Community discussions

MikroTik App

Search found 5997 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by mkx
Tue Jun 15, 2021 8:22 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 18
Views: 666

Re: Setting Up small home network with MikroTik hEX RB750Gr3

@zedoxx: what I'd do is the following: reset to default config use quickset to configure WAN ... PPPoE go into "normal" GUI and mnever ever go back to quickset unless you repeat config from step #1 remove ether5 from bridge add IP address to ether5. Configure additional address pool and DH...
by mkx
Tue Jun 15, 2021 6:31 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 10
Views: 289

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

second covid dose

Which one, Pfizer? I opted for Biontech and had only minor (next to none) side effects. It's been almost 3 weeks since second shot and I'm almost certified to resume normal life ;-)
by mkx
Tue Jun 15, 2021 8:41 am
Forum: RouterBOARD hardware
Topic: Battery driven RB get bricked
Replies: 5
Views: 242

Re: Battery driven RB get bricked

IMO whenever one runs some device off a battery, it's good thing to install under-voltage cut-off device. Not to protect powered device but to protect battery itself. None of battery chemistries (lead-acid, nickel, lithium) don't like being completely depleted and one has to protect them from gettin...
by mkx
Tue Jun 15, 2021 8:23 am
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 271

Re: Howto use HAP AC2 as switch+AP on vlan(s)

Bridge is the only port member of these VLANs. At least for VLAN 99 you should add ether1 as tagged port or else you'll almost definitely loose management access. Nope, there is a vlan interface that is added to the brige, vlan 99, with static IP 192.168.19.252. I was managing the router through th...
by mkx
Tue Jun 15, 2021 8:05 am
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 10
Views: 289

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

Isn't buying lottery ticket a prerequisite for winning the lottery? Are you doing anything about it? Or you rather spend the dime on Canadian rye? ;-)
by mkx
Mon Jun 14, 2021 11:16 pm
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 271

Re: Howto use HAP AC2 as switch+AP on vlan(s)

My dear @anav, as always you're one step ahead of me ... you already forgot you're forgetting things :-P
by mkx
Mon Jun 14, 2021 11:12 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance
Replies: 10
Views: 289

Re: RB4011iGS+5HacQ2HnD - RouterOS 6.48.3 - AC wireless preformance

I am itching to try a newer wifi6 620 or 660 at some point.

Oh please ... stop whining and do it already. And don't forget to throw your beloved 245's in my direction real hard.
by mkx
Mon Jun 14, 2021 10:55 pm
Forum: General
Topic: Howto use HAP AC2 as switch+AP on vlan(s)
Replies: 8
Views: 271

Re: Howto use HAP AC2 as switch+AP on vlan(s)

Access ports won't work until you enable vkan-filtering on bridge. Without that bridge does not add VLAN tag on ingress as per pvid settings nor does it strip VLAN tags on egress as per untagged vlan membership. So: take a deep breathe, enable safe mode and enable vlan-filtering on bridge. If your m...
by mkx
Mon Jun 14, 2021 10:47 pm
Forum: Beginner Basics
Topic: Initial Internet configuration ( via SFP port)
Replies: 11
Views: 263

Re: Initial Internet configuration ( via SFP port)

Btw I'm paying to have a static IPv4 and to not be anymore under their CGNAT That doesn't mean you should not allow automatic IP address acquisition. Depends how your ISP delivers internet, but they should instruct you what to do. I don't think you can actually statically set IP address when using ...
by mkx
Mon Jun 14, 2021 10:32 pm
Forum: Wireless Networking
Topic: Dual VS Triple Chain and 80Mhz
Replies: 1
Views: 118

Re: Dual VS Triple Chain and 80Mhz

Number of used chains is only indirectly connected to number of channels ... the property which links them is Tx power. In most countries regulations limit radiated power (EIRP) and that power is then divided between chains (tripple chain transmiter can spend 1/3 of power for each chain while dual c...
by mkx
Mon Jun 14, 2021 8:01 pm
Forum: Beginner Basics
Topic: RB960PSG max POE output
Replies: 5
Views: 150

Re: RB960PSG max POE output

I can reach the maximum with 48POW No, you can't. You want 4x450mA=1800mA peak power, while 48POW is rated at 1460mA which makes it short by one PoE device (if you consider RB960PGS own consumption as well). Either use an even higher-power power adapter or go with some other PoE switch. Or use dual...
by mkx
Mon Jun 14, 2021 6:53 pm
Forum: General
Topic: Stacked VLAN bridges and interfaces
Replies: 1
Views: 84

Re: Stacked VLAN bridges and interfaces

One of ways to achieve QinQ in ROS is to use multiple bridges in layered manner. Probably that's not the only way ... In your case you'd use one layer since you only have one interface carrying QinQ traffic. So what yoz can do is: create number of VLAN interfaces, one per remote location. All anchor...
by mkx
Mon Jun 14, 2021 6:19 pm
Forum: General
Topic: Next-hop and NAT
Replies: 4
Views: 141

Re: Next-hop and NAT

If you follow your initial thought, you would easily run into some routing triangle problems. They would not necessarily cause any problems initially, but could cause issued that would be hard to track. If you'd follow my suggestion, then mikrotik would just route, nothing more (no firewall no NAT)....
by mkx
Mon Jun 14, 2021 8:45 am
Forum: RouterBOARD hardware
Topic: Fans on MikroTik Cloud Router Switch 354-48G-4S+2Q+RM - volume level?
Replies: 5
Views: 242

Re: Fans on MikroTik Cloud Router Switch 354-48G-4S+2Q+RM - volume level?

Personally I don't have any CRS354 ... but since it's actively cooled and given the diameter (and RPM) of those fans I guess I wouldn't like to have that beast anywhere near my bed nor living room sofa (nor normal office working space). And I guess closing it in some sealed mini rack would work agai...
by mkx
Mon Jun 14, 2021 8:36 am
Forum: General
Topic: Next-hop and NAT
Replies: 4
Views: 141

Re: Next-hop and NAT

If you don't need any filtering of traffic between different subnets (which would require firewall rules), then you don't need 4 VLANs on the connection between mikrotik and fortigate. Instead you should use fifth subnet for that connection. It can have longer subnet mask if you wish, e.g. 192.168.5...
by mkx
Sun Jun 13, 2021 4:53 pm
Forum: RouterBOARD hardware
Topic: Fans on MikroTik Cloud Router Switch 354-48G-4S+2Q+RM - volume level?
Replies: 5
Views: 242

Re: Fans on MikroTik Cloud Router Switch 354-48G-4S+2Q+RM - volume level?

BTW is not ROS overkill on a Switch?

It probably is. But some people adore CLI for management and SNMP for supervision.
by mkx
Sat Jun 12, 2021 2:02 pm
Forum: General
Topic: CRS328 - can't ping device, packet sniffer shows no ICMP packets
Replies: 3
Views: 137

Re: CRS328 - can't ping device, packet sniffer shows no ICMP packets

To use packet sniffer on CRS you need to disable HW offload for the port of interest. Otherwise I don't see anything wrong with config. In some rare cases some devices misbehaved even though config seemed right. Some cleansing action was needed, you might want to try one of these (you can try all fr...
by mkx
Sat Jun 12, 2021 11:03 am
Forum: General
Topic: Port Forwarding Problem [SOLVED]
Replies: 16
Views: 636

Re: Port Forwarding Problem [SOLVED]

You need hairpin nat.
by mkx
Sat Jun 12, 2021 10:59 am
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 456

Re: dhcp on vlan trunk not working

why would anybody want to tag all packets on a trunk port, except for a very specific one? On trunk port one would not tag/untag any of packets and would thus configure such port with frame-types=admit-only-vlan-tagged ingress-filtering=yes (when using bridge vlan filtering and appropriate setting ...
by mkx
Fri Jun 11, 2021 10:22 pm
Forum: General
Topic: Route reachable but timeout??
Replies: 6
Views: 306

Re: Route reachable but timeout??

Torch is one of tools that can help you. And no, couter increasing in one direction doesn't mean the port is not dammaged.
by mkx
Fri Jun 11, 2021 10:16 pm
Forum: General
Topic: Firewall rules to secure CHR
Replies: 4
Views: 291

Re: Firewall rules to secure CHR

Something like that. If you need to add some accept rules later, push them just below the "drop invalid" rules and above the new "drop all" ones. I wouldn't log all hits of "drop all rules", there might be many entries due to bots scanning the network. A missing accept ...
by mkx
Fri Jun 11, 2021 4:10 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 607

Re: Preserve client IP when dst-nat to other server

By referring to "another subnet for NTP server" I was thinking of this LAN setup: --> LAN (10.0.0.0/16 or whatever the subnet mask) / | internet <--> router | \ --> "NTP lan" (NTP server with IP address e.g. 10.254.254.2/24 or any other IP address outside LAN subnet mask) The bes...
by mkx
Fri Jun 11, 2021 9:15 am
Forum: General
Topic: Route reachable but timeout??
Replies: 6
Views: 306

Re: Route reachable but timeout??

And the strange thing, it can run if I switch the function from ether 2 to ether 5. If that's the case then you might want to thoroughly check potential differences in configuration of those two ports. Next thing would be doing some elaborate tests to try to pinpoint the device where stuff breaks. ...
by mkx
Fri Jun 11, 2021 8:41 am
Forum: General
Topic: Route reachable but timeout??
Replies: 6
Views: 306

Re: Route reachable but timeout??

Sorry, crystal ball is defunct currently. What I want to write: it's impossible to tell why something stopped working while nothing supposedly changed. In this case it's only possible to find the reason by extensively debugging the whole setup. And you're the only one able to do it.
by mkx
Fri Jun 11, 2021 8:30 am
Forum: Beginner Basics
Topic: Winbox 64 bits ?
Replies: 3
Views: 175

Re: Winbox 64 bits ?

Probably a stupid quesiton... but what's the point of a 64bits Winbox ? what use case / config would require it ? Even though the name of tool is win box which implies it's a tool running in windows (and that's even true) that doesn't mean it can't be run in other environments. Such as under wine i...
by mkx
Fri Jun 11, 2021 8:18 am
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 607

Re: Preserve client IP when dst-nat to other server

@rextended: I'll just ignore your last post, it's quite off topic already. The post is directed at me (concrete examples of "right" choices) and I think I can master my own subnet of NTP servers just fine (I've been running public NTP servers for the last 25 years). You don't know the reas...
by mkx
Thu Jun 10, 2021 10:20 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 607

Re: Preserve client IP when dst-nat to other server

You're right ... as long as it works, we don't need any logs, debugging information or any other nonsense. But sometimes it doesn't work ... and then we need all the noise we can get ... and if there's no noise to filter, we're in troubles.
by mkx
Thu Jun 10, 2021 9:51 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 607

Re: Preserve client IP when dst-nat to other server

observability of NTP server in ROS I do not understand how traduce that on Italian but... I'm talking about .... [user@MTrouter] > /system ntp client print enabled: yes mode: unicast primary-ntp: 192.168.42.10 secondary-ntp: 2001:1470:8000::92 dynamic-servers: status: synchronized versus user@192.1...
by mkx
Thu Jun 10, 2021 8:13 pm
Forum: RouterOS v7 BETA
Topic: Driver bug on 7.1b6 and rtl8153b ethernet chipset
Replies: 2
Views: 221

Re: Driver bug on 7.1b6 and rtl8153b ethernet chipset

You can download previous versions if you hand-craft download links similar to the current one. For example: download link for x86 7.1beta6 Extra packages is h ttps://download.mikrotik.com/routeros/ 7.1beta6 /all_packages-x86- 7.1beta6 .zip If you change it to h ttps://download.mikrotik.com/routeros...
by mkx
Thu Jun 10, 2021 7:59 pm
Forum: Wireless Networking
Topic: CAPSman Controller device
Replies: 7
Views: 438

Re: CAPSman Controller device

I'd be careful about running CAPs manager off site. If CAP devices loose connectivity towards manager (can be even a very short period of time) they shut down their radios.
by mkx
Thu Jun 10, 2021 7:54 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 292

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

OK, since you're not going to describe your environment here's my last post in this thread. Here's a great tutorial on how VLANs are done in mikrotik. Won't help you if your actual LAN layout is as is on your drawing (i.e. your mikrotik completely outside of VLAN 20 area) though.
by mkx
Thu Jun 10, 2021 7:42 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 292

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

Network ... It's simple and flat, it's a local area network with one router 10.10.0.1. Since we're discussing VLANs here and those are L2 (or L2.5 if you want), it still isn't simple and flat. For sure there are managed switches with configuration regarding VLANs (port membership etc.) which have m...
by mkx
Thu Jun 10, 2021 7:32 pm
Forum: Beginner Basics
Topic: locking band R11e-LTE6 [SOLVED]
Replies: 6
Views: 361

Re: locking band R11e-LTE6 [SOLVED]

If modem drops off network when you lock it to some cell, then don't do it. If your favourite MNO does at least half decent job with optimisation of their LTE network then there are very few reasons to lock to some cell instead of letting network do it's job.
by mkx
Thu Jun 10, 2021 7:28 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 607

Re: Preserve client IP when dst-nat to other server

Not sure what you mean by own NTP server?

A raspberry pi, running NTP service ... or something like that. Or even own atomic clock, why not? After all, observability of NTP server in ROS is nil, but some of us do care about proper functioning of services.
by mkx
Thu Jun 10, 2021 6:50 pm
Forum: Beginner Basics
Topic: Preserve client IP when dst-nat to other server
Replies: 25
Views: 607

Re: Preserve client IP when dst-nat to other server

When you're doing dst-nat to server (10.0.0.100) which is in the same subnet as original client (10.0.0.10), then it is essential to perform src-nat as well (without it, server would reply to client directly and client would reject replies because they would be coming back from IP address it did not...
by mkx
Thu Jun 10, 2021 6:40 pm
Forum: General
Topic: dhcp on vlan trunk not working
Replies: 15
Views: 456

Re: dhcp on vlan trunk not working

Your setup of VLAN ports and interfaces is hosed ... suggest you to read this nice tutorial to see where you failed.
by mkx
Thu Jun 10, 2021 6:37 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 292

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

Mikrotik is fully capable of working with VLANs. But it has to be configured properly and attached to a port in the network which allows access to VLAN 200.

But again, you don't provide usable network information so you don't get usable advice.
by mkx
Thu Jun 10, 2021 6:33 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 258
Views: 24143

Re: v7.1beta6 [development] is released!

If you read what @raimondsp wrote it's clear that it's constraint in current L3 HW offload implementation . Not the configuration (because it's not something user can change) nor attached devices. CRS can take jumbo frames, but they will pass CPU which offers severely low throughput ... which is wha...
by mkx
Thu Jun 10, 2021 6:30 pm
Forum: General
Topic: How get access in to vlan from mikrotik bridge mode with tagged port?
Replies: 12
Views: 292

Re: How get access in to vlan from mikrotik bridge mode with tagged port?

VLAN with different ID is just like different physical network ... to reach it, one needs router which connects to both sides. Your diagram does not show any such border device, it only shows a device sitting inside VLAN 20. If border device is properly configured, you can't just add VLAN tags to fr...
by mkx
Thu Jun 10, 2021 6:17 pm
Forum: General
Topic: Firewall rules to secure CHR
Replies: 4
Views: 291

Re: Firewall rules to secure CHR

A pretty safe approach when constructing firewall rules is to have ultimate rule in both input and forward chan which drops everything not accepted by previous rules. Your setup only drops invalid packets which doesn't really protect your router (or network behind that router). Remember: implicit la...
by mkx
Thu Jun 10, 2021 6:05 pm
Forum: RouterOS v7 BETA
Topic: OSPF routing syntax
Replies: 10
Views: 601

Re: OSPF routing syntax

New filtering rule syntax will be introduced in the next beta. Or, to be precise, v7.1Beta7 will be released when the new syntax is ready.
Ok thank you, can you tell an approximative date for the Beta7 ?

Which part of post by @raimondsp is not clear?
by mkx
Thu Jun 10, 2021 8:06 am
Forum: Beginner Basics
Topic: Router Firewall
Replies: 1
Views: 161

Re: Router Firewall

Screenshot doesn't show everything, next time create text export by executing command /export hide-sensitive file=anynameyouwish from terminal window. Open resulting file in text editor, copy-paste contents ... With firewall filter rules everything (except chain and action) is optional, specifying m...
by mkx
Thu Jun 10, 2021 7:47 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 258
Views: 24143

Re: v7.1beta6 [development] is released!

There was a thread about L3 HW performance (or rather lack of it) and it was said that L3 HW offload for jumbo frames was not there yet. I'm not sure if that limitation is already lifted. So you might try to test similar scenario but using standard MTU values ...
by mkx
Wed Jun 09, 2021 9:57 pm
Forum: Beginner Basics
Topic: Problem routing traffic from one lan to another
Replies: 6
Views: 449

Re: Problem routing traffic from one lan to another

I'll assume the network subnets are real even if IP addresses aren't. So ... there are two potential problems: Does router 219.7.221.254 have static route towards 128.136.0.0/16 via 219.7.221.252? Does router 219.7.221.254 run stateful firewall? You are possibly creating routing triangle between mik...
by mkx
Wed Jun 09, 2021 9:37 pm
Forum: RouterBOARD hardware
Topic: VLAN problem with CRS112-8P-4S
Replies: 9
Views: 444

Re: VLAN problem with CRS112-8P-4S

As @mada3k wrote: remove switch1-cpu from all vlan pirt grouos under /interface ethernet switch vlan except for VLAN 255. That's only necessary for VLANs with which ROS interacts and it interacts through appropriate vlan interface. Admitting otger VLANs to CPU only alliws broadcasts to flood the CPU...
by mkx
Wed Jun 09, 2021 9:01 am
Forum: SwOS
Topic: Port Isolation
Replies: 2
Views: 228

Re: Port Isolation

Switches don't have notion of connections ... they only see frames. So with switch it's not possible what you're after. Some switches support ACLs where you can select certain L3/L4 properties of frames which should be dropped. You can try to use that functionality to mimic connection-awareness. For...
by mkx
Wed Jun 09, 2021 8:27 am
Forum: Beginner Basics
Topic: Port 443
Replies: 4
Views: 270

Re: Port 443

Even though you might have some success by constructing L7 filter rules it probably won't last ... The encrypted connection protocols are evolving. Currently there's some initial connection metadata passed unencrypted (namely SNI field) and it is possible to construct L7 filter to fetch that data an...
by mkx
Tue Jun 08, 2021 11:24 pm
Forum: RouterBOARD hardware
Topic: Which router/switch for distributing to 10 individual RouterBOARDs 951-2n?? [SOLVED]
Replies: 4
Views: 390

Re: Which router/switch for distributing to 10 individual RouterBOARDs 951-2n?? [SOLVED]

I wasn't sure if crs328 was able to handle such a load With some luck it will ... but there's no guarantee. If you look at official test results ... and concentrate on Ethernet test results table, you'll see some routing performance numbers. Experience goes that if you have to pick a number from th...
by mkx
Tue Jun 08, 2021 11:08 pm
Forum: Wireless Networking
Topic: Using 40 Mhz wide channels in a 2.4 Ghz wireless network deployment
Replies: 9
Views: 562

Re: Using 40 Mhz wide channels in a 2.4 Ghz wireless network deployment

Just in case you decide to go with option #2 from my post above ... you can argument that professional networks, consisting of multiple base stations (APs in WiFi talk) and operating using single frequency channel, use pretty complicated mechanisms to overcome inter-base-station interference: exampl...
by mkx
Tue Jun 08, 2021 9:52 pm
Forum: Wireless Networking
Topic: Using 40 Mhz wide channels in a 2.4 Ghz wireless network deployment
Replies: 9
Views: 562

Re: Using 40 Mhz wide channels in a 2.4 Ghz wireless network deployment

Due to lack of any serious advice, I'll resort to sarcasm. So you have 3 options: resign from your job immediately fight with senior staffer and resign from your job a bit later leave wireless config according to senior's "law" ... and move around the premises wearing paper bag over your h...
by mkx
Tue Jun 08, 2021 8:12 pm
Forum: Wireless Networking
Topic: Using 40 Mhz wide channels in a 2.4 Ghz wireless network deployment
Replies: 9
Views: 562

Re: Using 40 Mhz wide channels in a 2.4 Ghz wireless network deployment

Honestly I don't see how you could possibly win this argument. He is obviously very confident about his own knowledge (so he won't take any technical arguments) and he is senior to you (so you can't force your view on him).
by mkx
Tue Jun 08, 2021 12:20 pm
Forum: RouterBOARD hardware
Topic: 3 routerboards bricked this week
Replies: 27
Views: 1251

Re: 3 routerboards bricked this week

Netinstall is very fragile process. Often netinstall seemingly does its job (returning to ready in very short time) but actually doing nothing .... proper netinstall process takes some time (IIRC something around 10-30 seconds, depending on device's storage size and platform). So it is really vital ...
by mkx
Tue Jun 08, 2021 12:12 pm
Forum: General
Topic: no routerboards bricked from 2007 [SOLVED]
Replies: 6
Views: 538

Re: no routerboards bricked from 2007 [SOLVED]

Just to clarify: term "bricked" in my previous post describes router/switch which doesn't boot after user performs some action permitted by ROS itself ... either that's ROS upgrade in one of supported ways or change of configuration which is not rejected by ROS or something else. The fact ...
by mkx
Tue Jun 08, 2021 12:05 pm
Forum: Beginner Basics
Topic: Access LAN computer from a 4G Network
Replies: 2
Views: 192

Re: Access LAN computer from a 4G Network

Not sure if it's the same in your case, but I'll mention regardless: cellular networks in general are not as transparent as fixed networks. Could be that MNO is doing some funky stuff (firewalling of outgoing connections, DPI, rate limiting, FUP, ...) which breaks NAS access for you.
by mkx
Tue Jun 08, 2021 9:22 am
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 435

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

I would think that with this decent amount of data getting sucked up my ISP would be doing something about it? I know that it'd always be a losing battle, but across thousands of customers wouldn't it add up pretty quickly? The lost data is inconsequential in regards to my data cap and my bandwidth...
by mkx
Tue Jun 08, 2021 9:09 am
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 435

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

In my browser (FF 89 in ubuntu linux) the second code block isn't limited in a frame (with vertical scroll bar), contents rendering is slightly weird as well. The same in chrome/android on my phone.

Well, I'm quite sure this is not something you or I can fix ...
by mkx
Tue Jun 08, 2021 8:38 am
Forum: General
Topic: no routerboards bricked from 2007 [SOLVED]
Replies: 6
Views: 538

Re: no routerboards bricked from 2007 [SOLVED]

Understand my point of view now? Your point of view might be valid in certain circumstances. The problem with your point of view is that MT tries to be a player in SOHO market segment where expecting users to be anything but dummies is unrealistic. It is understandable that people less tech savvy g...
by mkx
Tue Jun 08, 2021 8:29 am
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 435

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

Its better to include config and logs in the post using code tags:

Just make sure you have some little "normal" text (at least a dot or two) between two [code] [/code] blocks ... or else forum will improperly render the second (and subsequent) blocks making the effort useless.
by mkx
Tue Jun 08, 2021 8:15 am
Forum: Beginner Basics
Topic: ISP PPPOE with VLAN filtering [SOLVED]
Replies: 32
Views: 1276

Re: ISP PPPOE with VLAN filtering [SOLVED]

Question though, if I'm assigning a pvid to a bridge port would that then be added as tagged or untagged on the bridge vlan configuration? Brdige comes with multiple personalities, they are very well explained in this thread . When assigning PVID to bridge, you're assigning it to bridge port and br...
by mkx
Mon Jun 07, 2021 11:28 am
Forum: Beginner Basics
Topic: After applied filter rule internet connect not stable
Replies: 6
Views: 491

Re: After applied filter rule internet connect not stable

Question 1 add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)" how to get this IP address 127.0.0.1? It's there, implicitly set. But it's hidden from you, you can't see it anywhere. However it's not really usable for many things, e...
by mkx
Mon Jun 07, 2021 11:16 am
Forum: Beginner Basics
Topic: Connecting several CRS: Bad transfer rate
Replies: 7
Views: 413

Re: Connecting several CRS: Bad transfer rate

...for such a simple setup, I wouldn't bother finding the flaws in the remains of an old configuration. The problem I was mentioning (LCD display affecting performance) doesn't seem to be due to configuration (so it seemed at the time many users were affected by it), but rather due to interaction b...
by mkx
Mon Jun 07, 2021 11:11 am
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 15
Views: 1114

Re: someone hack my routrs - can someone help?

All but high-end devices (which includes CCR, CRS and RB1100 devices) come with set of default firewall rules. One can see default settings by executing command /system default-configuration print (just beware that lines are truncated rather than wrapped around, so make sure you have really wide ter...
by mkx
Sun Jun 06, 2021 6:00 pm
Forum: Beginner Basics
Topic: I have a dedicated FW that I wish to keep, but demote from being the Gateway placing a Mikrotik Router there in stead
Replies: 11
Views: 586

Re: I have a dedicated FW that I wish to keep, but demote from being the Gateway placing a Mikrotik Router there in stea

Subnets? I really don't get why? To ensure packets flow in both directions via same path ... otherwise things can get messy. I agree that this seems unsolicited complication, but in long term it it would save you some time ... ISP > > Zyxel FW @ 192.168.1.2 (Cabling channels all the traffic through...
by mkx
Sun Jun 06, 2021 12:13 pm
Forum: Beginner Basics
Topic: I have a dedicated FW that I wish to keep, but demote from being the Gateway placing a Mikrotik Router there in stead
Replies: 11
Views: 586

Re: I have a dedicated FW that I wish to keep, but demote from being the Gateway placing a Mikrotik Router there in stea

Proper thing to do would be the following: use one IP subnet for LAN devices (right of MT router) and one subnet for MT-FW "subnet". Ideally you would keep using same IP subnet for LAN (in case you have any static configuration on any of LAN devices). MT would simply have two interfaces, c...
by mkx
Sun Jun 06, 2021 11:56 am
Forum: General
Topic: two cpe's
Replies: 2
Views: 239

Re: two cpe's

Which particular RB750 do you have? There are a few models, some current and some discontinued. Ability to power both SXTs depends on particular model. As to the data connectivity setup: any of RB750 will nicely route traffic. The oldest midels might have hard time to actually route at 60Mbps (both ...
by mkx
Sat Jun 05, 2021 7:52 pm
Forum: General
Topic: CPU high utilization due to the Queue .CCR
Replies: 5
Views: 323

Re: CPU high utilization due to the Queue .CCR

Usual sugestion is to go with latest version from "long-term" channel, currently that's 6.47.10.
by mkx
Sat Jun 05, 2021 10:51 am
Forum: General
Topic: ROS upgrade failed on CRS328-4C-20S-4S+ now stuck in SWOS?
Replies: 3
Views: 281

Re: ROS upgrade failed on CRS328-4C-20S-4S+ now stuck in SWOS?

My guess is that you'll need physical access to the switch. And netinstall it.

SwOS doesn't have any MAC-something service, only way to manage it is via web interface.
by mkx
Sat Jun 05, 2021 10:48 am
Forum: General
Topic: DIfferent port-forwarding based on domain
Replies: 1
Views: 210

Re: DIfferent port-forwarding based on domain

It can't be done with mikrotik only. L7 is too late in the game to make redirection working (it works fine as firewall rule because it can break connection at some later stage) and other criteria don't care about SNI (Server Name Indication) which is the only way of getting domain name of intended s...
by mkx
Sat Jun 05, 2021 10:40 am
Forum: General
Topic: Bounding 802.3ad
Replies: 7
Views: 382

Re: Bounding 802.3ad

...in my opinion a single ppoe connection will not be balanced across all ports in the bond. Indeed. PPPoE is protocol on top of ethernet, hence bonding policies will only hash according to L2 ... as PPPoE server is only one (single MAC address), the only remaining variable is client MAC address.
by mkx
Sat Jun 05, 2021 10:37 am
Forum: General
Topic: DNS Forwarding is not working anymore
Replies: 4
Views: 369

Re: DNS Forwarding is not working anymore

My guess: you need properly configured hair-pin NAT for DNS resolver.

To give you better advice, post output of at least /ip firewall nat export hide-sensitive ... complete config would be better.
by mkx
Fri Jun 04, 2021 11:34 pm
Forum: Wireless Networking
Topic: hAP ac2 can't connect 5Ghz -N/AC mode
Replies: 15
Views: 8417

Re: hAP ac2 can't connect 5Ghz -N/AC mode

By the way every time I use one of your posts, I drink a beer in your honour. I hope that is payment enough ;-P So far I am still sober................... conclusion ;-PPPPP

Conclusion: next time your better half lets you to the grocery store, try to find some non-alcohol-free beer :-P
by mkx
Fri Jun 04, 2021 11:24 pm
Forum: General
Topic: Can't access network [SOLVED]
Replies: 3
Views: 335

Re: Can't access network [SOLVED]

So essentially you want to use mikrotik to wirelessly bridge multiple wired devices on L2. In short: it can't work if both wireless devices are from different vendors due to missing piece in 802.11 standard. You can read more in this nice article . There are some workarounds but all come with gotchas.
by mkx
Fri Jun 04, 2021 3:00 pm
Forum: RouterBOARD hardware
Topic: GPeR
Replies: 4
Views: 619

Re: GPeR

You could use RBGPOE passive injector from one side to power GPeR ... I guess.
by mkx
Fri Jun 04, 2021 2:56 pm
Forum: Wireless Networking
Topic: hAP ac2 can't connect 5Ghz -N/AC mode
Replies: 15
Views: 8417

Re: hAP ac2 can't connect 5Ghz -N/AC mode

Also, other suckers like me may actually look at the thread with geniune 5Ghz issues and could benefit from my unique and amazing settings . Indeed. Sometimes I have a feeling that you use this forum as a scratchpad to scrabble your settings only to come back at some later time to find them to re-a...
by mkx
Fri Jun 04, 2021 2:47 pm
Forum: Beginner Basics
Topic: RouterOS on CRS326 - upgrade from USB flash drive
Replies: 2
Views: 258

Re: RouterOS on CRS326 - upgrade from USB flash drive

Usual mode of manual upgrading ROS is to copy npk file to root of device's storage. After that reboot device and it should pick the file. The trick in your case is how to move/copy file from flash drive to device's storage. I don't think there's command to actually copy file from one directory (or m...
by mkx
Fri Jun 04, 2021 2:42 pm
Forum: Beginner Basics
Topic: Internet fiber on switch to router
Replies: 8
Views: 406

Re: Internet fiber on switch to router

Can I connect the internet fiber to the CRS328 (who has 4 SFP+ ports) and configure the RB4011 to use that as default destination? This would however mean that all traffic from LAN to WAN has to go through the CRS328 - RB4011 connection to be routed and back to go to the internet. Assuming internet...
by mkx
Fri Jun 04, 2021 2:29 pm
Forum: General
Topic: VLAN Routing is slow on hex S
Replies: 10
Views: 510

Re: VLAN Routing is slow on hex S

Don't mix intra-VLAN switching and inter-VLAN routing . Better switch (CSS3xx or CRS3xx) can help with former (intra-VLAN switching) but not with the later (switches suck at routing even if they run ROS, like CRS3xx does). hEX S is not a very powerful router. Real-life routing performance with prett...
by mkx
Fri Jun 04, 2021 12:27 pm
Forum: Beginner Basics
Topic: Access Webserver inside Lan - Hairpin NAT [SOLVED]
Replies: 3
Views: 396

Re: Access Webserver inside Lan - Hairpin NAT [SOLVED]

Assuming your whole LAN is behind ether2 ... you'll have to add ether2 to interface list LAN:
/interface list
add interface=ether2 list=LAN

BTW, current entry to LAN interface list (add list=LAN) does nothing and would best be removed not to offer base for any wrong assumptions.
by mkx
Fri Jun 04, 2021 12:10 pm
Forum: Beginner Basics
Topic: Connecting several CRS: Bad transfer rate
Replies: 7
Views: 413

Re: Connecting several CRS: Bad transfer rate

why all interface have set [ find default-name=xxx ] speed=100Mbps ??? My guess: config started with ancient ROS version where 100Mbps was default (comment on bridge of CRS2 saying "created from master port" indicates this). This setting, however, should not affect performance if auto-neg...
by mkx
Fri Jun 04, 2021 9:26 am
Forum: Beginner Basics
Topic: L3 switch configuration
Replies: 1
Views: 226

Re: L3 switch configuration

Here's VLAN config manual for CRS1xx. Beware that routing capacity of CRS1xx devices is nowhere near wirespeed. If you need any decent throughput between VLANs you better buy proper router for that.
by mkx
Fri Jun 04, 2021 9:19 am
Forum: General
Topic: 2x CRS328-24P-4S+ with broken ports - short circuit
Replies: 4
Views: 314

Re: 2x CRS328-24P-4S+ with broken ports - short circuit

Use gigabit PoE surge protector, sometime parasite currents can happen between two devices in 100+ network devices? Perhaps not all 100+ devices, but that's up to qualified electrician to decide. It very much depends on earthing done on both ends of UTP cable. If earthing point is common for both e...
by mkx
Fri Jun 04, 2021 9:07 am
Forum: RouterOS v7 BETA
Topic: Vlan on switch vs Vlan on interface
Replies: 5
Views: 427

Re: Vlan on switch vs Vlan on interface

@Tulga described requirements: eth3 and eth5 are members of same LAN (switching traffic between ports) - LAN1: 192.168.1.0/24 (I'm guessing subnet mask) eth7 and eth9 are members of LAN2: 192.168.2.0/24 ethX (other than 3,5,7,9 and WAP port) are members of LAN3: 192.168.100.0/24 One can do it using ...
by mkx
Tue Jun 01, 2021 9:17 am
Forum: Beginner Basics
Topic: No ping to device from AP ?
Replies: 2
Views: 265

Re: No ping to device from AP ?

Post full configuration export from station. If all ports are bridged, then firewall rules likely don't do anything... but there are other settings that can affect behaviour.
by mkx
Mon May 31, 2021 8:11 am
Forum: Wireless Networking
Topic: Help with Setup
Replies: 5
Views: 385

Re: Help with Setup

It can be done if you configure VLANs on link between the two cAPs. You'll need some general knowledge about VLANs, this tutorial nicely describes how it's done on Mikrotik devices.
by mkx
Sun May 30, 2021 11:01 pm
Forum: General
Topic: Firewall NAT logging!
Replies: 9
Views: 464

Re: Firewall NAT logging!

As the failed login attempts appear from a NAT router ( unless the address is spoofed !) I don't believe address seen by SSH daemon (on radius server) is spoofed. If it was, the connection would not go farther than to second step of 3-step TCP handshake (server reply with SYN ACK), so you wouldn't ...
by mkx
Sun May 30, 2021 8:19 pm
Forum: General
Topic: Firewall NAT logging!
Replies: 9
Views: 464

Re: Firewall NAT logging!

So somebody from internet (or LAN?) is trying to get into your not-so-well hidden SSH service. As all failed logins appear to originate from your NAT router, you probably have one src-nat too many (or some too greedy src-nat). If you fix that src-nat rule, you'll see actual src addresses of those lo...
by mkx
Sun May 30, 2021 8:12 pm
Forum: RouterBOARD hardware
Topic: RB4011iGS+ PoE in seems to need a jump-start
Replies: 12
Views: 601

Re: RB4011iGS+ PoE in seems to need a jump-start

PoE standard 802.3 af/at defines some elaborate procedure when PSE (power source) applies power to port. And if PD (powered device) does not respond appropriately, PSE should assume that connected device is not 802.3 af/at compliant and should not enable full power. RB4011 supports only passive PoE ...
by mkx
Sun May 30, 2021 1:53 pm
Forum: Wireless Networking
Topic: RB2011 wireless speed very low?
Replies: 4
Views: 472

Re: RB2011 wireless speed very low?

Even if it's "only" 802.11n, it should still be able to give realistic throughput around 100Mbps ... given reasonably interference-free environment (which might be mission impossible in certain areas). However, oficial test results indicate that realistic wired routing speed might peak at ...
by mkx
Sun May 30, 2021 11:02 am
Forum: RouterBOARD hardware
Topic: RB4011iGS+ PoE in seems to need a jump-start
Replies: 12
Views: 601

Re: RB4011iGS+ PoE in seems to need a jump-start

Only thinking aloud: starlink brick specifies output voltage at 56V. That might be nominal voltage while in reality (specially while unloaded) it might be a tad higher. Mikrotik OTOH might refuse to start when fed by voltage higger than exactly the upper limit (57V). If, after starting up, mikrotik ...
by mkx
Sat May 29, 2021 9:07 pm
Forum: General
Topic: Point to Point Addressing /32 or /31 Default Route [SOLVED]
Replies: 15
Views: 780

Re: Point to Point Addressing /32 or /31 Default Route [SOLVED]

Ethernet technology is point to multipoint technology. It works the same regardless of how layer above (e.g. IP) is configured, frames are still sent to destination MAC address and that one still has to be learned somehow, normally using ARP who has mechanism and in order to learn destination MAC ad...
by mkx
Sat May 29, 2021 8:54 pm
Forum: Beginner Basics
Topic: Can't Access Netgear Modem Management hEX S
Replies: 4
Views: 354

Re: Can't Access Netgear Modem Management hEX S

The problem is in subnetting you have: subnet set on netgear overlaps with mikrotik's LAN (10.0.1.0/24 is upper half of 10.0.0.0/23) and that's a problem for both mikrotik and netgear. From the sketch of network layout it's not very clear how mikrotik is actually configured so it's impossible to tel...
by mkx
Sat May 29, 2021 6:03 pm
Forum: General
Topic: Mikroitk Router OS (Trial Version Limits) [SOLVED]
Replies: 3
Views: 376

Re: Mikroitk Router OS (Trial Version Limits) [SOLVED]

You can check about limitations of particular ROS license levels in this document . AFAIK ROS x86 is 32-bit and is thus limited to using 2GB RAM (usual limitation of "straight" 32-bit linux kernel). I don't know about issues with exceeding certain number of PPPoE active sessions. I wouldn'...
by mkx
Sat May 29, 2021 5:52 pm
Forum: Beginner Basics
Topic: Setting up VLAN/Firewall with Mikrotik Router (RB4011)
Replies: 5
Views: 453

Re: Setting up VLAN/Firewall with Mikrotik Router (RB4011)

please no CLI, I have seen that users post the code of the configuration and while I could some portions of it, it is too advanced for my level Just FYI: basic configuration structure (tree if you want) is mostly the same both in GUI (either winbox or webfig) and in CLI. It's much easier and more r...
by mkx
Sat May 29, 2021 5:44 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 91
Views: 12549

Re: v6.48.3 [stable] is released!

But 30ms really seems to be over the top for this value. Screenshot in post #51 above shows winbox UI displaying "ms" as unit for that field. Nobody said we really wanted to have such a short setting, it was just part of debugging process ... CLI error mesage implies that setting resoluti...
by mkx
Fri May 28, 2021 10:47 pm
Forum: Wireless Networking
Topic: NV2 Sync
Replies: 7
Views: 1447

Re: NV2 Sync

The NTP server itself doesn't even have to be very accurate, as it is the relative timing between APs that matters. You're right, absolute time is not important. However, clocks on co-located APs should be synchronized to a few ten nanoseconds ... remember, standard duration of guard period in 802....
by mkx
Fri May 28, 2021 3:01 pm
Forum: General
Topic: Tapatalk support lost?
Replies: 4
Views: 484

Re: Tapatalk support lost?

Being tapatalk-ignorant I find current situation very pleasing. In the past sometimes tapatalk plugin aggressively offered me to use tapatalk app and it was really pissing me off.
by mkx
Fri May 28, 2021 2:56 pm
Forum: Beginner Basics
Topic: differences between WAN RX & LAN TX
Replies: 3
Views: 304

Re: differences between WAN RX & LAN TX

There is no help, it's how queues work. Get over it. When ingress throughput exceeds allowed egress throughput, then traffic shaper (queue) buffers some traffic. If ingress traffic rate continues to exceed allowed egress throughput and buffers get full, some packets are dropped. Normal TCP streams a...
by mkx
Fri May 28, 2021 1:16 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 91
Views: 12549

Re: v6.48.3 [stable] is released!

minor problem ipv6 nd reachable time (this also happen in previous version) Seems to me that it's (esthetic) problem of winbox ... on my 6.47.9 default setting is "unspecified" and if I try to set it to "30ms", I get [admin@router] /ipv6 nd> set 0 reachable-time=30ms Warning: va...
by mkx
Thu May 27, 2021 6:15 pm
Forum: General
Topic: What's wrong with the rb750r2??
Replies: 30
Views: 11923

Re: What's wrong with the rb750r2??

@easycoms: not only that you dug a dead thread (post last before your reply is dated in September 2019 ), you also posted incorrect information. Official product page of RB750r2 states that input voltage range is between 6V and 30V and explicitly defines same range for both power input methods. Volt...
by mkx
Thu May 27, 2021 8:33 am
Forum: General
Topic: any working dhcp - client ipv6 working example?
Replies: 8
Views: 509

Re: any working dhcp - client ipv6 working example?

There is generally no need to use IPv6 DHCP to hand out addresses like with IPv4 DHCP - this can be accomplished with SLAAC. So how do you perform any remote connections to SLAAC-configured clients? There are legitimate reasons to do it. Even if client OS uses the anonymizing mechanisms (selecting ...
by mkx
Wed May 26, 2021 10:14 pm
Forum: Beginner Basics
Topic: Lan ports 10Mbps only, and cannot access the router when tagged port1 switch
Replies: 11
Views: 489

Re: Lan ports 10Mbps only, and cannot access the router when tagged port1 switch

Post configuration export of your RB (execute /export hide-sensitive file=anynameyouwish in terminal window, fetch resulting file, open it with text editor and copy-paste conrents inside [ code] [/code] environment). As to trunk config: usage of VLAN ID 1 is highly discouraged. That VID is implicit ...
by mkx
Tue May 25, 2021 10:35 pm
Forum: General
Topic: HEX PoE leds
Replies: 5
Views: 366

Re: HEX PoE leds

Use black adhesive tape (or even "metalized"), that works for all hardware that I tried it on (including my RB2011).
Dos it work for the blue LED of RB4011 as well? Or does that one burn through adhesive tape? LOL
by mkx
Tue May 25, 2021 10:30 pm
Forum: Beginner Basics
Topic: Can web [reverse] proxy redirect to different local computers based on host header ?
Replies: 11
Views: 437

Re: Can web [reverse] proxy redirect to different local computers based on host header ?

Redirecting stuff is complicating things and it is visible to user. For example: if server1 replies to both https://host1.example.com/ and https://host2.example.com/, it needs installed certificate which works for both FQDNs. Then if sole function of server1 for requests for https://host2.example.co...
by mkx
Tue May 25, 2021 8:26 pm
Forum: Beginner Basics
Topic: Can web [reverse] proxy redirect to different local computers based on host header ?
Replies: 11
Views: 437

Re: Can web [reverse] proxy redirect to different local computers based on host header ?

instruct the browser to redirect the connection to 2.3.4.5:82. That's against OP's requirement that it should be hidden from clients. Additionally using non-standard ports may break things for some clients (some corporate firewalls are quite restrictive when it comes to uncommon/nonstandard ports)....
by mkx
Tue May 25, 2021 8:18 pm
Forum: Beginner Basics
Topic: Can web [reverse] proxy redirect to different local computers based on host header ?
Replies: 11
Views: 437

Re: Can web [reverse] proxy redirect to different local computers based on host header ?

The 2nd part: install a proper reverse proxy on one of internal servers (e.g. haproxy, nginx or apache) and configure it to forward requests to the rest of servers.
by mkx
Tue May 25, 2021 8:08 pm
Forum: General
Topic: PWR-LINE PRO
Replies: 24
Views: 3657

Re: PWR-LINE PRO

Here's my experience with another vendor's PLC devices but since PLC is same standard for everybody it probably applies to MT gadgets as well: they work mostly equally good/bad with or without PE wire they operate best if they're on the same circuit (i.e. no fuses either blow or automatic in the way...
by mkx
Tue May 25, 2021 7:47 pm
Forum: RouterOS v7 BETA
Topic: Feature Request : IPv6 Fasttrack
Replies: 17
Views: 1373

Re: Feature Request : IPv6 Fasttrack

+1

IPv6 is among us already for ages, lack of performance in ROS is unbearable.
by mkx
Tue May 25, 2021 7:17 pm
Forum: Beginner Basics
Topic: hAP Lite as switch + AP Client
Replies: 2
Views: 233

Re: hAP Lite as switch + AP Client

The problem you have is that both devices have statically set default gateway (e.g. 192.168.88.1). But that host is not available when your little setup becomes island connected via phone hotspot. If you want to have both machines working without any change, hAP would have to change its own IP addre...
by mkx
Tue May 25, 2021 9:32 am
Forum: Announcements
Topic: Newsletter March 2021 (#99)
Replies: 38
Views: 13044

Re: Newsletter March 2021 (#99)

Product brochure, available for download here , says that two fibre strands are needed (connector type: Dual LC UPC ). Picture implies that as well. Quick look at products list gives only S+2332LC10D to be able to work over single fibre strand. I'm sure there are plenty of compatible 3rd party DFP m...
by mkx
Mon May 24, 2021 8:41 pm
Forum: Beginner Basics
Topic: RB750gr3 vs RB760IGS?
Replies: 4
Views: 366

Re: RB750gr3 vs RB760IGS?

As you deducted yourself, any suggestions of particular router models for particular use cases is highly subjective and one has to verify how tgey compare to facts.

BTW, number of clients/hosts doesn't have much to do with router performance.
by mkx
Mon May 24, 2021 4:07 pm
Forum: Wireless Networking
Topic: CAP - change settings after initial config
Replies: 4
Views: 408

Re: CAP - change settings after initial config

@anav, is it a QuickSet option? No, I didn't think so either. ;-) But then I guess your setup is what @OP wanted, but couldn't describe his requirements ... in plain words (as you like to put it). I guess we should make MT devs to add a "plain AP" mode to the list of QuickSet configurations.
by mkx
Mon May 24, 2021 4:04 pm
Forum: RouterBOARD hardware
Topic: Add +1 here if you liked "white brick" mikrotik design
Replies: 10
Views: 595

Re: Add +1 here if you liked "white brick" mikrotik design

+1

Boxy cases can stack quite ideally. The "fancy" rounded gadgets not so much.

And I'd add another plea/request: devices which come with (optional) rack-mounting ears should be 1U high natively (no more RB4011 ugliness).
by mkx
Mon May 24, 2021 3:59 pm
Forum: General
Topic: reboot command to network device from RB [SOLVED]
Replies: 6
Views: 535

Re: reboot command to network device from RB [SOLVED]

For me it works like this: one only needs 2 key files as created in linux running command ssh-keygen -m PEM -f forMT Append contents of .pub file to file authorized_keys on your RPI, e.g. cat forMT.pub >>/root/.ssh/authorized_keys Then copy both forMT* files over to mikrotik. In ROS and import them ...
by mkx
Mon May 24, 2021 1:22 pm
Forum: Wireless Networking
Topic: hAP ac lite unable to see mobile 5GHz hotspot
Replies: 2
Views: 255

Re: hAP ac lite unable to see mobile 5GHz hotspot

Check which channel your mobile hotspot is using (by scanning from device that does see it) and whether country setting on hAP ac lite might prevent using that channel ...
by mkx
Mon May 24, 2021 1:18 pm
Forum: General
Topic: Bandwidth issues with WireGuard and 7.1beta6
Replies: 9
Views: 560

Re: Bandwidth issues with WireGuard and 7.1beta6

The TCP window settings on both client and server still apply aven if WG is run over UDP (which explains why UDP tests can saturate link). Not sure how that's affected by WG properties. But then Tx drops indicate that WG link is not perfect and that will definitely affect performance of TCP connecti...
by mkx
Mon May 24, 2021 1:11 pm
Forum: Beginner Basics
Topic: Mikrotik reset button is broken
Replies: 10
Views: 632

Re: Mikrotik reset button is broken

Perhaps not the issue, but do try to use different power adapter. PAs age and can become marginal after a while. In such cases electronic devices might enter a boot loop (because PA is not capable of delivering power needed for normal operation) or become unstable (experiencing random reboots when P...
by mkx
Mon May 24, 2021 12:47 pm
Forum: RouterBOARD hardware
Topic: DISC Lite5 ac PtP NV2 Hickups and generally disapointing performance
Replies: 19
Views: 8102

Re: DISC Lite5 ac PtP NV2 Hickups and generally disapointing performance

(more or less proportional to more or less third power of distance) I thought the received power reduces with the second power of the distance ... (sorry for some RF basics, but I want description to become more clear also to those less RF-experienced. I guess I'll fail due to being non-native Engl...
by mkx
Mon May 24, 2021 12:17 pm
Forum: Wireless Networking
Topic: CAP - change settings after initial config
Replies: 4
Views: 408

Re: CAP - change settings after initial config

WISP mode means that cAP can only be administered over WAN link ... because in this mode device is considered as ISP's border device. It's been long time since I used QuickSet, but I'd say HomeAP is the mode you want. Just a warning: if you switch over to normal webfig/winbox (as opposed to QuickSet...
by mkx
Mon May 24, 2021 12:11 pm
Forum: General
Topic: Bandwidth issues with WireGuard and 7.1beta6
Replies: 9
Views: 560

Re: Bandwidth issues with WireGuard and 7.1beta6

Just a general observation: TCP doesn't work great with large delays out-of-the-box. That's where TCP windows comes into play and with 40ms delay, TCP window size should be larger than around 5 MB to be able to reach 1Gbps throughput. Default window size of 64kB is only enough for around 13Mbps with...
by mkx
Mon May 24, 2021 11:45 am
Forum: Beginner Basics
Topic: PPPOE slow upload only
Replies: 5
Views: 557

Re: PPPOE slow upload only

First a warning: your firewall is non existing and thus your router is most probably very much exposed to attacks from internet. The sole "chain=input action=drop" doesn't guarantee anything. One thing missing from your firewall rules is enabling fasttrack, which normally helps with firewa...
by mkx
Sun May 23, 2021 12:50 pm
Forum: General
Topic: missing basic router protocols
Replies: 10
Views: 497

Re: missing basic router protocols

Mikrotiks that come with default firewall settings (your RB951 included) don't allow conections from WAN directly to LAN IP addresses and that's for good reason (namely security). Even more, for IPv4 whole LAN is hidden behind router's WAN IP address, router performs NAT ... Before allowing connecti...
by mkx
Sat May 22, 2021 5:57 pm
Forum: General
Topic: CRS326-24S+2Q+RM and FAN
Replies: 4
Views: 599

Re: CRS326-24S+2Q+RM and FAN

I can't say anything about design decissions by MT. But IMHO fibre connections should be used for anything faster than 1Gbps. If not for other things, UTP cables fit for speeds 2.5Gbps and higher are quite bulky compared to anything else. And power consumption per connection is considerably lower wi...
by mkx
Fri May 21, 2021 10:41 pm
Forum: General
Topic: CRS326-24S+2Q+RM and FAN
Replies: 4
Views: 599

Re: CRS326-24S+2Q+RM and FAN

Screen shot shows SFP temperature to be at "modest" 68 °C. Without fans spinning as if pushing jet plane during takeoff SFP temperature would be nearer 90 °C. The S+RJ10s modules produce a lot of heat and that's officially a big problem.
by mkx
Fri May 21, 2021 10:34 pm
Forum: General
Topic: Winbox for linux
Replies: 15
Views: 735

Re: Winbox for linux

You're free to run whatever you want on your boxes and if you find running winbox inside snap environment a simple and effective way, then great for you. Personally I try to avoid installing some 3rd party wrapper environment if running same stuff without that environment provides same (or even bett...
by mkx
Fri May 21, 2021 4:41 pm
Forum: General
Topic: Could my NAT rules be better?
Replies: 3
Views: 337

Re: Could my NAT rules be better?

I don't see how the first 3 rules (src-nat masquerade for internet-bound traffic) are different from each other, but likely one would suffice. And no need to explicitly set to-ports on dst-nat rule, that is only necessary if translated port (property dst-port ) is different than target port (propert...
by mkx
Fri May 21, 2021 4:32 pm
Forum: General
Topic: Winbox for linux
Replies: 15
Views: 735

Re: Winbox for linux

I guess what @rextended wanted to say is: how hard is it to install wine from your favourite source (e.g. linux distro repositories) and then download winbox directly from mikrotik and simply run it? winbox is pretty simple application, doesn't need any installation procedure, simply execute " ...
by mkx
Fri May 21, 2021 4:20 pm
Forum: General
Topic: 3011 and 4011 port flapping
Replies: 3
Views: 355

Re: 3011 and 4011 port flapping

Guys, please keep talking in English. We the rest don't want to miss the party.

POE 24V 1A on ETH1 as secondary power.
And what is primary power? Power adapter connected to barrel-connector? What voltage?

And what is connected to eth10?
by mkx
Fri May 21, 2021 4:07 pm
Forum: General
Topic: reboot command to network device from RB [SOLVED]
Replies: 6
Views: 535

Re: reboot command to network device from RB [SOLVED]

It is possible to ssh from ROS device to remote host and execute a command there. It is possible to use key authentication (instead of password) and it is possible to do that from within a ROS script.
by mkx
Fri May 21, 2021 12:04 pm
Forum: SwOS
Topic: Issues with creating VLAN's
Replies: 2
Views: 455

Re: Issues with creating VLAN's

I'm not using SwOS, but "port isolation" sounds like it might interfere with traffic between ports.
by mkx
Fri May 21, 2021 12:15 am
Forum: General
Topic: Router OS higher than Long Term Release!
Replies: 14
Views: 624

Re: Router OS higher than Long Term Release!

Wait for a few weeks and some ROS/firmware version higher than your factory version will become long term.
by mkx
Thu May 20, 2021 4:22 pm
Forum: Beginner Basics
Topic: PPPOE slow upload only
Replies: 5
Views: 557

Re: PPPOE slow upload only

I can upload the configuration file

Without seeing configuration file we can't tell what might be the problem.
by mkx
Fri May 14, 2021 11:11 am
Forum: General
Topic: Bonding Technology
Replies: 3
Views: 485

Re: Bonding Technology

This is user forum, not support portal. So sometimes it takes some time (even few days) until some user with knowledge and experience about particular problem stumbles upon a post.
by mkx
Thu May 13, 2021 3:09 pm
Forum: Beginner Basics
Topic: Routing between two networks [SOLVED]
Replies: 3
Views: 573

Re: Routing between two networks [SOLVED]

Add LAN2 IP address to ether5. And add src-nat rule for traffic exiting via ether5: /ip firewall nat add chain=srcnat action=src-nat to-addresses=<LAN2 IP address of MT device> out-interface=ether5 This way hikvision gear will see all connection as if coming from router (with LAN2 address inside the...
by mkx
Thu May 13, 2021 2:54 pm
Forum: Beginner Basics
Topic: Making use of /31 public IP addresses assigned via PPPoE [SOLVED]
Replies: 1
Views: 474

Re: Making use of /31 public IP addresses assigned via PPPoE [SOLVED]

The big problem is on the other machine. Let's say you get (public) IP addresses 10.20.30.40 and 10.20.30.41 and you use 10.20.30.40 for router's own WAN address (bound to pppoe-out1 interface). If you configure another box with 10.20.30.41/32 ... you need to tell it which IP address has its upstrea...
by mkx
Thu May 13, 2021 2:39 pm
Forum: Beginner Basics
Topic: Firewall drop everything rule vs rules for not nat and internet [SOLVED]
Replies: 2
Views: 384

Re: Firewall drop everything rule vs rules for not nat and internet [SOLVED]

@lnulzer: what you have is inherently more safe. The code in first block (as you write it's from some MT documentation) uses multiple drop rules and when using such rules it's only too easy to forget to drop something and omission to drop something is very hard to notice ... until after it's too lat...
by mkx
Thu May 13, 2021 2:30 pm
Forum: Beginner Basics
Topic: Two SIMS in one modem.
Replies: 5
Views: 651

Re: Two SIMS in one modem.

As @CZFan already wrote: only one SIM card can be in use by LTE modem at a time. Purpose of having two (or more) SIM cards is to change active SIM card by simple configuration change. If one wants to double the bandwidth, another modem is needed. Then some advanced configuration to enable load-shari...
by mkx
Thu May 13, 2021 2:25 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 32
Views: 2787

Re: v7 launch date

Shift from an heavy customized kernel 3.3.5 to a new heavy customized kernel 5.6.3 Hopefully less heavy customized kernel. As the rumours go, wireless drivers in v6 were all in-house development. Seems like MT is going to use stock (wireless chip vendors') drivers at least for wave2-capable wireles...
by mkx
Thu May 13, 2021 8:44 am
Forum: Beginner Basics
Topic: vlan'ing home lab network [SOLVED]
Replies: 4
Views: 608

Re: vlan'ing home lab network [SOLVED]

Don't set PVID on bridge: /interface bridge add fast-forward=no name=vlan-bridge pvid=30 vlan-filtering=yes You're using said bridge as tagged further down the config and PVID seting messes that. BTW, you don't use vlan-bridge as interface (other than underlying interface for VLAN interfaces) and he...
by mkx
Thu May 13, 2021 8:39 am
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 1439

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

I think we're rather having fun with our favourite on-line translating tools.
by mkx
Thu May 13, 2021 8:32 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 32
Views: 2787

Re: v7 launch date

There are two things that are not great with ROSv7: stability and functionality which is already available in v6. This is the important one and should definitely be worked on first to roll out v7 (sort of a stable release). It will form a good base for further development which was increasingly trou...
by mkx
Tue May 11, 2021 11:36 pm
Forum: Beginner Basics
Topic: Forward SSH from static IP to internal network [SOLVED]
Replies: 10
Views: 877

Re: Forward SSH from static IP to internal network [SOLVED]

@vds, I'd like to draw your attention to what @anav already asked: are you actually trying to connect from WAN side of your router? Because your current config won't do for connecting to public address from LAN side of your router.
by mkx
Tue May 11, 2021 11:31 pm
Forum: General
Topic: Understanding firmware version vs router OS version
Replies: 5
Views: 435

Re: Understanding firmware version vs router OS version

Mostly yes. Except: firmware comes with ROS and bears same version number (firmware seldomly changes, hence different version numbers don't necessarily mean different firmware). After you upgrade (or downgrade) ROS, you'll see "Upgrade Firmware" different from "Current Firmware" ...
by mkx
Tue May 11, 2021 9:56 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 1439

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

You meant to write "Normis ir ģēnijs"?
by mkx
Tue May 11, 2021 6:46 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 1439

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

No kidding, one can actually click on icon? Who ever came up with that great idea must be a genious ;-)
by mkx
Tue May 11, 2021 5:17 pm
Forum: Beginner Basics
Topic: Too many address in /ip dns static
Replies: 5
Views: 547

Re: Too many address in /ip dns static

Default configuration has none static DNS entries. So you'll have to find out how these landed on your mikrotik to decide whether it's OK to delete them or not.
by mkx
Tue May 11, 2021 5:09 pm
Forum: RouterBOARD hardware
Topic: PWR-LINE PRO Speed
Replies: 1
Views: 439

Re: PWR-LINE PRO Speed

Pwr-line devices are much like wifi: they have theoretical maximum speed which is almost never achievable. Actual speed depends very much on actual electrical wiring, fuse type and placement, star alignment, etc. My (limited) experience says your actual result (60 Mbps) is not that bad.
by mkx
Tue May 11, 2021 4:55 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 1439

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

@mkx can you send me an email please.
where to? ;-)
by mkx
Tue May 11, 2021 4:52 pm
Forum: Beginner Basics
Topic: How to disable firewall completely
Replies: 11
Views: 826

Re: How to disable firewall completely

No just one. I am trying to split my single IP, home internet connection into two segments immediately after the modem. In case you only have single WAN IP address, your device will have to perform NAT and port forwarding for both segments. In ROS NAT is actually function of firewall so you won't g...
by mkx
Mon May 10, 2021 11:17 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 1439

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

What would be the SOHO line of routers in your opinion?

All devices apart from: CHR, CRS line, CCR line, RB1100 line and possibly RB3011 (not sure about this one).

I'm not talking about SwOS devices here.
by mkx
Mon May 10, 2021 11:13 pm
Forum: Beginner Basics
Topic: Differences between RB with multiple switch chips [SOLVED]
Replies: 3
Views: 440

Re: Differences between RB with multiple switch chips [SOLVED]

Switch chip vlan filtering is obviously limited to single chip. Inter-chip communication passes CPU where one can use bridge (in it's non-vlan configuration) to merge multiple ports. However, making configuration on both switch chips consistent is router admin's responsibility, ROS doesn't enforce i...
by mkx
Mon May 10, 2021 7:50 pm
Forum: Wireless Networking
Topic: Caps-man with vlans and cAP with vlans on switch chip problem
Replies: 8
Views: 702

Re: Caps-man with vlans and cAP with vlans on switch chip problem

Which interface did you remove, the mgmt_int_vlan4? Not sure what's your current config, but that interface should probably stay there. In case when you configure VLAN stuff on switch chip you should not enable vlan filtering on brudge and hence you can not set up management IP address directly on b...
by mkx
Mon May 10, 2021 7:39 pm
Forum: General
Topic: MAC based vlan and guests
Replies: 4
Views: 321

Re: MAC based vlan and guests

Assuming clients are using untagged frames (or else MAC-based VLANs would not work anyway), they can bi-directionally directly communicate only inside single VLAN ... switch has to tag frames on ingress and mostly doesn't perform any frame analysis apart from frame headers. Which means it doesn't ha...
by mkx
Mon May 10, 2021 7:23 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 1439

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

Best thing is to accept the default firewalls as they work out of the box quite safely. SOHO-line of Mikrotik routers comes with very decent default firewall rule set. RB1100AHx4, however, is not from that line and comes with pretty plain defaults, hence it's wise to get some decent starting settti...
by mkx
Mon May 10, 2021 7:13 pm
Forum: Beginner Basics
Topic: How to disable firewall completely
Replies: 11
Views: 826

Re: How to disable firewall completely

I just bought the MikroTIK HEX S and would like to split my internet connection into 2 segments with NO FIREWALL on either since I have a firewall on
my trusted LAN that I want to use instead.

So essentially you need an ethernet switch.
by mkx
Mon May 10, 2021 4:34 pm
Forum: Beginner Basics
Topic: Routing between Bridges (?)
Replies: 2
Views: 370

Re: Routing between Bridges (?)

Either using single bridge as per suggestion by @anav or using two bridges, the issue is the same. What you have to keep in mind is the following: bridge and VLAN are L2 entities. Subnets belonging to different L2 entities can not communicate without aide of L3 entity, which is router. Router is cha...
by mkx
Sun May 09, 2021 5:51 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 294
Views: 44622

Re: v7.1beta5 [development] is released!

Are you an immigrant?

No, not AFAIK. But in the troll mode (again after some quiet time LOL).
by mkx
Sun May 09, 2021 3:31 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 294
Views: 44622

Re: v7.1beta5 [development] is released!

@anav, I'm still waiting for you to buy a couple of EAP6xxs and throw your existing EAP245s ... just throw them in azimuth around 58° real hard. Aim for my hand.
by mkx
Sun May 09, 2021 12:36 pm
Forum: General
Topic: Bonding Technology
Replies: 3
Views: 485

Re: Bonding Technology

See my answer in your other thread. No need to create multiple threads with essentially same question.
by mkx
Sun May 09, 2021 12:32 pm
Forum: RouterBOARD hardware
Topic: LtAP LTE6
Replies: 3
Views: 656

Re: LtAP LTE6

In short: no. Bonding means two or more physical links are configured to form single logical link, but that has to be done on both ends. Usually ISPs don't offer bonding ... If using two physical links without possibility to configure them into bond it is possible to configure load sharing, but conf...
by mkx
Sat May 08, 2021 5:29 pm
Forum: General
Topic: rb4011 vlan filtering and dhcp issues [SOLVED]
Replies: 8
Views: 816

Re: rb4011 vlan filtering and dhcp issues [SOLVED]

However why are your WAN connections on Vlans? THe only reason to do that is if the ISP provider sends the data to you on a VLAN. No, it's not the only reason. One can connect ISP's border device (router, media converter, ...) to access port of some switch and use VLAN to carry it to router. No nee...
by mkx
Sat May 08, 2021 5:25 pm
Forum: General
Topic: Mesh for 2g and 5g Wifi on same LAN with 3 hAP ac3 [SOLVED]
Replies: 3
Views: 498

Re: Mesh for 2g and 5g Wifi on same LAN with 3 hAP ac3 [SOLVED]

For clients I tested this, two AP's same frequency, same ssid and client connects to one that has stronger signal, but I didn't think it could be simple like that just to bridge it. For roaming, adjacent APs don't need to be on the same frequency. When wireless client decides to change AP, it'll sc...
by mkx
Sat May 08, 2021 2:01 pm
Forum: General
Topic: Mesh for 2g and 5g Wifi on same LAN with 3 hAP ac3 [SOLVED]
Replies: 3
Views: 498

Re: Mesh for 2g and 5g Wifi on same LAN with 3 hAP ac3 [SOLVED]

Your setup is not mesh, mesh is when APs use same radio for both offering service to clients and for backhauling (connecting towards upstream). In your case it's simple: configure all APs with identical wireless security profiles and same SSIDs. And configure them to simply bridge wireless with wire...
by mkx
Sat May 08, 2021 1:57 pm
Forum: General
Topic: WeBfig as default page in the management page [SOLVED]
Replies: 3
Views: 474

Re: WeBfig as default page in the management page [SOLVED]

It does for me ... I don't think I had to do anything about that so I don't know what made devices to stick with webfig.
by mkx
Sat May 08, 2021 1:50 pm
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 5996

Re: Very high sector writes

My hAP ac2 collected 5.5M sector writes so far, bad blocks is still at 0.0%. This device is my main home router. My RB951G collected 96k sector writes in 12 weeks, 16.3M in total, bad blocks are at 0.5% since long time ago (pretty sure predates the massive sector write feature). This device is used ...
by mkx
Sat May 08, 2021 1:22 pm
Forum: Beginner Basics
Topic: do you let 1U between routers and switches? [SOLVED]
Replies: 7
Views: 1073

Re: do you let 1U between routers and switches? [SOLVED]

With passive cooled devices the main problem with setup in your photograph is adjacent placement of S-RJ modules. Specially the 10Gbps modules (1G modules as well but to slightly lesser extent) produce quite a lot of heat and passively cooled devices can not deal with it efficiently. MT published re...
by mkx
Sat May 08, 2021 12:04 pm
Forum: Beginner Basics
Topic: Product advice for a SOHO
Replies: 19
Views: 1136

Re: Product advice for a SOHO

Not really sure about what benefits comes with the extra M.2 storage and how it helps The Dude, The Dude needs some storage to deal with statistical data from controlled/monitored devices. While every ROS device comes with some permanent storage that storage comes with one or two problems: As with ...
by mkx
Sat May 08, 2021 10:33 am
Forum: General
Topic: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]
Replies: 6
Views: 531

Re: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]

When you configure a wireless interface with a VLAN ID in the wireless settings, the tag is added by the wireless interface itself. In other words, by setting vlan-id in a wireless interface settings, you are making that wireless interface a trunk port instead of an access port. So if this is on yo...
by mkx
Sat May 08, 2021 10:24 am
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 5996

Re: Very high sector writes

My hAP ac2 recorded 1.5M sector writes since boot ... which was 90 days ago, so it's averaging more than 15k sector writes per day.
by mkx
Sat May 08, 2021 10:14 am
Forum: Beginner Basics
Topic: Read Everything, Followed Guides - Still Does Not Work (IPTV + IGMP Proxy + Firewall)
Replies: 4
Views: 565

Re: Read Everything, Followed Guides - Still Does Not Work (IPTV + IGMP Proxy + Firewall)

While config by @vuli works, it's not the recomended way of doing it ... one should be using single bridge with properly configured VLANs.

Never the less, either mention your ISP so that some fellow victim of same ISP shares working setup or explain your use case more in depth.
by mkx
Sat May 08, 2021 10:10 am
Forum: Beginner Basics
Topic: do you let 1U between routers and switches? [SOLVED]
Replies: 7
Views: 1073

Re: do you let 1U between routers and switches? [SOLVED]

You need 1U cable organizer for every switch/rourer .. which solves your problem as well.
by mkx
Fri May 07, 2021 10:30 pm
Forum: Beginner Basics
Topic: IPv6 behind CRS326 [SOLVED]
Replies: 2
Views: 631

Re: IPv6 behind CRS326 [SOLVED]

IGMP snooping and IPv6 don't go well together on Mikrotik ...
by mkx
Fri May 07, 2021 6:20 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1500

Re: Decrease in software quality from mikrotik?

WiFi OTOH is technical problem and technically it would be failry easy to use 6GHz band instead of 5.5GHz. Unfortunately 6GHz is assigned to licensed fixed point-to-point networks here (in Europe). Exactly ... so when regulators are in doubt from whom to take, decision is easy: from the one who pay...
by mkx
Fri May 07, 2021 6:13 pm
Forum: General
Topic: rb4011 vlan filtering and dhcp issues [SOLVED]
Replies: 8
Views: 816

Re: rb4011 vlan filtering and dhcp issues [SOLVED]

VLANs on bridge are not exactly trivial and tutorial, linked by @erlinden, is truly a great resource. Read it, understand it, and you'll get it done. If not, post exact configuration (less vlan-filtering) and we'll check where's the problem.
by mkx
Fri May 07, 2021 3:17 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1500

Re: Decrease in software quality from mikrotik?

As you wrote, the damage has already been done and the only thing remaining is damage control. Weather radars have been using their frequencies for decades and constraint is physics (reflection off water droplets) so it can't be changed (unlike air traffic radars). WiFi OTOH is technical problem and...
by mkx
Fri May 07, 2021 2:07 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1500

Re: Decrease in software quality from mikrotik?

As many of you could guess, the influence is not one-way (radars affecting wifi APs), stray wifi APs affect weather radar measurements as well. A weather radar image, showing the scale of the problem: https://www.mkx.si/radar-wifi.png Image shows measurements of otherwise "benign" atmosphe...
by mkx
Fri May 07, 2021 1:35 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1500

Re: Decrease in software quality from mikrotik?

Another issue is that we receive RADAR all over the band at an access point placed at 220m height in a radio transmitter tower, located about 20km from a weather radar. It does not matter what channel is used, DFS detects radar everywhere. Likely a case of saturation of the receiver as well. Weathe...
by mkx
Fri May 07, 2021 1:23 pm
Forum: SwOS
Topic: LAGG with pfsense Setup
Replies: 5
Views: 1454

Re: LAGG with pfsense Setup

Well, the setup you outlined in your original post will work ... but as I described, certain connections will be capped at 1Gbps. If there are many connections, their cumulative throughput will likely hit the cap your ISP is (or will be) provisioning to you.
by mkx
Fri May 07, 2021 1:19 pm
Forum: RouterBOARD hardware
Topic: hAP AC PoE-Out Limits?
Replies: 3
Views: 534

Re: hAP AC PoE-Out Limits?

What kind of PoE splitter is it? All MT devices will output same voltage as they are powered with ... which is, as per your diagram, 48V. If PoE splitter is not active device (e.g. reducing voltage to 12V), fiber converter is getting 48V on it's power input.
by mkx
Fri May 07, 2021 12:47 pm
Forum: RouterBOARD hardware
Topic: CRS326-24G-2S+, hybrid ports, ipv6 problem/bug
Replies: 2
Views: 571

Re: CRS326-24G-2S+, hybrid ports, ipv6 problem/bug

One possible explanation: ND and SLAAC are broadcast by router. Which means switch will push them through all active ports carrying appropriate VLAN (tagged or untagged). Which is fine. But then there are OSes with NIC drivers, which silently strip off VLAN tags (in particular Windows OS with many N...
by mkx
Fri May 07, 2021 12:37 pm
Forum: Wireless Networking
Topic: Caps-man with vlans and cAP with vlans on switch chip problem
Replies: 8
Views: 702

Re: Caps-man with vlans and cAP with vlans on switch chip problem

@mkx I set an interface in /interface bridge on the cAPs in vlan4 to have an ip assigned there for management purposes to be accessed on vlan4. For this lab, it was convenient to have an ip in vlan 4 on all equipment. There are two (very distinct) places for VLAN to be configured: /interface bridge...
by mkx
Fri May 07, 2021 11:47 am
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1500

Re: Decrease in software quality from mikrotik?

(I often see that it only sees RADAR during business hours not during weekends, so it clearly is caused by users) I guess that's caused by Rx pre-amplifier not being able to lower gain enough ... which in turn saturates actual receiver causing all sorts of distortions. Those than can translate into...
by mkx
Fri May 07, 2021 11:28 am
Forum: Beginner Basics
Topic: How to forward VLAN as a switch on routerboard? Looking to solve IPTV
Replies: 1
Views: 345

Re: How to forward VLAN as a switch on routerboard? Looking to solve IPTV

Depends on how exactly your ISP delivers services. But let's assume its like this: you get PPPoE untagged and IPTV tagged vith VLAN ID 1000. Both services are passed over same physical connection. Now you have to create something that will pass VLAN ID 1000 to port where you have IPTV clients. Ideal...
by mkx
Fri May 07, 2021 12:20 am
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1500

Re: Decrease in software quality from mikrotik?

Apparently the regulators and manufacturers don't understand that making the system unworkable will only result in users running ancient software or enable hidden workarounds to disable DFS. Apparently regulators did not understand the reason for having certain frequencies reserved for special purp...
by mkx
Fri May 07, 2021 12:14 am
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 5996

Re: Very high sector writes

What I'm saying is that I also see enormous number of sector writes, but my devices all have the separate ntp package installed. AFAIK separate ntp package provides different ntp client than system package. So if it's ntp client that causes high sector writes, it's ntp client from separate package d...
by mkx
Thu May 06, 2021 10:39 am
Forum: Wireless Networking
Topic: Caps-man with vlans and cAP with vlans on switch chip problem
Replies: 8
Views: 702

Re: Caps-man with vlans and cAP with vlans on switch chip problem

In addition to what @mducharme wrote ... get rid of any VLAN setting in /interface bridge and sub-tree. VLANs should only be configured in one place, either on bridge or on switch chip. Settings on bridge currently don't have any impact because you don't have vlan-filtering=yes set on bridge, but if...
by mkx
Thu May 06, 2021 10:16 am
Forum: Beginner Basics
Topic: Managing /29 network
Replies: 8
Views: 857

Re: Managing /29 network

Regardless the way you're going to solve the problem (sollutions by @Hominidae and by @rextended) you should take care to have firewall up&running. If you're not entirely sure that device's own firewall is OK you can use firewall on RB. But you'll have to enable use-ip-firewall=yes on relevant b...
by mkx
Wed May 05, 2021 11:02 pm
Forum: SwOS
Topic: LAGG with pfsense Setup
Replies: 5
Views: 1454

Re: LAGG with pfsense Setup

Switch between pfsense and cable modem will always see only 2 MAC addresses (1 of cable modem and very probably only 1 of pfsense - linux bonding always uses MAC address of first active bond member as bond MAC - for all bond members, I'm not sure about other implementations but they are probably the...
by mkx
Wed May 05, 2021 7:27 pm
Forum: SwOS
Topic: LAGG with pfsense Setup
Replies: 5
Views: 1454

Re: LAGG with pfsense Setup

Something in that line. There's just a gotcha with LAG in general (and MT can't be any different): all packets belonging to single connection will pass same bond member, hence single connection throughput is limited to speed of bond member (in your case 1Gbps). Same may apply to muktiple connections...
by mkx
Wed May 05, 2021 6:23 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 852

Re: NAT from inside the LAN

Some wireless clients (mobile phones specifically, others might as well) perform "mini sleeps" of wifi module to save power. During sleeps AP has to buffer frames until client wakes up and accepts packets. The same behaviour affects broadcasts as well, mikrotik by default just sends broadc...
by mkx
Tue May 04, 2021 10:54 pm
Forum: RouterOS v7 BETA
Topic: Warning: cpu not running at default frequency [SOLVED]
Replies: 4
Views: 2032

Re: Warning: cpu not running at default frequency [SOLVED]

RBM11G product page specifies default frequency to be 880MHz. If your unit is not set to this frequency, set it and the warning should go away (after a reboot).
by mkx
Tue May 04, 2021 9:26 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 852

Re: NAT from inside the LAN

So one of PCs is wireless client. I'd say you should check wireless: is there much of interference (other APs nearby), is the connection with decent signal strength, etc.
by mkx
Tue May 04, 2021 7:34 pm
Forum: Beginner Basics
Topic: Turning my router into the WAN itself. [SOLVED]
Replies: 4
Views: 712

Re: Turning my router into the WAN itself. [SOLVED]

If setup of SXT is pretty much default, then the following should work: use winbox and mac connection. Before removing ether1 from bridge add ether1 to interface list called LAN.
by mkx
Tue May 04, 2021 3:02 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1643

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

Or thoroughly apply the German solution.
by mkx
Tue May 04, 2021 2:56 pm
Forum: Wireless Networking
Topic: Vlan hopping check and mitigation !
Replies: 5
Views: 493

Re: Vlan hopping check and mitigation !

These settings improve security. E.g. if port doesn't have ingress-filtering=yes set and tagged frames are allowed on ingress, attacker could inject packets into arbitrary VLAN (also into VLANs which have nothing to do with this particular port). It's one way again (replies are not delivered), but i...
by mkx
Tue May 04, 2021 2:49 pm
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 5996

Re: Very high sector writes

If this indeed has anything to do with SNTP client, then it's NTP client from stand-alone ntp package guilty as well.
by mkx
Tue May 04, 2021 2:34 pm
Forum: Beginner Basics
Topic: Turning my router into the WAN itself. [SOLVED]
Replies: 4
Views: 712

Re: Turning my router into the WAN itself. [SOLVED]

Something similar is topic of this post. Does it help?

Just be sure to use VLAN IDs in range between 2 and 4000 (inclusive) ... stay away from VID 1 (using it is a recipe for troubles).
by mkx
Tue May 04, 2021 2:22 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 852

Re: NAT from inside the LAN

Local traffic between 192.168.64.65 and 192.168.64.64 should go directly without going via router unless there's some weird configuration on either of hosts involved. Hard to tell without seeing actual network configuration of both. Your example would indicate misconfiguration on 192.168.64.65 becau...
by mkx
Tue May 04, 2021 2:16 pm
Forum: Beginner Basics
Topic: Simple queue does not work...
Replies: 11
Views: 758

Re: Simple queue does not work...

Could be that indeed IP firewall has to be involved for queuing to work. It is not very common to have traffic shaping enabled between bridged/switched ports.
by mkx
Tue May 04, 2021 11:31 am
Forum: Beginner Basics
Topic: Combine more Vlan's traffice to one acces port
Replies: 3
Views: 448

Re: Combine more Vlan's traffice to one acces port

As I wrote: it's simple to untag multiple VLANs on a single port. E.g. if there are 3 VLANs with multicast streams with VLAN IDs 100, 200 and 300 ... and you have fourth VLAN for other IP communication of said device (e.g. management) with ID 999, then you would configure a bridge like this: /interf...
by mkx
Mon May 03, 2021 11:43 pm
Forum: General
Topic: Bandwidth test from Mikrotik to client
Replies: 1
Views: 298

Re: Bandwidth test from Mikrotik to client

There's bandwidth test , comes as standard function in ROS and windows counterpart is available for download . Beware, however, that running bandwidth test software on router is generally not a good idea. Test is pretty CPU intensive and router's CPU is often the bottleneck. Better aporoach is to ru...
by mkx
Mon May 03, 2021 10:22 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 852

Re: NAT from inside the LAN

You need hairpin NAT
by mkx
Mon May 03, 2021 6:59 pm
Forum: Beginner Basics
Topic: Simple queue does not work...
Replies: 11
Views: 758

Re: Simple queue does not work...

ether 1, 2 and 3 are bridged as WAN, ether1 connects to internet, ether 2 and 3 to two Dell PowerEdge systems. For queues to work, traffic has to be handled by ROS in software. Which means it should not be HW offloaded. Every ROS device having a switch chip (RB750G has one) can HW offload one bridg...
by mkx
Mon May 03, 2021 6:43 pm
Forum: Beginner Basics
Topic: Combine more Vlan's traffice to one acces port
Replies: 3
Views: 448

Re: Combine more Vlan's traffice to one acces port

Any of RouterOS devices can untag multiple VLANs on single ethernet port. The problem you might encounter is this: usually multicast clients have to subscribe to streams and that has to be done through correct VLAN. It is only possible to tag for single VLAN on ingress, hence multicast client will o...
by mkx
Mon May 03, 2021 4:03 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 947

Re: IPv6 ICMP ok but no TCP traffic

/ipv6 dhcp-client add add-default-route=yes comment="Rostelecom IPv6 DHCP" interface=pppoe-out1 pool-name=rtelecomv6 pool-prefix-length=56 request=prefix use-peer-dns=no Don't set pool prefix length. It's not about prefix length you're getting from ISP (they give you whatever they decide ...
by mkx
Mon May 03, 2021 3:54 pm
Forum: Beginner Basics
Topic: How to isolate both subnets on a cascade router setup?
Replies: 2
Views: 340

Re: How to isolate both subnets on a cascade router setup?

Either construct a "routing" subnet for connection between both routers (if physical connection is a problem, simply using another IP subnet would mostly do). Or disable NAT on Linksys and let MT do it for subnet B as well. You'll have to add static route on router A towards subnet B using...
by mkx
Mon May 03, 2021 3:46 pm
Forum: Beginner Basics
Topic: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?
Replies: 5
Views: 558

Re: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?

The 25 simple queues is more representative of home setup throughput ...

How so? I'd expect most home users to have zero queues defined and at least default firewall filter rules (around 10 IIRC).
by mkx
Mon May 03, 2021 3:43 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules
Replies: 4
Views: 655

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

The big problem about what OP requested is that CAPsMAN only provisions wireless interface of a cAP. When dynamic VID appears on bridge it's not because capsman would provision bridge, it's because this is how bridge reacts to addition of a new bridge port with PVID set. The only solution would be t...
by mkx
Mon May 03, 2021 3:31 pm
Forum: Wireless Networking
Topic: Vlan hopping check and mitigation !
Replies: 5
Views: 493

Re: Vlan hopping check and mitigation !

Can't say anything about TP link gear. MT (most probably) can't be exploted this way, at least if bridge vlan-filtering is used (some HW offloaded VLAN setup might be vulnerable but it very much depends on how switch chip operates - I'm not going to study that now) ... if set up properly. The thing ...
by mkx
Mon May 03, 2021 8:22 am
Forum: Beginner Basics
Topic: Purpose of VLAN Mode on wireless interfaces [SOLVED]
Replies: 2
Views: 471

Re: Purpose of VLAN Mode on wireless interfaces [SOLVED]

Before ROS 6.42 (or something) bridge did not have VLAN related functionality, hence VLAN functions had to be performed by member ports (in this case wlan interface). Using vlan interfaces doesn't help in this case, using multiple bridges does (but that's awkward). Capsman still uses wlan vlan-funct...
by mkx
Sat May 01, 2021 9:05 pm
Forum: Wireless Networking
Topic: Capsman - Not getting IP on slave-interface [SOLVED]
Replies: 7
Views: 2139

Re: Capsman - Not getting IP on slave-interface [SOLVED]

OP did it using single bridge: /caps-man datapath add bridge=bridge local-forwarding=yes name=datapathVlan20 vlan-id=20 vlan-mode=use-tag add bridge=bridge local-forwarding=yes name=datapathVlan30 vlan-id=30 vlan-mode=use-tag Both data paths are using same bridge (named bridge). They are using diffe...
by mkx
Sat May 01, 2021 8:55 pm
Forum: General
Topic: DHCP-client script can't send (external) email because there is no internet connection
Replies: 2
Views: 427

Re: DHCP-client script can't send (external) email because there is no internet connection

Why don't you insert a delay (e.g. of 30 seconds) at the beginning of your script?
by mkx
Sat May 01, 2021 8:51 pm
Forum: Beginner Basics
Topic: Erratic device behaviour on WLAN
Replies: 3
Views: 557

Re: Erratic device behaviour on WLAN

There are a few settings which might affect the way wireless clients behave. I suggest you to re-post about the problem in forum section about wireless. There are a few users very knowledgeable about wireless woes but they might not follow topics in this part of forum.
by mkx
Sat May 01, 2021 1:15 pm
Forum: Wireless Networking
Topic: Capsman - Not getting IP on slave-interface [SOLVED]
Replies: 7
Views: 2139

Re: Capsman - Not getting IP on slave-interface [SOLVED]

It can't be done without bridges. wlan interface (even when provisioned by capsman) is interface, physical ethernet interface is interface (and vlan interface is interface as well) and only way to connect two (or more) interfaces is using a bridge.
by mkx
Sat May 01, 2021 12:32 pm
Forum: Beginner Basics
Topic: Erratic device behaviour on WLAN
Replies: 3
Views: 557

Re: Erratic device behaviour on WLAN

Anything about erratic device in logs? Copy-paste output of command /log print (run it in terminal window) to a text editor and search through logs for device's MAC address and/or IP address.
by mkx
Sat May 01, 2021 12:20 pm
Forum: Beginner Basics
Topic: What is purpose of VLAN's Parent Interface? [SOLVED]
Replies: 3
Views: 707

Re: What is purpose of VLAN's Parent Interface? [SOLVED]

(small hint for you mkx, bookmark good posts!) I'll let you find those via google multiple times so that google bookmarks them for me. It took a few weeks for google to bookmark thread about bridge vkan filtering by @pcunite, now it's on top of result list when I'm searching for "pcunite vlan ...
by mkx
Sat May 01, 2021 12:31 am
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1643

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

I don't think nv2 being invisible to 802.11 devices has anything to do with CSMA/CA. I'm not an expert in nv2 but I guess beacons used in nv2 are incompatible with 802.11 beacons and 802.11 stations don't recognise nv2 AP.
by mkx
Sat May 01, 2021 12:18 am
Forum: Beginner Basics
Topic: What is purpose of VLAN's Parent Interface? [SOLVED]
Replies: 3
Views: 707

Re: What is purpose of VLAN's Parent Interface? [SOLVED]

vlan interface (created under /interface vlan ) is kind of a pipe with two ends. One end is anchored to underlying interface , accepts tagged frames (the ones tagged with aporopriate VID that is) and transmits tagged frames. The other end can be used as untagged interface (e.g. set IP address to it)...
by mkx
Fri Apr 30, 2021 1:36 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1643

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

I think you should do some spectrum analysis during hours with reduced throughput. The problem with nv2 is that standard 802.11 devices don't detect it other than some noise and can thus cause some considerable interference to each other ... which gets worse when both nerworks (your nv2 and other 80...
by mkx
Thu Apr 29, 2021 8:28 pm
Forum: Beginner Basics
Topic: Internet low speed
Replies: 15
Views: 822

Re: Internet low speed

Sorry, your config is OK, but i do not understand why you cap to 100M... Maybe the new device will help? What is an actually model? As test results indicate, your device caps at around 150Mbps (give or take) routed throughput in real life scenarios. Wireless can consume quite a lot of CPU when util...
by mkx
Thu Apr 29, 2021 9:56 am
Forum: General
Topic: Installing RouterOS on Protectli Vault 6-Port Hardware
Replies: 2
Views: 441

Re: Installing RouterOS on Protectli Vault 6-Port Hardware

x86 (and x86-64) breed of ROS v6 is pretty outdated when it comes to available drivers and can thus be very picky about hardware it successfully runs on. So it seems that most often professionals use CHR breed. This does cause some performance loss, but that can be offset by selection of faster hard...
by mkx
Wed Apr 28, 2021 11:11 pm
Forum: Wireless Networking
Topic: VLAN with 2 Wifi networks on the same AP.
Replies: 3
Views: 531

Re: VLAN with 2 Wifi networks on the same AP.

Basic decission to make is about local forwarding VS capsman forwarding. If you're going with capsman forwarding, then you only have to set up VLANs for discovery interface. All the traffic will flow through this VLAN encapsulated in a sort of a tunnel regardless the VIDs associated with SSIDs. If y...
by mkx
Wed Apr 28, 2021 8:58 pm
Forum: General
Topic: Fasttrack Question Decision
Replies: 2
Views: 330

Re: Fasttrack Question Decision

Mangle rules don't work with fast-track.
It is possible to use both mangling and fast-tracking, but one has to exclude from fast-track everything that has to be mangled.
by mkx
Wed Apr 28, 2021 4:57 pm
Forum: Wireless Networking
Topic: RB951G-2HND DDOS
Replies: 3
Views: 679

Re: RB951G-2HND DDOS

Hi, not sure if this topic belongs to wireless networking but anyway... Another possibility is to mess with wireless. Either hack it to gain access to LAN or create enough interference for clients (door lock, CCTV) to drop off wireless network. Either is hard to defend against determined attacker (...
by mkx
Wed Apr 28, 2021 4:48 pm
Forum: Beginner Basics
Topic: What is the issue with DUDE and SNMP?
Replies: 7
Views: 507

Re: What is the issue with DUDE and SNMP?

A few days ago, I first upgraded my RouterOS to version 6.48.2 on my hap ac2, I then downloaded DUDE client 6.48.2 too. I had already DUDE server installed on my Mikrotik before I upgraded RouterOS. Was Dude server also upgraded with the system automatically? How can I check that? In principle all ...
by mkx
Wed Apr 28, 2021 4:42 pm
Forum: Beginner Basics
Topic: Two segmented networks access to one shared network [SOLVED]
Replies: 11
Views: 907

Re: Two segmented networks access to one shared network [SOLVED]

Beyond my scope of knowlege.

Undoubtedly.
by mkx
Wed Apr 28, 2021 4:41 pm
Forum: General
Topic: Block an IP address from the Internet
Replies: 5
Views: 437

Re: Block an IP address from the Internet

I can see using Torch the packets coming in.. However, the mail server is still being hit. Chain=input is for traffic which terminates in router itself (source doesn't matter, can be either internet or LAN). Chain=forward is for traffic which passes router in any direction (e.g. source on intetnet,...
by mkx
Tue Apr 27, 2021 4:59 pm
Forum: General
Topic: IPIP tunnel only works with fasttrack enabled
Replies: 2
Views: 349

Re: IPIP tunnel only works with fasttrack enabled

Impossible to tell without seeing actual config. My guess: firewall rules. For fast-tracked traffic one needs two matching firewall rules such as these two: add action=fast-track connection-state=established,related <other selection criteria> add action=accept connection-state=established,related,un...
by mkx
Tue Apr 27, 2021 4:46 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1643

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

Lost-packets is showing that radio link is not good.

There are quite a few decent articles on internet about non line-of-sight radio links (e.g. this one) describing how tree tops affect radio propagation.
by mkx
Tue Apr 27, 2021 1:17 pm
Forum: General
Topic: Hotspot arp scan not working !
Replies: 6
Views: 489

Re: Hotspot arp scan not working !

Trash forum.
Indeed. Now go away.
by mkx
Tue Apr 27, 2021 11:05 am
Forum: General
Topic: Bridge Filter Vlans Not Working
Replies: 7
Views: 635

Re: Bridge Filter Vlans Not Working

Don't set use-service-tag=yes ... this setting is not about enabling VLAN tags, it's about using different type of tags (type 802.1ad instead of usual 802.1q).
by mkx
Mon Apr 26, 2021 6:20 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1356

Re: MAC VLAN on CRS354-48G

Block diagram of CRS354-48G indicates that this unit has a single switch chip ... https://i.mt.lv/cdn/product_files/CRS354-48G-4Splus2Qplus_200122.png There are other (mostly mid-priced) MT devices which have two (or more) switch chips and with those several limits apply. So when studying some tutor...
by mkx
Mon Apr 26, 2021 6:17 pm
Forum: General
Topic: Dual WAN, dual subnet, multiple VLANs
Replies: 13
Views: 879

Re: Dual WAN, dual subnet, multiple VLANs

It's hard to tell without seeing actual configuration at least of the main router. One thing does ring the bell: vlan1_sxt implies use of VLAN ID 1. Use of VLAN ID 1 is a bad choice. This VID is used as default value all around and if you're not extra carefull, it can mess with config. So it's bette...
by mkx
Mon Apr 26, 2021 6:07 pm
Forum: Beginner Basics
Topic: Ingress port, Egress port
Replies: 2
Views: 351

Re: Ingress port, Egress port

Im wondering how to dedicate one port as INGRESS traffic and another port for EGRESS traffic. Unless you're trying to do something really fancy ... I don't see how separating ports acording to traffic direction for traffic between two link peers could help. You are aware of the fact that 1000BaseT ...
by mkx
Sun Apr 25, 2021 5:44 pm
Forum: General
Topic: PWR-LINE PRO
Replies: 24
Views: 3657

Re: PWR-LINE PRO

If you have rented a jack hammer, you are my hero!!

If I owned a jack hammer, what would that make me?
by mkx
Sun Apr 25, 2021 4:40 pm
Forum: General
Topic: Fast Path - Questions
Replies: 1
Views: 268

Re: Fast Path - Questions

Fast-track depends on fast-path being enabled. Manual says nothing about fast-path being active.

OTOH I don't think fast-path provides much of a boost. HW offload clearly does and fast-track does as well. So I wouldn't bother about fast-path too much.
by mkx
Sun Apr 25, 2021 4:21 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1356

Re: MAC VLAN on CRS354-48G

The linked document describes just every switching aspect of CRS3xx, there are many sections (port-based VLANs included, trunk port is one of possible port-based VLAN modes). Sure, you need to confugure trunk towards your router. But I was thinking specifically about this part: /interface ethernet s...
by mkx
Sun Apr 25, 2021 1:35 pm
Forum: General
Topic: Static WAN IP not working - mask issue?
Replies: 11
Views: 612

Re: Static WAN IP not working - mask issue?

It could be that ISP implemented some filtering mechanism and it blocks your router if it doesn't obtain IP address via DHCP. Usually ypu can't just set IP address and assume it'll be static. As your ISP about static IP addresses. Some will set static DHCP lease (in that case take care about MAC adr...
by mkx
Sun Apr 25, 2021 11:45 am
Forum: General
Topic: CHR only recognizing 1Gb of ram - 4 assigned
Replies: 2
Views: 354

Re: CHR only recognizing 1Gb of ram - 4 assigned

32-bit ROS v6 for most architectures supports only 1GB RAM. Notable exceptions are AFAIK TILE and CHR (only when when run as x64). So verify how exactly your CHR is set up, could be that it's running in x86 mode.
by mkx
Sat Apr 24, 2021 8:15 pm
Forum: Beginner Basics
Topic: What does the firewall built in counter count?
Replies: 6
Views: 688

Re: What does the firewall built in counter count?

It's worth to mention that the rule is added automatically and hence its full properties are not known, tbere might be some bits not shown in its property list. As stated in comment it's dummy and might be just a hook into fasttrack driver, not a real firewall filter. Thus it's probably impossible t...
by mkx
Sat Apr 24, 2021 5:18 pm
Forum: General
Topic: Running out of disk space
Replies: 5
Views: 622

Re: Running out of disk space

Flash disks hold actual ROS and ROS nowdays consumes anything between 10 and 15+ MB depending on number of packages installed and amount of permanent configuration (address lists, firewall rules, etc.). The rest of flash space is accessible under file->flash So what you see is pretty normal, even th...
by mkx
Sat Apr 24, 2021 4:34 pm
Forum: Beginner Basics
Topic: Connecting a Mikrotik router to a non cooperative ADSL router
Replies: 2
Views: 370

Re: Connecting a Mikrotik router to a non cooperative ADSL router

You can use C as default gateway for LAN of B (no need to run DHCP server on C if you can configure DHCP server on B with C's IP address as gateway address). Or you can skip the C and configure A as default gateway for LAN B, but you'll have to play with policy based routing (so that B will be used ...
by mkx
Sat Apr 24, 2021 4:15 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1356

Re: MAC VLAN on CRS354-48G

Did you read this part of CRS3xx switch manual? I think that as a CRS3xx owner you should read it and understand every bit (OK, byte) of the whole document.
by mkx
Fri Apr 23, 2021 11:05 pm
Forum: General
Topic: Bridge/vlan configuration advice
Replies: 3
Views: 345

Re: Bridge/vlan configuration advice

On CCR it will be done by CPU either way so performance wise both ways are pretty much the same. But you should proceed and configure CCR the same way as CRS - single bridge with VLANs. This way configuration will be similar on both your devices (only that CRS actually HW offloads everything).
by mkx
Fri Apr 23, 2021 10:54 pm
Forum: Beginner Basics
Topic: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?
Replies: 4
Views: 517

Re: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?

Just kidding, just curious as to what functionality switch stacking gives you?? Single control plane. Legacy stackable switches also provided proprietary high-speed interconnect interfaces (e.g. 40Gbps interface on Gbps switches in times when standard 10Gbps interfaces either did not exist or were ...
by mkx
Fri Apr 23, 2021 10:39 pm
Forum: Beginner Basics
Topic: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?
Replies: 4
Views: 517

Re: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?

No, none of Mikrotik switches support stacking. The closest is bridge extender, but that feature is much worse from performance and availability point of view.
by mkx
Wed Apr 21, 2021 11:15 pm
Forum: SwOS
Topic: SwOS detecting wrong mac address of NIC
Replies: 2
Views: 727

Re: SwOS detecting wrong mac address of NIC

I'd check to see what other hosts in same subnet see. Configure IP address on the offending NIC, then ping it from another linux machine in same subnet. When you get ping replies, check ARP address recorded (grep IP address in /proc/net/arp ). If other machines see same as switch, then NIC is playin...
by mkx
Wed Apr 21, 2021 10:55 pm
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 863

Re: Connectivity [SOLVED]

If you're going to use wireless to connect hAP ac2 to ISP router, then decide which band you're going to use for that ... if you have a choice at all (depends what wireless is supported on ISP router). But since there's some distance between both devices (10m if I see correctly) it'd be better to us...
by mkx
Wed Apr 21, 2021 10:28 pm
Forum: General
Topic: IPIP vs GRE [SOLVED]
Replies: 7
Views: 710

Re: IPIP vs GRE [SOLVED]

I guarantee this was not the case a couple of versions ago...
I'll take your word on it ;-)
by mkx
Wed Apr 21, 2021 7:22 pm
Forum: General
Topic: SFP RB4011
Replies: 25
Views: 5723

Re: SFP RB4011

Most Mikrotik devices are picky about SFP modules, GPON modules in particular are worse (and none GPON SFP modules are oficially supported anyway). RB4011 seems to be even more picky than the rest.
by mkx
Tue Apr 20, 2021 11:19 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1888

Re: Port forwarding not working from Public IP ranges [SOLVED]

It seems that sometimes there's some configuration burried somewhere and not shown in UI. Not shown on configuration export as well ? How is that actually possible ? I've never experienced such case myself and I've no idea how configuration shown in UI (any of them) correlates to actual configurati...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20