MikroTik

CZFan

If I may ask, what device is this ISP modem, make, model, etc?

CZFan

Maybe you should approach your ISP?

CZFan

I am monitoring about 40 devices using the Dude. Have 3 devices that are across a bridged wireless PTP link. For any devices on the other side of this wireless link, I get every now and then (intermittent) SNMP timeouts and with that false notifications. Have done the normal checks, etc, i.e. CPU lo...

CZFan

It's almost like Mikrotik should run one

Please forward the bandwidth test link for Cisco, Juniper, Huawei, Zyxel, TP-Link, ....

CZFan

Yes, the wireless radios draw quit a bit of power.

It sounds as if the CRS109 meets your requirements, if that is the case, and it was me, I will buy the correct power supply, add a virtual WLan and voila, you have 2 x SSIDs

CZFan

You need to remove WLAn from bridge and add L2TP interface to bridge on L2TP client side, i.e. on your AP, the server side should be done dynamically of configured correctly. You DHCP client should also be bound to L2TP client interface i need wifi clients to get ip from dhcp server from ether2 Ok,...

CZFan

Topic below might get you started:

viewtopic.php?t=135504

CZFan

You need to remove WLAn from bridge and add L2TP interface to bridge on L2TP client side, i.e. on your AP, the server side should be done dynamically of configured correctly.
You DHCP client should also be bound to L2TP client interface

CZFan

... But... Before making this upgrade I've made another observation: when my phones are turned off and my laptop is docked (networ connection via ethernet port) - everything works seamlessly. I've transferred over 10GB of data and nothing happened. As soon as I've turned on my phone and played some...

CZFan

Well done, glad I could help. FYI, IIRC, that is exactly what I achieved with my 2011, 812Mb/s The link you posted to the firewall config, I just did a quick scan through it and off the bat it looks over complicated for many environments, I will also be weary of the following 2 rules as generally yo...

CZFan

And here I thought SBC = Small Business Community :-) Yes, run the device in Router OS, not Switch OS Depend on what you want to do when accessing the devices, the easiest will be to use VPN, then you become part of the internal network and can access the devices. I do not think using different DNS ...

CZFan

Generic, home use FW rules for me are: (With fwd chain rules first) 1. Drop invalid, fwd chain 2. accept Fastrack, fwd chain, est, rel 3. accept fwd chain, est, rel 4.allow new from lan, fwd chain 5. allow dst nat, in wan, connection new, fwd chain 6. drop all fwd chain Then use similar for Input ch...

CZFan

Back in the times I had a 1Gb internet, my one son (Serious gamer) was living with us and he paid for the link. This is not the case anymore, he has moved out, moved the 1Gb link with him, so now I have a measly 40/20 fibre link so will not prove anything anymore unfortunately.

CZFan

Thanks pe1chl for clarifying. I wish there is a way to like a reply when someone provides a solution or the correct answer.
..

There is, click the "Accept this answer" (green tick) on post that provided solution

CZFan

I think for 100Mb internet link, CRS328-4C-20S-4S+RM will suffice, but also note that the CRS328-4C-20S-4S+RM is mainly a Fibre switch, i.e. mainly for connecting fibre cables. It does have 4 x combo ports and you will need to buy modules for these ports in order to use UTP. From your explanation, a...

CZFan

I think the more relevant question is why do you want to make a "Router" do "Switching" function?

To use another analogy, there is a difference between cars and buses for specific reasons.

CZFan

I have managed to get ~ 850Mb/s with RB2011, using NAT (No PPPoE). About a year ago, the RB2011 retired to my lab area and has been replaced with a HAP AC2 and I no longer have a 1Gb/s Internet link.

Why do you not start by providing your full config, and we can make suggestions?

CZFan

You dont have to spend all that money for a 4011, just keep the CRS109 as a "switch only" and add a Mikrotik hEX for the "Routing".

CZFan

Based on limited info in this thread, it seems you have gone the wrong way around purchasing hardware before understanding what is available and what will meet your requirements. It will be difficult to answer accurately without knowing what your internet link size / speed, what routing protocols ar...

CZFan

Hi all, Last night I purchased CRS328-4C-20S-4S+RM switch. .... My intention is to drop ISP router at some point as I manage to grasp sufficient knowledge with this device. ... Thank you kindly Please keep in mind, this device is a switch, with some routing capabilities. So depending on your intern...

CZFan

... But... Before making this upgrade I've made another observation: when my phones are turned off and my laptop is docked (networ connection via ethernet port) - everything works seamlessly. I've transferred over 10GB of data and nothing happened. As soon as I've turned on my phone and played some...

CZFan

Will it not be easier to allow SIP traffic only to the SIP providers you / building management approves of with Address Lists?

CZFan

I suspect the problem is not on your router config, but higher up the chain.

Do a trace route (Tools-->Traceroute) to 8.8.8.8 to see where it times out

CZFan

If I understand the OP correctly, the closest you will get to this is called hybrid vlan config. This is where you have a port configured for vlan trunking i.e. tagged vlan (vlan 10 as ex) and same port also configured as an access port for vlan 20 untagged

CZFan

Intra-Vlan is 2 hosts communicating on same Vlan (layer 2) Inter-Vlan is 2 hosts communication on different Vlans (Layer 3) Apologies, I just recalled sindy's post re vlan filtering disables HW Offload, hence you need to use switch vlan config in this case The point I was trying to make is that irre...

CZFan

I suspect there is no difference between Switch Chip Vlan config and Bridge Vlan config (Have not tested it though). My reason for thinking this is: When you have 2 ports in the same vlan on bridge vlan config, you will have HW Offload active and full port based (switched) speed between these ports,...

CZFan

Hi, I'm afraid to say this, but DON'T buy any hardware from Mikotik, NO SUPPORT AT ALL. For more than a year problem with Mikrotik WAPac and WiFi clients with broadcom chipset. Emailed a lot, given all necessary info, no results, last emails don't have any response! Have you tried Cisco's free supp...

CZFan

You should absolutely not push to control DNS in a Windows Active Directory environment. Not sure why you would want the headache. DNS is very important for Outlook clients for example. Do you know how to setup the resolution for Autodiscover? There are other topics no doubt too that we don't under...

CZFan

IIRC, I tested this on my 2011 a while back, with a single bridge, HW offload was active / enabled

CZFan

I have not worked in detail on DNS servers for a good couple of years now, (+- 10), but IIRC do not think you can specify port numbers in DNS.

Think you will have to enter the 2nd port number i.e. 81 as part of the URL e.e. http://www.yourdnsrecord.sub-domain.domain:81

CZFan

Yes, that is working as per design. The public DNS will tell the world what address to use to get to your network. The router on your network edge then translates this to for port 80 in this case to your internal web server address as per the NAT rule you configured. So that is all the router knows ...

CZFan

From reading OP, should just work, as you will have DAC routes added dynamically.which should allow comms between these

Best is provide the output of: /export file=myconfig hide-sensitive and pas this here between the code brackets

CZFan

If speed varies, then I doubt it is ethernet syc related. Majority of problems experienced with MPLS, etc is usually MTU related, but what I would suggest is go and have a cup of coffee with the client, then test from his connection and capture / sniff some packets to see if any excessive fragmentat...

CZFan

Hello, can the hAP ac² act as a router instead of an access point? I want it to act as a DHCP server and use firewall nat rules.

Exactly what it is designed for

CZFan

Can you provide a diagram of network, note on drawing where client is and where data is that he is downloading?

Just want to see where the possible problem areas might be

CZFan

Have you checked the client's Ethernet sync speed?

CZFan

DHCP broadcast, request, etc is layer 2, firewall is layer 3 of OSI model
dhcp protocol is in UDP, based on IP, and using broadcast ip's when necessary.
See https://en.wikipedia.org/wiki/Dynamic_H ... n_Protocol

True, wasn't thinking it through properly

CZFan

DHCP broadcast, request, etc is layer 2, firewall is layer 3 of OSI model

CZFan

Typically used when you have like lots of users / devices behind a NAT to prevent running out of port numbers (PAT) for a single IP NAT but not typically for 100 users/devices, never tested, but maybe: There a wiki for that ;-) https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#1:1_mapping Not r...

CZFan

Typically used when you have like lots of users / devices behind a NAT to prevent running out of port numbers (PAT) for a single IP NAT but not typically for 100 users/devices, never tested, but maybe: /ip firewall nat add action=src-nat chain=srcnat out-interface-list=WAN src-address=192.168.88.0/2...

CZFan

I think you should reset device to default, test again...

CZFan

Had this before on a 951G when I did an update wrong, late, on a Friday afternoon

Netinstall saved me

CZFan

What is the purpose of below in your config?
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1 src-address=192.168.88.2-192.168.88.253

CZFan

Or, maybe I just had the post open on web browser for a long period before posting....

CZFan

^^^^
You can pay me what you want, you will not get me on that tower

CZFan

It sounds like you have duplicate MACs or IPs connected to the switch.

Will it be possible to post config of all 3 Mikrotiks here:
/export file=MT1 hide-sensitive
/export file=MT2 hide-sensitive
...

CZFan

might be a good idea, so you can see exactly which version/model/year the device is which you found in the back of the storeroom under all the dust or when buying a 2nd hand one

CZFan

I have a chain Cisco 4900M - Dlink DGS3620-28SC - Mikrotik RB951G. And i can ping from Cisco to Dlink's address(from RB subnet) with 1700 and df-bit, so i don't think that it is Dlink problem. Is it possible that in that RB installed old chip that doesn't support some functions? CPU Ar9344 v3.33 Up...

CZFan

Look at IP-->Firewall, Connections tab

CZFan

Personally I see the 4011 as a SOHO device, my minimum suggestion will be CCR1009.

Search found 1128 matches