Community discussions

MikroTik App

Search found 723 matches

by k6ccc
Fri Jul 09, 2021 2:11 am
Forum: General
Topic: VLAN Translation
Replies: 3
Views: 404

Re: VLAN Translation

Never tried it, but you likely could have one port that has VLAN 1 as untagged and another port that has the other desired VLAN as untagged. Then run a cable between the two ports. I have never tried that, but I have heard of that being done.
by k6ccc
Thu Jul 08, 2021 11:30 pm
Forum: Beginner Basics
Topic: Access to Router in LAN2
Replies: 5
Views: 618

Re: Access to Router in LAN2

Please tell me that all the various routers EXCEPT the RB4011 are only being used as managed switches and not routers. Unless I am badly missing something, if you are doing ANY routing function in the rest of the routers, you are only making your life more complex. And I can't help you much on the c...
by k6ccc
Wed Jul 07, 2021 6:04 pm
Forum: Beginner Basics
Topic: Access to Router in LAN2
Replies: 5
Views: 618

Re: Access to Router in LAN2

Can you provide a drawing of how all this is hooked up?
by k6ccc
Wed Jul 07, 2021 6:02 pm
Forum: Beginner Basics
Topic: How do I start troubleshooting an "I - invalid" configuration?
Replies: 8
Views: 619

Re: How do I start troubleshooting an "I - invalid" configuration?

You gave us almost no information to go on. As mkx said, the logs MIGHT help, but don't count on it - a lot of stuff is not logged unless you tell it to be. Since you gave us no information to go on, about all I can suggest is to read the docs for the command or setting you are getting the invalid i...
by k6ccc
Sun Jul 04, 2021 2:42 am
Forum: Beginner Basics
Topic: Home LAN/WiFi/Guest WiFi/IoT devices advice needed
Replies: 13
Views: 859

Re: Home LAN/WiFi/Guest WiFi/IoT devices advice needed

My recommendation would be to get some new access points that understand VLANs. Personally I am using Meraki - which are getting fairly inexpensive on the used market - but the management service is rather expensive. Works really well at my house. I can run up to 15 SSIDs (not that I would need anyw...
by k6ccc
Sun Jul 04, 2021 2:17 am
Forum: Beginner Basics
Topic: Home LAN/WiFi/Guest WiFi/IoT devices advice needed
Replies: 13
Views: 859

Re: Home LAN/WiFi/Guest WiFi/IoT devices advice needed

however the APs can't. That's one of my issues. The same AP would provide access for both the regular and the guest WiFi so I don't have any idea how to tell them apart. Yes, you have a problem. Unless there is some magic I don't know about, you need to either have access points that understand VLA...
by k6ccc
Fri Jul 02, 2021 6:09 pm
Forum: Beginner Basics
Topic: Sailboat secondary Router issue
Replies: 10
Views: 668

Re: Sailboat secondary Router issue

I Want to make sure I have the data flow correctly. The Grove is being used as a WiFi client and it connects to the Marina WiFi as your internet source. The Grove is operating as a router and providing a LAN connection directly to the GL-B1300 on the 192.168.88.x subnet. The GL-B3100 is also operati...
by k6ccc
Wed Jun 30, 2021 1:15 am
Forum: General
Topic: ARP Ping
Replies: 13
Views: 505

Re: ARP Ping

Damn, I had a really nice response all typed up and it went into oblivion...

Short answer is that I will work with checking DHCP status with a short lease time. Thanks for that suggestion.
by k6ccc
Wed Jun 30, 2021 12:09 am
Forum: General
Topic: ARP Ping
Replies: 13
Views: 505

Re: ARP Ping

Rextended is on the right track, but confirm that this is not actually pinging the device, but rather querying the ARP table? The reason I ask is because I was getting 0mSec response time - which over my WiFi does not make sense for pinging the device. Further I did a test shown below where I was AR...
by k6ccc
Tue Jun 29, 2021 11:13 pm
Forum: General
Topic: ARP Ping
Replies: 13
Views: 505

Re: ARP Ping

I should have been more specific - and titled this thread a bit different.... Your last screen capture (klembord-2.jpg) was exactly what I was doing when trying from the WinBox ping command. I have tried it both with and without the "ARP Ping" checkbox set. Same result - timeout on every d...
by k6ccc
Tue Jun 29, 2021 9:32 pm
Forum: General
Topic: ARP Ping
Replies: 13
Views: 505

ARP Ping

Hi all, I have a script that does a flood-ping to all of my IoT devices once an hour and sends me an E-Mail if one does not respond. This works just fine EXCEPT for my Amazon Echo devices which do not respond to an ICMP ping. Doing some searching around, someone suggested using an ARP Ping rather th...
by k6ccc
Sat Jun 26, 2021 11:49 pm
Forum: Beginner Basics
Topic: zoom firewall settings
Replies: 5
Views: 614

Re: zoom firewall settings

Hello, Can you please check the post I stuck in my config.

Please don't cross post to a totally unrelated subject.
by k6ccc
Thu Jun 24, 2021 8:25 pm
Forum: General
Topic: So why do I want to run ROS on a Switch when SWOS is just fine?
Replies: 17
Views: 1236

Re: So why do I want to run ROS on a Switch when SWOS is just fine?

A switch is a switch and a switch and a router is a router. Different hardware for different jobs. Yes, you can make a router play switch, but not the other way around.
by k6ccc
Thu Jun 24, 2021 7:45 am
Forum: SwOS
Topic: swOS on css326 lag not working
Replies: 2
Views: 1163

Re: swOS on css326 lag not working

With no other details, my first guess is that you are creating a loop that is not configured properly for a LAG on one end or the other. At least until you get the LAG working, enable RSTP so that at the least the loop will be killed quickly. I can tell you that LAG does work on the CSS326 (I have d...
by k6ccc
Thu Jun 24, 2021 1:39 am
Forum: General
Topic: So why do I want to run ROS on a Switch when SWOS is just fine?
Replies: 17
Views: 1236

Re: So why do I want to run ROS on a Switch when SWOS is just fine?

Lack of administration via encryted channels (TLS, ssh) is a downside of SWOS.
Agreed, but I only access it on a local management LAN that normal people can't access (at least not without a lot of effort).
by k6ccc
Wed Jun 23, 2021 5:33 pm
Forum: General
Topic: So why do I want to run ROS on a Switch when SWOS is just fine?
Replies: 17
Views: 1236

Re: So why do I want to run ROS on a Switch when SWOS is just fine?

Here's my two cents on it. I run my two MT routers strictly as routers, and I have five MT switches that perform all switching function. The switches run SwitchOS (including one CRS326 that was shipped to me in error instead of a CSS326) and the routers of course run RouterOS. I like SwOS for it's s...
by k6ccc
Sun Jun 20, 2021 8:43 pm
Forum: SwOS
Topic: Understanding how traffic travels through MikroTik on SWoS
Replies: 2
Views: 1067

Re: Understanding how traffic travels through MikroTik on SWoS

Your description and drawing don't match, so it's really hard to tell what you are trying to do.
by k6ccc
Sat Jun 19, 2021 2:16 am
Forum: General
Topic: router was rebooted without proper shutdown
Replies: 1
Views: 278

Re: router was rebooted without proper shutdown

Power loss would be my first guess.
by k6ccc
Sat Jun 19, 2021 2:07 am
Forum: SwOS
Topic: SwOS LAG work? on VLANS
Replies: 4
Views: 1041

Re: SwOS LAG work? on VLANS

Let me make sure I understand what you want. You want untagged traffic over a LAG. When I was testing a LAG on two of my switches, I think I tested that and it worked fine. I don't see any reason that it would not.
by k6ccc
Wed Jun 16, 2021 6:24 pm
Forum: SwOS
Topic: Missing information in GUI tabs CSS326-24G-2S+
Replies: 2
Views: 904

Re: Missing information in GUI tabs CSS326-24G-2S+

Correct. You have to add them.
by k6ccc
Sun Jun 13, 2021 2:53 am
Forum: SwOS
Topic: CSS610-8G-2S+IN No Link on SFP+ with Intel X520
Replies: 44
Views: 6426

Re: CSS610-8G-2S+IN No Link on SFP+ with Intel X520

Just as a useful tidbit. Hate to tell you this, but SFPs are not as universal as the SFP people would like you to believe. Some devices are VERY picky about SFPs (HP switches come to mind - I know there are others). Best bet is to use the SFPs that are recommended by the manufacturer of the device y...
by k6ccc
Sat Jun 12, 2021 6:19 am
Forum: SwOS
Topic: RSTP and LACP
Replies: 1
Views: 835

Re: RSTP and LACP

I guess you did not like my answer on the other thread. Looking at my two RB260 switches, there is no indication of LAG support on either version. As for RTSP, the older RB260GS with SwitchOS version 1.6 does not have any indication of RTSP support, However the newer CSS106-5G-1S with SwitchOS versi...
by k6ccc
Fri Jun 11, 2021 7:36 am
Forum: SwOS
Topic: LAG (LACP) or RSTP or both???
Replies: 20
Views: 10627

Re: LAG (LACP) or RSTP or both???

Hi, How does one enable LAGP in rb260GS (link aggregration) First of all, are you talking about the old RB260GS with version 1.x firmware or the new CSS106-5G-1S (still called the RB260GS) with version 2.x firmware? I have one of each, and I don't see any settings for LAG on either one. Makes me th...
by k6ccc
Wed Jun 09, 2021 6:16 pm
Forum: SwOS
Topic: Management VLAN?
Replies: 2
Views: 1143

Re: Management VLAN?

Take a look at the System tab. Note the "Allow From", "Allow From Ports", and "Allow from VLAN" selections. Allow From lets you enter an IP address that is the only IP allowed to connect. Allow From Ports specifies which ports on the switch that connection can came into...
by k6ccc
Wed Jun 09, 2021 6:06 pm
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 597

Re: port forwarding restrictions

...yes you should be crazy and should move up to Canada ;-)
Too cold.
by k6ccc
Wed Jun 09, 2021 4:27 am
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 597

Re: port forwarding restrictions

OK, I'm not losing my mind. I have used individual IPs in most situations and it appeared to be working fine.
by k6ccc
Wed Jun 09, 2021 12:15 am
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 597

Re: port forwarding restrictions

This is good because as soon as you add a source address list, when one does a scan of their ports, the port does not appear at all. Without the source address list if you scan your ports, the dst nat port is visible but closed. I prefer invisible LOL. Anav, I want to clarify something about what y...
by k6ccc
Tue Jun 08, 2021 6:31 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 20
Views: 1693

Re: Setting Up small home network with MikroTik hEX RB750Gr3

What you want to do is really quite straight forward for VLAN use. The link that anav posted is a good start. I am doing a similar concept (more stuff and more VLANs however) at my house with the same RB750Gr3 router. Can I assume that all your WiFi APs are UBNT? Are they VLAN aware? I am a strong s...
by k6ccc
Sat Jun 05, 2021 9:39 pm
Forum: SwOS
Topic: Minor issue with login interface and a pwd manager
Replies: 11
Views: 1354

Re: Minor issue with login interface and a pwd manager

I thought you were meant you were using some addon password manager in FireFox - hence my reference to a "real" password manager. My confusion - sorry
Actually the PWM that I use recently added a plugin for Firefox, but I have no real interest in using it.
by k6ccc
Sat Jun 05, 2021 8:42 pm
Forum: SwOS
Topic: Minor issue with login interface and a pwd manager
Replies: 11
Views: 1354

Re: Minor issue with login interface and a pwd manager

I use a real password manager and not a Firefox plugin. I only have a small number of things that have the password stored in FireFox, and those do not sync across devices. I do have my MT switches password stored so I only have to press enter, but for most stuff, I copy from the PWM and paste in to...
by k6ccc
Fri Jun 04, 2021 9:49 pm
Forum: SwOS
Topic: Minor issue with login interface and a pwd manager
Replies: 11
Views: 1354

Re: Minor issue with login interface and a pwd manager

I use Firefox as my preferred browser on this Windows 10 computer as well. I have Firefox set to remember the password for my MT switches, and like bpwl, I connect to the switch IP and the login window pops up already filled in, and I just hit enter and I'm in. Not using any plugin - just standard F...
by k6ccc
Mon May 31, 2021 8:26 pm
Forum: Beginner Basics
Topic: Limit a particular client to only communicate with another client on LAN
Replies: 3
Views: 332

Re: Limit a particular client to only communicate with another client on LAN

Filtering devices that are on the same LAN is tough because they are generally not going through the router. However if you create a separate VLAN for the NVR, it is easy in firewall rules to allow and disallow what can get to what.
by k6ccc
Mon May 31, 2021 8:11 pm
Forum: Beginner Basics
Topic: Setting up VLAN/Firewall with Mikrotik Router (RB4011)
Replies: 5
Views: 599

Re: Setting up VLAN/Firewall with Mikrotik Router (RB4011)

What you are proposing is fairly straight forward. It is no problem to set up firewall rules so that either all or selected devices on your private or management VLAN can get to either IoT or Kids VLAN devices to manage them, but those two VLANs for example can only get to the internet - I do that a...
by k6ccc
Mon May 31, 2021 2:07 am
Forum: Beginner Basics
Topic: Broadcast reply stuck in other address range
Replies: 3
Views: 481

Re: Broadcast reply stuck in other address range

Don't claim to be the expert here, but as I understand it, broadcast only works on the local subnet. In other words, it will not route.
by k6ccc
Fri May 28, 2021 10:37 pm
Forum: Scripting
Topic: Export in script bombing after update to 6.48.2 [SOLVED]
Replies: 5
Views: 1100

Re: Export in script bombing after update to 6.48.2 [SOLVED]

From the changelog: *) console - require "write+ftp" permissions for exporting configuration to file; Thanks! That was it. I had not caught that in when I read the release notes. And per the request, here is the full script: # Policies needed: ftp, read, policy, sensitive, test, write # P...
by k6ccc
Fri May 28, 2021 9:27 pm
Forum: General
Topic: Winbox glitch
Replies: 14
Views: 1604

Re: Winbox glitch

Never experienced this. Just tried every example cited in this thread and could not duplicate it on a RB750r2 or RB750Gr3 - both running 6.48.2 and WinBox 3.27 on a Dell desktop running Windows 10.
by k6ccc
Fri May 28, 2021 9:18 pm
Forum: Beginner Basics
Topic: Problem routing traffic from one lan to another
Replies: 6
Views: 712

Re: Problem routing traffic from one lan to another

Since you only gave a few details, the most obvious issue is your 219 subnet on the router is /24, and it is trying to communicate with devices outside that subnet IP range. Other than that, you did not give enough details. Export and post your config. If there are more devices involved, a network d...
by k6ccc
Fri May 28, 2021 8:01 pm
Forum: Scripting
Topic: Export in script bombing after update to 6.48.2 [SOLVED]
Replies: 5
Views: 1100

Export in script bombing after update to 6.48.2 [SOLVED]

I have a RB750r2 and a RB750Gr3 that each have a script that creates a backup, export, and version listing. The three files are then sent off site for archive. This script is run by schedule every night. These have worked perfectly for years. A few weeks ago, both routers were updated to 6.48.2 and ...
by k6ccc
Fri May 28, 2021 6:49 pm
Forum: General
Topic: Multiple Public IP from one interface
Replies: 4
Views: 482

Re: Multiple Public IP from one interface

When my DSL provider gave me up to eight addresses, I did pretty much what you want. I had several LANs and each one would use a different IP on the WAN side. ETH 1 - Internet connection with four static addresses (for example a.b.c.61, a.b.c.94, a.b.c.145, a.b.c.216) ETH 2 - .201 LAN - 192.168.201....
by k6ccc
Wed May 26, 2021 1:20 am
Forum: SwOS
Topic: [Bug?]PPPOE over VLAN not work
Replies: 3
Views: 1332

Re: [Bug?]PPPOE over VLAN not work

My first guess is a tagged vs untagged port issue Is the VLAN 620 coming from the cable modem, or is that just a VLAN you are using for transport? In other words, is the traffic from the cable modem VLAN tagged or is it untagged? Same thing at the other end - is the traffic being handed off to the R...
by k6ccc
Wed May 26, 2021 12:46 am
Forum: General
Topic: How to setup a server to use a Public IP address inside the network without using NAT
Replies: 5
Views: 627

Re: How to setup a server to use a Public IP address inside the network without using NAT

Run your internet into a dumb switch Take one output from that switch and run into the WAN port of your MT router and configured it with one of your /29 addresses - for example x.y.z.2. Connect your outside server to another port of that dumb switch and give it a different address in the /29 range -...
by k6ccc
Wed May 26, 2021 12:31 am
Forum: Beginner Basics
Topic: How much range does a router have?
Replies: 3
Views: 480

Re: How much range does a router have?

I like some of the humor answers...
Routers don't have range - access points do.
Not enough information to give an answer.
by k6ccc
Fri May 21, 2021 11:59 pm
Forum: SwOS
Topic: Issues with creating VLAN's
Replies: 2
Views: 969

Re: Issues with creating VLAN's

I run VLANs on multiple switches running SwitchOS. I want to make sure I understand what you are trying to accomplish. I sort of think you want a device each of the SFP ports that will have untagged traffic and only communicate with each other. Is that correct? This description being opposite to a V...
by k6ccc
Mon May 17, 2021 7:03 am
Forum: SwOS
Topic: SwOS
Replies: 1
Views: 1073

Re: SwOS

Not that I know of. I saw your other post and replied.
by k6ccc
Thu May 13, 2021 4:34 pm
Forum: Beginner Basics
Topic: Managing /29 network
Replies: 8
Views: 988

Re: Managing /29 network

I have a MikroTik RB4011iGS+ running 6.45.9.

Note that 6.45.9 is quite elderly. Is there a reason that you are running such an old version of RouterOS?
Your concern is that the router will be public facing, correct?
No - in general.
by k6ccc
Sat May 08, 2021 8:40 pm
Forum: General
Topic: WeBfig as default page in the management page [SOLVED]
Replies: 3
Views: 561

Re: WeBfig as default page in the management page [SOLVED]

Same here. I don't normally use WebFig (I usually use WinBox), but I just logged into my RB750Gr3 with 6.47.8 and it went right into WebFig.
by k6ccc
Thu May 06, 2021 6:04 pm
Forum: Beginner Basics
Topic: Managing /29 network
Replies: 8
Views: 988

Re: Managing /29 network

I have a MikroTik RB4011iGS+ running 6.45.9.

Note that 6.45.9 is quite elderly. Is there a reason that you are running such an old version of RouterOS?
by k6ccc
Thu May 06, 2021 5:56 pm
Forum: Beginner Basics
Topic: Block New Dynamic Leases [Help] [SOLVED]
Replies: 12
Views: 1237

Re: Block New Dynamic Leases [Help] [SOLVED]

thank you.. it seems i cannot find Address Pool in Filter Rules. i can drop specific addresses but i cant find address pool . IP Pool is not in rules. I use WinBox most of the time, so this screen capture should help: http://extraphotos.info/mikrotik/IP_pool.png If in a terminal window, see here: /...
by k6ccc
Tue May 04, 2021 5:59 pm
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 46
Views: 18754

Re: SwOS version 2.13 released!

I managed to get my 4 CSS106 switches to upgrade to FW2.13 ... the culprit seems that (at least mine) don't like to get upgraded while having allowing access only from VLAN 99 ... during upgrade it somewhere looses the VLAN config and it wants to connect over default vlan ( 1 ) ... disabling the ac...
by k6ccc
Sun May 02, 2021 8:58 pm
Forum: Beginner Basics
Topic: Block New Dynamic Leases [Help] [SOLVED]
Replies: 12
Views: 1237

Re: Block New Dynamic Leases [Help] [SOLVED]

If you have a DHCP server that has no IP pool (or no addresses in the pool), it will be unable to issue dynamic addresses. However it can happily hand out static addresses (some systems call that DHCP reservations) to known MAC addresses. So it you need to add a device, create a new static address i...
by k6ccc
Sun May 02, 2021 8:47 pm
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 46
Views: 18754

Re: SwOS version 2.13 released!

Of my two CSS106 switches (one CSS106-5G-1S, and one CSS106-1G-4P-1S), the POE version has RSTP turned on (only because it defaulted that way and I never turned it off) and the non-POE version has RSTP turned off for all ports - neither needs RSTP. Both upgraded just fine from 2.12 to 2.13 via the &...
by k6ccc
Sat May 01, 2021 8:11 pm
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 46
Views: 18754

Re: SwOS version 2.13 released!

After running 2.13 on three of my minor switches for the past day and a half, I just updated my two main CSS326-24G-2S+ via the "Download & Upgrade" button. Both took the upgrade just fine with only one or two pings to 8.8.8.8 dropped on each one.
Everything appears to be working fine.
by k6ccc
Sat May 01, 2021 7:38 am
Forum: Beginner Basics
Topic: Block New Dynamic Leases [Help] [SOLVED]
Replies: 12
Views: 1237

Re: Block New Dynamic Leases [Help] [SOLVED]

What are you trying to accomplish? Do you want to have no DHCP client, or only certain ones, or something else?
by k6ccc
Fri Apr 30, 2021 7:30 am
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 46
Views: 18754

Re: SwOS version 2.13 released!

Upgraded the following without incident via the "download & upgrade" button:
CRS326-24G-2S+ (running under SwitchOS)
CSS106-5G-1S
CSS106-1G-4P-1S

I'm holding off on my two CSS326-24G-2S+ main switches for a few days to make sure 2.13 is stable.
by k6ccc
Tue Apr 20, 2021 2:58 am
Forum: Scripting
Topic: An equivalent of GoSub? [SOLVED]
Replies: 3
Views: 989

Re: An equivalent of GoSub? [SOLVED]

Thanks Jotne. Took a little effect, but made it work for my simple purposes.
by k6ccc
Fri Apr 16, 2021 8:23 am
Forum: Scripting
Topic: An equivalent of GoSub? [SOLVED]
Replies: 3
Views: 989

Re: An equivalent of GoSub? [SOLVED]

Thanks Jotne. I'm gonna have to do some reading and playing with that when I'm awake (not enough for that right now). Maybe tomorrow...
by k6ccc
Fri Apr 16, 2021 5:51 am
Forum: SwOS
Topic: Can I use scripts on SwOS?
Replies: 2
Views: 1635

Re: Can I use scripts on SwOS?

Correct. No scripts in SwOS.
by k6ccc
Fri Apr 16, 2021 3:01 am
Forum: General
Topic: High Density Scenario - 30k client
Replies: 7
Views: 682

Re: High Density Scenario - 30k client

Can I guess that this is some type of show or event where you will be providing WiFi to attendees that need access to the internet and nothing else? And what is your internet access? Bandwidth, media, single or multiple IPs?
by k6ccc
Thu Apr 15, 2021 8:48 pm
Forum: Scripting
Topic: An equivalent of GoSub? [SOLVED]
Replies: 3
Views: 989

An equivalent of GoSub? [SOLVED]

I fully admit that I don't use scripting much in RouterOS. I do have a few that either I directly used from this section of the forum, or took from here and modified for my own purposes. I barely can function on my own... Does RouterOS scripting language have an equivalent of a GoSub command? I coul...
by k6ccc
Tue Apr 13, 2021 6:29 pm
Forum: Beginner Basics
Topic: Two ISPs over single point-to-point link
Replies: 2
Views: 428

Re: Two ISPs over single point-to-point link

Set up each internet service as a separate VLAN. The UBNT MW link will carry VLANs just fine. Also if you are not aware of it, you can set the UBNT MW to only respond to a certain VLAN for management of it. My UBNT link here only monitors my VLAN 203 - but is passing 15 VLANs. BTW, thanks for the dr...
by k6ccc
Fri Apr 09, 2021 2:17 am
Forum: Beginner Basics
Topic: 751 GR3
Replies: 1
Views: 267

Re: 751 GR3

Fire up WinBox and see if you can access it via MAC address.
by k6ccc
Thu Apr 08, 2021 2:26 am
Forum: Beginner Basics
Topic: Mikrotik Switch - it is not a switch?
Replies: 30
Views: 2408

Re: Mikrotik Switch - it is not a switch?

If it's like most Mikrotik routers, with the default configuration, port 1 will be configured as the WAN port and everything else connected in a bridge. CRS switches has different default configuration. All ports bridged, and, if I remember correctly, a static IP assigned to that bridge. So much fo...
by k6ccc
Thu Apr 08, 2021 2:03 am
Forum: Beginner Basics
Topic: Mikrotik Switch - it is not a switch?
Replies: 30
Views: 2408

Re: Mikrotik Switch - it is not a switch?

If it's like most Mikrotik routers, with the default configuration, port 1 will be configured as the WAN port and everything else connected in a bridge. Therefore, all ports EXCEPT port 1 should be able to function as if it was a dumb switch. Make sure you are not trying to use port 1 until you chan...
by k6ccc
Mon Apr 05, 2021 7:58 am
Forum: General
Topic: Multicast flood
Replies: 13
Views: 908

Re: Multicast flood

Run your HDMI over Ethernet in Unicast rather than multicast - provided that the hardware is capable of that. Solves your multicast flood if it's not running multicast..
by k6ccc
Mon Apr 05, 2021 5:16 am
Forum: General
Topic: Multicast flood
Replies: 13
Views: 908

Re: Multicast flood

Is there anything else you would like to recommend.
Unicast.
by k6ccc
Mon Apr 05, 2021 1:29 am
Forum: SwOS
Topic: CRS326 DHCP over VLAN Trunk not working
Replies: 2
Views: 1479

Re: CRS326 DHCP over VLAN Trunk not working

What SwitchOS version?

I just looked at my one CRS326 (running SwitchOS version 2.12) and it is configured for static IP, but I can do a test without too much difficulty. The only connection to that switch from the rest of my network is via one VLAN trunk..
by k6ccc
Fri Mar 26, 2021 7:06 pm
Forum: Beginner Basics
Topic: I can't access the web interface for MikroTik hAP ac2 [SOLVED]
Replies: 11
Views: 1054

Re: I can't access the web interface for MikroTik hAP ac2 [SOLVED]

I would lose access to it every time I got the device partway configured. Likely your fault. For example, if you change the IP subnet of the device, of course you are going to lose connection to it - until you change the IP of your computer. Although I don't normally use it, Webfig works just fine....
by k6ccc
Fri Mar 26, 2021 6:59 pm
Forum: Beginner Basics
Topic: I can't access the web interface for MikroTik hAP ac2 [SOLVED]
Replies: 11
Views: 1054

Re: I can't access the web interface for MikroTik hAP ac2 [SOLVED]

My only sadness now is that I bought this device thinking it was ddwrt/openwrt/tomato compatible.
In other words, you bought something other than what you are looking for, and then are bitching that it does not work the way you wanted. Frankly, I am VERY glad that it is no ddwrt compatible.
by k6ccc
Fri Mar 26, 2021 6:30 pm
Forum: Beginner Basics
Topic: I can't access the web interface for MikroTik hAP ac2 [SOLVED]
Replies: 11
Views: 1054

Re: I can't access the web interface for MikroTik hAP ac2 [SOLVED]

You can use Webfig which is a web interface similar to WinBox, or you can use a Telnet or preferably SSH session to configure it with a text based interface. If you are on a MAC, apparently there is a way to run WinBox on a MAC, but I don't use a MAC, so I have no details. If you are on linux, you s...
by k6ccc
Wed Mar 24, 2021 6:05 pm
Forum: Beginner Basics
Topic: Rb260gsp setup as simple switch?
Replies: 2
Views: 459

Re: Rb260gsp setup as simple switch?

No, you do not need to set port mirroring. The out of the box config will work for you, although as Phillip said, you likely will want to set the IP configuration.
And correct, no point in paying extra for the PoE that you likely won't be using.
by k6ccc
Thu Mar 18, 2021 9:55 pm
Forum: Beginner Basics
Topic: DHCP
Replies: 2
Views: 407

Re: DHCP

You did not say which Mikrotik you are using. For the purpose, you should have a switch, not a router. If you are using a router, you are going to need to provide us with a drawing (or a really good description - drawing is better) of your network layout, and a export of your router configuration in...
by k6ccc
Mon Mar 15, 2021 7:22 pm
Forum: Beginner Basics
Topic: Logins limit
Replies: 1
Views: 293

Re: Logins limit

Well, you're right - each session required a separate logon. That is a bit surprising...
I don't normally use WebFig - either SSH or generally Winbox.
by k6ccc
Mon Mar 15, 2021 5:02 pm
Forum: General
Topic: Mikrotik UPS Solution
Replies: 11
Views: 995

Re: Mikrotik UPS Solution

The original poster said that he has two CRS125 routers and two passive POE injectors running on 24 volts. My original and followup suggestions was to run both the routers and the POE injectors off the same 24 volt battery plant. How do you ideally split current between 4 devices (2xCRS, 2xPoE inje...
by k6ccc
Mon Mar 15, 2021 4:13 pm
Forum: General
Topic: Mikrotik UPS Solution
Replies: 11
Views: 995

Re: Mikrotik UPS Solution

The original poster said that he has two CRS125 routers and two passive POE injectors running on 24 volts. My original and followup suggestions was to run both the routers and the POE injectors off the same 24 volt battery plant.
by k6ccc
Mon Mar 15, 2021 6:59 am
Forum: General
Topic: Mikrotik UPS Solution
Replies: 11
Views: 995

Re: Mikrotik UPS Solution

Is there such a thing but with ethernet inputs/outputs to go in between regular injectors and devices? Would make things a bit simpler
Use your existing POE injectors, but power if from a 24 volt battery plant. Use the same thing to power the routers. Much easier than any sort of UPS.
by k6ccc
Sun Mar 14, 2021 10:16 pm
Forum: General
Topic: Mikrotik UPS Solution
Replies: 11
Views: 995

Re: Mikrotik UPS Solution

Running the devices directly off a battery plant would be better. Ideally with redundant battery chargers to protect you in case a battery charger fails. Easier if all the devices can operate off the same voltage. And there is no switching time upon AC power failure - only the battery chargers stop ...
by k6ccc
Sun Mar 14, 2021 7:24 am
Forum: General
Topic: How do you know that Mikrotik had become popular ?
Replies: 5
Views: 654

Re: How do you know that Mikrotik had become popular ?

If one was proactive and wanted to be more aggressive one would log all entry attempts on port 8291 on input chain and block those IPs for all ports on raw chain.
That's what I do...
by k6ccc
Sat Mar 13, 2021 8:49 pm
Forum: Beginner Basics
Topic: ipv6 package
Replies: 7
Views: 752

Re: ipv6 package

No real point in installing the IPv6 package if you are not going to use it (neither do I).
by k6ccc
Fri Mar 05, 2021 11:41 pm
Forum: SwOS
Topic: CRS312, VLANs cannot talk with outside of the switch
Replies: 13
Views: 1745

Re: CRS312, VLANs cannot talk with outside of the switch

No, I do not normally use the port isolation capability - just different VLANs to keep things apart. On your port 1, on the VLAN tab, change VLAN mode to disabled and VLAN Receive to Only untagged. Off hand, I suspect that the switch is trying to send VLAN tagged traffic to your client PC - which li...
by k6ccc
Fri Mar 05, 2021 6:45 pm
Forum: SwOS
Topic: CRS312, VLANs cannot talk with outside of the switch
Replies: 13
Views: 1745

Re: CRS312, VLANs cannot talk with outside of the switch

SwitchOS handles VLANs just fine. I am using multiple VLANs on all of my switches. Most of my ports are not VLAN tagged - but are assigned to a VLAN, but there is at least one VLAN trunk port, and several of the switches have one or more other ports that are VLAN tagged. Based on the hosts tab, you ...
by k6ccc
Mon Mar 01, 2021 9:32 pm
Forum: General
Topic: winbox multiple instances/databases
Replies: 5
Views: 399

Re: winbox multiple instances/databases

Different log on accounts for the computer that is running WinBox?

What are you trying to accomplish?
by k6ccc
Sun Feb 28, 2021 8:46 pm
Forum: Beginner Basics
Topic: hAP Lite: How to connect ethernet/LAN device to WLAN subnet?
Replies: 4
Views: 407

Re: hAP Lite: How to connect ethernet/LAN device to WLAN subnet?

It will involve setting up a bridge, but I don't use any bridges in my routers, so I can't help you much. The Ethernet port and the WLAN need to be in a bridge, but that's about my limit on bridges.
by k6ccc
Sat Feb 27, 2021 9:11 pm
Forum: Beginner Basics
Topic: I need help about installation mikrotik on VMware Esxi 6.0
Replies: 3
Views: 427

Re: I need help

I can't help you at all with your problem, but for future reference, a more useful message subject would be helpful. For example: I need help with VMware esxi
by k6ccc
Thu Feb 25, 2021 4:38 am
Forum: Beginner Basics
Topic: Load Backup issue with Custom Script? 6.48.1
Replies: 1
Views: 312

Re: Load Backup issue with Custom Script? 6.48.1

If I'm understanding your question, it is doing what it's supposed to. From the Wiki:
The configuration restore can be used for restoring the router's configuration, exactly as it was at the backup creation moment, from a backup file.
by k6ccc
Wed Feb 24, 2021 4:12 am
Forum: Beginner Basics
Topic: User "Allowed Address" not in "/export" or "/export verbose"?
Replies: 2
Views: 326

Re: User "Allowed Address" not in "/export" or "/export verbose"?

Hmmm, interesting. You are right, not there..
by k6ccc
Mon Feb 22, 2021 12:26 am
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 4
Views: 632

Re: Port Forwarding

Both methods work. The one accept all DST-NATted is certainly the easy route, but I wanted him to know why his rules did not work right - in other words, he might learn something. The other part is that there are times where you have a need to either not use the one accept rule, or to not use it for...
by k6ccc
Sun Feb 21, 2021 8:20 am
Forum: SwOS
Topic: SwOS
Replies: 3
Views: 1261

Re: SwOS

However, there is a major bug with the current release version of swOS not working with VLANS properly, which makes them unviable for anything except a lab setting. I would advise waiting until 2.13 is officially released. Oh really? Don't tell my six Mikrotik switches that are all running 2.12, an...
by k6ccc
Sun Feb 21, 2021 8:15 am
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 4
Views: 632

Re: Port Forwarding

Two of your code segments. The first is you DST Nat rules. I am going to assume that the first one (the port 80 TCP) is really like the port 80 UDP, but got mangled in the export and paste. Assuming that is true, those rules are fine. add action=dst-nat chain=dstnat comment="NGINX Proxy Port Fo...
by k6ccc
Thu Feb 18, 2021 5:47 pm
Forum: Beginner Basics
Topic: Opening firewall ports
Replies: 4
Views: 652

Re: Opening firewall ports

And to answer part two of your original question, yes the default firewall rules are fairly good for most purposes. If you are replacing a consumer grade router with a Mikrotik, the default configuration will work just fine. When you want to allow other stuff (such as your SSH question) is where the...
by k6ccc
Thu Feb 04, 2021 8:38 pm
Forum: Beginner Basics
Topic: Can't switch to SwOS
Replies: 2
Views: 424

Re: Can't switch to SwOS

That's a fairly old version of RouterOS. Just a stab in the dark. Update to a current version of RouterOS and see if the command to switch to SwitchOS is there.
by k6ccc
Mon Feb 01, 2021 4:33 am
Forum: SwOS
Topic: Subnet mask and swos
Replies: 12
Views: 6834

Re: Subnet mask and swos

There is traffic from my PC. So let's check the browser page. (Chrome has the developers tools built in).
And the browser is checking upgrade.microsoft .com to fill in this page. The switch is not initiating a request.
Ain't that interesting...
by k6ccc
Sun Jan 31, 2021 11:17 pm
Forum: SwOS
Topic: Subnet mask and swos
Replies: 12
Views: 6834

Re: Subnet mask and swos

The only thing with this "answer with src IP and src MAC as destination" mechanism is that the switch cannot initiate a connection to something outside the own subnet, as it does not have a clue on the gateway to use. But I see no process that initiates a connection from the switch (like ...
by k6ccc
Sun Jan 31, 2021 8:26 pm
Forum: SwOS
Topic: Subnet mask and swos
Replies: 12
Views: 6834

Re: Subnet mask and swos

I have not found a situation where I could not access any of my switches. At the very least, the computer is on a different VLAN than the switch is listening on, so traffic is going through a router or two to get there and it always finds its way back. This computer has an IP on my .101 LAN. Althoug...
by k6ccc
Sun Jan 31, 2021 8:05 pm
Forum: General
Topic: 24v 800mA power supply failure
Replies: 3
Views: 441

Re: 24v 800mA power supply failure

I have several of those and have not had any fail - for whatever that's worth...
by k6ccc
Sun Jan 31, 2021 8:03 pm
Forum: Beginner Basics
Topic: Looking for new Switch (Parameters Below)
Replies: 2
Views: 349

Re: Looking for new Switch (Parameters Below)

If you are happy with the CSS326-24G-2S+, I would get another one. Extra ports are always useful. Amazing how ports can get used in the future. In full disclosure, I have two of them (with rack ears) here at home plus a CRS326-24G-2S+RM that is running SwitchOS up at a local radio site and I am very...
by k6ccc
Sun Jan 24, 2021 8:27 pm
Forum: General
Topic: WinBox problem after upgrading to v6.48
Replies: 3
Views: 404

Re: WinBox problem after upgrading to v6.48

That was going to be my guess - old version of WinBox.
Glad you got it resolved.
by k6ccc
Sun Jan 24, 2021 5:13 am
Forum: General
Topic: how to conquer random mac address?
Replies: 7
Views: 1113

Re: how to conquer random mac address?

iPhones are doing the same thing with a recent update. At least on the iPhone you can turn it off for a specific WiFi connection. If the Lenova has the same option, you could set up a rate limit so that if someone is not using one of your DHCP reservation IP addresses, they get limited to slow speed...
by k6ccc
Sat Jan 23, 2021 9:00 pm
Forum: General
Topic: Coax to RJ45 - is a MoCA adapter required? [SOLVED]
Replies: 8
Views: 971

Re: Coax to RJ45 - is a MoCA adapter required? [SOLVED]

Yeah, seems like I'll have to give up on this idea. I'd hoped to just jam the coax to my ethernet plug, and maybe punch in some PPPoE credentials manually or something, but yeah I'm forgetting that there's more to it than just whether it fits in the slot or not. That would be about like thinking yo...
by k6ccc
Sat Jan 23, 2021 8:48 pm
Forum: Beginner Basics
Topic: Basic question about firewall rule organization, and grouping by chains.
Replies: 5
Views: 591

Re: Basic question about firewall rule organization, and grouping by chains.

I group all my chains together. As noted before, the router does not care, but it makes it far easier for the poor human being that has to read it - that would be me. You can also create any other chains that you want. Speeds up processing if you can jump to a different chain for one certain type of...
by k6ccc
Fri Jan 22, 2021 9:29 pm
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 936

Re: [Request] Winbox Default Port

...without saving the host in the Managed list (for security reasons) What's your issue with using the managed list? Only someone who logs onto your PC with your account will see your list, and as Normis pointed out, the file is encrypted if you use the Master password. Keep in mind that the IP of ...
by k6ccc
Fri Jan 22, 2021 7:31 pm
Forum: Beginner Basics
Topic: Allow LAN to LAN routes
Replies: 2
Views: 375

Re: Allow LAN to LAN routes

I would agree, configure the EeroMesh device that has a wired connection simply as an access point, an let the MT handle the router functions.
by k6ccc
Fri Jan 22, 2021 5:31 pm
Forum: SwOS
Topic: Can SwitchOS pass VLAN's to other MikroTik switches?
Replies: 4
Views: 1292

Re: Can SwitchOS pass VLAN's to other MikroTik switches?

God, I hope so! I am running VLANs on every one of my Mikrotik switches. I have five MT switches here at home, and lots of VLANs. I would hate to find that what I have been doing for years doesn't work :)
by k6ccc
Fri Jan 22, 2021 5:24 pm
Forum: General
Topic: 2 Mikrotiks on same layer 2
Replies: 15
Views: 1121

Re: 2 Mikrotiks on same layer 2

Not following what you are trying to accomplish. Can you draw a picture of what you want to do?
by k6ccc
Thu Jan 21, 2021 6:05 pm
Forum: General
Topic: Is there a way to log into admin panel if service on port 80 was accidentially turned off
Replies: 13
Views: 1064

Re: Is there a way to log into admin panel if service on port 80 was accidentially turned off

Keep in mind that really the only thing you would do via MAC Winbox is to enable proper ways of accessing the router. Think of it as an "Ah crap, I messed up, let me fix my screwup".
by k6ccc
Thu Jan 21, 2021 4:29 am
Forum: Beginner Basics
Topic: Slower performance when connected directly to router!
Replies: 12
Views: 1176

Re: Slower performance when connected directly to router!

The 100Mb/s sounds suspicious. Check the connection speed on the laptop. Could be a cable issue. Gigabit normally requires all four pairs whereas 10Base-T and 100Base-T only uses two of the pairs.
by k6ccc
Wed Jan 20, 2021 9:21 pm
Forum: Beginner Basics
Topic: Dividing one routerboard making it two separate wan routers
Replies: 6
Views: 646

Re: Dividing one routerboard making it two separate wan routers

I am doing essentially what you are trying to do with a RB750Gr3 (Hex) with my normal internet as port 1, and a ham radio network as a second WAN when happens to be a VLAN on port 4. Works fine. Does require a little care in routing tables, and of course firewall rules to keep the intended traffic s...
by k6ccc
Tue Jan 19, 2021 6:04 pm
Forum: General
Topic: RouterOS .backup to .rsc/text
Replies: 4
Views: 583

Re: RouterOS .backup to .rsc/text

I lost my lain text .rsc files for the router config For future use, automatically produce a new (current) .rsc file on a regular basis. I have a script that produces the binary .backup and a plain text .rsc files and sends them to me via E-Mail. That scrip is run via the scheduler every night. Now...
by k6ccc
Tue Jan 12, 2021 5:18 pm
Forum: General
Topic: How to setup Mikrotik router and TTL
Replies: 14
Views: 1738

Re: How to setup Mikrotik router and TTL

How about asking a question. The subject is so vague, and other than that, you don't tell us what you are trying to do, or what you need help with.
by k6ccc
Tue Jan 12, 2021 5:15 pm
Forum: Beginner Basics
Topic: Can I change user name in SwOS?
Replies: 4
Views: 577

Re: Can I change user name in SwOS?

Not in SwitchOS.
by k6ccc
Sun Jan 10, 2021 3:22 am
Forum: Beginner Basics
Topic: New user- need help! Please!
Replies: 4
Views: 608

Re: New user- need help! Please!

I changed my laptop's IP to static 192.168.88.2, and was able to log into the switch, but as soon as I tried to change switch IP to 192168.1.58, I lost connection. That would be correct. As soon as you changed the IP on the switch to 192.168.1.58, your PC can no longer access the switch until you c...
by k6ccc
Tue Jan 05, 2021 5:40 pm
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 22
Views: 1909

Re: IPv6 Firewall

It is a bug/shortcoming in RouterOS. When you add a new package, the default configuration for that package is not applied. Workaround: always enable IPv6 as first thing when you receive a new router, then update to the newest RouterOS version, and then reset to factory defaults. When you do the re...
by k6ccc
Tue Jan 05, 2021 1:48 am
Forum: General
Topic: Coaxial Adapter
Replies: 4
Views: 557

Re: Coaxial Adapter

Nope. Doing so would likely release the magic smoke that makes all electronics work. Combining transmitters into a single antenna can be done, but it's not something that is plug and play - or inexpensive.
by k6ccc
Wed Dec 30, 2020 4:40 am
Forum: General
Topic: Winbox - MacOS Big Sur
Replies: 24
Views: 6289

Re: Winbox - Big Sur

Can I assume "Big Sur" is a name for a recent Mac OS? I don't speak Mac.

If that is the case, don't hold your breath. Mikrotik has never supported Mac OS, and appears that they have no interest in doing so.
by k6ccc
Mon Dec 14, 2020 11:20 pm
Forum: SwOS
Topic: SwitchOS CLI
Replies: 8
Views: 6557

Re: SwitchOS CLI

I use switches exclusively as switches and I use routers exclusively as routers - the two functions do not cross. In fact, the only reason I have one CRS326 is that I ordered a CSS326 and the vendor incorrectly sent me a CRS326. When I contacted them about it, they said it was not worth the effort a...
by k6ccc
Mon Dec 14, 2020 4:11 am
Forum: SwOS
Topic: SwitchOS CLI
Replies: 8
Views: 6557

Re: SwitchOS CLI

There's a version of OS available which has everything you want. It's called ROS. Yes, ROS device can be configured as a switch, doesn't have to be router. That does not help with switch only devices (see my list below). And for managing switches, SwitchOS works very well. With that said, it would ...
by k6ccc
Mon Dec 14, 2020 4:07 am
Forum: General
Topic: Forum registration disabled?
Replies: 2
Views: 438

Re: Forum registration disabled?

Beats me, but I concur that unless it's well hidden, there is no way to join.
by k6ccc
Sat Dec 05, 2020 11:01 pm
Forum: SwOS
Topic: CRS326-24G-2S+ no ip address
Replies: 3
Views: 1004

Re: CRS326-24G-2S+ no ip address

If it is still on a factory config, it will be 192.168.88.1. If you changed it, you need to point your browser to the address that you changed it to. If you changed it to DHCP, whatever device is operating as a DHCP server should be able to tell you what address it is using. If you can't not find it...
by k6ccc
Fri Dec 04, 2020 6:23 am
Forum: SwOS
Topic: swos-css326 permit specific mac to port
Replies: 1
Views: 702

Re: swos-css326 permit specific mac to port

Look at ACL rules. I've never used them so I can't give you examples, but MAC filtering is in the options.
by k6ccc
Fri Dec 04, 2020 6:18 am
Forum: SwOS
Topic: Setup and access switch from upstream router
Replies: 2
Views: 799

Re: Setup and access switch from upstream router

The only aspect I don't like, is the fact that you lose access to the switch from any port that is not routed by the specified VLAN (10 in my scenario). Because if my upstream router dies or is misconfigured, I also lose access to the switch. I guess that my next purchase will have a console port ;...
by k6ccc
Sun Nov 01, 2020 3:47 am
Forum: SwOS
Topic: SwOS boots but cannot access
Replies: 3
Views: 1321

Re: SwOS boots but cannot access

Can you hook up the switch to something that will provide a DHCP address (usually your router). Then look at the DHCP server to see what address was assigned. Then try to go to that address.with a web browser.
by k6ccc
Fri Oct 30, 2020 2:10 am
Forum: SwOS
Topic: CSS610-8G-2S+IN VLAN Behaviour
Replies: 1
Views: 1516

Re: CSS610-8G-2S+IN VLAN Behaviour

I don't have that switch, but am very familiar with SwitchOS. What you are reporting does not make a lot of sense. BTW, I suspect you typoed something in your description because the DHCP range for VLAN 2 does not include the switch management address. However, I suspect that was a fat finger item.....
by k6ccc
Thu Oct 15, 2020 6:29 am
Forum: SwOS
Topic: SwOs - Suggestion for improvements
Replies: 2
Views: 1012

Re: SwOs - Suggestion for improvements

That is one of my pet peeves - We won't tell you what the password requirements are - but there are requirements. Unfortunately that is VERY common!
by k6ccc
Mon Oct 05, 2020 9:04 pm
Forum: Beginner Basics
Topic: proplem with dhcp
Replies: 7
Views: 690

Re: proplem with dhcp

Is this on Amazon AWS? If not, why are you using their IP addresses? it's private ip , so why don't use Highly recommend that you don't use a public address on your private network. There are private IP ranges for a reason. Using someone elses address range wiil come back to haunt you if you every ...
by k6ccc
Sat Oct 03, 2020 10:33 pm
Forum: SwOS
Topic: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing
Replies: 15
Views: 3688

Re: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing

I had not really paid attention to the model of switch that you are using. Apparently that is a very new product and the software download page has not been updated with the new model. As this is a user forum, you might be better off sending a message to support@mikrotik.com That will get directly t...
by k6ccc
Sat Oct 03, 2020 6:15 am
Forum: SwOS
Topic: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing
Replies: 15
Views: 3688

Re: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing

Go to the Mikrotic downloads page: https://mikrotik.com/download
Download the appropriate file and do a manual upgrade (near the bottom of the Upgrade tab).
by k6ccc
Thu Oct 01, 2020 9:08 pm
Forum: SwOS
Topic: Help me please, switch keeps briking on me
Replies: 3
Views: 786

Re: Help me please, switch keeps briking on me

You are not giving us much info on your configuration. Are you trying to access the switch via one of the trunks or have you designated a specific non-tagged port as your "management" port? As xvo said, you need to tell the switch what port or ports and what VLAN management access is allow...
by k6ccc
Thu Sep 24, 2020 12:03 am
Forum: General
Topic: [FEATURE REQUEST] User Interface Overhaul?
Replies: 10
Views: 1045

Re: [FEATURE REQUEST] User Interface Overhaul?

Like the others who have posted, I have very very issues with WinBox (what I normally use for most purposes). I find it easy to work with. It is FAR better than the GUI for the Juniper routers we have at work. I use my MT routers strictly as routers (no switch functionality, but lots of VLANs), so t...
by k6ccc
Wed Sep 23, 2020 2:28 am
Forum: SwOS
Topic: NewBie CRS305 issue
Replies: 1
Views: 801

Re: NewBie CRS305 issue

You did not tell us what fiber SFPs you are using. You did specify that the ones having problems are using multi-mode FO cable. Makes me wonder if there is a mismatch between multi-mode and single-mode - either with the jumper cables or with the SFPs. From what you said, I am gathering that you are ...
by k6ccc
Mon Sep 21, 2020 11:52 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 29304

Re: WinBox v3.27 released!

I can confirm it as well in 3.27 64 bit version. However, you are going to need to put something in that field regardless of what defaults there, so this is not really much of an issue. Note that this is on the Bridge VLAN page as shows above and not the interface VLAN page (where the default is 1 -...
by k6ccc
Sat Sep 19, 2020 7:31 pm
Forum: General
Topic: icmp nat
Replies: 13
Views: 853

Re: icmp nat

if any of the hosts have open ports (a web, ftp, or mail server for example), you can send tcp pickets to those ports and get a response. Most monitoring services can check for all sorts of ports. And this approach makes a lot of sense, because a response to a ping tells you nothing more than that ...
by k6ccc
Sat Sep 19, 2020 8:36 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 853

Re: icmp nat

Nope. icmp does not have ports (unlike udp and tcp), so all you get is IP. If you have multiple public IPs, you can have each public IP NAT to a different host, but if you only have one public IP, you only get one. Now with that said, if any of the hosts have open ports (a web, ftp, or mail server f...
by k6ccc
Sat Sep 19, 2020 8:15 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 853

Re: icmp nat

Yep. If you have only one public IP, you can only ping one host.
by k6ccc
Sat Sep 19, 2020 7:51 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 853

Re: icmp nat

I just set this up on one of my routers. This is working fine. Note that if you don't have a forward rule to allow anything DST-NATted, you will need to build a specific rule to accept these packets. http://extraphotos.info/mikrotik/ICMP-NAT-1.png http://extraphotos.info/mikrotik/ICMP-NAT-2.png Also...
by k6ccc
Sat Sep 19, 2020 7:26 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 853

Re: icmp nat

You are almost there. Add the In Interface, and on the Action tab, set for DST NAT and tell what IP to send it to.
by k6ccc
Sat Sep 19, 2020 6:59 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 853

Re: icmp nat

Correct, icmp does not have ports.
by k6ccc
Sat Sep 19, 2020 6:04 am
Forum: SwOS
Topic: Help with CSS326-24G-2S+ and LACP
Replies: 1
Views: 632

Re: Help with CSS326-24G-2S+ and LACP

You're not giving a lot of information. It looks OK on the CSS326 as long as the other end is configured to initiate the LACP.
Also, what SwOS version are you running?
by k6ccc
Sat Sep 19, 2020 5:58 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 853

Re: icmp nat

No different than any other NAT except the Protocol is icmp instead of the more common tcp or udp - I ran one for a specific purpose a while back.
by k6ccc
Wed Sep 16, 2020 10:43 pm
Forum: SwOS
Topic: Service VLAN on swOS
Replies: 5
Views: 4134

Re: Service VLAN on swOS

I don't remember seeing any mention of it in any updates. Push really comes to shove, I likely could test in here.
by k6ccc
Sun Sep 13, 2020 7:32 am
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 7184

Re: Expected down time for this forum SEPT 11

Same here. My password was invalid - it said. Used the "I forgot my password" link. "reset" my password to what it has been before - 4 capital letters, 4 lower case letters, 7 special characters, and 1 number - cryptic crap generated by my password manager.
by k6ccc
Wed Sep 09, 2020 11:44 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 61635

Re: SwOS version 2.12 released!

update to version 2.12 and I deleted the Mac Address and the Series. Any solution? I don't understand your statement. What do you mean that you deleted the MAC and the series (or was that supposed to be Serial?). You as a user do not have the ability to change either of those fields from the GUI, a...
by k6ccc
Sun Sep 06, 2020 7:37 pm
Forum: Beginner Basics
Topic: Port forward
Replies: 7
Views: 600

Re: Port forward

Make sure that you have either a firewall rule that allows that port in the forward chain or a rule that allows anything DSTNAT forwarded to be accepted in the forward chain.
Creating a port forward does NOT automatically allow that through the firewall (unless you have a allow anything DSTNAT rule).
by k6ccc
Thu Sep 03, 2020 6:25 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 29304

Re: WinBox v3.27 released!

Good grief, I just downloaded 3.25 yesterday.. Anyway with 3.27 (64 bit version), file list and log are working on my RB750Gr3 and RB750r2. Good grief, do you not check for updates at least twice daily?? I know you are largely just being funny anav... Actually I check this forum fairly regularly, a...
by k6ccc
Thu Sep 03, 2020 6:28 am
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 29304

Re: WinBox v3.27 released!

Can't replicate that on my RB750r2 with 6.47.1. Worked fine.
by k6ccc
Wed Sep 02, 2020 10:05 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 29304

Re: WinBox v3.27 released!

Good grief, I just downloaded 3.25 yesterday..

Anyway with 3.27 (64 bit version), file list and log are working on my RB750Gr3 and RB750r2.
by k6ccc
Thu Aug 27, 2020 8:07 am
Forum: SwOS
Topic: Need help to setup 2 VLANs
Replies: 4
Views: 1879

Re: Need help to setup 2 VLANs

On the VLANs tab, For each VLAN, check the boxes for the ports that will access that VLAN.
To add VLANs to the VLANs tab, press the APPEND button at the bottom. Then edit the VLAN number and ports.
by k6ccc
Mon Aug 24, 2020 7:49 pm
Forum: SwOS
Topic: Need help to setup 2 VLANs
Replies: 4
Views: 1879

Re: Need help to setup 2 VLANs

Here are a couple screen shots from my CSS326 that should help. BTW, I posted this and then realized that the screen captures were quite dated. I edited the post with new captures, so if you looked at this within the first 5 minutes after I posted it, the images changed. If you see this this text, y...
by k6ccc
Sun Aug 23, 2020 10:47 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 42130

Re: CSS326-24G-2S+RM hangs until power cycle

As far as I know, you are the first person to report this lockup under ROS. This entire thread has been about SwOS.
by k6ccc
Fri Aug 21, 2020 7:45 am
Forum: Beginner Basics
Topic: Remote Management Access using Public IP
Replies: 11
Views: 6474

Re: Remote Management Access using Public IP

Use WinBox, not WebFig, and in addition to the above suggestions, use non-standard ports.
by k6ccc
Thu Aug 20, 2020 7:12 am
Forum: General
Topic: Today lost winbox functions 6.47.1 !?
Replies: 2
Views: 466

Re: Today lost winbox functions 6.47.1 !?

6.47.1 is working fine with WinBox on both my routers. Did you change anything?
by k6ccc
Wed Aug 19, 2020 5:43 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 42130

Re: CSS326-24G-2S+RM hangs until power cycle

Coming up on 36 days and still good on both of mine..
by k6ccc
Wed Aug 19, 2020 5:07 am
Forum: General
Topic: Is it possible to mark-routing the ICMP packets?
Replies: 5
Views: 743

Re: Is it possible to mark-routing the ICMP packets?

Not enough detail. What are you trying to accomplish?
by k6ccc
Tue Aug 18, 2020 7:47 am
Forum: General
Topic: Help! Unknown Logs Eating RAM [SOLVED]
Replies: 2
Views: 495

Re: Help! Unknown Logs Eating RAM [SOLVED]

I only looked at a few of them, but it looks like you have set up a NAT with logging enabled. In that case, there will be a log entry for every packet. Turn off logging on your NAT.
by k6ccc
Tue Aug 18, 2020 12:07 am
Forum: Beginner Basics
Topic: Firewall drop port scanners rule trigered by Avast Antivirus
Replies: 3
Views: 1013

Re: Firewall drop port scanners rule trigered by Avast Antivirus

Let me see if I have this right. You add firewall rules to detect and stop port scanners, then you complain that it does exactly what you asked it to do (stop a port scanner). If you want to do a port scan to see what might be open, yes, you will need to disable your port scanner blocker rules while...
by k6ccc
Mon Aug 17, 2020 11:54 pm
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3935

Re: IPTV Switching

I don't believe that is correct. Optional will allow either untagged or tagged packets, but you still need to tell the switch what VLANs are on which port. At least that is my understanding (and my observation for ports that I have set to optional). I just did a test. I have WiFi access points that ...
by k6ccc
Mon Aug 17, 2020 5:44 pm
Forum: Beginner Basics
Topic: firewall blocks router [SOLVED]
Replies: 5
Views: 1510

Re: firewall blocks router [SOLVED]

You are only showing one firewall rule in the input chain - and that is a drop everything. Based on that, there must be more to it that you are not showing us, else nothing into the router would work at all - including your ability to communicate with the router. If you want our help, you need to pr...
by k6ccc
Sat Aug 15, 2020 2:10 am
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3935

Re: IPTV Switching

My strong suspicion is that the IPTV is using a VLAN and the "normal" computer internet is untagged. That way, if you plug a computer into it, it understands the untagged traffic. The TV box is set up to look for a VLAN so it is happy too. Assuming that is the case, you will need to set up...
by k6ccc
Fri Aug 14, 2020 11:28 pm
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3935

Re: IPTV Switching

Knowing virtually nothing about IPTV (other than what I have read on this forum), are all four ports on the ISP router usable for either internet or TV, or are there specific ports for each?
by k6ccc
Fri Aug 14, 2020 5:44 pm
Forum: Beginner Basics
Topic: Remove bridge from RB750Gr3
Replies: 7
Views: 1873

Re: Remove bridge from RB750Gr3

We need to see what his configuration looks like. Until we see that, we are guessing.
by k6ccc
Fri Aug 14, 2020 12:15 am
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3935

Re: IPTV Switching

Most dumb switches will handle VLAN tagged traffic because they will simply ignore the VLAN tagging, and pass them along. Most smart switches understand what a VLAN tag is and process them, and then handle them as such. Sorry for the torch reference - I had RouterOS in mind when you said you were ru...
by k6ccc
Thu Aug 13, 2020 11:02 pm
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3935

Re: IPTV Switching

If I were to hazard a guess, the IPTV is likely using a VLAN for connectivity. Using Torch on the ports that the TV boxes are on may shed some light.
by k6ccc
Thu Aug 13, 2020 9:26 pm
Forum: Beginner Basics
Topic: Remove bridge from RB750Gr3
Replies: 7
Views: 1873

Re: Remove bridge from RB750Gr3

You are wanting to operate very similar to my RB750Gr3 - it is strictly used as a router and all switch functions are handled by a separate switch (CSS326-24G-2S in my case). I have never had a bridge on any of my routers. By default a router will route traffic between LANs, so you must put in firew...
by k6ccc
Thu Aug 13, 2020 9:11 pm
Forum: Beginner Basics
Topic: Router Mode
Replies: 6
Views: 1822

Re: Router Mode

Additionally, once you have made any config changes to your router, you should NEVER use QuickSet. QuickSet will happily overwrite your changes for you.
by k6ccc
Thu Aug 13, 2020 6:44 am
Forum: Beginner Basics
Topic: all links not support HTTPS
Replies: 6
Views: 1443

Re: all links not support HTTPS

I don't run hotspot, so I can't help, but I get the idea.
by k6ccc
Thu Aug 13, 2020 12:47 am
Forum: Beginner Basics
Topic: Newbie switch question [SOLVED]
Replies: 2
Views: 754

Re: Newbie switch question [SOLVED]

You are really close. As soon as a new device sends a packet, the switch learns the MAC of that device and stores that and what port it was on in it's hosts table. As long as the device does not move to another port it will remember where it is (it should have a timeout in there). As long as the MAC...
by k6ccc
Tue Aug 11, 2020 10:07 pm
Forum: Beginner Basics
Topic: Multiple Tagged VLANs on One Port
Replies: 4
Views: 1218

Re: Multiple Tagged VLANs on One Port

If you look my first screen capture, under Open Mesh #1, you will see that VLAN receive mode is set to "Any", and the default VLAN ID is set to "201". That means that port 1 will receive either VLAN tagged or untagged traffic, and that inbound untagged traffic will be assigned to...
by k6ccc
Tue Aug 11, 2020 5:58 pm
Forum: Beginner Basics
Topic: Firewall/VLAN setup
Replies: 10
Views: 3996

Re: Firewall/VLAN setup

By default, a Mikrotik router will router whenever it can. In other words, unless you block it with a firewall rule, it will happily route between VLANs. In each chain, the router will start at the top of the firewall rules in that chain, and keep processing rules until it finds a rule that matches,...
by k6ccc
Tue Aug 11, 2020 5:43 pm
Forum: Beginner Basics
Topic: all links not support HTTPS
Replies: 6
Views: 1443

Re: all links not support HTTPS

WAY not enough information. What are you talking about?
by k6ccc
Tue Aug 11, 2020 5:40 pm
Forum: Beginner Basics
Topic: Multiple Tagged VLANs on One Port
Replies: 4
Views: 1218

Re: Multiple Tagged VLANs on One Port

I am in the exact same situation with my WiFi nodes, and I have two of them fed from a CSS106-5G-1S (proper name for the current RB260GS). Here are a couple screen captures: http://extraphotos.info/mikrotik/CSS106-VLAN.PNG Open Mesh #1 uses VLAN 201 as it's untagged management LAN, and Open Mesh #2 ...
by k6ccc
Mon Aug 10, 2020 2:08 am
Forum: SwOS
Topic: Is there any SwOS ACL documentation with example?
Replies: 3
Views: 2112

Re: Is there any SwOS ACL documentation with example?

I use SwitchOS quite a bit, but I have never needed to use ACL. My suggestion would be to play with the options and see what works. Then post it here so maybe someone else will know too...
by k6ccc
Thu Aug 06, 2020 5:51 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 61635

Re: SwOS version 2.12 released!

Hey everyone, we have several CSS326-24G-2S+ and updated them to 2.12 today. On each of our switches all used ports are flashing sinchronal and we are wondering if that behaviour is normal? The switches work fine as far as we can judge. Could be. I'm not home right now, but one of my CSS326 switche...
by k6ccc
Mon Aug 03, 2020 6:37 am
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 42130

Re: CSS326-24G-2S+RM hangs until power cycle

Anyone running the new firmware notice any issues? How's it working?
My two CSS326-24G-2S+RM are working fine on 2.12 - so far.
by k6ccc
Wed Jul 29, 2020 10:43 pm
Forum: Beginner Basics
Topic: Cant get all PCs online
Replies: 16
Views: 3251

Re: Cant get all PCs online

Or someone has plugged in another router on your LAN without you knowing it. Most likely they were looking for switching only, but left the DHCP server enabled.
by k6ccc
Wed Jul 29, 2020 8:48 pm
Forum: Beginner Basics
Topic: Cant get all PCs online
Replies: 16
Views: 3251

Re: Cant get all PCs online

Check your DHCP pool or pools. sounds like you have two DHCP pools with the first one set for 30 addresses with a Next Pool set to another address pool. The DHCP pools on one of my routers as seen in WinBox showing most of the pools have only 10 or 20 available addresses and none of the pools have a...
by k6ccc
Wed Jul 22, 2020 8:29 pm
Forum: Beginner Basics
Topic: hEX S router Individual ethernet port and VLANs configuration [SOLVED]
Replies: 3
Views: 1434

Re: hEX S router Individual ethernet port and VLANs configuration [SOLVED]

That is very similar to what I am doing. I am using my routers (RB750r2 & RB750Gr3) exclusively as routers. The different LAN ports connect to managed switches that handle ALL switching function. I don't know if you will have any downstream switches, or will each port be connected to a single de...
by k6ccc
Tue Jul 21, 2020 8:37 pm
Forum: General
Topic: How to count network usage per ip with my rOS
Replies: 1
Views: 675

Re: How to count network usage per ip with my rOS

For a small number of IPs that you want to check, you can create a passthrough fire wall rule that does not do anything except count packets. I have a bunch of those rules - although generally most are disabled except when I am doing some specific test that requires that particular rule. This would ...
by k6ccc
Tue Jul 21, 2020 8:09 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 61635

Re: SwOS version 2.12 released!

For lag config you would set both sides to active to have them participate in the group. One of the changes in this version was to allow lag to work with only one member active. While there could be an issue with how much membership traffic is sent, this is really a config issue on your end. I did ...
by k6ccc
Mon Jul 20, 2020 8:12 pm
Forum: SwOS
Topic: RB260GPS Trouble
Replies: 8
Views: 2754

Re: RB260GPS Trouble

I don't see anything that jumps out at me that would cause the problem that you are seeing. About the only config change you may want to try (although it should not matter) is to change the NVR and FO connections on the VLAN tab to VLAN Mode = Disabled and VLAN Receive = Untagged Only. May also try ...
by k6ccc
Sun Jul 19, 2020 7:36 pm
Forum: SwOS
Topic: RB260GPS Trouble
Replies: 8
Views: 2754

Re: RB260GPS Trouble

Several of your answers were non-answers (such as asking which of two options were you using and your answer was "no"). However, I think I largely figured out what you are trying to do. As far as I can tell, you are really only using the CSS106 on the 172.16.x.x network as a dumb switch an...
by k6ccc
Sun Jul 19, 2020 8:33 am
Forum: General
Topic: Allow limited user rights to make binary backup?
Replies: 4
Views: 1423

Re: Allow limited user rights to make binary backup?

Here is mine. Feel free to adapt for your own purposes... # Policies needed: ftp, read, policy, sensitive, test # Policies NOT needed: password, reboot, write, sniff, romon :log info "Starting daily backup"; /system backup save name=RB750Gr3-1_Daily /export file RB750Gr3-1_Daily /system pa...
by k6ccc
Sun Jul 19, 2020 5:59 am
Forum: General
Topic: Allow limited user rights to make binary backup?
Replies: 4
Views: 1423

Re: Allow limited user rights to make binary backup?

If all you want to do is create a binary backup, but leave it on the router, you don't need to allow that for your limited user group. Create a script to create the file and then a schedule that runs the script at whatever interval that you want. You can also have your script send the file somewhere...
by k6ccc
Sat Jul 18, 2020 8:42 pm
Forum: SwOS
Topic: RB260GPS Trouble
Replies: 8
Views: 2754

Re: RB260GPS Trouble

Still not enough detail. For the moment, I am going to assume that you are trying to access the NVRs from the 192.168.0.x side of the drawing (or from the internet), and that you can successfully access the NVR, but the NVR can not see the cameras. Is that correct? Or are you directly trying to acce...
by k6ccc
Sat Jul 18, 2020 8:24 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 61635

Re: SwOS version 2.12 released!

SwOS version 2.12 on CSS106-5G-1S do not work with VLAN on trunk port in state "enable" or "strict". Work only in "optional". I access to switch throw this trunk port. Allow From VLAN set for number VLAN that exist in VLANs and trunk port set "leave as is" (i...
by k6ccc
Fri Jul 17, 2020 10:24 pm
Forum: SwOS
Topic: RB260GPS Trouble
Replies: 8
Views: 2754

Re: RB260GPS Trouble

A little more details on config. For starters, how are you subnetted? Is there a router involved in the equation? All on one VLAN or more than one?
That's a good start...
by k6ccc
Tue Jul 14, 2020 11:52 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 61635

Re: SwOS version 2.12 released!

Followup. Great news. I have now performed both my LACP test and enabled IPv6 which caused both switches to crash earlier this year. Here is a simplified drawing of my LAN. http://extraphotos.info/mikrotik/LAN_simplified_drawing.png Last April, I had enabled IPv6 on router #1 and essentially instant...
by k6ccc
Tue Jul 14, 2020 9:31 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 42130

Re: CSS326-24G-2S+RM hangs until power cycle

My initial tests are looking good for 2.12. I repeated my April test by enabling IPv6 in an attached router, and both switches are working just fine.
by k6ccc
Tue Jul 14, 2020 8:25 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 61635

Re: SwOS version 2.12 released!

Two major improvements for me. First is the intermittent lockup issue that has plagued SwitchOS for quite a few releases. I will be repeating the test that I did back in April that caused both switches to lock up almost instantly. The other major improvement for me is that LACP will now work properl...
by k6ccc
Mon Jul 13, 2020 7:55 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 42130

Re: CSS326-24G-2S+RM hangs until power cycle

I'm sure that this has not been fixed because it is such a odd situation that causes it to happen. That makes it hard to replicate. As far as I know, I have only had it happen when I enabled IPv6 in the Mikrotik router that is attached to the garage switch. My arrangement is that my internet service...
by k6ccc
Tue Jul 07, 2020 9:47 pm
Forum: Beginner Basics
Topic: Open Access to TikApp
Replies: 6
Views: 1736

Re: Open Access to TikApp

how do I add secured addresses to the list?
Firewall rules to allow access or allowed addresses to log on - or both.
by k6ccc
Mon Jul 06, 2020 9:22 pm
Forum: Beginner Basics
Topic: Cannot import RSC file into Mikrotik - wrong config order
Replies: 5
Views: 1430

Re: Cannot import RSC file into Mikrotik - wrong config order

I have only done an import once - when I upgraded a RB750r2 with a RB750Gr3. I found the same thing. Had to break up the file into a bunch of small pieces to get it all to work. Like you, stuff was in the wrong order, and stuff in the default config conflicted with what I was trying to import. Ended...
by k6ccc
Mon Jul 06, 2020 5:18 am
Forum: General
Topic: A Network based System isn't working
Replies: 2
Views: 684

Re: A Network based System isn't working

Sorry, duplicate post
by k6ccc
Mon Jul 06, 2020 5:17 am
Forum: General
Topic: A Network based System isn't working
Replies: 2
Views: 684

Re: A Network based System isn't working

You gave us no useful information to work with.
What system? What equipment? What firmware? What is the network configuration? What is the problem? Anything else that might tell us (we're not mind readers)?
by k6ccc
Wed Jul 01, 2020 2:41 am
Forum: Beginner Basics
Topic: fw does not drop winbox mac-telnet [SOLVED]
Replies: 8
Views: 1856

Re: fw does not drop winbox mac-telnet [SOLVED]

Thanks.
I wonder if I had discovered and forgotten about that sometime in the past. When I looked at my router 2, both mac-winbox and mactel interface lists had all interfaces, but when I looked at my newer router 1, only the local LAN was listed for both.
by k6ccc
Tue Jun 30, 2020 9:04 pm
Forum: General
Topic: Winbox is resetting
Replies: 1
Views: 550

Re: Winbox is resetting

I am taking it that you mean that it is logging you back out of the router as soon as you log in. Can you connect to the node via WebFig or a terminal window and look at the log and see if that gives a clue what is happening?
by k6ccc
Tue Jun 30, 2020 8:51 pm
Forum: Beginner Basics
Topic: fw does not drop winbox mac-telnet [SOLVED]
Replies: 8
Views: 1856

Re: fw does not drop winbox mac-telnet [SOLVED]

OK, I have never given that any thought because I have never used MAC WinBox. How do you block MAC WinBox - either completely or selectively? Since it's not IP, the IP firewall and ports rules do not apply.
by k6ccc
Wed Jun 24, 2020 7:19 pm
Forum: SwOS
Topic: Do CRS305&309 support other brands' RJ45 SFP module?
Replies: 9
Views: 6219

Re: Do CRS305&309 support other brands' RJ45 SFP module?

When the whole concept of SFPs came about, the concept was that they would be universally compatible. However reality is that some work and some do not. This is not at all unique to Mikrotik. Simple answer it to buy the SFPs that the device manufacturer recommends. They have tested them and know wha...
by k6ccc
Tue Jun 23, 2020 9:27 pm
Forum: Beginner Basics
Topic: Virtual Server (port mapping) [SOLVED]
Replies: 12
Views: 3202

Re: Virtual Server (port mapping) [SOLVED]

Originally you were trying to forward to a different address in addition to a different port. DST-NAT would be appropriate for that. However as sutrus said, it's different if you are only changing ports.
by k6ccc
Tue Jun 23, 2020 7:24 pm
Forum: Beginner Basics
Topic: Virtual Server (port mapping) [SOLVED]
Replies: 12
Views: 3202

Re: Virtual Server (port mapping) [SOLVED]

Your action should be DST-NAT - not Netmap.
by k6ccc
Mon Jun 22, 2020 7:31 pm
Forum: General
Topic: View configured static routes
Replies: 11
Views: 2191

Re: View configured static routes

I'm a little curious how many routes you have, that it can't display in WinBox. I just looked at my RB750 and there are 29 routes of which 12 are static.
by k6ccc
Mon Jun 22, 2020 7:24 pm
Forum: Beginner Basics
Topic: Remote management
Replies: 2
Views: 724

Re: Remote management

There are several ways that vary in convenience and security. Preface: I DO NOT RECOMMEND the first couple!!! The absolute simplest is to allow WinBox or WebFig access via your internet connection <-- NOT RECOMMENDED A couple things you can do that somewhat improve the security of that. Use of a non...
by k6ccc
Fri Jun 19, 2020 2:03 am
Forum: Beginner Basics
Topic: New to Mikrotik - Config Help FW
Replies: 12
Views: 3119

Re: New to Mikrotik - Config Help FW

First of all, what chain does what. Traffic that is destined to something on the router itself (Winbox, SSH to the router, etc) is affected by the INPUT chain. Traffic that is destined to something other than the router but has to be routed through the router (A PC accessing a web page, etc) is affe...
by k6ccc
Thu Jun 18, 2020 8:50 pm
Forum: General
Topic: Lan security
Replies: 5
Views: 1393

Re: Lan security

Dot1x is used when we have mikrotik switch .
Can you clarify that. Do you really mean mikrotik SWITCH or ROUTER?
I don't see anything in SwitchOS to support 802.1x
by k6ccc
Wed Jun 17, 2020 10:13 pm
Forum: Beginner Basics
Topic: two ip from same subnet
Replies: 5
Views: 1232

Re: two ip from same subnet

On my moderately quick read, my initial suspicion appears to be right. Your source NAT is specifying that all outbound traffic from the LAN to the internet use the .140 address. For the one service that is destination NATed using the .141 address, when your server replies, it is also going out via t...
by k6ccc
Wed Jun 17, 2020 6:19 pm
Forum: General
Topic: Schedule a schedule?
Replies: 6
Views: 1244

Re: Schedule a schedule?

Glenn, I have a script that does essentially exactly what you want. I fully admit that I got most of the script from a post here several years ago and modified it for my own purposes. In my case, I am checking for login, logout, login failure, and several port knock conditions. The script writes a c...
by k6ccc
Wed Jun 17, 2020 6:00 pm
Forum: Beginner Basics
Topic: two ip from same subnet
Replies: 5
Views: 1232

Re: two ip from same subnet

Based on the rather limited information that you gave, it would appear that all you outbound traffic is going to use your .140 address. That would mean that traffic to your .141 address is going come back to the origination from a different address (the .140 address), so the external source is going...
by k6ccc
Sat Jun 13, 2020 12:24 am
Forum: Beginner Basics
Topic: Private VLAN [SOLVED]
Replies: 7
Views: 3045

Re: Private VLAN [SOLVED]

I had to Google "Private VLAN" to see what you were talking about - never heard that term before. The thread on VLAN setup likely does not mention "Private VLAN" because PVLAN really has nothing to do with VLANs. A so called PVLAN is using switch port isolation in order to sort o...
by k6ccc
Thu Jun 11, 2020 8:07 pm
Forum: Beginner Basics
Topic: block communications of connected networks via route
Replies: 6
Views: 882

Re: block communications of connected networks via route

Honest opinion, do it in firewall rules rather than your route rule. The reason is that one of these days, you are going to want to allow something to get between LANs. For example you may want that one PC on one network to be able to communicate with one device on the other network. Much easier to ...
by k6ccc
Tue Jun 09, 2020 5:32 pm
Forum: Beginner Basics
Topic: Mikrotik and Printers [SOLVED]
Replies: 4
Views: 1505

Re: Mikrotik and Printers [SOLVED]

duplicate post (sorry).
by k6ccc
Tue Jun 09, 2020 5:31 pm
Forum: Beginner Basics
Topic: Mikrotik and Printers [SOLVED]
Replies: 4
Views: 1505

Re: Mikrotik and Printers [SOLVED]

I'm going to preface this with I am not the expert here as I do not do any switch functions in my routers (routers only route, and switches do all the switching). However, If I followed it right, you are sending VLAN tagged traffic to the printers and they have no idea what to do with VLAN tags.
by k6ccc
Wed Jun 03, 2020 8:59 pm
Forum: SwOS
Topic: CSS326-24G-2S+ VLAN and sharing
Replies: 4
Views: 1574

Re: CSS326-24G-2S+ VLAN and sharing

You largely need a router to accomplish what you are trying to do. Here's the problem. When you put both VLANs onto a single port (the NAS for example), the data stream from the switch to the NAS will have all the traffic VLAN tagged. Since your NAS presumably is not capable (or at least not configu...
by k6ccc
Sun May 31, 2020 11:28 pm
Forum: Beginner Basics
Topic: Router doesn't appear in Winbox interface despite reset procedure
Replies: 10
Views: 2813

Re: Router doesn't appear in Winbox interface despite reset procedure

As for managed list, I tried it and got nowhere - bad password. I fear I played with ROMON in the past and I have an old password so locked out? So what should one do if one cannot remember whatever master password was set in winbox?? I have never used RoMON, and I do not have WinBox save passwords...
by k6ccc
Sun May 31, 2020 10:14 pm
Forum: Beginner Basics
Topic: Router doesn't appear in Winbox interface despite reset procedure
Replies: 10
Views: 2813

Re: Router doesn't appear in Winbox interface despite reset procedure

Are you trying to "find" the router by expecting it to show up in the neighbors list or did you save the IP in the Managed list? Personally I find that the neighbors list to be only slightly less useful than worthless. For example I opened it when I read this message. There are two Mikroti...
by k6ccc
Fri May 29, 2020 12:36 am
Forum: SwOS
Topic: rb260G
Replies: 3
Views: 1666

Re: rb260G

That is a very simple setup. Easiest way to explain it is to show you screen captures of one of mine. Assuming that this is a new install, I would assume it is a CSS106 running version 2.something firmware. First on the VLAN tab: http://extraphotos.info/mikrotik/CSS106-VLAN.PNG In this example, igno...
by k6ccc
Thu May 28, 2020 9:43 pm
Forum: Beginner Basics
Topic: Deny ip PUBLIC traffic
Replies: 10
Views: 2267

Re: Deny ip PUBLIC traffic

Input Chain only affects traffic that terminates in the router itself. Forward Chain affects traffic that passes through the router (what you are trying to do). Output chain affects traffic that originates in the router itself and is outbound to someplace else.. You can make all the rules in the wor...
by k6ccc
Thu May 28, 2020 9:32 pm
Forum: Beginner Basics
Topic: CRS328 makes me feel dumb
Replies: 2
Views: 795

Re: CRS328 makes me feel dumb

Can't help you on the bonding part (never done that), but VLANs are a piece of cake in either RouterOS or SwitchOS. As for routing between VLANs, RouteOS will automatically do that unless you specifically exclude that in firewall rules.
by k6ccc
Fri May 22, 2020 2:37 am
Forum: SwOS
Topic: VLANs Noob question
Replies: 1
Views: 1167

Re: VLANs Noob question

That is easy, and fairly close to what I am doing with my CSS326 switch. First the VLAN tab: http://extraphotos.info/mikrotik/CSS_VLAN_for_gelcom.png I skipped a few ports so you would not need to figure out other stuff. Port 1 is my cable internet and gets assigned as VLAN 100. Port 9 is my DSL int...
by k6ccc
Fri May 22, 2020 2:15 am
Forum: SwOS
Topic: CRS-317 SwOS Web Config inaccessible after Upgrade to 2.11
Replies: 3
Views: 1589

Re: CRS-317 SwOS Web Config inaccessible after Upgrade to 2.11

When you are able to get into it, on the system tab, check the status of the first two lines: Address Acquisition, and Static IP Address. As I recall, by default it will come up looking for a DHCP address. If you can't get into it, check your router to see if it assigned an address to the switch. Th...
by k6ccc
Mon May 11, 2020 5:28 am
Forum: Beginner Basics
Topic: How connect different router different subnet
Replies: 5
Views: 1354

Re: How connect different router different subnet

Start by spending a while reading the Wiki: https://wiki.mikrotik.com/wiki/Main_Page If we just tell you the answer, you don't learn. If you read the Wiki, most of your questions will get answered, and you learn what the answer means. When you can't figure out some specific detail, then ask. You may...
by k6ccc
Mon May 11, 2020 12:21 am
Forum: Beginner Basics
Topic: Portforwarding refuses to work for me.
Replies: 5
Views: 1325

Re: Portforwarding refuses to work for me.

Thanks, might be helpful. I tried to change router to my old TP-link one. I was still unable to portforward although it's "easier" UI, its probably about my new ISP blocking something and I've reached out to them. Thanks a lot for your reply though, I'll make sure to post an update if it ...
by k6ccc
Sun May 10, 2020 10:12 pm
Forum: Beginner Basics
Topic: My first firewall config - requesting feedback! [SOLVED]
Replies: 9
Views: 2580

Re: My first firewall config - requesting feedback! [SOLVED]

One other addition. Keep all the rules in a particular chain together rather than mixing input, forward, output, whatever else you might add later. It does not make any difference to the router, but it makes it FAR easier for us human beings to read.
by k6ccc
Sun May 10, 2020 9:47 pm
Forum: Beginner Basics
Topic: Portforwarding refuses to work for me.
Replies: 5
Views: 1325

Re: Portforwarding refuses to work for me.

NAT is actually very easy. Here is the command for NAT for my web server: add action=dst-nat chain=dstnat comment="Web Server on Jupiter." \ dst-address-type=local dst-port=80 protocol=tcp to-addresses=\ 192.168.101.11 to-ports=80 Then in Firewall rules, an accept for either that specific ...
by k6ccc
Sun May 10, 2020 9:40 pm
Forum: Beginner Basics
Topic: Admin access via the internet
Replies: 14
Views: 2833

Re: Admin access via the internet

"VPN Access" checkbox the QuickSet window...
Step one - stop using QuickSet. QuickSet sort of can be used one time for an initial setup (ONLY IF YOU REALLY NEED TO), but as soon as you make ANY other change to the router config, then NEVER AGAIN touch QuickSet.
by k6ccc
Sun May 10, 2020 7:17 am
Forum: Beginner Basics
Topic: How connect different router different subnet
Replies: 5
Views: 1354

Re: How connect different router different subnet

I agree with anav. Let the hex do all the routing and DHCP, and use the hAPs strictly as access points. Use different VLANs to keep things apart as needed.
by k6ccc
Thu May 07, 2020 12:02 am
Forum: Beginner Basics
Topic: Help me setup private network with a wireless hotspot
Replies: 19
Views: 3676

Re: Help me setup private network with a wireless hotspot

You really should not have two DHCP servers that are supplying IP addresses to the same LAN. Two DHCP servers feeding different LANs (or VLANs) is expected, but not on the same LAN. If for some reason you REALLY think that you need two DHCP servers on the same LAN, make sure that their address pools...
by k6ccc
Wed May 06, 2020 11:06 pm
Forum: Beginner Basics
Topic: Help me setup private network with a wireless hotspot
Replies: 19
Views: 3676

Re: Help me setup private network with a wireless hotspot

(1) what firewall rules that I miss? All of them. You have absolutely zero operational firewall filter rules. That means (among other bad stuff), your router is fully accessible from the internet. At the absolute least, restrict access to the router itself from WAN port. Start by reading this secti...
by k6ccc
Thu Apr 23, 2020 2:28 am
Forum: Beginner Basics
Topic: RB260GSP configuration via winbox
Replies: 2
Views: 1235

Re: RB260GSP configuration via winbox

Anav is right. Both your switches are SwitchOS only and therefore they are configured exclusively via the web GUI. BTW, I have several CSS326 and a CSS106 (and another of it's predecessor the RB260GS) and they work quite well as a managed VLAN switch.
by k6ccc
Thu Apr 23, 2020 2:20 am
Forum: Beginner Basics
Topic: Setting up /29 over /30 [SOLVED]
Replies: 7
Views: 3316

Re: Setting up /29 over /30 [SOLVED]

I have the /30 setup correctly. Traffic moves through the router. On the other hand, I am not planning on using public IP addresses for everything. I want to have two separate lans eventually, each using a separate public IP address. With a /30 CIDR, you only have two available addresses - one is f...
by k6ccc
Thu Apr 16, 2020 2:39 am
Forum: SwOS
Topic: CSS326 VLAN forwarding not working
Replies: 1
Views: 2734

Re: CSS326 VLAN forwarding not working

Although not entirely what you describe, but most of my switches have one trunk port to somewhere else with all VLANs appearing tagged, and some number of untagged ports (in quite a few cases only one other port) on a particular VLAN. It works fine for me, but I have MAC learning turned on. In a VLA...
by k6ccc
Sat Apr 11, 2020 1:51 am
Forum: General
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 59
Views: 26595

Re: Please add basic portScan tool ( port scanner scan )

There already is "/tool ip-scan" which scans using ping, arp, snmp and netbios and does IP lookup in DNS. Maybe you can specify what other features you would want it to have? (like other services it should scan for, or to have a list of ports) There have been a bunch of various posts, but...
by k6ccc
Mon Apr 06, 2020 11:17 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 42130

Re: CSS326-24G-2S+RM hangs until power cycle

Well, this one finally caught me last night. Below is a simplified drawing of the routers and switches here at home. I did not include any of the end user devices. I enabled the IPv6 package on router #1 and commanded the reboot. As far as I can tell, shortly after the reboot, I could not get into a...
by k6ccc
Thu Mar 26, 2020 11:42 pm
Forum: Beginner Basics
Topic: question about multiple routers
Replies: 1
Views: 1254

Re: question about multiple routers

Short answer is yes.
by k6ccc
Wed Mar 18, 2020 12:36 am
Forum: Beginner Basics
Topic: I need to enter AT commands via serial port and ROS
Replies: 4
Views: 1803

Re: I need to enter AT commands via serial port and ROS

You need to give us a little more information. First of all, which router? Yes, the hardware makes a difference as different hardware has different capabilities. What version of ROS? Again, different versions have different capabilities. What are trying to accomplish? The only thing I can think of i...
by k6ccc
Thu Mar 05, 2020 5:28 pm
Forum: General
Topic: Simple Port Forwarding
Replies: 5
Views: 2373

Re: Simple Port Forwarding

WinBox is fine. Forward chain is a normal chain in the firewall rules - not on the NAT tab (which will normally be srcnat and dstnat).
by k6ccc
Thu Mar 05, 2020 7:56 am
Forum: General
Topic: Simple Port Forwarding
Replies: 5
Views: 2373

Re: Simple Port Forwarding

Lookup hairpin NAT.
by k6ccc
Mon Mar 02, 2020 5:55 am
Forum: SwOS
Topic: VLAN problem
Replies: 2
Views: 3549

Re: VLAN problem

You gave us so little information that it is hard to help. For example, you showed that some pings worked - but no information on what was being pinged or from where. If you are allowing only untagged traffic on the test port, why are you allowing more than one LAN on that port?
by k6ccc
Mon Mar 02, 2020 5:33 am
Forum: General
Topic: Antenna Patterns for RBMetalG-52SHPacn
Replies: 9
Views: 2703

Re: Antenna Patterns for RBMetalG-52SHPacn

Draw a circle on a piece of paper and you just got a pattern for the omnidirectional antenna.
by k6ccc
Sat Feb 29, 2020 5:46 am
Forum: Beginner Basics
Topic: Firewall Rules for UDP Across LAN
Replies: 18
Views: 4074

Re: Firewall Rules for UDP Across LAN

You are making your life a bit more complex than it needs to be. Your rules 16 - 20 are completely un-needed because rule 21 is going to drop all of that anyway. As a general rule of thumb, most of us specifically allow what they want to allow and then drop everything else at the end of the chain. H...
by k6ccc
Sat Feb 29, 2020 2:33 am
Forum: Beginner Basics
Topic: Firewall Rules for UDP Across LAN
Replies: 18
Views: 4074

Re: Firewall Rules for UDP Across LAN

Since you have changed things from your original screen capture, please post you current firewall rules.
by k6ccc
Sat Feb 29, 2020 2:28 am
Forum: Beginner Basics
Topic: SOLVED: Help with Wyze Cam. NanoHD and Hex S
Replies: 12
Views: 3366

Re: SOLVED: Help with Wyze Cam. NanoHD and Hex S

Just an FYI, I have 19 Wyze cameras behind one of my Mikrotik Hex routers, and they work just fine. It really does not take anything special to get the Wyze cameras working. What works for your laptop or phone would work fine for the cameras. In my case, I have the cameras on my IoT network - which ...
by k6ccc
Sat Feb 15, 2020 2:14 am
Forum: Beginner Basics
Topic: Different VLANS with different PUB IPs [SOLVED]
Replies: 4
Views: 3471

Re: Different VLANS with different PUB IPs [SOLVED]

Until my ISP changed things around on me, I was doing exactly what you want to do. On my DSL, I had eight static IP addresses. All were in the same subnet. Here are a couple code segments that should help. First create the addresses on both the DSL and each LAN (two of which had a physical port and ...
by k6ccc
Thu Jan 16, 2020 8:20 pm
Forum: SwOS
Topic: RB260GSP - Activate DHCP server
Replies: 4
Views: 4841

Re: RB260GSP - Activate DHCP server

@dke, That thread is from four years ago and they are talking about the old RB260 that maxes out with 1.x firmware - NOT the current RB260 series (also known as the CSS106-5G-1S) which uses firmware versions 2.x. Yes, the current product with current firmware does as you describe (I have one), but w...
by k6ccc
Thu Jan 09, 2020 5:44 pm
Forum: Beginner Basics
Topic: Site to site RBLHGG-60AD to RBLHGG-60AD
Replies: 1
Views: 998

Re: Site to site RBLHGG-60AD to RBLHGG-60AD

Can you ping 192.168.88.254 from site 1? I'm not at all familiar with the pfsense routers, so I don't know if they have the ability to be configured to not respond to pings.
by k6ccc
Wed Nov 27, 2019 9:26 pm
Forum: SwOS
Topic: Terminal / ssh / telnet support for SwOS ?
Replies: 13
Views: 8046

Re: Terminal / ssh / telnet support for SwOS ?

As for getting a new IP from the DHCP server, assuming you are using DHCP reservations in the DHCP server, simply give the MAC for the switch a new IP. Next time that the switch requests a new IP, it will get the new address. Nothing to do in SwitchOS. Obviously this is not instantaneous, but the sw...
by k6ccc
Fri Oct 25, 2019 6:24 am
Forum: SwOS
Topic: RB260GS as unmanaged? (No IP address)
Replies: 4
Views: 3204

Re: RB260GS as unmanaged? (No IP address)

Yes, out of the box, all ports will talk to each other. To keep from using an IP address, you could give it a static IP outside your IP range. But are you REALLY that short of IP addresses on your LAN?
by k6ccc
Tue Oct 08, 2019 7:36 am
Forum: Beginner Basics
Topic: Forwarding port 443 causes internet problems to anyone else?
Replies: 4
Views: 1211

Re: Forwarding port 443 causes internet problems to anyone else?

My first guess is that your forwarding rule is not specific enough. For example, if you forward all port 443 traffic to something, then ALL traffic including your outbound https traffic will go there. On the other hand, it you only forward port 443 traffic that is inbound on your WAN connection, the...
by k6ccc
Thu Oct 03, 2019 2:21 am
Forum: SwOS
Topic: Switch identity character length and possible? bug
Replies: 5
Views: 3191

Re: Switch identity character length and possible? bug

That's RouterOS, not SwitchOS.
by k6ccc
Sat Sep 21, 2019 1:50 am
Forum: SwOS
Topic: SWOS VLAN and Trunk port
Replies: 2
Views: 4478

Re: SWOS VLAN and Trunk port

I am running very similar at home. These screen captures were done on a CSS326 for a different purpose and are a little out of date, but might give you some ideas. Links page: http://extraphotos.info/mikrotik/CSS326_Links.png VLAN tab: http://extraphotos.info/mikrotik/CSS326_VLAN.png VLANs tab: http...
by k6ccc
Sat Sep 21, 2019 1:12 am
Forum: Beginner Basics
Topic: Isolated Network
Replies: 10
Views: 2167

Re: Isolated Network

You need to give us a better idea of what you are trying to accomplish. Not enough information given.
by k6ccc
Thu Sep 19, 2019 6:30 pm
Forum: SwOS
Topic: CRS328-24P-4S+RM advertised SWOS 2.10 upgrade fails and installs 2.7p on 2.7 WORKAROUND
Replies: 6
Views: 4307

Re: CRS328-24P-4S+RM advertised SWOS 2.10 upgrade fails and installs 2.7p on 2.7 WORKAROUND

For what it's worth, I just updated a CRS326-24G-2S+, two CSS326-24G-2S+, and a CSS106-5G-1S from 2.9 to 2.10 without incident. Watching pings to the CRS, I dropped three pings during the restart, and on both CSS326 switches, I dropped one ping during the restart.