Community discussions

Search found 396 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 8
by R1CH
Wed Feb 14, 2018 12:18 pm
Forum: RouterBOARD hardware
Topic: CAP ac bad Antenna design?
Replies: 17
Views: 1147

Re: CAP ac bad Antenna design?

wAP and cAP is not a fair comparison, wAP is a waterproof device, designed to also be used outdoors. It has a different antenna design. Are there antenna patterns for the devices anywhere so we can see how best to utilize their antenna designs? 10dB difference between products is massive, especiall...
by R1CH
Tue Feb 13, 2018 11:56 am
Forum: Scripting
Topic: DHCP lease script to update routes and rules
Replies: 0
Views: 60

DHCP lease script to update routes and rules

Hello, I'm very new to Mikrotik scripting (and already hate the extremely bad syntax and lack of error reporting!). I have four WAN links with four DHCP clients, first one with a default route and the others without. I'm trying to use a DHCP lease script on the 3 DHCP clients without a default route...
by R1CH
Mon Feb 12, 2018 6:14 pm
Forum: RouterBOARD hardware
Topic: CAP ac bad Antenna design?
Replies: 17
Views: 1147

Re: CAP ac bad Antenna design?

Even with reduction in chain count, this shouldn't affect signal strength. The difference between -72 and -84 is quite large. Is the TX power the same? Can you test without any of the cases on?
by R1CH
Sat Feb 03, 2018 12:47 am
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 47
Views: 6392

Re: MikroTik News February 2018 (Issue #80)

So its my understanding that the new hap ac has wave 2 support? Does that mean that the driver does as well? i.e. does it support all features of wave2 already or will that come at a later stage? Can the AP transmit to multiple clients on different spatial streams simultaneously? Currently we don't...
by R1CH
Tue Jan 23, 2018 3:57 am
Forum: General
Topic: Multiple download interfaces for queue tree
Replies: 2
Views: 108

Re: Multiple download interfaces for queue tree

Hmm I wasn't aware simple queues could have priority and hierarchy. Not so simple after all!
by R1CH
Mon Jan 22, 2018 10:13 am
Forum: General
Topic: Multiple download interfaces for queue tree
Replies: 2
Views: 108

Multiple download interfaces for queue tree

Assume the following setup: 4 WAN links (ether1, ether2, ether3). 6 local VLANs (vlan1, vlan2, ...) on sfp1 Several of the VLANs map 1:1 with a WAN link, ie each VLAN gets a routing mark sending their traffic out a particular WAN interface. I want to attach a queue tree to limit upload / download to...
by R1CH
Fri Jan 05, 2018 8:11 am
Forum: Wireless Networking
Topic: WiFi AP speed Issue, multiple devices affected
Replies: 11
Views: 466

Re: WiFi AP speed Issue, multiple devices affected

If you've really installed 200 there is interference simply from the beacons. 20mbps from a phone over 2.4 GHz sounds pretty decent given how bad 2.4 GHz is these days. Try forcing G/N only to remove some of the beacon overhead.
by R1CH
Thu Jan 04, 2018 7:45 pm
Forum: Beginner Basics
Topic: Why are ports 8291 and 8888 visible?
Replies: 3
Views: 178

Re: Why are ports 8291 and 8888 visible?

You should drop all inbound traffic with an chain=input action=drop rule. Not doing so will turn your router into a DDoS participant soon enough since you'll be an open resolver.
by R1CH
Mon Dec 18, 2017 11:35 pm
Forum: RouterOS v7
Topic: Feature request: Static DNS NXDOMAIN
Replies: 3
Views: 225

Feature request: Static DNS NXDOMAIN

Some domains I'd like to block with NXDOMAIN, eg known malware sites, wpad, etc. Currently ROS forces you to enter an IP for entries. While 0.0.0.1 and 255.255.255.255 work for Windows, this only works because the Windows DNS client rejects invalid IPs in responses. If you actually query the DNS ser...
by R1CH
Mon Dec 18, 2017 11:32 pm
Forum: RouterOS v7
Topic: Feature request: TLS SNI match - classify traffic based on TLS hostnames
Replies: 2
Views: 470

Re: Feature request: TLS SNI match - classify traffic based on TLS hostnames

This would be great for traffic classification and also solve a lot of the "How do I block this HTTPS site" posts we see quite often.
by R1CH
Sun Dec 10, 2017 1:04 pm
Forum: General
Topic: Huge delay during TCP Initial Handshake
Replies: 26
Views: 911

Re: Huge delay during TCP Initial Handshake

MTU issue, use clamp-mss mangle rule.
by R1CH
Tue Dec 05, 2017 7:30 pm
Forum: Wireless Networking
Topic: HAP AC: Low latency WLAN for TPCast-tracking
Replies: 1
Views: 123

Re: HAP AC: Low latency WLAN for TPCast-tracking

I'm also curious about this. I have an excellent connection (-45 dBm, 90+ CCQ) yet I still see 2ms as my lowest ping time. With other vendors I've seen < 1ms.
by R1CH
Mon Nov 20, 2017 11:17 pm
Forum: Wireless Networking
Topic: RB951G-2HnD: wireless 300Mbps, how to?
Replies: 7
Views: 621

Re: RB951G-2HnD: wireless 300Mbps, how to?

Your previous router was probably 802.11ac, you should get a hAP AC if you want a comparable product from Mikrotik. The RB951G-2HnD is rather old, 2.4 GHz 802.11n will not go very far speed-wise.
by R1CH
Mon Nov 20, 2017 2:42 pm
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 37
Views: 1985

Re: Band Steering implementation?

What kind of clients don't do this by default? At least Apple devices and modern Windows laptops always prefer 5GHz by themselves. Client decides these things, but if you want to FORCE something else, you can use the Access List settings and set required signal levels etc. Android has no "prefer 5 ...
by R1CH
Sat Nov 18, 2017 2:58 pm
Forum: Wireless Networking
Topic: Can I connect MikroTik to WiFi and then to my Set-Top box via Ethernet to grant internet access to it? [SOLVED]
Replies: 32
Views: 854

Re: Can I connect MikroTik to WiFi and then to my Set-Top box via Ethernet to grant internet access to it? [SOLVED]

Just do a netinstall and configure it via ethernet. Trying to set it up over wireless will be very frustrating as every time you change a setting you will be disconnected.

https://wiki.mikrotik.com/wiki/Manual:Netinstall
by R1CH
Sat Nov 18, 2017 1:25 am
Forum: Wireless Networking
Topic: Can I connect MikroTik to WiFi and then to my Set-Top box via Ethernet to grant internet access to it? [SOLVED]
Replies: 32
Views: 854

Re: Can I connect MikroTik to WiFi and then to my Set-Top box via Ethernet to grant internet access to it? [SOLVED]

The manual is indeed useless for this device, I ended up just doing netinstall with a config reset for my mAP Lite. I really dislike this trend of devices shipping with access from wifi side only!
by R1CH
Sat Nov 18, 2017 12:34 am
Forum: Wireless Networking
Topic: Reducing TX Power on mAP Lite
Replies: 0
Views: 131

Reducing TX Power on mAP Lite

I'm setting up a mAP Lite to use as a hotel internet hotspot. I'd like to reduce how far my signal travels for privacy. I've set my tx power to 0 and even tried things like -10 and using a very high antenna gain setting with regulatory-domain, but the total TX power shows up as 0 and total TX power ...
by R1CH
Tue Nov 07, 2017 1:39 pm
Forum: General
Topic: Interesting firewall challange
Replies: 6
Views: 1262

Re: Interesting firewall challange

Even without DoS issues, Puma chipset based modems are garbage. If you're an ISP I would seriously look into what it takes to return them all to the manufacturer as they are not fit for their marketed purpose. They have high latency jitter and often packet loss for no discernible reason, even in bri...
by R1CH
Sun Oct 22, 2017 3:35 pm
Forum: General
Topic: new botnet effects Mikrotik. IoT_reaper
Replies: 3
Views: 639

Re: new botnet effects Mikrotik. IoT_reaper

Probably the HTTP server content length exploit. Should be fine if you're up to date.
by R1CH
Thu Oct 19, 2017 2:34 pm
Forum: General
Topic: Specific URL link Block in Mikrotik Router
Replies: 3
Views: 309

Re: Specific URL link Block in Mikrotik Router

To further clarify, it won't be possible at all no matter what product you use, unless you install new root CA certificates on every device accessing the network. You can't intercept HTTPS, because it's designed to avoid that, the best you can do is block entire domains (via Ip, DNS or SNI inspectio...
by R1CH
Thu Oct 19, 2017 2:30 pm
Forum: General
Topic: Did Fasttrack break with recent updates?
Replies: 6
Views: 571

Re: Did Fasttrack break with recent updates?

Have you checked your CPU use to see if's actually maxing out with non-fasttracked traffic?
by R1CH
Thu Oct 19, 2017 12:20 am
Forum: RouterBOARD hardware
Topic: wAP AC product updates
Replies: 0
Views: 285

wAP AC product updates

My new wAP AC just arrived and I was surprised to find it came with a desktop stand and the "special screw" that secures the bottom door is now a regular Philips head. Were there any updates to the device itself? The product page still mentions "The bottom door can also be secured with a special scr...
by R1CH
Mon Oct 16, 2017 3:50 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 83076

Re: RouterOS NOT affected by WPA2 vulnerabilities

It's important to note that this is a client vulnerability - patching your router / AP does not prevent the attack from working on connected devices. You need to update almost every device that has WPA2 support.
by R1CH
Mon Oct 16, 2017 1:55 pm
Forum: Wireless Networking
Topic: Upcoming WPA2 Security Flaw
Replies: 2
Views: 326

Re: Upcoming WPA2 Security Flaw

Mikrotik response is at viewtopic.php?f=21&t=126695 for those who missed it.
by R1CH
Sun Oct 15, 2017 10:29 pm
Forum: Wireless Networking
Topic: When coming AC Wave2 chip?
Replies: 38
Views: 3643

Re: When coming AC Wave2 chip?

Ubiquiti recently came out with their 4x4 Wave2 AP with MU-MIMO. Hopefully we see something from Mikrotik in response!

https://unifi-shd.ubnt.com/
by R1CH
Sun Oct 15, 2017 10:18 pm
Forum: Wireless Networking
Topic: Upcoming WPA2 Security Flaw
Replies: 2
Views: 326

Upcoming WPA2 Security Flaw

https://twitter.com/kennwhite/status/919522184384729089

Sounds scary, hopefully whatever this is can be patched with firmware updates and we don't have to throw away all our radios :D. I hope Mikrotik are keeping an eye on these developments.
by R1CH
Wed Oct 11, 2017 5:18 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 91417

Re: v6.41rc [release candidate] is released! New bridge implementation!

!) detnet - implemented "/interface detect-internet" feature; https://wiki.mikrotik.com/wiki/Manual:Detect_internet Is this feature feature optional if someone does not want their router to contact cloud.mikrotik.com every minute? Is it just cosmetic (ie: " this interface is 'WAN' just FYI ") or is...
by R1CH
Fri Oct 06, 2017 12:25 pm
Forum: General
Topic: Mikrotik Hotspot SSL Error ? What is Error Problem ?
Replies: 13
Views: 1409

Re: Mikrotik Hotspot SSL Error ? What is Error Problem ?

This is purely a client side detection. You cannot implement anything differently, it's entirely up to the client to detect the hotspot and redirect to the login page. Modern versions of Chrome for desktop now detect this situation, in addition to Android doing it automatically. https://security.sta...
by R1CH
Thu Oct 05, 2017 2:24 pm
Forum: Wireless Networking
Topic: sharing the same ssid and password
Replies: 5
Views: 324

Re: sharing the same ssid and password

Same SSID different frequency is best.
by R1CH
Wed Oct 04, 2017 9:02 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 16658

Re: v6.40.4 [current]

*) wireless - improved WPA2 key exchange reliability;

What specifically improved? Thanks
I'm also curious about the technical details of this change.
by R1CH
Wed Oct 04, 2017 7:20 pm
Forum: Wireless Networking
Topic: sharing the same ssid and password
Replies: 5
Views: 324

Re: sharing the same ssid and password

Yes, this will work. Roaming decision is up to client though.
by R1CH
Thu Sep 28, 2017 1:48 pm
Forum: General
Topic: Forwarding traffic from Virtual AP to VPN: performance issues
Replies: 6
Views: 464

Re: Forwarding traffic from Virtual AP to VPN: performance issues

If enabling Torch improves things, it would seem to indicate that hardware offload is breaking somewhere (fastpath / fasttrack).
by R1CH
Tue Sep 26, 2017 2:27 pm
Forum: General
Topic: problem with hack attack
Replies: 6
Views: 667

Re: problem with hack attack

Sorry but that isn't true. Twitch is not peer to peer, it's not possible to get a streamers IP. The problem likely appears when streaming to Twitch is because Twitch has the highest concentration of trolls who like to disrupt streams. They are finding the IP some other way as mentioned above.
by R1CH
Wed Sep 20, 2017 5:54 pm
Forum: General
Topic: problem with hack attack
Replies: 6
Views: 667

Re: problem with hack attack

Twitch doesn't leak IP addresses. Playing on unknown servers, voice chat, P2P games, Skype, etc are the more likely causes.
by R1CH
Tue Sep 19, 2017 2:13 pm
Forum: General
Topic: Seeing about 70 kbits per second from my ISP Modem constantly even when idle [SOLVED]
Replies: 3
Views: 346

Re: Seeing about 70 kbits per second from my ISP Modem constantly even when idle [SOLVED]

The packets are not addressed to you, so the firewall does not process them. And you answered your own question - the modem is in bridge mode, so it passes any traffic from the HFC network to your Mikrotik.
by R1CH
Tue Sep 19, 2017 1:33 am
Forum: General
Topic: Misplaced ARPs
Replies: 6
Views: 453

Re: Misplaced ARPs

Seems like a pretty serious design flaw somewhere if exporting the configuration can cause routing changes! Would love to know the root cause of this one.
by R1CH
Tue Sep 19, 2017 1:31 am
Forum: General
Topic: Seeing about 70 kbits per second from my ISP Modem constantly even when idle [SOLVED]
Replies: 3
Views: 346

Re: Seeing about 70 kbits per second from my ISP Modem constantly even when idle [SOLVED]

Other traffic from customers on the same node as you. Probably all ARP and DHCP.
by R1CH
Sun Sep 03, 2017 11:34 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 46
Views: 3339

Re: CCR1036 Power Supply

I guess I'll be going with the revised CCR1009 then and hope its fast enough for all the queues I want to use. Judging by this thread it looks like the CCR1036 will overheat and die on me since it won't be installed in some datacenter with super low ambient temperatures.
by R1CH
Sun Sep 03, 2017 11:17 pm
Forum: General
Topic: Hotspot Attack ( high CPU use )
Replies: 9
Views: 1018

Re: Hotspot Attack ( high CPU use )

If 100kbps of traffic causes 100% CPU use you have much bigger problems...

Use Tools / Profile to find out where the CPU is spent.
by R1CH
Thu Aug 31, 2017 8:30 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 46
Views: 3339

Re: CCR1036 Power Supply

We do plan to release a replacement 1036 in near future
Is this a possibility before 2018? As someone about to buy my first CCR1036 I'd prefer to avoid the model that's about to be EOL, but I need it before the end of the year.
by R1CH
Thu Aug 31, 2017 12:46 am
Forum: General
Topic: Hotspot users accounts Hacking
Replies: 4
Views: 885

Re: Hotspot users accounts Hacking

No way to fix this, 802.11 protocol simply doesn't have any security if you run an open network. 802.1x is the only reasonably secure way to handle it but good luck having your customers accept it.
by R1CH
Thu Aug 31, 2017 12:07 am
Forum: General
Topic: Hotspot Queue HTTPS vs HTTP
Replies: 6
Views: 556

Re: Hotspot Queue HTTPS vs HTTP

Transparent proxy means MT intercepts HTTP, so the source of HTTP traffic is now the MT box - it doesn't hit the queue.
by R1CH
Tue Aug 29, 2017 7:07 pm
Forum: General
Topic: Feature Request: DHCP Reverse DNS
Replies: 4
Views: 561

Re: Feature Request: DHCP Reverse DNS

It's possible to do this with scripts, but they have to run periodically to add / remove entries. Having this natively supported from the DHCP server would be much nicer.
by R1CH
Mon Aug 21, 2017 3:09 pm
Forum: General
Topic: MikroTik's GPL compliance regarding RouterOS
Replies: 23
Views: 3657

Re: MikroTik's GPL compliance regarding RouterOS

Public discussions are one of the only tools users have to fix GPL compliance (unless one of the copyright holders wants to take legal action). I only want to achieve proper GPL compliance, it's not like I want the collapse of Mikrotik that you seem to imply open source would bring :).
by R1CH
Mon Aug 21, 2017 3:01 pm
Forum: General
Topic: MikroTik's GPL compliance regarding RouterOS
Replies: 23
Views: 3657

Re: MikroTik's GPL compliance regarding RouterOS

Just curious, what do you need the sources for, if you don't even use the software? Just to ask? I want the sources to check that any modifications are implemented in an efficient and secure way to increase my confidence in the product (that I use). But the reason is not important, everyone has a r...
by R1CH
Mon Aug 21, 2017 2:38 pm
Forum: General
Topic: MikroTik's GPL compliance regarding RouterOS
Replies: 23
Views: 3657

Re: MikroTik's GPL compliance regarding RouterOS

by hiding the license Hidden, really? The link is on the front-page of WebFig of each and every router: 2017-08-21_113635.png You shouldn't have to install the software before finding the license. Distributing the binaries without the source or an offer of source is a violation. 3. You may copy and...
by R1CH
Mon Aug 21, 2017 2:28 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 46
Views: 3339

Re: CCR1036 Power Supply

Well that's not very reassuring :( I'm sure there are many other 24V 4A power supplies out there that are more reliable, just wondering about compatibility with the cable to the CCR. Has anyone tried this? Also how easy is the power supply to replace for a non-technical user if I just ship a bunch o...
by R1CH
Mon Aug 21, 2017 4:24 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 46
Views: 3339

Re: CCR1036 Power Supply

As far as I know, the last 6-8 months we are shipping units with an improved PSU, the C10 has been changed to a better one. Some parts have been changed to better handle the heating. Is there any way for a distributor to tell if they have the fixed version? I'm looking to deploy my first CCR1036 so...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 8