Community discussions

MikroTik App

Search found 5811 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by mkx
Wed May 05, 2021 11:02 pm
Forum: SwOS
Topic: LAGG with pfsense Setup
Replies: 3
Views: 219

Re: LAGG with pfsense Setup

Switch between pfsense and cable modem will always see only 2 MAC addresses (1 of cable modem and very probably only 1 of pfsense - linux bonding always uses MAC address of first active bond member as bond MAC - for all bond members, I'm not sure about other implementations but they are probably the...
by mkx
Wed May 05, 2021 7:27 pm
Forum: SwOS
Topic: LAGG with pfsense Setup
Replies: 3
Views: 219

Re: LAGG with pfsense Setup

Something in that line. There's just a gotcha with LAG in general (and MT can't be any different): all packets belonging to single connection will pass same bond member, hence single connection throughput is limited to speed of bond member (in your case 1Gbps). Same may apply to muktiple connections...
by mkx
Wed May 05, 2021 6:23 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 491

Re: NAT from inside the LAN

Some wireless clients (mobile phones specifically, others might as well) perform "mini sleeps" of wifi module to save power. During sleeps AP has to buffer frames until client wakes up and accepts packets. The same behaviour affects broadcasts as well, mikrotik by default just sends broadc...
by mkx
Tue May 04, 2021 10:54 pm
Forum: RouterOS v7 BETA
Topic: Warning: cpu not running at default frequency [SOLVED]
Replies: 4
Views: 1466

Re: Warning: cpu not running at default frequency [SOLVED]

RBM11G product page specifies default frequency to be 880MHz. If your unit is not set to this frequency, set it and the warning should go away (after a reboot).
by mkx
Tue May 04, 2021 9:26 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 491

Re: NAT from inside the LAN

So one of PCs is wireless client. I'd say you should check wireless: is there much of interference (other APs nearby), is the connection with decent signal strength, etc.
by mkx
Tue May 04, 2021 7:34 pm
Forum: Beginner Basics
Topic: Turning my router into the WAN itself. [SOLVED]
Replies: 4
Views: 303

Re: Turning my router into the WAN itself. [SOLVED]

If setup of SXT is pretty much default, then the following should work: use winbox and mac connection. Before removing ether1 from bridge add ether1 to interface list called LAN.
by mkx
Tue May 04, 2021 3:02 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1235

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

Or thoroughly apply the German solution.
by mkx
Tue May 04, 2021 2:56 pm
Forum: Wireless Networking
Topic: Vlan hopping check and mitigation !
Replies: 5
Views: 225

Re: Vlan hopping check and mitigation !

These settings improve security. E.g. if port doesn't have ingress-filtering=yes set and tagged frames are allowed on ingress, attacker could inject packets into arbitrary VLAN (also into VLANs which have nothing to do with this particular port). It's one way again (replies are not delivered), but i...
by mkx
Tue May 04, 2021 2:49 pm
Forum: General
Topic: Very high sector writes
Replies: 31
Views: 4366

Re: Very high sector writes

If this indeed has anything to do with SNTP client, then it's NTP client from stand-alone ntp package guilty as well.
by mkx
Tue May 04, 2021 2:34 pm
Forum: Beginner Basics
Topic: Turning my router into the WAN itself. [SOLVED]
Replies: 4
Views: 303

Re: Turning my router into the WAN itself. [SOLVED]

Something similar is topic of this post. Does it help?

Just be sure to use VLAN IDs in range between 2 and 4000 (inclusive) ... stay away from VID 1 (using it is a recipe for troubles).
by mkx
Tue May 04, 2021 2:22 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 491

Re: NAT from inside the LAN

Local traffic between 192.168.64.65 and 192.168.64.64 should go directly without going via router unless there's some weird configuration on either of hosts involved. Hard to tell without seeing actual network configuration of both. Your example would indicate misconfiguration on 192.168.64.65 becau...
by mkx
Tue May 04, 2021 2:16 pm
Forum: Beginner Basics
Topic: Simple queue does not work...
Replies: 11
Views: 455

Re: Simple queue does not work...

Could be that indeed IP firewall has to be involved for queuing to work. It is not very common to have traffic shaping enabled between bridged/switched ports.
by mkx
Tue May 04, 2021 11:31 am
Forum: Beginner Basics
Topic: Combine more Vlan's traffice to one acces port
Replies: 3
Views: 187

Re: Combine more Vlan's traffice to one acces port

As I wrote: it's simple to untag multiple VLANs on a single port. E.g. if there are 3 VLANs with multicast streams with VLAN IDs 100, 200 and 300 ... and you have fourth VLAN for other IP communication of said device (e.g. management) with ID 999, then you would configure a bridge like this: /interf...
by mkx
Mon May 03, 2021 11:43 pm
Forum: General
Topic: Bandwidth test from Mikrotik to client
Replies: 1
Views: 113

Re: Bandwidth test from Mikrotik to client

There's bandwidth test , comes as standard function in ROS and windows counterpart is available for download . Beware, however, that running bandwidth test software on router is generally not a good idea. Test is pretty CPU intensive and router's CPU is often the bottleneck. Better aporoach is to ru...
by mkx
Mon May 03, 2021 10:22 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 491

Re: NAT from inside the LAN

You need hairpin NAT
by mkx
Mon May 03, 2021 6:59 pm
Forum: Beginner Basics
Topic: Simple queue does not work...
Replies: 11
Views: 455

Re: Simple queue does not work...

ether 1, 2 and 3 are bridged as WAN, ether1 connects to internet, ether 2 and 3 to two Dell PowerEdge systems. For queues to work, traffic has to be handled by ROS in software. Which means it should not be HW offloaded. Every ROS device having a switch chip (RB750G has one) can HW offload one bridg...
by mkx
Mon May 03, 2021 6:43 pm
Forum: Beginner Basics
Topic: Combine more Vlan's traffice to one acces port
Replies: 3
Views: 187

Re: Combine more Vlan's traffice to one acces port

Any of RouterOS devices can untag multiple VLANs on single ethernet port. The problem you might encounter is this: usually multicast clients have to subscribe to streams and that has to be done through correct VLAN. It is only possible to tag for single VLAN on ingress, hence multicast client will o...
by mkx
Mon May 03, 2021 4:03 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 671

Re: IPv6 ICMP ok but no TCP traffic

/ipv6 dhcp-client add add-default-route=yes comment="Rostelecom IPv6 DHCP" interface=pppoe-out1 pool-name=rtelecomv6 pool-prefix-length=56 request=prefix use-peer-dns=no Don't set pool prefix length. It's not about prefix length you're getting from ISP (they give you whatever they decide ...
by mkx
Mon May 03, 2021 3:54 pm
Forum: Beginner Basics
Topic: How to isolate both subnets on a cascade router setup?
Replies: 2
Views: 106

Re: How to isolate both subnets on a cascade router setup?

Either construct a "routing" subnet for connection between both routers (if physical connection is a problem, simply using another IP subnet would mostly do). Or disable NAT on Linksys and let MT do it for subnet B as well. You'll have to add static route on router A towards subnet B using...
by mkx
Mon May 03, 2021 3:46 pm
Forum: Beginner Basics
Topic: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?
Replies: 5
Views: 286

Re: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?

The 25 simple queues is more representative of home setup throughput ...

How so? I'd expect most home users to have zero queues defined and at least default firewall filter rules (around 10 IIRC).
by mkx
Mon May 03, 2021 3:43 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules
Replies: 4
Views: 331

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

The big problem about what OP requested is that CAPsMAN only provisions wireless interface of a cAP. When dynamic VID appears on bridge it's not because capsman would provision bridge, it's because this is how bridge reacts to addition of a new bridge port with PVID set. The only solution would be t...
by mkx
Mon May 03, 2021 3:31 pm
Forum: Wireless Networking
Topic: Vlan hopping check and mitigation !
Replies: 5
Views: 225

Re: Vlan hopping check and mitigation !

Can't say anything about TP link gear. MT (most probably) can't be exploted this way, at least if bridge vlan-filtering is used (some HW offloaded VLAN setup might be vulnerable but it very much depends on how switch chip operates - I'm not going to study that now) ... if set up properly. The thing ...
by mkx
Mon May 03, 2021 8:22 am
Forum: Beginner Basics
Topic: Purpose of VLAN Mode on wireless interfaces [SOLVED]
Replies: 2
Views: 144

Re: Purpose of VLAN Mode on wireless interfaces [SOLVED]

Before ROS 6.42 (or something) bridge did not have VLAN related functionality, hence VLAN functions had to be performed by member ports (in this case wlan interface). Using vlan interfaces doesn't help in this case, using multiple bridges does (but that's awkward). Capsman still uses wlan vlan-funct...
by mkx
Sat May 01, 2021 9:05 pm
Forum: Wireless Networking
Topic: Capsman - Not getting IP on slave-interface [SOLVED]
Replies: 7
Views: 1707

Re: Capsman - Not getting IP on slave-interface [SOLVED]

OP did it using single bridge: /caps-man datapath add bridge=bridge local-forwarding=yes name=datapathVlan20 vlan-id=20 vlan-mode=use-tag add bridge=bridge local-forwarding=yes name=datapathVlan30 vlan-id=30 vlan-mode=use-tag Both data paths are using same bridge (named bridge). They are using diffe...
by mkx
Sat May 01, 2021 8:55 pm
Forum: General
Topic: DHCP-client script can't send (external) email because there is no internet connection
Replies: 2
Views: 254

Re: DHCP-client script can't send (external) email because there is no internet connection

Why don't you insert a delay (e.g. of 30 seconds) at the beginning of your script?
by mkx
Sat May 01, 2021 8:51 pm
Forum: Beginner Basics
Topic: Erratic device behaviour on WLAN
Replies: 3
Views: 320

Re: Erratic device behaviour on WLAN

There are a few settings which might affect the way wireless clients behave. I suggest you to re-post about the problem in forum section about wireless. There are a few users very knowledgeable about wireless woes but they might not follow topics in this part of forum.
by mkx
Sat May 01, 2021 1:15 pm
Forum: Wireless Networking
Topic: Capsman - Not getting IP on slave-interface [SOLVED]
Replies: 7
Views: 1707

Re: Capsman - Not getting IP on slave-interface [SOLVED]

It can't be done without bridges. wlan interface (even when provisioned by capsman) is interface, physical ethernet interface is interface (and vlan interface is interface as well) and only way to connect two (or more) interfaces is using a bridge.
by mkx
Sat May 01, 2021 12:32 pm
Forum: Beginner Basics
Topic: Erratic device behaviour on WLAN
Replies: 3
Views: 320

Re: Erratic device behaviour on WLAN

Anything about erratic device in logs? Copy-paste output of command /log print (run it in terminal window) to a text editor and search through logs for device's MAC address and/or IP address.
by mkx
Sat May 01, 2021 12:20 pm
Forum: Beginner Basics
Topic: What is purpose of VLAN's Parent Interface? [SOLVED]
Replies: 3
Views: 318

Re: What is purpose of VLAN's Parent Interface? [SOLVED]

(small hint for you mkx, bookmark good posts!) I'll let you find those via google multiple times so that google bookmarks them for me. It took a few weeks for google to bookmark thread about bridge vkan filtering by @pcunite, now it's on top of result list when I'm searching for "pcunite vlan ...
by mkx
Sat May 01, 2021 12:31 am
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1235

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

I don't think nv2 being invisible to 802.11 devices has anything to do with CSMA/CA. I'm not an expert in nv2 but I guess beacons used in nv2 are incompatible with 802.11 beacons and 802.11 stations don't recognise nv2 AP.
by mkx
Sat May 01, 2021 12:18 am
Forum: Beginner Basics
Topic: What is purpose of VLAN's Parent Interface? [SOLVED]
Replies: 3
Views: 318

Re: What is purpose of VLAN's Parent Interface? [SOLVED]

vlan interface (created under /interface vlan ) is kind of a pipe with two ends. One end is anchored to underlying interface , accepts tagged frames (the ones tagged with aporopriate VID that is) and transmits tagged frames. The other end can be used as untagged interface (e.g. set IP address to it)...
by mkx
Fri Apr 30, 2021 1:36 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1235

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

I think you should do some spectrum analysis during hours with reduced throughput. The problem with nv2 is that standard 802.11 devices don't detect it other than some noise and can thus cause some considerable interference to each other ... which gets worse when both nerworks (your nv2 and other 80...
by mkx
Thu Apr 29, 2021 8:28 pm
Forum: Beginner Basics
Topic: Internet low speed
Replies: 15
Views: 534

Re: Internet low speed

Sorry, your config is OK, but i do not understand why you cap to 100M... Maybe the new device will help? What is an actually model? As test results indicate, your device caps at around 150Mbps (give or take) routed throughput in real life scenarios. Wireless can consume quite a lot of CPU when util...
by mkx
Thu Apr 29, 2021 9:56 am
Forum: General
Topic: Installing RouterOS on Protectli Vault 6-Port Hardware
Replies: 2
Views: 305

Re: Installing RouterOS on Protectli Vault 6-Port Hardware

x86 (and x86-64) breed of ROS v6 is pretty outdated when it comes to available drivers and can thus be very picky about hardware it successfully runs on. So it seems that most often professionals use CHR breed. This does cause some performance loss, but that can be offset by selection of faster hard...
by mkx
Wed Apr 28, 2021 11:11 pm
Forum: Wireless Networking
Topic: VLAN with 2 Wifi networks on the same AP.
Replies: 3
Views: 271

Re: VLAN with 2 Wifi networks on the same AP.

Basic decission to make is about local forwarding VS capsman forwarding. If you're going with capsman forwarding, then you only have to set up VLANs for discovery interface. All the traffic will flow through this VLAN encapsulated in a sort of a tunnel regardless the VIDs associated with SSIDs. If y...
by mkx
Wed Apr 28, 2021 8:58 pm
Forum: General
Topic: Fasttrack Question Decision
Replies: 2
Views: 179

Re: Fasttrack Question Decision

Mangle rules don't work with fast-track.
It is possible to use both mangling and fast-tracking, but one has to exclude from fast-track everything that has to be mangled.
by mkx
Wed Apr 28, 2021 4:57 pm
Forum: Wireless Networking
Topic: RB951G-2HND DDOS
Replies: 3
Views: 419

Re: RB951G-2HND DDOS

Hi, not sure if this topic belongs to wireless networking but anyway... Another possibility is to mess with wireless. Either hack it to gain access to LAN or create enough interference for clients (door lock, CCTV) to drop off wireless network. Either is hard to defend against determined attacker (...
by mkx
Wed Apr 28, 2021 4:48 pm
Forum: Beginner Basics
Topic: What is the issue with DUDE and SNMP?
Replies: 7
Views: 303

Re: What is the issue with DUDE and SNMP?

A few days ago, I first upgraded my RouterOS to version 6.48.2 on my hap ac2, I then downloaded DUDE client 6.48.2 too. I had already DUDE server installed on my Mikrotik before I upgraded RouterOS. Was Dude server also upgraded with the system automatically? How can I check that? In principle all ...
by mkx
Wed Apr 28, 2021 4:42 pm
Forum: Beginner Basics
Topic: Two segmented networks access to one shared network [SOLVED]
Replies: 11
Views: 485

Re: Two segmented networks access to one shared network [SOLVED]

Beyond my scope of knowlege.

Undoubtedly.
by mkx
Wed Apr 28, 2021 4:41 pm
Forum: General
Topic: Block an IP address from the Internet
Replies: 5
Views: 288

Re: Block an IP address from the Internet

I can see using Torch the packets coming in.. However, the mail server is still being hit. Chain=input is for traffic which terminates in router itself (source doesn't matter, can be either internet or LAN). Chain=forward is for traffic which passes router in any direction (e.g. source on intetnet,...
by mkx
Tue Apr 27, 2021 4:59 pm
Forum: General
Topic: IPIP tunnel only works with fasttrack enabled
Replies: 2
Views: 223

Re: IPIP tunnel only works with fasttrack enabled

Impossible to tell without seeing actual config. My guess: firewall rules. For fast-tracked traffic one needs two matching firewall rules such as these two: add action=fast-track connection-state=established,related <other selection criteria> add action=accept connection-state=established,related,un...
by mkx
Tue Apr 27, 2021 4:46 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1235

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

Lost-packets is showing that radio link is not good.

There are quite a few decent articles on internet about non line-of-sight radio links (e.g. this one) describing how tree tops affect radio propagation.
by mkx
Tue Apr 27, 2021 1:17 pm
Forum: General
Topic: Hotspot arp scan not working !
Replies: 6
Views: 350

Re: Hotspot arp scan not working !

Trash forum.
Indeed. Now go away.
by mkx
Tue Apr 27, 2021 11:05 am
Forum: General
Topic: Bridge Filter Vlans Not Working
Replies: 7
Views: 455

Re: Bridge Filter Vlans Not Working

Don't set use-service-tag=yes ... this setting is not about enabling VLAN tags, it's about using different type of tags (type 802.1ad instead of usual 802.1q).
by mkx
Mon Apr 26, 2021 6:20 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 990

Re: MAC VLAN on CRS354-48G

Block diagram of CRS354-48G indicates that this unit has a single switch chip ... https://i.mt.lv/cdn/product_files/CRS354-48G-4Splus2Qplus_200122.png There are other (mostly mid-priced) MT devices which have two (or more) switch chips and with those several limits apply. So when studying some tutor...
by mkx
Mon Apr 26, 2021 6:17 pm
Forum: General
Topic: Dual WAN, dual subnet, multiple VLANs
Replies: 13
Views: 659

Re: Dual WAN, dual subnet, multiple VLANs

It's hard to tell without seeing actual configuration at least of the main router. One thing does ring the bell: vlan1_sxt implies use of VLAN ID 1. Use of VLAN ID 1 is a bad choice. This VID is used as default value all around and if you're not extra carefull, it can mess with config. So it's bette...
by mkx
Mon Apr 26, 2021 6:07 pm
Forum: Beginner Basics
Topic: Ingress port, Egress port
Replies: 2
Views: 146

Re: Ingress port, Egress port

Im wondering how to dedicate one port as INGRESS traffic and another port for EGRESS traffic. Unless you're trying to do something really fancy ... I don't see how separating ports acording to traffic direction for traffic between two link peers could help. You are aware of the fact that 1000BaseT ...
by mkx
Sun Apr 25, 2021 5:44 pm
Forum: General
Topic: PWR-LINE PRO
Replies: 22
Views: 3103

Re: PWR-LINE PRO

If you have rented a jack hammer, you are my hero!!

If I owned a jack hammer, what would that make me?
by mkx
Sun Apr 25, 2021 4:40 pm
Forum: General
Topic: Fast Path - Questions
Replies: 1
Views: 165

Re: Fast Path - Questions

Fast-track depends on fast-path being enabled. Manual says nothing about fast-path being active.

OTOH I don't think fast-path provides much of a boost. HW offload clearly does and fast-track does as well. So I wouldn't bother about fast-path too much.
by mkx
Sun Apr 25, 2021 4:21 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 990

Re: MAC VLAN on CRS354-48G

The linked document describes just every switching aspect of CRS3xx, there are many sections (port-based VLANs included, trunk port is one of possible port-based VLAN modes). Sure, you need to confugure trunk towards your router. But I was thinking specifically about this part: /interface ethernet s...
by mkx
Sun Apr 25, 2021 1:35 pm
Forum: General
Topic: Static WAN IP not working - mask issue?
Replies: 11
Views: 469

Re: Static WAN IP not working - mask issue?

It could be that ISP implemented some filtering mechanism and it blocks your router if it doesn't obtain IP address via DHCP. Usually ypu can't just set IP address and assume it'll be static. As your ISP about static IP addresses. Some will set static DHCP lease (in that case take care about MAC adr...
by mkx
Sun Apr 25, 2021 11:45 am
Forum: General
Topic: CHR only recognizing 1Gb of ram - 4 assigned
Replies: 2
Views: 243

Re: CHR only recognizing 1Gb of ram - 4 assigned

32-bit ROS v6 for most architectures supports only 1GB RAM. Notable exceptions are AFAIK TILE and CHR (only when when run as x64). So verify how exactly your CHR is set up, could be that it's running in x86 mode.
by mkx
Sat Apr 24, 2021 8:15 pm
Forum: Beginner Basics
Topic: What does the firewall built in counter count?
Replies: 6
Views: 444

Re: What does the firewall built in counter count?

It's worth to mention that the rule is added automatically and hence its full properties are not known, tbere might be some bits not shown in its property list. As stated in comment it's dummy and might be just a hook into fasttrack driver, not a real firewall filter. Thus it's probably impossible t...
by mkx
Sat Apr 24, 2021 5:18 pm
Forum: General
Topic: Running out of disk space
Replies: 4
Views: 325

Re: Running out of disk space

Flash disks hold actual ROS and ROS nowdays consumes anything between 10 and 15+ MB depending on number of packages installed and amount of permanent configuration (address lists, firewall rules, etc.). The rest of flash space is accessible under file->flash So what you see is pretty normal, even th...
by mkx
Sat Apr 24, 2021 4:34 pm
Forum: Beginner Basics
Topic: Connecting a Mikrotik router to a non cooperative ADSL router
Replies: 2
Views: 200

Re: Connecting a Mikrotik router to a non cooperative ADSL router

You can use C as default gateway for LAN of B (no need to run DHCP server on C if you can configure DHCP server on B with C's IP address as gateway address). Or you can skip the C and configure A as default gateway for LAN B, but you'll have to play with policy based routing (so that B will be used ...
by mkx
Sat Apr 24, 2021 4:15 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 990

Re: MAC VLAN on CRS354-48G

Did you read this part of CRS3xx switch manual? I think that as a CRS3xx owner you should read it and understand every bit (OK, byte) of the whole document.
by mkx
Fri Apr 23, 2021 11:05 pm
Forum: General
Topic: Bridge/vlan configuration advice
Replies: 3
Views: 227

Re: Bridge/vlan configuration advice

On CCR it will be done by CPU either way so performance wise both ways are pretty much the same. But you should proceed and configure CCR the same way as CRS - single bridge with VLANs. This way configuration will be similar on both your devices (only that CRS actually HW offloads everything).
by mkx
Fri Apr 23, 2021 10:54 pm
Forum: Beginner Basics
Topic: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?
Replies: 4
Views: 323

Re: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?

Just kidding, just curious as to what functionality switch stacking gives you?? Single control plane. Legacy stackable switches also provided proprietary high-speed interconnect interfaces (e.g. 40Gbps interface on Gbps switches in times when standard 10Gbps interfaces either did not exist or were ...
by mkx
Fri Apr 23, 2021 10:39 pm
Forum: Beginner Basics
Topic: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?
Replies: 4
Views: 323

Re: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?

No, none of Mikrotik switches support stacking. The closest is bridge extender, but that feature is much worse from performance and availability point of view.
by mkx
Wed Apr 21, 2021 11:15 pm
Forum: SwOS
Topic: SwOS detecting wrong mac address of NIC
Replies: 2
Views: 405

Re: SwOS detecting wrong mac address of NIC

I'd check to see what other hosts in same subnet see. Configure IP address on the offending NIC, then ping it from another linux machine in same subnet. When you get ping replies, check ARP address recorded (grep IP address in /proc/net/arp ). If other machines see same as switch, then NIC is playin...
by mkx
Wed Apr 21, 2021 10:55 pm
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 702

Re: Connectivity [SOLVED]

If you're going to use wireless to connect hAP ac2 to ISP router, then decide which band you're going to use for that ... if you have a choice at all (depends what wireless is supported on ISP router). But since there's some distance between both devices (10m if I see correctly) it'd be better to us...
by mkx
Wed Apr 21, 2021 10:28 pm
Forum: General
Topic: IPIP vs GRE [SOLVED]
Replies: 7
Views: 508

Re: IPIP vs GRE [SOLVED]

I guarantee this was not the case a couple of versions ago...
I'll take your word on it ;-)
by mkx
Wed Apr 21, 2021 7:22 pm
Forum: General
Topic: SFP RB4011
Replies: 25
Views: 5460

Re: SFP RB4011

Most Mikrotik devices are picky about SFP modules, GPON modules in particular are worse (and none GPON SFP modules are oficially supported anyway). RB4011 seems to be even more picky than the rest.
by mkx
Tue Apr 20, 2021 11:19 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1434

Re: Port forwarding not working from Public IP ranges [SOLVED]

It seems that sometimes there's some configuration burried somewhere and not shown in UI. Not shown on configuration export as well ? How is that actually possible ? I've never experienced such case myself and I've no idea how configuration shown in UI (any of them) correlates to actual configurati...
by mkx
Tue Apr 20, 2021 9:06 pm
Forum: Wireless Networking
Topic: CAPsMAN Client to Client Forwarding...
Replies: 4
Views: 369

Re: CAPsMAN Client to Client Forwarding...

During my testing I noticed another peculiar issue. When two devices are connected to the same cap and both are on the same radio (say 2GHz) it blocks communications as it should. However, when one device connects to the 2GHz and one device connects to the 5GHz communication is allowed even though ...
by mkx
Tue Apr 20, 2021 8:50 pm
Forum: General
Topic: IPIP vs GRE [SOLVED]
Replies: 7
Views: 508

Re: IPIP vs GRE [SOLVED]

In what cases do I need to specify addresses for both ends of the IPIP-tunnel, and in what cases it is not necessary? I tried a IPIP-tunnel without addresses - everything works fine. When you enable IPsec encryption you will need to specify a local address I just tried ... and IPsec works just fine...
by mkx
Tue Apr 20, 2021 7:39 pm
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 702

Re: Connectivity [SOLVED]

I'd still like to see actual configuration from your Mikrotik. I don't kniw (by heart) how exactly default config looks like and thus don't know what exactky has to be changed to get things working.

So, please, follow the procedure I described to export config and post it here.
by mkx
Tue Apr 20, 2021 12:28 pm
Forum: RouterBOARD hardware
Topic: PoE issue (?) hAP ac3 + CSS610-8G-2S+IN
Replies: 2
Views: 270

Re: PoE issue (?) hAP ac3 + CSS610-8G-2S+IN

If you didn't reboot hAP ac3, you can check logs (/log print) to see if there was some suspicious event.
by mkx
Mon Apr 19, 2021 7:53 pm
Forum: Beginner Basics
Topic: What exactly causes 100% CPU load?
Replies: 2
Views: 245

Re: What exactly causes 100% CPU load?

All FW rules have counters ... check which counter is incrementing the most while under DDOS. Don't blindly disable that rule, result might be vulnerable LAN.
by mkx
Mon Apr 19, 2021 8:23 am
Forum: General
Topic: Feature requests
Replies: 1335
Views: 322452

Re: Feature requests

( Tilera CPU support is dropped by linux kernel - so its no future ). Mikrotik has already made kernel patches just for Tilera, so no worries there. Tile is an old platform never the less and would be unwise to introduce new products based on outdated hardware. Future support for current products i...
by mkx
Mon Apr 19, 2021 12:14 am
Forum: General
Topic: Connection tracking problem with discovery
Replies: 4
Views: 290

Re: Connection tracking problem with discovery

How exactly are these connections shown in connection tracking list?
by mkx
Sun Apr 18, 2021 8:59 pm
Forum: General
Topic: Connection tracking problem with discovery
Replies: 4
Views: 290

Re: Connection tracking problem with discovery

TCP connection is considered "established" after successful completion of three-way handshake . If some remote host is probing a TCP port to check if it's open, it might send only initial packet and wait for reply - if reply is received, port is very likely open. Since port scanners are no...
by mkx
Sun Apr 18, 2021 11:05 am
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1434

Re: Port forwarding not working from Public IP ranges [SOLVED]

I'm out of ideas as to what prevents your setup to perform correctly. There were cases where seemingly correct config did not work right and solution was factory reset, followed by application of very same config. It seems that sometimes there's some configuration burried somewhere and not shown in ...
by mkx
Sat Apr 17, 2021 8:32 pm
Forum: General
Topic: SFP+ Cable between RB4011 and Edgeswitch
Replies: 1
Views: 199

Re: SFP+ Cable between RB4011 and Edgeswitch

Get one Ubiquiti compatible optical SFP+module, one Mikrotik compatible optical SFP+ module and a short fibre patch cable.
by mkx
Sat Apr 17, 2021 8:29 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1434

Re: Port forwarding not working from Public IP ranges [SOLVED]

Now when I look at the "Quick Set" page in the webadmin "IP address" for Local Network is shown in red with the ip 0.0.0.0. After you start configuring things outside Quickset, never ever use it again. At best it'll display misleading information, at worst it'll mess with config...
by mkx
Sat Apr 17, 2021 6:56 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1434

Re: Port forwarding not working from Public IP ranges [SOLVED]

Those 4 bytes corresponds to what I've noticed in the log file. ... Am aware that the packages that comes from the Internet connection will not contain a VLAN tag. For your router, packets coming from 192.168.0.20 or from random internet host are just the same. They enter router through interface o...
by mkx
Sat Apr 17, 2021 6:47 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1434

Re: Port forwarding not working from Public IP ranges [SOLVED]

Make sure this line is gone: /ip address add address=10.1.0.1/24 comment="Main bridge" interface=MainBridge network=10.1.0.0 Then /interface list member add comment=defconf interface=MainBridge list=LAN Interface LAN_VLAN should be member of LAN interface list rather than MainBridge. BTW, ...
by mkx
Sat Apr 17, 2021 12:22 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1434

Re: Port forwarding not working from Public IP ranges [SOLVED]

When vlan-filtering=yes on bridge, it's a bit debatable whether untagged frames are actually passing bridge (the switch-like entity). Which means you have to folow one of the following: set pvid on bridge interface and use bridge interface as untagged (or hybrid) interface. If you don't set pvid exp...
by mkx
Sat Apr 17, 2021 12:07 pm
Forum: Beginner Basics
Topic: Looking for help in setting up IoT Hub [SOLVED]
Replies: 19
Views: 1102

Re: Looking for help in setting up IoT Hub [SOLVED]

I am still trying to understand why the suggestions on forum, do not work by copy pasting on command line. For example: using below line on command line gives error Because most of (general) examples/suggestions assume device with no previous configuration. ROS is so versatile it's almost impossibl...
by mkx
Fri Apr 16, 2021 10:00 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 262
Views: 34823

Re: v7.1beta5 [development] is released!

Factory reset resets configuration, SW install remains intact. Netinstall wipes non-volatile storage and installs everything anew.
by mkx
Fri Apr 16, 2021 9:59 pm
Forum: RouterOS v7 BETA
Topic: RB4011 is missing CPU frequency adjustment
Replies: 10
Views: 982

Re: RB4011 is missing CPU frequency adjustment

In ROS v6 CPU frequency is shown by /system resource print.
I'm using ROS v7.
Right. Nothing remained unchanged ...
by mkx
Fri Apr 16, 2021 9:46 pm
Forum: RouterOS v7 BETA
Topic: RB4011 is missing CPU frequency adjustment
Replies: 10
Views: 982

Re: RB4011 is missing CPU frequency adjustment

In ROS v6 CPU frequency is shown by /system resource print.
by mkx
Fri Apr 16, 2021 9:20 pm
Forum: Beginner Basics
Topic: IPV6 RB4011 as Subrouter in DHCP-PD chain: pool prefix-length:68
Replies: 4
Views: 325

Re: IPV6 RB4011 as Subrouter in DHCP-PD chain: pool prefix-length:68

Actually don't bother setting the prefix length and prefix hint, DHCP server on opensense will delegate /60 prefix if you configured it as such. My ISP also delegates /56 prefixes and I'm getting one without setting prefix hint. pool-prefix-length is the key setting (even though it's set on dhcp-cli...
by mkx
Fri Apr 16, 2021 9:06 pm
Forum: RouterOS v7 BETA
Topic: RB4011 is missing CPU frequency adjustment
Replies: 10
Views: 982

Re: RB4011 is missing CPU frequency adjustment

I think it was mentioned that CPU governor will be dynamic. So you should check CPU frequency from time to time (under different loads), chances are that it'll be different.
by mkx
Fri Apr 16, 2021 5:14 pm
Forum: General
Topic: ISP to Mikrotik Router RB4011 Bridging
Replies: 12
Views: 799

Re: ISP to Mikrotik Router RB4011 Bridging

...most ISP connections I know of, that use PPPOE require to use a seperate VLAN (i.e. German Telekom, VLAN-ID = 7) But not all. Log entries (connecting ... authenticated, connected, terminating ... disconnected) actually show that VLAN is (probably) not a problem since PPPoE client can talk to ISP...
by mkx
Fri Apr 16, 2021 4:58 pm
Forum: Beginner Basics
Topic: What is the best way to set-up WLAN VLAN?
Replies: 6
Views: 481

Re: What is the best way to set-up WLAN VLAN?

On my Mikrotik all-in router I would like to set-up two WLAN VLANs, and I have two questions: Is there any difference between two ssid-s, if I set-up one on wlan1 (physical interface) and one on a virtual wlan built on the first physical one? I guess here e.g. speed, hw acceleration, security, etc....
by mkx
Fri Apr 16, 2021 4:49 pm
Forum: Beginner Basics
Topic: RBGPOE connected to PoE switch - will it block power request from source?
Replies: 1
Views: 146

Re: RBGPOE connected to PoE switch - will it block power request from source?

Mikrotik APs will work off PoE injectors just fine. Just make sure your Linksys doesn't accidentally output power on those ethernet ports where you'll have PoE injectors (could be it has some per-port setting regarding PoE, like on/auto/off ).
by mkx
Thu Apr 15, 2021 2:15 pm
Forum: Beginner Basics
Topic: Add tag to untaged traffic
Replies: 13
Views: 599

Re: Add tag to untaged traffic

/interface bridge add name=bridge pvid=33 vlan-filtering=yes No PVID! Interface bridge should be tagged for VLAN 33. The next one is completely wrong: /interface bridge vlan add bridge=bridge untagged=vlan33 vlan-ids=33 should be like this: /interface bridge vlan add bridge=bridge tagged=bridge unt...
by mkx
Thu Apr 15, 2021 8:57 am
Forum: General
Topic: Each port a seperate Subnet
Replies: 3
Views: 247

Re: Each port a seperate Subnet

Default configuration depends on mikrotik device type, so are necessary steps to be taken. Most SOHO type devices come with default config which uses ether1 as WAN interface, other wired and wireless interfaces are made part of a bridge (all ports are bridged/switched) which is then used for LAN. If...
by mkx
Wed Apr 14, 2021 10:54 pm
Forum: Beginner Basics
Topic: Add tag to untaged traffic
Replies: 13
Views: 599

Re: Add tag to untaged traffic

The switch chip version: did you verify the section I emphasized? The switch1-cpu port should be all tagged, but (if I'm right) it's set with default-vlan-id=32 meaning it will untag frames belonging to VLAN 32 when handing them over to CPU (bridge) and thus vlan interface vlan32backbone doesn't see...
by mkx
Wed Apr 14, 2021 5:48 pm
Forum: General
Topic: Way to set the NAT type?
Replies: 5
Views: 410

Re: Way to set the NAT type?

If I understand things correctly (and very likely I don't), these terms really apply fully when one has multiple public addresses. In that case there are ways to acomplish target manually or semi-automatically under ROS. If one only has single public address (usual situation for home users), then th...
by mkx
Wed Apr 14, 2021 5:35 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4837

Re: Time Sync with SNTP client and IP Cloud Not Working

I just want to know what is wrong with it and why NTP isn't working. It's hard to tell. Many of us have NTP (and SNTP) clients working just fine. Which means it's sonethjng specific to your case. You can try to raise a support ticket ... possibly at support@mikrotik.com. They'll probably want supou...
by mkx
Wed Apr 14, 2021 5:20 pm
Forum: Beginner Basics
Topic: Add tag to untaged traffic
Replies: 13
Views: 599

Re: Add tag to untaged traffic

You can deal with VLANs either using bridge vlan-filtering or using switch chip, not both. As long as you have vlan-filtering set to no, bridge setup does not do any harm. However this part does does harm regardless of the way you'll configure VLANs: /interface bridge port add bridge=bridge interfac...
by mkx
Wed Apr 14, 2021 5:09 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 121
Views: 18021

Re: v6.48.2 [stable] is released!

Not all updates from 6.49beta27 of Testing release tree went to 6.48.2 ?

In ROS features are generally not back-ported. Only important fixes are. For new features and less important fixes you'll have to wait for 6.49 (release).
by mkx
Wed Apr 14, 2021 3:23 pm
Forum: General
Topic: Internet distro
Replies: 1
Views: 172

Re: Internet distro

Let's stick to your original topic here.
by mkx
Wed Apr 14, 2021 3:22 pm
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 702

Re: Connectivity [SOLVED]

I'm slightly at loss about how exactly your network topology looks like and how exactly is MT configured. So I suggest you to post a chart (hand drawing would do) of your LAN (showing fibre router, mikrotik, typical LAN device, together with types of connections between various devices). And actual ...
by mkx
Wed Apr 14, 2021 9:36 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 121
Views: 18021

Re: v6.48.2 [stable] is released!

Dynamic data (DHCP leases, adress lists, ...) doesn't survive reboot, only static data (written to non-volatile storage) does. For DHCP lease list that's not a huge problem. When DHCP lease timer expires (or rather at half time), DHCP clients will try to renew leases and will request the same IP add...
by mkx
Wed Apr 14, 2021 9:30 am
Forum: RouterBOARD hardware
Topic: NetPower16 feeding AF11FX
Replies: 5
Views: 805

Re: NetPower16 feeding AF11FX

You need this

Not necessarily ... OP's PD consumes less than 30W which is well inside 802.1at specs. It's OP's power adapter that doesn't allow him to use at standard (while af standard is up to 15W which is too little for AF11FX).
by mkx
Wed Apr 14, 2021 9:21 am
Forum: General
Topic: Tagging Untagged VLAN From Other Devices
Replies: 6
Views: 577

Re: Tagging Untagged VLAN From Other Devices

So which part of my previous post does not give you enough information to get started?
by mkx
Tue Apr 13, 2021 9:29 pm
Forum: Beginner Basics
Topic: Difference between Mikrotik Cloud Router Switches [SOLVED]
Replies: 3
Views: 368

Re: Difference between Mikrotik Cloud Router Switches [SOLVED]

All CRS switches can switch wirespeed. Some can do wirespeed slightly more complicated stuff. With ROSv7 beta some (but not all) CRS3xx devices can even route wirespeed.

But the big difference is that CRS3xx are contemporary products offering e.g. 10Gbps interfaces. CRS1xx and CRS2xx are not.
by mkx
Tue Apr 13, 2021 9:18 pm
Forum: Beginner Basics
Topic: Difference between Mikrotik Cloud Router Switches [SOLVED]
Replies: 3
Views: 368

Re: Difference between Mikrotik Cloud Router Switches [SOLVED]

Even though officially they're still available, essentially CRS1xx and CRS2xx are obsolete.
by mkx
Tue Apr 13, 2021 6:14 pm
Forum: General
Topic: CRS vs CCR
Replies: 3
Views: 366

Re: CRS vs CCR

Realistically RB4011 can't handle 4x1Gbps WANs with load sharing and what not (but could handle 2x1Gbps).
by mkx
Mon Apr 12, 2021 9:11 pm
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 1656

Re: RB5011?

For the record, RB4011 uses SoC AL21400 (SoC among other things features ARM cores but contains much more). This SoC can route around 2.5Gbps (give or take), IMO plenty for SOHO users now and good enough for vast majority in next few years. If you trip on "features", like CPU names, then y...
by mkx
Mon Apr 12, 2021 8:54 pm
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 1656

Re: RB5011?

I don't want it 3 years outdated. Which part of RB4011 is 3 years outdated ? The great thing about Mikrotik devices is that they come with insanely long support time. The only thing that outdates Mikrotik devices is lack of performance, other vendors tend to limit support to much shorter time and t...
by mkx
Mon Apr 12, 2021 8:47 pm
Forum: Beginner Basics
Topic: Vlan no internet - hEX router 6.48.1
Replies: 3
Views: 318

Re: Vlan no internet - hEX router 6.48.1

Your setup is missing half of DHCP server settings (in /ip dhcp-server network in particular).

VLAN setup is almost non-existent. I suggest you to read through this excellent tutorial.
by mkx
Mon Apr 12, 2021 8:39 pm
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 1656

Re: RB5011?

If you need your "RB5011" then either look around and see if some available devices may do what you need or just don't buy Mikrotik at all. What are the alternatives? Guess what? Performance doesn't come for free. If you need performance because you have high speed WAN link for which you ...
by mkx
Mon Apr 12, 2021 7:21 pm
Forum: General
Topic: Winbox Safe mode
Replies: 30
Views: 54128

Re: Winbox Safe mode

It will work with almost all commands. I don't know but I'd expect not to work on e.g. restore of backup. There might be a few other "huge" commands where undo doesn't work.
by mkx
Mon Apr 12, 2021 7:17 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4837

Re: Time Sync with SNTP client and IP Cloud Not Working

You may want to verify that selected NTP servers are actually accessible from your location (you can run ntpdate -d -v <IP address> from a linux host). Just checked and the first one (129.6.15.28 is time-a-g.nist.gov) is fine from my location, however the other one (132.163.96.5 is ntp-b.nist.gov) i...
by mkx
Mon Apr 12, 2021 5:07 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 960

Re: VLAN Filter - how do ingress and egress rules work?

I can only agree that bridge in MT world is a mess because it's not explicitly clear which settings are about bridge (the switch-like stuff) and which settings are about bridge (the interface). It's confusing and hence the article by @sindy (it took some time for all of us to find out all of the dar...
by mkx
Mon Apr 12, 2021 5:02 pm
Forum: General
Topic: no access out of firewall
Replies: 10
Views: 546

Re: no access out of firewall

One thing I'd change is this: /interface detect-internet set detect-interface-list=all I'm yet to hear about anything useful about this setting enabled, but there are reports it can break random things. Other than that, your firewall is messy and I certainly hope all of those PCs with exposed RDP se...
by mkx
Mon Apr 12, 2021 4:49 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 960

Re: VLAN Filter - how do ingress and egress rules work?

Not really. but it does not tell you that the PVID setting is acting on ingress and egress. IMO you already covered this case under 2.B.ii.b ... because when bridge interface has PVID set (and it always has it set, if not other the hidden default PVID=1), again all frames pass bridge the switch lik...
by mkx
Mon Apr 12, 2021 4:43 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4837

Re: Time Sync with SNTP client and IP Cloud Not Working

Proper NTP client takes a while before it reaches status: synchronized (usually a few minutes). The initial firewall filter in your export (chain=input action=accept connection-state=established,related) should allow NTP client to work (but should have allowed the SNTP client to work as well if it's...
by mkx
Mon Apr 12, 2021 4:34 pm
Forum: General
Topic: no access out of firewall
Replies: 10
Views: 546

Re: no access out of firewall

Smells like ARP problem but it's hard to tell without seeing full router config (text export) and some chart explaining network topology (seems it's not entirely trivial).
by mkx
Mon Apr 12, 2021 4:31 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 960

Re: VLAN Filter - how do ingress and egress rules work?

looks like that I need to update my OP once again. Not really. What you're missing is that bridge has two or three personalities (depends how you count). When you consider those personalities separately, you don't have to change your explanation. This topic explains bridge and its personalities nic...
by mkx
Mon Apr 12, 2021 3:27 pm
Forum: Wireless Networking
Topic: WAP LTE kit Performance [SOLVED]
Replies: 5
Views: 435

Re: WAP LTE kit Performance [SOLVED]

I don't know what you can do. Getting a cat6 (or better) LTE modem would definitely help, this way you could avoid locking wAP to B7 or B3 cells ...
by mkx
Mon Apr 12, 2021 3:20 pm
Forum: General
Topic: Static route - connect to a secondary LAN
Replies: 2
Views: 338

Re: Static route - connect to a secondary LAN

Your case is pretty simple and there's no need to play with mangling and routing marks. Remove everything shown in your config excerpt except for the default route ( add check-gateway=ping distance=1 gateway=192.168.0.1 ). Simply adding IP address (with correct subnet mask) to ether5 already allows ...
by mkx
Mon Apr 12, 2021 3:02 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4837

Re: Time Sync with SNTP client and IP Cloud Not Working

NTP package is not available for HAP AC. hAP ac is MIPSBE and MIPSBE has ntp package (get extra packages file for your ROS version, mine is 6.47.9 and it contains all packages including ntp-6.47.9-mipsbe.npk ), upload it to your router and reboot. Works great on my RB951G devices (MIPSBE as well). ...
by mkx
Mon Apr 12, 2021 11:20 am
Forum: Wireless Networking
Topic: WAP LTE kit Performance [SOLVED]
Replies: 5
Views: 435

Re: WAP LTE kit Performance [SOLVED]

R11e-LTE (LTE module included in your device) isn't capable of CA. Which nowadays severely limits DL speed (as most of MNO's cells are quite loaded and only way of getting good throughputs is by using CA). That could explain lower DL throughputs. Beware that on B20, where RSRP is likely highest, cha...
by mkx
Mon Apr 12, 2021 11:04 am
Forum: Wireless Networking
Topic: SXT5 NV2 "lost connection, synchronization timeout"
Replies: 6
Views: 462

Re: SXT5 NV2 "lost connection, synchronization timeout"

Done - but shouldn't DFS=ALL be set by my regulatory domain? Why is this important? Should it be enabled on both - master and slave? Default is to use all channels feasible. The lsit depends on a) regulatory domain, b) selection of indoor vs. outdoor vs. any . The problem with DFS channels is (as I...
by mkx
Mon Apr 12, 2021 8:49 am
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 1656

Re: RB5011?

CCR2004 no switch chip.RB3011 is too big.

CCR2004 is a proper router and thus does not lack switch chip. The rest of devices on your list are SoHo devices (a completely different device group).

You're saying RB3011 doesn't fit standard 19" rack?
by mkx
Mon Apr 12, 2021 8:39 am
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4837

Re: Time Sync with SNTP client and IP Cloud Not Working

Actually cloud timesync is broken. I've read explanation by Mikrotik that cloud timesync is very approximate and only useful for setting approximate time for logs. For everything else disable cloud timesync and use (S)NTP client. In fact you should only use single time sync method as multiple fight ...
by mkx
Mon Apr 12, 2021 8:24 am
Forum: Wireless Networking
Topic: SXT5 NV2 "lost connection, synchronization timeout"
Replies: 6
Views: 462

Re: SXT5 NV2 "lost connection, synchronization timeout"

While you might get upset about watchdog not triggering you really should adjust list of allowed frequencies so that "master device" (sw15) doesn't select a DFS frequency by setting skip-dfs-channels=all ... even if reboot occurred earlier it could still happen that sw15 selects a DFS freq...
by mkx
Sat Apr 10, 2021 6:14 pm
Forum: General
Topic: CRS328 Temperature high
Replies: 5
Views: 608

Re: CRS328 Temperature high

CRS328-24P does have fans and OP contains data about their RPM. However fans are temperature driven and it seems MT thinks these temperatures are fine or else fans would run much faster (I seem to remember they can go as high as 5000 RPM or something like that).
by mkx
Sat Apr 10, 2021 1:14 pm
Forum: SwOS
Topic: Multicast issue on SwOS
Replies: 5
Views: 565

Re: Multicast issue on SwOS

MT devices in general (both ROS and SwOS) don't implement IGMP snooping quite properly and it's hard to get it working right (with SwOS giving much less possibilities for tinkering with settings even more so) . My own sollution is to have it disabled but this might not be sollution for you if cummul...
by mkx
Sat Apr 10, 2021 1:01 pm
Forum: RouterBOARD hardware
Topic: idea for a mUPS version 2
Replies: 1
Views: 304

Re: idea for a mUPS version 2

The simple design is guarantee for batteries to get destroyed sooner or later. Even if one uses very simple lead-acid batteries, there are a few problems: when charged, a 12V lead-acid battery has voltage of around 13.7-13.9 Volts. Exact number depends on exact manufacturing process (e.g. normal vs....
by mkx
Sat Apr 10, 2021 12:18 pm
Forum: General
Topic: Tagging Untagged VLAN From Other Devices
Replies: 6
Views: 577

Re: Tagging Untagged VLAN From Other Devices

What you want is perfectly doable. However you'll have to reconfigure both devices (RB951G and hAP lite) for use of VLANs. Reconfiguration of both will be done in similar manner: you will use two VLANs: one for IPTV and one for LAN. Use any number between 2 and around 4000. Let's say you'll use VLAN...
by mkx
Fri Apr 09, 2021 11:54 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 5932

Re: "antenna gain" missing in 6.46.8?

And can't the router ask the chip? Obviously it can't. Not easily at least. I don't think MT devs deliberately threw the functionality out of ROS for ac chipsets (and newer) just for fun. There must be a reason for lack of Tx power information and I guess it has something to do with in-house develo...
by mkx
Fri Apr 09, 2021 7:43 pm
Forum: Beginner Basics
Topic: Connect switch and router via SFP - partially working [SOLVED]
Replies: 7
Views: 538

Re: Connect switch and router via SFP - partially working [SOLVED]

No wasnt aware that the large switch setups with sWOS dont have a config to export.....

Any switch setups with swOS only have one type of human-readable configuration export: the graphical one.
by mkx
Fri Apr 09, 2021 6:09 pm
Forum: General
Topic: VLAN setup for CCR1016 and CRS226
Replies: 14
Views: 989

Re: VLAN setup for CCR1016 and CRS226

Documentation about switch trunks, supported by CRS1xx/CRS2xx, is slightly scarce, but judging from configuration example shown in this document it is possible to assume it's similar to bonding with layer2-and-3 transmit policy. And with this kind of bonds pair of hosts (same pair of MAC addresses -...
by mkx
Fri Apr 09, 2021 5:53 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 5932

Re: "antenna gain" missing in 6.46.8?

Problem is that default value very much depends on exact radio chip model used. Not a problem with pre-ac hardware which can show exact values used. So when you'd set tx-power mode to "card-rates" and check running values, you'd get all the information you need. With newer chipsets that's ...
by mkx
Fri Apr 09, 2021 11:46 am
Forum: Wireless Networking
Topic: Fast update of upstream L2 switch MAC address tables when roaming across APs
Replies: 3
Views: 342

Re: Fast update of upstream L2 switch MAC address tables when roaming across APs

Slightly off-topic, but I'll correct myself (before many other users do it):
As this forum is un-official user forum,
Actually this forum is official forum. The user part is true, MT staff don't necessarily react to bugs reported (only) on this forum.
by mkx
Fri Apr 09, 2021 10:51 am
Forum: Wireless Networking
Topic: Fast update of upstream L2 switch MAC address tables when roaming across APs
Replies: 3
Views: 342

Re: Fast update of upstream L2 switch MAC address tables when roaming across APs

As this forum is un-official user forum, I suggest you to send your suggestion/request directly to mikrotik, e.g. via e-mail address support@mikrotik.com
by mkx
Fri Apr 09, 2021 10:48 am
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 702

Re: Connectivity [SOLVED]

Assuming fibre router is not Mikrotik, you can not set Mikrotik LAN address to same subnet as fibre router's. Instead Mikrotik should perform NAT and all the rest. Default config on SOHO line is using interface list throughout firewall rules (including NAT) and if you stick to that concept, you shou...
by mkx
Fri Apr 09, 2021 12:09 am
Forum: General
Topic: How to make a router plugged into an interface only see a VLAN
Replies: 5
Views: 376

Re: How to make a router plugged into an interface only see a VLAN

Add configuration something like this; /interface bridge add name=bridge1234 vlan-filtering=yes /interface bridge port add bridge=bridge1234 interface=ether4 pvid=1234 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes /interface bridge vlan add bridge=bridge1234 tagged=bridge...
by mkx
Wed Apr 07, 2021 10:33 pm
Forum: General
Topic: PowerPro no HOfload on second Bridge
Replies: 2
Views: 245

Re: PowerPro no HOfload on second Bridge

In ROS (currently) only one bridge can offload operations to hardware. If configuration is same for all brudges, ROS automagically selectd one for offload. You can affect the selection by manually disable HW offload on all non-preferred ports. Actual limitation is one bridge per switch chip, but mos...
by mkx
Wed Apr 07, 2021 5:22 pm
Forum: General
Topic: How to make a router plugged into an interface only see a VLAN
Replies: 5
Views: 376

Re: How to make a router plugged into an interface only see a VLAN

Just to make it clear: which device (CCR or anonymous router) should take care of VLANs? If it's CCR, then you can use bridge, which is kind of a software bridge and can deal with VLAN tags as well. Have a look at this fine tutorial, applies to CCR as well.
by mkx
Wed Apr 07, 2021 4:35 pm
Forum: RouterOS v7 BETA
Topic: intel 710 chipset driver
Replies: 7
Views: 1047

Re: intel 710 chipset driver

Absolutely not. Even when ROS v7 will be officially released, you should wait before deploying in production environment. The track record shows that there are always some teething problems after release of new minor version, let alone after major version (such as jump from v6 to v7).
by mkx
Wed Apr 07, 2021 4:26 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 831

Re: Multiple Trunk setup performance issues

If trunk port is set to vlan-header=leave-as-is and vlan-mode=secure then on ingress VLAN table (otherwise governing egress filtering) would be consulted. And there's no "untagged" option in that table (could be that it would be possible to add VID 0 to that table, VID 0 is sometimes used ...
by mkx
Wed Apr 07, 2021 4:18 pm
Forum: General
Topic: Bridge hosts table when 2 interfaces with same MAC
Replies: 4
Views: 335

Re: Bridge hosts table when 2 interfaces with same MAC

Hmmm ... only now I see the weirdness of your setup. I still think it's bug in code which prints out the ARP table, possibly it expects that one MAC address is only available through one of bridge ports (and in your case, bridge ports are vlan interfaces on top of ether5) which would be usual case. ...
by mkx
Wed Apr 07, 2021 4:06 pm
Forum: General
Topic: Certificate valid days question
Replies: 5
Views: 321

Re: Certificate valid days question

There's a myriad of issues, revolving around 32-bit timers with offset to UNIX epoch. Linux kernel has support for 64-bit counters since ages ago (also 32-bit kernel), but there are other (mostly 32-bit) applications (and glibc and ...) which not necessarily use it yet. And those include ssl librari...
by mkx
Wed Apr 07, 2021 3:45 pm
Forum: Beginner Basics
Topic: Trying to setup VLANs with hAP ac3 and CSS 610-8G-2S+IN [SOLVED]
Replies: 3
Views: 263

Re: Trying to setup VLANs with hAP ac3 and CSS 610-8G-2S+IN [SOLVED]

/interface ethernet switch port set 4 default-vlan-id=5 vlan-header=add-if-missing vlan-mode=secure Port with index 4 uslually relates to ether5 ... and setting I highlited means it'll untag frames from VLAN 5 on egress [*]. Which obviously is not what you want. So unset the default-vlan-id (or set...
by mkx
Wed Apr 07, 2021 3:14 pm
Forum: Beginner Basics
Topic: VLANs, trunk ports and vlan interfaces
Replies: 3
Views: 430

Re: VLANs, trunk ports and vlan interfaces

/interface vlan add interface=bridge name=VLAN-1111 use-service-tag=yes vlan-id=1111 The setting I highlited is toggle between using 802.1q ("usual" VLAN) and 802.1ad ("QinQ" VLAN). Most users want to use 802.1q tags and corresponding setting is use-service-tag=no (which is defa...
by mkx
Wed Apr 07, 2021 7:59 am
Forum: General
Topic: Bridge hosts table when 2 interfaces with same MAC
Replies: 4
Views: 335

Re: Bridge hosts table when 2 interfaces with same MAC

I don't think anything is wrong with your setup, I guess it's a bug in printing host table. Bridge is supposed to do independent VLAN learning. Plus it's customary for VLAN interfaces to use physical interface's MAC address (at least linux does it) so from router's point of view your two gadgets mig...
by mkx
Tue Apr 06, 2021 10:07 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 24
Views: 1276

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

Curious: although it's probably moot with the relatively small amounts of data we push, wouldn't separating out guest users with multiple bridges (which occur at the hardware level) be faster than segmenting with VLANs (which occur at the software level, right?) ? As @anav mentioned, bridges in ROS...
by mkx
Tue Apr 06, 2021 9:55 pm
Forum: Beginner Basics
Topic: Why is there "Current Tag" & "Current Untagged" in each VLAN
Replies: 6
Views: 516

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

PVID=1 setting is implicit default on all bridge ports when vlan-filtering is enabled. thx but there is no traffic with VLAN-ID=1, so why are they listed? There is active, physical link only on port 01-10 (and 16). Only traffic with VLAN ID=100 runs over port 01-10, so why does VLAN10 say that ther...
by mkx
Tue Apr 06, 2021 5:36 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 5932

Re: "antenna gain" missing in 6.46.8?

We can only speculate how it works. All those other brands that talk in 100%,90%, 75%,50%,25%,10% TX power setting, how do they implement it? Over all MCS encodings, or is that wishful thinking (again)? Indeed we can only guess. Unless somebody with some professional measurement gear can do some me...
by mkx
Tue Apr 06, 2021 5:32 pm
Forum: Beginner Basics
Topic: Why is there "Current Tag" & "Current Untagged" in each VLAN
Replies: 6
Views: 516

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

PVID=1 setting is implicit default on all bridge ports when vlan-filtering is enabled. If you really want to get rid of it, set trunk (tagged only) ports with the following settings: /interface bridge port set [ find interface=ether2 ] frame-types=admit-only-vlan-tagged ingress-filtering=yes (same f...
by mkx
Tue Apr 06, 2021 5:18 pm
Forum: Wireless Networking
Topic: POE Surge protection test!
Replies: 4
Views: 1069

Re: POE Surge protection test!

best surge protector sofar = 2x 1gbps media converters connected with 1 meter of single mode fiber ...
... powered by? Don't forget that power adapters are "guilty" of quite many surge damages, overvoltage can pass those as well.
by mkx
Tue Apr 06, 2021 5:03 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 5932

Re: "antenna gain" missing in 6.46.8?

This way you make an AP that is performing way below par, that is interfering more than any other other AP, that looses connection easily, since the chipset with 6-7dBm variation in allowed TX power according MCSrate is in use. Even if your assumption that setting antenna gain higher reduces Tx pow...
by mkx
Tue Apr 06, 2021 4:42 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 831

Re: Multiple Trunk setup performance issues

Only one (minor) thing: on trunk ports I always set vlan-header=leave-as-is ...
by mkx
Tue Apr 06, 2021 4:38 pm
Forum: Beginner Basics
Topic: Default Configuration
Replies: 3
Views: 303

Re: Default Configuration

As @own3r1138 noticed: default settings are quite good and it's advisable to keep them. It's much better than most of what you can find on internet. If you need some other functionality (e.g. some ports forwarded), then add needed rules, no need to remove anything. Study defaults, understand them be...
by mkx
Tue Apr 06, 2021 10:38 am
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 5932

Re: "antenna gain" missing in 6.46.8?

(*) Max TX power in the specs is not what the radio can transmit with a certain MCS, but how well the radio controls the side lobes of the channel, to remain below the legal line of sidelobes in the RF spectrum. Higher MCS rates have a more complex spectrum and do leak more sidelobes than lower MCS...
by mkx
Tue Apr 06, 2021 10:23 am
Forum: Beginner Basics
Topic: Port 80 open for letsencrypt
Replies: 4
Views: 318

Re: Port 80 open for letsencrypt

ACME working over HTTP needs HTTP server running and delivering (right) response to request from letsencrypt server. This can either be done using already running web server (and asme script simply stores response to correct place in web server's file structure) or acme script can temporarily run it...
by mkx
Mon Apr 05, 2021 11:39 pm
Forum: Wireless Networking
Topic: How to enable Bridge VLAN Filtering on a wireless access-list rule?
Replies: 9
Views: 459

Re: How to enable Bridge VLAN Filtering on a wireless access-list rule?

/interface bridge vlan add bridge=bridge-local untagged=wlan1 vlan-ids=10 doesn't go together with /interface wireless access-list add allow-signal-out-of-range=20s interface=wlan1 mac-address=xx:xx:xx:xx:xx:xx vlan-id=10 vlan-mode=use-tag And setting vlan-filtering actually enables the former sett...
by mkx
Mon Apr 05, 2021 11:25 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 5932

Re: "antenna gain" missing in 6.46.8?

Normis explained in post #32 above: you can set Tx power lower than default (maximum considering country regulations and hard-coded antenna gain) using parameter tx-power . In webfig it's available in advanced section and you can set value if you select "all-rates-fixed" as "Tx Power ...
by mkx
Mon Apr 05, 2021 10:59 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 831

Re: Multiple Trunk setup performance issues

Regarding RB2011 in switch mode: The /interface ethernet switch port export is always confusing to me because it's using index numbers instead of port names so it's hard to correlate this section to other sections of config. Command interface ethernet switch port print provides missing information. ...
by mkx
Mon Apr 05, 2021 6:33 pm
Forum: General
Topic: Transparent hEX S to change vlan-priority for DHCP request only
Replies: 19
Views: 1540

Re: Transparent hEX S to change vlan-priority for DHCP request only

Standards ... one thing is to support normal SFPs which (semi-)transparently pass bits between left and right. And it's a pitty these are not more compatible. Which mostly is not result of poor standards but rather bad practice by major players who introduced incompatible extensions. The other probl...
by mkx
Mon Apr 05, 2021 6:16 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 960

Re: VLAN Filter - how do ingress and egress rules work?

What beats me is that in Cisco world there are two names for frames without 802.1q headers: untagged VLANs and native VLANs. I'm not fluent in ciscoish so I guess that there can only be single native VLAN per switch/stack/CDP domain while every untagged VLAN port can belong to different VLAN. To me ...
by mkx
Mon Apr 05, 2021 4:03 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 5932

Re: "antenna gain" missing in 6.46.8?

Mental masturbation: if devices are not locked against illegal settings, they can not be legally sold in certain market. While some nations are used to smuggling goods from third countries, other nations (which might represent considerable markets for MT) are used to buying goods from local business...
by mkx
Mon Apr 05, 2021 3:59 pm
Forum: General
Topic: Transparent hEX S to change vlan-priority for DHCP request only
Replies: 19
Views: 1540

Re: Transparent hEX S to change vlan-priority for DHCP request only

Mikrotik support for ONT SFPs is non existent so some might work and most don't. Even compatibility with "normal" SFPs is incomplete (mildly put). Which means that trying to get ONT SFP to work with any MT device is similar to trying to win a jackpot, even if particular ONT SFP works with ...
by mkx
Mon Apr 05, 2021 3:45 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 960

Re: VLAN Filter - how do ingress and egress rules work?

I dare to say the setting Bridge -> Ports -> Bridge Port -> VLAN PVID is clear to me. I assume this is the ingress rule: Untagged traffic incoming: The VLAN tag is added according to the PVID. tagged traffic incoming: the VLAN tag is read but not changed. Yes, your asumptions are correct. However t...
by mkx
Mon Apr 05, 2021 3:25 pm
Forum: Beginner Basics
Topic: 2 links between CSR /using vlan filtering, but without LACP/
Replies: 9
Views: 622

Re: 2 links between CSR /using vlan filtering, but without LACP/

I think that setting all 4 ports involved (two at each end) to ingress-filtering=yes frame-types=admit-only-vlan-tagged might solve your problem of switches detecting a loop when you're half way through moving VLAN99 from one link to another. The thing is in the first setting which would drop VLAN99...
by mkx
Mon Apr 05, 2021 12:16 pm
Forum: RouterBOARD hardware
Topic: NetPower16 feeding AF11FX
Replies: 5
Views: 805

Re: NetPower16 feeding AF11FX

According to wikipedia article the PSE (netPower) has quite some constraints about PoE out voltages: when in 802.3 af mode, output voltage should be in range between 44V and 57V. Maximum power is limited to 15.4W. when in 802.3 at mode, output voltage should be in range between 50 V and 57V. Maximum...
by mkx
Mon Apr 05, 2021 11:49 am
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 831

Re: Multiple Trunk setup performance issues

Basically you can configure VLANs either with bridge filtering or on switch, you should not mix both. If you want to configure SFP+ port on CCR as trunk as well, then you have a problem. Your CCR is unfit for switching duties between any pair of ports apart from ports ether1-ether4 (which are run by...
by mkx
Mon Apr 05, 2021 11:29 am
Forum: Beginner Basics
Topic: 2 links between CSR /using vlan filtering, but without LACP/
Replies: 9
Views: 622

Re: 2 links between CSR /using vlan filtering, but without LACP/

I'm pretty sure VLAN99 gets into a semi-loop state when you configure two ports as members even on single end. In this moment switch (which has both ports configured as members) starts sending certain frames to both ports and the other switch (which is still configured with single port member of VLA...
by mkx
Sun Apr 04, 2021 11:44 pm
Forum: General
Topic: RB4011 InterVLAN Routing
Replies: 3
Views: 561

Re: RB4011 InterVLAN Routing

Would there be any reason to use Bridge VLAN filtering on the RB4011 ?

Only if RB4011 was not simply a router-on-a-stick ...
by mkx
Sun Apr 04, 2021 11:36 pm
Forum: Beginner Basics
Topic: 2 links between CSR /using vlan filtering, but without LACP/
Replies: 9
Views: 622

Re: 2 links between CSR /using vlan filtering, but without LACP/

So if I understand you right: currently you have VLAN 99 over primary link and everything works fine. If you start to configure VLAN 99 also for secondary link, switches detect loop? But there indeed is (a partial) loop in that case. You can have it like that (I guess you have redundancy in your min...
by mkx
Sun Apr 04, 2021 9:54 pm
Forum: General
Topic: RB4011 InterVLAN Routing
Replies: 3
Views: 561

Re: RB4011 InterVLAN Routing

When you power on both devices and nothing much works ... is the DAC link up&running? You should be able to check that if you configure management computer with static address from 192.168.10.x/24 subnet and connect to ether24 of CRS. You may want to configure a management port on RB4011 in simi...
by mkx
Sun Apr 04, 2021 8:38 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 831

Re: Multiple Trunk setup performance issues

Ah, so your unit is one of old ones. The bridge vlan-filtering can only be offloaded on CRS3xx devices. The rest can not offload vlan filtering and one has to configure VLANs on switch chip (under /interface ethernet switch).
by mkx
Sat Apr 03, 2021 8:09 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 831

Re: Multiple Trunk setup performance issues

Your CCR1009 quite likely doesn't have switch chip built in (only early models without SFP+ port had one) and hence nothing can be HW offloaded. Your CCR is a great router but mediocre switch/bridge.
by mkx
Sat Apr 03, 2021 3:50 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2111

Re: port 53 open despite firewall rules

You could try to run TCP traceroute ... targeting same destination IP address, but different standard TCP ports (e.g. 443 along with 53) and compare the path. And choose some normal destination known not to be hosted by some large cloud hosting company as those tend to geographically distribute serv...
by mkx
Fri Apr 02, 2021 11:36 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2111

Re: port 53 open despite firewall rules

Should i netinstall clean firmware? And how can i do it? Netinstalling your device would certainly be a good action. Prior to doing it do export of configuration ( /export file=yourexport ) so task of configuring the unit afterwards will be easier. The process of netinstalling is quite well documen...
by mkx
Fri Apr 02, 2021 11:02 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2111

Re: port 53 open despite firewall rules

I tried also nc -w5 -z -v <MyIP> 53 and Connection to <MyIP> 53 port [tcp/domain] succeeded! I dont know what to say.... How my ISP can make a port in my router to respond to requests? You ran the command from where? If you ran it from a device connected directly to WAN interface of your router, th...
by mkx
Fri Apr 02, 2021 10:41 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2111

Re: port 53 open despite firewall rules

My guess is that your ISP is redirecting/blocking connections to port 53 (DNS server) ... possibly in attempt to block DDoS attacks which abuse mis-configured routers of your ISP's clients.
by mkx
Fri Apr 02, 2021 5:59 pm
Forum: Wireless Networking
Topic: detect LAN log messages
Replies: 6
Views: 511

Re: detect LAN log messages

/interface detect-internet set detect-interface-list=none
by mkx
Fri Apr 02, 2021 5:47 pm
Forum: Wireless Networking
Topic: detect LAN log messages
Replies: 6
Views: 511

Re: detect LAN log messages

If I was in your position, I'd disable the feature altogether. I don't know if anybody (I dare to say: MT staff included) has ever found a good use of it, while there are reports of random things breaking and problems stopped after disabling this "feature".
by mkx
Fri Apr 02, 2021 12:22 pm
Forum: Beginner Basics
Topic: A little help with VLANs - CRS328
Replies: 10
Views: 850

Re: A little help with VLANs - CRS328

Quoted sections of RB4011 config which are incorrect: /interface bridge add admin-mac=08:00:00:C0:00:00 auto-mac=no comment=defconf name=bridge Bridge absolutely needs setting vlan-filtering=yes . But first fix the next error ... /interface bridge vlan add bridge=bridge tagged=sfp-sfpplus1,bridge vl...
by mkx
Fri Apr 02, 2021 12:11 pm
Forum: Wireless Networking
Topic: detect LAN log messages
Replies: 6
Views: 511

Re: detect LAN log messages

Could it be related to detect-internet "feature"?
by mkx
Fri Apr 02, 2021 12:07 pm
Forum: Wireless Networking
Topic: for when spectral analysis will work on AC radios
Replies: 3
Views: 458

Re: for when spectral analysis will work on AC radios

Did anybody check the new wave2 drivers for 7.1beta if they support spectral scans?
by mkx
Fri Apr 02, 2021 12:03 pm
Forum: General
Topic: Force SFP interface running
Replies: 1
Views: 252

Re: Force SFP interface running

I don't think MT actually supports ONU SFPs in any way. If it works somehow it's purely coincidental. So I wouldn't hold my breath waiting for your suggestion to be implemented. Besides, if you really want your suggestion to get to MT devs, you'll have to communicate it directly, this forum is user ...
by mkx
Thu Apr 01, 2021 9:28 pm
Forum: Beginner Basics
Topic: Multiple VLANs and DHCP servers on a single physical port
Replies: 3
Views: 338

Re: Multiple VLANs and DHCP servers on a single physical port

Both methods (bridge vlan and switch chip vlan) only matter in switched/bridged environment which is when multiple ports are members of same vlans (or subset of thereof) and pat of traffic simply passes router/switch between these ports (almost) unaltered. When only single port is carrying all vlans...
by mkx
Wed Mar 31, 2021 9:11 pm
Forum: General
Topic: Dead 750GL [SOLVED]
Replies: 4
Views: 540

Re: Dead 750GL [SOLVED]

Next thing you could try is to netinstall the router.
by mkx
Wed Mar 31, 2021 6:37 pm
Forum: General
Topic: Dead 750GL [SOLVED]
Replies: 4
Views: 540

Re: Dead 750GL [SOLVED]

Did you click on MAC address to connect?

It's a good sign that it shows in winbox, this means it's up&running, but configuration might be in weird state. Also beware that if ROS running on RB is older than 6.40 you have to use older winbox as well (I think 3.1x should be fine).
by mkx
Wed Mar 31, 2021 5:00 pm
Forum: Beginner Basics
Topic: Invalid Forwards [SOLVED]
Replies: 9
Views: 803

Re: Invalid Forwards [SOLVED]

You beleive that there nothing to worry abour? I worry about Koreans knowing my TV watching habbits so my TV is banned from internet (also helps against automatic unattended firmware upgrades, some were not exactly user-friendly in the past), but can access DLNA server in LAN (keeps my daughters ha...
by mkx
Wed Mar 31, 2021 2:16 pm
Forum: RouterBOARD hardware
Topic: Can the RB260GSP Switch power both the Hex Router and the hap ac lite?
Replies: 6
Views: 562

Re: Can the RB260GSP Switch power both the Hex Router and the hap ac lite?

The only way to power the hAP lite is via the 5 Volt USB power supply, correct?

Looking at Powering section of product page it certainly looks like that.
by mkx
Wed Mar 31, 2021 2:13 pm
Forum: RouterBOARD hardware
Topic: Chateau hanging
Replies: 4
Views: 408

Re: Chateau hanging

In theory[*], 71.beta5 should be better than 7.0beta6. But since it's still beta (and beta in MT world means less than usually in ICT world) you never know if your particular unit will like it better or not. So before you upgrade your unit, do the following: create (binary) backup ( /system backup s...
by mkx
Wed Mar 31, 2021 1:59 pm
Forum: Wireless Networking
Topic: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected
Replies: 8
Views: 596

Re: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected

(MKX is faster in typing than me. I will post it anyway .... :-) )

I'd be disappointed if you didn't. It's always pleasure to read your highly skilled and very informative posts, I always learn something new.
by mkx
Wed Mar 31, 2021 1:53 pm
Forum: General
Topic: Bridge Trunk Ports
Replies: 6
Views: 476

Re: Bridge Trunk Ports

The article should apply to CRS326 ... but if you have some weird scenario (can't figure it out completely from your vague description), then you have to adjust the config from article for your particular case. You can post config (at least from one of units) so we can see if there's room for improv...
by mkx
Tue Mar 30, 2021 11:29 pm
Forum: Wireless Networking
Topic: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected
Replies: 8
Views: 596

Re: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected

installation=indoor or outdoor is not physical, but rather political setting. In certain countries there are certain frequency channels which are only allowed for indoor use (these usually come with lower Tx power limits as well) and other frequency channels are allowed for outdoor use ... which ac...
by mkx
Tue Mar 30, 2021 7:12 pm
Forum: Beginner Basics
Topic: Multiple VLAN on Single Port
Replies: 6
Views: 1010

Re: Multiple VLAN on Single Port

My current network is running off a Ubiquity Access Point with no VLAN and I would like to seperate network traffic using VLAN's as per below: 1) WLAN1 - 192.168.16.0/24 - No VLAN currently (would like to add a VLAN 100) 2) WLAN2 (Guest) - 192.168.168.0/24 - VLAN 999 I have configured the bridge wi...
by mkx
Tue Mar 30, 2021 7:05 pm
Forum: Beginner Basics
Topic: 2 links between CSR /using vlan filtering, but without LACP/
Replies: 9
Views: 622

Re: 2 links between CSR /using vlan filtering, but without LACP/

In theory it might work with careful configuration. Can you post actual configuration of one of switches (I guess you configured both in similar fashion)? (execute /export hide-sensitive and copy-paste output here).
by mkx
Tue Mar 30, 2021 9:35 am
Forum: RouterBOARD hardware
Topic: Replacing the NAND in a RB1100
Replies: 1
Views: 381

Re: Replacing the NAND in a RB1100

License is "baked" to NAND in a way netinstall doesn't touch it. Which also means you can't transfer the license to new NAND just like that. I suggest you to contact support@mikrotik.com and ask them about your options.
by mkx
Tue Mar 30, 2021 9:34 am
Forum: RouterBOARD hardware
Topic: Powering 2 devices from hAP ac3 PoE-out port
Replies: 2
Views: 466

Re: Powering 2 devices from hAP ac3 PoE-out port

I wouldn't do it, there's real chance that either PoE out port gets damaged or that both PoE-powered devices will not be stable. If you really want daisy-chain both PoE-in devices and run them off single PoE cable, use RBGSP injector which has 2A limit.
by mkx
Tue Mar 30, 2021 9:32 am
Forum: RouterBOARD hardware
Topic: Can the RB260GSP Switch power both the Hex Router and the hap ac lite?
Replies: 6
Views: 562

Re: Can the RB260GSP Switch power both the Hex Router and the hap ac lite?

Yes it can. RB260GSP comes with 24V power adapter and both hEX Gr3 and hAP ac lite can take this voltage. However, you'll have to reconfigure hEX from defaults: hEX can take PoE in via ether1 while default config uses ether1 as WAN port. In your case you'll want to use ether1 as LAN port (and dedica...
by mkx
Tue Mar 30, 2021 8:59 am
Forum: Beginner Basics
Topic: Issue with my network setup
Replies: 43
Views: 2692

Re: Issue with my network setup

Is router successfull in obtaining DHCP lease from FIOS router? Check by running command /ip address print and verify that there's a dynamic address bound to ether1_WAN.
by mkx
Tue Mar 30, 2021 8:51 am
Forum: Beginner Basics
Topic: N00b - protecting router from external access
Replies: 3
Views: 313

Re: N00b - protecting router from external access

I guess my question was too generalized to attract helpful responses ... will try to ask better questions next time. The question was indeed very general. On a side note: which particular Mikrotik device type are you using? SOHO devices (most Mikrotik devices except CCR, CRS and some high-end RB de...
by mkx
Tue Mar 30, 2021 8:42 am
Forum: Beginner Basics
Topic: LAN Traffic Passing To MT!! [SOLVED]
Replies: 3
Views: 344

Re: LAN Traffic Passing To MT!! [SOLVED]

PC01 -> Dumb switch -> to Mikrotik ether2 interface then on my bridge then out to eth2 -> switch again then to -> Server So your router is connected to switch with single ethernet cable, connected to ether2? Unless PC01 and Server are in different subnets (and RB has two IP addresses set on ether2/...
by mkx
Mon Mar 29, 2021 6:48 pm
Forum: Wireless Networking
Topic: Reaching the end of the IPS of my LAN [SOLVED]
Replies: 3
Views: 457

Re: Reaching the end of the IPS of my LAN [SOLVED]

Mkx is almost correct.

Right. I stand corrected.
by mkx
Mon Mar 29, 2021 6:43 pm
Forum: General
Topic: RB4011 VLAN Routing Performance
Replies: 4
Views: 560

Re: RB4011 VLAN Routing Performance

It's a shame that a single CPU thread limits it in such a way though. ARM-based routers (RB4011, CCR2004) are quite good actually, their single-core performance is not too bad. Imagine your disappointment if you used a CCR1072 instead ... on paper it's got tons of umph, but in your case it'd be muc...
by mkx
Mon Mar 29, 2021 4:53 pm
Forum: General
Topic: Three Subnets in one ethernet interface [SOLVED]
Replies: 9
Views: 729

Re: Three Subnets in one ethernet interface [SOLVED]

Ethernet 2: ip address 192.168.3.5/24 ip address 192.168.10.5/24 ip address 192.168.0.220/24 Simply setting all 3 addresses to same interface (ether2) does the trick. But the clients cannot see each other. The router can see them all tough. What exactly is the question? That clients should not see ...
by mkx
Mon Mar 29, 2021 4:40 pm
Forum: General
Topic: RB4011 VLAN Routing Performance
Replies: 4
Views: 560

Re: RB4011 VLAN Routing Performance

What does /tool profile cpu=all show during ongoing iperf test? I wouldn't be surprised if only single CPU core gets loaded. How does running multiple parallel streams ( iperf -P 8 ... ) affect overall throughput? The thing is that when routing, ROS will use single CPU core for all packets belonging...
by mkx
Mon Mar 29, 2021 3:58 pm
Forum: Beginner Basics
Topic: Winbox can no longer connect
Replies: 7
Views: 541

Re: Winbox can no longer connect

Try to use newest version of winbox. The way password is stored on RB in how password is negotiated with winbox changed somewhere around 6.44. Old versions of winbox don't work with new versions of ROS and vice versa.
by mkx
Mon Mar 29, 2021 3:54 pm
Forum: Beginner Basics
Topic: Issue with my network setup
Replies: 43
Views: 2692

Re: Issue with my network setup

Because device with IP address 192.168.188.165 needs to communicate with gateway at 192.168.188.1 ... the longest netmask covering both addresses is 24-bit long. Because, believe it or not, the link between RB and FIOS router is an entire subnet (because it's running on top of ethernet which is typi...
by mkx
Sun Mar 28, 2021 10:52 pm
Forum: Wireless Networking
Topic: Reaching the end of the IPS of my LAN [SOLVED]
Replies: 3
Views: 457

Re: Reaching the end of the IPS of my LAN [SOLVED]

You can extend numbering to 192.168.1.1/ 23 ... which gives you another 256 addresses (192.168.1.1-192.168.2.254 ... usable host addresses are then also 192.168.1.255 and 192.168.2.0). You have to change netmask on router's LAN interface, change address pool for DHCP server, change network mask in D...
by mkx
Sun Mar 28, 2021 9:31 pm
Forum: Beginner Basics
Topic: Issue with my network setup
Replies: 43
Views: 2692

Re: Issue with my network setup

add address=192.168.188.165/24 interface=ether1 network=192.168.188.0

Fixed WAN IP for you ...
by mkx
Sun Mar 28, 2021 6:52 pm
Forum: Wireless Networking
Topic: ROS 7 AND WISP
Replies: 2
Views: 343

Re: ROS 7 AND WISP

Probably as soon as ROSv7 will start working for everybody else. The date? Your guess is as good as everyone's.
by mkx
Sun Mar 28, 2021 4:23 pm
Forum: Beginner Basics
Topic: Cannot get value with console command
Replies: 3
Views: 316

Re: Cannot get value with console command

Index numbers (you're using 0 in your example) are dynamic and are created when running print command. They are only valid until next print (the worst thing would be that add or remove or similar doesn't invalidate them). Which means you can't reference entries like this from scripts, you have to us...
by mkx
Sun Mar 28, 2021 4:14 pm
Forum: Beginner Basics
Topic: Does changing configs causes to a Flash write ?
Replies: 6
Views: 569

Re: Does changing configs causes to a Flash write ?

What is "SOP" and "MT" ? S tandard O perating P rocedure M ikro T ik In that case, it seems that a script which is scheduled often could (potentially) degrade the Flash quickly which would subsequently adversely affect the device operation. Yes. So you should think of ways to ma...
by mkx
Sun Mar 28, 2021 4:09 pm
Forum: RouterOS v7 BETA
Topic: Possible error in DNS canonical name handling
Replies: 7
Views: 717

Re: Possible error in DNS canonical name handling

Address list uses resolved IP addresses (repeats resolving after DNS record TTL expires so it keeps IP address semi-uptodate) ... since ultimate destination is some akamai cloud address, it could be same IP address is whitelisted for some other domain. If you want to block according to FQDN, you eit...
by mkx
Sun Mar 28, 2021 4:01 pm
Forum: General
Topic: ARP without DHCP server?
Replies: 3
Views: 600

Re: ARP without DHCP server?

If TV is the only device to be isolated and is connected to dedicated port on router, then use of VLANs is un-necessary complication. The way OP started was fine. There are a few gotchas though. The biggest might be the bug in default configuration where ports ether2-etherX are bridged but LAN IP se...
by mkx
Sat Mar 27, 2021 9:45 pm
Forum: General
Topic: No internet connection after PPPOE reconnect (disable, pause, enable)
Replies: 5
Views: 537

Re: No internet connection after PPPOE reconnect (disable, pause, enable)

The internet is up and running, but not working. How can disable "detect internet" help? I don't think any MT user ever found out what function "detect internet" offers that's not available otherwise. However, there is a number of reports of weird problems which went away after ...
by mkx
Sat Mar 27, 2021 7:35 pm
Forum: General
Topic: 10 Gbps SFP + RouterOS Compatible NICs
Replies: 3
Views: 419

Re: 10 Gbps SFP + RouterOS Compatible NICs

Regarding NIC support (which includes 10Gbps NICs) there are 3 ROS variants: ROS v6 x86 Due to age of ROSv6 and underlying linux kernel it generally lacks support for newer devices. Which (sadly) includes most 10Gbps NICs apart from NIC based on early chipsets. Nothing much will change about support...
by mkx
Sat Mar 27, 2021 5:57 pm
Forum: Beginner Basics
Topic: Right MTU and L2 MTU for SFP+ 10GB Ports [SOLVED]
Replies: 4
Views: 527

Re: Right MTU and L2 MTU for SFP+ 10GB Ports [SOLVED]

It is fine to configure L2MTU as high as it gets. But for (L3) MTU you have to consider a few things: L3 MTU has to be the same in whole subnet or else some members of same subnet won't be able to communicate (peers with smaller MTU will silently drop packets) when client and server are in different...
by mkx
Sat Mar 27, 2021 5:25 pm
Forum: Beginner Basics
Topic: Firewall does not drop ssh connection by local name
Replies: 2
Views: 332

Re: Firewall does not drop ssh connection by local name

The only reason why IPv6 matters in your case is that server.local somehow resolves to IPv6 address. BTW, bridging two L3 subnets and then using bridge filters (or switch ACLs if you were using some real switch for that) to block traffic is, mildly put, weird. And since your OP was extremely scarce ...
by mkx
Sat Mar 27, 2021 5:20 pm
Forum: Beginner Basics
Topic: Does changing configs causes to a Flash write ?
Replies: 6
Views: 569

Re: Does changing configs causes to a Flash write ?

All what is remembered after a reboot has been written into flash. When exactly does the device performs a write to Flash ? SOP is to write changes imediately. MT stated that simply cutting power to device shouldn't affect it in any way. However there are indications that marginal power supply migh...
by mkx
Sat Mar 27, 2021 4:38 pm
Forum: Beginner Basics
Topic: Help Bonding two ports [SOLVED]
Replies: 5
Views: 926

Re: Help Bonding two ports [SOLVED]

Alb only differs from tlb when the other end is (a dumb) switch connecting multiple clients which don't know anything about this bond. Multiple clients are needed because many bond modes keep traffic between same set of peers (i.e. server and client) on same link to ensure in-order delivery of packe...
by mkx
Sat Mar 27, 2021 3:29 pm
Forum: Beginner Basics
Topic: Right MTU and L2 MTU for SFP+ 10GB Ports [SOLVED]
Replies: 4
Views: 527

Re: Right MTU and L2 MTU for SFP+ 10GB Ports [SOLVED]

When device is used as a switch, the (L2)MTU setting doesn't matter (much). It has to be large enough not to drop large frames on ingress. If L2MTU is set larger, it still won't make passing frames larger. Where MTU matters is if interface us used for L3 i.e. if interface has IP address set. In this...
by mkx
Sat Mar 27, 2021 3:20 pm
Forum: Beginner Basics
Topic: Help Bonding two ports [SOLVED]
Replies: 5
Views: 926

Re: Help Bonding two ports [SOLVED]

Post full config for review, it's hard to guess which minor detail is missing/wrong. Execute /export hide-sensitive file=anynameyouwish from terminal window and open resulting text file in any text editor, then copy-paste config here inside [code] [/code] environment.
by mkx
Sat Mar 27, 2021 10:58 am
Forum: Beginner Basics
Topic: hEX & bonding/link aggregation setup
Replies: 4
Views: 438

Re: hEX & bonding/link aggregation setup

2. [Tab Bonding] Create a bonding with ether4 and ether5 as slaves and mode "balance rr" (this appears to be the equivalent for Netgear static LAG). I called that one "bond45" I don't know what exactly is Netgear's "static LAG" ... however RR is not the same as XOR. XO...
by mkx
Sat Mar 27, 2021 10:39 am
Forum: Beginner Basics
Topic: Help Bonding two ports [SOLVED]
Replies: 5
Views: 926

Re: Help Bonding two ports [SOLVED]

Your wording and action don't match when you're talking about adding bond to the bridge. Adding to a bridge is done thusly: /interface bridge add bridge=bridge1 interface=bond0 pvid=10 What you did was to setup VLAN membership of port bond0 (which is done automatically by the command above due to pv...
by mkx
Fri Mar 26, 2021 12:04 am
Forum: RouterBOARD hardware
Topic: Wifi RB4011 - HAP AC3 - HAP AC3 LTE
Replies: 11
Views: 1011

Re: Wifi RB4011 - HAP AC3 - HAP AC3 LTE

If you set up wireless interface according to local legislation, then most probably there will be no difference between Tx power of all three units, clients will measure same signal strength from any of those APs. These days most countries limit wireless devices to 20 dBm or (less frequently) 30 dBm...
by mkx
Thu Mar 25, 2021 8:50 pm
Forum: Wireless Networking
Topic: Wireless Client Isolation
Replies: 7
Views: 828

Re: Wireless Client Isolation

Yes.
by mkx
Thu Mar 25, 2021 7:53 am
Forum: General
Topic: PPPoE connection from was already active - closing previous one
Replies: 1
Views: 304

Re: PPPoE connection from was already active - closing previous one

Post configuration, it's hard to tell what's wrong without seeing it. Is it "native" x86 installation or a CHR?
by mkx
Thu Mar 25, 2021 7:45 am
Forum: General
Topic: Switch Chip VLAN Setting Question (HAPAC2)
Replies: 6
Views: 558

Re: Switch Chip VLAN Setting Question (HAPAC2)

I didn't say there was no difference. In case A traffic from other VLANs will bleed through ether5 (broadcasts, multicasts and some unicast packets if switch won't know exact egress port for dst MAC address, ...). It goes against the gist of setting vlan-mode=secure ... Even more so if you don't se...
by mkx
Wed Mar 24, 2021 11:39 pm
Forum: Beginner Basics
Topic: Disabling/Enabling a specific entry in an Address List [SOLVED]
Replies: 3
Views: 574

Re: Disabling/Enabling a specific entry in an Address List [SOLVED]

The easiest way is to add comment to the entry ... and then toggle disabled flag by searching the comment. E.g. /ip firewall address-list add address=192.168.88.88/32 list=somelist comment="My address #1" # from some script set the address list entry disabled /ip firewall address-list set ...
by mkx
Wed Mar 24, 2021 8:30 pm
Forum: Wireless Networking
Topic: Wireless Client Isolation
Replies: 7
Views: 828

Re: Wireless Client Isolation

Would setting the "bridge uses firewall" setting get this done?

It would if HW offload was disabled for involved ports. And if APs were connected to different ports of a bridge.
by mkx
Wed Mar 24, 2021 4:35 pm
Forum: General
Topic: Switch Chip VLAN Setting Question (HAPAC2)
Replies: 6
Views: 558

Re: Switch Chip VLAN Setting Question (HAPAC2)

If in practice there is no difference (even though A does not make sense), then I would rather use A. I didn't say there was no difference. In case A traffic from other VLANs will bleed through ether5 (broadcasts, multicasts and some unicast packets if switch won't know exact egress port for dst MA...
by mkx
Wed Mar 24, 2021 3:37 pm
Forum: Beginner Basics
Topic: Some issues with tethering usb and wifi with my hap ac2
Replies: 9
Views: 639

Re: Some issues with tethering usb and wifi with my hap ac2

If your hotspot only supports 2.4Ghz, then you can create virtual interface as STA on 2.4Ghz and keep the Wifi AP interface at same time. wireless mode station should only be used on master interface because it has to follow the serving AP (or phone tethering internet connection) ... virtual interf...
by mkx
Wed Mar 24, 2021 3:33 pm
Forum: Beginner Basics
Topic: Date & Time from NTP Server [SOLVED]
Replies: 14
Views: 1023

Re: Date & Time from NTP Server [SOLVED]

What does
/system ntp client print
show?
by mkx
Wed Mar 24, 2021 3:06 pm
Forum: General
Topic: Switch Chip VLAN Setting Question (HAPAC2)
Replies: 6
Views: 558

Re: Switch Chip VLAN Setting Question (HAPAC2)

Case A (ether5 member of VLANs 1, 01 and 20) doesn't make much sense since ether5 port is set to untag everything on egress and can only tag untagged frames with single default-vlan-id on ingress.
by mkx
Wed Mar 24, 2021 2:54 pm
Forum: General
Topic: RB4011 > hAP AC Lite VLAN configuration
Replies: 13
Views: 890

Re: RB4011 > hAP AC Lite VLAN configuration

@anav, with your mileage in ROS and VLANs I still don't get what exactly is bothering you. I'll try to answer never the less (but I'll probably miss the point). Bridge personality of bridge ... just carries frames between ports ... doesn't care if they're tagged or not. When you're talking of bridge...
by mkx
Wed Mar 24, 2021 2:18 pm
Forum: General
Topic: DHCP: MAC vs. Client-ID
Replies: 1
Views: 290

Re: DHCP: MAC vs. Client-ID

DHCP server only cares about Client ID. Client ID is value supplied by DHCP client when requesting DHCP lease. It usually does contain MAC adderss, but it can be some other identification. Client ID can be of 3 types: text, integer number and MAC address. MAC address, shown by DHCP server, is FYI on...
by mkx
Wed Mar 24, 2021 11:07 am
Forum: General
Topic: RB4011 > hAP AC Lite VLAN configuration
Replies: 13
Views: 890

Re: RB4011 > hAP AC Lite VLAN configuration

I still fail to understand your question. Which bridge personality (according to classification by @sindy) are you talking about?
by mkx
Wed Mar 24, 2021 11:03 am
Forum: Beginner Basics
Topic: SSL certificate for Proxmox
Replies: 3
Views: 679

Re: SSL certificate for Proxmox

That's perpetual "problem" with certificates. Solution is to add DNS entries (resolvable for LAN hosts only) which link public host name with local IP address.
by mkx
Wed Mar 24, 2021 11:01 am
Forum: Beginner Basics
Topic: accessing local network hosts by host-name.local-domain-name [SOLVED]
Replies: 4
Views: 500

Re: accessing local network hosts by host-name.local-domain-name [SOLVED]

The problem is now how can i secure my router from external dns requests when "allow remote requests" is enabled? It's firewall rules for chain=input . Default firewall setup (in recent ROS version on SOHO devices) already blocks most connections from WAN, but it really depends on changes...
by mkx
Tue Mar 23, 2021 8:26 pm
Forum: General
Topic: help with a firewall address rule
Replies: 2
Views: 378

Re: help with a firewall address rule

The only time when firewall actually cares about anything else but IP addresses (and port numbers) is in L7 firewall. Which doesn't work for HTTPS traffic because it's encrypted.

If you describe use case, you might get better answer.
by mkx
Tue Mar 23, 2021 7:44 pm
Forum: General
Topic: hAPac2 high latency on WiFi clients [SOLVED]
Replies: 2
Views: 476

Re: hAPac2 high latency on WiFi clients [SOLVED]

Wireless clients (most notably battery-powered ones, such as phones and tablets) frequently enter sleep mode and during sleep they don't listen to radio. AP knows that and buffers unicast packets until devices wake up. This way packets get delivered, but delay has high jitter. So if you want to test...
by mkx
Tue Mar 23, 2021 7:36 pm
Forum: General
Topic: Winbox Safe mode
Replies: 30
Views: 54128

Re: Winbox Safe mode

So it seems that "undo" buffer for safe mode is not endless. You should exit and re-enter safe-mode after each block of commands that might break your management connection (whereas your management connection survives).
by mkx
Tue Mar 23, 2021 7:23 pm
Forum: General
Topic: RB4011 > hAP AC Lite VLAN configuration
Replies: 13
Views: 890

Re: RB4011 > hAP AC Lite VLAN configuration

wlan interface is historically capable of dealing with VLANs itself. If wlan interface has vlan-id=400 vlan-mode=use-tag (set in /interface wireless section), then from bridge point of view this is tagged port and should be added as tagged member to appropriate VLAN. If, OTOH, one uses wlan interfac...
by mkx
Tue Mar 23, 2021 2:42 pm
Forum: General
Topic: RB4011 > hAP AC Lite VLAN configuration
Replies: 13
Views: 890

Re: RB4011 > hAP AC Lite VLAN configuration

Our on-duty configuration parser @anav missed this question: How do I assign an IP address to the bridge that exists in VLAN50? as just adding "192.168.5.254/24" to the bridge only ever replies locally and then prevents further access to the device. For this you'll have to add bridge (the ...
by mkx
Tue Mar 23, 2021 2:37 pm
Forum: Wireless Networking
Topic: WDS or independent APs?
Replies: 1
Views: 603

Re: WDS or independent APs?

All three 2.4GHz antennas run on the same frequency and SSID, but all three (Omni +the two APs) handle their own DHCP with a different network IP scheme. This pretty much breaks roaming preformance: when client sees different AP with same SSID, it often assumes L3 network would be contiguous and af...
by mkx
Tue Mar 23, 2021 2:18 pm
Forum: Beginner Basics
Topic: accessing local network hosts by host-name.local-domain-name [SOLVED]
Replies: 4
Views: 500

Re: accessing local network hosts by host-name.local-domain-name [SOLVED]

What is setting of dns-server property in /ip dhcp-server network? If it's not your router's IP address, then clients will use other DNS server and will miss configuration from /ip dns static.
by mkx
Tue Mar 23, 2021 2:11 pm
Forum: Beginner Basics
Topic: SSL certificate for Proxmox
Replies: 3
Views: 679

Re: SSL certificate for Proxmox

The tutorial author is using DNS-01 challenge (instead of a more often used HTTP-01) which requires you to have DNS server for your (sub)domain under your control. In this case the certificate receiver (Proxmox) doesn't have to be publicly accessible. Doesn't have anything to do with particular type...
by mkx
Tue Mar 23, 2021 1:58 pm
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1535

Re: IPv6 DHCPv6 server?

Problem is that quite some OSes (e.g. Windows) will use different short-lived IPv6 addresses (even multiple at any given time), constructed in SLAAC manner, and will use those addresses at will. This mostly matters for out-going connections but that means you can't rely on IPv6 address only to contr...
by mkx
Tue Mar 23, 2021 1:41 pm
Forum: General
Topic: DST-NAT when not default gateway
Replies: 1
Views: 271

Re: DST-NAT when not default gateway

This won't work because SMTP server doesn't know it needs to use MT as gateway. There are (at least) two ways of dealing with it: set up static route on SMTP server to use MT as gateway. I don't know how feasible that would be if SMTP server should only use MT as gateway for SMTP to most destination...
by mkx
Tue Mar 23, 2021 11:04 am
Forum: General
Topic: help fix leaky vlans, NP16 + PBP
Replies: 7
Views: 594

Re: help fix leaky vlans, NP16 + PBP

Post actual configuration of both devices, it's not really possible to know what exactly you configured from your description. Possibly it's not what you think you configured but what you actually configured.
by mkx
Tue Mar 23, 2021 11:00 am
Forum: General
Topic: Connect two subnets
Replies: 5
Views: 449

Re: Connect two subnets

If you follow instructions by @bpwl ... I don't see a point in having Mikrotik in the first place. It will act as a dumb switch ... which you already have in place. So you really have to decide the role of Mikrotik router in your LAN. However, if it is to be firewall for your LAN, then ... well, it ...
by mkx
Tue Mar 23, 2021 9:02 am
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 29721

Re: v6.48.1 [stable] is released!

I just noticed now, winboard dosn't find it anymore, is that because i turned lldp off? I mean that winboard dosn't find the board? It seems that MNDP (neighbour discovery) runs on top of LLDP. However, you should still be able to connect to your router using winbox if entering its IP address (or M...
by mkx
Mon Mar 22, 2021 10:54 pm
Forum: General
Topic: Connect two subnets
Replies: 5
Views: 449

Re: Connect two subnets

Proper solution would be to add static route towards 192.168.88.0/24 via gateway 192.168.2.1 on ISP router. And add some firewall rules which would allow desired connections and block the rest. And drop SRC-NAT on mikrotik, ISP router should do it for both parts of network. I'll assume you really wa...
by mkx
Mon Mar 22, 2021 10:49 pm
Forum: General
Topic: CAPsMAN - AP falls out of the bridge after a few hours
Replies: 7
Views: 714

Re: CAPsMAN - AP falls out of the bridge after a few hours

I don't have experience with such behaviour under CAPsMAN. With stand-alone wlan interfaces it's normal that they become inactive (i.e. without R flag) when no client is registered. This is normally not a problem, interface changes state to "running" quickly enough for initial traffic betw...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20