Community discussions

MikroTik App

Search found 2015 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7
by CZFan
Fri Apr 09, 2021 2:06 pm
Forum: General
Topic: ac2 vs ac3 wifi not over 200Mb
Replies: 13
Views: 988

Re: ac2 vs ac3 wifi not over 200Mb

If both devices are on the desk, then maybe get some more space between them, as the radios are probably screaming at each other and causes noise
by CZFan
Fri Apr 09, 2021 12:37 pm
Forum: Forwarding Protocols
Topic: BGP Load balance over two routers [SOLVED]
Replies: 6
Views: 791

Re: BGP Load balance over two routers [SOLVED]

I think the best in a case for above is to contact a certified Mikrotik Consultant in your area.

These guys pay big money to ensure they have knowledge and skills and are there for things like this to assist

https://mikrotik.com/consultants
by CZFan
Tue Apr 06, 2021 9:59 pm
Forum: Wireless Networking
Topic: set PVID of WDS dynamic interface? and wireless clients with a vlan-aware bridge
Replies: 6
Views: 1324

Re: set PVID of WDS dynamic interface? and wireless clients with a vlan-aware bridge

No, we dont use wds right now, but wanted. We need to avoid the "disconnection" and "reconnection" everytime a device changes from AP to AP in our wireless enviroment, avoiding the need to get a new IP address. We have 2 SSIDs in Virtual APs, ("Corp" and "Guest&qu...
by CZFan
Thu Apr 01, 2021 1:22 am
Forum: Beginner Basics
Topic: Multiple VLAN on Single Port
Replies: 6
Views: 934

Re: Multiple VLAN on Single Port

You are missing the bridge interface under bridge vlan table for vlan 999, need to add bridge as tagged interface
by CZFan
Mon Mar 29, 2021 7:30 pm
Forum: Forwarding Protocols
Topic: EOIP vs VPLS, less packet loss with EOIP?
Replies: 5
Views: 475

Re: EOIP vs VPLS, less packet loss with EOIP?

I would start by looking at MTU configs
by CZFan
Thu Mar 25, 2021 2:40 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 75
Views: 41939

Re: DHCP Offering Lease Without Success

... Now, the client must send a REQUEST for that address and the DHCP server answers with a REPLY and at that point the address is bound to the client. ... Just for correctness sake, the server does not answer with a REPLY message, but with an ACK, aka Acknowledge. Process is is called DORA, i.e. D...
by CZFan
Thu Mar 25, 2021 1:20 pm
Forum: Beginner Basics
Topic: Date & Time from NTP Server [SOLVED]
Replies: 14
Views: 886

Re: Date & Time from NTP Server [SOLVED]

2 things:

1. If you installed the "ntp" package, it changes the look/feel of the ntp client, and you will have to use scripts to make use of the FQDNs

2. If not, then see screenshort below for using FQDNs with ntp client
mtntpclient.JPG
by CZFan
Wed Mar 24, 2021 6:07 pm
Forum: Beginner Basics
Topic: Date & Time from NTP Server [SOLVED]
Replies: 14
Views: 886

Re: Date & Time from NTP Server [SOLVED]

Tell Google that; it's time1.google.com. Yes, .0 is a perfectly legal address, depending on the netmask.
Snap!!! :-)
by CZFan
Wed Mar 24, 2021 5:49 pm
Forum: Beginner Basics
Topic: Date & Time from NTP Server [SOLVED]
Replies: 14
Views: 886

Re: Date & Time from NTP Server [SOLVED]

216.239.35.0...
I know for sure that is not an NTP server.

Not sure I understand your reasoning, but an IP ending with .0 is a perfectly legal IP Address. Seems also it is Google Time server
googlentp.JPG
by CZFan
Fri Mar 19, 2021 6:44 pm
Forum: Wireless Networking
Topic: LTE Unregistered Status Codes
Replies: 3
Views: 1583

Re: LTE Unregistered Status Codes

Please read at start wiki about LTE
...

@SiB,

Would you mind posting an URL for what you refer to above, I am also currently struggling with LTE connection and looking for same info as per OP but cant find any info, been googling for last 2 hours
by CZFan
Fri Mar 19, 2021 6:09 pm
Forum: Wireless Networking
Topic: LTE Status / Error codes
Replies: 1
Views: 285

LTE Status / Error codes

Does anyone know where I can get LTE status / error code descriptions.

Trying to connect a Mikrotik LTE router with a private APN SIM Card, but get message "not registered, state 3" message but cant find any info on this
by CZFan
Fri Mar 19, 2021 12:03 pm
Forum: The Dude
Topic: Unable to get Function / Probe working [SOLVED]
Replies: 1
Views: 499

Re: Unable to get Function / Probe working [SOLVED]

Solved, seems it does not like the "-" in the function name
by CZFan
Thu Mar 18, 2021 5:40 pm
Forum: The Dude
Topic: Unable to get Function / Probe working [SOLVED]
Replies: 1
Views: 499

Unable to get Function / Probe working [SOLVED]

I am trying to create a function / probe but just not getting any results. The function is suppose to report the interface utilization. Below is the Function "In-Utilization" code: if(oid("1.3.6.1.2.1.31.1.1.1.6.13"),round(rate(diff64(oid("1.3.6.1.2.1.31.1.1.1.6.13"))*8...
by CZFan
Wed Mar 17, 2021 5:19 pm
Forum: General
Topic: Mutiple SSTP servers
Replies: 4
Views: 241

Re: Mutiple SSTP servers

If I may interject here, Will be good to understand what exactly the OP wants to achieve, but SSTP is a "service" on the router, and will accept from any IP Address configured on the router depending firewall rules. You dont bind SSTP to a specific IP per se. With SSTP and Road Warrior con...
by CZFan
Wed Mar 17, 2021 11:39 am
Forum: Wireless Networking
Topic: LtAP LTE 6 kit + R11e-LTE6 + External Antenna [SOLVED]
Replies: 4
Views: 516

Re: LtAP LTE 6 kit + R11e-LTE6 + External Antenna [SOLVED]

Thank you @mkx, appreciate your response/feedback
...
Just to be sure modem doesn't emit smoke...

I did run the "no-smoke.bat" file, so all should be ok :-) (Giving my age away here again)
by CZFan
Tue Mar 16, 2021 8:22 pm
Forum: Beginner Basics
Topic: Two mikrotik routers conflict in same network, why???
Replies: 19
Views: 1232

Re: Two mikrotik routers conflict in same network, why???

STP is the symptom, and is behaving as per design, i.e. block/disable ports where there are network loops.

This is more to do with physical connections than config...
by CZFan
Tue Mar 16, 2021 10:17 am
Forum: General
Topic: No thermal pads with R11e-LTE6
Replies: 6
Views: 524

Re: No thermal pads with R11e-LTE6

Analogy, to build a wall you can stack the bricks on top op each other, or "Optionally" use cement mix between the bricks Wonder which is the correct way??? another thing, these thermal pads seems to be fairly difficult to get hold of, i.e. I have to do a round trip of 100km from where I a...
by CZFan
Mon Mar 15, 2021 10:00 pm
Forum: Beginner Basics
Topic: Two mikrotik routers conflict in same network, why???
Replies: 19
Views: 1232

Re: Two mikrotik routers conflict in same network, why???


Yes, problem was with stp! Somebody can elaborate why stp was problem and is only solution to disable it?
I don't think the problem is STP, I rather think you have a loop in your network
by CZFan
Mon Mar 15, 2021 9:45 pm
Forum: General
Topic: No thermal pads with R11e-LTE6
Replies: 6
Views: 524

Re: No thermal pads with R11e-LTE6

hmmm, and everyone will go and read that?
by CZFan
Mon Mar 15, 2021 5:50 pm
Forum: General
Topic: No thermal pads with R11e-LTE6
Replies: 6
Views: 524

No thermal pads with R11e-LTE6

@normis et al A customer of mine bought 2 x LtAP LTE6 kits and 2 x R11e-LTE6 modems and dropped off by me to install for him. Following the instructions as per Mikrotik, thermal pads needs to be used on the 2nd modem installed in the router. My question is why is the thermal pads not supplied with t...
by CZFan
Mon Mar 15, 2021 1:06 pm
Forum: Wireless Networking
Topic: LtAP LTE 6 kit + R11e-LTE6 + External Antenna [SOLVED]
Replies: 4
Views: 516

LtAP LTE 6 kit + R11e-LTE6 + External Antenna [SOLVED]

Have the following, "LtAP LTE 6 kit + R11e-LTE6 + External Antenna" but have a couple of questions if someone does not mind to assist. 1. As per attached pic, the "tabs" that can be broken off to provide place for cables/connectors/etc, the ones on inside (white plastic) does not...
by CZFan
Sat Mar 13, 2021 11:05 pm
Forum: General
Topic: Hetzner Subnet on Mikrotik CHR
Replies: 4
Views: 447

Re: Hetzner Subnet on Mikrotik CHR

You will need to enable proxy arp on the internal facing interface
by CZFan
Sat Mar 13, 2021 4:07 pm
Forum: General
Topic: Having issues with NAT mapping
Replies: 8
Views: 651

Re: Having issues with NAT mapping

Yes, relevant routes needs to be in place, depending on the public IPs / setup, you do not have to have multiple routes, i.e. lets say the ISP issues (Not routed to you) a /29 range, 1 address will be used for the next hop gateway with 1 default route, you can then assign the other 5 on your WAN int...
by CZFan
Fri Mar 12, 2021 11:24 pm
Forum: Beginner Basics
Topic: Bypass school proxy for internet access on smart tv's
Replies: 2
Views: 272

Re: Bypass school proxy for internet access on smart tv's

Why don't you do it the right way, i.e. Log a call with whoever does the IT and explain the problem so it be dealt with
by CZFan
Fri Mar 12, 2021 5:16 pm
Forum: General
Topic: blocking port 53 incoming from WAN ports, block tons of packets
Replies: 9
Views: 625

Re: blocking port 53 incoming from WAN ports, block tons of packets

.. Is DNS attack by bots , I guess You are not "really" being attacked, but are being used to attack some other internet user If this packets are not dropped, it will have an impact on your upstream link as well as use additional resources on your router though. Will be better to drop the...
by CZFan
Thu Mar 11, 2021 10:57 pm
Forum: General
Topic: SIP Packets dropped unless Torch running
Replies: 11
Views: 719

Re: SIP Packets dropped unless Torch running

...SIP packets falling foul of MNDP.

I had a search of the forums but couldn't find the post you mentioned
viewtopic.php?f=21&t=171035&p=840920&hi ... dp#p840552
by CZFan
Thu Mar 11, 2021 4:38 pm
Forum: General
Topic: SIP Packets dropped unless Torch running
Replies: 11
Views: 719

Re: SIP Packets dropped unless Torch running

@networquk, pleasure, glad I could be of some assistance

@sindy, you are a blessing to the Mikrotik community, thank you and also thanks for the explanation, makes more sense to me now
by CZFan
Thu Mar 11, 2021 4:34 pm
Forum: Beginner Basics
Topic: RB 2011iL does not get Gib traffic
Replies: 19
Views: 1399

Re: RB 2011iL does not get Gib traffic

In 2016, when I had 1Gb/s fibre at my place, I used a 2011 and could get speeds of +- 850Mb/s to speedtest.net. +- 15 devices on the LAN/WLAN and approximately 15 FW rules + NAT, fasttrack enabled. Was not on a PPPoE connection but DHCP with the ISP. Only other difference was the WLAN was not part o...
by CZFan
Wed Mar 10, 2021 7:03 pm
Forum: General
Topic: Having issues with NAT mapping
Replies: 8
Views: 651

Re: Having issues with NAT mapping

As a minimum, you should have the following: /ip firewall nat add chain=srcnat src-address=LANIP1 action=src-nat to-addresses=WANIP1 out-interface-list=WAN add chain=dstnat dst-address=WANIP1 action=dst-nat to-addresses=LANIP1 in-interface-list=WAN nat add chain=srcnat src-address=LANIP2 action=src-...
by CZFan
Wed Mar 10, 2021 5:40 pm
Forum: General
Topic: NAT action SAME behaves just like NETMAP?
Replies: 7
Views: 543

Re: NAT action SAME behaves just like NETMAP?

My understanding is as follow:

Netmap - Maps IPs 1:1, so must be 1000 IPs to 1000IPs, i.e. a /22 to a /22
Same - You might have 1000 IPs mapping to 255 IPs, so the NAT will try and use the same NAT IP map per src/dst address pair, if src and or dst is different, it might use another IP to map/NAT to
by CZFan
Wed Mar 10, 2021 5:35 pm
Forum: General
Topic: SIP Packets dropped unless Torch running
Replies: 11
Views: 719

Re: SIP Packets dropped unless Torch running

Did you restart the router after disabling fast track? if not, the fasttracked connections in connection tracking table will stay active till timeout, and if active traffic on these connections can stay active indefinitely. Your firewall accepts established related packets, so should the phone initi...
by CZFan
Tue Mar 09, 2021 11:52 pm
Forum: General
Topic: Radius + Hotspot setup
Replies: 1
Views: 267

Re: Radius + Hotspot setup

The setup script adds a NAT rule automatically
by CZFan
Tue Mar 09, 2021 11:45 pm
Forum: General
Topic: SIP Packets dropped unless Torch running
Replies: 11
Views: 719

Re: SIP Packets dropped unless Torch running

Without seeing your config, it is just a guessing game. Torch disables a couple of things while running, i.e. Fasttrack, so if you have perhaps mangle rules for the phones and have fasttrack enabled, disable it, restart router and test If it does not solve the problem, post your config between code ...
by CZFan
Tue Mar 09, 2021 11:10 pm
Forum: General
Topic: NAT action SAME behaves just like NETMAP?
Replies: 7
Views: 543

Re: NAT action SAME behaves just like NETMAP?

Have you tried reading the Mikrotik wiki to understand how Same and Netmap works and what the difference is?
by CZFan
Fri Mar 05, 2021 2:50 pm
Forum: Beginner Basics
Topic: Two mikrotik routers conflict in same network, why???
Replies: 19
Views: 1232

Re: Two mikrotik routers conflict in same network, why???

... This is default config! Better option is to set IP to bridge? Thanks. If that is "default", then you have very old ROS version, then better you upgrade, then reset config to default and start again Yes, IP should not be attached to slave interface, should be on master, i.e. bridge int...
by CZFan
Fri Mar 05, 2021 10:34 am
Forum: Beginner Basics
Topic: Two mikrotik routers conflict in same network, why???
Replies: 19
Views: 1232

Re: Two mikrotik routers conflict in same network, why???

couple other things incorrect, you have IPs assigned to slave interfaces on both sides, i.e on ether 2 which should be on the bridge interface
by CZFan
Tue Mar 02, 2021 11:40 pm
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 443

Re: ASK [vpls PW]

by CZFan
Tue Mar 02, 2021 1:24 pm
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 443

Re: ASK [vpls PW]

IIRC, you use tagged type when you make use of service tags inside VPLS cloud

more info below

https://tools.ietf.org/html/rfc4762#page-11
by CZFan
Wed Feb 24, 2021 10:08 am
Forum: General
Topic: PVID for BGP VPLS interface on a bridge
Replies: 5
Views: 1425

Re: PVID for BGP VPLS interface on a bridge

Off the bat, have not tested it, etc. possible solutions might be:

1. Assign Vlans to a VRF and use the VRF, or maybe
2. In bridge port, you can select interface called "dynamic" and assign pvid there
by CZFan
Tue Feb 23, 2021 3:04 pm
Forum: General
Topic: too many packet per second with this outpu input: in:ether1 out:(unknown 0), src-mac , proto UDP, ->ip:53, len 71
Replies: 10
Views: 551

Re: too many packet per second with this outpu input: in:ether1 out:(unknown 0), src-mac , proto UDP, ->ip:53, len 71

OP:

Just a word of warning, your public IP is visible on those screenshots, let me know if I am close :-)

EDIT: IP Removed
by CZFan
Mon Feb 22, 2021 9:27 pm
Forum: Beginner Basics
Topic: Playing with Routes.
Replies: 4
Views: 403

Re: Playing with Routes.

without recursive routing, will be something like this (trying tp keep with your method of explanation): Route Rules: LAN1: SrcAdd(LAN1) Table(LAN1) LAN2: SrcAdd(LAN2) Table(LAN2) Routes: route 1 isp1 wan, route-mark LAN1 distance=1 route 2 isp2 wan, route-mark LAN1 distance=2 route 3 isp2 wan, rout...
by CZFan
Fri Feb 19, 2021 9:52 pm
Forum: Wireless Networking
Topic: MİkroTik Wireless Gig+ Test
Replies: 14
Views: 1206

Re: MİkroTik Wireless Gig+ Test


WoW, for that price, I will rather by 6 x RB4011s and place them all over where needed :-)
by CZFan
Fri Feb 19, 2021 9:28 pm
Forum: Beginner Basics
Topic: Playing with Routes.
Replies: 4
Views: 403

Re: Playing with Routes.

Can this be done without mangling is the challenge?

Yes, by using route rules with routing mark/route table for each LAN/WAN combination.

Then create 2 rules for each routing table, one with distance of "1" and another "2", recursive routing will serve better here
by CZFan
Fri Feb 12, 2021 4:40 pm
Forum: General
Topic: IPIP, GRE and IPsec tunnel is not working.
Replies: 6
Views: 527

Re: IPIP, GRE and IPsec tunnel is not working.

Without seeing the configs, your guess is as good as mine
by CZFan
Thu Feb 11, 2021 10:26 am
Forum: General
Topic: Is there any way to add src-adress to a list which ttl is greater than 2 or as i wish
Replies: 4
Views: 328

Re: Is there any way to add src-adress to a list which ttl is greater than 2 or as i wish

No, they probably have a ttl of 64 or 128, etc and decrement from there as they cross hops Let me rephrase, There is option in filter rules that you can check the TTL under advanced tab and then add src address to address list, but what I meant with the "No" is that they will most probabl...
by CZFan
Wed Feb 10, 2021 11:04 pm
Forum: General
Topic: Is there any way to add src-adress to a list which ttl is greater than 2 or as i wish
Replies: 4
Views: 328

Re: Is there any way to add src-adress to a list which ttl is greater than 2 or as i wish

No, they probably have a ttl of 64 or 128, etc and decrement from there as they cross hops
by CZFan
Wed Feb 10, 2021 10:51 pm
Forum: General
Topic: 31 subnet - Not finding an answer to default gateway.
Replies: 21
Views: 6266

Re: 31 subnet - Not finding an answer to default gateway.

Have config at a WISP client of mine where I am using /31 between them and their upstream provider.

My client side is a MT and upstream prover side is Cisco, using the Cisco as GW
by CZFan
Wed Feb 10, 2021 12:43 pm
Forum: Beginner Basics
Topic: EoIP Tunnel Clamp TPC MSS
Replies: 7
Views: 524

Re: EoIP Tunnel Clamp TPC MSS

@CZFan and what Clamp mss in EoIP does? Not sure if I understand the question correctly, but: OP did not mention EoIP tunnel MTU size in OP, so with that, if the tunnel MTU was set at 1500, then the "Clamp TCP MSS" in EoIP config will clamp the MSS at 1460, which might not be low enough. ...
by CZFan
Tue Feb 09, 2021 10:40 pm
Forum: Beginner Basics
Topic: EoIP Tunnel Clamp TPC MSS
Replies: 7
Views: 524

Re: EoIP Tunnel Clamp TPC MSS

Clamp mss in EoIP will only clamp it based on tunnel mtu size, it doesn't know what the mss size is end to end
by CZFan
Tue Feb 09, 2021 8:45 pm
Forum: General
Topic: CRS354 remove interface=all from bridge
Replies: 3
Views: 277

Re: CRS354 remove interface=all from bridge

Assign an admin MAC to the bridge interface, will probably drop you but then connect again, that should prevent dropping you changing bridge ports as the bridge wont change MAC address
Have not tested it
by CZFan
Wed Feb 03, 2021 11:38 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 67333

Re: v6.48 [stable] is released!

I'm wondering if perhaps they do not intend to release a 6.49 (moving to v7 instead as the next stable release after 6.48) ...
I suspect there is a big push to get V7 out, hence the huge change released in Dec 2020, but suspect we will still get a couple V6 updates
by CZFan
Tue Feb 02, 2021 8:17 pm
Forum: General
Topic: Still no luck with simple Bridge
Replies: 12
Views: 911

Re: Still no luck with simple Bridge

.... If i do keep it as is but put the WAP on NAT, yes, it works...but tripple NAT. I find it crazy the WAP cant do what a cheap $20 ethernet extender can do. The UBNT picostation does it fine, but lacks the connect list...but i guess will work if i setup some hacking way to do a connect list on it...
by CZFan
Tue Feb 02, 2021 8:05 pm
Forum: Beginner Basics
Topic: Block Connection to router
Replies: 4
Views: 519

Re: Block Connection to router

From the export you provided, I cant see any reason why disabling that rule will drop VPN connections, unless the export is not all info
by CZFan
Tue Feb 02, 2021 8:03 pm
Forum: Beginner Basics
Topic: hAP ac3 - VLAN & inter-VLAN
Replies: 6
Views: 594

Re: hAP ac3 - VLAN & inter-VLAN

All routing is done via CPU, firewall will see this traffic
by CZFan
Tue Feb 02, 2021 7:42 pm
Forum: General
Topic: Why doesn't a DNS dstnat rule create an open resolver?
Replies: 6
Views: 494

Re: Why doesn't a DNS dstnat rule create an open resolver?

That looks like a fairly standard default Mikrotik firewall config, difficult to see details from screenshots, export much better If my assumption is correct above, it will mean that you typically allow DST NAT in the "Forward" chain, not "Input" chain, and as per example, you ar...
by CZFan
Tue Feb 02, 2021 7:35 pm
Forum: General
Topic: Same IP Address on two separate bridges
Replies: 2
Views: 305

Re: Same IP Address on two separate bridges

With devices in the same subnet being on both sides of the router, I dont think ARP Proxy is going to help you here. Off the bat, the only other way I think this will work is, but sounds more of a mission than you already do: Assuming you are on the LAN side, add 192.168.1.254 on WAN side interface,...
by CZFan
Tue Feb 02, 2021 7:19 pm
Forum: General
Topic: Why doesn't a DNS dstnat rule create an open resolver?
Replies: 6
Views: 494

Re: Why doesn't a DNS dstnat rule create an open resolver?

The only reason will be if a firewall is blocking connections from the outside, else those rules will redirect (NAT) anything with a destination port of 53 to 192.168.88.1 Also, you will still need to enable "Allow remote..." in DNS service on router, else the router will not respond to DN...
by CZFan
Tue Feb 02, 2021 6:57 pm
Forum: General
Topic: Why doesn't a DNS dstnat rule create an open resolver?
Replies: 6
Views: 494

Re: Why doesn't a DNS dstnat rule create an open resolver?

"...they suspiciously look like the rules for port-forwarding..."

Reason is that is exactly what those rules are, they will just redirect (NAT) packets to which ever DNS server you point them to in the NAT rule, may it be your router or Google DNS servers, etc
by CZFan
Tue Feb 02, 2021 4:42 pm
Forum: SwOS
Topic: Split Horizon
Replies: 1
Views: 313

Re: Split Horizon

Not sure I follow.

Layer 2 is logically segregated right, that is one of the reasons for Vlan's?

To block comms between these on Layer 3, use firewall
by CZFan
Tue Feb 02, 2021 4:20 pm
Forum: General
Topic: Netinstall and CCR1009 [SOLVED]
Replies: 2
Views: 324

Re: Netinstall and CCR1009 [SOLVED]

Ether1 does not apply to all routers for Netinstall,

For the CCR1009, I think it is ether7, check on the router, it will be marked "boot"
by CZFan
Fri Jan 29, 2021 12:23 am
Forum: Forwarding Protocols
Topic: Broadcast bridging to ptpp vpn
Replies: 1
Views: 210

Re: Broadcast bridging to ptpp vpn

Search Mikrotik wiki for EoIP or BCP (Bridge Control Protocol)
by CZFan
Fri Jan 29, 2021 12:04 am
Forum: Beginner Basics
Topic: Speed issue with Mikrotik CCR2004
Replies: 5
Views: 606

Re: Speed issue with Mikrotik CCR2004

Try 6.46.8 long term version
by CZFan
Fri Jan 29, 2021 12:01 am
Forum: Beginner Basics
Topic: Internet drops to 0 kbps for 1-2 seconds
Replies: 4
Views: 358

Re: Internet drops to 0 kbps for 1-2 seconds

I think you need to explane how you monitoring this, if it is watching the interfaces in Winbox, then it might possibly just be refresh rates, etc in Winbox
by CZFan
Thu Jan 28, 2021 11:32 pm
Forum: General
Topic: DNS Traffic with Multi WAN Routers
Replies: 1
Views: 213

Re: DNS Traffic with Multi WAN Routers

You don't mention how you split the load a cross the 4 x WANs, so I can only assume: 1. Router sends the traffic across its DG with lowest distance. 2. You have configured DNS cache / proxy, so router does lookups on behalf of client devices, and follows point 1 above BTW, both your mangle rules are...
by CZFan
Thu Jan 28, 2021 11:19 pm
Forum: General
Topic: New Winboxes can`t connect older RoS via L2
Replies: 6
Views: 684

Re: New Winboxes can`t connect older RoS via L2

Had same issue when I factory reset a customer of mines router, what resolved it was to add static IP address on my laptop (usually on DHCP)
by CZFan
Thu Jan 28, 2021 11:06 pm
Forum: General
Topic: Hardware choice for BGP+OSPF 1/2/10G
Replies: 4
Views: 402

Re: Hardware choice for BGP+OSPF 1/2/10G

Why will you need full tables with only one peer?
by CZFan
Thu Jan 28, 2021 8:25 pm
Forum: General
Topic: How can I see connections in LAN
Replies: 3
Views: 291

Re: How can I see connections in LAN

For Torch to see the traffic, you will need to disable "Hardware Offload" of the interfaces bridged in Menu-->Bridge-->Ports

Note: This will have a negative performance impact for traffic between interfaces in the bridge
by CZFan
Tue Jan 26, 2021 11:32 pm
Forum: Beginner Basics
Topic: New to RouterOS and need some beginner's help.
Replies: 5
Views: 471

Re: New to RouterOS and need some beginner's help.

You mention cost and stability as reasons, here is your first lesson Mikrotik related, don't use "stable" version when you upgrade RouterOS, for stability reasons, use long term version
by CZFan
Tue Jan 26, 2021 5:13 pm
Forum: Beginner Basics
Topic: RB4011 - Simplest Way to Rate Limit One Interface
Replies: 1
Views: 242

Re: RB4011 - Simplest Way to Rate Limit One Interface

I would just use below, that burst settings you have will bring no value
/queue simple
add disabled=no max-limit=16M/16M name="PC-LIMIT" target=ether1
Then make sure you have no fasttrack enabled in firewall or bypass fastrack for this device / target
by CZFan
Tue Jan 26, 2021 3:22 pm
Forum: Beginner Basics
Topic: IP sec negociation error
Replies: 6
Views: 537

Re: IP sec negociation error

If I am reading this correctly, the Mikrotik is sending, so you will have to get access to the logs / packet capture on the other side to see what the problem is, maybe the packet never reaches it, etc
by CZFan
Tue Jan 26, 2021 12:38 pm
Forum: Beginner Basics
Topic: Switch chip
Replies: 9
Views: 907

Re: Switch chip

You dont give much information to go on, i.e. sample of your config, but I am convinced the reason will be that your config is not complete, i.e. need to add switch-cpu interface in the switch vlan table for that vlan
by CZFan
Tue Jan 26, 2021 12:32 am
Forum: Beginner Basics
Topic: CRS3xx flexible Vlan Translation
Replies: 3
Views: 441

Re: CRS3xx flexible Vlan Translation

The solution url you quoted is to enable bi directional communication, and I am not sure if this is the same as "bridge" as per your requirement.
I don't have a device to test with, but suspect it might work for you, but like I said, can't test or verify it
by CZFan
Tue Jan 26, 2021 12:15 am
Forum: Beginner Basics
Topic: IP sec negociation error
Replies: 6
Views: 537

Re: IP sec negociation error

1. Does Zyxel belong to Sonicwall? Those screenshots looks extremely familiar last when I worked on Sonicwall in 2014. 2. I believe you are still showing the WAN address on the Zyxel side 3. Not sure if is your problem, but you have key group set on DH5 at Zyxel side, I believe this translates to 15...
by CZFan
Sat Jan 23, 2021 11:04 pm
Forum: General
Topic: Access Point with VLANS does not get an IP Address / Can't Access The Internet
Replies: 1
Views: 210

Re: Access Point with VLANS does not get an IP Address / Can't Access The Internet

Duplicate post, but there is no dhcp client configured
by CZFan
Sat Jan 23, 2021 10:45 pm
Forum: General
Topic: Mikrotik VLAN with Access Point Configuration [SOLVED]
Replies: 7
Views: 703

Re: Mikrotik VLAN with Access Point Configuration [SOLVED]

Apologies, @mkx correct, I quickly scanned over the config.

But I don't see a dhcp client line item in config and that is probably reason AP can't get IP from DHCP
by CZFan
Sat Jan 23, 2021 10:20 pm
Forum: General
Topic: Mikrotik VLAN with Access Point Configuration [SOLVED]
Replies: 7
Views: 703

Re: Mikrotik VLAN with Access Point Configuration [SOLVED]

Add bridge as a tagged member/interface of management vlan in bridge vlan table
by CZFan
Sat Jan 23, 2021 12:01 am
Forum: General
Topic: invalid dhcp server on vlan interface
Replies: 10
Views: 706

Re: invalid dhcp server on vlan interface

The bridge has two sides to it, on is bridging interfaces, other is a interface itself which provides access to the CPU for accessing resources on device itself like DHCP, management of the device itself, etc. So like I mentioned earlier, to achieve above, you need to provide access to this in vlan ...
by CZFan
Fri Jan 22, 2021 3:14 pm
Forum: General
Topic: invalid dhcp server on vlan interface
Replies: 10
Views: 706

Re: invalid dhcp server on vlan interface

You can use any method, but you have to give access to the Bridge / Switch CPU interface on that device in order to access resources, i.e. DHCP, Management, etc on it
by CZFan
Fri Jan 22, 2021 2:58 pm
Forum: General
Topic: invalid dhcp server on vlan interface
Replies: 10
Views: 706

Re: invalid dhcp server on vlan interface

You have configured both methods, i.e. bridge vlan as well as switch vlan.

Should just be one or the other, and in neither did you configure access to the Bridge / Switch CPU interface

HINT: From URL you quoted:

add ports=ether1,switch1-cpu switch=switch1 vlan-id=99
by CZFan
Wed Jan 20, 2021 12:06 am
Forum: Forwarding Protocols
Topic: Limit access VPN
Replies: 3
Views: 461

Re: Limit access VPN

The steps you can take:
1. Drop L2TP that is not encrypted, explanation / sample config in wiki
2 use strong passwords
3 use RSA authentication
by CZFan
Tue Jan 19, 2021 11:32 pm
Forum: Beginner Basics
Topic: Slower performance when connected directly to router!
Replies: 12
Views: 1059

Re: Slower performance when connected directly to router!

Why is ether 1 mtu set at 1508?
by CZFan
Mon Jan 18, 2021 11:29 pm
Forum: General
Topic: iperf3
Replies: 3
Views: 436

Re: iperf3

You don't want to test to/ from router anyway, as you will run into limitations of CPU, etc, so will not gain much. Best is to test "through" the router, and in that case, iperf is a good tool
by CZFan
Mon Jan 18, 2021 11:13 pm
Forum: Beginner Basics
Topic: Two SIMS in one modem.
Replies: 1
Views: 234

Re: Two SIMS in one modem.

Only one sim slot can be active at a time
by CZFan
Mon Jan 18, 2021 11:03 pm
Forum: Forwarding Protocols
Topic: Limit access VPN
Replies: 3
Views: 461

Re: Limit access VPN

If these were a "site to site" VPN, you can then make use of firewall rules to only allow from certain IPs, but as this is typically used for people to work remotely, i.e. today from home, tomorrow from coffee shop, etc. it is difficult to limit who can connect from where, etc. So best sol...
by CZFan
Sun Jan 17, 2021 11:06 pm
Forum: Beginner Basics
Topic: udp 500 and 4500 forwarding from Mikrotik to fortigate
Replies: 7
Views: 752

Re: udp 500 and 4500 forwarding from Mikrotik to fortigate

Best will be to do packet capturing to see what is happening
by CZFan
Sun Jan 17, 2021 11:02 pm
Forum: Forwarding Protocols
Topic: double mangle marking and routing mark
Replies: 3
Views: 395

Re: double mangle marking and routing mark

Can only have one mark.

What do you want to achieve, maybe another way of doing it?
by CZFan
Sun Jan 17, 2021 10:49 am
Forum: General
Topic: help
Replies: 7
Views: 602

Re: help

Hmmm, downgrade ROS version?
by CZFan
Sat Jan 16, 2021 11:53 pm
Forum: Beginner Basics
Topic: netmap vs dst-nat
Replies: 1
Views: 290

Re: netmap vs dst-nat

Have you tried reading the wiki? See link below.

https://wiki.mikrotik.com/wiki/Manual:I ... Properties
Netmap is usually used with 2 x sets of ip addresses and will then create a static 1:1 between these 2 sets
by CZFan
Sat Jan 16, 2021 2:22 pm
Forum: General
Topic: FTP Server w/ Small MTU
Replies: 5
Views: 468

Re: FTP Server w/ Small MTU

MSS is negotiated / agreed between end devices during the TCP handshake, so you cant change "incoming" from outside MSS values Possible reason your mangle rule is not working, is you probably have Fasttrack enabled which bypasses Mangle rules, if Fasttrack is required, you can exclude the ...
by CZFan
Thu Jan 14, 2021 11:39 pm
Forum: Beginner Basics
Topic: ICMP PING timeout outside LAN
Replies: 1
Views: 247

Re: ICMP PING timeout outside LAN

Remove the below rules and add lte interface to WAN interface list
add action=accept chain=forward out-interface=lte1
add action=accept chain=forward in-interface=lte1
by CZFan
Tue Jan 12, 2021 11:20 pm
Forum: Forwarding Protocols
Topic: BGP FIRT
Replies: 2
Views: 315

Re: BGP FIRT

You need to ask upstream provider to only annoince default route to you, then in routing filters, only accept default prefix and discard all others
by CZFan
Mon Jan 11, 2021 8:30 pm
Forum: General
Topic: On a LTAP, how do I tell which wifi antenna connector is A and which is B?
Replies: 6
Views: 532

Re: On a LTAP, how do I tell which wifi antenna connector is A and which is B?

Seems they are labeled JB00 & 01, thinking 00 should be A and 01 B, but no guarantees :-)
by CZFan
Sat Jan 09, 2021 10:58 pm
Forum: General
Topic: Full disk on empty router hAP ac^2
Replies: 4
Views: 489

Re: Full disk on empty router hAP ac^2

HAP AC2 does not use the flash for updates, only memory, so place the update .npk in the root, restart router and it will update just fine
by CZFan
Thu Jan 07, 2021 11:14 pm
Forum: Beginner Basics
Topic: hAP ac poor performance
Replies: 3
Views: 461

Re: hAP ac poor performance

I would suggest resetting the first device as there are couple of settings that can cause slow performance, i.e. Ether1 (WAN) is set to half duplex, fast path s disabled and fasttrack needs this, etc
by CZFan
Wed Jan 06, 2021 10:43 pm
Forum: General
Topic: Unbreakable Internet
Replies: 3
Views: 393

Re: Unbreakable Internet

Best will be to contact one closest to you, see below link

https://mikrotik.com/consultants
by CZFan
Wed Jan 06, 2021 10:30 pm
Forum: Beginner Basics
Topic: Trying to add Smart Light Bulb
Replies: 1
Views: 359

Re: Trying to add Smart Light Bulb

What does log on Mikrotik device say when bulb trying to connect?
by CZFan
Mon Jan 04, 2021 1:02 am
Forum: Scripting
Topic: (6.48) CQI has disappeared from /interface lte info
Replies: 2
Views: 472

Re: (6.48) CQI has disappeared from /interface lte info

Above is posted in wrong topic header and should be under wireless .

Then as per your question, IIRC, CQI will only show when signal strength and quality is at acceptable levels
by CZFan
Wed Dec 30, 2020 11:25 pm
Forum: General
Topic: qinq - stripping outer vlan with hardware offloading
Replies: 3
Views: 403

Re: qinq - stripping outer vlan with hardware offloading

I would think where the provider hands off the connection to you, the s tag is removed and you should only receive the 2 c tags from hand off
by CZFan
Tue Dec 29, 2020 11:26 pm
Forum: General
Topic: Guest Wifis for two separate VLANs
Replies: 10
Views: 702

Re: Guest Wifis for two separate VLANs

Your description of your requirement is also not clear to me, all I can think of what you maybe want when saying "running through vlan 10" is possibly what is called qinq vlans, i.e. Tunneling a vlan inside another vlan
by CZFan
Tue Dec 29, 2020 11:15 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1233

Re: L2 ring redundancy protocol support?

If you are looking at sub 50ms, I doubt very much you will achieve this using scripts
by CZFan
Thu Dec 17, 2020 3:33 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 153
Views: 31545

Re: Advanced Routing Failover without Scripting

Great, now I know they reworked my article without even mentioning me... That's a bit depressing :)

Plagiarism much...
by CZFan
Thu Dec 17, 2020 12:35 pm
Forum: Virtualization
Topic: high load CPU for a CHR working QT
Replies: 7
Views: 957

Re: high load CPU for a CHR working QT

There are various configuration items that can be optimized to improve performance on your CHR at the moment.

There are multiple posts here as well as Wiki articles, alternatively contact a certified consultant closest to you https://mikrotik.com/consultants
by CZFan
Thu Dec 17, 2020 10:08 am
Forum: Scripting
Topic: Disable and Enable interface
Replies: 17
Views: 1657

Re: Disable and Enable interface

Very limited info you provide, but if my understanding is correct, then there is a problem with your logic. i.e. you ping 8.8.8.8 from ether 2, if no response, you disable interface, with this interface disabled, you will not be able to ping from it. If reasons for doing this is dual WAN purposes, t...
by CZFan
Wed Dec 16, 2020 11:41 pm
Forum: General
Topic: VPN with TUN interface [SOLVED]
Replies: 13
Views: 1102

Re: VPN with TUN interface [SOLVED]

Throughout this thread you mention you are using Windows as client devices and by default, Windows firewall blocks incoming packets not on local subnet.

Check widows firewall
by CZFan
Wed Dec 16, 2020 11:17 pm
Forum: General
Topic: Question about VPN, pools and subnets [SOLVED]
Replies: 11
Views: 771

Re: Question about VPN, pools and subnets [SOLVED]

Let us see the whole config, provide results of /export file=filenameofyourchoice hide-sensitive
by CZFan
Wed Dec 16, 2020 8:44 pm
Forum: General
Topic: Question about VPN, pools and subnets [SOLVED]
Replies: 11
Views: 771

Re: Question about VPN, pools and subnets [SOLVED]

With limited info available, it seems you are confusing VPN server between "Routed" and "Bridged"

As a start, for routed, remove below and test:
/ppp profile
add bridge=bridge local-address=192.168.87.1 name=OpenVPN remote-address=OpenVPN-Pool use-encryption=required
by CZFan
Fri Dec 11, 2020 9:32 pm
Forum: General
Topic: DNS problem - with Kasa smart plugs
Replies: 29
Views: 1914

Re: DNS problem - with Kasa smart plugs

You seem to have networking issues, can be locally or ISP, suspect more ISP side. I see many DNS requests and DNS retransmissions, but nothing coming back from 8.8.8.8 or 8.8.4.4. I suspect the reason it behaves better when using Router as DNS is router will cache the address for a while. Suggest yo...
by CZFan
Thu Dec 10, 2020 9:29 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2483

Re: Queue tree not working as expected

Queue Tree configuration seems inconsistent and might confuse the queue mechanism.

Parent queue max limit is set to 10M which is responsible for distributing bandwidth between leaf queues, but leaf queues max limits are set to 1024M (1Gb/s)
by CZFan
Thu Dec 10, 2020 12:11 am
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1233

Re: L2 ring redundancy protocol support?

where fast fail over is needed
How fast is fast?

With ERPS, they aiming at 50ms
by CZFan
Thu Dec 10, 2020 12:09 am
Forum: General
Topic: Sending multiple VLAN's through an EVC - Configuration
Replies: 2
Views: 286

Re: Sending multiple VLAN's through an EVC - Configuration

Should the qinq / provider bridge config not be done by the ISP?
by CZFan
Wed Dec 09, 2020 11:52 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1233

Re: L2 ring redundancy protocol support?

It is called ERPS, Ethernet Ring Protection Switching.

As far as I know Mikrotik does not support it "yet", will be cool though
by CZFan
Wed Dec 09, 2020 3:40 pm
Forum: General
Topic: DNS over HTTPS, round robin support
Replies: 19
Views: 1475

Re: DNS over HTTPS, round robin support

... If RouterOS can utilize round robin to provide fault tolerance for DoH then I'm a happy camper. If it cannot, then DoH feature in RouterOS is a toy that should be used in production with caution. I have not worked / looked into DNS in detail for a couple of years, but suspect it has not changed...
by CZFan
Wed Dec 09, 2020 3:10 pm
Forum: Forwarding Protocols
Topic: VLAN over VPLS Link
Replies: 9
Views: 744

Re: VLAN over VPLS Link

Mikrotik Wiki Article on Bridge Vlan:
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table

Herewith a good tutorial from a forum member:
viewtopic.php?f=13&t=143620&p=833307&hi ... an#p706996
by CZFan
Wed Dec 09, 2020 11:41 am
Forum: General
Topic: hEX POE RB960PGS not saving settings (solved: no disk space left)
Replies: 4
Views: 368

Re: hEX POE RB960PGS not saving settings

... Interestingly there is 12.7 of 16Mb in use now, so I'm not too optimistic I can easily install the next upgrade with so little space left. When I get a bit more comfortable with the router I can probably uninstall some of the packages to make room (like hotspot). Anyway, my issue is resolved an...
by CZFan
Wed Dec 09, 2020 11:34 am
Forum: Beginner Basics
Topic: Slow LAN transfer speeds through RB4011. [SOLVED]
Replies: 5
Views: 506

Re: Slow LAN transfer speeds through RB4011. [SOLVED]

Probably RSTP is enabled on the bridge, and as a result hw-offloading is disabled.
This should not really cause a major problem as the 4011 has 2,5Gb/s paths between each switch chip and CPU.

Suspect the problem is somewhere else
by CZFan
Wed Dec 09, 2020 9:54 am
Forum: Forwarding Protocols
Topic: VLAN over VPLS Link
Replies: 9
Views: 744

Re: VLAN over VPLS Link

... 0 DB name="vpls21" mtu=1500 l2mtu=1550 mac-address=02:2B:05:71:1C:78 arp=enabled arp-timeout=auto disable-running-check=no remote-peer=10.20.1.2 cisco-style=no cisco-style-id=0 advertised-l2mtu=1550 pw-type=raw-ethernet use-control-word=yes vpls=MGMT-VPLS You are using BGP signaled VP...
by CZFan
Wed Dec 09, 2020 12:40 am
Forum: Forwarding Protocols
Topic: VLAN over VPLS Link
Replies: 9
Views: 744

Re: VLAN over VPLS Link

You will add vlans the same way as you would with other interfaces.

Post your attempt with vlan config here and we can see where you going wrong and can try and assist you
by CZFan
Tue Dec 08, 2020 11:47 pm
Forum: Beginner Basics
Topic: Vpn Site To Site With Vlan
Replies: 8
Views: 752

Re: Vpn Site To Site With Vlan

Remove current IPSec config, configure EoIP, enable IPSec in EoIP config and send vlan across this tunnel
by CZFan
Mon Dec 07, 2020 11:04 am
Forum: Beginner Basics
Topic: Limited Wifi Services
Replies: 7
Views: 490

Re: Limited Wifi Services

Yes I did unfortunatelly I did not see any read receipt nor any response yet. Something may have gone wrong. You could possibly use zeljko110465@gmail.com. Thank you

Done...
by CZFan
Mon Dec 07, 2020 10:43 am
Forum: Beginner Basics
Topic: Limited Wifi Services
Replies: 7
Views: 490

Re: Limited Wifi Services

Hi All, I am trying to configure Mikrotik CAP to provide limited wifi services through a set of firewall rules. I have been successful with Whatsapp and Be Safe (Local Covid19 registration App), however I could not get the Gmail going through even after enabling whole class IP addresses multiple se...
by CZFan
Fri Dec 04, 2020 10:18 am
Forum: General
Topic: Very old ROS versions
Replies: 14
Views: 990

Re: Very old ROS versions

Because software archaeology is not a popular hobby, so it would be too much effort spent on Mikrotik side just to satisfy you and the other two guys practising it :) I’ve always wondered why people who can’t contribute anything useful to the discussion have a need to write Hmmm,@sindy is in the to...
by CZFan
Thu Dec 03, 2020 9:13 pm
Forum: General
Topic: Routing all traffic from network port to another router
Replies: 4
Views: 345

Re: Routing all traffic from network port to another router

best will be to make the Mikrotik a switch / bridge, i.e. bridge all ports, no routing on Mikrotik
by CZFan
Thu Dec 03, 2020 8:51 pm
Forum: General
Topic: Very old ROS versions
Replies: 14
Views: 990

Re: Very old ROS versions

Because software archaeology is not a popular hobby, so it would be too much effort spent on Mikrotik side just to satisfy you and the other two guys practising it :) I’ve always wondered why people who can’t contribute anything useful to the discussion have a need to write Hmmm,@sindy is in the to...
by CZFan
Wed Dec 02, 2020 9:26 pm
Forum: General
Topic: more cpu core
Replies: 10
Views: 909

Re: more cpu core

...
my esxi not free license dude
Dude is this way ---> https://wiki.mikrotik.com/wiki/Manual:The_Dude
by CZFan
Wed Dec 02, 2020 9:55 am
Forum: General
Topic: unable to configure GREv6 on latest stable ROS v6.47
Replies: 2
Views: 245

Re: unable to configure GREv6 on latest stable ROS v6.47

Your rule below allowing GE should be before the drop invalid rule, so you have 2 choices: add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6 add action=accept chain=i...
by CZFan
Tue Dec 01, 2020 11:46 pm
Forum: General
Topic: Any way to have a private network inside a single SSID?
Replies: 2
Views: 300

Re: Any way to have a private network inside a single SSID?

Just thinking here, haven't touched hotspot since 2015, also tired at the moment, but maybe use hotspot with radius eap authentication, assign them in relevant vlans dynamically
by CZFan
Tue Dec 01, 2020 11:01 pm
Forum: Beginner Basics
Topic: Can not ping 8.8.8.8 from VLAN. no internet. New to Vlan's Help
Replies: 13
Views: 1081

Re: Can not ping 8.8.8.8 from VLAN. no internet. New to Vlan's Help

I really wanted to help here, but sorry, my pc's mouse scroll wheel seized while looking through this post :-)
by CZFan
Tue Dec 01, 2020 10:21 pm
Forum: General
Topic: Port scanner filling up connection tracking
Replies: 21
Views: 1258

Re: Port scanner filling up connection tracking

You run BGP and don't understand how stateful / stateless firewalls work? I second the suggestion to get a consultant (though not the one above that is also a useless blacklist). You're clearly in over your head here. Using PSD just opens you to further attack when someone decides to spoof the IP o...
by CZFan
Mon Nov 30, 2020 11:38 pm
Forum: Scripting
Topic: Super-Easy script to create dir
Replies: 8
Views: 865

Re: Super-Easy script to create dir

Use winscp to create folder/sub folder?
by CZFan
Sun Nov 29, 2020 10:07 am
Forum: Announcements
Topic: v6.47.8 [stable] is released!
Replies: 56
Views: 13858

Re: v6.47.8 [stable] is released!

Bridge port hardware offloading remains disabled on hEX (RB750Gr3):
...
On hEX you need to disable STP on bridge for hardware offload, i.e. protocol-mode=none
by CZFan
Fri Nov 27, 2020 2:08 pm
Forum: Beginner Basics
Topic: PPTP Server won't work [SOLVED]
Replies: 21
Views: 1672

Re: PPTP Server won't work [SOLVED]

... Adding my configuration with L2TP /interface bridge add admin-mac=48:8F:5A:AA:4A:9C auto-mac=no comment=defconf name=bridge /interface wireless XXX /interface ethernet set [ find default-name=ether1 ] comment=WAN set [ find default-name=ether2 ] set [ find default-name=ether3 ] set [ find defau...
by CZFan
Fri Nov 27, 2020 8:45 am
Forum: Beginner Basics
Topic: PPTP Server won't work [SOLVED]
Replies: 21
Views: 1672

Re: PPTP Server won't work [SOLVED]

... 8 Connected - it passed the credentials authorization but it hangs on connecting and wont connect - any ideas what i am missing? Image 8 http://neradi.cz/upload/vpn/08.png I sometimes get the same symptoms (With L2TP/IPSec, don't use PPTP) and is a bug in Windows, to get around this, connect vi...
by CZFan
Thu Nov 26, 2020 10:05 am
Forum: Forwarding Protocols
Topic: MPLS neighbour addresses 'leaking'?
Replies: 4
Views: 594

Re: MPLS neighbour addresses 'leaking'?

@mducharme: advertise-filters have been set, but still all addresses show up in the neigbor status page. Not a big issue, but I was just wondering whether this is normal behaviour or not.

You will have to disable / enable LDP interfaces or restart router for filters to take effect
by CZFan
Thu Nov 26, 2020 8:53 am
Forum: General
Topic: Shared VLAN Learning (SVL)
Replies: 14
Views: 1179

Re: Shared VLAN Learning (SVL)

Hmmm, not sure I follow.

SVL - Single forwarding database for all Vlans
IVL - Forwarding Database for each vlan.

Use IVL when you want same MAC address in each vlan, how does same subnet come into this?
by CZFan
Tue Nov 24, 2020 8:32 pm
Forum: Wireless Networking
Topic: RBLHGR - R11e-LTE6_V026 - Packet loss
Replies: 6
Views: 646

Re: RBLHGR - R11e-LTE6_V026 - Packet loss

Wait, do you really check the "packet loss" using only 1 ping result ?? ... No, I did a normal "ping" to 8.8.8.8, had lots of timeouts, just had this screenshot available to post at the time. ... I hope you know the LAST HOP in traceroute is proper for packet loss, all prev can ...
by CZFan
Tue Nov 24, 2020 12:55 pm
Forum: RouterBOARD hardware
Topic: Torturing an old CCR1036
Replies: 2
Views: 554

Re: Torturing an old CCR1036

You might get better performance with a K&N filter, I use it on my BMW :-P
by CZFan
Fri Nov 20, 2020 5:06 pm
Forum: Beginner Basics
Topic: Should LAN firewall be more specific? [SOLVED]
Replies: 4
Views: 370

Re: Should LAN firewall be more specific? [SOLVED]

firewall rules is very much a "personal" thing and is your to configure as you feel fit for your environment Typically, one trusts the hosts in your LAN as they are under your administrative control, so allow full access out and related back in, but the hosts on the Internet (Evil) not so ...
by CZFan
Fri Nov 20, 2020 3:14 pm
Forum: Wireless Networking
Topic: RBLHGR - R11e-LTE6_V026 - Packet loss
Replies: 6
Views: 646

Re: RBLHGR - R11e-LTE6_V026 - Packet loss

Thank you @SiB, also for assisting Mikrotik with these issues.

Call has been logged, SUP-34275

If you need any more info from my side, please do not hesitate
by CZFan
Fri Nov 20, 2020 2:34 pm
Forum: General
Topic: Mangle rules for all download and upload speed
Replies: 6
Views: 864

Re: Mangle rules for all download and upload speed

Is this correct? ... I dont have full view of the environment you are doing this, but think it will be safe to say: 1. Remove src/dst ranges, you have in interface and the current src/dst ranges is for all anyway 2. I will not use interface list, but rather interface itself, you might have multiple...
by CZFan
Fri Nov 20, 2020 2:06 pm
Forum: Wireless Networking
Topic: RBLHGR - R11e-LTE6_V026 - Packet loss
Replies: 6
Views: 646

RBLHGR - R11e-LTE6_V026 - Packet loss

Hi, If anyone has upgraded their LTE devices to version R11e-LTE6_V026 from V20, please let me know if you experiencing problems. I upgraded 2 x RBLHGR devices last night, both at same location but using different LTE service providers. These devices has been installed and configured about 3 months ...
by CZFan
Thu Nov 19, 2020 11:52 pm
Forum: General
Topic: Mangle rules for all download and upload speed
Replies: 6
Views: 864

Re: Mangle rules for all download and upload speed

Suggest you mark connections first, then packets of these connections
by CZFan
Thu Nov 19, 2020 8:17 pm
Forum: General
Topic: Binding IP and MAC
Replies: 11
Views: 983

Re: Binding IP and MAC

I have googled the Internet and got only instructions for old RouterOs versions. I have recently bought a MikroTik router. I have installed the basic options with Quick Set. Now I want to bind MAC addresses to static IPs, just as I had in previous two routers. I tried to WebFig/ARP/Add New. However...
by CZFan
Thu Nov 19, 2020 8:03 pm
Forum: Beginner Basics
Topic: Mikrotik, subnet, YouTube,Netflix App, SmartTv discovery
Replies: 10
Views: 848

Re: Mikrotik, subnet, YouTube,Netflix App, SmartTv discovery

Wondering,
Why do you put devices on separate VLANS when afterwards you want to connect them together on L2 (use discovery protocols)???
...

Cause, like we say in the shooting world, "it is tacticool" :-)
by CZFan
Thu Nov 19, 2020 12:43 am
Forum: Beginner Basics
Topic: Unable to change IP in Quick set
Replies: 1
Views: 174

Re: Unable to change IP in Quick set

Don't use quickset is Menu IP-->Address
by CZFan
Wed Nov 18, 2020 11:08 pm
Forum: Beginner Basics
Topic: Dual PPOE WAN, strange connection mark misshandling [SOLVED]
Replies: 9
Views: 645

Re: Dual PPOE WAN, strange connection mark misshandling [SOLVED]

-my previous config was correctly spreading traffic equally with preference of one gateway (route marked as DAC with Pref.Source visible) I don't think so with the distance you have had before. You marked traffic equally, but it all went out on PPPOE1. Only if it failed it went to PPPOE2. Have you ...
by CZFan
Sun Nov 15, 2020 10:27 am
Forum: Beginner Basics
Topic: Dual WAN - Stuck in process. Please help
Replies: 13
Views: 621

Re: Dual WAN - Stuck in process. Please help

Thanks for the clarification, what about only one IP routing?

If you want to see all routes, including dynamic ones, OP can post results of /ip route print
by CZFan
Sun Nov 15, 2020 10:18 am
Forum: Beginner Basics
Topic: Yet another port forward issue
Replies: 15
Views: 649

Re: Yet another port forward issue

/tool sniffer quick port=44866 IN TIME NUM DI SRC-MAC DST-MAC VLAN SRC-ADDRESS DST-ADDRESS AD 6.705 1 <- 198.199.98.246:46736 178.220.198.49:44866 br 6.705 2 -> D4:CA:6D:6A:91:51 BC:5F:F4:60:4D:11 198.199.98.246:46736 10.10.10.10:44866 et 6.705 3 -> D4:CA:6D:6A:91:51 BC:5F:F4:60:4D:11 198.199.98.24...
by CZFan
Sun Nov 15, 2020 12:57 am
Forum: Beginner Basics
Topic: RB4011 SFP Port as WAN
Replies: 10
Views: 814

Re: RB4011 SFP Port as WAN

I am sure you will also expect that if you connect an Ethernet interface with a token ring interface it should work...
by CZFan
Sun Nov 15, 2020 12:54 am
Forum: Beginner Basics
Topic: Dual WAN - Stuck in process. Please help
Replies: 13
Views: 621

Re: Dual WAN - Stuck in process. Please help

Please post configs in code brackets, I.e. , you will find them on the button menu.
Yes, you will only see the one as the other is dynamic, I.e. DHCP client
by CZFan
Sun Nov 15, 2020 12:49 am
Forum: Beginner Basics
Topic: Yet another port forward issue
Replies: 15
Views: 649

Re: Yet another port forward issue

I probably don't understand what if there is no filter forward rules, shouldn't that mean that everything is "open"? Like if you don't set any filter input rules the router services are accessib yes, the default action in "accept" but you posted bits and pieces,so was not sure w...
by CZFan
Sun Nov 15, 2020 12:03 am
Forum: General
Topic: DHCP Relay over GRE
Replies: 2
Views: 217

Re: DHCP Relay over GRE

Using DHCP relay does not make sense to me, but have done it before between 2 Mikrotiks

Can you post config of both MT and Cisco, maybe we can figure something out
by CZFan
Sat Nov 14, 2020 9:01 pm
Forum: Beginner Basics
Topic: RB4011 SFP Port as WAN
Replies: 10
Views: 814

Re: RB4011 SFP Port as WAN

You cant connect SFP+ to SFP, however you can put SFP module in SFP+ cage, then just disable auto negotiation and configure 1Gb/s both sides
by CZFan
Sat Nov 14, 2020 8:57 pm
Forum: Beginner Basics
Topic: Bandlimit I tried but it is not working
Replies: 9
Views: 561

Re: Bandlimit I tried but it is not working

People I desactivate the fasttrack in IP Firewall and now it´s working when I define IP TARGET... but it still is not working when I define ETHER2 (example) target. I want to put a bandwidith in a port, and not in a IP. Can you help me? please? Thanks! Hmmm. is ether2 possibly part pf a bridge? If ...
by CZFan
Sat Nov 14, 2020 8:52 pm
Forum: Beginner Basics
Topic: Dual WAN - Stuck in process. Please help
Replies: 13
Views: 621

Re: Dual WAN - Stuck in process. Please help

Thank you both!! Here is full config (vs posting the pieces of it) I only have single LAN (home) and my only port on the RB is either2 where LAN comes in. RouterBoard is a router that is setup as gateway for my internal devices (server, DHCP, DNS all handed elsewhere) I have ISP1 on either1 and ISP...
by CZFan
Sat Nov 14, 2020 7:56 pm
Forum: Beginner Basics
Topic: Dual WAN - Stuck in process. Please help
Replies: 13
Views: 621

Re: Dual WAN - Stuck in process. Please help

for starters, you are trying to make ether2 a WAN connected to ISP2, so remove ether2 from bridge, Menu Bridge-->Ports
by CZFan
Sat Nov 14, 2020 7:43 pm
Forum: Beginner Basics
Topic: Vlan from router to managed swicth
Replies: 18
Views: 1001

Re: Vlan from router to managed swicth

You are missing some very important settings on the bridge interface, make sure you have a management vlan configured, alternatively, remove ether 5 from bridge so you can still access router if you lock yourself out. vlan-filtering=yes https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_V...
by CZFan
Sat Nov 14, 2020 7:06 pm
Forum: Beginner Basics
Topic: Yet another port forward issue
Replies: 15
Views: 649

Re: Yet another port forward issue

from your post, it seems you don't have full grasp on firewall chains and seems you have deviated from the default firewall config, so: Input = To router Forward = Through router Output = From router itself Port forwarding works in the "Forward" chain. if you run the below in terminal wind...
by CZFan
Sat Nov 14, 2020 6:34 pm
Forum: General
Topic: Firewall filter by Interfaces
Replies: 7
Views: 511

Re: Firewall filter by Interfaces

The first method works fine. But if I use the second method there is still the problem from my first post. "in/out-interface matcher not possible when interface (ether7) is slave - use master instead (bridge)" If ether7 is a master (I removed it from the bridge), the error in the firewall...
by CZFan
Sat Nov 14, 2020 6:24 pm
Forum: Beginner Basics
Topic: VPN for a single app on a single device  [SOLVED]
Replies: 4
Views: 400

Re: VPN for a single app on a single device [SOLVED]

what you looking for is called policy based routing

https://wiki.mikrotik.com/wiki/Policy_Base_Routing
by CZFan
Sat Nov 14, 2020 6:20 pm
Forum: General
Topic: Simple Queue priority
Replies: 5
Views: 406

Re: Simple Queue priority

I think you have missed the point.
I reckon you missed my point...

Wish you all the best in your problem solving endeavours...
by CZFan
Sat Nov 14, 2020 6:12 pm
Forum: General
Topic: L2TP LAN access problem
Replies: 8
Views: 477

Re: L2TP LAN access problem

to add to @sindy's comments, strange @anav has not jumped onto this yet :-) but you should change the below to your bridge interface

/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
by CZFan
Fri Nov 13, 2020 11:56 pm
Forum: Beginner Basics
Topic: VPN for a single app on a single device  [SOLVED]
Replies: 4
Views: 400

Re: VPN for a single app on a single device [SOLVED]

You can mark routing in mangle based on the destination port numbers coming from the app client and then route this via vpn
by CZFan
Thu Nov 12, 2020 8:17 pm
Forum: General
Topic: Simple Queue priority
Replies: 5
Views: 406

Re: Simple Queue priority

" It sounds like you mixed up simp,e q and pc's config ." I would assume my post made no sense, damn autocarrot!! Anyway, what I was trying to say is you are trying to mix simple queues with PCQ, these are two different animals, and you should use one or the other, if PCQ, then you set the...
by CZFan
Wed Nov 11, 2020 11:52 pm
Forum: General
Topic: Simple Queue priority
Replies: 5
Views: 406

Re: Simple Queue priority

It sounds like you mixed up simp,e q and pc's config.

Provide export of config on order for us to see how you config looks and can then suggest improvements / corrections
by CZFan
Wed Nov 11, 2020 11:42 pm
Forum: General
Topic: Issues with updating RB951Ui-2nD to 6.46.7 / 6.47.4
Replies: 2
Views: 995

Re: Issues with updating RB951Ui-2nD to 6.46.7 / 6.47.4

Download the upgrade package manually from a pc's, copy this to the file section on routers, restart router
by CZFan
Wed Nov 11, 2020 4:00 pm
Forum: General
Topic: Firewall filter by Interfaces
Replies: 7
Views: 511

Re: Firewall filter by Interfaces

Unfortunately, it seems the CRS109 switch chip does not support ACL https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches#Summary EDIT: I don't know which method will have the worst performance hit of below methods on the CRS109 device, but you can try both: 1. Bridge filter as per previo...
by CZFan
Wed Nov 11, 2020 2:24 pm
Forum: General
Topic: CRS125-24G-1S VLAN problem
Replies: 8
Views: 407

Re: CRS125-24G-1S VLAN problem

Ist, I am sure the Mikrotik device is as confused as you are, you have Bridge Vlan and Switch Vlan config on the device. 2nd, You asking for help, but only posting part of the config Decide which way you want to go, and clean up / configure accordingly. There are many posts here which explains both ...
by CZFan
Wed Nov 11, 2020 2:07 pm
Forum: Forwarding Protocols
Topic: Routing Advices
Replies: 7
Views: 802

Re: Routing Advices

what i want is: LAN1 can communicate with LAN2, not being on the same LAN.

Build a Site to Site VPN on the Mikrotiks, which sounds like you have already done.

Then check Windows firewalls, by default they will prevent access to device itself coming from a different subnet / prefix
by CZFan
Wed Nov 11, 2020 12:05 pm
Forum: General
Topic: Firewall filter by Interfaces
Replies: 7
Views: 511

Re: Firewall filter by Interfaces

Probably cause its being offloaded to the switch chip, you can work around this by disabling "Hardware Offload" in bridge-->Ports, but that will cause a reduction in performance on those ports. Best then will be to configure a switch ACL / Filter rule, sorry, I don't have access to a CRS d...
by CZFan
Tue Nov 10, 2020 11:38 pm
Forum: General
Topic: Firewall filter by Interfaces
Replies: 7
Views: 511

Re: Firewall filter by Interfaces

Look into bridge filter rules, might be what you need
by CZFan
Tue Nov 10, 2020 11:03 pm
Forum: Beginner Basics
Topic: I can't access the admin page
Replies: 1
Views: 175

Re: I can't access the admin page

Speak to your ISP, they probably disabled the web service
by CZFan
Mon Nov 09, 2020 11:50 pm
Forum: General
Topic: Where can I get rackmount kits for CRS326 models
Replies: 1
Views: 184

Re: Where can I get rackmount kits for CRS326 models

Have you tried any of the Mikrotik distributors in your area?
by CZFan
Mon Nov 02, 2020 3:11 pm
Forum: General
Topic: bad upgrade of my mikrotik router
Replies: 1
Views: 213

Re: bad upgrade of my mikrotik router

Hmmmm, usually Mikroitik fails to upgrade with incorrect package types

Have you tried Netinstall to correct?

https://wiki.mikrotik.com/wiki/Manual:Netinstall
by CZFan
Mon Nov 02, 2020 3:04 pm
Forum: General
Topic: Randomized MACs on TV Box
Replies: 5
Views: 429

Re: Randomized MACs on TV Box

Your ISP is probably providing TV services on a separate VLAN, hence insisting that it must be connected to their device
by CZFan
Mon Nov 02, 2020 2:18 pm
Forum: Beginner Basics
Topic: ethernet router + lte router - please advise configuration
Replies: 5
Views: 535

Re: ethernet router + lte router - please advise configuration

sorry, I forgot to mention that my CSR112 is acting as CAP manager for 2 x CAP AC access points

CAPSMAN will not change the picture, but I really do not see the purpose of CAPSMAN with only 2 APs, adds unnecessary complication, if you had 10 x APs then maybe a different situation
by CZFan
Mon Nov 02, 2020 2:13 pm
Forum: Beginner Basics
Topic: Get internet
Replies: 7
Views: 779

Re: Get internet

You will have to confirm if you ISP is using PON technology / fibre, if so, will not work directly connected to Mikrotik, will need an ONU / ONT
by CZFan
Sun Nov 01, 2020 11:15 pm
Forum: Beginner Basics
Topic: MKT VPN IPSEC RULES NAT FOR TELNET
Replies: 2
Views: 247

Re: MKT VPN IPSEC RULES NAT FOR TELNET

If you want to telnet to the router itself at remote site, then add a firewall filter rule in chain=input, protocol=tcp dest port=23. Action=accept.
To telnet to a device behind the remote router, use chain=forward
by CZFan
Sun Nov 01, 2020 11:03 pm
Forum: Beginner Basics
Topic: ethernet router + lte router - please advise configuration
Replies: 5
Views: 535

Re: ethernet router + lte router - please advise configuration

Configure the rbm33g as router and do all fireballing on it.

Configure crs112 as a switch device, i.e. Bridge all ports and no firewall etc
by CZFan
Sat Oct 31, 2020 12:51 am
Forum: General
Topic: Fastpath vs Fasttrack DDOS
Replies: 3
Views: 379

Re: Fastpath vs Fasttrack DDOS

Fast path and fasttrack is to allow accepted traffic through the router faster, this is not going to assis you in DDOS.

Rather Look into raw filter rules, route rules, etc to kill the DDOS connections faster
by CZFan
Sat Oct 31, 2020 12:31 am
Forum: General
Topic: Need OIDs for monitoring a few parameters
Replies: 1
Views: 316

Re: Need OIDs for monitoring a few parameters

Try /system resource print oid
by CZFan
Sat Oct 31, 2020 12:16 am
Forum: General
Topic: are this rules on the top mandatory?
Replies: 62
Views: 3245

Re: are this rules on the top mandatory?

First two rules are for input chain, the 3rd, fasttrack is for forward chain and has nothing to do with first 2 rules.

Also not sure I understand your question?
by CZFan
Fri Oct 30, 2020 3:50 pm
Forum: Beginner Basics
Topic: Strict NAT type problem
Replies: 9
Views: 911

Re: Strict NAT type problem

If you are getting a 10.x.x..x range on the LTE interface, then opening of any ports is not going to help as the packet will never reach your device when originated from outside. Compare the APN configuration between the old and new routers, maybe you had an "unrestricted" vs "restric...
by CZFan
Fri Oct 30, 2020 2:53 pm
Forum: Beginner Basics
Topic: Can't access LAN devices
Replies: 9
Views: 559

Re: Can't access LAN devices

Change to "bridge-private" with same issue. Reboot MK, about 20 pings reply and than Request timed out. This is a local problem and not Routing / FW related on the Mikrotik. To confirm above, connect to end devices directly to the ports 2 - 5 on Mikrotik and test ping again. I suspect you...
by CZFan
Fri Oct 30, 2020 1:11 pm
Forum: Beginner Basics
Topic: Strict NAT type problem
Replies: 9
Views: 911

Re: Strict NAT type problem

Check what IP you getting on the LTE, if it is a private (10.x.x.x/8, 172.16.x.x/12, 192.168.x.x/16) or CGNAT (100.64.x.x/10) address range, you will not be able to improve gaming NAT status unless you request a direct public IP from your LTE service provider
by CZFan
Fri Oct 30, 2020 1:02 pm
Forum: Beginner Basics
Topic: Can't access LAN devices
Replies: 9
Views: 559

Re: Can't access LAN devices

Hi, I made some changes, configuration attached, but with the same issue.
Please help
BR
Ales
config-v2.txt

You still have not made changes suggested by @mkx and missed by @anav :-)

Below interface should point to interface "bridge-private"
incorrectiface.JPG
by CZFan
Wed Oct 28, 2020 5:42 pm
Forum: Forwarding Protocols
Topic: BGP default originate
Replies: 2
Views: 438

Re: BGP default originate

Add a route filter for that peer and only allow default to it, something like:
/routing filter
add action=accept chain=BGP-Out prefix=0.0.0.0/0
add action=discard chain=BGP-Out
by CZFan
Tue Oct 27, 2020 10:58 am
Forum: General
Topic: GRE Tunnel with Hap ac3 LTE
Replies: 11
Views: 616

Re: GRE Tunnel with Hap ac3 LTE

... And if you do, is it even accessible from the outside? I've seen mobile operators assigning public IPs to LTE devices but NATing them to other public IPs anyway. Yup, had this with a customer of mine in Malawi, they were using public IPs belonging to some company in USA but NATed the connection...
by CZFan
Mon Oct 26, 2020 8:45 pm
Forum: Forwarding Protocols
Topic: VRF and overlapped IPs
Replies: 3
Views: 545

Re: VRF and overlapped IPs

You cannot use subnets that are directly overlapped in different VRFs in RouterOS v6...this is fixed in RouterOSv7 Would you mind elaborating on above? I am interested what other challenges might be with my config as per below. I can access all VRF routers from outside as well as inside from R1, in...
by CZFan
Fri Oct 23, 2020 3:31 pm
Forum: General
Topic: Best way to configure multi-SSID-AP with VLAN-breakout
Replies: 12
Views: 784

Re: Best way to configure multi-SSID-AP with VLAN-breakout

@bpwl, I suspect you might be onto something here, i.e. configs not cleaning up properly. I suspect it is more a "Winbox" issue. Was playing around with various configs re EoIP tunnel now in GNS 3 on CHR 6.45.9, had tunnel up, then made changes, tunnel down, then reverted the changes, tunn...
by CZFan
Thu Oct 22, 2020 8:49 pm
Forum: General
Topic: IP address / device based volume stats
Replies: 3
Views: 265

Re: IP address / device based volume stats

There is a utility in Mikrotik Download archive called traffic counter.

It will count traffic going through the router, played with it little bit and seems cool, also suggested it to a customer of mine
MTArchive.JPG
by CZFan
Thu Oct 22, 2020 6:40 pm
Forum: General
Topic: Best way to configure multi-SSID-AP with VLAN-breakout
Replies: 12
Views: 784

Re: Best way to configure multi-SSID-AP with VLAN-breakout

My understanding is that "fraggle attack" (UDP Broadcast) is a variant of "smurf Attack" (ICMP),

Did you not maybe had a loop somewhere and the Draytek possibly interpreted this as a "fraggle attack"?
by CZFan
Thu Oct 22, 2020 6:33 pm
Forum: SwOS
Topic: CSS610-8G-2S+IN - no firmware to download?
Replies: 10
Views: 2648

Re: CSS610-8G-2S+IN - no firmware to download?

...
Also, I tried to download the firmware manually, but there is nothing to download on the product's home page https://mikrotik.com/product/css610_8g_2s_in

Wow, seriously?

See screenshot below on same link you quoted!!
mtsoftware.JPG
by CZFan
Thu Oct 22, 2020 5:47 pm
Forum: Beginner Basics
Topic: Adding cAP AC to my network [SOLVED]
Replies: 52
Views: 2817

Re: Adding cAP AC to my network [SOLVED]

...
Final comment, Dont use quotation marks for NAMES of anything. Quotes are used in MT to surround COMMENTS.
You are trying to hurt my brains and eyes with this approach

Quotation marks are necessary where names, comments, etc contains spaces
by CZFan
Tue Oct 20, 2020 3:59 am
Forum: Beginner Basics
Topic: help with denial of service internet minecraft server
Replies: 6
Views: 572

Re: help with denial of service internet minecraft server

Looks like a dons amplification attack,
Post full config ( between code tags [] in menu so we can see what is wrong
by CZFan
Tue Oct 13, 2020 12:40 am
Forum: General
Topic: Slow connection speed with „fasttrack” switched off.
Replies: 2
Views: 271

Re: Slow connection speed with „fasttrack” switched off.

I suspect more inefficiencies in your config.
Post results of /export file=filename hide-sensitive between code brackets
by CZFan
Tue Oct 13, 2020 12:28 am
Forum: General
Topic: Updating from 6.28
Replies: 4
Views: 345

Re: Updating from 6.28

That's very old, lots of security holes, metinstall is your friend
by CZFan
Mon Oct 12, 2020 3:57 pm
Forum: General
Topic: Having troubles with Q-in-Q on CRS305
Replies: 4
Views: 433

Re: Having troubles with Q-in-Q on CRS305

You are not showing full config, so it makes it difficult to assist.

All I can assume at this stage is that possibly you don't have "use service tag" configured on the vlan interface
by CZFan
Mon Oct 12, 2020 1:56 pm
Forum: General
Topic: Strange Tracking Problem on Mikrotik Filter rules
Replies: 8
Views: 494

Re: Strange Tracking Problem on Mikrotik Filter rules

Hi all, I usually drop all forwards as the last rule and allow only known tracked traffic. Now, I have an strange problem for creating a rule for allowing ping from one server to another. I should be able to do this using this rule: add action=accept chain=forward comment=Ping protocol=icmp src-add...
by CZFan
Sun Oct 11, 2020 6:52 pm
Forum: Beginner Basics
Topic: MTU LAN vs WAN
Replies: 6
Views: 603

Re: MTU LAN vs WAN

..., I’d know how to set the MTU, which is max package size +32. When I do the same test from my hAP ac the value looks different, naturally.
...
Should be +28 (20 bytes IP Header + 8 bytes ICMP Header)
by CZFan
Sun Oct 11, 2020 6:38 pm
Forum: Beginner Basics
Topic: need help with VLAN guest wireless on router and ap
Replies: 7
Views: 515

Re: need help with VLAN guest wireless on router and ap

Cant believe my friend recommended Mikrotik, "it's the best router" he said, "and if you have a problem they help you on forum"

what a bullshit.

Cry me a river...
by CZFan
Thu Oct 08, 2020 1:54 pm
Forum: Beginner Basics
Topic: How to get connected without any assigned IP to device?
Replies: 3
Views: 314

Re: How to get connected without any assigned IP to device?

Connect via the serial port with a console cable, set IP address, etc and then continue as per normal
by CZFan
Thu Oct 08, 2020 12:23 am
Forum: General
Topic: Having troubles with Q-in-Q on CRS305
Replies: 4
Views: 433

Re: Having troubles with Q-in-Q on CRS305

Post anonomized output from /export file=yourfilename between code brackets so we can see config and assist where possible
by CZFan
Wed Oct 07, 2020 12:57 pm
Forum: General
Topic: Connection NAT state srcnat?
Replies: 9
Views: 625

Re: Connection NAT state srcnat?

... My issue isn't really with invalid packets, but with private addresses leaking out. Supposedly they leak out because the packets are invalid, and so do not get srcnated. I want to either prevent anything that's not srcnated from going out on the WAN interface (which I thought would be doable us...
by CZFan
Tue Oct 06, 2020 7:16 pm
Forum: General
Topic: XBOX and MikroTik RouterOS v6.47 (stable) NAT | UPDATE: VPN
Replies: 16
Views: 931

Re: XBOX and MikroTik RouterOS v6.47 (stable) NAT

Hi there I have been trying to resolve this issue for the past 15 days, reading through forums but no luck at all As you may know, in order for XBOX to work properly, it needs an Open NAT - so far it is only Strict According to the Microsoft XBOX's website https://support.xbox.com/en-US/help/hardwa...
by CZFan
Mon Oct 05, 2020 3:48 pm
Forum: General
Topic: Using most available bandwidth wan
Replies: 35
Views: 1652

Re: Using most available bandwidth wan

I dont use NAT right now. I just have. Mikrotik vpn server setup. People vpn first, grab a local ip, and co nect to internal servers. So if this is the case i should use ecmp? Then is what i currenctly have what i can have as the ideal setup? Where does VPN come into the picture now? Your config sh...
by CZFan
Mon Oct 05, 2020 2:26 pm
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 26
Views: 8378

Re: Torrent blocking working in y2020

The Torrent system on it's own is not illegal. Downloading copyrighted content is illegal. This is my understanding also, read an article yesterday that in Germany, some law firms are not so ethical (who would have thought) and sending very threatening letters to people to pay up, and the normal Jo...
by CZFan
Mon Oct 05, 2020 2:17 pm
Forum: General
Topic: Using most available bandwidth wan
Replies: 35
Views: 1652

Re: Using most available bandwidth wan

I think speedtest.net uses multiple connections for download. That is where i saw more than 50mbit. But yeah for the rest i get it. I just need help to change my config to pcc now. Can you help me with that please. I am not sure how to adapt my vlans and bridge to the pcc example Yes, speedtest.net...
by CZFan
Mon Oct 05, 2020 11:35 am
Forum: General
Topic: Using most available bandwidth wan
Replies: 35
Views: 1652

Re: Using most available bandwidth wan

I suspect that video does not shoe the "full truth"

ECMP is based on per connection, so if src and dst address is same, you will only use one of the uplinks, it is not a "per packet" solution
by CZFan
Mon Oct 05, 2020 1:01 am
Forum: General
Topic: any tool like UNMS for mikrotik hw?
Replies: 1
Views: 398

Re: any tool like UNMS for mikrotik hw?

Yes, called the Dude
by CZFan
Mon Oct 05, 2020 12:28 am
Forum: Beginner Basics
Topic: router not starting
Replies: 10
Views: 647

Re: router not starting

Reset button has various functions depending how long you press it during reset process.

Something like 5 seconds for factory reset, 10 seconds for metinstall and 15 seconds for capsman, can't remember the details but all described in wiki article
by CZFan
Sun Oct 04, 2020 9:55 pm
Forum: Beginner Basics
Topic: router not starting
Replies: 10
Views: 647

Re: router not starting

The problem is on your side, not the Mikrotik device Since the device pops up in netinstall, firewall, etc is ok and network connection profile also. copy the .npk file into same folder as netinstall.exe Make sure you laptop/pc doing netinstall from is in same IP range as per boot IP address in neti...
by CZFan
Sun Oct 04, 2020 7:33 pm
Forum: Forwarding Protocols
Topic: BGP NO-PREPEND REPLACE-AS ON CCR
Replies: 1
Views: 335

Re: BGP NO-PREPEND REPLACE-AS ON CCR

in the BGP peer config enable "as-override"
bgpasoverride.JPG
by CZFan
Fri Oct 02, 2020 8:55 pm
Forum: General
Topic: BIG FAIL restore
Replies: 5
Views: 437

Re: BIG FAIL restore

make sure you enter the user that created the backup correctly, below from wiki Warning: If password is not provided in RouterOS versions older than v6.43, then the backup file will be encrypted with the current user's password, except if the dont-encrypted property is used or the current user's pas...
by CZFan
Fri Oct 02, 2020 8:30 pm
Forum: Beginner Basics
Topic: RB3011UIAS-RM and TPLink C5400 Access Point [SOLVED]
Replies: 4
Views: 349

Re: RB3011UIAS-RM and TPLink C5400 Access Point [SOLVED]

When you referring to the TP-Link's MAC address, are you referring to the 3011's bridge host table, the switch host table or ARP table?

Maybe a good idea to post config of the 3011 config here (between code brackets) and a packet capture file, maybe someone spots a problem
by CZFan
Fri Oct 02, 2020 8:12 pm
Forum: General
Topic: Parent Queue Limits do not apply.
Replies: 8
Views: 729

Re: Parent Queue Limits do not apply.

parent queues is responsible for distributing the bandwidth, not limits if you are using PCQ, then you should not have child queues, the system will automatically create sub streams with limits for each client based on the pcq queue type configuration, here you can specify a limit for all sub stream...
by CZFan
Fri Oct 02, 2020 7:42 pm
Forum: Beginner Basics
Topic: router not starting
Replies: 10
Views: 647

Re: router not starting

select net boot and set ip to 192.168.88.3 Don't follow the manual on this, it is completely wrong Set ip to 192.168.88.1 instead and netinstall will work Dont agree The netinstall is a bootp server and will assign range you configure. I have been using range 192.168.1.2 in bootp client config on n...
by CZFan
Fri Oct 02, 2020 6:59 pm
Forum: General
Topic: Unbrick a HAP AC2 [SOLVED]
Replies: 3
Views: 394

Re: Unbrick a HAP AC2 [SOLVED]

I never tried this, but should not need another "default script", just straight netinstall should work
by CZFan
Fri Oct 02, 2020 6:55 pm
Forum: Beginner Basics
Topic: RB3011 Re-plugging WAN losing INTERNET
Replies: 3
Views: 349

Re: RB3011 Re-plugging WAN losing INTERNET

suspect the problem is with detect internet configs, I usually disable this by:
/int detect-internet set detect-interface-list=none lan-interface-list=none wan-interface-list=none internet-interface-list=none
by CZFan
Fri Oct 02, 2020 6:43 pm
Forum: Beginner Basics
Topic: RB3011UIAS-RM and TPLink C5400 Access Point [SOLVED]
Replies: 4
Views: 349

Re: RB3011UIAS-RM and TPLink C5400 Access Point [SOLVED]

From a 3011 point of view, the TP-Link will just be another network device, so suspect problem is on your TP-Link side. I actually did one of these exact setups for another customer of mine the other day, was not the Archer but was TP-Link. I had to configure the TP-Link as Access Point only, restar...
by CZFan
Fri Oct 02, 2020 6:26 pm
Forum: Beginner Basics
Topic: How much bad blocks is too much bad blocks?
Replies: 1
Views: 241

Re: How much bad blocks is too much bad blocks?

$40 is half the suggested retail price.

As far as bad block, dont know, might be the beginning of the end or it can still last a while, that you will have to decide if the price tag is good enough for the gamble
by CZFan
Fri Oct 02, 2020 6:21 pm
Forum: Beginner Basics
Topic: RB fail install in netinstall
Replies: 2
Views: 189

Re: RB fail install in netinstall

make sure you selected the package file (.npk)

I usually place the package file in same folder as netinstall.exe
by CZFan
Fri Oct 02, 2020 6:02 pm
Forum: Beginner Basics
Topic: Please Help . PPPoE Terminating
Replies: 3
Views: 444

Re: Please Help . PPPoE Terminating

error means client device disconnected but connected again before the previous session was teared down in PPPoE service.

You should look why the client devices disconnect frequently, that problem can be anywhere between PPPoE Access Concentrator and client device
by CZFan
Wed Sep 30, 2020 4:22 pm
Forum: Beginner Basics
Topic: [CCR1009-7G-1C-1S+] version 6.46.4 | forward ssh from outside to internal server
Replies: 2
Views: 244

Re: [CCR1009-7G-1C-1S+] version 6.46.4 | forward ssh from outside to internal server

try changing the rule below to:

/ip firewall filter add chain=forward action=accept protocol=tcp dst-address=192.168.50.5 in-interface=sfp1.120 out-interface=ether1.2150 port=2223
by CZFan
Wed Sep 30, 2020 4:06 pm
Forum: Beginner Basics
Topic: hw=yes not showing as hw offload?
Replies: 8
Views: 769

Re: hw=yes not showing as hw offload?

You shouldn't need to Awesome. It's just that Mikrotik's own guide said to add it in, and I was like "But why?" I'll try just using the default bridge, given it offloads to the switch, so therefore should be "wire speed" and not done in software. Mikrotik (And other vendors) ass...
by CZFan
Wed Sep 30, 2020 3:10 pm
Forum: Beginner Basics
Topic: A routing conundrum
Replies: 10
Views: 776

Re: A routing conundrum

Some things you should try to do yourself atleast, below is where you can change the default route distance on a DHCP client More than happy to do so and to learn but quite frankly had no idea how to change the default route distance on a DHCP client... Thanks for your help there ! Pleasure, glad y...
by CZFan
Wed Sep 30, 2020 3:05 pm
Forum: General
Topic: Share 2mbps equal on two user with different limit-at
Replies: 5
Views: 1803

Re: Share 2mbps equal on two user with different limit-at

you are still mixing pcq and other queue types...
by CZFan
Wed Sep 30, 2020 2:57 pm
Forum: RouterBOARD hardware
Topic: hAP ac³
Replies: 31
Views: 4191

Re: hAP ac³

Believe me Normis " clearly labeled INTERNET " is not enough for tipical residential Customers ;-D Is some cases they are even not able to find out an electrical plug... ;-D Rgds Deployed a FTTh solution in a golf estate, first question sked when customers calls in and say they have no in...
by CZFan
Tue Sep 29, 2020 12:09 pm
Forum: Beginner Basics
Topic: A routing conundrum
Replies: 10
Views: 776

Re: A routing conundrum

...
Next question is how do I achieve it ? Those automatic routes don't seem to be "editable", at least not from Winbox...
Some things you should try to do yourself atleast, below is where you can change the default route distance on a DHCP client
distance.JPG
by CZFan
Fri Sep 25, 2020 9:52 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 1203

Re: user manager eats up my disk [SOLVED]

I have not worked much with usermanager, but maybe rather do a backup / export of usermanager data, clear database, move it and then restore / import from backup
by CZFan
Fri Sep 25, 2020 8:37 pm
Forum: General
Topic: Share 2mbps equal on two user with different limit-at
Replies: 5
Views: 1803

Re: Share 2mbps equal on two user with different limit-at

You are confusing queue leaf objects and PCQ in your config.

Either change the queue type in leaf queues to "default-small" which will work perfect for 2M queues, alternatively configure the PCQ queue types correct and assign this to the parent and remove the leave queues
by CZFan
Thu Sep 24, 2020 9:47 pm
Forum: Beginner Basics
Topic: hw=yes not showing as hw offload?
Replies: 8
Views: 769

Re: hw=yes not showing as hw offload?

first, which router / switch model?

Devices with only 1 switch chip, will only support HW offload on one / first bridge created
by CZFan
Thu Sep 24, 2020 8:47 pm
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 5980

Re: Expected down time for this forum SEPT 11

So, on 9-11 we are going to update the forum. Great timing. I remember it as yesterday that we sat in front a small TV in the firm with the staff looking, with disbelieve what was happening in New York. Yup, recall this very well also, was at Microsoft Tech-Ed at Sun City at the time, all went back...
by CZFan
Wed Sep 23, 2020 3:20 pm
Forum: The User Manager
Topic: user manager eats up my disk [SOLVED]
Replies: 8
Views: 1203

Re: user manager eats up my disk [SOLVED]

Use a MicroSD or USB storage for the user manager data
by CZFan
Tue Sep 22, 2020 8:36 pm
Forum: General
Topic: Multiple device with same IP access [SOLVED]
Replies: 5
Views: 751

Re: Multiple device with same IP access [SOLVED]

Might just be semantics or maybe I missed it, but I don't see any "route rules" in the information you have posted, Route Rules are typically found under /ip route rules . What you have implemented I suppose is emulating VRF as VRF also marks traffic, etc, but I dont know if what you tried...
by CZFan
Wed Sep 16, 2020 9:40 pm
Forum: Forwarding Protocols
Topic: MPLS and MTU
Replies: 5
Views: 876

Re: MPLS and MTU

...

does anyone have any recommendations for a qualified consultant about this?

If you are South Africa based, I can assist
by CZFan
Tue Sep 08, 2020 7:26 pm
Forum: General
Topic: How to remove 802.1Q header on "untagged" bridge egress
Replies: 25
Views: 1874

Re: How to remove 802.1Q header on "untagged" bridge egress

When explained so succinctly even the blind, will be claiming they "see the light"!
Grab a coffee,
https://www.youtube.com/watch?v=gwgOUzodS6E
All night long!

That's the dude from the Patrick Swayze movie "Road House", cool movie
by CZFan
Tue Sep 08, 2020 12:34 am
Forum: General
Topic: Mikrotik version RB941-2nD-TC HAP Lite cannot control bandwidth on Queues?
Replies: 1
Views: 212

Re: Mikrotik version RB941-2nD-TC HAP Lite cannot control bandwidth on Queues?

It can control bandwidth and queues, but on a way smaller scal as its bigger cousins like the CCR's, etc
by CZFan
Tue Sep 08, 2020 12:20 am
Forum: Beginner Basics
Topic: Mikrotik to Mikrotik connection BW issues
Replies: 1
Views: 258

Re: Mikrotik to Mikrotik connection BW issues

Do not test from device to device, test through devices using imperfect tool on a Client laptop device

EDIT: Was suppose to say "iPerf tool", bloody autocarrot
by CZFan
Tue Sep 08, 2020 12:17 am
Forum: Beginner Basics
Topic: Routing
Replies: 4
Views: 451

Re: Routing

Not even going to waste my time by looking at your configs.

Place config between code brackets, it is in the menu items
by CZFan
Tue Sep 08, 2020 12:11 am
Forum: Beginner Basics
Topic: Untagged and tagged VLANs in RouterOS
Replies: 6
Views: 800

Re: Untagged and tagged VLANs in RouterOS

What is router and switch make and models?
by CZFan
Wed Sep 02, 2020 12:32 am
Forum: General
Topic: How set logs back to default? [SOLVED]
Replies: 3
Views: 476

Re: How set logs back to default? [SOLVED]

Prove the results of "/system logging export" then someone can assist to get all back to default
by CZFan
Tue Sep 01, 2020 12:54 am
Forum: General
Topic: Multiple device with same IP access [SOLVED]
Replies: 5
Views: 751

Re: Multiple device with same IP access [SOLVED]

I think the only way you going to get this to work properly will be by using VRF configuration.

In a nutshell , VRF does for layer 3 what vlans does for layer 2
by CZFan
Tue Sep 01, 2020 12:16 am
Forum: General
Topic: No dst-nat support for shifted portmap ranges?
Replies: 20
Views: 3766

Re: dst-nat 'to-port=start-end' range bug?

Post it on the forum as a "feature request"

I have not used this yet, so maybe just search the forum for above, think there are "topic headings" for it.

Alternatively send mail to support@mikrotik.com requesting this feature
by CZFan
Mon Aug 31, 2020 8:12 pm
Forum: SwOS
Topic: Loopback not working CRS305-1G-4S+IN
Replies: 5
Views: 571

Re: Loopback not working CRS305-1G-4S+IN

You might be on to something here. I tried switching to a Netgear GS105 unmanaged gigabit switch and the result was the same, i can only reach my NAS when i try to connect to the ip but no when i use the domain name. Thanks for pointing me in the right direction, i didn't expect to be able to get a...
by CZFan
Mon Aug 31, 2020 7:51 pm
Forum: Beginner Basics
Topic: (RouterOS 6.47.2) DHCP "defconf offering lease without success"
Replies: 3
Views: 937

Re: (RouterOS 6.47.2) DHCP "defconf offering lease without success"

1. This is Mikrotik "Users" forum, not Mikrotik support
2. If you connect device directly to Mikrotik router (Bypassing DD-WRT device) does it get DHCP, if so, then maybe go and scream on DD-WRT forum
by CZFan
Wed Aug 26, 2020 12:27 am
Forum: Forwarding Protocols
Topic: New Bridge config + MPLS/VPLS working?
Replies: 2
Views: 541

Re: New Bridge config + MPLS/VPLS working?

Yup, have it at a customer of mine (WISP) and no issues
  • 1
  • 2
  • 3
  • 4
  • 5
  • 7