MikroTik

expert

Well, there seems to be a problem with Switch > ACL on this device (6.46.4). There are no ports available. Any ideas?

expert

Thanks, you may be right. But I'd be glad if @support will comment on this too...

expert

The following metrics were captured when the device is idle (no traffic, no attached devices): cpu-temperature: 56C board-temperature1: 36C psu1-voltage: 27.1V psu2-voltage: 53.7V psu1-current: 0A psu2-current: 0A psu1-state: ok fan1-speed: 4215RPM fan2-speed: 4230RPM fan3-speed: 4440RPM fan4-speed:...

expert

I did similar mod of my new CRS354-48P-4S+2Q+ with 4x Noctua NF-A4x20 FLX and one tiny fan for CPU, connected via Y-adaptor to fan1 header. So far, all good.

expert

Hi,
do bridge filter rules ( /interface bridge filter ) maintain hw offloading?
Wiki does not explicitly answer that ( https://wiki.mikrotik.com/wiki/Manual:C ... s_switches )
My device: CRS354-48P-4S+2Q+

thanks.

expert

It is possible to add interface-list as bridge port, then logically it makes sense to be able to add interface-list as bridge vlan tagged/untagged member. But the latter is not possible. Background : I have interface list uplink with members: sfpplus1, spfplus2 . I add the uplink list into bridge-ma...

expert

A year later: smart cards are still not working.

I volunteer myself to fix ROS source code to make smart cards working, if you, guys, in MK don't have time to do it.

expert

I'd be interested to know more too if anyone has found a compatible product and some guidelines on how to set up. Thanks I got a reply from @support: Unfortunately, we cannot recommend any Smart Card for use in MikroTik devices. The Smart Card support in RouterOS requires significant rebuild and cu...

expert

When do we ever see the option of select and copy text in the winbox log files? This has been asked for years. Plus the option to search for string of caracters? When studying your logs in winbox it's at times hard to get the eyes focused on what you want to see if there are many lines to read thro...

expert

Remember that interface lists are handled by the CPU. An interface list is just a bit set in the interface definition which can be matched e.g. in the firewall ("is this bit set for the interface where this packet arrived") by the processor. This is entirely different from switch programm...

expert

1. Please allow adding many to many entries into vlan table for CRS1xx,2xx. Currently, only many to one entries are allowed: Current: /interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=200 /interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=201 Proposed: /interface ethernet switch v...

expert

Well, with old configuration with master ports, it was possible to have two or more master ports on a single switch chip, while still maintaining hw offload.

The new bridge implementation IMHO still uses master port internally, so it's questionable why that's not possible anymore.

expert

The script is readily available to download and inspect before hand because any self respecting person would do that rather than blindly running it. Dave has been here for years providing this service to users in the community and is extremely well trusted, just don't pi$$ him off and you'll be fin...

expert

I see everybody here is amazed how great service it is, but has anybody think about security risks of such service? Importing third-party script to your router without any validation? I wonder why this list is not provided as plain list of IPs and let everybody implement custom script parsing and va...

expert

I have replaced original fans in my home CCR1009-7G-1C-1S+ with Noctua NF-A4x20. Not PWM, 3-pin FLX version, as MikroTik does'n support PWM.

...and you lost the warranty.

expert

Can be the same be achieved on CRS1xx/2xx switches (VLANs configured on switch chip)?

expert

The card just arrived, however it does not work in CCR1009: [admin@ccr] > /certificate card-reinstall pin=1234 failure: Install failed! echo: certificate,critical it seems your card is not GlobalPlatform compatible! [admin@ccr] > /certificate card-verify pin=1234 failure: SIM not initialised! The ca...

expert

So, nobody here found this feature useful?

expert

Hi, since I'm interested about the blacklist service and in order to evaluate whether it's useful to me, I'd like to know, what exactly is blacklisted?
Who/what created such list of IPs? Thanks in advance.

expert

Please implement append=yes option to the export command.

Use case: I'd like to perform router-to-router (partial) config transfer described in the following use case.

/ip dhcp server lease export file=config.rsc append=yes
/ip dns static export file=config.rsc append=yes

expert

Solved, the following rule works:

/ip firewall filter add chain=input dst-address-type=local src-address-type=local action=accept comment="Allow local traffic"

expert

I have CCR1009 device running Dude and monitoring itself. The device has also configured firewall filters entirely based on interface lists. However, Dude traffic doesn't seem to have any in-interface and out-interface . Here's how the traffic appears in the log: 17:36:54 firewall,info DUDE input: i...

expert

I have ordered Gemalto (Safenet) TOP IM GX4 REV B SIM Pre-Cut - White from Amazon co uk.
I will soon post some results how (if) it works. Link to PDF specification

expert

I recently observed similar issue, where BDPUs from the provider were entering my L2 network and interfering with my RSTP instance. The following filter fixed the problem: /interface bridge filter add action=drop chain=forward in-interface=wan dst-mac-address=01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF comm...

expert

That means in case of broken link, no automatic failover will occur, but manual intervention is needed. Either remove SFP module or reconfigure combo-mode to copper.

expert

I have a device with combo port (CRS106) and I have noticed strange behavior. Steps to reproduce: connect combo's copper port to other device using patch cable leave combo's SFP cage empty set combo-mode=auto -> link is up and running using copper port Now plug S-RJ01 module to the SFP cage. The dev...

expert

I guess all of the following my devices are not upgradeable in the future due to low disk space :-( version: 6.42.5 (stable) free-hdd-space: 4648.0KiB board-name: CRS112-8P-4S version: 6.42.5 (stable) free-hdd-space: 4700.0KiB board-name: CRS106-1C-5S version: 6.42.5 (stable) free-hdd-space: 4692.0K...

expert

An interface is marked as "running" only if connected. Otherwise it stays exactly this way: neither running nor deactivated.

Connected to what?? We're talking about wireless interfaces, which are supposed to be always running, unless disabled=yes.

expert

I don't think there's anything config-related, which could have impact on the running/not running state.

expert

Hi, I have new wAP AC device. For unclear reason, I can't get wlan interfaces into running state, see: /interface wireless print Flags: X - disabled, R - running 0 name="wlan1" mtu=1500 l2mtu=1600 mac-address=CC:2D:E0:86:1B:E2 arp=enabled interface-type=Atheros AR9300 mode=ap-bridge ssid=&...

expert

I have CRS112-8P-4S-IN it works more or less fine. To power some other devices (e.g. RB450G and thirdparty webcam) I had to set the port's POE status to force-on). I have it installed into 19'' rack using included "ears": https://img.routerboard.com/mimg/part441414762206m.jpg Hoverer I'd l...

expert

Winbox 3.14, but also all older versions:

How to edit such dialog window, when screen is so small? Scroll does not work.

Why aren't interfaces sorted by name?

expert

I guess you cannot have achieve that, unlike with old master-port configuration. You need to set up isolation profiles and/or vlans to create virtually two switches.

expert

I was talking about CRS-8P-4S-IN which has two power jacks.

expert

Q1: Can I plug both 24V and 48V PSUs at the same time and make use of PSU failover for the switch itself?

Q2: Can I then power up 24V passive POE devices and 48V active POE devices at the same time? Will 'auto' POE mode recognize them?

expert

But the question is what is your application case? You can sniff directly on Mikrotik or forward the sniffed data TZSP-encapsulated to some other machine. I'd like to implement permanent TAP device. Sniff tool in ROS with streaming feature may work, but it seems to be something you run temporarily....

expert

How can I achieve software-based port mirroring? Thanks.

expert

Hi,
I'm looking for port mirroring based on bridge, which could be used on device without switch chip.
Is there such feature?

expert

Feature request: please disable/hide partitioning menu in Winbox on devices, which don't support partitioning.

Q: What happens if I create partition on device, which doesn't support it? (I'm afraid to try, but I'd like to know...)

expert

I guess the PCB has fan pins somewhere. But you obviously loose the warranty.

expert

I really think Mikrotik should discuss using partitions in addition to backups.

Can I make partition(s) on my mAP Lite? It has only 32MB disk space.

expert

Some people here are complaining about serious issues with 3011 after upgrade.
However I haven't seen any reaction of MK confirming or rejecting that. So I'm asking whether is it safe to upgrade 3011 and wish to hear clear answer.

expert

You can hire a consultant

expert

Now with RB1100AHx4 we need metarouter
It is unlikely to happen. Metarouter has never worked on any of the multicore devices. And now it's a multicore ARM... Unlikely.

Has metarouter ever worked on anything? I mean for serious production use.

expert

And what's seen on serial console?

expert

Thank you. I was under the impression there was a switch chip from reading older posts.

Yes, there really was, but the device ( CCR1009-8G-1S-1S+ ) is no longer manufactured

expert

Metarouter is a toy, it's not suitable for anything serious! Search for older posts...

expert

What is the term default native VLAN? IEEE 802.1Q does not know such term.
There are ethernet frames without VLAN tag, those are mapped to VLAN ID 0.
There are frames with VLAN tag, those are mapped to VLAN ID >0.
Advice: do not use VLAN ID 1 unless you know what you're doing.

expert

Is the RSTP problem fixed? viewtopic.php?t=118320&f=13#p585480

expert

What does it mean has PoE ? Device 2011UIAs has:

a) PoE in on ether1
b) PoE out on ether10

What's wrong on having wan on e.g. eth7 ?

expert

The LEDE Project (Linux Embedded Development Environment) has been released in stable version. Are there any plans to build Metarouter image?

expert

viewtopic.php?f=13&t=118320&p=585570#p585480

expert

Most (if not all) Mikrotik devices use non-standard passive PoE at 12-24V. I don't know any switch which is able to deliver passive PoE.

I would rather take passive PoE injektor which can be used with any switch

expert

LCD interfaces is broken, it does not switch between interfaces. In my case, LCD shows only pppoe-wan, other interfaces are not shown. What is the timeout then?

expert

<dream>I'm using it for SFP VDSL modem</dream>

But no, I have it connected to Cloud Router Switch.

expert

Hi, I've found problem when using autocompletition with ssh/scp from ROS. $ scp router: Now press <TAB> <TAB> to trigger autocompletition. Result: $ scp router:bad\\\ command\\\ name\\\ command\\\ \\$line\\\ 1\\\ column\\\ 1\\$ Doing the same when remote host is linux, it works as expected: $ scp ...

expert

Maybe the same problem as I had? http://forum.mikrotik.com/viewtopic.php ... 50#p582781

expert

Is the RSTP problem (which I reported here http://forum.mikrotik.com/viewtopic.php ... 50#p582781 ) fixed?

expert

not DAT, but DAC

(direct attach cable)

expert

Let me summarize metarouter ( mr ) status: * mr is unreliable(?) Can you tell how you use mr ? * mr not supported on CCRs and RB3011UIas * OpenWRT - no mr support in upstream project and builds provided by MK are obsolete * OpenWRT project is stagnant, but there's a young fork called LEDE project It...

expert

Native VLAN (Cisco VLAN1) is translated to Mikrotik VLAN ID 0

...and how is handled MK VLAN 1 on Cisco side?

expert

Still having problems when on local bridge enabled rstp. After disabling rstp, everything works as it should. This was broken in release before this one. Two Mikrotik routers connected to each other. When rstp is enabled, I can't ping the other Mikrotik. I have the same problem, but I had short tim...

expert

Would like every service MT runs (SMB, Socks, Proxy, DNS, etc.) to all have ACLs in /ip services AFAIK, and would be good to have it 'locked down' by default to say 1921.68.1.0/24 seeing that the default IP on hardware devices is 192.168.1.1/24. Afaik factory default is 192.168.88.1/24, but I agree...

expert

it will be available in february next year. hopefully. and then it will have to be tested.

It's February now, any news?

expert

Is there any step-by-step tutorial, how to use Smart Card? Which card to buy and how to use it?

expert

I executed those commands but am not seeing mirrored traffic on my ether24 port as expected. I'm only seeing broadcast traffic from the switch group that it is a member of. if/when i make master port=none for ether24 I see no traffic.

What packet sniffer are you using? Wireshark?

expert

- Wait 10 Minutes
--> Working config is back --> Great

I don't need to wait 10 minutes, all my devices are back in 1-2 seconds. How did you configured so long timeout?

expert

Serial port RJ45 https://routerboard.com/CSS326-24G-2SplusRM
I don't see any reference to a RJ45 console port in the description.
If it was there, it is corrected by now.

It was there, but now it's gone - it seems they corrected it.

expert

So why would it need a console port?

Why it's written in product specification?
Serial port RJ45

https://routerboard.com/CSS326-24G-2SplusRM

expert

Is there some stable openwrt image for 6.38.1(951G-2HnD)? I tried different version from http://openwrt.wk.cz/ (AA, trunk) on some last few ROS versions and it's very unstable with: "system,error,critical router was rebooted without proper shutdown by watchdog timer" It seems that OpenWRT...

expert

Related topic: http://forum.mikrotik.com/viewtopic.php?f=2&t=101159

expert

Finally, I bought this device and I'm very happy with it: https://s3.amazonaws.com/assets.mhint/product_images/151054/151054pro_3.jpg http://manhattan-products.com/usb-to-serial-converter8 It works perfectly in linux, here's how it identifies: [ 5.846246] mos7840 1-3.1:1.0: Moschip 7840/7820 USB Ser...

expert

It's a bug of Winbox 3.8. You can download fixed version. Next time you should first read forums & changelogs.

expert

I like friday releases

Friday, 13th...

But today is Monday and broken Winbox 3.8 is still on download site...

expert

What version of RouterOS you are using? 3.24 is version of bootloader, not RouterOS.

There have been some metarouter issues fixed in 6.38: *) metarouter - fixed startup process (introduced in 6.37.2);

expert

I'm also interested in this topic. Has port's vlan-type any relation to R)STP ?

expert

can mikrotik run script via ssh to remote mikrotik?? i really need to know, i have tried ssh-key on Ubuntu-to-Mikrotik and its working fine, but Mikrotik-to-Mikrotik its asking password and not passing through.. need feedback from anyone please

/ip ssh set always-allow-password-login=yes

expert

Thanks, desktop version could be an option.
In RM version, can be fans set into low speed, e.g. 800rpm?

expert

How noisy are fans in CCR1009 RM version? Can be fans disabled?
( I plan to buy one into "open rack frame" and then the noise can be disturbing... ).

expert

To make it explicit: DAC cable is not optical cable, but copper cable.

expert

how often will that happen, and what is the resolution for this?

Rarely. But it doesn't matter - it's a vulnerability. Solution is to disable mgmt access over wireless, enable over wires.

expert

New(or resetted) mAP Lite device is expecting winbox connections only on wlan interface (ether1 has DROP filters in default configuration ).

When device is first time started, attacker could connect as admin (with no password) over wlan just before trusted person has chance to set up anything.

expert

Hi, I need to connect multiple MikroTik devices into RS-232 hub to have persistent console access. Do you think will this device serve the purpose? The hub will be connected to the server running Debian GNU/Linux. https://www.aliexpress.com/item/USB-to-8-Ports-Serial-Converter-Adapter-Hub-FTDI-Chips...

expert

Perhaps you can explain a little more detailed. I did not manage to get this running on RB2011UiAS-RM. It is no problem to assign VLANs to ports, but I failed in untaggig one VLAN while leaving the other VLANs tagged for output packets and tagging untagged traffic while leaving all tagged traffic a...

expert

It's supposedly fixed in 6.38rc47 ( http://forum.mikrotik.com/viewtopic.php ... 50#p572303 ).

expert

Hi,
what the reason to have serial port over RJ-45 on Cloud switches? AFAIK no standard defines that.
I'm going to buy combination Cloud Core Router (D-Sub serial connector) and Cloud Core Switch (RJ-45 serial connector) and will need two different console cables.

expert

See this: http://forum.mikrotik.com/viewtopic.php ... hilit=vdsl

expert

In what language and framework is Winbox developed? C or C++ ? Gtk or Qt?

expert

First i would put your modem into bridge mode and then use the mikrotik to do the routing dhcp server etc. This way you avoid double natting. Personally i use a rb951g wifi init Setup some firewall rules, nat on your wan interface, create a bridge and add your wifi interface and all your ether port...

expert

Hi,
I'm planning new home setup where main router will be RB3011UiAS-RM (yeah, I have rack).
However, with switch I'm not decided, which would you buy if you have option?

CRS125-24G-1S-RM (cheaper, more memory & better cpu)
CRS226-24G-2S+RM (two SFPs for future upgrades)

expert

Does it solve the following Metarouter issue? http://forum.mikrotik.com/viewtopic.php?f=15&t=115422

expert

did you find a ROS version that works?

I have upgraded my old RB450G from 5.26 (worked) to 6.37.3 (not working). I'm not going to downgrade 6.37->6.36->... until I find version that works.

It seems to be bug of Router OS, but who cares?

expert

Is it the same problem as in my question http://forum.mikrotik.com/viewtopic.php?f=15&t=115422 ?

expert

Hello, I'm trying to run metarouter on my RB450G, software version 6.37.3. Am I doing something wrongly? [expert@rb] /metarouter> add name="test" memory-size=32 [expert@rb] /metarouter> console test [Ctrl-A is the prefix key] Starting... Generating SSH 2048bit RSA host key... Generating SS...

expert

For running RouterOS in MetaRouter you don't need an image! That is the default image. Are you sure? It does not work for me. It's RB450G, ROS 6.37.2. [expert@rb] /metarouter> add name="test" memory-size=32 [expert@rb] /metarouter> console test [Ctrl-A is the prefix key] Starting... Gener...

expert

Do exists some more images other than OpenWRT?
Found short note on Debian/DebWRT http://dev.debwrt.net/ticket/274 but there seems not be any progress.
It it possible to run RouterOS in metarouter?

expert

Latest images found there: http://openwrt.wk.cz/

Search found 97 matches