Community discussions

MikroTik App

Search found 13866 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 47
by mkx
Mon Feb 17, 2025 9:20 am
Forum: Beginner Basics
Topic: Bridges and VLAN
Replies: 7
Views: 366

Re: Bridges and VLAN

From performance point of view it doesn't matter if your CRS runs ROS or SwOS ... if you configure things under ROS right. ROS is more versatile ... and thus allows user to screw the config more easily. When mentioning multiple addresses, I was referring to this part of config: /ip dhcp-client add c...
by mkx
Sun Feb 16, 2025 9:45 pm
Forum: Beginner Basics
Topic: Bridges and VLAN
Replies: 7
Views: 366

Re: Bridges and VLAN

But I'm still confused, because the "vlan10" interface (172.16.0.0/24) should not be able to ping my main routers ip address (192.168.178.24/1). Probably it's because ROS looks at packet and if destination address is any of its own, it will treat the packet the same regardless the ingress...
by mkx
Sun Feb 16, 2025 9:41 pm
Forum: Beginner Basics
Topic: LTE/5G router with external antenna
Replies: 4
Views: 204

Re: LTE/5G router with external antenna

When it comes to antenna cables, if their length is not excessive (one or two meters won't make big difference), cable loss will be less than antenna gain, a lot less than wall attenuation ... and similar to "plain glass" attenuation (double glass with isolative gas between will have much ...
by mkx
Sun Feb 16, 2025 7:40 pm
Forum: Beginner Basics
Topic: Bridges and VLAN
Replies: 7
Views: 366

Re: Bridges and VLAN

I'm not going to look into your config as long as you have multiple bridges. You may succeed in making this eagle move, but it's not going to fly, it's going to crawl.
by mkx
Sun Feb 16, 2025 7:35 pm
Forum: General
Topic: Why are these caught by "drop invalid"
Replies: 6
Views: 302

Re: Why are these caught by "drop invalid"

Most TCP stacks emit multiple FINs or RSTs ... just to make sure that the connection peer gets the message that connection is being terminated even if one of these packets get dropped. And that is perfectly valid activity. When it comes to MT's connection tracking machinery (and I've been told it's ...
by mkx
Sun Feb 16, 2025 7:15 pm
Forum: Beginner Basics
Topic: Bridges and VLAN
Replies: 7
Views: 366

Re: Bridges and VLAN

It's hard to know what kind of config your CRS is actually running. But since you mentioned multiple bridges it seems to be wrong ... at least from performance point of view (only one bridge can be offloaded to switch chip, the rest are handled by slow CPU). So start over by using single bridge (can...
by mkx
Sat Feb 15, 2025 5:50 pm
Forum: RouterBOARD hardware
Topic: x86 Mikrotik v7 performance - choosing the x86 CPU
Replies: 19
Views: 11478

Re: x86 Mikrotik v7 performance - choosing the x86 CPU

I'd be interested in your experience of how would ROS perform on your appliance with NUMA disabled.
by mkx
Sat Feb 15, 2025 5:48 pm
Forum: General
Topic: Firewall rules analysis
Replies: 87
Views: 4048

Re: Firewall rules analysis

What about having a form of DROP ALL at the end of the FORWARD chain? If you care what traffic is routed where, then you want to filter it ... using firewall because it'd elegant and can be precise (compared to routing rules which is effective but imprecise ... like cutting your "prosciutto cr...
by mkx
Sat Feb 15, 2025 5:37 pm
Forum: General
Topic: Firewall rules analysis
Replies: 87
Views: 4048

Re: Firewall rules analysis

The problem is the default rules work on the premise of block all the known bad stuff and allow everything else. This is not true. Default rules work on premise of allow what needs to be allowed and block everything else. The onky awkward thing is how the "allow allowed and block all else"...
by mkx
Sat Feb 15, 2025 5:28 pm
Forum: Beginner Basics
Topic: PPPOE MTU ALWAYS DEFAULTS TO 1480 INSTEAD OF 1492
Replies: 5
Views: 383

Re: PPPOE MTU ALWAYS DEFAULTS TO 1480 INSTEAD OF 1492

Yes, MT seems to think it needs extra 12 bytes of PPPoE overhead. And since PPPoE rarely allows for full standard 1500 byte MTU, there will be fragmentation either way. With MT's lower MTU of 1480 (versus more generous 1492) there will be a tiny bit more fragmentation, but not much more (IMO only a ...
by mkx
Sat Feb 15, 2025 2:25 pm
Forum: RouterBOARD hardware
Topic: x86 Mikrotik v7 performance - choosing the x86 CPU
Replies: 19
Views: 11478

Re: x86 Mikrotik v7 performance - choosing the x86 CPU

in my appliance is possible to disable NUMA into the bios setting. So you may want to disable it and see how it works afterwards. You also may want to check documentation of your appliance to see what the setting affects. using MT is impssible to check /proc/cpuinfo (physical id) Unfortunately that...
by mkx
Sat Feb 15, 2025 1:07 pm
Forum: RouterBOARD hardware
Topic: x86 Mikrotik v7 performance - choosing the x86 CPU
Replies: 19
Views: 11478

Re: x86 Mikrotik v7 performance - choosing the x86 CPU

so Numa should be disabled or enable, don't get it. When you have machine with 2 CPU packs installed, then you have NUMA enabled. With single CPU pack (even if main board supports two or more CPU packs), NUMA is disabled. And you don't have a choice to enable/disable it at your will. You only have ...
by mkx
Sat Feb 15, 2025 12:49 pm
Forum: RouterBOARD hardware
Topic: x86 Mikrotik v7 performance - choosing the x86 CPU
Replies: 19
Views: 11478

Re: x86 Mikrotik v7 performance - choosing the x86 CPU

May you elaborate about NUMA? Modern CPUs have memory controller built in, so memory banks are connected directly to CPU. In a multi-CPU machine, memory banks are evenly distributed over all CPUs so each CPU controls part of memory. When a process, executed on one CPU, neds to access memory, manage...
by mkx
Sat Feb 15, 2025 10:07 am
Forum: Wireless Networking
Topic: Failing to set up station bridge for a mikrotik router
Replies: 1
Views: 199

Re: Failing to set up station bridge for a mikrotik router

Different MT wireless/wifi generations are not compatible when it comes to station-bridge mode. In your case I assume you're running legacy wireless driver on RB4011 not to loose your 2.4GHz radio and you have wifi-qcom on hAP ax2 because wireless driver doesn't support AX radios. You can try to set...
by mkx
Sat Feb 15, 2025 9:53 am
Forum: Beginner Basics
Topic: Forum rules
Replies: 39
Views: 155227

Re: Forum rules

In terms of the question................. answered.

The problem is in the leading ¿ ... only Spanish has leading punctuation (mirrored variant) when sentence ends with ? or !
Text is in Italian, no doubt about that.
by mkx
Fri Feb 14, 2025 3:15 pm
Forum: General
Topic: Hacking Test
Replies: 13
Views: 735

Re: Hacking Test

Why not simply drop and be done with it ? Generally yes ... except for services you need and you don't know upfront from which IP address ... and you can't establish wireguard tunnel (and even that would benefit from being behind port-knock). IMO nowdays need for FTP service is not real (use SCP at...
by mkx
Fri Feb 14, 2025 8:35 am
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17.2 [stable] is released!

@mikrotik, is there any plans for a 7.17.3 release, or no? I've got hundreds of MikroTiks to update and I'd hate to upgrade everything to 7.17.2 only to find out that 7.17.3 is released a week later. Since you're not on 7.17.2 yet ... you probably don't want to jump on 7.17.3 right after it's relea...
by mkx
Thu Feb 13, 2025 6:34 pm
Forum: Virtualization
Topic: Real Docker images for CHR to run in Containerlalb
Replies: 6
Views: 558

Re: Real Docker images for CHR to run in Containerlalb

All containers are are syntactic sugar on top of lower level namespacing primitives, ... which are very different kernel API than actual kernel API. I think many of us remember how much time took MT to get at least bare minimum of ROS v7 running ... because of moving from kernel version 3.3.x to cu...
by mkx
Thu Feb 13, 2025 8:44 am
Forum: Virtualization
Topic: Real Docker images for CHR to run in Containerlalb
Replies: 6
Views: 558

Re: Real Docker images for CHR to run in Containerlalb

I wonder what would be the benefit? CHR, being primarily used for routing, needs access to network interfaces ... as direct as possible for better performance. Even with VMs this might b ean issue due to virtualization layer (but it does pass NICs as piece of hardware). And the second issue might be...
by mkx
Wed Feb 12, 2025 10:47 pm
Forum: General
Topic: Upgrading from V6 to V7...
Replies: 15
Views: 1483

Re: Upgrading from V6 to V7...

but not at all I fail to see with which part of my previous post you don't agree? Specifically I'm writing about disk space which is even tighter on v7 in general (yes, there are a few marginal cases where v7 might even leave more disk space than v6), I'm not saying anything about RAM or CPU availa...
by mkx
Wed Feb 12, 2025 10:37 pm
Forum: General
Topic: Upgrading from V6 to V7...
Replies: 15
Views: 1483

Re: Upgrading from V6 to V7...

... I have to upgrade to V7 on a lot of devices because it reports low disk space.

Generally v7 requires more disk space than v6 for same feature set so if your v6 devices are running low on disk space, upgrading them to v7 mostly won't help.
by mkx
Wed Feb 12, 2025 10:29 pm
Forum: Wireless Networking
Topic: WIFI roaming for WPA3 broken again (somewhere from 7.17.1+- to 7.18beta5) (edit: solved)
Replies: 12
Views: 2052

Re: WIFI roaming for WPA3 broken again (somewhere from 7.17.1+- to 7.18beta5) (edit: solved)

Furthermore, with the new option added (I think in 7.17.0): "2g-probe-delay=yes" I can't find it, is it only available for CLI? Config in post #3 above puts it in steering configuration subtree. I'm not sure if it was introduced in 7.17, option isn't known on my 7.17.2 install. So it coul...
by mkx
Wed Feb 12, 2025 10:08 pm
Forum: General
Topic: CPU Load 0% [SOLVED]
Replies: 10
Views: 876

Re: CPU Load 0% [SOLVED]

Your CCR2116 has built in a pretty decent switch chip ... which can L3HW offload . And config, necessary for it to happen, is not very different from what we were thought to do for the last few years. So it's not entirely impossible that at some certain ROS upgrade your config simply got offloaded t...
by mkx
Wed Feb 12, 2025 8:28 am
Forum: Beginner Basics
Topic: Routing between Interfaces
Replies: 2
Views: 327

Re: Routing between Interfaces

Default action is to route between all subnets. Unless you have some routing filters. If there's firewall config, then depending on rules traffic between subnets might be blocked. Many devices, connected to networks, run their own firewall (e.g. Windows PCs) and that firewall often blocks traffic to...
by mkx
Tue Feb 11, 2025 10:34 pm
Forum: General
Topic: ARM ROS version confusion? [SOLVED]
Replies: 5
Views: 571

Re: ARM ROS version confusion? [SOLVED]

I copied ROS file to the AX, and rebooted. Assuming you used singular form of "file" in your post because you actually copied single file to ROS ... which means you almost certainly failed to upload one more file ... wifi-qcom package. And ROS refuses to upgrade if it can't find all packa...
by mkx
Tue Feb 11, 2025 10:22 pm
Forum: General
Topic: Secrets in supout.rif
Replies: 12
Views: 1406

Re: Secrets in supout.rif

It's not about trust, it's more about privacy. And comments could be a private thing sometimes. You don't show people what's in your pants even if you trust them :lol: Well ... if you're asking urologist for help with your condition, then you'll have to show him what's in your pants. Photograph of ...
by mkx
Tue Feb 11, 2025 2:49 pm
Forum: General
Topic: Secrets in supout.rif
Replies: 12
Views: 1406

Re: Secrets in supout.rif

As to me, there should be some control on what to include in supout and what to not. Judging from forum posts, people in need for help are rarely qualified to decide what part of configuration/device state is relevant to the problem and what not. So I guess that if users could decide which part of ...
by mkx
Tue Feb 11, 2025 2:02 pm
Forum: General
Topic: Frequecy Selection on point to point configuration
Replies: 3
Views: 402

Re: Frequecy Selection on point to point configuration

Master side picks frequency and channel layout ... e.g. 5540/eeCe Slave side has to follow or connection fails. Settings on slave side are only to instruct slave radio to narrow down search for master signal. Sensible setting on slave side is e.g. auto/XXXX and only benefit of setting few distinct f...
by mkx
Tue Feb 11, 2025 10:27 am
Forum: Wireless Networking
Topic: Chateau PRO ax, Any info on Beamforming,OFDMA,MU-MIMO capabilities ? [SOLVED]
Replies: 3
Views: 746

Re: Chateau PRO ax, Any info on Beamforming,OFDMA,MU-MIMO capabilities ? [SOLVED]

No, ROS doesn't expose any of low-level tweaks perhaps available from (OEM's) drivers.
by mkx
Tue Feb 11, 2025 10:26 am
Forum: Wireless Networking
Topic: Can a CAPsMAN wAP ax be transferred to a different router?
Replies: 4
Views: 585

Re: Can a CAPsMAN wAP ax be transferred to a different router?

Not really. CAPsMAN uses certificate (self-issued usually) to encrypt/sign communication with its CAPs.

However, you can copy CAPsMAN configuration to another device. You may need to "kick" CAPs to connect and let be provisioned by different CAPsMAN though.
by mkx
Mon Feb 10, 2025 11:29 pm
Forum: Beginner Basics
Topic: How to install new Winbox beta on Linux
Replies: 19
Views: 4545

Re: How to install new Winbox beta on Linux

Thanks for the reply. I have never used that before. I assume you mean patchelf --replace-needed glibcversionx with version w I am not sure how to specify either. patchelf README doesn't mention your use case (replace required version of a SO file with different version) ... so probably it can't be...
by mkx
Mon Feb 10, 2025 11:00 pm
Forum: Wireless Networking
Topic: Constant Disconnects [SOLVED]
Replies: 3
Views: 552

Re: Constant Disconnects [SOLVED]

ROS versions? If they're not already, try latest stable (7.17.2 as of now), recent versions came with a few fixes and improvements in wifi-qcom drivers, which are used by both of your devices.
by mkx
Mon Feb 10, 2025 10:53 pm
Forum: Wireless Networking
Topic: Chateau PRO ax, Any info on Beamforming,OFDMA,MU-MIMO capabilities ? [SOLVED]
Replies: 3
Views: 746

Re: Chateau PRO ax, Any info on Beamforming,OFDMA,MU-MIMO capabilities ? [SOLVED]

Block diagram shows that Chateau Pro uses "simple" 4x4MIMO. It does allow for "slight" beamforming if antenna geometry is right (but such antenna geometry would hinder MIMO performance). OTOH beamforming is one of basics for well-performing MU-MIMO because it reduces interference...
by mkx
Mon Feb 10, 2025 10:30 pm
Forum: General
Topic: /interface print where [find name=ether2] -- not correct
Replies: 19
Views: 1200

Re: /interface print where [find name=ehter2] -- not correct

provides list of interfaces in format alien to where ... and print simply ignores it false My statement was based on the last part of last sentence: (try running "/interface/print where" ) Did you try it? When I tried it, it printed out all interfaces ... so how do you put it in your exte...
by mkx
Mon Feb 10, 2025 10:13 pm
Forum: Announcements
Topic: v6.49.18 [stable] is released!
Replies: 20
Views: 14379

Re: v6.49.18 [stable] is released!

Did you try netinstall
No point in netinstalling when trying to verify the changelog entry quoted by @Maggiore81

The question is different: does uninstalling one of packages (and thus freeing a few 100kB) allow to upgrade or not?
by mkx
Mon Feb 10, 2025 7:54 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

Having 128MB of flash storage does not mean that space should be used wastefully. Why should I install 30MB of unnecessary wifi drivers when I only need the driver for a single chipset on my device? If package installer was intelligent, then it could always cherry-pick only drivers required for a p...
by mkx
Mon Feb 10, 2025 3:31 pm
Forum: General
Topic: WAN-port in bridge vs routed [SOLVED]
Replies: 6
Views: 721

Re: WAN-port in bridge vs routed [SOLVED]

However, you talk about interface lists. Can't you refer to the interface names themselves in firewall rules instead of indirectly via a list? Whatever works for you. I'm a bit of a fan of default firewall filter rules (and I'm pretty convinced that it would make better firewall than many of implem...
by mkx
Mon Feb 10, 2025 3:26 pm
Forum: General
Topic: Firewall rules analysis
Replies: 87
Views: 4048

Re: Firewall rules analysis

Wait for your neighbour from the new state (@anav) to wake up ... he's training to become retired person and those need to have long morning naps :lol:
by mkx
Mon Feb 10, 2025 12:28 pm
Forum: RouterBOARD hardware
Topic: Verifying that new HeX Refresh (en7562ct chip) can do bridge vlan-filtering (HW Offload) on all 5 ports. [SOLVED]
Replies: 6
Views: 1077

Re: Verifying that new HeX Refresh (en7562ct chip) can do bridge vlan-filtering (HW Offload) on all 5 ports. [SOLVED]

The reason I asked about switching all ports is because it's very nice to have the option of turning a 5-port device into a "dumb" VLAN-supporting switch when needed, rather than having something that only runs at wirespeed on 4 ports and can never be fully reused as a managed switch when...
by mkx
Mon Feb 10, 2025 12:24 pm
Forum: Wireless Networking
Topic: Very slow LTE [SOLVED]
Replies: 46
Views: 3105

Re: Very slow LTE [SOLVED]

Btw, the new WebFig software lacks the logout menu item (top right in the old versions).
I have not been able to logout from the WebLogin interface of this development version...
Top right there are three vertical dots ... clicking it opens drop-down with a few options, one of them is log out.
by mkx
Mon Feb 10, 2025 12:15 pm
Forum: General
Topic: WAN-port in bridge vs routed [SOLVED]
Replies: 6
Views: 721

Re: WAN-port in bridge vs routed [SOLVED]

The way is to have single bridge with all ports members. Then you "partition" your bridge into two logical halves by enabling vlan-filtering and setting different PVIDs to ports of different partitions. E.g.: # Create bridge /interface/bridge add name=bridge # Add all ports to same bridge ...
by mkx
Mon Feb 10, 2025 11:59 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

Regarding wifi-qcom-ac: I don't understand why they don't split it into two separate versions: That already happened. We now have wifi-qcom and wifi-qcom-ac. Before that, there was no chance to install on 16MB devices. It was (again) bad decision by MT to split wifiwave2 package into "AC"...
by mkx
Mon Feb 10, 2025 11:49 am
Forum: Beginner Basics
Topic: Public IP Routing
Replies: 3
Views: 1270

Re: Public IP Routing

How exactly is your border gateway configured with all those public IP addresses? Do you have to set them (each individually) on WAN interface? Or are they actually routed towards your router by using one of IP addresses as gateway (e.g. 62.71.25.226)? If IPs are routed, then it's possible to "...
by mkx
Mon Feb 10, 2025 11:41 am
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17.2 [stable] is released!

Well, for devices that "are never updated", we need an autoupdate mechanism and for that autoupdate mechanism to work, it must not be cursed into hell (people must not be incensed into gutting/disabling it because it broke things) The way things are now ... one needs to have more or less ...
by mkx
Mon Feb 10, 2025 11:29 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

All available packages appear "greyed", and "enable" auto-fetches and installs .npk So we are not that far off (technically), from being capable of further dismembering big packages into more platform-specific From user's perspective, seeing list of available optional packages o...
by mkx
Sun Feb 09, 2025 7:57 pm
Forum: General
Topic: Mikrotik acting up
Replies: 12
Views: 858

Re: Mikrotik acting up

Yes, forgot to mention ...
... because I was writing it as you posted your suggestion.
by mkx
Sun Feb 09, 2025 7:17 pm
Forum: General
Topic: Mikrotik acting up
Replies: 12
Views: 858

Re: Mikrotik acting up

Looks fine. So next step would be to create a supout.rif file, make a configuration change, create another supout.rif, reboot, verify that configuration change did not stick, create another supout.rif ... and open ticket with support via support portal or e-mail suport@mikrotik.com ... provide them ...
by mkx
Sun Feb 09, 2025 6:28 pm
Forum: General
Topic: Mikrotik acting up
Replies: 12
Views: 858

Re: Mikrotik acting up

Is there a way to test for bad blocks? Just checked ... and the information doesn't seem to be available any more in v7. Here's info from v6: [ name ] > /system resource print uptime: 13w5d4h53m3s version: 6.49.15 (stable) build-time: Apr/24/2024 13:04:23 factory-software: 6.29.1 free-memory: 25.7M...
by mkx
Sun Feb 09, 2025 4:26 pm
Forum: General
Topic: Multiple PPPoE over VLAN
Replies: 16
Views: 929

Re: Multiple PPPoE over VLAN

With your config it shouldn't matter which port connects ONT, ether1 or ether8 ... verify that this is indeed so.

Does it matter, if PPPoE on RB doesn't start (so try connecting Fritz with disabled PPPoE client on RB)? It could be that ISP is limiting number of active PPPoE sessions per ONT?
by mkx
Sun Feb 09, 2025 4:17 pm
Forum: General
Topic: Restore corrupted Routerboard with damaged Eth1
Replies: 14
Views: 4251

Re: Restore corrupted Routerboard with damaged Eth1

In such situations when I want physically "block" port I put an unclamped RJ45 connector into it :) Apart from being cheap, I think this method has potential to cause physical damage to port (if somebody cares about it). Uncrimped connector's contact pins are higher than surrounding plast...
by mkx
Sun Feb 09, 2025 4:04 pm
Forum: General
Topic: Multiple PPPoE over VLAN
Replies: 16
Views: 929

Re: Multiple PPPoE over VLAN

Post config of 4011 ... the /interface/export part. There are a few gotchas with bridges, VLANs and HW offload ... and some combinations can bite one's arse.

Another question: if you connect Fritz directly to ONT, its PPPoE works?
by mkx
Sun Feb 09, 2025 2:51 pm
Forum: RouterBOARD hardware
Topic: Resurrect old RB750 v4.13 Mikrotik RouterBOARD [SOLVED]
Replies: 31
Views: 2627

Re: Resurrect old RB750 v4.13 Mikrotik RouterBOARD [SOLVED]

The reset pad, which you discovered under ruber foot, has same function as reset button. So keep those pads shorted while applying power (and then for a while more) until netinstall starts to show signs. From own experience I can tell you it's hard to keep pads shorted and plug power at the same tim...
by mkx
Sun Feb 09, 2025 2:27 pm
Forum: Wireless Networking
Topic: Very slow LTE [SOLVED]
Replies: 46
Views: 3105

Re: Very slow LTE [SOLVED]

Whenever it's up to user to select appropriate equipment, it's that user's homework to find out any constraints, such as extremely low signal strength available. And then search for appropriate solutions, such as need for using external directional antennas, consequently need for modem which makes a...
by mkx
Sun Feb 09, 2025 12:30 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17.2 [stable] is released!

You have to clean up file system and heavy config items. My experience is that when free space dtops to 0 (or slightly above 0) and ROS starts to complain about not being able to save config changes, then one can not release any space by removing config items (which includes certificates and simila...
by mkx
Sun Feb 09, 2025 12:14 pm
Forum: Wireless Networking
Topic: WIFI roaming for WPA3 broken again (somewhere from 7.17.1+- to 7.18beta5) (edit: solved)
Replies: 12
Views: 2052

Re: WIFI roaming for WPA3 broken again (somewhere from 7.17.1+- to 7.18beta5)

Do you know, or better, can you describe, what tjat line works and what represents? No idea why exactly that setting needs to be that way, I don't recal reading any good explanation of what it does. It was discovered and reported by other forum members quite a while ago so I guess it's a public sec...
by mkx
Sun Feb 09, 2025 12:00 pm
Forum: General
Topic: Restore from RSC
Replies: 20
Views: 1466

Re: Restore from RSC

If RSC is used as "run after reset", it may be necessary to include a short delay right at the top, e.g.

:delay 10

The need for delay comes from the fact that ROS kernel needs a few seconds to start drivers, until that's done not all interfaces are available.
by mkx
Sun Feb 09, 2025 11:54 am
Forum: General
Topic: Mikrotik acting up
Replies: 12
Views: 858

Re: Mikrotik acting up

Are any of resources tight? Flash storage, RAM? Excessive bad blocks on flash?
by mkx
Sun Feb 09, 2025 11:51 am
Forum: General
Topic: Multiple Bridge question
Replies: 8
Views: 637

Re: Multiple Bridge question

Just to be clear, what sits above the CRS is a PFSense firewall with 8 ports on it. If you connect two ports of same bridge to same upstream device, even if those ports are set as access ports to different VLANs, there might be problems with loop detection (xSTP). Because xSTP (except MSTP) are not...
by mkx
Sat Feb 08, 2025 9:08 pm
Forum: RouterBOARD hardware
Topic: Weirdly high temperature on new hEX PoE
Replies: 6
Views: 695

Re: Weirdly high temperature on new hEX PoE

They're both r2 ... and the cooler runs at higher frequency which is a bit counter intuitive.

So it may be about dried thermal paste/pads in hotter's cooling path.
by mkx
Sat Feb 08, 2025 9:04 pm
Forum: General
Topic: /interface print where [find name=ether2] -- not correct
Replies: 19
Views: 1200

Re: /interface print where [find name=ehter2] -- not correct

Because where property of print command expects textual argument but [ find where ...] provides list of interfaces in format alien to where ... and print simply ignores it (try running "/interface/print where" ).
by mkx
Sat Feb 08, 2025 9:00 pm
Forum: General
Topic: Multiple Bridge question
Replies: 8
Views: 637

Re: Multiple Bridge question

The WAN associated VLAN is distinct and separate from data vlans behind the router. Yes. If it's possible to physically connect WAN line directly to router's port. Sometimes it's not, instead WAN line is connected to a port of managed switch, from where traffic is passed towards router using trunk ...
by mkx
Sat Feb 08, 2025 8:51 pm
Forum: RouterBOARD hardware
Topic: Resurrect old RB750 v4.13 Mikrotik RouterBOARD [SOLVED]
Replies: 31
Views: 2627

Re: Resurrect old RB750 v4.13 Mikrotik RouterBOARD [SOLVED]

What I often do is to run wireshark ... and I can see if/when device starts to communicate with netinstall binary on PC. Then and only then it's time to let go the button.
by mkx
Sat Feb 08, 2025 8:42 pm
Forum: RouterBOARD hardware
Topic: Weirdly high temperature on new hEX PoE
Replies: 6
Views: 695

Re: Weirdly high temperature on new hEX PoE

I'm not saying that definitely everything is fine. But with passively cooled devices it's kind of normal to see high temperatures of parts which generate heat. Are you sure that both are same model? Check /system/routerboard/print output ...
by mkx
Sat Feb 08, 2025 8:29 pm
Forum: General
Topic: Multiple Bridge question
Replies: 8
Views: 637

Re: Multiple Bridge question

ok, so I can maintain separation for VLAN710 from everything else on the uplink?

By explicitly setting ports to right VLAN membership you keep the separation between VLANs.

One setting which many people neglect: ingress-filtering=yes on all ports does help with VLANs integrity.
by mkx
Sat Feb 08, 2025 8:21 pm
Forum: Wireless Networking
Topic: Very slow LTE [SOLVED]
Replies: 46
Views: 3105

Re: Very slow LTE [SOLVED]

I think the antennas of this little hap ax are too weak. Agree. I've yet to see MT device with at least half decent antennas for frequencies lower than 2GHz. If that Chinese device has antennas with 0dBi gain, then it's likely better than MT by a few dBi. But these LTE things are hard to troublesho...
by mkx
Sat Feb 08, 2025 8:15 pm
Forum: Wireless Networking
Topic: WIFI roaming for WPA3 broken again (somewhere from 7.17.1+- to 7.18beta5) (edit: solved)
Replies: 12
Views: 2052

Re: WIFI roaming for WPA3 broken again (somewhere from 7.17.1+- to 7.18beta5)

7.17.2 (logs are double ... because I have two log destinations, memory and disk) 2025-02-08 09:04:49 wireless,info 34:F0:43:B4:80:B0@cap-audience-2g-42 connected, signal strength -41 2025-02-08 10:14:06 wireless,info 34:F0:43:B4:80:B0@cap-audience-2g-42 roamed to 34:F0:43:B4:80:B0@cap-audience-5g-...
by mkx
Sat Feb 08, 2025 7:33 pm
Forum: General
Topic: Hw Offloading Vlan between 2 devices [SOLVED]
Replies: 16
Views: 2116

Re: Hw Offloading Vlan between 2 devices [SOLVED]

Just had a look at CRS config ... and it's lacking a lot vith regards to VLAN setup. Did you ever go through this tutorial? https://forum.mikrotik.com/viewtopic.php?t=143620 Read the "router" section, that's what CRS should become eventually. The biggest issue: bridge1 CPU-facing port has ...
by mkx
Sat Feb 08, 2025 7:23 pm
Forum: General
Topic: Multiple Bridge question
Replies: 8
Views: 637

Re: Multiple Bridge question

I was told to create a separate bridge IMO this is bad advice. Properly configured VLANs offer enough separation even within same bridge. The only thing you may have to configure on WAN port is to disable xSTP on it (set edge=yes on that port). Remember, only one bridge can be HW offloaded to one s...
by mkx
Sat Feb 08, 2025 7:19 pm
Forum: Beginner Basics
Topic: PoE ether 8 for L009UiGS-RM.
Replies: 10
Views: 869

Re: PoE ether 8 for L009UiGS-RM.

You sure did.
by mkx
Sat Feb 08, 2025 7:14 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17.2 [stable] is released!

You deal with it using netinstall ... unfortunately.
by mkx
Sat Feb 08, 2025 7:12 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

makes it hard to judge which is the bigger performance issue. i.e. V6+IPSec vs. V7+WG For RAM I'd say WG definitely ... because IPsec is part of ROS since ages and I'm sure they did whatever possible to reduce its memory footprint. I don't think they put the same amount of energy into WG so far. I'...
by mkx
Sat Feb 08, 2025 7:05 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

Your use case, with all due respect, falls into "device abuse" category.
Where is abuse here? It was using default config. I've only added WireGuard ...
This. It's a lite, for Deity's sake.
by mkx
Sat Feb 08, 2025 6:39 pm
Forum: General
Topic: Hw Offloading Vlan between 2 devices [SOLVED]
Replies: 16
Views: 2116

Re: Hw Offloading Vlan between 2 devices [SOLVED]

(I didn't add all static routes to the CRS VLANs yet) Well, you'll have to. You can't expect the "jolly new roundabout" fully functional if you're letting traffic reach it via some old goat path. And even if traffic does flow somehow (partly via new roundabout, partly old goat path), you ...
by mkx
Sat Feb 08, 2025 6:34 pm
Forum: General
Topic: Hw Offloading Vlan between 2 devices [SOLVED]
Replies: 16
Views: 2116

Re: Hw Offloading Vlan between 2 devices [SOLVED]

Post output of /export command (redact sensitive information, such as serial number) ... print's show running config but not how it ended up being like that. Re. L009 CPU load: L009 has moderate routing capacity (for today's standards) of something between 300Mbps and 2Gbps depending on the actual c...
by mkx
Sat Feb 08, 2025 6:25 pm
Forum: General
Topic: echo: system,error,critical could not save configuration changes, not enough storage space available.
Replies: 20
Views: 4593

Re: echo: system,error,critical could not save configuration changes, not enough storage space available.

For me, last time this happened on my hAP ac2 (yesterday :? ), it wouldn't even reboot properly (by executing reboot command) or shutdown. You can believe me that I'm following these kinds of discussions for quite some time. This problem is plaguing my device ever since I installed v7, so it's been ...
by mkx
Sat Feb 08, 2025 6:13 pm
Forum: General
Topic: Blocking admin services - Firewall rules
Replies: 30
Views: 3639

Re: Blocking admin services - Firewall rules

If I do not want the devices to be able to communicate between these 2 networks, do I have to have blocking FW rules in place, or is it blocked by default being on different VLANs already? Yes an No. VLANs prevent devices from communicating directly (via switch alone). So you have a router ... and ...
by mkx
Sat Feb 08, 2025 6:06 pm
Forum: Beginner Basics
Topic: System Restore
Replies: 4
Views: 447

Re: System Restore

After device is restored with binary backup, it should also have users and passwords restored. So whatever was password at the time of creating backup should become password after restoring. And restoring device does require reboot (just mentioning in case it didn't happen).
by mkx
Sat Feb 08, 2025 6:00 pm
Forum: Wireless Networking
Topic: Very slow LTE [SOLVED]
Replies: 46
Views: 3105

Re: Very slow LTE [SOLVED]

I think the AI is right with this: 5. Antenna design: The CPE106-E might have a superior antenna design, allowing for better signal reception and, consequently, higher speeds[1]. I was about to write that I disagree with assessment by @infabo: rsrp isn't that bad. But your sinr is quite low. RSRP a...
by mkx
Sat Feb 08, 2025 5:46 pm
Forum: Wireless Networking
Topic: Trying to understand vlan-filtering + datapath.vlan-id in capsman AX
Replies: 8
Views: 2492

Re: Trying to understand vlan-filtering + datapath.vlan-id in capsman AX

Disabling hw-offload on the RB4011 worked. Replacing the RB4011 with an old RB962 also worked fine. And of course, knowing what the issue now, there are many other ways to resolve (e.g. put everything on the same switch chip at the RB4011 if I still want hw-offload). Which version of ROS is running...
by mkx
Sat Feb 08, 2025 5:37 pm
Forum: Wireless Networking
Topic: WIFI roaming for WPA3 broken again (somewhere from 7.17.1+- to 7.18beta5) (edit: solved)
Replies: 12
Views: 2052

Re: WIFI roaming for WPA3 broken again (somewhere from 7.17.1+- to 7.18beta5)

Re. "Management Protection" setting: it used to be so that if it wasn't set, then default value was different when different security setups were in use (for WPA2 it was "disabled" and for WPA3 it was "allowed"). This doesn't work the same with setting explicitly set. O...
by mkx
Sat Feb 08, 2025 5:28 pm
Forum: General
Topic: Loopback interface, should be allowed?
Replies: 5
Views: 667

Re: Loopback interface, should be allowed?

It's hard to follow your reasoning without seeing actual device config. Default config doesn't have any raw firewall rules and we can only guess what you have added to interfere with traffic. BTW, I hate seeing add-on rules (even if they're published in official articles) abusing comment "defco...
by mkx
Sat Feb 08, 2025 5:24 pm
Forum: Beginner Basics
Topic: System Restore
Replies: 4
Views: 447

Re: System Restore

Did you perform Files -> Backup (so you ended up with .backup file?). If so, upload the file (if it's not already on device), in Files click it and select Restore from possible actions.
by mkx
Sat Feb 08, 2025 5:17 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

On "16MB" devices (like hAP lite) much bigger issue is RAM. There are two distinct types of 16MB flash devices: generally base-line devices, such as hAP lite ... which lack RAM and fast CPU. However, as long as their CPU architecture is not ARM (hAP lite has SMIPS), those 16MB are not as ...
by mkx
Sat Feb 08, 2025 4:34 pm
Forum: General
Topic: Restore from RSC
Replies: 20
Views: 1466

Re: Restore from RSC

Would you mind adding the best way to "reset to blank config?" How about: in webfig, open System->Reset Configuration and check "No Default Configuration" . Optionally you can even upload your RSC before opening Reset Config and set it as "Run After Reset" action. I'm ...
by mkx
Sat Feb 08, 2025 4:30 pm
Forum: General
Topic: Hotspot problem - /flash directory created
Replies: 11
Views: 2656

Re: Hotspot problem - /flash directory created

how to downgrade back to 7.16.2? when i downgrade my hap ax2, it does'nt downgrade even when i paste the downgrade file and hit downgrade... What was factory ROS version on your hAP ax2? Itbcan't ge downgraded below that. Did you upload all the necessary package files? hAP ax2 needs at least router...
by mkx
Sat Feb 08, 2025 4:26 pm
Forum: General
Topic: Restore from RSC
Replies: 20
Views: 1466

Re: Restore from RSC

If you don't care about default config, then it doesn't really matter. ROS upgrade in principle doesn't change running config on the device. And default config is only applied when device is reset to defaults. Given a free choice I'd upgrade first, then reset to blank config and then apply custom co...
by mkx
Sat Feb 08, 2025 3:41 pm
Forum: General
Topic: Hw Offloading Vlan between 2 devices [SOLVED]
Replies: 16
Views: 2116

Re: Hw Offloading Vlan between 2 devices [SOLVED]

What is setup of port to which laptop is connected? Access or trunk? If access, which VLAN? Where is DHCP server which serves that VLAN. Or do you have DHCP relay on CRS? Any reason for two addresses on bridge on L009? I'd remove pirt, connecting CRS, from bridge and set address directly. Or run con...
by mkx
Sat Feb 08, 2025 3:32 pm
Forum: Beginner Basics
Topic: PoE ether 8 for L009UiGS-RM.
Replies: 10
Views: 869

Re: PoE ether 8 for L009UiGS-RM.

But the LTE router doesn't work @ether8 with PoE, it seems to need active PoE as you mentioned,

Did you try to set PoE out on ether8 to "forced on"? L009 might not be able to properly negotiate 802.3 af/at, but with forced PoE-out the connected powered device might work just fine.
by mkx
Sat Feb 08, 2025 1:45 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

But as far as I understand the architecture there is some overhead for having a package, and thus the situation in a 16MB flash device where all the packages are loaded by default there will be even less available space. Of course joe the average user will never remove the packages they do not need...
by mkx
Fri Feb 07, 2025 10:01 pm
Forum: Beginner Basics
Topic: Entry level 10GB router planning.
Replies: 7
Views: 796

Re: Entry level 10GB router planning.

Even CCR2004-1G-12S+2XS at over $500 is not what I would classify as entry level...
Like it or not, but router at around 1k$ is nowdays entry level for 10Gbps. It's only that many of us consider 10Gbps to be far from entry level.
by mkx
Fri Feb 07, 2025 8:39 pm
Forum: RouterBOARD hardware
Topic: Resurrect old RB750 v4.13 Mikrotik RouterBOARD [SOLVED]
Replies: 31
Views: 2627

Re: Resurrect old RB750 v4.13 Mikrotik RouterBOARD [SOLVED]

On the winbox screenshot, everything is set-up to click connect (when connect to is filled with MAC address, winnix will try to connect without using IP). But there are a few problems: ROS version is extremely old, your winbox can't connect to it due to change of how password is communicated. You'd ...
by mkx
Fri Feb 07, 2025 8:27 pm
Forum: General
Topic: Two logins to webfig
Replies: 1
Views: 403

Re: Two logins to webfig

Style of webfig is locked with ROS version on a particular device. If you alternately see old and new, then it's web browser playing tricks on you (serving cached contents). Clear the cache and you'll have consistent UI. Of course, if you're switching between different ROS drvices, you'll see differ...
by mkx
Fri Feb 07, 2025 6:02 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 110
Views: 39759

Re: Wi‑Fi 7 / 802.11be

You know, when neighbouring guys gather around the BBQ and compare wifi speed between each other? It'll be the same, we'll just have to move to each front porch to hearvthat "Oh, you've got WiFi7. Damn!"
by mkx
Fri Feb 07, 2025 5:43 pm
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 110
Views: 39759

Re: Wi‑Fi 7 / 802.11be

Try 9600 baud modem dialup ... roughly 20 years ago.
More likely 30 years ago. 20 years ago we were already past ISDN (at 2x64kbps) and 2G (with HSCSD/GPRS at around 64kbps) into ADSL (1Mbps/128kbps or something in that ballpark) and (legacy) 3G/UMTS with 384/64kbps speeds.
by mkx
Fri Feb 07, 2025 5:37 pm
Forum: Beginner Basics
Topic: PoE ether 8 for L009UiGS-RM.
Replies: 10
Views: 869

Re: PoE ether 8 for L009UiGS-RM.

I had a while ago a similar problem with wAP AX and L009. wAP AX requires 802.3 at/af. You sure about that? wAP ax ships with (passive PoE injector) RBGPOE and 24V power adapter. In my installation UTP cables cause 1V drop and wAP ax happily humms along with 23V supply volrage: [device] > /system/h...
by mkx
Fri Feb 07, 2025 5:09 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17.2 [stable] is released!

Its going forward when the deployment pipeline starts with routeros versions where the default device-mode does not allow the setting to be changed. The argument reminds me of discussion when devices started to ship with random admin password. Yes, it does hinder automatic configuration and deploym...
by mkx
Fri Feb 07, 2025 4:23 pm
Forum: General
Topic: Upgrading CCR2004
Replies: 4
Views: 532

Re: Upgrading CCR2004

The internal configuration database handling seems to be as clear as mud. It seems to contain some kind of history but it seems that in certain cases it can be cleared. My recent experience: hAP ac2, running 7.17 without wifi/wireless drivers, some 2.7MB flash free. Device did have it's history of u...
by mkx
Fri Feb 07, 2025 2:29 pm
Forum: General
Topic: Re: Backup/ Restore issue and duplicating Ethernet MAC address
Replies: 1
Views: 401

Re: Backup/ Restore issue and duplicating Ethernet MAC address

Backup files are intended to be restored on very same device. They might be restored on different device of very same model ... and if they are used to restore service after hardware breakdown, that works ... by keeping MAC addresses even better, other networked devices even won't notice hardware re...
by mkx
Fri Feb 07, 2025 12:56 pm
Forum: RouterBOARD hardware
Topic: Running out of space on hAP ac2 [SOLVED]
Replies: 77
Views: 26857

Re: Running out of space on hAP ac2 [SOLVED]

Well IMHO, 32MB would have been enough Experience with some newer devices (e.g. Audience) is that even 128MB might not be enough to allow for partitioning ... because upgrade packets get downloaded to flash. If the "RAM-disk as root of storage" strategy was revised to not depend on flash ...
by mkx
Fri Feb 07, 2025 12:17 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

... read other forum topics, where MTik users/admins listed a lot of problematic scenarios, to which the manufacturer did not respond in any meaningful way, or not at all, just repeatedly asking, "what scenario cause problem", we answered most of them with compelling arguments, and that's...
by mkx
Fri Feb 07, 2025 12:01 pm
Forum: Announcements
Topic: v6.49.18 [stable] is released!
Replies: 20
Views: 14379

Re: v6.49.18 [stable] is released!

As always - if a stable version is "okay", then after a while it is re-published as long-term. How long is "after a while"? Last long-term is 6.49.13. Previous stable was 6.49.17, released on 2024-08-07 ... which is quite a bit longer than half a year ago. Are you saying that ha...
by mkx
Thu Feb 06, 2025 10:37 pm
Forum: General
Topic: Switchport Fluke not always working
Replies: 1
Views: 570

Re: Switchport Fluke not always working

The switch data is derived from CDP packets, which are periodically broadcast by switch via all (active) ports. Why fluke received those during one session and not during the other session is beyond my knowledge.
by mkx
Thu Feb 06, 2025 10:28 pm
Forum: General
Topic: Upgrading from V6 to V7...
Replies: 15
Views: 1483

Re: Upgrading from V6 to V7...

Is that the case even if I don't use the wireless packages? If you go the upgrade path using ROS buolt-in package updater, then 7.12.1 is required step. It's tge version which "knows" to install separate wireless package, existing from 7.13 onwards (which can then be uninstalled if you do...
by mkx
Thu Feb 06, 2025 10:16 pm
Forum: General
Topic: Restore from RSC
Replies: 20
Views: 1466

Re: Restore from RSC

Export of default config creates non-empty RSC.

Which means that such export can't be applied to device with already applied default config - it causes errors about items already existing, etc.

Which in turn means that any exported RSC can only be applied to device with empty config.
by mkx
Thu Feb 06, 2025 8:48 pm
Forum: Beginner Basics
Topic: Mapping 2 different ports range
Replies: 4
Views: 500

Re: Mapping 2 different ports range

Generally, dst-port range has no relation with to-ports range. So I'm affraid that 100 rules it is.
by mkx
Thu Feb 06, 2025 8:44 pm
Forum: Beginner Basics
Topic: How to offer DHCP only on WIFI but not on ether
Replies: 9
Views: 781

Re: How to offer DHCP only on WIFI but not on ether

It may clarify the motive ... but doesn't make it any more doable.

And when I was asking about network description, I had technical details in mind, not sociological description. :wink:
by mkx
Thu Feb 06, 2025 6:49 pm
Forum: Beginner Basics
Topic: DHCP Server setup without WAN [SOLVED]
Replies: 5
Views: 922

Re: DHCP Server setup without WAN [SOLVED]

Bullet #3 is completely unnecessary in your case. If DHCP client was to receive a lease (from another DHCP server in same ethernet network), then other devices, connected to bridged ports, would as well. Since you need DHCP server I'm assuming there is no other DHCP server available, so bullet #3 sh...
by mkx
Thu Feb 06, 2025 6:35 pm
Forum: General
Topic: Restore from RSC
Replies: 20
Views: 1466

Re: Restore from RSC

Do i start with the defaul config or an empty/blank/non-existent config? Since default config creates non-empty export, it's a sign that applying it requires blank starting state. And no, you can't instruct ROS to set something statically (e.g. bridge MAC address) without explicitly setting the val...
by mkx
Thu Feb 06, 2025 6:21 pm
Forum: General
Topic: Hw Offloading Vlan between 2 devices [SOLVED]
Replies: 16
Views: 2116

Re: Hw Offloading Vlan between 2 devices [SOLVED]

Your L009 is still slightly faster than CRS when it comes to CPU-based routing/firewalling (according to official test results around 40%), so it still makes sense to use it as border gateway for your home network (while using CRS as core router). Keep in mind that number of L3HW offloaded connectio...
by mkx
Thu Feb 06, 2025 5:56 pm
Forum: General
Topic: Restore from RSC
Replies: 20
Views: 1466

Re: Restore from RSC

Exported config is mostly troublesome for setting static MAC addresses. You can simply remove that particular property setting from rsc and ROS will come up with one automatically. For the bridge MAC also remove auto-mac=no setting. You can then manually set MAC addresses later on. Alternatively you...
by mkx
Thu Feb 06, 2025 4:49 pm
Forum: Wireless Networking
Topic: Trying to understand vlan-filtering + datapath.vlan-id in capsman AX
Replies: 8
Views: 2492

Re: Trying to understand vlan-filtering + datapath.vlan-id in capsman AX

Generally with bridge which is vlan enabled, there are two halves of the story, both halves are more or less unrelated (whether more or less depends on some config details): /interface/bridge/port is about ingress. PVID is set there and it affects the ingress untagged frames. If frame-types is set e...
by mkx
Thu Feb 06, 2025 3:57 pm
Forum: Beginner Basics
Topic: How to offer DHCP only on WIFI but not on ether
Replies: 9
Views: 781

Re: How to offer DHCP only on WIFI but not on ether

Generally you don't. DHCP handshake partly works over broadcasts and those pass throughout L2 broadcast domain (and bridge does transparrently join parts of network into same L2 broadcast domain). There are some tricks on how to block DHCP handshake with certain clients or via certain parts of netwo...
by mkx
Thu Feb 06, 2025 1:35 pm
Forum: General
Topic: Hw Offloading Vlan between 2 devices [SOLVED]
Replies: 16
Views: 2116

Re: Hw Offloading Vlan between 2 devices [SOLVED]

One last question, if I setup all like that, does the firewall rules on the L009 still apply between the CRS VLANs? No, inter-VLAN traffic will bypass L009. If you want to control inter-VLAN traffic, you have to do it on CRS .. either routing rules (these are pretty coarse, but consume way less res...
by mkx
Thu Feb 06, 2025 1:17 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17.1 [stable] is released!

So, after remote upgrade to 7.17, install-any-version is disabled and it's impossible to downgrade without physical access if there are any issues found? It's partially true: no, it's not that you can't downgrade, you're just limited to certain minimum version. Default 7.17 setting is allowed-versi...
by mkx
Wed Feb 05, 2025 9:20 pm
Forum: Beginner Basics
Topic: DHCP Server setup without WAN [SOLVED]
Replies: 5
Views: 922

Re: DHCP Server setup without WAN [SOLVED]

Post config of hEX PoE (execute /export in terminal window ...). Without seeing config it's not possible to say what's wrong.

Generally DHCP server doesn't care about availability of WAN.
by mkx
Wed Feb 05, 2025 9:14 pm
Forum: RouterBOARD hardware
Topic: hap ax2 PoE-port suddenly limited to 100Mbps
Replies: 15
Views: 1206

Re: hap ax2 PoE-port suddenly limited to 100Mbps

I guess that part of PoE-in, there are capacitors on each line between PoE-in power "ejector" and ethernet transformers. And broken capacitor (not shorted but burned) would effectively isolate that particular line. Or some soldered point simply developed a crack. I don't think it's easy to...
by mkx
Wed Feb 05, 2025 8:00 pm
Forum: RouterBOARD hardware
Topic: Running out of space on hAP ac2 [SOLVED]
Replies: 77
Views: 26857

Re: Running out of space on hAP ac2 [SOLVED]

When you consider that bad, look at my situation: I have a RB4011, once considered to be the flagship home router, 3.5 times as expensive as the ac2, but cannot use the new Wi-Fi driver because 2GHz Wi-Fi does not work then. Well, to paraphrase certain @pe1chl: install wifi-qcom-ac and move it to a...
by mkx
Wed Feb 05, 2025 7:55 pm
Forum: RouterBOARD hardware
Topic: hap ax2 PoE-port suddenly limited to 100Mbps
Replies: 15
Views: 1206

Re: hap ax2 PoE-port suddenly limited to 100Mbps

IIRC if pins 4,5,7 or 8 aren't properly connected to the peer, then switch will show only speeds up to 100Mbps as advertised by peer ... even if peer advertises faster speeds. My guess is some (electrical?) damage to ether1. Does PoE-in still work? The passive PoE-in uses same cable pairs as are nee...
by mkx
Wed Feb 05, 2025 7:40 pm
Forum: Wireless Networking
Topic: wifiwave2 connect-list
Replies: 4
Views: 4573

Re: wifiwave2 connect-list

It seems that access-list subtree should allow to set device in station mode to behave similarly to legacy wireless with connect-list, I seem to remember a few discussions about it. Sadly I din't find any useful topic right now ... and I never tried it myself. So let's hope that somebody with right ...
by mkx
Wed Feb 05, 2025 5:23 pm
Forum: RouterBOARD hardware
Topic: Running out of space on hAP ac2 [SOLVED]
Replies: 77
Views: 26857

Re: Running out of space on hAP ac2 [SOLVED]

So... do you suggest that ....

With 16MB ARM devices there are two choices: either run device as wired-only router (by uninstalling either of wireless/wifi drivers) or run device as simple AP without sny kind of routing/firewalling setup.
It's sad, but that's how it is.
by mkx
Wed Feb 05, 2025 5:18 pm
Forum: Wireless Networking
Topic: wifiwave2 connect-list
Replies: 4
Views: 4573

Re: wifiwave2 connect-list

I tried to create a subinterface and make it in station mode.
Only master interface can realistically be used in station mode ... because only master interface can scan frequencies for APs.
by mkx
Wed Feb 05, 2025 2:18 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 2849

Re: A simple WAN/LAN/DMZ VLAN config to start off

As I already explained, VLAN ID 1 is used in implicit configuration which makes it non-obvious and even non-transparent. And that makes it insecure. Having the NoOp VLAN interface again makes things a bit muddy, users who don't understand how bridge and L2HW offload works might jump into wrong concl...
by mkx
Wed Feb 05, 2025 2:03 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17.1 [stable] is released!

... nobody understands the device mode on the routers ... I think many (or even most?) of us understand the device mode but most (almost all?) of us disagree with MT on how to handle upgrades other than netinstall. I guess this is what you're saying as well, but IMO your choice of words makes it so...
by mkx
Wed Feb 05, 2025 1:56 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 2849

Re: A simple WAN/LAN/DMZ VLAN config to start off

Your setup probably works fine for you and I'm glad for it. But the problem is when it gets published as a general template for newcomers to grab and blindly apply. Because generally it has a few problems and those will bite a few of those users. And that's the reason for it getting quite some negat...
by mkx
Wed Feb 05, 2025 1:11 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 2849

Re: A simple WAN/LAN/DMZ VLAN config to start off

Oh, and I forgot, the NoOp VLAN interface gives you a traffic monitor that only includes LAN traffic ... ... if that traffic hits CPU-facing bridge port (either due to being CPU communicating with devices on same VLAN or if it's broadcast traffic). Most of traffic between devices, connected to brid...
by mkx
Wed Feb 05, 2025 12:46 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 2849

Re: A simple WAN/LAN/DMZ VLAN config to start off

Just for illustration: two problems with your template: /interface bridge add ingress-filtering=no name=bridge vlan-filtering=yes /interface vlan add comment="1 LAN" interface=bridge name=lan vlan-id=1 Implicit configuration has bridge CPU-facing port set with pvid=1. Which makes bridge un...
by mkx
Wed Feb 05, 2025 12:33 pm
Forum: Wireless Networking
Topic: Add CAP AX as CAP to RB2011 CapsMan problem
Replies: 3
Views: 2034

Re: Add CAP AX as CAP to RB2011 CapsMan problem

Will it ever be unified into one version? No. It seems that MT will just let the legacy wireless CAPsMAN die of old age together with devices running legacy wireless driver. The main thing of the new wifi CAPsMAN is enhanced mobility (802.11 r/k/v) ... which is not supported by legacy wireless driv...
by mkx
Wed Feb 05, 2025 12:22 pm
Forum: Beginner Basics
Topic: A simple WAN/LAN/DMZ VLAN config to start off
Replies: 17
Views: 2849

Re: A simple WAN/LAN/DMZ VLAN config to start off

... VLAN 1 on Mikrotik devices has well-defined behavior. The main point for this particular configuration is that it is transparent. You're right about well-defined behaviour. The problem is that it's not apparent, default VLAN 1 config is not shown in exported config nor in most GUI screens (apar...
by mkx
Wed Feb 05, 2025 11:39 am
Forum: RouterBOARD hardware
Topic: RB951 does not start with poe-in
Replies: 3
Views: 1262

Re: RB951 does not start with poe-in

>> PoE switch, 15 watts per port - maybe it is not enough for RB951 to start? RB951Ui is rated for input voltage 10V-28V and "passive PoE" ... So if your switch is 802.3 af (that's consistent with 15W power output), then it is using 48V and has potential to fry your RB951Ui. If your switc...
by mkx
Wed Feb 05, 2025 11:24 am
Forum: Wireless Networking
Topic: All my device prefer 2.4ghz over 5ghz. Mikrotik hap ax2 with capsman.
Replies: 7
Views: 1417

Re: All my device prefer 2.4ghz over 5ghz. Mikrotik hap ax2 with capsman.

But some dual-band devices prefer 2.4GHz and don't roam to 5GHz if they're left to their own will and no amount of support for WiFi mobility (802.11 r/k/v) changes that. One example of such devices is Huawei MediaPad T5 ... which does work with 5GHz-only SSIDs just fine.
by mkx
Wed Feb 05, 2025 11:16 am
Forum: General
Topic: Undefined behavior & lost traffic on devices with switch without bridge VLAN offloading
Replies: 3
Views: 975

Re: Undefined behavior & lost traffic on devices with switch without bridge VLAN offloading

@mkx: And, as I already mentioned, the idea is to have gridge as complete as it gets. If certain L2 functions have to be configured elsewhere this doesn't mean that bridge can be left only partially built This is exactly my point here - the bridge makes sense if you want bridge on the CPU side. How...
by mkx
Wed Feb 05, 2025 11:05 am
Forum: General
Topic: Test Results for L3HW routing missing for CRS326-24S+2Q+RM
Replies: 2
Views: 989

Re: Test Results for L3HW routing missing for CRS326-24S+2Q+RM

is there a reason why there are no L3 hardware offloaded tests here: So far it seems that official benchmark is only done when device is introduced and they are not re-done after that. So it is likely that L3HW did not exist in ROS when CRS326 was introduced and they could not test it. The fact tha...
by mkx
Wed Feb 05, 2025 10:47 am
Forum: General
Topic: Hw Offloading Vlan between 2 devices [SOLVED]
Replies: 16
Views: 2116

Re: Hw Offloading Vlan between 2 devices [SOLVED]

You want L3HW offload functional on CRS, so study this help document: https://help.mikrotik.com/docs/spaces/ROS/pages/62390319/L3+Hardware+Offloading You'll have to add IP address to every VLAN where you want CRS to route between. And set devices in those VLANs to use CRS's address as default gatewa...
by mkx
Wed Feb 05, 2025 10:34 am
Forum: Beginner Basics
Topic: Point to Point SXTsq 200m apart
Replies: 15
Views: 6288

Re: Point to Point SXTsq 200m apart

What folder is the config in?
The running config is on the part of built-in storage which is not accessible for users. So you can't delete it just like that.
by mkx
Wed Feb 05, 2025 10:30 am
Forum: Beginner Basics
Topic: DHCP Relay VS Bridge [SOLVED]
Replies: 4
Views: 1325

Re: DHCP Relay VS Bridge [SOLVED]

I forgot to add that users will get dynamic VLAN assignemt from RADIUS server.

Which means that VLANs are in the mix already. IMO another point in favour of VLAN-enabled bridges (and against DHCP relay).
by mkx
Wed Feb 05, 2025 10:10 am
Forum: Beginner Basics
Topic: Slow Network Speeds via MikroTik CRS304-4XG
Replies: 2
Views: 635

Re: Slow Network Speeds via MikroTik CRS304-4XG

... but now I have an issue with excessive retries. Retransmissions are one of ways for TCP to throttle back. And they indicate that it's not the first leg from transmitter which has (performance) problems. You can try with UDP connectivity ... start with modest bandwidth setting (e.g. 2Gbps) and g...
by mkx
Tue Feb 04, 2025 8:19 pm
Forum: General
Topic: Very slow download speed - Please help!
Replies: 11
Views: 1169

Re: Very slow download speed - Please help!

It would be under Tx stats and Rx stats ...
by mkx
Tue Feb 04, 2025 8:11 pm
Forum: General
Topic: Very slow download speed - Please help!
Replies: 11
Views: 1169

Re: Very slow download speed - Please help!

IMO configuration from your latest post doesn't explain the extremely low throughput in download direction.

Can you check the stats on ether1 port? Does it show any errors?
by mkx
Tue Feb 04, 2025 8:00 pm
Forum: General
Topic: Free Up Space [SOLVED]
Replies: 1
Views: 1124

Re: Free Up Space [SOLVED]

Netinstall is the only way out.
by mkx
Tue Feb 04, 2025 6:59 pm
Forum: Beginner Basics
Topic: DHCP Relay VS Bridge [SOLVED]
Replies: 4
Views: 1325

Re: DHCP Relay VS Bridge [SOLVED]

If you can use one VLAN per building ... and bring them to main router, then this would give you most flexibility ... building routers would become switches (bridges). With bridge there might be more traffic on the connection towards main router (broadcasts mainly) then with routed traffic. If capac...
by mkx
Tue Feb 04, 2025 6:13 pm
Forum: General
Topic: Very slow download speed - Please help!
Replies: 11
Views: 1169

Re: Very slow download speed - Please help!

Disabling fasttrack can have "delayed effect", the existing connectiins are still fasttracked. It's best to reboot router to get things reset to (new) settings. BTW, your router's test results indicate routing speed at around 900Mbps. But depending on actual configuration it can be much lo...
by mkx
Tue Feb 04, 2025 5:50 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax what Antenna Ports?
Replies: 11
Views: 3740

Re: Chateau LTE18 ax what Antenna Ports?

So it would be a bad thing to plop an antenna like this on my roof, attach it to ANT2 and call it a day? https://www.pctel.com/antenna-product/wlq-4g-directional-cellular-antenna-2g-3g-4g-5g-nb-iot-m2m-smart-city-smart-metering-sma/ Because the receiver hardware expects a certain signal from the bu...
by mkx
Tue Feb 04, 2025 5:29 pm
Forum: General
Topic: Very slow download speed - Please help!
Replies: 11
Views: 1169

Re: Very slow download speed - Please help!

Mangle rules and fasttrack don't cooperate. So disable the fasttrack rule in firewall filter.
by mkx
Tue Feb 04, 2025 5:22 pm
Forum: General
Topic: Undefined behavior & lost traffic on devices with switch without bridge VLAN offloading
Replies: 3
Views: 975

Re: Undefined behavior & lost traffic on devices with switch without bridge VLAN offloading

The basic idea, mentioned everywhere in the docs, is that switched ports are members of bridge. The fact, that it works for you if not all ports are bridge members, is some kind of gray area ... and hence behaviour might change from version to version. And yes, it is normal that bridge config does a...
by mkx
Tue Feb 04, 2025 1:12 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax what Antenna Ports?
Replies: 11
Views: 3740

Re: Chateau LTE18 ax what Antenna Ports?

With MIMO radio systems (WiFi from N onwards, mobile broadband from 4G/LTE onwards) the distinction between "main" antenna and "aux"/"diversity" antenna doesn't exist any more. All antennas are equally important. Some chipsets/drivers simply hate it when signal levels, ...
by mkx
Tue Feb 04, 2025 11:55 am
Forum: General
Topic: Hw Offloading Vlan between 2 devices [SOLVED]
Replies: 16
Views: 2116

Re: Hw Offloading Vlan between 2 devices [SOLVED]

Some basics: L2 offload works between different ports within same VLAN. Router is needed to pass between different VLANs. Only a few devices can do L3 (routing) HW ofgload and it'll work if that device is set up as router and other devices use it as their gateway. So it won't work by simply dropping...
by mkx
Tue Feb 04, 2025 11:32 am
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 1854

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

**... it also means if you add a new bridge at the CLI — either from blank or even a 2nd bridge — any new bridge added will have auto-mac=yes ... which will use lowest MAC address as the bridge MAC automatically. With a pretty convoluted config this will end up having multiple bridges with same MAC...
by mkx
Tue Feb 04, 2025 10:51 am
Forum: Beginner Basics
Topic: Simple AP Bridge setup
Replies: 29
Views: 104676

Re: Simple AP Bridge setup

I'd explicitly add all interfaces as bridge ports onenvy one instead of using interface=all. It might or might not make any difference.
by mkx
Mon Feb 03, 2025 10:09 am
Forum: General
Topic: "Error in Gateway - non zero ip address expected!" when using Quick Set
Replies: 20
Views: 1854

Re: "Error in Gateway - non zero ip address expected!" when using Quick Set

QuickSet is supported as far as initial/simple setup. If you have to set up anything outside QuickSet, you should never ever return to QuickSet page. Not even for unrelated things.
by mkx
Mon Feb 03, 2025 10:05 am
Forum: General
Topic: parsing the log for out:(unknown 0) is a disaster
Replies: 3
Views: 1088

Re: parsing the log for out:(unknown 0) is a disaster

So why is this interface listed when the dropped packet does not pass this interface ? Because egress interface is not known when FW drops connection/packet. Why? It depends on rule itself and L3 networks layout on your router. So without knowing that and full log line it's impossible for us to tel...
by mkx
Mon Feb 03, 2025 9:54 am
Forum: Beginner Basics
Topic: Cannot change boot mode to SwOS
Replies: 4
Views: 1081

Re: Cannot change boot mode to SwOS

Under device mode, you need routerboard=yes to be able to change anything in routerboard config menu.
by mkx
Sun Feb 02, 2025 7:57 pm
Forum: Beginner Basics
Topic: How to set up VLAN to pass traffic through a managed switch? [SOLVED]
Replies: 43
Views: 6380

Re: How to set up VLAN to pass traffic through a managed switch? [SOLVED]

However, connecting to the guest and iot WiFi doesn't grant me access to the internet now. Could be it's because you're blocking access to DNS server on router itself from !LAN subnets (blocked by general "drop input all not from LAN"). You'll have to create allow rules for both TCP and U...
by mkx
Sun Feb 02, 2025 7:30 pm
Forum: General
Topic: ethernet port on Guest Network [SOLVED]
Replies: 10
Views: 2199

Re: ethernet port on Guest Network [SOLVED]

You've got this right (as far the scope of this topic).
by mkx
Sun Feb 02, 2025 7:26 pm
Forum: General
Topic: Cannot change back the CPU frequency [SOLVED]
Replies: 11
Views: 1947

Re: Cannot change back the CPU frequency [SOLVED]

... but then it shouldn't allowed me to change the frequency from "Auto" in the first place.

At which ROS version did you set CPU frequency to 1400MHz? Versions lower than 7.17 allowed that without a hiccup ...
by mkx
Sun Feb 02, 2025 6:16 pm
Forum: Wireless Networking
Topic: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?
Replies: 6
Views: 1896

Re: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?

It was a constant traffic (60-180kb/s) with no clients on CAP, too. Hmmm ... are you sure that it's all CAP<->CAPsMAN traffic? I just checked in my network with 2 CAPs (one Audience, one wAP ax) and CAPsMAN (hAP ac2 without wifi-qcom-ac driver, so essentially wired router) .... and traffic on manag...
by mkx
Sun Feb 02, 2025 6:08 pm
Forum: Wireless Networking
Topic: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?
Replies: 6
Views: 1896

Re: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?

Why did they add this kind of status message, if local forwarding is the default and the only one mode in wifi-qcom-ac...? :D It's very misleading... I disagreeabout being misleading. It's saying that "traffic is bring processed on CAP". I guess they added the message to always inform use...
by mkx
Sun Feb 02, 2025 6:00 pm
Forum: Wireless Networking
Topic: 7.17.1
Replies: 2
Views: 1141

Re: 7.17.1

Technically yes.

It largely depends on currently running version of ROS how exactly the installation will go.
by mkx
Sun Feb 02, 2025 5:55 pm
Forum: General
Topic: 1.3km Possible?
Replies: 49
Views: 3024

Re: 1.3km Possible?

One of the reasons I like the 300' roll is the lack of joints. When they laid GPON in my area, they joined shorter stretches of protective tubes into approx 1km stretches ... where they put in shallow shafts ... concrete sections of pipes placed verically,1m deep and 50cm of diameter (covered with ...
by mkx
Sun Feb 02, 2025 5:26 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 1586

Re: hAP Lite, recoverable??

You'll have to press that button to get your device into netinstall mode ... and that involves prolonged depression of button. So you can start practicing :wink: As to netinstall machine: if you have access to a x86 laptop (regardless OS), you can try to boot it off a live linux USB stick ... with s...
by mkx
Sun Feb 02, 2025 5:19 pm
Forum: General
Topic: ATL suddenly says "sim not present"
Replies: 19
Views: 1673

Re: ATL suddenly says "sim not present"

Could be temperature related ... IIRC your ATL is high in the mountains where night temperatures might be quite low. And if some moisture entered ATL, it could add water condensation to the "happy mix".
by mkx
Sun Feb 02, 2025 5:15 pm
Forum: General
Topic: 1.3km Possible?
Replies: 49
Views: 3024

Re: 1.3km Possible?

With the short distance, you can go for a super flexible multimode ... @OP mentioned 1.3km distance ... and that's direct distance. Which is way longer than 550m limit for multimode fiber. So if @OP decides for digging, it should be single-mode ... which is most often laid inside protective tube. D...
by mkx
Sun Feb 02, 2025 4:58 pm
Forum: General
Topic: 2gws, slowly internet [SOLVED]
Replies: 7
Views: 2024

Re: 2gws, slowly internet [SOLVED]

My main suspect is fastrack too, but there is no option to disable fastrack via Winbox. It's a firewall filter rule with action=fasttrack-connection ... disable it (or remove it). Just beware, existing connections, which are already fasttracked, will remain fasttracked even if said rule is disabled...
by mkx
Sun Feb 02, 2025 3:54 pm
Forum: General
Topic: ethernet port on Guest Network [SOLVED]
Replies: 10
Views: 2199

Re: ethernet port on Guest Network [SOLVED]

So any ideas on why going from tagged to untagged worked? My Virtual Wireless interfaces are tagged, but my ethernet interface is untagged. I would be grateful for help in understanding this. The tagged/untagged setting is about how frames are seen on the cable side of ethernet port. Unless device,...
by mkx
Sun Feb 02, 2025 3:48 pm
Forum: Beginner Basics
Topic: hAP Lite, recoverable??
Replies: 17
Views: 1586

Re: hAP Lite, recoverable??

So your hAP ac lite still has some config but seems not all of it. But who knows which part of config still works (or messes with you). First option is to perform configuration reset ... if that one fails, it's netinstall time. I'm just mentioning reset because of your "mac only" handicap ...
by mkx
Sat Feb 01, 2025 10:33 pm
Forum: RouterBOARD hardware
Topic: RB951 does not start with poe-in
Replies: 3
Views: 1262

Re: RB951 does not start with poe-in

What exactly are the symptoms? Device doesn't show any signs of life? Or device starts to do something but never boots up properly? If the later: devices often draw more power at boot time than later when operating normally. Inadequate power source might not be able to provide power needed for booti...
by mkx
Sat Feb 01, 2025 10:13 pm
Forum: Wireless Networking
Topic: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?
Replies: 6
Views: 1896

Re: Traffic processing on CAP with WiFi CAPsMAN in 7.17? Possible bug?

@kovacspro are you saying that with 7.16.2 you don't see traffic between CAP s and CAPsMAN on port 5246?

In principle there will be some traffic between them due to station steering etc. Quite probably station registration is also controlled by CAPsMAN and possibly other things.
by mkx
Sat Feb 01, 2025 9:56 pm
Forum: Beginner Basics
Topic: How to set up VLAN to pass traffic through a managed switch? [SOLVED]
Replies: 43
Views: 6380

Re: How to set up VLAN to pass traffic through a managed switch? [SOLVED]

You adapt CAPsMAN configuration to VLANs, not the other way around. So do the VLANs properly first, then worry about CAPsMAN. And yes, if one doesn't know exactly what he's doing, he will break things ... and probably break them hard. So it's questionable if it's worth doing things only partially in...
by mkx
Sat Feb 01, 2025 2:18 pm
Forum: General
Topic: RSTP Issue
Replies: 4
Views: 1313

Re: RSTP Issue

Genrally multiple bonds work fine on ROS devices. So it might be domething about how you set them up ... both on CCR and both CRSes.

If you post config from all 3 devices (the /interface part will probably be enough), we may spot domething off ...
by mkx
Sat Feb 01, 2025 1:22 pm
Forum: Beginner Basics
Topic: CRS305 1G+4S+ not working after SwOS version 2.17 update.
Replies: 3
Views: 1263

Re: CRS305 1G+4S+ not working after SwOS version 2.17 update.

Settings in ROS and SwOS are completely separate, as if they were running on different devices.

IP address shown as 0.0.0.0 is s sign of no address at all (it's just the way of winbox saying it doesn't have any information about that).
by mkx
Sat Feb 01, 2025 1:20 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

... IGMP snooping on both bridges and both devices on the latest 7.18-beta4

RAs are multicast ... so IGMP snooping might be playing foul game here. Try to disable it to see if that's the case.
by mkx
Sat Feb 01, 2025 1:17 pm
Forum: Beginner Basics
Topic: Forum rules
Replies: 39
Views: 155227

Re: Forum rules

Che differenza fa?
[What difference does it make?]
My ego isn't getting food to grow ...
by mkx
Fri Jan 31, 2025 10:49 pm
Forum: General
Topic: echo: system,error,critical could not save configuration changes, not enough storage space available.
Replies: 20
Views: 4593

Re: echo: system,error,critical could not save configuration changes, not enough storage space available.

that gave me healthy 2.8MB of free space before filling up the address lists ok, and that amount of free space does not "autonomously" change, i.e. remains the same unless you cnahge something in the configuration? The free space remained constant for some 4 months while running 7.16 (wit...
by mkx
Fri Jan 31, 2025 9:37 pm
Forum: General
Topic: echo: system,error,critical could not save configuration changes, not enough storage space available.
Replies: 20
Views: 4593

Re: echo: system,error,critical could not save configuration changes, not enough storage space available.

As in "the wifi-qcom-ac driver may have nothing to do with that". In my particular case the reason was obvious: with advent of 7.13 I felt adventurous and went ahead with replacing wireless with wifi-qcom-ac. After installation of base ROS and wifi-qcom-ac package only some 300kB of flash...
by mkx
Fri Jan 31, 2025 8:29 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17 [stable] is released!

The big problem of hAP ac2 and wifi-qcom-driver is lack of flash storage. @mkx, would you mind creating a dedicated topic to discuss the points above outside this 7.17.x related one? Actually I do. My use case for my hAP ac2 doesn't require any wireless driver and it's not available for experimenti...
by mkx
Fri Jan 31, 2025 3:39 pm
Forum: Wireless Networking
Topic: HAPax3 WiFi 2GHz Interface Not Running
Replies: 5
Views: 1894

Re: HAPax3 WiFi 2GHz Interface Not Running

And ... what does /log/print have to say about 2.4GHz interface?
by mkx
Fri Jan 31, 2025 3:23 pm
Forum: General
Topic: rb4011 bad irq to cpu affinity
Replies: 2
Views: 1372

Re: rb4011 bad irq to cpu affinity

It's actually a bug in how GUIs (both winbox and webfig) handles missing information. If you check IRQ distribution in CLI, you may see something like this: [device] > /system/resource/irq/print Flags: o - READ-ONLY Columns: IRQ, USERS, CPU, ACTIVE-CPU, COUNT # IRQ USERS CPU ACTIVE-CPU COUNT 0 o 20 ...
by mkx
Fri Jan 31, 2025 3:10 pm
Forum: General
Topic: How to secure DarkFiber between 2 MikroTik
Replies: 17
Views: 4865

Re: How to secure DarkFiber between 2 MikroTik

Its strange that MT's favorite chip supplier MARVELL didn't offer MT one of there chips that has MACSEC integrated, as they have boat-loads of supported switching chips with it available. I'm pretty sure that Marvell isn't denying MT to use some of their MACSEC-enabled switch chips ... it's probabl...
by mkx
Fri Jan 31, 2025 3:07 pm
Forum: General
Topic: received NAK from dhcp server
Replies: 7
Views: 2967

Re: received NAK from dhcp server

Re blocking: since DHCP is typically done inside L2 broadcast domain, DHCP handshake doesn't go past routers. Which generally means that any DHCP handshake with ZTE thingy will generally originate from router itself (and not from some devices, connected to router's LAN segment). Unless you have all ...
by mkx
Fri Jan 31, 2025 3:01 pm
Forum: General
Topic: Mikrotik RB4011 - IPTV
Replies: 4
Views: 1229

Re: Mikrotik RB4011 - IPTV

You need to find out how exactly your ISP delivers internet (you're mentioning PPPoE so this probably says it all) and how IPTV. Then you need to find out how ONT gets configured the ports. And you need to find out if IPTV boxes require untagged IPTV.

Then we'll be able to discuss things.
by mkx
Fri Jan 31, 2025 2:55 pm
Forum: General
Topic: ipv6 address in DDNS
Replies: 3
Views: 1222

Re: ipv6 address in DDNS

... you normally get a /64 or /52 prefix that is enough for all your connected devices. /64 is most often not enough ... each LAN subnet needs separate /64 prefix while those brain-dead ISP who provide only /64 prefix often require that router uses one address from the same prefix on WAN interface ...
by mkx
Fri Jan 31, 2025 2:49 pm
Forum: General
Topic: Running DSNAKE protocol over two switches
Replies: 3
Views: 1163

Re: Running DSNAKE protocol over two switches

I can't comment on 100BaseTx and SFP modules. So it remains to comment on compatibility with MT gear: if their solutions are truly L2 compatible with ethernet, then it shouldn't be a problem at all to use any kind of ethernet switch in between (apart from the timing constraints ... every switch can ...
by mkx
Fri Jan 31, 2025 2:39 pm
Forum: Beginner Basics
Topic: CRS305 1G+4S+ not working after SwOS version 2.17 update.
Replies: 3
Views: 1263

Re: CRS305 1G+4S+ not working after SwOS version 2.17 update.

Try to use winbox and MAC access to device. It could be that default ROS config was deleted from your devices for some reason which would lead to device not being set up with any IP address. Winbox MAC connection works fine in such case.
by mkx
Fri Jan 31, 2025 2:34 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17 [stable] is released!

Do you have please any feedback how hap ac2 "cooperates" with 7.17+wifiwave2 ? I have some spare devices which i need to deploy, thinking about this config+capsman for one AP. Im just wondering how does it perform (registered in this topic some reboot issues during beta phase). The big pr...
by mkx
Fri Jan 31, 2025 2:22 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

You can display the defconf using: /system/default-configuration/print The fasttrack rule does not exist in the default configuration (you have to create it), it is not clear to me in which position it should go. If you follow advice by @pe1chl, you'll place it as the very first rule in chain=forwa...
by mkx
Thu Jan 30, 2025 9:11 pm
Forum: General
Topic: Running DSNAKE protocol over two switches
Replies: 3
Views: 1163

Re: Running DSNAKE protocol over two switches

Disclaimer: I don't know a thing about dSNAKE. Once I had a closer look at a pair of USB/DP extender which uses UTP cables between them. They speak ethernet frames, so placing switch in between (with dedicated VLAN as well) still allowed them to communicate. Even though officially using ethernet swi...
by mkx
Thu Jan 30, 2025 8:53 pm
Forum: Beginner Basics
Topic: Locally administered MAC addresses
Replies: 3
Views: 1279

Re: Locally administered MAC addresses

You're right, config doesn't contain anything which would explain behaviour you're observing.
by mkx
Thu Jan 30, 2025 12:22 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17 [stable] is released!

Writing that mikrotik locked out 3rd party OSes is quite a heavy statement. Not publishing bootloader specs is effectively the same thing as locking out IMO "locking out" is deliberate and active act, "not publishing" can only be called "negligence" towards 3rd parties...
by mkx
Thu Jan 30, 2025 11:56 am
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17 [stable] is released!

Mikrotik locked out 3rd party OS with RouterBOARD firmware version 7... Writing that mikrotik locked out 3rd party OSes is quite a heavy statement. Judging on MT's track record I'd rather say that with v7 MT introduced changes in routerboot (OS loader) which are in a way incompatible and nobody rev...
by mkx
Thu Jan 30, 2025 10:40 am
Forum: Beginner Basics
Topic: Locally administered MAC addresses
Replies: 3
Views: 1279

Re: Locally administered MAC addresses

Is your CRS running ROS or SwOS? In principle devices running ROS don't have problems with LLAs. Unless there's some config interfering. You may post switch config so we can check for anything suspicious (execute /export file=anynameyouwish in terminal window, fetch file off device, open it with a t...
by mkx
Wed Jan 29, 2025 9:11 pm
Forum: General
Topic: echo: system,error,critical could not save configuration changes, not enough storage space available.
Replies: 20
Views: 4593

Re: echo: system,error,critical could not save configuration changes, not enough storage space available.

Your switch is one of devices with too little flash space ... and since you need optional package wireless to run old CAPsMAN, you'll have to consider moving legacy CAPsMAN elsewhere (and uninstall wireless package from switch). You can set up legacy CAPsMAN on one of devices which are currrenty CAP...
by mkx
Wed Jan 29, 2025 8:40 pm
Forum: General
Topic: High CPU usage
Replies: 12
Views: 1615

Re: High CPU usage

/ip fi co tr pr IMO your post would be much better if you used full commands and properties instead of these obfuscated code snippets. If not for other thing, these snipets might stop working if some future ROS would add new configuration branch/command with name beginning with same two characters ...
by mkx
Wed Jan 29, 2025 6:48 pm
Forum: General
Topic: CCR2116 - Wrong traffic per vlan/port
Replies: 2
Views: 973

Re: CCR2116 - Wrong traffic per vlan/port

VLAN traffic is traffic between device's IP stack and that device. If device is used as a switch, then traffic shown for VLAN interfaces will be low.

Or is sfp-sfpplus1 being used in a "router on a stick" manner?
by mkx
Wed Jan 29, 2025 6:43 pm
Forum: Beginner Basics
Topic: Connecting mAP lite to a switch
Replies: 12
Views: 2141

Re: Connecting mAP lite to a switch

- why use interface lists without firewall ? Also conceptually, why connect WAN interface to bridge ? There is no WAN since everything is to be bridged... Even if we put concepts aside ... script makes both wlan1 and ether1 bridge ports ... and it's wrong to use slave interfaces (i.e. btidge ports)...
by mkx
Wed Jan 29, 2025 6:20 pm
Forum: General
Topic: Blocking admin services - Firewall rules
Replies: 30
Views: 3639

Re: Blocking admin services - Firewall rules

It's perfectly fine to obfuscate sensitive parts of config ... if that's done in consistent matter .... e.g. replace actual IP address with, say, X.Y.Z.W ... as long as all occurences of same IP address is replaced by same string of characters. And if you have different IPs, obfuscate them with diff...
by mkx
Wed Jan 29, 2025 4:14 pm
Forum: Beginner Basics
Topic: POE INJECTION
Replies: 12
Views: 1734

Re: POE INJECTION

I thought that the new PoE switches were "smart" using “active” PoE (802.11af)and could negotiate power requirements with their "end user", so would automatically cater for 48V-12V step-down. Standard 802.3 af/at/bt/... PoE specifies voltage around nominal value of 48V (dependin...
by mkx
Wed Jan 29, 2025 3:53 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

Not saying it's not already ... but defconf is only applied when device is reset to factory defaults (where "factory" part is a bit misleading because it's not config applied in factory when manufacturing device, it's config set as default in any particular ROS version). I am still hoping...
by mkx
Wed Jan 29, 2025 3:41 pm
Forum: General
Topic: received NAK from dhcp server
Replies: 7
Views: 2967

Re: received NAK from dhcp server

It's perfectly normal for DHCP client to try to renew DHCP lease after half of lifetime expires. When doing it, DHCP client offers to renew lease with its current IP address. Normally DHCP server ACKs that and thing is done for another half of lease lifetime. DHCP server may decide to NAK client's &...
by mkx
Wed Jan 29, 2025 12:32 pm
Forum: General
Topic: MAC address table [SOLVED]
Replies: 6
Views: 2123

Re: MAC address table [SOLVED]

Both tables, mentioned by @panisk0 ... with addition of /interface/ethernet/switch/host ... are serving different roles: /ip/arp (and /ipv6/neighbor for IPv6) lists hosts with which IP (or IPv6) stack of router communicated in near past. It contains both IP (or IPv6) address and MAC address of that ...
by mkx
Wed Jan 29, 2025 12:23 pm
Forum: General
Topic: MLAG and frame-types for the bridge-interface?
Replies: 3
Views: 1269

Re: MLAG and frame-types for the bridge-interface?

If you set frame-types=admit-only-vlan-tagged , then pvid property of bridge port is entirely ignored ... so you can either leave it unset (in which case default setting of pvid=1 remains) or you can set it to some distinct unused value to have visual cue about that. Just be careful if you set same ...
by mkx
Wed Jan 29, 2025 10:57 am
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17 [stable] is released!

Download from ... FAILED: Idle timeout - receiving content
executing script ... from scheduler failed, please check it manually

What a meaningful trouble report. No context, no nothing. Damn, my crystal ball failed again.
by mkx
Wed Jan 29, 2025 10:56 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

Please add fasttrack ipv6 in defconf Not saying it's not already ... but defconf is only applied when device is reset to factory defaults (where "factory" part is a bit misleading because it's not config applied in factory when manufacturing device, it's config set as default in any parti...
by mkx
Wed Jan 29, 2025 10:42 am
Forum: General
Topic: MLAG and frame-types for the bridge-interface?
Replies: 3
Views: 1269

Re: MLAG and frame-types for the bridge-interface?

If vlan-filtering on bridge is disabled, then all the vlan-related stuff is ignored by bridge. Which means that PVID won't get applied to untagged frames on ingress, VLAN headr won't be stripped on egress and no vlan-filtering is done (so effectively as frame-types=admit-all and allowed VLANs are 1-...
by mkx
Wed Jan 29, 2025 10:32 am
Forum: General
Topic: ESP32 CYD as a display for data traffic
Replies: 3
Views: 1378

Re: ESP32 CYD as a display for data traffic

1. The interface to monitor is eth1 which has id 0, if I configure "const int graph_interface = 0" esp32 show me only a black screen; Index numbers (e.g. 0, 1, ...) ... are only valid after executing print command ... and are valid only until another print command is executed (even if in ...
by mkx
Wed Jan 29, 2025 10:23 am
Forum: General
Topic: Multiple AP's with same SSID, specify BSSID
Replies: 7
Views: 6243

Re: Multiple AP's with same SSID, specify BSSID

In principle it's possible to force device to connect to specific BSSID using ACL (in wifi/access-list) ... setting station-roaming=no to configuration does help afterwards (so that station doesn't even consider roaming to another BSSID).
by mkx
Wed Jan 29, 2025 8:51 am
Forum: General
Topic: Is there a reason the IPv6 subnets are not sequential?
Replies: 10
Views: 2152

Re: Is there a reason the IPv6 subnets are not sequential?

Prefixes are handed out by pool sequentially. And ROS somehow remembers their assignment ... which is good because generally same prefixes are reassigned to same interface (e.g. after reboot). So it seems that while you were playing (or should we say: learning), some prefixes were assigned to interf...
by mkx
Wed Jan 29, 2025 8:43 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

Because this time with device-mode s–t no one want lock his devices, so less persons than before do tests... I almost don't want to report this... But noticed "cloud" or "file-share" are not selectable in device-mode. I agree with complaint about "cloud" not being sele...
by mkx
Tue Jan 28, 2025 10:08 pm
Forum: SwOS
Topic: Packet loss on mirror port on CRS326-24G-2S+ Rev. 2
Replies: 6
Views: 4077

Re: Packet loss on mirror port on CRS326-24G-2S+ Rev. 2

Excellent analysis. I dont know, why the packet loss is higher, when I download from my gamer than my laptop. My guess: it's likely that your gamer is pretty much faster than your laptop, so it could ACK packets with considerably lower latency ... and hence use (a bit) more of available bandwidth. I...
by mkx
Tue Jan 28, 2025 9:01 pm
Forum: General
Topic: Blocking admin services - Firewall rules
Replies: 30
Views: 3639

Re: Blocking admin services - Firewall rules

While waiting for config: generally it's good practice (required actually) to drop everything except bare minimum of allowed services (e.g. wireguard/IPsec tunnels from whitelisted remote addresses). And it's normal not to log dropped attempts ... because those log entries don't give any information...
by mkx
Tue Jan 28, 2025 9:00 am
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 2858

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

... and I think I have Rule #7:
I agree ...
by mkx
Mon Jan 27, 2025 3:00 pm
Forum: Announcements
Topic: v7.17.2 [stable] is released!
Replies: 597
Views: 134174

Re: v7.17 [stable] is released!

After reading this thread... I'm wondering... does Mikrotik actually TEST these updates on *actual* devices? As always: some tens of users, who have problems after upgrade, did come here and report problems. Hundreds (thousands), who upgraded and didn't have any problems, didn't write any praise. M...
by mkx
Mon Jan 27, 2025 9:28 am
Forum: General
Topic: Hotspot problem - /flash directory created
Replies: 11
Views: 2656

Re: Hotspot problem - /flash directory created

Directory flash/ is present on devices with less than 64MB flash disk and more than 64MB RAM ... where root of file storage is on RAM disk instead of flash. On those systems, the remaining portion of flash disk is mounted under flash directory (and is thus root of non-volatile storage). Since RB5009...
by mkx
Mon Jan 27, 2025 8:43 am
Forum: RouterBOARD hardware
Topic: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)
Replies: 12
Views: 7595

Re: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)

The FTC21 appears to be a 48v native device (and offers some more functions if you need it). It seems as 48V native as FTC11 ... both support passive PoE as well (FTC11 goes lower with minimum voltage). It's only that FTC21 seems to properly support 802.3 af/at (possibly both Alternatives as a dece...
by mkx
Mon Jan 27, 2025 8:40 am
Forum: RouterBOARD hardware
Topic: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)
Replies: 12
Views: 7595

Re: RBFTC11: crossover cable to power from 802.3at POE (half-crossed or fully-crossed?)

Following up on this: Yes, it is poorly written. I reached out to Mikrotik and they explicitly suggested that I should use a crossover cable. I guess that everybody is puzzled as to how the "crossover" cable could possibly work in this scenario. The thing is the following: in normal cable...
by mkx
Mon Jan 27, 2025 8:15 am
Forum: General
Topic: What to buy
Replies: 31
Views: 2626

Re: What to buy

What @normis is saying (but in more words): in principle every device, running ROS, offers same functionality (apart from models with 16MB flash which is tight and doesn't allow to install all the optional ROS packages). But devices differ wildly when it comes to capacity when running those function...
by mkx
Mon Jan 27, 2025 8:09 am
Forum: Beginner Basics
Topic: Enable wireless wlan1 for a CRS109 cAP [SOLVED]
Replies: 3
Views: 1851

Re: Enable wireless wlan1 for a CRS109 cAP [SOLVED]

Hmmm ... did you try to enable the wifi1 interface on CRS? I think this is one of "settings", which can be set on CAP itself and are in power even if interface is provisioned/controlled by CAPsMAN.
by mkx
Sun Jan 26, 2025 9:04 pm
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 2858

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

Even with just two, 8631, EEB5, CA8E, 468F are nowhere to be found in this list: Right, these are all locally administered MAC addresses . So it's anybody's guess where they are coming from, could be ROS as well. Let me know if this approach is indeed the right one. Yes, it is the right approach.
by mkx
Sun Jan 26, 2025 8:49 pm
Forum: Wireless Networking
Topic: Dual-band wireless repeater
Replies: 5
Views: 1277

Re: Dual-band wireless repeater

What do you mean by "the same generation of drivers"? Either legacy wireless ... which is required on older generation of hardware, up to and (mostly) including AC. Or wifi (in particular either wifi-qcom and wifi-qcom-ac) ... which is rewuired on newest generatiin of devices ... AX and s...
by mkx
Sun Jan 26, 2025 8:34 pm
Forum: General
Topic: Major Issue with Bridges in RouterOS 7.17 [SOLVED]
Replies: 10
Views: 2858

Re: Major Issue with Bridges in RouterOS 7.17 [SOLVED]

After discussing with someone on the forum, it seems we’re not supposed to create multiple bridges. I don’t understand—why allow the possibility to do so then? It is possible and legitimate to create multiple bridges ... it's just that since ROS version 6.42 or there abouts (which added vlan-filter...
by mkx
Sun Jan 26, 2025 7:57 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 567
Views: 110034

Re: v7.18beta [testing] is released!

The whole concept of templates is riddled with bugs. Another one is that winbox will not keep inheritance of parameters from templates, it will just copy them (e.g. into the connection). The problem is similar with templates/profiles under /interface/wifi and is not exclusive for winbox ... in CLI ...
by mkx
Sun Jan 26, 2025 4:03 pm
Forum: General
Topic: New capsman and eoip cap help
Replies: 5
Views: 1214

Re: New capsman and eoip cap help

As far as my experience goes, there are two things: capsman has to listen on interface where cap will eventually try to connect (see next bullet). Most often that's management interface but can ve multiple. They are set in /interface/wifi/capsman/set interfaces=<interface1>,<interface2> ... cap devi...
by mkx
Sun Jan 26, 2025 11:44 am
Forum: SwOS
Topic: Packet loss on mirror port on CRS326-24G-2S+ Rev. 2
Replies: 6
Views: 4077

Re: Packet loss on mirror port on CRS326-24G-2S+ Rev. 2

I have no experience with Securityonion, so I'm just speculating here ... Are you sure that the mini PC is able to process in real time whatever software requires? Unlike actual HTTP/FTP/etc protocol between client and server, where any of parties can slow down the transfer, your "sniffer"...
by mkx
Sun Jan 26, 2025 11:26 am
Forum: Wireless Networking
Topic: Dual-band wireless repeater
Replies: 5
Views: 1277

Re: Dual-band wireless repeater

This is feasible way of doing it. As to wifi radio modes ... it's up to you, constraints are: both AP and station have to run same generation of drivers (wifi or wireless), mixed drivers are not compatible in station -bridge mode. Since each device can only run one generation of drivers, in case dep...
by mkx
Sat Jan 25, 2025 7:43 pm
Forum: Wireless Networking
Topic: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)
Replies: 13
Views: 3302

Re: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)

So does that mean there’s basically no difference in this particular scenario between using a wAP ax or the MikroTik Wireless Wire with 60 GHz? If you're thinking about going through concrete floors/ceilings, then lower frequency is likely to fare better ... and IMO 60GHz is guaranteed to go nowher...
by mkx
Sat Jan 25, 2025 7:38 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 2480

Re: speed problem with Mikrotik Hex model RB750Gr3

@MKX for the version 7 ECMP it uses L3 hash policy as depicted below. Can you explain these further?? I don't have any experience or knowledge of ECMP. The terms you're asking about sound similar to some terms from (L2) bonding (which I believe I understand well enough), but I've no idea whether th...
by mkx
Sat Jan 25, 2025 7:18 pm
Forum: Wireless Networking
Topic: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)
Replies: 13
Views: 3302

Re: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)

How about using a pair of PLC devices? MT doesn't have any contemporary offering, but there are other vendors offering it.

If there happens to be a (neglected) coaxial cable available, you could use a pair of MoCA devices (usually works way better than PLC ... again no MT offering).
by mkx
Sat Jan 25, 2025 7:07 pm
Forum: Wireless Networking
Topic: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)
Replies: 13
Views: 3302

Re: Best Way to Wireless Bridge 1st and 3rd Floor in an old apartment building (Thick Floors/Walls)

And if you, despite advice by @sid5632, decide to beam data up ... you might have more success by using reflection from neighbouring building than through two concrete floors/ceilings ... if neighbouring building has large vertical surface facing towards "your" building and is not too far ...
by mkx
Sat Jan 25, 2025 6:50 pm
Forum: General
Topic: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]
Replies: 13
Views: 2425

Re: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]

Wanted to transition to (dual-stack) default IPv6 everywhere to check if there are any bugs in the long run. Perhaps it will give you a bit of incentive in this direction: I've been using IPv6 at home for almost 10 years and I've had no problems with it, all devices I use work with IPv6 just fine. ...
by mkx
Sat Jan 25, 2025 4:17 pm
Forum: General
Topic: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]
Replies: 13
Views: 2425

Re: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]

OK, so it's not possible to block RAs towards individual devices. But it is possible to block all IPv6 frames from individual devices using switch ACL. Drawback is that device in question will see RAs, it will configure self with GUA (based on SLAAC) but won't be able to use it. Which can cause a sl...
by mkx
Sat Jan 25, 2025 4:08 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 2480

Re: speed problem with Mikrotik Hex model RB750Gr3

with Fasttrack you can get Full Speed with the 750GR3
and with 7.18beta this is also working with IPv6

In some use cases fasttrack can't be used. E.g. in case by @OP.
by mkx
Sat Jan 25, 2025 2:48 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 2480

Re: speed problem with Mikrotik Hex model RB750Gr3

I was just looking at the hap lite tc test specifications. Its speed is very close to hex. It's really stupid. Hex has a 2-core, 2-thread processor, but hap lite has a single core with a low frequency! They are different architectures and hAP lite just might be using CPU which does more per core sn...
by mkx
Sat Jan 25, 2025 2:46 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 2480

Re: speed problem with Mikrotik Hex model RB750Gr3

No, not when device is running ROS. You'll simply have to accept that ROS is not the most performing OS on many of supported devices.
by mkx
Sat Jan 25, 2025 2:22 pm
Forum: Wireless Networking
Topic: Bonding 2.4G and 5G Wifi together for backhaul creation
Replies: 3
Views: 1099

Re: Bonding 2.4G and 5G Wifi together for backhaul creation

Not sure why would EoIP be required? WiFi interfaces are L2 interfaces already, couldn't they be directly used as bond members? The only gothcha I can think of is link-monitoring setting, in this case it would probably have to be "arp" instead of "mii". Since such bonding will be...
by mkx
Sat Jan 25, 2025 2:13 pm
Forum: Beginner Basics
Topic: Setting crs304-4xg-in as layer 2 switch [SOLVED]
Replies: 19
Views: 3014

Re: Setting crs304-4xg-in as layer 2 switch [SOLVED]

Your previous switch was 1Gbps (if I understand your opening post right) and your CRS304 is 10Gbps. Which is a huge difference when it comes to UTP cable. Even though you're using a cat7 cable (indicated on your chart), it might be of low quality, it might be improperly terminated, it might be (slig...
by mkx
Sat Jan 25, 2025 2:04 pm
Forum: Beginner Basics
Topic: Extending my CAPsMAN network wirelessly
Replies: 2
Views: 970

Re: Extending my CAPsMAN network wirelessly

You want to have a dual-band device as AP with wireless backhaul. Having both stations and backhaul on same radio creates major performance bottleneck (each frame gets transmitted over same radio twice, together with all the wireless overhead which increases with multiple devices trying to use airti...
by mkx
Sat Jan 25, 2025 12:56 pm
Forum: General
Topic: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]
Replies: 13
Views: 2425

Re: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]

Which particular model of router are you using? Not all models can do switch rules (even if the config subtree exists).
by mkx
Sat Jan 25, 2025 12:30 pm
Forum: RouterBOARD hardware
Topic: CRS310-8G-2S-N All ports dead
Replies: 11
Views: 2925

Re: CRS310-8G-2S-N All ports dead

There are many possible reasons for device to misbehave. Unfortunately one of them is (invisible) configuration corruption which is also saved in binary backup. If such backup is restored on (newly installed) device, corrupt setup is back in place and waiting to screw things. So if the problem will ...
by mkx
Sat Jan 25, 2025 12:08 pm
Forum: General
Topic: speed problem with Mikrotik Hex model RB750Gr3
Replies: 26
Views: 2480

Re: speed problem with Mikrotik Hex model RB750Gr3

CPU in hEX Gr3 is not exactly speed monster. It's got 2 CPU cores (with 4 threads altogether but I don't know how ROS utilizes that). And the gotcha: all packets of same connection are handled by same CPU core/thread (processing may move between cores, but there's no parallel processing). And window...
by mkx
Fri Jan 24, 2025 9:42 pm
Forum: General
Topic: Unable to Downgrade RouterOS from 7.18beta2 to 7.16.2 on hAP ax3 ARM 64 [SOLVED]
Replies: 10
Views: 2202

Re: Unable to Downgrade RouterOS from 7.18beta2 to 7.16.2 on hAP ax3 ARM 64 [SOLVED]

It could be the new 'security' feature introduced in 7.17 - /system device-mode has been changed. By default install-any-version is set to no which prevents installation of anything with a lesser version than listed in allowed-versions ... Right, but default setting for allowed-versions is 7.13+ .....
by mkx
Fri Jan 24, 2025 9:26 pm
Forum: Wireless Networking
Topic: CAPSMAN access lists [SOLVED]
Replies: 3
Views: 1649

Re: CAPSMAN access lists [SOLVED]

I didn't try ... but how about /interface/wifi/access-list on CAPsMAN device?
by mkx
Fri Jan 24, 2025 9:19 pm
Forum: General
Topic: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]
Replies: 13
Views: 2425

Re: Best way to disable IPv6 advertisement only to specific clients? [SOLVED]

You can't block advertisments to some clients at the source, being multicast they are sent to all devices within a layer2 network Just to double-check, is it possible to block on L2 level via /interface ethernet switch rule, or multicast cannot be blocked per client (per MAC) even there? It might b...
by mkx
Fri Jan 24, 2025 9:13 pm
Forum: General
Topic: Unable to Downgrade RouterOS from 7.18beta2 to 7.16.2 on hAP ax3 ARM 64 [SOLVED]
Replies: 10
Views: 2202

Re: Unable to Downgrade RouterOS from 7.18beta2 to 7.16.2 on hAP ax3 ARM 64 [SOLVED]

For minimum ROS version you have to check this: /system/resource/print Sometimes it can be different than routerboot (I have a wAP ax with factory-firmware: 7.15.2 and factory-software: 7.15.1 ). Anyway, proper way for downgrading is to get list of installed packages (disabled as well) upload all co...
by mkx
Fri Jan 24, 2025 3:58 pm
Forum: General
Topic: Influence of clientid in defintion of IPv4 DHCP leases
Replies: 1
Views: 950

Re: Influence of clientid in defintion of IPv4 DHCP leases

So what's the Influence of clientid in the defintion of DHCP leases? In principle modern DHCP servers (I can't say anything about tens of years old DHCP servers) assign leases according to client ID value ... which is provided by clients. Vast majority of clients indicate that CLient ID is MAC addr...
by mkx
Fri Jan 24, 2025 3:43 pm
Forum: General
Topic: VLAN config RB760iGS??
Replies: 4
Views: 1134

Re: VLAN config RB760iGS??

The problem is that on ports with 1003 vlan I cant get any traffic... accept if I add vlan as an interface to the bridge... then some how the traffic starts.. Config should allow switching between ports ether2, ether3 and ether4 without problems. The problem is probably communication to device(s) c...
by mkx
Fri Jan 24, 2025 2:53 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 58
Views: 12829

Re: Newsletter #121 | October 2024

It’s a shame they saved a few cents on this motherboard architecture. Quite often, even in cheap devices, the WAN port is connected directly to the SoC, but that’s not the case here. :( It's a feature: this way any of ports can be assigned any role and it's then done equally well. Which adds to ver...
by mkx
Fri Jan 24, 2025 12:01 pm
Forum: Wireless Networking
Topic: New PPSK functionality
Replies: 72
Views: 9841

Re: New PPSK functionality

The only issue I observe is the band steering from 2 to 5 and back that does not work very well and I would have liked to see some parameters I could tune myself. My experience goes that band steering works very well for some (mostly that's newer) stations and doesn't work for some (in particular H...
by mkx
Fri Jan 24, 2025 11:56 am
Forum: Wireless Networking
Topic: CAPsMAN layout
Replies: 2
Views: 1050

Re: CAPsMAN layout

My question is where to run CAPsMAN to obtain the best performance. As @holvoetn already explained (using different words): CAPsMAN does very little[*] so it doesn't matter much which device runs it. I agree that some central router (or edge router in installations without central routers) would be...
by mkx
Fri Jan 24, 2025 11:38 am
Forum: General
Topic: Default values [SOLVED]
Replies: 15
Views: 2596

Re: Default values [SOLVED]

You can reset it to default by running same set command with different value. Finding out the default value for certain settings can be tricky though. One of them is e.g. L2MTU which can vary wildly depending on hardware type (and even device model, there are cases where different device models use ...
by mkx
Fri Jan 24, 2025 11:36 am
Forum: General
Topic: Router sends DHCPDISCOVER when it shouldn't.
Replies: 2
Views: 1045

Re: Router sends DHCPDISCOVER when it shouldn't.

There's service "detect internet" which in theory helps to set router correctly for people who don't fiddle with manual settings (too much), but has potential to screw things up ... One of mechanizms is using DHCP client procedures even on interfaces where DHCP client is not configured. So...
by mkx
Fri Jan 24, 2025 11:09 am
Forum: General
Topic: VLAN config RB760iGS??
Replies: 4
Views: 1134

Re: VLAN config RB760iGS??

It looks almost right (apart from the fact that ports ether1, ether5, sfp1 and bridge (the CPU-facing bridge port) accept untagged frames with PVID=1).

So what exactly are those "strange errors"?
by mkx
Fri Jan 24, 2025 9:23 am
Forum: Beginner Basics
Topic: Boundary Clocks on CRS317 [SOLVED]
Replies: 10
Views: 1806

Re: Boundary Clocks on CRS317 [SOLVED]

I expect enabled CRS317 coming onlline may become grandmaster if none is present or current grandmaster loses an election. I'd expect that as well ... but I certainly hope that PtP implementation does check if device (which is about to become boundary clock) has a reliable and stable clock source. ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 47