MikroTik

datajerk

Hi, I have various mikrotik routers and switches, but only one CRS328 has intermittent timeouts when trying to ssh or webfig in. Serial console always works and is snappy. Since do not have problems with other devices, and a 2nd CRS328 (newer and not loaded) does not have this problem, and they are ...

datajerk

Hi, I have two ISPs (BigCable 1000/40 and BigTelco DSL 40/2). BigTelco is my backup when BigCable is down. When BigCable is down my security cameras fill the 2Mb/s pipe of BigTelco DSL. I'd like to limit that to 1Mb/s. Creating a queue for this is simple, however I only want the queue active when Bi...

datajerk

Thank you, this is helpful. I cleaned up and started over following your advice and did some monitoring and observing. I still have the same problem, and it is consistent. I started with one peer/mode-config/identity and continued to add new peers/mode-configs/identities (p/m/i) up to 5, any time I ...

datajerk

Hi, thanks for the quick reply. You need a separate peer, mode-config and identity for every connection. I believe I've done that. I should have provided both entries in the original post. /ip ipsec mode-config add connection-mark=nordvpnus name=nordvpnus responder=no /ip ipsec mode-config add conne...

datajerk

Ok, I think I have a working solution, or at least it appears to work, I need to check to see if any requests are getting out, however none are not being returned. Since ipsec sets up src-nat on connect, I added to my nat external interfaces !addresslist to prevent src-nat. This feels sloppy somehow...

datajerk

Hello, I'm using the following to route an address list out an ipsec/ikev2 tunnel: /ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=!internal new-connection-mark=nordvpnus passthrough=yes src-address-list=nordvpnus /ip firewall mangle add action=change-mss chain=forwa...

datajerk

Hi, I have the following config (Based on https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS) that works great: /ip ipsec mode-config add connection-mark=nordvpnch name=nordvpnch responder=no /ip ipsec policy group add name=nordvpnch /ip ipsec profile add name=nordvpnch /ip ipsec ...

datajerk

2nd Update. 6.44.x works if all non-primary slaves have neighbor discovery disabled.

datajerk

Update.

Downgrading from 6.44.3 to 6.43.16 fixed this problem.

datajerk

I have a new CCR1009 that I've setup with active-backup bonding with two switches using the SFP+ and SFP ports. The intent is to use 10G as the primary and fail over to 1G if the 10G switch fails or is being updated. Config (no firewall, nothing else, just this): /interface ethernet set [ find defau...

datajerk

I am also having this issue. Exactly once per min my 328 gets this warning only if I have loops. In my case I have a 326 and 328 both connected to the same 10G switch. I have other networking gear with two interfaces for redundancy (they are bridges, single MAC) connected to the 326 and 328. Everyth...

datajerk

Update. I put 6.42.6 (up from .4/.5) on all my routers and switches, firmware updates too, rebooted. Then no VLANs worked. I specifically tagged some ports, etc... got all VLANs working again. And this problem seems to have cleared itself up. I only see 2 macs now as expected.

datajerk

Is your described CRS usage complete? E.g. are only those two ports in use? If yes, then what you describe is normal. If not, how are other ports used? Tagged, untagged, ...??? It would not be right if ether1 would "see" MAC of a device which is not downstream connected to ether1 nor is p...

datajerk

Hi. I have a CRS326 with bridge filter vlan enabled with the following config: /interface bridge port add bridge=bridge interface=ether1 pvid=101 /interface bridge vlan add bridge=bridge tagged=sfpplus1 untagged=ether1 vlan-ids=101 This functions as expected. Untagged traffic from the device in ethe...

datajerk

Never mind. There is something wonky with my emulated internet setup. My target isp1/isp2 was another switch using VLANs, basically my CRS326 would untag out and the other switch tag in to vlans 19 and 29 (isp1 and isp2). I replaced one with another router and the problem went away. Unsure why this ...

datajerk

check for host table on bridge if you can see CCR Mac address on both vlans on sfp-plus interface and respective mac addresses of clients on respective vlan on ether1 and ether2 Yes I see the CCR sfpplus1 vlans 1,101,102 in the host table on the CSR326 bridge. I do NOT see the respective macs for e...

datajerk

I have two ISPs (isp1, isp2) connected to a CRS326 (routeros 6.42.5) in ports ether1, ether2. My router CCR1009 is connected to CRS326 sfpplus1. My router has two vlans, vlan101, and vlan102. vlan101 and vlan102 are configured as dhcp clients on sfpplus (I have no bridge on CCR1009). On the CRS326: ...

datajerk

The woobm is awesome, but it lacks the ability to paste. Please add a "paste" button.

If you are only interested in the switch/router the woobm is connected to via USB, then use telnet instead. You're telnet client C&P will work just fine.

datajerk

I've had my CRS328 racked and in production now for > 30 days. I'm currently powering 10 SBCs (with POE splitters) and a number of ruckus APs, hexs, and hexpoes that are then powering hexs and ruckus APs. I have two outdoor ruckus APs, one of which is also powering a camera from the poe out port. Af...

datajerk

Try https://github.com/thefloweringash/tzsp2pcap instead. It is open source and currently being maintained. I use it on both Linux and MacOS without issue. e.g.: ssh router /tool sniffer set filter-interface=bridge filter-ip-address=192.168.1.41/32,192.168.1.42/32 filter-stream=yes streaming-enabled...

datajerk

Here is my workaround solution. Temperature now managed around 50C degrees. Great Idea, gotta URL for those sinks? Here is the temps for S+RJ10 in CRS210 and CRS328. Does not get that hot in CRS328. Also not too hot in CRS210 if no connection. https://i.imgur.com/tgkdr8y.jpg https://i.imgur.com/QIv...

datajerk

I just received my CRS328 and I'm testing it now with 3 10Gb SFP and one POEaf device. My fans are audible for about 30 seconds, then quiet for 30 seconds, and so on ... Pretty annoying while testing. Eventually this will go in a rack and out of my office. It'd be nice if I could just have the fans ...

datajerk

Just received my brand news woobm. In the console i'm unable to do copy and paste. do you know how it is doable or if it's going to be a future feature ? thanks From the web interface if you click on home, then you'll be able to telnet to the woobm via the same IP you use for the web interface to g...

datajerk

Hi, I have two ISPs connected to my router, BigCable and BigTelco(DSL). BigCable is my primary ISP with BigTelco as my backup. This worked flawlessly, until I upgraded my cable modem. The new cable modem has an internal DHCP server that will hand the router an 192.168.100.0/24 (usually .10) address ...

datajerk

So, this is pretty much what I started with before removing the ports and vlans from the bridge on router1. The problem is that to put a vlan in a bridge I have to also put the uplink port (sfpplus1) also in the same bridge and then traffic (non-vlan) suffers ~5-10% performance hit. This is my first...

datajerk

In interface bridge vlan make sure you are adding the bridge to each vlan (likely as a tagged interface). Also, toggle VLAN filtering to on for any bridge you've setup VLANs on. With router1 and router2 move your VLAN interfaces to the bridge not the interface and adjust the bridge ports to tag or ...

datajerk

Remember that when your VLAN has the default MTU of 1500 your transporting LAN should have room for 1504 byte frames. It normally is not an issue with MikroTik equipment when directly using ethernet, but you are using bridges and 6.41RC software (not a good idea...) and it could be different there....

datajerk

Thanks for taking a look. My configs are below. Using the diagram above this is how wired: switch sfp-sfpplus1 -> router1 sfp-sfpplus1 switch ether6 -> router2 ether2 router1 ether1 -> ISP1 router2 ether1 -> ISP2 workstation -> ether17 (when testing vlan20) workstation -> ether19 (when testing defau...

datajerk

Hi, I'm having a problem with routing through a 2nd router when using VLANs. Diagram: ISP1 ISP2 | | router1 router2 \ / \ / switch----workstation ISP1 is my primary internet with a distance of 1, ISP2 is my backup with a distance of 2. My previous setup had both ISPs in a single router and it works ...

datajerk

Thanks. Got it working. The only difference in my config is vlan-filtering=yes.

I used the following:

https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering

Thanks again.

datajerk

Switch to the 6.41rc code that contains the new VLAN aware and hw-offload bridge. The configuration is a standardized one that is much simpler. It's the same across models. Hi, thanks. I should have mentioned that I am using 6.41rc. I am also not very familiar with how to do VLAN translation on the...

datajerk

Hi, The following works with my CRS125, but not CRS326: /interface ethernet switch egress-vlan-translation add customer-vid=19 new-customer-vid=0 ports=ether16 /interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=19 ports=ether16 What is the equivalent for the 326 ...

datajerk

Hi. I created the following config: /interface vlan add interface=bridge name=vlan19 vlan-id=19 comment="untrusted IoT" /ip address add address=192.168.19.1/24 interface=vlan19 network=192.168.19.0 /ip pool add name=untrusted_iot ranges=192.168.19.100-192.168.19.199 /ip dhcp-server add add...

datajerk

IIRC, yes I bridged the LAN/WLAN ports. However I still had to run DHCP on the hAP.

datajerk

Hi, I am trying to replace a powerline Ethernet setup with the hAP ac. Today I use powerline to bridge a Mikrotik hEX with another Mikrotik router. I have tried two different powerline setups from two different vendors and I'm not getting the performance that I can get with wifi to the same location...

datajerk

Not on websites. Thanks.

Search found 36 matches

Intermittent timeout when trying to ssh or webfig into CRS328

Queue active only if on 2nd ISP

Re: killing ikev2 with 2 ipsec/ikev2 peers

Re: killing ikev2 with 2 ipsec/ikev2 peers

Re: blocking traffic when ipsec/ikev2 is down

blocking traffic when ipsec/ikev2 is down

killing ikev2 with 2 ipsec/ikev2 peers

Re: CCR1009 active-backup bonding intermittent connectivity with no load

Re: CCR1009 active-backup bonding intermittent connectivity with no load

CCR1009 active-backup bonding intermittent connectivity with no load

Re: Ring of switches and Vlans

Re: Device connect to VLAN'd port seeing other switch MACs

Re: Device connect to VLAN'd port seeing other switch MACs

Device connect to VLAN'd port seeing other switch MACs

Re: CRS326 DHCP requests on wrong VLANs/ports

Re: CRS326 DHCP requests on wrong VLANs/ports

CRS326 DHCP requests on wrong VLANs/ports

Re: Feature requests

Re: any reviews/comments for CRS328-24P-4S+RM or CRS112-8P-4S-IN poe switches

Re: Traft for ARM architecture

Re: SFP module is extremely hot

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Re: Woobm copy/paste in console

How to block dhcp from cable modem, but not from cable company

Re: 2 routers, and VLANs, ICMP works, but TCP does not work well.

Re: 2 routers, and VLANs, ICMP works, but TCP does not work well.

Re: 2 routers, and VLANs, ICMP works, but TCP does not work well.

Re: 2 routers, and VLANs, ICMP works, but TCP does not work well.

2 routers, and VLANs, ICMP works, but TCP does not work well.

Re: CRS326 RouterOS VLAN translation

Re: CRS326 RouterOS VLAN translation

CRS326 RouterOS VLAN translation

Default VLAN (1) hosts picking up DHCP addresses from router DHCP server running on VLAN (19)

Re: hAP ac as bridge only

hAP ac as bridge only

CRS326-24G-2S+RM block diagram?