MikroTik

CZFan

From 6.23 is a big jump and if I recall correctly, there is an intermediate upgrade version to be done before latest from a big jump like that.

My best suggestion will be to backup config via export, then redo with 6.42.6 via netinstall and import the backup config again

CZFan

First, update your device, it is open for hacking!!!! Update it in which way? Upgrade the RouterOS, "...It's running v6.39.2" Depending which config you want to go, i.e. Bridge port or Master-Slave port config, upgrade to at least the following versions: Bridge = 6.42.3 Master-Slave = 6.40.8 See li...

CZFan

Not sure if it is the correct / best way, but got it working

export file=("flash/".([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6])) verbose; :delay 5;

CZFan

Hi, I am trying to get the script below to do auto backups, but must write to the flash folder else it gets deleted on reboot but it keeps writing the file to the root export file=(flash/([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date ] 0 3...

CZFan

look at the differences in the screenshots in your posts # 27 & 29, by adding the bridge as tagged, you have removed ether2 which broke the setup again, add ether2 back as tagged Should the new VLAN 10 be added to the Bridge/Port section , at the moment only the physical ports are listed there Eth2 ...

CZFan

Based on the amount of info you provided as your requirements, I can safely say get a Mikrotik

CZFan

I don't think this router is capable of routing 300/80 Mbps with half decent FW and QoS setup. Specially so if WiFi is used (WiFi under load can consume quite some CPU power). This inability probably shows while gaming as, I presume, gaming uses smaller packets and routing capacity actually limits ...

CZFan

As per my post in this topic, post # 10, Bridge must also be tagged for Vlan id's 10, 20, 30, 40, this is to allow access to the CPU for DHCP from these Vlans

CZFan

Add ether2 as tagged under Bridge Vlan for Vlan id 10

CZFan

Personally I use interfaces for bridge filters and IP for firewall filters, another reason would be that you might have multiple interfaces as members of same vlan, the it makes more sense to use the subnet of the vlan, but it is just set a personal choice Did you tag the vlan on the unify AP's, if ...

CZFan

Thx usdmatt, you confirmed my thinking, ROS it is then

CZFan

Hi, My first Mikrotik switch has been delivered for one of my clients, the device is a CRS326-24G-2S+. My question is do I run it with ROS or SWOS, there does not seem to be much info of pro's / con's between these out there. Also, if I run ROS, I would assume I need to config as a normal router wit...

CZFan

I will use:

chain=forward action=drop src-address=10.0.10.0/24 dst-address=192.168.100.0/24 log=no log-prefix=""
chain=forward action=drop src-address=192.168.100.0/24 dst-address=10.0.10.0/24 log=no log-prefix=""

CZFan

Change log for 6.42 says: *) routerboard - properly detect hAP ac^2 RAM size Mine shows 233Mb RAM, is that correct in both Winbox and CLI? the specs on Mikrotik Website says it should be 128Mb uptime: 35m5s version: 6.42.6 (stable) build-time: Jul/06/2018 11:56:50 factory-software: 6.41.3 free-memor...

CZFan

I suspect you are actually reaching IP of ether4, but the reply packets are going via ether1 as that is the preferred route out and then gets dropped as it is coming / going via a different interface/IP. You will have to configure the routing so that traffic coming in on ether4, leaves again on ethe...

CZFan

Below some corrections of mistakes and suggestions, so change these first and come back: From /ip address add address=192.168.100.254/24 comment=defconf interface=ether2-LAN network=\ 192.168.100.0 add address=10.0.10.1 interface=vlan10_Guest network=10.0.10.0 To /ip address add address=192.168.100....

CZFan

I have posted the full export text, i have nothing to hide.

No ways that is the full config, i.e. there are no Interface info, etc.

CZFan

Atleast send a mail to the Mikrotik certified members

CZFan

Yes, if there are no bridges configured yet, then create a bridge and make ports 2 - 10 members of this bridge
Assign the LAN gateway IP to this Bridge, then assign DHCP to this Bridge to issue LAN IP's to clients

CZFan

provide output of "export hide-sensitive"

CZFan

This morning I received a mail directly from Mikrotik re vulnerability

MTNotice.JPG

CZFan

I'm not sure if you are confusing the two: PPPoE = Point to Point Protocol over Ethernet PoE = Power over Ethernet Best will be to provide your current Mikrotik config so we can see what you have and what is needed, you can do this via Winbox-->Terminal, run command export hide sensitive and post re...

CZFan

@diddie17, you are 100% correct, if you want to switch VLAN's, i.e. Ether3 and ether4 is in same vlan, then it is best to use switch vlan config except for crs3xx devices.
Between VLAN's will happen with routing and this will go via cpu

CZFan

should be good to go, then if you want to prevent the guest vlan communication via layer 3 with other devices, use firewall filter rules

CZFan

try /interface bridge filter>

CZFan

Once again: I'm not "advocatus diaboli" of Mikrotik but you should apply right measure to the problem. OK. There was a problem spotted and repaired ... a lot of programs/devices had, have and will have them ... period. The problem is/was resolved ... time to apply cure. IF YOU WANT. If not ... stop...

CZFan

I received an e-mail this morning from one of our Mikrotik distributors here in South Africa, and note this is not the first one I have received from them re Mikrotik Notice. So to me, it looks like Mikrotik has done all it could to notify the users, well done Mikrotik, very proud to be a Mikrotik E...

CZFan

Can you add a diagram with the relevant devices and include IP's on the diagram, will be a lot easier then to assist

CZFan

Vlan10 must be on Bridge In Bridge-->Ports, change ether3 PVID from 1 to 10 In Bridge-->Vlan make Bridge as tagged and ether3 untagged for Vlan id 10 Thanks CZFan, Vlan10 must be on Bridge Is this correct? [admin@MikroTik] /interface bridge vlan> print Flags: X - disabled, D - dynamic # BRIDGE VLAN...

CZFan

Netinstall will be your friend here

CZFan

Need more info, i.e. ping from which ip to which ip, etc

CZFan

If the setup is between 2 Mikrotk's, then look at below:

https://wiki.mikrotik.com/wiki/Wireless_WDS_Mesh
https://wiki.mikrotik.com/wiki/WDS_repeater_example

CZFan

Vlan10 must be on Bridge
In Bridge-->Ports, change ether3 PVID from 1 to 10
In Bridge-->Vlan make Bridge as tagged and ether3 untagged for Vlan id 10

CZFan

I don't think you can do the pc behind the voip phone config with Mikrotik

CZFan

Create the necessary Vlan's and assign these to ether4 on MT Assign IP's to these Vlan's and if required, create DHCP on these Vlan's On Windows / Hyper-V side, you will need to create trunking and that can only be done in Powershell, not via VM Manager, just Google it and you will find process to d...

CZFan

First, update your device, it is open for hacking!!!!

CZFan

If you get this working, I am very convinced it will be very problematic network and you will have a bad gaming experience.

The 4 of you should club together and a Mikrotik consultant in to assis. To pay the consultant between the 4 won't be much and you will have the correct setup

CZFan

With PPPoE there are usually also queues involved, and I think that model is not going to cut it for 300 connections.

For this I would look into the CCR 1036, the ME model which has 16Gb RAM

CZFan

The load balancing method will depend on your requirements.

Best is to get a Mikrotik consultant in to assist

CZFan

Have you tried enabling upnp in /system logging?

CZFan

Security will always be a "Reactive" process

CZFan

...
I'm a bit nervous about the firewall log showing the packet but the torch not, I don't remember whether you did a sniff on the interface.
...

Can it be that the "Torch" screen update time? i.e. between updates this happened hence did not show?

CZFan

Never done this setup, but thought I will give it a go (Not tested). Below is based on Vlan id 3099 being the CVlan and Vlan id 10 being the SVlan (Added ontop of Vlan 3099) /interface ethernet switch set bridge-type=service-vid-used-as-lookup-vid drop-if-invalid-or-src-port-not-member-of-vlan-on-po...

CZFan

The first thing you should correct is your default routes should not point to interface, but to IP of gateway

CZFan

Thx guys,

Based on input from all, decided on CRS326-24G-2S+RM

CZFan

I'm really shocked by the number of admins that NEVER update firmware! Agree, what I also find funny is that they obviously do not log into forum regularly, if hey did, they would have known about these vulnerabilities, but as soon as they get hacked, then they can't post fast enough on the forum

CZFan

Looks fine to me, remember that if you have DHCP, etc on the device, you will have to also add the bridge to tagged Wouldn't it be better to bind such services (e.g. DHCP server) to particular vlan interfaces? Yes, you must bind DHCP, etc services to the relevant vlan, but you must also provide acc...

CZFan

... But regardless that, how on earth have you managed to configure your /interface vlan without specifying an interface name? The 'Tik normally doesn't allow you to do that :shock: Instead of /interface vlan add name=ether4vlan10 vlan-id=10 add name=ether4vlan100 vlan-id=100 add name=ether4vlan20 ...

CZFan

No PoE required

CZFan

Thank you for your input, much appreciated, my thinking is between the 2 below, any reasons for the one over the other?

CSS 326-24G-2S+RM https://mikrotik.com/product/CSS326-24G-2SplusRM

CRS328-24P-4S+RM https://mikrotik.com/product/crs328_24p_4s_rm

Search found 885 matches