Community discussions

MikroTik App

Search found 11984 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 40
by mkx
Fri Apr 12, 2024 12:23 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 8
Views: 395

Re: Problem mac telnet into hEX

All devices I mentioned, run 7.13.2. None are hEX. Here's export from one of them: /interface bridge add admin-mac=E6:8D:8C:49:EE:4A auto-mac=no name=bridge port-cost-mode=short /interface bridge port add bridge=bridge interface=ether1 internal-path-cost=10 path-cost=10 add bridge=bridge interface=e...
by mkx
Fri Apr 12, 2024 8:44 am
Forum: Wireless Networking
Topic: CAPsMANv2 configuration for secondary SSIDs on different VLANs
Replies: 21
Views: 8002

Re: CAPsMANv2 configuration for secondary SSIDs on different VLANs

- cAP ax: reset config and set it in CAPs mode (this is enough) - CAPsMAN: config datapaths with corresponding VLAN id's Use a hybrid port with management VLAN untagged, Corporate and Guest tagged. Just to clarify: the last line (regarding hybrid port) refers to port to which cAP ax devices are con...
by mkx
Fri Apr 12, 2024 8:32 am
Forum: Virtualization
Topic: P1 license on CHR instance after deadline date
Replies: 3
Views: 247

Re: P1 license on CHR instance after deadline date

I guess you should ask support@mikrotik.com to clarify what happens after 60 days of internet unavailability to licensed CHR. And report back their answer as it'll be probably interesting for a few other people.
by mkx
Thu Apr 11, 2024 9:27 pm
Forum: Beginner Basics
Topic: DHCP client dynamic entries.
Replies: 2
Views: 148

Re: DHCP client dynamic entries.

I guess you have "detect internet" feature enabled ... and adding a DHCP client to interface, which is determined to be a WAN interface, is one of "magic" things which happen. If you have incentive (and knowledge) to fine-tune router's config, then I suggest you to disable "...
by mkx
Thu Apr 11, 2024 3:34 pm
Forum: General
Topic: Issues with inter vlan routing
Replies: 1
Views: 157

Re: Issues with inter vlan routing

Having "connection-state" property set to empty string "" is not the same as not having it set at all. So unset connection-state property on your inter-VLAN firewall rules.
by mkx
Thu Apr 11, 2024 3:29 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 8
Views: 395

Re: Problem mac telnet into hEX

Well, by default there is only one bridge. Called, bridge. so I don't know what you mean by "manually set MAC addresses on all bridges" ... I have a few Mikrotik devices on the LAN, each have one bridge and I manually set MAC addresses on each and every bridge. Hence use of plural "b...
by mkx
Thu Apr 11, 2024 3:25 pm
Forum: General
Topic: does the mynetname expires after a while?
Replies: 5
Views: 574

Re: does the mynetname expires after a while?

If you replace old router with a new one and the public IP address is the same, then you'll end up with two A records: <old_SN>.sn.mynetname.net and <new_SN>.sn.mynetname.net ... both pointing at same address. I don't see how this is a problem, if you know <new SN>, then old record won't make any ha...
by mkx
Thu Apr 11, 2024 3:14 pm
Forum: General
Topic: 1-to-1 Nat when outside/public interface is a layer 2 connection [SOLVED]
Replies: 3
Views: 246

Re: 1-to-1 Nat when outside/public interface is a layer 2 connection [SOLVED]

With lots of fiddling it is possible to replace the two 1783-NATR devices with a single "multi purpose" router. But it's not easy as both "private" LANs use same IP address space and this is actually problem from routing point of view. So it is actually much easier to use one NAT...
by mkx
Thu Apr 11, 2024 3:11 pm
Forum: General
Topic: Mikrotik CRS326 RM - WebUI & Winbox disconections
Replies: 4
Views: 267

Re: Mikrotik CRS326 RM - WebUI & Winbox disconections

Are there any of devices you listed in your previous post which are interconnected with more than single UTP cable? In particular I'm thinking of connection between AX88U and CRS326 ... To be on the "fast" side: please ammend the description with exhastive list of connection between the de...
by mkx
Thu Apr 11, 2024 3:02 pm
Forum: Beginner Basics
Topic: Can't ping with firewall (nat)
Replies: 9
Views: 379

Re: Can't ping with firewall (nat)

why is this working and : chain=srcnat action=src-nat to-addresses=10.10.5.50 src-address=10.10.1.0/24 out-interface=ether5 did not work? Because you used wrong address setting for to-address property. The "to-address" property of src-nat rule sets the IP address which will replace the or...
by mkx
Thu Apr 11, 2024 2:55 pm
Forum: Beginner Basics
Topic: port forwarding problem
Replies: 18
Views: 1150

Re: port forwarding problem

Are you sure that cameras provide their service on ports 8001 and 8002? I'd guess they are actually using standard port 80 ... in which case NAT rules should have "to-ports=80" set.
by mkx
Thu Apr 11, 2024 2:50 pm
Forum: Beginner Basics
Topic: Slow connections across vlans with hex
Replies: 10
Views: 666

Re: Slow connections across vlans with hex

This is wrong: /interface vlan add interface=ether3 name=CAM88 vlan-id=88 add interface=ether3 name=IoT687 vlan-id=687 add interface=ether3 name=VLAN82 vlan-id=82 add interface=ether3 name=VLAN3000 vlan-id=3000 add interface=ether3 name=WIFI20 vlan-id=20 add interface=ether3 name=WORK999 vlan-id=999...
by mkx
Wed Apr 10, 2024 9:36 pm
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 144
Views: 16661

Re: hAP ax3 wireless problem [SOLVED]

usually the antennas should be vertical, no matter how you install the device Nope. MIMO works best if reception from both Tx antennas is as uncorrelated as possible. Antennas are polarized and with 2x2 MIMO, different polarization makes best possible diversity ... and that's when both antennas are...
by mkx
Wed Apr 10, 2024 3:33 pm
Forum: SwOS
Topic: How to VLAN?
Replies: 4
Views: 459

Re: How to VLAN?

You should set Egress setting on access ports (on SwOS device ports 2-5) to "Always Strip".
by mkx
Wed Apr 10, 2024 3:25 pm
Forum: General
Topic: Problem mac telnet into hEX
Replies: 8
Views: 395

Re: Problem mac telnet into hEX

Mikrotik (and members of the board) advise is that of assigning manually a mac address to the bridge, but it has to be seen if - even if doing that - it would be listed on another device with /tool/mac-telnet ... Just checked ... I have manually set MAC addresses on all bridges ... and /tool/mac-te...
by mkx
Wed Apr 10, 2024 2:46 pm
Forum: General
Topic: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?
Replies: 4
Views: 229

Re: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?

Not only in ROS, also elsewhere. VLANs work between devices, if one uses them but the rest don't then they are either no good or interfere with traffic. Here kicks in the suggestion by @loloski: show us the physical/logical network topology (which includes ISP gear) so we can suggest you all the nec...
by mkx
Wed Apr 10, 2024 2:43 pm
Forum: Beginner Basics
Topic: Firewall rule to share device among subnets [SOLVED]
Replies: 8
Views: 380

Re: Firewall rule to share device among subnets [SOLVED]

In Firewall / Address list I create 2 new records with the same name and each should have the subnet? Is this the way?
Yes, enter address with subnet mask, e.g. "192.168.4.0/23"
by mkx
Wed Apr 10, 2024 2:33 pm
Forum: General
Topic: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?
Replies: 4
Views: 229

Re: Is the PPPOE server built by oneself separated from the PPPOE server of the operator, without affecting each other?

PPPoE works directly over ethernet ... so VRRP and routing etc. doesn't affect it. So yes, ISP's and your own PPPoE servers can interfere with each other. You should separate WAN and LAN on L2 (it seems you don't have it right now, only on L3), VLANs seem a natural solution to your problem (in this ...
by mkx
Wed Apr 10, 2024 2:29 pm
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 5
Views: 278

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

So far I didn't stumble upon setup where DHCPv6 server was dynamic, so I'm a bit lost here. In your case, how does DHCPv6 server pppoe-sn_dsnw2845b110 get created? Since pools are all static, you should be able to create static DHCPv6 serve as well ... and in that case, you should be able to make le...
by mkx
Wed Apr 10, 2024 2:22 pm
Forum: Beginner Basics
Topic: Firewall rule to share device among subnets [SOLVED]
Replies: 8
Views: 380

Re: Firewall rule to share device among subnets [SOLVED]

I have created a Firewall rule which works, but it gives access also from these subnets 192.168.0.x, 192.168.1.x , 192.168.2.x as well Is it possible to give access only to 192.168.4.0/23 and 192.168.10.0/23 with another way? You'll have to use two rules, each targeting individual subnet. Problem w...
by mkx
Wed Apr 10, 2024 12:26 pm
Forum: RouterBOARD hardware
Topic: Is the RB1100x4 still actively in production?
Replies: 3
Views: 352

Re: Is the RB1100x4 still actively in production?

RB1100AHx4 is still listed as "current device" on Mikrotik web page. So it should be able to buy it. Whether it's from old stock of from production line ... that can only Mikrotik answer (but I highly doubt they would). As to local distributor's stock: they tend to keep in stock models tha...
by mkx
Wed Apr 10, 2024 12:19 pm
Forum: Wireless Networking
Topic: hAP ax3 no internet connection for mobile clients
Replies: 4
Views: 281

Re: hAP ax3 no internet connection for mobile clients

This is really weird. In your opening post you wrote that wireless client can ping gateway (router), but the rest of (internet?) traffic is blocked for a while. But if device wants to communicate with internet, it is sending traffic to router ... and that works as you are saying. You can try to torc...
by mkx
Wed Apr 10, 2024 12:06 pm
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 5
Views: 278

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

Show config ... the /ipv6/dhcp-server/export part at least.
by mkx
Wed Apr 10, 2024 11:59 am
Forum: General
Topic: Mikrotik CRS326 RM - WebUI & Winbox disconections
Replies: 4
Views: 267

Re: Mikrotik CRS326 RM - WebUI & Winbox disconections

Your topology description is a bit fuzzy ... but combined with log entry it indicates you might have some misconfiguration of your device ...
by mkx
Wed Apr 10, 2024 11:58 am
Forum: General
Topic: DHCP IPv6 Dynamic Binding (PPP) - Make Static
Replies: 5
Views: 278

Re: DHCP IPv6 Dynamic Binding (PPP) - Make Static

Is the prefix pool ... which DHCPv6 uses to fetch prefixes for clients ... a dynamic (i.e. fetched from upstream DHCPv6 server) or a static one?
by mkx
Wed Apr 10, 2024 8:03 am
Forum: Wireless Networking
Topic: hAP ax3 no internet connection for mobile clients
Replies: 4
Views: 281

Re: hAP ax3 no internet connection for mobile clients

The way you explain the symptoms, the problem might be also in ARP entry aging on switches/bridges ... all mentioned devices are part of it, including the TP-link switch. If you can, connect both hAPs to hEX directly just to make sure that TP-link isn't playing games.
by mkx
Wed Apr 10, 2024 7:04 am
Forum: Beginner Basics
Topic: [SOLVED] Prevent connections to IP address
Replies: 4
Views: 262

Re: Prevent connections to IP address

Where are you accessing 192.168.1.40:8123 from, the rest of LAN? If that's so, you can't block traffic on router because traffic between two LAN devices doesn't pass router.
by mkx
Tue Apr 09, 2024 4:22 pm
Forum: Announcements
Topic: WinBox v3.40 released!
Replies: 139
Views: 125932

Re: WinBox v3.40 released!

I'm not trying to diss it (too much) but defending the existing isn't too helpful when you're trying to think outside the existing box. It would really help if you stated what are your wishes/requirements from the new web app. Because there are many things that can already be done, but using a few ...
by mkx
Tue Apr 09, 2024 3:49 pm
Forum: Beginner Basics
Topic: filtering big local lan
Replies: 4
Views: 272

Re: filtering big local lan

Can I improve the rules further?

I don't really have much experience with switch chip ACLs so I can't give you any further assistance.
by mkx
Tue Apr 09, 2024 3:46 pm
Forum: Announcements
Topic: WinBox v3.40 released!
Replies: 139
Views: 125932

Re: WinBox v3.40 released!

I see native WinBox on Linux in my dream when i sleep ))) Which is why IMO effort should be directed at web applications, not native apps. There's already WebFig ... functionality-wise it's on par with WinBox, so no need to re-invent the wheel. But there's a very important difference, which can not...
by mkx
Tue Apr 09, 2024 7:26 am
Forum: Beginner Basics
Topic: I can't ping the external network
Replies: 5
Views: 279

Re: I can't ping the external network

I'm out of ideas ... sorry.
by mkx
Mon Apr 08, 2024 10:07 pm
Forum: Beginner Basics
Topic: I can't ping the external network
Replies: 5
Views: 279

Re: I can't ping the external network

Your config shows that your ROS is using 192.168.10.1 as gateway. Is this correct? Is gateway allowing traffic?
by mkx
Mon Apr 08, 2024 9:55 pm
Forum: General
Topic: UTF-8 representation problem?
Replies: 7
Views: 438

Re: UTF-8 representation problem?

Mikrotik is purported to be working on a "multiplatform client" ... US-ASCII works on all modern platforms just fine :wink: For the record: my native language doesn't fit in any western 8-bit encodings, even less in 7-bit US-ASCII, so I'm grateful for UTF-8. But when it comes to networkin...
by mkx
Mon Apr 08, 2024 9:46 pm
Forum: Beginner Basics
Topic: filtering big local lan
Replies: 4
Views: 272

Re: filtering big local lan

Since both ports connect devices in same subnet, they clearly have to be in same bridge. But: simple bridge (no VLANs, etc.) is by default offloaded to hardware so bridge filters can't catch traffic (bridge is executed by CPU, HW offloaded traffic never leaves switch chip). There are two options: 1)...
by mkx
Mon Apr 08, 2024 9:31 pm
Forum: Beginner Basics
Topic: I can't ping the external network
Replies: 5
Views: 279

Re: I can't ping the external network

If you run comnand
/tool/traceroute 8.8.8.8
what does it show?
by mkx
Mon Apr 08, 2024 11:45 am
Forum: Beginner Basics
Topic: Cloud detects WAN IP, but says it is behind NAT
Replies: 2
Views: 200

Re: Cloud detects WAN IP, but says it is behind NAT

On your router, look in "IP address" and check which IP address is listed for your WAN interface. Then compare it to pubic IP address, reported in various places (cloud is one thing, there are several web pages telling you this information). If they are not the same, then your WAN IP addre...
by mkx
Sun Apr 07, 2024 9:32 pm
Forum: Beginner Basics
Topic: VLAN traffic stalls after starting/stopping flow
Replies: 5
Views: 704

Re: VLAN traffic stalls after starting/stopping flow

If you want any feedback from MT support, then you'll have to open support ticket. This is merely an user forum, hosted on MT's servers ... and occasionally visited by MT staffers. It is not means of official support.
by mkx
Sun Apr 07, 2024 6:29 pm
Forum: Wireless Networking
Topic: hAP AX3 5G range troubleshooting
Replies: 60
Views: 2637

Re: hAP AX3 5G range troubleshooting

Out of interest, inSSIDer is reporting signal strength of ~-50 but the hAP ax2 log shows about -20 lower. Why the difference? Each device reports strength of signal received from the link peer . inSSIDer is reporting signal strength of AP, received by laptop. And hAP ax3 reports signal strength of ...
by mkx
Sun Apr 07, 2024 6:15 pm
Forum: Beginner Basics
Topic: Cannot access HAPax3 wireless config html/webpage [SOLVED]
Replies: 2
Views: 252

Re: Cannot access HAPax3 wireless config html/webpage [SOLVED]

By default, device considers ether1 to be WAN port and management is not possible via that port. Management is possible via all other ports (including wireless). However: by default it also serves as router and its LAN address is 192.168.88.1/24 ... which conflicts with your existing LAN. The best w...
by mkx
Sun Apr 07, 2024 2:10 pm
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 144
Views: 16661

Re: hAP ax3 wireless problem [SOLVED]

WAF?

It doesn't hurt either, so why do you bother?
by mkx
Sun Apr 07, 2024 10:52 am
Forum: General
Topic: DNS in NTP client?
Replies: 16
Views: 6142

Re: DNS in NTP client?

What's wrong with server-dns-names property? Used instead of primary-ntp and secondary-ntp?
by mkx
Sat Apr 06, 2024 3:02 pm
Forum: RouterBOARD hardware
Topic: RB5009 2,5Gbe problems [SOLVED]
Replies: 22
Views: 8384

Re: RB5009 2,5Gbe problems [SOLVED]

I am one of these "others" as well :) I connect to ISP using SFP module ...
Ah, OK, that explains it.
by mkx
Sat Apr 06, 2024 1:39 pm
Forum: RouterBOARD hardware
Topic: RB5009 2,5Gbe problems [SOLVED]
Replies: 22
Views: 8384

Re: RB5009 2,5Gbe problems [SOLVED]

I cannot tell difference when it comes to CPU usage on RB5009. Both before and after disabling HW offload it's ~30% when transferring between WAN and LAN @ 2Gbit speed. That's because vast majority of CPU resourdes are used for firewalling, some for routing and only minor portion for interface hand...
by mkx
Sat Apr 06, 2024 11:14 am
Forum: Wireless Networking
Topic: hAP Reset After Power Outage and Don't Reconnect
Replies: 1
Views: 160

Re: hAP Reset After Power Outage and Don't Reconnect

One of possible outcomes of using reset button is configuration reset to factory defaults (which doesn't include CAPsMAN). Another one is to put device into CAP mode.

You can do that also via any of UIs (I'd suggest you winbox as it allows connection even if device doesn't have usable IP setup).
by mkx
Sat Apr 06, 2024 11:09 am
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 144
Views: 16661

Re: hAP ax3 wireless problem [SOLVED]

For many years we have been using "United states" here in Ukraine )) ... We can use 12,13 channels in 2,4GHz, but in real life we have a lot of American gadgets IMO the first one explains the second one. But the second one doesn't explain the first one, using Ukraine country settings does...
by mkx
Sat Apr 06, 2024 11:01 am
Forum: General
Topic: 1x RB5009 + 3x hAP ax^3 - Hotspot VLAN Radius Help
Replies: 9
Views: 558

Re: 1x RB5009 + 3x hAP ax^3 - Hotspot VLAN Radius Help

While we wait to be joined by @mkx

Nah, not my piece of pie. There are too many buzzwords in the thread title which I don't do (hotspot, radius, ...).
by mkx
Sat Apr 06, 2024 10:46 am
Forum: Beginner Basics
Topic: Can't use IPv6 provider prefix [SOLVED]
Replies: 1
Views: 214

Re: Can't use IPv6 provider prefix [SOLVED]

Better ask your ISP about possibilities. Either they could configure their router to hand out prefixes (preferrably larger than /64, /60 would be fine), or to bridge mode do that your MT would be talking to tgeir core directly (I guess tgat in this case your MT would receive prefixes). The way it is...
by mkx
Sat Apr 06, 2024 10:38 am
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 553
Views: 125386

Re: v7.14.2 [stable] is released!

When someone disables that graphic... doesn't it get removed from the storage?
Only the stats data ... which I guess is a few kB. But graphics library and anything else needed stays installed ... probably most of it is needed for WebFig graphs anyway.
by mkx
Sat Apr 06, 2024 10:36 am
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 553
Views: 125386

Re: v7.14.2 [stable] is released!

If someone want to partition, I'd say 64MB would be the minimum acceptable. It might if ROS was changed to use RAM disks more aggressivelly. As it is now, 128MB on audience isn't enough (or it wasn't back in v7.5 times), with 64MB partitions upgrade didn't succeed due to lack of flash space. It's b...
by mkx
Fri Apr 05, 2024 8:38 pm
Forum: General
Topic: Firewall/Routing Question
Replies: 19
Views: 740

Re: Firewall/Routing Question

At Router A, what does the router see.......... It should see source being user from RouterB with destination IP of server on Router A LAn, ( if traffic is sourcenatted, the source IP would be the wireguard IP of B ). The rule I suggested for site B is a dst-nat ... so src-address is not changed. T...
by mkx
Fri Apr 05, 2024 3:22 pm
Forum: Wireless Networking
Topic: mAntBox 15ax superchannel is missing...
Replies: 10
Views: 515

Re: mAntBox 15ax superchannel is missing...

Can we expect some solution in this problem? The only solution is to forget about superchannel altogether ... it wasn't obeying country-specific regulatory constraints and as such is illegal. Since majority of users didn't care about country regulations (and created havoc), EU (and many other count...
by mkx
Fri Apr 05, 2024 3:15 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 553
Views: 125386

Re: v7.14.2 [stable] is released!

subprofile can be assigned to main configuration profile, which can be assigned to interface. Subprofile values can be overwritten in main configuration profile, and all values can be overwritten on the interface itself. The problem I an see is that often users consider properties set to empty valu...
by mkx
Fri Apr 05, 2024 3:10 pm
Forum: General
Topic: Firewall/Routing Question
Replies: 19
Views: 740

Re: Firewall/Routing Question

You can make the NAT rule as general as you want. But it may soon break something else. For example establishment of wireguard tunnel (tunnel might drop momentarily while siteA address doesn't change and then wireguard connection may get NAT-ed to 192.168.0.1 which is not accessible until after wire...
by mkx
Fri Apr 05, 2024 2:53 pm
Forum: General
Topic: CCR abnormal interface status
Replies: 4
Views: 293

Re: CCR abnormal interface status

What is connected to such a port?

It could be some device in sleep mode ... often LAN interfaces are configured into 10Mbps half-duplex mode (which seems to require least amount of power). But seeing it go up for a second and then down again is a bit weird.
by mkx
Fri Apr 05, 2024 12:42 pm
Forum: General
Topic: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]
Replies: 15
Views: 787

Re: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]

But only with an L2 misconfiguration, i.e. if I put, say, ether1 through ether4 in bridge1, set up a few VLAN interfaces on bridge1 and then put them all in bridge2. The problem will be that the moment a packet actually gets bridged between VLANs, it will need to first get flooded to all ports in b...
by mkx
Fri Apr 05, 2024 12:24 pm
Forum: General
Topic: IPv6 trouble [SOLVED]
Replies: 19
Views: 1361

Re: IPv6 trouble [SOLVED]

The ether1-gateway WAN interface has RA effectively disabled (ra-lifetime=none) On my routers I set "advertise=no" to addresses which are not supposed to be advertised (so no RA for that particular address). And it seems that if an interface doesn't have any address without this setting, ...
by mkx
Fri Apr 05, 2024 12:12 pm
Forum: General
Topic: Firewall/Routing Question
Replies: 19
Views: 740

Re: Firewall/Routing Question

No, hairpin NAT is not the problem here, communication between client on site B and server on Site A has to pass router (actually both of them) in both directions (if it doesn't, then one needs hairpin NAT). The problem here is selection of the route from site B to site A (and back) when client uses...
by mkx
Fri Apr 05, 2024 9:20 am
Forum: Beginner Basics
Topic: Not getting wireline speeds
Replies: 28
Views: 1140

Re: Not getting wireline speeds

So it is the usual case of two very different things that - in order to better distinguish them - are called in Mikrotikish with the same or a very similar name. Sort of homonyms or homographs. Well not really. Routing is pure L3 function and according to that, all devices which MT says support L3H...
by mkx
Fri Apr 05, 2024 12:06 am
Forum: Beginner Basics
Topic: Not getting wireline speeds
Replies: 28
Views: 1140

Re: Not getting wireline speeds

Mkx posted that this switch supports L3HW offloading. You just re-stated that it doesn't. One of the two must be accurate, not both. We're both right ... I already mentioned that L3HW offload in this switch only covers routing, not firewalling. And @chechito is talking about firewalling in his late...
by mkx
Thu Apr 04, 2024 11:36 pm
Forum: General
Topic: HW Offloading
Replies: 11
Views: 994

Re: HW Offloading

None of the CRS3XX series of switches then has L3HW offloading if I had to base it on ethernet test results ( very slow ).

Generally I don't really trust test results from MT. So in this case I'd go with documentation, like official L3HW offload manual with its L3HW Device Support section.
by mkx
Thu Apr 04, 2024 11:32 pm
Forum: General
Topic: HW Offloading
Replies: 11
Views: 994

Re: HW Offloading

Didn't somebody mention routers a few posts higher?
Just to be clear is HW offloading possible on some routers regarding its chip, completetely different from L3HW offloading discussed for switches?
by mkx
Thu Apr 04, 2024 11:25 pm
Forum: General
Topic: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]
Replies: 15
Views: 787

Re: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]

I can create a VLAN interface with id=1, that's for sure. But it appears that it's either not capturing traffic, You're right, it's not capturing traffic. Reason being that native VLAN comes untagged off bridge interface while any VLAN interface expects tagged frames on "anchor" side. If ...
by mkx
Thu Apr 04, 2024 11:12 pm
Forum: General
Topic: HW Offloading
Replies: 11
Views: 994

Re: HW Offloading

RB5009 doesn't support L3HW offload. On routers that do (those have capable switch chips built in), the L3GW offload concept is the same as on switches. The difference is in the effectiveness of handling traffic which for some reason (e.g. route prefixes already offloaded use up all the ASIC route p...
by mkx
Thu Apr 04, 2024 10:49 pm
Forum: General
Topic: Firewall/Routing Question
Replies: 19
Views: 740

Re: Firewall/Routing Question

Is there a way to make it so that I can browse to A.dyndns.org:81 It may be possible to construct a DST-NAT combination on router of site B which would work most of time ... except in time periods after change of A public IP address (because A.dyndns.org has to be updated and TTL of the old record ...
by mkx
Thu Apr 04, 2024 9:01 am
Forum: Beginner Basics
Topic: wifi24 in italics, dhcp server gives invalid..
Replies: 4
Views: 259

Re: wifi24 in italics, dhcp server gives invalid..

Have seen this when you have removed names from userlist and they are pointed at from another setting. I know. I was hinting @OP to remove those because clearly they are remnants of something not needed any more. Probably they are not the reason for problems though, but it's always good to have cle...
by mkx
Thu Apr 04, 2024 8:28 am
Forum: Beginner Basics
Topic: Not getting wireline speeds
Replies: 28
Views: 1140

Re: Not getting wireline speeds

Sirbyran, lets make it real, ..................... @Sirbyran is referring to CRS310 capability of doing L3HW offloading: https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading#L3HardwareOffloading-L3HWDeviceSupport That makes CRS310 a wirespeed router. But, as he also noted, it can suppo...
by mkx
Thu Apr 04, 2024 8:24 am
Forum: Beginner Basics
Topic: wifi24 in italics, dhcp server gives invalid..
Replies: 4
Views: 259

Re: wifi24 in italics, dhcp server gives invalid..

What are these two entries? /interface bridge port add bridge=bridge comment=defconf interface= *6 /interface bridge port add bridge=bridge comment=defconf disabled=yes interface= *7 Does log have anything about wifi24 and DHCP server? Best to reboot device and check log immediately after it comes u...
by mkx
Thu Apr 04, 2024 8:07 am
Forum: General
Topic: WiFi Isolation Using VLANs
Replies: 2
Views: 224

Re: WiFi Isolation Using VLANs

Additionally, I've noticed in some tutorials that firewalls are used to block access between VLANs. If I'm required to use a firewall, what's the purpose of using VLANs? This is a common knowledge, the same for all network vendors (in no way specific to Mikrotik): OSI layers can explain some of you...
by mkx
Wed Apr 03, 2024 10:43 pm
Forum: Wireless Networking
Topic: hAP ac3 5GHz antenna-gain locked, using 6
Replies: 20
Views: 981

Re: hAP ac3 5GHz antenna-gain locked, using 6

What if I use long feeder cables? How can I compensate attenuation? Minimum antenna gain is only fixed for devices with permanently attached antennas. Devices, which only have antenna connectors and one has to use external antennas, don't have it set (or they have it set to 0). I don't think that u...
by mkx
Wed Apr 03, 2024 9:47 pm
Forum: General
Topic: Downgrading RouterOS
Replies: 10
Views: 5075

Re: Downgrading RouterOS

Did you check log after reboot (which was supposed to downgrade but failed to do so)?
by mkx
Wed Apr 03, 2024 9:36 pm
Forum: General
Topic: CCR2004-1G-12S+2XS: IPv4 routing performance less than IPv6?
Replies: 4
Views: 367

Re: CCR2004-1G-12S+2XS: IPv4 routing performance less than IPv6?

Both sfp-sfpplus8 and bond/9+10 are trunk (all tagged) ports. So how are hosts configured regarding VLANs? And, BTW, you didn't post full config. So I'll assume you're just trolling and not expecting to get any usable advice if you won't post full config (sensitive data obfuscated, not left out).. I...
by mkx
Wed Apr 03, 2024 1:02 pm
Forum: General
Topic: EoIP Log Entries explanation requested
Replies: 2
Views: 172

Re: EoIP Log Entries explanation requested

I'd say it's normal. I see similar stuff on my IPIP links (it also uses IPsec under the hood).
by mkx
Wed Apr 03, 2024 12:47 pm
Forum: Beginner Basics
Topic: Any idea?
Replies: 1
Views: 211

Re: Any idea?

Do all leases show all-zero MAC addresses or just some? Lease list showing such MAC address usually indicates that the lease was offered but the handshake did not finish. Could be that the devices (webcams) only perform first part of handshake (getting lease offer) but not the second part (mutual ac...
by mkx
Wed Apr 03, 2024 12:42 pm
Forum: General
Topic: Downgrading RouterOS
Replies: 10
Views: 5075

Re: Downgrading RouterOS

when i /system/packages/downgrade the system reboots but doesnt downgrade to 7.13 You have to manually upload NPKs for all packages currently running (e.g. routeros and wireless) for the target version and correct architecture. then execute "downgrade" and reboot. After router boots up, i...
by mkx
Wed Apr 03, 2024 10:16 am
Forum: General
Topic: bridge vlan across a routed network
Replies: 3
Views: 248

Re: bridge vlan across a routed network

You want to use EOIP to bridge vlan500 interface on HQ mikrotik and whatever vlan interface (can be 500 as well, I don't see a reason to have it different) on branch office mikrotik.
by mkx
Wed Apr 03, 2024 9:23 am
Forum: General
Topic: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]
Replies: 15
Views: 787

Re: How to do Inter-VLAN Bridging with MikroTik? [SOLVED]

(I also don't quite like how the router has to have a separate address for each VLAN, this seems pretty unnecessary) It seems that you don't quite understand the (V)LAN concept, do you? I haven't read your explanation in depth, just skimmed it ... and it seems to me you want to have a flat LAN, so ...
by mkx
Wed Apr 03, 2024 9:20 am
Forum: General
Topic: CCR2004-1G-12S+2XS: IPv4 routing performance less than IPv6?
Replies: 4
Views: 367

Re: CCR2004-1G-12S+2XS: IPv4 routing performance less than IPv6?

Show us the config. From what is shown so far and what you explained it seems like IPv4 is being routed while IPv6 is being bridged ... but only look at config can tell what you actually have.
by mkx
Wed Apr 03, 2024 9:16 am
Forum: Beginner Basics
Topic: Using CRS309-1G-8S+IN as switch with MLAG [SOLVED]
Replies: 4
Views: 555

Re: Using CRS309-1G-8S+IN as switch with MLAG [SOLVED]

How about showing complete config of your switches? What you've shown is not complete. And since you don't know where the error is, I don't think you can decide which part of config is relevant and which isn't. But I agree that you have lots of holes in your VLAN setup (and errors as well), so it's ...
by mkx
Wed Apr 03, 2024 7:09 am
Forum: Beginner Basics
Topic: DHCP Server - DNS blank or router IP [SOLVED]
Replies: 8
Views: 437

Re: DHCP Server - DNS blank or router IP [SOLVED]

Generally the argument to give clients real DNS is some clients is additional caching slows upstream changes from appearing as quickly (e.g. since there cached, clients have to wait for the TTL to expire and unable to "force" DNS to re-resolve)... Every recursive DNS resolver (including y...
by mkx
Tue Apr 02, 2024 3:17 pm
Forum: General
Topic: bridge vlan across a routed network
Replies: 3
Views: 248

Re: bridge vlan across a routed network

You can't bridge L2 networks (that's what VALNs are) over L3 (IP) just like that. You need some L2 tunnel, running on top of L3 ... in MT world (both routers are MT according to your description) that's EIOP. Beware that EOIP alone doesn't encrypt traffic, so you may want to run EIOP on top of IPsec...
by mkx
Tue Apr 02, 2024 3:12 pm
Forum: Beginner Basics
Topic: Does "Detect Internet" actually do anything?
Replies: 15
Views: 8308

Re: Does "Detect Internet" actually do anything?

As @normis said: this function is intended to detect (and autoconfigure to certain extent) WAN-facing interfaces (which is a very good thing). However, the experience is that detection success rate is lower than we would all love to see and when it fails, then the whole router starts to behave in ra...
by mkx
Tue Apr 02, 2024 12:15 pm
Forum: SwOS
Topic: netpower SwitchOS - fiber ring topology
Replies: 1
Views: 170

Re: netpower SwitchOS - fiber ring topology

You can do the ring. But make sure RSTP is enabled. And I suggest you to make bridge priority on CSS, connected to uplink, lower than the rest of devices (e.g. to (0x)4000) so that it wins root bridge selection ... selection about which segment of your fiber ring will be disabled will be made relati...
by mkx
Tue Apr 02, 2024 11:20 am
Forum: Wireless Networking
Topic: 802.11b required for me but missing in ROS7 WiFi [SOLVED]
Replies: 12
Views: 846

Re: 802.11b required for me but missing in ROS7 WiFi [SOLVED]

But, a few devices now cant connect to the new wireless network: Another thought: did you try to remove those devices from your wireless network and re-add them? I seem to remember this was necessary on certain smart phones (but not all of them ... all running various versions of Android) when I st...
by mkx
Tue Apr 02, 2024 10:40 am
Forum: Wireless Networking
Topic: 802.11b required for me but missing in ROS7 WiFi [SOLVED]
Replies: 12
Views: 846

Re: 802.11b required for me but missing in ROS7 WiFi [SOLVED]

You should enable CCMP cipher - screenshot shows that note of ciphers are selected and I don't know what's default.

Also try to disable FT, it's another AP capability which some clients may trip over.
by mkx
Tue Apr 02, 2024 10:35 am
Forum: General
Topic: [ask] how to check mac address on vlan
Replies: 4
Views: 310

Re: [ask] how to check mac address on vlan

If you have bridge with vlan-filtering, then something like /interface/bridge/host/print where vid=<vlan id> where <vlan id> is VLAN ID you want to query. Another possibility (not sure if it's available on all ROS devices): /interface/ethernet/switch/host/print where vlan-id=<vlan id>
by mkx
Tue Apr 02, 2024 9:24 am
Forum: Wireless Networking
Topic: 802.11b required for me but missing in ROS7 WiFi [SOLVED]
Replies: 12
Views: 846

Re: 802.11b required for me but missing in ROS7 WiFi [SOLVED]

There are a few settings available in new wifi configuration which might upset older stations (in no particular order): enabling wpa3 authentication type enabling anything but "ccmp" and "ccmp-256" as encryption type setting "management-protection" to anything other tha...
by mkx
Tue Apr 02, 2024 9:17 am
Forum: Wireless Networking
Topic: configure "cAP ac" to "RB4011iGS+RM" router
Replies: 4
Views: 280

Re: configure "cAP ac" to "RB4011iGS+RM" router

One prerequisite is to have wireless package installed on RB4011 (not wifi-qcom-ac ... which drops support for 2.4GHz radio on RB4011 anyway). Then you have to configure things in /capsman configuration subtree. When everything is configured there correctly, you should be able to put your cAP ac int...
by mkx
Tue Apr 02, 2024 9:06 am
Forum: Beginner Basics
Topic: VLANs seems not to isolate each other [SOLVED]
Replies: 3
Views: 367

Re: VLANs seems not to isolate each other [SOLVED]

... but I can ping and get access from VLAN 10 to 11 ... In addition to what @CGGXANNX wrote also note that due to how firewall works, router will respond to pings regardless which of its IP address is being targeted (e.g. pinging router's address in VLAN 11 from a client inside VLAN 10). It is pos...
by mkx
Mon Apr 01, 2024 5:29 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 553
Views: 125386

Re: v7.14.2 [stable] is released!

Could the "memory leak" be due to 0 disk space available?
It might ... because ROS might be caching writes to flash. AFAIK that's not what linux kernel usually does though.
by mkx
Mon Apr 01, 2024 5:25 pm
Forum: General
Topic: IPv6 trouble [SOLVED]
Replies: 19
Views: 1361

Re: IPv6 trouble [SOLVED]

I've set pool-prefix-lenght=64 on the dhcpv6 client, but did not made a difference. From various posts about my KPN ipv6 settings, I always found 48 to be used and I see the prefix I get is also /48. My feeling tells me that 48 is all I will get? The pool-prefix-length property sets the prefix size...
by mkx
Mon Apr 01, 2024 3:58 pm
Forum: General
Topic: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]
Replies: 7
Views: 588

Re: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]

The port that you should NOT (normally) use for netinstall is ether1 (or anyway WAN ports) try one of ether2+. See: https://forum.mikrotik.com/viewtopic.php?t=206301 Wrong. Netinstall is always done via ether1 (which is usually WAN port) ... and this includes devices with single (management) ether ...
by mkx
Mon Apr 01, 2024 3:56 pm
Forum: General
Topic: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]
Replies: 7
Views: 588

Re: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]

Try these steps:
  1. Disconnect everything
  2. Start netinstall on linux machine
  3. Connect ethernet cable brtween PC and ether1
  4. Press reset and keep pressing it until step #6
  5. Plug in power plug
  6. When netinstall executable on linux machine detects hAP ac2, release reset button
by mkx
Mon Apr 01, 2024 3:52 pm
Forum: General
Topic: I'm trying to setup VLANs but I get no gateway
Replies: 4
Views: 285

Re: I'm trying to setup VLANs but I get no gateway

Guess it is a good idea to set up the router from scratch. Before[*] starting from scratch, have a look at this tutorial to get an idea about how VLANs are properly done in ROS. [*] I wrote "before" not because you shouldn't tear your config apart but to learn how to do it properly from s...
by mkx
Mon Apr 01, 2024 3:47 pm
Forum: General
Topic: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]
Replies: 7
Views: 588

Re: hap AC^2 upgrade to 7.14.2 - broken device with bootloop [SOLVED]

Netinstall does work in vast majority of cases. But it's a very fragile process (a bit less so if using linux netinstall) so it may take some (or many) tries to make evrything click together.
by mkx
Mon Apr 01, 2024 2:15 pm
Forum: General
Topic: IPv6 trouble [SOLVED]
Replies: 19
Views: 1361

Re: IPv6 trouble [SOLVED]

Set pool-prefix-length=64 on your DHCPv6 client.

And why all those advertise-*=no in ipv6 nd setup?
by mkx
Mon Apr 01, 2024 10:02 am
Forum: General
Topic: DHCP Lease Status Offered
Replies: 3
Views: 272

Re: DHCP Lease Status Offered

Post MT's config. Without it it's not clear what you mean by saying "I am using DHCP on VLAN"...
by mkx
Sun Mar 31, 2024 11:38 pm
Forum: Beginner Basics
Topic: WAN and LAN passthrough to second MT - VLAN Question [SOLVED]
Replies: 12
Views: 628

Re: WAN and LAN passthrough to second MT - VLAN Question [SOLVED]

With incorrect VLAN filtering setup you can easily loose MAC access to device ... so if doing something you're not comfortable with, it's smart to take one port off bridge and add it to the list with allowed MAC access ... that port would then be immune to whatever errors one might do in bridge conf...
by mkx
Sun Mar 31, 2024 11:29 pm
Forum: RouterBOARD hardware
Topic: CRS317 vs CRS326 Performance
Replies: 4
Views: 477

Re: CRS317 vs CRS326 Performance

That's right. CRS326 is not bad (its L3HW offload is impressive) but CRS317 is way better.
by mkx
Sun Mar 31, 2024 1:24 pm
Forum: RouterBOARD hardware
Topic: CRS317 vs CRS326 Performance
Replies: 4
Views: 477

Re: CRS317 vs CRS326 Performance

For L2 they both do wirespeed on all ports simultaneously. Difference is in bridging (software L2, usually not necessary) and routing.
by mkx
Sun Mar 31, 2024 1:22 pm
Forum: RouterBOARD hardware
Topic: CCR2004-16G-2S+PC NO USB, WHYYY!??
Replies: 28
Views: 7255

Re: CCR2004-16G-2S+PC NO USB, WHYYY!??

The idea is to have some storage to run few networking containers like traefik, dns server, mdns repeater As I wrote elsewhere before: why forcing router to become general-purpose device while there exist more cost-effective and versatile solutions (from Raspberry PI to x86-based servers of various...
by mkx
Sun Mar 31, 2024 11:40 am
Forum: Beginner Basics
Topic: MikroTik Fiber-to-Copper converter FTC11XG
Replies: 1
Views: 185

Re: MikroTik Fiber-to-Copper converter FTC11XG

FTC11XG is a SwOS device so it provides very little management possibilities by itself. Since your SFP module is ONU, it needs quite some configuration (and that can't be done via SwOS). The only thing that SwOS can do is adjust SFP+ port speed to what ONT module expects/requires. Many of those SFP ...
by mkx
Sun Mar 31, 2024 11:31 am
Forum: Wireless Networking
Topic: configure "cAP ac" to "RB4011iGS+RM" router
Replies: 4
Views: 280

Re: configure "cAP ac" to "RB4011iGS+RM" router

For one it very much depends on ROS version running on both devices. In addition it depends on which of optional packages are installed on cAP ac. After you provide this information, we can go further.
by mkx
Sun Mar 31, 2024 11:19 am
Forum: Wireless Networking
Topic: Antenna showdown with my Nano VNA
Replies: 2
Views: 438

Re: Antenna showdown with my Nano VNA

When using polarized antennas (they all are) it's important to perform measurements when polarization planes of both antennas match exactly. If using 2 chains on one side and both antennas are at some angle (ideally at 90° angle), then they'll both contribute to reception even if the other party onl...
by mkx
Sun Mar 31, 2024 11:03 am
Forum: Wireless Networking
Topic: Which bluetooth
Replies: 3
Views: 267

Re: Which bluetooth

I'd say that ROS only supports BT hardware vased on chipsets akso used by hardware made by Mikrotik. I could only find references to Quectel's BG77 in this context. So I guess that if you find a BT modem, based on this chipset, it might work. What you see is not ROS support, only generic USB enunera...
by mkx
Sun Mar 31, 2024 10:49 am
Forum: General
Topic: NAT with several public IPs
Replies: 2
Views: 235

Re: NAT with several public IPs

If the other WAN addresses are not router towards your NAT device[*], then you need to set those addresses explicitly on WAN interface. NAT only kicks into action after packet was already delivered to the device. NAT configuration does not affect the way packets are handled before they are received ...
by mkx
Sun Mar 31, 2024 10:35 am
Forum: Beginner Basics
Topic: Fresh DHCP Client Test
Replies: 7
Views: 414

Re: Fresh DHCP Client Test

I would expect the DHCP client to have gotten an IP as well? Where from? That would work only if you had another DHCP server running on network, attached to bridge. But then I'm why woukd you need anotger DHCP server (running on your L009). No, it doesn't have any sense to run both DHCP server and ...
by mkx
Sat Mar 30, 2024 4:28 pm
Forum: General
Topic: How insecure of 8791?
Replies: 39
Views: 1718

Re: How insecure of 8791?

So if the EoIP terminated at some central router, it be able to see anything with RoMON enabled – even if it's two hops aways (e.g. hub router --(eoip)--> remote --(etherX)--> ap).
Wouldn't this require bridge between eoip and etherX on remote device?
by mkx
Sat Mar 30, 2024 4:25 pm
Forum: Beginner Basics
Topic: VLAN'ising an existing configuration without disrupting service
Replies: 23
Views: 1142

Re: VLAN'ising an existing configuration without disrupting service

Was just hoping for some shortcuts here, is all. No, there are no shortcuts. Adding VLANs is the same as building a completely new physical network (including laying cables and adding switches). Even worse, you have to break things "to make space" for new setup. When doing that, it's hard...
by mkx
Sat Mar 30, 2024 12:31 pm
Forum: RouterBOARD hardware
Topic: hAP ac2 not working after 7.14 update.
Replies: 20
Views: 2829

Re: hAP ac2 not working after 7.14 update.

But I'm very curious as to what Mikrotik support has to say on this. In release change logs for 7.14 MT repeatedly states that wireless package size got smaller. The issue is that during ROS upgrade, storage usage is temporarily slightly increased and if storage is almost full before upgrade, the u...
by mkx
Sat Mar 30, 2024 12:25 pm
Forum: Wireless Networking
Topic: CAPsMANv2 and Wireless Backhaul with 2 Audiences [SOLVED]
Replies: 10
Views: 852

Re: CAPsMANv2 and Wireless Backhaul with 2 Audiences [SOLVED]

Intended behaviour is to provision local interfaces on CAPsMAN devices locally. This is not a problem since local wifi provisioning and capsman (can) actually share same configuration profiles. This wasn't a case with legacy wireless where it did make sense to let capsman provision also local interf...
by mkx
Sat Mar 30, 2024 12:16 pm
Forum: Wireless Networking
Topic: hAP ax2 randomly drops WiFi SSIDs (both 2,4 and 5Ghz)
Replies: 134
Views: 25918

Re: hAP ax2 randomly drops WiFi SSIDs (both 2,4 and 5Ghz)

Just try 5180 and see if it works. For some reason now it works but I haven't put anything in the frequency field yet. In the Status tab it says Channel: "5220/ax/eeCe" Yup, it's the same "sweet" 80MHz band (between 5170 and 5250 MHz; mind that frequencies shown and used through...
by mkx
Sat Mar 30, 2024 12:07 pm
Forum: General
Topic: DHCP Lease Status Offered
Replies: 3
Views: 272

Re: DHCP Lease Status Offered

Are Tenda routers, on their WAN side, configured to use tagged VLANs? If they are not, then you have to configure access switches (the ones between ONUs and Tendas) and nake Tenda-facing ports as access ports for appropriate VLANs (and keep ONU-facing ports configured as trunk/tagged-only ports).
by mkx
Sat Mar 30, 2024 11:57 am
Forum: Beginner Basics
Topic: dstnat to host on LAN times out
Replies: 5
Views: 316

Re: dstnat to host on LAN times out

thanks for the response. When you say I'd say that gateway address in /ip dhcp-server network should be 10.10.10.1 ... does that mean that the "gateway" address is always on the near end of the link in the separate subnet? Gateway setting in DHCP setup informs DHCP client (i.e. the far en...
by mkx
Sat Mar 30, 2024 11:29 am
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 553
Views: 125386

Re: v7.14.2 [stable] is released!

forward: in:bridge out:up-etisalat, connection-state:invalid src-mac 30:9c:23:28:5e:0d, proto TCP (ACK,RST), 192.168.88.19:52394->52.210.81.44:443, len 40 or forward: in:bridge out:up-etisalat, connection-state:invalid src-mac 30:9c:23:28:5e:0d, proto TCP (ACK,FIN), 192.168.88.19:52383->52.210.81.4...
by mkx
Fri Mar 29, 2024 9:25 pm
Forum: Beginner Basics
Topic: how to assign static IP of choice on LAN host
Replies: 2
Views: 192

Re: how to assign static IP of choice on LAN host

After the lease is made static, it's possible to edit it, e.g. set a different IP address. Just keep in mind that changes in lease settings aren't pushed to client, they are only taken into account after client tries to renew the old lease.
by mkx
Fri Mar 29, 2024 9:15 pm
Forum: Beginner Basics
Topic: dstnat to host on LAN times out
Replies: 5
Views: 316

Re: dstnat to host on LAN times out

This doesn't seem quite right to me: /ip dhcp-server lease add address= 10.10.10.10 client-id=1:b8:69:///:aa mac-address=\ B8:69:F4:47:5D:AA server=server10 /ip dhcp-server network add address=10.10.10.0/24 gateway= 10.10.10.10 netmask=24 I'd say that gateway address in /ip dhcp-server network shoul...
by mkx
Fri Mar 29, 2024 8:25 pm
Forum: General
Topic: Which features are NOT essential to RouterOS?
Replies: 8
Views: 500

Re: Which features are NOT essential to RouterOS?

Mikrotik could have not made a "wifi-qcom-ac" driver

I'm glad they did ... because it allows me to get rid of all wireless drivers, I'm using my hAP ac2 as router only. And it allows me to unleash full wireless power of Audience (OK, this was achieved by wifiwave2 already).
by mkx
Fri Mar 29, 2024 7:14 pm
Forum: General
Topic: How insecure of 8791?
Replies: 39
Views: 1718

Re: How insecure of 8791?

EOIP works between two IP addresses and doesn't care about how its packets move from point A to point B. So one can use any kind of connectivity to do the job. Since EOIP doesn't do any encryption, it's wise to use something that does it. IPsec is fine, wireguard is fine, etc.
by mkx
Fri Mar 29, 2024 6:58 pm
Forum: RouterBOARD hardware
Topic: hAP ax3 temperature at 58-60 degrees...
Replies: 18
Views: 941

Re: hAP ax3 temperature at 58-60 degrees...

Default firewall fiter rule set folliws the "allow needed, drop the rest" concept, although the last rule in chain=forward is formulated in a bit cryptical way. Too bad that some people eradicate the default firewall setup only to replace it with a pile of garbage. Instead of adjusting def...
by mkx
Fri Mar 29, 2024 5:46 pm
Forum: General
Topic: Purchasing on Amazon
Replies: 11
Views: 640

Re: Purchasing on Amazon

Anav where did you get the 15% from?

Seems that VAT rate for fire-breathing donkeys is higher in NS ?
by mkx
Fri Mar 29, 2024 5:37 pm
Forum: Beginner Basics
Topic: NAT and reach dhcp clients in router mode from main network
Replies: 5
Views: 287

Re: NAT and reach dhcp clients in router mode from main network

I'm not saying that I'm not ubiquiti man ... you may find one mkx on the forum you linked :-P (no, you won't, not this one)
by mkx
Fri Mar 29, 2024 4:55 pm
Forum: Beginner Basics
Topic: NAT and reach dhcp clients in router mode from main network
Replies: 5
Views: 287

Re: NAT and reach dhcp clients in router mode from main network

I've no idea how nanostation is to be configured ... I don't know any Mikrotik by that name ...
by mkx
Fri Mar 29, 2024 1:13 pm
Forum: Beginner Basics
Topic: NAT and reach dhcp clients in router mode from main network
Replies: 5
Views: 287

Re: NAT and reach dhcp clients in router mode from main network

No need for NAT on nanostation. However, often firewall config on client computers considers anything outside own subnet (as determined by network address and mask) to be "evil internet" and is thus blocked. NAT on nanostation would help to overcome this problem (making clients believe it'...
by mkx
Fri Mar 29, 2024 1:05 pm
Forum: Beginner Basics
Topic: IPTV and VLAN
Replies: 1
Views: 197

Re: IPTV and VLAN

You'll have to add WAN interface to bridge and convert bridge into VLAN-aware entity. Tge untagged internet access you have currently on separate interface will become access port of a dedicated VLAN, current LAN ports will become access ports of another dedicated VLAN. Actually your current WAN por...
by mkx
Fri Mar 29, 2024 9:45 am
Forum: RouterBOARD hardware
Topic: hAP ax3 temperature at 58-60 degrees...
Replies: 18
Views: 941

Re: hAP ax3 temperature at 58-60 degrees...

I have some suggestions that the reboot is due to overheating of the processor, the frequency is once every 3-4 days... The suggestion you are mentioning goes directly against the log line saying "out of memory condition was detected" ... which indicates a memory leak (and there are repor...
by mkx
Fri Mar 29, 2024 9:36 am
Forum: Wireless Networking
Topic: cAP ax 5 GHz not working
Replies: 15
Views: 3163

Re: cAP ax 5 GHz not working

Check the actual 5GHz frequency used while your hAP ax2 seems not to be working. With recent ROS releases, ax devices seem to prefer highest frequencies (when left at auto selection) and not every client supports those.
by mkx
Fri Mar 29, 2024 8:59 am
Forum: General
Topic: [CRS518] Very Basic MLAG / ICCP Question
Replies: 2
Views: 201

Re: [CRS518] Very Basic MLAG / ICCP Question

The ALCATEL "LACP" part - that is MLAG and not LACP. I disagree. From Alcatel device point if view the links are in LACP mode. Even if all three devices were by same vendor, the bottom one would have to be configured as LACP peer of the upper pair. However, both CRS518 have to be aware th...
by mkx
Thu Mar 28, 2024 9:26 pm
Forum: Wireless Networking
Topic: Can I safely uninstall wireless package - hEX [SOLVED]
Replies: 17
Views: 738

Re: Can I safely uninstall wireless package - hEX [SOLVED]

It might have model names hard coded (so it might not perform hardware detection routines). And it's different than your case: if device had wifiwave2 installed previously, then legacy wireless (was part of core package back in time) was disabled ... hence legacy capsman could not be in use (and thi...
by mkx
Thu Mar 28, 2024 7:23 pm
Forum: Wireless Networking
Topic: Can I safely uninstall wireless package - hEX [SOLVED]
Replies: 17
Views: 738

Re: Can I safely uninstall wireless package - hEX [SOLVED]

Because installer is a very simple one ... in most ROS versions (up and including 7.11 and 7.13 and later) it simply downloads and installs the very same packages as already installed. MT went all overboard with installer in 7.12 which knows the following 3 cases: wifiwave2 installed and device is o...
by mkx
Thu Mar 28, 2024 7:14 pm
Forum: General
Topic: Netinstall Help: lost at final step can't select package.
Replies: 14
Views: 755

Re: Netinstall Help: lost at final step can't select package.

In screenshot 2 ... select router first and then package ... or this still doesn't do the trick?

Also make sure that the routeros npk file you have available is for the CPU architecture of your RB750 (it seems that RB750 is MIPSBE but verify yourself).
by mkx
Thu Mar 28, 2024 7:07 pm
Forum: RouterBOARD hardware
Topic: Old RB750 V1 (Not RB750G) will not update to firmware 7.X [SOLVED]
Replies: 9
Views: 817

Re: Old RB750 V1 (Not RB750G) will not update to firmware 7.X [SOLVED]

Personally I'd upgrade using ROS built-in updater as far as it goes ... and upgrade routerboot as it goes. Running ROS v7 requires routerboot which is not ancient (6.45.7 might be fine, but to be on safe side ...). Next: if you want to upgrade from v6 to v7 using built-in updater, you have to set ch...
by mkx
Thu Mar 28, 2024 6:46 pm
Forum: Wireless Networking
Topic: Can I safely uninstall wireless package - hEX [SOLVED]
Replies: 17
Views: 738

Re: Can I safely uninstall wireless package - hEX [SOLVED]

The installer doesn't analyze actual configuration of the device hence it doesn't know whether capsman functionality, included in now separate package wireless, is needed or not. To be on safe side the package is installed even though device doesn't have wireless hardware.
by mkx
Wed Mar 27, 2024 8:33 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 553
Views: 125386

Re: v7.14.2 [stable] is released!

@Amm0: exactly, proper setting would be something like propagation-delay-max with integer setting (>=1) and unit of microseconds (and 10km would roughly translate into 33 microseconds). But imagine chaos this would cause among most AP admins. Constant indoor would translate into 1 microsecond or aro...
by mkx
Wed Mar 27, 2024 7:44 pm
Forum: Wireless Networking
Topic: 7.14 breaks wifi
Replies: 8
Views: 731

Re: 7.14 breaks wifi

The signal strength, reported with disconnection events (around -30dBm), is very high. Does the same happen when there's some distance between AP and station? Healthy signal strengths are between -50dBm and -60dBm.
by mkx
Wed Mar 27, 2024 7:38 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 553
Views: 125386

Re: v7.14.2 [stable] is released!

But would then it be speed of light in vacuum or in some thick air with large refractive index?
by mkx
Wed Mar 27, 2024 7:32 pm
Forum: General
Topic: NAT 1:1 on Mikrotik - without gateway on the client device
Replies: 1
Views: 243

Re: NAT 1:1 on Mikrotik - without gateway on the client device

These NAT rules should be fine. If you can set up routes on "WAN" side and PLC address space doesn't clash with addresses on WAN side, then you could set route (dst 192.168.0.0/24 gateway 10.40.100.X (where this address is router's WAN IP address). Then you only need single SRC-NAT rule: /...
by mkx
Wed Mar 27, 2024 7:23 pm
Forum: General
Topic: AX3 Wifi confusion
Replies: 9
Views: 690

Re: AX3 Wifi confusion

well, your issue is all about "skip-dfs-channels=all". In the heart of an incredibly RF and people dense city, in a huge apartment building, I don't have a choice but to use DFS channels. Well, then set this to skip-dfs-channels=disabled ... only then will your ax3 try to use DFS channels...
by mkx
Wed Mar 27, 2024 6:22 pm
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1755

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

First of all, I'm glad you found the problem. BTW, when I tried updating software it said 7.12.1 is the highest version possible. However, when I want to download netinstall there is 7.14.1 Stable available as default... Should I go with that or rather use 7.12.1? 7.13 came with breaking change (wir...
by mkx
Wed Mar 27, 2024 9:23 am
Forum: Beginner Basics
Topic: ONU terminal on PoE-out issue
Replies: 5
Views: 445

Re: ONU terminal on PoE-out issue

Does Mikrotik have some models with PoE-out with 12V? Any device with passive PoE out and which can be powered using 12V power adapter. But I suggest you not to go this way. If you absolutely have to power ZTE via PoE, use passive PoE injector (MT's own RBGPOE might do the trick) and use dedicated ...
by mkx
Wed Mar 27, 2024 9:21 am
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1755

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

I'll start from the scratch and check step by step when the connectivity fails, hope I'll find out. That's something I was about to suggest you. Start by netinstalling the switch and try to progress at desired setup without taking turns. There were cases where visible configuration of device (the o...
by mkx
Wed Mar 27, 2024 9:15 am
Forum: Beginner Basics
Topic: CAPsMAN across "wireless" and "wifi-qcom" package
Replies: 1
Views: 319

Re: CAPsMAN across "wireless" and "wifi-qcom" package

CAPsMAN for legacy (wireless) and wave2 (wifi-qcom ...) radios are two distinct entites and have to be configured separately. With ROS 7.13+ it is possible to run both CAPsMAN instances on the same device, but it needs legacy wireless package installed (even if device itself doesn't have any wireles...
by mkx
Tue Mar 26, 2024 6:00 pm
Forum: General
Topic: RB952Ui was hacked
Replies: 3
Views: 487

Re: RB952Ui was hacked

If reset button is indeed disabled[*] (a.k.a. protected routerboot), then your RB951Ui just became e-waste. [*] In theory it's not possible to enable protected routerboot without physical access to device, so it's unlikely that remote hacker did it. If you didn't do it yourself, then it still should...
by mkx
Tue Mar 26, 2024 4:58 pm
Forum: Wireless Networking
Topic: Too strong signal - wifi client flapping (7.13+)
Replies: 5
Views: 463

Re: Too strong signal - wifi client flapping (7.13+)

Signal strength of 50 is quiet impossible as far as I know. In theory it's possible, but in practice not so much. It would mean that Rx antenna is pumping 100W worth of signal into receiver. Not many WiFi devices can transmit at that kind of EIRP and as soon as there's some air gap between Tx and R...
by mkx
Tue Mar 26, 2024 4:44 pm
Forum: General
Topic: Config returning after reboot
Replies: 5
Views: 687

Re: Config returning after reboot

If flash is full (or there's only very little free space), then changes in config are not (successfully) saved to flash any more. One has to make some more space. Either by removing some files (e.g. old backup files). Or if there are some optional package files installed, uninstall one (it can very ...
by mkx
Tue Mar 26, 2024 4:36 pm
Forum: General
Topic: HW Offloading
Replies: 11
Views: 994

Re: HW Offloading

L3HW offloading only works between if all routes reside on same bridge. It seems your WAN is on off-bridge interface sfp-sfpplus1 .
by mkx
Mon Mar 25, 2024 7:43 pm
Forum: General
Topic: How does RouterOS prioritize domain name servers?
Replies: 3
Views: 454

Re: How does RouterOS prioritize domain name servers?

Your wish goes against established operation and good practice. All configured DNS servers are supposed to return same results to any query. Hence when multiple servers are configured, then DNS client (resolver) is free to use any of them with no particular affinity. Most use one server for all quer...
by mkx
Mon Mar 25, 2024 8:39 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

I think it was said that min-antenna-gain depends on factory software version (or was it routerboot version? ... lately it's the same, so ...). My audience says "factory-software: 6.45.8" and "factory-firmware: 6.47.9" (which strikes me odd to see such a huge discrepancy in these...
by mkx
Mon Mar 25, 2024 8:26 am
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 912

Re: CRS317 + CRS328 - InterVLAN routing with L3HW

Are your LAN devices (in all VLANs) set up to use CRS317 as gateway?
by mkx
Sun Mar 24, 2024 3:35 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1564

Re: Where's my bottleneck?

I found one that works: 5735-5895

Beware that these high channels are recent addition and not all station devices support them.
by mkx
Sun Mar 24, 2024 3:32 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1564

Re: Where's my bottleneck?

You can't "invent" frequency settings ... so go for 5260.

Frequency setting in MT is center frequency of control channel (so if setting frequency to 5260, set band to Ceee).
by mkx
Sun Mar 24, 2024 3:28 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

Management often equals winbox connection with multiple windows open and refreshing stats.
by mkx
Sun Mar 24, 2024 3:25 pm
Forum: General
Topic: CHR or Ethernet router?
Replies: 5
Views: 643

Re: CHR or Ethernet router?

Now when you say single core CPU, the systems I have in mind will definitely have 6 cores at least, not because I have some absolute requirement but simply because they come with these and there is no way around...Since I will be using VMware Workstation pro with the CHR (if I go with it) are you s...
by mkx
Sun Mar 24, 2024 3:15 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1564

Re: Where's my bottleneck?

2.4ghz Scan shows that neighbours are well educated and mostly operate in 1-6-11 pattern. You should stick to it as well, channel 11 (2462MHz) seems slightly less loaded. And don't try to use 40MHz channel 2.4GHz band (outside deserted areas) simply doesn't have enough band width. Channel utilizati...
by mkx
Sun Mar 24, 2024 3:06 pm
Forum: Beginner Basics
Topic: What happens to an interface that is not part of any bridge?
Replies: 7
Views: 624

Re: What happens to an interface that is not part of any bridge?

On layer2 interfaces are isolated. So possibility of leaking frames is slim. If frames do leak, it's probably due to errors in configuration.

Also note that without special config, router will pass packets in all directions and L2 isolation alone can't do magic.
by mkx
Sun Mar 24, 2024 3:01 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

. . . For extras there are USB ports, SD slots, M.2 slots, mountable disks, etc. . . . On the ax2 device ? Let me quote @strods for you: Usually, if you need more, then you most likely need more powerful device. And "power", in a sense, is also ability to attach useful peripherials. In th...
by mkx
Sun Mar 24, 2024 10:55 am
Forum: SwOS
Topic: Feature suggestion - FW Upgrade availability through SNMP
Replies: 2
Views: 412

Re: Feature suggestion - FW Upgrade availability through SNMP

I recently upgraded my CSS610 to SwOS Lite 2.18 after just looking at the web gui for an unrelated thing. Had no idea there was an update available and was thinking, since the web-GUI does a check for a new version and also finds the version and release date, can this info not also become available...
by mkx
Sun Mar 24, 2024 10:48 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

Now I wonder if it was legit pumping a watt worth of signal into the antenna. It wasn't legit. Country regulations are limiting EIRP which includes antenna gain (and cable losses if there are any) and with antenna gain of 4.5dBi this means your Audience transmitted with EIRP of 34.5dBm (which would...
by mkx
Sun Mar 24, 2024 10:39 am
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 912

Re: VLAN switching and routing with bonds

1) Default setting is frame-types=admit-all ... so if it's not changed explicitly according to needs, it'll remain that way. 2) Do as you see fit. IMO access to management VLAN should be as restricted as possible but also depends on particular use case. 3) Bridge is (also) interface which allows ROS...
by mkx
Sat Mar 23, 2024 6:00 pm
Forum: Wireless Networking
Topic: 7.14 wifi-qcom no superchannel?
Replies: 10
Views: 1237

Re: 7.14 wifi-qcom no superchannel?

My Audience running 7.13 says about Panama: ranges: 2402-2472/36 5735-5835/30 5170-5250/30 5490-5730/24 5250-5330/24 And that's what ROS will observe. Yes, it may happen that allowed EIRP table in ROS is not correct. But also sometimes there are certain limitations (e.g. TPC) and if device doesn't c...
by mkx
Sat Mar 23, 2024 5:41 pm
Forum: Beginner Basics
Topic: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]
Replies: 35
Views: 4398

Re: 2WAN as Failover and Setup Wireguard KEY as Client [SOLVED]

The goal is to reduce MSS to value which fits MTU. Because many routers don't do fragmentation (it's CPU intensive and IPv6 doesn't allow it), MSS has to be low enough to allow packets pass end-to-end. Since a working value for MTU is 1420, this translates to MSS value of 1380 (1420 minus TCP and IP...
by mkx
Sat Mar 23, 2024 3:39 pm
Forum: General
Topic: Where's my bottleneck?
Replies: 29
Views: 1564

Re: Where's my bottleneck?

Is there a way of running an Internet speed test directly from a RouterOS device ... ROS' own bandwidth test is a pretty CPU demanding application and is often limited due to that. So in essence it doesn't correspond to device performance (when device is used as switch/router) and frequently it doe...
by mkx
Sat Mar 23, 2024 3:31 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

It simply means that when these ARM devices were designed and released, such package did not exist yet. Neither did exist the advanced SMB (from ROSE) nor DLNA nor wireguard ... and yet you (MT) are pushing these (among other things) into base package. If anything has to be done (and I'm glad it's ...
by mkx
Sat Mar 23, 2024 12:42 pm
Forum: Wireless Networking
Topic: hAP-ax3 vs cAP ax
Replies: 11
Views: 1447

Re: hAP-ax3 vs cAP ax

Is it possible to do roaming between asus and mikrotik? If yes then maybe you could use both on different channels. As long as all security settings (and SSID) are equal, you should be able. Just beware of what "roaming" means. In answer by @erlinden, "roaming" means that statio...
by mkx
Sat Mar 23, 2024 12:22 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

For now, 16 MB are still enough for each and every device with 16 MB chip to run the system as intended for the particular model device. So you're saying that e.g. hAP ac2 was intended to offer wifi4 performance even though it's got wifi5 hardware? Because that's what one essentially gets when usin...
by mkx
Fri Mar 22, 2024 4:08 pm
Forum: Beginner Basics
Topic: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]
Replies: 32
Views: 1755

Re: CRS3xx and vlans: access port doesn't see traffic unless it is removed from bridge [SOLVED]

This setting /interface/bridge/add pvid=4094 frame-types=admit-only-vlan-tagged name=bridge # Best practice don't set pvid=1 doesn't change a thing ... PVID setting is irrelevant when frame-types property is set to admit-only-vlan-tagged . In addition, it only applies to bridge CPU-facing port , not...
by mkx
Fri Mar 22, 2024 8:28 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 113
Views: 36285

Re: CCR1036 Power Supply

CCR2116 sounds a great upgrade, may i know what's the limitation, please? The price is even cheaper than my CCR1036, most important of all, any PSU failure posts about CCR2116? As I said, the switch chip.. CCR2116 can do L3 HW offload, so in certain (almost trivial?) conditions, ASIC (switch chip) ...
by mkx
Fri Mar 22, 2024 8:22 am
Forum: RouterBOARD hardware
Topic: CCR1036 temperature "issue" cause reboot.
Replies: 19
Views: 8847

Re: CCR1036 temperature "issue" cause reboot.

I checked my faulty replaced PSU with multimeter, it shows 23.6v... Marginal PSUs, which cause issues with connected devices, tend to show acceptable output voltage when idle. However, they tend to drop voltage when they are loaded. And they tend to supply voltage which is not very well regulated a...
by mkx
Fri Mar 22, 2024 8:15 am
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2344

Re: Many PSU failures in CCR1036

1. My CCR1036 is not in high demand, only a few people will connect through it, therefore, i already adjust down the CPU frequency to lower the operating temperature. However, consider the capacitor overheating theory, the heat comes from the nearby power transistors to regulate the current, it see...
by mkx
Fri Mar 22, 2024 8:04 am
Forum: Wireless Networking
Topic: cAP ac Disk Space
Replies: 4
Views: 402

Re: cAP ac Disk Space

Yup, devices with less than 32MB flash and more than 32MB RAM have their "storage root" in RAM. To verify that this is indeed true, check contents of storage root ( /file print ), if it contains folder "flash", then this scheme is in power. And upgrade packages are always downloa...
by mkx
Fri Mar 22, 2024 7:56 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

Setting locally on the 'offender' and then re-provisioning it, it didn't help. I am wondering why not, and is this a bug?
Probably it's a feature. After all, CAPsMAN is supposed to provision radio interfaces (to their fullest), leaving antenna gain out would be a bug I guess.
by mkx
Fri Mar 22, 2024 7:53 am
Forum: General
Topic: MASTER INTERFACE UNKNOWN
Replies: 4
Views: 507

Re: MASTER INTERFACE UNKNOWN

As the linked article says: on your device, you need basic routeros installed and optional package named "wifi-qcom". After you get these packages installed, I suggest you to reset router to factory default config. The rest of configuration is done in /interface/wifi (I believe that's WiFi...
by mkx
Fri Mar 22, 2024 7:44 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

And the "wifi-qcom-ac" can still be used on Audience and RB4011, even if it has "unneeded" drivers for IPQ-4019 since that prevent breaking folks already using wifi-qcom-ac on 16MB today. Audience has both IPQ-4018 (used as SoC and for 2.4GHz + lower 5GHz radio) and QCA9984 (for...
by mkx
Thu Mar 21, 2024 10:50 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 1907

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

The required upgrade path is expressly for in-ROS upgrade (because old ROS needs to fetch extra packages / packages with different names). Has nothing to do with installation of packages, manually uploaded to device. A gotcha though: IIRC one had to upload package files for all currently installed p...
by mkx
Thu Mar 21, 2024 10:39 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

... is necessary to have QCA9984 which is only for RB4011iGS+5HacQ2HnD-IN ...
... and for RBD25G-5HPacQD2HPnD (Audience). Admittedly Audience has flash larger than 16MB as well.
by mkx
Thu Mar 21, 2024 10:36 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

Mikrotik L009 port 1 of the switch disappears, adding the port on a bridge makes it have no HW.

Block diagram for L009 shows that ether1 is not controlled by switch chip, it is instead controlled directly by CPU. Which means that L2 HW offload is physically impossible for this port.
by mkx
Thu Mar 21, 2024 9:38 pm
Forum: Wireless Networking
Topic: Only offline update of WLAN only devices over 12.1? [SOLVED]
Replies: 16
Views: 1907

Re: Only offline update of WLAN only devices over 12.1? [SOLVED]

I am not 100% sure you can drop both when upgrading.

It worked like this in v6 and I don't see any readon why it wouldn't work in 7.12 (or any other v7).
by mkx
Thu Mar 21, 2024 2:42 pm
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2344

Re: Many PSU failures in CCR1036

[admin@MikroTik] > system/health/print Columns: NAME, VALUE, TYPE # NAME VALUE TYPE 0 power-consumption 50.8 W CCR1036 (the CCR1036-12G-4S variant) has rated max power consumption at 60W. So the reported power consumption indicates that power supply is running at 80%+ capacity and I'd expect it to ...
by mkx
Thu Mar 21, 2024 2:09 pm
Forum: Wireless Networking
Topic: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]
Replies: 10
Views: 3069

Re: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]

I haven't tried the new capsman (yet; I only have one wave2 device running wireless at the moment), but in old capsman one could configure location of upgrade packages ... which could contain files for different architectures. And CAP upgrade would then still happen automatically. And, as @holvoetn ...
by mkx
Thu Mar 21, 2024 2:02 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

I'd say this means that it's possible to set antenna-gain to 0 (AFAIK default is unset which means minimum allowed value or 0 if there's no minimum) and hence you can see 5dB higher actual Tx power. If you want to "align" Tx powers between units (and to actual country regulations), then yo...
by mkx
Thu Mar 21, 2024 1:49 pm
Forum: General
Topic: CHR or Ethernet router?
Replies: 5
Views: 643

Re: CHR or Ethernet router?

Surely there are MT routers which can do IPsec with throughputs higher than 200Mbps. But only if they support appropriate HW offload functions (not all of them do). All MT routers have product pages and one of sections there is "Test results". And a part of test result page is "IPsec ...
by mkx
Thu Mar 21, 2024 1:37 pm
Forum: General
Topic: Dualboot, windows gets ip, linux does not [SOLVED]
Replies: 4
Views: 1615

Re: Dualboot, windows gets ip, linux does not [SOLVED]

That was it. In /interface bridge vlan, I didn't have my ethernet port set as untagged. Thank you very much! If a port of bridge has pvid set, then it's automatically added as untagged port to appropriate VLAN in the section you mentioned. But this doesn't work if the same port is explicitly config...
by mkx
Thu Mar 21, 2024 9:23 am
Forum: Beginner Basics
Topic: Proxmox CHR Lab, Layer7 not working
Replies: 3
Views: 405

Re: Proxmox CHR Lab, Layer7 not working

Which I can only surmise that although my FIOS router has static routes that work for ping/traceroute, that POS does not route L7 properly ??? Without seeing config of FIOS router (and understanding what it does) it's impossible to say why using default route path doesn't work. But if FIOS router w...
by mkx
Wed Mar 20, 2024 9:55 pm
Forum: Wireless Networking
Topic: bound client to specific AP by mac adress by CAPsMAN
Replies: 9
Views: 512

Re: bound client to specific AP by mac adress by CAPsMAN

No, you can't do that.

What you can do is to nake cAP-specific SSID and then configure those clients to connect to appropriate SSID.
by mkx
Wed Mar 20, 2024 9:52 pm
Forum: General
Topic: Dualboot, windows gets ip, linux does not [SOLVED]
Replies: 4
Views: 1615

Re: Dualboot, windows gets ip, linux does not [SOLVED]

The ethernet port that this machine is connected to on the CAP 2 is configured as a VLAN access port. Are you sure that ether port on cAP is properly access port? The big difference between windows (most ether drivers) and linux is that linux properly works wiith VLAN tags while windows (often) sim...
by mkx
Wed Mar 20, 2024 9:27 pm
Forum: Wireless Networking
Topic: hAP ax2 station mode [SOLVED]
Replies: 27
Views: 2267

Re: hAP ax2 station mode [SOLVED]

/interface wifi set [ find default-name=wifi1 ] channel.band=5ghz-ax .width=20/40mhz-eC \ configuration.country=Netherlands .mode=station .ssid=WIFI-PUB disabled=\ no security.authentication-types=wpa2-psk Just throwing in some random idea: can you unset channel.band and channel.width? I guess that...
by mkx
Wed Mar 20, 2024 8:59 pm
Forum: General
Topic: MASTER INTERFACE UNKNOWN
Replies: 4
Views: 507

Re: MASTER INTERFACE UNKNOWN

Forget about "wireless" package on ax devices (hAP ax lite is one of them). You need wifi-qcom package. And then configure things under /interface/wifi.

More about wifi/wireless in 7.13 and later: viewtopic.php?t=202578
by mkx
Tue Mar 19, 2024 8:18 pm
Forum: Wireless Networking
Topic: VLAN for wireless clients to isolate virtual machines
Replies: 2
Views: 290

Re: VLAN for wireless clients to isolate virtual machines

Standard 802.11 (a.k.a. WiFi) doesn't foresee using VLAN tags over radio. Mikrotik does support sending those headers (with some smart configuration). It also supports delivering frames of different SSIDs (i.e. virtual WLANs) into different VLANs. But then there's the other end: windows machine with...
by mkx
Tue Mar 19, 2024 4:32 pm
Forum: Beginner Basics
Topic: I'm just not feeling Mikrotik's current product line-up
Replies: 20
Views: 1276

Re: I'm just not feeling Mikrotik's current product line-up

Yeah I thought that might be the reason. On the hAP ax3 though, the PoE port is also the only 2.5 gigabit port. Would this port normally be used as the WAN port or to connect an AP? I wouldn't use the fastest port on router to connect towards ISP ... But that's me, my ISP only offers 1000/100Mbps s...
by mkx
Tue Mar 19, 2024 4:21 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

There's another interesting output: /interface/wifi/radio/print detail On my audience it has to say about the 4x4 radio: 2 L radio-mac=<redacted> phy-id=2 tx-chains=0,1,2,3 rx-chains=0,1,2,3 bands=5ghz-a:20mhz,5ghz-n:20mhz,20/40mhz,5ghz-ac:20mhz,20/40mhz,20/40/80mhz,20/40/80/160mhz,20/40/80+80mhz ci...
by mkx
Tue Mar 19, 2024 4:12 pm
Forum: Beginner Basics
Topic: I'm just not feeling Mikrotik's current product line-up
Replies: 20
Views: 1276

Re: I'm just not feeling Mikrotik's current product line-up

... separate PoE in and out ports... This alone doesn't fly the pig. Generally PoE in can't really support both device's own consumption and PoE out ... if not for other things it's voltage constraints which generally can't be satisfied when daisy-chaining devices. Yes, it can work in some specific...
by mkx
Tue Mar 19, 2024 12:04 pm
Forum: Wireless Networking
Topic: 7.14 wifi-qcom no superchannel?
Replies: 10
Views: 1237

Re: 7.14 wifi-qcom no superchannel?

No, with wifi-qcom no "fancy" settings are available. No superchannel, no custom protocols (i.e. only 802.11, no nv2 nor nstreme).
by mkx
Tue Mar 19, 2024 11:58 am
Forum: Wireless Networking
Topic: hAP AX2 - broken wifi (no SSID can be found)
Replies: 13
Views: 951

Re: hAP AX2 - broken wifi (no SSID can be found)

Does RouterOS sort of do some check to see which extension band works best? ROS tends to use standard wide channel (e.g. 80MHz) ranges. The range defines 80MHz channel number 42. When it comes to channel layout (Ceee, eCee, ...), ROS again tends to select Ceee (and it seems that the picky clients p...
by mkx
Tue Mar 19, 2024 12:14 am
Forum: RouterBOARD hardware
Topic: hAP ac , poe, RB962UiGS-5HacT2HnT
Replies: 9
Views: 2014

Re: hAP ac , poe, RB962UiGS-5HacT2HnT

20m long cables should not kill PoE .... but at these lengths losses are not negligible. Voltage, available at power receiver's side will be lower, which means that receiver will draw higher current (to fulfill power budget requirements). And this in turn means that PSE (power provider) has to provi...
by mkx
Mon Mar 18, 2024 11:48 pm
Forum: General
Topic: IPv6 Prefixes [SOLVED]
Replies: 14
Views: 4064

Re: IPv6 Prefixes [SOLVED]

@karhill: You are using prefix-hint=::/60 in your example. What is that? I thought that we need to use Pool-Prefix-Length in DHCPv6 client. Two things: prefix-hint= hints to DHCPv6 server sbout what kind of prefix fo we want to receive. It is possible to set it to prefix we already received in hope...
by mkx
Mon Mar 18, 2024 11:38 pm
Forum: General
Topic: ipv6 routing config for ISP DHCP delegated prefix
Replies: 6
Views: 832

Re: ipv6 routing config for ISP DHCP delegated prefix

A bit of guessing here: if ISP assigns a prefix to CPE device, it somehow needs to know also where to route packets belonging to that prefix. In principle DHCPv6 server and ISP router are independent devices, hence ISP's router doesn't know where to route traffic. But it seems that most ISP solution...
by mkx
Mon Mar 18, 2024 9:20 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

I tried channel 36 and got an unsupported channel red message. Yup, as designed. The 2x2 radio supports channels between 5180MHz and 5320MHz (channels 36-64) ... and 4x4 radio supports channels between 5500MHz and 5720MHz (channels 100-144). All stated frequencies are center frequencies of 20MHz ch...
by mkx
Mon Mar 18, 2024 9:00 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 1165

Re: 'IPv6-only' connectivity issue

You can try accept-router-advertisements=yes. That shouldn't be necessary (or even advisable) on networks where you get the default route from DHCP ... It has been said that default route via DHCPv6 is a MT hack. DHCPv6 doesn't provide routers, RAs are used for delivering routers (ND is a must then...
by mkx
Sun Mar 17, 2024 5:19 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

The 4x4 radio only works from 149 up, from what I could tell. Nope, my Audience runs its 4x4 radio on 5500 Ceee just fine (that's channel 100). [user@wifi-audience] /interface/wifi> monitor 2 state: running channel: 5500/ac/Ceee registered-peers: 4 authorized-peers: 4 tx-power: 24 available-channel...
by mkx
Sun Mar 17, 2024 5:11 pm
Forum: RouterBOARD hardware
Topic: hAP ac , poe, RB962UiGS-5HacT2HnT
Replies: 9
Views: 2014

Re: hAP ac , poe, RB962UiGS-5HacT2HnT

Unfortunately, no, this setup is not working.
How long are UTP cables between RB5009 and powered devices?
by mkx
Sun Mar 17, 2024 5:01 pm
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 46
Views: 3308

Re: v7.15beta broke backup file naming

So, what are the characters not allowed? I'd rather ask "which characters are safe to use?" ... and the answer would be: the same as the last 50 years: US ASCII alphabet (a-z and A-Z), roman numerals (0-9), underscore (_), dash (-) ... and that's about it. So no punctuation marks, no othe...
by mkx
Sat Mar 16, 2024 10:53 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

So it's then down to frequency-related country regulations. My audience (it's an r2 revision), running 7.13, shows the following for one ETSI country: ranges: 2402-2482/20 5170-5250/23/indoor 5250-5330/23/indoor/dfs 5490-5710/30/dfs I believe that the 4-chain radio operates exclusively in the freque...
by mkx
Sat Mar 16, 2024 8:16 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 22
Views: 1757

Re: Audience different revisions showing different current tx-rates

Used Tx power depends on country regulatory limits (I guess you have that setting same for the whole setup) and in 5GHz band also on particular frequency used. Another peculiarity is audience which has two 5GHz radios and these two have pretty distinct characteristics (one has 2 chains and Tx power ...
by mkx
Sat Mar 16, 2024 8:09 pm
Forum: Wireless Networking
Topic: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]
Replies: 10
Views: 3069

Re: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]

Is it possible to install WiFi package on L009UiGS-RM (ROS 7.13+) and use it as capsman controller for several hap ax for wifi6? Capsman in 7.13+ is part of core wifi functionality which is installed always. What is then left to install (as ootiobal package) are appropriate drivers for wireless chi...
by mkx
Sat Mar 16, 2024 1:47 pm
Forum: RouterBOARD hardware
Topic: Upgrade from RB750Gr3
Replies: 16
Views: 1245

Re: Upgrade from RB750Gr3

Note that philip8224 never mentioned "it should cost as little as possible"... Indeed. But a buck saved on previous project is a buck of budget increase for next project. Which is usually even more important when there's involvement of a financial controller in shape of better half :wink:
by mkx
Sat Mar 16, 2024 11:13 am
Forum: RouterBOARD hardware
Topic: Upgrade from RB750Gr3
Replies: 16
Views: 1245

Re: Upgrade from RB750Gr3

I didn't realize/notice that it has a faster CPU. :) It's hard to say which CPU is faster simply from the part number. But all MT products have published test results and that somehow relates to CPU performance. hEX - RB750Gr3 hAP ac² The tests with less processing (e.g. no firewall filters, large ...
by mkx
Fri Mar 15, 2024 3:52 pm
Forum: General
Topic: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]
Replies: 13
Views: 2196

Re: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]

Is it the hardware or am I missing something? Hardware is a big unknown with CHR, it really depends. But decent hardware, used to run hypervisors, tends to be much more capable for general processing (e.g. FW rules) than most of mikrotik's hardware. So I can imagine that CHR can outperform most (if...
by mkx
Fri Mar 15, 2024 11:43 am
Forum: General
Topic: RB4011 HWoffload + vlan aware bridge issues [SOLVED]
Replies: 7
Views: 1551

Re: RB4011 HWoffload + vlan aware bridge issues [SOLVED]

The main problem is, that bridge interface is not member of any of tagged VLANs: /interface bridge vlan add bridge=bridge tagged=ether4,ether5,sfp-sfpplus1 vlan-ids=50 add bridge=bridge tagged=ether5,sfp-sfpplus1 vlan-ids=200 add bridge=bridge tagged=sfp-sfpplus1,bonding1 vlan-ids=99 If you want rou...
by mkx
Fri Mar 15, 2024 9:22 am
Forum: General
Topic: Interface list for multiple bridges? [SOLVED]
Replies: 4
Views: 1670

Re: Interface list for multiple bridges? [SOLVED]

Creating an interface list that includes both "bridge_LAN" and "bridge_WiFi" was my first idea. However, even though it is called an interface " list ", I could only set one interface. Something like this: /interface list add name=list1 add name=list2 add name=list3 /i...
by mkx
Fri Mar 15, 2024 9:13 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

@larsa and @Railander really should align their pains. One has a pain with scripting (where using any names containing special charcters, including but not limited to space, comma, colon, quote, double quote, question mark, exclamation mark, etc. is a really bad idea in any context except "plai...
by mkx
Wed Mar 13, 2024 9:10 pm
Forum: RouterBOARD hardware
Topic: R11e-HacD max input power [SOLVED]
Replies: 1
Views: 275

Re: R11e-HacD max input power [SOLVED]

Product page at https://mikrotik.com/product/R11e-5HacD has the information under "Wireless specifications". Max Tx power depends on modulation used and varies between 27dBm (at most robust and thus slowest modulation) and 19dBm (highest performing modulation). Power numbers are total Tx p...
by mkx
Wed Mar 13, 2024 8:56 pm
Forum: General
Topic: Import DHCP leases [SOLVED]
Replies: 5
Views: 1516

Re: Import DHCP leases [SOLVED]

Yes; MK to MK.

I made them all static for simplicity. I exported to txt file, but I can copy and paste. Where do I paste?

The same place they were exported from ... /ip/dhcp-server/lease/ seems a sensible place.
by mkx
Wed Mar 13, 2024 8:46 pm
Forum: General
Topic: Backup restoration, wrong interfaces
Replies: 12
Views: 740

Re: Backup restoration, wrong interfaces

You can change that part so after 4 more times, you're back at square 1 :lol: Actually you're still stuck because set uses construct "[ find default-name=... ]" and default-name doesn't change. But if code was run from "default" state, then it would fail even the first time ... ...
by mkx
Wed Mar 13, 2024 8:25 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 1559

Re: Hex Lite and NTP client updates

ROUTER sends out a WAN signal to an existing NTP server with dst-port 123 BUT ALSO source port 123??? Yup. There are SNTP implementations, which are client-only and act as typicsl client: uses random high port as src-port and connects to server at port 123. And there are full NTP implementations wh...
by mkx
Wed Mar 13, 2024 8:06 pm
Forum: General
Topic: Backup restoration, wrong interfaces
Replies: 12
Views: 740

Re: Backup restoration, wrong interfaces

When the router restarted, I saw that the traffic goes through ether2 and ether4. I unplugged the Ethernet patch cable from port 1 and connected it to port 2. In interface window, I see that the traffic goes through ether5 interface. It is possible to rename router's interfaces and some (perverse) ...
by mkx
Wed Mar 13, 2024 7:58 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 909

Re: NAT port forwarding does not work

Does ssh server, by any chance, run its own firewall?
by mkx
Wed Mar 13, 2024 7:42 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 2449

Re: Redirect to external Public IP [SOLVED]

@anav: you're pretty close to how I understand it. Just that @OP wants to forward connection (initially targeting his router port 9999) to some host on intetnet (same port 9999). @RipperR: I'd try with this pair of NAT rules: /ip/firewall/nat add chain=dstnat action=dst-nat protocol=tcp dst-port=999...
by mkx
Wed Mar 13, 2024 3:33 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 2449

Re: Redirect to external Public IP [SOLVED]

The "red" traffic will likely only pass bi-directionally if you'll implement hairpin NAT for that "public to public" NAT. Without it, webserver 2 will try to reply to client (accessing abcabc.com:9999) directly, but client will reject this as it will try to talk to your router's ...
by mkx
Wed Mar 13, 2024 3:19 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

*) console - replace reserved characters to backup and certificate export file names with underscores; is there any reason this needs to be done? Yes, having spaces in file names breaks parameter parsing in all CLI implementations I've seen and one has to use workarounds (such as enclosing such fil...
by mkx
Wed Mar 13, 2024 8:01 am
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 909

Re: NAT port forwarding does not work

Are you sure that your ISP line is completely transparent? I.e. are you sure your ISP doesn't filter ingress connections?
by mkx
Wed Mar 13, 2024 7:59 am
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 46
Views: 3308

Re: v7.15beta broke backup file naming

It's a deliberate change, well published in change logs. Did you read through relevant "new version announcement post" before installing a beta version?
by mkx
Tue Mar 12, 2024 8:03 pm
Forum: Wireless Networking
Topic: VLANs / CAPsMANv2 / local datapath
Replies: 5
Views: 426

Re: VLANs / CAPsMANv2 / local datapath

What, from functionality point of view, are you trying to do?
by mkx
Tue Mar 12, 2024 7:46 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 582

Re: Hairpin NAT using Local DNS

Well, in such a convoluted setup you'll have to think it out yourself. I'm not willing to guess the size of your problem and all the interactions.

But the fact is that NAT isn't exactly piece'a'cake in certain conditions.
by mkx
Tue Mar 12, 2024 6:32 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 909

Re: NAT port forwarding does not work

Think on your dst-nat rule you are missing:
in-interface-list=WAN

Nah, this omission only makes DST-NAT rule more greedy. It doesn't make it non-working. Would it be useful to include this addition? Depends if @OP needs to use NAT-ed port from inside LAN or not.
by mkx
Tue Mar 12, 2024 6:18 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 909

Re: NAT port forwarding does not work

And from where are you trying to use the forwarded port? Public internet? Or from inside your LAN?
by mkx
Tue Mar 12, 2024 4:31 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 582

Re: Hairpin NAT using Local DNS

If servers need to communicate with each other, then ... I don't see why you couldn't configure them to communicate directly (over real ports)?
by mkx
Tue Mar 12, 2024 12:58 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 582

Re: Hairpin NAT using Local DNS

Some of my internal services run on different source ports and I would still require a dot-net to do the port translation Example service runs on port 1050 and the clients use 5050 In this case the best solution is to move server(s) into dedicated IP subnet. The dst-nat would then work the same way...
by mkx
Tue Mar 12, 2024 12:55 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 553
Views: 125386

Re: v7.14.1 [stable] is released!

*) sfp - improved system stability for CR2004-1G-2XS-PCIe (introduced in v7.14); You should read the line for what it is: "SFP - improved stability" (on some certain device). You simply should not read it like "improved stability of CCR2004-1G-XS-PCIe" because it's not about it.
by mkx
Tue Mar 12, 2024 12:44 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

.... but you are not the only one using RouterOS so a moment of patience and let's see what will happen. I don't think that anybody said that this functionality should never ever be implemented. However it is pretty distracting if such a non-core functionality actually makes certain device types al...
by mkx
Tue Mar 12, 2024 12:39 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 471
Views: 106943

Re: v7.15beta [testing] is released!

I don't even need Samba service nor DLNA.

You're weird ... but so am I.
by mkx
Mon Mar 11, 2024 9:49 pm
Forum: Beginner Basics
Topic: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?
Replies: 7
Views: 655

Re: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?

... "Is there a way if creating, or assigning, a virtual port from the router to the switch, so as to negate the need to use a physical port in order to do this?" I'm pretty sure I don't understand your question. When one creates a bridge, one gets all the bells and whistles. Now let's as...
by mkx
Mon Mar 11, 2024 8:22 pm
Forum: Wireless Networking
Topic: Get supported channel list on 7.13+ wifi-qcom*
Replies: 1
Views: 274

Re: Get supported channel list on 7.13+ wifi-qcom*

/interface/wifi/radio/reg-info country=<country> number=0 Notes: it seems to be safe to always use "number=0" ... but it may matter on some awkward chipsets? be careful about capitalization of country name, it seems a capital initial character is required. For multi-word country names thi...
by mkx
Mon Mar 11, 2024 8:04 pm
Forum: Announcements
Topic: Newsletter #117 | March 2024
Replies: 22
Views: 23719

Re: Newsletter #117 | March 2024

It must be quite expensive to manufacture all that heatsink for nothing.

Perhaps the initial idea was to make device passively cooled but later it turned out it wasn't enough so they installed some fans. And somebody forgot to cancel the order of half a million of heat sinks?
by mkx
Mon Mar 11, 2024 8:00 pm
Forum: General
Topic: Not having wire speed transfer between same VLAN on CRS354!
Replies: 15
Views: 803

Re: Not having wire speed transfer between same VLAN on CRS354!

I have tested using file sharing from one pc to another and results are the same 30-50MB/s Samba / CIFS comes with lots of constraints. If you want to assess raw network speed, then use appropriate tools, such as iperf3 ... When testing through a router, you nay find out tgat single-threaded perfor...
by mkx
Mon Mar 11, 2024 7:55 pm
Forum: Wireless Networking
Topic: Feature Request: Simplified handling of Wifi Guest Networks in Capsman V2
Replies: 6
Views: 976

Re: Feature Request: Simplified handling of Wifi Guest Networks in Capsman V2

In legacy capsman it was possible to get it working in an easier way ... because there was local-forwarding=no ... which meant tgat all traffic from a CAP was tunneled to CAPsMAN. Which made the whole thing independent from LAN infrastructure. However, it came with a (hefty) price: wireless throughp...
by mkx
Mon Mar 11, 2024 7:38 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 582

Re: Hairpin NAT using Local DNS

If you want to see actual source IP addresses, then you must not use hairpin NAT ... i.e. use split DNS where A record for public internet points at your router's WAN IP address (and plain dst-nat is enough to have connection working). And A record for "same subnet" clients points directly...
by mkx
Mon Mar 11, 2024 5:14 pm
Forum: Wireless Networking
Topic: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]
Replies: 3
Views: 1066

Re: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]

Mb someone know is there "dynamic vlans in qcom-ac" in plans of smth like that?

Perhaps MT knows?
by mkx
Mon Mar 11, 2024 5:01 pm
Forum: Beginner Basics
Topic: Queues need help
Replies: 4
Views: 367

Re: Queues need help

Generally no ideas. As soon as one starts with non-trivial things (and queuing / traffic shaping is not trivial), router has to process each packet and that simply requires some CPU power.
by mkx
Mon Mar 11, 2024 4:58 pm
Forum: Beginner Basics
Topic: Need help with L3 VLAN [SOLVED]
Replies: 6
Views: 1353

Re: Need help with L3 VLAN [SOLVED]

Additionally, I find it peculiar that MikroTik treats the bridge as both a Layer 2 switch and a Layer 3 interface. If one is pedantic as to what a particular entity does, then bridge actually has 4 personalities ... and there's a good explanation of all of them . As to L3 VLANs: it's a pitty to (ab...
by mkx
Mon Mar 11, 2024 7:20 am
Forum: RouterBOARD hardware
Topic: map2nd mAP serial port
Replies: 4
Views: 411

Re: map2nd mAP serial port

If anything, this is TTL-level serial. You'd need something like MAX232 to convert levels to RS232 levels (which is 5V), without it you'd fry the board components.

Next problem is that this serial interface is not enabled in ROS on mAP ...
by mkx
Sun Mar 10, 2024 5:11 pm
Forum: Wireless Networking
Topic: CAPsMAN v2 update frequency
Replies: 5
Views: 385

Re: CAPsMAN v2 update frequency

Image

To me it seems it provisioned just fine. Missing "R" flag may simply mean that no client is currently connected to that AP.

Or is it that you actually don't see AP broadcasting SSID when using a client to search for WiFi signals?
by mkx
Sun Mar 10, 2024 4:00 pm
Forum: Beginner Basics
Topic: Queues need help
Replies: 4
Views: 367

Re: Queues need help

Disable fasttrack rule in firewall (chain=forward). Fasttrack bypasses lits of packet processing, most queues included. Torch disables fasttrack (in order to show anything), that's why queues work then. Be prepared to see CPU utilization go up considerably, depending on your WAN speed it may become ...
by mkx
Sun Mar 10, 2024 12:54 pm
Forum: General
Topic: Connection lost after 10 or more times
Replies: 5
Views: 373

Re: Connection lost after 10 or more times

My idea is that there might be some ARP misconfiguration (perhaps a proxy-arp or some such) and with a large LAN subnet (subnet mask shorter than /20) it may mean that switch FDBs get filled with invalid entries. In such case all traffic gets disrupted ... I see quite often that people play with ARP...
by mkx
Sun Mar 10, 2024 12:46 pm
Forum: Wireless Networking
Topic: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]
Replies: 3
Views: 1066

Re: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]

CAPsMAN only provisions wireless interface ... and userman only sets VID for a particular user (much like static ACLs would). So I would expect that you have to configure uplink ethernet port as tagged member of a number of VLANs (all that might be used by userman), but likewise the wireless interfa...
by mkx
Sun Mar 10, 2024 12:28 pm
Forum: Beginner Basics
Topic: hEXs and internet speed problem [SOLVED]
Replies: 13
Views: 2594

Re: hEXs and internet speed problem [SOLVED]

Generally I'd agree with @CGGXANNX ... but that 8Mbps of uplink smells rotten. Generally routers perform symmetrically unless there are rules (or interactions) which work asymmetrically. Since already MT's default setup reveals the asymmetry, I'd say that the problem lies somewhere between hEX's eth...
by mkx
Sun Mar 10, 2024 12:19 pm
Forum: General
Topic: Connection lost after 10 or more times
Replies: 5
Views: 373

Re: Connection lost after 10 or more times

You'll have to post (text export of) hotspot's configuration. As already mentioned, reasons for misbehaviour can be numerous and without seeing the config, we'd be only guessing.

BTW, the reason might not be in hotspot config, all network devices contribute in a LAN and any of them can break the LAN.
by mkx
Sun Mar 10, 2024 12:10 pm
Forum: General
Topic: Interface lists efficiency for firewall
Replies: 3
Views: 377

Re: Interface lists efficiency for firewall

I'd expect that one rule using interface-list would be more effective than multiple rules using interfaces. One aspect is overhead of executing a rule, which is the same for any rule (regardless the check types), and I assume it's not trivial. The other aspect is handling interface-lust members, the...
by mkx
Sun Mar 10, 2024 11:57 am
Forum: Beginner Basics
Topic: Firewall check
Replies: 7
Views: 600

Re: Firewall check

You're following the concept "allow what's needed, drop everything else", which is good. From performance point of view your rules would benefit of some reworking. Rules are evaluated top-to-bottom (inside each chain) so performance-wise it's good to make rules, which will deal with most p...
by mkx
Sun Mar 10, 2024 11:48 am
Forum: Beginner Basics
Topic: Help with config [SOLVED]
Replies: 6
Views: 1356

Re: Help with config [SOLVED]

Nothing strikes me as clearly wrong in your config. The only thing I'd definitely change is disable internet detection: /interface detect-internet set wan-interface-list=none It's a public secret that this feature can cause some subtle, but nasty problems ... and you don't seem to need it anyway.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 40