Community discussions

MikroTik App

Search found 5866 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by mkx
Fri May 14, 2021 11:11 am
Forum: General
Topic: Bonding Technology
Replies: 3
Views: 298

Re: Bonding Technology

This is user forum, not support portal. So sometimes it takes some time (even few days) until some user with knowledge and experience about particular problem stumbles upon a post.
by mkx
Thu May 13, 2021 3:09 pm
Forum: Beginner Basics
Topic: Routing between two networks [SOLVED]
Replies: 3
Views: 189

Re: Routing between two networks [SOLVED]

Add LAN2 IP address to ether5. And add src-nat rule for traffic exiting via ether5: /ip firewall nat add chain=srcnat action=src-nat to-addresses=<LAN2 IP address of MT device> out-interface=ether5 This way hikvision gear will see all connection as if coming from router (with LAN2 address inside the...
by mkx
Thu May 13, 2021 2:54 pm
Forum: Beginner Basics
Topic: Making use of /31 public IP addresses assigned via PPPoE [SOLVED]
Replies: 1
Views: 149

Re: Making use of /31 public IP addresses assigned via PPPoE [SOLVED]

The big problem is on the other machine. Let's say you get (public) IP addresses 10.20.30.40 and 10.20.30.41 and you use 10.20.30.40 for router's own WAN address (bound to pppoe-out1 interface). If you configure another box with 10.20.30.41/32 ... you need to tell it which IP address has its upstrea...
by mkx
Thu May 13, 2021 2:39 pm
Forum: Beginner Basics
Topic: Firewall drop everything rule vs rules for not nat and internet
Replies: 2
Views: 136

Re: Firewall drop everything rule vs rules for not nat and internet

@lnulzer: what you have is inherently more safe. The code in first block (as you write it's from some MT documentation) uses multiple drop rules and when using such rules it's only too easy to forget to drop something and omission to drop something is very hard to notice ... until after it's too lat...
by mkx
Thu May 13, 2021 2:30 pm
Forum: Beginner Basics
Topic: Two SIMS in one modem.
Replies: 5
Views: 417

Re: Two SIMS in one modem.

As @CZFan already wrote: only one SIM card can be in use by LTE modem at a time. Purpose of having two (or more) SIM cards is to change active SIM card by simple configuration change. If one wants to double the bandwidth, another modem is needed. Then some advanced configuration to enable load-shari...
by mkx
Thu May 13, 2021 2:25 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 30
Views: 1608

Re: v7 launch date

Shift from an heavy customized kernel 3.3.5 to a new heavy customized kernel 5.6.3 Hopefully less heavy customized kernel. As the rumours go, wireless drivers in v6 were all in-house development. Seems like MT is going to use stock (wireless chip vendors') drivers at least for wave2-capable wireles...
by mkx
Thu May 13, 2021 8:44 am
Forum: Beginner Basics
Topic: vlan'ing home lab network [SOLVED]
Replies: 4
Views: 222

Re: vlan'ing home lab network [SOLVED]

Don't set PVID on bridge: /interface bridge add fast-forward=no name=vlan-bridge pvid=30 vlan-filtering=yes You're using said bridge as tagged further down the config and PVID seting messes that. BTW, you don't use vlan-bridge as interface (other than underlying interface for VLAN interfaces) and he...
by mkx
Thu May 13, 2021 8:39 am
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 870

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

I think we're rather having fun with our favourite on-line translating tools.
by mkx
Thu May 13, 2021 8:32 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 30
Views: 1608

Re: v7 launch date

There are two things that are not great with ROSv7: stability and functionality which is already available in v6. This is the important one and should definitely be worked on first to roll out v7 (sort of a stable release). It will form a good base for further development which was increasingly trou...
by mkx
Tue May 11, 2021 11:36 pm
Forum: Beginner Basics
Topic: Forward SSH from static IP to internal network [SOLVED]
Replies: 10
Views: 415

Re: Forward SSH from static IP to internal network [SOLVED]

@vds, I'd like to draw your attention to what @anav already asked: are you actually trying to connect from WAN side of your router? Because your current config won't do for connecting to public address from LAN side of your router.
by mkx
Tue May 11, 2021 11:31 pm
Forum: General
Topic: Understanding firmware version vs router OS version
Replies: 5
Views: 259

Re: Understanding firmware version vs router OS version

Mostly yes. Except: firmware comes with ROS and bears same version number (firmware seldomly changes, hence different version numbers don't necessarily mean different firmware). After you upgrade (or downgrade) ROS, you'll see "Upgrade Firmware" different from "Current Firmware" ...
by mkx
Tue May 11, 2021 9:56 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 870

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

You meant to write "Normis ir ģēnijs"?
by mkx
Tue May 11, 2021 6:46 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 870

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

No kidding, one can actually click on icon? Who ever came up with that great idea must be a genious ;-)
by mkx
Tue May 11, 2021 5:17 pm
Forum: Beginner Basics
Topic: Too many address in /ip dns static
Replies: 3
Views: 173

Re: Too many address in /ip dns static

Default configuration has none static DNS entries. So you'll have to find out how these landed on your mikrotik to decide whether it's OK to delete them or not.
by mkx
Tue May 11, 2021 5:09 pm
Forum: RouterBOARD hardware
Topic: PWR-LINE PRO Speed
Replies: 1
Views: 151

Re: PWR-LINE PRO Speed

Pwr-line devices are much like wifi: they have theoretical maximum speed which is almost never achievable. Actual speed depends very much on actual electrical wiring, fuse type and placement, star alignment, etc. My (limited) experience says your actual result (60 Mbps) is not that bad.
by mkx
Tue May 11, 2021 4:55 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 870

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

@mkx can you send me an email please.
where to? ;-)
by mkx
Tue May 11, 2021 4:52 pm
Forum: Beginner Basics
Topic: How to disable firewall completely
Replies: 11
Views: 492

Re: How to disable firewall completely

No just one. I am trying to split my single IP, home internet connection into two segments immediately after the modem. In case you only have single WAN IP address, your device will have to perform NAT and port forwarding for both segments. In ROS NAT is actually function of firewall so you won't g...
by mkx
Mon May 10, 2021 11:17 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 870

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

What would be the SOHO line of routers in your opinion?

All devices apart from: CHR, CRS line, CCR line, RB1100 line and possibly RB3011 (not sure about this one).

I'm not talking about SwOS devices here.
by mkx
Mon May 10, 2021 11:13 pm
Forum: Beginner Basics
Topic: Differences between RB with multiple switch chips [SOLVED]
Replies: 3
Views: 166

Re: Differences between RB with multiple switch chips [SOLVED]

Switch chip vlan filtering is obviously limited to single chip. Inter-chip communication passes CPU where one can use bridge (in it's non-vlan configuration) to merge multiple ports. However, making configuration on both switch chips consistent is router admin's responsibility, ROS doesn't enforce i...
by mkx
Mon May 10, 2021 7:50 pm
Forum: Wireless Networking
Topic: Caps-man with vlans and cAP with vlans on switch chip problem
Replies: 8
Views: 438

Re: Caps-man with vlans and cAP with vlans on switch chip problem

Which interface did you remove, the mgmt_int_vlan4? Not sure what's your current config, but that interface should probably stay there. In case when you configure VLAN stuff on switch chip you should not enable vlan filtering on brudge and hence you can not set up management IP address directly on b...
by mkx
Mon May 10, 2021 7:39 pm
Forum: General
Topic: MAC based vlan and guests
Replies: 4
Views: 171

Re: MAC based vlan and guests

Assuming clients are using untagged frames (or else MAC-based VLANs would not work anyway), they can bi-directionally directly communicate only inside single VLAN ... switch has to tag frames on ingress and mostly doesn't perform any frame analysis apart from frame headers. Which means it doesn't ha...
by mkx
Mon May 10, 2021 7:23 pm
Forum: Beginner Basics
Topic: Buying - RB1100AHx4 Dude Edition - Questions about Firewall
Replies: 22
Views: 870

Re: Buying - RB1100AHx4 Dude Edition - Questions about Firewall

Best thing is to accept the default firewalls as they work out of the box quite safely. SOHO-line of Mikrotik routers comes with very decent default firewall rule set. RB1100AHx4, however, is not from that line and comes with pretty plain defaults, hence it's wise to get some decent starting settti...
by mkx
Mon May 10, 2021 7:13 pm
Forum: Beginner Basics
Topic: How to disable firewall completely
Replies: 11
Views: 492

Re: How to disable firewall completely

I just bought the MikroTIK HEX S and would like to split my internet connection into 2 segments with NO FIREWALL on either since I have a firewall on
my trusted LAN that I want to use instead.

So essentially you need an ethernet switch.
by mkx
Mon May 10, 2021 4:34 pm
Forum: Beginner Basics
Topic: Routing between Bridges (?)
Replies: 2
Views: 169

Re: Routing between Bridges (?)

Either using single bridge as per suggestion by @anav or using two bridges, the issue is the same. What you have to keep in mind is the following: bridge and VLAN are L2 entities. Subnets belonging to different L2 entities can not communicate without aide of L3 entity, which is router. Router is cha...
by mkx
Sun May 09, 2021 5:51 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 40043

Re: v7.1beta5 [development] is released!

Are you an immigrant?

No, not AFAIK. But in the troll mode (again after some quiet time LOL).
by mkx
Sun May 09, 2021 3:31 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 40043

Re: v7.1beta5 [development] is released!

@anav, I'm still waiting for you to buy a couple of EAP6xxs and throw your existing EAP245s ... just throw them in azimuth around 58° real hard. Aim for my hand.
by mkx
Sun May 09, 2021 12:36 pm
Forum: General
Topic: Bonding Technology
Replies: 3
Views: 298

Re: Bonding Technology

See my answer in your other thread. No need to create multiple threads with essentially same question.
by mkx
Sun May 09, 2021 12:32 pm
Forum: RouterBOARD hardware
Topic: LtAP LTE6
Replies: 3
Views: 290

Re: LtAP LTE6

In short: no. Bonding means two or more physical links are configured to form single logical link, but that has to be done on both ends. Usually ISPs don't offer bonding ... If using two physical links without possibility to configure them into bond it is possible to configure load sharing, but conf...
by mkx
Sat May 08, 2021 5:29 pm
Forum: General
Topic: rb4011 vlan filtering and dhcp issues [SOLVED]
Replies: 8
Views: 520

Re: rb4011 vlan filtering and dhcp issues [SOLVED]

However why are your WAN connections on Vlans? THe only reason to do that is if the ISP provider sends the data to you on a VLAN. No, it's not the only reason. One can connect ISP's border device (router, media converter, ...) to access port of some switch and use VLAN to carry it to router. No nee...
by mkx
Sat May 08, 2021 5:25 pm
Forum: General
Topic: Mesh for 2g and 5g Wifi on same LAN with 3 hAP ac3 [SOLVED]
Replies: 3
Views: 303

Re: Mesh for 2g and 5g Wifi on same LAN with 3 hAP ac3 [SOLVED]

For clients I tested this, two AP's same frequency, same ssid and client connects to one that has stronger signal, but I didn't think it could be simple like that just to bridge it. For roaming, adjacent APs don't need to be on the same frequency. When wireless client decides to change AP, it'll sc...
by mkx
Sat May 08, 2021 2:01 pm
Forum: General
Topic: Mesh for 2g and 5g Wifi on same LAN with 3 hAP ac3 [SOLVED]
Replies: 3
Views: 303

Re: Mesh for 2g and 5g Wifi on same LAN with 3 hAP ac3 [SOLVED]

Your setup is not mesh, mesh is when APs use same radio for both offering service to clients and for backhauling (connecting towards upstream). In your case it's simple: configure all APs with identical wireless security profiles and same SSIDs. And configure them to simply bridge wireless with wire...
by mkx
Sat May 08, 2021 1:57 pm
Forum: General
Topic: WeBfig as default page in the management page [SOLVED]
Replies: 3
Views: 284

Re: WeBfig as default page in the management page [SOLVED]

It does for me ... I don't think I had to do anything about that so I don't know what made devices to stick with webfig.
by mkx
Sat May 08, 2021 1:50 pm
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 5477

Re: Very high sector writes

My hAP ac2 collected 5.5M sector writes so far, bad blocks is still at 0.0%. This device is my main home router. My RB951G collected 96k sector writes in 12 weeks, 16.3M in total, bad blocks are at 0.5% since long time ago (pretty sure predates the massive sector write feature). This device is used ...
by mkx
Sat May 08, 2021 1:22 pm
Forum: Beginner Basics
Topic: do you let 1U between routers and switches? [SOLVED]
Replies: 5
Views: 522

Re: do you let 1U between routers and switches? [SOLVED]

With passive cooled devices the main problem with setup in your photograph is adjacent placement of S-RJ modules. Specially the 10Gbps modules (1G modules as well but to slightly lesser extent) produce quite a lot of heat and passively cooled devices can not deal with it efficiently. MT published re...
by mkx
Sat May 08, 2021 12:04 pm
Forum: Beginner Basics
Topic: Product advice for a SOHO
Replies: 19
Views: 786

Re: Product advice for a SOHO

Not really sure about what benefits comes with the extra M.2 storage and how it helps The Dude, The Dude needs some storage to deal with statistical data from controlled/monitored devices. While every ROS device comes with some permanent storage that storage comes with one or two problems: As with ...
by mkx
Sat May 08, 2021 10:33 am
Forum: General
Topic: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]
Replies: 6
Views: 340

Re: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]

When you configure a wireless interface with a VLAN ID in the wireless settings, the tag is added by the wireless interface itself. In other words, by setting vlan-id in a wireless interface settings, you are making that wireless interface a trunk port instead of an access port. So if this is on yo...
by mkx
Sat May 08, 2021 10:24 am
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 5477

Re: Very high sector writes

My hAP ac2 recorded 1.5M sector writes since boot ... which was 90 days ago, so it's averaging more than 15k sector writes per day.
by mkx
Sat May 08, 2021 10:14 am
Forum: Beginner Basics
Topic: Read Everything, Followed Guides - Still Does Not Work (IPTV + IGMP Proxy + Firewall)
Replies: 4
Views: 347

Re: Read Everything, Followed Guides - Still Does Not Work (IPTV + IGMP Proxy + Firewall)

While config by @vuli works, it's not the recomended way of doing it ... one should be using single bridge with properly configured VLANs.

Never the less, either mention your ISP so that some fellow victim of same ISP shares working setup or explain your use case more in depth.
by mkx
Sat May 08, 2021 10:10 am
Forum: Beginner Basics
Topic: do you let 1U between routers and switches? [SOLVED]
Replies: 5
Views: 522

Re: do you let 1U between routers and switches? [SOLVED]

You need 1U cable organizer for every switch/rourer .. which solves your problem as well.
by mkx
Fri May 07, 2021 10:30 pm
Forum: Beginner Basics
Topic: IPv6 behind CRS326 [SOLVED]
Replies: 2
Views: 288

Re: IPv6 behind CRS326 [SOLVED]

IGMP snooping and IPv6 don't go well together on Mikrotik ...
by mkx
Fri May 07, 2021 6:20 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1277

Re: Decrease in software quality from mikrotik?

WiFi OTOH is technical problem and technically it would be failry easy to use 6GHz band instead of 5.5GHz. Unfortunately 6GHz is assigned to licensed fixed point-to-point networks here (in Europe). Exactly ... so when regulators are in doubt from whom to take, decision is easy: from the one who pay...
by mkx
Fri May 07, 2021 6:13 pm
Forum: General
Topic: rb4011 vlan filtering and dhcp issues [SOLVED]
Replies: 8
Views: 520

Re: rb4011 vlan filtering and dhcp issues [SOLVED]

VLANs on bridge are not exactly trivial and tutorial, linked by @erlinden, is truly a great resource. Read it, understand it, and you'll get it done. If not, post exact configuration (less vlan-filtering) and we'll check where's the problem.
by mkx
Fri May 07, 2021 3:17 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1277

Re: Decrease in software quality from mikrotik?

As you wrote, the damage has already been done and the only thing remaining is damage control. Weather radars have been using their frequencies for decades and constraint is physics (reflection off water droplets) so it can't be changed (unlike air traffic radars). WiFi OTOH is technical problem and...
by mkx
Fri May 07, 2021 2:07 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1277

Re: Decrease in software quality from mikrotik?

As many of you could guess, the influence is not one-way (radars affecting wifi APs), stray wifi APs affect weather radar measurements as well. A weather radar image, showing the scale of the problem: https://www.mkx.si/radar-wifi.png Image shows measurements of otherwise "benign" atmosphe...
by mkx
Fri May 07, 2021 1:35 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1277

Re: Decrease in software quality from mikrotik?

Another issue is that we receive RADAR all over the band at an access point placed at 220m height in a radio transmitter tower, located about 20km from a weather radar. It does not matter what channel is used, DFS detects radar everywhere. Likely a case of saturation of the receiver as well. Weathe...
by mkx
Fri May 07, 2021 1:23 pm
Forum: SwOS
Topic: LAGG with pfsense Setup
Replies: 5
Views: 864

Re: LAGG with pfsense Setup

Well, the setup you outlined in your original post will work ... but as I described, certain connections will be capped at 1Gbps. If there are many connections, their cumulative throughput will likely hit the cap your ISP is (or will be) provisioning to you.
by mkx
Fri May 07, 2021 1:19 pm
Forum: RouterBOARD hardware
Topic: hAP AC PoE-Out Limits?
Replies: 3
Views: 256

Re: hAP AC PoE-Out Limits?

What kind of PoE splitter is it? All MT devices will output same voltage as they are powered with ... which is, as per your diagram, 48V. If PoE splitter is not active device (e.g. reducing voltage to 12V), fiber converter is getting 48V on it's power input.
by mkx
Fri May 07, 2021 12:47 pm
Forum: RouterBOARD hardware
Topic: CRS326-24G-2S+, hybrid ports, ipv6 problem/bug
Replies: 2
Views: 295

Re: CRS326-24G-2S+, hybrid ports, ipv6 problem/bug

One possible explanation: ND and SLAAC are broadcast by router. Which means switch will push them through all active ports carrying appropriate VLAN (tagged or untagged). Which is fine. But then there are OSes with NIC drivers, which silently strip off VLAN tags (in particular Windows OS with many N...
by mkx
Fri May 07, 2021 12:37 pm
Forum: Wireless Networking
Topic: Caps-man with vlans and cAP with vlans on switch chip problem
Replies: 8
Views: 438

Re: Caps-man with vlans and cAP with vlans on switch chip problem

@mkx I set an interface in /interface bridge on the cAPs in vlan4 to have an ip assigned there for management purposes to be accessed on vlan4. For this lab, it was convenient to have an ip in vlan 4 on all equipment. There are two (very distinct) places for VLAN to be configured: /interface bridge...
by mkx
Fri May 07, 2021 11:47 am
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1277

Re: Decrease in software quality from mikrotik?

(I often see that it only sees RADAR during business hours not during weekends, so it clearly is caused by users) I guess that's caused by Rx pre-amplifier not being able to lower gain enough ... which in turn saturates actual receiver causing all sorts of distortions. Those than can translate into...
by mkx
Fri May 07, 2021 11:28 am
Forum: Beginner Basics
Topic: How to forward VLAN as a switch on routerboard? Looking to solve IPTV
Replies: 1
Views: 175

Re: How to forward VLAN as a switch on routerboard? Looking to solve IPTV

Depends on how exactly your ISP delivers services. But let's assume its like this: you get PPPoE untagged and IPTV tagged vith VLAN ID 1000. Both services are passed over same physical connection. Now you have to create something that will pass VLAN ID 1000 to port where you have IPTV clients. Ideal...
by mkx
Fri May 07, 2021 12:20 am
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1277

Re: Decrease in software quality from mikrotik?

Apparently the regulators and manufacturers don't understand that making the system unworkable will only result in users running ancient software or enable hidden workarounds to disable DFS. Apparently regulators did not understand the reason for having certain frequencies reserved for special purp...
by mkx
Fri May 07, 2021 12:14 am
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 5477

Re: Very high sector writes

What I'm saying is that I also see enormous number of sector writes, but my devices all have the separate ntp package installed. AFAIK separate ntp package provides different ntp client than system package. So if it's ntp client that causes high sector writes, it's ntp client from separate package d...
by mkx
Thu May 06, 2021 10:39 am
Forum: Wireless Networking
Topic: Caps-man with vlans and cAP with vlans on switch chip problem
Replies: 8
Views: 438

Re: Caps-man with vlans and cAP with vlans on switch chip problem

In addition to what @mducharme wrote ... get rid of any VLAN setting in /interface bridge and sub-tree. VLANs should only be configured in one place, either on bridge or on switch chip. Settings on bridge currently don't have any impact because you don't have vlan-filtering=yes set on bridge, but if...
by mkx
Thu May 06, 2021 10:16 am
Forum: Beginner Basics
Topic: Managing /29 network
Replies: 7
Views: 542

Re: Managing /29 network

Regardless the way you're going to solve the problem (sollutions by @Hominidae and by @rextended) you should take care to have firewall up&running. If you're not entirely sure that device's own firewall is OK you can use firewall on RB. But you'll have to enable use-ip-firewall=yes on relevant b...
by mkx
Wed May 05, 2021 11:02 pm
Forum: SwOS
Topic: LAGG with pfsense Setup
Replies: 5
Views: 864

Re: LAGG with pfsense Setup

Switch between pfsense and cable modem will always see only 2 MAC addresses (1 of cable modem and very probably only 1 of pfsense - linux bonding always uses MAC address of first active bond member as bond MAC - for all bond members, I'm not sure about other implementations but they are probably the...
by mkx
Wed May 05, 2021 7:27 pm
Forum: SwOS
Topic: LAGG with pfsense Setup
Replies: 5
Views: 864

Re: LAGG with pfsense Setup

Something in that line. There's just a gotcha with LAG in general (and MT can't be any different): all packets belonging to single connection will pass same bond member, hence single connection throughput is limited to speed of bond member (in your case 1Gbps). Same may apply to muktiple connections...
by mkx
Wed May 05, 2021 6:23 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 629

Re: NAT from inside the LAN

Some wireless clients (mobile phones specifically, others might as well) perform "mini sleeps" of wifi module to save power. During sleeps AP has to buffer frames until client wakes up and accepts packets. The same behaviour affects broadcasts as well, mikrotik by default just sends broadc...
by mkx
Tue May 04, 2021 10:54 pm
Forum: RouterOS v7 BETA
Topic: Warning: cpu not running at default frequency [SOLVED]
Replies: 4
Views: 1689

Re: Warning: cpu not running at default frequency [SOLVED]

RBM11G product page specifies default frequency to be 880MHz. If your unit is not set to this frequency, set it and the warning should go away (after a reboot).
by mkx
Tue May 04, 2021 9:26 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 629

Re: NAT from inside the LAN

So one of PCs is wireless client. I'd say you should check wireless: is there much of interference (other APs nearby), is the connection with decent signal strength, etc.
by mkx
Tue May 04, 2021 7:34 pm
Forum: Beginner Basics
Topic: Turning my router into the WAN itself. [SOLVED]
Replies: 4
Views: 431

Re: Turning my router into the WAN itself. [SOLVED]

If setup of SXT is pretty much default, then the following should work: use winbox and mac connection. Before removing ether1 from bridge add ether1 to interface list called LAN.
by mkx
Tue May 04, 2021 3:02 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1389

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

Or thoroughly apply the German solution.
by mkx
Tue May 04, 2021 2:56 pm
Forum: Wireless Networking
Topic: Vlan hopping check and mitigation !
Replies: 5
Views: 312

Re: Vlan hopping check and mitigation !

These settings improve security. E.g. if port doesn't have ingress-filtering=yes set and tagged frames are allowed on ingress, attacker could inject packets into arbitrary VLAN (also into VLANs which have nothing to do with this particular port). It's one way again (replies are not delivered), but i...
by mkx
Tue May 04, 2021 2:49 pm
Forum: General
Topic: Very high sector writes
Replies: 43
Views: 5477

Re: Very high sector writes

If this indeed has anything to do with SNTP client, then it's NTP client from stand-alone ntp package guilty as well.
by mkx
Tue May 04, 2021 2:34 pm
Forum: Beginner Basics
Topic: Turning my router into the WAN itself. [SOLVED]
Replies: 4
Views: 431

Re: Turning my router into the WAN itself. [SOLVED]

Something similar is topic of this post. Does it help?

Just be sure to use VLAN IDs in range between 2 and 4000 (inclusive) ... stay away from VID 1 (using it is a recipe for troubles).
by mkx
Tue May 04, 2021 2:22 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 629

Re: NAT from inside the LAN

Local traffic between 192.168.64.65 and 192.168.64.64 should go directly without going via router unless there's some weird configuration on either of hosts involved. Hard to tell without seeing actual network configuration of both. Your example would indicate misconfiguration on 192.168.64.65 becau...
by mkx
Tue May 04, 2021 2:16 pm
Forum: Beginner Basics
Topic: Simple queue does not work...
Replies: 11
Views: 563

Re: Simple queue does not work...

Could be that indeed IP firewall has to be involved for queuing to work. It is not very common to have traffic shaping enabled between bridged/switched ports.
by mkx
Tue May 04, 2021 11:31 am
Forum: Beginner Basics
Topic: Combine more Vlan's traffice to one acces port
Replies: 3
Views: 273

Re: Combine more Vlan's traffice to one acces port

As I wrote: it's simple to untag multiple VLANs on a single port. E.g. if there are 3 VLANs with multicast streams with VLAN IDs 100, 200 and 300 ... and you have fourth VLAN for other IP communication of said device (e.g. management) with ID 999, then you would configure a bridge like this: /interf...
by mkx
Mon May 03, 2021 11:43 pm
Forum: General
Topic: Bandwidth test from Mikrotik to client
Replies: 1
Views: 208

Re: Bandwidth test from Mikrotik to client

There's bandwidth test , comes as standard function in ROS and windows counterpart is available for download . Beware, however, that running bandwidth test software on router is generally not a good idea. Test is pretty CPU intensive and router's CPU is often the bottleneck. Better aporoach is to ru...
by mkx
Mon May 03, 2021 10:22 pm
Forum: Beginner Basics
Topic: NAT from inside the LAN
Replies: 9
Views: 629

Re: NAT from inside the LAN

You need hairpin NAT
by mkx
Mon May 03, 2021 6:59 pm
Forum: Beginner Basics
Topic: Simple queue does not work...
Replies: 11
Views: 563

Re: Simple queue does not work...

ether 1, 2 and 3 are bridged as WAN, ether1 connects to internet, ether 2 and 3 to two Dell PowerEdge systems. For queues to work, traffic has to be handled by ROS in software. Which means it should not be HW offloaded. Every ROS device having a switch chip (RB750G has one) can HW offload one bridg...
by mkx
Mon May 03, 2021 6:43 pm
Forum: Beginner Basics
Topic: Combine more Vlan's traffice to one acces port
Replies: 3
Views: 273

Re: Combine more Vlan's traffice to one acces port

Any of RouterOS devices can untag multiple VLANs on single ethernet port. The problem you might encounter is this: usually multicast clients have to subscribe to streams and that has to be done through correct VLAN. It is only possible to tag for single VLAN on ingress, hence multicast client will o...
by mkx
Mon May 03, 2021 4:03 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 785

Re: IPv6 ICMP ok but no TCP traffic

/ipv6 dhcp-client add add-default-route=yes comment="Rostelecom IPv6 DHCP" interface=pppoe-out1 pool-name=rtelecomv6 pool-prefix-length=56 request=prefix use-peer-dns=no Don't set pool prefix length. It's not about prefix length you're getting from ISP (they give you whatever they decide ...
by mkx
Mon May 03, 2021 3:54 pm
Forum: Beginner Basics
Topic: How to isolate both subnets on a cascade router setup?
Replies: 2
Views: 188

Re: How to isolate both subnets on a cascade router setup?

Either construct a "routing" subnet for connection between both routers (if physical connection is a problem, simply using another IP subnet would mostly do). Or disable NAT on Linksys and let MT do it for subnet B as well. You'll have to add static route on router A towards subnet B using...
by mkx
Mon May 03, 2021 3:46 pm
Forum: Beginner Basics
Topic: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?
Replies: 5
Views: 370

Re: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?

The 25 simple queues is more representative of home setup throughput ...

How so? I'd expect most home users to have zero queues defined and at least default firewall filter rules (around 10 IIRC).
by mkx
Mon May 03, 2021 3:43 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules
Replies: 4
Views: 457

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

The big problem about what OP requested is that CAPsMAN only provisions wireless interface of a cAP. When dynamic VID appears on bridge it's not because capsman would provision bridge, it's because this is how bridge reacts to addition of a new bridge port with PVID set. The only solution would be t...
by mkx
Mon May 03, 2021 3:31 pm
Forum: Wireless Networking
Topic: Vlan hopping check and mitigation !
Replies: 5
Views: 312

Re: Vlan hopping check and mitigation !

Can't say anything about TP link gear. MT (most probably) can't be exploted this way, at least if bridge vlan-filtering is used (some HW offloaded VLAN setup might be vulnerable but it very much depends on how switch chip operates - I'm not going to study that now) ... if set up properly. The thing ...
by mkx
Mon May 03, 2021 8:22 am
Forum: Beginner Basics
Topic: Purpose of VLAN Mode on wireless interfaces [SOLVED]
Replies: 2
Views: 273

Re: Purpose of VLAN Mode on wireless interfaces [SOLVED]

Before ROS 6.42 (or something) bridge did not have VLAN related functionality, hence VLAN functions had to be performed by member ports (in this case wlan interface). Using vlan interfaces doesn't help in this case, using multiple bridges does (but that's awkward). Capsman still uses wlan vlan-funct...
by mkx
Sat May 01, 2021 9:05 pm
Forum: Wireless Networking
Topic: Capsman - Not getting IP on slave-interface [SOLVED]
Replies: 7
Views: 1863

Re: Capsman - Not getting IP on slave-interface [SOLVED]

OP did it using single bridge: /caps-man datapath add bridge=bridge local-forwarding=yes name=datapathVlan20 vlan-id=20 vlan-mode=use-tag add bridge=bridge local-forwarding=yes name=datapathVlan30 vlan-id=30 vlan-mode=use-tag Both data paths are using same bridge (named bridge). They are using diffe...
by mkx
Sat May 01, 2021 8:55 pm
Forum: General
Topic: DHCP-client script can't send (external) email because there is no internet connection
Replies: 2
Views: 355

Re: DHCP-client script can't send (external) email because there is no internet connection

Why don't you insert a delay (e.g. of 30 seconds) at the beginning of your script?
by mkx
Sat May 01, 2021 8:51 pm
Forum: Beginner Basics
Topic: Erratic device behaviour on WLAN
Replies: 3
Views: 421

Re: Erratic device behaviour on WLAN

There are a few settings which might affect the way wireless clients behave. I suggest you to re-post about the problem in forum section about wireless. There are a few users very knowledgeable about wireless woes but they might not follow topics in this part of forum.
by mkx
Sat May 01, 2021 1:15 pm
Forum: Wireless Networking
Topic: Capsman - Not getting IP on slave-interface [SOLVED]
Replies: 7
Views: 1863

Re: Capsman - Not getting IP on slave-interface [SOLVED]

It can't be done without bridges. wlan interface (even when provisioned by capsman) is interface, physical ethernet interface is interface (and vlan interface is interface as well) and only way to connect two (or more) interfaces is using a bridge.
by mkx
Sat May 01, 2021 12:32 pm
Forum: Beginner Basics
Topic: Erratic device behaviour on WLAN
Replies: 3
Views: 421

Re: Erratic device behaviour on WLAN

Anything about erratic device in logs? Copy-paste output of command /log print (run it in terminal window) to a text editor and search through logs for device's MAC address and/or IP address.
by mkx
Sat May 01, 2021 12:20 pm
Forum: Beginner Basics
Topic: What is purpose of VLAN's Parent Interface? [SOLVED]
Replies: 3
Views: 478

Re: What is purpose of VLAN's Parent Interface? [SOLVED]

(small hint for you mkx, bookmark good posts!) I'll let you find those via google multiple times so that google bookmarks them for me. It took a few weeks for google to bookmark thread about bridge vkan filtering by @pcunite, now it's on top of result list when I'm searching for "pcunite vlan ...
by mkx
Sat May 01, 2021 12:31 am
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1389

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

I don't think nv2 being invisible to 802.11 devices has anything to do with CSMA/CA. I'm not an expert in nv2 but I guess beacons used in nv2 are incompatible with 802.11 beacons and 802.11 stations don't recognise nv2 AP.
by mkx
Sat May 01, 2021 12:18 am
Forum: Beginner Basics
Topic: What is purpose of VLAN's Parent Interface? [SOLVED]
Replies: 3
Views: 478

Re: What is purpose of VLAN's Parent Interface? [SOLVED]

vlan interface (created under /interface vlan ) is kind of a pipe with two ends. One end is anchored to underlying interface , accepts tagged frames (the ones tagged with aporopriate VID that is) and transmits tagged frames. The other end can be used as untagged interface (e.g. set IP address to it)...
by mkx
Fri Apr 30, 2021 1:36 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1389

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

I think you should do some spectrum analysis during hours with reduced throughput. The problem with nv2 is that standard 802.11 devices don't detect it other than some noise and can thus cause some considerable interference to each other ... which gets worse when both nerworks (your nv2 and other 80...
by mkx
Thu Apr 29, 2021 8:28 pm
Forum: Beginner Basics
Topic: Internet low speed
Replies: 15
Views: 642

Re: Internet low speed

Sorry, your config is OK, but i do not understand why you cap to 100M... Maybe the new device will help? What is an actually model? As test results indicate, your device caps at around 150Mbps (give or take) routed throughput in real life scenarios. Wireless can consume quite a lot of CPU when util...
by mkx
Thu Apr 29, 2021 9:56 am
Forum: General
Topic: Installing RouterOS on Protectli Vault 6-Port Hardware
Replies: 2
Views: 380

Re: Installing RouterOS on Protectli Vault 6-Port Hardware

x86 (and x86-64) breed of ROS v6 is pretty outdated when it comes to available drivers and can thus be very picky about hardware it successfully runs on. So it seems that most often professionals use CHR breed. This does cause some performance loss, but that can be offset by selection of faster hard...
by mkx
Wed Apr 28, 2021 11:11 pm
Forum: Wireless Networking
Topic: VLAN with 2 Wifi networks on the same AP.
Replies: 3
Views: 356

Re: VLAN with 2 Wifi networks on the same AP.

Basic decission to make is about local forwarding VS capsman forwarding. If you're going with capsman forwarding, then you only have to set up VLANs for discovery interface. All the traffic will flow through this VLAN encapsulated in a sort of a tunnel regardless the VIDs associated with SSIDs. If y...
by mkx
Wed Apr 28, 2021 8:58 pm
Forum: General
Topic: Fasttrack Question Decision
Replies: 2
Views: 259

Re: Fasttrack Question Decision

Mangle rules don't work with fast-track.
It is possible to use both mangling and fast-tracking, but one has to exclude from fast-track everything that has to be mangled.
by mkx
Wed Apr 28, 2021 4:57 pm
Forum: Wireless Networking
Topic: RB951G-2HND DDOS
Replies: 3
Views: 506

Re: RB951G-2HND DDOS

Hi, not sure if this topic belongs to wireless networking but anyway... Another possibility is to mess with wireless. Either hack it to gain access to LAN or create enough interference for clients (door lock, CCTV) to drop off wireless network. Either is hard to defend against determined attacker (...
by mkx
Wed Apr 28, 2021 4:48 pm
Forum: Beginner Basics
Topic: What is the issue with DUDE and SNMP?
Replies: 7
Views: 384

Re: What is the issue with DUDE and SNMP?

A few days ago, I first upgraded my RouterOS to version 6.48.2 on my hap ac2, I then downloaded DUDE client 6.48.2 too. I had already DUDE server installed on my Mikrotik before I upgraded RouterOS. Was Dude server also upgraded with the system automatically? How can I check that? In principle all ...
by mkx
Wed Apr 28, 2021 4:42 pm
Forum: Beginner Basics
Topic: Two segmented networks access to one shared network [SOLVED]
Replies: 11
Views: 657

Re: Two segmented networks access to one shared network [SOLVED]

Beyond my scope of knowlege.

Undoubtedly.
by mkx
Wed Apr 28, 2021 4:41 pm
Forum: General
Topic: Block an IP address from the Internet
Replies: 5
Views: 369

Re: Block an IP address from the Internet

I can see using Torch the packets coming in.. However, the mail server is still being hit. Chain=input is for traffic which terminates in router itself (source doesn't matter, can be either internet or LAN). Chain=forward is for traffic which passes router in any direction (e.g. source on intetnet,...
by mkx
Tue Apr 27, 2021 4:59 pm
Forum: General
Topic: IPIP tunnel only works with fasttrack enabled
Replies: 2
Views: 290

Re: IPIP tunnel only works with fasttrack enabled

Impossible to tell without seeing actual config. My guess: firewall rules. For fast-tracked traffic one needs two matching firewall rules such as these two: add action=fast-track connection-state=established,related <other selection criteria> add action=accept connection-state=established,related,un...
by mkx
Tue Apr 27, 2021 4:46 pm
Forum: Wireless Networking
Topic: Tree's obstructing CPE LOS to AP ~ bandwidth!
Replies: 19
Views: 1389

Re: Tree's obstructing CPE LOS to AP ~ bandwidth!

Lost-packets is showing that radio link is not good.

There are quite a few decent articles on internet about non line-of-sight radio links (e.g. this one) describing how tree tops affect radio propagation.
by mkx
Tue Apr 27, 2021 1:17 pm
Forum: General
Topic: Hotspot arp scan not working !
Replies: 6
Views: 423

Re: Hotspot arp scan not working !

Trash forum.
Indeed. Now go away.
by mkx
Tue Apr 27, 2021 11:05 am
Forum: General
Topic: Bridge Filter Vlans Not Working
Replies: 7
Views: 543

Re: Bridge Filter Vlans Not Working

Don't set use-service-tag=yes ... this setting is not about enabling VLAN tags, it's about using different type of tags (type 802.1ad instead of usual 802.1q).
by mkx
Mon Apr 26, 2021 6:20 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1133

Re: MAC VLAN on CRS354-48G

Block diagram of CRS354-48G indicates that this unit has a single switch chip ... https://i.mt.lv/cdn/product_files/CRS354-48G-4Splus2Qplus_200122.png There are other (mostly mid-priced) MT devices which have two (or more) switch chips and with those several limits apply. So when studying some tutor...
by mkx
Mon Apr 26, 2021 6:17 pm
Forum: General
Topic: Dual WAN, dual subnet, multiple VLANs
Replies: 13
Views: 752

Re: Dual WAN, dual subnet, multiple VLANs

It's hard to tell without seeing actual configuration at least of the main router. One thing does ring the bell: vlan1_sxt implies use of VLAN ID 1. Use of VLAN ID 1 is a bad choice. This VID is used as default value all around and if you're not extra carefull, it can mess with config. So it's bette...
by mkx
Mon Apr 26, 2021 6:07 pm
Forum: Beginner Basics
Topic: Ingress port, Egress port
Replies: 2
Views: 233

Re: Ingress port, Egress port

Im wondering how to dedicate one port as INGRESS traffic and another port for EGRESS traffic. Unless you're trying to do something really fancy ... I don't see how separating ports acording to traffic direction for traffic between two link peers could help. You are aware of the fact that 1000BaseT ...
by mkx
Sun Apr 25, 2021 5:44 pm
Forum: General
Topic: PWR-LINE PRO
Replies: 22
Views: 3259

Re: PWR-LINE PRO

If you have rented a jack hammer, you are my hero!!

If I owned a jack hammer, what would that make me?
by mkx
Sun Apr 25, 2021 4:40 pm
Forum: General
Topic: Fast Path - Questions
Replies: 1
Views: 230

Re: Fast Path - Questions

Fast-track depends on fast-path being enabled. Manual says nothing about fast-path being active.

OTOH I don't think fast-path provides much of a boost. HW offload clearly does and fast-track does as well. So I wouldn't bother about fast-path too much.
by mkx
Sun Apr 25, 2021 4:21 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1133

Re: MAC VLAN on CRS354-48G

The linked document describes just every switching aspect of CRS3xx, there are many sections (port-based VLANs included, trunk port is one of possible port-based VLAN modes). Sure, you need to confugure trunk towards your router. But I was thinking specifically about this part: /interface ethernet s...
by mkx
Sun Apr 25, 2021 1:35 pm
Forum: General
Topic: Static WAN IP not working - mask issue?
Replies: 11
Views: 544

Re: Static WAN IP not working - mask issue?

It could be that ISP implemented some filtering mechanism and it blocks your router if it doesn't obtain IP address via DHCP. Usually ypu can't just set IP address and assume it'll be static. As your ISP about static IP addresses. Some will set static DHCP lease (in that case take care about MAC adr...
by mkx
Sun Apr 25, 2021 11:45 am
Forum: General
Topic: CHR only recognizing 1Gb of ram - 4 assigned
Replies: 2
Views: 307

Re: CHR only recognizing 1Gb of ram - 4 assigned

32-bit ROS v6 for most architectures supports only 1GB RAM. Notable exceptions are AFAIK TILE and CHR (only when when run as x64). So verify how exactly your CHR is set up, could be that it's running in x86 mode.
by mkx
Sat Apr 24, 2021 8:15 pm
Forum: Beginner Basics
Topic: What does the firewall built in counter count?
Replies: 6
Views: 531

Re: What does the firewall built in counter count?

It's worth to mention that the rule is added automatically and hence its full properties are not known, tbere might be some bits not shown in its property list. As stated in comment it's dummy and might be just a hook into fasttrack driver, not a real firewall filter. Thus it's probably impossible t...
by mkx
Sat Apr 24, 2021 5:18 pm
Forum: General
Topic: Running out of disk space
Replies: 5
Views: 450

Re: Running out of disk space

Flash disks hold actual ROS and ROS nowdays consumes anything between 10 and 15+ MB depending on number of packages installed and amount of permanent configuration (address lists, firewall rules, etc.). The rest of flash space is accessible under file->flash So what you see is pretty normal, even th...
by mkx
Sat Apr 24, 2021 4:34 pm
Forum: Beginner Basics
Topic: Connecting a Mikrotik router to a non cooperative ADSL router
Replies: 2
Views: 251

Re: Connecting a Mikrotik router to a non cooperative ADSL router

You can use C as default gateway for LAN of B (no need to run DHCP server on C if you can configure DHCP server on B with C's IP address as gateway address). Or you can skip the C and configure A as default gateway for LAN B, but you'll have to play with policy based routing (so that B will be used ...
by mkx
Sat Apr 24, 2021 4:15 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1133

Re: MAC VLAN on CRS354-48G

Did you read this part of CRS3xx switch manual? I think that as a CRS3xx owner you should read it and understand every bit (OK, byte) of the whole document.
by mkx
Fri Apr 23, 2021 11:05 pm
Forum: General
Topic: Bridge/vlan configuration advice
Replies: 3
Views: 291

Re: Bridge/vlan configuration advice

On CCR it will be done by CPU either way so performance wise both ways are pretty much the same. But you should proceed and configure CCR the same way as CRS - single bridge with VLANs. This way configuration will be similar on both your devices (only that CRS actually HW offloads everything).
by mkx
Fri Apr 23, 2021 10:54 pm
Forum: Beginner Basics
Topic: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?
Replies: 4
Views: 392

Re: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?

Just kidding, just curious as to what functionality switch stacking gives you?? Single control plane. Legacy stackable switches also provided proprietary high-speed interconnect interfaces (e.g. 40Gbps interface on Gbps switches in times when standard 10Gbps interfaces either did not exist or were ...
by mkx
Fri Apr 23, 2021 10:39 pm
Forum: Beginner Basics
Topic: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?
Replies: 4
Views: 392

Re: does CRS305-1G-4S+IN support switch stacking (similar to cisco's flavor)?

No, none of Mikrotik switches support stacking. The closest is bridge extender, but that feature is much worse from performance and availability point of view.
by mkx
Wed Apr 21, 2021 11:15 pm
Forum: SwOS
Topic: SwOS detecting wrong mac address of NIC
Replies: 2
Views: 470

Re: SwOS detecting wrong mac address of NIC

I'd check to see what other hosts in same subnet see. Configure IP address on the offending NIC, then ping it from another linux machine in same subnet. When you get ping replies, check ARP address recorded (grep IP address in /proc/net/arp ). If other machines see same as switch, then NIC is playin...
by mkx
Wed Apr 21, 2021 10:55 pm
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 785

Re: Connectivity [SOLVED]

If you're going to use wireless to connect hAP ac2 to ISP router, then decide which band you're going to use for that ... if you have a choice at all (depends what wireless is supported on ISP router). But since there's some distance between both devices (10m if I see correctly) it'd be better to us...
by mkx
Wed Apr 21, 2021 10:28 pm
Forum: General
Topic: IPIP vs GRE [SOLVED]
Replies: 7
Views: 586

Re: IPIP vs GRE [SOLVED]

I guarantee this was not the case a couple of versions ago...
I'll take your word on it ;-)
by mkx
Wed Apr 21, 2021 7:22 pm
Forum: General
Topic: SFP RB4011
Replies: 25
Views: 5547

Re: SFP RB4011

Most Mikrotik devices are picky about SFP modules, GPON modules in particular are worse (and none GPON SFP modules are oficially supported anyway). RB4011 seems to be even more picky than the rest.
by mkx
Tue Apr 20, 2021 11:19 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1617

Re: Port forwarding not working from Public IP ranges [SOLVED]

It seems that sometimes there's some configuration burried somewhere and not shown in UI. Not shown on configuration export as well ? How is that actually possible ? I've never experienced such case myself and I've no idea how configuration shown in UI (any of them) correlates to actual configurati...
by mkx
Tue Apr 20, 2021 9:06 pm
Forum: Wireless Networking
Topic: CAPsMAN Client to Client Forwarding...
Replies: 4
Views: 434

Re: CAPsMAN Client to Client Forwarding...

During my testing I noticed another peculiar issue. When two devices are connected to the same cap and both are on the same radio (say 2GHz) it blocks communications as it should. However, when one device connects to the 2GHz and one device connects to the 5GHz communication is allowed even though ...
by mkx
Tue Apr 20, 2021 8:50 pm
Forum: General
Topic: IPIP vs GRE [SOLVED]
Replies: 7
Views: 586

Re: IPIP vs GRE [SOLVED]

In what cases do I need to specify addresses for both ends of the IPIP-tunnel, and in what cases it is not necessary? I tried a IPIP-tunnel without addresses - everything works fine. When you enable IPsec encryption you will need to specify a local address I just tried ... and IPsec works just fine...
by mkx
Tue Apr 20, 2021 7:39 pm
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 785

Re: Connectivity [SOLVED]

I'd still like to see actual configuration from your Mikrotik. I don't kniw (by heart) how exactly default config looks like and thus don't know what exactky has to be changed to get things working.

So, please, follow the procedure I described to export config and post it here.
by mkx
Tue Apr 20, 2021 12:28 pm
Forum: RouterBOARD hardware
Topic: PoE issue (?) hAP ac3 + CSS610-8G-2S+IN
Replies: 2
Views: 344

Re: PoE issue (?) hAP ac3 + CSS610-8G-2S+IN

If you didn't reboot hAP ac3, you can check logs (/log print) to see if there was some suspicious event.
by mkx
Mon Apr 19, 2021 7:53 pm
Forum: Beginner Basics
Topic: What exactly causes 100% CPU load?
Replies: 2
Views: 287

Re: What exactly causes 100% CPU load?

All FW rules have counters ... check which counter is incrementing the most while under DDOS. Don't blindly disable that rule, result might be vulnerable LAN.
by mkx
Mon Apr 19, 2021 8:23 am
Forum: General
Topic: Feature requests
Replies: 1343
Views: 325318

Re: Feature requests

( Tilera CPU support is dropped by linux kernel - so its no future ). Mikrotik has already made kernel patches just for Tilera, so no worries there. Tile is an old platform never the less and would be unwise to introduce new products based on outdated hardware. Future support for current products i...
by mkx
Mon Apr 19, 2021 12:14 am
Forum: General
Topic: Connection tracking problem with discovery
Replies: 4
Views: 399

Re: Connection tracking problem with discovery

How exactly are these connections shown in connection tracking list?
by mkx
Sun Apr 18, 2021 8:59 pm
Forum: General
Topic: Connection tracking problem with discovery
Replies: 4
Views: 399

Re: Connection tracking problem with discovery

TCP connection is considered "established" after successful completion of three-way handshake . If some remote host is probing a TCP port to check if it's open, it might send only initial packet and wait for reply - if reply is received, port is very likely open. Since port scanners are no...
by mkx
Sun Apr 18, 2021 11:05 am
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1617

Re: Port forwarding not working from Public IP ranges [SOLVED]

I'm out of ideas as to what prevents your setup to perform correctly. There were cases where seemingly correct config did not work right and solution was factory reset, followed by application of very same config. It seems that sometimes there's some configuration burried somewhere and not shown in ...
by mkx
Sat Apr 17, 2021 8:32 pm
Forum: General
Topic: SFP+ Cable between RB4011 and Edgeswitch
Replies: 1
Views: 222

Re: SFP+ Cable between RB4011 and Edgeswitch

Get one Ubiquiti compatible optical SFP+module, one Mikrotik compatible optical SFP+ module and a short fibre patch cable.
by mkx
Sat Apr 17, 2021 8:29 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1617

Re: Port forwarding not working from Public IP ranges [SOLVED]

Now when I look at the "Quick Set" page in the webadmin "IP address" for Local Network is shown in red with the ip 0.0.0.0. After you start configuring things outside Quickset, never ever use it again. At best it'll display misleading information, at worst it'll mess with config...
by mkx
Sat Apr 17, 2021 6:56 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1617

Re: Port forwarding not working from Public IP ranges [SOLVED]

Those 4 bytes corresponds to what I've noticed in the log file. ... Am aware that the packages that comes from the Internet connection will not contain a VLAN tag. For your router, packets coming from 192.168.0.20 or from random internet host are just the same. They enter router through interface o...
by mkx
Sat Apr 17, 2021 6:47 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1617

Re: Port forwarding not working from Public IP ranges [SOLVED]

Make sure this line is gone: /ip address add address=10.1.0.1/24 comment="Main bridge" interface=MainBridge network=10.1.0.0 Then /interface list member add comment=defconf interface=MainBridge list=LAN Interface LAN_VLAN should be member of LAN interface list rather than MainBridge. BTW, ...
by mkx
Sat Apr 17, 2021 12:22 pm
Forum: Beginner Basics
Topic: Port forwarding not working from Public IP ranges [SOLVED]
Replies: 27
Views: 1617

Re: Port forwarding not working from Public IP ranges [SOLVED]

When vlan-filtering=yes on bridge, it's a bit debatable whether untagged frames are actually passing bridge (the switch-like entity). Which means you have to folow one of the following: set pvid on bridge interface and use bridge interface as untagged (or hybrid) interface. If you don't set pvid exp...
by mkx
Sat Apr 17, 2021 12:07 pm
Forum: Beginner Basics
Topic: Looking for help in setting up IoT Hub [SOLVED]
Replies: 19
Views: 1190

Re: Looking for help in setting up IoT Hub [SOLVED]

I am still trying to understand why the suggestions on forum, do not work by copy pasting on command line. For example: using below line on command line gives error Because most of (general) examples/suggestions assume device with no previous configuration. ROS is so versatile it's almost impossibl...
by mkx
Fri Apr 16, 2021 10:00 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 40043

Re: v7.1beta5 [development] is released!

Factory reset resets configuration, SW install remains intact. Netinstall wipes non-volatile storage and installs everything anew.
by mkx
Fri Apr 16, 2021 9:59 pm
Forum: RouterOS v7 BETA
Topic: RB4011 is missing CPU frequency adjustment
Replies: 10
Views: 1069

Re: RB4011 is missing CPU frequency adjustment

In ROS v6 CPU frequency is shown by /system resource print.
I'm using ROS v7.
Right. Nothing remained unchanged ...
by mkx
Fri Apr 16, 2021 9:46 pm
Forum: RouterOS v7 BETA
Topic: RB4011 is missing CPU frequency adjustment
Replies: 10
Views: 1069

Re: RB4011 is missing CPU frequency adjustment

In ROS v6 CPU frequency is shown by /system resource print.
by mkx
Fri Apr 16, 2021 9:20 pm
Forum: Beginner Basics
Topic: IPV6 RB4011 as Subrouter in DHCP-PD chain: pool prefix-length:68
Replies: 4
Views: 371

Re: IPV6 RB4011 as Subrouter in DHCP-PD chain: pool prefix-length:68

Actually don't bother setting the prefix length and prefix hint, DHCP server on opensense will delegate /60 prefix if you configured it as such. My ISP also delegates /56 prefixes and I'm getting one without setting prefix hint. pool-prefix-length is the key setting (even though it's set on dhcp-cli...
by mkx
Fri Apr 16, 2021 9:06 pm
Forum: RouterOS v7 BETA
Topic: RB4011 is missing CPU frequency adjustment
Replies: 10
Views: 1069

Re: RB4011 is missing CPU frequency adjustment

I think it was mentioned that CPU governor will be dynamic. So you should check CPU frequency from time to time (under different loads), chances are that it'll be different.
by mkx
Fri Apr 16, 2021 5:14 pm
Forum: General
Topic: ISP to Mikrotik Router RB4011 Bridging
Replies: 12
Views: 849

Re: ISP to Mikrotik Router RB4011 Bridging

...most ISP connections I know of, that use PPPOE require to use a seperate VLAN (i.e. German Telekom, VLAN-ID = 7) But not all. Log entries (connecting ... authenticated, connected, terminating ... disconnected) actually show that VLAN is (probably) not a problem since PPPoE client can talk to ISP...
by mkx
Fri Apr 16, 2021 4:58 pm
Forum: Beginner Basics
Topic: What is the best way to set-up WLAN VLAN?
Replies: 6
Views: 536

Re: What is the best way to set-up WLAN VLAN?

On my Mikrotik all-in router I would like to set-up two WLAN VLANs, and I have two questions: Is there any difference between two ssid-s, if I set-up one on wlan1 (physical interface) and one on a virtual wlan built on the first physical one? I guess here e.g. speed, hw acceleration, security, etc....
by mkx
Fri Apr 16, 2021 4:49 pm
Forum: Beginner Basics
Topic: RBGPOE connected to PoE switch - will it block power request from source?
Replies: 1
Views: 198

Re: RBGPOE connected to PoE switch - will it block power request from source?

Mikrotik APs will work off PoE injectors just fine. Just make sure your Linksys doesn't accidentally output power on those ethernet ports where you'll have PoE injectors (could be it has some per-port setting regarding PoE, like on/auto/off ).
by mkx
Thu Apr 15, 2021 2:15 pm
Forum: Beginner Basics
Topic: Add tag to untaged traffic
Replies: 13
Views: 664

Re: Add tag to untaged traffic

/interface bridge add name=bridge pvid=33 vlan-filtering=yes No PVID! Interface bridge should be tagged for VLAN 33. The next one is completely wrong: /interface bridge vlan add bridge=bridge untagged=vlan33 vlan-ids=33 should be like this: /interface bridge vlan add bridge=bridge tagged=bridge unt...
by mkx
Thu Apr 15, 2021 8:57 am
Forum: General
Topic: Each port a seperate Subnet
Replies: 3
Views: 271

Re: Each port a seperate Subnet

Default configuration depends on mikrotik device type, so are necessary steps to be taken. Most SOHO type devices come with default config which uses ether1 as WAN interface, other wired and wireless interfaces are made part of a bridge (all ports are bridged/switched) which is then used for LAN. If...
by mkx
Wed Apr 14, 2021 10:54 pm
Forum: Beginner Basics
Topic: Add tag to untaged traffic
Replies: 13
Views: 664

Re: Add tag to untaged traffic

The switch chip version: did you verify the section I emphasized? The switch1-cpu port should be all tagged, but (if I'm right) it's set with default-vlan-id=32 meaning it will untag frames belonging to VLAN 32 when handing them over to CPU (bridge) and thus vlan interface vlan32backbone doesn't see...
by mkx
Wed Apr 14, 2021 5:48 pm
Forum: General
Topic: Way to set the NAT type?
Replies: 5
Views: 431

Re: Way to set the NAT type?

If I understand things correctly (and very likely I don't), these terms really apply fully when one has multiple public addresses. In that case there are ways to acomplish target manually or semi-automatically under ROS. If one only has single public address (usual situation for home users), then th...
by mkx
Wed Apr 14, 2021 5:35 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4937

Re: Time Sync with SNTP client and IP Cloud Not Working

I just want to know what is wrong with it and why NTP isn't working. It's hard to tell. Many of us have NTP (and SNTP) clients working just fine. Which means it's sonethjng specific to your case. You can try to raise a support ticket ... possibly at support@mikrotik.com. They'll probably want supou...
by mkx
Wed Apr 14, 2021 5:20 pm
Forum: Beginner Basics
Topic: Add tag to untaged traffic
Replies: 13
Views: 664

Re: Add tag to untaged traffic

You can deal with VLANs either using bridge vlan-filtering or using switch chip, not both. As long as you have vlan-filtering set to no, bridge setup does not do any harm. However this part does does harm regardless of the way you'll configure VLANs: /interface bridge port add bridge=bridge interfac...
by mkx
Wed Apr 14, 2021 5:09 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 143
Views: 22497

Re: v6.48.2 [stable] is released!

Not all updates from 6.49beta27 of Testing release tree went to 6.48.2 ?

In ROS features are generally not back-ported. Only important fixes are. For new features and less important fixes you'll have to wait for 6.49 (release).
by mkx
Wed Apr 14, 2021 3:23 pm
Forum: General
Topic: Internet distro
Replies: 1
Views: 182

Re: Internet distro

Let's stick to your original topic here.
by mkx
Wed Apr 14, 2021 3:22 pm
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 785

Re: Connectivity [SOLVED]

I'm slightly at loss about how exactly your network topology looks like and how exactly is MT configured. So I suggest you to post a chart (hand drawing would do) of your LAN (showing fibre router, mikrotik, typical LAN device, together with types of connections between various devices). And actual ...
by mkx
Wed Apr 14, 2021 9:36 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 143
Views: 22497

Re: v6.48.2 [stable] is released!

Dynamic data (DHCP leases, adress lists, ...) doesn't survive reboot, only static data (written to non-volatile storage) does. For DHCP lease list that's not a huge problem. When DHCP lease timer expires (or rather at half time), DHCP clients will try to renew leases and will request the same IP add...
by mkx
Wed Apr 14, 2021 9:30 am
Forum: RouterBOARD hardware
Topic: NetPower16 feeding AF11FX
Replies: 5
Views: 899

Re: NetPower16 feeding AF11FX

You need this

Not necessarily ... OP's PD consumes less than 30W which is well inside 802.1at specs. It's OP's power adapter that doesn't allow him to use at standard (while af standard is up to 15W which is too little for AF11FX).
by mkx
Wed Apr 14, 2021 9:21 am
Forum: General
Topic: Tagging Untagged VLAN From Other Devices
Replies: 6
Views: 593

Re: Tagging Untagged VLAN From Other Devices

So which part of my previous post does not give you enough information to get started?
by mkx
Tue Apr 13, 2021 9:29 pm
Forum: Beginner Basics
Topic: Difference between Mikrotik Cloud Router Switches [SOLVED]
Replies: 3
Views: 443

Re: Difference between Mikrotik Cloud Router Switches [SOLVED]

All CRS switches can switch wirespeed. Some can do wirespeed slightly more complicated stuff. With ROSv7 beta some (but not all) CRS3xx devices can even route wirespeed.

But the big difference is that CRS3xx are contemporary products offering e.g. 10Gbps interfaces. CRS1xx and CRS2xx are not.
by mkx
Tue Apr 13, 2021 9:18 pm
Forum: Beginner Basics
Topic: Difference between Mikrotik Cloud Router Switches [SOLVED]
Replies: 3
Views: 443

Re: Difference between Mikrotik Cloud Router Switches [SOLVED]

Even though officially they're still available, essentially CRS1xx and CRS2xx are obsolete.
by mkx
Tue Apr 13, 2021 6:14 pm
Forum: General
Topic: CRS vs CCR
Replies: 3
Views: 380

Re: CRS vs CCR

Realistically RB4011 can't handle 4x1Gbps WANs with load sharing and what not (but could handle 2x1Gbps).
by mkx
Mon Apr 12, 2021 9:11 pm
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 1791

Re: RB5011?

For the record, RB4011 uses SoC AL21400 (SoC among other things features ARM cores but contains much more). This SoC can route around 2.5Gbps (give or take), IMO plenty for SOHO users now and good enough for vast majority in next few years. If you trip on "features", like CPU names, then y...
by mkx
Mon Apr 12, 2021 8:54 pm
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 1791

Re: RB5011?

I don't want it 3 years outdated. Which part of RB4011 is 3 years outdated ? The great thing about Mikrotik devices is that they come with insanely long support time. The only thing that outdates Mikrotik devices is lack of performance, other vendors tend to limit support to much shorter time and t...
by mkx
Mon Apr 12, 2021 8:47 pm
Forum: Beginner Basics
Topic: Vlan no internet - hEX router 6.48.1
Replies: 3
Views: 368

Re: Vlan no internet - hEX router 6.48.1

Your setup is missing half of DHCP server settings (in /ip dhcp-server network in particular).

VLAN setup is almost non-existent. I suggest you to read through this excellent tutorial.
by mkx
Mon Apr 12, 2021 8:39 pm
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 1791

Re: RB5011?

If you need your "RB5011" then either look around and see if some available devices may do what you need or just don't buy Mikrotik at all. What are the alternatives? Guess what? Performance doesn't come for free. If you need performance because you have high speed WAN link for which you ...
by mkx
Mon Apr 12, 2021 7:21 pm
Forum: General
Topic: Winbox Safe mode
Replies: 30
Views: 54338

Re: Winbox Safe mode

It will work with almost all commands. I don't know but I'd expect not to work on e.g. restore of backup. There might be a few other "huge" commands where undo doesn't work.
by mkx
Mon Apr 12, 2021 7:17 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4937

Re: Time Sync with SNTP client and IP Cloud Not Working

You may want to verify that selected NTP servers are actually accessible from your location (you can run ntpdate -d -v <IP address> from a linux host). Just checked and the first one (129.6.15.28 is time-a-g.nist.gov) is fine from my location, however the other one (132.163.96.5 is ntp-b.nist.gov) i...
by mkx
Mon Apr 12, 2021 5:07 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 1029

Re: VLAN Filter - how do ingress and egress rules work?

I can only agree that bridge in MT world is a mess because it's not explicitly clear which settings are about bridge (the switch-like stuff) and which settings are about bridge (the interface). It's confusing and hence the article by @sindy (it took some time for all of us to find out all of the dar...
by mkx
Mon Apr 12, 2021 5:02 pm
Forum: General
Topic: no access out of firewall
Replies: 10
Views: 571

Re: no access out of firewall

One thing I'd change is this: /interface detect-internet set detect-interface-list=all I'm yet to hear about anything useful about this setting enabled, but there are reports it can break random things. Other than that, your firewall is messy and I certainly hope all of those PCs with exposed RDP se...
by mkx
Mon Apr 12, 2021 4:49 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 1029

Re: VLAN Filter - how do ingress and egress rules work?

Not really. but it does not tell you that the PVID setting is acting on ingress and egress. IMO you already covered this case under 2.B.ii.b ... because when bridge interface has PVID set (and it always has it set, if not other the hidden default PVID=1), again all frames pass bridge the switch lik...
by mkx
Mon Apr 12, 2021 4:43 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4937

Re: Time Sync with SNTP client and IP Cloud Not Working

Proper NTP client takes a while before it reaches status: synchronized (usually a few minutes). The initial firewall filter in your export (chain=input action=accept connection-state=established,related) should allow NTP client to work (but should have allowed the SNTP client to work as well if it's...
by mkx
Mon Apr 12, 2021 4:34 pm
Forum: General
Topic: no access out of firewall
Replies: 10
Views: 571

Re: no access out of firewall

Smells like ARP problem but it's hard to tell without seeing full router config (text export) and some chart explaining network topology (seems it's not entirely trivial).
by mkx
Mon Apr 12, 2021 4:31 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 1029

Re: VLAN Filter - how do ingress and egress rules work?

looks like that I need to update my OP once again. Not really. What you're missing is that bridge has two or three personalities (depends how you count). When you consider those personalities separately, you don't have to change your explanation. This topic explains bridge and its personalities nic...
by mkx
Mon Apr 12, 2021 3:27 pm
Forum: Wireless Networking
Topic: WAP LTE kit Performance [SOLVED]
Replies: 5
Views: 534

Re: WAP LTE kit Performance [SOLVED]

I don't know what you can do. Getting a cat6 (or better) LTE modem would definitely help, this way you could avoid locking wAP to B7 or B3 cells ...
by mkx
Mon Apr 12, 2021 3:20 pm
Forum: General
Topic: Static route - connect to a secondary LAN
Replies: 2
Views: 344

Re: Static route - connect to a secondary LAN

Your case is pretty simple and there's no need to play with mangling and routing marks. Remove everything shown in your config excerpt except for the default route ( add check-gateway=ping distance=1 gateway=192.168.0.1 ). Simply adding IP address (with correct subnet mask) to ether5 already allows ...
by mkx
Mon Apr 12, 2021 3:02 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4937

Re: Time Sync with SNTP client and IP Cloud Not Working

NTP package is not available for HAP AC. hAP ac is MIPSBE and MIPSBE has ntp package (get extra packages file for your ROS version, mine is 6.47.9 and it contains all packages including ntp-6.47.9-mipsbe.npk ), upload it to your router and reboot. Works great on my RB951G devices (MIPSBE as well). ...
by mkx
Mon Apr 12, 2021 11:20 am
Forum: Wireless Networking
Topic: WAP LTE kit Performance [SOLVED]
Replies: 5
Views: 534

Re: WAP LTE kit Performance [SOLVED]

R11e-LTE (LTE module included in your device) isn't capable of CA. Which nowadays severely limits DL speed (as most of MNO's cells are quite loaded and only way of getting good throughputs is by using CA). That could explain lower DL throughputs. Beware that on B20, where RSRP is likely highest, cha...
by mkx
Mon Apr 12, 2021 11:04 am
Forum: Wireless Networking
Topic: SXT5 NV2 "lost connection, synchronization timeout"
Replies: 6
Views: 502

Re: SXT5 NV2 "lost connection, synchronization timeout"

Done - but shouldn't DFS=ALL be set by my regulatory domain? Why is this important? Should it be enabled on both - master and slave? Default is to use all channels feasible. The lsit depends on a) regulatory domain, b) selection of indoor vs. outdoor vs. any . The problem with DFS channels is (as I...
by mkx
Mon Apr 12, 2021 8:49 am
Forum: RouterBOARD hardware
Topic: RB5011?
Replies: 19
Views: 1791

Re: RB5011?

CCR2004 no switch chip.RB3011 is too big.

CCR2004 is a proper router and thus does not lack switch chip. The rest of devices on your list are SoHo devices (a completely different device group).

You're saying RB3011 doesn't fit standard 19" rack?
by mkx
Mon Apr 12, 2021 8:39 am
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4937

Re: Time Sync with SNTP client and IP Cloud Not Working

Actually cloud timesync is broken. I've read explanation by Mikrotik that cloud timesync is very approximate and only useful for setting approximate time for logs. For everything else disable cloud timesync and use (S)NTP client. In fact you should only use single time sync method as multiple fight ...
by mkx
Mon Apr 12, 2021 8:24 am
Forum: Wireless Networking
Topic: SXT5 NV2 "lost connection, synchronization timeout"
Replies: 6
Views: 502

Re: SXT5 NV2 "lost connection, synchronization timeout"

While you might get upset about watchdog not triggering you really should adjust list of allowed frequencies so that "master device" (sw15) doesn't select a DFS frequency by setting skip-dfs-channels=all ... even if reboot occurred earlier it could still happen that sw15 selects a DFS freq...
by mkx
Sat Apr 10, 2021 6:14 pm
Forum: General
Topic: CRS328 Temperature high
Replies: 5
Views: 618

Re: CRS328 Temperature high

CRS328-24P does have fans and OP contains data about their RPM. However fans are temperature driven and it seems MT thinks these temperatures are fine or else fans would run much faster (I seem to remember they can go as high as 5000 RPM or something like that).
by mkx
Sat Apr 10, 2021 1:14 pm
Forum: SwOS
Topic: Multicast issue on SwOS
Replies: 5
Views: 659

Re: Multicast issue on SwOS

MT devices in general (both ROS and SwOS) don't implement IGMP snooping quite properly and it's hard to get it working right (with SwOS giving much less possibilities for tinkering with settings even more so) . My own sollution is to have it disabled but this might not be sollution for you if cummul...
by mkx
Sat Apr 10, 2021 1:01 pm
Forum: RouterBOARD hardware
Topic: idea for a mUPS version 2
Replies: 1
Views: 382

Re: idea for a mUPS version 2

The simple design is guarantee for batteries to get destroyed sooner or later. Even if one uses very simple lead-acid batteries, there are a few problems: when charged, a 12V lead-acid battery has voltage of around 13.7-13.9 Volts. Exact number depends on exact manufacturing process (e.g. normal vs....
by mkx
Sat Apr 10, 2021 12:18 pm
Forum: General
Topic: Tagging Untagged VLAN From Other Devices
Replies: 6
Views: 593

Re: Tagging Untagged VLAN From Other Devices

What you want is perfectly doable. However you'll have to reconfigure both devices (RB951G and hAP lite) for use of VLANs. Reconfiguration of both will be done in similar manner: you will use two VLANs: one for IPTV and one for LAN. Use any number between 2 and around 4000. Let's say you'll use VLAN...
by mkx
Fri Apr 09, 2021 11:54 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

And can't the router ask the chip? Obviously it can't. Not easily at least. I don't think MT devs deliberately threw the functionality out of ROS for ac chipsets (and newer) just for fun. There must be a reason for lack of Tx power information and I guess it has something to do with in-house develo...
by mkx
Fri Apr 09, 2021 7:43 pm
Forum: Beginner Basics
Topic: Connect switch and router via SFP - partially working [SOLVED]
Replies: 7
Views: 599

Re: Connect switch and router via SFP - partially working [SOLVED]

No wasnt aware that the large switch setups with sWOS dont have a config to export.....

Any switch setups with swOS only have one type of human-readable configuration export: the graphical one.
by mkx
Fri Apr 09, 2021 6:09 pm
Forum: General
Topic: VLAN setup for CCR1016 and CRS226
Replies: 14
Views: 996

Re: VLAN setup for CCR1016 and CRS226

Documentation about switch trunks, supported by CRS1xx/CRS2xx, is slightly scarce, but judging from configuration example shown in this document it is possible to assume it's similar to bonding with layer2-and-3 transmit policy. And with this kind of bonds pair of hosts (same pair of MAC addresses -...
by mkx
Fri Apr 09, 2021 5:53 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

Problem is that default value very much depends on exact radio chip model used. Not a problem with pre-ac hardware which can show exact values used. So when you'd set tx-power mode to "card-rates" and check running values, you'd get all the information you need. With newer chipsets that's ...
by mkx
Fri Apr 09, 2021 11:46 am
Forum: Wireless Networking
Topic: Fast update of upstream L2 switch MAC address tables when roaming across APs
Replies: 3
Views: 380

Re: Fast update of upstream L2 switch MAC address tables when roaming across APs

Slightly off-topic, but I'll correct myself (before many other users do it):
As this forum is un-official user forum,
Actually this forum is official forum. The user part is true, MT staff don't necessarily react to bugs reported (only) on this forum.
by mkx
Fri Apr 09, 2021 10:51 am
Forum: Wireless Networking
Topic: Fast update of upstream L2 switch MAC address tables when roaming across APs
Replies: 3
Views: 380

Re: Fast update of upstream L2 switch MAC address tables when roaming across APs

As this forum is un-official user forum, I suggest you to send your suggestion/request directly to mikrotik, e.g. via e-mail address support@mikrotik.com
by mkx
Fri Apr 09, 2021 10:48 am
Forum: General
Topic: Connectivity [SOLVED]
Replies: 10
Views: 785

Re: Connectivity [SOLVED]

Assuming fibre router is not Mikrotik, you can not set Mikrotik LAN address to same subnet as fibre router's. Instead Mikrotik should perform NAT and all the rest. Default config on SOHO line is using interface list throughout firewall rules (including NAT) and if you stick to that concept, you shou...
by mkx
Fri Apr 09, 2021 12:09 am
Forum: General
Topic: How to make a router plugged into an interface only see a VLAN
Replies: 5
Views: 388

Re: How to make a router plugged into an interface only see a VLAN

Add configuration something like this; /interface bridge add name=bridge1234 vlan-filtering=yes /interface bridge port add bridge=bridge1234 interface=ether4 pvid=1234 frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes /interface bridge vlan add bridge=bridge1234 tagged=bridge...
by mkx
Wed Apr 07, 2021 10:33 pm
Forum: General
Topic: PowerPro no HOfload on second Bridge
Replies: 2
Views: 259

Re: PowerPro no HOfload on second Bridge

In ROS (currently) only one bridge can offload operations to hardware. If configuration is same for all brudges, ROS automagically selectd one for offload. You can affect the selection by manually disable HW offload on all non-preferred ports. Actual limitation is one bridge per switch chip, but mos...
by mkx
Wed Apr 07, 2021 5:22 pm
Forum: General
Topic: How to make a router plugged into an interface only see a VLAN
Replies: 5
Views: 388

Re: How to make a router plugged into an interface only see a VLAN

Just to make it clear: which device (CCR or anonymous router) should take care of VLANs? If it's CCR, then you can use bridge, which is kind of a software bridge and can deal with VLAN tags as well. Have a look at this fine tutorial, applies to CCR as well.
by mkx
Wed Apr 07, 2021 4:35 pm
Forum: RouterOS v7 BETA
Topic: intel 710 chipset driver
Replies: 7
Views: 1120

Re: intel 710 chipset driver

Absolutely not. Even when ROS v7 will be officially released, you should wait before deploying in production environment. The track record shows that there are always some teething problems after release of new minor version, let alone after major version (such as jump from v6 to v7).
by mkx
Wed Apr 07, 2021 4:26 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 859

Re: Multiple Trunk setup performance issues

If trunk port is set to vlan-header=leave-as-is and vlan-mode=secure then on ingress VLAN table (otherwise governing egress filtering) would be consulted. And there's no "untagged" option in that table (could be that it would be possible to add VID 0 to that table, VID 0 is sometimes used ...
by mkx
Wed Apr 07, 2021 4:18 pm
Forum: General
Topic: Bridge hosts table when 2 interfaces with same MAC
Replies: 4
Views: 352

Re: Bridge hosts table when 2 interfaces with same MAC

Hmmm ... only now I see the weirdness of your setup. I still think it's bug in code which prints out the ARP table, possibly it expects that one MAC address is only available through one of bridge ports (and in your case, bridge ports are vlan interfaces on top of ether5) which would be usual case. ...
by mkx
Wed Apr 07, 2021 4:06 pm
Forum: General
Topic: Certificate valid days question
Replies: 5
Views: 339

Re: Certificate valid days question

There's a myriad of issues, revolving around 32-bit timers with offset to UNIX epoch. Linux kernel has support for 64-bit counters since ages ago (also 32-bit kernel), but there are other (mostly 32-bit) applications (and glibc and ...) which not necessarily use it yet. And those include ssl librari...
by mkx
Wed Apr 07, 2021 3:45 pm
Forum: Beginner Basics
Topic: Trying to setup VLANs with hAP ac3 and CSS 610-8G-2S+IN [SOLVED]
Replies: 3
Views: 321

Re: Trying to setup VLANs with hAP ac3 and CSS 610-8G-2S+IN [SOLVED]

/interface ethernet switch port set 4 default-vlan-id=5 vlan-header=add-if-missing vlan-mode=secure Port with index 4 uslually relates to ether5 ... and setting I highlited means it'll untag frames from VLAN 5 on egress [*]. Which obviously is not what you want. So unset the default-vlan-id (or set...
by mkx
Wed Apr 07, 2021 3:14 pm
Forum: Beginner Basics
Topic: VLANs, trunk ports and vlan interfaces
Replies: 3
Views: 478

Re: VLANs, trunk ports and vlan interfaces

/interface vlan add interface=bridge name=VLAN-1111 use-service-tag=yes vlan-id=1111 The setting I highlited is toggle between using 802.1q ("usual" VLAN) and 802.1ad ("QinQ" VLAN). Most users want to use 802.1q tags and corresponding setting is use-service-tag=no (which is defa...
by mkx
Wed Apr 07, 2021 7:59 am
Forum: General
Topic: Bridge hosts table when 2 interfaces with same MAC
Replies: 4
Views: 352

Re: Bridge hosts table when 2 interfaces with same MAC

I don't think anything is wrong with your setup, I guess it's a bug in printing host table. Bridge is supposed to do independent VLAN learning. Plus it's customary for VLAN interfaces to use physical interface's MAC address (at least linux does it) so from router's point of view your two gadgets mig...
by mkx
Tue Apr 06, 2021 10:07 pm
Forum: Beginner Basics
Topic: Can't access hosts via certain ports from a computer connected to an hEX-S
Replies: 24
Views: 1336

Re: Can't access hosts via certain ports from a computer connected to an hEX-S

Curious: although it's probably moot with the relatively small amounts of data we push, wouldn't separating out guest users with multiple bridges (which occur at the hardware level) be faster than segmenting with VLANs (which occur at the software level, right?) ? As @anav mentioned, bridges in ROS...
by mkx
Tue Apr 06, 2021 9:55 pm
Forum: Beginner Basics
Topic: Why is there "Current Tag" & "Current Untagged" in each VLAN
Replies: 6
Views: 568

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

PVID=1 setting is implicit default on all bridge ports when vlan-filtering is enabled. thx but there is no traffic with VLAN-ID=1, so why are they listed? There is active, physical link only on port 01-10 (and 16). Only traffic with VLAN ID=100 runs over port 01-10, so why does VLAN10 say that ther...
by mkx
Tue Apr 06, 2021 5:36 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

We can only speculate how it works. All those other brands that talk in 100%,90%, 75%,50%,25%,10% TX power setting, how do they implement it? Over all MCS encodings, or is that wishful thinking (again)? Indeed we can only guess. Unless somebody with some professional measurement gear can do some me...
by mkx
Tue Apr 06, 2021 5:32 pm
Forum: Beginner Basics
Topic: Why is there "Current Tag" & "Current Untagged" in each VLAN
Replies: 6
Views: 568

Re: Why is there "Current Tag" & "Current Untagged" in each VLAN

PVID=1 setting is implicit default on all bridge ports when vlan-filtering is enabled. If you really want to get rid of it, set trunk (tagged only) ports with the following settings: /interface bridge port set [ find interface=ether2 ] frame-types=admit-only-vlan-tagged ingress-filtering=yes (same f...
by mkx
Tue Apr 06, 2021 5:18 pm
Forum: Wireless Networking
Topic: POE Surge protection test!
Replies: 4
Views: 1113

Re: POE Surge protection test!

best surge protector sofar = 2x 1gbps media converters connected with 1 meter of single mode fiber ...
... powered by? Don't forget that power adapters are "guilty" of quite many surge damages, overvoltage can pass those as well.
by mkx
Tue Apr 06, 2021 5:03 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

This way you make an AP that is performing way below par, that is interfering more than any other other AP, that looses connection easily, since the chipset with 6-7dBm variation in allowed TX power according MCSrate is in use. Even if your assumption that setting antenna gain higher reduces Tx pow...
by mkx
Tue Apr 06, 2021 4:42 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 859

Re: Multiple Trunk setup performance issues

Only one (minor) thing: on trunk ports I always set vlan-header=leave-as-is ...
by mkx
Tue Apr 06, 2021 4:38 pm
Forum: Beginner Basics
Topic: Default Configuration
Replies: 3
Views: 350

Re: Default Configuration

As @own3r1138 noticed: default settings are quite good and it's advisable to keep them. It's much better than most of what you can find on internet. If you need some other functionality (e.g. some ports forwarded), then add needed rules, no need to remove anything. Study defaults, understand them be...
by mkx
Tue Apr 06, 2021 10:38 am
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

(*) Max TX power in the specs is not what the radio can transmit with a certain MCS, but how well the radio controls the side lobes of the channel, to remain below the legal line of sidelobes in the RF spectrum. Higher MCS rates have a more complex spectrum and do leak more sidelobes than lower MCS...
by mkx
Tue Apr 06, 2021 10:23 am
Forum: Beginner Basics
Topic: Port 80 open for letsencrypt
Replies: 4
Views: 373

Re: Port 80 open for letsencrypt

ACME working over HTTP needs HTTP server running and delivering (right) response to request from letsencrypt server. This can either be done using already running web server (and asme script simply stores response to correct place in web server's file structure) or acme script can temporarily run it...
by mkx
Mon Apr 05, 2021 11:39 pm
Forum: Wireless Networking
Topic: How to enable Bridge VLAN Filtering on a wireless access-list rule?
Replies: 9
Views: 491

Re: How to enable Bridge VLAN Filtering on a wireless access-list rule?

/interface bridge vlan add bridge=bridge-local untagged=wlan1 vlan-ids=10 doesn't go together with /interface wireless access-list add allow-signal-out-of-range=20s interface=wlan1 mac-address=xx:xx:xx:xx:xx:xx vlan-id=10 vlan-mode=use-tag And setting vlan-filtering actually enables the former sett...
by mkx
Mon Apr 05, 2021 11:25 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

Normis explained in post #32 above: you can set Tx power lower than default (maximum considering country regulations and hard-coded antenna gain) using parameter tx-power . In webfig it's available in advanced section and you can set value if you select "all-rates-fixed" as "Tx Power ...
by mkx
Mon Apr 05, 2021 10:59 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 859

Re: Multiple Trunk setup performance issues

Regarding RB2011 in switch mode: The /interface ethernet switch port export is always confusing to me because it's using index numbers instead of port names so it's hard to correlate this section to other sections of config. Command interface ethernet switch port print provides missing information. ...
by mkx
Mon Apr 05, 2021 6:33 pm
Forum: General
Topic: Transparent hEX S to change vlan-priority for DHCP request only
Replies: 20
Views: 1635

Re: Transparent hEX S to change vlan-priority for DHCP request only

Standards ... one thing is to support normal SFPs which (semi-)transparently pass bits between left and right. And it's a pitty these are not more compatible. Which mostly is not result of poor standards but rather bad practice by major players who introduced incompatible extensions. The other probl...
by mkx
Mon Apr 05, 2021 6:16 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 1029

Re: VLAN Filter - how do ingress and egress rules work?

What beats me is that in Cisco world there are two names for frames without 802.1q headers: untagged VLANs and native VLANs. I'm not fluent in ciscoish so I guess that there can only be single native VLAN per switch/stack/CDP domain while every untagged VLAN port can belong to different VLAN. To me ...
by mkx
Mon Apr 05, 2021 4:03 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 64
Views: 6159

Re: "antenna gain" missing in 6.46.8?

Mental masturbation: if devices are not locked against illegal settings, they can not be legally sold in certain market. While some nations are used to smuggling goods from third countries, other nations (which might represent considerable markets for MT) are used to buying goods from local business...
by mkx
Mon Apr 05, 2021 3:59 pm
Forum: General
Topic: Transparent hEX S to change vlan-priority for DHCP request only
Replies: 20
Views: 1635

Re: Transparent hEX S to change vlan-priority for DHCP request only

Mikrotik support for ONT SFPs is non existent so some might work and most don't. Even compatibility with "normal" SFPs is incomplete (mildly put). Which means that trying to get ONT SFP to work with any MT device is similar to trying to win a jackpot, even if particular ONT SFP works with ...
by mkx
Mon Apr 05, 2021 3:45 pm
Forum: Beginner Basics
Topic: VLAN Filter - how do ingress and egress rules work?
Replies: 16
Views: 1029

Re: VLAN Filter - how do ingress and egress rules work?

I dare to say the setting Bridge -> Ports -> Bridge Port -> VLAN PVID is clear to me. I assume this is the ingress rule: Untagged traffic incoming: The VLAN tag is added according to the PVID. tagged traffic incoming: the VLAN tag is read but not changed. Yes, your asumptions are correct. However t...
by mkx
Mon Apr 05, 2021 3:25 pm
Forum: Beginner Basics
Topic: 2 links between CSR /using vlan filtering, but without LACP/
Replies: 9
Views: 656

Re: 2 links between CSR /using vlan filtering, but without LACP/

I think that setting all 4 ports involved (two at each end) to ingress-filtering=yes frame-types=admit-only-vlan-tagged might solve your problem of switches detecting a loop when you're half way through moving VLAN99 from one link to another. The thing is in the first setting which would drop VLAN99...
by mkx
Mon Apr 05, 2021 12:16 pm
Forum: RouterBOARD hardware
Topic: NetPower16 feeding AF11FX
Replies: 5
Views: 899

Re: NetPower16 feeding AF11FX

According to wikipedia article the PSE (netPower) has quite some constraints about PoE out voltages: when in 802.3 af mode, output voltage should be in range between 44V and 57V. Maximum power is limited to 15.4W. when in 802.3 at mode, output voltage should be in range between 50 V and 57V. Maximum...
by mkx
Mon Apr 05, 2021 11:49 am
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 859

Re: Multiple Trunk setup performance issues

Basically you can configure VLANs either with bridge filtering or on switch, you should not mix both. If you want to configure SFP+ port on CCR as trunk as well, then you have a problem. Your CCR is unfit for switching duties between any pair of ports apart from ports ether1-ether4 (which are run by...
by mkx
Mon Apr 05, 2021 11:29 am
Forum: Beginner Basics
Topic: 2 links between CSR /using vlan filtering, but without LACP/
Replies: 9
Views: 656

Re: 2 links between CSR /using vlan filtering, but without LACP/

I'm pretty sure VLAN99 gets into a semi-loop state when you configure two ports as members even on single end. In this moment switch (which has both ports configured as members) starts sending certain frames to both ports and the other switch (which is still configured with single port member of VLA...
by mkx
Sun Apr 04, 2021 11:44 pm
Forum: General
Topic: RB4011 InterVLAN Routing
Replies: 3
Views: 585

Re: RB4011 InterVLAN Routing

Would there be any reason to use Bridge VLAN filtering on the RB4011 ?

Only if RB4011 was not simply a router-on-a-stick ...
by mkx
Sun Apr 04, 2021 11:36 pm
Forum: Beginner Basics
Topic: 2 links between CSR /using vlan filtering, but without LACP/
Replies: 9
Views: 656

Re: 2 links between CSR /using vlan filtering, but without LACP/

So if I understand you right: currently you have VLAN 99 over primary link and everything works fine. If you start to configure VLAN 99 also for secondary link, switches detect loop? But there indeed is (a partial) loop in that case. You can have it like that (I guess you have redundancy in your min...
by mkx
Sun Apr 04, 2021 9:54 pm
Forum: General
Topic: RB4011 InterVLAN Routing
Replies: 3
Views: 585

Re: RB4011 InterVLAN Routing

When you power on both devices and nothing much works ... is the DAC link up&running? You should be able to check that if you configure management computer with static address from 192.168.10.x/24 subnet and connect to ether24 of CRS. You may want to configure a management port on RB4011 in simi...
by mkx
Sun Apr 04, 2021 8:38 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 859

Re: Multiple Trunk setup performance issues

Ah, so your unit is one of old ones. The bridge vlan-filtering can only be offloaded on CRS3xx devices. The rest can not offload vlan filtering and one has to configure VLANs on switch chip (under /interface ethernet switch).
by mkx
Sat Apr 03, 2021 8:09 pm
Forum: General
Topic: Multiple Trunk setup performance issues
Replies: 13
Views: 859

Re: Multiple Trunk setup performance issues

Your CCR1009 quite likely doesn't have switch chip built in (only early models without SFP+ port had one) and hence nothing can be HW offloaded. Your CCR is a great router but mediocre switch/bridge.
by mkx
Sat Apr 03, 2021 3:50 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2233

Re: port 53 open despite firewall rules

You could try to run TCP traceroute ... targeting same destination IP address, but different standard TCP ports (e.g. 443 along with 53) and compare the path. And choose some normal destination known not to be hosted by some large cloud hosting company as those tend to geographically distribute serv...
by mkx
Fri Apr 02, 2021 11:36 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2233

Re: port 53 open despite firewall rules

Should i netinstall clean firmware? And how can i do it? Netinstalling your device would certainly be a good action. Prior to doing it do export of configuration ( /export file=yourexport ) so task of configuring the unit afterwards will be easier. The process of netinstalling is quite well documen...
by mkx
Fri Apr 02, 2021 11:02 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2233

Re: port 53 open despite firewall rules

I tried also nc -w5 -z -v <MyIP> 53 and Connection to <MyIP> 53 port [tcp/domain] succeeded! I dont know what to say.... How my ISP can make a port in my router to respond to requests? You ran the command from where? If you ran it from a device connected directly to WAN interface of your router, th...
by mkx
Fri Apr 02, 2021 10:41 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2233

Re: port 53 open despite firewall rules

My guess is that your ISP is redirecting/blocking connections to port 53 (DNS server) ... possibly in attempt to block DDoS attacks which abuse mis-configured routers of your ISP's clients.
by mkx
Fri Apr 02, 2021 5:59 pm
Forum: Wireless Networking
Topic: detect LAN log messages
Replies: 6
Views: 555

Re: detect LAN log messages

/interface detect-internet set detect-interface-list=none
by mkx
Fri Apr 02, 2021 5:47 pm
Forum: Wireless Networking
Topic: detect LAN log messages
Replies: 6
Views: 555

Re: detect LAN log messages

If I was in your position, I'd disable the feature altogether. I don't know if anybody (I dare to say: MT staff included) has ever found a good use of it, while there are reports of random things breaking and problems stopped after disabling this "feature".
by mkx
Fri Apr 02, 2021 12:22 pm
Forum: Beginner Basics
Topic: A little help with VLANs - CRS328
Replies: 10
Views: 901

Re: A little help with VLANs - CRS328

Quoted sections of RB4011 config which are incorrect: /interface bridge add admin-mac=08:00:00:C0:00:00 auto-mac=no comment=defconf name=bridge Bridge absolutely needs setting vlan-filtering=yes . But first fix the next error ... /interface bridge vlan add bridge=bridge tagged=sfp-sfpplus1,bridge vl...
by mkx
Fri Apr 02, 2021 12:11 pm
Forum: Wireless Networking
Topic: detect LAN log messages
Replies: 6
Views: 555

Re: detect LAN log messages

Could it be related to detect-internet "feature"?
by mkx
Fri Apr 02, 2021 12:07 pm
Forum: Wireless Networking
Topic: for when spectral analysis will work on AC radios
Replies: 3
Views: 495

Re: for when spectral analysis will work on AC radios

Did anybody check the new wave2 drivers for 7.1beta if they support spectral scans?
by mkx
Fri Apr 02, 2021 12:03 pm
Forum: General
Topic: Force SFP interface running
Replies: 1
Views: 262

Re: Force SFP interface running

I don't think MT actually supports ONU SFPs in any way. If it works somehow it's purely coincidental. So I wouldn't hold my breath waiting for your suggestion to be implemented. Besides, if you really want your suggestion to get to MT devs, you'll have to communicate it directly, this forum is user ...
by mkx
Thu Apr 01, 2021 9:28 pm
Forum: Beginner Basics
Topic: Multiple VLANs and DHCP servers on a single physical port
Replies: 3
Views: 393

Re: Multiple VLANs and DHCP servers on a single physical port

Both methods (bridge vlan and switch chip vlan) only matter in switched/bridged environment which is when multiple ports are members of same vlans (or subset of thereof) and pat of traffic simply passes router/switch between these ports (almost) unaltered. When only single port is carrying all vlans...
by mkx
Wed Mar 31, 2021 9:11 pm
Forum: General
Topic: Dead 750GL [SOLVED]
Replies: 4
Views: 546

Re: Dead 750GL [SOLVED]

Next thing you could try is to netinstall the router.
by mkx
Wed Mar 31, 2021 6:37 pm
Forum: General
Topic: Dead 750GL [SOLVED]
Replies: 4
Views: 546

Re: Dead 750GL [SOLVED]

Did you click on MAC address to connect?

It's a good sign that it shows in winbox, this means it's up&running, but configuration might be in weird state. Also beware that if ROS running on RB is older than 6.40 you have to use older winbox as well (I think 3.1x should be fine).
by mkx
Wed Mar 31, 2021 5:00 pm
Forum: Beginner Basics
Topic: Invalid Forwards [SOLVED]
Replies: 9
Views: 856

Re: Invalid Forwards [SOLVED]

You beleive that there nothing to worry abour? I worry about Koreans knowing my TV watching habbits so my TV is banned from internet (also helps against automatic unattended firmware upgrades, some were not exactly user-friendly in the past), but can access DLNA server in LAN (keeps my daughters ha...
by mkx
Wed Mar 31, 2021 2:16 pm
Forum: RouterBOARD hardware
Topic: Can the RB260GSP Switch power both the Hex Router and the hap ac lite?
Replies: 6
Views: 655

Re: Can the RB260GSP Switch power both the Hex Router and the hap ac lite?

The only way to power the hAP lite is via the 5 Volt USB power supply, correct?

Looking at Powering section of product page it certainly looks like that.
by mkx
Wed Mar 31, 2021 2:13 pm
Forum: RouterBOARD hardware
Topic: Chateau hanging
Replies: 4
Views: 468

Re: Chateau hanging

In theory[*], 71.beta5 should be better than 7.0beta6. But since it's still beta (and beta in MT world means less than usually in ICT world) you never know if your particular unit will like it better or not. So before you upgrade your unit, do the following: create (binary) backup ( /system backup s...
by mkx
Wed Mar 31, 2021 1:59 pm
Forum: Wireless Networking
Topic: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected
Replies: 8
Views: 631

Re: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected

(MKX is faster in typing than me. I will post it anyway .... :-) )

I'd be disappointed if you didn't. It's always pleasure to read your highly skilled and very informative posts, I always learn something new.
by mkx
Wed Mar 31, 2021 1:53 pm
Forum: General
Topic: Bridge Trunk Ports
Replies: 6
Views: 484

Re: Bridge Trunk Ports

The article should apply to CRS326 ... but if you have some weird scenario (can't figure it out completely from your vague description), then you have to adjust the config from article for your particular case. You can post config (at least from one of units) so we can see if there's room for improv...
by mkx
Tue Mar 30, 2021 11:29 pm
Forum: Wireless Networking
Topic: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected
Replies: 8
Views: 631

Re: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected

installation=indoor or outdoor is not physical, but rather political setting. In certain countries there are certain frequency channels which are only allowed for indoor use (these usually come with lower Tx power limits as well) and other frequency channels are allowed for outdoor use ... which ac...
by mkx
Tue Mar 30, 2021 7:12 pm
Forum: Beginner Basics
Topic: Multiple VLAN on Single Port
Replies: 6
Views: 1064

Re: Multiple VLAN on Single Port

My current network is running off a Ubiquity Access Point with no VLAN and I would like to seperate network traffic using VLAN's as per below: 1) WLAN1 - 192.168.16.0/24 - No VLAN currently (would like to add a VLAN 100) 2) WLAN2 (Guest) - 192.168.168.0/24 - VLAN 999 I have configured the bridge wi...
by mkx
Tue Mar 30, 2021 7:05 pm
Forum: Beginner Basics
Topic: 2 links between CSR /using vlan filtering, but without LACP/
Replies: 9
Views: 656

Re: 2 links between CSR /using vlan filtering, but without LACP/

In theory it might work with careful configuration. Can you post actual configuration of one of switches (I guess you configured both in similar fashion)? (execute /export hide-sensitive and copy-paste output here).
by mkx
Tue Mar 30, 2021 9:35 am
Forum: RouterBOARD hardware
Topic: Replacing the NAND in a RB1100
Replies: 1
Views: 446

Re: Replacing the NAND in a RB1100

License is "baked" to NAND in a way netinstall doesn't touch it. Which also means you can't transfer the license to new NAND just like that. I suggest you to contact support@mikrotik.com and ask them about your options.
by mkx
Tue Mar 30, 2021 9:34 am
Forum: RouterBOARD hardware
Topic: Powering 2 devices from hAP ac3 PoE-out port
Replies: 2
Views: 536

Re: Powering 2 devices from hAP ac3 PoE-out port

I wouldn't do it, there's real chance that either PoE out port gets damaged or that both PoE-powered devices will not be stable. If you really want daisy-chain both PoE-in devices and run them off single PoE cable, use RBGSP injector which has 2A limit.
by mkx
Tue Mar 30, 2021 9:32 am
Forum: RouterBOARD hardware
Topic: Can the RB260GSP Switch power both the Hex Router and the hap ac lite?
Replies: 6
Views: 655

Re: Can the RB260GSP Switch power both the Hex Router and the hap ac lite?

Yes it can. RB260GSP comes with 24V power adapter and both hEX Gr3 and hAP ac lite can take this voltage. However, you'll have to reconfigure hEX from defaults: hEX can take PoE in via ether1 while default config uses ether1 as WAN port. In your case you'll want to use ether1 as LAN port (and dedica...
by mkx
Tue Mar 30, 2021 8:59 am
Forum: Beginner Basics
Topic: Issue with my network setup
Replies: 43
Views: 2749

Re: Issue with my network setup

Is router successfull in obtaining DHCP lease from FIOS router? Check by running command /ip address print and verify that there's a dynamic address bound to ether1_WAN.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20