Community discussions

Search found 1690 matches

by chechito
Mon Oct 15, 2018 5:05 am
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 7812

Re: RB4011 vs. CCR1009 BGP

Mellanox basically finished the EZchip design integrating their stuff, it is not obvious where they will take it going forward. Tile-Mx was going to have A53. It seems 16 A72 would be equivalent to 40 A53. Cavium was acquired by Marvell. NXP also has a 16x A72 processor with PCIe 4.0 and 100GbE: ht...
by chechito
Mon Oct 15, 2018 5:03 am
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 7812

Re: RB4011 vs. CCR1009 BGP

Yes, we are aware of this peculiarity and we are working also on new routers that have higher power per core, not just many cores. Awesome! Please consider a new CCR with ARM, 12G-4S+ and redudant PSUs. Would be ideal for smaller environments where you have fiber uplinks and access with copper. I w...
by chechito
Tue Oct 02, 2018 2:29 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 25594

Re: v6.42.9 [long-term] is released!

With ROS > 6.40 it is possible to use "new" bridge vlan-filtering, but it is not mandatory to do it. New way lacks HW offload support for non-trivial tasks, but it allows things to be done which were not possible previously on some devices due to lack of support in hardware. I converted an RB2011 r...
by chechito
Fri Sep 28, 2018 9:28 pm
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 1469

Re: Hardware offload on sfp port in hEX S mmips

i think that workload deserves a bigger device

this cpu features symmetric multithreading (2 threads per core) , cpu average usage around 50-60% must be interpreted like 90-100%

can you publish profile screen-shot to see how the load is distributed across features??
by chechito
Thu Sep 27, 2018 12:01 am
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 1469

Re: Hardware offload on sfp port in hEX S mmips

the numbers you write do not correspond with the picture

you say one cpu at 80% picture shows 55%

you say other cpu at 15% picture shows 8, 6 and 13%

please show tools profile to see the source of your cpu usage
by chechito
Mon Sep 24, 2018 4:10 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66186

Re: RB4011

You only have to look at the table to switch chips and products to realise how much each range or device differs from each other, not to mention all the different CPU architectures - part of their sucess and weakness you could argue. And that's wrong. Naming schemes indicate something. If you saw i...
by chechito
Tue Sep 04, 2018 1:36 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66186

Re: RB4011

https://forum.mikrotik.com/download/file.php?id=33451 Anybody else wondering why RB4011 CPU-throughput appears to be capped to 10Gbit/s? Assuming both Realtek GbE switchgroups are connected at 2.5Gbit/s each to the CPU (like RB1100AHx4), this leaves only 5Gbit/s possible thoughput for the 10GbE SFP...
by chechito
Mon Sep 03, 2018 1:54 am
Forum: RouterBOARD hardware
Topic: Please, which is the equivalent of the Cisco router ASR 9906 at Mikrotik?
Replies: 4
Views: 730

Re: Please, which is the equivalent of the Cisco router ASR 9906 at Mikrotik?

None, if you're looking for a device with the features, resilience and capacity of an ASR like that, you need to go and check other brands. Closest you can get is a CCR 1072 and those are only comparable (and not 100%) to the ASR1001X i agree but i think the ccr1036 o 1072 can compete only with low...
by chechito
Sun Sep 02, 2018 2:46 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66186

Re: RB4011

i think a CPU like Broadcom stingray (8 core arm cortex a 72 at 3.0ghz) can beat a a tilera 72 core CPU at 1.0 ghz (like ccr1072) because of the much better single core performance ... I don't think device like CCR1072 needs single core performance ... the comparison with server virtualization lack...
by chechito
Sun Sep 02, 2018 2:18 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1421

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

the question about pxi express x16 slot is because in that platforms is the only slot almost guaranteed to be connected directly to CPU in most motherboards
by chechito
Sat Sep 01, 2018 10:18 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66186

Re: RB4011

I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that. i think with rb4011rm ccr1009 is dead That's brave statement :D Still CCR1009 has number of features that RB4011 doesn't. It still has significantly higher routing performance, p...
by chechito
Sat Sep 01, 2018 10:17 pm
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1421

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

i suppose you put the 10g NIC on the pci express x16 slot of your motherboard
by chechito
Sat Sep 01, 2018 7:12 pm
Forum: General
Topic: Switch Chip on CRS106-1C-5S
Replies: 19
Views: 1585

Re: Switch Chip on CRS106-1C-5S

ok then

check in FDB your vlan setup behavior

switch fdb.png
by chechito
Sat Sep 01, 2018 7:05 pm
Forum: General
Topic: P2P missing on my new RB1100AHx4
Replies: 13
Views: 1292

Re: P2P missing on my new RB1100AHx4

I have no reason to change firmware many lazy old school system administrators were repeating that phrase endlessly just to avoid the work of maintaining and updating systems but nowadays that does not works, you just simply expose your organization to security breaches keeping systems outdated
by chechito
Sat Sep 01, 2018 7:01 pm
Forum: General
Topic: P2P missing on my new RB1100AHx4
Replies: 13
Views: 1292

Re: P2P missing on my new RB1100AHx4

It was blocking, it was showing next to the filter how much traffic it was blocking, I am very disappointed it has been removed, it should be our choice if we want to use it or not. ours ?? you are the only one complaining about it and there is very few topics about the removal of p2p firewall matc...
by chechito
Sat Sep 01, 2018 6:15 pm
Forum: General
Topic: Switch Chip on CRS106-1C-5S
Replies: 19
Views: 1585

Re: Switch Chip on CRS106-1C-5S

try this setting if switching vlans on CRS 1xx or 2xx

without it switch practically do not filter vlans

beware of test on lab before, you can loose contact with switch if vlan are not configured properly
invalid vlan switch mikrotik.png
by chechito
Sat Sep 01, 2018 4:20 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4
Replies: 6
Views: 1732

Re: RB1100AHx4

i think with more than 2.000 users on this router the last thing to worry about is switch host limit if you need switching for that amount of host get a switch, and let the router do their job as a router i thing rb1100ahx4 can attend several thousands of users but with a simple/optimal config and w...
by chechito
Sat Sep 01, 2018 4:15 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66186

Re: RB4011

I'm actually interested to test this router with a full BGP table given the high clock speed and 10 gig port. Who knows? Could be a diamond in the rough for a border router ;-) i agree i think RB1100AHX4/RB4011 1.4GHZ ARM cortex A15 CPU have better single core performance than Tilera, until now on ...
by chechito
Sat Sep 01, 2018 4:09 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66186

Re: RB4011

I'm actually interested to test this router with a full BGP table given the high clock speed and 10 gig port. Who knows? Could be a diamond in the rough for a border router ;-) I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that. i...
by chechito
Wed Aug 22, 2018 8:45 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 30451

Re: v6.42.7 [current] is released!

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;


6.42.6 is vulnerable to this?
by chechito
Wed Aug 22, 2018 8:43 pm
Forum: Announcements
Topic: v6.40.9 [bugfix] is released!
Replies: 56
Views: 14804

Re: v6.40.9 [bugfix] is released!

!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;

6.40.8 is vulnerable to this?
by chechito
Wed Jul 25, 2018 11:35 pm
Forum: General
Topic: Mikrotik Routers Compromised......please READ [SOLVED]
Replies: 8
Views: 1646

Re: Mikrotik Routers Compromised......please READ [SOLVED]

I'm really shocked by the number of admins that NEVER update firmware! Agree, what I also find funny is that they obviously do not log into forum regularly, if hey did, they would have known about these vulnerabilities, but as soon as they get hacked, then they can't post fast enough on the forum t...
by chechito
Wed Jul 25, 2018 7:16 pm
Forum: SwOS
Topic: Possible bug in stats for SwOS 2.0 in CSS326 ? [SOLVED]
Replies: 10
Views: 1944

Re: Possible bug in stats for SwOS 2.0 in CSS326 ? [SOLVED]

do you have the latest version of SW os?
by chechito
Wed Jul 25, 2018 7:01 pm
Forum: Wireless Networking
Topic: highest power dual band AP? [SOLVED]
Replies: 6
Views: 1297

Re: highest power dual band AP? [SOLVED]

much appreciated chechito, Out of interest, do custom assembled routerboards play well together? i.e. are there many glitches (apart from rightly seating parts together) that one has to navigate (no offense meant... I'm used to building windows computers :-) ). you are right more work and more expe...
by chechito
Wed Jul 25, 2018 7:08 am
Forum: Wireless Networking
Topic: highest power dual band AP? [SOLVED]
Replies: 6
Views: 1297

Re: highest power dual band AP? [SOLVED]

you can assemble this combo: routerboard rbm33g https://mikrotik.com/product/rbm33g 2ghz radio R11e-2HPnD https://mikrotik.com/product/R11e-2HPnD 5ghz radio R11e-5HacD https://mikrotik.com/product/R11e-5HacD enclosure and antennas you can choose from the web there are many options the advantage over...
by chechito
Wed Jul 25, 2018 12:01 am
Forum: General
Topic: Calling all Mikrotik Switch experts
Replies: 7
Views: 694

Re: Calling all Mikrotik Switch experts

im not an expert y will share my findings and personal opinions biggest problem with CRS line is: mikrotik promoting CRS as a router causes confusion and bad buying and implementation design by the users, in fact mikrotik reaches the point of promoting crs switches as a layer 3 switch, that's very b...
by chechito
Mon Jul 23, 2018 10:28 pm
Forum: General
Topic: CRS317 - HW. Offloading only works on a single bridge, is it a bug?
Replies: 5
Views: 636

Re: CRS317 - HW. Offloading only works on a single bridge, is it a bug?

I have found that the HW. offloading works without problems in the first bridge I created. However, on the second bridge, under the same conditions as the first, there is no way to activate HW.offloading. Does v6.42.6 on the CRS-317 only allow active Hw. offloading on a single bridge? make vlans on...
by chechito
Mon Jul 23, 2018 8:47 pm
Forum: General
Topic: Remove Dynamic CRL
Replies: 4
Views: 604

Re: Remove Dynamic CRL

disable CRL and CRL download in certificate settings
by chechito
Mon Jul 23, 2018 3:05 am
Forum: Wireless Networking
Topic: When did 20/40MHz-XX / 20/40/80-XXXX come in ?
Replies: 1
Views: 3902

Re: When did 20/40MHz-XX / 20/40/80-XXXX come in ?

Hi, I only spotted this recently and I've been trawling the entire changelog without finding a mention. At what version was 20/40MHz-XX / 20/40/80-XXXX introduced ? It was added to the manual on 27.04.2018 and the question was asked as part of another thread in March, but never answered. So it has ...
by chechito
Mon Jul 23, 2018 2:59 am
Forum: General
Topic: new vulnerability? [SOLVED]
Replies: 5
Views: 2560

Re: new vulnerability? [SOLVED]

Hello all. Ive noticed on several routers i have that theres a new vulnerability affecting versions 6.41.3 mostly, im not sure before 6.42.6 though. The attack involves a creation of a schedule and a script fetching a /mikrotik.php every 30secs under this ip :95.154.216.160 Has anyone noticed the s...
by chechito
Sun Jul 22, 2018 4:57 am
Forum: General
Topic: [6.43rc44] Hardware offloaded bridge and 'Switch Port Isolation' not working.
Replies: 3
Views: 881

Re: [6.43rc44] Hardware offloaded bridge and 'Switch Port Isolation' not working.

on RB960PGS which has QCA8337 switch chip, you can do port isolation using switch rules RB750UP-r2 which has Atheros8227 switch chip, you can't because dont support switch rules the good news is you can do port isolation by software using cpu resources using bridge horizon, in the end RB750UP-r2 onl...
by chechito
Fri Jul 20, 2018 10:02 pm
Forum: Beginner Basics
Topic: RouterOS 6.41 new Bridge VLAN - what about Switch VLAN settings?
Replies: 3
Views: 538

Re: RouterOS 6.41 new Bridge VLAN - what about Switch VLAN settings?

My hEX PoE has a QCA8337 chip, so I know what to do now.

Thanks for clearing things up ...

Have a nice weekend!


qca8337 supports hw vlans, configure it on switch menu

try this

viewtopic.php?f=13&t=119383
by chechito
Wed Jul 18, 2018 8:34 pm
Forum: General
Topic: Restore corrupted Routerboard with damaged Eth1
Replies: 6
Views: 827

Re: Restore corrupted Routerboard with damaged Eth1

taking in count today you can replace that rb450g with a rb750gr3 for only 60 US and get better performance i think is a good idea to discard that device, the cost of the repair may not be justified you can recycle the power supply and case for a new rb450gx4 8) and learn the lesson: do not let outd...
by chechito
Wed Jul 18, 2018 8:04 am
Forum: RouterBOARD hardware
Topic: CRS354-48P-4S+2Q+ Dimensions
Replies: 5
Views: 1760

Re: CRS354-48P-4S+2Q+ Dimensions

48 port poe

expect it to be BIG!
by chechito
Tue Jul 17, 2018 4:42 am
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM: CWDM/DWDM SFP+ optics? [SOLVED]
Replies: 12
Views: 2684

Re: CRS317-1G-16S+RM: CWDM/DWDM SFP+ optics? [SOLVED]

mikrotik its aware of CDWM importance


CWDM-MIKROTIK.jpg
by chechito
Sun Jul 15, 2018 5:25 am
Forum: Wireless Networking
Topic: Simplest way to isolate WiFi users? [SOLVED]
Replies: 3
Views: 722

Re: Simplest way to isolate WiFi users? [SOLVED]

use horizon on bridges
by chechito
Sat Jul 14, 2018 5:45 am
Forum: Beginner Basics
Topic: DHCP static leases - First 2 digits of MAC address change
Replies: 2
Views: 558

Re: DHCP static leases - First 2 digits of MAC address change

i have similar problem with some rare cheap smartphones but in this case they change the latest 6 characters of MAC

in my case the OUI of this damn smartphones is 00:08:22
by chechito
Sat Jul 14, 2018 4:13 am
Forum: General
Topic: RB951G-2HnD bricked after last update
Replies: 6
Views: 1143

Re: RB951G-2HnD bricked after last update

sometimes when you put a switch between PC and routerboard that helps to successful netinstall
by chechito
Fri Jul 13, 2018 9:27 pm
Forum: General
Topic: RB951G-2HnD bricked after last update
Replies: 6
Views: 1143

Re: RB951G-2HnD bricked after last update

it's good that you were able to recover
by chechito
Fri Jul 13, 2018 3:44 am
Forum: RouterBOARD hardware
Topic: RB3011 Switching Performance with Hardware Offloading
Replies: 11
Views: 6588

Re: RB3011 Switching Performance with Hardware Offloading

Connect ports 5 and 6 with a short cable Actually, I had wondered about this myself. I guess you can't get much closer to "wirespeed" than an actual wire, eh? :D fast-path and fast forwarding can get a lot of performance, if you can live with a restriction of 1gbps between the 2 switches do it by b...
by chechito
Fri Jul 13, 2018 12:11 am
Forum: General
Topic: CCR 1036 12G 4S - Low traffic
Replies: 11
Views: 802

Re: CCR 1036 12G 4S - Low traffic

As @chechito says, check profile when it happens. Remember that even though your CPU is "only" hitting 10%, you have 36 cores making up 100% and if one of those is running at full steam as RouterOS likes to single thread things there is a high chance you are maxxing out your capabilities with that ...
by chechito
Thu Jul 12, 2018 11:33 pm
Forum: Beginner Basics
Topic: Guest vlan with client isolation
Replies: 4
Views: 786

Re: Guest vlan with client isolation

in bridge port assign horizon 1 to wlan1 and wlan2
by chechito
Thu Jul 12, 2018 1:44 am
Forum: RouterBOARD hardware
Topic: RB532 on 6.10 fail
Replies: 8
Views: 701

Re: RB532 on 6.10 fail

try netinstall with a switch between your PC and the routerboard
by chechito
Thu Jul 12, 2018 1:43 am
Forum: General
Topic: CCR 1036 12G 4S - Low traffic
Replies: 11
Views: 802

Re: CCR 1036 12G 4S - Low traffic

check cpu usage on each core

you can do it in system resources CPU

using tools profile you can see the source of CPU usage on total basis or per core basis
by chechito
Thu Jul 12, 2018 1:39 am
Forum: Beginner Basics
Topic: Guest vlan with client isolation
Replies: 4
Views: 786

Re: Guest vlan with client isolation

first thing disable default forwarding on wireless interface

then on bridge you have to isolate wireless lan from another user device interfaces

i there are more than one access-point or radio you will need additional settings on local infrastructure
by chechito
Wed Jul 11, 2018 7:16 pm
Forum: Wireless Networking
Topic: Cap AC, Hap AC2 or UniFi?
Replies: 38
Views: 9843

Re: Cap AC, Hap AC2 or UniFi?

I must agree with Steve. I have 1 hap ac as Master and 4 ha ac lite to cover my house. Uap ac lr beats all the lites hands down.

Sent from Tapatalk
what a shame on mikrotik :(
by chechito
Wed Jul 11, 2018 7:12 pm
Forum: General
Topic: CRS3XX and 802.1ad
Replies: 6
Views: 1045

Re: CRS3XX and 802.1ad

CRS 2xx and 1xx are different switches because use different chipsets

in CRS 3xx vlan dont configure by switch menu they configure by bridge menu, maybe QinQ in new CRS 3xx switches does not work yet
by chechito
Wed Jul 11, 2018 3:45 am
Forum: Wireless Networking
Topic: Cap AC, Hap AC2 or UniFi?
Replies: 38
Views: 9843

Re: Cap AC, Hap AC2 or UniFi?

The cAP ac and hAP ac2 are beasts from a processing perspective, but their RF performance leaves a LOT to be desired. With a cAP ac in a 3 bedroom townhouse with wooden walls, I can barely use 5Ghz in the room next to the cAP ac i have tested wAP AC (3dbm less tx power x chain than cAP ac in 5ghz r...
by chechito
Wed Jul 11, 2018 1:35 am
Forum: General
Topic: CRS3XX and 802.1ad
Replies: 6
Views: 1045

Re: CRS3XX and 802.1ad

https://wiki.mikrotik.com/wiki/Manual:C ... 8Q-in-Q.29


test carefully RC versions are for testing
by chechito
Tue Jul 10, 2018 6:45 pm
Forum: Beginner Basics
Topic: Question regarding Multicast Helper, buffering & keepalive frames
Replies: 3
Views: 707

Re: Question regarding Multicast Helper, buffering & keepalive frames

keep alive frames off: to reduce battery consumption on wireless clients
by chechito
Tue Jul 10, 2018 1:56 am
Forum: General
Topic: Thermal Issues with 450G router
Replies: 1
Views: 391

Re: Thermal Issues with 450G router

verify power supply integrity


i think better replacement is rb450gx4
by chechito
Tue Jul 10, 2018 12:55 am
Forum: Wireless Networking
Topic: AP cant use its maximum tx power to transmit higher data rates, why?
Replies: 4
Views: 510

Re: AP cant use its maximum tx power to transmit higher data rates, why?

thanks Steveocee yes. as you said it is common across all devices and all vendors. it looks like a law of of physics or something! and must there be a reason. I really appreciate if anyone could explain the reason. if the answer is strait forward and short or even technical, doesn't matter. I searc...
by chechito
Sun Jul 08, 2018 11:11 pm
Forum: RouterBOARD hardware
Topic: MikroTik specification - is throughput "duplex"? [SOLVED]
Replies: 5
Views: 905

Re: MikroTik specification - is throughput "duplex"? [SOLVED]

in theory this switch its wire-speed non-blocking, that is, capable of switching all ports at full duplex capacity, simultaneously i dont understand de meaning of Non blocking Layer 1 throughput vs Non blocking Layer 1 capacity in switching test results, very confusing to see one value being half ot...
by chechito
Sun Jul 08, 2018 3:42 am
Forum: Beginner Basics
Topic: VLAN HW offload
Replies: 3
Views: 1005

Re: VLAN HW offload

CRS 226 is the most versatile and powerfull switch MIkrotik have but hard to configure only use bridge menu to group ports for switching you have to configure VLans by the Switch menu to get full wire-speed (thats the objective with a switch) use this guide https://wiki.mikrotik.com/wiki/Manual:CRS1...
by chechito
Sun Jul 08, 2018 3:30 am
Forum: SwOS
Topic: CRS328 - improvements
Replies: 1
Views: 793

Re: CRS328 - improvements

ohh yeah

x2

CRS326 too please
by chechito
Sun Jul 08, 2018 3:26 am
Forum: Beginner Basics
Topic: Disable video on Facebook, YouTube and etc...
Replies: 8
Views: 1452

Re: Disable video on Facebook, YouTube and etc...

1. control speed
2. use hotspot to apply traffic cuote per user
3. Use opendns to block certain traffic


Why not to hire a consultant who do the job??, can be less expensive than you think
by chechito
Sun Jul 08, 2018 12:18 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 10165

Re: RB850Gx2 vs RB450Gx4

The test results for Ethernet test result for the two models seem to be consistent in that RB450GX4 is faster than the older RB850GX2. But IPsec throughput test published seems to indicate the older RB850GX2 model performing better than the new RB450GX2, by quite a bit too. I wonder why that is? Is...
by chechito
Sat Jul 07, 2018 11:50 am
Forum: RouterBOARD hardware
Topic: New : RB760IGS - HEX-S
Replies: 38
Views: 13853

Re: New : RB760IGS - HEX-S

Hello, yesterday was delivered new RB760iGS to me. It looks very nice, I like the grey color of this box. Build quality si good, typical for Mikrotik`s plastic boxes. Reset and Mode buttons are good, you can push them simply by finger, no more sharp pencil needed. But.... in the box was ROS 6.41.x ...
by chechito
Fri Jul 06, 2018 12:14 am
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 649

Re: CRS326 - why ether1 LED is always lit up?

haha

you have solved the mystery

I had to install a CRS326 some days ago and I stayed with the doubt, in my case i leave ether1 out of bridge for management purposes
by chechito
Thu Jul 05, 2018 11:29 pm
Forum: The Dude
Topic: Dude lost data
Replies: 15
Views: 2346

Re: Dude lost data

I tried it with CCR and rb750gr3, same problem daily backups and constant restoring every time a power outage occurs to reboot router i had to stop the dude and wait several minutes before rebooting, if not the dude corrupts after the launch of rb1100ahx4 I had believed the dude going something seri...
by chechito
Thu Jul 05, 2018 8:43 pm
Forum: Wireless Networking
Topic: CAPsMAN "fun"
Replies: 35
Views: 4697

Re: CAPsMAN "fun"

i think is better to try first this setup without capsman then validate its working then migrate to capsman (using local (access-point) forwarding) in that way you keep problem resolution simple and discard or confirm easy if some issue is related to campsman bonus track you can easily move one AP t...
by chechito
Thu Jul 05, 2018 7:37 pm
Forum: Beginner Basics
Topic: Tagged VLANs on CRS1xx
Replies: 5
Views: 846

Re: Tagged VLANs on CRS1xx

keep in mind unless you uncheck forward invalid VLAN you cannot verify your VLAN filtering
switch invalid.png
by chechito
Thu Jul 05, 2018 6:06 am
Forum: General
Topic: CRS326 DHCP requests on wrong VLANs/ports
Replies: 3
Views: 338

Re: CRS326 DHCP requests on wrong VLANs/ports

maybe sniffer don't catch all switched traffic

check for host table on bridge if you can see CCR Mac address on both vlans on sfp-plus interface

and respective mac addresses of clients on respective vlan on ether1 and ether2
by chechito
Wed Jul 04, 2018 2:48 am
Forum: RouterBOARD hardware
Topic: CRS326 - safe temperatures?
Replies: 2
Views: 671

Re: CRS326 - safe temperatures?

spec say Tested ambient temperature -40°C .. +60°C i think temperatures are rather high in comparison with other devices, in this moment i have 60°C with almost 10°C ambient temperature, switching 150mbps of traffic, extrapolating that to 60°C tested maximum temperature we can expect 110°C??? maybe ...
by chechito
Tue Jul 03, 2018 10:24 pm
Forum: Wireless Networking
Topic: How to identify wireless network settings
Replies: 5
Views: 840

Re: How to identify wireless network settings

i think its ok

i will prefer group key update 01:00:00
by chechito
Tue Jul 03, 2018 7:21 am
Forum: Wireless Networking
Topic: Wifi & Android Devices
Replies: 3
Views: 625

Re: Wifi & Android Devices

have you updated routeboot??


what mikrotik device provide wireless connectivity to devices??
by chechito
Tue Jul 03, 2018 3:56 am
Forum: General
Topic: CRS3xx Fasttrack on VLANs not working.
Replies: 11
Views: 1000

Re: CRS3xx Fasttrack on VLANs not working.

Can you post full config, there might be a misconfigured rule creating unexpected symptoms that we might not think about, but seeing the config might ring some bells
yes very difficult to help with incomplete config access
by chechito
Mon Jul 02, 2018 9:05 pm
Forum: General
Topic: CRS3xx Fasttrack on VLANs not working.
Replies: 11
Views: 1000

Re: CRS3xx Fasttrack on VLANs not working.

i think mikrotik will end killing CRS line because of situations like this I think The fact CRS switch have routeros dont imply you have to do routing on it, i think a switch is a switch, and must be used like that, the advantages of having routeros on it comes from management perspective, you have ...
by chechito
Mon Jul 02, 2018 8:57 pm
Forum: RouterBOARD hardware
Topic: CRS125 Randomly ALL ports switch off then on?
Replies: 8
Views: 941

Re: CRS125 Randomly ALL ports switch off then on?

check ground connections on all equipment including the switch


ensure stable electrical supply
by chechito
Mon Jul 02, 2018 9:55 am
Forum: General
Topic: Powering RB951G-2Hnd Using POE-IN
Replies: 3
Views: 501

Re: Powering RB951G-2Hnd Using POE-IN

dlink switch supports 802.3af PoE (48 volt)

rb951G supports passive PoE (8-30volt)
by chechito
Mon Jul 02, 2018 9:51 am
Forum: Beginner Basics
Topic: Router Selection For VPN
Replies: 1
Views: 299

Re: Router Selection For VPN

rb1100ahx4
by chechito
Mon Jul 02, 2018 9:49 am
Forum: General
Topic: CRS3xx Fasttrack on VLANs not working.
Replies: 11
Views: 1000

Re: CRS3xx Fasttrack on VLANs not working.

CRS s a switch the better way to do what you want to do is using a router + switch I know that it's main purpose is switching. But with fasttrack the cpu has no problem to route 1Gbps. So why using a separate device for that? And it's an CRS not a CCS fast- track is for routing, if you are bridging...
by chechito
Mon Jul 02, 2018 6:51 am
Forum: General
Topic: CRS3xx Fasttrack on VLANs not working.
Replies: 11
Views: 1000

Re: CRS3xx Fasttrack on VLANs not working.

CRS s a switch

the better way to do what you want to do is using a router + switch
by chechito
Mon Jul 02, 2018 5:57 am
Forum: SwOS
Topic: RB250GS Routing problem
Replies: 29
Views: 11046

Re: RB250GS Routing problem

Note: SwOS uses a simple algorithm to ensure TCP/IP communication - it just replies to the same IP and MAC address packet came from. This way there is no need for Default Gateway on the device itself. https://wiki.mikrotik.com/wiki/SwOS/CSS106#System in new rb260gs css106 this works better than in ...
by chechito
Sat Jun 30, 2018 8:16 pm
Forum: The User Manager
Topic: Limiting p2p
Replies: 2
Views: 723

Re: Limiting p2p

please do not create multiple topics for the same
by chechito
Sat Jun 30, 2018 5:27 am
Forum: General
Topic: MIB RB3011
Replies: 1
Views: 271

Re: MIB RB3011

by chechito
Fri Jun 29, 2018 10:22 pm
Forum: Beginner Basics
Topic: bridge filter reduce performacne on crs 326 ?
Replies: 7
Views: 717

Re: bridge filter reduce performacne on crs 326 ?

ok last question is if i use scripts with scheduler that run script every 10 or 15 seconds (that script only check pps on each interface and shutdown them for 2m if they have more than X pps) is it cause high cpu usages or not ? thanks complex scripts who take minutes, hours running consume high % ...
by chechito
Fri Jun 29, 2018 7:06 pm
Forum: Beginner Basics
Topic: bridge filter reduce performacne on crs 326 ?
Replies: 7
Views: 717

Re: bridge filter reduce performacne on crs 326 ?

snmp uses CPU but only for management purposes, dont affect your traffic performance

CRS 3xx supports bonding by hardware, check this info

https://wiki.mikrotik.com/wiki/Manual:C ... es#Bonding
by chechito
Fri Jun 29, 2018 7:00 pm
Forum: Beginner Basics
Topic: bridge filter reduce performacne on crs 326 ?
Replies: 7
Views: 717

Re: bridge filter reduce performacne on crs 326 ?

bridge filters make you loose a lot of performance

switch rules dont

switch rules run by hardware at wire speed without CPU usage


i dont think you need to configure redirect to CPU action to allow packets from cpu

" A rule without any action parameters is a rule to accept the packet. "
by chechito
Fri Jun 29, 2018 1:06 pm
Forum: General
Topic: BPDU problem
Replies: 38
Views: 2627

Re: BPDU problem

Follow the suggestion of @artz. The way you have configured it, each VLAN has its own bridge running its own instance of RSTP inside the Mikrotik, so the BPDU frames from these bridges are sent out to the Netgear with VLAN tags. This is not how STP works normally. In normal switches which are not s...
by chechito
Fri Jun 29, 2018 12:59 pm
Forum: Wireless Networking
Topic: Nv2 High latency
Replies: 29
Views: 3833

Re: Nv2 High latency

some ways to maybe improve the situation with QoS/WMM you can somewhat mitigate the situation give priority with marking DSCP and TOS for latency sensitive traffic using mangle and set NV2 to QoS= frame priority, queue count 4 you can also set highest allowed MCS to a more reliable value to reduce r...
by chechito
Fri Jun 29, 2018 11:24 am
Forum: General
Topic: BPDU problem
Replies: 38
Views: 2627

Re: BPDU problem

have you checked timings on RSTP settings on all devices??


check RSTP bridge priority on netgear devices
by chechito
Fri Jun 29, 2018 11:11 am
Forum: Wireless Networking
Topic: Nv2 High latency
Replies: 29
Views: 3833

Re: Nv2 High latency

my personal judgment about the topic: keep in mind is a ptmp setup, time slot assignment between stations takes some ms to operate if you need better latency to a specific hosts think the better option is to use a ptp to that host who need such a low latency keep in mind is wireless not optical fib...
by chechito
Fri Jun 29, 2018 3:55 am
Forum: General
Topic: CRS3xx - Inter VLAN switching?
Replies: 3
Views: 435

Re: CRS3xx - Inter VLAN switching?

maybe you are searching for VLAN translation feature, in CRS 1xx and 2xx had available a lot of features related to that but that switches where too complicate to configure for people not accustomed to switching argot i think in CRS 3xx mikrotik is taking a more simplistic approach, making configura...
by chechito
Fri Jun 29, 2018 3:38 am
Forum: Wireless Networking
Topic: Wireless disconnection messages explained!
Replies: 85
Views: 76996

Re: Wireless disconnection messages explained!

improvement in wireless logs are much appreciated

for example en latest versions y have noted log reports client signal level at connection event, very useful

thx
by chechito
Fri Jun 29, 2018 3:34 am
Forum: General
Topic: How to send traffic to the same gateway using a diferent ethernet port? [SOLVED]
Replies: 6
Views: 561

Re: How to send traffic to the same gateway using a diferent ethernet port? [SOLVED]

thanks a lot guys,
I didn't find detailed description, but it is mentioned in manual:
gateway (IP | interface | IP%interface | IP@table[, IP | string, [..]]; Default: "")
where in the manual did you found it.

https://wiki.mikrotik.com/wiki/Manual:I ... properties
by chechito
Fri Jun 29, 2018 3:29 am
Forum: General
Topic: CRS3xx - Inter VLAN switching?
Replies: 3
Views: 435

Re: CRS3xx - Inter VLAN switching?

maybe switch rules can help??
switch rule.png
by chechito
Thu Jun 28, 2018 10:03 pm
Forum: General
Topic: CRS326/8 untagged to tagged translation
Replies: 2
Views: 398

Re: CRS326/8 untagged to tagged translation

maybe you can use: switch rules to make that
by chechito
Thu Jun 28, 2018 9:42 pm
Forum: Wireless Networking
Topic: Rate Limiting in Caps-Man?
Replies: 11
Views: 2190

Re: Rate Limiting in Caps-Man?

Binh. I tired to use the limits as you showed in caps-man. I set the limit for 5/5M Hit the download test and still got 36.35 Mbps On capsman use local forwarding On accesspoint: disable fast track on AP firewall filter and mangle rules set pcq-download-default and pcq-upload-default queue types Ra...
by chechito
Thu Jun 28, 2018 9:36 pm
Forum: SwOS
Topic: CRS317 v.s. SwOS
Replies: 1
Views: 642

Re: CRS317 v.s. SwOS

Help... I would like to switch to SwOS from ROS 6.42.5 (CRS317), but: Quick Guide: "From RouterOS: in the System RouterBOARD menu, click “Settings” and there select “Boot OS”." Reality: the "setting" item in the menu is not (under "System") ... checked in WInbox/web/console Is there a different opt...
by chechito
Thu Jun 28, 2018 11:09 am
Forum: General
Topic: CRS328-4C-20S-4S+RAM upgrade
Replies: 9
Views: 775

Re: CRS328-4C-20S-4S+RAM upgrade

I thought CRS can dual boot as Router or Switch I was thinking of increasing RAM and use for routing 512mb included ram is enough for routing with 800mhz single core cpu included dont expect good routing performance with such a small CPU managing switch takes some % of the already scarce CPU resour...
by chechito
Thu Jun 28, 2018 9:52 am
Forum: The Dude
Topic: A VPS to run Dude
Replies: 19
Views: 2181

Re: A VPS to run Dude

by chechito
Thu Jun 28, 2018 9:49 am
Forum: RouterBOARD hardware
Topic: When will be Relased RB2011x4.... like RB450Gx4 [SOLVED]
Replies: 5
Views: 1334

Re: When will be Relased RB2011x4.... like RB450Gx4 [SOLVED]

but good 10 port giga router with dual wireless integrated does not exist i think there is enough free space inside rb3011 to host a hAP Ac2 :lol: more seriously i think rb2011 wireless router was not a best seller I think you can get a good solution by coupling hAP ac2 and RB260GS-css106, far less...
by chechito
Thu Jun 28, 2018 8:57 am
Forum: Wireless Networking
Topic: 5 GHz, 3x30° HD Sector Antenna
Replies: 8
Views: 1208

Re: 5 GHz, 3x30° HD Sector Antenna

What a great news, I see some symmetrical novelty that I do not understand very well. What do you recommend the 30º, 60º, 70º, 80 or 90º. Have you tried any?

i think the best way to do it is 30°

this webinar explains many path to migrate correctly
by chechito
Thu Jun 28, 2018 8:53 am
Forum: General
Topic: Untagged VLAN Access port on hEX
Replies: 7
Views: 1850

Re: Untagged VLAN Access port on hEX

to do hardware accelerated vlan you have to use switch try this guide https://forum.mikrotik.com/viewtopic.php?f=13&t=119383 Thank you! I read your forum and the hEX does infact use a RB750GR3. I am finding this model specifically does not allow this feature. I emailed support and they sound like t...
by chechito
Thu Jun 28, 2018 8:51 am
Forum: Wireless Networking
Topic: Rate Limiting in Caps-Man?
Replies: 11
Views: 2190

Re: Rate Limiting in Caps-Man?

many ways to do it on mikrotik

you can even do QoS from AP
by chechito
Wed Jun 27, 2018 11:13 pm
Forum: General
Topic: Using Splunk to analyse MikroTik logs
Replies: 98
Views: 16401

Re: Using Splunk to analyse MikroTik logs

keep in mind logging uses CPU resources, if you log very frequent actions you will have significant increase on CPU usage
by chechito
Wed Jun 27, 2018 11:03 pm
Forum: General
Topic: Advice on distributed WLAN AP setup requested
Replies: 3
Views: 333

Re: Advice on distributed WLAN AP setup requested

that WRT devices are prety old Does not even support 802.11n than means are almost 10 years old for wireless setup like this i recommend you to make a site survey to identify the better approach to use Then you can select mikrotik devices more appropriate for your project and get the best results Fo...
by chechito
Wed Jun 27, 2018 10:56 pm
Forum: General
Topic: Untagged VLAN Access port on hEX
Replies: 7
Views: 1850

Re: Untagged VLAN Access port on hEX

to do hardware accelerated vlan you have to use switch

try this guide

viewtopic.php?f=13&t=119383
by chechito
Wed Jun 27, 2018 10:45 pm
Forum: RouterBOARD hardware
Topic: Hap ac2 vs. Hex S
Replies: 8
Views: 6870

Re: Hap ac2 vs. Hex S

i think the proper comparison is rb750gr3 (without sfp) vs hap ac2 only advantage of rb750gr3 is amount of ram memory but this advantage only will be useful in specific scenarios with more demand of RAM than CPU processing power this scenario will need to had this characteristics: many users many si...
by chechito
Wed Jun 27, 2018 10:26 pm
Forum: General
Topic: hAP-AC2 6.42.4 - HWOffload [solved]
Replies: 13
Views: 2383

Re: hAP-AC2 6.42.4 - HWOffload [solved]

try this guide to make vlans

viewtopic.php?t=119383
by chechito
Wed Jun 27, 2018 10:15 pm
Forum: General
Topic: hAP-AC2 6.42.4 - HWOffload [solved]
Replies: 13
Views: 2383

Re: hAP-AC2 6.42.4 - HWOffload

whatever, indeed, mikrotik should ship devices preloaded by bugfix only and let only the brave admins to change the channel or install whatever else.
i agree
by chechito
Wed Jun 27, 2018 10:11 pm
Forum: General
Topic: CRS328-4C-20S-4S+RAM upgrade
Replies: 9
Views: 775

Re: CRS328-4C-20S-4S+RAM upgrade

Hi can I increase the RAM of the above named from 512 to 2GB what would be the purpose of doing that to a switch ??? switch is a networking device who makes packet switching by hardware, that means using an ASIC (Application-Specific Integrated Circuit) that ASIC does not require large amounts of m...
by chechito
Wed Jun 27, 2018 10:00 pm
Forum: Beginner Basics
Topic: CRS112: tagged VLAN port isolation not worling as expected
Replies: 3
Views: 416

Re: CRS112: tagged VLAN port isolation not worling as expected

try with this setting
switch invalid.png
when you uncheck forward invalid vlans you will know if your vlan setup is correct
by chechito
Wed Jun 27, 2018 9:53 pm
Forum: RouterBOARD hardware
Topic: RB133/133c
Replies: 3
Views: 640

Re: RB133/133c

ROS 5.26
https://mikrotik.com/download

Isn't it time to spend some money to buy newer device?
i agree

good modern replacements

https://mikrotik.com/product/m11g

https://mikrotik.com/product/rbm33g
by chechito
Mon Jun 25, 2018 8:22 pm
Forum: SwOS
Topic: CSS326-24G-2S+ unable to upgrade
Replies: 10
Views: 3682

Re: CSS326-24G-2S+ unable to upgrade

For those who can not advance past version 2.4, I got word from support and they have introduced a dhcp client at version 2.5 so very probably the switch gets an ip address from dhcp server and no longer answers to the default ip. No I feel dumb :), I should have checked my dhcp server for new leas...
by chechito
Mon Jun 25, 2018 8:19 pm
Forum: Beginner Basics
Topic: Two networks with same subnet
Replies: 5
Views: 503

Re: Two networks with same subnet

by chechito
Mon Jun 25, 2018 8:16 pm
Forum: Beginner Basics
Topic: PoE out on RB960PGS-PB (24V & 48V at same time?)
Replies: 2
Views: 561

Re: PoE out on RB960PGS-PB (24V & 48V at same time?)

i dont think so references from product data-sheet: Ethernet ports 2-5 can power other PoE capable devices with the same voltage as applied to the unit from product quick guide Power output Device supports passive or standard 802.3at/af PoE input/output. Ethernet ports 2-5 can power other PoE capabl...
by chechito
Mon Jun 25, 2018 7:59 pm
Forum: The Dude
Topic: A VPS to run Dude
Replies: 19
Views: 2181

Re: RB850Gx2 vs RB450Gx4

I am thinking of moving my dude server on vps instance. 512 MB RAM, around 10GB of ssd, xeon core, 100mbit connectivity with public ipv4 and that all for USD 2-3 monthly... That's another performance dimension and even cheaper than buying whatever device. But it is a bit off topic now. i think that...
by chechito
Mon Jun 25, 2018 5:05 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 10165

Re: RB850Gx2 vs RB450Gx4

None with clear mind would destroy internal nand by dude database. ` True. ` better option and cost effective: hAP ac2 + USB drive 10 us costly than rb750gr3 but with 2 wifi included and far more cpu power to move traffic in spite of the dude cpu usage, ` The CPU may or may not be better than the m...
by chechito
Mon Jun 25, 2018 4:58 pm
Forum: The Dude
Topic: The dude on RB760iGS
Replies: 5
Views: 1046

Re: The dude on RB760iGS

by chechito
Mon Jun 25, 2018 4:57 pm
Forum: Wireless Networking
Topic: LHG 60G - how L4 LICENCE?
Replies: 7
Views: 879

Re: LHG 60G - how L4 LICENCE?

wAP 60G AP 200m+ not so suitable, I need 600m+ P2MP.

gain on CPE will surely help
by chechito
Mon Jun 25, 2018 12:04 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 10165

Re: RB850Gx2 vs RB450Gx4

None with clear mind would destroy internal nand by dude database. You always need external flash for that if you would like the device boot after a year of running the dude. ohh yeah bad idea to use integrated and expensive storage for the dude better option and cost effective: hAP ac2 + USB drive...
by chechito
Sat Jun 23, 2018 7:01 am
Forum: Wireless Networking
Topic: 5 GHz, 3x30° HD Sector Antenna
Replies: 8
Views: 1208

Re: 5 GHz, 3x30° HD Sector Antenna

Take a look at RF Elements Horns
yeah better option
by chechito
Sat Jun 23, 2018 7:01 am
Forum: General
Topic: Hotspot problem IOS 10.4
Replies: 3
Views: 412

Re: Hotspot problem IOS 10.4

Why do you have captive.apple.com in your walled-garden? iOS uses this url to see if the device is behind a captive portal. If it can access it, it will not pop up the login page.

useful tip, thank you for the info 8)
by chechito
Fri Jun 22, 2018 10:02 pm
Forum: General
Topic: crs326-24g-2s+rm traffic storm
Replies: 9
Views: 870

Re: crs326-24g-2s+rm traffic storm

understood, so if i use routeros and use only switch tab i have full performance and if i use firewall rules or etc my performance will degree, right? yes to limit storms to 1 % of link speed make this https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#Traffic_Storm_Control you can try "u...
by chechito
Fri Jun 22, 2018 9:52 pm
Forum: General
Topic: Bridge filter not matching (CRS328-4C-20S-1S+ with v6.42.3)
Replies: 7
Views: 681

Re: Bridge filter not matching (CRS328-4C-20S-1S+ with v6.42.3)

Hi again, now I have almost everything running. Only one thing: Port Isolation. I follow this manual: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches Under the point port isolation you only get this link: https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Port_isolation ...here...
by chechito
Fri Jun 22, 2018 9:24 am
Forum: General
Topic: crs326-24g-2s+rm traffic storm
Replies: 9
Views: 870

Re: crs326-24g-2s+rm traffic storm

but when i send an email to support@mikrotik.com and ask them what performance do i get if i add 4-5 firewall rules, they told me i should expect ethernet result on datasheet so its too much low , so are you sure there is no difference in performance between routeros and swos ? because i need to us...
by chechito
Fri Jun 22, 2018 3:38 am
Forum: Beginner Basics
Topic: Need a quick check on items to be ordered
Replies: 14
Views: 975

Re: Need a quick check on items to be ordered

for wifi i suggest to replace hAP AC with cap AC

for outdoor wifi i suggest replacing wAP ac with cAP AC + outdoor enclosure


keep in mind with cAP ac + 48 volt 1.5 amp power supply you can daisy chain 2 accesspoint powering by PoE
by chechito
Fri Jun 22, 2018 12:51 am
Forum: General
Topic: IPsec Hardware acceleration on CHR?
Replies: 9
Views: 1875

Re: IPsec Hardware acceleration on CHR?

server CPU supports AES-NI?
by chechito
Fri Jun 22, 2018 12:50 am
Forum: Wireless Networking
Topic: Terrible NV2 Ac Network P2MP
Replies: 13
Views: 1600

Re: Terrible NV2 Ac Network P2MP

try routeros 6.42.3, dont forget to upgrade router boot
by chechito
Fri Jun 22, 2018 12:22 am
Forum: General
Topic: ssl cert error
Replies: 4
Views: 625

Re: ssl cert error

certificate provider will give you 2 things:

certificate
CA bundle

you have to import certificate, then your private key, then the CA bundle and you are done
by chechito
Fri Jun 22, 2018 12:20 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 10165

Re: RB850Gx2 vs RB450Gx4

@chechito: I stated my needs. I don't need a $300 router. Believe me, I don't mix up heavy queues with some NAT or filter rules. I also separate my APs and gateway, though HAP AC^2 and RB450Gx4 use a similar CPU. After reading posts on other forums and also here I concluded that the RB450Gx4 would ...
by chechito
Fri Jun 22, 2018 12:13 am
Forum: General
Topic: hAP-AC2 6.42.4 - HWOffload [solved]
Replies: 13
Views: 2383

Re: hAP-AC2 6.42.4 - HWOffload

to do vlan without loosing HW acceleration of bridging (aka switching) you have to do vlans on switch menu
by chechito
Fri Jun 22, 2018 12:09 am
Forum: General
Topic: PCC issue with VRRP
Replies: 3
Views: 376

Re: PCC issue with VRRP

uff :o :o

PCC + VRRP i think is a very unique and complex setup

definitively with mikrotik possibilities are endless
by chechito
Thu Jun 21, 2018 10:00 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 10165

Re: RB850Gx2 vs RB450Gx4

@chechito, chanks for the insight, though comparing the devices in itself doesn't tell much. Obviously the RB1100 series is way faster. But many small, cheap routers are capable of what I ask and I think for MT to stay competitive in that price range they should be able to handle that, too. There's...
by chechito
Thu Jun 21, 2018 9:41 pm
Forum: General
Topic: crs326-24g-2s+rm traffic storm
Replies: 9
Views: 870

Re: crs326-24g-2s+rm traffic storm

Hello, i want buy a crs326-24g-2s+rm but i need to limit known/unknown unicast,multicast,broadcast traffic to X% and if exceed more than this limit or drop it, i see some article on wiki.mikrotik.com but it seems it can only limit unknown unicast, can anyone help me regarding this? thanks in router...
by chechito
Thu Jun 21, 2018 9:36 pm
Forum: General
Topic: crs326-24g-2s+rm traffic storm
Replies: 9
Views: 870

Re: crs326-24g-2s+rm traffic storm

hi,
just another question if i use swos or routeros on crs326 it cause any difference on speed performance?
thanks
i think routeros gives you more functionality, no performance difference


very important to use switching done by hardware to get wirespeed performance
by chechito
Thu Jun 21, 2018 9:36 pm
Forum: General
Topic: crs326-24g-2s+rm traffic storm
Replies: 9
Views: 870

Re: crs326-24g-2s+rm traffic storm

In Firewall Filter, you can create a rule with packet limit per sec, etc. not %. On this rule you can then select src / dst address type as unicast, broadcast, etc. Look under the "Extra" tab
is a switch, the best way to do it s using switching features
by chechito
Tue Jun 19, 2018 7:03 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs RB450Gx4
Replies: 49
Views: 10165

Re: RB850Gx2 vs RB450Gx4

I'm considering the local provider's gigabit GPON offering, which comes with an ONT with AC wifi, but I Want to use the PPPoE pass-through option. Would I be able to saturate Gbit wtih an RB450Gx4 and PPPoE using NAT and around 10 effective FW rules? Has really no one attempted using Gbit PPPoE on ...
by chechito
Tue Jun 19, 2018 6:52 pm
Forum: SwOS
Topic: SwOs CSS106 Only tagged
Replies: 2
Views: 618

Re: SwOs CSS106 Only tagged

by chechito
Tue Jun 19, 2018 1:28 am
Forum: Wireless Networking
Topic: The radiation patterns for some boards
Replies: 17
Views: 3606

Re: The radiation patterns for some boards

Hello all! Newbie question here. where can I find radiation patterns of current mikrotik wireless SOHO devices, in just a graphic format? I mean, no need for a file, just for picking a correct device for my scenario. But on product pages I cant seem to find the radiation pattern. I looked into broc...
by chechito
Mon Jun 18, 2018 8:50 pm
Forum: General
Topic: QinQ VLAN's Help needed [SOLVED]
Replies: 61
Views: 6336

Re: QinQ VLAN's Help needed [SOLVED]

Just to be clear what I am trying to achieve, I want tagged vlans coming into a bridge, that must then go out of a routed interface still tagged, the routed interface is not part of the bridge, is that possible? i think one way to do it is: ether going to collocation with vlan and vlan in vlan inte...
by chechito
Mon Jun 18, 2018 8:45 pm
Forum: General
Topic: Bridge VLAN filtering and VLAN isolation
Replies: 3
Views: 1348

Re: Bridge VLAN filtering and VLAN isolation

My understanding is that VLAN is a layer2 construct whereas the FW rules are needed to prevent the router from routing between the vlans at layer 3. However I could be mistaken but that is my impression. i agree also you can use firewall rules in bridge enabling that option in bridge general settings
by chechito
Mon Jun 18, 2018 8:40 pm
Forum: Beginner Basics
Topic: tplink repeater to MK SXT bridge??
Replies: 2
Views: 636

Re: tplink repeater to MK SXT bridge??

omnitik works on 5ghz, are you sure all your equipment works on 5ghz too??
by chechito
Mon Jun 18, 2018 8:18 pm
Forum: General
Topic: QinQ VLAN's Help needed [SOLVED]
Replies: 61
Views: 6336

Re: QinQ VLAN's Help needed [SOLVED]

I have not tried an actual QinQ, only "Qinad", but I don't see why it should not work with the outer tag being a Q one (0x8100, use-service-tag=no).
yes, in some cases Q-in.Q works, in other cases you have to do Q-in-ad
by chechito
Mon Jun 18, 2018 8:11 pm
Forum: General
Topic: Bridge filter not matching (CRS328-4C-20S-1S+ with v6.42.3)
Replies: 7
Views: 681

Re: Bridge filter not matching (CRS328-4C-20S-1S+ with v6.42.3)

Thanks for your quick answer! The problem is, the "Switch" menu is really chopped for the CRS328. There is no ACL table... https://www2.pic-upload.de/thumb/35499777/noACL.png My hope was that the new bridge implementation would allow to use bridge filter without cpu usage. But even if it's using th...
by chechito
Mon Jun 18, 2018 7:41 pm
Forum: General
Topic: Bridge filter not matching (CRS328-4C-20S-1S+ with v6.42.3)
Replies: 7
Views: 681

Re: Bridge filter not matching (CRS328-4C-20S-1S+ with v6.42.3)

be aware bridge filtering is done in software using CPU, that limits your throughput

try using switch ACL to filter without performance Penalty
by chechito
Tue Jun 12, 2018 9:44 am
Forum: General
Topic: Need recommendations on a FAST mikrotik box (1Gb link)
Replies: 8
Views: 1500

Re: Need recommendations on a FAST mikrotik box (1Gb link)

i think rb1100ahx4 is a good choice
by chechito
Sat Jun 02, 2018 8:00 am
Forum: Wireless Networking
Topic: Mikrotik wi-fi and Iphone = problem
Replies: 65
Views: 42986

Re: Mikrotik wi-fi and Iphone = problem

try routeros 6.40.8

wifi performance was improved with some client devices (BCM chipsets)
by chechito
Thu May 31, 2018 9:57 pm
Forum: RouterBOARD hardware
Topic: CRS112 and CRS328 inside pictures
Replies: 1
Views: 469

Re: CRS112 and CRS328 inside pictures

thank you for sharing
by chechito
Thu May 31, 2018 5:06 pm
Forum: General
Topic: Hex PLUS
Replies: 15
Views: 1846

Re: Hex PLUS

by chechito
Thu May 31, 2018 9:47 am
Forum: General
Topic: Unable to upgrade
Replies: 10
Views: 2172

Re: Unable to upgrade

try system packages --> check for updates

dont install RC versions in production devices

If you need to go to previous version you have to manually download .npk file form https://mikrotik.com/download and copy it to files, then go to system packages and click downgrade
by chechito
Thu May 31, 2018 9:42 am
Forum: General
Topic: Netwatch deprecated ? [SOLVED]
Replies: 48
Views: 8349

Re: Netwatch deprecated ? [SOLVED]

chechito - Is this a content of "System/Scripts" entry? If yes, then what are the policies assigned to this script? Please provide an example like this: https://forum.mikrotik.com/viewtopic.php?f=2&t=134538&p=665470#p665457 thxs yes is a system script entry unchecked this on script policy settings:...
by chechito
Thu May 31, 2018 9:35 am
Forum: General
Topic: Netwatch deprecated ? [SOLVED]
Replies: 48
Views: 8349

Re: Netwatch deprecated ? [SOLVED]

chechito - Is this a content of "System/Scripts" entry? If yes, then what are the policies assigned to this script? Please provide an example like this: https://forum.mikrotik.com/viewtopic.php?f=2&t=134538&p=665470#p665457 thxs yes is a system script entry unchecked this on script policy settings:...
by chechito
Thu May 31, 2018 9:19 am
Forum: General
Topic: Netwatch deprecated ? [SOLVED]
Replies: 48
Views: 8349

Re: Netwatch deprecated ? [SOLVED]

Post your script too, then this is the script :log error message="inicio del script" :local uptime [/system resource get uptime]; :local uno 00:01:00 :if ($uptime > $uno) do={ /tool e-mail send to="diegoms77@hotmail.com" subject="Do $[/system clock get time] $[/system identity get name] Caida Red E...
by chechito
Thu May 31, 2018 9:08 am
Forum: General
Topic: Netwatch deprecated ? [SOLVED]
Replies: 48
Views: 8349

Re: Netwatch deprecated ? [SOLVED]

If your script does not work, then it is because to one or multiple lines that can not be executed. You can debug your script and find out which line was the first that did not allow for the script to run properly. This is the command that we are looking for. FYI - we did already recieve complaints...
by chechito
Thu May 31, 2018 7:11 am
Forum: General
Topic: Do haplite only work with 5v power cable
Replies: 3
Views: 400

Re: Do haplite only work with 5v power cable

try a good quality cellular phone 5v charger with micro usb plug
by chechito
Thu May 31, 2018 7:01 am
Forum: General
Topic: Netwatch deprecated ? [SOLVED]
Replies: 48
Views: 8349

Re: Netwatch deprecated ? [SOLVED]

Can anyone provide an example of Netwatch with single line script that is not working but you think that Netwatch should be able to execute it. Please provide single command example. At the moment, we have not seen any actual case (besides misconfiguration due to policies) where this would be a pro...
by chechito
Thu May 31, 2018 6:59 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 111613

Re: v6.43rc [release candidate] is released!

Xymox - for example, your Netwatch includes this command "/system script run IPSMTP". So are policies write,read,reboot,test or only some of them, only ones that are enabled on this script? For example, no romon policy, no dude policy, etc. And again - this is not 6.43rc version related discussion....
by chechito
Wed May 23, 2018 7:17 pm
Forum: General
Topic: High cpu with 1.2M PPS CCR1072
Replies: 3
Views: 531

Re: High cpu with 1.2M PPS CCR1072

I think It's routeros's fatal problem, compare " hardware" devices.

disable connection tracking maybe reduce cpu load,
i agree

i think disabling connection tracking is the way to go on this situation

beware of checking possible attack to the router to be sure
by chechito
Tue May 22, 2018 9:55 pm
Forum: General
Topic: A router for home - capable of 300Mb/s
Replies: 17
Views: 1488

Re: A router for home - capable of 300Mb/s

i think RB450Gx4 is a very good option to you

hAP ac2 is cheaper and with almost the same CPU, very good option too and have wifi dual band
by chechito
Fri May 18, 2018 9:27 am
Forum: RouterBOARD hardware
Topic: Can cAP ac and hEX PoE power Hikvision cameras ?
Replies: 5
Views: 1680

Re: Can cAP ac and hEX PoE power Hikvision cameras ?

i think will be more robust to go with this power supply

https://mikrotik.com/product/48v2a96w

remember to feed power to the hEX PoE by barrel connector not BY PoE in
by chechito
Wed May 16, 2018 4:36 am
Forum: RouterBOARD hardware
Topic: 2.5GBASE-T and 5GBASE-T for MIkrotik
Replies: 16
Views: 2326

Re: 2.5GBASE-T and 5GBASE-T for MIkrotik

Actually, as you can see, MikroTik consider SFP and SFP+ the way into the future. Or maybe it's simply because 2.5/5G chipsets are still new and something extra? Just a guess, I can't say that I know much about this. But eventually they should become mainstream and then they'll make it into new Mik...
by chechito
Wed May 16, 2018 4:26 am
Forum: RouterBOARD hardware
Topic: 2.5GBASE-T and 5GBASE-T for MIkrotik
Replies: 16
Views: 2326

Re: 2.5GBASE-T and 5GBASE-T for MIkrotik

Why do I need 2.5GBASE-T? The introduction of 802.11ac WAVE 2 has made the 1000BASE-T standard a bottleneck in the network infrastructure. If you use 802.11ac WAVE 2 , the real speed reaches more than 1Gbit today . Additionally, 2.5GBASE-T allows you to use an existing cat5e cable network that's ma...
by chechito
Wed May 16, 2018 4:22 am
Forum: RouterBOARD hardware
Topic: The new CCR ALL-in-One PoE router of the 2019 line
Replies: 13
Views: 2030

Re: The new CCR ALL-in-One PoE router of the 2019 line

Really now? CCR isnt the kind of router intended for what you are looking for.
If it is the only router in the network - why not CCR?
Call it whatever you want ..... :))))) I have clouds at home .... :)))))
get a router plus a switch
by chechito
Sun May 13, 2018 7:47 pm
Forum: The Dude
Topic: The Dude - real world examples? How do *you* use it?
Replies: 13
Views: 5784

Re: The Dude - real world examples? How do *you* use it?

Firmware repository on the (remote) location for quick updates via one mouse click in thedude

And the spectral scan is more powerful in thedude than in the CLI
it's worth clarifying that spectral scan does not works on 5ghz AC radios
by chechito
Wed May 09, 2018 1:27 am
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1181

Re: RB3011 Port-Mirror implementation (150Mbps slowdown)

how are you doing the mirroring??

maybe is better to use the switch chip to do the mirroring by hardware
by chechito
Sat May 05, 2018 12:03 am
Forum: Wireless Networking
Topic: [ASK] Best AP Mikrotik need advice
Replies: 24
Views: 3323

Re: [ASK] Best AP Mikrotik need advice

we are talking about wisp therefore my suggestion using RB800 because we are handling minimum per AP 50client. how many basebox can handle client..? i dont have experience with basebox need advice for best AP especially mikrotik. Thanks rb800 is an old way to do things i refer to the model of one C...
by chechito
Fri May 04, 2018 8:47 pm
Forum: Wireless Networking
Topic: bulk disconnected, group key exchange timeout
Replies: 7
Views: 2226

Re: bulk disconnected, group key exchange timeout

try with
group-key-update=1h
by chechito
Fri May 04, 2018 6:55 pm
Forum: General
Topic: Dude server on RB-3011 CPU at 100%
Replies: 4
Views: 805

Re: Dude server on RB-3011 CPU at 100%

No, all on the RB3011
But I see If I uncheck DNS lookup that the cpu us going ot 0 or 1 %
is better to use a usb external storage for that

you wear out internal flash memory with all the intensive writes of monitoring database
by chechito
Fri May 04, 2018 5:05 am
Forum: RouterBOARD hardware
Topic: Mikrotik hardware? → 10-30 person business (fibre/wifi/guestwifi/L2TP/etc.)
Replies: 6
Views: 976

Re: Mikrotik hardware? → 10-30 person business (fibre/wifi/guestwifi/L2TP/etc.)

rb1100ahx4 for router this router can handle up to 300mbps even with a heavy firewall mangle and QoS configuration wAP AC for wifi (how many depends of your scenario) keep in mind this access-point is designed for high performance, high capacity and high density of users not for wide area coverage ...
by chechito
Thu May 03, 2018 10:15 pm
Forum: General
Topic: Nice Processor for the next CCR generation :-)
Replies: 9
Views: 2112

Re: Nice Processor for the next CCR generation :-)

expected TDP or power consumption of 16 core version??

will be faster than tile gx 72??
by chechito
Thu May 03, 2018 10:13 pm
Forum: Wireless Networking
Topic: [ASK] Best AP Mikrotik need advice
Replies: 24
Views: 3323

Re: [ASK] Best AP Mikrotik need advice

we are talking about wisp therefore my suggestion using RB800 because we are handling minimum per AP 50client. how many basebox can handle client..? i dont have experience with basebox need advice for best AP especially mikrotik. Thanks rb800 is an old way to do things i refer to the model of one C...
by chechito
Thu May 03, 2018 5:02 am
Forum: General
Topic: hAP ac^2 problems - large latency (>1000ms) for accessing remote VPN server side websites [SOLVED]
Replies: 11
Views: 1923

Re: hAP ac^2 problems - large latency (>1000ms) for accessing remote VPN server side websites [SOLVED]

CZFan and chechito, Please note the same problem also happens in the old model RB951G. I included the name hAP ac^2 to arouse MikroTik's and other people's interest and concerns. The inclusion of firmware version to reflect the current status. If MikroTik does not modify the code, I do believe larg...
by chechito
Thu May 03, 2018 2:42 am
Forum: General
Topic: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip [SOLVED]
Replies: 5
Views: 692

Re: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip [SOLVED]

The key here is the datasheet of the switch chip. I don't own RB750Gr3 myself so I haven't looked for it, but I do own some hAP ac lite so I've had a look at the AR8227 used there and it can use the pvid to tag tagless packets on ingress, but on egress, you can choose to keep tags untouched, untag ...
by chechito
Thu May 03, 2018 2:40 am
Forum: General
Topic: "Optimal Mangle" from "RouterOS by Example" performance?
Replies: 16
Views: 2152

Re:

For those that aren't understanding why this method is easier on the CPU, it's because tracking a connection, and then looking it up in the conntrack table is far faster, and far less CPU-intensive, than deep-inspecting values in the individual packets. Sent from my Pixel XL using Tapatalk good poi...
by chechito
Thu May 03, 2018 1:03 am
Forum: General
Topic: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip [SOLVED]
Replies: 5
Views: 692

Re: Cannot do untagged VLAN in interface port with the RB750G r3 using the switch chip [SOLVED]

if you dont intend to use new bridge implementation try routeros 6.40.8
by chechito
Thu May 03, 2018 12:22 am
Forum: General
Topic: ccr1009 missing bad blocks and total sectors writes
Replies: 9
Views: 1158

Re: ccr1009 missing bad blocks and total sectors writes

i dont trust anymore external usb flash drivers for user manager. disk is missing from system/disks or changing name from disk1 to disk4 without reason. and nobody can login after that because user manager database cannot be found. internal flash is small 128mb but user manager is working flawless ...
by chechito
Thu May 03, 2018 12:19 am
Forum: Wireless Networking
Topic: [ASK] Best AP Mikrotik need advice
Replies: 24
Views: 3323

Re: [ASK] Best AP Mikrotik need advice

we are talking about WISP network to sell Internet access to home and business in log distances outdoor

or

a wifi network for clients like smartphones tablets laptops on a school or enterprise indoors

???
by chechito
Thu May 03, 2018 12:15 am
Forum: Wireless Networking
Topic: RB941-2nD does not pass 20MBs Wireless
Replies: 3
Views: 536

Re: RB941-2nD does not pass 20MBs Wireless

6.43rc3 *) wireless - improved compatibility with BCM chipset devices; Please upgrade and test - fixes soon will be included in current releases as well Muito obrigado, sempre procurei usar as versões Current, e então ainda não tinha testado a Realise Candidate, atualizei para a 6.45rc5 e deu super...
by chechito
Thu May 03, 2018 12:12 am
Forum: General
Topic: hAP ac^2 problems - large latency (>1000ms) for accessing remote VPN server side websites [SOLVED]
Replies: 11
Views: 1923

Re: hAP ac^2 problems - large latency (>1000ms) for accessing remote VPN server side websites [SOLVED]

You know what I find unacceptable, users running "RC" versions, which is "expected" to be buggy, and when they experience problems they come and write in big letters here with their red crayons!
i agree
by chechito
Thu May 03, 2018 12:07 am
Forum: The Dude
Topic: add 2 lines in graphs together ?
Replies: 8
Views: 934

Re: add 2 lines in graphs together ?

Found it ...
not that hard after all, tnx for the suggestions.
create a datasource for device "none" and put some function code inside
create a graph for this new datasource

Screen Shot 2018-05-02 at 21.24.28.png
I'm glad you did it, those graphics are very useful
by chechito
Thu May 03, 2018 12:04 am
Forum: General
Topic: "Optimal Mangle" from "RouterOS by Example" performance?
Replies: 16
Views: 2152

Re: "Optimal Mangle" from "RouterOS by Example" performance?

i will try to explain it on a simplified way if you design your mangle to make all traffic to go across all mangle rules your CPU usage will be higher, for example if you have 15.000 packets per second of traffic and 100 mangle rules, that is 1.500.000 comparisons per second But if from that 15.000...
by chechito
Wed May 02, 2018 5:17 pm
Forum: Beginner Basics
Topic: Balanceador con hAP AC Lite - Balancer with hAP AC Lite
Replies: 2
Views: 415

Re: Balanceador con hAP AC Lite - Balancer with hAP AC Lite

even the hap lite or the hap mini can be used to load balancing
by chechito
Wed May 02, 2018 5:12 pm
Forum: RouterBOARD hardware
Topic: Mikrotik hardware? → 10-30 person business (fibre/wifi/guestwifi/L2TP/etc.)
Replies: 6
Views: 976

Re: Mikrotik hardware? → 10-30 person business (fibre/wifi/guestwifi/L2TP/etc.)

rb1100ahx4 for router this router can handle up to 300mbps even with a heavy firewall mangle and QoS configuration

wAP AC for wifi (how many depends of your scenario) keep in mind this access-point is designed for high performance, high capacity and high density of users not for wide area coverage
by chechito
Wed May 02, 2018 5:08 pm
Forum: General
Topic: Backup and restore between platforms
Replies: 3
Views: 401

Re: Backup and restore between platforms

dont use .backup file to restore on different machine

that generate unpredictable problems

.backup file is to use on the SAME machine
by chechito
Wed May 02, 2018 5:03 pm
Forum: General
Topic: RB962 untagged not working
Replies: 9
Views: 1219

Re: RB962 untagged not working

try this /interface bridge add fast-forward=no name=inter-bridge vlan-filtering=yes /interface vlan add interface=inter-bridge name=vlan100 vlan-id=100 /interface bridge port add bridge=inter-bridge interface=ether1 pvid=100 add bridge=inter-bridge interface=ether2 pvid=100 /interface bridge vlan ad...
by chechito
Wed May 02, 2018 4:51 pm
Forum: RouterBOARD hardware
Topic: LDF 5 ac without dish... is possible?
Replies: 5
Views: 1020

Re: LDF 5 ac without dish... is possible?

i think is better idea to use less expensive LDF 5 (without ac) maybe you cant get AC datarates at that distance and or using 80mhz channels but i think is a very good idea to get a short and discreet ptp using LDF without dish for mounting you will have to make some kind of bracket but not very dif...
by chechito
Wed May 02, 2018 4:48 pm
Forum: General
Topic: ccr1009 missing bad blocks and total sectors writes
Replies: 9
Views: 1158

Re: ccr1009 missing bad blocks and total sectors writes

i think is very usefull missing feature to track usage of finite write cycles of flash memory and know if you are heavily using it
by chechito
Wed May 02, 2018 4:43 pm
Forum: Beginner Basics
Topic: VLAN Configuration Problems [SOLVED]
Replies: 3
Views: 533

Re: VLAN Configuration Problems [SOLVED]

/interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus4 untagged=ether1,ether2 vlan-ids=1100 add bridge=bridge1 untagged=ether3,sfp-sfpplus4 vlan-ids=1 i think is not necessary to add untagged ports who already have that same PVID when you put the PVID that ports are automatically added to vl...
by chechito
Wed May 02, 2018 4:41 pm
Forum: The Dude
Topic: add 2 lines in graphs together ?
Replies: 8
Views: 934

Re: add 2 lines in graphs together ?

in chart data sources you have to create a new one adding the multiple snmp values you already have using oid codes () and +

once you have that data source created you can add it to a chart

sorry not having more precise information I no longer have access to those implementations
by chechito
Wed May 02, 2018 4:33 pm
Forum: General
Topic: "Optimal Mangle" from "RouterOS by Example" performance?
Replies: 16
Views: 2152

Re: "Optimal Mangle" from "RouterOS by Example" performance?

when you mark a connection you do it using more "expensive" "comparators" like protocol, port number, content or even layer7 which requires internal inspection and comparation of packet content the savings come from not using that "expensive" functions for every packet of an all ready identified con...
by chechito
Wed May 02, 2018 4:15 pm
Forum: The Dude
Topic: add 2 lines in graphs together ?
Replies: 8
Views: 934

Re: add 2 lines in graphs together ?

i have used the dude chart function to add many sources on one graphic to get the graphic you mention
by chechito
Wed May 02, 2018 4:01 am
Forum: General
Topic: Upgrade Issue
Replies: 6
Views: 588

Re: Upgrade Issue

Yes that would be a safe procedure to update it in-place. Now that it already has been "destroyed" you can netinstall it immediately to 6.42.1 and indeed upgrade routerboot as well. The above procedure should be followed when you have other devices with such old software you want to update. are you...
by chechito
Wed May 02, 2018 1:58 am
Forum: General
Topic: Upgrade Issue
Replies: 6
Views: 588

Re: Upgrade Issue

Yes that would be a safe procedure to update it in-place. Now that it already has been "destroyed" you can netinstall it immediately to 6.42.1 and indeed upgrade routerboot as well. The above procedure should be followed when you have other devices with such old software you want to update. are you...
by chechito
Wed May 02, 2018 1:54 am
Forum: General
Topic: Hotspot not working since 6.42.1
Replies: 1
Views: 462

Re: Hotspot not working since 6.42.1

beware of changes on bridge since 6.41.x versions and later

all routing must be done on bridge and not on slave interfaces (ports of the bridge):

ip adressing, dhcp server, hotspot interface
by chechito
Wed May 02, 2018 1:53 am
Forum: General
Topic: RB962 untagged not working
Replies: 9
Views: 1219

Re: RB962 untagged not working

can you clarify your requirement??
by chechito
Tue May 01, 2018 8:50 pm
Forum: General
Topic: Again, how to use all public IPs i have. [SOLVED]
Replies: 10
Views: 876

Re: Again, how to use all public IPs i have. [SOLVED]

maybe using the option
same
on action of NAT rule
by chechito
Tue May 01, 2018 8:48 pm
Forum: Beginner Basics
Topic: Setup DNS for local domains
Replies: 21
Views: 12705

Re: Setup DNS for local domains

maybe an script that update an static dns entry for each machine when get dhcp lease
by chechito
Tue May 01, 2018 8:43 pm
Forum: General
Topic: Upgrade Issue
Replies: 6
Views: 588

Re: Upgrade Issue

It is quite a big version jump. I would have updated to an early release 6 first, then maybe to 6.29 or so and then to 6.41. For now, just netinstall the device. When it is a complicated config, try "keep configuration". When not, configure it again from the defaults. totally agree i will add when ...
by chechito
Tue May 01, 2018 8:40 pm
Forum: RouterBOARD hardware
Topic: Copper link longer than 100 meters
Replies: 16
Views: 1702

Re: Copper link longer than 100 meters

cable quality its very relevant in case of long distances avoid cheap cables avoid alloy cables, use only full copper cable 6a category cable using awg 23 or awg 22 wire diameter can help to avoid mitigation shielded cable can help to ensure realiability on long distance be sure you dont have ground...
by chechito
Tue May 01, 2018 8:30 pm
Forum: General
Topic: RB1100AHx2 Missing Disk Space
Replies: 5
Views: 533

Re: RB1100AHx2 Missing Disk Space

check if you have graphing active storing on disk, that consumes disk space

check hoy many files you have on the disk (backups, exports, hotspot folders)

check If you have a large hotspot implementation that database consume disk space
by chechito
Tue May 01, 2018 8:28 pm
Forum: General
Topic: hAP ac^2 problems - large latency (>1000ms) for accessing remote VPN server side websites [SOLVED]
Replies: 11
Views: 1923

Re: hAP ac^2 problems - large latency (>1000ms) for accessing remote VPN server side websites [SOLVED]

check bandwidth usage over VPN to avoid saturation check bandwidth availability on upload of router on country 2 (adsl for example only provide 600kbps of sustained reliably upload bandwidth) try another type of vpn, like SSTP, PPTP has serious performance limitations how many bandwidh are you getti...
by chechito
Tue May 01, 2018 8:24 pm
Forum: General
Topic: Need help with using an internal DNS
Replies: 45
Views: 3332

Re: Need help with using an internal DNS



The problem is rather that it is hard to understand from your description what you actually want.


totally agree
by chechito
Tue May 01, 2018 8:21 pm
Forum: General
Topic: Block outbound DNS other than to our own DNS Server
Replies: 5
Views: 605

Re: Block outbound DNS other than to our own DNS Server

try this


/ip firewall nat
add action=dst-nat chain=dstnat comment="dns redirector" in-interface="Vlan 101" src-address=10.1.1.0/24 dst-port=53 protocol=udp to-addresses=172.16.0.1


replace 172.16.0.1 for your dns server ip adresss
by chechito
Tue May 01, 2018 3:31 am
Forum: General
Topic: hAP ac² LAN->WiFi 5GHz performance issue.
Replies: 23
Views: 5171

Re: hAP ac² LAN->WiFi 5GHz performance issue.

I have noticed that (at least in my specific setup) hAP ac² together with Intel 7260 wifi card has issues with action=set-priority mangle rules. I had used this mangle rule ( rule comes from this MUM presentation ) and disabling it in some cases drastically improved performance (e.g. SFTP file down...
by chechito
Tue May 01, 2018 3:28 am
Forum: General
Topic: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN
Replies: 16
Views: 988

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

i think a practical way to do this is: you have to clear all the vlan configuration on switch menu leave it as default create and manage all vlans on bridge configuration, dont forget to enable vlan filtering to make vlans on bridge work Thank you. I suspect that could be the only way to get both s...
by chechito
Tue May 01, 2018 3:23 am
Forum: General
Topic: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN
Replies: 16
Views: 988

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

dont forget to enable vlan filtering to make vlans on bridge work I respectfully disagree here. vlan-filtering is exactly what it says - filtering. If it is set to no , all ports are members of all VLANs. vlan-filtering=yes allows you to control membership of ports in VLANs by means of the rules in...
by chechito
Mon Apr 30, 2018 7:21 pm
Forum: General
Topic: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN
Replies: 16
Views: 988

Re: RB2011UAS-2HnD-IN v6.4.1 VLAN Trunk with WLAN

i think a practical way to do this is:

you have to clear all the vlan configuration on switch menu leave it as default

create and manage all vlans on bridge configuration, dont forget to enable vlan filtering to make vlans on bridge work
by chechito
Mon Apr 30, 2018 7:15 pm
Forum: RouterBOARD hardware
Topic: wAP AC 3 (IEEE 802.1ax)
Replies: 19
Views: 2891

Re: wAP AC 3 (IEEE 802.1ax)

@chechito go on with 5 Ghz and do the same with 20 simultaneously clients currently i dont have access to equipment in that conditions, but i can say with the proper design and proper config you can operate high density scenarios with up to 40 client devices per radio with good performance, this sc...
by chechito
Mon Apr 30, 2018 5:49 am
Forum: Announcements
Topic: v6.40.8 [bugfix] is released!
Replies: 35
Views: 16884

Re: v6.40.8 [bugfix] is released!

Hello, I updated to v6.40.8 this morning. I was working in Winbox this evening and kept getting disconnected. I have updated to the newest Winbox release and am still getting disconnected. There is no log entry as to why. This seems to be since my v6.40.8 upgrade. Any thoughts? im still on winbox 3...
by chechito
Mon Apr 30, 2018 4:47 am
Forum: RouterBOARD hardware
Topic: wAP AC 3 (IEEE 802.1ax)
Replies: 19
Views: 2891

Re: wAP AC 3 (IEEE 802.1ax)


Mikrotik has really great devices but they don’t have Good Wireless Trougput !!

rb951G 2.4ghz vs laptop w8.1pro intel n7260

wifi-speed.png
by chechito
Sun Apr 29, 2018 4:47 pm
Forum: Wireless Networking
Topic: Dramatically low speed of 802.11n AP mode on R52Hn
Replies: 17
Views: 2612

Re: Dramatically low speed of 802.11n AP mode on R52Hn

solved on 6.40.8 (bugfix old bridges) and 6.42.1 (current new bridges)
by chechito
Sun Apr 29, 2018 4:46 pm
Forum: Wireless Networking
Topic: Wireless Data Rates - Optimizing AP
Replies: 22
Views: 7197

Re: Wireless Data Rates - Optimizing AP

try 6.40.8 (bugfix old bridges) and 6.42.1 (current new bridges)
by chechito
Sun Apr 29, 2018 4:45 pm
Forum: Wireless Networking
Topic: WiFi AP speed Issue, multiple devices affected
Replies: 12
Views: 2316

Re: WiFi AP speed Issue, multiple devices affected

solved on 6.40.8 (bugfix old bridges) and 6.42.1 (current new bridges)
by chechito
Sun Apr 29, 2018 4:44 pm
Forum: Wireless Networking
Topic: Very poor wifi performance with mAP : how can I replace it ?
Replies: 18
Views: 2794

Re: Very poor wifi performance with mAP : how can I replace it ?

solved on 6.40.8 (bugfix old bridges) and 6.42.1 (current new bridges)
by chechito
Sun Apr 29, 2018 4:43 pm
Forum: RouterBOARD hardware
Topic: R11e-2HPnD Tx Rate cant go above 54mbps with phones
Replies: 7
Views: 2454

Re: R11e-2HPnD Tx Rate cant go above 54mbps with phones

solved on 6.40.8 (bugfix old bridges) and 6.42.1 (current new bridges)
by chechito
Sun Apr 29, 2018 4:39 pm
Forum: Wireless Networking
Topic: Xiaomi phone low Wifi TX rate [SOLVED]
Replies: 112
Views: 26303

Re: Xiaomi phone low Wifi TX rate [SOLVED]

Your phone is already working on max rate, this limitation in Your phone hardware. Good day Once again, a huge thank you to your team! You fellows! As for the phone, you were wrong, the limitation was software! With ROOT, it now supports a bandwidth of 40Mhz. Now everything suits me!!!!! All the be...
by chechito
Sun Apr 29, 2018 3:57 pm
Forum: General
Topic: Dude server on RB-3011 CPU at 100%
Replies: 4
Views: 805

Re: Dude server on RB-3011 CPU at 100%

are you using external USB storage for the dude database?
by chechito
Sun Apr 29, 2018 3:22 pm
Forum: Announcements
Topic: v6.40.8 [bugfix] is released!
Replies: 35
Views: 16884

Re: v6.40.8 [bugfix] is released!

thanks a lot mikrotik for this

*) wireless - improved compatibility with BCM chipset devices;

improved too much wifi performance on all my clients

im very happy with this :D
by chechito
Sat Apr 28, 2018 10:14 pm
Forum: RouterBOARD hardware
Topic: wAP AC 3 (IEEE 802.1ax)
Replies: 19
Views: 2891

Re: wAP AC 3 (IEEE 802.1ax)

the bigger problem is driver support since Mikrotik creates here own drivers. The actual drivers doesn't support anything of WAVE 2, are way behind competitors Performance, and this will not change, so I'm not Interested in new devices, with rudimentary driver support and without any features.... w...
by chechito
Sat Apr 28, 2018 10:13 pm
Forum: RouterBOARD hardware
Topic: wAP AC 3 (IEEE 802.1ax)
Replies: 19
Views: 2891

Re: wAP AC 3 (IEEE 802.1ax)

the bigger problem is driver support since Mikrotik creates here own drivers. The actual drivers doesn't support anything of WAVE 2, are way behind competitors Performance, and this will not change, so I'm not Interested in new devices, with rudimentary driver support and without any features.... 1...
by chechito
Sat Apr 28, 2018 9:33 pm
Forum: RouterBOARD hardware
Topic: wAP AC 3 (IEEE 802.1ax)
Replies: 19
Views: 2891

Re: wAP AC 3 (IEEE 802.1ax)

the bigger problem is driver support since Mikrotik creates here own drivers. The actual drivers doesn't support anything of WAVE 2, are way behind competitors Performance, and this will not change, so I'm not Interested in new devices, with rudimentary driver support and without any features.... w...
by chechito
Sat Apr 28, 2018 12:17 am
Forum: Beginner Basics
Topic: WiFi comparison between hAP ac2 and hAP ac
Replies: 12
Views: 12015

Re: WiFi comparison between hAP ac2 and hAP ac

a comparison on mikrotik wifi tx power 2ghz radios mikrotik 2ghz wifi comparison.png in theory hAP ac and hAP ac2 have similar and the best coverage because the same tx power per chain, wAP ac has less tx power per chain and hAP ac lite the lesser a side note is the old rb951G with the highest tx po...
by chechito
Fri Apr 27, 2018 1:51 am
Forum: General
Topic: hardware offload for rb922 and hEX
Replies: 12
Views: 3562

Re: hardware offload for rb922 and hEX

in case of rb922 i think Hardware offload in bridges, works inly for physical Ethernet ports members of same switch chip (mikrotik wiki specifically touch this topic on switch chip features) if you are bridging a wireless interface i think you are limited to fast path acceleration if your bridge has...
by chechito
Thu Apr 26, 2018 10:09 pm
Forum: Beginner Basics
Topic: 8 apartments, separate SSID's for security?
Replies: 14
Views: 1017

Re: 8 apartments, separate SSID's for security?

brilliant, chechito! thanks so very much. Only part I didn't quite follow was if I set up separate SSID's/WPA2 for each apartment & kept traffic from those SSID's isolated from each other, why would you suggest residents still use a VPN to do sensitive tasks? attack techniques exist to make a clien...
by chechito
Thu Apr 26, 2018 8:33 pm
Forum: Beginner Basics
Topic: 8 apartments, separate SSID's for security?
Replies: 14
Views: 1017

Re: 8 apartments, separate SSID's for security?

that is leaving the lowest datarate to be 6mbit/s that way you reduce the airtime used to announce ssid's from 24% to 4% Thanks so much chechito. Yes I read that I'd need to change the datarate (it might have been one of your other posts). So, you're agreeing that using discreet SSID's for each apa...
by chechito
Thu Apr 26, 2018 8:31 am
Forum: Beginner Basics
Topic: 8 apartments, separate SSID's for security?
Replies: 14
Views: 1017

Re: 8 apartments, separate SSID's for security?

2.4ghz?? then you need to set your datarates using many ssid's is mandatory, because when you broadcast an ssid using 1mbit datarate (default setting) you loose 3% of airtime for every ssid in your case 24% only to announce the ssid´s on air, that penalizes your wireless performance today you can di...
by chechito
Wed Apr 25, 2018 12:58 am
Forum: The Dude
Topic: Dude on RB11004AHx4 Dude edition
Replies: 12
Views: 1723

Re: Dude on RB11004AHx4 Dude edition

This happened to me three times already too. For the first time I tried to make mikrotik to find a reason and correct it. Unfortunately they were unable to do that. I solved that by importing a dude backup back. ohh yeah happened to me many times over the years, only needs a power outage to get the...
by chechito
Wed Apr 25, 2018 12:56 am
Forum: The Dude
Topic: Dude on RB11004AHx4 Dude edition
Replies: 12
Views: 1723

Re: Dude on RB11004AHx4 Dude edition

RB1100ahx4 is great for networking, very efficient and powerful machine is not about stability, you must be aware of computational power of rb1100ahx4 router CPU, its a little A15 ARM quad core like a high end smartphone or tablet cpu, you must size the dude accordingly: For rb750gr3 maximum of 40 ...
by chechito
Wed Apr 25, 2018 12:48 am
Forum: The Dude
Topic: Dude on RB11004AHx4 Dude edition
Replies: 12
Views: 1723

Re: Dude on RB11004AHx4 Dude edition

Very nicely written. But where did you take the sizing numbers from?
that numbers come exclusively from my personal experience deploying the dude
by chechito
Tue Apr 24, 2018 8:35 pm
Forum: The Dude
Topic: Dude on RB11004AHx4 Dude edition
Replies: 12
Views: 1723

Re: Dude on RB11004AHx4 Dude edition

RB1100ahx4 is great for networking, very efficient and powerful machine is not about stability, you must be aware of computational power of rb1100ahx4 router CPU, its a little A15 ARM quad core like a high end smartphone or tablet cpu, you must size the dude accordingly: For rb750gr3 maximum of 40 s...
by chechito
Tue Apr 24, 2018 6:10 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 44732

Re: v6.42.1 [current]

BartoszP, chechito - We will release 6.40.8 as soon as possible. As we just yesterday found out about this vulnerability, we were lucky that 6.42.1 was already on the way. In order to release a version, we have to test it first. 6.40.8 is coming, but will take most likely one or two days. I assume ...
by chechito
Tue Apr 24, 2018 4:44 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 44732

Re: v6.42.1 [current]

CHR - Microsoft AZURE : After reboot VM works fine, 2 hour later can't get IP address from DHCP server, static IP don't working, enable/disable iface/ dhcp client - without sucess. Reboot can temporarily fix this problem. Might be same issue for you. We started rolling it out for security sake. 1/3...
by chechito
Tue Apr 24, 2018 4:10 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 158772

Re: Advisory: Vulnerability exploiting the Winbox port

still waiting for the bugfix only update
Same here.
Me too
still waiting ...
by chechito
Tue Apr 24, 2018 4:09 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 44732

Re: v6.42.1 [current]

still waiting for the bugfix only update
still waiting ...
by chechito
Mon Apr 23, 2018 11:46 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 158772

Re: Advisory: Vulnerability exploiting the Winbox port

Hello please tell me how I will update my 3000 mikrotiks again quickly and easily is already the second time that this happens ...
use the dude to manage and monitor your mikrotik routers
by chechito
Mon Apr 23, 2018 10:51 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 158772

Re: Advisory: Vulnerability exploiting the Winbox port

still waiting for the bugfix only update
by chechito
Mon Apr 23, 2018 10:50 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 44732

Re: v6.42.1 [current]

still waiting for the bugfix only update
by chechito
Wed Apr 18, 2018 6:16 pm
Forum: General
Topic: firewall deny any any
Replies: 6
Views: 655

Re: firewall deny any any

Hi I wanted to know if there is an option with the firewall to add the equivalent of a deny an any at the bottom of the rule like on a cisco or a checkpoint firewall. As I tried to add one at the bottom of the rule base and it blocked all traffic in and out of the firewall instead of letting all th...
by chechito
Tue Mar 20, 2018 6:27 pm
Forum: General
Topic: I want to buy MikroTik hAP ac2. I have a few questions.
Replies: 12
Views: 3293

Re: I want to buy MikroTik hAP ac2. I have a few questions.

Ovpn implementation lacks the udp support and the compression. Run a tunnel over tcp is a nonsense from the performance point of view, because the response times will be terrible comparing to the udp mode.
SSTP works very well and is TCP
by chechito
Mon Feb 26, 2018 7:01 pm
Forum: RouterBOARD hardware
Topic: HAP AC2 PERFORMANCE NUMBERS
Replies: 14
Views: 7113

Re: HAP AC2 PERFORMANCE NUMBERS

go for rb1100ahx4 then RB1100ahx 32 . The cores on that integrated ASIC seem to have better performance the the ones of TILEGX yes arm cortex a15 core has better performance than a tile core but is not that simple to escalate something from 4 cores to 32 or 36 cores SoC in terms of yield, power and...
by chechito
Sun Feb 25, 2018 4:14 am
Forum: General
Topic: Efficient packet marking - queue tree
Replies: 3
Views: 700

Re: Efficient packet marking - queue tree

take a look at this shapping using marks on bridge filter

maybe can be helpfull

https://www.youtube.com/watch?v=6eeYac5xBrE
by chechito
Mon Feb 19, 2018 7:42 pm
Forum: General
Topic: Wireless Registration Table only shows first 16 characters of radio-name [SOLVED]
Replies: 9
Views: 1155

Re: Wireless Registration Table only shows first 16 characters of radio-name [SOLVED]

network devices names are meant to be brief

networking devices are not the place to storage all you client information use ms-excel or a software to do that
by chechito
Mon Feb 19, 2018 7:34 pm
Forum: General
Topic: Router capacity
Replies: 14
Views: 1046

Re: Router capacity

40+ client per radio on wifi == problems is not a mikrotik issue, wifi uses contention to control medium access, and that do not escalate well with many devices i have success with ~40 devices on a single 2.4ghz radio on rb951Ui, in very dense environments (clients very close to the ap) and no inter...
by chechito
Sat Feb 17, 2018 8:44 pm
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 76
Views: 13997

Re: ARM based new goodies on the horizon

+ Wave2 wireless chip (but will it be supported by software?) What's new in 6.41 (2017-Dec-22 11:55): . . !) wireless - new driver with initial support for 160 and 80+80 MHz channel width; <- this Just use the whole 5GHz band lol fortunately using 160mhz on 5ghz wifi you dont get too far in distance
by chechito
Sat Feb 17, 2018 6:56 pm
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 76
Views: 13997

Re: ARM based new goodies on the horizon

Dont expect too much. Will be sumilar like HAP AC.
yes but hap ac2 cost almost halfs thats a game changer
by chechito
Sat Feb 17, 2018 6:54 pm
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 76
Views: 13997

Re: ARM based new goodies on the horizon

Currently have a pair of hAP ac, looking forward to upgrade to a pair of hAP ac 2 for their faster CPUs. I'm not using poe and SFP, and 3x3 in hAP ac. For that im telling that HAP AC 2 will be better sollution then HAP AC. Its useless to have 3x3 AC when CPU dont support it.. It maxes on 600 mbps. ...
by chechito
Sat Feb 17, 2018 6:53 pm
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 76
Views: 13997

Re: ARM based new goodies on the horizon

The Wave 2 in the wifi card is probably more valuable than triple chain anyway.
totally agree, y prefer same power 2x2 than 3x3 , you get farther coverage

3x3 its rarely used and make the equipment far more expensive and power hungry
by chechito
Sat Feb 17, 2018 6:47 pm
Forum: Beginner Basics
Topic: Mikrotik RB941-2ND-TC: VPN Throughput
Replies: 7
Views: 1920

Re: Mikrotik RB941-2ND-TC: VPN Throughput

Hey thanks for the reply! I will need like 30 - 40Mbit/s. Do you guys think that I will achieve this speeds? Many thanks to all. Kind regards Rather around 20Mbit/s with aes128cbc ! yes i agree max 20mbps you can expect, keep in mind rb941 is almost the cheapest mikrotik device if you can wait go f...