Community discussions

Search found 439 matches

  • 1
  • 2
by xvo
Thu Sep 12, 2019 3:24 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 196
Views: 36740

Re: RouterOS v7.0beta1 (ARM)

We would appreciate further compartmentalizing of Router OS features to increase device efficiency and reduce attack surface. Put SMB, Torrent, and other things that have no place in ISP infrastructure into another package. Put BGP, MPLS, and other things that have no place in consumer devices into...
by xvo
Thu Sep 12, 2019 3:17 pm
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 53
Views: 3915

Re: Country Code [SOLVED]

If there is no other information. You have to broadcast the region for Mikrotik with another device. 😂 Smartphones and other mobile devices have GPS, they don't need 802.11d at all. Out of curiosity looked what regions do APs around broadcast at the moment, only half of them are set to the correct ...
by xvo
Thu Sep 12, 2019 1:57 pm
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 53
Views: 3915

Re: Country Code [SOLVED]

I talked about this from the very beginning - re-read it. Only you have a special case in 2010. The new 802.11ac - restriction on visible channels. That is the problem. It's not a special case, It's a long known issue with a known workaround. Although it's not exactly the same problem, it is connec...
by xvo
Thu Sep 12, 2019 12:50 pm
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 53
Views: 3915

Re: Country Code [SOLVED]

Bottom line: devices CAN use 802.11d to help them set the region, but they CAN NOT use ONLY 802.11d, they need something else - gps, whatever. Thus support of 802.11d is nearly useless - all modern devices will set the region without it. no and no again. I have a mikrotik network. Regoin Apple can ...
by xvo
Thu Sep 12, 2019 11:26 am
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 53
Views: 3915

Re: Country Code [SOLVED]

Bottom line: devices CAN use 802.11d to help them set the region, but they CAN NOT use ONLY 802.11d, they need something else - gps, whatever. Thus support of 802.11d is nearly useless - all modern devices will set the region without it. no and no again. I have a mikrotik network. Regoin Apple can ...
by xvo
Thu Sep 12, 2019 11:17 am
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 53
Views: 3915

Re: Country Code [SOLVED]

Bottom line: devices CAN use 802.11d to help them set the region, but they CAN NOT use ONLY 802.11d, they need something else - gps, whatever. Thus support of 802.11d is nearly useless - all modern devices will set the region without it. no and no again. I have a mikrotik network. Regoin Apple can ...
by xvo
Thu Sep 12, 2019 11:04 am
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 53
Views: 3915

Re: Country Code [SOLVED]

not a true statement, on all models since 2012, everything is fine with 802.11d. The AP must broadcast 802.11d. a piece of shit - tp-link even does it. That is a known problem for pre-2012 devices. Your "everything is fine with 802.11d" most likely means that apple no longer uses 802.11d at all, or...
by xvo
Thu Sep 12, 2019 9:43 am
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 53
Views: 3915

Re: Country Code [SOLVED]

not a true statement, on all models since 2012, everything is fine with 802.11d. The AP must broadcast 802.11d. a piece of shit - tp-link even does it. That is a known problem for pre-2012 devices. Your "everything is fine with 802.11d" most likely means that apple no longer uses 802.11d at all, or...
by xvo
Thu Sep 12, 2019 8:12 am
Forum: Wireless Networking
Topic: Country Code [SOLVED]
Replies: 53
Views: 3915

Re: Country Code [SOLVED]

Apple's implementation of 802.11d is a real pain in the ass, indeed. And setting the correct country code on the AP in use won't solve the problem in some cases. For example (at least for some older macbooks's), if there are changes in country regulations, they are not updated in the drivers. So if ...
by xvo
Wed Sep 11, 2019 9:14 pm
Forum: RouterBOARD hardware
Topic: Audience
Replies: 34
Views: 6888

Re: Audience

There won't be one. Audience hasn't got USB port (at least I didn't see it mentioned), so you'll have to use generic PowerLine2ethernet devices.
But it has two ethernet ports, so PWR-LINE-PRO can be used.
by xvo
Tue Aug 06, 2019 7:20 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6266

Re: Microtik router with existing network

The only thought to consider: hEX S have a very weak switch chip implementation - it can't do vlan's in hardware, only in software. It is not a real problem for small loads, but depending of the intra-vlan/inter-vlan ratio it can be a good idea to put a more decent switch between hEX and the rest o...
by xvo
Tue Aug 06, 2019 2:21 pm
Forum: Beginner Basics
Topic: PLEASE HELP - no luck getting it to work / CCR1009-7G-1C-1S+ [SOLVED]
Replies: 24
Views: 1510

Re: 10 hours - no luck getting WAN/INET to work (CCR1009-7G-1C-1S+) [SOLVED]

Here is my config backup! I have not internet still, and router cant still not ping internet from it self. Could it be the routerbord firmware? Mine says 6.45.3 but on download page it says tilegx_3.41.fwf or is that someting else. Just thinking of what it can be as i think Routerbord follows Route...
by xvo
Tue Aug 06, 2019 2:04 pm
Forum: General
Topic: Microtik router with existing network
Replies: 64
Views: 6266

Re: Microtik router with existing network

The only thought to consider: hEX S have a very weak switch chip implementation - it can't do vlan's in hardware, only in software. It is not a real problem for small loads, but depending of the intra-vlan/inter-vlan ratio it can be a good idea to put a more decent switch between hEX and the rest of...
by xvo
Tue Aug 06, 2019 1:38 pm
Forum: Beginner Basics
Topic: Can I setup a hAP ac2 strictly as a WAP?
Replies: 8
Views: 749

Re: Can I setup a hAP ac2 strictly as a WAP?

Uh, wait. You said you wanted to use it as an AP only. Then you should have no WAN interface at all, it should be just bridging (wifi is LAN, ethernet is LAN)... right? Or am I missing something? At this point all real WAN/LAN distinctions are already removed from configuration. That's just names o...
by xvo
Mon Aug 05, 2019 3:27 pm
Forum: Beginner Basics
Topic: Can I setup a hAP ac2 strictly as a WAP?
Replies: 8
Views: 749

Re: Can I setup a hAP ac2 strictly as a WAP?

Thanks! I got my device today and had it configured in minutes, thanks to you guys. Quick question though, I'm using the WinBox GUI to connect and configure, which works fine from any device actually connected to the hAP wirelessly. However I have a hard-wired machine on the same LAN as the hAP (it...
by xvo
Sun Aug 04, 2019 10:13 pm
Forum: Beginner Basics
Topic: Can I setup a hAP ac2 strictly as a WAP?
Replies: 8
Views: 749

Re: Can I setup a hAP ac2 strictly as a WAP?

The lamest way to do it is to use the quick-set menu, select the "Home AP Dual" template, and then in the template: - configure a static LAN IP address of your router, that is free in your network. - and remove the check from the DHCP server option. This way eth1 will still be your WAN interface me...
by xvo
Sat Aug 03, 2019 8:35 pm
Forum: RouterBOARD hardware
Topic: CRS112x strange issue [SOLVED]
Replies: 7
Views: 1034

Re: CRS112x strange issue [SOLVED]

Hi, I know that it can be configured as router, but if you look at the links my configuration is only as l2 switch no routing no fw no vlans and still if i copy file from computers in same subnet so routing is not required I got this performance drop. It looks like for some reason it is hitting cpu...
by xvo
Sat Aug 03, 2019 11:53 am
Forum: RouterBOARD hardware
Topic: CRS112x strange issue [SOLVED]
Replies: 7
Views: 1034

Re: CRS112x strange issue [SOLVED]

It's not "just L2 switch", but also a router at the same time.
Not a powerful one, so when it routes instead of switching, you see a huge performance drop.
Keep that in mind configuring your network.
by xvo
Wed Nov 14, 2018 3:17 pm
Forum: General
Topic: /interface ethernet speed = 100Mbps???
Replies: 7
Views: 4114

Re: /interface ethernet speed = 100Mbps???

If it bothers you, just set it 1Gbps for all gigabit ethernet ports and it will disappear from export. It does not bother me, but can easy be misunderstand. On Cisco speed 100 settes the interface 100MB/s fixed. ...and on mikrotik auto-negotiation on/off and speed when auto-negotiation is set to of...
by xvo
Wed Nov 14, 2018 11:52 am
Forum: General
Topic: /interface ethernet speed = 100Mbps???
Replies: 7
Views: 4114

Re: /interface ethernet speed = 100Mbps???

Running 6.43.4 I do see this as well. /interface ethernet set [ find default-name=ether1 ] name=ether1-Wan speed=100Mbps set [ find default-name=ether2 ] name=ether2 speed=100Mbps set [ find default-name=ether3 ] speed=100Mbps set [ find default-name=ether4 ] name=ether4 speed=100Mbps set [ find de...
by xvo
Wed Nov 07, 2018 4:03 pm
Forum: Forwarding Protocols
Topic: 6to4 first configuration
Replies: 5
Views: 1183

Re: 6to4 first configuration

1-5: You need to advertise dns for your deviced: IPv6 --> ND 6: Yes, that is normal. DHCPv6 is ROS is currently incapable of handing addresses - only prefixes. All the addresses on another RB have to be configured manually, got by SLAAC, or picked from prefix pool. So you can: 1) assign the address...
by xvo
Tue Nov 06, 2018 12:21 am
Forum: RouterBOARD hardware
Topic: Desired switch
Replies: 7
Views: 1075

Re: Desired switch

Would be nice if CRS112 was half rack width with option to join 2 together to make 16 port full width.
And it doesn't look like having 16G and 1-2SFP+ in CRS112 size is something impossible either.
by xvo
Mon Nov 05, 2018 9:48 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

Hello. Well i've the same problem here. No ADSL or Fiber...that's why i'm using LTE connection. So...3Unlimited and Vodafone Red+ must have linked to a landline contract? Thanks in advance. Maurizio True for 3Unlimited, but haven't seen such limitation for Red+, only that it is obligatory to stay o...
by xvo
Mon Nov 05, 2018 9:41 pm
Forum: Beginner Basics
Topic: DNS: Difference between "IP>DNS" and "DHCP>Networks" [SOLVED]
Replies: 25
Views: 3219

Re: DNS: Difference between "IP>DNS" and "DHCP>Networks" [SOLVED]

I guess no need to further explain the difference between static DNS servers settings and static DNS entries? :)
by xvo
Mon Nov 05, 2018 6:04 pm
Forum: Beginner Basics
Topic: DNS: Difference between "IP>DNS" and "DHCP>Networks" [SOLVED]
Replies: 25
Views: 3219

Re: DNS: Difference between "IP>DNS" and "DHCP>Networks" [SOLVED]

Well, if you have four entries there, how is it blank?!
Remove these four entries, and that would be blank :)
by xvo
Mon Nov 05, 2018 5:00 pm
Forum: Beginner Basics
Topic: DNS: Difference between "IP>DNS" and "DHCP>Networks" [SOLVED]
Replies: 25
Views: 3219

Re: DNS: Difference between "IP>DNS" and "DHCP>Networks" [SOLVED]

I am talking about the IP DNS settings that show up at the top of the frigging page IN WHITE BOXES............ These are set by the ADMIN. What do you call those then???? FIXED DNS settings ;;--))))) In any case, I was stating that using PEER DNS setting overides the manual FIXED entries on the IP ...
by xvo
Mon Nov 05, 2018 1:07 pm
Forum: Beginner Basics
Topic: DNS: Difference between "IP>DNS" and "DHCP>Networks" [SOLVED]
Replies: 25
Views: 3219

Re: DNS: Difference between "IP>DNS" and "DHCP>Networks" [SOLVED]

I think my Use Peer DNS, 'trumps" your IP DNS reference. In any case, I imagine you like warm beers, which is like stale cigarettes to a smoker OR moldy cheese to John Cleese in the cheese shop, ie gross but it will do pig. Use-peer-DNS adds dynamic entries, so the static ones will be preferred (if...
by xvo
Mon Nov 05, 2018 12:29 am
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

Thanks for the info, but Unlimited Red+ seems to be smartphone only, and I have no luck to find any info on 3Unlimited. For Italian law, you can use the GB of any mobile plan as you want. You can use sim for smartphone for tethering and modem without problems. https://www.ilsole24ore.com/art/tecnol...
by xvo
Mon Nov 05, 2018 12:00 am
Forum: General
Topic: PCC (Dual WAN) not working on hAPAC2 [SOLVED]
Replies: 8
Views: 996

Re: PCC (Dual WAN) not working on hAPAC2 [SOLVED]

https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

"firewall filter and mangle rules will not be applied for FastTracked traffic"
by xvo
Sun Nov 04, 2018 10:55 pm
Forum: Forwarding Protocols
Topic: how to access your routerboard from any place over the world
Replies: 8
Views: 962

Re: how to access your routerboard from any place over the world

There's no real difference. You'll just get a public ip instead of some private one on your WAN interface. When you purchase public ip from you provider, I'm sure they will explain the method, how they deliver it - do you need to assign it manually, or you will just get it by DHCP client of from PPP...
by xvo
Sun Nov 04, 2018 12:36 pm
Forum: Forwarding Protocols
Topic: how to access your routerboard from any place over the world
Replies: 8
Views: 962

Re: how to access your routerboard from any place over the world

thank you very much for your information God bless you You are welcome. Just keep in mind that having a public IP means you need to pay more attention to security, i.e.: - properly configured firewall - access to services on the router not exposed to the outside - and the ones that you don't use - ...
by xvo
Sun Nov 04, 2018 11:17 am
Forum: General
Topic: PCC (Dual WAN) not working on hAPAC2 [SOLVED]
Replies: 8
Views: 996

Re: PCC (Dual WAN) not working on hAPAC2 [SOLVED]

It does not matter if I set it to passthrough :/
Also in Wiki there are not passthrough enabled..
https://wiki.mikrotik.com/wiki/Manual:PCC
As I said it works on hAP-lite just not hAP-AC2.
Have you tried it on hAP-AC2.. has anyone?
Passthrough=yes is the default setting.
by xvo
Sun Nov 04, 2018 10:57 am
Forum: Forwarding Protocols
Topic: how to access your routerboard from any place over the world
Replies: 8
Views: 962

Re: how to access your routerboard from any place over the world

The best way is public IP + any kind of VPN server running on your RB. thank you for your speedy replay lets say you get puplic ip for example = 37.230.130.95 what are the next steps , what are the settings in mikrotik system to using this puplic ip address for remotely accessing my routerboard? an...
by xvo
Sun Nov 04, 2018 10:49 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

But that goes to my point about nothing specific in the redirect rule. How would I exclude the VLAN from that rule in NAT when no source or destination is identified? Just add source to the rule ( in-interface or src-address ) :) Also I am not quite sure if you answered the question, where does the...
by xvo
Sun Nov 04, 2018 10:37 am
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

Hello. Well you'll not find any unlimited from our major carriers (vodafone..tim..TRE/ Wind). But there are some company which are selling internet service using our carriers nets. It's not true! Only TIM don't have unlimited data plan. Vodafone have Unlimited Red + WindTre have 3Unlimited Both the...
by xvo
Sun Nov 04, 2018 10:13 am
Forum: Beginner Basics
Topic: Problems with dropping current connection and blocking access to WAN
Replies: 2
Views: 331

Re: Problems with dropping current connection and blocking access to WAN

You can either remove all current connections to the cam manually (IP --> Firewall --> Connections). Or you can move you rule higher then established/related one, but that can result an additional CPU load (because all traffic will be checked by this rule, even the connections that were already esta...
by xvo
Sun Nov 04, 2018 10:04 am
Forum: Forwarding Protocols
Topic: how to access your routerboard from any place over the world
Replies: 8
Views: 962

Re: how to access your routerboard from any place over the world

The best way is public IP + any kind of VPN server running on your RB.
by xvo
Sun Nov 04, 2018 1:40 am
Forum: Beginner Basics
Topic: Bridged VLAN - Multiple DHCP-Servers - No response on VLAN-Interface
Replies: 7
Views: 734

Re: Bridged VLAN - Multiple DHCP-Servers - No response on VLAN-Interface

Just kidding, inside joke with xvo, he has helped through the same process held my hand, heck practically changed my diapers LOL. You are in good hands, but plug your nose, dont like his aftershave (who am I kidding I'm convinced he doesn't know what a razor looks like must be his perfume errr colo...
by xvo
Sun Nov 04, 2018 1:24 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Okay so a user manual setting on a computer will override the DHCP network setting and thus the redirect rule is required (for the office setting) Yes. For office internal network it makes more sense. Especially if you need everybody to use some special dns service - with security and content filte...
by xvo
Sun Nov 04, 2018 1:06 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

I also find such measures unnecessary in home environment. Someone can always set it manually on the device's network settings. But who cares?! It's a guest network anyway. If someone among your guest have set his laptop/phone to always use google dns, so let it use it - less load and unneeded cache...
by xvo
Sun Nov 04, 2018 12:37 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

1. Redirect is like dst-nat to the router itself. So if you redirect all DNS requests it means that the will be served by you router, without the client knowing it. Even if it will try to use some external DNS. 2. use-peer-dns only means that you will get the addresses of DNS servers from remote pee...
by xvo
Sat Nov 03, 2018 10:27 pm
Forum: General
Topic: Any way to log all DNS lookups from users?
Replies: 9
Views: 1283

Re: Any way to log all DNS lookups from users?

Not separate, the "dns" topic in logging section.

I meant that you can use action=redirect in /ip firewall nat for DNS requests - that will force the use of your DNS even if a client attempts to connect to any other DNS server.
by xvo
Sat Nov 03, 2018 10:19 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Good to know, now I can add the other vlans I have been planning;

Much thanks!
Forget the Ghost Busters, call XVO!!
You are welcome!
I'll try not to forget about the beer you mentioned ;)
by xvo
Sat Nov 03, 2018 8:21 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Okay, it worked but I am confused. I added the guest vlan to the interface list for LAN and voila magic it worked. BUT........... I already had. a. homebridge on the lan interface list b. ether2 on the lan interface list c. ether3 on the lan interface list d. ether4 on the lan interface list Since ...
by xvo
Sat Nov 03, 2018 7:44 pm
Forum: General
Topic: Any way to log all DNS lookups from users?
Replies: 9
Views: 1283

Re: Any way to log all DNS lookups from users?

Thanks - hadn't spotted that. Now got that enabled, and getting some DNS info in the syslog file. It's not very useful info though: <14>1 2018-11-03T17:27:46+00:00 MikroTik forward - - - forward: in:bridge1_LAN out:EE Broadband, src-mac 24:5e:be:1d:09:9f, proto UDP, 192.168.1.98:54957->8.8.8.8:53, ...
by xvo
Sat Nov 03, 2018 7:19 pm
Forum: Forwarding Protocols
Topic: 6to4 first configuration
Replies: 5
Views: 1183

Re: 6to4 first configuration

/interface 6to4
add disabled=no !keepalive local-address=1.2.3.4 name=6to4-tunnel1 remote-address=192.88.99.1
local-address = wan IP
remote-address = address of the tunnel end
That's right and 192.88.99.1 is the right remote-address for 6to4 :)
by xvo
Sat Nov 03, 2018 7:05 pm
Forum: General
Topic: Any way to log all DNS lookups from users?
Replies: 9
Views: 1283

Re: Any way to log all DNS lookups from users?

To make firewall logging work you need not only to set log=yes in the rule but also add logging for the firewall topic (or a part of it):
/system logging
add action=remote topics=firewall
(Of course you need to get a syslog server running on your NAS beforehand).
by xvo
Sat Nov 03, 2018 6:46 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Well &^%^ me! Awesome pickup. When you come to Canada, I will have a cold beer waiting for you, heck a whole case for all the trouble I have put your through for one little typo. I will fix and try right away! Okay, partial success!!! I now get an IP and connect to the router through the capAC. How...
by xvo
Sat Nov 03, 2018 6:15 pm
Forum: Forwarding Protocols
Topic: 6to4 first configuration
Replies: 5
Views: 1183

Re: 6to4 first configuration

1-5: You need to advertise dns for your deviced: IPv6 --> ND 6: Yes, that is normal. DHCPv6 is ROS is currently incapable of handing addresses - only prefixes. All the addresses on another RB have to be configured manually, got by SLAAC, or picked from prefix pool. So you can: 1) assign the address ...
by xvo
Sat Nov 03, 2018 5:54 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Found this: /ip address add address=192.168.0.1/24 interface=HomeBridge network=192.168.0.0 add address=192.168.2.1/24 interface=ether4 network=192.168.2.0 add address=192.168.100.0/24 interface=GuestWifi_T&B_V100 network=\ 192.168.100.0 Unless it's a typo in the post, looks like a reason to me :)
by xvo
Sat Nov 03, 2018 2:49 pm
Forum: General
Topic: rules order in raw firewall change
Replies: 11
Views: 759

Re: rules order in raw firewall change

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
Are you sure they aren't just sorted?
by xvo
Sat Nov 03, 2018 2:40 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

Hello. Well you'll not find any unlimited from our major carriers (vodafone..tim..TRE/ Wind). But there are some company which are selling internet service using our carriers nets. For unlimited service : OGilink - Works with Vodafone..but is quite expensive. 69 for unlimited - or..39 Euros to have...
by xvo
Sat Nov 03, 2018 1:17 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

Thanks a lot..!!! Ang greetings from Italy Maurizio Hi again. It turns out, I might need a little advice from you too, if you don't mind: Can you suggest me any mobile carrier in Italy, with unlimited LTE traffic plan, that won't cost me a fortune? :) I might end up having to install a setup very s...
by xvo
Sat Nov 03, 2018 12:55 pm
Forum: General
Topic: rules order in raw firewall change
Replies: 11
Views: 759

Re: rules order in raw firewall change

It shouldn't change on its own.
by xvo
Sat Nov 03, 2018 10:53 am
Forum: RouterBOARD hardware
Topic: Desired switch
Replies: 7
Views: 1075

Re: Desired switch

I think the answer in your use is to simply get a CRS328 which is a little more expensive but has some "growing room". https://mikrotik.com/product/crs328_24p_4s_rm I hope that dedicated PoE and non-PoE ports will not be a thing in the future and they adopt the standard they are currently setting a...
by xvo
Fri Nov 02, 2018 11:38 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

Thanks a lot..!!!

Ang greetings from Italy

Maurizio
You are welcome! :)
by xvo
Fri Nov 02, 2018 10:49 pm
Forum: General
Topic: MTU Question
Replies: 2
Views: 361

Re: MTU Question

When using L2TP + ipsec you can't be sure, that the packet is not fragmented, even if you specifically restrict fragmentation of the original packet. The original packet first packed into l2tp (that can, by the way, also perform fragmentation and defragmentation, but only if asked to), then it is pr...
by xvo
Fri Nov 02, 2018 10:14 pm
Forum: Beginner Basics
Topic: PC network isolation approach
Replies: 7
Views: 664

Re: PC network isolation approach

Hello. I don't have any free ports in the router, so i have no choice but to connect them to the switch runnings SwOS. Also i want maximum performance so i don't want to do any filtering/routing/bridging in the CPU, i want to use something that my devices have hardware support for. Thank you for yo...
by xvo
Fri Nov 02, 2018 8:43 pm
Forum: RouterBOARD hardware
Topic: hEX S no comms on any port with sfp1 iface disabled
Replies: 6
Views: 840

Re: hEX S no comms on any port with sfp1 iface disabled

I guess it has to do something with that data lanes XOR logic - either SFP or one more lane to the switch chip. You are right - looks like most possible cause. Despite you say the problem is solved, I think this behaviour should be described somewhere (on a wiki? in quick start guide?) in a form of...
by xvo
Fri Nov 02, 2018 8:20 pm
Forum: Beginner Basics
Topic: Setting up a bridge with firewall
Replies: 1
Views: 304

Re: Setting up a bridge with firewall

You can either make bridge use IP firewall:
https://wiki.mikrotik.com/wiki/Manual:I ... e_Settings
Or configure filters on the bridge itself:
https://wiki.mikrotik.com/wiki/Manual:I ... e_Firewall
by xvo
Fri Nov 02, 2018 8:15 pm
Forum: Beginner Basics
Topic: PC network isolation approach
Replies: 7
Views: 664

Re: PC network isolation approach

If you can have the PCs that need to be isolated connected directly to hEX, not the switch, then you can do it without vlans and in several different ways: - you can create separate subnet(s) for such PC(s) - you can run IP firewall on the bridge - you can configure bridge own filtering - you can us...
by xvo
Fri Nov 02, 2018 8:07 pm
Forum: RouterBOARD hardware
Topic: hEX S no comms on any port with sfp1 iface disabled
Replies: 6
Views: 840

Re: hEX S no comms on any port with sfp1 iface disabled

Is there a possibility, that you have a default config address assigned to sfp interface instead of the default bridge?
by xvo
Fri Nov 02, 2018 6:49 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

Hello. Yes..i was looking to it or any RB 951. But what about wireless coverage? Using a CAP AC for example, will help me to have a better wireless coverage inside the house? I know is more complicated but maybe those AP have a better and bigger antenna inside. What do you think.? Does it make sens...
by xvo
Fri Nov 02, 2018 6:26 pm
Forum: RouterBOARD hardware
Topic: Desired switch
Replies: 7
Views: 1075

Re: Desired switch

+1
Need that too :)
Any of this with internal PSU will be fine:
CRS318-8G-8P-2S+
CRS318-10G-6P-2S+
CRS318-12G-4P-2S+
by xvo
Fri Nov 02, 2018 6:09 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

hello. I can't use the RBM33 like this just because the routerboard is installed on the pole to make the antennas cables as short as possible. I need to have one router..or switch with dediated AP to be used inside my home. I see... But you can still combine switch + AP in one device, or perhaps ev...
by xvo
Fri Nov 02, 2018 4:43 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 974

Re: Winbox-Traffic - 200kbit/s

Hi!

It would be great to be able to configure the refresh rate to lower that bandwidth consumption...
You can give it a try here: viewtopic.php?t=45934
by xvo
Fri Nov 02, 2018 4:15 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 974

Re: Winbox-Traffic - 200kbit/s

Hi! Thats strange... I am connecting to the IP of the CRS. I just checked my Firewall-connection-list.... If I just connect to the CRS, it consumes only a few kbps (14,4) If I only open the interface-list, it goes up to 260 kbps --> The problem seems to be the Interface List. Can you confirm this? ...
by xvo
Fri Nov 02, 2018 3:56 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

any switch working like that to suggest to me for home applications?

Thanks a lot.
I think any switch will do ok, but my point was to eliminate the need of additional switch at all, combing it's functionality with AP.
by xvo
Fri Nov 02, 2018 3:55 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

do you know if any MiniPCie dual and modem exist to be used with routerboard? i've one SXT LTE without modem...eventually i could buy a modem to use it like AP.. Unfortunately I don't have much knowledge about MiniPCie modems/wireless cards. I thought you were going to use RBm11G with the modem? If...
by xvo
Fri Nov 02, 2018 3:46 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Yes both checked in safe mode and nothing bad happened so safe mode is off. Operations direct connect commences today. Actually I have a spare (second ethernet cable, diverted from an unused location box, before the basement was recently finished, so I have a direct line to the patch panel going to...
by xvo
Fri Nov 02, 2018 2:50 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

You can even eliminate the need to buy a 56$ 260GSP and buy a device that will serve as switch, AP and will provide power to RBm11G.
by xvo
Fri Nov 02, 2018 2:32 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

Hello.. Oops..this is new to me. is it possibile to buy the level 4 licence and upgrade it..? You can purchase it ( https://wiki.mikrotik.com/wiki/Manual:License#License_Levels ). But there's really no point to do so in your case. There are plenty of newer devices, more powerful than RB 411l, that ...
by xvo
Fri Nov 02, 2018 2:26 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Done, and still not working. Something is preventing the devices using the virtual AP from a. getting dhcp assigned and b. no internet. I wonder if because I am connected to homelan on my smart phone, when I try to connect to the vlan, the smartphone isnt able to switch IP structures (unlikely). So...
by xvo
Fri Nov 02, 2018 1:59 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Okay I will try the VLAN filtering. Not sure what function this does but the last time we tried it at least on the hex, in safe mode, it didnt like it LOL. On the Bridge Vlan checkbox after selecting VLAN filtering, there is only one option to enter a VLAN, Right now it defaults to PVID1 Should I e...
by xvo
Fri Nov 02, 2018 1:44 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

as i've a Rb411l with a wireless card to be used as AP...this can be connected to the switch as well right? Can the RB 411l upgraded to the last routeros version? You can connect it to the switch and you can upgrade it to the latest version, but you can't use it as AP (unless you have bought a sepa...
by xvo
Fri Nov 02, 2018 1:28 pm
Forum: Beginner Basics
Topic: SWITCH 260GSP
Replies: 30
Views: 1865

Re: SWITCH 260GSP

When set to "auto" the switch will perform a check whether device supports PoE or not, and It will apply current only to ports where the devices need that. And if you want, you can always set PoE-mode to off for ports that don't need it. https://wiki.mikrotik.com/wiki/Manual:PoE-Out#SwOS Router or s...
by xvo
Fri Nov 02, 2018 1:08 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 974

Re: Winbox-Traffic - 200kbit/s

Hi! Absolutely. I checked it twice It should not be that way. That is winbox connections to 4 different routers: Lower 3 have no open windows, only cpu/time/date/etc in the dashboard. Upper one has an open IP --> Firewall --> Connections from where I took a screenshot. So it never rises over 5kbps/...
by xvo
Fri Nov 02, 2018 12:21 pm
Forum: General
Topic: LAN RSTP bridge [SOLVED]
Replies: 7
Views: 892

Re: LAN RSTP bridge [SOLVED]

I'm afraid that while each MST instance does build its individual topology (it's the essence of MST functionality), you cannot set different priority/cost to a single port in each instance. So if your idea was to say that port A has lower cost than port B for MSTI 0 and port B has lower cost than p...
by xvo
Fri Nov 02, 2018 12:16 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 974

Re: Winbox-Traffic - 200kbit/s

Hi!

I see constantly 200 kbps with NO open windows.

...tested with CRS 326.


Stril
Are you sure that it's winbox traffic?
by xvo
Fri Nov 02, 2018 12:12 pm
Forum: Wireless Networking
Topic: slow wifi throughput
Replies: 4
Views: 873

Re: slow wifi throughput

Try to remove tkip from /interface wireless security-profiles
by xvo
Fri Nov 02, 2018 12:09 pm
Forum: Beginner Basics
Topic: Bridged VLAN - Multiple DHCP-Servers - No response on VLAN-Interface
Replies: 7
Views: 734

Re: Bridged VLAN - Multiple DHCP-Servers - No response on VLAN-Interface

You need to add bridge itself as a tagged port for your vlans, to make a connection to ip configuration of vlan-interfaces: /interface bridge vlan add bridge=bridge1 tagged= bridge1 ,sfp-sfpplus1 untagged=ether6 vlan-ids=100 add bridge=bridge1 tagged= bridge1 ,sfp-sfpplus1 untagged=ether5 vlan-ids=4...
by xvo
Fri Nov 02, 2018 12:04 pm
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 974

Re: Winbox-Traffic - 200kbit/s

Yes, but with only one window, I already see 200 kbps... Torch? :) Not necessarily :) For example firewall with around 40 rules - adds around 100kbps in spikes. Interfaces window with 10 interfaces - 80kbps, almost constantly. IPsec Installed SAs with 10 items - 20kbps. So opening a bunch of window...
by xvo
Fri Nov 02, 2018 11:33 am
Forum: Forwarding Protocols
Topic: RouterOS 6.40.8 does not support Totally NSSA areas? [SOLVED]
Replies: 4
Views: 642

Re: RouterOS 6.40.8 does not support Totally NSSA areas? [SOLVED]

Seems that inject-summary-lsa=no works only for stub areas, non for NSSA.
by xvo
Fri Nov 02, 2018 10:29 am
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 974

Re: Winbox-Traffic - 200kbit/s

Winbox traffic depends on the number of simultaneously opened windows (number of data, that need to be refreshed in real-time).
by xvo
Fri Nov 02, 2018 10:17 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

I see no structural flaws: so the last thing left to do is to enable vlan filtering for bridges on both devices. Answers to your questions: 1) I suggested to connect cAP to hEX directly only temporarily - to debug their config and get them running 100% as they should, and only then to deal with any ...
by xvo
Fri Nov 02, 2018 9:47 am
Forum: Beginner Basics
Topic: Vlan setup
Replies: 3
Views: 588

Re: Vlan setup

Thank you for the reply. Since this is only a single trunk port, I just set it up the "old way" with 2 bridges. The EAP245 does properly accept tagged vlans and is giving out proper DHCP on each SSID. I am sorry I posted the question so poorly. I am just having a hard time understanding the post 6....
by xvo
Thu Nov 01, 2018 10:57 am
Forum: Beginner Basics
Topic: Vlan setup
Replies: 3
Views: 588

Re: Vlan setup

There are numerous similar topics on the forum. Briefly: if you need a more complex config then a single trunk port, then in latest ROS versions the best way to configure vlans is one single bridge containing physical ports, with vlan-interfaces created on top of that bridge , and vlan filtering eit...
by xvo
Thu Nov 01, 2018 10:38 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Just another suggestion: test with cAP attached directly to hEX (with no switches in between) - there's still a tiny chance, that they can mess with the process.
by xvo
Wed Oct 31, 2018 11:45 pm
Forum: Forwarding Protocols
Topic: How to limit a VPN user's data rate?
Replies: 8
Views: 1642

Re: How to limit a VPN user's data rate?

Got it working properly now. Thanks for your help!
Great! You are welcome :)
by xvo
Wed Oct 31, 2018 11:40 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Hi xvo, In my current forward rules I probably go overboard as I have source address (192.168.0.0/24) In-Inteface: HomeBridge Out-Interface List: WAN But I do that to distinguish which address source on the home bridge I am delineating. Thus my intention for the VLAN to WAN allow forward chain is t...
by xvo
Wed Oct 31, 2018 6:36 pm
Forum: General
Topic: EOIP site to site only half working
Replies: 10
Views: 716

Re: EOIP site to site only half working

Please post an export from both routers.
by xvo
Wed Oct 31, 2018 6:34 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

After a couple of days with just another similar topic I started to mix things up :))) The correct setting for cAP will be: /interface bridge vlan add bridge=bridge tagged=ether1,Basement_Guests vlan-ids=100 You are right about firewall rules - need one rule to allow from Guest to WAN. From Guest to...
by xvo
Wed Oct 31, 2018 6:22 pm
Forum: Forwarding Protocols
Topic: How to limit a VPN user's data rate?
Replies: 8
Views: 1642

Re: How to limit a VPN user's data rate?

I've figured out how to set the limits for the VPN user. Now if I log in as that user and exceed the limit the VPN connection drops. Is there anyway that I can keep the VPN connection established, but drop packets instead? Use the second option I mentioned - dynamically created queues, configured o...
by xvo
Wed Oct 31, 2018 5:44 pm
Forum: General
Topic: Strange behaviour
Replies: 6
Views: 588

Re: Strange behaviour

What in-interface for traffic which go from bridgeLAN interface to bridgeLAN interface ? Why if i do exactly same operation on CCR then ping works ? I doubt interfaces are used at all when you are pinging local addresses. At least in-interface. And you log entries clearly show that. If you want to ...
by xvo
Wed Oct 31, 2018 5:24 pm
Forum: General
Topic: EOIP site to site only half working
Replies: 10
Views: 716

Re: EOIP site to site only half working

Some things are still not clear: do you have your tunnel bridged with LAN only on one side or on both sides?
by xvo
Wed Oct 31, 2018 5:13 pm
Forum: General
Topic: Strange behaviour
Replies: 6
Views: 588

Re: Strange behaviour

...and finally I got what are you trying to prove :)
No difference in behaviour between CCR and all others I mentioned above.
The answer is in your log: obviously, in such case there is no in-interface, so it doesn't match your first rule.
by xvo
Wed Oct 31, 2018 4:52 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

On hEX you forgot to allow traffic from Guest.... to WAN

On cAP, that:
/interface bridge vlan
add bridge=bridge tagged=Guests_T&B_VLAN,bridge vlan-ids=100

has to be this:
/interface bridge vlan
add bridge=bridge tagged=Guests_T&B_VLAN,Basement_Guests vlan-ids=100
by xvo
Wed Oct 31, 2018 4:39 pm
Forum: General
Topic: Strange behaviour
Replies: 6
Views: 588

Re: Strange behaviour

Tried on hEX, hAP ac2, hAP mini - nothing like this.
by xvo
Wed Oct 31, 2018 12:51 pm
Forum: Beginner Basics
Topic: RouterOS freezes if I change the IP
Replies: 11
Views: 1014

Re: RouterOS freezes if I change the IP

Well, the next day. I'm still trying to build up a simple AP and it still doesn't work... :( It's even impossible to set the CAP with the Quick Set again :-/ If I choose that option and activate it it's impossible to connect to the AP again :( :( :( Isn't there a step by step tutorial to build a AP...
by xvo
Wed Oct 31, 2018 12:29 pm
Forum: Beginner Basics
Topic: Firewall filter add to address list - decrease timeout
Replies: 5
Views: 761

Re: Firewall filter add to address list - decrease timeout

It totally makes sense.
When increasing the timeout you are still sure that the action for all previously met rules are still fulfilled.
If you allow to decrease the timeout, that will mean than one rule can cancel the one that was met previously.
by xvo
Wed Oct 31, 2018 12:08 pm
Forum: General
Topic: What is the traffic type cc2d? (bridge port received packet with own address as source address...)
Replies: 2
Views: 398

Re: What is the traffic type cc2d? (bridge port received packet with own address as source address...)

What exactly do you have configured on that bridge?
What is connected to it?
Do you have (R/M)STP running on it?
by xvo
Wed Oct 31, 2018 12:02 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

All changes implemented and ready to test it shortly. In terms of the cap AC setup. Let me recap. a. its in ap bridge mode and not router mode so not sure why the default config has ether1 in WAN mode. b. ether1 is active and is physically attached to the network, strangely the cap AC seems to be h...
by xvo
Tue Oct 30, 2018 8:51 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84301

Re: v6.44beta [testing] is released!

After implementing vlan-aware bridges with hw-offload you no longer need 1 bridge per vlan. But with VLAN-aware bridges you have no hw-offload at all! The config mentioned above - with multiple bridges - was always purely software, and it was the only way for devices without switch chip. No point t...
by xvo
Tue Oct 30, 2018 7:36 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84301

Re: v6.44beta [testing] is released!

I want to see HW Off-load enabled in all bridge interfaces, not just one. Specially knowing that you need 1 Bridge per VLAN having this limitation is a killer as I will limit the traffic throughput without unable to get wired speed only in just 1 VLAN. Really?? Seriously?? After implementing vlan-a...
by xvo
Tue Oct 30, 2018 6:41 pm
Forum: Beginner Basics
Topic: Can't connect to hAP ac lite over wireless using Winbox (via MAC address) when wireless vlan-mode=use-tag
Replies: 5
Views: 639

Re: Can't connect to hAP ac lite over wireless using Winbox (via MAC address) when wireless vlan-mode=use-tag

I don't see anything wrong. And I could not reproduce the issue: I have an AP running with vlan-mode=use-tag and vlan-inerface attached to the bridge with the only difference being vlan-filtering enabled on the bridge. I disabled vlan-filtering and it made no difference, I was still able to connect ...
by xvo
Tue Oct 30, 2018 5:21 pm
Forum: General
Topic: Client to site IPSec negotiation traffic only one direction?
Replies: 4
Views: 521

Re: Client to site IPSec negotiation traffic only one direction?

What is the purpose of you nat rules?
I'm almost sure that one default masquerade rule is sufficient:
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
or
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
by xvo
Tue Oct 30, 2018 5:07 pm
Forum: Forwarding Protocols
Topic: How to limit a VPN user's data rate?
Replies: 8
Views: 1642

Re: How to limit a VPN user's data rate?

I've figured out how to set the limits for the VPN user. Now if I log in as that user and exceed the limit the VPN connection drops. Is there anyway that I can keep the VPN connection established, but drop packets instead? Use the second option I mentioned - dynamically created queues, configured o...
by xvo
Tue Oct 30, 2018 3:03 pm
Forum: Beginner Basics
Topic: RouterOS freezes if I change the IP
Replies: 11
Views: 1014

Re: RouterOS freezes if I change the IP

The WISP AP in a bridge mode doens't work at all. No Internet via LAN nor WLAN and I can't connect to the accesspoint again, so I have to do a OS reset. In wisp ap bridge mode you need to connect cap to existing network with running dhcp server for it to work, it won't work standalone. I just have ...
by xvo
Tue Oct 30, 2018 2:57 pm
Forum: Forwarding Protocols
Topic: How to limit a VPN user's data rate?
Replies: 8
Views: 1642

Re: How to limit a VPN user's data rate?

There is rate-limit setting in ppp profile.
Or the ability to create a queue autimatically.
by xvo
Tue Oct 30, 2018 2:05 pm
Forum: Beginner Basics
Topic: RouterOS freezes if I change the IP
Replies: 11
Views: 1014

Re: RouterOS freezes if I change the IP

Here's the link to the similar thread:
viewtopic.php?f=13&t=138366&p=682048#p681679
by xvo
Tue Oct 30, 2018 2:01 pm
Forum: Beginner Basics
Topic: RouterOS freezes if I change the IP
Replies: 11
Views: 1014

Re: RouterOS freezes if I change the IP

The closest quickset preset for you is WISP AP in a bridge mode . But it is preconfigured with only one radio, and the second one disabled. So you will need to configure the second radio manually. Or you can go the "pro way" and configure everything from blank config without using quickset. If you w...
by xvo
Tue Oct 30, 2018 1:00 pm
Forum: Beginner Basics
Topic: Can't connect to hAP ac lite over wireless using Winbox (via MAC address) when wireless vlan-mode=use-tag
Replies: 5
Views: 639

Re: Can't connect to hAP ac lite over wireless using Winbox (via MAC address) when wireless vlan-mode=use-tag

That should work just the same as with ethernet port.

Check what do you have in /tool mac-server mac-winbox export
You probably have not the whole vlan but only some interfaces added to that list.
by xvo
Tue Oct 30, 2018 12:52 pm
Forum: Beginner Basics
Topic: RouterOS freezes if I change the IP
Replies: 11
Views: 1014

Re: RouterOS freezes if I change the IP

Ok, that worked so far. I set the intern IP adress of my Accesspoint to the IP I got from the FritzBox and deactivated DHCP on my accesspoint. I changed my PC IP manually and I can connect to the accesspoint now. The problem is now, that I don't have a internet connection with my pc. What can I do ...
by xvo
Tue Oct 30, 2018 12:29 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

1) On HEX this line: /interface bridge vlan add bridge=HomeBridge tagged=ether2 vlan-ids=100 must include the bridge itself: /interface bridge vlan add bridge=HomeBridge tagged=HomeBridge,ether2 vlan-ids=100 On cAP AC it is really a little messy :) 2) This: /interface vlan add interface=Basement_Gue...
by xvo
Tue Oct 30, 2018 12:04 pm
Forum: Beginner Basics
Topic: Winbox connection
Replies: 1
Views: 478

Re: Winbox connection

The default firewall is configured to allow access from interfaces in a default interface-list "LAN", so just add your new bridge as a member of this list.
by xvo
Tue Oct 30, 2018 12:11 am
Forum: Beginner Basics
Topic: Mikrotik 3011 VLAN setup voice + data
Replies: 60
Views: 5501

Re: Mikrotik 3011 VLAN setup voice + data

Just to give some information about this setup. It is the old way by using many VLAN. From 6.41 you can use Bridge aware VLAN. Se some example here: https://forum.mikrotik.com/viewtopic.php?t=138232 ...and the config above is exactly a vlan-aware bridge. Aka "the new way". "The old way" would be а ...
by xvo
Mon Oct 29, 2018 4:38 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Wont have time to work on this until later but the Bridge VLAN tab has the following selection (talking HEX). Bridge - assume my home bridge goes here VLAN ID - assume pvid 100 goes here Tagged - ? Untagged - ? There are two more entries but they do not look modifiable current tagged and current un...
by xvo
Mon Oct 29, 2018 11:12 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

1) When you said create vlan interface for guest users on your bridge , I assumed this meant my current bridge, which my LAN resides. (in other words no need to create a new bridge). Yes, you can use your default bridge. 2) Next you want me to go to BRIDGE winbox menu selection (not interface menu ...
by xvo
Mon Oct 29, 2018 12:43 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Wonderful xvo, that is great news to hear. What I assume is that I will need to identify/create a VLAN for the guest wifi, call it VLAN100 on the HEX I will have to create an address group and DHCP server for the VLAN (as I do want these device to get a different LAN nomenclature, lets call it 192....
by xvo
Sun Oct 28, 2018 10:27 pm
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

Hi xvo, I have been reading many of your replies on the forums, and just wanted to state I find them very helpful (big thanks!). Always a pleasure to hear, thanks! Okay I got it working without any IP configuration. All I was missing was adding the virtual interface to the bridge BY WAY OF ASSIGNIN...
by xvo
Sat Oct 27, 2018 1:21 am
Forum: General
Topic: loop protect between two ccr
Replies: 5
Views: 744

Re: loop protect between two ccr

Why don't you want to make a bonding with this two interfaces?
by xvo
Sat Oct 27, 2018 1:03 am
Forum: Wireless Networking
Topic: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]
Replies: 51
Views: 3493

Re: Adding Virtual AP to cAP AC -Missing a Step? [SOLVED]

If you want clients of that guest AP to be treated somehow special (limited access, limited speed, etc) you need to create a different ip configuration attached to it: address, dhcp-server and a set of firewall rules to define that special behaviour. And since everything seems to be configured on yo...
by xvo
Thu Oct 25, 2018 12:33 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26173

Re: v6.42.9 [long-term] is released!

Bridge always worked that way and if suddenly bridge with inactive (no ports) will not have running flag, it will break all configurations with loopbacks and other configurations where bridge is used as dummy interface. Well, there can be an option to choose the desired behaviour: to leave a runnin...
by xvo
Wed Oct 24, 2018 2:41 pm
Forum: General
Topic: IPV6 to remote site over IPV4 VPN
Replies: 4
Views: 682

Re: IPV6 to remote site over IPV4 VPN

What type of VPN?
by xvo
Tue Oct 23, 2018 8:11 pm
Forum: Beginner Basics
Topic: IPsec tunnel wan failover
Replies: 3
Views: 1028

Re: IPsec tunnel wan failover

Sorry for taking a long time to answer. ROS versión: 6.43.4 The problem is not the peer, it is established correctly. The problem is the duplicate policy with different SA src address, one of them become invalid. [admin@C1] /ip ipsec> remote-peers print detail Flags: R - responder, N - natt-peer 0 ...
by xvo
Mon Oct 22, 2018 5:02 pm
Forum: SwOS
Topic: Connecting to a switch behind a router from the Internet
Replies: 4
Views: 2065

Re: Connecting to a switch behind a router from the Internet

XVO, much appreciate you reply. I will go with the "worse" option. Please excuse my ignorance, could you advise how I could do that? I cannot see the option to forward the port on the hEX router. Port 5 on the hEX is connected to Port 1 of the switch. You need: 1) A dst-nat rule in your IP --> Fire...
by xvo
Sun Oct 21, 2018 1:34 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17816

Re: MUM Europe 2018 - New hardware incoming

CRS354-48G-4S+2Q+
CRS354-48P-4S+2Q+
CRS332-32S+RM

Will be these ever released ?
By the way, if anyone noticed, CRS332-32S+RM has now became CRS326-24S+2Q+RM
https://mum.mikrotik.com/presentations/ ... 023534.pdf
by xvo
Sat Oct 20, 2018 3:45 pm
Forum: Beginner Basics
Topic: Migrate CCR 1009 to CCR 1036
Replies: 3
Views: 644

Re: Migrate CCR 1009 to CCR 1036

hello
I search the method for migrate my CCR1009 to my new CCR1036.
The combo port is not present in the CCR1036.
Should i modify manually the backup file before "import" ?
Thank for your advice.
JM.
You shouldn't use a backup file on the hardware of different type from the one it was created on.
by xvo
Sat Oct 20, 2018 11:53 am
Forum: Beginner Basics
Topic: What is discover mactel mac-winbox line, in interface list member [SOLVED]
Replies: 2
Views: 1238

Re: What is discover mactel mac-winbox line, in interface list member [SOLVED]

"discover" list is by default used to specify interfaces on which neighbour discovery works. "mactel" list of interfaces from which mac-telnet server is availible. "mac-winbox" the same for accessing the router by mac address in winbox. If I remember correctly, on blank config all of this is allowed...
by xvo
Sat Oct 20, 2018 11:34 am
Forum: SwOS
Topic: Connecting to a switch behind a router from the Internet
Replies: 4
Views: 2065

Re: Connecting to a switch behind a router from the Internet

You can:
1) (worse) Open a port on hEX and forward it to web interface of the switch.
2) (better) Run a VPN server on hEX, so that you can connect to the whole your internal network from outside in a secure way.
by xvo
Sat Oct 20, 2018 12:21 am
Forum: Beginner Basics
Topic: IPsec tunnel wan failover
Replies: 3
Views: 1028

Re: IPsec tunnel wan failover

What is your ROS version?
What's new in 6.43.4 (2018-Oct-17 06:37):

Changes in this release:

*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
by xvo
Sat Oct 20, 2018 12:17 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 12989

Re: Newsletter #84

Ideally to have 4 x SFP+ and 10 1 GbE ports!. so if down stream switches can get 10 Gbps speeds.
I'm almost sure something like this is to be released in a foreseeable future.
And you can even guess a price for it looking at the price of current CCR1036.
I think you got my point :)
by xvo
Fri Oct 19, 2018 11:16 am
Forum: Beginner Basics
Topic: 6in4 endpoint
Replies: 4
Views: 613

Re: 6in4 endpoint

Yes, you can. maybe anyone has an example? I know that ROS has /interface 6to4 but since 6in4 (STI) and 6to4 (STF) are NOT the same, the wiki article is misleading: https://wiki.mikrotik.com/wiki/Manual:IPv6_Overview#6to4_.286in4.29_tunnels https://en.wikipedia.org/wiki/6to4 https://en.wikipedia.or...
by xvo
Fri Oct 19, 2018 1:06 am
Forum: Beginner Basics
Topic: 6in4 endpoint
Replies: 4
Views: 613

Re: 6in4 endpoint

Yes, you can.
by xvo
Fri Oct 19, 2018 12:54 am
Forum: General
Topic: Cant ping one network device via GRE while able to ping all other devices.
Replies: 3
Views: 313

Re: Cant ping one network device via GRE while able to ping all other devices.

I suggest you to try to find the step on which the packet from A network to your mysterious host on B is lost:
use torch, packet sniffer or just create a couple of rules on top of the firewall forward chain both on A and B routers - one rule for way from A network to x.x.x.10, and one for way back.
by xvo
Thu Oct 18, 2018 12:28 am
Forum: General
Topic: Cant ping one network device via GRE while able to ping all other devices.
Replies: 3
Views: 313

Re: Cant ping one network device via GRE while able to ping all other devices.

And nothing special about x.x.x.10 in mikrotikB config?
No firewall/NAT?
by xvo
Wed Oct 17, 2018 11:24 pm
Forum: Beginner Basics
Topic: Hosts from 2 LAN's can't reach each other
Replies: 2
Views: 293

Re: Hosts from 2 LAN's can't reach each other

In default config there is only one member of interface list "LAN"- the default "bridge".
And all firewall is build around interface lists "LAN" and "WAN".
So you need to add "wlan1" interface to interface list "LAN" and 99% that it will resolve the issue.
by xvo
Tue Oct 16, 2018 8:49 pm
Forum: General
Topic: Routes for VPN clients.
Replies: 2
Views: 277

Re: Routes for VPN clients.

Windows machines can listen to RIP.
by xvo
Tue Oct 16, 2018 5:28 pm
Forum: Beginner Basics
Topic: Capsman Cap client unable to ping one another
Replies: 2
Views: 393

Re: Capsman Cap client unable to ping one another

Seems that in the provision for cap AC “Client to client forwarding” is set to “no”.
by xvo
Sun Oct 14, 2018 11:09 am
Forum: Beginner Basics
Topic: How to set up vlan on it's own subnet?
Replies: 1
Views: 284

Re: How to set up vlan on it's own subnet?

You don't need VLANs for what you are trying to achieve: just remove wlan1 from the bridge and attach ip configuration to it directly.
by xvo
Wed Oct 10, 2018 10:04 am
Forum: General
Topic: Help Please - PC's not seeing other PC's on same Port. [SOLVED]
Replies: 2
Views: 248

Re: Help Please - PC's not seeing other PC's on same Port. [SOLVED]

There can be such setting on the switch - port isolation or something like that, depending on a switch manufacturer.
But this has nothing to do with the mikrotik.
by xvo
Wed Oct 10, 2018 10:01 am
Forum: General
Topic: Connect to Mikrotik Router via MAC address
Replies: 4
Views: 579

Re: Connect to Mikrotik Router via MAC address

There is an option to run a specified script (that is stored on flash) after reset. I guess you can make your application create a script with a simple IP config before reset, and run it afterward. Thank you, but I really want to handle all cases, example like hardware reset. If you perform a hardw...
by xvo
Wed Oct 10, 2018 2:22 am
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1186

Re: Problem with 6to4 inside PPPoE [SOLVED]

So what MTU do you have on the 6to4 after all?
And in the HE cabinet?
by xvo
Tue Oct 09, 2018 6:27 pm
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1186

Re: Problem with 6to4 inside PPPoE [SOLVED]

But I have tried auto, 1500 (upping my L2 MTU), 1492, 1488, 1480 (which is the one that gets selected when I say "auto"). PPPoE default is 1492, 6to4 substracts 20 (that is why “auto” is 1480=1500-20), so you should at least try 1472. And specify it on both ends - yours and in HE settings as well. ...
by xvo
Tue Oct 09, 2018 3:17 pm
Forum: General
Topic: VLAN project. Need help
Replies: 6
Views: 707

Re: VLAN project. Need help

Second. But on 6.43 there is an easier way: /interface vlan add interface=bridge-vlan name=vlan4 vlan-id=4 add interface=bridge-vlan name=vlan17 vlan-id=17 add interface=bridge-vlan name=vlan424 vlan-id=424 /interface bridge add name=bridge-vlan vlan-filtering=yes /interface bridge port add bridge=b...
by xvo
Tue Oct 09, 2018 3:06 pm
Forum: Beginner Basics
Topic: Pinging from VLAN interface not working
Replies: 3
Views: 313

Re: Pinging from VLAN interface not working

And also you need to specify out-interface=ether1 for your masquerade rule.
Otherwise it changes src-address to the router's addresses for everything that passes through it.
by xvo
Tue Oct 09, 2018 2:59 pm
Forum: Beginner Basics
Topic: Pinging from VLAN interface not working
Replies: 3
Views: 313

Re: Pinging from VLAN interface not working

For sure it does!
When you specify a port it tries to ping TO this port, not FROM this port.
And since you don't have 8.8.8.8 available through any of your vlans - it timeouts.
by xvo
Tue Oct 09, 2018 1:57 pm
Forum: General
Topic: Connect to Mikrotik Router via MAC address
Replies: 4
Views: 579

Re: Connect to Mikrotik Router via MAC address

There is an option to run a specified script (that is stored on flash) after reset.
I guess, you can make your application create a script with simple ip config before reset, and run it afterwards.
by xvo
Sun Oct 07, 2018 7:34 pm
Forum: General
Topic: MacOS Winbox features and limitations
Replies: 4
Views: 1036

Re: MacOS Winbox features and limitations

MAC Winbox and ROMON are working on the build from joshaven.
Ctrl-C and ctrl-V as well (ctrl-, not cmd-).
Drag’n’drop does’t work, but that’s no big deal.
The rest: there is some oddity, when pasting to terminal, but again - no big deal.
by xvo
Fri Oct 05, 2018 2:20 am
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 4205

Re: RB4011 - Poll - ONE thing you'd change

The sweet spot would be 2x SFP+, 2x 10GBase-T, 10x 2.5GBase-T.
Such ports config would place it between CCR1036 and CCR1072 (or actually above CCR1072 because it'd give 85G theoretical throughput)
Not that it really matters, but 2x10G + 2x10G + 10x2,5G = 65G :lol:
by xvo
Wed Oct 03, 2018 1:12 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

The module would seem to be compatible at the hardware level. Jokes aside, the SFP+ port in 4011 is already confirmed to have some bizarre limitations - no passive DACs support, for example. Whether this is a hardware or software issue is an open question for now, but it clearly indicates, that som...
by xvo
Wed Oct 03, 2018 12:54 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

Isn't this compatible with the S-RJ01 ? Someone might want to use it for some reason. It is not shown as a related product. i think you must use S+RJ10 instead. What if someone already has an S-RJ01 but no gigabit+ service yet? Then the router will definitely change it's own internal architecture (...
by xvo
Thu Sep 27, 2018 4:29 pm
Forum: General
Topic: Switch can't get IP address [SOLVED]
Replies: 7
Views: 522

Re: Switch can't get IP address [SOLVED]

The reason is the response for DHCP offer never got back to the router, because it was not tagged with the proper vlan tag by the switch.
by xvo
Thu Sep 27, 2018 3:01 pm
Forum: General
Topic: Switch can't get IP address [SOLVED]
Replies: 7
Views: 522

Re: Switch can't get IP address [SOLVED]

Have you added cpu to /interface ethernet switch ingress-vlan-translation as well?
by xvo
Thu Sep 27, 2018 12:25 pm
Forum: General
Topic: Switch can't get IP address [SOLVED]
Replies: 7
Views: 522

Re: Switch can't get IP address [SOLVED]

First of all you need to add switch cpu as a member of vlan on which you want to get an address (vlan-id=11, i guess).
And also you may also need to move vlan11 interface from ether1 to bridge1.
by xvo
Thu Sep 27, 2018 11:37 am
Forum: General
Topic: How to create two vlan and two dhcp servers
Replies: 2
Views: 304

Re: How to create two vlan and two dhcp servers

Just do exactly as you wrote yourself: 1) Create vlan-interface on top of port 2 with vlan-id=10 2) Create vlan-interface on top of port 3 with vlan-id=20 3) Assign addresses to this vlan-interfaces 4) Create DHCP servers on top of this vlan-interfaces As a result the traffic on port2 and port3 will...
by xvo
Thu Sep 27, 2018 11:14 am
Forum: General
Topic: Firewall Rules not working
Replies: 3
Views: 343

Re: Firewall Rules not working

Winbox has a possibility to work on Level 3 - when you connect to IP address, and on level 2 - when you connect to MAC address. Firewall works on level 3. To restrict the ability to connect to winbox by MAC from some ports, look here: /tool mac-server mac-winbox export And then remove unwanted inter...
by xvo
Thu Sep 27, 2018 1:04 am
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 1550

Re: Hardware offload on sfp port in hEX S mmips

Thank you for the answer. It's a good diagram, but I want to know why in the system resources show separately from system resource cpu? I don't really get, what you mean. On your screenshot: In CPU you have the load: 52% + 6% + 8% + 13% = 79% out of 400% That's 19,75% of the whole CPU In system res...
by xvo
Wed Sep 26, 2018 9:00 pm
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 1550

Re: Hardware offload on sfp port in hEX S mmips

No surprise.
It's a router, not a switch.
And you can easily predict this behaviour just looking at the block diagram.

Image
by xvo
Wed Sep 26, 2018 6:31 pm
Forum: Wireless Networking
Topic: How can I enable a device to connect wifi for only 2 hours per day without setting hotspot
Replies: 7
Views: 825

Re: How can I enable a device to connect wifi for only 2 hours per day without setting hotspot

You can use Time under access list rule, never tried it, but should work.
That won't work.
And the kid control feature as well.
They both can only restrict the hour ranges when the client can stay connect, not the total connected time per day.
by xvo
Wed Sep 26, 2018 1:42 pm
Forum: General
Topic: PCQ the VLANs
Replies: 15
Views: 1334

Re: PCQ the VLANs

XVO was right, I just changed the masks from 32 to 27 in queue types and it worked as desired, sweet. As much as i'd like to say solved, not quite yet. I have one subnet (hotspot) that is a /23 and the rest are all /27. Yes I could make them all /23 but that's yuk and not proper. Anyone have any id...
by xvo
Tue Sep 25, 2018 8:36 pm
Forum: Beginner Basics
Topic: Site to Site IPSec between two Mikrotik Routers
Replies: 7
Views: 791

Re: Site to Site IPSec between two Mikrotik Routers

I've had this when I messed up with the routes on one of the routers. On the second one i had a time up error. Double check firewalls and routes on both of the routers to be sure not only icmp passes, but everything else. To rule out the firewall add the temporary rules accepting everything from the...
by xvo
Tue Sep 25, 2018 11:59 am
Forum: General
Topic: 3011 and adding static route
Replies: 2
Views: 197

Re: 3301 and adding static route

I believe in WinBox IP>Routes>Add 10.0.0.0/8 bridge - reachable Pref source 192.168.1.4 can't really be that easy right? If I understood you correctly the 10.0.0.0/8 is behind the 192.168.1.4? Then it would be just: IP>Routes>Add Dst. Address: 10.0.0.0/8 Gateway: 192.168.1.4 And that would be all.
by xvo
Tue Sep 25, 2018 11:51 am
Forum: General
Topic: PCQ the VLANs
Replies: 15
Views: 1334

Re: PCQ the VLANs

you cannot say that traffic of a whole subnet of a given size should be treated as a single stream I'm not sure but it seems that it is possible to use subnets as a sub-stream. There are pcq-dst-address-mask and pcq-src-address-mask parameters and by default they are set to /32 to refer to a single...
by xvo
Mon Sep 24, 2018 6:53 pm
Forum: General
Topic: IPv6 client problems with bonded WAN
Replies: 5
Views: 525

Re: IPv6 client problems with bonded WAN

Have you tried 6.42.7?
It seems that something is broken in DHCPv6 in 6.43
However previous messages were about DHCPv6-server, not the client.
So it's just a wild guess.
by xvo
Sun Sep 23, 2018 2:33 pm
Forum: Beginner Basics
Topic: CAPsMAN Access List Question [SOLVED]
Replies: 3
Views: 425

Re: CAPsMAN Access List Question [SOLVED]

Just add the rule that will NOT authenticate everything as the last one in access list.
by xvo
Fri Sep 21, 2018 7:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

I'm starting to think that the only reason for RB4011 to have that SFP+ is that MT can claim it offers "1733 Mbps data rate" (see top most banner on all forum pages).
One could hardly claim that if all wired ports were 1Gbps.
2x1Gbps would be enough for that.
by xvo
Thu Sep 20, 2018 6:36 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39284

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

Totally agree with WirelessRudy.
by xvo
Thu Sep 20, 2018 12:10 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

It should. CPU is similar (the same arch) in hAP ac, CRS-326 and RB4011.
hAP AC is MIPSPBE, CRS-326 and RB4011 are ARM.
by xvo
Thu Sep 13, 2018 12:19 pm
Forum: General
Topic: New bridge implementation - how to bridge 2 VLANs together?
Replies: 2
Views: 667

Re: New bridge implementation - how to bridge 2 VLANs together?

You still can do it "the old way".

Or you can create vlan interfaces for ALL vlans (including the "native" vlan) on top of one bridge, and then bridge the ones you want together.
by xvo
Wed Sep 12, 2018 1:58 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 2029

Re: Bridge VLAN Filtering help [SOLVED]

/interface vlan add interface=ether3 name=vlan200 vlan-id=200 add interface=ether3 name=vlan300 vlan-id=300 add interface=ether3 name=vlan400 vlan-id=400 This part on CHR-1 is wrong: the interfaces should be created on top of the bridge, not ether3. Then you add ether2 to the same bridge1, set PVID...
by xvo
Tue Sep 11, 2018 5:51 pm
Forum: Wireless Networking
Topic: wAP vs cAP ac vs hAP ac vs hAP ac2
Replies: 5
Views: 2075

Re: wAP vs cAP ac vs hAP ac vs hAP ac2

A nother question regarding the hAP ac2: can it be used with capsman and be used as a switch at the same time if i would plug in any laptops or other wired junk if i neded an umph in speed?
Sure.
by xvo
Tue Sep 11, 2018 2:24 pm
Forum: Wireless Networking
Topic: wAP vs cAP ac vs hAP ac vs hAP ac2
Replies: 5
Views: 2075

Re: wAP vs cAP ac vs hAP ac vs hAP ac2

wAP ac is a good device but it is indeed bottlenecked by cpu. With VLAN's configured it can deliver about 200mbit when two chains are used. Haven't tested it with three chains thou. I think you'd better go with newer devices: cAP ac or hAP ac2 (depending on where you would like to mount AP's) - most...
by xvo
Tue Sep 11, 2018 1:42 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 2029

Re: Bridge VLAN Filtering help [SOLVED]

/interface vlan add interface=ether3 name=vlan200 vlan-id=200 add interface=ether3 name=vlan300 vlan-id=300 add interface=ether3 name=vlan400 vlan-id=400 This part on CHR-1 is wrong: the interfaces should be created on top of the bridge, not ether3. Then you add ether2 to the same bridge1, set PVID...
by xvo
Tue Sep 11, 2018 11:04 am
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+PC
Replies: 2
Views: 437

Re: CCR1009-7G-1C-1S+PC

by xvo
Sun Sep 09, 2018 1:38 pm
Forum: General
Topic: How isolate a WiFi connected device ?
Replies: 4
Views: 493

Re: How isolate a WiFi connected device ?

The only way to do this on mikrotik side only (and the easiest way overall) is to enable wlan on mikrotik solely for this device, exclude wlan interface from the bridge and add a firewall rule that will drop everything from this wlan interface to the rest of the lan. Otherwise you need to look for i...
by xvo
Fri Sep 07, 2018 9:16 am
Forum: General
Topic: CCR1009- PSU2 enetered state FAIL
Replies: 3
Views: 2506

Re: CCR1009- PSU2 enetered state FAIL

thank you for the reply ! So I over-reacted. I don't need to worry about it ?
My CCR1009 behaves the same way.
But if you haven't done that already, I suggest you to temporarily switch the power cord from PSU1 to PSU2 to know for sure that they are both working properly :)
by xvo
Thu Sep 06, 2018 10:17 pm
Forum: General
Topic: CCR1009- PSU2 enetered state FAIL
Replies: 3
Views: 2506

Re: CCR1009- PSU2 enetered state FAIL

It failed to provide power to the unit.
Obviously the reason of this failure is that you didn't connect it to the power outlet :)
by xvo
Thu Sep 06, 2018 9:59 pm
Forum: SwOS
Topic: LAG (LACP) or RSTP or both???
Replies: 17
Views: 3127

Re: LAG (LACP) or RSTP or both???

You really need (R/M)STP to run on top of LACP bonding if you add the "Switch C" for the whole system to work (your lower picture). The LACP bonding itself will be treated like one physical port by RSTP - it can't disable only part of it. But if there is no other potential loops, and the LACP bondin...
by xvo
Thu Sep 06, 2018 9:35 pm
Forum: Wireless Networking
Topic: Trouble with DHCP on Wireless [SOLVED]
Replies: 7
Views: 1036

Re: Trouble with DHCP on Wireless [SOLVED]

@xvo: Thanks a lot. Do you have any resources like documentation or tutorials on this? I would like to learn more about this. I thought tagging here is not needed, since it is already done at capsman datapath. You are welcome. The thing is, that the whole approach on vlan filtering on the bridge is...
by xvo
Thu Sep 06, 2018 2:11 am
Forum: Wireless Networking
Topic: Trouble with DHCP on Wireless [SOLVED]
Replies: 7
Views: 1036

Re: Trouble with DHCP on Wireless [SOLVED]

The Capsman Interface for the appropriate Wireless under "/interface bridge port" is actually shown as dynamic and can not been changed. I have changed the Interface "CAP" to PVID200 but I dont see a change - the client still dont get an IP from the DHCP-Server. Flags: X - disabled, I - inactive, D...
by xvo
Wed Sep 05, 2018 11:16 pm
Forum: Wireless Networking
Topic: Trouble with DHCP on Wireless [SOLVED]
Replies: 7
Views: 1036

Re: Trouble with DHCP on Wireless [SOLVED]

Check that capsman interface is set to be a tagged port for vlan200 on the bridge.
by xvo
Wed Sep 05, 2018 4:00 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

Finally:
RB4011iGSplusRM-180905135303.png
by xvo
Wed Sep 05, 2018 3:54 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM inter vlan routing performance
Replies: 1
Views: 500

Re: CRS328-24P-4S+RM inter vlan routing performance

Routing between vlans is done by CPU and it won't be able to handle 2Gbit, only around 1Gbit:
https://mikrotik.com/product/crs328_24p ... estresults

RB450Gx4, hAP ac2, hEX, hEX S should be able to route around 2Gbit according to official test results.
by xvo
Tue Sep 04, 2018 7:39 pm
Forum: RouterBOARD hardware
Topic: Need new hardware (8ports and 16ports)
Replies: 29
Views: 1840

Re: Need new hardware (8ports and 16ports)

xvo It is a cry in emptiness, we can only give an idea, its development and financial return depends on their decision If you have somewhere to hide the appearance of the device, then you are lucky, and when there is no such opportunity, I have the right to offer my idea, and spit on your opinion D...
by xvo
Tue Sep 04, 2018 7:04 pm
Forum: RouterBOARD hardware
Topic: Need new hardware (8ports and 16ports)
Replies: 29
Views: 1840

Re: Need new hardware (8ports and 16ports)

pe1chl When you come across a problem - one outlet ethernet for the whole department, then we'll talk (socket for 220v - one) xvo Most network devices consist of 8 ports, I just point out that the Mikrotik does not have such devices, even simple switches for 8 ports Why should we buy a device that ...
by xvo
Tue Sep 04, 2018 6:38 pm
Forum: RouterBOARD hardware
Topic: Need new hardware (8ports and 16ports)
Replies: 29
Views: 1840

Re: Need new hardware (8ports and 16ports)

Ok. So now just everybody can ask for a custom device for his specific needs and set a price for it himself?!
No to googling for what is actually an the market?
No to designing the network according to it?
No to trying to fit everything in the budget?
Just like that?!
by xvo
Mon Sep 03, 2018 7:32 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

The spec sheet lists the max operating temp as +45 C, which is much lower than most other models. I've seen ambient (internal) temps of 60c on my routers that are inside telecom closets etc so unless this has some active cooling, I'm worried it won't be able to operate in the same environments as c...
by xvo
Mon Sep 03, 2018 12:57 pm
Forum: Wireless Networking
Topic: Dual-concurrent info
Replies: 1
Views: 274

Re: Dual-concurrent info

Sure. You can use one radio as a client to existing wifi and the second for your own wifi network. And more to it - this can be done even on the devices with only one radio, using virtual wlan interface. The downsides of this approach are that both networks use the same channel and that the overall ...
by xvo
Sun Sep 02, 2018 8:25 pm
Forum: RouterBOARD hardware
Topic: RB 3011
Replies: 5
Views: 649

Re: RB 3011

why not
is rb 3011 best than cloud core crs 125 ? i use it as a switch....
RB3011 is a better router, but CRS125 is a better switch.
So replacing CRS125 by RB3011 as a switch is not a good idea, but adding RB3011 to act like a dedicated router sounds much better.
by xvo
Sun Sep 02, 2018 12:44 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

One question: why you need to push all that through the router? Why not to switch the most part? Long story short - MikroTik switches don't support VEPA and I use VEPA. And datacenter switches that support VEPA cost more than MikroTik router that can handle 10G lol. And I want to have stateful fire...
by xvo
Sat Sep 01, 2018 11:21 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

Correction: 10 Gbps. Or more precisely: 12 Gbps because I use SFP+ link only for VMs networks on home hypervisor plus NAS. Other networks eg. for my laptop and phone go through dedicated LACP bonding 2G to CCR so I have total 12G pipe between CRS317+CRS326 and CCR1009. Also all other ports in CCR a...
by xvo
Sat Sep 01, 2018 10:54 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

The move toward ARM had really boosted up performance per $: hAP ac2, now RB4011.
The next logical move is to extend this further to CCR line: the new ones in 400-500$ range can turn out real beasts if this trend will persist :)
by xvo
Sat Sep 01, 2018 10:05 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

Being a CCR1009 owner I can confirm - it is way overkill for home use. I ended with it only because I found one used for nearly the price of 3011. Otherwise it makes no sense, especially now, when you can get 4011 + CRS326 for the price of 1009. Though even home user can kill CCR1009 if you use too...
by xvo
Sat Sep 01, 2018 8:35 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that. i think with rb4011rm ccr1009 is dead That's brave statement :D Still CCR1009 has number of features that RB4011 doesn't. It still has significantly higher routing performance, p...
by xvo
Fri Aug 31, 2018 11:15 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

The chip itself supports VLANs. So the limitations of this switch chip implementation in RB1100 are at some point artificial, or at least not dependant on switch chip only. Right again. So let's hope MT fixes this on RB1100AHx4 before launch of RB4011 ... then the new unit might become more sexy ag...
by xvo
Fri Aug 31, 2018 11:02 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

Hummm ... used switch chip RTL8367 seems not to support VLAN in hardware. So usability of those 10 ethernet ports will be limited as switched ports when VLANs are in use ... as all the traffic will hit CPU. It seems like I won't have to defend the level of sex appeal of this unit from my better hal...
by xvo
Fri Aug 31, 2018 10:48 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

I wonder how would two units, rack-mounted side-by-side (custom rack-mount hardware needed), would look like. I guess ugly as well due to weird (for rack-mounting at least) unit height. With 228mm width two of them won't easily fit side-by-side. Not easy but should be doable ... 19" racks accept 48...
by xvo
Fri Aug 31, 2018 10:33 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

I wonder how would two units, rack-mounted side-by-side (custom rack-mount hardware needed), would look like. I guess ugly as well due to weird (for rack-mounting at least) unit height.
With 228mm width two of them won't easily fit side-by-side.
by xvo
Thu Aug 30, 2018 9:34 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

I wonder what processors will we see in future RB1100 and CCR series, as RBx011 has 4x1.4GHz now... Prices are probably estimated but from what resellers suggest RB4011 won't be direct RB2011 successor as it's gonna be priced significantly higher (which obviously makes sense, after all it has the s...
by xvo
Thu Aug 30, 2018 8:04 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70992

Re: RB4011

I wonder what processors will we see in future RB1100 and CCR series, as RBx011 has 4x1.4GHz now...
by xvo
Thu Aug 30, 2018 6:11 pm
Forum: RouterBOARD hardware
Topic: Suggestion: release routers with preinstalled Factory Software from Bugfix release chain
Replies: 6
Views: 663

Re: Suggestion: release routers with preinstalled Factory Software from Bugfix release chain

DON'T do this Mikrotik, very bad idea !!!
RC is development and should be treated as beta software !
...and that is why the suggestion was about the "Bugfix" tree, not "RC"... :)
by xvo
Wed Aug 29, 2018 9:27 pm
Forum: Wireless Networking
Topic: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]
Replies: 14
Views: 1895

Re: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]

/interface wireless info> country-info    
country: kazakhstan
  ranges: 2402-2482/b,g,gn20,gn40(20dBm)
          2417-2457/g-turbo(20dBm)
          902-927/b,g,g-turbo,gn20,gn40(30dBm)
So, just use "no-country-set".
by xvo
Wed Aug 29, 2018 12:43 pm
Forum: Wireless Networking
Topic: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]
Replies: 14
Views: 1895

Re: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]

Try specifying the target for provision not by some wide criteria, but by MAC address of the CAP directly.
When you will be sure, that config itself is working right on the cap, you can then play with the provison method.
by xvo
Wed Aug 29, 2018 11:12 am
Forum: Wireless Networking
Topic: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]
Replies: 14
Views: 1895

Re: CAPsMAN - can't get 5GHz band on wAP ac to work [SOLVED]

Your 5GHz is running on 5785 MHz (157 Channel) - not all devices and not in all countries support channels 149,153,157,161.
Try changing to 5150 – 5250 MHz
by xvo
Wed Aug 29, 2018 10:21 am
Forum: General
Topic: NAT Bypass
Replies: 1
Views: 261

Re: NAT Bypass

Add an out-interface= to masquerade rule.
by xvo
Tue Aug 28, 2018 12:15 am
Forum: Beginner Basics
Topic: Mikrotik VLANs (Office, Guest, Managment)
Replies: 10
Views: 1414

Re: Mikrotik VLANs (Office, Guest, Managment)

If you firewall consists of just these two entries for now, then there is no need to add anything else for this to work. Now it accepts all, that is not forbidden. But as I already said - try reading something about firewall in general, because you definitely want to forbid more. If not even reverse...
by xvo
Mon Aug 27, 2018 8:03 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21425

Re: bridge vlan setup (new way) [SOLVED]

I'd correct it a small bit - for a given VID, you need to add bridge X itself to the list of tagged member ports of bridge X not only if you want to add an /interface vlan for that VID, to which you could attach an IP configuration (static address or dhcp client), but also if you want to make some ...
by xvo
Mon Aug 27, 2018 7:10 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21425

Re: bridge vlan setup (new way) [SOLVED]

@xvo Thank you for input. These MikroTik devices are really acting as switches -- they're hanging off a Cisco switch (upstream) and the core router is an RB1100ahx4.. So is my entire issue because I never added this master bridge interface to the list of interfaces that need to be set to tagged und...
by xvo
Mon Aug 27, 2018 6:36 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21425

Re: bridge vlan setup (new way) [SOLVED]

Everything right. As for vlan interfaces: you need to create ones on top of the bridge only for the vlan-ids, for which you have specified the bridge itself as a tagged port - to attach the ip configuration (addresses, dhcp clients/servers etc.) for these vlans. For "default" vlan id (that is set in...
by xvo
Mon Aug 27, 2018 4:18 pm
Forum: Beginner Basics
Topic: CAPsMAN: RB3011 and wAP ac - problems
Replies: 3
Views: 493

Re: CAPsMAN: RB3011 and wAP ac - problems

What is "CAP" configuration on CAPs?
Do they look for capsman in the right interface?

Ant why do you have two provisions if they are identical?
by xvo
Mon Aug 27, 2018 3:49 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1365

Re: Bridge VLAN filtering

You still have one of the vlans left as bridge port: add bridge=mainbridge tagged=mainbridge untagged=\ ether4-trunk,vlan1,ether5-vlan10-wlan vlan-ids=1 And on your RB951 ether1-trunk is not a trunk really, it gets only vlan1 untagged, and that's all: /interface bridge vlan add bridge=vlanbridge tag...
by xvo
Mon Aug 27, 2018 12:49 am
Forum: Beginner Basics
Topic: Mikrotik VLANs (Office, Guest, Managment)
Replies: 10
Views: 1414

Re: Mikrotik VLANs (Office, Guest, Managment)

Thank for your reply I did not set anything in the firewall rules. Can you help me and give instructions on what to need set in the traffic between the vlan interfaces ? Well, if it will be your gateway router, you are going to need the firewall anyway. For a standard firewall with "drop everything...
by xvo
Mon Aug 27, 2018 12:27 am
Forum: Beginner Basics
Topic: Mikrotik VLANs (Office, Guest, Managment)
Replies: 10
Views: 1414

Re: Mikrotik VLANs (Office, Guest, Managment)

Read trough this thread: https://forum.mikrotik.com/viewtopic.php?f=2&t=138232 it show how to setup bridge and vlan for the 750Gr3 with ROS >=6.41 See at the bottom in the thread. You need to att the bridgin, bridge/ports and interface/vlan To Jotne: No offence. It is really great that you are tryi...
by xvo
Sun Aug 26, 2018 7:22 pm
Forum: Beginner Basics
Topic: Mikrotik VLANs (Office, Guest, Managment)
Replies: 10
Views: 1414

Re: Mikrotik VLANs (Office, Guest, Managment)

It seems that you've already done all L2 configuration.
The rest is just firewall rules to allow/drop the traffic between the vlan interfaces.
by xvo
Sun Aug 26, 2018 3:17 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4 power requirements
Replies: 1
Views: 355

Re: RB1100AHx4 power requirements

20-57 is for POE input.
by xvo
Sun Aug 26, 2018 12:51 pm
Forum: RouterBOARD hardware
Topic: wsAP ac lite power clarification
Replies: 1
Views: 312

Re: wsAP ac lite power clarification

wsAP ac lite can be powered with passive poe. However, there is a recend thread on the forum, about hEX S having some poe output problems to hAP ac2: https://forum.mikrotik.com/viewtopic.php?f=2&t=138036 Power consumption for wsAP ac lite is lower than for hAP ac2 (10W and 15W respectively), and on ...
by xvo
Sun Aug 26, 2018 9:50 am
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2527

Re: wAP ac as bridge mode [SOLVED]

Looks ok!
You are welcome :)
by xvo
Sat Aug 25, 2018 4:30 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1365

Re: Bridge VLAN filtering

@xvo: Unfortunately, the client 2 client forwarding as well as local forwarding is not the solution: still no connection within VLAN3 via wifi. :-)

@jotne: Thanks for the link - I will go reading now!
It should be something on the devices themselves then, just like it was with NAS2 :)
by xvo
Sat Aug 25, 2018 3:42 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1365

Re: Bridge VLAN filtering

Fine thanks - I still have a lot to learn about VLANs :) Now the 2 NAS are fine in VLAN2 living on physical ports and I have to find out why 2 devices in VLAN3 cannot talk to each other (both connected via CAP1-iot) before I can move on with stage 2 (getting another VLAN switch running on the trunk...
by xvo
Sat Aug 25, 2018 3:38 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 31061

Re: v6.42.7 [current] is released!

Yes, I tried it as first. But after restart is still Wireless package on it :(
Looks like netinstall is the only solution:
viewtopic.php?f=1&t=133352&p=655190
by xvo
Sat Aug 25, 2018 3:01 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1365

Re: Bridge VLAN filtering

You have your VLAN interfaces created on top of the bridge added to the same bridge as bridge ports. That's not right. Remove all VLAN interfaces from bridge ports. And then add the bridge itself as a tagged member of each VLAN that have a corresponding VLAN interface. I guess i mixed up old and ne...
by xvo
Sat Aug 25, 2018 2:57 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 31061

Re: v6.42.7 [current] is released!

Hello, I have a big problem for me. I wanted to update RouterOS to v 6.42.7 but without success. Now I have disable Wireless module and my AP's are broken because my CAPsMAN is off. If I want to enable a Wireless module nothing will hapend after restart :( Can you help me? Thank's Update.png That's...
by xvo
Sat Aug 25, 2018 2:48 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2527

Re: wAP ac as bridge mode [SOLVED]

Almost everything is done right. The only things. 1) Go to "Bridge", tab "Bridge" - here you can delete the bridge named "bridge" as you don't use it anymore, leave only bridge1. 2) Then "Bridge", tab "Port" - delete LAN, leave wlan1, wlan2 and ether1. 3) And the last, go to "Interfaces", tab "Inter...
by xvo
Sat Aug 25, 2018 2:29 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 873

Re: Routing and redirect from same network

I didn't spot any potential problems. Especially if you allow everything in firewall during the tests. I can suggest you to take any other mikrotik router and try to simulate the situation. First placing in instead of LinkSys, with your first mikrotik in place, and configured as it is now. And secon...
by xvo
Sat Aug 25, 2018 1:44 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1365

Re: Bridge VLAN filtering

Found another thing in your config, that you will need to add, after removing VLAN interfaces from being the bridge ports. In your interface lists you have only bridge added as a member of LAN. This works for all interfaces, that are ports of the bridge. But not the interfaces, that are created on t...
by xvo
Sat Aug 25, 2018 1:14 pm
Forum: Beginner Basics
Topic: GPON Terminal + HAP AC^2
Replies: 2
Views: 359

Re: GPON Terminal + HAP AC^2

Test your line between the wall plugs.
by xvo
Sat Aug 25, 2018 1:04 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1365

Re: Bridge VLAN filtering

You have your VLAN interfaces created on top of the bridge added to the same bridge as bridge ports.
That's not right.
Remove all VLAN interfaces from bridge ports.
And then add the bridge itself as a tagged member of each VLAN that have a corresponding VLAN interface.
by xvo
Sat Aug 25, 2018 11:53 am
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2527

Re: wAP ac as bridge mode [SOLVED]

Try changing "Channel width" for 5Ghz back to "20/40/80mhz-Ceee". Can be, that your devices don't like the XXXX setting. Apart from that I see many parts from previous config, that are still present, but not needed anymore. They are not actually active, but It's better to delete or modify them. Inte...
by xvo
Fri Aug 24, 2018 6:29 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 873

Re: Routing and redirect from same network

How does the route to 192.168.2.0/24 on mikrotik look like? /ip> route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 91.xxx.xxx.xx...
by xvo
Fri Aug 24, 2018 6:07 pm
Forum: Beginner Basics
Topic: RB951g-2HnD setting internal DNS only. [SOLVED]
Replies: 4
Views: 531

Re: RB951g-2HnD setting internal DNS only. [SOLVED]

Do you have "Allow remote requests" checked in your DNS settings?
by xvo
Fri Aug 24, 2018 3:29 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 873

Re: Routing and redirect from same network

How does the route to 192.168.2.0/24 on mikrotik look like?
by xvo
Fri Aug 24, 2018 12:42 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 873

Re: Routing and redirect from same network

In your Linksys config for the route I see, that you choose "3 (DMZ)".
Is it possible, that Linksys applies some different firewall behaviour to this route because of that?
For example opening/closing ports automatically?
Are DMZ settings configured anywhere else?
by xvo
Fri Aug 24, 2018 2:39 am
Forum: RouterBOARD hardware
Topic: Stable RB951G or a new hAP ac2
Replies: 16
Views: 3680

Re: Stable RB951G or a new hAP ac2

Kind of proud for my wAP ac, as it outperforms the newer and much more powerful hAP ac2 even when utilising 2 of 3 chains. I got stable 200/230 TX/RX with 10 UDP streams, 190/230 with single UDP and 160/200 with TCP. When testing from iphone I've even seen something like 260-270RX on peaks, but it w...
by xvo
Fri Aug 24, 2018 1:58 am
Forum: General
Topic: dynamic address list from firewall rule
Replies: 2
Views: 340

Re: dynamic address list from firewall rule

Everything seems fine in your config line.
What do you mean by "creates a new address list every time it creates an entry" - each entry have different name?
by xvo
Fri Aug 24, 2018 1:22 am
Forum: Wireless Networking
Topic: Can I run separate Hotspot servers per VLAN?
Replies: 8
Views: 882

Re: Can I run separate Hotspot servers per VLAN?

Also models with QCA8337, Atheros8327, Atheros8316 switch chips seem to be able to use the same method as for CRS3xx, but their rule tables are smaller.
by xvo
Thu Aug 23, 2018 10:24 pm
Forum: General
Topic: DMZ Routing question (Stuck)
Replies: 17
Views: 954

Re: DMZ Routing question (Stuck)

...one post to find what the problem is... ...one post to suggest a solution... ...ten posts to convince, that it is the only solution... ...sigh... Nevermind, just grumbling :) Thanks, but as i'm sure you know with any IT problem there is no "one solution" so whilst everyone including yourself abo...
by xvo
Thu Aug 23, 2018 8:43 pm
Forum: Wireless Networking
Topic: Public WiFi making money with ads
Replies: 3
Views: 712

Re: Public WiFi making money with ads

You'd make more money faster just charging for internet access over it.
Nice one! :lol:
by xvo
Thu Aug 23, 2018 8:33 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2527

Re: wAP ac as bridge mode [SOLVED]

After that just make another export and I'll help you to add 2.4Ghz radio.
by xvo
Thu Aug 23, 2018 8:28 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2527

Re: wAP ac as bridge mode [SOLVED]

Little correction: it's better to set to Channel Width to "20/40/80Mhz XXXX", as you are using "auto" channel.
by xvo
Thu Aug 23, 2018 8:21 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2527

Re: wAP ac as bridge mode [SOLVED]

The best (but maybe not the easiest) way is to remove all config and write it from scratch. If you want to stick to QuickSet... Well, you can't do it all with QuickSet only, but the closest you can get is WISP AP mode. screen1.jpg The only thing you will need to add manually - are settings for the s...
by xvo
Thu Aug 23, 2018 7:34 pm
Forum: General
Topic: DMZ Routing question (Stuck)
Replies: 17
Views: 954

Re: DMZ Routing question (Stuck)

...one post to find what the problem is...
...one post to suggest a solution...
...ten posts to convince, that it is the only solution...
...sigh...

Nevermind, just grumbling :)
by xvo
Thu Aug 23, 2018 1:03 pm
Forum: Beginner Basics
Topic: Error:could not connect to 192.168.15.1
Replies: 4
Views: 10158

Re: Error:could not connect to 192.168.15.1

Check if the winbox access is allowed for you in /ip services.
Check your firewall for winbox port to be open for you.
  • 1
  • 2