MikroTik

CZFan

CCNA Routing and Switching Study Guide book

or online

http://www.freeccnastudyguide.com/study-guides/ccna/

CZFan

Please note that the CRS328-24P-4S+RM is by design a switch with routing capabilities, so routing performance might not meet expectations. As example of configuring it, create a bridge and assign ports 2 - what ever to the bridge, this will form the switch part, then port 1 which is not part of the ...

CZFan

HEX does not have wireless, you will have to connect a separate wifi access point

CZFan

If the wlan is disabled, how can any client connect to the device via wlan?

You should remove wlan from bridge, then the clients on wlan will access the clients on LAN via layer 3. If not, you have firewall filter rules preventing this.

CZFan

See below, old topic but I think it is still relevant

viewtopic.php?t=10405

CZFan

I have logged into a 6.39.x earlier today with Winbox 3.18

CZFan

@OP, what do you have connected to the 750. And which ports are they connected to? Depending on how the 750r3 is configured, i.e. all switched ports will share 1Gb path, if not switched, then ports 1,3 & 5 shares 1Gb path and 2 & 4 shares another 1Gb path, so other devices might interfere with down...

CZFan

@OP, what do you have connected to the 750. And which ports are they connected to?

CZFan

@sindy: You're probably drinking beer not very far from me. But shh, we don't want anyone to know that we're slowly taking over the forum (maybe we can accept @CZFan as honorary member, he could be useful, he's not as much into motorcycles as I initially thought , but other things). :) O ye of litt...

CZFan

Bump, anyone with info on how to monitor simple queues with Dude?

CZFan

.... I also allow echo replies (Established) since I want the pongs to my pings to be accepted. If you have VPNs, that too. Lig ang Drop the rest.
...

I will also add ICMP Type 3, Code 4 for path MTU discovery to work properly

CZFan

your forward rules are below the input. Francois, this is nothing but a superstition. The order of the chains ( input , output , forward ) in a table doesn't matter at all; the order of rules within the same chain does. So you can even place the rules like I1, O1, O2, F1, I2, O3, F2, F3, F4, I3, I4...

CZFan

As per the drawing of your config, your frames are coming in tagged and leaving tagged as well, which indicates the Vlans are living on other devices, so, except for management of device, you do not need Vlan interfaces on these devices. Bellow config should suffice (NB. Done from memory, not tested...

CZFan

I have not tested this in a VLANed scenario, but with your config I would think the below should work: Mark connections in prerouting chain without specifying any in / out interfaces, this will mark connections in both directions Then mark packets based on connection marks, again, don't specify in /...

CZFan

https://blog.mikrotik.com/security/winbox-vulnerability.html Thanks. So after that what is next step? Becouse i am still receiving report about the js:Miner-AL[pup], trying get connection to my lan Thanks in advance I had this at a new client recently, (It was the actual reason he became a client o...

CZFan

Your firewall rules do include fasttrack rule, but your forward rules are below the input.
Move all chain=forward rules to the top, with fasttrack being the very first rule

CZFan

Change From: /ip address add address=10.0.0.1/16 comment=defconf interface= ether2-master network=10.0.0.0 To: /ip address add address=10.0.0.1/16 comment=defconf interface= bridge network=10.0.0.0 Not related, but you might also want to change from: /ip dns static add address= 192.168.88.1 name=rou...

CZFan

From the screenshot it looks like your AC2 is only advertising up to 100Mb Full, make sure the 1000Mb Half and Full are ticked on the "Ethernet" tab on same screen

CZFan

Are you sure about this? I seem to be able to transfer at wire speed across all the ports without hitting the CPU. This is NOT the case through the bridging method. I was seeing <100Mbps that way. ... Unless Mikrotik has made some design changes recently, very sure. When you go from one vlan to ano...

CZFan

I'm not enabling vlan filtering on the bridge. The guides I found on using the switch chip dont suggest that. Right now, port 5 and port 4 cannot see each other. If I assign a VLAN 14 interface on the hEX connected to port 5 (ie, PVID=15) it can't communicate with port 4. So Vlans are being properl...

CZFan

Hi, I am totally new to this, and not a coder of any type, and in need of some guidance on monitoring a Simple Q and getting some history of up / downloads of this Q in Dude. What I have done so far is: Created a Static Item with name of the Simple Q I want to monitor Added a link between the Router...

CZFan

viewtopic.php?f=2&t=139943

CZFan

@syadnom, did you enable "Vlan Filtering" on the bridge?

Also do a test from vlan 12 to vlan 13 and at the same time from vlan 14 to vlan 15? I suspect your results might be different then.

CZFan

Bump, Any drill hole template drawings please?

Else I have to get up on the roof, disconnect everything, take measurements, go and buy / make a u-bolts, go back and install again and all this time client will be down.

CZFan

@vecernik, not totally correct in this case.

Each port will be on a separate vlan, then any comms between these ports (VLAN's) will need to be routed which will go via cpu so HW offload will be lost

CZFan

My comment re crystal ball, we can't help if you only post part on the info.

Re your question if passthrough=no does not work, on your 2nd post, again with only part of the config, you have passthrough =yes for every packet mark

CZFan

It is called "Router on a Stick", not Switch on a stick.

Depending on the number of switch chips on the device, with the Hex POE you have only 1 switch chip, so only 1 bridge with HW Offload, but i.e. on 2011, you can have 2 bridges with HW Offload as it has 2 switch chips.

CZFan

Hi, I have to buy / make some U-Bolts for the Quick Mount pro, https://mikrotik.com/product/QMP Have a client who have mounted this on a pole on the roof with cable ties, if anyone has the dimensions or a URL where I can get this it will be appreciated. I need the diameter for the holes and distance...

CZFan

Off the bat, it can be 2 things, you need to add second Mikrotik route in radius as nas device, and then possible firewall rules blocking comma

CZFan

You forgot to post a picture of the crystal ball

CZFan

...

Mikrotik don't do/make directly GPON/MODEM. ...

https://mikrotik.com/product/SFPONU

CZFan

What happens to the Vlan's once it gets to the other side of Vlan 6? If they split out again according to their Vlan's, then you can look intgo Service Tag / QinQ. If the Vlan's comes from the schools, and Vlan 6 is just your uplink Vlan, won't it be better to terminate Vlan's 1 - 5 on your device, ...

CZFan

Will "Use Service Tag" not work here, i.e. you have C-Vlans 1,2,3,4&5, with S-Vlan 6

Or maybe QinQ, have Vlan 6 attached to ether2, with Vlan's 1-5 attached to vlan 6?

CZFan

Can you provide link to the documentation
Look at the very bottom of this wiki page (in the "Winbox" section).

Got it, thx.

I think it should rather be placed under headings for TX power, not right, right at the bottom of the document under some willy nilly comment about Winbox.

CZFan

Current TX Power = 0dBm
Current TX power readings are not supported for 802.11ac-capable wireless cards. That's a known (and documented!) limitation that has always been there.

My post is on the 802.11b/g/n WLAN card

Can you provide link to the documentation, want to go read up a bit more

CZFan

Any specific reasons you have Bridge ARP configured as "arp=proxy-arp"?

If not, change that to arp=enabled

CZFan

Nothing strange there, just make sure your routing / policies configured properly

CZFan

Note sure if someone has mentioned this before, if so, apologies for reposting

Current TX Power = 0dBm

board-name: hAP ac^2
model: RBD52G-5HacD2HnD
firmware-type: ipq4000L
factory-firmware: 3.43
current-firmware: 6.43.1
upgrade-firmware: 6.43.1

Current TX Power.JPG

CZFan

Hi, The S-seen reply means that "seen new connection is replied by your device" , A-assured means "the connection is trusted" , C-confirmed means "connection is confirmed by your device or firewall" , d-dst-nat , F- i think this is FIN i mean no more data from sender it seen after a connection is c...

CZFan

Yes, sorry, for management to the device itself you will need to create a vlan interface on the device

CZFan

AFAIK in the second config snippet, those vlan interfaces shoud have been created on bridge not on ether2.

...

For OP's setup, you don't need to create any VLAN interfaces on the CRS

CZFan

I don't see anywhere you are specifying tagged and or untagged (Access) ports, etc. Below is my understanding for the CRS1xx VLAN config straight from manual https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples#Example_1_.28Trunk_and_Access_ports.29 To configure Port 1 as trunk ...

CZFan

Please log a call with support@mikrotik.com, inlcude reference to this post/topic

CZFan

@Uqbar,

Please keep us posted

CZFan

Sorry, without actually being at the network, can't offer more

CZFan

On the server side: Change /ppp secret add local-address=192.168.9.1 name=test profile="server" remote-address 192.168.9.2 service=pptp routes="192.168.3.0/24 192.168.9.2 1" Remove /ip route add check-gateway=ping distance=1 dst-address=192.168.3.0/24 gateway=192.168.9.2 The routes= under /ppp secre...

CZFan

please provide a new diagram and include the VPN addresses.

Also the config of both routers after obfuscating any sensitive information

CZFan

Are you sure you allow the other LAN IP's in via firewall on Mikrotik?

CZFan

Apologies if you mentioned it earlier, but from what version to what version did you upgrade when you first noticed the difference?

CZFan

Firstly, when pasting config, please place this between the code brackets, makes it easier to read and not such long posts. Then, I am a bit confused, you are showing 2 speedtests screens, one with 158Mb download and another with 448Mb download. the 448Mb is not to bad. In current config, you have m...

Search found 999 matches