Community discussions

Search found 321 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7
by xvo
Tue Oct 30, 2018 12:11 am
Forum: Beginner Basics
Topic: Mikrotik 3011 VLAN setup voice + data
Replies: 60
Views: 4685

Re: Mikrotik 3011 VLAN setup voice + data

Just to give some information about this setup. It is the old way by using many VLAN. From 6.41 you can use Bridge aware VLAN. Se some example here: https://forum.mikrotik.com/viewtopic.php?t=138232 ...and the config above is exactly a vlan-aware bridge. Aka "the new way". "The old way" would be а ...
by xvo
Mon Oct 29, 2018 4:38 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3075

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Wont have time to work on this until later but the Bridge VLAN tab has the following selection (talking HEX). Bridge - assume my home bridge goes here VLAN ID - assume pvid 100 goes here Tagged - ? Untagged - ? There are two more entries but they do not look modifiable current tagged and current un...
by xvo
Mon Oct 29, 2018 11:12 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3075

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

1) When you said create vlan interface for guest users on your bridge , I assumed this meant my current bridge, which my LAN resides. (in other words no need to create a new bridge). Yes, you can use your default bridge. 2) Next you want me to go to BRIDGE winbox menu selection (not interface menu ...
by xvo
Mon Oct 29, 2018 12:43 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3075

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Wonderful xvo, that is great news to hear. What I assume is that I will need to identify/create a VLAN for the guest wifi, call it VLAN100 on the HEX I will have to create an address group and DHCP server for the VLAN (as I do want these device to get a different LAN nomenclature, lets call it 192....
by xvo
Sun Oct 28, 2018 10:27 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3075

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Hi xvo, I have been reading many of your replies on the forums, and just wanted to state I find them very helpful (big thanks!). Always a pleasure to hear, thanks! Okay I got it working without any IP configuration. All I was missing was adding the virtual interface to the bridge BY WAY OF ASSIGNIN...
by xvo
Sat Oct 27, 2018 1:21 am
Forum: General
Topic: loop protect between two ccr
Replies: 5
Views: 644

Re: loop protect between two ccr

Why don't you want to make a bonding with this two interfaces?
by xvo
Sat Oct 27, 2018 1:03 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3075

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

If you want clients of that guest AP to be treated somehow special (limited access, limited speed, etc) you need to create a different ip configuration attached to it: address, dhcp-server and a set of firewall rules to define that special behaviour. And since everything seems to be configured on yo...
by xvo
Thu Oct 25, 2018 12:33 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 24667

Re: v6.42.9 [long-term] is released!

Bridge always worked that way and if suddenly bridge with inactive (no ports) will not have running flag, it will break all configurations with loopbacks and other configurations where bridge is used as dummy interface. Well, there can be an option to choose the desired behaviour: to leave a runnin...
by xvo
Wed Oct 24, 2018 2:41 pm
Forum: General
Topic: IPV6 to remote site over IPV4 VPN
Replies: 4
Views: 593

Re: IPV6 to remote site over IPV4 VPN

What type of VPN?
by xvo
Tue Oct 23, 2018 8:11 pm
Forum: Beginner Basics
Topic: IPsec tunnel wan failover
Replies: 3
Views: 819

Re: IPsec tunnel wan failover

Sorry for taking a long time to answer. ROS versión: 6.43.4 The problem is not the peer, it is established correctly. The problem is the duplicate policy with different SA src address, one of them become invalid. [admin@C1] /ip ipsec> remote-peers print detail Flags: R - responder, N - natt-peer 0 ...
by xvo
Mon Oct 22, 2018 5:02 pm
Forum: SwOS
Topic: Connecting to a switch behind a router from the Internet
Replies: 4
Views: 1734

Re: Connecting to a switch behind a router from the Internet

XVO, much appreciate you reply. I will go with the "worse" option. Please excuse my ignorance, could you advise how I could do that? I cannot see the option to forward the port on the hEX router. Port 5 on the hEX is connected to Port 1 of the switch. You need: 1) A dst-nat rule in your IP --> Fire...
by xvo
Sun Oct 21, 2018 1:34 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 16639

Re: MUM Europe 2018 - New hardware incoming

CRS354-48G-4S+2Q+
CRS354-48P-4S+2Q+
CRS332-32S+RM

Will be these ever released ?
By the way, if anyone noticed, CRS332-32S+RM has now became CRS326-24S+2Q+RM
https://mum.mikrotik.com/presentations/ ... 023534.pdf
by xvo
Sat Oct 20, 2018 3:45 pm
Forum: Beginner Basics
Topic: Migrate CCR 1009 to CCR 1036
Replies: 3
Views: 589

Re: Migrate CCR 1009 to CCR 1036

hello
I search the method for migrate my CCR1009 to my new CCR1036.
The combo port is not present in the CCR1036.
Should i modify manually the backup file before "import" ?
Thank for your advice.
JM.
You shouldn't use a backup file on the hardware of different type from the one it was created on.
by xvo
Sat Oct 20, 2018 11:53 am
Forum: Beginner Basics
Topic: What is discover mactel mac-winbox line, in interface list member [SOLVED]
Replies: 2
Views: 978

Re: What is discover mactel mac-winbox line, in interface list member [SOLVED]

"discover" list is by default used to specify interfaces on which neighbour discovery works. "mactel" list of interfaces from which mac-telnet server is availible. "mac-winbox" the same for accessing the router by mac address in winbox. If I remember correctly, on blank config all of this is allowed...
by xvo
Sat Oct 20, 2018 11:34 am
Forum: SwOS
Topic: Connecting to a switch behind a router from the Internet
Replies: 4
Views: 1734

Re: Connecting to a switch behind a router from the Internet

You can:
1) (worse) Open a port on hEX and forward it to web interface of the switch.
2) (better) Run a VPN server on hEX, so that you can connect to the whole your internal network from outside in a secure way.
by xvo
Sat Oct 20, 2018 12:21 am
Forum: Beginner Basics
Topic: IPsec tunnel wan failover
Replies: 3
Views: 819

Re: IPsec tunnel wan failover

What is your ROS version?
What's new in 6.43.4 (2018-Oct-17 06:37):

Changes in this release:

*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
by xvo
Sat Oct 20, 2018 12:17 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 12218

Re: Newsletter #84

Ideally to have 4 x SFP+ and 10 1 GbE ports!. so if down stream switches can get 10 Gbps speeds.
I'm almost sure something like this is to be released in a foreseeable future.
And you can even guess a price for it looking at the price of current CCR1036.
I think you got my point :)
by xvo
Fri Oct 19, 2018 11:16 am
Forum: Beginner Basics
Topic: 6in4 endpoint
Replies: 4
Views: 548

Re: 6in4 endpoint

Yes, you can. maybe anyone has an example? I know that ROS has /interface 6to4 but since 6in4 (STI) and 6to4 (STF) are NOT the same, the wiki article is misleading: https://wiki.mikrotik.com/wiki/Manual:IPv6_Overview#6to4_.286in4.29_tunnels https://en.wikipedia.org/wiki/6to4 https://en.wikipedia.or...
by xvo
Fri Oct 19, 2018 1:06 am
Forum: Beginner Basics
Topic: 6in4 endpoint
Replies: 4
Views: 548

Re: 6in4 endpoint

Yes, you can.
by xvo
Fri Oct 19, 2018 12:54 am
Forum: General
Topic: Cant ping one network device via GRE while able to ping all other devices.
Replies: 3
Views: 266

Re: Cant ping one network device via GRE while able to ping all other devices.

I suggest you to try to find the step on which the packet from A network to your mysterious host on B is lost:
use torch, packet sniffer or just create a couple of rules on top of the firewall forward chain both on A and B routers - one rule for way from A network to x.x.x.10, and one for way back.
by xvo
Thu Oct 18, 2018 12:28 am
Forum: General
Topic: Cant ping one network device via GRE while able to ping all other devices.
Replies: 3
Views: 266

Re: Cant ping one network device via GRE while able to ping all other devices.

And nothing special about x.x.x.10 in mikrotikB config?
No firewall/NAT?
by xvo
Wed Oct 17, 2018 11:24 pm
Forum: Beginner Basics
Topic: Hosts from 2 LAN's can't reach each other
Replies: 2
Views: 260

Re: Hosts from 2 LAN's can't reach each other

In default config there is only one member of interface list "LAN"- the default "bridge".
And all firewall is build around interface lists "LAN" and "WAN".
So you need to add "wlan1" interface to interface list "LAN" and 99% that it will resolve the issue.
by xvo
Tue Oct 16, 2018 8:49 pm
Forum: General
Topic: Routes for VPN clients.
Replies: 2
Views: 244

Re: Routes for VPN clients.

Windows machines can listen to RIP.
by xvo
Tue Oct 16, 2018 5:28 pm
Forum: Beginner Basics
Topic: Capsman Cap client unable to ping one another
Replies: 2
Views: 334

Re: Capsman Cap client unable to ping one another

Seems that in the provision for cap AC “Client to client forwarding” is set to “no”.
by xvo
Sun Oct 14, 2018 11:09 am
Forum: Beginner Basics
Topic: How to set up vlan on it's own subnet?
Replies: 1
Views: 250

Re: How to set up vlan on it's own subnet?

You don't need VLANs for what you are trying to achieve: just remove wlan1 from the bridge and attach ip configuration to it directly.
by xvo
Wed Oct 10, 2018 10:04 am
Forum: General
Topic: Help Please - PC's not seeing other PC's on same Port. [SOLVED]
Replies: 2
Views: 222

Re: Help Please - PC's not seeing other PC's on same Port. [SOLVED]

There can be such setting on the switch - port isolation or something like that, depending on a switch manufacturer.
But this has nothing to do with the mikrotik.
by xvo
Wed Oct 10, 2018 10:01 am
Forum: General
Topic: Connect to Mikrotik Router via MAC address
Replies: 4
Views: 471

Re: Connect to Mikrotik Router via MAC address

There is an option to run a specified script (that is stored on flash) after reset. I guess you can make your application create a script with a simple IP config before reset, and run it afterward. Thank you, but I really want to handle all cases, example like hardware reset. If you perform a hardw...
by xvo
Wed Oct 10, 2018 2:22 am
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1003

Re: Problem with 6to4 inside PPPoE [SOLVED]

So what MTU do you have on the 6to4 after all?
And in the HE cabinet?
by xvo
Tue Oct 09, 2018 6:27 pm
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1003

Re: Problem with 6to4 inside PPPoE [SOLVED]

But I have tried auto, 1500 (upping my L2 MTU), 1492, 1488, 1480 (which is the one that gets selected when I say "auto"). PPPoE default is 1492, 6to4 substracts 20 (that is why “auto” is 1480=1500-20), so you should at least try 1472. And specify it on both ends - yours and in HE settings as well. ...
by xvo
Tue Oct 09, 2018 3:17 pm
Forum: General
Topic: VLAN project. Need help
Replies: 6
Views: 645

Re: VLAN project. Need help

Second. But on 6.43 there is an easier way: /interface vlan add interface=bridge-vlan name=vlan4 vlan-id=4 add interface=bridge-vlan name=vlan17 vlan-id=17 add interface=bridge-vlan name=vlan424 vlan-id=424 /interface bridge add name=bridge-vlan vlan-filtering=yes /interface bridge port add bridge=b...
by xvo
Tue Oct 09, 2018 3:06 pm
Forum: Beginner Basics
Topic: Pinging from VLAN interface not working
Replies: 3
Views: 268

Re: Pinging from VLAN interface not working

And also you need to specify out-interface=ether1 for your masquerade rule.
Otherwise it changes src-address to the router's addresses for everything that passes through it.
by xvo
Tue Oct 09, 2018 2:59 pm
Forum: Beginner Basics
Topic: Pinging from VLAN interface not working
Replies: 3
Views: 268

Re: Pinging from VLAN interface not working

For sure it does!
When you specify a port it tries to ping TO this port, not FROM this port.
And since you don't have 8.8.8.8 available through any of your vlans - it timeouts.
by xvo
Tue Oct 09, 2018 1:57 pm
Forum: General
Topic: Connect to Mikrotik Router via MAC address
Replies: 4
Views: 471

Re: Connect to Mikrotik Router via MAC address

There is an option to run a specified script (that is stored on flash) after reset.
I guess, you can make your application create a script with simple ip config before reset, and run it afterwards.
by xvo
Sun Oct 07, 2018 7:34 pm
Forum: General
Topic: MacOS Winbox features and limitations
Replies: 4
Views: 845

Re: MacOS Winbox features and limitations

MAC Winbox and ROMON are working on the build from joshaven.
Ctrl-C and ctrl-V as well (ctrl-, not cmd-).
Drag’n’drop does’t work, but that’s no big deal.
The rest: there is some oddity, when pasting to terminal, but again - no big deal.
by xvo
Fri Oct 05, 2018 2:20 am
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 3557

Re: RB4011 - Poll - ONE thing you'd change

The sweet spot would be 2x SFP+, 2x 10GBase-T, 10x 2.5GBase-T.
Such ports config would place it between CCR1036 and CCR1072 (or actually above CCR1072 because it'd give 85G theoretical throughput)
Not that it really matters, but 2x10G + 2x10G + 10x2,5G = 65G :lol:
by xvo
Wed Oct 03, 2018 1:12 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 354
Views: 60937

Re: RB4011

The module would seem to be compatible at the hardware level. Jokes aside, the SFP+ port in 4011 is already confirmed to have some bizarre limitations - no passive DACs support, for example. Whether this is a hardware or software issue is an open question for now, but it clearly indicates, that som...
by xvo
Wed Oct 03, 2018 12:54 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 354
Views: 60937

Re: RB4011

Isn't this compatible with the S-RJ01 ? Someone might want to use it for some reason. It is not shown as a related product. i think you must use S+RJ10 instead. What if someone already has an S-RJ01 but no gigabit+ service yet? Then the router will definitely change it's own internal architecture (...
by xvo
Thu Sep 27, 2018 4:29 pm
Forum: General
Topic: Switch can't get IP address [SOLVED]
Replies: 7
Views: 399

Re: Switch can't get IP address [SOLVED]

The reason is the response for DHCP offer never got back to the router, because it was not tagged with the proper vlan tag by the switch.
by xvo
Thu Sep 27, 2018 3:01 pm
Forum: General
Topic: Switch can't get IP address [SOLVED]
Replies: 7
Views: 399

Re: Switch can't get IP address [SOLVED]

Have you added cpu to /interface ethernet switch ingress-vlan-translation as well?
by xvo
Thu Sep 27, 2018 12:25 pm
Forum: General
Topic: Switch can't get IP address [SOLVED]
Replies: 7
Views: 399

Re: Switch can't get IP address [SOLVED]

First of all you need to add switch cpu as a member of vlan on which you want to get an address (vlan-id=11, i guess).
And also you may also need to move vlan11 interface from ether1 to bridge1.
by xvo
Thu Sep 27, 2018 11:37 am
Forum: General
Topic: How to create two vlan and two dhcp servers
Replies: 2
Views: 271

Re: How to create two vlan and two dhcp servers

Just do exactly as you wrote yourself: 1) Create vlan-interface on top of port 2 with vlan-id=10 2) Create vlan-interface on top of port 3 with vlan-id=20 3) Assign addresses to this vlan-interfaces 4) Create DHCP servers on top of this vlan-interfaces As a result the traffic on port2 and port3 will...
by xvo
Thu Sep 27, 2018 11:14 am
Forum: General
Topic: Firewall Rules not working
Replies: 3
Views: 289

Re: Firewall Rules not working

Winbox has a possibility to work on Level 3 - when you connect to IP address, and on level 2 - when you connect to MAC address. Firewall works on level 3. To restrict the ability to connect to winbox by MAC from some ports, look here: /tool mac-server mac-winbox export And then remove unwanted inter...
by xvo
Thu Sep 27, 2018 1:04 am
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 1360

Re: Hardware offload on sfp port in hEX S mmips

Thank you for the answer. It's a good diagram, but I want to know why in the system resources show separately from system resource cpu? I don't really get, what you mean. On your screenshot: In CPU you have the load: 52% + 6% + 8% + 13% = 79% out of 400% That's 19,75% of the whole CPU In system res...
by xvo
Wed Sep 26, 2018 9:00 pm
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 1360

Re: Hardware offload on sfp port in hEX S mmips

No surprise.
It's a router, not a switch.
And you can easily predict this behaviour just looking at the block diagram.

Image
by xvo
Wed Sep 26, 2018 6:31 pm
Forum: Wireless Networking
Topic: How can I enable a device to connect wifi for only 2 hours per day without setting hotspot
Replies: 7
Views: 731

Re: How can I enable a device to connect wifi for only 2 hours per day without setting hotspot

You can use Time under access list rule, never tried it, but should work.
That won't work.
And the kid control feature as well.
They both can only restrict the hour ranges when the client can stay connect, not the total connected time per day.
by xvo
Wed Sep 26, 2018 1:42 pm
Forum: General
Topic: PCQ the VLANs
Replies: 15
Views: 1175

Re: PCQ the VLANs

XVO was right, I just changed the masks from 32 to 27 in queue types and it worked as desired, sweet. As much as i'd like to say solved, not quite yet. I have one subnet (hotspot) that is a /23 and the rest are all /27. Yes I could make them all /23 but that's yuk and not proper. Anyone have any id...
by xvo
Tue Sep 25, 2018 8:36 pm
Forum: Beginner Basics
Topic: Site to Site IPSec between two Mikrotik Routers
Replies: 7
Views: 700

Re: Site to Site IPSec between two Mikrotik Routers

I've had this when I messed up with the routes on one of the routers. On the second one i had a time up error. Double check firewalls and routes on both of the routers to be sure not only icmp passes, but everything else. To rule out the firewall add the temporary rules accepting everything from the...
by xvo
Tue Sep 25, 2018 11:59 am
Forum: General
Topic: 3011 and adding static route
Replies: 2
Views: 171

Re: 3301 and adding static route

I believe in WinBox IP>Routes>Add 10.0.0.0/8 bridge - reachable Pref source 192.168.1.4 can't really be that easy right? If I understood you correctly the 10.0.0.0/8 is behind the 192.168.1.4? Then it would be just: IP>Routes>Add Dst. Address: 10.0.0.0/8 Gateway: 192.168.1.4 And that would be all.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 7