Community discussions

MikroTik App

Search found 6932 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 24
by mkx
Wed Dec 08, 2021 11:13 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30270

Re: MikroTik RB5009UG+S+IN

But how long the laser works? If the laser is older, is there a problem with max. lenght? Older-less powerfull laser-small distance? Well, the longevity of SFP modules largely depend on their quality and on actual operating temperature (to lesser extent). So if you intend to operate your link at ex...
by mkx
Wed Dec 08, 2021 10:57 pm
Forum: Beginner Basics
Topic: Test bandwidth Optic Fiber Vs Cable Cat 6
Replies: 1
Views: 75

Re: Test bandwidth Optic Fiber Vs Cable Cat 6

When running BT, run CPU profiler. I guess you'll see one of cores running at 100% which means CPU performance is bottleneck, not port performance. When performing bandwidth tests, you should run tests through device being tested, not by device being tested. In your case that would mean connecting t...
by mkx
Tue Dec 07, 2021 11:06 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30270

Re: MikroTik RB5009UG+S+IN

The RB5009 already is a switch. It has a powerful switch chip (that can do L3 routing) and a management processor that can do generic routing. The price may be a bit high for a simple switch, but MikroTik is not in unmanagable cheap switches anyway. If one needs around 15 to 20 gigabit ports and a ...
by mkx
Tue Dec 07, 2021 10:53 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 484
Views: 43544

Re: v7.1 is released!

Didn't you read any of posts in this thread? The only way of installing ROSv7 on de-bundled ROSv6 hAP ac2 is netinstall.
by mkx
Tue Dec 07, 2021 9:20 pm
Forum: RouterBOARD hardware
Topic: CRS106-1C-5S - SFPs temperature > 80°C
Replies: 1
Views: 124

Re: CRS106-1C-5S - SFPs temperature > 80°C

Search internet for "SFP temperature" presents a number of articles discussing the matter. And it boils down to this: if SFP temperature is outside specified limits, the link will likely fail, in case of high transmitter temperature also damage to receiver can happen. Temperature range for...
by mkx
Tue Dec 07, 2021 9:12 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30270

Re: MikroTik RB5009UG+S+IN

Of course it is an invitation to buy another RB5009! It would be nice to see MikroTik provide a couple of switches in the same form factor as the RB5009. Perhaps 10 to 12 ports, managed and unmanaged versions. That would work better for SOHO locations where usually only one router is required. Then...
by mkx
Tue Dec 07, 2021 6:42 pm
Forum: General
Topic: CRS326-24G-2S+ : 100% CPU utilization between networks
Replies: 5
Views: 329

Re: CRS326-24G-2S+ : 100% CPU utilization between networks

None of traffic passing CPU is HW offloaded. For CRS3xx devices running ROSv6 that's anything outside same subnet. And as said many times: CRS3xx are lousy routers (anything between different VLANs is routing) ... you can get a few percent improvement with smart config, not much more.
by mkx
Mon Dec 06, 2021 10:43 pm
Forum: General
Topic: UDP Broadcast to 255 does not work. Pls help.
Replies: 30
Views: 1056

Re: UDP Broadcast to 255 does not work. Pls help.

So, I wrote about workaround with forwarding broadcast request from 192.168.16.255 to 255.255.255.255 . Is it possible? I think yes and this workaround will solve my task I never tried DST-NAT to broadcast address, but it might work. Since technically this is intra-network traffic, you'll have to s...
by mkx
Mon Dec 06, 2021 9:37 pm
Forum: RouterBOARD hardware
Topic: RB5009 support
Replies: 17
Views: 3741

Re: RB5009 support

When the RB5009 ether1 WAN port is "advertising" 2.5G full duplex and is connected to a 2.5G ISP modem with gigabit speed service, the data transfer speed drops by about half to 300 to 400 Mb/s. Probably some interaction between bufering in the WAN device (which has to smooth bursts excee...
by mkx
Mon Dec 06, 2021 9:33 pm
Forum: RouterBOARD hardware
Topic: RB5009 support
Replies: 17
Views: 3741

Re: RB5009 support

...can be powered in 3 different ways It's not saying anything about redundancy. You're right, it doesn't. So one can assume (yeah, mother of all ...) it's the same way as with other mikrotiks with more than single powering source: it will draw power from source with highest voltage. If that one fa...
by mkx
Mon Dec 06, 2021 9:20 pm
Forum: Wireless Networking
Topic: SXT Lite 5 : Wireless transparent bridge with other brands
Replies: 1
Views: 92

Re: SXT Lite 5 : Wireless transparent bridge with other brands

Generally transparent bridges are not possible when adhearing to original wifi standards. Vendors implemented proprietary extensions, but as always they are mostly not compatible, hence they work only when both radios are from same vendor. WDS tried to fill the void, but seems that it's not working ...
by mkx
Mon Dec 06, 2021 9:15 pm
Forum: Wireless Networking
Topic: [MAC] requires more rates than we support
Replies: 4
Views: 284

Re: [MAC] requires more rates than we support

It doesn't make any sense to impose any limits on station. As @bpwl wrote, station has to follow whatever AP requests. And if connection allows advanced (g/n) communication, it will mostly be used, so possible lower rates won't be used anyway.
by mkx
Mon Dec 06, 2021 9:02 pm
Forum: General
Topic: UDP Broadcast to 255 does not work. Pls help.
Replies: 30
Views: 1056

Re: UDP Broadcast to 255 does not work. Pls help.

I know WHY! 1st device sent request to DHCP and he asked only for Router!: That's the cause. Odd (although technically correct) behaviour of MT DHCP server is that it only returns options asked for. Other DHCP server implementations tend to include all standard options in offer and many DHCP client...
by mkx
Mon Dec 06, 2021 8:44 pm
Forum: General
Topic: Only half bandwidth download with simple NAT setup?
Replies: 9
Views: 331

Re: Only half bandwidth download with simple NAT setup?

If your new and still learning why did you change/deviate from the default firewall rules?? Also you dont state which model of device you have?? There were no rules on the router. It was completely blank with no configuration. The router is a Mikrotik hEX You should reset configuration to defaults....
by mkx
Mon Dec 06, 2021 8:35 pm
Forum: General
Topic: Removing MKController
Replies: 2
Views: 169

Re: Removing MKController

I don't think MKcontroller has any affiliation with mikrotik ... so you should seek advice from MKcontroller.
by mkx
Mon Dec 06, 2021 2:32 pm
Forum: Beginner Basics
Topic: Static DNS entry unlimited TTL?
Replies: 5
Views: 479

Re: Static DNS entry unlimited TTL?

... if clients are to cache answer indefinitely, how does one force clients to get fresh value in case record changes? Answer: ipconfig /flushdns Yeah, right, that's LOL answer. And, BTW, doesn't work on my linux workstation. But if we're talking nonsense: DNS entry with unlimited TTL is the one wr...
by mkx
Mon Dec 06, 2021 2:21 pm
Forum: Beginner Basics
Topic: Static DNS entry unlimited TTL?
Replies: 5
Views: 479

Re: Static DNS entry unlimited TTL?

Is it possible to give a static DNS entry unlimited TTL? As @ConnyMercier already wrote ... it's not possible. And it's bad idea as well ... if clients are to cache answer indefinitely, how does one force clients to get fresh value in case record changes? It is customary to have TTL on DNS records ...
by mkx
Mon Dec 06, 2021 1:56 pm
Forum: Announcements
Topic: v6.49.2 [stable] is released!
Replies: 24
Views: 4146

Re: v6.49.2 [stable] is released!

*) device-mode - improved flagged router configuration detection;

Any other (minor) difference to 6.49.1? I'm wondering if it's worth upgrading from 6.49.1 if one isn't interested in this functionality?
by mkx
Sun Dec 05, 2021 9:11 pm
Forum: General
Topic: Guidance on logging traffic over a long period
Replies: 3
Views: 182

Re: Guidance on logging traffic over a long period

Seems like it did.
by mkx
Sun Dec 05, 2021 9:09 pm
Forum: General
Topic: UDP Broadcast to 255 does not work. Pls help.
Replies: 30
Views: 1056

Re: UDP Broadcast to 255 does not work. Pls help.

Do you have any way of checking actual network settings on that device after it's provisioned (by DHCP)? I'd be very much surprised if Mikrotik's DHCP server wouldn't send out correct netmask, I never saw any such bug report on this forum. Are you sure there isn't another DHCP server which might ser...
by mkx
Sun Dec 05, 2021 9:02 pm
Forum: General
Topic: Guidance on logging traffic over a long period
Replies: 3
Views: 182

Re: Guidance on logging traffic over a long period

Did you check on "Graphs", available from login page (before entering userbame and password) of WebUI? Or as "Graphs" menu item on the left side after logging in. There are a few things to configure under "Tools -> Graphing" ...
by mkx
Sun Dec 05, 2021 8:54 pm
Forum: General
Topic: UDP Broadcast to 255 does not work. Pls help.
Replies: 30
Views: 1056

Re: UDP Broadcast to 255 does not work. Pls help.

As your device answers to packets targeting address 255.255.255.255 but doesn't answer to broadcasts sent to actual broadcast address 192.168.16.255 it seems like device actually uses subnet mask /0 (which, along with own IP address, defines broadcast address). Hence doesn't recognise dst-adress as ...
by mkx
Sun Dec 05, 2021 7:35 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30270

Re: MikroTik RB5009UG+S+IN

I just purchased an RB5009 to replace my RB4011. Initially skeptical about the rack mount kit but it is ingenious. I agree, the mount kit looks great... How sturdy is rack kit when only single device is mounted? From the looks of it, it should be pretty good when even number of devices are mounted.
by mkx
Sun Dec 05, 2021 4:25 pm
Forum: General
Topic: CRS326-24G-2S+ : 100% CPU utilization between networks
Replies: 5
Views: 329

Re: CRS326-24G-2S+ : 100% CPU utilization between networks

So, in other words, if I remove VLAN filtering within the bridge for the two different subnets (LAN/WAN) but still use VLANs to distinguish the traffic per ethernet port, the IP firewall rules as defined will continue to work? Do I understand it correctly? If this is the case, will the routing perf...
by mkx
Sun Dec 05, 2021 4:09 pm
Forum: General
Topic: Truely fanless 10Gb switch with routerOS + hardware accceleration [Fixed]
Replies: 28
Views: 1571

Re: Truely fanless 10Gb switch with routerOS + hardware accceleration [Fixed]

It seems that all 10Gbps RJ45 SFPs consume relatively a lot of energy and thus run pretty hot. And they still have to remain under certain temperature threshold. For optical SFPs maximum environmental temperature is around 70°C, industrial temperature rating increases that to 80°C. And by environnen...
by mkx
Sun Dec 05, 2021 12:25 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 484
Views: 43544

Re: v7.1 is released!

Users are allowed to hawk their third-party wares in the official forum?

It's user forum (not official support forum) and no, generally propaganda posts are not tolerated unless such posts adds value to discussion. Which post in particular do you find disturbing?
by mkx
Sun Dec 05, 2021 12:13 pm
Forum: General
Topic: UDP Broadcast to 255 does not work. Pls help.
Replies: 30
Views: 1056

Re: UDP Broadcast to 255 does not work. Pls help.

Try setting multicast-helper=full on wlan1 interface. It says multicast, but works for broadcasts just the same.
by mkx
Sun Dec 05, 2021 11:30 am
Forum: Wireless Networking
Topic: 802.11ac severe speed degradation with ROS above 6.45.9 (LTS)
Replies: 26
Views: 2940

Re: 802.11ac severe speed degradation with ROS above 6.45.9 (LTS)

Does that happens to all Mikrotik AC devises or only ARM-based ones?

If you're asking about adhearence to regulatory limits ... then this happened to all MT wireless hardware at the same time, it is not specific to any architecture or wireless driver.
by mkx
Sat Dec 04, 2021 9:56 pm
Forum: RouterBOARD hardware
Topic: RB5009 support
Replies: 17
Views: 3741

Re: RB5009 support

Product page spends quite a few bits describing the 3 ways of powering RB5009.
by mkx
Sat Dec 04, 2021 9:52 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30270

Re: MikroTik RB5009UG+S+IN

ROS in general is pretty picky about SFP modules ... so be sure you get a module which is guaranteed to work with RB5009 (not all MT devices work with same modules). Multimode and single mode work with different fibre cables (difference is in core diameter, multimode uses thicker cores)) and differe...
by mkx
Sat Dec 04, 2021 9:22 pm
Forum: General
Topic: CRS326-24G-2S+ : 100% CPU utilization between networks
Replies: 5
Views: 329

Re: CRS326-24G-2S+ : 100% CPU utilization between networks

First of all, CRS devices are essentially switches with limited capacity for routing (which will change in ROSv7), so no wonder CPU hits the ceiling when device is pushed with routing duties. The HW offload (port status H) is about switching between port belonging to same L2 domain ... When device i...
by mkx
Sat Dec 04, 2021 11:52 am
Forum: Wireless Networking
Topic: 802.11ac severe speed degradation with ROS above 6.45.9 (LTS)
Replies: 26
Views: 2940

Re: 802.11ac severe speed degradation with ROS above 6.45.9 (LTS)

At some point in time (could be it was something like 2 years ago, quite likely after 6.45) Mikrotik started to observe country regulations about allowed Tx power (and some other details, such as DFS). As country regulations mostly restrict WiFi devices to some pretty liw EIRP, this means most of AP...
by mkx
Sat Dec 04, 2021 11:31 am
Forum: General
Topic: Download Router configuration
Replies: 11
Views: 511

Re: Download Router configuration

Without successful connection to router you can't get configuration. Generally there's no automatically made config to download, you have to create it first (via management UI) ... it is possible to create schedule for creating config files, but that's not done by default.
by mkx
Sat Dec 04, 2021 11:27 am
Forum: Beginner Basics
Topic: SFP Ethernet module as WAN port
Replies: 11
Views: 913

Re: SFP Ethernet module as WAN port

Could you tell me if the default firewall rules work with this change for WAN port? They seem to be for interface lists and not specific interfaces but I'm not sure. Indeed default firewall works with interface lists. So the easiest way to use another pirt as WAN port is to add that port to WAN int...
by mkx
Sat Dec 04, 2021 11:20 am
Forum: Beginner Basics
Topic: SFP Ethernet module as WAN port
Replies: 11
Views: 913

Re: SFP Ethernet module as WAN port

Why do ISPs have problems with SFP? I'll report if that is the case for me. Don't have much choice where I live. It's not that ISPs have problems with SFPs, rather it's that fibre can be used in various scenarios: FTTH (dual fibre or BiDi), GPON, .... all of those are different hardware-wise and re...
by mkx
Fri Dec 03, 2021 11:49 pm
Forum: Beginner Basics
Topic: Can't get »Using RouterOS to VLAN your network« up and running
Replies: 6
Views: 367

Re: Can't get »Using RouterOS to VLAN your network« up and running

It's hard to say what went wrong. With rescue pirt you will be able to dump actual device configuration (using /export from terminal window) at the moment of failure and we might advise how to solve the problem.
by mkx
Fri Dec 03, 2021 9:38 pm
Forum: RouterBOARD hardware
Topic: PowerBox Pro Wall Mount?
Replies: 9
Views: 1234

Re: PowerBox Pro Wall Mount?

After that the Device can be "Cliped" in
Clip it where on the wall and how ?
DIN rail mounting somehow implies pre-existing rail onto which device gets mounted (or rather cliped). The rail used can be extremely short so that it completely hides behind device cliped onto it.
by mkx
Fri Dec 03, 2021 9:30 pm
Forum: General
Topic: Smart home devices are still getting disconnected
Replies: 32
Views: 1341

Re: Smart home devices are still getting disconnected

But i have one AP which is TP-Link or UBNT and same device works normal, whithout leaving Makes me wonder: do you actually see any problems with those devices when connected to Mikrotik AP? Some reasons for disconnects, listed in post by @bpwl, will happen on other vendor's APs as well ... but thos...
by mkx
Fri Dec 03, 2021 9:20 pm
Forum: General
Topic: Mixed /30 and /24 on same subnet
Replies: 18
Views: 831

Re: Mixed /30 and /24 on same subnet

In other words can you have IP combinations of /30 + /29 + /28 + /27 + /26 + /25 along with /24 on a network? is this a bad configuration setup. Yes and no. When devices communicate between each other (unicast), they only use IP addresses ... or rather MAC addresses. However things likely go haywir...
by mkx
Fri Dec 03, 2021 9:50 am
Forum: General
Topic: CRS305-1G-4S+IN instead of "hAP ac" as internet router
Replies: 6
Views: 313

Re: CRS305-1G-4S+IN instead of "hAP ac" as internet router

but if it's just temporary and you do not have any large traffic, so then.... may can handle it But how is it good in your opinion in comparison with hAP ac? Can it replace it? Flasix thinks it is possible. Check official test results for both devices ... look under routing section, many people fin...
by mkx
Fri Dec 03, 2021 9:39 am
Forum: Beginner Basics
Topic: subnets
Replies: 19
Views: 1097

Re: subnets

In addition to what @sob mentioned: since security became high-profile stuff lately, quite some gadgets won't allow connections (either management only or even service) from IP addresses outside device's own IP subnet. So check settings to see if some sort of firewall on device blocks such connectio...
by mkx
Fri Dec 03, 2021 9:36 am
Forum: Beginner Basics
Topic: Can't get »Using RouterOS to VLAN your network« up and running
Replies: 6
Views: 367

Re: Can't get »Using RouterOS to VLAN your network« up and running

When you perform L2 reconfiguration (bridge, VLAN, ...), it is normal to loose management connection. But if things are configured correctly, you should be able to reconnect. Next time you start to configure stuff, remove one ether port from bridge (or don't add it to bridge if you start from comple...
by mkx
Fri Dec 03, 2021 9:21 am
Forum: RouterOS v7 BETA
Topic: hAP ac² Switch VLAN not working correctly
Replies: 10
Views: 964

Re: hAP ac² Switch VLAN not working correctly

Do you have any configuration related to VLANs done under /interface bridge? In ROSv6 it was possible to mix things, but sometimes things broke in some random ways so it's better not to mix settings.
by mkx
Fri Dec 03, 2021 9:15 am
Forum: Announcements
Topic: v7.1 is released!
Replies: 484
Views: 43544

Re: v7.1 [testing] is released!

Reading what you write above, it appears to be the same bug! Affects the RB4011 under 6.x and 7.x, does not affect the RB2011 and likely also not the TILE and MMIPS architectures as I use similar setups on routers of those architectures and I never encountered a problem. It seems to be an architect...
by mkx
Wed Dec 01, 2021 8:02 pm
Forum: Beginner Basics
Topic: Dynamic and Static IP MikroTik RouterBOARD 2011UiAS
Replies: 17
Views: 771

Re: Dynamic and Static IP MikroTik RouterBOARD 2011UiAS

In the left part you have "drop down" sub-tree items. Winbox has same hierarchy as CLI, so start with IP ...
by mkx
Wed Dec 01, 2021 7:57 pm
Forum: Beginner Basics
Topic: how to setup a correct firewall rules when the Mikrotik is behind the ISP modem [SOLVED]
Replies: 14
Views: 718

Re: how to setup a correct firewall rules when the Mikrotik is behind the ISP modem [SOLVED]

My VDSL modem can be put into bridge mode in the following way: disable PPPoE client i.e. disable WAN start pppoe client on Mikrotik, bound to WAN interface (ether1) add pppoe-out1 interface to WAN interface list The recipe above probably doesn't work if your ISP doesn't use PPPoE. If you keep using...
by mkx
Wed Dec 01, 2021 6:48 pm
Forum: Wireless Networking
Topic: PC behind mikrotik wireless client unable to ping gateway
Replies: 2
Views: 216

Re: PC behind mikrotik wireless client unable to ping gateway

What you're after is L2-transparent bridge over wifi and can't be done in standard way, it only works reliably when both wireless devices are from same vendor. More expkanation in this article: https://wiki.mikrotik.com/wiki/Manual:W ... tion_Modes
by mkx
Wed Dec 01, 2021 6:44 pm
Forum: Beginner Basics
Topic: RB5009 - IPv6 connection to Internet [SOLVED]
Replies: 4
Views: 358

Re: RB5009 - IPv6 connection to Internet [SOLVED]

Is it a bug?
Not sure. Could be ... or configuration mismatch (which supposedly didn't break things in v6).
by mkx
Wed Dec 01, 2021 6:23 pm
Forum: General
Topic: Has a RB4011 some hardware/sofware bugs now?
Replies: 5
Views: 400

Re: Has a RB4011 some hardware/sofware bugs now?

The last person complaining about RB4011 freezing is running ROS 6.47.10 ... which is rather old. While it's generally fine, very stable release, it's old for RB4011, which is by itself not that old and AFAIK some work had been done regarding stability in more recent ROS versions.
by mkx
Wed Dec 01, 2021 6:13 pm
Forum: General
Topic: Round Robin DNS for local host [SOLVED]
Replies: 3
Views: 259

Re: Round Robin DNS for local host [SOLVED]

When single host has multiple A records (multiple IP addresses), then usual DNS servers will return all of them in query response, only order can be changed on subsequent queries. How are then used those multiple addresses is entirely up to client (both resolver library and application), some will o...
by mkx
Wed Dec 01, 2021 6:02 pm
Forum: Beginner Basics
Topic: Scheduled "narrow online-time"
Replies: 2
Views: 189

Re: Scheduled "narrow online-time"

Would it be possible to shedule the MikroTek to "power-on" on a certain time demand and than go to deep sleep until next scheduled time. Nope, mikrotik is designed to be allways on. There are some devices with extremely low power consumption though (as low as a few watts) ... if that's be...
by mkx
Wed Dec 01, 2021 5:57 pm
Forum: Beginner Basics
Topic: Dynamic and Static IP MikroTik RouterBOARD 2011UiAS
Replies: 17
Views: 771

Re: Dynamic and Static IP MikroTik RouterBOARD 2011UiAS

I guess it's not necessary to disband bridge ... simply add IP address from 192.168.1.x subnet to bridge interface and set webcam to use it as default gateway. Different IP subnets don't have to be on different ethernet segments (although they usually are, one of reasons is tgat only one DHCP server...
by mkx
Wed Dec 01, 2021 5:50 pm
Forum: Beginner Basics
Topic: RB5009 - IPv6 connection to Internet [SOLVED]
Replies: 4
Views: 358

Re: RB5009 - IPv6 connection to Internet [SOLVED]

In ROSv7 there's routing problem for IPv6 when both pppoe-client and dhcp-client are set with add-default-route=yes. So disable this option on dhcpv6-client (pppoe-client knows that better) and try again.
by mkx
Tue Nov 30, 2021 7:30 pm
Forum: SwOS
Topic: Trying to bond with Ubuntu - now I cannot even ping
Replies: 2
Views: 298

Re: Trying to bond with Ubuntu - now I cannot even ping

One thing on ubuntu side: after you create bond0 interface out of eno1 and eno2, you use bond0 for the rest (e.g. dhcp client). So remove dhcp client from members of bond. As to switch part: post configuration of ports bonded ... as it's SwOS, screenshots will have to do. Your initial post includes ...
by mkx
Tue Nov 30, 2021 7:15 pm
Forum: General
Topic: IPv6 Issue Need Help
Replies: 4
Views: 297

Re: IPv6 Issue Need Help

Link-local addresses are in principle non-routable so they are only accessible inside same L2 network (ethernet). LAN3 is behind the router but LAN2 is likely not ... depending on how switch connected to server is configured. If it's configured with VLANs then that (if configured properly) would blo...
by mkx
Tue Nov 30, 2021 6:59 pm
Forum: Beginner Basics
Topic: SM Fiber Modules
Replies: 4
Views: 296

Re: SM Fiber Modules

Specifically this one, seems to be super human! XS+2733LC15D https://mikrotik.com/product/xs_2733lc15d If Normis tries to sell you the very pair form picture on propaganda page, you'll be hosed ... because they are cloned (same wavelength which doesn't work well for BiDi, same serial number) ... :w...
by mkx
Tue Nov 30, 2021 6:17 pm
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 62
Views: 3266

Re: socks5 not working in routeros7 !

!!!!!! There you go. They have it on radar, but they consider it not to be top priority (and no, a few users fussing about it probably won't push it higher on the list ... unless some high volume reseller says this is THE killer application). So if it's not fixed in next RC, don't be alarmed, I'm s...
by mkx
Tue Nov 30, 2021 7:58 am
Forum: RouterOS v7 BETA
Topic: L3 hardware offload in FW mode - will there be any other devices than CRS317 supporting this mode?
Replies: 19
Views: 4094

Re: L3 hardware offload in FW mode - will there be any other devices than CRS317 supporting this mode?

No, I did not say anything about the performance of a C7. No, but you said it had L3 HW offload: ... an Archer C7 which has NAT and forwarding offloading ... And that was the statement I was debunking. Because HW offload doesn't work even with stock firmware due to lack of needed hardware ... even ...
by mkx
Mon Nov 29, 2021 10:00 pm
Forum: General
Topic: Any way to notify WiFi/Eth clients (Android, Windows) that uplink is a metered connection?
Replies: 2
Views: 370

Re: Any way to notify WiFi/Eth clients (Android, Windows) that uplink is a metered connection?

Mikrotik's DHCP server doesn't push DHCP options to clients, they are only included in DHCP responses if client asks for them. Some DHCP servers do push DHCP options even if not asked though. So it could as well be that Android 9 asks for that particular DHCP option while Android 11 doesn't. In whic...
by mkx
Mon Nov 29, 2021 9:41 pm
Forum: RouterOS v7 BETA
Topic: L3 hardware offload in FW mode - will there be any other devices than CRS317 supporting this mode?
Replies: 19
Views: 4094

Re: L3 hardware offload in FW mode - will there be any other devices than CRS317 supporting this mode?

Actually, I have bought an Archer C7 which has NAT and forwarding offloading, for 45EUR. So you're saying that Archer C7 can do wirespeed routing between any of its gigabit interfaces? Well, it can't, it only routes between WAN port and LAN port group (which includes wireless interfaces). If it can...
by mkx
Sat Nov 27, 2021 7:57 pm
Forum: Wireless Networking
Topic: Poor CAPsMAN performance
Replies: 19
Views: 1625

Re: Poor CAPsMAN performance

If I was a vendor, I'd advise to use Mikrotik gear :wink: And I, as a user, would not follow that advice for all types of equipment. but what to do if the vendor says. If you're buying mikrotik anyway, I won't accept a return for the reason "wifi performance is not good". I still thought ...
by mkx
Sat Nov 27, 2021 6:35 pm
Forum: Wireless Networking
Topic: Poor CAPsMAN performance
Replies: 19
Views: 1625

Re: Poor CAPsMAN performance

ignoring the advice from vendor and not choosing ubiquiti Whatever whichever vendor says is always biased (at least a little). So the best is to learn the whole lot and then make own educated decission. Which is impossible feat by itself because you'd have to know far too much about far too many po...
by mkx
Sat Nov 27, 2021 1:38 pm
Forum: RouterBOARD hardware
Topic: Associated / connect RB133 to other Access point
Replies: 6
Views: 5017

Re: Associated / connect RB133 to other Access point

One has to search on google. And check results. This page actually contains most of the necessary information: https://wiki.mikrotik.com/wiki/Manual:Wireless_Station_Modes Doesn't give a step-by-step recipe for any particular use case though. One side has to be configured as "AP-bridge" an...
by mkx
Sat Nov 27, 2021 1:27 pm
Forum: General
Topic: wireless-rep package for RB133 mipsle ?
Replies: 2
Views: 317

Re: wireless-rep package for RB133 mipsle ?

Last ROS version supporting MIPSLE seems to be 6.33.3.
by mkx
Sat Nov 27, 2021 1:22 pm
Forum: Beginner Basics
Topic: Correct VLAN Setting between Switches
Replies: 6
Views: 546

Re: Correct VLAN Setting between Switches

Don't use VLAN1 tagged ... many vendors (Mikrotik included) use it as kind of "native" VLAN (configuration has it as implicit default all over) and if you intend to use it as tagged, then one has to be really careful not to forget something to set properly. Or else things will misbehave in...
by mkx
Sat Nov 27, 2021 1:13 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 on RB600A
Replies: 7
Views: 1373

Re: v7.1beta4 on RB600A

Get the FWF bootloader for v7.1rc7 (tested that one only) If anybody wonders where to get the FWF file: open the main package (routeros-<version>-<architecture>.npk) using 7zip. In folder etc there will be one or more (depending on architecture) .fwf files. Use the file with file name containing na...
by mkx
Fri Nov 26, 2021 10:44 pm
Forum: General
Topic: Protection agains Frag attacks
Replies: 8
Views: 702

Re: Protection agains Frag attacks

How come I never see any of this so called attack traffic ??
Rule "drop all else" can be hardly applied to ISP's edge router / firewall.
by mkx
Fri Nov 26, 2021 8:48 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18213

Re: v7.1rc7 [development] is released!

Here ya go!
Won't help ... wrong power plug type (and probably voltage and frequency).
by mkx
Fri Nov 26, 2021 8:41 pm
Forum: RouterOS v7 BETA
Topic: hAP ac² Switch VLAN not working correctly
Replies: 10
Views: 964

Re: hAP ac² Switch VLAN not working correctly

/interface ethernet switch port has property vlan-header . Its setting is not shown in your config export meaning it's set to default value. Documentation states that default value is "leave-as-is" which is suitable setting for hybrid port. But default may have changed in v7 ... so do /in...
by mkx
Fri Nov 26, 2021 2:46 pm
Forum: Beginner Basics
Topic: subnets
Replies: 19
Views: 1097

Re: subnets

It is probably issue with firewall settings, but it's impossible to say for sure ... unless you post (anonymized) configuration. Execute command /export hide-sensitive file=anynameyouwish inside terminal window, fetch resulting file, open it in text editor, obfuscate any remaining sensitive informat...
by mkx
Fri Nov 26, 2021 7:21 am
Forum: RouterOS v7 BETA
Topic: IPv6 forwarding not working in 7.1beta6
Replies: 18
Views: 3176

Re: IPv6 forwarding not working in 7.1beta6

Set prefix-length to 64 on DHCP client. This property sets the prefix length as used when IPv6 address is assigned and has nothing to do with requesting pool from ISP (the prefix-hint is for that).
by mkx
Thu Nov 25, 2021 10:28 am
Forum: General
Topic: Mikrotik equipment to the new home
Replies: 20
Views: 1254

Re: Mikrotik equipment to the new home

Every mikrotik wireless device can be configured to only act as AP (as in ethernet to wireless gateway), the rest of functions (DHCP, routing, ...) are performed by other LAN entities (e.g. main router). Every mikrotik device running ROS (and probably SwOS, I don't have any SwOS experience) is fully...
by mkx
Wed Nov 24, 2021 8:44 pm
Forum: General
Topic: Wlan: Reduction of the transmission strength
Replies: 1
Views: 358

Re: Wlan: Reduction of the transmission strength

Currently it is possible to set tx-power property of wireless interface. Actual Tx power might be lower than this, actually it is the lowest value of the following: country regulation limit, reduced by amount of antenna gain maximum chipset capability (that's the table you posted) setting of propert...
by mkx
Wed Nov 24, 2021 8:23 pm
Forum: General
Topic: 6.48.5 doesn't always allow udp established connections
Replies: 2
Views: 536

Re: 6.48.5 doesn't always allow udp established connections

Ip firewall filter chain=output is only for connections initiated by router itself. If DNS service is running on router itself (192.168.66.1), then you need rules in chain=input ... usually that would be two rules: add chain=input action=accept connection-state=connected,related,untracked add chain=...
by mkx
Wed Nov 24, 2021 12:43 am
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 2032

Re: Working around NAT hairpin [SOLVED]

The rule you quoted in preceeding post is specific enough, you're good.
by mkx
Mon Nov 22, 2021 9:32 pm
Forum: General
Topic: IP addresses in the same subnet across multiple interfaces? [SOLVED]
Replies: 8
Views: 867

Re: IP addresses in the same subnet across multiple interfaces? [SOLVED]

If none of LAN infrastructure devices "play smart", then the most likely outcome would be asymmetrical packet flow: if some connection uses laptop's wireless IP address (ingress will flow through wireless) while routing priorities (e.g. due to lower metric) will use ethernet for egress. If...
by mkx
Mon Nov 22, 2021 7:10 pm
Forum: General
Topic: I needa help to config vlan3999 from siol provider [SOLVED]
Replies: 13
Views: 3342

Re: I needa help to config vlan3999 from siol provider [SOLVED]

Your VLAN config is a mess, no wonder multicast streams leak all over. Recomended reading: tutorial on how to do VLANs in RouterOS . In short: you should use single bridge with VLANs configured properly. We can help you get things straight, but I'd prefer if you studied the tutorial first so that yo...
by mkx
Mon Nov 22, 2021 8:38 am
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 140
Views: 24498

Re: v6.49.1 [stable] is released!

yes, yes ... but client wifi private passphrase works. it can connect to wireless SSID You seem to expect that wifi extender is sort of signal booster. Well, it's not, it simply wouldn't work like that.The way wifi extenders work is that they act both as WiFi client (connected to "normal"...
by mkx
Sun Nov 21, 2021 5:54 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 140
Views: 24498

Re: v6.49.1 [stable] is released!

CapsMan ... wifi users who are registered in "access list" did not listed "Registration table" IF they are connected to another microtik (mAP in my case) in repeater mode. if capsMan wifi network extended via wifi extender, connected allowed users not visible. If client is conne...
by mkx
Sun Nov 21, 2021 10:17 am
Forum: Beginner Basics
Topic: VLAN configuration for Wireless Wire RBwAPG-60ad units
Replies: 3
Views: 520

Re: VLAN configuration for Wireless Wire RBwAPG-60ad units

VLAN 1 is (implicit) default setting all over. So you a) should not take it as rule to follow and b) should stay well away from using it in your (explicit) configuration.
by mkx
Sat Nov 20, 2021 9:43 pm
Forum: General
Topic: Isolated VLAN "Bound" to Specified Ethernet Port.
Replies: 11
Views: 794

Re: Isolated VLAN "Bound" to Specified Ethernet Port.

Use firewall.
by mkx
Sat Nov 20, 2021 6:28 pm
Forum: Beginner Basics
Topic: VLAN between Non-wireless router w/ WAP
Replies: 13
Views: 5919

Re: VLAN between Non-wireless router w/ WAP

Did you read document linked by @anav in post #2 above? That document explains how VLANs are done in RouterOS in depth. Until you understand that document you probably won't be able to configure whatever you want to have done ... or at least you won't understand why things are done in certain way.
by mkx
Sat Nov 20, 2021 5:19 pm
Forum: General
Topic: Isolated VLAN "Bound" to Specified Ethernet Port.
Replies: 11
Views: 794

Re: Isolated VLAN "Bound" to Specified Ethernet Port.

I'm not going to watch some video tutorial to learn your wishes. You better express them in a few sentences. But anyway, if you remove ether port from bridge (/interface bridge port), then it'll be isolated from the rest of network(s). Nothing to do with VLANs (as in IEEE 802.1Q) so far. If you then...
by mkx
Sat Nov 20, 2021 4:51 pm
Forum: Beginner Basics
Topic: CRS125-24g-1s-2hnd Hardware offload? [SOLVED]
Replies: 8
Views: 776

Re: CRS125-24g-1s-2hnd Hardware offload? [SOLVED]

As far as the Ethernet speed goes, most of the equipment at this location has older NIC's only capable of 100Mbps. Since this is a production environment I'm not going to mess with that right now. As @sid5632 already noted, that setting doesn't matter as long as ports are set to autonegotiate. Up t...
by mkx
Sat Nov 20, 2021 11:05 am
Forum: Beginner Basics
Topic: CRS125-24g-1s-2hnd Hardware offload? [SOLVED]
Replies: 8
Views: 776

Re: CRS125-24g-1s-2hnd Hardware offload? [SOLVED]

Almost all ports in /interface bridge port have "hw=no" ... change that to yes (export will not show that property any more as it only shows items set to non-default values).
by mkx
Sat Nov 20, 2021 11:01 am
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 62
Views: 3266

Re: socks5 not working in routeros7 !

Yeah. But littering forum with tens of posts stating the same thing within a week or so doesn't help. i have a 2 topic for this problem , When support does not respond, I have to post a new topic You have two topics (which is one too many) and you're posting one post per day (in this topic). This i...
by mkx
Fri Nov 19, 2021 8:51 pm
Forum: General
Topic: Setting up secure IPv6 and port forwarding?
Replies: 1
Views: 375

Re: Setting up secure IPv6 and port forwarding?

Basic idea is to have globally-routable addresses on all LAN hosts. Ideally ISPs would hand out a few /64 prefixes (in a block, so handing out a /60 oor /56 prefix to one ISP client) and router receiving such prefix can then use one prefix per LAN. When it comes to traffic, router in IPv6 simply rou...
by mkx
Fri Nov 19, 2021 8:35 pm
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 2032

Re: Working around NAT hairpin [SOLVED]

I have not tested this, but I do not think this works. Let me try to explain it slowly. Consider the following example: WAN IP 12.12.12.12 client LAN subnet: 192.168.10.0/24 server LAN subnet: 192.168.20.0/24 One has DST-NAT set up (the following one should not be used as it interferes with normal ...
by mkx
Fri Nov 19, 2021 8:00 pm
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 62
Views: 3266

Re: socks5 not working in routeros7 !

Yeah. But littering forum with tens of posts stating the same thing within a week or so doesn't help.
by mkx
Fri Nov 19, 2021 7:06 pm
Forum: RouterBOARD hardware
Topic: Rack mount CRS3xx Series Switch with DC input
Replies: 4
Views: 1066

Re: Rack mount CRS3xx Series Switch with DC input

An idea for DIY of multi-PoEin: take a number of RBGPOE passive power injectors (they are power extractors as well!) and connect the DC lines (using a diode capable of a few amps on each positive pole to prevent power back-surge). And connect that to normal barel-jack power input. Either use some te...
by mkx
Fri Nov 19, 2021 6:48 pm
Forum: General
Topic: Slow internet when modem connected to mikrotik [SOLVED]
Replies: 11
Views: 917

Re: Slow internet when modem connected to mikrotik [SOLVED]

RB951G is a great device ... for when it was concieved. Its CPU is weak for today's standards. Official test results indicate it's capable of routing at around 240 Mbps. However, you configured VLANs on bridge which all by itself reduces bridging capacity from wirespeed to one third. Throw in CPU-bo...
by mkx
Fri Nov 19, 2021 6:34 pm
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 2032

Re: Working around NAT hairpin [SOLVED]

Having the server on a different subnet from the Users DOES NOT avoid hairpin nat? ? It does. Hairpin-NAT is when clients are on the same subnet as server but they are not aware of it (because they think they're talking to some internet host) - the issue is return traffic (server sees clients from ...
by mkx
Fri Nov 19, 2021 6:19 pm
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 62
Views: 3266

Re: socks5 not working in routeros7 !

You are aware that nothing's gonna happen overnight, right? Not even a reply from Mikrotik. Could be they were gonna drop socks service altogether in v7 because its use is becoming obsolete at best and is dangerous at worst.
by mkx
Fri Nov 19, 2021 12:26 am
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 2032

Re: Working around NAT hairpin [SOLVED]

For connections WAN->server you need only first two NAT rules: /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN add action=dst-nat chain=dstnat comment="Port Forward for server v2" dst-port=80 in-interf...
by mkx
Thu Nov 18, 2021 6:25 pm
Forum: General
Topic: CRS326-24s+-2q+ speed problem
Replies: 2
Views: 418

Re: CRS326-24s+-2q+ speed problem

How do you test speed between servers? Some services have inherent problems which prevent them from reaching high speeds (e.g. file copy over windows sharing). The most relevant method is to use iperf3 between two servers and run test in multiple parallel stream configuration (parallel or not doesn'...
by mkx
Thu Nov 18, 2021 5:52 pm
Forum: General
Topic: Hardware for 10Gbps bandwidth test
Replies: 8
Views: 1134

Re: Hardware for 10Gbps bandwidth test

One of problems with btest is that it uses single core You are wrong. Tools - Bandwidth Test has been using multicore for a long time. This doesn't change the fact that btest is not really a great bandwidth testing solution, specially if run on a device with weak CPU (i.e. most Mikrotik routers).
by mkx
Thu Nov 18, 2021 5:50 pm
Forum: General
Topic: MIKROTIK RB750 CONSTANTLY RESETS
Replies: 1
Views: 376

Re: MIKROTIK RB750 CONSTANTLY RESETS

This is a quite well known problem of current stable version (6.49 and possibly 6.49.1). The only way to revive such device is to use netinstall . Beware that netinstall is a very fragile process and everything has to be done perfectly or else it will fail one way or another. So if it seems that you...
by mkx
Thu Nov 18, 2021 5:30 pm
Forum: General
Topic: LtAP mini only connects to 3G
Replies: 14
Views: 830

Re: LtAP mini only connects to 3G

There's the "united market" but still quite some regulations remain country-specific. Indeed. Every country auctions its own set of frequency bands, some auction more than others. And, BTW, it's not "one of Europe's main cell providers", Orange is a group (tightly connected as i...
by mkx
Thu Nov 18, 2021 5:15 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD-IN WiFi chipsets [SOLVED]
Replies: 2
Views: 675

Re: RB4011iGS+5HacQ2HnD-IN WiFi chipsets [SOLVED]

R11e-2HnD is marketing name for PCIe add-on wireless card ... built around AR9300 family wireless chip. Block diagram is a bit more technical:

Image
by mkx
Thu Nov 18, 2021 8:34 am
Forum: Wireless Networking
Topic: LHGG LTE6 kit - Similar 5G solution ?
Replies: 3
Views: 751

Re: LHGG LTE6 kit - Similar 5G solution ?

If you're reseller, then MT sales will be willing to talk to you. If you're end user, then you'll be referred to a reseller of your choice. That's the way MT sales works, they completely out-sourced end-sales. Besides, MT is keen on not mentioning new stuff in public until it's announced in newslett...
by mkx
Thu Nov 18, 2021 8:28 am
Forum: General
Topic: LtAP mini only connects to 3G
Replies: 14
Views: 830

Re: LtAP mini only connects to 3G

Verify that broadband modem in LtAP mini supports LTE band used by new MNO in your area. List of supported bands for R11e-LTE card (the one shipped with LtAP mini LTE kit) does contain all the usual European LTE FDD bands (B20 - 800 MHz, B8 - 900 MHz, B3 - 1800 MHz, B1 - 2100 MHz, B7 - 2600 MHz) and...
by mkx
Wed Nov 17, 2021 11:02 pm
Forum: General
Topic: 100% CPU on MIPS 24kc V7.4
Replies: 5
Views: 587

Re: 100% CPU on MIPS 24kc V7.4

It might be your open winbox who's bogging router0s CPU down. Try running /tool profile cpu=all in a terminal (ssh) session and see if output is the same.
by mkx
Wed Nov 17, 2021 9:59 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 140
Views: 24498

Re: v6.49.1 [stable] is released!

If you take security seriously, all network equipment and servers etc should be in a locked space.

Yup. And not connected to any network. Or power grid.
by mkx
Wed Nov 17, 2021 8:36 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 140
Views: 24498

Re: v6.49.1 [stable] is released!

one couldn't unbundle a bundled package by merely deleting the undesired package, which is not allowed. It needs to be installed unbundled, like a newly formatted device, which a netinstall does. Unbundling can be easily done by uploading only needed/wanted npk files to device and reboot it. No net...
by mkx
Wed Nov 17, 2021 7:47 pm
Forum: RouterBOARD hardware
Topic: how to HARD HARD reset hAP ac2
Replies: 27
Views: 3552

Re: how to HARD HARD reset hAP ac2

While I agree that replacing default configuration could be made easier (not requiring netinstall) I still think it shouldn't be possible to perform it too easily. Suggestion by @pe1chl about button press sounds reasonable to me.
by mkx
Wed Nov 17, 2021 7:34 pm
Forum: General
Topic: RB750Gr3 Vlan scenario advice
Replies: 10
Views: 1121

Re: RB750Gr3 Vlan scenario advice

Easy peasy

What if @OP wants to have same IP subnet on all involved ports (e.g. because management SW expects cameras to reside in same broadcast domain), he just wants to block certain communication paths?
by mkx
Wed Nov 17, 2021 7:23 pm
Forum: General
Topic: Windows 10 will not sync to RouterOS NTP server for some time?
Replies: 1
Views: 359

Re: Windows 10 will not sync to RouterOS NTP server for some time?

Check status of NTP client on your Mikrotik. NTP server won't give out usable data unless client's status is "synchronized" and it is normal for NTP client (any, not only ROS) to become synchronized only after some (tens of) minutes after restart. Can take longer if device doesn't have RTC...
by mkx
Wed Nov 17, 2021 10:10 am
Forum: General
Topic: RB750Gr3 Vlan scenario advice
Replies: 10
Views: 1121

Re: RB750Gr3 Vlan scenario advice

You can get this done using bridge packet filters (use in-interface and out-interface properties ... or in-interface-list / out-interface-list). It only works if HW offload is disabled, so expect higher CPU utilization. Device should be able to do it wirespeed if it's not performing too many other t...
by mkx
Wed Nov 17, 2021 9:57 am
Forum: Beginner Basics
Topic: Problem with port isolation on crs326-24g-2s+rm
Replies: 11
Views: 912

Re: Problem with port isolation on crs326-24g-2s+rm

To give you useful advice, I'd have to know full context. CRS is a switch and I didn't expect you to use it as router.

Alas, as I hinted: you can combine port filtering with VLANs, in this case you would have VLAN interfaces on bridge.
by mkx
Wed Nov 17, 2021 12:18 am
Forum: Beginner Basics
Topic: Problem with port isolation on crs326-24g-2s+rm
Replies: 11
Views: 912

Re: Problem with port isolation on crs326-24g-2s+rm

Unless I'm wrong.

You are wrong and I explained it in my previous post.

Move sfp-sfpplus1 and sfp-sfpplus2 to bridge bridge_pracownia, add port-isolation directives, remove bridge bridge_net and you're done.
by mkx
Tue Nov 16, 2021 10:39 pm
Forum: RouterBOARD hardware
Topic: Problem with upgrading RB911G-5HPnD [SOLVED]
Replies: 23
Views: 1638

Re: Problem with upgrading RB911G-5HPnD [SOLVED]

so, what 192.168.88.3 in network booting setting of netinstall is for?

It's IP address offered to device being netinstalled.
by mkx
Tue Nov 16, 2021 10:21 pm
Forum: Beginner Basics
Topic: Problem with port isolation on crs326-24g-2s+rm
Replies: 11
Views: 912

Re: Problem with port isolation on crs326-24g-2s+rm

So you have to partition switch to two parts. Using two bridges is the most straight-forward way and the least resource friendly way at the same time. The other two ways (from the top of my head) are: already mentioned port isolation (if sfp-sfpplus1 is only allowed to talk to sfp-sfpplus2 and vice ...
by mkx
Tue Nov 16, 2021 4:39 pm
Forum: RouterBOARD hardware
Topic: how to HARD HARD reset hAP ac2
Replies: 27
Views: 3552

Re: how to HARD HARD reset hAP ac2

Ease of default config replacement inevitably clashes (or rather goes hand in hand) with ease to abuse it. And easily leads to even more bricked devices if config is replaced by person not experienced with ROS enough.
by mkx
Tue Nov 16, 2021 4:28 pm
Forum: Beginner Basics
Topic: Problem with port isolation on crs326-24g-2s+rm
Replies: 11
Views: 912

Re: Problem with port isolation on crs326-24g-2s+rm

For /interface ethernet switch port-isolation rules to have effect, the bridge spanning those ports should be HW-offloaded. It's not in your case.

You better use single bridge with proper port isolation done (another group of isolation rules for sfp-sfpplus1 and sfp-sfpplus2).
by mkx
Tue Nov 16, 2021 4:15 pm
Forum: General
Topic: Pinging local MT network "stolen" by IPSEC policy? [SOLVED]
Replies: 5
Views: 844

Re: Pinging local MT network "stolen" by IPSEC policy? [SOLVED]

Actually you might get away using these two policy rules: /ip ipsec policy add dst-address=10.110.112.0/24 action=none comment="skip the local IP address space from IPsec policy enforcement" add dst-address=10.110.0.0/16 peer=company src-address=10.110.112.0/24 tunnel=yes Manual states tha...
by mkx
Tue Nov 16, 2021 1:45 pm
Forum: RouterBOARD hardware
Topic: how to HARD HARD reset hAP ac2
Replies: 27
Views: 3552

Re: how to HARD HARD reset hAP ac2

Reset with script execution ? Not exactly the same ... it doesn't replace the default config, so if a kid presses button for just the right amount of time, device will still revert to mikrotik's default config. Reset with script helps with initial setup when reset is intentional and some (minor) in...
by mkx
Tue Nov 16, 2021 11:18 am
Forum: General
Topic: Pinging local MT network "stolen" by IPSEC policy? [SOLVED]
Replies: 5
Views: 844

Re: Pinging local MT network "stolen" by IPSEC policy? [SOLVED]

IPsec policy is more "greedy" than routing / NAT / whatever. So if IPsec policy matches, packet goes into tunnel. Which makes clear that IPsec policy should never overlap local networks as it does in your case. The remote end likely has more specific IPsec policies on its tunnels and you s...
by mkx
Tue Nov 16, 2021 11:04 am
Forum: RouterBOARD hardware
Topic: how to HARD HARD reset hAP ac2
Replies: 27
Views: 3552

Re: how to HARD HARD reset hAP ac2

I think that to prevent resetting device to factory default config, the "Configure script" option of netinstall is the way to go ... it replaces MT's default config and when device is ordered to reset to default configuration Ok, but what if you have 50+ or 100+ more APs to configure, wou...
by mkx
Tue Nov 16, 2021 10:42 am
Forum: RouterBOARD hardware
Topic: how to HARD HARD reset hAP ac2
Replies: 27
Views: 3552

Re: how to HARD HARD reset hAP ac2

In a holiday resort youngsters thought to solve their internet connection by pushing the reset button. (like initiating a reboot). They whiped the config instead. I think that to prevent resetting device to factory default config, the "Configure script" option of netinstall is the way to ...
by mkx
Tue Nov 16, 2021 10:30 am
Forum: Wireless Networking
Topic: trunk vlans across wireless bridge
Replies: 7
Views: 647

Re: trunk vlans across wireless bridge

from the switches perspective, vlan 8 is untagged/native vlan the mikrotik bridge interface has an IP that corresponds with the subnet of vlan 8 if vlan 8 is untagged towards the mikrotik, would I still need to change the PVID to 8? MT doesn't know that untagged frames, entering through ether1 (and...
by mkx
Tue Nov 16, 2021 9:23 am
Forum: Wireless Networking
Topic: How to bridge 3 buildings wirelessly
Replies: 16
Views: 1223

Re: How to bridge 3 buildings wirelessly

Well. I will probably go for single mode with 1 fiber. If I was installing cable between buildings, I would most certainly go for SM cable with multiple strands (at least 8 ). And lay it inside a pipe (with diameter of at least an inch) so it is possible to pull cable out and replace it with anothe...
by mkx
Tue Nov 16, 2021 9:20 am
Forum: Wireless Networking
Topic: How to bridge 3 buildings wirelessly
Replies: 16
Views: 1223

Re: How to bridge 3 buildings wirelessly

SM is better suited for everything. MM was intended for data centre installations because at the beginning of silicon era SM fibres were quite expensive due to more difficult manufacturing process (MM cables have thicker glass core which means dimension and purity tolerances are wider) while MM cabl...
by mkx
Tue Nov 16, 2021 9:00 am
Forum: Beginner Basics
Topic: My ISP modem/router can't do bridged mode. I'm a newbie.
Replies: 10
Views: 1073

Re: My ISP modem/router can't do bridged mode. I'm a newbie.

RouterOS is so versatile that there isn't a one-for-everybody way of doing things. ROS has a steep learning curve, but when you get over the initial steep part, it becomes all pleasure. My advice: start from foundations. On drawing board. First plan the physical connections (wireless as well). On to...
by mkx
Mon Nov 15, 2021 8:29 pm
Forum: Wireless Networking
Topic: How to bridge 3 buildings wirelessly
Replies: 16
Views: 1223

Re: How to bridge 3 buildings wirelessly

That 100-metre distance calls for fibre cables. And doit in "star" topology. Any you'll be glad to lay cables later. Fibre cables are only future proof solution (if you're going for future-proof solution, go for single mode fibre). MKX, why single mode for distances less than 300m (now th...
by mkx
Mon Nov 15, 2021 8:21 pm
Forum: Wireless Networking
Topic: trunk vlans across wireless bridge
Replies: 7
Views: 647

Re: trunk vlans across wireless bridge

If you want the section /interface bridge vlan to have any effect what so ever, you need to /interface bridge set [ find name=bridge1 ] vlan-filtering=yes . If management interface (bridge1 interface) should be member of anything else than VID=1, then you should set appropriate pvid, e.g. /interface...
by mkx
Mon Nov 15, 2021 8:01 pm
Forum: Beginner Basics
Topic: Connect 2 Mikrotik Router network with Ethernet Cable
Replies: 8
Views: 683

Re: Connect 2 Mikrotik Router network with Ethernet Cable

do we state allow source-address=192.168.88.0/24 dst-address=192.168.91.0/24 on theRB750G allow source-address=192.168.91.0/24 dst-address=192.168.88.0/24 on the RB2011 Yes. This way or another we actually have to deal with both directions. Default firewall (with ultimate rule dropping all from WAN...
by mkx
Mon Nov 15, 2021 6:54 pm
Forum: RouterBOARD hardware
Topic: Mikrotik Groove 52HPn die after update long term firmware
Replies: 4
Views: 842

Re: Mikrotik Groove 52HPn die after update long term firmware

ROS 6.48.5 is known to be problematic on several device models (there are many reports in relevant thread in announcements part of this forum). Netinstall is needed to unbrick device. After unbricking, devices seem to run fine with very same version of ROS.
by mkx
Mon Nov 15, 2021 6:33 pm
Forum: Beginner Basics
Topic: Connect 2 Mikrotik Router network with Ethernet Cable
Replies: 8
Views: 683

Re: Connect 2 Mikrotik Router network with Ethernet Cable

From aesthetics point of view I like to avoid inventing routing subbet when only a few routers are in question. As per suggestion by @spynappels config on router1 (the one with LAN subnet 192.168.88.0/24) would look like this: /ip address add interface=ether2 address=10.0.0.1/30 /ip route add dst-ad...
by mkx
Mon Nov 15, 2021 10:39 am
Forum: Wireless Networking
Topic: How to bridge 3 buildings wirelessly
Replies: 16
Views: 1223

Re: How to bridge 3 buildings wirelessly

Seems like digging for cables will be going again.. How I hate this part when it comes to this.. That 100-metre distance calls for fibre cables. And doit in "star" topology. Any you'll be glad to lay cables later. Fibre cables are only future proof solution (if you're going for future-pro...
by mkx
Mon Nov 15, 2021 8:07 am
Forum: RouterOS v7 BETA
Topic: NTP client can't resolve ipv6 domain name correctly
Replies: 6
Views: 1238

Re: NTP client can't resolve ipv6 domain name correctly

Thanks for pointing out the -t AAA dig option, I wasn't aware of it. So indeed ntp client in v7 is buggy.
by mkx
Sun Nov 14, 2021 11:18 pm
Forum: Wireless Networking
Topic: How to bridge 3 buildings wirelessly
Replies: 16
Views: 1223

Re: How to bridge 3 buildings wirelessly

In short: reaching your goal (50Mbps) will be hard. omniTIK is a 802.11 a/n device operating on 5GHz. High band means shorter range athough relatively high gain antennae help somehow. Realistically it is possible to reach up to 1/2 of theoretical throughput (300 Mbps for omnitik) in next to ideal ra...
by mkx
Sun Nov 14, 2021 10:23 pm
Forum: Wireless Networking
Topic: How to bridge 3 buildings wirelessly
Replies: 16
Views: 1223

Re: How to bridge 3 buildings wirelessly

I can see two (potential) problems: 100 metres is far for devices with omnidirectional antennae. You would achieve a much better (more stable and faster) link if using devices with directional antennae node in lower left part of ypur diagram ... connecting to both router node and to child node. Sing...
by mkx
Sun Nov 14, 2021 8:40 pm
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 11
Views: 2520

Re: RouterOS bridge mysteries explained

I don't think it matters how things are implemented to the last detail. Surely implementation is different on devices with switch chip from implementation on devices without switch chip. Only MT developers can tell how exactly are things implemented under the hood. What matters is conceptual design ...
by mkx
Sun Nov 14, 2021 3:10 pm
Forum: Wireless Networking
Topic: Put a classic unmanaged switch between CAPs
Replies: 4
Views: 746

Re: Put a classic unmanaged switch between CAPs

1) local forward is enabled by default, it means that when a connecton throug cap-capsman is esablished, the IP packes will be directly placed on bridge and sent by ethernet protocol to the Capsman MAC, which knows how to treath them. Less CPU, no fragmentation, it looks ideal. In this case for me ...
by mkx
Sun Nov 14, 2021 2:54 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc6 [development] is released!
Replies: 146
Views: 28177

Re: v7.1rc6 [development] is released!

Anything in logs after unsuccessfull upgrade?
by mkx
Sun Nov 14, 2021 12:48 pm
Forum: General
Topic: ntp server: Server dropped: strata too high [SOLVED]
Replies: 2
Views: 560

Re: ntp server: Server dropped: strata too high [SOLVED]

[admin@hapac3] > /system ntp client print enabled: yes mode: broadcast primary-ntp: 139.99.222.72 secondary-ntp: 27.124.125.251 dynamic-servers: status: started Status says "started", should be "synchronized" if NTP server is to be performing up to expectations.
by mkx
Sun Nov 14, 2021 12:39 pm
Forum: Beginner Basics
Topic: WAN rates doesnt equal LAN rates, is my output traffic dropping? [SOLVED]
Replies: 2
Views: 744

Re: WAN rates doesnt equal LAN rates, is my output traffic dropping? [SOLVED]

Traffic data for LAN bridge and lan interface very likely includes communication with winbox. Of course there is always possibility to loose packets (any protocol, that includes both UDP and TCP) on any device (either router or switch) if egress interface gets congested. Not very likely for LAN (bri...
by mkx
Sun Nov 14, 2021 12:31 pm
Forum: Beginner Basics
Topic: Switch(Bridge) on WAN side.
Replies: 6
Views: 816

Re: Switch(Bridge) on WAN side.

Your way of doing it is fine as long as the only thing required from router for the other WAN connected device is ethernet port (instead of placing dumb switch between router and ISP). If you want RB to offer any sort of security (firewall), then there are few options available .. feasibility of som...
by mkx
Sat Nov 13, 2021 10:16 pm
Forum: SwOS
Topic: DHCP failover to 192.168.88.1
Replies: 9
Views: 1490

Re: DHCP failover to 192.168.88.1

So @mkx, you prefer to assign static IPs on the devices ?

To the extent described in my previous post ... yes. And that includes IPv6, so far my ISPs never changed prefixes (I always request static prefix and IPv4 address(es)).
by mkx
Sat Nov 13, 2021 9:11 pm
Forum: SwOS
Topic: DHCP failover to 192.168.88.1
Replies: 9
Views: 1490

Re: DHCP failover to 192.168.88.1

... never ever use DHCP client (not even fallback) on LAN infrastructure devices (and servers). Is that Best-Practice or more a security thing? My own best-practice. As @OP observed, a site-wide power outage can happen and in that case DHCP server might boot slower than some DHCP clients leaving th...
by mkx
Sat Nov 13, 2021 7:30 pm
Forum: SwOS
Topic: DHCP failover to 192.168.88.1
Replies: 9
Views: 1490

Re: DHCP failover to 192.168.88.1

In addition to using custom IP subnet as recomended above, never ever use DHCP client (not even fallback) on LAN infrastructure devices (and servers). If needed, attach a sticker with statically configured IP address printed if you fear to forget it.
by mkx
Sat Nov 13, 2021 6:24 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9073

Re: Mikrotik router Hacked!!!

If FACTORY RouterBOOT are older than 6.43.7, the v7 can not do anything about successfully reuse,

According to current experience, ROS v7 will enter endless bootloop on gadgets with ancient routerboot versions and gadget will be unhackable anyway.
by mkx
Sat Nov 13, 2021 5:56 pm
Forum: Beginner Basics
Topic: Switch(Bridge) on WAN side.
Replies: 6
Views: 816

Re: Switch(Bridge) on WAN side.

You connected two bridge ports (ether1 and ether2) to ISP gadget, which obviously bridges its LAN ports as well ... that's your loop.

What you should do is to configure ether1 and ether2 directly, without using a bridge. Run DHCP clients on both ether ports and you'll get two IP addresses from ISP.
by mkx
Fri Nov 12, 2021 9:49 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 176
Views: 48476

Re: v6.48.5 [long-term] is released!

I suggest you to progress 6.44.6, 6.46.8, 6.47.10, 6.48.5 soooo inconvenient and messedup I'd say... its like saying, if you want win10, you need to install windows 95 first and then upgrade and upgrade and upgrade until you reach win10 No, it's the case where you have windows 95 running and you wa...
by mkx
Fri Nov 12, 2021 7:46 pm
Forum: General
Topic: How to change dest addr of egress packets and source addr of ingress packets?
Replies: 2
Views: 421

Re: How to change dest addr of egress packets and source addr of ingress packets?

It is possible to change both src address and dst address of a packet, it is only that two rules are needed: one src-nat and one dst-nat. As @regextended explained, dst-nat comes first so if src-nat includes selector on dst address, it should match on already changed one.
by mkx
Fri Nov 12, 2021 5:24 pm
Forum: Wireless Networking
Topic: Put a classic unmanaged switch between CAPs
Replies: 4
Views: 746

Re: Put a classic unmanaged switch between CAPs

You can freely use whatever standard ethernet switch between CAPsMAN and CAP devices. CAPsMAN operates over IP ... normally CAP devices use broadcasts to discover CAPsMAN device and proceed using unicast IP communication. If datapath is set up with local-forwarding=no , then all user traffic will be...
by mkx
Fri Nov 12, 2021 5:17 pm
Forum: Wireless Networking
Topic: Setup of an AP Bridge is simple.
Replies: 1
Views: 534

Re: Setup of an AP Bridge is simple.

QuickSet manual implies that HomeAP should be the right choice. Not sure if it really is, I can't remember that I ever used QuickSet for actual device configuration (probably I used it while I was playing with my first Mikrotik toy until I learned how to use normal GUI modes ... I moved on to CLI e...
by mkx
Fri Nov 12, 2021 5:13 pm
Forum: Wireless Networking
Topic: New provider, cannot send SMS
Replies: 5
Views: 728

Re: New provider, cannot send SMS

Interestingly this gets back to the previous conversation I had with you (and others) about the pain of having to climb on the roof to pull the sim out. I just hope your hemisphere of residence is southern (or equatorial region), with winter pushing in in northern hemisphere climbing roofs/masts is...
by mkx
Fri Nov 12, 2021 5:03 pm
Forum: Beginner Basics
Topic: Bridge Firewall block subnet/ip4
Replies: 3
Views: 594

Re: Bridge Firewall block subnet/ip4

Use bridge filter (/interface bridge filter) to block frames with mac-protocol=ip . You may have to disable HW offload (bridge filtering is CPU-bound) or configure similar directly on switch chip is your device has capable switch chip.
by mkx
Fri Nov 12, 2021 4:50 pm
Forum: RouterOS v7 BETA
Topic: SMB Share reporting incorrect available space
Replies: 6
Views: 1573

Re: SMB Share reporting incorrect available space

Right, I meant windows explorer. Sorry for confusion. So your test confirms my guess that SMB service in ROS wrongly reports file system size (and amount of free space). It's hard to do exact calculations ... however SDD producers tend to use decimal unit prefixes (i.e. 500GB is 500*10^9 bytes) whil...
by mkx
Fri Nov 12, 2021 4:30 pm
Forum: General
Topic: Hardware question on RB5009 [SOLVED]
Replies: 2
Views: 599

Re: Hardware question on RB5009 [SOLVED]

RB5009 block diagram specifies switch chip Marvell 88E6393X which features 8 port GE PHY (i.e. eight 1Gbps ports) and 3x XG SerDes (i.e. three 10Gbps ports).

https://www.marvell.com/content/dam/mar ... -brief.pdf
by mkx
Fri Nov 12, 2021 4:09 pm
Forum: General
Topic: Client behind CRS switch unable to get VLAN DHCP from CCR Router [SOLVED]
Replies: 16
Views: 1230

Re: Client behind CRS switch unable to get VLAN DHCP from CCR Router [SOLVED]

BTW, where's the VRRP on the diagram? They currently hang off the VLAN interfaces (little diamonds in the visual). Since the VLAN interfaces will go away when I move the LAGG to the bridge, which interface should I associate them with now? The VLAN-enabled bridge? Basic idea about VLAN-aware bridge...
by mkx
Fri Nov 12, 2021 1:08 pm
Forum: General
Topic: Client behind CRS switch unable to get VLAN DHCP from CCR Router [SOLVED]
Replies: 16
Views: 1230

Re: Client behind CRS switch unable to get VLAN DHCP from CCR Router [SOLVED]

If your diagram accurately reflects the configuration, then from L2 point of view (that's broadcast domain and DHCP client uses broadcasts to reach aout to DHCP server) ports on the left side (SFP, SFP+, Eth1, Eth2, Eth3 and Eth4) are completely separate from ports on the right side (Eth5, Eth6, Eth...
by mkx
Fri Nov 12, 2021 12:52 pm
Forum: Beginner Basics
Topic: DHCP Client issue
Replies: 13
Views: 1186

Re: DHCP Client issue

I'll assume the info you posted is when DHCP adds default route. So the relevant bits are: /ip address print 3 D 178.160.xx.yyy/30 178.160.xx.yyy vlan-wap-isp /ip route print 1 DS 0.0.0.0/0 178.160.xx.yyy 10 7 ADC 178.160.xx.yyy/30 178.160.xx.yyy vlan-wap-isp 0 (somehow I doubt that in route line 7 ...
by mkx
Fri Nov 12, 2021 12:37 pm
Forum: Beginner Basics
Topic: I'm having trouble getting the second guest bridge to go to the WAN.
Replies: 2
Views: 535

Re: I'm having trouble getting the second guest bridge to go to the WAN.

I have hard time to understand what are requirements and what exactly doesn't work for you.
by mkx
Fri Nov 12, 2021 12:35 pm
Forum: Beginner Basics
Topic: Microtik Cloud
Replies: 1
Views: 489

Re: Microtik Cloud

Currently there are 2 services where mikrotik cloud comes into play: DDNS: when service is enabled, your router will update DNS name formatted as <routerSN>.sn.myname.net If your public IP address is dynamic, this then allows you to have some sort of remote access (either to management of router its...
by mkx
Fri Nov 12, 2021 12:28 pm
Forum: RouterOS v7 BETA
Topic: SMB Share reporting incorrect available space
Replies: 6
Views: 1573

Re: SMB Share reporting incorrect available space

What does internet explorer report as capacity/free space of share when you try to copy largeish file and fail? If the free space shown corresponds to the message about missing space, then it would seem like SMB service, running in ROS, somehow rolls over at 1GB (which is 2 to the power of 30) and r...
by mkx
Fri Nov 12, 2021 12:23 pm
Forum: RouterOS v7 BETA
Topic: NTP client can't resolve ipv6 domain name correctly
Replies: 6
Views: 1238

Re: NTP client can't resolve ipv6 domain name correctly

Seems to be problem with 6now.cf ... my linux (full-featured) DNS server returns same: $ dig ntp.6now.cf ; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> ntp.6now.cf ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43028 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, ...
by mkx
Thu Nov 11, 2021 6:34 pm
Forum: General
Topic: Client behind CRS switch unable to get VLAN DHCP from CCR Router [SOLVED]
Replies: 16
Views: 1230

Re: Client behind CRS switch unable to get VLAN DHCP from CCR Router [SOLVED]

It seems that many Mikrotik switches don't like high throughput traffic between ports with different speed (e.g. 10G to 1G or 1G to 100M). There has been recently a debate about same problem recently on this forum.
by mkx
Thu Nov 11, 2021 2:08 pm
Forum: Wireless Networking
Topic: New provider, cannot send SMS
Replies: 5
Views: 728

Re: New provider, cannot send SMS

Did you verify with your new MNO that subscription plan for your SIM card includes SMS service at all?
You can verify that the problem is tied to Mikrotik by using same SIM card in an usual phone and see if sending/receiving SMSes works there.
by mkx
Thu Nov 11, 2021 2:04 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9073

Re: Mikrotik router Hacked!!!

From my view, this kind of protection is a bit too much for device like Mikrotik. I agree if it's to protect our configuration, but to protect the device cannot be reset, it's way too much As it was explained already, Mikrotik implemented this feature on request from ISPs who hand out Mikrotik devi...
by mkx
Thu Nov 11, 2021 1:58 pm
Forum: General
Topic: Client behind CRS switch unable to get VLAN DHCP from CCR Router [SOLVED]
Replies: 16
Views: 1230

Re: Client behind CRS switch unable to get VLAN DHCP from CCR Router [SOLVED]

CCR config is far from trivial ... if you take VRRP out of picture, does DHCP for clients still fail? CRS config is simple enough not to allow for too many mistakes and by look of it it's fine.
by mkx
Thu Nov 11, 2021 11:12 am
Forum: SwOS
Topic: VLAN access allowed when specifically denied.
Replies: 1
Views: 914

Re: VLAN access allowed when specifically denied.

In RouterOS, when port has PVID set (in /interface bridge port , I guess it's the same as default VID setting in SwOS shown in lower part of screenshot), it is automatically added to group of ports members of that VLAN (as untagged member of course). Only tagged membership has to be explicitly defin...
by mkx
Thu Nov 11, 2021 10:52 am
Forum: Beginner Basics
Topic: DHCP Client issue
Replies: 13
Views: 1186

Re: DHCP Client issue

... we need to see output for both DHCP and static case so we can compare them. And, please, copy-paste text outputs (inside [ code] [/code] environment for better readability). You can obfuscate public IP address (but do it in same way in both outputs, e.g. 89.172.x.y and make sure 'x' are the sam...
by mkx
Thu Nov 11, 2021 10:48 am
Forum: RouterOS v7 BETA
Topic: Is the fetch tool working with HTTPS?
Replies: 5
Views: 814

Re: Is the fetch tool working with HTTPS?

Error message tlsv1 alert decode error:SSL alert number 50 indicates problems with encoding/decoding peer's contents (and doesn't have much to do with TLS version apart from ciphering / key exchange algorithms used, some might work properly). Which likely points in direction of error in client's SSL...
by mkx
Thu Nov 11, 2021 9:18 am
Forum: Beginner Basics
Topic: DHCP Client issue
Replies: 13
Views: 1186

Re: DHCP Client issue

As I wrote: show exact output of /ip route print and /ip address print (print command shows actual running values which is different than export which shows configuration ... in case of dynamic stuff export won't show much). And we need to see output for both DHCP and static case so we can compare t...
by mkx
Thu Nov 11, 2021 9:16 am
Forum: Beginner Basics
Topic: Accessing "parent" network
Replies: 5
Views: 698

Re: Accessing "parent" network

As @ConnyMercier wrote: you need to establish NAT on mikrotik for all traffic exiting towards main network.
by mkx
Thu Nov 11, 2021 8:56 am
Forum: RouterOS v7 BETA
Topic: Issue with RB5009 ROS v7.1rc1 DHCPv6-PD over pppoe on tagged ethernet link
Replies: 17
Views: 2738

Re: Issue with RB5009 ROS v7.1rc1 DHCPv6-PD over pppoe on tagged ethernet link

but there is a workaround, if you put the vlan interface for the pppoe on a bridge, DHCPv6-PD works This cannot be done as the pppoe client need to be attached to the vlan. If the vlan is put under a bridge, how can the pppoe client connect to its pppoe server? Create (another) bridge, add physical...
by mkx
Wed Nov 10, 2021 4:14 pm
Forum: Wireless Networking
Topic: Virtual WIFI and VLAN's - driving me crazy
Replies: 36
Views: 2449

Re: Virtual WIFI and VLAN's - driving me crazy

CAP config is more or less fine with a couple of remarks: /interface wireless cap set bridge=bridge1 caps-man-addresses=192.168.5.6 discovery-interfaces=bridge1 enabled=yes interfaces=wlan1,wlan2 No need to configure IP address of CAPsMAN as it is located in same L2 network and CAPsMAN client can fi...
by mkx
Tue Nov 09, 2021 10:23 pm
Forum: General
Topic: group multicast from ethernet to wifi
Replies: 2
Views: 382

Re: group multicast from ethernet to wifi

Set multicast-helper=full on wireless interface. You can read more about what id does in wireles manual . The problem is in packet timing and wireless devices going to sleep when idle ... And make sure basic rate of wireless AP is larger than multicast data rate. The two options above are not actual...
by mkx
Tue Nov 09, 2021 10:16 pm
Forum: General
Topic: VLANs - bridge port received packet with own address - probably loop
Replies: 7
Views: 671

Re: VLANs - bridge port received packet with own address - probably loop

Hi Mkx can you point me to that information. I use long term on my devices and not seeing it?? Many users complained in announcements, thread about 6.48.5, that this version bricked their devices. Many did not have such problem, but there isn't a clear failure pattern so one should be prepared for ...
by mkx
Tue Nov 09, 2021 9:34 pm
Forum: Beginner Basics
Topic: CRS309 Switch - cannot ping gateway or any other host
Replies: 17
Views: 1340

Re: CRS309 Switch - cannot ping gateway or any other host

I mentioned possible loops in one of my previous posts and it seems you have it. So until you are sure your SFP-related config is right, disconnect ether1. Or use ether1 to directly connect management PC, just don't make any loop in your network.
by mkx
Tue Nov 09, 2021 9:16 pm
Forum: Beginner Basics
Topic: Configuring Subnet of WAN IPs for NAT
Replies: 6
Views: 1002

Re: Configuring Subnet of WAN IPs for NAT

AFAIK there's no shortcut inside ROS. You can, however, use external tool (a shell or python script) which creates those 250 lines for you to copy-paste. BTW, when setting addresses in ROS, address itself with netmask defines what we normally know as network address (e.g. 192.168.24.42/24 gives netw...
by mkx
Tue Nov 09, 2021 6:17 pm
Forum: Beginner Basics
Topic: Firewall considers packets invalid
Replies: 5
Views: 702

Re: Firewall considers packets invalid

AFAIK this is a known "problem". Namely: when TCP connection is getting terminated, one party sends TCP packet with FIN flag set, the other party replies with TCP packet with FIN and ACK flags set. I'm not sure if it's required, but it's customary that the other party sends two (or even mo...
by mkx
Tue Nov 09, 2021 9:02 am
Forum: Beginner Basics
Topic: CRS309 Switch - cannot ping gateway or any other host
Replies: 17
Views: 1340

Re: CRS309 Switch - cannot ping gateway or any other host

However, assigning the SFP+ port to a Bridge on the CCR-1009 seems like a terrible idea - I can see that the SFP+ port is not hardware accelarated, which means all the traffic is gonna go via the CPU. Without any special configuration, CCR1009 should still be able to bridge a few Gbps between SFP+ ...
by mkx
Tue Nov 09, 2021 8:49 am
Forum: General
Topic: MikroTik IPv6 PMTUD
Replies: 4
Views: 458

Re: MikroTik IPv6 PMTUD

Hi, from my understanding any router with IPv6 will automatically/dynamically change their MTU using PMTUD till it can reach certain websites using IPv6. Actually every IPv6 host[*] does PMTUD independently and for each TCPv6 connection (it may cache the result and re-use it for other connections t...
by mkx
Tue Nov 09, 2021 8:42 am
Forum: General
Topic: VLANs - bridge port received packet with own address - probably loop
Replies: 7
Views: 671

Re: VLANs - bridge port received packet with own address - probably loop

First thing I would do is update firmware to latest long term version.

Be careful: latest long-term (6.48.5) is reported to have problem with reboots. You might want to stick to 6.48.4 for now (if you don't feel adventurous).
by mkx
Tue Nov 09, 2021 8:38 am
Forum: RouterOS v7 BETA
Topic: hw routing crs3xx/np16 best practice?
Replies: 3
Views: 676

Re: hw routing crs3xx/np16 best practice?

b) just remove the backhaul's port from the bridge and set IP etc on the 'natural' port. This scheme won't allow for HW offload of any kind (neither L2 nor L3). L3 HW routing only works if ports in question are all logically handled by switch chip directly. And that is achieved by configuring ports...
by mkx
Tue Nov 09, 2021 8:34 am
Forum: RouterOS v7 BETA
Topic: v7.1rc6 [development] is released!
Replies: 146
Views: 28177

Re: v7.1rc6 [development] is released!

I have not upgrade my RB5009 to any RC version,afraid I can't go back to factory if got any bugs from my use perspective. If you have NPK files for 7.0.5 (or 7.0.9) and you also have netinstall of corresponding version, then you should be able to go to that ROS version from RC. So when asking for t...
by mkx
Tue Nov 09, 2021 8:30 am
Forum: Beginner Basics
Topic: CRS309 Switch - cannot ping gateway or any other host
Replies: 17
Views: 1340

Re: CRS309 Switch - cannot ping gateway or any other host

What does
/interface bridge port print
show?
by mkx
Mon Nov 08, 2021 7:19 pm
Forum: Wireless Networking
Topic: Virtual WIFI and VLAN's - driving me crazy
Replies: 36
Views: 2449

Re: Virtual WIFI and VLAN's - driving me crazy

That's because your VLAN config is still a huge mess. Seems like you managed to misunderstand all the suggestions by @anay and myself. I suggest you to reset gear to defaults and start doing VLAN stuff from scratch. First do the bridge stuff, show us the result for review. Forget about wireless (bot...
by mkx
Mon Nov 08, 2021 3:42 pm
Forum: Beginner Basics
Topic: DHCP Client issue
Replies: 13
Views: 1186

Re: DHCP Client issue

You're doing something wrong. Enable default route on DHCP client and see what exactly is set by executing /ip address print detail and /ip route print detail . Then configure it statically and execute same commands. Then compare outputs to see what's different (except for actual IP addresses). Note...
by mkx
Mon Nov 08, 2021 3:06 pm
Forum: Beginner Basics
Topic: CRS309 Switch - cannot ping gateway or any other host
Replies: 17
Views: 1340

Re: CRS309 Switch - cannot ping gateway or any other host

Could be xSTP is kicking in. So try to completely remove ether1 from bridge (simply disabling it as bridge port might not be enough).
by mkx
Mon Nov 08, 2021 2:10 pm
Forum: General
Topic: vlan set-up when clients already tag their packets
Replies: 4
Views: 503

Re: vlan set-up when clients already tag their packets

So you're saying that you have one LAN port configured on MT router and that LAN port connects to dumb ethernet switch? Or even if it's managed and configured to pass tagged frames along with untagged towards router. So that makes LAN port a hybrid port ... tagged with VLAN ID what linux server uses...
by mkx
Mon Nov 08, 2021 8:53 am
Forum: General
Topic: RB450G Slow Speeds on Switch Port without Bridge
Replies: 3
Views: 462

Re: RB450G Slow Speeds on Switch Port without Bridge

For the LAN-to-WAN case, many of this forum's users find figure under "Routing -> 25 ip filter rules -> 512 byte" as pretty well resembling reality. And for the device in question that figure is 243 Mbps.
by mkx
Sun Nov 07, 2021 9:06 pm
Forum: General
Topic: Set interface VLAN0 on new CCR2004 device
Replies: 2
Views: 339

Re: Set interface VLAN0 on new CCR2004 device

That command is only possible on devices with switch chips which are exposed to comnands (i.e. not the CRS3xx line). CCR2004-16G-2S+ has two switch chips (but ROSv7 might not expose tgem via UI, I've no experirnce with new CCR2004 so I don't know) while CCR2004-1G-12S+2XS hasn't got any switch chip....
by mkx
Sun Nov 07, 2021 8:46 pm
Forum: General
Topic: vlan set-up when clients already tag their packets
Replies: 4
Views: 503

Re: vlan set-up when clients already tag their packets

Your use case doesn't make sense to me. But anyway ... if your client is tagging packets, then port it's using has to be either trunk (tagged for all VLANs) or hybrid (tagged for some VLANs and untagged for single VLAN). You said client can connect to different ports and assuming same ports can be u...
by mkx
Fri Nov 05, 2021 4:29 pm
Forum: Wireless Networking
Topic: Virtual WIFI and VLAN's - driving me crazy
Replies: 36
Views: 2449

Re: Virtual WIFI and VLAN's - driving me crazy

CAPsMAN datapath settings are completely VLAN-unaware. It should have been something like this: /capsman datapath add local-forwarding=yes name=DataPathVLAN101 vlan-id=101 vlan-mode=use-tag add local-forwarding=yes name=DataPathVLAN103 vlan-id=103 vlan-mode=use-tag (n.b. setting property bridge does...
by mkx
Fri Nov 05, 2021 11:59 am
Forum: Wireless Networking
Topic: Virtual WIFI and VLAN's - driving me crazy
Replies: 36
Views: 2449

Re: Virtual WIFI and VLAN's - driving me crazy

We'd have to see also the CAPsMAN config (/capsman export[/i), without it we can't correlate local configuration of wired part from CAP device and remote configuration of wireless from CAPsMAN.
by mkx
Fri Nov 05, 2021 11:19 am
Forum: Beginner Basics
Topic: How to configure VLAN?
Replies: 9
Views: 881

Re: How to configure VLAN?

In this case you'll have to go with all ports part of single bridge. ether1 will be trunk port for VLANs 10 and 20. The rest of ether ports will be either trunk ports for VLAN 20 (the IPTV ports) or hybrid ports (untagged for LAN, let's say LAN will be VLAN 30, and taged for VLAN 20) - for IPTV boxe...
by mkx
Fri Nov 05, 2021 8:49 am
Forum: Wireless Networking
Topic: Virtual WIFI and VLAN's - driving me crazy
Replies: 36
Views: 2449

Re: Virtual WIFI and VLAN's - driving me crazy

Using multiple bridges is not the way to go. You should use single VLAN-aware bridge.
by mkx
Fri Nov 05, 2021 8:15 am
Forum: Beginner Basics
Topic: How to configure VLAN?
Replies: 9
Views: 881

Re: How to configure VLAN?

If you only need VLANs on your WAN interface (i.e. you don't use VLANs in your LAN infrastructure), then you only need vlan interface on top of WAN port, such as this: /interface vlan add name=wan-vlan10 interface=ether1 vlan-id=10 Make sure ether1 is not part of any bridge. After that base your WAN...
by mkx
Thu Nov 04, 2021 7:37 am
Forum: Wireless Networking
Topic: No client to client connection [SOLVED]
Replies: 7
Views: 1305

Re: No client to client connection [SOLVED]

@plani never detailed what kind of client-to-client connections are failing. From the sollution he found one could assume tha devices are using broadcasts (bonjour or some such) to find each other. And for broadcasts flowing smoothly over wireless the setting mentioned does help.
by mkx
Wed Nov 03, 2021 11:02 pm
Forum: Beginner Basics
Topic: VLAN filtering method with CAPsMAN
Replies: 6
Views: 799

Re: VLAN filtering method with CAPsMAN

vlan-filtering has nothing to do with firewall. vlan-filtering is L2 (ethernet/VLAN) while firewall is mostly L3 (IP).
by mkx
Wed Nov 03, 2021 10:37 pm
Forum: Beginner Basics
Topic: VLAN filtering method with CAPsMAN
Replies: 6
Views: 799

Re: VLAN filtering method with CAPsMAN

Bridge doesn't do any VLAN related stuff (e.g. tagging/untagging) if vlan-filtering=yes is not set on vlan-bridge.
by mkx
Wed Nov 03, 2021 8:47 pm
Forum: General
Topic: Mikrotik Hex S slow speeds on LAN interface only.
Replies: 5
Views: 520

Re: Mikrotik Hex S slow speeds on LAN interface only.

Two things:
  1. Move LAN IP address to bridge
  2. remove (or disable) DHCP client

And note that device has no firewall (default action is accept).
by mkx
Wed Nov 03, 2021 8:36 pm
Forum: RouterOS v7 BETA
Topic: more modern ssh in routerOS please
Replies: 22
Views: 3300

Re: more modern ssh in routerOS please

Too far in the future ... 2025 crypto will be deprecated in 2030.
by mkx
Wed Nov 03, 2021 7:37 pm
Forum: RouterOS v7 BETA
Topic: more modern ssh in routerOS please
Replies: 22
Views: 3300

Re: more modern ssh in routerOS please

No wait............... what about the amazing graphic where Strong Crypto selection is available on winbox Gui!! ;-)
It's already there but you can't see it because icon is only displayed by winbox gui if crypto library on your PC supports the 2025-era state-of-art cryptography. :wink:
by mkx
Wed Nov 03, 2021 3:24 pm
Forum: RouterOS v7 BETA
Topic: more modern ssh in routerOS please
Replies: 22
Views: 3300

Re: more modern ssh in routerOS please

Sure, but then ... is anybody (except me? ;-) ) checking all the change-logs before blindly upgrading software? I mean ... it's ssh client upgrade which breaks things "that worked yesterday" and if one does one thing at a time, it would be pretty obvious, wouldn't it? Except for the part &...
by mkx
Wed Nov 03, 2021 2:52 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc5 [development] is released!
Replies: 167
Views: 26709

Re: v7.1rc5 [development] is released!

And the add default route for DHCPv6 client is optional, you can disable it. Ok apparently only from cmdline, I do not see a checkmark or other gui trick for this (like removing default route distance) but in cmdline it worked. So probably this requires only gui change. Thanks. Looking at my 6.48.4...
by mkx
Wed Nov 03, 2021 8:43 am
Forum: General
Topic: running winbox via ubuntu 20.04
Replies: 2
Views: 380

Re: running winbox via ubuntu 20.04

Not sure what means 'installing winbox package' in ubuntu ... It should work just fine if you install wine package. Then you can simply download winbox.exe from MT's download server. Open terminal window in your ubuntu machine, navigate to the folder where you stored downloaded winbox executable and...
by mkx
Wed Nov 03, 2021 8:36 am
Forum: RouterOS v7 BETA
Topic: more modern ssh in routerOS please
Replies: 22
Views: 3300

Re: more modern ssh in routerOS please

At a point we will can't login into these devices with up-to-date SSH clients or web browsers. Unfortunately we need to operating ancient OSes to able to login into these devices or we need to disable the secure login methods You're spreading mild version of FUD. Even modern SSH clients (up to the ...
by mkx
Tue Nov 02, 2021 3:33 pm
Forum: RouterOS v7 BETA
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 225
Views: 64907

Re: ZeroTier added to RouterOS v7.1rc2

zerotier package did not exist before 7.1rc2 ... if you want to use zerotier, then you have to upgrade your device at least to ROS v7.1rc2 ... beware it's an experimental (release-candidate) version and things may break.
by mkx
Tue Nov 02, 2021 8:53 am
Forum: General
Topic: Chateau LTE12 suddenly dead
Replies: 2
Views: 533

Re: Chateau LTE12 suddenly dead

Just to find out, if the power-supply or the Chateau itself is faulty, I looked for a compatible power supply with 12V from my storage box.

BTW, product specifications say that supplied power adapter is 24V ...
by mkx
Mon Nov 01, 2021 5:19 pm
Forum: Beginner Basics
Topic: system,error,critical login failure for user admin from IP via web
Replies: 13
Views: 1404

Re: system,error,critical login failure for user admin from IP via web

... then you hit reload and bam.

I never bothered to look into logs, but whatever browser I use, clicking reload button never did anything good on WebFig page. Most of times I was presented with login page ... without any of usual page decoration (Mikrotik logotype, tools buttons, ...).
by mkx
Mon Nov 01, 2021 5:11 pm
Forum: RouterOS v7 BETA
Topic: PPPOE not working
Replies: 25
Views: 2030

Re: PPPOE not working

If you have some PC running decent ping handy (linux is fine, windows' default likely not, dunno about iOS), then you can do some test. My ISP delivers internet over PPPoE with MTU on pppoe-out1 interface negotiated to 1480. So if I run ping requiring it to set DF bit and packet size which exceeds t...
by mkx
Mon Nov 01, 2021 1:30 pm
Forum: Beginner Basics
Topic: I can access website from external but not from internal
Replies: 3
Views: 562

Re: I can access website from external but not from internal

Either have split DNS (so that it returns LAN IP addresses to LAN clients) or configure hairpin NAT.
by mkx
Mon Nov 01, 2021 11:50 am
Forum: Wireless Networking
Topic: Virtual WIFI and VLAN's - driving me crazy
Replies: 36
Views: 2449

Re: Virtual WIFI and VLAN's - driving me crazy

You have to manually configure the wired part of CAP client before CAPsMAN takes over provisioning the wireless part. CAPsMAN only does what you currently have under /interface wireless ... For testing purposes you can configure wireless part manually and transition it to CAPsMAN later. As to the wi...
by mkx
Mon Nov 01, 2021 11:42 am
Forum: Wireless Networking
Topic: I'll say it again... MikroTik, your wifi is ATROCIOUS [SOLVED]
Replies: 19
Views: 2812

Re: I'll say it again... MikroTik, your wifi is ATROCIOUS [SOLVED]

And remember... As soon as you out the wifi wave 2 driver on it... It doesn't mesh anymore. Or do caps-man.

The good thing: unlike wireless RB4011 audience uses wifiwave2 driver for 2.4GHz wireless chip as well, so it works (with RB4011 one looses 2.4GHz wireless for now).
by mkx
Mon Nov 01, 2021 11:38 am
Forum: General
Topic: Is CCR2004-1G-12S+2XS a good fit for this use-case?
Replies: 8
Views: 1287

Re: Is CCR2004-1G-12S+2XS a good fit for this use-case?

Also, there are limitations to how many s+rj10 you can put in close proximity. I don't have the link off hand, but I'd suggest you search for it.
https://wiki.mikrotik.com/wiki/S%2BRJ10 ... l_guidance
by mkx
Mon Nov 01, 2021 11:37 am
Forum: General
Topic: Is CCR2004-1G-12S+2XS a good fit for this use-case?
Replies: 8
Views: 1287

Re: Is CCR2004-1G-12S+2XS a good fit for this use-case?

... using a CRS328-24P-4S+ as a router.

After ROSv7.1 gets stabilized, you might want to keep using yor CRS328 as router with its L3 HW offloading vastly improving routing speed in certain conditions.
by mkx
Mon Nov 01, 2021 11:28 am
Forum: RouterOS v7 BETA
Topic: GRE tunnel and L3 hardware offloading feature on CRS317-1G-16S+
Replies: 4
Views: 1096

Re: GRE tunnel and L3 hardware offloading feature on CRS317-1G-16S+

First, we need to stabilize RouterOS v7.1. And the next big feature is IPv6 hardware routing support.
+=10000000000

And fast-track for IPv6 I hope ...
by mkx
Mon Nov 01, 2021 11:26 am
Forum: RouterOS v7 BETA
Topic: PPPOE not working
Replies: 25
Views: 2030

Re: PPPOE not working

In PPOE is MTU 1480 and on others interfaces is 1500. Is it problem?

No, not if PMTUD works properly.
by mkx
Sun Oct 31, 2021 8:57 pm
Forum: Beginner Basics
Topic: add a static IP in the DHCP list? [SOLVED]
Replies: 8
Views: 1040

Re: add a static IP in the DHCP list? [SOLVED]

Than what does ARP->Make Static does ? When IP device wants to communicate with another IP device over ethernet (or wifi), it sends packets to MAC address. ARP is protocol suite to map IP addresses to MAC addresses. And when device resolves MAC address for connection peer, it temporarily stores the...
by mkx
Sun Oct 31, 2021 4:59 pm
Forum: RouterOS v7 BETA
Topic: more modern ssh in routerOS please
Replies: 22
Views: 3300

Re: more modern ssh in routerOS please

....Ok, here's the rant: modern ssh clients refuse to work with mikrotik, because its crypto is woefully old.... What ssh client do you use? Why do you call it modern if it can't use old ciphers? It could/should compalin but dropping support in such a tool is a shame. Why not to drop telnet support...
by mkx
Sun Oct 31, 2021 1:04 pm
Forum: Beginner Basics
Topic: add a static IP in the DHCP list? [SOLVED]
Replies: 8
Views: 1040

Re: add a static IP in the DHCP list? [SOLVED]

Or use the dynamic lease, make static and then set the desired IP. Then you don't need to fiddle with the MAC address. This only works if client device is actually running DHCP client and network admin wants client to have a particular IP address. @OP indicated that devices had truely static setup ...
by mkx
Sun Oct 31, 2021 10:31 am
Forum: Beginner Basics
Topic: add a static IP in the DHCP list? [SOLVED]
Replies: 8
Views: 1040

Re: add a static IP in the DHCP list? [SOLVED]

It should be done as IP -> DHCP Server -> Leases -> Add New ... you will need to know devices' MAC addresses to make leases meaningfull - theoretically you could enter just any MAC address but that would a) allow for problems in rare case when a device with configured MAC appeared in the network and...
by mkx
Sun Oct 31, 2021 10:23 am
Forum: General
Topic: Mikrotik with Technicolor DGA2232
Replies: 4
Views: 674

Re: Mikrotik with Technicolor DGA2232

As long as wifi is not part of Mikrotik's LAN ... but I guess this is not what you had in mind. To have Mikrotik as gateway/firewall and use Technicolor's wifi as part of LAN ... I guess this isn't possible.
by mkx
Sun Oct 31, 2021 10:14 am
Forum: General
Topic: GPEN power handling ?
Replies: 1
Views: 392

Re: GPEN power handling ?

I wouldn't count on MT staff to give definite answer to your particular question here, you might be more lucky if asking them directly at support@mikrotik.com . Forum members can only guess. And ny guess is tgat there are simple diodes on each PoE-in ports which means it will happen exactly the way ...
by mkx
Sat Oct 30, 2021 8:55 pm
Forum: RouterOS v7 BETA
Topic: PPPOE not working
Replies: 25
Views: 2030

Re: PPPOE not working

Default firewall and NAT configuration needs logical WAN interface to be member of WAN interface list. In your case that's pppoe-out1 interface. Strictly speaking it doesn't hurt to keep underlying physical interface (ether1) in WAN interface list as well, after all firewall is quite strict about in...
by mkx
Sat Oct 30, 2021 7:45 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 64
Views: 35722

Re: WinBox v3.31 released!

I don't think you've got anything to loose by getting replacement unit. If the new one works fine, then this would point in direction of HW problem with your old unit. If the new unit malfunctions the same way, then it could either be SW problem or HW deffect in a larger batch of devices.
by mkx
Sat Oct 30, 2021 2:34 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 64
Views: 35722

Re: WinBox v3.31 released!

If Mikrotik advised to RMA, then just do it.
by mkx
Fri Oct 29, 2021 11:24 pm
Forum: General
Topic: Offloading bandwidth queues - Transparent?
Replies: 3
Views: 431

Re: Offloading bandwidth queues - Transparent?

Depends which CCR1009 in particular ... CCR1009-8G-1S-1S+ has a switch chip managing ether1-ether5 ... to have traffic through those ports to hit bridge code one has to disable HW offload.
by mkx
Fri Oct 29, 2021 11:18 pm
Forum: Beginner Basics
Topic: VLAN filtering method with CAPsMAN
Replies: 6
Views: 799

Re: VLAN filtering method with CAPsMAN

First you have to configure VLANs properly on bridge. After that configure capsman datapath with vlan-id=XY vlan-mode=use-tag , you'll need one datapath per SSID. In /capsman configuration then merge SSID with corresponding datapath. The remaining thing is to match /capsman manager interface setting...
by mkx
Fri Oct 29, 2021 9:53 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM installation of fan3 and fan4
Replies: 28
Views: 20550

Re: CRS328-24P-4S+RM installation of fan3 and fan4

Full model designation of CRS312-4C+8XG ends with -RM ... meaning rack mount. I don't think MT developers were considering noise level for a device intended to be mounted in a rack (which often implies data center with high noise levels). For use in living room you should be considering a passive-co...
by mkx
Fri Oct 29, 2021 9:42 pm
Forum: Wireless Networking
Topic: wlan1 and wlan2 missing after restore a backup file [SOLVED]
Replies: 7
Views: 1136

Re: wlan1 and wlan2 missing after restore a backup file [SOLVED]

Since when does RB5009 have any of wireless hardware?
by mkx
Fri Oct 29, 2021 9:35 pm
Forum: Wireless Networking
Topic: Difference between mesh and multiple APs with same SSID in same subnet
Replies: 1
Views: 751

Re: Difference between mesh and multiple APs with same SSID in same subnet

Wireless mesh networks usually use wireless connections to interconnect APs at least in a part of network. wikipedia article

In your case with both wifi APs connected to centeal router with wires mesh doesn't make any sense. BTW, mesh doesn't change wireless client roaming experience by itself.
by mkx
Fri Oct 29, 2021 9:12 pm
Forum: General
Topic: Advice Regarding Custom Build
Replies: 1
Views: 379

Re: Advice Regarding Custom Build

Current release versions of ROS are either x86 version or CHR version. x86 version gets installed on barebone hardware but lacks many drivers for modern hardware (including many modern NICs and SATA disks). CHR version relies on hypervisor for hardware drivers and is currently better choice with tha...
by mkx
Fri Oct 29, 2021 8:51 pm
Forum: Beginner Basics
Topic: WAN throughput degradation after terminating PPPoE with RB2011UAS
Replies: 6
Views: 674

Re: WAN throughput degradation after terminating PPPoE with RB2011UAS

Does the above mean that this host maxes UDP out at 780Mbps, and the surplus traffic gets dropped? I'm not sure what exactly you mean by "host". I understand either your linux machine or server. And no, sender (linux host) doesn't throttle down to 700Mbps, in case if 1Gbps test it's pushi...
by mkx
Fri Oct 29, 2021 8:22 pm
Forum: Beginner Basics
Topic: WAN throughput degradation after terminating PPPoE with RB2011UAS
Replies: 6
Views: 674

Re: WAN throughput degradation after terminating PPPoE with RB2011UAS

[ 5] 0.00-10.06 sec 895 MBytes 746 Mbits/sec 0.023 ms 172511/829707 (21%) receiver So I am able to achieve 953Mbit/s with UDP in the following network setup: No, you're not able to achieve 953Mbps, see the line above (I've left it from your test results). The big thing when testing with iperf is to...
by mkx
Fri Oct 29, 2021 8:04 pm
Forum: Beginner Basics
Topic: Access bridge settings from devices in LAN [SOLVED]
Replies: 6
Views: 984

Re: Access bridge settings from devices in LAN [SOLVED]

Changing the IP-Range is not possible.

I can't really believe that you can't change LAN IP addressing scheme, but you know better. However, without changing it (and I guess you don't have enough rights to change addressing of ONU) your problem can not be solved without extensive tinkering.
by mkx
Fri Oct 29, 2021 7:59 pm
Forum: Beginner Basics
Topic: Setting up VLANs on RB4011 on Multiple Ports for Switches
Replies: 10
Views: 974

Re: Setting up VLANs on RB4011 on Multiple Ports for Switches

I though L2-Hardware offloading was posible in ROS6.X Did i missunderstand the Wiki? (https://help.mikrotik.com/docs/display/ROS/Switch+Chip+Features) No, under ROSv6 the RTL8367 switch chip in RB4011 is treated as being dumb a$$ ... it's not even possible to configure VLANs directly in /interface ...
by mkx
Fri Oct 29, 2021 8:44 am
Forum: Beginner Basics
Topic: Dhcp leases - double mac address
Replies: 3
Views: 532

Re: Dhcp leases - double mac address

The setup of bridge_vlan_140/150/160 is incomplete ... it should have vlan-filtering=yes . It should be tagged member of itself (under /interface bridge vlan ). You may want to check this excelent tutorial to see how VLANs are done in ROS. And this thread to better understand different bridge person...
by mkx
Thu Oct 28, 2021 8:39 pm
Forum: Beginner Basics
Topic: Dhcp leases - double mac address
Replies: 3
Views: 532

Re: Dhcp leases - double mac address

No, the whole idea of VLANs is that they are separated from each other on L2 (below IP). Unless connecting device is VLAN aware (such example are your wifi APs). Why it is not like that in your case? It could be configuration on router. It could be configuration on wifi APs. Impossible to tell witho...
by mkx
Thu Oct 28, 2021 7:31 pm
Forum: SwOS
Topic: feature request - https for webui
Replies: 17
Views: 4629

Re: feature request - https for webui

For starters I wouldn't expose simple managed switch (like CSS) to internet at large. If one can not trust their LAN, then most (if not alI) managed switches support "management VLAN". It's up to router/firewall to filter access to management VLAN at large. And if paranoid enough, manageme...
by mkx
Thu Oct 28, 2021 7:11 pm
Forum: General
Topic: reset configuration doesnt deploy fw rules
Replies: 8
Views: 789

Re: reset configuration doesnt deploy fw rules

Taking mkx statement i assume he will never drive a Porsche as he is not a professional race driver. Im so sorry for you. Your comparison is IMHO not right. The right comparison would go like this: how would a person, only ever driving a Tesla model X, handle a 1963 Porsche 911? Because lack of def...
by mkx
Thu Oct 28, 2021 6:55 pm
Forum: Beginner Basics
Topic: Setting up VLANs on RB4011 on Multiple Ports for Switches
Replies: 10
Views: 974

Re: Setting up VLANs on RB4011 on Multiple Ports for Switches

Solution B: The RB4011 has a switch Chip and can do Bridge Hardware Offloading. I'm all for solution B. And I'd dare to use single bridge for all ports (governed by both switch chips). Two gotchas: HW offload is only available in ROS v7.1rc and I'd be a bit careful running it right now. But by all ...
by mkx
Wed Oct 27, 2021 7:12 pm
Forum: Beginner Basics
Topic: Problems DHCP with VLANS
Replies: 1
Views: 434

Re: Problems DHCP with VLANS

VLAN setup is slightly hosed. You have: /interface bridge add name=bridge1 vlan-filtering=yes /interface vlan add interface=bridge1 name=VLAN50_Guest vlan-id=50 /ip dhcp-server add address-pool=dhcp_pool2 interface=VLAN50_Guest name=dhcp1 /ip address add address=10.0.5.1/28 interface=VLAN50_Guest ne...
by mkx
Tue Oct 26, 2021 4:49 pm
Forum: General
Topic: IGMP Snooping with VLANs
Replies: 4
Views: 702

Re: IGMP Snooping with VLANs

I'm guessing: bridge interface is used as IGMP querier. If bridge interface has PVID set (by default it's PVID=1), then IGMP queries will be sent to VLAN ID 1. If the rest of L2 configuration doesn't mention VLAN 1, then those queries will be discarded by bridge the switch-like entity due to lack of...
by mkx
Tue Oct 26, 2021 2:19 pm
Forum: General
Topic: providing NTP server by using DHCPv6?
Replies: 8
Views: 768

Re: providing NTP server by using DHCPv6?

What kind of DHCPv6 client are you running? If you have a linux machine handy, you can try running dhclient manually ... you can specify the list of options to request from DHCP server.
by mkx
Tue Oct 26, 2021 2:07 pm
Forum: General
Topic: reset configuration doesnt deploy fw rules
Replies: 8
Views: 789

Re: reset configuration doesnt deploy fw rules

hey mks dont take it personally I'm not. The thing is that I was trying to teach OP how to catch fish. But then somebody came by and dropped lots of fish. And the problem is that in a few years time somebody will stumble upon this post and take the config ... but at that time we might have a much b...
by mkx
Tue Oct 26, 2021 1:54 pm
Forum: RouterOS v7 BETA
Topic: Looking for Docker container ideas for RouterOS
Replies: 5
Views: 1104

Re: Looking for Docker container ideas for RouterOS

The list of services that might be run in containers is endless. Just compile list of services that people mentioned in numerous wish-list posts. The problem is that most (if not all) RB devices are not really fit for running (full-blown) containers either due to RAM shortage or due to storage short...
by mkx
Mon Oct 25, 2021 10:51 pm
Forum: Beginner Basics
Topic: bridges and VLANs - why?
Replies: 21
Views: 1756

Re: bridges and VLANs - why?

Regarding L2 (VLANs) your setup seems fine to me. And I won't bother with L3 too much as I lack knowledge about your networks (and intentions).
by mkx
Mon Oct 25, 2021 10:37 pm
Forum: Beginner Basics
Topic: bridges and VLANs - why?
Replies: 21
Views: 1756

Re: bridges and VLANs - why?

Is this causing me issues because I am using the default vlan1 which is untagged versus tagged? It is indeed. frame-types=admit-only-vlan-tagged is appropriate setting for trunk (tagged-only) ports while in your case where ports are hybrid (a few tagged VLANs and untagged) you should leave setting ...
by mkx
Mon Oct 25, 2021 10:25 pm
Forum: General
Topic: reset configuration doesnt deploy fw rules
Replies: 8
Views: 789

Re: reset configuration doesnt deploy fw rules

Here you go; Do you think I couldn't post this? But that's a rotten favour to OP: defaults evolve and admin, operating "pro" router, should have a smaller "lab" unit handy ... any mikrotik costing 30 euro will do. And that's my main message to owners of "pro" line of r...
by mkx
Mon Oct 25, 2021 7:55 pm
Forum: Wireless Networking
Topic: Slave SSID/VLAN not working with CAPsMAN and local forwarding [SOLVED]
Replies: 8
Views: 1369

Re: Slave SSID/VLAN not working with CAPsMAN and local forwarding [SOLVED]

CAP devices which are configured into CAPsMAN "slavery" by using button push are not VLAN aware. If you want to run VLANs in your network, then you have to configure wired part of CAPs manually. CAPsMAN only takes care of wireless interfaces. And, BTW, explicit use of VLAN ID 1 is generall...
by mkx
Mon Oct 25, 2021 7:40 pm
Forum: Beginner Basics
Topic: virtual wifi interface can't connect internet
Replies: 20
Views: 4560

Re: virtual wifi interface can't connect internet

Your Mikrotik currently doesn't interact with traffic on wireless, it only passes it between ether1 and wireless interfaces. If wireless user is able to connect mikrotik, then it's going via main gateway and you have to block unwanted traffic there.
by mkx
Mon Oct 25, 2021 7:21 pm
Forum: Beginner Basics
Topic: bridges and VLANs - why?
Replies: 21
Views: 1756

Re: bridges and VLANs - why?

My last question is - is there a way I could make the sfp+ a trunk port without changing my current config?

Very probably ... but can't say for sure without seeing your current config (text export) ... at least everything under /interface.
by mkx
Mon Oct 25, 2021 7:06 pm
Forum: General
Topic: reset configuration doesnt deploy fw rules
Replies: 8
Views: 789

Re: reset configuration doesnt deploy fw rules

These are both devices from "pro" line and come with blank default firewall filters. It is somehow expected that these powerful units won't run simple SOHO networks and a knowledgeable admin will know better than defaults. I suggest you to get any of "toy" Mikrotiks and execute /...
by mkx
Mon Oct 25, 2021 6:57 pm
Forum: General
Topic: Multiple PTRs for same IP in ROS Static DNS
Replies: 2
Views: 492

Re: Multiple PTRs for same IP in ROS Static DNS

In my not so limited history with DNS I never saw DNS server returning more than one PTR record for single IP address. And I always worked with full-featured DNS servers. So this behaviour doesn't seem to be ROS-specific in any way. What you could do (and still wouldn't seem weird) is to create mult...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 24