Community discussions

MikroTik App

Search found 11790 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 40
by mkx
Tue Mar 19, 2024 12:14 am
Forum: RouterBOARD hardware
Topic: hAP ac , poe, RB962UiGS-5HacT2HnT
Replies: 8
Views: 1428

Re: hAP ac , poe, RB962UiGS-5HacT2HnT

20m long cables should not kill PoE .... but at these lengths losses are not negligible. Voltage, available at power receiver's side will be lower, which means that receiver will draw higher current (to fulfill power budget requirements). And this in turn means that PSE (power provider) has to provi...
by mkx
Mon Mar 18, 2024 11:48 pm
Forum: General
Topic: IPv6 Prefixes [SOLVED]
Replies: 14
Views: 2354

Re: IPv6 Prefixes [SOLVED]

@karhill: You are using prefix-hint=::/60 in your example. What is that? I thought that we need to use Pool-Prefix-Length in DHCPv6 client. Two things: prefix-hint= hints to DHCPv6 server sbout what kind of prefix fo we want to receive. It is possible to set it to prefix we already received in hope...
by mkx
Mon Mar 18, 2024 11:38 pm
Forum: General
Topic: ipv6 routing config for ISP DHCP delegated prefix
Replies: 6
Views: 495

Re: ipv6 routing config for ISP DHCP delegated prefix

A bit of guessing here: if ISP assigns a prefix to CPE device, it somehow needs to know also where to route packets belonging to that prefix. In principle DHCPv6 server and ISP router are independent devices, hence ISP's router doesn't know where to route traffic. But it seems that most ISP solution...
by mkx
Mon Mar 18, 2024 9:20 am
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 7
Views: 419

Re: Audience different revisions showing different current tx-rates

I tried channel 36 and got an unsupported channel red message. Yup, as designed. The 2x2 radio supports channels between 5180MHz and 5320MHz (channels 36-64) ... and 4x4 radio supports channels between 5500MHz and 5720MHz (channels 100-144). All stated frequencies are center frequencies of 20MHz ch...
by mkx
Mon Mar 18, 2024 9:00 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 741

Re: 'IPv6-only' connectivity issue

You can try accept-router-advertisements=yes. That shouldn't be necessary (or even advisable) on networks where you get the default route from DHCP ... It has been said that default route via DHCPv6 is a MT hack. DHCPv6 doesn't provide routers, RAs are used for delivering routers (ND is a must then...
by mkx
Sun Mar 17, 2024 5:19 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 7
Views: 419

Re: Audience different revisions showing different current tx-rates

The 4x4 radio only works from 149 up, from what I could tell. Nope, my Audience runs its 4x4 radio on 5500 Ceee just fine (that's channel 100). [user@wifi-audience] /interface/wifi> monitor 2 state: running channel: 5500/ac/Ceee registered-peers: 4 authorized-peers: 4 tx-power: 24 available-channel...
by mkx
Sun Mar 17, 2024 5:11 pm
Forum: RouterBOARD hardware
Topic: hAP ac , poe, RB962UiGS-5HacT2HnT
Replies: 8
Views: 1428

Re: hAP ac , poe, RB962UiGS-5HacT2HnT

Unfortunately, no, this setup is not working.
How long are UTP cables between RB5009 and powered devices?
by mkx
Sun Mar 17, 2024 5:01 pm
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 45
Views: 1985

Re: v7.15beta broke backup file naming

So, what are the characters not allowed? I'd rather ask "which characters are safe to use?" ... and the answer would be: the same as the last 50 years: US ASCII alphabet (a-z and A-Z), roman numerals (0-9), underscore (_), dash (-) ... and that's about it. So no punctuation marks, no othe...
by mkx
Sat Mar 16, 2024 10:53 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 7
Views: 419

Re: Audience different revisions showing different current tx-rates

So it's then down to frequency-related country regulations. My audience (it's an r2 revision), running 7.13, shows the following for one ETSI country: ranges: 2402-2482/20 5170-5250/23/indoor 5250-5330/23/indoor/dfs 5490-5710/30/dfs I believe that the 4-chain radio operates exclusively in the freque...
by mkx
Sat Mar 16, 2024 8:16 pm
Forum: Wireless Networking
Topic: Audience different revisions showing different current tx-rates
Replies: 7
Views: 419

Re: Audience different revisions showing different current tx-rates

Used Tx power depends on country regulatory limits (I guess you have that setting same for the whole setup) and in 5GHz band also on particular frequency used. Another peculiarity is audience which has two 5GHz radios and these two have pretty distinct characteristics (one has 2 chains and Tx power ...
by mkx
Sat Mar 16, 2024 8:09 pm
Forum: Wireless Networking
Topic: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]
Replies: 6
Views: 623

Re: Is it possible to install WiFi package on L009UiGS-RM? [SOLVED]

Is it possible to install WiFi package on L009UiGS-RM (ROS 7.13+) and use it as capsman controller for several hap ax for wifi6? Capsman in 7.13+ is part of core wifi functionality which is installed always. What is then left to install (as ootiobal package) are appropriate drivers for wireless chi...
by mkx
Sat Mar 16, 2024 1:47 pm
Forum: RouterBOARD hardware
Topic: Upgrade from RB750Gr3
Replies: 16
Views: 955

Re: Upgrade from RB750Gr3

Note that philip8224 never mentioned "it should cost as little as possible"... Indeed. But a buck saved on previous project is a buck of budget increase for next project. Which is usually even more important when there's involvement of a financial controller in shape of better half :wink:
by mkx
Sat Mar 16, 2024 11:13 am
Forum: RouterBOARD hardware
Topic: Upgrade from RB750Gr3
Replies: 16
Views: 955

Re: Upgrade from RB750Gr3

I didn't realize/notice that it has a faster CPU. :) It's hard to say which CPU is faster simply from the part number. But all MT products have published test results and that somehow relates to CPU performance. hEX - RB750Gr3 hAP ac² The tests with less processing (e.g. no firewall filters, large ...
by mkx
Fri Mar 15, 2024 3:52 pm
Forum: General
Topic: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]
Replies: 13
Views: 842

Re: RB5009UG+S+ download speed 600/1000 upload 800+/1000 [SOLVED]

Is it the hardware or am I missing something? Hardware is a big unknown with CHR, it really depends. But decent hardware, used to run hypervisors, tends to be much more capable for general processing (e.g. FW rules) than most of mikrotik's hardware. So I can imagine that CHR can outperform most (if...
by mkx
Fri Mar 15, 2024 11:43 am
Forum: General
Topic: RB4011 HWoffload + vlan aware bridge issues [SOLVED]
Replies: 7
Views: 731

Re: RB4011 HWoffload + vlan aware bridge issues [SOLVED]

The main problem is, that bridge interface is not member of any of tagged VLANs: /interface bridge vlan add bridge=bridge tagged=ether4,ether5,sfp-sfpplus1 vlan-ids=50 add bridge=bridge tagged=ether5,sfp-sfpplus1 vlan-ids=200 add bridge=bridge tagged=sfp-sfpplus1,bonding1 vlan-ids=99 If you want rou...
by mkx
Fri Mar 15, 2024 9:22 am
Forum: General
Topic: Interface list for multiple bridges? [SOLVED]
Replies: 4
Views: 589

Re: Interface list for multiple bridges? [SOLVED]

Creating an interface list that includes both "bridge_LAN" and "bridge_WiFi" was my first idea. However, even though it is called an interface " list ", I could only set one interface. Something like this: /interface list add name=list1 add name=list2 add name=list3 /i...
by mkx
Fri Mar 15, 2024 9:13 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 282
Views: 43691

Re: v7.15beta [testing] is released!

@larsa and @Railander really should align their pains. One has a pain with scripting (where using any names containing special charcters, including but not limited to space, comma, colon, quote, double quote, question mark, exclamation mark, etc. is a really bad idea in any context except "plai...
by mkx
Wed Mar 13, 2024 9:10 pm
Forum: RouterBOARD hardware
Topic: R11e-HacD max input power
Replies: 1
Views: 202

Re: R11e-HacD max input power

Product page at https://mikrotik.com/product/R11e-5HacD has the information under "Wireless specifications". Max Tx power depends on modulation used and varies between 27dBm (at most robust and thus slowest modulation) and 19dBm (highest performing modulation). Power numbers are total Tx p...
by mkx
Wed Mar 13, 2024 8:56 pm
Forum: General
Topic: Import DHCP leases [SOLVED]
Replies: 5
Views: 693

Re: Import DHCP leases [SOLVED]

Yes; MK to MK.

I made them all static for simplicity. I exported to txt file, but I can copy and paste. Where do I paste?

The same place they were exported from ... /ip/dhcp-server/lease/ seems a sensible place.
by mkx
Wed Mar 13, 2024 8:46 pm
Forum: General
Topic: Backup restoration, wrong interfaces
Replies: 12
Views: 533

Re: Backup restoration, wrong interfaces

You can change that part so after 4 more times, you're back at square 1 :lol: Actually you're still stuck because set uses construct "[ find default-name=... ]" and default-name doesn't change. But if code was run from "default" state, then it would fail even the first time ... ...
by mkx
Wed Mar 13, 2024 8:25 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 1296

Re: Hex Lite and NTP client updates

ROUTER sends out a WAN signal to an existing NTP server with dst-port 123 BUT ALSO source port 123??? Yup. There are SNTP implementations, which are client-only and act as typicsl client: uses random high port as src-port and connects to server at port 123. And there are full NTP implementations wh...
by mkx
Wed Mar 13, 2024 8:06 pm
Forum: General
Topic: Backup restoration, wrong interfaces
Replies: 12
Views: 533

Re: Backup restoration, wrong interfaces

When the router restarted, I saw that the traffic goes through ether2 and ether4. I unplugged the Ethernet patch cable from port 1 and connected it to port 2. In interface window, I see that the traffic goes through ether5 interface. It is possible to rename router's interfaces and some (perverse) ...
by mkx
Wed Mar 13, 2024 7:58 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

Does ssh server, by any chance, run its own firewall?
by mkx
Wed Mar 13, 2024 7:42 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 1170

Re: Redirect to external Public IP [SOLVED]

@anav: you're pretty close to how I understand it. Just that @OP wants to forward connection (initially targeting his router port 9999) to some host on intetnet (same port 9999). @RipperR: I'd try with this pair of NAT rules: /ip/firewall/nat add chain=dstnat action=dst-nat protocol=tcp dst-port=999...
by mkx
Wed Mar 13, 2024 3:33 pm
Forum: Beginner Basics
Topic: Redirect to external Public IP [SOLVED]
Replies: 19
Views: 1170

Re: Redirect to external Public IP [SOLVED]

The "red" traffic will likely only pass bi-directionally if you'll implement hairpin NAT for that "public to public" NAT. Without it, webserver 2 will try to reply to client (accessing abcabc.com:9999) directly, but client will reject this as it will try to talk to your router's ...
by mkx
Wed Mar 13, 2024 3:19 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 282
Views: 43691

Re: v7.15beta [testing] is released!

*) console - replace reserved characters to backup and certificate export file names with underscores; is there any reason this needs to be done? Yes, having spaces in file names breaks parameter parsing in all CLI implementations I've seen and one has to use workarounds (such as enclosing such fil...
by mkx
Wed Mar 13, 2024 8:01 am
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

Are you sure that your ISP line is completely transparent? I.e. are you sure your ISP doesn't filter ingress connections?
by mkx
Wed Mar 13, 2024 7:59 am
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 45
Views: 1985

Re: v7.15beta broke backup file naming

It's a deliberate change, well published in change logs. Did you read through relevant "new version announcement post" before installing a beta version?
by mkx
Tue Mar 12, 2024 8:03 pm
Forum: Wireless Networking
Topic: VLANs / CAPsMANv2 / local datapath
Replies: 5
Views: 348

Re: VLANs / CAPsMANv2 / local datapath

What, from functionality point of view, are you trying to do?
by mkx
Tue Mar 12, 2024 7:46 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 457

Re: Hairpin NAT using Local DNS

Well, in such a convoluted setup you'll have to think it out yourself. I'm not willing to guess the size of your problem and all the interactions.

But the fact is that NAT isn't exactly piece'a'cake in certain conditions.
by mkx
Tue Mar 12, 2024 6:32 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

Think on your dst-nat rule you are missing:
in-interface-list=WAN

Nah, this omission only makes DST-NAT rule more greedy. It doesn't make it non-working. Would it be useful to include this addition? Depends if @OP needs to use NAT-ed port from inside LAN or not.
by mkx
Tue Mar 12, 2024 6:18 pm
Forum: General
Topic: NAT port forwarding does not work
Replies: 19
Views: 742

Re: NAT port forwarding does not work

And from where are you trying to use the forwarded port? Public internet? Or from inside your LAN?
by mkx
Tue Mar 12, 2024 4:31 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 457

Re: Hairpin NAT using Local DNS

If servers need to communicate with each other, then ... I don't see why you couldn't configure them to communicate directly (over real ports)?
by mkx
Tue Mar 12, 2024 12:58 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 457

Re: Hairpin NAT using Local DNS

Some of my internal services run on different source ports and I would still require a dot-net to do the port translation Example service runs on port 1050 and the clients use 5050 In this case the best solution is to move server(s) into dedicated IP subnet. The dst-nat would then work the same way...
by mkx
Tue Mar 12, 2024 12:55 pm
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 418
Views: 68792

Re: v7.14.1 [stable] is released!

*) sfp - improved system stability for CR2004-1G-2XS-PCIe (introduced in v7.14); You should read the line for what it is: "SFP - improved stability" (on some certain device). You simply should not read it like "improved stability of CCR2004-1G-XS-PCIe" because it's not about it.
by mkx
Tue Mar 12, 2024 12:44 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 282
Views: 43691

Re: v7.15beta [testing] is released!

.... but you are not the only one using RouterOS so a moment of patience and let's see what will happen. I don't think that anybody said that this functionality should never ever be implemented. However it is pretty distracting if such a non-core functionality actually makes certain device types al...
by mkx
Tue Mar 12, 2024 12:39 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 282
Views: 43691

Re: v7.15beta [testing] is released!

I don't even need Samba service nor DLNA.

You're weird ... but so am I.
by mkx
Mon Mar 11, 2024 9:49 pm
Forum: Beginner Basics
Topic: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?
Replies: 7
Views: 562

Re: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?

... "Is there a way if creating, or assigning, a virtual port from the router to the switch, so as to negate the need to use a physical port in order to do this?" I'm pretty sure I don't understand your question. When one creates a bridge, one gets all the bells and whistles. Now let's as...
by mkx
Mon Mar 11, 2024 8:22 pm
Forum: Wireless Networking
Topic: Get supported channel list on 7.13+ wifi-qcom*
Replies: 1
Views: 197

Re: Get supported channel list on 7.13+ wifi-qcom*

/interface/wifi/radio/reg-info country=<country> number=0 Notes: it seems to be safe to always use "number=0" ... but it may matter on some awkward chipsets? be careful about capitalization of country name, it seems a capital initial character is required. For multi-word country names thi...
by mkx
Mon Mar 11, 2024 8:04 pm
Forum: Announcements
Topic: Newsletter #117 | March 2024
Replies: 20
Views: 10983

Re: Newsletter #117 | March 2024

It must be quite expensive to manufacture all that heatsink for nothing.

Perhaps the initial idea was to make device passively cooled but later it turned out it wasn't enough so they installed some fans. And somebody forgot to cancel the order of half a million of heat sinks?
by mkx
Mon Mar 11, 2024 8:00 pm
Forum: General
Topic: Not having wire speed transfer between same VLAN on CRS354!
Replies: 15
Views: 678

Re: Not having wire speed transfer between same VLAN on CRS354!

I have tested using file sharing from one pc to another and results are the same 30-50MB/s Samba / CIFS comes with lots of constraints. If you want to assess raw network speed, then use appropriate tools, such as iperf3 ... When testing through a router, you nay find out tgat single-threaded perfor...
by mkx
Mon Mar 11, 2024 7:55 pm
Forum: Wireless Networking
Topic: Feature Request: Simplified handling of Wifi Guest Networks in Capsman V2
Replies: 6
Views: 799

Re: Feature Request: Simplified handling of Wifi Guest Networks in Capsman V2

In legacy capsman it was possible to get it working in an easier way ... because there was local-forwarding=no ... which meant tgat all traffic from a CAP was tunneled to CAPsMAN. Which made the whole thing independent from LAN infrastructure. However, it came with a (hefty) price: wireless throughp...
by mkx
Mon Mar 11, 2024 7:38 pm
Forum: General
Topic: Hairpin NAT using Local DNS
Replies: 9
Views: 457

Re: Hairpin NAT using Local DNS

If you want to see actual source IP addresses, then you must not use hairpin NAT ... i.e. use split DNS where A record for public internet points at your router's WAN IP address (and plain dst-nat is enough to have connection working). And A record for "same subnet" clients points directly...
by mkx
Mon Mar 11, 2024 5:14 pm
Forum: Wireless Networking
Topic: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]
Replies: 3
Views: 667

Re: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]

Mb someone know is there "dynamic vlans in qcom-ac" in plans of smth like that?

Perhaps MT knows?
by mkx
Mon Mar 11, 2024 5:01 pm
Forum: Beginner Basics
Topic: Queues need help
Replies: 4
Views: 294

Re: Queues need help

Generally no ideas. As soon as one starts with non-trivial things (and queuing / traffic shaping is not trivial), router has to process each packet and that simply requires some CPU power.
by mkx
Mon Mar 11, 2024 4:58 pm
Forum: Beginner Basics
Topic: Need help with L3 VLAN [SOLVED]
Replies: 6
Views: 845

Re: Need help with L3 VLAN [SOLVED]

Additionally, I find it peculiar that MikroTik treats the bridge as both a Layer 2 switch and a Layer 3 interface. If one is pedantic as to what a particular entity does, then bridge actually has 4 personalities ... and there's a good explanation of all of them . As to L3 VLANs: it's a pitty to (ab...
by mkx
Mon Mar 11, 2024 7:20 am
Forum: RouterBOARD hardware
Topic: map2nd mAP serial port
Replies: 4
Views: 318

Re: map2nd mAP serial port

If anything, this is TTL-level serial. You'd need something like MAX232 to convert levels to RS232 levels (which is 5V), without it you'd fry the board components.

Next problem is that this serial interface is not enabled in ROS on mAP ...
by mkx
Sun Mar 10, 2024 5:11 pm
Forum: Wireless Networking
Topic: CAPsMAN v2 update frequency
Replies: 5
Views: 288

Re: CAPsMAN v2 update frequency

Image

To me it seems it provisioned just fine. Missing "R" flag may simply mean that no client is currently connected to that AP.

Or is it that you actually don't see AP broadcasting SSID when using a client to search for WiFi signals?
by mkx
Sun Mar 10, 2024 4:00 pm
Forum: Beginner Basics
Topic: Queues need help
Replies: 4
Views: 294

Re: Queues need help

Disable fasttrack rule in firewall (chain=forward). Fasttrack bypasses lits of packet processing, most queues included. Torch disables fasttrack (in order to show anything), that's why queues work then. Be prepared to see CPU utilization go up considerably, depending on your WAN speed it may become ...
by mkx
Sun Mar 10, 2024 12:54 pm
Forum: General
Topic: Connection lost after 10 or more times
Replies: 5
Views: 311

Re: Connection lost after 10 or more times

My idea is that there might be some ARP misconfiguration (perhaps a proxy-arp or some such) and with a large LAN subnet (subnet mask shorter than /20) it may mean that switch FDBs get filled with invalid entries. In such case all traffic gets disrupted ... I see quite often that people play with ARP...
by mkx
Sun Mar 10, 2024 12:46 pm
Forum: Wireless Networking
Topic: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]
Replies: 3
Views: 667

Re: Capsman + dynamic vlans + bridge vlan filtering [SOLVED]

CAPsMAN only provisions wireless interface ... and userman only sets VID for a particular user (much like static ACLs would). So I would expect that you have to configure uplink ethernet port as tagged member of a number of VLANs (all that might be used by userman), but likewise the wireless interfa...
by mkx
Sun Mar 10, 2024 12:28 pm
Forum: Beginner Basics
Topic: hEXs and internet speed problem
Replies: 11
Views: 916

Re: hEXs and internet speed problem

Generally I'd agree with @CGGXANNX ... but that 8Mbps of uplink smells rotten. Generally routers perform symmetrically unless there are rules (or interactions) which work asymmetrically. Since already MT's default setup reveals the asymmetry, I'd say that the problem lies somewhere between hEX's eth...
by mkx
Sun Mar 10, 2024 12:19 pm
Forum: General
Topic: Connection lost after 10 or more times
Replies: 5
Views: 311

Re: Connection lost after 10 or more times

You'll have to post (text export of) hotspot's configuration. As already mentioned, reasons for misbehaviour can be numerous and without seeing the config, we'd be only guessing.

BTW, the reason might not be in hotspot config, all network devices contribute in a LAN and any of them can break the LAN.
by mkx
Sun Mar 10, 2024 12:10 pm
Forum: General
Topic: Interface lists efficiency for firewall
Replies: 3
Views: 290

Re: Interface lists efficiency for firewall

I'd expect that one rule using interface-list would be more effective than multiple rules using interfaces. One aspect is overhead of executing a rule, which is the same for any rule (regardless the check types), and I assume it's not trivial. The other aspect is handling interface-lust members, the...
by mkx
Sun Mar 10, 2024 11:57 am
Forum: Beginner Basics
Topic: Firewall check
Replies: 7
Views: 484

Re: Firewall check

You're following the concept "allow what's needed, drop everything else", which is good. From performance point of view your rules would benefit of some reworking. Rules are evaluated top-to-bottom (inside each chain) so performance-wise it's good to make rules, which will deal with most p...
by mkx
Sun Mar 10, 2024 11:48 am
Forum: Beginner Basics
Topic: Help with config [SOLVED]
Replies: 6
Views: 821

Re: Help with config [SOLVED]

Nothing strikes me as clearly wrong in your config. The only thing I'd definitely change is disable internet detection: /interface detect-internet set wan-interface-list=none It's a public secret that this feature can cause some subtle, but nasty problems ... and you don't seem to need it anyway.
by mkx
Sat Mar 09, 2024 3:43 pm
Forum: General
Topic: Not having wire speed transfer between same VLAN on CRS354!
Replies: 15
Views: 678

Re: Not having wire speed stransfer between same VLAN!

I'm guessing that the bottleneck is RB4011 since it's used as router. You better verify that by running CPU profile (preferably in CLI to avoid excessive burden which winbox/webfig tend to throw at device being monitored). Don't just observe general CPU load, some functions are single-threaded and i...
by mkx
Sat Mar 09, 2024 11:34 am
Forum: SwOS
Topic: SwOS Lite DHCP server Options
Replies: 3
Views: 329

Re: SwOS Lite DHCP server Options

SwOS Lite or SwOS or both?

Any SwOS.
by mkx
Sat Mar 09, 2024 11:15 am
Forum: General
Topic: Help! Simple question? Blocking internal rogue IP?
Replies: 6
Views: 546

Re: Help! Simple question? Blocking internal rogue IP?

I made the rule, I assume I can use 192.168.0.0. to block that whole network, yes? If you want to block whole subnet, then you have to add subnet mask to the address setting ... like this: 192.168.0.0 /16 . By default, /32 subnet mask is used which means single (host address) and no "subnet ad...
by mkx
Sat Mar 09, 2024 11:12 am
Forum: General
Topic: Not enough space for upgrade when 6.4x->7.12 when 6.4x->7.11.2->7.12 works
Replies: 10
Views: 2507

Re: Not enough space for upgrade when 6.4x->7.12 when 6.4x->7.11.2->7.12 works

- Package - Reduced "wireless" package size for ARM, ARM64, MIPSBE, MMIPS devices. I've been experiencing issues with CAP AC and HAP AC2 due to insufficient disk space. The problem with this change log bullet is that with ROS 7.13+ one would really want to run wifi-qcom-ac on these device...
by mkx
Sat Mar 09, 2024 10:59 am
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 418
Views: 68792

Re: v7.14 [stable] is released!

Leaving it as open ended question - where did it go? Do you have graphing enabled? It may consume some permanent storage space and starts from 0 after netinstall (upgrade doesn't wipe it though). Do you have any address lists being built up? If entries don't have timeout set, they are considered pe...
by mkx
Fri Mar 08, 2024 5:33 pm
Forum: SwOS
Topic: SwOS Lite DHCP server Options
Replies: 3
Views: 329

Re: SwOS Lite DHCP server Options

DHCP is L3 (or L5, depends on how you view it) function while SwOS only supports L2.
by mkx
Fri Mar 08, 2024 9:03 am
Forum: Beginner Basics
Topic: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?
Replies: 7
Views: 562

Re: VLAN interfaces assigned directly to the bridge verses a vlan to a port on the bridge?

Furthermore, I'm mystified as to the way the bridge seems to inherit properties from physical ports. What you fail to uderstand is that bridge is a transparent ethernet entity. Whatever talks to one port can talk to other ports (this eventually depends on bridge config, such as VLAN settings). Read...
by mkx
Thu Mar 07, 2024 11:43 pm
Forum: Beginner Basics
Topic: CRS-106-1C-5S Speed Question
Replies: 7
Views: 437

Re: CRS-106-1C-5S Speed Question

The speeds will keep high if you configure VLANs in a specific way, tailored for CRS1xx/CRS2xx switches: https://help.mikrotik.com/docs/pages/vi ... =103841836
by mkx
Thu Mar 07, 2024 11:40 pm
Forum: General
Topic: DHCP deassigned/assigned log message [VLAN Switch - RB3011] [SOLVED]
Replies: 3
Views: 582

Re: DHCP deassigned/assigned log message [VLAN Switch - RB3011] [SOLVED]

Blocking ICMP doesn't really save anything but can cause random problems.
by mkx
Thu Mar 07, 2024 11:27 pm
Forum: Beginner Basics
Topic: CRS-106-1C-5S Speed Question
Replies: 7
Views: 437

Re: CRS-106-1C-5S Speed Question

It's routing config ... and CRS devices (the whole line of models) are essentially switches.
by mkx
Thu Mar 07, 2024 9:11 am
Forum: General
Topic: Routers Coming with Default Passwords
Replies: 69
Views: 6060

Re: Routers Coming with Default Passwords

If @holvoetn didn't write the preceeding post, I would. I couldn't agree more.

@jo2jo ... how about teaching your customers to find the dreaded sticker and send you a photograph of it?
by mkx
Thu Mar 07, 2024 8:10 am
Forum: Wireless Networking
Topic: Misunderstanding how frequency list is supposed to work?
Replies: 2
Views: 214

Re: Misunderstanding how frequency list is supposed to work?

AFAIK frequencies on list are not "priority by order". Device does a quick check over allowed frequencies and selects the one with least detected "noise" ... if it's a DFS frequency, then it has to perform CAC as well.
by mkx
Wed Mar 06, 2024 10:02 pm
Forum: General
Topic: Routers Coming with Default Passwords
Replies: 69
Views: 6060

Re: Routers Coming with Default Passwords

@jo2jo ... we all (or almost all) feel your pain and understand you. How about a group hug?

Now, get over it and accept the new reality.
by mkx
Wed Mar 06, 2024 9:58 pm
Forum: General
Topic: What configuration is best in vlan-filtering??
Replies: 3
Views: 256

Re: What configuration is best in vlan-filtering??

The correct configuration is whichever produces wanted results.

The (resource utilization wise) optimal configuration for most MT device models is the one with single bridge with vlan-filtering enabled. You didn't mention the model you're using so it may not be optimal after all.
by mkx
Wed Mar 06, 2024 6:13 pm
Forum: General
Topic: PoE Compatibility: MikroTik RB3011 & Ruijie RG-RAP6202(G)
Replies: 10
Views: 460

Re: PoE Compatibility: MikroTik RB3011 & Ruijie RG-RAP6202(G)

I'd ditch the idea of using RB3011 PoE out and go with stand-alone solution. One possibility is to use MT's RBGPOE passive PoE injector and 48V power adapter ... Ruijie might just start (the handshake part of 82.3 af/at standard is for PSE to make sure there's a 48V-capable equipment at the other en...
by mkx
Wed Mar 06, 2024 5:27 pm
Forum: General
Topic: PoE Compatibility: MikroTik RB3011 & Ruijie RG-RAP6202(G)
Replies: 10
Views: 460

Re: PoE Compatibility: MikroTik RB3011 & Ruijie RG-RAP6202(G)

There are PoE splitter/converters that can extract the 22/24 V and convert them to 12 V, your device evidently needs 1.5A@12V so you want one capable at least of 2A, as you are already 10% low.. 2A on 12V side shouldn't be necessary, device requires up to 13W which is 1.1A@12V. But I fear there's a...
by mkx
Wed Mar 06, 2024 5:17 pm
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 679

Re: Bridge VLAN prerouting

It was more a question with regard to how VLAN interfaces attached to bridges work. They don't relate directly. Did you happen to read this explanation of different bridge personalities? VLAN interfaces relate to bridge interface (one of personalities), but only as much as any other (off bridge) in...
by mkx
Wed Mar 06, 2024 9:12 am
Forum: Beginner Basics
Topic: ipv6 help please
Replies: 7
Views: 415

Re: ipv6 help please

Regarding routing: the proper thing to do is to allow ROS to accept RAs. Unfortunately the setting is global for all interfaces: /ipv6/settings/set accept-router-advertisements=yes So you don't have to set default route by hand (it seems you're setting it wrong anyway). And, by all means, stop adver...
by mkx
Tue Mar 05, 2024 3:14 pm
Forum: Beginner Basics
Topic: L009UiGS-RM: Default route is not part of exported configuration (/export command)
Replies: 7
Views: 548

Re: L009UiGS-RM: Default route is not part of exported configuration (/export command)

All the other routes to the other networks (e.g. 192.168.2.0/24, 192.168.3.0/24, etc.) visible on the Winbox UI/ Route List never have been listed with /export command. Winbox has a bit different logic built in, so you can't directly compare what is shown by winbox to what is shown by individual co...
by mkx
Tue Mar 05, 2024 3:04 pm
Forum: RouterBOARD hardware
Topic: Question regarding PoE vs non-PoE versions of the RB5009 [SOLVED]
Replies: 23
Views: 1922

Re: Question regarding PoE vs non-PoE versions of the RB5009 [SOLVED]

The way I read post by @andkar ... it's the same device (PoE version) powered either by 24V or 48V. So the difference is efficiency in downconverters ... and possibly some 802.3af/at specific PoE circuitry which may get switched off when device is powered with 24V (and can thus not provide 802.3af/a...
by mkx
Tue Mar 05, 2024 2:42 pm
Forum: Beginner Basics
Topic: Bridge management IP not working
Replies: 6
Views: 349

Re: Bridge management IP not working

add address=192.168.77.250/24 interface=INFRA_77 network=192.168.77.250 It did not improve the situation. Of course it didn't because network address (albeit automatically calculated, you left it intact) was wrong. Playing with VLAN 77 interfaces did eventually fix this problem for you ... And one ...
by mkx
Tue Mar 05, 2024 8:52 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 282
Views: 43691

Re: v7.15beta [testing] is released!

Home users don't even know this forum exists So this is MT's excuse not to listen to opinions on this forum? Yeah, "home users" won't ever run into problems with tiny space on certain device models (hAP ac2, cAP ac, etc.) ... because they tend to never update software on their devices. So...
by mkx
Tue Mar 05, 2024 8:44 am
Forum: Wireless Networking
Topic: hAP ax2 vs cAP ax as access point?
Replies: 9
Views: 551

Re: hAP ax2 vs cAP ax as access point?

I guess that cAP ax will behave slightly better, specially in uplink direction. cAP ax has slightly better antenna gain (1dBi better in 5GHz band and 2dBi better in 2.4GHz band). This doesn't necessarily help in downlink: if device is configured according to country regulations, most of spectrum in ...
by mkx
Tue Mar 05, 2024 8:34 am
Forum: Wireless Networking
Topic: Realtek RTL8192CE can't see hAP ax2 [SOLVED]
Replies: 2
Views: 274

Re: Realtek RTL8192CE can't see hAP ax2 [SOLVED]

... are some old Wi-Fi network chips just not compatible with 2.4GHz AX? I'd attribute this to driver for that wireless card. Some are brain damaged enough to barf on features they don't recognize. As AX AP sets some bits to capability/feature list, which were "reserved for future use" ba...
by mkx
Tue Mar 05, 2024 8:24 am
Forum: Beginner Basics
Topic: Bridge management IP not working
Replies: 6
Views: 349

Re: Bridge management IP not working

You need to add bridge1 to the tagged list for vlan 77 in the bridge vlan table. It's there: add bridge=bridge1 tagged=bond_forti,bond_S3, bridge1 ,01_T_bond_forti,INFRA_77 untagged=09_A_syno_77,13_A_apc_77 vlan-ids=77 But this: Setting a subnet mask on the IP address for that would probably help t...
by mkx
Mon Mar 04, 2024 10:52 pm
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 679

Re: Bridge VLAN prerouting

No mkx, I demand that new posters continue to baffle us with minimalist approaches and lack of information.

Oh my, Mr. Hyde is back :lol:
by mkx
Mon Mar 04, 2024 10:43 pm
Forum: RouterBOARD hardware
Topic: Question regarding PoE vs non-PoE versions of the RB5009 [SOLVED]
Replies: 23
Views: 1922

Re: Question regarding PoE vs non-PoE versions of the RB5009 [SOLVED]

When one uses power adapter only to power router (i.e. no PoE-out), then it's better to use PA which outputs lower voltage (but still equal or higher than lowest acceptable input voltage). The reason: router's electronic parts require pretty low voltages (probably anything between 1.8V and 5V), so t...
by mkx
Mon Mar 04, 2024 10:22 pm
Forum: General
Topic: IPv6 taking too long for SLAAC autoconfiguration
Replies: 16
Views: 915

Re: IPv6 taking too long for SLAAC autoconfiguration

It's a known fact that sub-standard implementations of IGMP snoopers interfere with IPv6 (ND is multicast) ... also other vendors have (or used to have) such problems.
by mkx
Mon Mar 04, 2024 10:16 pm
Forum: General
Topic: RB4011iGS+ problem with VLAN mtu after reboot
Replies: 5
Views: 283

Re: RB4011iGS+ problem with VLAN mtu after reboot

Automatic size calculation doesn't take into account that you joined eoip interface as port to a bridge. Automatic size calculation is fine if you use eoip interface as stand-alone interface where MTU size doesn't matter much as any conflicts can be resolved on IP layer. But if it works for you, jus...
by mkx
Mon Mar 04, 2024 10:12 pm
Forum: General
Topic: First Guess at VLAN on the Switch Chip [SOLVED]
Replies: 6
Views: 441

Re: First Guess at VLAN on the Switch Chip [SOLVED]

When thinking about switch-cpu1 port ... just think of your switch chip as having 6 (otherwise equal ports), one of them being named "switch-cpu1" and connected to CPU. So it only has to be member of certain VLAN if CPU has to deal with traffic in that VLAN. E.g. if there's a VLAN which ha...
by mkx
Mon Mar 04, 2024 10:00 pm
Forum: Beginner Basics
Topic: HD space questions
Replies: 3
Views: 284

Re: HD space questions

Having 4MB free out of 16MB of storage is decent. And will probably suffice for v7 as well. Whether 32GB is enough for your future endavours or not is entirely up to you. My MT devices run with zero added storage just fine, but my (home made) multipurpose networked device is tight at 8TB. So YMMV. B...
by mkx
Mon Mar 04, 2024 10:57 am
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 418
Views: 68792

Re: v7.14 [stable] is released!

If values are actually overwritten then it is possible for them to change if defaults are changed ... That would require support in winbox ... either "winbox default config" (which would then depend on winbox version) or winbox would be able to read (and interpret) device's default config...
by mkx
Mon Mar 04, 2024 10:44 am
Forum: General
Topic: secure IPv6 and port forwarding?
Replies: 3
Views: 260

Re: secure IPv6 and port forwarding?

or you'll have to set IPv6 addresses on server-like devices manually. If you use SLAAC/NDP on the LAN side, won’t these server-like devices get the same v6 address each time? In theory yes. But when allowing devices to use SLAAC they often assume multiple addresses: one is MAC address based (and is...
by mkx
Mon Mar 04, 2024 10:31 am
Forum: General
Topic: RB4011iGS+ problem with VLAN mtu after reboot
Replies: 5
Views: 283

Re: RB4011iGS+ problem with VLAN mtu after reboot

I'd say it's a bug ... I'd somehow expect returning MTU to 1500 after disabling EOIP (if EOIP is carried over VLAN, then disabling VLAN will disable EOIP). But I wouldn't expect MTU to remain at 1500 after adding EOIP (with low MTU) back. So I'd say that the bug is that MTUs are not thoroughly check...
by mkx
Mon Mar 04, 2024 9:23 am
Forum: General
Topic: RB4011iGS+ problem with VLAN mtu after reboot
Replies: 5
Views: 283

Re: RB4011iGS+ problem with VLAN mtu after reboot

All devices in same L2 broadcast domain should use same MTU. And hence bridge will assume lowest possible MTU of all member ports. That's because L2 entities (bridges, switches) don't fragment frames, they can either forward them unaltered or drop them. If you want to have "transparent" br...
by mkx
Mon Mar 04, 2024 9:17 am
Forum: General
Topic: First Guess at VLAN on the Switch Chip [SOLVED]
Replies: 6
Views: 441

Re: First Guess at VLAN on the Switch Chip [SOLVED]

Is there any benefit of configuring VLANs this way when supported ? On devices with Qualcomm switch chips (QCAxxxx or ARxxx), mostly present in devices with Qualcomm ASICs (QCAxxxx), bridge is not offloaded to hardware. So if you want to use device as a swtich and have wirespeed performance without...
by mkx
Mon Mar 04, 2024 9:09 am
Forum: RouterBOARD hardware
Topic: new CCR2116 dead after restart
Replies: 1
Views: 217

Re: new CCR2116 dead after restart

You really should be reporting this to support@mikrotik.com ... we, forum members (who are not MT staff in vast majority) won't be able to help you.
by mkx
Mon Mar 04, 2024 9:02 am
Forum: Wireless Networking
Topic: cAP AX Blocking Performance at gigabit?
Replies: 6
Views: 512

Re: cAP AX Blocking Performance at gigabit?

That is a shame. I will have to figure out another solution. You can (almost) always use RBGPOE - a passive PoE injector. It's specified at 2A and can go up to 57V. The only thing it doesn't do: it doesn't free up one power socket ... as you have to use a power adapter to provide power to it (and c...
by mkx
Mon Mar 04, 2024 8:58 am
Forum: Wireless Networking
Topic: Wifi client DNSA-141 disconnects without obvious reason, prefer AP in longer distance
Replies: 11
Views: 1573

Re: Wifi client DNSA-141 disconnects without obvious reason, prefer AP in longer distance

Is there any way to foce CAPSMAN not to restart Wifi when loosing connectivity with CAP ?
No.
by mkx
Mon Mar 04, 2024 8:57 am
Forum: General
Topic: First Guess at VLAN on the Switch Chip [SOLVED]
Replies: 6
Views: 441

Re: First Guess at VLAN on the Switch Chip [SOLVED]

Close. Just keep vlan membership of ports under /interface ethernet switch vlan in line with intended port role. E.g. if ether2 is only supposed to be access port to VLAN 20, then it should only be member of VLAN 20 under this configuration "branch" ... the way it's configured now (PVID a....
by mkx
Mon Mar 04, 2024 8:48 am
Forum: General
Topic: secure IPv6 and port forwarding?
Replies: 3
Views: 260

Re: secure IPv6 and port forwarding?

your router should request a prefix from ISP. That's done by DHCPv6 client. It should store received prefix to address pool. Most ISPs will provide decent prefixes (e.g. /56 or even /48), some will only provide a /64 prefix which is marginally usable (see below). assign an /64 address from pool to ...
by mkx
Mon Mar 04, 2024 8:38 am
Forum: General
Topic: Bridge VLAN prerouting
Replies: 8
Views: 679

Re: Bridge VLAN prerouting

The way I read your description ... are you using multiple bridges? The issue you're having may have to do with HW offload. But I'm really guessing here as you didn't show your configuration (so we can only guess as to what you actually have) nor you mentioned the exact device model (HW offload is u...
by mkx
Mon Mar 04, 2024 8:30 am
Forum: Beginner Basics
Topic: HD space questions
Replies: 3
Views: 284

Re: HD space questions

and am wondering if a usb key would increase the total as HD space, or if it would be counted as different space. Added USB key counts as separate HD space. It can be used for everything that allows to set files location explicitly (the dude, containers, rose storage, logging to disk, ...), but not...
by mkx
Mon Mar 04, 2024 8:22 am
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 621

Re: Question about ingress VLAN translation

This was inspired by a terse note on Mikrotik's documentation https://help.mikrotik.com/docs/display/ROS/CRS3xx%2C+CRS5xx%2C+CCR2116%2C+CCR2216+switch+chip+features#CRS3xx,CRS5xx,CCR2116,CCR2216switchchipfeatures-IngressVLANtranslation . I wonder what type of setup they had in mind, where such VLAN...
by mkx
Sun Mar 03, 2024 5:18 pm
Forum: General
Topic: I can't get my network to work in Gigabit [SOLVED]
Replies: 15
Views: 903

Re: I can't get my network to work in Gigabit [SOLVED]

There are two types of crimp RJ45 connectors. More common are connectors for stranded cables, their contacts have "blades" which, when being crimped, cut into stranded wire cores. The other connector type is for solid cables, their contacts have "fork-like blades", which tear the...
by mkx
Sat Mar 02, 2024 9:10 pm
Forum: General
Topic: I can't get my network to work in Gigabit [SOLVED]
Replies: 15
Views: 903

Re: I can't get my network to work in Gigabit [SOLVED]

Here's the output of /interface ethernet print detail
And what does /interface ethernet ether2 once show?
by mkx
Sat Mar 02, 2024 8:21 pm
Forum: Beginner Basics
Topic: ipv6 ND /64 and PD /48 problems
Replies: 13
Views: 689

Re: ipv6 ND /64 and PD /48 problems

My experience is that sonetimes it is necessary to reboot ROS device in order to fully apply configuration changes. E.g. pool has to be "replenished" for it to be able to start handing out different prefix size.
by mkx
Sat Mar 02, 2024 8:05 pm
Forum: Beginner Basics
Topic: ipv6 issues with hEX S RB760iGS
Replies: 11
Views: 665

Re: ipv6 issues with hEX S RB760iGS

If you went from v6 to v7 via upgrade, then upgrade process converts existing config. Since IPv6 config was empty, it remained empty after upgrade. Upgrade never applies default config. You can see default config (including IPv6) by running command /system/default-configuration/print inside a really...
by mkx
Sat Mar 02, 2024 7:59 pm
Forum: Beginner Basics
Topic: ipv6 ND /64 and PD /48 problems
Replies: 13
Views: 689

Re: ipv6 ND /64 and PD /48 problems

ipv6-dhclient.jpg prefix-length should be set to /64 ... this setting defines prefix sizes which will later be handed out by the pool. If you wan't to "suggest" to upstream DHCP server the prefix (and length) you want to receive, you do it using prefix hint field ... like you already do, ...
by mkx
Sat Mar 02, 2024 7:24 pm
Forum: Beginner Basics
Topic: 2 MIKROTIKs and 2 isolated LANs
Replies: 5
Views: 463

Re: 2 MIKROTIKs and 2 isolated LANs

The clients of LAN B should have access to routers from network A (192.168.88.1 & 192.168.88.100) through,eg Winbox and this will enable me to carry out diagnostics - then I will be able to connect to LAN B and log in to the router. I think I don't have to do anything to achieve this? I'm right...
by mkx
Sat Mar 02, 2024 7:06 pm
Forum: Beginner Basics
Topic: Static Route, i can ping client but not gateway
Replies: 10
Views: 542

Re: Static Route, i can ping client but not gateway

The stove has its own dhcp server which cannot be touched. the stove works like a router, you connect to its ssid via its own wifi and control it from there. It doesn't go online alone. you connect to the stove and control it with its app. I would like to integrate it with my home automation server...
by mkx
Sat Mar 02, 2024 2:48 pm
Forum: Beginner Basics
Topic: ipv6 issues with hEX S RB760iGS
Replies: 11
Views: 665

Re: ipv6 issues with hEX S RB760iGS

On ROS v6, ipv6 package is optional and by default it's not even installed (it has to be downloaded from mikrotik download page in extras archive, unpacked and uploaded to device). And since it's installed later than the rest of system, default setup doesn't get applied (that only gets applied when ...
by mkx
Thu Feb 29, 2024 9:01 pm
Forum: Beginner Basics
Topic: Static Route, i can ping client but not gateway
Replies: 10
Views: 542

Re: Static Route, i can ping client but not gateway

And does the stove have default route set for its own use? The point of my questions is my suspicion that stove (and the rest of devices in that subnet) doesn't know that it gas to use mAP as gateway to communicate with 192.168.0.0/24 (and also internet). Stove needs to be set with proper route conf...
by mkx
Thu Feb 29, 2024 8:49 pm
Forum: Beginner Basics
Topic: Static Route, i can ping client but not gateway
Replies: 10
Views: 542

Re: Static Route, i can ping client but not gateway

Does DHCP setup on stove include default route? If it does, what is it?
by mkx
Thu Feb 29, 2024 8:55 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM fan upgrade
Replies: 2
Views: 378

Re: CRS328-24P-4S+RM fan upgrade

I would have to install such devices in poorly ventilated and hot RACK cabinets ... I'm not sure if your plan is going to work in these conditions. The task of fans is to move ambient air efficiently through device with focus on air flow over hot surfaces. And assumption is that ambient air is suff...
by mkx
Thu Feb 29, 2024 8:38 am
Forum: Wireless Networking
Topic: WIFI AP with WIFI Upstream
Replies: 3
Views: 240

Re: WIFI AP with WIFI Upstream

I'd suggest to go with dual-radio device (i.e. 2.4GHz + 5GHz bands). The reason is requirement for using WiFi as upstream. The problem is that when device uses same radio both in station mode (required to connect to upstream AP) and AP mode (required for wireless devices to connect to it), master in...
by mkx
Thu Feb 29, 2024 8:25 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253283

Re: v7.13.5 [stable] is released!

...and obviously written without the required English skills. OT but stating that and than write "peopleS" more than once ... quite a shot to the knee i might add ;) peopleS is a valid spelling in certain cases. I wouldn't say that @spippan didn't use it correctly in his post. BTW, I'm no...
by mkx
Thu Feb 29, 2024 8:11 am
Forum: General
Topic: L3HW traffic monitoring
Replies: 6
Views: 732

Re: L3HW traffic monitoring

There is no solution for this. L3HW offload implementation doesn't provide any detailed statistics, so if you need it, then ... well, you unfortunately can't use L3HW offload.
by mkx
Thu Feb 29, 2024 8:10 am
Forum: General
Topic: CRS305-1g-4s+ - issues on port mirror
Replies: 1
Views: 173

Re: CRS305-1g-4s+ - issues on port mirror

Show the configuration from /interface/bridge and /interface/ethernet ... it's likely that your switch has HW offload enabled (otherwise it wouldn't be able to switch traffic at wirespeed) and port mirroring doesn't actually work.
by mkx
Wed Feb 28, 2024 7:17 pm
Forum: General
Topic: Address pool for SRC-NAT [SOLVED]
Replies: 5
Views: 448

Re: Address pool for SRC-NAT [SOLVED]

Thanks you both for chipping in! Sounds like what I was expecting. Although @mkx why do you say that "they should not be"? Will that interfere with the nat translations and forward traffic to the wrong place or is that a best-practice suggestion that could also be done differently? If pac...
by mkx
Wed Feb 28, 2024 7:05 pm
Forum: General
Topic: IPv6 between bridges
Replies: 22
Views: 1091

Re: IPv6 between bridges

It seems to me that there's a major error in config ... perhaps on ISP's side. The setup you have is similar to this one from IPv4: ISP router: 1.1.0.1/16 your router WAN: 1.1.0.2/16 your router LAN: 1.1.1.1/24 server in LAN: 1.1.1.2/24 It's clear that ISP's router expects it's able to deliver packe...
by mkx
Wed Feb 28, 2024 4:04 pm
Forum: General
Topic: hapAC2 - Out of HDD space/safe free disk space
Replies: 7
Views: 441

Re: hapAC2 - Out of HDD space/safe free disk space

As @holvoetn wrote: as long as you use those arm/ac devices with 15.8MB storage as simple APs they will (very probably) run just fine. The problem arises if they are used for anything else (e.g. as router as I'm using it, or if one needs any other optional package, e.g. zerotier). In that case ROS m...
by mkx
Wed Feb 28, 2024 3:52 pm
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 621

Re: Question about ingress VLAN translation

I thought the whole idea of routers and smart switches is that the router is only involved when access to the internet is required or cross vlan traffic ( firewall rules ). Yes, but @OP wants to use ACLs to route between src-address=192.168. 20 .17/24 and dst-address=192.168. 30 .17/24 These are di...
by mkx
Wed Feb 28, 2024 3:48 pm
Forum: Beginner Basics
Topic: L009UiGS-RM: Default route is not part of exported configuration (/export command)
Replies: 7
Views: 548

Re: L009UiGS-RM: Default route is not part of exported configuration (/export command)

It's probably a bug. On my audience running 7.13.2 I can see it in export: /ip/route> print Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC; H - HW-OFFLOADED Columns: DST-ADDRESS, GATEWAY, DISTANCE # DST-ADDRESS GATEWAY DISTANCE 0 As 0.0.0.0/0 192.168.99.1 1 DAc 192.168.99.0/24...
by mkx
Wed Feb 28, 2024 3:32 pm
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 621

Re: Question about ingress VLAN translation

I would like to apply simple, local optimization for inter-VLAN routing on the switch via ACL filter rule ... I may be wrong, but IMO you can't do it. Normal hosts work like this: if destination IP address is in the same IP subnet (same subnet address with same network mask), then they expect to co...
by mkx
Tue Feb 27, 2024 8:30 pm
Forum: General
Topic: RB5009 - problem with USB port for LTE modem
Replies: 16
Views: 919

Re: RB5009 - problem with USB port for LTE modem

In this case you may want to ask support@mikrotik.com directly if there's a reason for modem not working in your particular device/ROS combination.
by mkx
Tue Feb 27, 2024 7:51 pm
Forum: General
Topic: hapAC2 - Out of HDD space/safe free disk space
Replies: 7
Views: 441

Re: hapAC2 - Out of HDD space/safe free disk space

hAP ac2 runs great with 7.13+ ... with plenty of free storage (3MB free).

But it does so as wireless-less device (i.e. no wireless or wifi-qcom-ac package installed). Don't we love Mikrotik? :lol:
I couldn't get device work reliably with wifi-qcom-ac installed and config is not that complex.
by mkx
Tue Feb 27, 2024 7:42 pm
Forum: General
Topic: RB5009 - problem with USB port for LTE modem
Replies: 16
Views: 919

Re: RB5009 - problem with USB port

When I connect USB modem - in system/recourse/usb modem appears ... This only proves that USB device is known to host (RB5009), the name is taken from USB IDS database (likely expirt from http://www.linux-usb.org/). But this doesn't mean that ROS has necessary driver available and without driver yo...
by mkx
Tue Feb 27, 2024 7:36 pm
Forum: General
Topic: Address pool for SRC-NAT [SOLVED]
Replies: 5
Views: 448

Re: Address pool for SRC-NAT [SOLVED]

2) Pretty sure 10.20.20.2/29 will need to be added to your WAN interface It really depends on how exactly ISP delivers traffic for the additional IP addresses. If they use "base" IP address as next hop downstream, then none of those addresses need to be present on WAN interface (even more...
by mkx
Tue Feb 27, 2024 7:30 pm
Forum: General
Topic: IPv6 between bridges
Replies: 22
Views: 1091

Re: IPv6 between bridges

When pinging ISP router from br_lan it sends NS but does not get a reply as multicast packet is not forwarded between br_wan and br_lan to host Again: how exactly are you pinging "from br_lan"? I pointed out in post #7 why it is generally flawed due to misunderstanding the meaning of inte...
by mkx
Tue Feb 27, 2024 7:05 pm
Forum: Beginner Basics
Topic: CRS5 multiple vlans [SOLVED]
Replies: 5
Views: 721

Re: CRS5 multiple vlans [SOLVED]

If you don't want to tear bridge apart, then you can change properties of existing item using set command. I.e. if you have /interface/bridge add name=bridge /interface/bridge/port add bridge=bridge interface=ether1 and you want to set pvid for port ether1, you can do it like this: /interface/bridge...
by mkx
Mon Feb 26, 2024 7:52 pm
Forum: Wireless Networking
Topic: Wifi-qcom-ac problem after upgraded to 7.13.4
Replies: 11
Views: 814

Re: Wifi-qcom-ac problem after upgraded to 7.13.4

But if I connected to the ssid using a mobile first, then the esp32 can connect to the ssid right away. I also performed the test on a virtual interface and got the same result. Try to set disable-running-check=yes on wifi interface(s). Reasoning: when there are no stations connected to AP, wifi in...
by mkx
Mon Feb 26, 2024 4:40 pm
Forum: General
Topic: Really strange issue with one single LAN address
Replies: 2
Views: 205

Re: Really strange issue with one single LAN address

Either you have something in router config targeting explicitly the offending IP address ... or you have another device on the network with said address configured and then it causes MAC address conflict which severely disturbs data flow. So far it's impossible to tell if either of my theories have ...
by mkx
Mon Feb 26, 2024 4:24 pm
Forum: General
Topic: How to stop NTP client logging
Replies: 4
Views: 443

Re: How to stop NTP client logging

Hi I have hap ac lite @7.10.2 that bores me with so many NTP entrieson log, I don't understand why it needs to syncronize so often ... Normally if NTP client doesn't have to step clock, it doesn't emit any log. And normally stepping clock only happens shortly after booting device as initial time es...
by mkx
Mon Feb 26, 2024 4:19 pm
Forum: General
Topic: Bridge and Independent VLAN learning - VLAN interfaces locked MAC addresses
Replies: 2
Views: 211

Re: Bridge and Independent VLAN learning - VLAN interfaces locked MAC addresses

AFAIK it's customary to have same MAC address in all VLANs handled by same hardware interface in many OSes. In addition: this is not a problem at all with IVL as all switches will build their FDB with triplets VID+MAC+port. This can be a problem with SVL when different VLANs take different paths (e....
by mkx
Mon Feb 26, 2024 4:07 pm
Forum: General
Topic: IPv6 between bridges
Replies: 22
Views: 1091

Re: IPv6 between bridges

I am adding the default as follows add dst-address=::/0 gateway=2a02:aXXX:8::1%br_wan You should set gateway IPv6 address to address of upstream (i.e. ISP's) router. Not IPv6 address of your WAN interface. If you don't know GUA of ISP's router, then it may be possible to use it's ULA in route defin...
by mkx
Mon Feb 26, 2024 4:03 pm
Forum: General
Topic: IPv6 between bridges
Replies: 22
Views: 1091

Re: IPv6 between bridges

As mentioned in post #5 tested also different /64 on both br_wan and br_lan, they can not reach each other

As mentioned in post #7 above, your testing is flawed.
by mkx
Sun Feb 25, 2024 11:53 pm
Forum: General
Topic: install a paskage via consile
Replies: 3
Views: 292

Re: install a paskage via consile

After you place optional package to the root of router's storage, it'll get installed (if it's correct for the device) automatically when you reboot device.
by mkx
Sun Feb 25, 2024 11:49 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 819

Re: Isolated Guest WiFi Sans VLANs

I thought I made it clear in the article that we're talking about a home Internet gateway. I've skimmed through the article again and it's still not clear to me that the article is about adding guest wifi on the main router device. I guess you put too much emphasis on how much you loathe VLANs :win...
by mkx
Sun Feb 25, 2024 11:38 pm
Forum: RouterBOARD hardware
Topic: RBM11G v6.49.13 upgrading to v7?
Replies: 2
Views: 391

Re: RBM11G v6.49.13 upgrading to v7?

Check logs immediately after device reboots (as part of upgrade procedure), it should state the reason for not upgrading.
by mkx
Sun Feb 25, 2024 11:35 pm
Forum: General
Topic: Firewall input chain and broadcast packets
Replies: 4
Views: 1125

Re: Firewall input chain and broadcast packets

The bottom line is that in the wilderness of internet the only safe approach is to block all except what you know you have to pass. So you can either create a bunch of drop rules (anything you can think of) and make your router a bit slower (because some packets will have to traverse many drop rules...
by mkx
Sun Feb 25, 2024 11:19 pm
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 750

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

And you're sure there isn't another path between 172.20.255.249 and 172.22.2.11 which would allow packets to bypass your RB?
by mkx
Sun Feb 25, 2024 11:05 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 819

Re: Isolated Guest WiFi Sans VLANs

It's hard to tell if your setup is "water tight" because it very much depends on the rest of configuration of the wireless device itself and on overall topology of your network. You didn't give that context in your article and that makes your article IMO pretty useless for a random reader....
by mkx
Sun Feb 25, 2024 10:42 pm
Forum: Beginner Basics
Topic: RB951Ui-2HnD
Replies: 6
Views: 493

Re: RB951Ui-2HnD

Web-proxy (transparent) ?

That would only work for HTTP (no S) which is quickly becomming extinct these days.
by mkx
Sun Feb 25, 2024 10:39 pm
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 750

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

Can you add "log=yes" to the drop invalid rule and show a few log lines? I don't see anything utterly wrong in config ... but seeing exact logs may help to get closer to the problem.
by mkx
Sun Feb 25, 2024 10:08 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 8284

Re: VLANS creation and testing-AX2

I also notice that the AX3 router has no switch chips ...

Has one ... it's part of SoC, but needs external PHYs.
by mkx
Sun Feb 25, 2024 5:16 pm
Forum: General
Topic: IPv6 between bridges
Replies: 22
Views: 1091

Re: IPv6 between bridges

A typical setup would be the ISP provides a /64 just for the WAN link and a /48 routed to your address on that link. Another option is for ISP to provide /48 (or /56) via DHCPv6 prefix delegation and routing (etc.) via RAs. It can be a "statically assigned" prefix, just like "static ...
by mkx
Sun Feb 25, 2024 5:08 pm
Forum: General
Topic: IPv6 between bridges
Replies: 22
Views: 1091

Re: IPv6 between bridges

Ping from br_lan to br_wan does not work /ping 2a02:a3XX:8:1::1 interface=br_lan With the command quoted you told ROS to "ping said address, but use br_lan as egress interface" ... which is overriding routing decission. And IPv6 address of br_wan is not accessible via br_lan. In short: yo...
by mkx
Sun Feb 25, 2024 5:00 pm
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 750

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

There should be another rule for posters: post actual config, not the script which is supposed to add wanted functionality.

Because it's everybody's guess how device is configured prior to application of published script. But that does matter. A lot.
by mkx
Fri Feb 23, 2024 2:44 pm
Forum: General
Topic: UDP faster than TCP - why?
Replies: 4
Views: 392

Re: UDP faster than TCP - why?

I testet with UDP (single stream) and it reached almost 850-900 Mbps throughput. The questiosn is - and what I want to understand -, why has TCP vs. UDP such an immense influence in regards to the throughput? Did you see this number reported by receiver? One of big differences is that TCP is acknow...
by mkx
Fri Feb 23, 2024 2:04 pm
Forum: General
Topic: Masquerade with Multiple IPs
Replies: 3
Views: 283

Re: Masquerade with Multiple IPs

Masquerade does slight magic when deciding which IP address to use for SRC-NAT and gracefully handles changes. But I don't think it handles multiple IP addresses on egress interface in any particular way, so it probably simply uses one (possibly the first one configured).
by mkx
Fri Feb 23, 2024 1:53 pm
Forum: Beginner Basics
Topic: router not broadcasting wifi
Replies: 12
Views: 780

Re: router not broadcasting wifi

Where were you when I said ...
Wasn't it @anav who said that? :wink:
by mkx
Thu Feb 22, 2024 6:43 pm
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 46670

Re: v7.14rc [testing] is released!

Isn't it recommended by Mikrotik documentation in the L3HW docs and the basic VLAN docs to not place a VLAN directly on top of a physical interface? It is. But that's only true for devices supporting L3HW (which RB5009 doesn't). Which in turn only works for "plain" VLANs ... but we're dis...
by mkx
Wed Feb 21, 2024 8:49 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253283

Re: v7.13.5 [stable] is released!

After upgrade from 7.12.1 to 7.13.5 (but surely it will be the case with any 7.13.x version), wireless package was also present, eating away precious storage space. Why ? On a switch ? Because upgrader is obviously pretty stupid (as it can't only install e.g. wireless driver for device's chipset) a...
by mkx
Wed Feb 21, 2024 8:41 pm
Forum: RouterBOARD hardware
Topic: New L11UG-5HaxD
Replies: 28
Views: 5999

Re: New L11UG-5HaxD

So no, bridging still doesn't work between old/new wireless packages.
As the rumours go it'll stay this way ... i.e. no bridging between wifi and wireless drivers ... ever.
by mkx
Wed Feb 21, 2024 7:58 pm
Forum: Wireless Networking
Topic: Do hAP ax2/3 support AP + STA mode?
Replies: 2
Views: 273

Re: Do hAP ax2/3 support AP + STA mode?

On MT devices with dual radio (e.g, 2.4GHz + 5GHz) these are idependent abd can be configured in completely different manners. So yes, you can configure e.g. 2.4GHz radio as station and 5GHz radio as AP. And yes, the "uplink radio" can be stand-alone in L2 sense, so traffic has to be route...
by mkx
Wed Feb 21, 2024 6:38 pm
Forum: Beginner Basics
Topic: Translate the income ip to the ethernet
Replies: 4
Views: 388

Re: Translate the income ip to the ethernet

So there's a SRC-NAT rule which triggers on connections from internet to your server. If you post your config, we might be able to find it.
by mkx
Wed Feb 21, 2024 6:32 pm
Forum: Beginner Basics
Topic: CRS125-24G-1S - Internet Link
Replies: 9
Views: 711

Re: CRS125-24G-1S - Internet Link

I don't know, but if the published tests talk of 240-250 with 25 firewall rules and you get 100-130 with 10 (or 7), it sounds like there is *something else* slowing down the network. AFAIK test results are achievable if fasttrack is in use, otherwise not easily. OP's config is a slight mess as it p...
by mkx
Mon Feb 19, 2024 9:34 pm
Forum: General
Topic: How to completelly kill all traces of V6 config
Replies: 2
Views: 292

Re: How to completelly kill all traces of V6 config

When running netinstall, there's option called "Keep old configuration" ... make sure it's not checked.
by mkx
Sun Feb 18, 2024 7:28 pm
Forum: Wireless Networking
Topic: Old wireless driver compatibility issue
Replies: 4
Views: 490

Re: Old wireless driver compatibility issue

My experience with a few legacy MT wireless devices is that they normally work up to around 5700MHz (country regulations permitting), so U-NII-1 and U-NII-2 (A,B and C). Higher than that they are iffy.

I don't think this is well documented in official documents (if at all).
by mkx
Sun Feb 18, 2024 6:18 pm
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1680

Re: Bridge filter rules not working

Feel for you buddy, looking at at CRS310 I just took out of the box. :-)
Anytime you want to wireguard in and look around let me know.
I don't think CRS310 is that sexy :wink:
by mkx
Sat Feb 17, 2024 10:29 pm
Forum: Wireless Networking
Topic: Old wireless driver compatibility issue
Replies: 4
Views: 490

Re: Old wireless driver compatibility issue

Which channel is used by AP (running wifi-qcom-ac driver)? I believe that wifi driver supports U-NII-3 channels (5720MHz and upwards), it seems that they are even preferred. Legacy wireless driver might not support them (or it supports them in a weird way, I couldn't make it use proper channel centr...
by mkx
Sat Feb 17, 2024 9:26 pm
Forum: General
Topic: Bridge and VLAN Interface on bridge MTU problem : MTU needs to be L2MTU - 1 ??
Replies: 2
Views: 294

Re: Bridge and VLAN Interface on bridge MTU problem : MTU needs to be L2MTU - 1 ??

We should be able to put the same MTU as the L2MTU. Generally setting MTU to a random value is wrong. Generally all devices in same IP subnet (which talk to each other without gateway) should have the same MTU set and unless one knows (much better) industry standard value of 1500 is safe to stick t...
by mkx
Fri Feb 16, 2024 11:04 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 8284

Re: VLANS creation and testing-AX2

CRSxxx are switches. And all have L2 HW offload. It's just that on CRS1xx and 2xx bridge can HW offload only basic switching (non-VLAN aware, etc.) while on CRS3xx and CRS5xx bridge can offload VLANs as well. This is what HW property on bridge ports is all about. But we didn't mention routing yet. B...
by mkx
Fri Feb 16, 2024 10:33 pm
Forum: Beginner Basics
Topic: MikroTik switch and Unifi Switch can no longer negotiate 10Gb connection over SFP+
Replies: 6
Views: 775

Re: MikroTik switch and Unifi Switch can no longer negotiate 10Gb connection over SFP+

Maybe I should revert back to e.g. 7.12 or earlier? If the MT-UFi combination worked back then, then downgrade would be a sensible action. But before doing it, create a supout.rif file (while MT and UFi are connected but don't negotiate 10Gbps) andvopen a trouble ticket with support@mikrotik.com .....
by mkx
Fri Feb 16, 2024 9:45 am
Forum: General
Topic: UDP Packet Mark
Replies: 1
Views: 263

Re: UDP Packet Mark

How exactly did you configure marking? And which UDP packets should be marked? And what do you mean by "traffic is not captured"?
by mkx
Thu Feb 15, 2024 11:00 pm
Forum: General
Topic: Vlan configuration with trunk port
Replies: 1
Views: 286

Re: Vlan configuration with trunk port

Post configuration of your mikrotik: open terminal window, execute /export file=anynameyouwish (and add hide-sensitive if device is running ROS v6), fetch file to your computer, open it with text editor and copy-paste it inside [ code] [/code] environment. Redact any remaining sensitive information ...
by mkx
Wed Feb 14, 2024 8:45 pm
Forum: Wireless Networking
Topic: hap ac2 switch chip vlan and WIFI setup with remote capsman
Replies: 10
Views: 721

Re: hap ac2 switch chip vlan and WIFI setup with remote capsman

Bridge MAC addresses are obfuscated, so not sure if this is relevant: I strongly recommend to set different MAC addresses to bridges. Just in case.
by mkx
Wed Feb 14, 2024 8:41 pm
Forum: General
Topic: 2 Station bridge and 1 master
Replies: 1
Views: 218

Re: 2 Station bridge and 1 master

I don't see why not.
by mkx
Tue Feb 13, 2024 9:22 am
Forum: SwOS
Topic: private VLAN for SAN to servers? [SOLVED]
Replies: 2
Views: 569

Re: private VLAN for SAN to servers? [SOLVED]

Under the VLAN tab I specified "enabled" and "only tagged" for those two ports. Which means that devices, connected to these two ports, have to be configured for tagged operation as well. Are they? If SAN and servers don't work with tagged VLANs, then you have to configure these...
by mkx
Tue Feb 13, 2024 9:19 am
Forum: RouterBOARD hardware
Topic: L11UG-5HaxD and 160mhz?
Replies: 1
Views: 432

Re: L11UG-5HaxD and 160mhz?

If the 2400Mbps number is correct, then it has to support 160MHz channels.
by mkx
Mon Feb 12, 2024 7:37 pm
Forum: Wireless Networking
Topic: hap ac2 switch chip vlan and WIFI setup with remote capsman
Replies: 10
Views: 721

Re: hap ac2 switch chip vlan and WIFI setup with remote capsman

I'm not using CAPsMAN (my hAP ac2 is currently wireless-less), so only like 2/3 of required config: interface bridge add admin-mac=BA:69:F4:xx:yy:zz auto-mac=no name=bridge port-cost-mode=short add admin-mac=B2:69:F4:xx:yy:zz auto-mac=no name=bridge41 add admin-mac=BE:69:F4:xx:yy:zz auto-mac=no name...
by mkx
Mon Feb 12, 2024 7:22 pm
Forum: General
Topic: WireGuard throughput depending on running torch [SOLVED]
Replies: 9
Views: 736

Re: WireGuard throughput depending on running torch [SOLVED]

Here I started torch at ~4s to and stopped at ~12s: Hmm, it seems we'll have to educate @Mesquite (just like we had to educate @anav): torch disables fasttrack. And this prompts to reading the tutorial @rooterle linked ... which introduces mangle rules. And we all know that fasttrack and mangle rul...
by mkx
Mon Feb 12, 2024 12:25 pm
Forum: General
Topic: PPPoE Bonding - MLPPP vs Bonding vs NTH?
Replies: 1
Views: 290

Re: PPPoE Bonding - MLPPP vs Bonding vs NTH?

I think that middle option (bonding with PPPoE on it) wouldn't really work, PPPoE is an L2 point-to-point protocol, so src and dst MAC are always the same and no proper Tx strategy will be able to spread traffic of single PPPoE connection over multiple physical links (if there are multiple PPPoE con...
by mkx
Mon Feb 12, 2024 12:01 am
Forum: Wireless Networking
Topic: hap ac2 switch chip vlan and WIFI setup with remote capsman
Replies: 10
Views: 721

Re: hap ac2 switch chip vlan and WIFI setup with remote capsman

is it possible to create config with vlans using switch chip features and working wifi? It is possible, but it involves quite a few tricks outside "the beaten path" ... so not for the faint of heart. Before taking that path one has to ask himself what gains are expected ... realistically.
by mkx
Sun Feb 11, 2024 11:55 pm
Forum: General
Topic: Can't access hEX (pretty urgent) [SOLVED]
Replies: 30
Views: 1765

Re: Can't access hEX (pretty urgent) [SOLVED]

Not really. If export was "verbose", then you could reset the new one to empty config, then importing it wouldn't clash with config already present. If export is not "verbose", then some things may be different (or missing). Not many, but still ...
by mkx
Sat Feb 10, 2024 4:31 pm
Forum: General
Topic: L009UiGS-RM low transfer and high CPU usage [SOLVED]
Replies: 14
Views: 1015

Re: L009UiGS-RM low transfer and high CPU usage [SOLVED]

hAP ax2: 2625Mbps ... winner in "bang for buck" category.
by mkx
Fri Feb 09, 2024 11:32 pm
Forum: Beginner Basics
Topic: L2TP connection and the same LAN subnet IP
Replies: 10
Views: 1014

Re: RDP connection and the same LAN subnet IP

It's not about tunnel establishnent, it's about pushing routes from server to client. On MT L2TP those are configured for each user (these are created under /ppp/secret and routes are defined with property routes ). Corporate IP subnets should be set here along with L2TP server's tunnel local addres...
by mkx
Fri Feb 09, 2024 6:37 pm
Forum: General
Topic: Changelog Question
Replies: 21
Views: 1059

Re: Changelog Question

I'm saying that reset to defaults would be great ... and I've only mentioned wifi as an example why other parts of config (apart from firewall) would benefit from it as well. One case is to get anything (other than nothing and disabled interfaces), the other case is to start over with configuration ...
by mkx
Fri Feb 09, 2024 6:15 pm
Forum: General
Topic: Changelog Question
Replies: 21
Views: 1059

Re: Changelog Question

In 7.13 ability to reset /interface/wifi to defaults would be welcome for all WiFi5 devices previously running legacy wireless driver.
Actually, it does exist.
Great. But the command name is non-descriptive. Does it reset all the profiles as well?
by mkx
Fri Feb 09, 2024 5:53 pm
Forum: General
Topic: Changelog Question
Replies: 21
Views: 1059

Re: Changelog Question

It would be helpful when there was a separate commend/button to "reset firewall to default" Actually it would be good to have option to "reset to defaults" any configuration subsection. In 7.13 ability to reset /interface/wifi to defaults would be welcome for all WiFi5 devices p...
by mkx
Fri Feb 09, 2024 5:28 pm
Forum: General
Topic: Hex crashing with 7.5
Replies: 6
Views: 896

Re: Hex crashing with 7.5

If you have any special characters in your user name, for eg. š,č,ć
So đ and ž are fine? :lol:
by mkx
Fri Feb 09, 2024 5:17 pm
Forum: Beginner Basics
Topic: Drop invalid FW forward
Replies: 15
Views: 847

Re: Drop invalid FW forward

A comment on logged items: when either client or server decides to finish TCP connection, it'll send a packet with flags ACK and FIN to the other party. The other party will respond with FIN ACK as well. And any of parties might re-send FIN ACK (to make sure that the other party "gets it")...
by mkx
Fri Feb 09, 2024 3:29 pm
Forum: Beginner Basics
Topic: The ABC of CAPsMAN v2 (with updates) [SOLVED]
Replies: 46
Views: 3293

Re: The ABC of CAPsMAN v2 (with updates) [SOLVED]

And IMHO the possibility to override settings from an inherited profile is neat in some cases.

I'm not saying it's not neat, I agree with that. I'm saying that it's misleading (or confusing) as witnessed by @OP's experience.
by mkx
Fri Feb 09, 2024 8:56 am
Forum: Beginner Basics
Topic: L2TP connection and the same LAN subnet IP
Replies: 10
Views: 1014

Re: RDP connection and the same LAN subnet IP

Some VPN software (clients in conjunction with server) solve the problem by disabling access to client local LAN entirely ... routing all the traffic (excluding VPN packets obviously) through VPN interface. Including local IP subnet. This then solves the problem you're seeing but introduces another ...
by mkx
Fri Feb 09, 2024 8:49 am
Forum: Beginner Basics
Topic: The ABC of CAPsMAN v2 (with updates) [SOLVED]
Replies: 46
Views: 3293

Re: The ABC of CAPsMAN v2 (with updates) [SOLVED]

When writing configuration profiles to be provisioned, each profile has a section where you select the security profile. This is where the problem occurs. The selection of the security profile does not fill-in the form: the authentication types and passphrase are not filled in automatically. Why sh...
by mkx
Fri Feb 09, 2024 8:39 am
Forum: General
Topic: Bricked RB1100AHX4
Replies: 5
Views: 479

Re: Bricked RB1100AHX4

Hooked a console cable up and here is the output Nothing after that? It seems like routerboot is fine. I'd check power supplies though. A few years ago MT had a batch of bad capacitors which bulged with time (and devices started to misbehave in most strange ways). This problem affected both power s...
by mkx
Fri Feb 09, 2024 8:34 am
Forum: General
Topic: Hex crashing with 7.5
Replies: 6
Views: 896

Re: Hex crashing with 7.5

I tried NetInstall, the device does not appear in the Router/Drives section. I noticed the LAN connection is also coming on and off along with the blinking USR/LAN led. It seems like router in in a boot loop. Netinstall should work, however netinstall is a very fragile process (linux breed not so m...
by mkx
Thu Feb 08, 2024 7:26 pm
Forum: Beginner Basics
Topic: CRS5 multiple vlans [SOLVED]
Replies: 5
Views: 721

Re: CRS5 multiple vlans [SOLVED]

According to this tutorial. Single bridge, two VLANs (ports either untagged/access or tagged/trunk). Bridge port doesn't have to be member of any (apart for management VLAN), certainly not having IP address (so no risk of CRS becoming a router).
by mkx
Thu Feb 08, 2024 1:24 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253283

Re: v7.13.4 [stable] is released!

Today MT sites are slow for me, e.g. downloading PDF (a few MB brochure) takes ages. Forum keeps asking me to log in. Some other sites work just fine. And I'm not running 7.13.4. So what gives?
by mkx
Thu Feb 08, 2024 1:10 pm
Forum: RouterBOARD hardware
Topic: CUBE 60 AC vs CUBE 60 PRO SA
Replies: 2
Views: 442

Re: CUBE 60 AC vs CUBE 60 PRO SA

Is your wAP 60G "normal wAP 60G or "AP" variant? If it's "normal", then you can't connect second client (i.e. option 2 is not feasible).
by mkx
Thu Feb 08, 2024 1:03 pm
Forum: RouterBOARD hardware
Topic: New hAP ax lite LTE
Replies: 199
Views: 25241

Re: New hAP ax lite LTE

Other cell tower and other band so may be normal.
Not necessarily different cell tower but definitely different band (2600MHz now vs. 1800MHz before).
by mkx
Thu Feb 08, 2024 12:57 pm
Forum: Wireless Networking
Topic: Wifi master interface not available on RB4011 [SOLVED]
Replies: 1
Views: 392

Re: Wifi master interface not available on RB4011 [SOLVED]

2.4GHz interface on RB4011 is not supported by new wifi drivers. Installing new wifi drivers disables loading the old ones. Additionally: replacing wireless with wifi doesn't convert old config, it has to be done from scratch. Read through this thread: https://forum.mikrotik.com/viewtopic.php?t=202578
by mkx
Thu Feb 08, 2024 12:49 pm
Forum: Beginner Basics
Topic: hap ax2 config copied to hap ax3?
Replies: 73
Views: 2944

Re: hap ax2 config copied to hap ax3?

Recommended reading about all the bridge personalities: viewtopic.php?t=173692

It should help understand VLAN tutorial better.
by mkx
Thu Feb 08, 2024 12:45 pm
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1680

Re: Bridge filter rules not working

I don't have a CRS3xx device, so discussion in this thread is now beyond my knowledge.
by mkx
Wed Feb 07, 2024 6:44 pm
Forum: Announcements
Topic: v6.49.13 [stable] is released!
Replies: 24
Views: 17996

Re: v6.49.13 [stable] is released!

Why not provide a migration script?

Your script is inefficient ;-) . Here's one that does the same but using single command, fixed for use in v6:
/ipv6 firewall filter set dst-port=33434-33534 !port  [find comment="defconf: accept UDP traceroute" port=33434-33534]
by mkx
Wed Feb 07, 2024 6:40 pm
Forum: RouterBOARD hardware
Topic: CCR1072 1G-Port Speed and security
Replies: 3
Views: 499

Re: CCR1072 1G-Port Speed and security

Apart from being handled less efficiently by Tile CPU (it's handled via PCIe drivers etc. instead of directly by CPU like SFP+ ports) the only special treatment is that it's used for netinstall.
by mkx
Wed Feb 07, 2024 5:52 pm
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1680

Re: Bridge filter rules not working

I'd say that with bridge filters is similar to firewall filter: the lower the number of filters the better performance. But it all depends on what needs to be done. Which includes the ultimate drop all rule.
by mkx
Wed Feb 07, 2024 3:44 pm
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1680

Re: Bridge filter rules not working

I'm pretty sure that accept and drop packets are different ... and thus trigger different rules. E.g.: 10:08:18 firewall,info accept forward: in:ether6 out:sfp1, connection-state:invalid src-mac 40:ed:00:a2:4a:b5, dst-mac ff:ff:ff:ff:ff:ff, eth-proto 0806 10:08:18 firewall,info drop forward: in:sfp1...
by mkx
Wed Feb 07, 2024 9:24 am
Forum: Wireless Networking
Topic: Wifi Disable [SOLVED]
Replies: 5
Views: 666

Re: Wifi Disable [SOLVED]

Try to set "disable-running-check=yes" on wifi interfaces. Reasoning: when no wifi station is connected to AP, then interface becomes "not running". And this signals to bridge that port is disconnected. When first station connects to AP, interface transitions to "running&quo...
by mkx
Wed Feb 07, 2024 9:02 am
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1680

Re: Bridge filter rules not working

According to docs, bridge filter rules should behave like firewall filter rules (i.e. rule order matters, first matching executes and processing of further rules does not happen). Action to take if packet is matched by the rule: accept - accept the packet. No action, i.e., the packet is passed throu...
by mkx
Wed Feb 07, 2024 8:54 am
Forum: Beginner Basics
Topic: CCR2004-16G-2S multiple bridges or not?
Replies: 36
Views: 2662

Re: CCR2004-16G-2S multiple bridges or not?

Bottom-line, single bridge means packet is punted to CPU for inter-switch chip traffic… Don't know how I was wrong at all. Re-read post #10 above ... you claimed that single bridge means reduced throughput (you didn't go with CPU punting initially). And you claimed that one would have to use short ...
by mkx
Wed Feb 07, 2024 8:47 am
Forum: Beginner Basics
Topic: after subnet change, Winbox has no path to directly wired router
Replies: 11
Views: 917

Re: after subnet change, Winbox has no path to directly wired router

It's crucial to be aware that change of IP address used by router requires change in several places: /ip/address (ant make sure you define proper subnet mask, e.g. /24, without setting it default is /32, so single-host "network" only) possibly /ip/route /ip/dhcp-server/pool /ip/dhcp-server...
by mkx
Wed Feb 07, 2024 8:37 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253283

Re: v7.13.3 [stable] is released!

If they did it, then it was a poor design decission. It all boils down to space. Each package have its own overhead. The question is: "does the package overhead is bigger or smaller than the space we save breaking it up?" Mikrotik says it's bigger. I have no idea - but I think they know i...
by mkx
Tue Feb 06, 2024 11:15 pm
Forum: General
Topic: Possible problem with VLAN [SOLVED]
Replies: 11
Views: 1014

Re: Possible problem with VLAN [SOLVED]

@Mesquite: my latest post is reply to request by @anav, it doesn't relate to config by @OP in any way. Added a warning in nice large letters not to mislead any potential reader.

Alas: as I wrote, it can be used as complete config of a switch (but I'm not asserting any context).
by mkx
Tue Feb 06, 2024 11:11 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253283

Re: v7.13.3 [stable] is released!

And for static routes linux doesn't need to run any daemons.
It still needs some user-land program to manage static routes, and I strongly suspect they put everything routing into a single binary.
If they did it, then it was a poor design decission.
by mkx
Tue Feb 06, 2024 10:56 pm
Forum: General
Topic: Possible problem with VLAN [SOLVED]
Replies: 11
Views: 1014

Re: Possible problem with VLAN [SOLVED]

I'm not good in plain English, it's alien to me (or is foreign correct word? :wink:) Warning: config in this post is a hypothetical example and has nothing to do with actual config by @OP Example: device is used as a switch, so there's a bridge spanning ether1-5 and SFP. There are a few VLANs, e.g. ...
by mkx
Tue Feb 06, 2024 10:01 pm
Forum: General
Topic: User poll about using Winbox
Replies: 97
Views: 53164

Re: User poll about using Winbox

Don't get me wrong, I'm not against having native linux version of winbox (and I don't really care about macOS :wink:), I'm just saying that rewriting it in java would be dumbest thing to do (and, let's admit it, java application isn't native in any of normal OSes, android is not one). But if MT doe...
by mkx
Tue Feb 06, 2024 9:43 pm
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1680

Re: Bridge filter rules not working

Error on my side could be is that i disabled HW offload on ether6 and not on the other ports... So far I lived with belief that it's enough to disable HW offload on one of ports involved in communication and the whole (bi-directional) traffic should pass CPU. It does serm that sometimes a power cyc...
by mkx
Tue Feb 06, 2024 9:34 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253283

Re: v7.13.3 [stable] is released!

In 7.13.3 arm npk route binary is actually the largest one, it is so huge at 541k compressed (1.4M unpacked) that I am pretty sure it contains linked in some kind of routing daemons to support OSPF, BGP, RIP etc... and although separating those daemons probably would not be an easy task it makes se...
by mkx
Tue Feb 06, 2024 2:32 pm
Forum: Announcements
Topic: v6.49.13 [stable] is released!
Replies: 24
Views: 17996

Re: v6.49.13 [stable] is released!

I diffed for you all: Tanks 1000x! Now I can skip upgrade and do the right thing (which is harden the firewall) which wouldn't happen as @infabo rightfully points out). And, BTW, 7.13.2 has same (erroneous) IPv6 firewall rule in default config. And documentation as of writing this has the same rule...
by mkx
Tue Feb 06, 2024 12:30 pm
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1680

Re: Bridge filter rules not working

I tried to disable HW offload but then there is no connection with or without rules. The thing is: as long as HW offload is active, you won't be able to block unicast traffic between pair of offloaded ports using firewall ... for that traffic has to pass via CPU. The reason you're seeing multicasts...
by mkx
Tue Feb 06, 2024 9:15 am
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 1680

Re: Bridge filter rules not working

/interface bridge filter add action=drop chain=forward in-interface=ether6 log=yes log-prefix=filter \ src-mac-address=10:27:F5:66:03:36/FF:FF:FF:FF:FF:FF Using bridge port as in-interface isn't correct AFAIK. If using use-ip-firewall=yes , then it should be possible to use in-bridge-interface inst...
by mkx
Tue Feb 06, 2024 8:43 am
Forum: Beginner Basics
Topic: Default Firewall Rules for CRS326
Replies: 6
Views: 592

Re: Default Firewall Rules for CRS326

I have 800/20 Mbps internet connection (via Motorola cable modem). It seems hAP x2 might be a bit lean. hAP ac2 seems to perform roughly the same as hAP ax2 (test results are not directly comparable 1:1, ac2 was tested running ROS v6 and it's known that ROS v6 has a bit better routing performance t...
by mkx
Tue Feb 06, 2024 8:28 am
Forum: General
Topic: User poll about using Winbox
Replies: 97
Views: 53164

Re: User poll about using Winbox

Please rewrite winbox in Java, so that non-Windows users can finally remove 2GB of wine... . WebFig is built-in and sufficiently useful Winbox is not built-in and superfluous So we can agree that the only essential difference between Winbox and WebFig is the ability of former to connect device even...
by mkx
Mon Feb 05, 2024 10:19 pm
Forum: Beginner Basics
Topic: Default Firewall Rules for CRS326
Replies: 6
Views: 592

Re: Default Firewall Rules for CRS326

Depending on your WAN speed you might get away by purchasing a humble ARM-based miktotik to be used as router. It seems that hAP devices provide best price/performance ... in particular hAP ax2 or hAP ax3 or hAP ac2. They all consume up to around 15W. WiFi is a bonus (or you can disable it or even u...
by mkx
Mon Feb 05, 2024 8:13 pm
Forum: Beginner Basics
Topic: Default Firewall Rules for CRS326
Replies: 6
Views: 592

Re: Default Firewall Rules for CRS326

Two things: CRS is a switch, not a router and definitely not a firewall. Yes, since it can run ROS, it can perform those tasks ... but very slowly. Default config of CRS is config of a switch. If you, despites bullet #1 above, insist on using it as router/firewall, then you'll have to configure it. ...
by mkx
Mon Feb 05, 2024 8:04 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253283

Re: v7.13.3 [stable] is released!

Switches are not a problem, ROS 7.13.2 running on ARM (hAP ac2) without any wireless package uses around 12.2MB storage (switches should be fine without any optional packages).
Problem are all ARM wireless devices with 16MB flash.
by mkx
Mon Feb 05, 2024 4:56 pm
Forum: General
Topic: Bridge filter rules.. Dropping all devices except my access points
Replies: 9
Views: 549

Re: Bridge filter rules.. Dropping all devices except my access points

And how to do it for eg on L009 ? Is it better to use bridge filter rules or firewall rules ? Since you have to choose between CPU-intensive (bridge filter) and CPU-intensive (firewall filter) and it's about MAC stuff (i.e. L2), I'd choose bridge filters. L009 doesn't support bridge L2HW offload so...
by mkx
Mon Feb 05, 2024 4:54 pm
Forum: General
Topic: Bridge filter rules.. Dropping all devices except my access points
Replies: 9
Views: 549

Re: Bridge filter rules.. Dropping all devices except my access points

Sooo I ended up changing the access points to the VLANs and then setting ports to Admit-only-vlan-tagged.. but now they dont show up on /ip neighbor print.
Did you adjust discover-interface-list (and/or interface list membership)? Under /ip/neighbor/discovery-settings/ ...
by mkx
Mon Feb 05, 2024 2:48 pm
Forum: General
Topic: using POE to power the CCR1009 on port 7 [SOLVED]
Replies: 2
Views: 449

Re: using POE to power the CCR1009 on port 7 [SOLVED]

I didn't check the specs of those power supplies, but in principle any of them would do as long as it provides at least 39W of power (and that the UTP cable between RBGPOE and CCR1009 is not too long). Or whatever your particular breed of CCR1009 (there are several) is specified to consume. RBGPOE i...
by mkx
Mon Feb 05, 2024 2:40 pm
Forum: Beginner Basics
Topic: Apache on public IP ( Forwarding )
Replies: 9
Views: 512

Re: Apache on public IP ( Forwarding )

Shouldn't port 80 be enabled and started in the IP service list? In the photo I sent you, only port 8291 is open. No, this is list of services provided by router (port 80 is used for WebFix ... since you're using WinBox, you probably don't need WebFig). NAT has no relation with the list on this scr...
by mkx
Mon Feb 05, 2024 2:24 pm
Forum: Beginner Basics
Topic: Problem with VLAN and WebFig [SOLVED]
Replies: 3
Views: 480

Re: Problem with VLAN and WebFig [SOLVED]

First of all, disable detect internet function, it serves no purpose in your case: /interface detect-internet set detect-interface-list=none Is this complete config? Default config on SOHO devices contains lot more and many things are depending on LAN and WAN interface list membership current. The c...
by mkx
Sun Feb 04, 2024 10:07 pm
Forum: RouterBOARD hardware
Topic: Switch with two SFP port [SOLVED]
Replies: 11
Views: 1046

Re: Switch with two SFP port [SOLVED]

Not so sure, both of them have only 16MB of storage so you could run into same issue you ran into with hex lite. With 7.13 it's possible to uninstall wireless (on hAP lite it's sensible to keep it) which makes lots of free space on permanent storage. And I'm pretty sure that ROS v7 runs comfortably...
by mkx
Sun Feb 04, 2024 11:56 am
Forum: General
Topic: Bridge filter rules.. Dropping all devices except my access points
Replies: 9
Views: 549

Re: Bridge filter rules.. Dropping all devices except my access points

AFAIK adding bridge filters on CRS3xx drops L2 HW offload. On those switches one should be using ACLs under /interface ethernet switch rule .

I'd go with VLANs though, makes adding devices (or moving them between switches) so much easier.
by mkx
Sun Feb 04, 2024 11:27 am
Forum: Beginner Basics
Topic: hap ax2 config copied to hap ax3?
Replies: 73
Views: 2944

Re: hap ax2 config copied to hap ax3?

Rebooting a router is highly disruptive to all LAN ... the fix would be not to do it. In particular: is your PC connnected directly to router (either by wire or wireless)? If not (e.g. there's a switch / another AP in between), then PC doesn't notice that LAN got disrupted and assumes it doesn't hav...
by mkx
Sun Feb 04, 2024 11:13 am
Forum: Beginner Basics
Topic: From slave to master port eth1 - how to fix?
Replies: 1
Views: 292

Re: From slave to master port eth1 - how to fix?

Having a bridge implies multiple member ports. Additionally adding an interface to a bridge demotes it to port, interface "duties" are transfered to bridge "interface". So you should move DHCP client to WAN interface. It's similar to what you have with LAN: IP address and DHCP se...
by mkx
Sat Feb 03, 2024 7:28 pm
Forum: Wireless Networking
Topic: How do you specify the location in ROS 7? [SOLVED]
Replies: 11
Views: 760

Re: How do you specify the location in ROS 7? [SOLVED]

There are people in this forum who are way more knowledgeable on this and other subjects than me. If I raise a support ticket, I'll be asked questions that I might not be able to answer. Even @normis posted a few times in some topic or another ... asking topic author to open support ticket and to m...
by mkx
Sat Feb 03, 2024 7:22 pm
Forum: Wireless Networking
Topic: RB and AX Devices CapsMan compability [SOLVED]
Replies: 6
Views: 534

Re: RB and AX Devices CapsMan compability [SOLVED]

See wireless package for controlling legacy wifi devices.
Beware that by installing legacy wireless package on hAP ax3 (to get legacy capsman) you're loosing wireless on hAP ax3 itself. See viewtopic.php?t=202578
by mkx
Sat Feb 03, 2024 5:32 pm
Forum: Wireless Networking
Topic: cAP AC VLAN Switching - Hardware Offload
Replies: 5
Views: 1657

Re: cAP AC VLAN Switching - Hardware Offload

Within this setup why do we need an additional bridge per vlan? Isn't it enough to add the vlan interfaces as slaves to the main bridge? It's really about the first sentence in my post which you chose to omit from the quote: if for some reason you can't/don't want to run bridge as VLAN-aware entity...
by mkx
Sat Feb 03, 2024 3:51 pm
Forum: General
Topic: RB3011 different storage size
Replies: 5
Views: 389

Re: RB3011 different storage size

Yup. Repartition on both unused partitions. Partition which remains is left intact (apart from growing).
by mkx
Sat Feb 03, 2024 3:05 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4463

Re: [Discussion] MikroTik configuration abstraction complexity

why does ROS not resolve the caveats behind the curtains magically without having the user to know every aspect of any platform and what is wrong and right depending on just a piece of chipset/hardware. Because MT obviously lacks a few developers to do something from start to end and not stop half ...
by mkx
Sat Feb 03, 2024 1:36 pm
Forum: RouterBOARD hardware
Topic: Detect PoE-IN
Replies: 2
Views: 606

Re: Detect PoE-IN

Generally it's not possible to determine power source, used by MT device. This includes all power sources (barell jacks, PoE, terminal blocks). If device does report supply voltage, and voltages, provided to different power inputs are distinctively different, then checking this status helps to deter...
by mkx
Sat Feb 03, 2024 1:20 pm
Forum: Wireless Networking
Topic: How do you specify the location in ROS 7? [SOLVED]
Replies: 11
Views: 760

Re: How do you specify the location in ROS 7? [SOLVED]

Ahh... that's not good is it. Certainly has the small potential for getting you into hot water? Once again, a quick reply from a developer here would help the speculation. Very likely devs reply won't be seen here. This is s bug so one should open a support ticket. Only this gives some chances to s...
by mkx
Sat Feb 03, 2024 1:13 pm
Forum: General
Topic: hAP ac lite slow ethernet [SOLVED]
Replies: 17
Views: 921

Re: hAP ac lite slow ethernet [SOLVED]

when you have it configured as a switch without a firewall, is fast track even a thing?

No, fasttrack is firewall thing (specifically: filter part with connection tracking working; raw doesn't relate to fasttrack).
by mkx
Sat Feb 03, 2024 12:55 pm
Forum: General
Topic: Routing over subnet split (port based DHCP workaround) [SOLVED]
Replies: 4
Views: 433

Re: Routing over subnet split (port based DHCP workaround) [SOLVED]

Basic problem: how are devices in DUT network (with IP addresses 172.16.0.X/24) supposed to know that IP addresses of your docks are behind a router (docks' addreses are 172.16.0.Y/30). From DUT device point of view these IP addresses are in same /24 subnet and are supposed to be accessible directly...
by mkx
Sat Feb 03, 2024 12:25 am
Forum: Wireless Networking
Topic: WiFi inside metal buildings?
Replies: 7
Views: 466

Re: WiFi inside metal buildings?

Other than the radio interferance, is there any issue using 2 WiFi cards on a single device?

As long as additional card is supported by ROS there should not be any problems other than possibly destructive interference from the other radio.
by mkx
Fri Feb 02, 2024 10:10 pm
Forum: General
Topic: Possible problem with VLAN [SOLVED]
Replies: 11
Views: 1014

Re: Possible problem with VLAN [SOLVED]

... looks like SFP port is connected to the CPU so looks like if SFP is used as trunk towards other switches all traffic must go trough CPU ? Yes, that's right. The block diagram shows that if hEX S is used as a switch, then using SFP port cripples it quite severely: traffic to/ftom SFP has to pass...
by mkx
Fri Feb 02, 2024 10:00 pm
Forum: Wireless Networking
Topic: WiFi inside metal buildings?
Replies: 7
Views: 466

Re: WiFi inside metal buildings?

Ideally you'd use dual-band device with separate detachable antennae for both bands (at least one band has to utilize detachable antennae so you can place them outside, indoor band can use built-in antennae). Then use one band outside as backhaul and another band inside as AP for guests. From capaci...
by mkx
Fri Feb 02, 2024 9:46 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 147919

Re: v7.14beta [testing] is released!

Maybe legacy SMB needed more space than the new one. Could that be? It doesn't matter. What matters is tgat there's now rose-storage optiobal package which neatly packs various network file sharing protocols (SMB, NFS, iSCSI, etc.) and it's a great opportunity to declare that if somebody wants to u...
by mkx
Fri Feb 02, 2024 9:27 pm
Forum: Wireless Networking
Topic: Unable to use 5580/Ceee on hAP ax2 but can on hAP ac lite [SOLVED]
Replies: 19
Views: 977

Re: Unable to use 5580/Ceee on hAP ax2 but can on hAP ac lite [SOLVED]

accept the fact they have to wait for 10 minutes before wifi appears Considering my neighbour's Virgin Media Superhub is sat on the 10 minute CAC frequency It doesn't matter what other APs do. CAC requires for device to sit silent for specified period of time and listen for anything resembling rada...
by mkx
Fri Feb 02, 2024 9:12 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 147919

Re: v7.14beta [testing] is released!

!) rose-storage - moved SMB service in the RouterOS bundle; !) smb - removed legacy SMB service (replaced with newer and faster ROSE SMB service); While it may be good to retire legacy SMB service from ROS (so I welcome the second bullet) I think that moving SMB service from ROSE to main bundle is ...
by mkx
Fri Feb 02, 2024 9:03 pm
Forum: General
Topic: Possible problem with VLAN [SOLVED]
Replies: 11
Views: 1014

Re: Possible problem with VLAN [SOLVED]

It seems that your hEX S suffers from the same bug as devices with dual switch chips (e.g. RB4011). The bug being in the way bridge configures switch chip for HW offload. Normally the CPU-switch chip interconnect only has to pass VLANs of which bridge port is member. But in case where this interconn...
by mkx
Fri Feb 02, 2024 8:38 pm
Forum: Beginner Basics
Topic: hap ax2 config copied to hap ax3?
Replies: 73
Views: 2944

Re: hap ax2 config copied to hap ax3?

Unless I am reading the wireless specification table wrong: the AX2 achieves the same receive-sensitivity with less transmit power. Isn't that better? Tx power helps client to hear AP better. Rx sensitivity helps AP to hear better. So they are pretty unrelated. The difference in Tx power between ax...
by mkx
Fri Feb 02, 2024 4:16 pm
Forum: Wireless Networking
Topic: Unable to use 5580/Ceee on hAP ax2 but can on hAP ac lite [SOLVED]
Replies: 19
Views: 977

Re: Unable to use 5580/Ceee on hAP ax2 but can on hAP ac lite [SOLVED]

So on a ROS v7 device out the box, it will never use the DFS channels with 10 minute CAC MT seems to be more user-oriented lately. They obviously received a fair share of "my 5GHz wifi doesn't work after I unpack device" complaints and decided to make things converge faster by disabling 1...
by mkx
Thu Feb 01, 2024 10:48 pm
Forum: General
Topic: LHG 52 ac Wireless performance
Replies: 1
Views: 244

Re: LHG 52 ac Wireless performance

When signal strength is too high, receiver gets overwhelmed and percieves increased noise level. Solution is to do something to decrease signal level to a bearable level, usually thats around -50dBm (or slightly better, around -45dBm). Technically: receiver needs certain signal level do successfully...
by mkx
Thu Feb 01, 2024 10:18 pm
Forum: Beginner Basics
Topic: Device accessible from any Address(/ip address)?
Replies: 4
Views: 500

Re: Device accessible from any Address(/ip address)?

It's not about addresses, it's actually about (router's L3) interfaces. If L3 of router (which does routing and firewalling, in most cases you can think of CPU) receives packet via one of interfaces and ultimately sends the packet (possibly altered due to NAT) out via one of interfaces (it can even ...
by mkx
Thu Feb 01, 2024 10:01 pm
Forum: Beginner Basics
Topic: need help with choosing right hardware stack for a home office [SOLVED]
Replies: 12
Views: 871

Re: need help with choosing right hardware stack for a home office [SOLVED]

... see if Audience is acceptable ... but no idea how well they work. My audience, running 7.13.2 and wifi-qcom-ac, runs excellently. Just tested with recent smart phone: it connects with 866Mbps rate (both Tx and Rx) and running speedtest gives around 570Mbps in download (and caps at ISP line rate...
by mkx
Thu Feb 01, 2024 1:56 pm
Forum: Beginner Basics
Topic: VLAN-Internet Access from WAN
Replies: 4
Views: 412

Re: VLAN-Internet Access from WAN

You didn't include info about particular device model. Anyway, as @Mesquite noted, RSO running is awfully old. So it's really essential to get up to 6.49.10. Config is based on ancient defaults, so it's actually sub-optimal in the area I mentioned previously (routing, firewalling). The best would be...
by mkx
Thu Feb 01, 2024 11:57 am
Forum: Wireless Networking
Topic: hAP ax3/ac3 antenna options / specification
Replies: 6
Views: 2378

Re: hAP ax3/ac3 antenna options / specification

But are specifically the ac3/ax3 antennas actually a MIMO setup?

Or more simply the 2.4 GHz radio is connected to one antenna and the 5 Ghz radio is connected to the other?
They are MIMO antennae.
by mkx
Thu Feb 01, 2024 11:52 am
Forum: Beginner Basics
Topic: VLAN-Internet Access from WAN
Replies: 4
Views: 412

Re: VLAN-Internet Access from WAN

After VLAN is "terminated" on a router (by assigning router an IP address on appropriate VLAN interface), packets don't have VLAN association any more. It's up to routing and firewall rules to properly pass packets in any direction (including proper SRC NAT and DST NAT if needed). Default ...
by mkx
Thu Feb 01, 2024 11:39 am
Forum: Virtualization
Topic: mikrotik RouterOS can work on Banana Pi R4
Replies: 4
Views: 572

Re: mikrotik RouterOS can work on Banana Pi R4

Yup. Even when software for Ampere (ARM-based general purpose machines) becomes available it almost definitely won't allow running on 3rd party ARM-based hardware (Banana Pi R4 falls into this category) because it'll lack most of needed drivers for peripheral hardware (switch chip, SPI flash, etc.).
by mkx
Thu Feb 01, 2024 8:59 am
Forum: Virtualization
Topic: hAP lite - not enough space for update
Replies: 9
Views: 2335

Re: hAP lite - not enough space for update

If anyone is interested, I've successfully upgraded a hap lite remotely from 7.10.1 to 7.13.3 directly. For the record: the only reason for the "recommended" / "required" upgrade path <early v7> -> 7.12 -> <7.13 or later> is when one uses ROS mechanism of upgrading packages ( /s...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 40