MikroTik

CZFan

Agree, at time of typing my previous post, I thought that there might be a misunderstanding between us.

CZFan

The Child Q's are created dynamically Through what feature - DHCP? Hotspot? PPP? Can you execute "/queue simple print" and show the output? Printing the list will include all dynamic queues as separate items. Through "Simple Queues". Printing only shows the parent Q, see below screenshot. PCQ-Child...

CZFan

The Child Q's are created dynamically

CZFan

I don't agree with below, else what is the use of using PCQ? Also, the queue type setting for the parent will not have any effect if the parent has children. It looks like you have a PCQ queue set on the parent, which won't do anything. If you wish to use PCQ it has to be set on the child queues, no...

CZFan

You can remove the below line:
/interface bridge vlan
add bridge=bridge-iptv tagged=ether1-gateway untagged=ether10-IPTV vlan-ids=6

Then remove ether3 from bridge-local and add it to bridge-iptv.

That should be all you need to do

CZFan

The CRS can do wirespeed Switching, All routing (Incl Inter Vlan Traffic) goes via CPU and limited by that

CZFan

/interface bridge port add bridge=bridge1 frame-types=admit-all ingress-filtering=yes interface=sfp2 pvid=111 add bridge=bridge1 frame-types=admit-all ingress-filtering=yes interface=sfp3 pvid=111 add bridge=bridge1 frame-types=admit-all ingress-filtering=yes interface=sfp4 pvid=111 add bridge=brid...

CZFan

Good to hear. Note: you might want to run script by name, so you won't brake it in future
/system run script <name>

/system script run <name>

CZFan

Yes, cause 0x2^0 + 1 x 2^1 = 2

CZFan

This is my understanding if you change from UAA to LAA: Convert the first octet from Hex to Bin, then change the 2nd-least-significant bit to 1, then convert back to Hex, i.e. B8 :69:F4:00:00:00 = 1011 1000, then change to 1011 10 1 0 back to Hex and the LAA MAC will then be BA :69:F4:00:00:00

CZFan

Yes,

You can read all about it here: https://wiki.mikrotik.com/wiki/Manual:T ... et_Sniffer

CZFan

Look into hairpin nat

https://wiki.mikrotik.com/wiki/Hairpin_NAT

CZFan

What I explained is not to remove your AS, but the downstream private AS. i.e. Client (AS65500) ---- ISP (AS200) ---- Global Net At the ISP, they will strip the "Private AS" by using "Remove-Remote-AS" and only advertise aggregate. Anyway, seems this is only related to "Private AS" and possibly not ...

CZFan

I am confused about the internet access port / vlan 112 part. Usually you will tag traffic going out, not coming in.

Can you elaborate a bit more what you are trying to achieve here, maybe confirm with the service provider how you are suppose to access internet services?

CZFan

I am new to BGP, so take with a pinch of salt. This is usually used where an ISP (Upstream provider) needs to remove clients "private AS", and one of the requirements I understand is that the client then needs to have the same routing policy as the ISP. It is a setting called "Remove-Private-AS" in ...

CZFan

... Of course people throw in drop invalid traffic and other things but if you have a drop everything else rule they will all be caught. .... My personal opinion the above is debatable, the last I checked part of the reason for dropping invalid was due to reasons that the packet might not be NATed ...

CZFan

Is internet provided as a layer 2 or layer 3 service? Currently you have it configured as layer 2.

Maybe add a diagram so we an clearly see how things are connected

Just to confirm, are you sure the CCR1009 has a switch chip, it is my understanding that only fairly old CCR1009's have switch chips

CZFan

I highly doubt the above was the solution.

The queue types you mention there only changes the the queue "buffer" size, i.e. how many packets it will queue

CZFan

IP address is assigned to ether2 directly, should be assigned to bridge that ether2 is a member of

CZFan

Some Examples, but must use what makes sense to you,i.e.
Trusted Zone = LAN Zone
Untrusted Zone = WAN / Internet Zone
Semi Trusted Zone = DMZ Zone
etc

CZFan

I use a mixture of both.

As you mentioned, Interface List is like "Zone" based, "trusted", "untrusted", etc. but sometimes need to be more granular, then I use Address Lists, etc

CZFan

The only place I can see where the 3011 trumps the 4011 is you can do Vlan config in "software only " on 4011.

So the 4011 is a way better device, but will depend on what you planning to do with Vlans

CZFan

Can one subnet provide addressing for many vlans without 1:1 natting? I want one vlan per customer's CPE router, but instead of each vlan having its own /30, just one /25 is used across all vlans. The reason I want to do it this way is to avoid the use of PPPoE but still keep customer's traffic sepa...

CZFan

Any news about this feature ?

Bump

CZFan

Hi, I have configured several Subnets on my RB3011. All Subnets cannot see each other, it is disabled by FW-Rule. Now I would like to configure some exceptions. I have a local SIP Server on Subnet1 with IP: 192.168.1.10. Client on Subnet1 can connect correctly to the Server, but Clients on Subnet2(...

CZFan

NTP = Network Time Protocol makes use of port 123

CZFan

Ask ISPs to add route on CPEs to be our LAN range via the RB960.

CZFan

You mention "On the modem I have configured VPN passthrough - IPSec and PPTP" but trying to configure L2TP, I would assume you will need to configure L2TP passthrough on the modem, if it is not there, then it is not supported on the modem and will not work

CZFan

With my RB2011, when I changed from a 20/2 Mbps DSL link to 1000/100 Mbps fibre link, had the same issue. I added fasttrack and improved on my firewall rules and got ~850/97 Mbps through my RB2011. In my case the config was using DHCP client and not PPPoE on my router, but think with PPPoE you shoul...

CZFan

You dont need to complicate things with Vlans, just use separate subnets and block with firewall

CZFan

Why complicate things with VLAN's, just create your IPs on each interface

CZFan

And more LTE products with old and slow cat4 modems...I dont understand how can anyone even get more than 100mbit from this, i cant get more than 30mbit sitting next to tower, while anything else from super old mobile phone(6-7 years) to 2x cheaper routers achieve at least 2x speed if not more.. Wh...

CZFan

It is your router, telling the mail server that the host (Girlfriend Cell Phone) is not reachable, i.e. she has left the building

CZFan

Minimum will be 2 rules, combine rules 1 and 2

CZFan

Don't need any bridges then, best way is to simply configure the gateway ip on each port

CZFan

Remove all bridges, then add the VLAN's directly to ether 1, then create first bridge for ports 2-4 and wlan.
Then create another bridge, put eth5 and vlan14 in it

CZFan

Do you need routed access between sites or must the be on same layer 2 network?

If routed, look at SSTP tunnel with one side that does not have public IP as a client and dial into the other site.

If you need layer 2, then look at bridge control protocol over SSTP

CZFan

you mean something like below?

/ip firewall filter
add chain=forward in-interface=<WAN interface> dst-address=a.a.a.2 protocol=tcp port=!80,443 action=drop

CZFan

The SXT LTE is directional, so other question will be is the towers of the 2 ISP's in same location?

CZFan

Use print oid

CZFan

Provide export of the routes

CZFan

Well - the CRS is a switch...

Use a router for routing!

Could not agree more

CZFan

Is there any known problems with BTest, I am trying ti tests on a device ,

When I do in send, it seems to work properly
When I do in receive, it shows running, but shows 0 bytes
When I do in both, then it works for only couple of seconds and then says "no such test"

BTest.JPG

CZFan

Look into the Tr069 protocol, there are both commercial and open source applications for this
i.e.
commercial - avsystem
open source - freeacs, genieacs

CZFan

I don't think that is possible with Winbox, suggest looking into Webfig Skins

https://wiki.mikrotik.com/wiki/Manual:Webfig
https://mum.mikrotik.com//presentations/PL12/pawel.pdf
viewtopic.php?t=52184

CZFan

Your MT devices are behind a NATed device, so will not work.

You either need to put fiber routers which I suspect is ONU/ONT's, in bridge mode or configure port forwarding on them if that is possible

CZFan

CCNA Routing and Switching Study Guide book

or online

http://www.freeccnastudyguide.com/study-guides/ccna/

CZFan

Please note that the CRS328-24P-4S+RM is by design a switch with routing capabilities, so routing performance might not meet expectations. As example of configuring it, create a bridge and assign ports 2 - what ever to the bridge, this will form the switch part, then port 1 which is not part of the ...

CZFan

HEX does not have wireless, you will have to connect a separate wifi access point

CZFan

If the wlan is disabled, how can any client connect to the device via wlan?

You should remove wlan from bridge, then the clients on wlan will access the clients on LAN via layer 3. If not, you have firewall filter rules preventing this.

Search found 1045 matches