Community discussions

Search found 420 matches

  • 1
  • 2
by xvo
Sun Aug 26, 2018 7:22 pm
Forum: Beginner Basics
Topic: Mikrotik VLANs (Office, Guest, Managment)
Replies: 10
Views: 1410

Re: Mikrotik VLANs (Office, Guest, Managment)

It seems that you've already done all L2 configuration.
The rest is just firewall rules to allow/drop the traffic between the vlan interfaces.
by xvo
Sun Aug 26, 2018 3:17 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4 power requirements
Replies: 1
Views: 355

Re: RB1100AHx4 power requirements

20-57 is for POE input.
by xvo
Sun Aug 26, 2018 12:51 pm
Forum: RouterBOARD hardware
Topic: wsAP ac lite power clarification
Replies: 1
Views: 312

Re: wsAP ac lite power clarification

wsAP ac lite can be powered with passive poe. However, there is a recend thread on the forum, about hEX S having some poe output problems to hAP ac2: https://forum.mikrotik.com/viewtopic.php?f=2&t=138036 Power consumption for wsAP ac lite is lower than for hAP ac2 (10W and 15W respectively), and on ...
by xvo
Sun Aug 26, 2018 9:50 am
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2518

Re: wAP ac as bridge mode [SOLVED]

Looks ok!
You are welcome :)
by xvo
Sat Aug 25, 2018 4:30 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1363

Re: Bridge VLAN filtering

@xvo: Unfortunately, the client 2 client forwarding as well as local forwarding is not the solution: still no connection within VLAN3 via wifi. :-)

@jotne: Thanks for the link - I will go reading now!
It should be something on the devices themselves then, just like it was with NAS2 :)
by xvo
Sat Aug 25, 2018 3:42 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1363

Re: Bridge VLAN filtering

Fine thanks - I still have a lot to learn about VLANs :) Now the 2 NAS are fine in VLAN2 living on physical ports and I have to find out why 2 devices in VLAN3 cannot talk to each other (both connected via CAP1-iot) before I can move on with stage 2 (getting another VLAN switch running on the trunk...
by xvo
Sat Aug 25, 2018 3:38 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 31040

Re: v6.42.7 [current] is released!

Yes, I tried it as first. But after restart is still Wireless package on it :(
Looks like netinstall is the only solution:
viewtopic.php?f=1&t=133352&p=655190
by xvo
Sat Aug 25, 2018 3:01 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1363

Re: Bridge VLAN filtering

You have your VLAN interfaces created on top of the bridge added to the same bridge as bridge ports. That's not right. Remove all VLAN interfaces from bridge ports. And then add the bridge itself as a tagged member of each VLAN that have a corresponding VLAN interface. I guess i mixed up old and ne...
by xvo
Sat Aug 25, 2018 2:57 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 31040

Re: v6.42.7 [current] is released!

Hello, I have a big problem for me. I wanted to update RouterOS to v 6.42.7 but without success. Now I have disable Wireless module and my AP's are broken because my CAPsMAN is off. If I want to enable a Wireless module nothing will hapend after restart :( Can you help me? Thank's Update.png That's...
by xvo
Sat Aug 25, 2018 2:48 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2518

Re: wAP ac as bridge mode [SOLVED]

Almost everything is done right. The only things. 1) Go to "Bridge", tab "Bridge" - here you can delete the bridge named "bridge" as you don't use it anymore, leave only bridge1. 2) Then "Bridge", tab "Port" - delete LAN, leave wlan1, wlan2 and ether1. 3) And the last, go to "Interfaces", tab "Inter...
by xvo
Sat Aug 25, 2018 2:29 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 872

Re: Routing and redirect from same network

I didn't spot any potential problems. Especially if you allow everything in firewall during the tests. I can suggest you to take any other mikrotik router and try to simulate the situation. First placing in instead of LinkSys, with your first mikrotik in place, and configured as it is now. And secon...
by xvo
Sat Aug 25, 2018 1:44 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1363

Re: Bridge VLAN filtering

Found another thing in your config, that you will need to add, after removing VLAN interfaces from being the bridge ports. In your interface lists you have only bridge added as a member of LAN. This works for all interfaces, that are ports of the bridge. But not the interfaces, that are created on t...
by xvo
Sat Aug 25, 2018 1:14 pm
Forum: Beginner Basics
Topic: GPON Terminal + HAP AC^2
Replies: 2
Views: 358

Re: GPON Terminal + HAP AC^2

Test your line between the wall plugs.
by xvo
Sat Aug 25, 2018 1:04 pm
Forum: Beginner Basics
Topic: Bridge VLAN filtering
Replies: 18
Views: 1363

Re: Bridge VLAN filtering

You have your VLAN interfaces created on top of the bridge added to the same bridge as bridge ports.
That's not right.
Remove all VLAN interfaces from bridge ports.
And then add the bridge itself as a tagged member of each VLAN that have a corresponding VLAN interface.
by xvo
Sat Aug 25, 2018 11:53 am
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2518

Re: wAP ac as bridge mode [SOLVED]

Try changing "Channel width" for 5Ghz back to "20/40/80mhz-Ceee". Can be, that your devices don't like the XXXX setting. Apart from that I see many parts from previous config, that are still present, but not needed anymore. They are not actually active, but It's better to delete or modify them. Inte...
by xvo
Fri Aug 24, 2018 6:29 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 872

Re: Routing and redirect from same network

How does the route to 192.168.2.0/24 on mikrotik look like? /ip> route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 91.xxx.xxx.xx...
by xvo
Fri Aug 24, 2018 6:07 pm
Forum: Beginner Basics
Topic: RB951g-2HnD setting internal DNS only. [SOLVED]
Replies: 4
Views: 530

Re: RB951g-2HnD setting internal DNS only. [SOLVED]

Do you have "Allow remote requests" checked in your DNS settings?
by xvo
Fri Aug 24, 2018 3:29 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 872

Re: Routing and redirect from same network

How does the route to 192.168.2.0/24 on mikrotik look like?
by xvo
Fri Aug 24, 2018 12:42 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 872

Re: Routing and redirect from same network

In your Linksys config for the route I see, that you choose "3 (DMZ)".
Is it possible, that Linksys applies some different firewall behaviour to this route because of that?
For example opening/closing ports automatically?
Are DMZ settings configured anywhere else?
by xvo
Fri Aug 24, 2018 2:39 am
Forum: RouterBOARD hardware
Topic: Stable RB951G or a new hAP ac2
Replies: 16
Views: 3668

Re: Stable RB951G or a new hAP ac2

Kind of proud for my wAP ac, as it outperforms the newer and much more powerful hAP ac2 even when utilising 2 of 3 chains. I got stable 200/230 TX/RX with 10 UDP streams, 190/230 with single UDP and 160/200 with TCP. When testing from iphone I've even seen something like 260-270RX on peaks, but it w...
by xvo
Fri Aug 24, 2018 1:58 am
Forum: General
Topic: dynamic address list from firewall rule
Replies: 2
Views: 340

Re: dynamic address list from firewall rule

Everything seems fine in your config line.
What do you mean by "creates a new address list every time it creates an entry" - each entry have different name?
by xvo
Fri Aug 24, 2018 1:22 am
Forum: Wireless Networking
Topic: Can I run separate Hotspot servers per VLAN?
Replies: 8
Views: 878

Re: Can I run separate Hotspot servers per VLAN?

Also models with QCA8337, Atheros8327, Atheros8316 switch chips seem to be able to use the same method as for CRS3xx, but their rule tables are smaller.
by xvo
Thu Aug 23, 2018 10:24 pm
Forum: General
Topic: DMZ Routing question (Stuck)
Replies: 17
Views: 954

Re: DMZ Routing question (Stuck)

...one post to find what the problem is... ...one post to suggest a solution... ...ten posts to convince, that it is the only solution... ...sigh... Nevermind, just grumbling :) Thanks, but as i'm sure you know with any IT problem there is no "one solution" so whilst everyone including yourself abo...
by xvo
Thu Aug 23, 2018 8:43 pm
Forum: Wireless Networking
Topic: Public WiFi making money with ads
Replies: 3
Views: 709

Re: Public WiFi making money with ads

You'd make more money faster just charging for internet access over it.
Nice one! :lol:
by xvo
Thu Aug 23, 2018 8:33 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2518

Re: wAP ac as bridge mode [SOLVED]

After that just make another export and I'll help you to add 2.4Ghz radio.
by xvo
Thu Aug 23, 2018 8:28 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2518

Re: wAP ac as bridge mode [SOLVED]

Little correction: it's better to set to Channel Width to "20/40/80Mhz XXXX", as you are using "auto" channel.
by xvo
Thu Aug 23, 2018 8:21 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2518

Re: wAP ac as bridge mode [SOLVED]

The best (but maybe not the easiest) way is to remove all config and write it from scratch. If you want to stick to QuickSet... Well, you can't do it all with QuickSet only, but the closest you can get is WISP AP mode. screen1.jpg The only thing you will need to add manually - are settings for the s...
by xvo
Thu Aug 23, 2018 7:34 pm
Forum: General
Topic: DMZ Routing question (Stuck)
Replies: 17
Views: 954

Re: DMZ Routing question (Stuck)

...one post to find what the problem is...
...one post to suggest a solution...
...ten posts to convince, that it is the only solution...
...sigh...

Nevermind, just grumbling :)
by xvo
Thu Aug 23, 2018 1:03 pm
Forum: Beginner Basics
Topic: Error:could not connect to 192.168.15.1
Replies: 4
Views: 10138

Re: Error:could not connect to 192.168.15.1

Check if the winbox access is allowed for you in /ip services.
Check your firewall for winbox port to be open for you.
by xvo
Thu Aug 23, 2018 12:37 pm
Forum: General
Topic: Firewall: accept established/related... in forward chain?
Replies: 6
Views: 1879

Re: Firewall: accept established/related... in forward chain?

It's the first rule to be set - so that 99% of you traffic won't wander through your firewall.
by xvo
Thu Aug 23, 2018 12:19 pm
Forum: Beginner Basics
Topic: wAP ac as bridge mode [SOLVED]
Replies: 14
Views: 2518

Re: wAP ac as bridge mode [SOLVED]

So what's the question?
Just configure wAP as a bridge and everything in you local network will get addresses from CCR.
by xvo
Thu Aug 23, 2018 12:12 pm
Forum: General
Topic: routerOS vs SwitchOS
Replies: 7
Views: 1234

Re: routerOS vs SwitchOS

I think you can buy the switch without any doubts: if it's router power won't be sufficient, you can always buy something like RB750Gr3 later for purely routing purposes.
Considering the prices for both devices... Well, you can buy RB750Gr3 on the change from buying the switch :)
by xvo
Thu Aug 23, 2018 1:00 am
Forum: Scripting
Topic: script for buttom mikrotik
Replies: 3
Views: 463

Re: script for buttom mikrotik

Just put the name of your interface:
if ([/interface get [find name=NAME] disabled] = no) do={ [/interface set [find name=NAME] disabled=yes] } else={[/interface set [find name=NAME] disabled=no] }
by xvo
Wed Aug 22, 2018 9:56 pm
Forum: General
Topic: routerOS vs SwitchOS
Replies: 7
Views: 1234

Re: routerOS vs SwitchOS

Based on what you described, you need to run RouterOS, as SwOS is only for L2 functions.

And once again, being a rather powerful switch, however it will be a rather weak router - for example don't expect gigabit speeds when routing between different VLANs.
by xvo
Wed Aug 22, 2018 9:37 pm
Forum: General
Topic: [SOLVED] IPv6 pings work, webpage won't load
Replies: 39
Views: 2344

Re: IPv6 works on router, not on clients

Try adding some static ipv6 dns servers to /ip dns (for example the ones from google: 2001:4860:4860::8888 and 2001:4860:4860::8844) and check "Advertise DNS"
by xvo
Wed Aug 22, 2018 7:58 pm
Forum: General
Topic: [SOLVED] IPv6 pings work, webpage won't load
Replies: 39
Views: 2344

Re: IPv6 works on router, not on clients

Just to clarify: do clients get the addresses but still they have no connectivity, or they don't get any addresses at all?
by xvo
Wed Aug 22, 2018 6:20 pm
Forum: General
Topic: routerOS vs SwitchOS
Replies: 7
Views: 1234

Re: routerOS vs SwitchOS

Much more switch, than router.
However all (or most) of the switch functionality is available in ROS as well, only the configuration methods are different.
by xvo
Wed Aug 22, 2018 5:52 pm
Forum: General
Topic: [SOLVED] IPv6 pings work, webpage won't load
Replies: 39
Views: 2344

Re: IPv6 works on router, not on clients

Other than "Accept Router Advertisements" need to be set to "no" or to "yes, if forwarding disabled" everything else looks fine.
by xvo
Wed Aug 22, 2018 5:16 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 872

Re: Routing and redirect from same network

How does 192.168.2.111 get it's address: from DHCP on 192.168.2.110 or you assign it manually?
by xvo
Wed Aug 22, 2018 5:11 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 872

Re: Routing and redirect from same network

Will it help if you connect mikrotik directly to linksys, not via the switch? No. still same symptoms So, once again: 1) you create a route on linksys 2) it doesn't work - devices on 192.168.2.0/24 can't reach devices in 10.64.128.0/22. 3a) you ping 192.168.2.110 from 192.168.2.111: the route start...
by xvo
Wed Aug 22, 2018 4:25 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Block traffic same subnet VLAN

Thanks xvo. ( "All work correctly") :) I mean that I do not want to change all the configuration of the network because everything currently works correctly. I also set several firewall rules (via mikrotik) I only have the problem that the devices connected to the cisco switch do not pass through t...
by xvo
Wed Aug 22, 2018 4:04 pm
Forum: Beginner Basics
Topic: Routing and redirect from same network
Replies: 18
Views: 872

Re: Routing and redirect from same network

Will it help if you connect mikrotik directly to linksys, not via the switch?
by xvo
Wed Aug 22, 2018 3:48 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Block traffic same subnet VLAN

@xvo Sorry ,your solution seems too complex and not easy to manage.At the moment all works correctly @cdiedrich you've figured out you're that problem! Access points via bridges always enter the mikrotik "forward chain" and can safely manage traffic through the integrated firewall. ACL ( in cisco s...
by xvo
Wed Aug 22, 2018 2:35 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Block traffic same subnet VLAN

I still don't understand completely what is it your are trying to achieve, but the solution lies in configuring port isolation on your switch. If you want to see ALL traffic on mikrotik to make the decision whether to forward it or drop it, you have to make all ports on the switch isolated(protected...
by xvo
Wed Aug 22, 2018 12:26 pm
Forum: Wireless Networking
Topic: Older Laptops Not Detecting SSID on SXT5nDr2
Replies: 7
Views: 567

Re: Older Laptops Not Detecting SSID on SXT5nDr2

Do this old laptops have dual band wifi 2.4/5GHz or just 2.4GHz?
by xvo
Wed Aug 22, 2018 2:00 am
Forum: Beginner Basics
Topic: Disable PoE
Replies: 5
Views: 2573

Re: Disable PoE

HEX PoE lite (RB750UPr2) has passible PoE. As I understand that means it does not check if the device uses PoE, so it's always on. I got it wrong? It's not like that. While it doesn't perform power negotiation, in terms of af/at standard (with device classification, etc.), it still checks the resis...
by xvo
Wed Aug 22, 2018 1:32 am
Forum: General
Topic: Limit-at and Max-limit
Replies: 3
Views: 594

Re: Limit-at and Max-limit

I would add a little more overhead, especially for limit-at (you are not really cutting anything): Parent max-limit 5M children1 limit-at 2M max-limit 4.5M children2 limit-at 2M max-limit 4.5M You can try different values trying to minimise the number of packets dropped. BTW, you can set different p...
by xvo
Wed Aug 22, 2018 12:37 am
Forum: Wireless Networking
Topic: [Solved] CAPsMAN - WAP AC - 5GHz - No Supported Band - United States 3 [SOLVED]
Replies: 13
Views: 11759

Re: [Solved] CAPsMAN - WAP AC - 5GHz - No Supported Band - United States 3 [SOLVED]

Note that there aren't the same choices for channel Band and provisioning HW supported mode. I'm not sure why, if it matters or what is actually being used. "HW supported modes" is not a part of the caps configuration, it is one of the ways to choose for which radio the provision is intended. For e...
by xvo
Wed Aug 22, 2018 12:25 am
Forum: General
Topic: Limit-at and Max-limit
Replies: 3
Views: 594

Re: Limit-at and Max-limit

The max-limit of all children queues has to be lower than max-limit of their parent. A little lower is enough. If only one of the children is active it is ok if it takes the whole bandwidth allocated for parent. But the more "spare" bandwidth you have for the parent max-limit over the children's max...
by xvo
Tue Aug 21, 2018 9:35 pm
Forum: General
Topic: DMZ Routing question (Stuck)
Replies: 17
Views: 954

Re: DMZ Routing question (Stuck)

You'll need Hairpin-NAT lots of good topics on this forum explaining that. Just do a search for Hairpin-NAT. https://forum.mikrotik.com/search.php?keywords=Hairpin+NAT Actually, there's no need for it: LAN and DMZ are different subnets. And I dont't really understand what is it all about - the only...
by xvo
Tue Aug 21, 2018 4:09 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

I have no guesses left then... Sorry.
by xvo
Tue Aug 21, 2018 3:37 pm
Forum: General
Topic: Winbox access to Mikrotik behind a MIkrotik
Replies: 9
Views: 626

Re: Winbox access to Mikrotik behind a MIkrotik

The best practice would be configuring a vpn to your 3011.
And then just give access to local resources from that vpn connection.
by xvo
Tue Aug 21, 2018 3:30 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

I cleared arp cache on vlan10 cisco switch. Also, I disabled ip arp-proxy, with no success Could it possibly be that this was done for all vlans except vlan10? https://community.cisco.com/t5/metro/disable-mac-address-learning-per-vlan/td-p/698258 https://www.cisco.com/c/en/us/td/docs/wireless/mwr_2...
by xvo
Tue Aug 21, 2018 2:49 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

Not, I didn't set any port to protected. I remind you that normally in order not to communicate 2 hosts I have to set a "drop" in IP filter Firewall. I'm still talking about cisco switch. There's nothing strange in mikrotik's bridge behaviour: if it gets frames from cisco - it forwards them, unless...
by xvo
Tue Aug 21, 2018 1:52 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

I checked everything on the cisco configuration. Everything seems to be the same Do you have any suggestions? Any PVLANs, or protected/isolated ports configured on the switch? But that would explain the situation when two hosts in one vlan CAN'T talk to each other, not the situation when they CAN b...
by xvo
Tue Aug 21, 2018 11:54 am
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

Simplistically I mentioned only 2 vlan.
Actually there are 8 vlan in the network and they all work like vlan20. :D
Thanks
Anyway, the answer has to be in cisco config.
by xvo
Tue Aug 21, 2018 11:39 am
Forum: General
Topic: Bridge VLAN Filtering
Replies: 22
Views: 7106

Re: Bridge VLAN Filtering

I'm playing with bridge VLANs on hAP ac2 (ROS version 6.42.7). I'm trying to do it in "the new way" only, so I don't want to touch /interface ethernet switch settings ... It's not clear to me what does setting vlan-filtering=yes on bridge change compared to setting vlan-filtering=no in sense of VLA...
by xvo
Tue Aug 21, 2018 1:38 am
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

hello. ARP is configured on mikrotik interface. cisco switch it used only at L2 (tagged port) using a trunk port. Well, there must be something in Cisco switch that is configured differently for this two vlans, that makes the switch send frames in vlan20 to mikrotik instead of to send them directly...
by xvo
Tue Aug 21, 2018 1:11 am
Forum: General
Topic: How to schedule Guest WiFi network?
Replies: 2
Views: 395

Re: How to schedule Guest WiFi network?

I can think of two ways. 1) Create two schedulers: one that disables the interface for your guest network at 22pm, and the other that enables it back on 8am. 2) Create two entries in access list for your guest wifi interface: one with authentication=yes and the time interval, when you want it to be ...
by xvo
Mon Aug 20, 2018 11:35 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

Only difference
vlan 10 ARP:enabled
vlan 20 ARP:reply on.
Disabled ARP on switch could be the answer.
After disabling it for vlan 10 did you reboot the switch or forced it to flush already learned MACs?
by xvo
Mon Aug 20, 2018 10:33 pm
Forum: General
Topic: VLAN over L2TP Bridging
Replies: 6
Views: 1200

Re: VLAN over L2TP Bridging

It doesn't let me to add the L2TP connection to the bridge port, it's added dynamically when the connection is up and I can't edit it. Any idea of how to change its settings in bridge? Hmmm... the number of bridge options in ppp profile is quite limited. So it seems that the "bad way" you already t...
by xvo
Mon Aug 20, 2018 9:07 pm
Forum: Beginner Basics
Topic: deleting bridge interface for better throughput. [SOLVED]
Replies: 5
Views: 578

Re: deleting bridge interface for better throughput. [SOLVED]

Since ROS 6.41 you can enable hardware offloading on bridges and for a simple setup (one bridge, no vlans, bondings etc.) this will be the same as using switch chip in switch menu. thank you co much mr.XVO, Since my ISP requires VLAN on PPPoE neccessary to establish internet connection. I must acti...
by xvo
Mon Aug 20, 2018 8:45 pm
Forum: Beginner Basics
Topic: deleting bridge interface for better throughput. [SOLVED]
Replies: 5
Views: 578

Re: deleting bridge interface for better throughput. [SOLVED]

Since ROS 6.41 you can enable hardware offloading on bridges and for a simple setup (one bridge, no vlans, bondings etc.) this will be the same as using switch chip in switch menu.
by xvo
Mon Aug 20, 2018 7:39 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

I had imagined it.
The problem that the other vlan work without problems.
Should it depend on a configuration on the interface of the cisco switch then?
Many thanks
Well, then it looks like all you need, is to find a place in cisco config where these two vlans are configured differently :)
by xvo
Mon Aug 20, 2018 6:49 pm
Forum: General
Topic: Block traffic same subnet VLAN
Replies: 35
Views: 2067

Re: Traffic same subnet

If both the device A and device B are connected to vlan-aware switch no wonder that traffic between them never even hit the router - the switch passes it directly.
You need to configure port isolation on the switch then.
by xvo
Mon Aug 20, 2018 5:24 pm
Forum: General
Topic: VLAN over L2TP Bridging
Replies: 6
Views: 1200

Re: VLAN over L2TP Bridging

xvo , I would like to use the correct configuration using bridge VLAN filter in RouterOS, but I can't understand how to adapt the wiki example to my situation... Could you help me :-) ? Does this simple example work in your case? https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#VLAN_Example_....
by xvo
Mon Aug 20, 2018 4:13 pm
Forum: General
Topic: VLAN over L2TP Bridging
Replies: 6
Views: 1200

Re: VLAN over L2TP Bridging

However/alternatively, if you can't change the other side, and you need to send the VLAN traffic tagged across the L2TP tunnel, then you need to create *two* bridges on your side: Bridge VLAN 10 and ether4 in bridge1, and do not put the L2TP tunnel in that bridge. This will properly untag VLAN 10 t...
by xvo
Mon Aug 20, 2018 12:56 pm
Forum: General
Topic: crs326 neighbor vs hw offload [SOLVED]
Replies: 4
Views: 431

Re: crs326 neighbor vs hw offload [SOLVED]

Nothing crazy about this: for neighbour discovery you need the connection between the interface and CPU (say router itself). It's is true by default for the bridge, but not for VLAN on this bridge. You need to add the bridge itself as untagged port for this VLAN - it will work then. More to it - whe...
by xvo
Sat Aug 18, 2018 1:57 pm
Forum: Beginner Basics
Topic: Hairpin NAT not working [SOLVED]
Replies: 3
Views: 578

Re: Hairpin NAT not working [SOLVED]

Hairpin NAT is used when you try to reach internal resources by external IP from the internal network, so what you've done is not hairpin nat. You should do something like: chain=srcnat action=src-nat src-address=192.168.200.0/24 dst-address=ROUTER_EXTERNAL_IP dst-port=80,443 to-addresses=ROUTER_INT...
by xvo
Fri Aug 17, 2018 2:29 pm
Forum: General
Topic: Why Fast Path not active?
Replies: 4
Views: 1354

Re: Why Fast Path not active?

IPv4 fast path is automatically used if following conditions are met: firewal rules are not configured; LOL, in this case Fast Path absolutely useless I do not have routerboards without firewall rules For LAN bridge without VLANs configured the conditions are met. Same thing for L3 switch interconn...
by xvo
Fri Aug 17, 2018 2:15 pm
Forum: Beginner Basics
Topic: VLAN configuration
Replies: 2
Views: 487

Re: VLAN configuration

1) Create bridges containing both ethernet and wireless interface on both devices. 2) Configure VLAN trunk for all your VLANs + Management VLAN on these bridges (both ethernet and wireless interfaces as tagged ports). 3) For management VLAN also add the bridges itself as tagged ports. 4) Create VLAN...
by xvo
Fri Aug 17, 2018 2:02 pm
Forum: General
Topic: How to access 2 routerboards without conflict between them by using vlan
Replies: 9
Views: 837

Re: How to access 2 routerboards without conflict between them by using vlan

last question please ....what do mean by your saying ( remove bridge and use ip firewall connecting on L3 ) ?? i mean how will you do that if you have this drawing idea ?? thanks to all GOD pless you This solution also doesn't completely satisfy your initial request (you will end up with 3 differen...
by xvo
Fri Aug 17, 2018 1:20 pm
Forum: General
Topic: Why Fast Path not active?
Replies: 4
Views: 1354

Re: Why Fast Path not active?

Could be lots of reasons depending on your config.

Here are the lists of conditions, that must be met:
https://wiki.mikrotik.com/wiki/Manual:F ... v4_handler
https://wiki.mikrotik.com/wiki/Manual:F ... ge_handler
by xvo
Fri Aug 17, 2018 12:03 pm
Forum: General
Topic: How to access 2 routerboards without conflict between them by using vlan
Replies: 9
Views: 837

Re: How to access 2 routerboards without conflict between them by using vlan

you are right ....i just asked if i can perform my idea by using VLANS ..... so, lets we say that VALN generally is not used to isolate the ports in mikrotik system ??? VLANs are definitely used to isolate parts of the network from each other, and you can configure your router in the way, where eac...
by xvo
Thu Aug 16, 2018 8:48 pm
Forum: General
Topic: How to access 2 routerboards without conflict between them by using vlan
Replies: 9
Views: 837

Re: How to access 2 routerboards without conflict between them by using vlan

If you want to have one subnet, everything connected on L2, but not this 2 ports, vlans won't help you to achieve both at the same time. You can use bridge filter. ...or remove the bridge and use firewall, connecting on L3. ...or use bridge horizon after all :) Seriously, what's wrong with it? Or th...
by xvo
Wed Aug 15, 2018 8:45 pm
Forum: General
Topic: Bridge port received packet with own address as source address, probably loop
Replies: 9
Views: 4171

Re: Same MAC on bridge, ether and vlan

What about the Unifi APs themselves, should I leave them on dhcp1 server with vlan1?
I think it's better to have the APs themselves in private VLAN (or in another one, purely for management), but not in the guest one. :)
by xvo
Tue Aug 14, 2018 1:33 pm
Forum: General
Topic: Bridge port received packet with own address as source address, probably loop
Replies: 9
Views: 4171

Re: Same MAC on bridge, ether and vlan

I dont have any such configuration. It is my understanding you only need this if you use bridge filtering. On a side note, I restarted all devices yesterday and didn't receive any such messages in the log since then. Ah, I see. So you just use the bridge in a form of another dumb switch. It should ...
by xvo
Tue Aug 14, 2018 1:42 am
Forum: General
Topic: Bridge port received packet with own address as source address, probably loop
Replies: 9
Views: 4171

Re: Same MAC on bridge, ether and vlan

And where is the most relevant part of config: "/interface bridge vlan"?
by xvo
Sun Aug 12, 2018 2:46 pm
Forum: Beginner Basics
Topic: CRS109 not reachable with winbox through vlan [SOLVED]
Replies: 2
Views: 349

Re: CRS109 not reachable with winbox through vlan [SOLVED]

1) http(s), winbox by ip: your mikrotik probably doesn't have an address itself or at least an address inside the vlan your are connecting your pc - look where dhcp client is attached (or address, if you configured it manually). 2) access to winbox by MAC: the list of interfaces from which you can a...
by xvo
Thu Aug 09, 2018 6:23 pm
Forum: Beginner Basics
Topic: Please help me get my network in order
Replies: 7
Views: 772

Re: Please help me get my network in order

I got the bridge working. Most of the devices get an IP address like 192.168.1.X (like the Zyxel router) and have internet access, but some devices get an IP like 192.168.88.X and don't have access to the internet. Zyxel's clients get IP's like 192.168.1.X, is it possible that devices that connect ...
by xvo
Thu Aug 09, 2018 1:34 pm
Forum: Wireless Networking
Topic: 5 GHz SSID not shown after CAPsMan is enabled
Replies: 6
Views: 1133

Re: 5 GHz SSID not shown after CAPsMan is enabled

And each of 4 radios in fact gets the provision intended for it and is up and running as capsman interface? That's just the SSiD not showing on the devices, right? Are channels and all other wireless settings configured the same way in capsman as when running as stand-alone AP's? Please make "/caps ...
by xvo
Thu Aug 09, 2018 11:43 am
Forum: Wireless Networking
Topic: 5 GHz SSID not shown after CAPsMan is enabled
Replies: 6
Views: 1133

Re: 5 GHz SSID not shown after CAPsMan is enabled

Have you configured separate provisions for 2,4GHz and 5GHz?
by xvo
Wed Aug 08, 2018 11:08 am
Forum: General
Topic: Hap AC2 RAM [SOLVED]
Replies: 13
Views: 1349

Re: Hap AC2 RAM [SOLVED]


I did think of improper "treating MiB as MB" but like you said, that doesn't pencil out.
The only way how 233MiB can be 256MB is if you have 244MiB (~256MB), but think, that you have 244MB not MiB, and do an extra conversion - down to ~233MiB
But I don't think that's what is happening.
by xvo
Wed Aug 08, 2018 10:43 am
Forum: General
Topic: IntraVLAN speeds
Replies: 12
Views: 712

Re: IntraVLAN speeds

As you get 110MB/s when in the same vlan, then it seems that the vlans themselves are configured properly and the traffic is handled by the switch chip, not the CPU. As for connection between vlans - the traffic passes through CPU, because it is L3 traffic that is routed, not switched. So in general...
by xvo
Tue Aug 07, 2018 8:44 pm
Forum: Announcements
Topic: Winbox v3.17 released!
Replies: 17
Views: 9384

Re: Winbox v3.17 released!

When Winbox will be released for macOS ?
Why?
This wine wrapper works just fine.

https://www.macupdate.com/app/mac/52649/winbox
by xvo
Mon Aug 06, 2018 10:53 pm
Forum: Beginner Basics
Topic: IPv6 delegation from one router to another
Replies: 6
Views: 480

Re: IPv6 delegation from one router to another

P.S. prefix and addresses is dynamic...
Get the prefix on hap ac from 3011 then, and let it chose address from the pool.
by xvo
Mon Aug 06, 2018 10:50 pm
Forum: Beginner Basics
Topic: IPv6 delegation from one router to another
Replies: 6
Views: 480

Re: IPv6 delegation from one router to another

Just take the address manually on hap ac.

If you also need a prefix - run dhcpv6 on 3011.
But only prefix delegation (or info) is working for now, not handing addresses.
by xvo
Mon Aug 06, 2018 8:04 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2139

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

I have replaced original fans in my home CCR1009-7G-1C-1S+ with Noctua NF-A4x20. Not PWM, 3-pin FLX version, as MikroTik does'n support PWM.
...and you lost the warranty. :lol:
Didn't have one anyway. :)
by xvo
Mon Aug 06, 2018 5:22 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2139

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

In my CCR1009-8G models the CPU temp is regulated towards 50 degrees. When the ambient is like 20-25 degrees it can easily achieve this with the original fan. Once the ambient rises the CPU rises to e,g, 58 degrees like you have. So I would say there is something wrong, maybe fans in the wrong orie...
by xvo
Mon Aug 06, 2018 2:54 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2139

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

Are original fans tachometric anyway ? as MikroTik does'n support PWM Do MT actually uses speed monitoring and voltage-controlled speed ? Both the original fans and noctua that I use now are standard 3-pin fans. So the speed is monitored and is controlled by voltage. I can see the actual speed in t...
by xvo
Mon Aug 06, 2018 9:54 am
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 2139

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

Yeah, I'm going to stick with "fans" version, If there is problem with high pitch noise (well, if someone here will cry becasue of it) I'll repleace stock fans with: Noctua NF-A4x20 PWM. Thx for answers people ;) Hi, Are you replaced Noctua NF-A4x20 PWM ? Have you tested? What about noise replaced ...
by xvo
Sat Aug 04, 2018 11:11 pm
Forum: General
Topic: Firewall rules not working after 6.42.6 upgrade
Replies: 19
Views: 2498

Re: Firewall rules not working after 6.42.6 upgrade

Thanks for the reply. I will make a configuration jump and post it. In the meanwhile I tested the 6.40.8 firmware and things seem to be the same O.O Now I'm wondering whether I'm going mad or what. I have a simple filter rule in the firewall like this Chain:forward src address: 192.168.0.0/24 dst a...
by xvo
Sat Aug 04, 2018 1:22 pm
Forum: General
Topic: Firewall rules not working after 6.42.6 upgrade
Replies: 19
Views: 2498

Re: Firewall rules not working after 6.42.6 upgrade

Hi, To get the idea, what is wrong with your config, anyone on this forum will need to see it. Together with your network topology scheme. Otherwise it would be just further guessing :) yes you are completely right :) What is the most efficient and forum friendly way to post a router configuration?...
by xvo
Sat Aug 04, 2018 12:11 pm
Forum: General
Topic: Firewall rules not working after 6.42.6 upgrade
Replies: 19
Views: 2498

Re: Firewall rules not working after 6.42.6 upgrade

Hi, Have you already tried to set "use-ip-firewall" checkbox? Yes, I checked the box in the Bridge->Settings window. Nothing changed. It seems that packets are not "captured" by the firewall rules. This fact is quite annoying. I also tried to create a filter rule directly in the bridge section (wit...
by xvo
Sat Aug 04, 2018 12:35 am
Forum: General
Topic: Firewall rules not working after 6.42.6 upgrade
Replies: 19
Views: 2498

Re: Firewall rules not working after 6.42.6 upgrade

Hi, That conversion is mandatory from 6.41 and Master port is replaced by bridge. I understand this point, but does it mean that former configurations are broken? If you want to filter traffic on the bridge you need either configure bridge filter rules or set use-ip-firewall=on in bridge settings. ...
by xvo
Fri Aug 03, 2018 11:10 pm
Forum: General
Topic: Firewall rules not working after 6.42.6 upgrade
Replies: 19
Views: 2498

Re: Firewall rules not working after 6.42.6 upgrade

If you want to filter traffic on the bridge you need either configure bridge filter rules or set use-ip-firewall=on in bridge settings.
by xvo
Fri Aug 03, 2018 10:24 pm
Forum: Beginner Basics
Topic: Very noob security question
Replies: 2
Views: 413

Re: Very noob security question

For switches, AP's, parts of wireless bridges, etc. a much better way to restrict access from inside the LAN would be to set up a management VLAN across the whole network, let managed devices have an IP address just inside that VLAN, and restrict access to mikrotik MAC services (winbox, mac telnet) ...
by xvo
Fri Aug 03, 2018 12:54 pm
Forum: General
Topic: CCR1009 7G vs 8G
Replies: 2
Views: 365

Re: CCR1009 7G vs 8G

It is a discontinued product.
Replaced by 7G series: one eth combined with sfp into a combo-port, switch chip removed.
by xvo
Thu Aug 02, 2018 6:47 pm
Forum: Beginner Basics
Topic: ERROR: wrong username or password
Replies: 5
Views: 2576

Re: ERROR: wrong username or password

The screenshot shows that you are trying to connect by MAC.
Try connecting by ip.
by xvo
Sat Jul 28, 2018 2:48 am
Forum: RouterBOARD hardware
Topic: REQUEST : New Switch for SOHO, upgrade to 10GB over copper
Replies: 8
Views: 1653

Re: REQUEST : New Switch for SOHO, upgrade to 10GB over copper

I'd rather have something like CRS(CSS)314-12P-2S+RM: half the ports of CRS328-24P-4S+RM, half the POE budget, half the size... and half the price! :lol:
by xvo
Thu Jul 26, 2018 11:24 pm
Forum: General
Topic: NAT router with fair bandwidth distribution among clients [SOLVED]
Replies: 4
Views: 533

Re: NAT router with fair bandwidth distribution among clients [SOLVED]

As i understand it, this is all about fixed rates. Which would be a real waste of bandwidth. That is not what I asked about :(
Nope. That is exactly what you are asking for:
https://wiki.mikrotik.com/wiki/Manual:Q ... e_Examples
Second picture.
by xvo
Wed Jul 25, 2018 1:52 am
Forum: Wireless Networking
Topic: Missing buttons from CAPsMAN interface? [SOLVED]
Replies: 2
Views: 446

Re: Missing buttons from CAPsMAN interface? [SOLVED]

It's in the "wireless" menu :)
by xvo
Wed Jul 25, 2018 1:38 am
Forum: Beginner Basics
Topic: VLAN segregation and bridge setting [SOLVED]
Replies: 15
Views: 1246

Re: VLAN segregation and bridge setting [SOLVED]

I am using a hex poe router for my home. sfp interface connect to WAN eth1-2 is local lan network eth3-4 connect to IP cams using POE eth5 is a trunk interface connects to a Cisco AP. Create a vlan interface (vlan80) under eth5. Cisco AP has two VLAN, one is a default vlan, the other is vlan80. I c...
by xvo
Fri Jul 20, 2018 1:03 pm
Forum: General
Topic: How to create a hybrid vlan access port without a trunk port?
Replies: 17
Views: 1658

Re: How to create a hybrid vlan access port without a trunk port?

Can you kindly explain to me exactly how was DHCP affected by the vlan tagging, being on bridge2-vlan500 vs interface vlan500? I see it this way: 1) You initial config: fig1.jpg 2) After you changed bridge state to tagged, bridge was expecting tagged frames from outside, but have nowhere to get the...
by xvo
Fri Jul 20, 2018 1:31 am
Forum: General
Topic: How to create a hybrid vlan access port without a trunk port?
Replies: 17
Views: 1658

Re: How to create a hybrid vlan access port without a trunk port?

Let me add my 2 cents. I believe everything breaks when you change bridge2-vlan500 from untagged to tagged because you run DHCP on bridge itself. For DHCP to work when bridge2-vlan500 is a tagged member of a vlan you need to create a vlan interface with corresponding vlan id on the bridge and run DH...
by xvo
Wed May 30, 2018 7:42 pm
Forum: General
Topic: Hex PLUS
Replies: 15
Views: 1929

Re: Hex PLUS

https://i.mt.lv/routerboard/files/RB450 ... 125413.png

Block diagram says nothing about lane speed between switch and CPU, so you better ask someone from Mikrotik about it.
by xvo
Wed May 30, 2018 10:13 am
Forum: General
Topic: Hex PLUS
Replies: 15
Views: 1929

Re: Hex PLUS

By the way, in your sarcastic comparison you forgot to mention another few PROs for RB450Gx4 over hEX: 1) Four times more RAM: 256mb -> 1gb 2) Serial port (Yes, I'm sure that you don't need it, but someone might. And that moves this board from the home device range closer to enterprise.) 3) License ...
by xvo
Tue May 29, 2018 10:37 pm
Forum: General
Topic: Hex PLUS
Replies: 15
Views: 1929

Re: Hex PLUS

Is this one closer to what you are looking for? :)
https://mikrotik.com/product/rb450gx4
by xvo
Thu Apr 05, 2018 4:33 pm
Forum: General
Topic: MUM berlin
Replies: 28
Views: 2648

Re: MUM berlin

New switches line looks nice, but something like CRS309-8G-1S+ (or CRS311-10G-1S+/CRS313-12G-1S+) in a compact metal enclosure (similar to CRS305-1G-4S+) and inexpensive would be a good addition.
Or even better - 10GE/SFP+ combo, instead of SFP+ :)
by xvo
Mon Mar 26, 2018 11:32 pm
Forum: RouterBOARD hardware
Topic: RB260GSP with cAP ac - POE compatibility
Replies: 5
Views: 1049

Re: RB260GSP with cAP ac - POE compatibility

Well, reading as much as possible about an equipment you are going to buy is always a good idea.
And of course starting with the manual. :)
by xvo
Mon Mar 26, 2018 10:56 pm
Forum: RouterBOARD hardware
Topic: RB260GSP with cAP ac - POE compatibility
Replies: 5
Views: 1049

Re: RB260GSP with cAP ac - POE compatibility

However: cAP ac data says that PoE in is strictly active 802.3af/at while RB260GSP only supports passive PoE out. And these two don't mix. In short: you can not power cAP ac off RB260GSP. The part about Passive PoE is just missing from the specs page. You can power it with is Passive PoE for sure. ...
by xvo
Sat Mar 24, 2018 3:03 pm
Forum: Wireless Networking
Topic: How to provision CAP to correct profile? [SOLVED]
Replies: 3
Views: 483

Re: How to provision CAP to correct profile? [SOLVED]

Use "Radio MAC" field to specify which radio module will use each provisioning profile.
by xvo
Mon Mar 05, 2018 2:56 pm
Forum: Beginner Basics
Topic: Having Trouble Using RB3011 as a Switch [SOLVED]
Replies: 9
Views: 914

Re: Having Trouble Using RB3011 as a Switch [SOLVED]

Try connecting in Winbox not by IP, but by MAC-address.
Does 3011 appear in "neighbors" tab?
Have you read the previous posts?
I must've loaded the page before your last one :)
by xvo
Mon Mar 05, 2018 2:06 pm
Forum: Beginner Basics
Topic: Having Trouble Using RB3011 as a Switch [SOLVED]
Replies: 9
Views: 914

Re: Having Trouble Using RB3011 as a Switch [SOLVED]

Try connecting in Winbox not by IP, but by MAC-address.
Does 3011 appear in "neighbors" tab?
by xvo
Sun Mar 04, 2018 6:40 pm
Forum: Beginner Basics
Topic: 2nd router no internet access [SOLVED]
Replies: 41
Views: 3720

Re: 2nd router no internet access [SOLVED]

Why don't you simply remove the LAN port going to your study from the bridge on your 3011, run second DHCP on this port and put hAP lite in bridge mode?
No double NAT, no extra load on hAP lite this way.
  • 1
  • 2