MikroTik

k6ccc

From the product page for the CRS328-24P-4S+RM:

PoE-Out is passed over mode B pins (4,5+)(7,8-).

That won't work on your 2 pair cable.

k6ccc

The very first rule in the Forward chain. Made it about as simple as I could: add action=passthrough chain=forward comment=\ "Counter for outbound to 188.172.217.0/24 - test for Teamviewer" \ connection-state="" dst-address=188.172.217.0/24 No connections listed to 188.172.217.xxx either.

k6ccc

So I did some digging and saw that TeamViewer Connect to a domain, 188.172.217.0/24 To test that, I created a passthrough firewall rule as a counter as the first rule in my forward chain. Any traffic to 188.172.217.0/24 should show up in the counter. There are two computers inside my firewall that ...

k6ccc

I would love to be able to block TeamViewer - but my situation is a little different. In my case, I am the TeamViewer user, but I want to be able to block TeamViewer unless I specifically allow it at the time - for example with a port knock to the router. For example, the computer at home can't norm...

k6ccc

I'm sorry, but I thought it was simple to understand that the two RB260 Ether1 are connected together with a 50cm patch cable, so where is the cable problem? It was not simple to understand because you did not tell that in your original post. For all we know, you were trying to run gigabit over a k...

k6ccc

You have given us almost no information to work with. What is this device doing? What's connected to it? How is it being used? Post your configuration.

k6ccc

I just wish that Mikrotik would standardize the interface between the different switches. I have one RB260, one CSS106, one CRS326 (running SwitchOS), and two CSS326s and it's annoying that the UI is so different between them.

k6ccc

I'm the same as all the rest here. All known DHCP clients are given a DHCP reservation outside of the IP Pool. Most of the pools are only 10 IPs (and in reality, I could normally get away with one or two).

k6ccc

I figured it out!! You have to specify the time and day or days that you want the rule to be applied and then you have to press reset all counters to reset everything and allow the new rule to be applied. I checked it 3-4 times and it worked fine. Thank you all!!!! I definitely did not have to rese...

k6ccc

Simple solution. I buy the Mikrotik SFPs that are specified to work with the device.

k6ccc

I have never had any time based firewall rules, but because of this thread, I created one for a test. The rule was a simple rule to drop all ICMP packets from the internet at the beginning of my Input chain with no time restriction. I am not at the location of this router, so my access is only via t...

k6ccc

Never used a bridge, so can't help you there. However your firewall rules look OK - I think.

k6ccc

Off hand, I don't see a way to specify a MAC on a specific port, but you can enable port lock which locks the port to the first MAC that is connected. See the Forwarding tab.

k6ccc

The check marks are the ports that the CAN be communicated with. For example, in your screen capture, port 1 can communicate with all other ports.

k6ccc

I still could not read your screen captures, but here are a couple of mine. Ports one and two are doing exactly what you want to do. Each of those is a Multi-SSID WiFi access point. Each is getting several VLANs that will each become a different SSID and also an untagged LAN that is used for cloud m...

k6ccc

I can’t read your images on my $&@#% iPhone, but I am doing exactly what you want to do on my CSS106. When I get to a computer, I’ll take a look.

Sent from a $&@#% iPhone using Tapatalk

k6ccc

I always upgrade mine.

k6ccc

It might be interesting to connect the two computers in question directly to each other. I would speculate that what you are seeing is more related to the performance of the computers involved and not the switches. Part of that statement is the difference in performance between upload and download. ...

k6ccc

Powered USB hubs usually don't draw power from upstream USB port ...

Correct. That's why I recommend them for fixed applications. Has solved many problems over the years.

k6ccc

I don't have an answer to your specific question, but my general recommendation is any time you are using a USB hub in a fixed situation, use a powered hub. That solves the current limit issue. Since you are proposing to use a USB hub connected to a router, I assume it will be in a fixed installatio...

k6ccc

This is likely more opinion rather than hard facts. There are some on the forum that hate SwitchOS and have nothing but problems, and there are some that have no issues with SwitchOS at all. Personally I am in the second camp. I have a CRS326-24G-2S, two CSS326-24G-2S, a CSS106-5G-1S, and a RB260GS ...

k6ccc

I clearly have no understanding of what he is trying to do. However I have never had any interest in on line gaming, so no idea how those kind of things work. I've never heard of a client / server type system where the server initiates the connection (which is why normal consumer routers work for mo...

k6ccc

It does not work that way. A NAT forwards to a target IP. However in most situations, if the game is talking to a server somewhere else, the client initiates the connection and the router will forward responses to the IP that originated the request. No special setup is normally required. If you are ...

k6ccc

You have given us so little information to go on. For starters, either give us more details on how your three routers are connected to each other, the internet, and your devices - or better yet, a drawing. Second, export your config on all three routers and post here so we can see what you are doing...

k6ccc

I see mkx beat me to the L2 vs L3 parts, so I'm not going to repeat that. You do not need to use bridges to create a DHCP server. However as noted above, IF an interface is a member of a bridge, then the DHCP server must be assigned to the Bridge - not the member interfaces. At least that's the way ...

k6ccc

Let's see if I have this right. Every single port will be a separate LAN with it's own DHCP server. So the router is being used exclusively as a router and not as a switch. If this is the case, why are you creating bridges? This is the way I use my routers. I have managed switches connected to the r...

k6ccc

I don't know anything about the TP Link equipment, but it sounds like you want the TP Link to operate only as a WiFi access point and NOT have any router functions. You likely can make this work by turning off the DHCP server functionality in the TP Link and then connecting one of the LAN ports (NOT...

k6ccc

You asked this question in the SwitchOS section of the forum and your subject specifies the CSS326 switch. However, since you are seeing an inter-VLAN issue, the problem almost certainly exists in the router and not the switch - since switches don’t route between VLANs. You did not give us much deta...

k6ccc

As for your DHCP servers, from your drawing, they are some device that is untagged. Simply put them on a switch port that is untagged on the correct VLAN. Same concept as my Cable Modem on port 1. In my case that is untagged on VLAN 100, but the concept is the same.

k6ccc

My first question is if the issue it with the SFP or the Ethernet per in the computer - it could be either one. Can you plug the Cat-6 into another port on the switch (such as one of the gig-E ports on the switch). Let the computer go to sleep and see if the problem happens in that configuration. Ot...

k6ccc

Here are some screen captures from one of CSS326 switches located in my family room. Most of the ports don't really matter, but I will point out a few. Along with a bunch of end devices in the house, both internet modems connect to this switch (port 1 for the cable and port 9 for the DSL). Port 3 is...

k6ccc

One other thing you could easily test. Configure a user PC port to VLAN 20 instead of VLAN 10 and confirm that the PC gets a DHCP address from DHCP server 2. That will confirm that your DHCP and switch to switch links are OK. Part two - Are you sure that your WiFi APs are configured properly for the...

k6ccc

Your configuration is really pretty simple. The trunks between the three switches needs to have VLANs 10 & 20. Assuming that the WiFi APs know that SSID 1 connects to VLAN 10 and SSID 2 connects to VLAN 20, then the switch ports connected to the three Unifi APs will be just like the switch to switch...

k6ccc

Why not just a set of firewall rules to catch port scanners. Those are well documented and work well. If the port scanner triggers, then the port knock never sees the triggers.

k6ccc

First guess is that you did not open a hole in the firewall for your NAT. Unlike many consumer routers, RouterOS does not do that automatically.

k6ccc

What you are doing is very similar to what I am doing and it's not at all complicated. I am curious why you want two VLANs if part of your statement is that devices on one VLAN can communicate with devices on the other VLAN. If everything on both VLANs can communicate with each other, why separate t...

k6ccc

I can absolutely assure you that the Wyze cameras do NOT require anything "special" to be opened on a reasonably normal router configuration. As long as a LAN device can get to the internet and responses get back to it, it will connect just fine. I have 13 Wyze cameras (2 Pans and 11 V2). Other than...

k6ccc

First of all, you are right - they don't respond to a ping. However that proves absolutely nothing since some network admins drop pings as some people consider it a security hole. If it really is on your end, please post your config, so we can see what you have. In order to export your config, follo...

k6ccc

I'm going to let someone else answer the setup in RouterOS as I have NEVER used a bridge in ROS. I know there are some particulars about setting up VLANs in a bridge, but I don't know details.

k6ccc

SwitchOS is strictly a switching OS whereas RouterOS is router OS that can play switch (but is optimized as a router). SwitchOS is far more limited, but if you only need switching, it works. There are a couple documented issues with the current version of SwitchOS - check out the SwitchOS section of...

k6ccc

I think sebus got your config incorrect. Please confirm that the CCR1009 has one link to the CRS125 and one link to the CRS326 (not that the two switches are daisy chained). Second, are you running the CRS125 and CRS326 in RouterOS or SwitchOS? What you are doing is easy, but we better need to under...

k6ccc

Just delete the lease and next time the device requests an address, it will get one from the regular pool.

k6ccc

I was not suggesting that you monitor it for them, but rather that they set up a free account with UpTimeRobot.com and UTR will notify them when something fails.

k6ccc

Yes. add action=src-nat chain=srcnat comment="Outgoing NAT from .201 LAN" \ disabled=no out-interface=E1-p10_DSL_Internet src-address=\ 192.168.201.0/24 to-addresses=208.127.104.77 add action=src-nat chain=srcnat comment="Outgoing NAT from .202 LAN" \ disabled=no out-interface=E1-p10_DSL_Internet sr...

k6ccc

@ivanobuffa
They were all part of a /24 network from my IP. I had eight addresses scattered through the range.
I will pull up my script later this evening. It was quite easy...

k6ccc

Does the switch have internet connectivity ?

Sent from a $&@#% iPhone using Tapatalk

k6ccc

@k6ccc So are you like a suburb of LA? Seems like your on the cusp of Mountains, must be beautiful and close to ski hills? (prevalent raging forest fires in that area)? Correct. Glendora is about 20 miles east and slightly north of downtown Los Angeles. The city moto is "Pride of the Foothills". Th...

k6ccc

I've been doing this for years. Until very recently my RB750r2 had one DSL connection with five static IPs. There were different LANs (mostly via VLAN) that each routed traffic out the same DSL, but via different IP addresses. All it takes is a simple outgoing NAT statement to get the outgoing traff...

k6ccc

There are two perspectives here. One is to have the router detect a failure and alert you. The other is to determine if the router is visible from the internet. For part two, I suggest UpTimeRobot.com They can monitor specific ports, a normal ping, a website, and various other things. They can notif...

k6ccc

Someone on the internet is trying to connect to presumably a web server on your internet address on port 8080. Why do you think this has anything to do with your DNS?

Search found 459 matches