Basics
Topic: Help with config [SOLVED]
Replies: 6
Views: 1320

Re: Help with config [SOLVED]

Nothing strikes me as clearly wrong in your config. The only thing I'd definitely change is disable internet detection: /interface detect-internet set wan-interface-list=none It's a public secret that this feature can cause some subtle, but nasty problems ... and you don't seem to need it anyway.
by mkx
Sat Mar 09, 2024 3:43 pm
Forum: General
Topic: Not having wire speed transfer between same VLAN on CRS354!
Replies: 15
Views: 775

Re: Not having wire speed stransfer between same VLAN!

I'm guessing that the bottleneck is RB4011 since it's used as router. You better verify that by running CPU profile (preferably in CLI to avoid excessive burden which winbox/webfig tend to throw at device being monitored). Don't just observe general CPU load, some functions are single-threaded and i...
by mkx
Sat Mar 09, 2024 11:34 am
Forum: SwOS
Topic: SwOS Lite DHCP server Options
Replies: 3
Views: 394

Re: SwOS Lite DHCP server Options

SwOS Lite or SwOS or both?

Any SwOS.
by mkx
Sat Mar 09, 2024 11:15 am
Forum: General
Topic: Help! Simple question? Blocking internal rogue IP?
Replies: 8
Views: 698

Re: Help! Simple question? Blocking internal rogue IP?

I made the rule, I assume I can use 192.168.0.0. to block that whole network, yes? If you want to block whole subnet, then you have to add subnet mask to the address setting ... like this: 192.168.0.0 /16 . By default, /32 subnet mask is used which means single (host address) and no "subnet ad...
by mkx
Sat Mar 09, 2024 11:12 am
Forum: General
Topic: Not enough space for upgrade when 6.4x->7.12 when 6.4x->7.11.2->7.12 works
Replies: 10
Views: 2709

Re: Not enough space for upgrade when 6.4x->7.12 when 6.4x->7.11.2->7.12 works

- Package - Reduced "wireless" package size for ARM, ARM64, MIPSBE, MMIPS devices. I've been experiencing issues with CAP AC and HAP AC2 due to insufficient disk space. The problem with this change log bullet is that with ROS 7.13+ one would really want to run wifi-qcom-ac on these device...
by mkx
Sat Mar 09, 2024 10:59 am
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92312

Re: v7.14 [stable] is released!

Leaving it as open ended question - where did it go? Do you have graphing enabled? It may consume some permanent storage space and starts from 0 after netinstall (upgrade doesn't wipe it though). Do you have any address lists being built up? If entries don't have timeout set, they are considered pe...
by mkx
Fri Mar 08, 2024 5:33 pm
Forum: SwOS
Topic: SwOS Lite DHCP server Options
Replies: 3
Views: 394

Re: SwOS Lite DHCP server Options

DHCP is L3 (or L5, depends on how you view it) function while SwOS only supports L2.
by mkx
Fri Mar 08, 2024 9:03 am
Forum: Beginner Basics
Topic: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?
Replies: 7
Views: 629

Re: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?

Furthermore, I'm mystified as to the way the bridge seems to inherit properties from physical ports. What you fail to uderstand is that bridge is a transparent ethernet entity. Whatever talks to one port can talk to other ports (this eventually depends on bridge config, such as VLAN settings). Read...
by mkx
Thu Mar 07, 2024 11:43 pm
Forum: Beginner Basics
Topic: CRS-106-1C-5S Speed Question
Replies: 7
Views: 514

Re: CRS-106-1C-5S Speed Question

The speeds will keep high if you configure VLANs in a specific way, tailored for CRS1xx/CRS2xx switches: https://help.mikrotik.com/docs/pages/vi ... =103841836
by mkx
Thu Mar 07, 2024 11:40 pm
Forum: General
Topic: DHCP deassigned/assigned log message [VLAN Switch - RB3011] [SOLVED]
Replies: 3
Views: 986

Re: DHCP deassigned/assigned log message [VLAN Switch - RB3011] [SOLVED]

Blocking ICMP doesn't really save anything but can cause random problems.
by mkx
Thu Mar 07, 2024 11:27 pm
Forum: Beginner Basics
Topic: CRS-106-1C-5S Speed Question
Replies: 7
Views: 514

Re: CRS-106-1C-5S Speed Question

It's routing config ... and CRS devices (the whole line of models) are essentially switches.
by mkx
Thu Mar 07, 2024 9:11 am
Forum: General
Topic: Routers Coming with Default Passwords
Replies: 69
Views: 6662

Re: Routers Coming with Default Passwords

If @holvoetn didn't write the preceeding post, I would. I couldn't agree more.

@jo2jo ... how about teaching your customers to find the dreaded sticker and send you a photograph of it?
by mkx
Thu Mar 07, 2024 8:10 am
Forum: Wireless Networking
Topic: Misunderstanding how frequency list is supposed to work?
Replies: 2
Views: 258

Re: Misunderstanding how frequency list is supposed to work?

AFAIK frequencies on list are not "priority by order". Device does a quick check over allowed frequencies and selects the one with least detected "noise" ... if it's a DFS frequency, then it has to perform CAC as well.
by mkx
Wed Mar 06, 2024 10:02 pm
Forum: General
Topic: Routers Coming with Default Passwords
Replies: 69
Views: 6662

Re: Routers Coming with Default Passwords

@jo2jo ... we all (or almost all) feel your pain and understand you. How about a group hug?

Now, get over it and accept the new reality.
by mkx
Wed Mar 06, 2024 9:58 pm
Forum: General
Topic: What configuration is best in vlan-filtering?? [SOLVED]
Replies: 3
Views: 533

Re: What configuration is best in vlan-filtering?? [SOLVED]

The correct configuration is whichever produces wanted results.

The (resource utilization wise) optimal configuration for most MT device models is the one with single bridge with vlan-filtering enabled. You didn't mention the model you're using so it may not be optimal after all.
by mkx
Wed Mar 06, 2024 6:13 pm
Forum: General
Topic: PoE Compatibility: MikroTik RB3011 & Ruijie RG-RAP6202(G)
Replies: 10
Views: 536

Re: PoE Compatibility: MikroTik RB3011 & Ruijie RG-RAP6202(G)

I'd ditch the idea of using RB3011 PoE out and go with stand-alone solution. One possibility is to use MT's RBGPOE passive PoE injector and 48V power adapter ... Ruijie might just start (the handshake part of 82.3 af/at standard is for PSE to make sure there's a 48V-capable equipment at the other en...
by mkx
Wed Mar 06, 2024 5:27 pm
Forum: General
Topic: PoE Compatibility: MikroTik RB3011 & Ruijie RG-RAP6202(G)
Replies: 10
Views: 536

Re: PoE Compatibility: MikroTik RB3011 & Ruijie RG-RAP6202(G)

There are PoE splitter/converters that can extract the 22/24 V and convert them to 12 V, your device evidently needs 1.5A@12V so you want one capable at least of 2A, as you are already 10% low.. 2A on 12V side shouldn't be necessary, device requires up to 13W which is 1.1A@12V. But I fear there's a...
by mkx
Wed Mar 06, 2024 5:17 pm
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 733

Re: Bridge VLAN prerouting

It was more a question with regard to how VLAN interfaces attached to bridges work. They don't relate directly. Did you happen to read this explanation of different bridge personalities? VLAN interfaces relate to bridge interface (one of personalities), but only as much as any other (off bridge) in...
by mkx
Wed Mar 06, 2024 9:12 am
Forum: Beginner Basics
Topic: ipv6 help please
Replies: 7
Views: 486

Re: ipv6 help please

Regarding routing: the proper thing to do is to allow ROS to accept RAs. Unfortunately the setting is global for all interfaces: /ipv6/settings/set accept-router-advertisements=yes So you don't have to set default route by hand (it seems you're setting it wrong anyway). And, by all means, stop adver...
by mkx
Tue Mar 05, 2024 3:14 pm
Forum: Beginner Basics
Topic: L009UiGS-RM: Default route is not part of exported configuration (/export command)
Replies: 7
Views: 628

Re: L009UiGS-RM: Default route is not part of exported configuration (/export command)

All the other routes to the other networks (e.g. 192.168.2.0/24, 192.168.3.0/24, etc.) visible on the Winbox UI/ Route List never have been listed with /export command. Winbox has a bit different logic built in, so you can't directly compare what is shown by winbox to what is shown by individual co...
by mkx
Tue Mar 05, 2024 3:04 pm
Forum: RouterBOARD hardware
Topic: Question regarding PoE vs non-PoE versions of the RB5009 [SOLVED]
Replies: 23
Views: 2415

Re: Question regarding PoE vs non-PoE versions of the RB5009 [SOLVED]

The way I read post by @andkar ... it's the same device (PoE version) powered either by 24V or 48V. So the difference is efficiency in downconverters ... and possibly some 802.3af/at specific PoE circuitry which may get switched off when device is powered with 24V (and can thus not provide 802.3af/a...
by mkx
Tue Mar 05, 2024 2:42 pm
Forum: Beginner Basics
Topic: Bridge management IP not working
Replies: 6
Views: 410

Re: Bridge management IP not working

add address=192.168.77.250/24 interface=INFRA_77 network=192.168.77.250 It did not improve the situation. Of course it didn't because network address (albeit automatically calculated, you left it intact) was wrong. Playing with VLAN 77 interfaces did eventually fix this problem for you ... And one ...
by mkx
Tue Mar 05, 2024 8:52 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 409
Views: 74660

Re: v7.15beta [testing] is released!

Home users don't even know this forum exists So this is MT's excuse not to listen to opinions on this forum? Yeah, "home users" won't ever run into problems with tiny space on certain device models (hAP ac2, cAP ac, etc.) ... because they tend to never update software on their devices. So...
by mkx
Tue Mar 05, 2024 8:44 am
Forum: Wireless Networking
Topic: hAP ax2 vs cAP ax as access point?
Replies: 9
Views: 624

Re: hAP ax2 vs cAP ax as access point?

I guess that cAP ax will behave slightly better, specially in uplink direction. cAP ax has slightly better antenna gain (1dBi better in 5GHz band and 2dBi better in 2.4GHz band). This doesn't necessarily help in downlink: if device is configured according to country regulations, most of spectrum in ...
by mkx
Tue Mar 05, 2024 8:34 am
Forum: Wireless Networking
Topic: Realtek RTL8192CE can't see hAP ax2 [SOLVED]
Replies: 2
Views: 540

Re: Realtek RTL8192CE can't see hAP ax2 [SOLVED]

... are some old Wi-Fi network chips just not compatible with 2.4GHz AX? I'd attribute this to driver for that wireless card. Some are brain damaged enough to barf on features they don't recognize. As AX AP sets some bits to capability/feature list, which were "reserved for future use" ba...
by mkx
Tue Mar 05, 2024 8:24 am
Forum: Beginner Basics
Topic: Bridge management IP not working
Replies: 6
Views: 410

Re: Bridge management IP not working

You need to add bridge1 to the tagged list for vlan 77 in the bridge vlan table. It's there: add bridge=bridge1 tagged=bond_forti,bond_S3, bridge1 ,01_T_bond_forti,INFRA_77 untagged=09_A_syno_77,13_A_apc_77 vlan-ids=77 But this: Setting a subnet mask on the IP address for that would probably help t...
by mkx
Mon Mar 04, 2024 10:52 pm
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 733

Re: Bridge VLAN prerouting

No mkx, I demand that new posters continue to baffle us with minimalist approaches and lack of information.

Oh my, Mr. Hyde is back :lol:
by mkx
Mon Mar 04, 2024 10:43 pm
Forum: RouterBOARD hardware
Topic: Question regarding PoE vs non-PoE versions of the RB5009 [SOLVED]
Replies: 23
Views: 2415

Re: Question regarding PoE vs non-PoE versions of the RB5009 [SOLVED]

When one uses power adapter only to power router (i.e. no PoE-out), then it's better to use PA which outputs lower voltage (but still equal or higher than lowest acceptable input voltage). The reason: router's electronic parts require pretty low voltages (probably anything between 1.8V and 5V), so t...
by mkx
Mon Mar 04, 2024 10:22 pm
Forum: General
Topic: IPv6 taking too long for SLAAC autoconfiguration
Replies: 16
Views: 1031

Re: IPv6 taking too long for SLAAC autoconfiguration

It's a known fact that sub-standard implementations of IGMP snoopers interfere with IPv6 (ND is multicast) ... also other vendors have (or used to have) such problems.
by mkx
Mon Mar 04, 2024 10:16 pm
Forum: General
Topic: RB4011iGS+ problem with VLAN mtu after reboot
Replies: 5
Views: 351

Re: RB4011iGS+ problem with VLAN mtu after reboot

Automatic size calculation doesn't take into account that you joined eoip interface as port to a bridge. Automatic size calculation is fine if you use eoip interface as stand-alone interface where MTU size doesn't matter much as any conflicts can be resolved on IP layer. But if it works for you, jus...
by mkx
Mon Mar 04, 2024 10:12 pm
Forum: General
Topic: First Guess at VLAN on the Switch Chip [SOLVED]
Replies: 6
Views: 844

Re: First Guess at VLAN on the Switch Chip [SOLVED]

When thinking about switch-cpu1 port ... just think of your switch chip as having 6 (otherwise equal ports), one of them being named "switch-cpu1" and connected to CPU. So it only has to be member of certain VLAN if CPU has to deal with traffic in that VLAN. E.g. if there's a VLAN which ha...
by mkx
Mon Mar 04, 2024 10:00 pm
Forum: Beginner Basics
Topic: HD space questions
Replies: 3
Views: 325

Re: HD space questions

Having 4MB free out of 16MB of storage is decent. And will probably suffice for v7 as well. Whether 32GB is enough for your future endavours or not is entirely up to you. My MT devices run with zero added storage just fine, but my (home made) multipurpose networked device is tight at 8TB. So YMMV. B...
by mkx
Mon Mar 04, 2024 10:57 am
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 460
Views: 92312

Re: v7.14 [stable] is released!

If values are actually overwritten then it is possible for them to change if defaults are changed ... That would require support in winbox ... either "winbox default config" (which would then depend on winbox version) or winbox would be able to read (and interpret) device's default config...
by mkx
Mon Mar 04, 2024 10:44 am
Forum: General
Topic: secure IPv6 and port forwarding?
Replies: 3
Views: 337

Re: secure IPv6 and port forwarding?

or you'll have to set IPv6 addresses on server-like devices manually. If you use SLAAC/NDP on the LAN side, won’t these server-like devices get the same v6 address each time? In theory yes. But when allowing devices to use SLAAC they often assume multiple addresses: one is MAC address based (and is...
by mkx
Mon Mar 04, 2024 10:31 am
Forum: General
Topic: RB4011iGS+ problem with VLAN mtu after reboot
Replies: 5
Views: 351

Re: RB4011iGS+ problem with VLAN mtu after reboot

I'd say it's a bug ... I'd somehow expect returning MTU to 1500 after disabling EOIP (if EOIP is carried over VLAN, then disabling VLAN will disable EOIP). But I wouldn't expect MTU to remain at 1500 after adding EOIP (with low MTU) back. So I'd say that the bug is that MTUs are not thoroughly check...
by mkx
Mon Mar 04, 2024 9:23 am
Forum: General
Topic: RB4011iGS+ problem with VLAN mtu after reboot
Replies: 5
Views: 351

Re: RB4011iGS+ problem with VLAN mtu after reboot

All devices in same L2 broadcast domain should use same MTU. And hence bridge will assume lowest possible MTU of all member ports. That's because L2 entities (bridges, switches) don't fragment frames, they can either forward them unaltered or drop them. If you want to have "transparent" br...
by mkx
Mon Mar 04, 2024 9:17 am
Forum: General
Topic: First Guess at VLAN on the Switch Chip [SOLVED]
Replies: 6
Views: 844

Re: First Guess at VLAN on the Switch Chip [SOLVED]

Is there any benefit of configuring VLANs this way when supported ? On devices with Qualcomm switch chips (QCAxxxx or ARxxx), mostly present in devices with Qualcomm ASICs (QCAxxxx), bridge is not offloaded to hardware. So if you want to use device as a swtich and have wirespeed performance without...
by mkx
Mon Mar 04, 2024 9:09 am
Forum: RouterBOARD hardware
Topic: new CCR2116 dead after restart
Replies: 1
Views: 278

Re: new CCR2116 dead after restart

You really should be reporting this to support@mikrotik.com ... we, forum members (who are not MT staff in vast majority) won't be able to help you.
by mkx
Mon Mar 04, 2024 9:02 am
Forum: Wireless Networking
Topic: cAP AX Blocking Performance at gigabit?
Replies: 6
Views: 567

Re: cAP AX Blocking Performance at gigabit?

That is a shame. I will have to figure out another solution. You can (almost) always use RBGPOE - a passive PoE injector. It's specified at 2A and can go up to 57V. The only thing it doesn't do: it doesn't free up one power socket ... as you have to use a power adapter to provide power to it (and c...
by mkx
Mon Mar 04, 2024 8:58 am
Forum: Wireless Networking
Topic: Wifi client DNSA-141 disconnects without obvious reason, prefer AP in longer distance
Replies: 11
Views: 1667

Re: Wifi client DNSA-141 disconnects without obvious reason, prefer AP in longer distance

Is there any way to foce CAPSMAN not to restart Wifi when loosing connectivity with CAP ?
No.
by mkx
Mon Mar 04, 2024 8:57 am
Forum: General
Topic: First Guess at VLAN on the Switch Chip [SOLVED]
Replies: 6
Views: 844

Re: First Guess at VLAN on the Switch Chip [SOLVED]

Close. Just keep vlan membership of ports under /interface ethernet switch vlan in line with intended port role. E.g. if ether2 is only supposed to be access port to VLAN 20, then it should only be member of VLAN 20 under this configuration "branch" ... the way it's configured now (PVID a....
by mkx
Mon Mar 04, 2024 8:48 am
Forum: General
Topic: secure IPv6 and port forwarding?
Replies: 3
Views: 337

Re: secure IPv6 and port forwarding?

your router should request a prefix from ISP. That's done by DHCPv6 client. It should store received prefix to address pool. Most ISPs will provide decent prefixes (e.g. /56 or even /48), some will only provide a /64 prefix which is marginally usable (see below). assign an /64 address from pool to ...
by mkx
Mon Mar 04, 2024 8:38 am
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 733

Re: Bridge VLAN prerouting

The way I read your description ... are you using multiple bridges? The issue you're having may have to do with HW offload. But I'm really guessing here as you didn't show your configuration (so we can only guess as to what you actually have) nor you mentioned the exact device model (HW offload is u...
by mkx
Mon Mar 04, 2024 8:30 am
Forum: Beginner Basics
Topic: HD space questions
Replies: 3
Views: 325

Re: HD space questions

and am wondering if a usb key would increase the total as HD space, or if it would be counted as different space. Added USB key counts as separate HD space. It can be used for everything that allows to set files location explicitly (the dude, containers, rose storage, logging to disk, ...), but not...
by mkx
Mon Mar 04, 2024 8:22 am
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 706

Re: Question about ingress VLAN translation

This was inspired by a terse note on Mikrotik's documentation https://help.mikrotik.com/docs/display/ROS/CRS3xx%2C+CRS5xx%2C+CCR2116%2C+CCR2216+switch+chip+features#CRS3xx,CRS5xx,CCR2116,CCR2216switchchipfeatures-IngressVLANtranslation . I wonder what type of setup they had in mind, where such VLAN...
by mkx
Sun Mar 03, 2024 5:18 pm
Forum: General
Topic: I can't get my network to work in Gigabit [SOLVED]
Replies: 15
Views: 1344

Re: I can't get my network to work in Gigabit [SOLVED]

There are two types of crimp RJ45 connectors. More common are connectors for stranded cables, their contacts have "blades" which, when being crimped, cut into stranded wire cores. The other connector type is for solid cables, their contacts have "fork-like blades", which tear the...
by mkx
Sat Mar 02, 2024 9:10 pm
Forum: General
Topic: I can't get my network to work in Gigabit [SOLVED]
Replies: 15
Views: 1344

Re: I can't get my network to work in Gigabit [SOLVED]

Here's the output of /interface ethernet print detail
And what does /interface ethernet ether2 once show?
by mkx
Sat Mar 02, 2024 8:21 pm
Forum: Beginner Basics
Topic: ipv6 ND /64 and PD /48 problems
Replies: 13
Views: 770

Re: ipv6 ND /64 and PD /48 problems

My experience is that sonetimes it is necessary to reboot ROS device in order to fully apply configuration changes. E.g. pool has to be "replenished" for it to be able to start handing out different prefix size.
by mkx
Sat Mar 02, 2024 8:05 pm
Forum: Beginner Basics
Topic: ipv6 issues with hEX S RB760iGS
Replies: 11
Views: 760

Re: ipv6 issues with hEX S RB760iGS

If you went from v6 to v7 via upgrade, then upgrade process converts existing config. Since IPv6 config was empty, it remained empty after upgrade. Upgrade never applies default config. You can see default config (including IPv6) by running command /system/default-configuration/print inside a really...
by mkx
Sat Mar 02, 2024 7:59 pm
Forum: Beginner Basics
Topic: ipv6 ND /64 and PD /48 problems
Replies: 13
Views: 770

Re: ipv6 ND /64 and PD /48 problems

ipv6-dhclient.jpg prefix-length should be set to /64 ... this setting defines prefix sizes which will later be handed out by the pool. If you wan't to "suggest" to upstream DHCP server the prefix (and length) you want to receive, you do it using prefix hint field ... like you already do, ...
by mkx
Sat Mar 02, 2024 7:24 pm
Forum: Beginner Basics
Topic: 2 MIKROTIKs and 2 isolated LANs
Replies: 5
Views: 534

Re: 2 MIKROTIKs and 2 isolated LANs

The clients of LAN B should have access to routers from network A (192.168.88.1 & 192.168.88.100) through,eg Winbox and this will enable me to carry out diagnostics - then I will be able to connect to LAN B and log in to the router. I think I don't have to do anything to achieve this? I'm right...
by mkx
Sat Mar 02, 2024 7:06 pm
Forum: Beginner Basics
Topic: Static Route, i can ping client but not gateway
Replies: 10
Views: 610

Re: Static Route, i can ping client but not gateway

The stove has its own dhcp server which cannot be touched. the stove works like a router, you connect to its ssid via its own wifi and control it from there. It doesn't go online alone. you connect to the stove and control it with its app. I would like to integrate it with my home automation server...
by mkx
Sat Mar 02, 2024 2:48 pm
Forum: Beginner Basics
Topic: ipv6 issues with hEX S RB760iGS
Replies: 11
Views: 760

Re: ipv6 issues with hEX S RB760iGS

On ROS v6, ipv6 package is optional and by default it's not even installed (it has to be downloaded from mikrotik download page in extras archive, unpacked and uploaded to device). And since it's installed later than the rest of system, default setup doesn't get applied (that only gets applied when ...
by mkx
Thu Feb 29, 2024 9:01 pm
Forum: Beginner Basics
Topic: Static Route, i can ping client but not gateway
Replies: 10
Views: 610

Re: Static Route, i can ping client but not gateway

And does the stove have default route set for its own use? The point of my questions is my suspicion that stove (and the rest of devices in that subnet) doesn't know that it gas to use mAP as gateway to communicate with 192.168.0.0/24 (and also internet). Stove needs to be set with proper route conf...
by mkx
Thu Feb 29, 2024 8:49 pm
Forum: Beginner Basics
Topic: Static Route, i can ping client but not gateway
Replies: 10
Views: 610

Re: Static Route, i can ping client but not gateway

Does DHCP setup on stove include default route? If it does, what is it?
by mkx
Thu Feb 29, 2024 8:55 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM fan upgrade
Replies: 2
Views: 433

Re: CRS328-24P-4S+RM fan upgrade

I would have to install such devices in poorly ventilated and hot RACK cabinets ... I'm not sure if your plan is going to work in these conditions. The task of fans is to move ambient air efficiently through device with focus on air flow over hot surfaces. And assumption is that ambient air is suff...
by mkx
Thu Feb 29, 2024 8:38 am
Forum: Wireless Networking
Topic: WIFI AP with WIFI Upstream
Replies: 3
Views: 292

Re: WIFI AP with WIFI Upstream

I'd suggest to go with dual-radio device (i.e. 2.4GHz + 5GHz bands). The reason is requirement for using WiFi as upstream. The problem is that when device uses same radio both in station mode (required to connect to upstream AP) and AP mode (required for wireless devices to connect to it), master in...
by mkx
Thu Feb 29, 2024 8:25 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257401

Re: v7.13.5 [stable] is released!

...and obviously written without the required English skills. OT but stating that and than write "peopleS" more than once ... quite a shot to the knee i might add ;) peopleS is a valid spelling in certain cases. I wouldn't say that @spippan didn't use it correctly in his post. BTW, I'm no...
by mkx
Thu Feb 29, 2024 8:11 am
Forum: General
Topic: L3HW traffic monitoring
Replies: 6
Views: 808

Re: L3HW traffic monitoring

There is no solution for this. L3HW offload implementation doesn't provide any detailed statistics, so if you need it, then ... well, you unfortunately can't use L3HW offload.
by mkx
Thu Feb 29, 2024 8:10 am
Forum: General
Topic: CRS305-1g-4s+ - issues on port mirror
Replies: 1
Views: 236

Re: CRS305-1g-4s+ - issues on port mirror

Show the configuration from /interface/bridge and /interface/ethernet ... it's likely that your switch has HW offload enabled (otherwise it wouldn't be able to switch traffic at wirespeed) and port mirroring doesn't actually work.
by mkx
Wed Feb 28, 2024 7:17 pm
Forum: General
Topic: Address pool for SRC-NAT [SOLVED]
Replies: 5
Views: 810

Re: Address pool for SRC-NAT [SOLVED]

Thanks you both for chipping in! Sounds like what I was expecting. Although @mkx why do you say that "they should not be"? Will that interfere with the nat translations and forward traffic to the wrong place or is that a best-practice suggestion that could also be done differently? If pac...
by mkx
Wed Feb 28, 2024 7:05 pm
Forum: General
Topic: IPv6 between bridges
Replies: 23
Views: 1580

Re: IPv6 between bridges

It seems to me that there's a major error in config ... perhaps on ISP's side. The setup you have is similar to this one from IPv4: ISP router: 1.1.0.1/16 your router WAN: 1.1.0.2/16 your router LAN: 1.1.1.1/24 server in LAN: 1.1.1.2/24 It's clear that ISP's router expects it's able to deliver packe...
by mkx
Wed Feb 28, 2024 4:04 pm
Forum: General
Topic: hapAC2 - Out of HDD space/safe free disk space
Replies: 7
Views: 557

Re: hapAC2 - Out of HDD space/safe free disk space

As @holvoetn wrote: as long as you use those arm/ac devices with 15.8MB storage as simple APs they will (very probably) run just fine. The problem arises if they are used for anything else (e.g. as router as I'm using it, or if one needs any other optional package, e.g. zerotier). In that case ROS m...
by mkx
Wed Feb 28, 2024 3:52 pm
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 706

Re: Question about ingress VLAN translation

I thought the whole idea of routers and smart switches is that the router is only involved when access to the internet is required or cross vlan traffic ( firewall rules ). Yes, but @OP wants to use ACLs to route between src-address=192.168. 20 .17/24 and dst-address=192.168. 30 .17/24 These are di...
by mkx
Wed Feb 28, 2024 3:48 pm
Forum: Beginner Basics
Topic: L009UiGS-RM: Default route is not part of exported configuration (/export command)
Replies: 7
Views: 628

Re: L009UiGS-RM: Default route is not part of exported configuration (/export command)

It's probably a bug. On my audience running 7.13.2 I can see it in export: /ip/route> print Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC; H - HW-OFFLOADED Columns: DST-ADDRESS, GATEWAY, DISTANCE # DST-ADDRESS GATEWAY DISTANCE 0 As 0.0.0.0/0 192.168.99.1 1 DAc 192.168.99.0/24...
by mkx
Wed Feb 28, 2024 3:32 pm
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 706

Re: Question about ingress VLAN translation

I would like to apply simple, local optimization for inter-VLAN routing on the switch via ACL filter rule ... I may be wrong, but IMO you can't do it. Normal hosts work like this: if destination IP address is in the same IP subnet (same subnet address with same network mask), then they expect to co...
by mkx
Tue Feb 27, 2024 8:30 pm
Forum: General
Topic: RB5009 - problem with USB port for LTE modem
Replies: 16
Views: 1007

Re: RB5009 - problem with USB port for LTE modem

In this case you may want to ask support@mikrotik.com directly if there's a reason for modem not working in your particular device/ROS combination.
by mkx
Tue Feb 27, 2024 7:51 pm
Forum: General
Topic: hapAC2 - Out of HDD space/safe free disk space
Replies: 7
Views: 557

Re: hapAC2 - Out of HDD space/safe free disk space

hAP ac2 runs great with 7.13+ ... with plenty of free storage (3MB free).

But it does so as wireless-less device (i.e. no wireless or wifi-qcom-ac package installed). Don't we love Mikrotik? :lol:
I couldn't get device work reliably with wifi-qcom-ac installed and config is not that complex.
by mkx
Tue Feb 27, 2024 7:42 pm
Forum: General
Topic: RB5009 - problem with USB port for LTE modem
Replies: 16
Views: 1007

Re: RB5009 - problem with USB port

When I connect USB modem - in system/recourse/usb modem appears ... This only proves that USB device is known to host (RB5009), the name is taken from USB IDS database (likely expirt from http://www.linux-usb.org/). But this doesn't mean that ROS has necessary driver available and without driver yo...
by mkx
Tue Feb 27, 2024 7:36 pm
Forum: General
Topic: Address pool for SRC-NAT [SOLVED]
Replies: 5
Views: 810

Re: Address pool for SRC-NAT [SOLVED]

2) Pretty sure 10.20.20.2/29 will need to be added to your WAN interface It really depends on how exactly ISP delivers traffic for the additional IP addresses. If they use "base" IP address as next hop downstream, then none of those addresses need to be present on WAN interface (even more...
by mkx
Tue Feb 27, 2024 7:30 pm
Forum: General
Topic: IPv6 between bridges
Replies: 23
Views: 1580

Re: IPv6 between bridges

When pinging ISP router from br_lan it sends NS but does not get a reply as multicast packet is not forwarded between br_wan and br_lan to host Again: how exactly are you pinging "from br_lan"? I pointed out in post #7 why it is generally flawed due to misunderstanding the meaning of inte...
by mkx
Tue Feb 27, 2024 7:05 pm
Forum: Beginner Basics
Topic: CRS5 multiple vlans [SOLVED]
Replies: 5
Views: 1026

Re: CRS5 multiple vlans [SOLVED]

If you don't want to tear bridge apart, then you can change properties of existing item using set command. I.e. if you have /interface/bridge add name=bridge /interface/bridge/port add bridge=bridge interface=ether1 and you want to set pvid for port ether1, you can do it like this: /interface/bridge...
by mkx
Mon Feb 26, 2024 7:52 pm
Forum: Wireless Networking
Topic: Wifi-qcom-ac problem after upgraded to 7.13.4
Replies: 11
Views: 929

Re: Wifi-qcom-ac problem after upgraded to 7.13.4

But if I connected to the ssid using a mobile first, then the esp32 can connect to the ssid right away. I also performed the test on a virtual interface and got the same result. Try to set disable-running-check=yes on wifi interface(s). Reasoning: when there are no stations connected to AP, wifi in...
by mkx
Mon Feb 26, 2024 4:40 pm
Forum: General
Topic: Really strange issue with one single LAN address
Replies: 2
Views: 246

Re: Really strange issue with one single LAN address

Either you have something in router config targeting explicitly the offending IP address ... or you have another device on the network with said address configured and then it causes MAC address conflict which severely disturbs data flow. So far it's impossible to tell if either of my theories have ...
by mkx
Mon Feb 26, 2024 4:24 pm
Forum: General
Topic: How to stop NTP client logging
Replies: 4
Views: 522

Re: How to stop NTP client logging

Hi I have hap ac lite @7.10.2 that bores me with so many NTP entrieson log, I don't understand why it needs to syncronize so often ... Normally if NTP client doesn't have to step clock, it doesn't emit any log. And normally stepping clock only happens shortly after booting device as initial time es...
by mkx
Mon Feb 26, 2024 4:19 pm
Forum: General
Topic: Bridge and Independent VLAN learning - VLAN interfaces locked MAC addresses
Replies: 2
Views: 268

Re: Bridge and Independent VLAN learning - VLAN interfaces locked MAC addresses

AFAIK it's customary to have same MAC address in all VLANs handled by same hardware interface in many OSes. In addition: this is not a problem at all with IVL as all switches will build their FDB with triplets VID+MAC+port. This can be a problem with SVL when different VLANs take different paths (e....
by mkx
Mon Feb 26, 2024 4:07 pm
Forum: General
Topic: IPv6 between bridges
Replies: 23
Views: 1580

Re: IPv6 between bridges

I am adding the default as follows add dst-address=::/0 gateway=2a02:aXXX:8::1%br_wan You should set gateway IPv6 address to address of upstream (i.e. ISP's) router. Not IPv6 address of your WAN interface. If you don't know GUA of ISP's router, then it may be possible to use it's ULA in route defin...
by mkx
Mon Feb 26, 2024 4:03 pm
Forum: General
Topic: IPv6 between bridges
Replies: 23
Views: 1580

Re: IPv6 between bridges

As mentioned in post #5 tested also different /64 on both br_wan and br_lan, they can not reach each other

As mentioned in post #7 above, your testing is flawed.
by mkx
Sun Feb 25, 2024 11:53 pm
Forum: General
Topic: install a paskage via consile
Replies: 3
Views: 363

Re: install a paskage via consile

After you place optional package to the root of router's storage, it'll get installed (if it's correct for the device) automatically when you reboot device.
by mkx
Sun Feb 25, 2024 11:49 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 943

Re: Isolated Guest WiFi Sans VLANs

I thought I made it clear in the article that we're talking about a home Internet gateway. I've skimmed through the article again and it's still not clear to me that the article is about adding guest wifi on the main router device. I guess you put too much emphasis on how much you loathe VLANs :win...
by mkx
Sun Feb 25, 2024 11:38 pm
Forum: RouterBOARD hardware
Topic: RBM11G v6.49.13 upgrading to v7?
Replies: 2
Views: 465

Re: RBM11G v6.49.13 upgrading to v7?

Check logs immediately after device reboots (as part of upgrade procedure), it should state the reason for not upgrading.
by mkx
Sun Feb 25, 2024 11:35 pm
Forum: General
Topic: Firewall input chain and broadcast packets
Replies: 4
Views: 1175

Re: Firewall input chain and broadcast packets

The bottom line is that in the wilderness of internet the only safe approach is to block all except what you know you have to pass. So you can either create a bunch of drop rules (anything you can think of) and make your router a bit slower (because some packets will have to traverse many drop rules...
by mkx
Sun Feb 25, 2024 11:19 pm
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 1123

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

And you're sure there isn't another path between 172.20.255.249 and 172.22.2.11 which would allow packets to bypass your RB?
by mkx
Sun Feb 25, 2024 11:05 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 943

Re: Isolated Guest WiFi Sans VLANs

It's hard to tell if your setup is "water tight" because it very much depends on the rest of configuration of the wireless device itself and on overall topology of your network. You didn't give that context in your article and that makes your article IMO pretty useless for a random reader....
by mkx
Sun Feb 25, 2024 10:42 pm
Forum: Beginner Basics
Topic: RB951Ui-2HnD
Replies: 6
Views: 560

Re: RB951Ui-2HnD

Web-proxy (transparent) ?

That would only work for HTTP (no S) which is quickly becomming extinct these days.
by mkx
Sun Feb 25, 2024 10:39 pm
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 1123

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

Can you add "log=yes" to the drop invalid rule and show a few log lines? I don't see anything utterly wrong in config ... but seeing exact logs may help to get closer to the problem.
by mkx
Sun Feb 25, 2024 10:08 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 8783

Re: VLANS creation and testing-AX2

I also notice that the AX3 router has no switch chips ...

Has one ... it's part of SoC, but needs external PHYs.
by mkx
Sun Feb 25, 2024 5:16 pm
Forum: General
Topic: IPv6 between bridges
Replies: 23
Views: 1580

Re: IPv6 between bridges

A typical setup would be the ISP provides a /64 just for the WAN link and a /48 routed to your address on that link. Another option is for ISP to provide /48 (or /56) via DHCPv6 prefix delegation and routing (etc.) via RAs. It can be a "statically assigned" prefix, just like "static ...
by mkx
Sun Feb 25, 2024 5:08 pm
Forum: General
Topic: IPv6 between bridges
Replies: 23
Views: 1580

Re: IPv6 between bridges

Ping from br_lan to br_wan does not work /ping 2a02:a3XX:8:1::1 interface=br_lan With the command quoted you told ROS to "ping said address, but use br_lan as egress interface" ... which is overriding routing decission. And IPv6 address of br_wan is not accessible via br_lan. In short: yo...
by mkx
Sun Feb 25, 2024 5:00 pm
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 1123

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

There should be another rule for posters: post actual config, not the script which is supposed to add wanted functionality.

Because it's everybody's guess how device is configured prior to application of published script. But that does matter. A lot.
by mkx
Fri Feb 23, 2024 2:44 pm
Forum: General
Topic: UDP faster than TCP - why?
Replies: 4
Views: 454

Re: UDP faster than TCP - why?

I testet with UDP (single stream) and it reached almost 850-900 Mbps throughput. The questiosn is - and what I want to understand -, why has TCP vs. UDP such an immense influence in regards to the throughput? Did you see this number reported by receiver? One of big differences is that TCP is acknow...
by mkx
Fri Feb 23, 2024 2:04 pm
Forum: General
Topic: Masquerade with Multiple IPs
Replies: 3
Views: 331

Re: Masquerade with Multiple IPs

Masquerade does slight magic when deciding which IP address to use for SRC-NAT and gracefully handles changes. But I don't think it handles multiple IP addresses on egress interface in any particular way, so it probably simply uses one (possibly the first one configured).
by mkx
Fri Feb 23, 2024 1:53 pm
Forum: Beginner Basics
Topic: router not broadcasting wifi
Replies: 12
Views: 846

Re: router not broadcasting wifi

Where were you when I said ...
Wasn't it @anav who said that? :wink:
by mkx
Thu Feb 22, 2024 6:43 pm
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 47285

Re: v7.14rc [testing] is released!

Isn't it recommended by Mikrotik documentation in the L3HW docs and the basic VLAN docs to not place a VLAN directly on top of a physical interface? It is. But that's only true for devices supporting L3HW (which RB5009 doesn't). Which in turn only works for "plain" VLANs ... but we're dis...
by mkx
Wed Feb 21, 2024 8:49 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257401

Re: v7.13.5 [stable] is released!

After upgrade from 7.12.1 to 7.13.5 (but surely it will be the case with any 7.13.x version), wireless package was also present, eating away precious storage space. Why ? On a switch ? Because upgrader is obviously pretty stupid (as it can't only install e.g. wireless driver for device's chipset) a...
by mkx
Wed Feb 21, 2024 8:41 pm
Forum: RouterBOARD hardware
Topic: New L11UG-5HaxD
Replies: 28
Views: 6245

Re: New L11UG-5HaxD

So no, bridging still doesn't work between old/new wireless packages.
As the rumours go it'll stay this way ... i.e. no bridging between wifi and wireless drivers ... ever.
by mkx
Wed Feb 21, 2024 7:58 pm
Forum: Wireless Networking
Topic: Do hAP ax2/3 support AP + STA mode?
Replies: 2
Views: 314

Re: Do hAP ax2/3 support AP + STA mode?

On MT devices with dual radio (e.g, 2.4GHz + 5GHz) these are idependent abd can be configured in completely different manners. So yes, you can configure e.g. 2.4GHz radio as station and 5GHz radio as AP. And yes, the "uplink radio" can be stand-alone in L2 sense, so traffic has to be route...
by mkx
Wed Feb 21, 2024 6:38 pm
Forum: Beginner Basics
Topic: Translate the income ip to the ethernet
Replies: 4
Views: 451

Re: Translate the income ip to the ethernet

So there's a SRC-NAT rule which triggers on connections from internet to your server. If you post your config, we might be able to find it.
by mkx
Wed Feb 21, 2024 6:32 pm
Forum: Beginner Basics
Topic: CRS125-24G-1S - Internet Link
Replies: 9
Views: 793

Re: CRS125-24G-1S - Internet Link

I don't know, but if the published tests talk of 240-250 with 25 firewall rules and you get 100-130 with 10 (or 7), it sounds like there is *something else* slowing down the network. AFAIK test results are achievable if fasttrack is in use, otherwise not easily. OP's config is a slight mess as it p...
by mkx
Mon Feb 19, 2024 9:34 pm
Forum: General
Topic: How to completelly kill all traces of V6 config
Replies: 2
Views: 334

Re: How to completelly kill all traces of V6 config

When running netinstall, there's option called "Keep old configuration" ... make sure it's not checked.
by mkx
Sun Feb 18, 2024 7:28 pm
Forum: Wireless Networking
Topic: Old wireless driver compatibility issue
Replies: 4
Views: 559

Re: Old wireless driver compatibility issue

My experience with a few legacy MT wireless devices is that they normally work up to around 5700MHz (country regulations permitting), so U-NII-1 and U-NII-2 (A,B and C). Higher than that they are iffy.

I don't think this is well documented in official documents (if at all).
by mkx
Sun Feb 18, 2024 6:18 pm
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1812

Re: Bridge filter rules not working

Feel for you buddy, looking at at CRS310 I just took out of the box. :-)
Anytime you want to wireguard in and look around let me know.
I don't think CRS310 is that sexy :wink:
by mkx
Sat Feb 17, 2024 10:29 pm
Forum: Wireless Networking
Topic: Old wireless driver compatibility issue
Replies: 4
Views: 559

Re: Old wireless driver compatibility issue

Which channel is used by AP (running wifi-qcom-ac driver)? I believe that wifi driver supports U-NII-3 channels (5720MHz and upwards), it seems that they are even preferred. Legacy wireless driver might not support them (or it supports them in a weird way, I couldn't make it use proper channel centr...
by mkx
Sat Feb 17, 2024 9:26 pm
Forum: General
Topic: Bridge and VLAN Interface on bridge MTU problem : MTU needs to be L2MTU - 1 ??
Replies: 2
Views: 325

Re: Bridge and VLAN Interface on bridge MTU problem : MTU needs to be L2MTU - 1 ??

We should be able to put the same MTU as the L2MTU. Generally setting MTU to a random value is wrong. Generally all devices in same IP subnet (which talk to each other without gateway) should have the same MTU set and unless one knows (much better) industry standard value of 1500 is safe to stick t...
by mkx
Fri Feb 16, 2024 11:04 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 8783

Re: VLANS creation and testing-AX2

CRSxxx are switches. And all have L2 HW offload. It's just that on CRS1xx and 2xx bridge can HW offload only basic switching (non-VLAN aware, etc.) while on CRS3xx and CRS5xx bridge can offload VLANs as well. This is what HW property on bridge ports is all about. But we didn't mention routing yet. B...
by mkx
Fri Feb 16, 2024 10:33 pm
Forum: Beginner Basics
Topic: MikroTik switch and Unifi Switch can no longer negotiate 10Gb connection over SFP+
Replies: 6
Views: 836

Re: MikroTik switch and Unifi Switch can no longer negotiate 10Gb connection over SFP+

Maybe I should revert back to e.g. 7.12 or earlier? If the MT-UFi combination worked back then, then downgrade would be a sensible action. But before doing it, create a supout.rif file (while MT and UFi are connected but don't negotiate 10Gbps) andvopen a trouble ticket with support@mikrotik.com .....
by mkx
Fri Feb 16, 2024 9:45 am
Forum: General
Topic: UDP Packet Mark
Replies: 1
Views: 274

Re: UDP Packet Mark

How exactly did you configure marking? And which UDP packets should be marked? And what do you mean by "traffic is not captured"?
by mkx
Thu Feb 15, 2024 11:00 pm
Forum: General
Topic: Vlan configuration with trunk port
Replies: 1
Views: 321

Re: Vlan configuration with trunk port

Post configuration of your mikrotik: open terminal window, execute /export file=anynameyouwish (and add hide-sensitive if device is running ROS v6), fetch file to your computer, open it with text editor and copy-paste it inside [ code] [/code] environment. Redact any remaining sensitive information ...
by mkx
Wed Feb 14, 2024 8:45 pm
Forum: Wireless Networking
Topic: hap ac2 switch chip vlan and WIFI setup with remote capsman
Replies: 10
Views: 798

Re: hap ac2 switch chip vlan and WIFI setup with remote capsman

Bridge MAC addresses are obfuscated, so not sure if this is relevant: I strongly recommend to set different MAC addresses to bridges. Just in case.
by mkx
Wed Feb 14, 2024 8:41 pm
Forum: General
Topic: 2 Station bridge and 1 master
Replies: 1
Views: 225

Re: 2 Station bridge and 1 master

I don't see why not.
by mkx
Tue Feb 13, 2024 9:22 am
Forum: SwOS
Topic: private VLAN for SAN to servers? [SOLVED]
Replies: 2
Views: 961

Re: private VLAN for SAN to servers? [SOLVED]

Under the VLAN tab I specified "enabled" and "only tagged" for those two ports. Which means that devices, connected to these two ports, have to be configured for tagged operation as well. Are they? If SAN and servers don't work with tagged VLANs, then you have to configure these...
by mkx
Tue Feb 13, 2024 9:19 am
Forum: RouterBOARD hardware
Topic: L11UG-5HaxD and 160mhz?
Replies: 1
Views: 507

Re: L11UG-5HaxD and 160mhz?

If the 2400Mbps number is correct, then it has to support 160MHz channels.
by mkx
Mon Feb 12, 2024 7:37 pm
Forum: Wireless Networking
Topic: hap ac2 switch chip vlan and WIFI setup with remote capsman
Replies: 10
Views: 798

Re: hap ac2 switch chip vlan and WIFI setup with remote capsman

I'm not using CAPsMAN (my hAP ac2 is currently wireless-less), so only like 2/3 of required config: interface bridge add admin-mac=BA:69:F4:xx:yy:zz auto-mac=no name=bridge port-cost-mode=short add admin-mac=B2:69:F4:xx:yy:zz auto-mac=no name=bridge41 add admin-mac=BE:69:F4:xx:yy:zz auto-mac=no name...
by mkx
Mon Feb 12, 2024 7:22 pm
Forum: General
Topic: WireGuard throughput depending on running torch [SOLVED]
Replies: 9
Views: 1066

Re: WireGuard throughput depending on running torch [SOLVED]

Here I started torch at ~4s to and stopped at ~12s: Hmm, it seems we'll have to educate @Mesquite (just like we had to educate @anav): torch disables fasttrack. And this prompts to reading the tutorial @rooterle linked ... which introduces mangle rules. And we all know that fasttrack and mangle rul...
by mkx
Mon Feb 12, 2024 12:25 pm
Forum: General
Topic: PPPoE Bonding - MLPPP vs Bonding vs NTH?
Replies: 1
Views: 306

Re: PPPoE Bonding - MLPPP vs Bonding vs NTH?

I think that middle option (bonding with PPPoE on it) wouldn't really work, PPPoE is an L2 point-to-point protocol, so src and dst MAC are always the same and no proper Tx strategy will be able to spread traffic of single PPPoE connection over multiple physical links (if there are multiple PPPoE con...
by mkx
Mon Feb 12, 2024 12:01 am
Forum: Wireless Networking
Topic: hap ac2 switch chip vlan and WIFI setup with remote capsman
Replies: 10
Views: 798

Re: hap ac2 switch chip vlan and WIFI setup with remote capsman

is it possible to create config with vlans using switch chip features and working wifi? It is possible, but it involves quite a few tricks outside "the beaten path" ... so not for the faint of heart. Before taking that path one has to ask himself what gains are expected ... realistically.
by mkx
Sun Feb 11, 2024 11:55 pm
Forum: General
Topic: Can't access hEX (pretty urgent) [SOLVED]
Replies: 30
Views: 2463

Re: Can't access hEX (pretty urgent) [SOLVED]

Not really. If export was "verbose", then you could reset the new one to empty config, then importing it wouldn't clash with config already present. If export is not "verbose", then some things may be different (or missing). Not many, but still ...
by mkx
Sat Feb 10, 2024 4:31 pm
Forum: General
Topic: L009UiGS-RM low transfer and high CPU usage [SOLVED]
Replies: 14
Views: 1308

Re: L009UiGS-RM low transfer and high CPU usage [SOLVED]

hAP ax2: 2625Mbps ... winner in "bang for buck" category.
by mkx
Fri Feb 09, 2024 11:32 pm
Forum: Beginner Basics
Topic: L2TP connection and the same LAN subnet IP
Replies: 10
Views: 1106

Re: RDP connection and the same LAN subnet IP

It's not about tunnel establishnent, it's about pushing routes from server to client. On MT L2TP those are configured for each user (these are created under /ppp/secret and routes are defined with property routes ). Corporate IP subnets should be set here along with L2TP server's tunnel local addres...
by mkx
Fri Feb 09, 2024 6:37 pm
Forum: General
Topic: Changelog Question
Replies: 21
Views: 1104

Re: Changelog Question

I'm saying that reset to defaults would be great ... and I've only mentioned wifi as an example why other parts of config (apart from firewall) would benefit from it as well. One case is to get anything (other than nothing and disabled interfaces), the other case is to start over with configuration ...
by mkx
Fri Feb 09, 2024 6:15 pm
Forum: General
Topic: Changelog Question
Replies: 21
Views: 1104

Re: Changelog Question

In 7.13 ability to reset /interface/wifi to defaults would be welcome for all WiFi5 devices previously running legacy wireless driver.
Actually, it does exist.
Great. But the command name is non-descriptive. Does it reset all the profiles as well?
by mkx
Fri Feb 09, 2024 5:53 pm
Forum: General
Topic: Changelog Question
Replies: 21
Views: 1104

Re: Changelog Question

It would be helpful when there was a separate commend/button to "reset firewall to default" Actually it would be good to have option to "reset to defaults" any configuration subsection. In 7.13 ability to reset /interface/wifi to defaults would be welcome for all WiFi5 devices p...
by mkx
Fri Feb 09, 2024 5:28 pm
Forum: General
Topic: Hex crashing with 7.5
Replies: 6
Views: 922

Re: Hex crashing with 7.5

If you have any special characters in your user name, for eg. š,č,ć
So đ and ž are fine? :lol:
by mkx
Fri Feb 09, 2024 5:17 pm
Forum: Beginner Basics
Topic: Drop invalid FW forward
Replies: 15
Views: 964

Re: Drop invalid FW forward

A comment on logged items: when either client or server decides to finish TCP connection, it'll send a packet with flags ACK and FIN to the other party. The other party will respond with FIN ACK as well. And any of parties might re-send FIN ACK (to make sure that the other party "gets it")...
by mkx
Fri Feb 09, 2024 3:29 pm
Forum: Beginner Basics
Topic: The ABC of CAPsMAN v2 (with updates) [SOLVED]
Replies: 46
Views: 4274

Re: The ABC of CAPsMAN v2 (with updates) [SOLVED]

And IMHO the possibility to override settings from an inherited profile is neat in some cases.

I'm not saying it's not neat, I agree with that. I'm saying that it's misleading (or confusing) as witnessed by @OP's experience.
by mkx
Fri Feb 09, 2024 8:56 am
Forum: Beginner Basics
Topic: L2TP connection and the same LAN subnet IP
Replies: 10
Views: 1106

Re: RDP connection and the same LAN subnet IP

Some VPN software (clients in conjunction with server) solve the problem by disabling access to client local LAN entirely ... routing all the traffic (excluding VPN packets obviously) through VPN interface. Including local IP subnet. This then solves the problem you're seeing but introduces another ...
by mkx
Fri Feb 09, 2024 8:49 am
Forum: Beginner Basics
Topic: The ABC of CAPsMAN v2 (with updates) [SOLVED]
Replies: 46
Views: 4274

Re: The ABC of CAPsMAN v2 (with updates) [SOLVED]

When writing configuration profiles to be provisioned, each profile has a section where you select the security profile. This is where the problem occurs. The selection of the security profile does not fill-in the form: the authentication types and passphrase are not filled in automatically. Why sh...
by mkx
Fri Feb 09, 2024 8:39 am
Forum: General
Topic: Bricked RB1100AHX4
Replies: 5
Views: 497

Re: Bricked RB1100AHX4

Hooked a console cable up and here is the output Nothing after that? It seems like routerboot is fine. I'd check power supplies though. A few years ago MT had a batch of bad capacitors which bulged with time (and devices started to misbehave in most strange ways). This problem affected both power s...
by mkx
Fri Feb 09, 2024 8:34 am
Forum: General
Topic: Hex crashing with 7.5
Replies: 6
Views: 922

Re: Hex crashing with 7.5

I tried NetInstall, the device does not appear in the Router/Drives section. I noticed the LAN connection is also coming on and off along with the blinking USR/LAN led. It seems like router in in a boot loop. Netinstall should work, however netinstall is a very fragile process (linux breed not so m...
by mkx
Thu Feb 08, 2024 7:26 pm
Forum: Beginner Basics
Topic: CRS5 multiple vlans [SOLVED]
Replies: 5
Views: 1026

Re: CRS5 multiple vlans [SOLVED]

According to this tutorial. Single bridge, two VLANs (ports either untagged/access or tagged/trunk). Bridge port doesn't have to be member of any (apart for management VLAN), certainly not having IP address (so no risk of CRS becoming a router).
by mkx
Thu Feb 08, 2024 1:24 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257401

Re: v7.13.4 [stable] is released!

Today MT sites are slow for me, e.g. downloading PDF (a few MB brochure) takes ages. Forum keeps asking me to log in. Some other sites work just fine. And I'm not running 7.13.4. So what gives?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 40