Community discussions

MikroTik App

Search found 53 matches

by zespri
Sun Aug 23, 2020 2:25 am
Forum: Beginner Basics
Topic: How do I send this command via API?
Replies: 0
Views: 275

How do I send this command via API?

Hello all, I can execute the following command via console: /log print where topics~"wireless" message~"reject" How do I send the same command via Mikrotik API ? /log/print ?topic=wireless ?message=reject Understandably returns nothing, since `=` implies an exact match, and we want to do a partial m...
by zespri
Mon Aug 10, 2020 4:05 am
Forum: Beginner Basics
Topic: When is Dns Static entry dynamic?
Replies: 2
Views: 827

Re: When is Dns Static entry dynamic?

Thank you. No if i did, I'd probably be able to figure out where they come from ;) Not every data entity in mikrotik has `dynamic` but this one does. There must have been some intention behind it...
by zespri
Thu Aug 06, 2020 12:21 pm
Forum: Beginner Basics
Topic: When is Dns Static entry dynamic?
Replies: 2
Views: 827

When is Dns Static entry dynamic?

Hello all,

I'd like to know when Mikrotik creates a static dns entry and mark it as dynamic.

I know that for DHCP the dynamic entries are the leases that are created from dhcp server pool, but what are dynamic entries for static dns?
by zespri
Fri Jun 26, 2020 2:12 am
Forum: Beginner Basics
Topic: Why "defconf: drop all not coming from LAN" are dropping these packets? [SOLVED]
Replies: 1
Views: 914

Why "defconf: drop all not coming from LAN" are dropping these packets? [SOLVED]

The router is hAP ac. There is a default rule that looks like this: /ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN I have configured an additional (second) bridge with some VLANs on it: /interface bridge add name=BR-ESXI protoco...
by zespri
Wed Jun 24, 2020 11:15 am
Forum: General
Topic: VPN (L2TP/IPsec) to VLAN
Replies: 9
Views: 5133

Re: VPN (L2TP/IPsec) to VLAN

I'm trying to solve the same problem as in OP, and I have this question: /ppp secret set [find name=a1] remote-address=pg_A This will make sure that this user will always get this IP address. If it logins from two different boxes he will get the same IP on both, which obviously is a problem. How can...
by zespri
Tue Jun 23, 2020 12:02 pm
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Nice thing about Mikrotik devices is that you can completely reconfigure them ... meaning that there are no ports with dedicated role per-se. For example, you can reconfigure your unit to use ether3 as WAN port. This can be confusing because it no longer corresponds to markings on the device's case...
by zespri
Tue Jun 23, 2020 8:52 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Okay, next iteration of thinking. https://i.imgur.com/dSZDM3P.png This is my idea about vlans ports and bridges. Please let me know if this makes sense https://i.imgur.com/ISXOzFg.png Following the idea of configuring hEX as the dumb switch and having trunk port configured on the Dell Precision hype...
by zespri
Tue Jun 23, 2020 4:39 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Why would you want to setup a vlan to your WAN port or ISP, if they are not sending data down a vlan to you??
Yep, that's pretty much what I'm trying to understand.
by zespri
Tue Jun 23, 2020 12:23 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

I can understand you're uncomfortable with new and unknown concepts. The beauty is that you can test the concept with the spare device you have. Try it, test it ... in worst case nothing will work, in best case it'll work just fine. Thanks, I think I'm getting the hang of it. It's just taking time....
by zespri
Mon Jun 22, 2020 10:42 pm
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Not sure what you mean, but for example I have many vlans at my location. MY ISP internet also comes in on a VLAN. That ISP vlan is identified in my interface vlan settings and the interface for the vlan is the etherport my ISP is coming in on. thats IT! Oh I make sure to include my vlan on the in-...
by zespri
Mon Jun 22, 2020 10:53 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Thank you! WAN ... say it'll be VID=10 and ethernet port, connected to ISPs gear will be access port for this VLAN. You'll need vlan interface with vlan-ids=10 for IP stuff dealing with WAN on main router ISP does not tag VLANs for this connection. Would not me trying to have VLAN for the ISP connec...
by zespri
Sun Jun 21, 2020 11:11 pm
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Thank you everyone, a few questions: WAN ... say it'll be VID=10 and ethernet port, connected to ISPs gear will be access port for this VLAN. You'll need vlan interface with vlan-ids=10 for IP stuff dealing with WAN on main router ISP does not tag VLANs for this connection. Would not me trying to ha...
by zespri
Sun Jun 21, 2020 1:33 pm
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

First of all, thank you very much, most of this makes perfect sense to me. TL is unmanaged, so it'll be untagged part of network. Earlier in this thread you wrote: [edit2] I checked specifications of your dumb switch. Specifications say that it supports proper jumbo frames (up to 15Kb) so it should ...
by zespri
Sun Jun 21, 2020 1:59 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Even though I quickly read past posts I must admit it's not clear to me how should logical topology of your network look like. As you're willing (and have opportunity) to change things, perhaps this is good opportunity to think of requirements (e.g. how many LAN segments do you want to have and wha...
by zespri
Sat Jun 20, 2020 1:45 pm
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

I wonder what made you to resurrect this ancient thread? I thought I explained it above ;) I guess not very well. The set up that we discussed at the start of the thread and that I implemented with your help is what I've been running since 2018. The diagram above is also dated that time, and apart ...
by zespri
Sat Jun 20, 2020 3:16 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

One reason you're getting invalids on the main router is that devices in 192.168.88.x don't know how to access 192.168.89.x ... so they will send their traffic to their default gateway (192.168.88.1). That one will pass packets to your hAP ac lite (192.168.88.99) and that one will send them directl...
by zespri
Sat Jun 20, 2020 3:10 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

I'm sorry, my drawing skills suck, the diagram below reflects what has been discussed above: https://i.imgur.com/irTaSZe.png Here Mikrotik hAP ac have a wireless network that most of the devices are connected to, this is on 192.168.88.* as described above in the thread. The patch panel carries Ether...
by zespri
Sat Jun 20, 2020 2:00 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

@mkx Thank you again, for your explanation about VLANs. I have some hardware changes, and it looks like it's time for me to bite the bullet and configure the VLANs. I have this question though: what is the advantage of the VLAN in my scenario (it's largely unchanged with a few minor changes)? What d...
by zespri
Tue Dec 31, 2019 12:56 pm
Forum: Beginner Basics
Topic: How do I redirect from one IP to another?
Replies: 10
Views: 1977

Re: How do I redirect from one IP to another?

@mkx, could you please briefly explain (or point me where to read about it) what's the difference between srcnat chain and src-nat action? I think that your explanation above mostly refer to src-nat and dst-nat actions. How do the srcnat and dstnat chains factor into this explanation? What is a chai...
by zespri
Mon Dec 30, 2019 9:18 am
Forum: Beginner Basics
Topic: How do I redirect from one IP to another?
Replies: 10
Views: 1977

Re: How do I redirect from one IP to another?

mkx, thank you, great explanation!

gotsprings, thank you, your example worked for me!
by zespri
Mon Dec 30, 2019 8:54 am
Forum: Beginner Basics
Topic: How do I redirect from one IP to another?
Replies: 10
Views: 1977

Re: How do I redirect from one IP to another?

Use what I gave you and change the IPs to match your needs. Yep, thanks a lot, I'll try that! I thought that dstnat chain is used for incoming connections (that is from internet to the natted network), is this incorrect? Here on the wiki https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT it says...
by zespri
Mon Dec 30, 2019 4:35 am
Forum: Beginner Basics
Topic: How do I redirect from one IP to another?
Replies: 10
Views: 1977

Re: How do I redirect from one IP to another?

Thank you very much, but I thought that dstnat chain is used for incoming connections (that is from internet to the natted network), is this incorrect? I tried to add an srcnat rule `chain=srcnat action=netmap to-addresses=yy.yy.yy.yy dst-address=xx.xx.xx.0/24 out-interface-list=WAN` But that does n...
by zespri
Sun Dec 29, 2019 6:36 am
Forum: Beginner Basics
Topic: How do I redirect from one IP to another?
Replies: 10
Views: 1977

How do I redirect from one IP to another?

Mikrotik used at home. I want to configure it so that when computers from home network try to access xx.xx.xx.xx/24 (outside of the home network, out there) the connection is actually redirected to yy.yy.yy.yy (also outside home network, out there). How do I achive that? Thank you in advance!
by zespri
Tue Dec 24, 2019 10:51 am
Forum: Beginner Basics
Topic: L2TP Server doesn't give a default gateway to the client - why?
Replies: 29
Views: 10558

Re: L2TP Server doesn't give a default gateway to the client - why?

Thank you. Seems to be running successfuly from Windows and Linux. Mac is next on the list.
by zespri
Tue Dec 24, 2019 2:22 am
Forum: Beginner Basics
Topic: L2TP Server doesn't give a default gateway to the client - why?
Replies: 29
Views: 10558

Re: L2TP Server doesn't give a default gateway to the client - why?

Thank you all, next question ;)
Most internet guides and blog posts on how to configure LT2P with IPSEC say you need to enable firewall rule for protocol 50 ipsec-esp. I seem to be getting zero traefik on that rule. Is it really needed?
by zespri
Wed Dec 18, 2019 7:22 pm
Forum: Beginner Basics
Topic: Is it possible to make Mikrotik loop back?
Replies: 5
Views: 1373

Re: Is it possible to make Mikrotik loop back?

The rule is copied almost verbatim from the hairpin nat wiki page, so I'd argue they are one and the same. The rule alone did not work because in the example configuration I provided there was `in-interface=pppoe-out1` restriction which did not mesh with the rule. Once I've changed that to be in lin...
by zespri
Wed Dec 18, 2019 9:00 am
Forum: Beginner Basics
Topic: L2TP Server doesn't give a default gateway to the client - why?
Replies: 29
Views: 10558

Re: L2TP Server doesn't give a default gateway to the client - why?

Just found on mikrotik wiki another piece of puzzling information: Warning: Only one L2TP/IpSec connection can be established through the NAT. Which means that only one client can connect to the sever located behind the same router. That's kind of limiting usefulness of VPN is not it? I mean rotuer ...
by zespri
Wed Dec 18, 2019 1:31 am
Forum: Beginner Basics
Topic: L2TP Server doesn't give a default gateway to the client - why?
Replies: 29
Views: 10558

Re: L2TP Server doesn't give a default gateway to the client - why?

Thank you for the detailed reply Note that this means the connection will fail when the same user connects more than once (from different device, or because the link fails and they quickly re-connect before the router has noticed that the previous connection actually failed). Is there a way to preve...
by zespri
Tue Dec 17, 2019 3:28 am
Forum: Beginner Basics
Topic: Is it possible to make Mikrotik loop back?
Replies: 5
Views: 1373

Re: Is it possible to make Mikrotik loop back?

Thank you guys, it worked.
by zespri
Tue Dec 17, 2019 2:44 am
Forum: Beginner Basics
Topic: L2TP Server doesn't give a default gateway to the client - why?
Replies: 29
Views: 10558

Re: L2TP Server doesn't give a default gateway to the client - why?

So you can additionally setup a DHCP server on your L2TP server interface and put the appropriate DHCP options in its network. Thank you I'll have to look into this. Or you can enable "proxy-arp" on your LAN bridge. So I tried that as well and it also worked - thank you so much! I have a few more q...
by zespri
Mon Dec 16, 2019 10:03 pm
Forum: Beginner Basics
Topic: L2TP Server doesn't give a default gateway to the client - why?
Replies: 29
Views: 10558

Re: L2TP Server doesn't give a default gateway to the client - why?

You need to put your client in a different subnet and then it will work. It did. I changed the configuration to: /ip pool add name=tp-pool ranges=192.168.87.110-192.168.87.129 /ppp profile add bridge=bridge dns-server=192.168.88.1 local-address=192.168.87.109 name=\ l2tp-profile remote-address=tp-p...
by zespri
Mon Dec 16, 2019 9:29 am
Forum: Beginner Basics
Topic: L2TP Server doesn't give a default gateway to the client - why?
Replies: 29
Views: 10558

Re: L2TP Server doesn't give a default gateway to the client - why?

Thank you very much for your responses! I think default gateway is a red herring in my case, thank you for the advice about `/tool sniffer quick interface=<l2tp-user>` it made things a bit more clear. I'm a home user and I'm trying to setup Windows 10 access from the internet to my home network. The...
by zespri
Tue Dec 10, 2019 9:23 am
Forum: Beginner Basics
Topic: L2TP Server doesn't give a default gateway to the client - why?
Replies: 29
Views: 10558

Re: L2TP Server doesn't give a default gateway to the client - why?

The router is not involved in this process, it must be a client-side issue. How does the client know the default gateway for the network if the router does not tell it? Having the same issue here, the checnbox to use the default gateway on remote network is enabled for the VPN L2TP Server connectio...
by zespri
Tue Dec 10, 2019 7:24 am
Forum: Beginner Basics
Topic: Is it possible to make Mikrotik loop back?
Replies: 5
Views: 1373

Is it possible to make Mikrotik loop back?

I'm sorry I'm probably not using the right terminology and not giving enough information. This is not because I'm lazy, but due to the lack of knowledge, please tell me what's missing and I'll add more details. My Mikrotik is hAP ac. I'm connecting to my provider via PPPoE and I'm getting a static i...
by zespri
Wed Sep 19, 2018 5:01 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Thank you this is most helpful. There is quite a lot to take in, but while I'm doing that: /ip firewall filter add action=drop chain=forward connection-state=new dst-address=192.168.88.0/24 in-interface=ether1 From my newbie perspective this line on the hAP ac Lite should achieve the desired separat...
by zespri
Tue Sep 18, 2018 11:51 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

I cannot thank you enough, this explanation makes total sense. After adding 192.168.88.1 as the gateway on the hAP ac lite the virtual machines got internet access. Also thank you very much for taking time to explain why connection tracking gets confused, this is very educational. I'll try to google...
by zespri
Tue Sep 18, 2018 10:08 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

Re: How to route between a bridge and a subnet?

Beware that default configuration of "consumer-class" mikrotiks is to have ether1 configured as WAN port. Firewall rules are set accordingly. In your case this is quite wrong and you need to remove all firewall rules and set them according to your needs. I did reset the router before attempting thi...
by zespri
Tue Sep 18, 2018 1:21 am
Forum: Beginner Basics
Topic: How to route between a bridge and a subnet?
Replies: 35
Views: 7996

How to route between a bridge and a subnet?

Hello all, I have a hAP ac Lite that I configured like a switch: I create a bridge, and I added ether2-ether5 to it selecting hw offload. This "switch" is connected via, say either4, but as I understand it should not matter since I can plug in "root" or uplink anywhere. So ether4 then is connected t...
by zespri
Fri Dec 01, 2017 10:01 am
Forum: Beginner Basics
Topic: MAC address whitelist - best practice?
Replies: 2
Views: 3484

Re: MAC address whitelist - best practice?

I'm guessing one way to do it is to refuse to give out dhcp leases to unknown MAC's like this: https://rbgeek.wordpress.com/2013/01/02/configure-mikrotik-dhcp-to-assign-ip-address-to-only-authorized-clients-2nd-method/ There are also guide like this one: http://systemzone.net/restrict-internet-acces...
by zespri
Wed Oct 05, 2016 9:24 pm
Forum: General
Topic: Monitoring vis Traffic Flow... discern between IPs?
Replies: 3
Views: 730

Re: Monitoring vis Traffic Flow... discern between IPs?

This is the reply I got from milrotik support:
Sergejs [MikroTik Support]
Hello,

Yes, the issue is caused by fasttrack.
We will release fix for for fast-track in 6.37.2, and the issue with the statistic will be fixed there.
by zespri
Sun Oct 02, 2016 2:48 am
Forum: General
Topic: Monitoring vis Traffic Flow... discern between IPs?
Replies: 3
Views: 730

Re: Monitoring vis Traffic Flow... discern between IPs?

I was just typing up a message similar to yours. I'm using nfsen/nfdump and I also tried ntopng/nprobe. I'm observing the same as you, there is no way to tell which local ip address is getting all this traffic. I'm looking forward for someone to comment if this could be configured at all. Similar (u...
by zespri
Sun May 08, 2016 7:11 am
Forum: General
Topic: Accounting seems to be broken in 6.35.2
Replies: 0
Views: 480

Accounting seems to be broken in 6.35.2

Home setup, no hotspot, hP ac Lite. /ip accounting used to correctly report usage in 6.34.3 After upgrade to 6.35.2 accounting still spits out some numbers but they are very small (even when the actual traffic is big). In the change log for 6.35 we can see: *) l2tp & pppoe - fixed user traffic accou...
by zespri
Sun May 08, 2016 3:07 am
Forum: Beginner Basics
Topic: Net install does not see router.
Replies: 2
Views: 1245

Net install does not see router.

Hello all,

I downloaded netinstall 6.35.2 and it does not see my hAP ac lite in net booting mode.
netinstall 6.34.3 can see it all right. Is there a reason for that?

Is it safe to flash routeros 6.35.2 with netinstall 6.34.3?
by zespri
Mon Mar 28, 2016 2:28 pm
Forum: Beginner Basics
Topic: Slave interfaces vs Bridge
Replies: 5
Views: 1432

Re: Slave interfaces vs Bridge

Switch cpu is purpose built to do packet switching, so it's supposed to be better. Router cpu is a general purpose CPU that does basically everything in RouterOS, so there must be overhead.
by zespri
Mon Mar 28, 2016 1:08 pm
Forum: Beginner Basics
Topic: Reading larger files
Replies: 0
Views: 534

Reading larger files

Elsewhere on the forum it was established, that it is not possible to read files longer than 4096 bytes. It's rather sad, as I need to download and import a file with static dns (/ip dns static add), which is longer than 4096 bytes. On schedule. I'd like to confirm that there is still no solution to...
by zespri
Mon Mar 28, 2016 1:02 pm
Forum: Beginner Basics
Topic: Slave interfaces vs Bridge
Replies: 5
Views: 1432

Re:

Thank you.
by zespri
Mon Mar 28, 2016 9:56 am
Forum: General
Topic: Tool: Realtime per IP traffic monitor for home/office
Replies: 291
Views: 328232

Re: Tool: Realtime per IP traffic monitor for home/office

Hello, ken here. Does this work with windows 10 Os? I followed all the steps upto the install install sniffer service stage using command line. Some help please.
Yep, working fine here as per instructions.
by zespri
Mon Mar 28, 2016 7:55 am
Forum: Beginner Basics
Topic: Slave interfaces vs Bridge
Replies: 5
Views: 1432

Slave interfaces vs Bridge

Hello all, I would like to know what exactly is a "slave interface" on router os parlance. I've googled, and this term does not seem to appear anywhere outside of mirkotik/routeros context. This page http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration for example talking about removing interf...
by zespri
Sun Mar 27, 2016 2:12 pm
Forum: Scripting
Topic: Webfig with HTTPS support?
Replies: 23
Views: 19605

Re: Webfig with HTTPS support?

Which RouterOS version?
6.34.3
by zespri
Sun Mar 27, 2016 5:08 am
Forum: Scripting
Topic: Webfig with HTTPS support?
Replies: 23
Views: 19605

Re: Webfig with HTTPS support?

This is what worked for me: https://blog.a2o.si/2015/08/11/mikrotik-how-to-generate-ssl-certificate-and-enable-https/ #1. Create CA certificate first: /certificate add name=my-rtr-ca common-name=my-rtr-ca key-usage=key-cert-sign,crl-sign #2. Sign the CA certificate: /certificate sign my-rtr-ca #3. N...
by zespri
Sat Mar 26, 2016 3:05 pm
Forum: Beginner Basics
Topic: Reflash gone wrong
Replies: 4
Views: 805

Re: Reflash gone wrong

and wondering why u not prefer to upgrade it through winbox interface than netinstall it
Well, I'd never done that before, so I figured I'd learn how to do this in case I need it later.
by zespri
Sat Mar 26, 2016 3:03 pm
Forum: Beginner Basics
Topic: Reflash gone wrong
Replies: 4
Views: 805

Re: Reflash gone wrong

What wireless package are you using? If you are on wireless-fp change it to wireless-cm2. On mine i have wlan2 only with cm2
Yep, that was it. Thank you very much, really appreciate your help.
by zespri
Sat Mar 26, 2016 1:51 pm
Forum: Beginner Basics
Topic: Reflash gone wrong
Replies: 4
Views: 805

Reflash gone wrong

Hello, I bought a new microtik hap ac lite (RB952Ui-5ac2nD), it came with version 6.30.4. I reflashed it with netinstall to the latest version (6.34.3) and the second wlan interface disappeared. How do I get it back? I tried to reflash back to 6.30.4, but netstall complained that the board does not ...