Community discussions

MikroTik App

Search found 704 matches

by k6ccc
Sun Jun 13, 2021 2:53 am
Forum: SwOS
Topic: CSS610-8G-2S+IN No Link on SFP+ with Intel X520
Replies: 40
Views: 4899

Re: CSS610-8G-2S+IN No Link on SFP+ with Intel X520

Just as a useful tidbit. Hate to tell you this, but SFPs are not as universal as the SFP people would like you to believe. Some devices are VERY picky about SFPs (HP switches come to mind - I know there are others). Best bet is to use the SFPs that are recommended by the manufacturer of the device y...
by k6ccc
Sat Jun 12, 2021 6:19 am
Forum: SwOS
Topic: RSTP and LACP
Replies: 1
Views: 138

Re: RSTP and LACP

I guess you did not like my answer on the other thread. Looking at my two RB260 switches, there is no indication of LAG support on either version. As for RTSP, the older RB260GS with SwitchOS version 1.6 does not have any indication of RTSP support, However the newer CSS106-5G-1S with SwitchOS versi...
by k6ccc
Fri Jun 11, 2021 7:36 am
Forum: SwOS
Topic: LAG (LACP) or RSTP or both???
Replies: 20
Views: 9644

Re: LAG (LACP) or RSTP or both???

Hi, How does one enable LAGP in rb260GS (link aggregration) First of all, are you talking about the old RB260GS with version 1.x firmware or the new CSS106-5G-1S (still called the RB260GS) with version 2.x firmware? I have one of each, and I don't see any settings for LAG on either one. Makes me th...
by k6ccc
Wed Jun 09, 2021 6:16 pm
Forum: SwOS
Topic: Management VLAN?
Replies: 1
Views: 226

Re: Management VLAN?

Take a look at the System tab. Note the "Allow From", "Allow From Ports", and "Allow from VLAN" selections. Allow From lets you enter an IP address that is the only IP allowed to connect. Allow From Ports specifies which ports on the switch that connection can came into...
by k6ccc
Wed Jun 09, 2021 6:06 pm
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 383

Re: port forwarding restrictions

...yes you should be crazy and should move up to Canada ;-)
Too cold.
by k6ccc
Wed Jun 09, 2021 4:27 am
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 383

Re: port forwarding restrictions

OK, I'm not losing my mind. I have used individual IPs in most situations and it appeared to be working fine.
by k6ccc
Wed Jun 09, 2021 12:15 am
Forum: General
Topic: port forwarding restrictions
Replies: 9
Views: 383

Re: port forwarding restrictions

This is good because as soon as you add a source address list, when one does a scan of their ports, the port does not appear at all. Without the source address list if you scan your ports, the dst nat port is visible but closed. I prefer invisible LOL. Anav, I want to clarify something about what y...
by k6ccc
Tue Jun 08, 2021 6:31 pm
Forum: Beginner Basics
Topic: Setting Up small home network with MikroTik hEX RB750Gr3
Replies: 10
Views: 514

Re: Setting Up small home network with MikroTik hEX RB750Gr3

What you want to do is really quite straight forward for VLAN use. The link that anav posted is a good start. I am doing a similar concept (more stuff and more VLANs however) at my house with the same RB750Gr3 router. Can I assume that all your WiFi APs are UBNT? Are they VLAN aware? I am a strong s...
by k6ccc
Sat Jun 05, 2021 9:39 pm
Forum: SwOS
Topic: Minor issue with login interface and a pwd manager
Replies: 11
Views: 668

Re: Minor issue with login interface and a pwd manager

I thought you were meant you were using some addon password manager in FireFox - hence my reference to a "real" password manager. My confusion - sorry
Actually the PWM that I use recently added a plugin for Firefox, but I have no real interest in using it.
by k6ccc
Sat Jun 05, 2021 8:42 pm
Forum: SwOS
Topic: Minor issue with login interface and a pwd manager
Replies: 11
Views: 668

Re: Minor issue with login interface and a pwd manager

I use a real password manager and not a Firefox plugin. I only have a small number of things that have the password stored in FireFox, and those do not sync across devices. I do have my MT switches password stored so I only have to press enter, but for most stuff, I copy from the PWM and paste in to...
by k6ccc
Fri Jun 04, 2021 9:49 pm
Forum: SwOS
Topic: Minor issue with login interface and a pwd manager
Replies: 11
Views: 668

Re: Minor issue with login interface and a pwd manager

I use Firefox as my preferred browser on this Windows 10 computer as well. I have Firefox set to remember the password for my MT switches, and like bpwl, I connect to the switch IP and the login window pops up already filled in, and I just hit enter and I'm in. Not using any plugin - just standard F...
by k6ccc
Mon May 31, 2021 8:26 pm
Forum: Beginner Basics
Topic: Limit a particular client to only communicate with another client on LAN
Replies: 3
Views: 215

Re: Limit a particular client to only communicate with another client on LAN

Filtering devices that are on the same LAN is tough because they are generally not going through the router. However if you create a separate VLAN for the NVR, it is easy in firewall rules to allow and disallow what can get to what.
by k6ccc
Mon May 31, 2021 8:11 pm
Forum: Beginner Basics
Topic: Setting up VLAN/Firewall with Mikrotik Router (RB4011)
Replies: 5
Views: 437

Re: Setting up VLAN/Firewall with Mikrotik Router (RB4011)

What you are proposing is fairly straight forward. It is no problem to set up firewall rules so that either all or selected devices on your private or management VLAN can get to either IoT or Kids VLAN devices to manage them, but those two VLANs for example can only get to the internet - I do that a...
by k6ccc
Mon May 31, 2021 2:07 am
Forum: Beginner Basics
Topic: Broadcast reply stuck in other address range
Replies: 3
Views: 336

Re: Broadcast reply stuck in other address range

Don't claim to be the expert here, but as I understand it, broadcast only works on the local subnet. In other words, it will not route.
by k6ccc
Fri May 28, 2021 10:37 pm
Forum: Scripting
Topic: Export in script bombing after update to 6.48.2 [SOLVED]
Replies: 5
Views: 419

Re: Export in script bombing after update to 6.48.2 [SOLVED]

From the changelog: *) console - require "write+ftp" permissions for exporting configuration to file; Thanks! That was it. I had not caught that in when I read the release notes. And per the request, here is the full script: # Policies needed: ftp, read, policy, sensitive, test, write # P...
by k6ccc
Fri May 28, 2021 9:27 pm
Forum: General
Topic: Winbox glitch
Replies: 13
Views: 1257

Re: Winbox glitch

Never experienced this. Just tried every example cited in this thread and could not duplicate it on a RB750r2 or RB750Gr3 - both running 6.48.2 and WinBox 3.27 on a Dell desktop running Windows 10.
by k6ccc
Fri May 28, 2021 9:18 pm
Forum: Beginner Basics
Topic: Problem routing traffic from one lan to another
Replies: 6
Views: 416

Re: Problem routing traffic from one lan to another

Since you only gave a few details, the most obvious issue is your 219 subnet on the router is /24, and it is trying to communicate with devices outside that subnet IP range. Other than that, you did not give enough details. Export and post your config. If there are more devices involved, a network d...
by k6ccc
Fri May 28, 2021 8:01 pm
Forum: Scripting
Topic: Export in script bombing after update to 6.48.2 [SOLVED]
Replies: 5
Views: 419

Export in script bombing after update to 6.48.2 [SOLVED]

I have a RB750r2 and a RB750Gr3 that each have a script that creates a backup, export, and version listing. The three files are then sent off site for archive. This script is run by schedule every night. These have worked perfectly for years. A few weeks ago, both routers were updated to 6.48.2 and ...
by k6ccc
Fri May 28, 2021 6:49 pm
Forum: General
Topic: Multiple Public IP from one interface
Replies: 4
Views: 393

Re: Multiple Public IP from one interface

When my DSL provider gave me up to eight addresses, I did pretty much what you want. I had several LANs and each one would use a different IP on the WAN side. ETH 1 - Internet connection with four static addresses (for example a.b.c.61, a.b.c.94, a.b.c.145, a.b.c.216) ETH 2 - .201 LAN - 192.168.201....
by k6ccc
Wed May 26, 2021 1:20 am
Forum: SwOS
Topic: [Bug?]PPPOE over VLAN not work
Replies: 3
Views: 720

Re: [Bug?]PPPOE over VLAN not work

My first guess is a tagged vs untagged port issue Is the VLAN 620 coming from the cable modem, or is that just a VLAN you are using for transport? In other words, is the traffic from the cable modem VLAN tagged or is it untagged? Same thing at the other end - is the traffic being handed off to the R...
by k6ccc
Wed May 26, 2021 12:46 am
Forum: General
Topic: How to setup a server to use a Public IP address inside the network without using NAT
Replies: 5
Views: 558

Re: How to setup a server to use a Public IP address inside the network without using NAT

Run your internet into a dumb switch Take one output from that switch and run into the WAN port of your MT router and configured it with one of your /29 addresses - for example x.y.z.2. Connect your outside server to another port of that dumb switch and give it a different address in the /29 range -...
by k6ccc
Wed May 26, 2021 12:31 am
Forum: Beginner Basics
Topic: How much range does a router have?
Replies: 3
Views: 377

Re: How much range does a router have?

I like some of the humor answers...
Routers don't have range - access points do.
Not enough information to give an answer.
by k6ccc
Fri May 21, 2021 11:59 pm
Forum: SwOS
Topic: Issues with creating VLAN's
Replies: 2
Views: 433

Re: Issues with creating VLAN's

I run VLANs on multiple switches running SwitchOS. I want to make sure I understand what you are trying to accomplish. I sort of think you want a device each of the SFP ports that will have untagged traffic and only communicate with each other. Is that correct? This description being opposite to a V...
by k6ccc
Mon May 17, 2021 7:03 am
Forum: SwOS
Topic: SwOS
Replies: 1
Views: 518

Re: SwOS

Not that I know of. I saw your other post and replied.
by k6ccc
Thu May 13, 2021 4:34 pm
Forum: Beginner Basics
Topic: Managing /29 network
Replies: 8
Views: 844

Re: Managing /29 network

I have a MikroTik RB4011iGS+ running 6.45.9.

Note that 6.45.9 is quite elderly. Is there a reason that you are running such an old version of RouterOS?
Your concern is that the router will be public facing, correct?
No - in general.
by k6ccc
Sat May 08, 2021 8:40 pm
Forum: General
Topic: WeBfig as default page in the management page [SOLVED]
Replies: 3
Views: 471

Re: WeBfig as default page in the management page [SOLVED]

Same here. I don't normally use WebFig (I usually use WinBox), but I just logged into my RB750Gr3 with 6.47.8 and it went right into WebFig.
by k6ccc
Thu May 06, 2021 6:04 pm
Forum: Beginner Basics
Topic: Managing /29 network
Replies: 8
Views: 844

Re: Managing /29 network

I have a MikroTik RB4011iGS+ running 6.45.9.

Note that 6.45.9 is quite elderly. Is there a reason that you are running such an old version of RouterOS?
by k6ccc
Thu May 06, 2021 5:56 pm
Forum: Beginner Basics
Topic: Block New Dynamic Leases [Help] [SOLVED]
Replies: 12
Views: 1060

Re: Block New Dynamic Leases [Help] [SOLVED]

thank you.. it seems i cannot find Address Pool in Filter Rules. i can drop specific addresses but i cant find address pool . IP Pool is not in rules. I use WinBox most of the time, so this screen capture should help: http://extraphotos.info/mikrotik/IP_pool.png If in a terminal window, see here: /...
by k6ccc
Tue May 04, 2021 5:59 pm
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 40
Views: 11269

Re: SwOS version 2.13 released!

I managed to get my 4 CSS106 switches to upgrade to FW2.13 ... the culprit seems that (at least mine) don't like to get upgraded while having allowing access only from VLAN 99 ... during upgrade it somewhere looses the VLAN config and it wants to connect over default vlan ( 1 ) ... disabling the ac...
by k6ccc
Sun May 02, 2021 8:58 pm
Forum: Beginner Basics
Topic: Block New Dynamic Leases [Help] [SOLVED]
Replies: 12
Views: 1060

Re: Block New Dynamic Leases [Help] [SOLVED]

If you have a DHCP server that has no IP pool (or no addresses in the pool), it will be unable to issue dynamic addresses. However it can happily hand out static addresses (some systems call that DHCP reservations) to known MAC addresses. So it you need to add a device, create a new static address i...
by k6ccc
Sun May 02, 2021 8:47 pm
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 40
Views: 11269

Re: SwOS version 2.13 released!

Of my two CSS106 switches (one CSS106-5G-1S, and one CSS106-1G-4P-1S), the POE version has RSTP turned on (only because it defaulted that way and I never turned it off) and the non-POE version has RSTP turned off for all ports - neither needs RSTP. Both upgraded just fine from 2.12 to 2.13 via the &...
by k6ccc
Sat May 01, 2021 8:11 pm
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 40
Views: 11269

Re: SwOS version 2.13 released!

After running 2.13 on three of my minor switches for the past day and a half, I just updated my two main CSS326-24G-2S+ via the "Download & Upgrade" button. Both took the upgrade just fine with only one or two pings to 8.8.8.8 dropped on each one.
Everything appears to be working fine.
by k6ccc
Sat May 01, 2021 7:38 am
Forum: Beginner Basics
Topic: Block New Dynamic Leases [Help] [SOLVED]
Replies: 12
Views: 1060

Re: Block New Dynamic Leases [Help] [SOLVED]

What are you trying to accomplish? Do you want to have no DHCP client, or only certain ones, or something else?
by k6ccc
Fri Apr 30, 2021 7:30 am
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 40
Views: 11269

Re: SwOS version 2.13 released!

Upgraded the following without incident via the "download & upgrade" button:
CRS326-24G-2S+ (running under SwitchOS)
CSS106-5G-1S
CSS106-1G-4P-1S

I'm holding off on my two CSS326-24G-2S+ main switches for a few days to make sure 2.13 is stable.
by k6ccc
Tue Apr 20, 2021 2:58 am
Forum: Scripting
Topic: An equivalent of GoSub? [SOLVED]
Replies: 3
Views: 749

Re: An equivalent of GoSub? [SOLVED]

Thanks Jotne. Took a little effect, but made it work for my simple purposes.
by k6ccc
Fri Apr 16, 2021 8:23 am
Forum: Scripting
Topic: An equivalent of GoSub? [SOLVED]
Replies: 3
Views: 749

Re: An equivalent of GoSub? [SOLVED]

Thanks Jotne. I'm gonna have to do some reading and playing with that when I'm awake (not enough for that right now). Maybe tomorrow...
by k6ccc
Fri Apr 16, 2021 5:51 am
Forum: SwOS
Topic: Can I use scripts on SwOS?
Replies: 2
Views: 1107

Re: Can I use scripts on SwOS?

Correct. No scripts in SwOS.
by k6ccc
Fri Apr 16, 2021 3:01 am
Forum: General
Topic: High Density Scenario - 30k client
Replies: 7
Views: 638

Re: High Density Scenario - 30k client

Can I guess that this is some type of show or event where you will be providing WiFi to attendees that need access to the internet and nothing else? And what is your internet access? Bandwidth, media, single or multiple IPs?
by k6ccc
Thu Apr 15, 2021 8:48 pm
Forum: Scripting
Topic: An equivalent of GoSub? [SOLVED]
Replies: 3
Views: 749

An equivalent of GoSub? [SOLVED]

I fully admit that I don't use scripting much in RouterOS. I do have a few that either I directly used from this section of the forum, or took from here and modified for my own purposes. I barely can function on my own... Does RouterOS scripting language have an equivalent of a GoSub command? I coul...
by k6ccc
Tue Apr 13, 2021 6:29 pm
Forum: Beginner Basics
Topic: Two ISPs over single point-to-point link
Replies: 2
Views: 401

Re: Two ISPs over single point-to-point link

Set up each internet service as a separate VLAN. The UBNT MW link will carry VLANs just fine. Also if you are not aware of it, you can set the UBNT MW to only respond to a certain VLAN for management of it. My UBNT link here only monitors my VLAN 203 - but is passing 15 VLANs. BTW, thanks for the dr...
by k6ccc
Fri Apr 09, 2021 2:17 am
Forum: Beginner Basics
Topic: 751 GR3
Replies: 1
Views: 241

Re: 751 GR3

Fire up WinBox and see if you can access it via MAC address.
by k6ccc
Thu Apr 08, 2021 2:26 am
Forum: Beginner Basics
Topic: Mikrotik Switch - it is not a switch?
Replies: 30
Views: 2103

Re: Mikrotik Switch - it is not a switch?

If it's like most Mikrotik routers, with the default configuration, port 1 will be configured as the WAN port and everything else connected in a bridge. CRS switches has different default configuration. All ports bridged, and, if I remember correctly, a static IP assigned to that bridge. So much fo...
by k6ccc
Thu Apr 08, 2021 2:03 am
Forum: Beginner Basics
Topic: Mikrotik Switch - it is not a switch?
Replies: 30
Views: 2103

Re: Mikrotik Switch - it is not a switch?

If it's like most Mikrotik routers, with the default configuration, port 1 will be configured as the WAN port and everything else connected in a bridge. Therefore, all ports EXCEPT port 1 should be able to function as if it was a dumb switch. Make sure you are not trying to use port 1 until you chan...
by k6ccc
Mon Apr 05, 2021 7:58 am
Forum: General
Topic: Multicast flood
Replies: 13
Views: 829

Re: Multicast flood

Run your HDMI over Ethernet in Unicast rather than multicast - provided that the hardware is capable of that. Solves your multicast flood if it's not running multicast..
by k6ccc
Mon Apr 05, 2021 5:16 am
Forum: General
Topic: Multicast flood
Replies: 13
Views: 829

Re: Multicast flood

Is there anything else you would like to recommend.
Unicast.
by k6ccc
Mon Apr 05, 2021 1:29 am
Forum: SwOS
Topic: CRS326 DHCP over VLAN Trunk not working
Replies: 2
Views: 1028

Re: CRS326 DHCP over VLAN Trunk not working

What SwitchOS version?

I just looked at my one CRS326 (running SwitchOS version 2.12) and it is configured for static IP, but I can do a test without too much difficulty. The only connection to that switch from the rest of my network is via one VLAN trunk..
by k6ccc
Fri Mar 26, 2021 7:06 pm
Forum: Beginner Basics
Topic: I can't access the web interface for MikroTik hAP ac2 [SOLVED]
Replies: 11
Views: 900

Re: I can't access the web interface for MikroTik hAP ac2 [SOLVED]

I would lose access to it every time I got the device partway configured. Likely your fault. For example, if you change the IP subnet of the device, of course you are going to lose connection to it - until you change the IP of your computer. Although I don't normally use it, Webfig works just fine....
by k6ccc
Fri Mar 26, 2021 6:59 pm
Forum: Beginner Basics
Topic: I can't access the web interface for MikroTik hAP ac2 [SOLVED]
Replies: 11
Views: 900

Re: I can't access the web interface for MikroTik hAP ac2 [SOLVED]

My only sadness now is that I bought this device thinking it was ddwrt/openwrt/tomato compatible.
In other words, you bought something other than what you are looking for, and then are bitching that it does not work the way you wanted. Frankly, I am VERY glad that it is no ddwrt compatible.
by k6ccc
Fri Mar 26, 2021 6:30 pm
Forum: Beginner Basics
Topic: I can't access the web interface for MikroTik hAP ac2 [SOLVED]
Replies: 11
Views: 900

Re: I can't access the web interface for MikroTik hAP ac2 [SOLVED]

You can use Webfig which is a web interface similar to WinBox, or you can use a Telnet or preferably SSH session to configure it with a text based interface. If you are on a MAC, apparently there is a way to run WinBox on a MAC, but I don't use a MAC, so I have no details. If you are on linux, you s...
by k6ccc
Wed Mar 24, 2021 6:05 pm
Forum: Beginner Basics
Topic: Rb260gsp setup as simple switch?
Replies: 2
Views: 429

Re: Rb260gsp setup as simple switch?

No, you do not need to set port mirroring. The out of the box config will work for you, although as Phillip said, you likely will want to set the IP configuration.
And correct, no point in paying extra for the PoE that you likely won't be using.
by k6ccc
Thu Mar 18, 2021 9:55 pm
Forum: Beginner Basics
Topic: DHCP
Replies: 2
Views: 385

Re: DHCP

You did not say which Mikrotik you are using. For the purpose, you should have a switch, not a router. If you are using a router, you are going to need to provide us with a drawing (or a really good description - drawing is better) of your network layout, and a export of your router configuration in...
by k6ccc
Mon Mar 15, 2021 7:22 pm
Forum: Beginner Basics
Topic: Logins limit
Replies: 1
Views: 262

Re: Logins limit

Well, you're right - each session required a separate logon. That is a bit surprising...
I don't normally use WebFig - either SSH or generally Winbox.
by k6ccc
Mon Mar 15, 2021 5:02 pm
Forum: General
Topic: Mikrotik UPS Solution
Replies: 11
Views: 919

Re: Mikrotik UPS Solution

The original poster said that he has two CRS125 routers and two passive POE injectors running on 24 volts. My original and followup suggestions was to run both the routers and the POE injectors off the same 24 volt battery plant. How do you ideally split current between 4 devices (2xCRS, 2xPoE inje...
by k6ccc
Mon Mar 15, 2021 4:13 pm
Forum: General
Topic: Mikrotik UPS Solution
Replies: 11
Views: 919

Re: Mikrotik UPS Solution

The original poster said that he has two CRS125 routers and two passive POE injectors running on 24 volts. My original and followup suggestions was to run both the routers and the POE injectors off the same 24 volt battery plant.
by k6ccc
Mon Mar 15, 2021 6:59 am
Forum: General
Topic: Mikrotik UPS Solution
Replies: 11
Views: 919

Re: Mikrotik UPS Solution

Is there such a thing but with ethernet inputs/outputs to go in between regular injectors and devices? Would make things a bit simpler
Use your existing POE injectors, but power if from a 24 volt battery plant. Use the same thing to power the routers. Much easier than any sort of UPS.
by k6ccc
Sun Mar 14, 2021 10:16 pm
Forum: General
Topic: Mikrotik UPS Solution
Replies: 11
Views: 919

Re: Mikrotik UPS Solution

Running the devices directly off a battery plant would be better. Ideally with redundant battery chargers to protect you in case a battery charger fails. Easier if all the devices can operate off the same voltage. And there is no switching time upon AC power failure - only the battery chargers stop ...
by k6ccc
Sun Mar 14, 2021 7:24 am
Forum: General
Topic: How do you know that Mikrotik had become popular ?
Replies: 5
Views: 623

Re: How do you know that Mikrotik had become popular ?

If one was proactive and wanted to be more aggressive one would log all entry attempts on port 8291 on input chain and block those IPs for all ports on raw chain.
That's what I do...
by k6ccc
Sat Mar 13, 2021 8:49 pm
Forum: Beginner Basics
Topic: ipv6 package
Replies: 7
Views: 703

Re: ipv6 package

No real point in installing the IPv6 package if you are not going to use it (neither do I).
by k6ccc
Fri Mar 05, 2021 11:41 pm
Forum: SwOS
Topic: CRS312, VLANs cannot talk with outside of the switch
Replies: 13
Views: 1297

Re: CRS312, VLANs cannot talk with outside of the switch

No, I do not normally use the port isolation capability - just different VLANs to keep things apart. On your port 1, on the VLAN tab, change VLAN mode to disabled and VLAN Receive to Only untagged. Off hand, I suspect that the switch is trying to send VLAN tagged traffic to your client PC - which li...
by k6ccc
Fri Mar 05, 2021 6:45 pm
Forum: SwOS
Topic: CRS312, VLANs cannot talk with outside of the switch
Replies: 13
Views: 1297

Re: CRS312, VLANs cannot talk with outside of the switch

SwitchOS handles VLANs just fine. I am using multiple VLANs on all of my switches. Most of my ports are not VLAN tagged - but are assigned to a VLAN, but there is at least one VLAN trunk port, and several of the switches have one or more other ports that are VLAN tagged. Based on the hosts tab, you ...
by k6ccc
Mon Mar 01, 2021 9:32 pm
Forum: General
Topic: winbox multiple instances/databases
Replies: 5
Views: 361

Re: winbox multiple instances/databases

Different log on accounts for the computer that is running WinBox?

What are you trying to accomplish?
by k6ccc
Sun Feb 28, 2021 8:46 pm
Forum: Beginner Basics
Topic: hAP Lite: How to connect ethernet/LAN device to WLAN subnet?
Replies: 4
Views: 377

Re: hAP Lite: How to connect ethernet/LAN device to WLAN subnet?

It will involve setting up a bridge, but I don't use any bridges in my routers, so I can't help you much. The Ethernet port and the WLAN need to be in a bridge, but that's about my limit on bridges.
by k6ccc
Sat Feb 27, 2021 9:11 pm
Forum: Beginner Basics
Topic: I need help about installation mikrotik on VMware Esxi 6.0
Replies: 3
Views: 400

Re: I need help

I can't help you at all with your problem, but for future reference, a more useful message subject would be helpful. For example: I need help with VMware esxi
by k6ccc
Thu Feb 25, 2021 4:38 am
Forum: Beginner Basics
Topic: Load Backup issue with Custom Script? 6.48.1
Replies: 1
Views: 282

Re: Load Backup issue with Custom Script? 6.48.1

If I'm understanding your question, it is doing what it's supposed to. From the Wiki:
The configuration restore can be used for restoring the router's configuration, exactly as it was at the backup creation moment, from a backup file.
by k6ccc
Wed Feb 24, 2021 4:12 am
Forum: Beginner Basics
Topic: User "Allowed Address" not in "/export" or "/export verbose"?
Replies: 2
Views: 298

Re: User "Allowed Address" not in "/export" or "/export verbose"?

Hmmm, interesting. You are right, not there..
by k6ccc
Mon Feb 22, 2021 12:26 am
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 4
Views: 581

Re: Port Forwarding

Both methods work. The one accept all DST-NATted is certainly the easy route, but I wanted him to know why his rules did not work right - in other words, he might learn something. The other part is that there are times where you have a need to either not use the one accept rule, or to not use it for...
by k6ccc
Sun Feb 21, 2021 8:20 am
Forum: SwOS
Topic: SwOS
Replies: 3
Views: 823

Re: SwOS

However, there is a major bug with the current release version of swOS not working with VLANS properly, which makes them unviable for anything except a lab setting. I would advise waiting until 2.13 is officially released. Oh really? Don't tell my six Mikrotik switches that are all running 2.12, an...
by k6ccc
Sun Feb 21, 2021 8:15 am
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 4
Views: 581

Re: Port Forwarding

Two of your code segments. The first is you DST Nat rules. I am going to assume that the first one (the port 80 TCP) is really like the port 80 UDP, but got mangled in the export and paste. Assuming that is true, those rules are fine. add action=dst-nat chain=dstnat comment="NGINX Proxy Port Fo...
by k6ccc
Thu Feb 18, 2021 5:47 pm
Forum: Beginner Basics
Topic: Opening firewall ports
Replies: 4
Views: 612

Re: Opening firewall ports

And to answer part two of your original question, yes the default firewall rules are fairly good for most purposes. If you are replacing a consumer grade router with a Mikrotik, the default configuration will work just fine. When you want to allow other stuff (such as your SSH question) is where the...
by k6ccc
Thu Feb 04, 2021 8:38 pm
Forum: Beginner Basics
Topic: Can't switch to SwOS
Replies: 2
Views: 365

Re: Can't switch to SwOS

That's a fairly old version of RouterOS. Just a stab in the dark. Update to a current version of RouterOS and see if the command to switch to SwitchOS is there.
by k6ccc
Mon Feb 01, 2021 4:33 am
Forum: SwOS
Topic: Subnet mask and swos
Replies: 12
Views: 6289

Re: Subnet mask and swos

There is traffic from my PC. So let's check the browser page. (Chrome has the developers tools built in).
And the browser is checking upgrade.microsoft .com to fill in this page. The switch is not initiating a request.
Ain't that interesting...
by k6ccc
Sun Jan 31, 2021 11:17 pm
Forum: SwOS
Topic: Subnet mask and swos
Replies: 12
Views: 6289

Re: Subnet mask and swos

The only thing with this "answer with src IP and src MAC as destination" mechanism is that the switch cannot initiate a connection to something outside the own subnet, as it does not have a clue on the gateway to use. But I see no process that initiates a connection from the switch (like ...
by k6ccc
Sun Jan 31, 2021 8:26 pm
Forum: SwOS
Topic: Subnet mask and swos
Replies: 12
Views: 6289

Re: Subnet mask and swos

I have not found a situation where I could not access any of my switches. At the very least, the computer is on a different VLAN than the switch is listening on, so traffic is going through a router or two to get there and it always finds its way back. This computer has an IP on my .101 LAN. Althoug...
by k6ccc
Sun Jan 31, 2021 8:05 pm
Forum: General
Topic: 24v 800mA power supply failure
Replies: 3
Views: 382

Re: 24v 800mA power supply failure

I have several of those and have not had any fail - for whatever that's worth...
by k6ccc
Sun Jan 31, 2021 8:03 pm
Forum: Beginner Basics
Topic: Looking for new Switch (Parameters Below)
Replies: 2
Views: 322

Re: Looking for new Switch (Parameters Below)

If you are happy with the CSS326-24G-2S+, I would get another one. Extra ports are always useful. Amazing how ports can get used in the future. In full disclosure, I have two of them (with rack ears) here at home plus a CRS326-24G-2S+RM that is running SwitchOS up at a local radio site and I am very...
by k6ccc
Sun Jan 24, 2021 8:27 pm
Forum: General
Topic: WinBox problem after upgrading to v6.48
Replies: 3
Views: 372

Re: WinBox problem after upgrading to v6.48

That was going to be my guess - old version of WinBox.
Glad you got it resolved.
by k6ccc
Sun Jan 24, 2021 5:13 am
Forum: General
Topic: how to conquer random mac address?
Replies: 8
Views: 890

Re: how to conquer random mac address?

iPhones are doing the same thing with a recent update. At least on the iPhone you can turn it off for a specific WiFi connection. If the Lenova has the same option, you could set up a rate limit so that if someone is not using one of your DHCP reservation IP addresses, they get limited to slow speed...
by k6ccc
Sat Jan 23, 2021 9:00 pm
Forum: General
Topic: Coax to RJ45 - is a MoCA adapter required? [SOLVED]
Replies: 8
Views: 847

Re: Coax to RJ45 - is a MoCA adapter required? [SOLVED]

Yeah, seems like I'll have to give up on this idea. I'd hoped to just jam the coax to my ethernet plug, and maybe punch in some PPPoE credentials manually or something, but yeah I'm forgetting that there's more to it than just whether it fits in the slot or not. That would be about like thinking yo...
by k6ccc
Sat Jan 23, 2021 8:48 pm
Forum: Beginner Basics
Topic: Basic question about firewall rule organization, and grouping by chains.
Replies: 5
Views: 547

Re: Basic question about firewall rule organization, and grouping by chains.

I group all my chains together. As noted before, the router does not care, but it makes it far easier for the poor human being that has to read it - that would be me. You can also create any other chains that you want. Speeds up processing if you can jump to a different chain for one certain type of...
by k6ccc
Fri Jan 22, 2021 9:29 pm
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 838

Re: [Request] Winbox Default Port

...without saving the host in the Managed list (for security reasons) What's your issue with using the managed list? Only someone who logs onto your PC with your account will see your list, and as Normis pointed out, the file is encrypted if you use the Master password. Keep in mind that the IP of ...
by k6ccc
Fri Jan 22, 2021 7:31 pm
Forum: Beginner Basics
Topic: Allow LAN to LAN routes
Replies: 2
Views: 336

Re: Allow LAN to LAN routes

I would agree, configure the EeroMesh device that has a wired connection simply as an access point, an let the MT handle the router functions.
by k6ccc
Fri Jan 22, 2021 5:31 pm
Forum: SwOS
Topic: Can SwitchOS pass VLAN's to other MikroTik switches?
Replies: 4
Views: 878

Re: Can SwitchOS pass VLAN's to other MikroTik switches?

God, I hope so! I am running VLANs on every one of my Mikrotik switches. I have five MT switches here at home, and lots of VLANs. I would hate to find that what I have been doing for years doesn't work :)
by k6ccc
Fri Jan 22, 2021 5:24 pm
Forum: General
Topic: 2 Mikrotiks on same layer 2
Replies: 15
Views: 1061

Re: 2 Mikrotiks on same layer 2

Not following what you are trying to accomplish. Can you draw a picture of what you want to do?
by k6ccc
Thu Jan 21, 2021 6:05 pm
Forum: General
Topic: Is there a way to log into admin panel if service on port 80 was accidentially turned off
Replies: 13
Views: 975

Re: Is there a way to log into admin panel if service on port 80 was accidentially turned off

Keep in mind that really the only thing you would do via MAC Winbox is to enable proper ways of accessing the router. Think of it as an "Ah crap, I messed up, let me fix my screwup".
by k6ccc
Thu Jan 21, 2021 4:29 am
Forum: Beginner Basics
Topic: Slower performance when connected directly to router!
Replies: 12
Views: 1144

Re: Slower performance when connected directly to router!

The 100Mb/s sounds suspicious. Check the connection speed on the laptop. Could be a cable issue. Gigabit normally requires all four pairs whereas 10Base-T and 100Base-T only uses two of the pairs.
by k6ccc
Wed Jan 20, 2021 9:21 pm
Forum: Beginner Basics
Topic: Dividing one routerboard making it two separate wan routers
Replies: 6
Views: 554

Re: Dividing one routerboard making it two separate wan routers

I am doing essentially what you are trying to do with a RB750Gr3 (Hex) with my normal internet as port 1, and a ham radio network as a second WAN when happens to be a VLAN on port 4. Works fine. Does require a little care in routing tables, and of course firewall rules to keep the intended traffic s...
by k6ccc
Tue Jan 19, 2021 6:04 pm
Forum: General
Topic: RouterOS .backup to .rsc/text
Replies: 4
Views: 518

Re: RouterOS .backup to .rsc/text

I lost my lain text .rsc files for the router config For future use, automatically produce a new (current) .rsc file on a regular basis. I have a script that produces the binary .backup and a plain text .rsc files and sends them to me via E-Mail. That scrip is run via the scheduler every night. Now...
by k6ccc
Tue Jan 12, 2021 5:18 pm
Forum: General
Topic: How to setup Mikrotik router and TTL
Replies: 14
Views: 1375

Re: How to setup Mikrotik router and TTL

How about asking a question. The subject is so vague, and other than that, you don't tell us what you are trying to do, or what you need help with.
by k6ccc
Tue Jan 12, 2021 5:15 pm
Forum: Beginner Basics
Topic: Can I change user name in SwOS?
Replies: 4
Views: 509

Re: Can I change user name in SwOS?

Not in SwitchOS.
by k6ccc
Sun Jan 10, 2021 3:22 am
Forum: Beginner Basics
Topic: New user- need help! Please!
Replies: 4
Views: 576

Re: New user- need help! Please!

I changed my laptop's IP to static 192.168.88.2, and was able to log into the switch, but as soon as I tried to change switch IP to 192168.1.58, I lost connection. That would be correct. As soon as you changed the IP on the switch to 192.168.1.58, your PC can no longer access the switch until you c...
by k6ccc
Tue Jan 05, 2021 5:40 pm
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 22
Views: 1593

Re: IPv6 Firewall

It is a bug/shortcoming in RouterOS. When you add a new package, the default configuration for that package is not applied. Workaround: always enable IPv6 as first thing when you receive a new router, then update to the newest RouterOS version, and then reset to factory defaults. When you do the re...
by k6ccc
Tue Jan 05, 2021 1:48 am
Forum: General
Topic: Coaxial Adapter
Replies: 4
Views: 512

Re: Coaxial Adapter

Nope. Doing so would likely release the magic smoke that makes all electronics work. Combining transmitters into a single antenna can be done, but it's not something that is plug and play - or inexpensive.
by k6ccc
Wed Dec 30, 2020 4:40 am
Forum: General
Topic: Winbox - MacOS Big Sur
Replies: 23
Views: 4690

Re: Winbox - Big Sur

Can I assume "Big Sur" is a name for a recent Mac OS? I don't speak Mac.

If that is the case, don't hold your breath. Mikrotik has never supported Mac OS, and appears that they have no interest in doing so.
by k6ccc
Mon Dec 14, 2020 11:20 pm
Forum: SwOS
Topic: SwitchOS CLI
Replies: 8
Views: 6059

Re: SwitchOS CLI

I use switches exclusively as switches and I use routers exclusively as routers - the two functions do not cross. In fact, the only reason I have one CRS326 is that I ordered a CSS326 and the vendor incorrectly sent me a CRS326. When I contacted them about it, they said it was not worth the effort a...
by k6ccc
Mon Dec 14, 2020 4:11 am
Forum: SwOS
Topic: SwitchOS CLI
Replies: 8
Views: 6059

Re: SwitchOS CLI

There's a version of OS available which has everything you want. It's called ROS. Yes, ROS device can be configured as a switch, doesn't have to be router. That does not help with switch only devices (see my list below). And for managing switches, SwitchOS works very well. With that said, it would ...
by k6ccc
Mon Dec 14, 2020 4:07 am
Forum: General
Topic: Forum registration disabled?
Replies: 2
Views: 387

Re: Forum registration disabled?

Beats me, but I concur that unless it's well hidden, there is no way to join.
by k6ccc
Sat Dec 05, 2020 11:01 pm
Forum: SwOS
Topic: CRS326-24G-2S+ no ip address
Replies: 3
Views: 744

Re: CRS326-24G-2S+ no ip address

If it is still on a factory config, it will be 192.168.88.1. If you changed it, you need to point your browser to the address that you changed it to. If you changed it to DHCP, whatever device is operating as a DHCP server should be able to tell you what address it is using. If you can't not find it...
by k6ccc
Fri Dec 04, 2020 6:23 am
Forum: SwOS
Topic: swos-css326 permit specific mac to port
Replies: 1
Views: 508

Re: swos-css326 permit specific mac to port

Look at ACL rules. I've never used them so I can't give you examples, but MAC filtering is in the options.
by k6ccc
Fri Dec 04, 2020 6:18 am
Forum: SwOS
Topic: Setup and access switch from upstream router
Replies: 2
Views: 601

Re: Setup and access switch from upstream router

The only aspect I don't like, is the fact that you lose access to the switch from any port that is not routed by the specified VLAN (10 in my scenario). Because if my upstream router dies or is misconfigured, I also lose access to the switch. I guess that my next purchase will have a console port ;...
by k6ccc
Sun Nov 01, 2020 3:47 am
Forum: SwOS
Topic: SwOS boots but cannot access
Replies: 3
Views: 843

Re: SwOS boots but cannot access

Can you hook up the switch to something that will provide a DHCP address (usually your router). Then look at the DHCP server to see what address was assigned. Then try to go to that address.with a web browser.
by k6ccc
Fri Oct 30, 2020 2:10 am
Forum: SwOS
Topic: CSS610-8G-2S+IN VLAN Behaviour
Replies: 1
Views: 1325

Re: CSS610-8G-2S+IN VLAN Behaviour

I don't have that switch, but am very familiar with SwitchOS. What you are reporting does not make a lot of sense. BTW, I suspect you typoed something in your description because the DHCP range for VLAN 2 does not include the switch management address. However, I suspect that was a fat finger item.....
by k6ccc
Thu Oct 15, 2020 6:29 am
Forum: SwOS
Topic: SwOs - Suggestion for improvements
Replies: 2
Views: 858

Re: SwOs - Suggestion for improvements

That is one of my pet peeves - We won't tell you what the password requirements are - but there are requirements. Unfortunately that is VERY common!
by k6ccc
Mon Oct 05, 2020 9:04 pm
Forum: Beginner Basics
Topic: proplem with dhcp
Replies: 7
Views: 634

Re: proplem with dhcp

Is this on Amazon AWS? If not, why are you using their IP addresses? it's private ip , so why don't use Highly recommend that you don't use a public address on your private network. There are private IP ranges for a reason. Using someone elses address range wiil come back to haunt you if you every ...
by k6ccc
Sat Oct 03, 2020 10:33 pm
Forum: SwOS
Topic: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing
Replies: 15
Views: 3179

Re: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing

I had not really paid attention to the model of switch that you are using. Apparently that is a very new product and the software download page has not been updated with the new model. As this is a user forum, you might be better off sending a message to support@mikrotik.com That will get directly t...
by k6ccc
Sat Oct 03, 2020 6:15 am
Forum: SwOS
Topic: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing
Replies: 15
Views: 3179

Re: CSS610-8G-2S+IN - SWOS 2.12rc2 Upgrade missing

Go to the Mikrotic downloads page: https://mikrotik.com/download
Download the appropriate file and do a manual upgrade (near the bottom of the Upgrade tab).
by k6ccc
Thu Oct 01, 2020 9:08 pm
Forum: SwOS
Topic: Help me please, switch keeps briking on me
Replies: 3
Views: 676

Re: Help me please, switch keeps briking on me

You are not giving us much info on your configuration. Are you trying to access the switch via one of the trunks or have you designated a specific non-tagged port as your "management" port? As xvo said, you need to tell the switch what port or ports and what VLAN management access is allow...
by k6ccc
Thu Sep 24, 2020 12:03 am
Forum: General
Topic: [FEATURE REQUEST] User Interface Overhaul?
Replies: 10
Views: 976

Re: [FEATURE REQUEST] User Interface Overhaul?

Like the others who have posted, I have very very issues with WinBox (what I normally use for most purposes). I find it easy to work with. It is FAR better than the GUI for the Juniper routers we have at work. I use my MT routers strictly as routers (no switch functionality, but lots of VLANs), so t...
by k6ccc
Wed Sep 23, 2020 2:28 am
Forum: SwOS
Topic: NewBie CRS305 issue
Replies: 1
Views: 686

Re: NewBie CRS305 issue

You did not tell us what fiber SFPs you are using. You did specify that the ones having problems are using multi-mode FO cable. Makes me wonder if there is a mismatch between multi-mode and single-mode - either with the jumper cables or with the SFPs. From what you said, I am gathering that you are ...
by k6ccc
Mon Sep 21, 2020 11:52 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 27080

Re: WinBox v3.27 released!

I can confirm it as well in 3.27 64 bit version. However, you are going to need to put something in that field regardless of what defaults there, so this is not really much of an issue. Note that this is on the Bridge VLAN page as shows above and not the interface VLAN page (where the default is 1 -...
by k6ccc
Sat Sep 19, 2020 7:31 pm
Forum: General
Topic: icmp nat
Replies: 13
Views: 770

Re: icmp nat

if any of the hosts have open ports (a web, ftp, or mail server for example), you can send tcp pickets to those ports and get a response. Most monitoring services can check for all sorts of ports. And this approach makes a lot of sense, because a response to a ping tells you nothing more than that ...
by k6ccc
Sat Sep 19, 2020 8:36 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 770

Re: icmp nat

Nope. icmp does not have ports (unlike udp and tcp), so all you get is IP. If you have multiple public IPs, you can have each public IP NAT to a different host, but if you only have one public IP, you only get one. Now with that said, if any of the hosts have open ports (a web, ftp, or mail server f...
by k6ccc
Sat Sep 19, 2020 8:15 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 770

Re: icmp nat

Yep. If you have only one public IP, you can only ping one host.
by k6ccc
Sat Sep 19, 2020 7:51 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 770

Re: icmp nat

I just set this up on one of my routers. This is working fine. Note that if you don't have a forward rule to allow anything DST-NATted, you will need to build a specific rule to accept these packets. http://extraphotos.info/mikrotik/ICMP-NAT-1.png http://extraphotos.info/mikrotik/ICMP-NAT-2.png Also...
by k6ccc
Sat Sep 19, 2020 7:26 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 770

Re: icmp nat

You are almost there. Add the In Interface, and on the Action tab, set for DST NAT and tell what IP to send it to.
by k6ccc
Sat Sep 19, 2020 6:59 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 770

Re: icmp nat

Correct, icmp does not have ports.
by k6ccc
Sat Sep 19, 2020 6:04 am
Forum: SwOS
Topic: Help with CSS326-24G-2S+ and LACP
Replies: 1
Views: 525

Re: Help with CSS326-24G-2S+ and LACP

You're not giving a lot of information. It looks OK on the CSS326 as long as the other end is configured to initiate the LACP.
Also, what SwOS version are you running?
by k6ccc
Sat Sep 19, 2020 5:58 am
Forum: General
Topic: icmp nat
Replies: 13
Views: 770

Re: icmp nat

No different than any other NAT except the Protocol is icmp instead of the more common tcp or udp - I ran one for a specific purpose a while back.
by k6ccc
Wed Sep 16, 2020 10:43 pm
Forum: SwOS
Topic: Service VLAN on swOS
Replies: 5
Views: 3970

Re: Service VLAN on swOS

I don't remember seeing any mention of it in any updates. Push really comes to shove, I likely could test in here.
by k6ccc
Sun Sep 13, 2020 7:32 am
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 6483

Re: Expected down time for this forum SEPT 11

Same here. My password was invalid - it said. Used the "I forgot my password" link. "reset" my password to what it has been before - 4 capital letters, 4 lower case letters, 7 special characters, and 1 number - cryptic crap generated by my password manager.
by k6ccc
Wed Sep 09, 2020 11:44 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 57932

Re: SwOS version 2.12 released!

update to version 2.12 and I deleted the Mac Address and the Series. Any solution? I don't understand your statement. What do you mean that you deleted the MAC and the series (or was that supposed to be Serial?). You as a user do not have the ability to change either of those fields from the GUI, a...
by k6ccc
Sun Sep 06, 2020 7:37 pm
Forum: Beginner Basics
Topic: Port forward
Replies: 7
Views: 552

Re: Port forward

Make sure that you have either a firewall rule that allows that port in the forward chain or a rule that allows anything DSTNAT forwarded to be accepted in the forward chain.
Creating a port forward does NOT automatically allow that through the firewall (unless you have a allow anything DSTNAT rule).
by k6ccc
Thu Sep 03, 2020 6:25 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 27080

Re: WinBox v3.27 released!

Good grief, I just downloaded 3.25 yesterday.. Anyway with 3.27 (64 bit version), file list and log are working on my RB750Gr3 and RB750r2. Good grief, do you not check for updates at least twice daily?? I know you are largely just being funny anav... Actually I check this forum fairly regularly, a...
by k6ccc
Thu Sep 03, 2020 6:28 am
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 27080

Re: WinBox v3.27 released!

Can't replicate that on my RB750r2 with 6.47.1. Worked fine.
by k6ccc
Wed Sep 02, 2020 10:05 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 27080

Re: WinBox v3.27 released!

Good grief, I just downloaded 3.25 yesterday..

Anyway with 3.27 (64 bit version), file list and log are working on my RB750Gr3 and RB750r2.
by k6ccc
Thu Aug 27, 2020 8:07 am
Forum: SwOS
Topic: Need help to setup 2 VLANs
Replies: 4
Views: 1733

Re: Need help to setup 2 VLANs

On the VLANs tab, For each VLAN, check the boxes for the ports that will access that VLAN.
To add VLANs to the VLANs tab, press the APPEND button at the bottom. Then edit the VLAN number and ports.
by k6ccc
Mon Aug 24, 2020 7:49 pm
Forum: SwOS
Topic: Need help to setup 2 VLANs
Replies: 4
Views: 1733

Re: Need help to setup 2 VLANs

Here are a couple screen shots from my CSS326 that should help. BTW, I posted this and then realized that the screen captures were quite dated. I edited the post with new captures, so if you looked at this within the first 5 minutes after I posted it, the images changed. If you see this this text, y...
by k6ccc
Sun Aug 23, 2020 10:47 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 39738

Re: CSS326-24G-2S+RM hangs until power cycle

As far as I know, you are the first person to report this lockup under ROS. This entire thread has been about SwOS.
by k6ccc
Fri Aug 21, 2020 7:45 am
Forum: Beginner Basics
Topic: Remote Management Access using Public IP
Replies: 11
Views: 5170

Re: Remote Management Access using Public IP

Use WinBox, not WebFig, and in addition to the above suggestions, use non-standard ports.
by k6ccc
Thu Aug 20, 2020 7:12 am
Forum: General
Topic: Today lost winbox functions 6.47.1 !?
Replies: 2
Views: 434

Re: Today lost winbox functions 6.47.1 !?

6.47.1 is working fine with WinBox on both my routers. Did you change anything?
by k6ccc
Wed Aug 19, 2020 5:43 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 39738

Re: CSS326-24G-2S+RM hangs until power cycle

Coming up on 36 days and still good on both of mine..
by k6ccc
Wed Aug 19, 2020 5:07 am
Forum: General
Topic: Is it possible to mark-routing the ICMP packets?
Replies: 5
Views: 679

Re: Is it possible to mark-routing the ICMP packets?

Not enough detail. What are you trying to accomplish?
by k6ccc
Tue Aug 18, 2020 7:47 am
Forum: General
Topic: Help! Unknown Logs Eating RAM [SOLVED]
Replies: 2
Views: 454

Re: Help! Unknown Logs Eating RAM [SOLVED]

I only looked at a few of them, but it looks like you have set up a NAT with logging enabled. In that case, there will be a log entry for every packet. Turn off logging on your NAT.
by k6ccc
Tue Aug 18, 2020 12:07 am
Forum: Beginner Basics
Topic: Firewall drop port scanners rule trigered by Avast Antivirus
Replies: 3
Views: 955

Re: Firewall drop port scanners rule trigered by Avast Antivirus

Let me see if I have this right. You add firewall rules to detect and stop port scanners, then you complain that it does exactly what you asked it to do (stop a port scanner). If you want to do a port scan to see what might be open, yes, you will need to disable your port scanner blocker rules while...
by k6ccc
Mon Aug 17, 2020 11:54 pm
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3701

Re: IPTV Switching

I don't believe that is correct. Optional will allow either untagged or tagged packets, but you still need to tell the switch what VLANs are on which port. At least that is my understanding (and my observation for ports that I have set to optional). I just did a test. I have WiFi access points that ...
by k6ccc
Mon Aug 17, 2020 5:44 pm
Forum: Beginner Basics
Topic: firewall blocks router [SOLVED]
Replies: 5
Views: 1452

Re: firewall blocks router [SOLVED]

You are only showing one firewall rule in the input chain - and that is a drop everything. Based on that, there must be more to it that you are not showing us, else nothing into the router would work at all - including your ability to communicate with the router. If you want our help, you need to pr...
by k6ccc
Sat Aug 15, 2020 2:10 am
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3701

Re: IPTV Switching

My strong suspicion is that the IPTV is using a VLAN and the "normal" computer internet is untagged. That way, if you plug a computer into it, it understands the untagged traffic. The TV box is set up to look for a VLAN so it is happy too. Assuming that is the case, you will need to set up...
by k6ccc
Fri Aug 14, 2020 11:28 pm
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3701

Re: IPTV Switching

Knowing virtually nothing about IPTV (other than what I have read on this forum), are all four ports on the ISP router usable for either internet or TV, or are there specific ports for each?
by k6ccc
Fri Aug 14, 2020 5:44 pm
Forum: Beginner Basics
Topic: Remove bridge from RB750Gr3
Replies: 7
Views: 1775

Re: Remove bridge from RB750Gr3

We need to see what his configuration looks like. Until we see that, we are guessing.
by k6ccc
Fri Aug 14, 2020 12:15 am
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3701

Re: IPTV Switching

Most dumb switches will handle VLAN tagged traffic because they will simply ignore the VLAN tagging, and pass them along. Most smart switches understand what a VLAN tag is and process them, and then handle them as such. Sorry for the torch reference - I had RouterOS in mind when you said you were ru...
by k6ccc
Thu Aug 13, 2020 11:02 pm
Forum: SwOS
Topic: IPTV Switching
Replies: 13
Views: 3701

Re: IPTV Switching

If I were to hazard a guess, the IPTV is likely using a VLAN for connectivity. Using Torch on the ports that the TV boxes are on may shed some light.
by k6ccc
Thu Aug 13, 2020 9:26 pm
Forum: Beginner Basics
Topic: Remove bridge from RB750Gr3
Replies: 7
Views: 1775

Re: Remove bridge from RB750Gr3

You are wanting to operate very similar to my RB750Gr3 - it is strictly used as a router and all switch functions are handled by a separate switch (CSS326-24G-2S in my case). I have never had a bridge on any of my routers. By default a router will route traffic between LANs, so you must put in firew...
by k6ccc
Thu Aug 13, 2020 9:11 pm
Forum: Beginner Basics
Topic: Router Mode
Replies: 6
Views: 1790

Re: Router Mode

Additionally, once you have made any config changes to your router, you should NEVER use QuickSet. QuickSet will happily overwrite your changes for you.
by k6ccc
Thu Aug 13, 2020 6:44 am
Forum: Beginner Basics
Topic: all links not support HTTPS
Replies: 6
Views: 1392

Re: all links not support HTTPS

I don't run hotspot, so I can't help, but I get the idea.
by k6ccc
Thu Aug 13, 2020 12:47 am
Forum: Beginner Basics
Topic: Newbie switch question [SOLVED]
Replies: 2
Views: 707

Re: Newbie switch question [SOLVED]

You are really close. As soon as a new device sends a packet, the switch learns the MAC of that device and stores that and what port it was on in it's hosts table. As long as the device does not move to another port it will remember where it is (it should have a timeout in there). As long as the MAC...
by k6ccc
Tue Aug 11, 2020 10:07 pm
Forum: Beginner Basics
Topic: Multiple Tagged VLANs on One Port
Replies: 4
Views: 1167

Re: Multiple Tagged VLANs on One Port

If you look my first screen capture, under Open Mesh #1, you will see that VLAN receive mode is set to "Any", and the default VLAN ID is set to "201". That means that port 1 will receive either VLAN tagged or untagged traffic, and that inbound untagged traffic will be assigned to...
by k6ccc
Tue Aug 11, 2020 5:58 pm
Forum: Beginner Basics
Topic: Firewall/VLAN setup
Replies: 10
Views: 3669

Re: Firewall/VLAN setup

By default, a Mikrotik router will router whenever it can. In other words, unless you block it with a firewall rule, it will happily route between VLANs. In each chain, the router will start at the top of the firewall rules in that chain, and keep processing rules until it finds a rule that matches,...
by k6ccc
Tue Aug 11, 2020 5:43 pm
Forum: Beginner Basics
Topic: all links not support HTTPS
Replies: 6
Views: 1392

Re: all links not support HTTPS

WAY not enough information. What are you talking about?
by k6ccc
Tue Aug 11, 2020 5:40 pm
Forum: Beginner Basics
Topic: Multiple Tagged VLANs on One Port
Replies: 4
Views: 1167

Re: Multiple Tagged VLANs on One Port

I am in the exact same situation with my WiFi nodes, and I have two of them fed from a CSS106-5G-1S (proper name for the current RB260GS). Here are a couple screen captures: http://extraphotos.info/mikrotik/CSS106-VLAN.PNG Open Mesh #1 uses VLAN 201 as it's untagged management LAN, and Open Mesh #2 ...
by k6ccc
Mon Aug 10, 2020 2:08 am
Forum: SwOS
Topic: Is there any SwOS ACL documentation with example?
Replies: 3
Views: 1942

Re: Is there any SwOS ACL documentation with example?

I use SwitchOS quite a bit, but I have never needed to use ACL. My suggestion would be to play with the options and see what works. Then post it here so maybe someone else will know too...
by k6ccc
Thu Aug 06, 2020 5:51 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 57932

Re: SwOS version 2.12 released!

Hey everyone, we have several CSS326-24G-2S+ and updated them to 2.12 today. On each of our switches all used ports are flashing sinchronal and we are wondering if that behaviour is normal? The switches work fine as far as we can judge. Could be. I'm not home right now, but one of my CSS326 switche...
by k6ccc
Mon Aug 03, 2020 6:37 am
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 39738

Re: CSS326-24G-2S+RM hangs until power cycle

Anyone running the new firmware notice any issues? How's it working?
My two CSS326-24G-2S+RM are working fine on 2.12 - so far.
by k6ccc
Wed Jul 29, 2020 10:43 pm
Forum: Beginner Basics
Topic: Cant get all PCs online
Replies: 16
Views: 3181

Re: Cant get all PCs online

Or someone has plugged in another router on your LAN without you knowing it. Most likely they were looking for switching only, but left the DHCP server enabled.
by k6ccc
Wed Jul 29, 2020 8:48 pm
Forum: Beginner Basics
Topic: Cant get all PCs online
Replies: 16
Views: 3181

Re: Cant get all PCs online

Check your DHCP pool or pools. sounds like you have two DHCP pools with the first one set for 30 addresses with a Next Pool set to another address pool. The DHCP pools on one of my routers as seen in WinBox showing most of the pools have only 10 or 20 available addresses and none of the pools have a...
by k6ccc
Wed Jul 22, 2020 8:29 pm
Forum: Beginner Basics
Topic: hEX S router Individual ethernet port and VLANs configuration
Replies: 3
Views: 1292

Re: hEX S router Individual ethernet port and VLANs configuration

That is very similar to what I am doing. I am using my routers (RB750r2 & RB750Gr3) exclusively as routers. The different LAN ports connect to managed switches that handle ALL switching function. I don't know if you will have any downstream switches, or will each port be connected to a single de...
by k6ccc
Tue Jul 21, 2020 8:37 pm
Forum: General
Topic: How to count network usage per ip with my rOS
Replies: 1
Views: 647

Re: How to count network usage per ip with my rOS

For a small number of IPs that you want to check, you can create a passthrough fire wall rule that does not do anything except count packets. I have a bunch of those rules - although generally most are disabled except when I am doing some specific test that requires that particular rule. This would ...
by k6ccc
Tue Jul 21, 2020 8:09 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 57932

Re: SwOS version 2.12 released!

For lag config you would set both sides to active to have them participate in the group. One of the changes in this version was to allow lag to work with only one member active. While there could be an issue with how much membership traffic is sent, this is really a config issue on your end. I did ...
by k6ccc
Mon Jul 20, 2020 8:12 pm
Forum: SwOS
Topic: RB260GPS Trouble
Replies: 8
Views: 2619

Re: RB260GPS Trouble

I don't see anything that jumps out at me that would cause the problem that you are seeing. About the only config change you may want to try (although it should not matter) is to change the NVR and FO connections on the VLAN tab to VLAN Mode = Disabled and VLAN Receive = Untagged Only. May also try ...
by k6ccc
Sun Jul 19, 2020 7:36 pm
Forum: SwOS
Topic: RB260GPS Trouble
Replies: 8
Views: 2619

Re: RB260GPS Trouble

Several of your answers were non-answers (such as asking which of two options were you using and your answer was "no"). However, I think I largely figured out what you are trying to do. As far as I can tell, you are really only using the CSS106 on the 172.16.x.x network as a dumb switch an...
by k6ccc
Sun Jul 19, 2020 8:33 am
Forum: General
Topic: Allow limited user rights to make binary backup?
Replies: 4
Views: 1385

Re: Allow limited user rights to make binary backup?

Here is mine. Feel free to adapt for your own purposes... # Policies needed: ftp, read, policy, sensitive, test # Policies NOT needed: password, reboot, write, sniff, romon :log info "Starting daily backup"; /system backup save name=RB750Gr3-1_Daily /export file RB750Gr3-1_Daily /system pa...
by k6ccc
Sun Jul 19, 2020 5:59 am
Forum: General
Topic: Allow limited user rights to make binary backup?
Replies: 4
Views: 1385

Re: Allow limited user rights to make binary backup?

If all you want to do is create a binary backup, but leave it on the router, you don't need to allow that for your limited user group. Create a script to create the file and then a schedule that runs the script at whatever interval that you want. You can also have your script send the file somewhere...
by k6ccc
Sat Jul 18, 2020 8:42 pm
Forum: SwOS
Topic: RB260GPS Trouble
Replies: 8
Views: 2619

Re: RB260GPS Trouble

Still not enough detail. For the moment, I am going to assume that you are trying to access the NVRs from the 192.168.0.x side of the drawing (or from the internet), and that you can successfully access the NVR, but the NVR can not see the cameras. Is that correct? Or are you directly trying to acce...
by k6ccc
Sat Jul 18, 2020 8:24 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 57932

Re: SwOS version 2.12 released!

SwOS version 2.12 on CSS106-5G-1S do not work with VLAN on trunk port in state "enable" or "strict". Work only in "optional". I access to switch throw this trunk port. Allow From VLAN set for number VLAN that exist in VLANs and trunk port set "leave as is" (i...
by k6ccc
Fri Jul 17, 2020 10:24 pm
Forum: SwOS
Topic: RB260GPS Trouble
Replies: 8
Views: 2619

Re: RB260GPS Trouble

A little more details on config. For starters, how are you subnetted? Is there a router involved in the equation? All on one VLAN or more than one?
That's a good start...
by k6ccc
Tue Jul 14, 2020 11:52 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 57932

Re: SwOS version 2.12 released!

Followup. Great news. I have now performed both my LACP test and enabled IPv6 which caused both switches to crash earlier this year. Here is a simplified drawing of my LAN. http://extraphotos.info/mikrotik/LAN_simplified_drawing.png Last April, I had enabled IPv6 on router #1 and essentially instant...
by k6ccc
Tue Jul 14, 2020 9:31 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 39738

Re: CSS326-24G-2S+RM hangs until power cycle

My initial tests are looking good for 2.12. I repeated my April test by enabling IPv6 in an attached router, and both switches are working just fine.
by k6ccc
Tue Jul 14, 2020 8:25 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 57932

Re: SwOS version 2.12 released!

Two major improvements for me. First is the intermittent lockup issue that has plagued SwitchOS for quite a few releases. I will be repeating the test that I did back in April that caused both switches to lock up almost instantly. The other major improvement for me is that LACP will now work properl...
by k6ccc
Mon Jul 13, 2020 7:55 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 39738

Re: CSS326-24G-2S+RM hangs until power cycle

I'm sure that this has not been fixed because it is such a odd situation that causes it to happen. That makes it hard to replicate. As far as I know, I have only had it happen when I enabled IPv6 in the Mikrotik router that is attached to the garage switch. My arrangement is that my internet service...
by k6ccc
Tue Jul 07, 2020 9:47 pm
Forum: Beginner Basics
Topic: Open Access to TikApp
Replies: 6
Views: 1596

Re: Open Access to TikApp

how do I add secured addresses to the list?
Firewall rules to allow access or allowed addresses to log on - or both.
by k6ccc
Mon Jul 06, 2020 9:22 pm
Forum: Beginner Basics
Topic: Cannot import RSC file into Mikrotik - wrong config order
Replies: 5
Views: 1366

Re: Cannot import RSC file into Mikrotik - wrong config order

I have only done an import once - when I upgraded a RB750r2 with a RB750Gr3. I found the same thing. Had to break up the file into a bunch of small pieces to get it all to work. Like you, stuff was in the wrong order, and stuff in the default config conflicted with what I was trying to import. Ended...
by k6ccc
Mon Jul 06, 2020 5:18 am
Forum: General
Topic: A Network based System isn't working
Replies: 2
Views: 662

Re: A Network based System isn't working

Sorry, duplicate post
by k6ccc
Mon Jul 06, 2020 5:17 am
Forum: General
Topic: A Network based System isn't working
Replies: 2
Views: 662

Re: A Network based System isn't working

You gave us no useful information to work with.
What system? What equipment? What firmware? What is the network configuration? What is the problem? Anything else that might tell us (we're not mind readers)?
by k6ccc
Wed Jul 01, 2020 2:41 am
Forum: Beginner Basics
Topic: fw does not drop winbox mac-telnet [SOLVED]
Replies: 8
Views: 1775

Re: fw does not drop winbox mac-telnet [SOLVED]

Thanks.
I wonder if I had discovered and forgotten about that sometime in the past. When I looked at my router 2, both mac-winbox and mactel interface lists had all interfaces, but when I looked at my newer router 1, only the local LAN was listed for both.
by k6ccc
Tue Jun 30, 2020 9:04 pm
Forum: General
Topic: Winbox is resetting
Replies: 1
Views: 536

Re: Winbox is resetting

I am taking it that you mean that it is logging you back out of the router as soon as you log in. Can you connect to the node via WebFig or a terminal window and look at the log and see if that gives a clue what is happening?
by k6ccc
Tue Jun 30, 2020 8:51 pm
Forum: Beginner Basics
Topic: fw does not drop winbox mac-telnet [SOLVED]
Replies: 8
Views: 1775

Re: fw does not drop winbox mac-telnet [SOLVED]

OK, I have never given that any thought because I have never used MAC WinBox. How do you block MAC WinBox - either completely or selectively? Since it's not IP, the IP firewall and ports rules do not apply.
by k6ccc
Wed Jun 24, 2020 7:19 pm
Forum: SwOS
Topic: Do CRS305&309 support other brands' RJ45 SFP module?
Replies: 9
Views: 6019

Re: Do CRS305&309 support other brands' RJ45 SFP module?

When the whole concept of SFPs came about, the concept was that they would be universally compatible. However reality is that some work and some do not. This is not at all unique to Mikrotik. Simple answer it to buy the SFPs that the device manufacturer recommends. They have tested them and know wha...
by k6ccc
Tue Jun 23, 2020 9:27 pm
Forum: Beginner Basics
Topic: Virtual Server (port mapping) [SOLVED]
Replies: 12
Views: 3031

Re: Virtual Server (port mapping) [SOLVED]

Originally you were trying to forward to a different address in addition to a different port. DST-NAT would be appropriate for that. However as sutrus said, it's different if you are only changing ports.
by k6ccc
Tue Jun 23, 2020 7:24 pm
Forum: Beginner Basics
Topic: Virtual Server (port mapping) [SOLVED]
Replies: 12
Views: 3031

Re: Virtual Server (port mapping) [SOLVED]

Your action should be DST-NAT - not Netmap.
by k6ccc
Mon Jun 22, 2020 7:31 pm
Forum: General
Topic: View configured static routes
Replies: 11
Views: 2106

Re: View configured static routes

I'm a little curious how many routes you have, that it can't display in WinBox. I just looked at my RB750 and there are 29 routes of which 12 are static.
by k6ccc
Mon Jun 22, 2020 7:24 pm
Forum: Beginner Basics
Topic: Remote management
Replies: 2
Views: 693

Re: Remote management

There are several ways that vary in convenience and security. Preface: I DO NOT RECOMMEND the first couple!!! The absolute simplest is to allow WinBox or WebFig access via your internet connection <-- NOT RECOMMENDED A couple things you can do that somewhat improve the security of that. Use of a non...
by k6ccc
Fri Jun 19, 2020 2:03 am
Forum: Beginner Basics
Topic: New to Mikrotik - Config Help FW [SOLVED]
Replies: 12
Views: 3021

Re: New to Mikrotik - Config Help FW [SOLVED]

First of all, what chain does what. Traffic that is destined to something on the router itself (Winbox, SSH to the router, etc) is affected by the INPUT chain. Traffic that is destined to something other than the router but has to be routed through the router (A PC accessing a web page, etc) is affe...
by k6ccc
Thu Jun 18, 2020 8:50 pm
Forum: General
Topic: Lan security
Replies: 5
Views: 1344

Re: Lan security

Dot1x is used when we have mikrotik switch .
Can you clarify that. Do you really mean mikrotik SWITCH or ROUTER?
I don't see anything in SwitchOS to support 802.1x
by k6ccc
Wed Jun 17, 2020 10:13 pm
Forum: Beginner Basics
Topic: two ip from same subnet
Replies: 5
Views: 1185

Re: two ip from same subnet

On my moderately quick read, my initial suspicion appears to be right. Your source NAT is specifying that all outbound traffic from the LAN to the internet use the .140 address. For the one service that is destination NATed using the .141 address, when your server replies, it is also going out via t...
by k6ccc
Wed Jun 17, 2020 6:19 pm
Forum: General
Topic: Schedule a schedule?
Replies: 6
Views: 1192

Re: Schedule a schedule?

Glenn, I have a script that does essentially exactly what you want. I fully admit that I got most of the script from a post here several years ago and modified it for my own purposes. In my case, I am checking for login, logout, login failure, and several port knock conditions. The script writes a c...
by k6ccc
Wed Jun 17, 2020 6:00 pm
Forum: Beginner Basics
Topic: two ip from same subnet
Replies: 5
Views: 1185

Re: two ip from same subnet

Based on the rather limited information that you gave, it would appear that all you outbound traffic is going to use your .140 address. That would mean that traffic to your .141 address is going come back to the origination from a different address (the .140 address), so the external source is going...
by k6ccc
Sat Jun 13, 2020 12:24 am
Forum: Beginner Basics
Topic: Private VLAN [SOLVED]
Replies: 7
Views: 2861

Re: Private VLAN [SOLVED]

I had to Google "Private VLAN" to see what you were talking about - never heard that term before. The thread on VLAN setup likely does not mention "Private VLAN" because PVLAN really has nothing to do with VLANs. A so called PVLAN is using switch port isolation in order to sort o...
by k6ccc
Thu Jun 11, 2020 8:07 pm
Forum: Beginner Basics
Topic: block communications of connected networks via route
Replies: 6
Views: 834

Re: block communications of connected networks via route

Honest opinion, do it in firewall rules rather than your route rule. The reason is that one of these days, you are going to want to allow something to get between LANs. For example you may want that one PC on one network to be able to communicate with one device on the other network. Much easier to ...
by k6ccc
Tue Jun 09, 2020 5:32 pm
Forum: Beginner Basics
Topic: Mikrotik and Printers [SOLVED]
Replies: 4
Views: 1466

Re: Mikrotik and Printers [SOLVED]

duplicate post (sorry).
by k6ccc
Tue Jun 09, 2020 5:31 pm
Forum: Beginner Basics
Topic: Mikrotik and Printers [SOLVED]
Replies: 4
Views: 1466

Re: Mikrotik and Printers [SOLVED]

I'm going to preface this with I am not the expert here as I do not do any switch functions in my routers (routers only route, and switches do all the switching). However, If I followed it right, you are sending VLAN tagged traffic to the printers and they have no idea what to do with VLAN tags.
by k6ccc
Wed Jun 03, 2020 8:59 pm
Forum: SwOS
Topic: CSS326-24G-2S+ VLAN and sharing
Replies: 4
Views: 1452

Re: CSS326-24G-2S+ VLAN and sharing

You largely need a router to accomplish what you are trying to do. Here's the problem. When you put both VLANs onto a single port (the NAS for example), the data stream from the switch to the NAS will have all the traffic VLAN tagged. Since your NAS presumably is not capable (or at least not configu...
by k6ccc
Sun May 31, 2020 11:28 pm
Forum: Beginner Basics
Topic: Router doesn't appear in Winbox interface despite reset procedure
Replies: 10
Views: 2537

Re: Router doesn't appear in Winbox interface despite reset procedure

As for managed list, I tried it and got nowhere - bad password. I fear I played with ROMON in the past and I have an old password so locked out? So what should one do if one cannot remember whatever master password was set in winbox?? I have never used RoMON, and I do not have WinBox save passwords...
by k6ccc
Sun May 31, 2020 10:14 pm
Forum: Beginner Basics
Topic: Router doesn't appear in Winbox interface despite reset procedure
Replies: 10
Views: 2537

Re: Router doesn't appear in Winbox interface despite reset procedure

Are you trying to "find" the router by expecting it to show up in the neighbors list or did you save the IP in the Managed list? Personally I find that the neighbors list to be only slightly less useful than worthless. For example I opened it when I read this message. There are two Mikroti...
by k6ccc
Fri May 29, 2020 12:36 am
Forum: SwOS
Topic: rb260G
Replies: 3
Views: 1549

Re: rb260G

That is a very simple setup. Easiest way to explain it is to show you screen captures of one of mine. Assuming that this is a new install, I would assume it is a CSS106 running version 2.something firmware. First on the VLAN tab: http://extraphotos.info/mikrotik/CSS106-VLAN.PNG In this example, igno...
by k6ccc
Thu May 28, 2020 9:43 pm
Forum: Beginner Basics
Topic: Deny ip PUBLIC traffic
Replies: 10
Views: 2201

Re: Deny ip PUBLIC traffic

Input Chain only affects traffic that terminates in the router itself. Forward Chain affects traffic that passes through the router (what you are trying to do). Output chain affects traffic that originates in the router itself and is outbound to someplace else.. You can make all the rules in the wor...
by k6ccc
Thu May 28, 2020 9:32 pm
Forum: Beginner Basics
Topic: CRS328 makes me feel dumb
Replies: 2
Views: 767

Re: CRS328 makes me feel dumb

Can't help you on the bonding part (never done that), but VLANs are a piece of cake in either RouterOS or SwitchOS. As for routing between VLANs, RouteOS will automatically do that unless you specifically exclude that in firewall rules.
by k6ccc
Fri May 22, 2020 2:37 am
Forum: SwOS
Topic: VLANs Noob question
Replies: 1
Views: 1056

Re: VLANs Noob question

That is easy, and fairly close to what I am doing with my CSS326 switch. First the VLAN tab: http://extraphotos.info/mikrotik/CSS_VLAN_for_gelcom.png I skipped a few ports so you would not need to figure out other stuff. Port 1 is my cable internet and gets assigned as VLAN 100. Port 9 is my DSL int...
by k6ccc
Fri May 22, 2020 2:15 am
Forum: SwOS
Topic: CRS-317 SwOS Web Config inaccessible after Upgrade to 2.11
Replies: 3
Views: 1413

Re: CRS-317 SwOS Web Config inaccessible after Upgrade to 2.11

When you are able to get into it, on the system tab, check the status of the first two lines: Address Acquisition, and Static IP Address. As I recall, by default it will come up looking for a DHCP address. If you can't get into it, check your router to see if it assigned an address to the switch. Th...
by k6ccc
Mon May 11, 2020 5:28 am
Forum: Beginner Basics
Topic: How connect different router different subnet
Replies: 5
Views: 1304

Re: How connect different router different subnet

Start by spending a while reading the Wiki: https://wiki.mikrotik.com/wiki/Main_Page If we just tell you the answer, you don't learn. If you read the Wiki, most of your questions will get answered, and you learn what the answer means. When you can't figure out some specific detail, then ask. You may...
by k6ccc
Mon May 11, 2020 12:21 am
Forum: Beginner Basics
Topic: Portforwarding refuses to work for me.
Replies: 5
Views: 1283

Re: Portforwarding refuses to work for me.

Thanks, might be helpful. I tried to change router to my old TP-link one. I was still unable to portforward although it's "easier" UI, its probably about my new ISP blocking something and I've reached out to them. Thanks a lot for your reply though, I'll make sure to post an update if it ...
by k6ccc
Sun May 10, 2020 10:12 pm
Forum: Beginner Basics
Topic: My first firewall config - requesting feedback! [SOLVED]
Replies: 9
Views: 2445

Re: My first firewall config - requesting feedback! [SOLVED]

One other addition. Keep all the rules in a particular chain together rather than mixing input, forward, output, whatever else you might add later. It does not make any difference to the router, but it makes it FAR easier for us human beings to read.
by k6ccc
Sun May 10, 2020 9:47 pm
Forum: Beginner Basics
Topic: Portforwarding refuses to work for me.
Replies: 5
Views: 1283

Re: Portforwarding refuses to work for me.

NAT is actually very easy. Here is the command for NAT for my web server: add action=dst-nat chain=dstnat comment="Web Server on Jupiter." \ dst-address-type=local dst-port=80 protocol=tcp to-addresses=\ 192.168.101.11 to-ports=80 Then in Firewall rules, an accept for either that specific ...
by k6ccc
Sun May 10, 2020 9:40 pm
Forum: Beginner Basics
Topic: Admin access via the internet
Replies: 14
Views: 2706

Re: Admin access via the internet

"VPN Access" checkbox the QuickSet window...
Step one - stop using QuickSet. QuickSet sort of can be used one time for an initial setup (ONLY IF YOU REALLY NEED TO), but as soon as you make ANY other change to the router config, then NEVER AGAIN touch QuickSet.
by k6ccc
Sun May 10, 2020 7:17 am
Forum: Beginner Basics
Topic: How connect different router different subnet
Replies: 5
Views: 1304

Re: How connect different router different subnet

I agree with anav. Let the hex do all the routing and DHCP, and use the hAPs strictly as access points. Use different VLANs to keep things apart as needed.
by k6ccc
Thu May 07, 2020 12:02 am
Forum: Beginner Basics
Topic: Help me setup private network with a wireless hotspot
Replies: 19
Views: 3551

Re: Help me setup private network with a wireless hotspot

You really should not have two DHCP servers that are supplying IP addresses to the same LAN. Two DHCP servers feeding different LANs (or VLANs) is expected, but not on the same LAN. If for some reason you REALLY think that you need two DHCP servers on the same LAN, make sure that their address pools...
by k6ccc
Wed May 06, 2020 11:06 pm
Forum: Beginner Basics
Topic: Help me setup private network with a wireless hotspot
Replies: 19
Views: 3551

Re: Help me setup private network with a wireless hotspot

(1) what firewall rules that I miss? All of them. You have absolutely zero operational firewall filter rules. That means (among other bad stuff), your router is fully accessible from the internet. At the absolute least, restrict access to the router itself from WAN port. Start by reading this secti...
by k6ccc
Thu Apr 23, 2020 2:28 am
Forum: Beginner Basics
Topic: RB260GSP configuration via winbox
Replies: 2
Views: 1194

Re: RB260GSP configuration via winbox

Anav is right. Both your switches are SwitchOS only and therefore they are configured exclusively via the web GUI. BTW, I have several CSS326 and a CSS106 (and another of it's predecessor the RB260GS) and they work quite well as a managed VLAN switch.
by k6ccc
Thu Apr 23, 2020 2:20 am
Forum: Beginner Basics
Topic: Setting up /29 over /30 [SOLVED]
Replies: 7
Views: 3202

Re: Setting up /29 over /30 [SOLVED]

I have the /30 setup correctly. Traffic moves through the router. On the other hand, I am not planning on using public IP addresses for everything. I want to have two separate lans eventually, each using a separate public IP address. With a /30 CIDR, you only have two available addresses - one is f...
by k6ccc
Thu Apr 16, 2020 2:39 am
Forum: SwOS
Topic: CSS326 VLAN forwarding not working
Replies: 1
Views: 2613

Re: CSS326 VLAN forwarding not working

Although not entirely what you describe, but most of my switches have one trunk port to somewhere else with all VLANs appearing tagged, and some number of untagged ports (in quite a few cases only one other port) on a particular VLAN. It works fine for me, but I have MAC learning turned on. In a VLA...
by k6ccc
Sat Apr 11, 2020 1:51 am
Forum: General
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 57
Views: 25576

Re: Please add basic portScan tool ( port scanner scan )

There already is "/tool ip-scan" which scans using ping, arp, snmp and netbios and does IP lookup in DNS. Maybe you can specify what other features you would want it to have? (like other services it should scan for, or to have a list of ports) There have been a bunch of various posts, but...
by k6ccc
Mon Apr 06, 2020 11:17 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 117
Views: 39738

Re: CSS326-24G-2S+RM hangs until power cycle

Well, this one finally caught me last night. Below is a simplified drawing of the routers and switches here at home. I did not include any of the end user devices. I enabled the IPv6 package on router #1 and commanded the reboot. As far as I can tell, shortly after the reboot, I could not get into a...
by k6ccc
Thu Mar 26, 2020 11:42 pm
Forum: Beginner Basics
Topic: question about multiple routers
Replies: 1
Views: 1228

Re: question about multiple routers

Short answer is yes.
by k6ccc
Wed Mar 18, 2020 12:36 am
Forum: Beginner Basics
Topic: I need to enter AT commands via serial port and ROS
Replies: 4
Views: 1758

Re: I need to enter AT commands via serial port and ROS

You need to give us a little more information. First of all, which router? Yes, the hardware makes a difference as different hardware has different capabilities. What version of ROS? Again, different versions have different capabilities. What are trying to accomplish? The only thing I can think of i...
by k6ccc
Thu Mar 05, 2020 5:28 pm
Forum: General
Topic: Simple Port Forwarding
Replies: 5
Views: 2317

Re: Simple Port Forwarding

WinBox is fine. Forward chain is a normal chain in the firewall rules - not on the NAT tab (which will normally be srcnat and dstnat).
by k6ccc
Thu Mar 05, 2020 7:56 am
Forum: General
Topic: Simple Port Forwarding
Replies: 5
Views: 2317

Re: Simple Port Forwarding

Lookup hairpin NAT.
by k6ccc
Mon Mar 02, 2020 5:55 am
Forum: SwOS
Topic: VLAN problem
Replies: 2
Views: 3422

Re: VLAN problem

You gave us so little information that it is hard to help. For example, you showed that some pings worked - but no information on what was being pinged or from where. If you are allowing only untagged traffic on the test port, why are you allowing more than one LAN on that port?
by k6ccc
Mon Mar 02, 2020 5:33 am
Forum: General
Topic: Antenna Patterns for RBMetalG-52SHPacn
Replies: 9
Views: 2666

Re: Antenna Patterns for RBMetalG-52SHPacn

Draw a circle on a piece of paper and you just got a pattern for the omnidirectional antenna.
by k6ccc
Sat Feb 29, 2020 5:46 am
Forum: Beginner Basics
Topic: Firewall Rules for UDP Across LAN
Replies: 18
Views: 3977

Re: Firewall Rules for UDP Across LAN

You are making your life a bit more complex than it needs to be. Your rules 16 - 20 are completely un-needed because rule 21 is going to drop all of that anyway. As a general rule of thumb, most of us specifically allow what they want to allow and then drop everything else at the end of the chain. H...
by k6ccc
Sat Feb 29, 2020 2:33 am
Forum: Beginner Basics
Topic: Firewall Rules for UDP Across LAN
Replies: 18
Views: 3977

Re: Firewall Rules for UDP Across LAN

Since you have changed things from your original screen capture, please post you current firewall rules.
by k6ccc
Sat Feb 29, 2020 2:28 am
Forum: Beginner Basics
Topic: SOLVED: Help with Wyze Cam. NanoHD and Hex S
Replies: 12
Views: 3310

Re: SOLVED: Help with Wyze Cam. NanoHD and Hex S

Just an FYI, I have 19 Wyze cameras behind one of my Mikrotik Hex routers, and they work just fine. It really does not take anything special to get the Wyze cameras working. What works for your laptop or phone would work fine for the cameras. In my case, I have the cameras on my IoT network - which ...
by k6ccc
Sat Feb 15, 2020 2:14 am
Forum: Beginner Basics
Topic: Different VLANS with different PUB IPs [SOLVED]
Replies: 4
Views: 3419

Re: Different VLANS with different PUB IPs [SOLVED]

Until my ISP changed things around on me, I was doing exactly what you want to do. On my DSL, I had eight static IP addresses. All were in the same subnet. Here are a couple code segments that should help. First create the addresses on both the DSL and each LAN (two of which had a physical port and ...
by k6ccc
Thu Jan 16, 2020 8:20 pm
Forum: SwOS
Topic: RB260GSP - Activate DHCP server
Replies: 4
Views: 4698

Re: RB260GSP - Activate DHCP server

@dke, That thread is from four years ago and they are talking about the old RB260 that maxes out with 1.x firmware - NOT the current RB260 series (also known as the CSS106-5G-1S) which uses firmware versions 2.x. Yes, the current product with current firmware does as you describe (I have one), but w...
by k6ccc
Thu Jan 09, 2020 5:44 pm
Forum: Beginner Basics
Topic: Site to site RBLHGG-60AD to RBLHGG-60AD
Replies: 1
Views: 977

Re: Site to site RBLHGG-60AD to RBLHGG-60AD

Can you ping 192.168.88.254 from site 1? I'm not at all familiar with the pfsense routers, so I don't know if they have the ability to be configured to not respond to pings.
by k6ccc
Wed Nov 27, 2019 9:26 pm
Forum: SwOS
Topic: Terminal / ssh / telnet support for SwOS ?
Replies: 13
Views: 7601

Re: Terminal / ssh / telnet support for SwOS ?

As for getting a new IP from the DHCP server, assuming you are using DHCP reservations in the DHCP server, simply give the MAC for the switch a new IP. Next time that the switch requests a new IP, it will get the new address. Nothing to do in SwitchOS. Obviously this is not instantaneous, but the sw...
by k6ccc
Fri Oct 25, 2019 6:24 am
Forum: SwOS
Topic: RB260GS as unmanaged? (No IP address)
Replies: 4
Views: 3143

Re: RB260GS as unmanaged? (No IP address)

Yes, out of the box, all ports will talk to each other. To keep from using an IP address, you could give it a static IP outside your IP range. But are you REALLY that short of IP addresses on your LAN?
by k6ccc
Tue Oct 08, 2019 7:36 am
Forum: Beginner Basics
Topic: Forwarding port 443 causes internet problems to anyone else?
Replies: 4
Views: 1179

Re: Forwarding port 443 causes internet problems to anyone else?

My first guess is that your forwarding rule is not specific enough. For example, if you forward all port 443 traffic to something, then ALL traffic including your outbound https traffic will go there. On the other hand, it you only forward port 443 traffic that is inbound on your WAN connection, the...
by k6ccc
Thu Oct 03, 2019 2:21 am
Forum: SwOS
Topic: Switch identity character length and possible? bug
Replies: 5
Views: 3139

Re: Switch identity character length and possible? bug

That's RouterOS, not SwitchOS.
by k6ccc
Sat Sep 21, 2019 1:50 am
Forum: SwOS
Topic: SWOS VLAN and Trunk port
Replies: 2
Views: 4253

Re: SWOS VLAN and Trunk port

I am running very similar at home. These screen captures were done on a CSS326 for a different purpose and are a little out of date, but might give you some ideas. Links page: http://extraphotos.info/mikrotik/CSS326_Links.png VLAN tab: http://extraphotos.info/mikrotik/CSS326_VLAN.png VLANs tab: http...
by k6ccc
Sat Sep 21, 2019 1:12 am
Forum: Beginner Basics
Topic: Isolated Network
Replies: 10
Views: 2094

Re: Isolated Network

You need to give us a better idea of what you are trying to accomplish. Not enough information given.
by k6ccc
Thu Sep 19, 2019 6:30 pm
Forum: SwOS
Topic: CRS328-24P-4S+RM advertised SWOS 2.10 upgrade fails and installs 2.7p on 2.7 WORKAROUND
Replies: 6
Views: 4204

Re: CRS328-24P-4S+RM advertised SWOS 2.10 upgrade fails and installs 2.7p on 2.7 WORKAROUND

For what it's worth, I just updated a CRS326-24G-2S+, two CSS326-24G-2S+, and a CSS106-5G-1S from 2.9 to 2.10 without incident. Watching pings to the CRS, I dropped three pings during the restart, and on both CSS326 switches, I dropped one ping during the restart.
by k6ccc
Mon Sep 16, 2019 5:34 pm
Forum: Beginner Basics
Topic: Link Router and Switch and administrate together with WinBox
Replies: 11
Views: 2247

Re: Link Router and Switch and administrate together with WinBox

What you are asking about is very similar to what I am doing. The only difference is that I am using my routers (a RB750r2 and a RB750Gr3) exclusively as routers - no switching at all. Each LAN or VLAN has only one port on the router (may be a dedicated LAN port, or may be a VLAN trunk port). All th...
by k6ccc
Sun Sep 15, 2019 5:48 am
Forum: Beginner Basics
Topic: Using RouterOS as a switch
Replies: 5
Views: 1730

Re: Using RouterOS as a switch

Amm0 is correct. Essentially what I currently have is what dadoremix suggested. While that does allow VLAN 2 to communicate between ports 2 - 5, but that does not allow for the additional parts of the plan. I will be working with Amm0's suggestions shortly.

Thanks
by k6ccc
Sat Sep 14, 2019 11:47 pm
Forum: Beginner Basics
Topic: Using RouterOS as a switch
Replies: 5
Views: 1730

Re: Using RouterOS as a switch

Thanks for the reply. I had assumed that I needed to build a bridge, and played with that last night for a couple hours without any success. I can see the traffic coming in from the three AREDN nodes with Torch, but nothing going out. I'm sure it's easy for most people that have used a bridge in ROS...
by k6ccc
Fri Sep 13, 2019 9:02 pm
Forum: Beginner Basics
Topic: Using RouterOS as a switch
Replies: 5
Views: 1730

Using RouterOS as a switch

This is likely an easy one, but I have EXCLUSIVELY used Mikrotik routers as routers and never as a switch. Each LAN or VLAN on the routers connects directly to a CSS326 switch. I have run into a situation where I have run out of ports on one of my CSS326 switches and have an immediate need for a cou...
by k6ccc
Wed Sep 11, 2019 6:02 pm
Forum: Beginner Basics
Topic: How to enable Webfig access from internet?
Replies: 7
Views: 2844

Re: How to enable Webfig access from internet?

Also, HIGHLY recommend putting some additional security on it. There are several things that can be done if you really insist on having a WebFig port directly accessed from the internet. For example, if able, restrict the source IPs that can access it to only the IPs that you want to have access. Fo...
by k6ccc
Fri Aug 30, 2019 6:09 am
Forum: General
Topic: Anyone can check the login webpage hotspot from attack codes!
Replies: 10
Views: 2132

Re: Anyone can check the login webpage hotspot from attack codes!

I don't think this forum has a lot of professional web developers But it is impossible for users or designers Hotspot service does not know in the topics of page security! This is a forum for routers. Why are you even asking for html configuration help here? Take this to a forum for web designers. ...
by k6ccc
Thu Aug 29, 2019 2:37 am
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 29190

Re: v6.45.5 [stable] is released!

I note that both alibloke and the chart that elbob2002 posted show the temperature stabilized at 58 degrees C. Makes me think that is what it is designed to do. I don't know what the specs for the CPU chips involved are, but as a comparison, the Raspberry Pi does not start throttling to control heat...
by k6ccc
Sun Aug 25, 2019 10:27 pm
Forum: Beginner Basics
Topic: Alternate DNS for one domain
Replies: 4
Views: 1360

Re: Alternate DNS for one domain

RouterOS does not support this method of working. It has been requested many times but it has not been implemented. (what you need is the capability to set a static DNS record for local.mesh with type NS and pointing to the nameserver for that domain) That is exactly correct. As RouterOS also does ...
by k6ccc
Sun Aug 25, 2019 9:27 am
Forum: Beginner Basics
Topic: Alternate DNS for one domain
Replies: 4
Views: 1360

Alternate DNS for one domain

Here is my situation. I have an RB-750Gr3 that has a WAN connection from my cable provider which provides DHCP and DNS services to the router. Ports 2, 3, & 5 are various LANs, and port 4 is a trunked port with several more VLANS. The trunked port connects to a managed switch where VLAN 5 (among...
by k6ccc
Fri Aug 23, 2019 7:55 am
Forum: General
Topic: New RB450G☓4 Breaks Google and its Services (Solved)
Replies: 13
Views: 2285

Re: New RB450G☓4 Breaks Google and its Services

Posting part of settings is not all that helpful.
/export config hide-sensitive file=yourconfigaug22
What am I doing wrong...see image below!

Screen Shot 2019-08-22 at 10.02.49 PM.png
Delete the word "config"
In other words: /export hide-sensitive file=your-config-22-Aug
by k6ccc
Sat Aug 10, 2019 2:11 am
Forum: SwOS
Topic: CRS326: RouterOS or SwOS?
Replies: 2
Views: 6946

Re: CRS326: RouterOS or SwOS?

A lot of that is personal preferences. I have a CRS326 that is being used exclusively as a managed switch. Other than about a half dozen VLANs, there is nothing fancy. I am running it under SwitchOS and always have. I also have two CSS326 switches - obviously running SwitchOS, plus two a CSS106-5G-1...
by k6ccc
Fri Aug 09, 2019 6:15 pm
Forum: Beginner Basics
Topic: Remote WoL
Replies: 8
Views: 3620

Re: Remote WoL

If you can access the router, you can either manually send the WOL command or type up a script and execute the script. By creating a scrpt in advance, you don't have to know the MAC of the target device. add dont-require-permissions=no name="Boot Old Family room PC on .101" owner=\ SuperMg...
by k6ccc
Fri Aug 09, 2019 6:05 pm
Forum: Beginner Basics
Topic: Access wan from lan
Replies: 1
Views: 754

Re: Access wan from lan

Search for "hairpin nat".
by k6ccc
Thu Jul 25, 2019 6:16 pm
Forum: SwOS
Topic: Forwarding Problem CRS317-1G-16S+RM
Replies: 1
Views: 2164

Re: Forwarding Problem CRS317-1G-16S+RM

Stefan, what software version?
by k6ccc
Thu Jul 25, 2019 6:13 pm
Forum: General
Topic: Firewall filter when port forwarded
Replies: 4
Views: 2583

Re: Firewall filter when port forwarded

On this - add chain=forward action=accept in-interface=WAN \ connection-state=new nat-connection-state=dst nat Does/should the connection state need to be new? Or does it matter? It actually does not matter. Because there is a fastrack accept for established and related packets, the only time that ...
by k6ccc
Tue Jun 25, 2019 12:28 am
Forum: General
Topic: PoE 802.3 on two pair cable with CRS328-24P-4S+RM
Replies: 1
Views: 614

Re: PoE 802.3 on two pair cable with CRS328-24P-4S+RM

From the product page for the CRS328-24P-4S+RM:
PoE-Out is passed over mode B pins (4,5+)(7,8-).
That won't work on your 2 pair cable.
by k6ccc
Mon Jun 24, 2019 8:34 pm
Forum: General
Topic: Block Teamviewer
Replies: 24
Views: 21215

Re: Block Teamviewer

The very first rule in the Forward chain. Made it about as simple as I could: add action=passthrough chain=forward comment=\ "Counter for outbound to 188.172.217.0/24 - test for Teamviewer" \ connection-state="" dst-address=188.172.217.0/24 No connections listed to 188.172.217.xx...
by k6ccc
Mon Jun 24, 2019 6:02 pm
Forum: General
Topic: Block Teamviewer
Replies: 24
Views: 21215

Re: Block Teamviewer

So I did some digging and saw that TeamViewer Connect to a domain, 188.172.217.0/24 To test that, I created a passthrough firewall rule as a counter as the first rule in my forward chain. Any traffic to 188.172.217.0/24 should show up in the counter. There are two computers inside my firewall that ...
by k6ccc
Fri Jun 21, 2019 8:05 pm
Forum: General
Topic: Block Teamviewer
Replies: 24
Views: 21215

Re: Block Teamviewer

I would love to be able to block TeamViewer - but my situation is a little different. In my case, I am the TeamViewer user, but I want to be able to block TeamViewer unless I specifically allow it at the time - for example with a port knock to the router. For example, the computer at home can't norm...
by k6ccc
Thu Jun 20, 2019 1:48 am
Forum: SwOS
Topic: RB260 speed falls do 100M
Replies: 7
Views: 2969

Re: RB260 speed falls do 100M

I'm sorry, but I thought it was simple to understand that the two RB260 Ether1 are connected together with a 50cm patch cable, so where is the cable problem? It was not simple to understand because you did not tell that in your original post. For all we know, you were trying to run gigabit over a k...