Community discussions

Search found 465 matches

  • 1
  • 2
by lapsio
Fri Dec 07, 2018 8:16 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

You should not do it with copper ethernet, as I already wrote. But with fiber it appears to work OK. Maybe because it cannot work in halfduplex anyway and the speed can be selected to match. Yeah it really sucks because S+RJ10 doesn't autoneg to gigabit. Even if there's 1G on the other end it still...
by lapsio
Fri Dec 07, 2018 7:42 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

It appears that having autonegotiation on one end and not the other is not a problem on SFP. Of course on copper ethernet this is a definite no-no as it will end up in one side halfduplex and the other fullduplex. But on SFP it appears to work different. Did you actually try setting autonegotiation...
by lapsio
Sat Dec 01, 2018 8:01 pm
Forum: RouterBOARD hardware
Topic: Non-Microtik SFP+ DAC with CRS317... is it OK?
Replies: 5
Views: 850

Re: Non-Microtik SFP+ DAC with CRS317... is it OK?

Thank you guys very much for your responses. Would you recommend I only purchase items marked as 'Microtik" in the future, or do you think I'm safe continuing to buy these cables? I'm using 10Gtek (to connect to Intel because Intel gear doesn't work with non-Intel DACs and modules and 10Gtek makes ...
by lapsio
Sat Dec 01, 2018 7:51 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17425

Re: MUM Europe 2018 - New hardware incoming

Any info regarding CRS326-24S+2Q+RM? I'm not sure if it's worth to wait or should I just go with CRS317. By worth to wait I mean like 1Q2019
by lapsio
Sat Dec 01, 2018 7:44 am
Forum: RouterBOARD hardware
Topic: Product Request: USB Ethernet adapter with SFP+ port
Replies: 2
Views: 1183

Re: Product Request: USB Ethernet adapter with SFP+ port

You won't get SFP+ with USB3 because it's only 5G theoretical. There are plenty of SFP gigabit dongles though. I ordered Winyao one recently. It's quite cheap and supposedly works with Linux. I'll report compatibility once it arrives. Aquantia is working on 5G copper USB3 dongle. It should be availa...
by lapsio
Sat Dec 01, 2018 7:30 am
Forum: RouterBOARD hardware
Topic: Non-Microtik SFP+ DAC with CRS317... is it OK?
Replies: 5
Views: 850

Re: Non-Microtik SFP+ DAC with CRS317... is it OK?

MikroTik in general has quite good SFP+ compatibility (except RB4011). I haven't came across module that didn't work in mtk yet. Sometimes they require disabling autonegotiation but apart from that everything's fine.
by lapsio
Sat Dec 01, 2018 1:08 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Personally I am replacing a rb2011uias-2hnd-in, I never used LCD, USB or speaker, so this is not a big deal for me with the cpu power available. The upgrade on the wireless side is much more a thing for me. Ordered today the wifi version, found exactly one distributor who has like 40 on stock accor...
by lapsio
Fri Nov 30, 2018 12:17 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

This SFP mess is really annoying! Why can't it just work? If I connect cheap TP-Link switch to Cisco, auto negotiation on SFP works. Same with even cheaper Realtek cards, various Dell servers and other equipment. But no, for Mikrotik, you have to manually set the speeds on both ends. Where's the pr...
by lapsio
Thu Nov 29, 2018 8:57 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

first quick opinion - it's running hot. really hot, without any serious load.
No wonder - it's beefy yet passive. CCR1009-PC can give you actual burns if you touch heatsink while it's powered on. Even if idling (there's actually not that huge difference in thermals between idle and stress)
by lapsio
Wed Nov 28, 2018 11:16 pm
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3356

Re: CRS317 Problems with 100MBit Devices / What a shame

Did some testing. There are different revisions of S+RJ10. The revision 2 shows data and connection speed. Revision one does not.
That's interesting. It may suggest that at some point revision X of S+RJ10 won't suck balls anymore. At least not as much as it does now xD
by lapsio
Tue Nov 27, 2018 11:36 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3356

Re: CRS317 Problems with 100MBit Devices / What a shame

Which 1g copper modules from FS.com should work with 100Mbit? On the page there are two Generic SFP-GB-GE-T. I believe all of them are the same. Actually all FS.COM SFP modules are the same. I even ordered F5 compatible ones and still got generic ones because they just work, also in F5. The only di...
by lapsio
Tue Nov 27, 2018 12:21 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3356

Re: CRS317 Problems with 100MBit Devices / What a shame

Furthermore there is no option for sfp copper RJ45 modules available from MikroTik. Huh? What do you mean. There are both SFP and SFP+ copper modules from MikroTik - S+RJ10 and S-RJ01. MikroTik SFP modules are quite cheap but nothing extraordinary. Some other vendors like fs.com can get you cheaper...
by lapsio
Sun Nov 25, 2018 5:58 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 8864

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

Mine is running v6.42.9 for a few weeks now and was doing the usual fan on/off bounce up to 40C on CPU, but is now stuck on this 24/7 for the last week. I guess it got tired of cycling fans. I can confirm this may happen. I have CRS317 and it also sometimes just gets stuck and stops spinning down f...
by lapsio
Wed Nov 21, 2018 12:13 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17425

Re: MUM Europe 2018 - New hardware incoming

No but seriously, can we expect some router with QSFP+? It'd be really nice to be able to get inter-vlan-routing on those QSFP+ switches at 40G speed. Maybe some port setup like 2x QSFP+ and 4x or 8x 10G. It'd be nice upgrade. Or at least 1x QSFP+ and lets say 8x 10G. 80G -> 120G capacity upgrade so...
by lapsio
Sun Nov 18, 2018 12:43 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3356

Re: CRS317 Problems with 100MBit Devices / What a shame

I am using FSP 1G modules to connect to a Zyxel switch. Works perfectly (using them in a LACP bond) Hmm I had to disable autonegotiation and now they work. I'm having all kinds of various autonegotiation issues with this CRS317. S+RJ10 always negotiating to 10G even if there's 1G on another side, l...
by lapsio
Sat Nov 17, 2018 5:38 am
Forum: RouterBOARD hardware
Topic: CRS317 Problems with 100MBit Devices / What a shame
Replies: 28
Views: 3356

Re: CRS317 Problems with 100MBit Devices / What a shame

Are there any caveats with 1G SFP modules as well? Because I obtained generic 1G SFP copper modules from fs.com and link doesn't get up. I'm not sure if it's just incompatibility with this particular module or more general incompatibility with anything except S-RJ01. Did you guys try any non-MikroTi...
by lapsio
Fri Nov 16, 2018 8:51 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17425

Re: MUM Europe 2018 - New hardware incoming

The chipset has been discontinued, linux dropped support for it, and the new RB4011 pulls down full BGP feeds faster than a CCR1072. It's time for something new in the 1036/1072 range. Tile is still on Mellanox's product pages and it can be reinstated in Linux if someone wants to support it. ROS 6....
by lapsio
Fri Nov 16, 2018 8:43 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17425

Re: MUM Europe 2018 - New hardware incoming

still no release date ? I'm actually more interested in pricing :D Especially that CRS326-24S+2Q+RM and CRS309-1G-8S+PC because they have opportunity to crush price per SFP+ ratio quite hard. CRS305 for now significantly exceeded my expectations regarding pricing, I thought it's gonna be like 200$+
by lapsio
Tue Nov 13, 2018 2:47 am
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17425

Re: MUM Europe 2018 - New hardware incoming

When will we see a new high end router like the CCR1072? Is CCR1072 already too weak? xD Currently developed switches sound like good foundation for stronger routers (QSFP+ uplinks). So maybe after they get released. It seems Mtk for now tries to fix their strong lacks in L2. But CRS326-24S+2Q+RM n...
by lapsio
Mon Oct 29, 2018 3:47 am
Forum: RouterBOARD hardware
Topic: S+RJ10 10Gb SFP module: Do they even work?
Replies: 8
Views: 4042

Re: S+RJ10 10Gb SFP module: Do they even work?

This module is a joke. Unfortunately I bought one. The only excuse for its crappyness is price which is like half of normal, properly working 10GBase-T SFP+ module. But well I guess it's good that such hardware exists for those who desperately need 10G copper and are broke af. Still it's terrible de...
by lapsio
Thu Oct 18, 2018 11:30 pm
Forum: RouterBOARD hardware
Topic: CRS305 as TAP?
Replies: 1
Views: 699

CRS305 as TAP?

Considering CRS305 seems to be released/announced - did anyone test it? I'm interested in its span capabilities (whether it supports separate Tx and Rx span like CRS2xx series used to) because it seems like perfect TAP device if it can mirror uplink / downlink to separate ports. Just look at it: htt...
by lapsio
Tue Oct 16, 2018 5:41 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

... and the power led is unnecessary bright
Welcome to like every mikrotik router ever... I always cover them with electrical tape...
by lapsio
Mon Oct 08, 2018 12:37 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Passive DAC is limited to 5 meter anyway, most common are 1 meter or 3 meter, but anything longer then 5m is active in theory. I saw 7m passive. And iirc it's actual max allowed by 10GBase-CR standard.for 10G passive DACs. Active copper DACs are up to 15m. Above you need AOC according to 10GBase-CR...
by lapsio
Sun Oct 07, 2018 2:47 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

So it's working fine with passive DAC? Strange that their own table says it's not supported. Maybe they mean by that, that it might be work, but they are not going to provide support for it. Weird... Maybe it works only with shorter ones aka ones that use less power. Though it works with S+RJ10 and...
by lapsio
Fri Oct 05, 2018 1:27 am
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 3998

Re: RB4011 - Poll - ONE thing you'd change

At a bare minimum it would have another 10G port or all LAN would be 2.5G (one switch). The sweet spot would be 2x SFP+, 2x 10GBase-T, 10x 2.5GBase-T. For 199$, fries included :P Such ports config would place it between CCR1036 and CCR1072 (or actually above CCR1072 because it'd give 85G theoretica...
by lapsio
Thu Oct 04, 2018 1:49 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Where did you get one? I'm desperately looking for one with WiFi in Europe
Only non-wifi version is available for now afaik.
by lapsio
Wed Oct 03, 2018 3:30 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Useless SFP+ for me without a 10G LAN port. It's for router on the stick scenario. It's meant to actually be LAN port, not really WAN port. I think it is WAN port for small office or internet-intensive family (not only one intensive user at a time). Well assuming someone has internet faster than 1g...
by lapsio
Wed Oct 03, 2018 1:27 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Useless SFP+ for me without a 10G LAN port.
It's for router on the stick scenario. It's meant to actually be LAN port, not really WAN port.
by lapsio
Tue Oct 02, 2018 7:15 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Wondering, if Cisco console cable would work on these...
It worked with RB2011
by lapsio
Thu Sep 27, 2018 2:43 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Has anyone been able to order one of these yet? Seems like the expected stock arrival dates keep getting pushed back.
All polish shops I checked claimed "Beginning of October". They claimed so since very beginning and they still do.
by lapsio
Wed Sep 26, 2018 3:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

They are offering 10GbE Multimode optics for 15€ while the competition is selling them for 50. There's got to be a catch. I'm using 10Gtek DACs which were even cheaper than MikroTik ones and work perfectly fine so I wouldn't judge by price. It's just generic chinese module that can be reprogrammed ...
by lapsio
Mon Sep 24, 2018 10:11 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

...
There was time when RB2011 was sold as barebone (without case) just like some current routerboards. Not sure why they abandoned it. Probably didn't sell well.
by lapsio
Mon Sep 24, 2018 9:52 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

unfortunately I cannot go for RB3011 due to space restrictions
Well technically I guess you could take RB3011 out of chassis if network cabinet is closed anyways... I guess...
by lapsio
Mon Sep 24, 2018 8:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

But that is an environment where you do not need (or want) a switch... Well sometimes you just want AIO box as cheap as possible. Eg. such RB4011 with wifi. It'd obviously make sense to give it decent switch chip, because come on - if someone buys 10G router with 10 gigabit ports and wifi he obviou...
by lapsio
Mon Sep 24, 2018 2:04 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Thanks for answers. Now I understand if I make vlan's on interfaces it will be handled in CPU(like now) and switch chip VLAN support not effect it. Because I need "transfer" VLAN's from sfpplus port to some ethernet ports switch chip VLAN support do not help me a lot ... I use VLAN's for VOIP and I...
by lapsio
Sun Sep 23, 2018 11:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

You only have to look at the table to switch chips and products to realise how much each range or device differs from each other, not to mention all the different CPU architectures - part of their sucess and weakness you could argue. And that's wrong. Naming schemes indicate something. If you saw i...
by lapsio
Sun Sep 23, 2018 11:46 pm
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN crippled by lightning strike
Replies: 2
Views: 564

Re: RB2011UiAS-2HnD-IN crippled by lightning strike

I'd use it as managed switch. I'm actually using RB2011 as switch for CCR1009. You could try to revive this device using usb wifi dongle. Or perhaps use it as 3g backup gateway (assuming USB still works). You may also use this device for various scripting and network monitoring / diagnose though lac...
by lapsio
Sun Sep 23, 2018 11:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

So maybe I'm missing some big points here but to me this RB4011 looks great for small business use or in a more demanding home situations. Plenty of power and passively cooled, great! I also really like that it can do hardware AES so you can tunnel all your traffic through a VPN tunnel in a work re...
by lapsio
Sun Sep 23, 2018 10:23 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17425

Re: MUM Europe 2018 - New hardware incoming

+1 on pricing and availability. CRS305-1G-4S+IN is definitely a weird one, but I have some ideas if it's cheap enough. Yes it's really weird one and actually it really reminds me of this: https://3p-resale.de/media/image/product/207/md/gigamon-g-tap-a-tx-active-network-tap-gtp-atx00.jpg Or more pre...
by lapsio
Sun Sep 23, 2018 10:11 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2018 - New hardware incoming
Replies: 52
Views: 17425

Re: MUM Europe 2018 - New hardware incoming

Sorry to burst your bubble but anybody with so many 10g ports in their datacenter to justify going 40/100g is going to deploy CSS/CRS to use them as edge/access devices or remote site aggregation at best, where QSFP is a nice extra but not mission critical. If you are so bandwidth strapped to cry f...
by lapsio
Sun Sep 23, 2018 9:22 pm
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 3998

Re: RB4011 - Poll - ONE thing you'd change

Aaand necrobump :D

Because it's still hot topic until RB4011 actually comes out.
by lapsio
Sun Sep 23, 2018 9:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Too wait for proper upgrade from RB2011, but RB4011 is not my choise anymore, especially when removed USB port. Will switich to UBNT.
I don't think UBNT has USB either tho xD
They should just make RB3011 in desktop case. It'd be bilion times better idea than this joke.
by lapsio
Fri Sep 21, 2018 2:52 pm
Forum: Beginner Basics
Topic: Mikrotik SPF + unable to get full bandwidth
Replies: 5
Views: 704

Re: Mikrotik SPF + unable to get full bandwidth

Sounds reasonable. Please note that when packets are dropped there are more retransmissions and stuff so you may get better throughput if router can keep up than in situation where you exceed router capabilities and packets start to drop heavily. Did you try to enable fasttrack with Queue Tree rules...
by lapsio
Fri Sep 21, 2018 2:32 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

The device support active DAC cables.
Oh wonderful, so for example one like this for only 100 eur

https://www.redcorp.com/en/product/fibr ... 1/m852cq82

I can hardly find any 1m active DACs or anything below/equal 3m
by lapsio
Fri Sep 21, 2018 1:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Footnote 4 says you can only use a SFP+ DAC at 10Gb Doesn't it rather say that you cannot use passive SFP+ DAC at all? RB4011 seems to be the only Mikrotik SFP+ device which is incompatible with Mikrotik's own direct attach cables. Wait what. Dafaq. No DAC support? How is it even a thing?... It's r...
by lapsio
Thu Sep 20, 2018 12:12 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

It should. CPU is similar (the same arch) in hAP ac, CRS-326 and RB4011.
hAP AC is MIPSPBE, CRS-326 and RB4011 are ARM.
Ah srr, I was thinking about ac² as it's quad core ARM just like 4011. My bad.
by lapsio
Wed Sep 19, 2018 10:13 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Is there a recommended SFP+ 10G Copper module that is proven to negotiate to 1G reliably?
I believe it's ROS/routerboard issue. Not SFP modules issue.
by lapsio
Wed Sep 19, 2018 10:11 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Today Im copy configuration from HAP AC to CRS326-24G-2S+RM(RouterOS mode) and configure sfp+ as WAN insted of SFP(on hap ac) and pppoe, multicats, voip, iptv work normaly as in hap ac... Does this mean that it will also work on RB4011 or can different CPU/Switch chip produce some problems? Im chec...
by lapsio
Mon Sep 17, 2018 11:22 pm
Forum: Wireless Networking
Topic: Why is MikroTik's new product—S+RJ10 10GBASE-T module so cheap?
Replies: 10
Views: 4292

Re: Why is MikroTik's new product—S+RJ10 10GBASE-T module so cheap?

It doesn't support jumbo frames. That's 100$ cut from price. And improperly autonegotiates to non-10G speeds. That's remaining 35$ from price and voila - from 200$ to 65$ :D Plus it probably has 'meh' compatibility. Other MikroTik SFP+ modules I use didn't work with Intel X710-DA4 network card for e...
by lapsio
Mon Sep 17, 2018 10:45 pm
Forum: Beginner Basics
Topic: Mikrotik SPF + unable to get full bandwidth
Replies: 5
Views: 704

Re: Mikrotik SPF + unable to get full bandwidth

We found our simple queue is affecting our ports and also I enabled fastrack to get full throughput. But if i enable fastract our queue tree wouldn't work. I need to find a way to make this work. Thank you guys. To get 10G with CCR1009 without fasttrack you need jumbo 9k. And single connection will...
by lapsio
Mon Sep 17, 2018 10:36 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

You should probably use SFP+ module, not SFP one to avoid sloppyness. For example: https://mikrotik.com/product/s_rj10 It should support all link rates, including 10Mbps one :D Yes it should . Too bad it doesn't. I have this particular module. It negotiates to 10G when connected laptop. When I disa...
by lapsio
Mon Sep 17, 2018 9:38 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Thank you for the explanation. I know I'm getting ahead of myself on the config before the device is even shipping. But based on the 2.5Gb/s limitation for each switch chip, it would be best to place devices with a majority of internet traffic on the same switch chip as the port being used for WAN?...
by lapsio
Sun Sep 16, 2018 11:45 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1763

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The actual role of the optional fan is to reduce the heat transfer effect from one device (HDD) to another (CPU), which can create unstable operation of the device. Example - Condition of normal operation of the central processor is not more than 60 ° C; - The detected normal operating temperature ...
by lapsio
Sat Sep 15, 2018 5:35 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Or does it bridge the two switch groups together? ^ This 2. What is the performance impact bridging the two switch groups together? Does it disable hw acceleration (IPv4 forwarding, IPv6 forwarding, fast path, etc.)? Depends on CPU. In RB2011 performance hit was quite significant but second switch ...
by lapsio
Wed Sep 12, 2018 1:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Still it is a pity that we don't have proper switching available, you will never know when you would actually need it. I'm using RB2011 as small "ports extension" switch + AP for CCR1009. Because CCR1009 has significantly higher routing performance it made sense to use RB2011 switch just as switch ...
by lapsio
Tue Sep 11, 2018 11:08 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1763

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The 2013 University of Virginia study of 10,000 hard drives in a Microsoft datacenter found that the annual failure rate steadily increases with temperature , from about 4% per year at 27 °C to about 10% per year at 44 °C (Figure 5). Assuming an Arrhenius equation, that gives twice the number of fa...
by lapsio
Tue Sep 11, 2018 8:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

I have one question about WiFi version RB4011(RB4011iGS+5HacQ2HnD-IN). Currently I use hAP ac(RB962UiGS-5HacT2HnT) for my home network. Im remove ISP modem and put optical transciver into mikrotik and setup firewall rules, pppoe, vlan's, capsman, vpn's... For Internet I use pppoe on sfp1 interface....
by lapsio
Tue Sep 11, 2018 7:08 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1763

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The 70 deg. Celsius Mikrotik is saying the device can take might be true. But I am not willing to test the theory only to have to replace the routers every 1-2 years. In my experience, all electronics like to stay cool. Not too cool, but definitely not too warm for too long. My CCR1009 is idling at...
by lapsio
Tue Sep 11, 2018 3:22 pm
Forum: RouterBOARD hardware
Topic: CRS326 and 802.3ad / LACP bonding with VLANs, no HW offload
Replies: 5
Views: 1923

Re: CRS326 and 802.3ad / LACP bonding with VLANs, no HW offload

I'm on latest ROS (6.43.7 i think) and I have HW accelerated xor bonding between CRS317 and CRS326. It happened to me that bonding interface acceleration sometimes "derps" after you perform reconfiguration of interfaces and looses HW state. Putting interface down and up or rebooting device usually s...
by lapsio
Tue Sep 11, 2018 3:15 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1763

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

I'm not sure whether quad core ARM 1.4 ghz requires such cooling tho... You could at least try to mount low profile fan on the inside to keep U1 size compliance lol
by lapsio
Mon Sep 10, 2018 3:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

I wonder if mini-pcie toUSB adapter will work in this router? In such a way we could have had USB at the expense of 2ghz radio. why don't use any minipcie 2ghz capable wireless card? RB4011 has included 2.4 ghz card. Question was if we can get USB instead of 2.4 ghz. For example to get 3G/LTE USB m...
by lapsio
Mon Sep 10, 2018 12:44 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 8864

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

I agree, that likely the CPU won't need the fans, nevertheless MikroTik does control the fan speed via the CPU temperature. I also agree that I you don't find another POE switch with similar features/performance at that price point. I likely will give the Noctua fans a try. Please note that Noctua ...
by lapsio
Mon Sep 10, 2018 12:29 am
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 3998

Re: RB4011 - Poll - ONE thing you'd change

Whatever we request it is too late I guess... Note that RB2011 had multiple versions and they didn't come out all at once. More "full" versions with more bells and whistles came later, after most basic 2011L variant. Also this post is not only about telling what we don't like about RB4011 in partic...
by lapsio
Sun Sep 09, 2018 4:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Hey everyone! Let's have a poll :D

Let's tell MikroTik what we expect from RB4011 viewtopic.php?f=3&t=138969&p=684987#p684987
by lapsio
Sun Sep 09, 2018 4:11 pm
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 3998

RB4011 - Poll - ONE thing you'd change

So RB4011 is quite polarizing topic. There's a lot of excitement and happiness but also a lot of disappointment. Now let's imagine that MikroTik could make revision of RB4011 that would add ONE feature that you miss the most - what would it be? Let's make some poll, shall we? :D What is YOUR most mi...
by lapsio
Sat Sep 08, 2018 8:12 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

... will not come off without a fight... and warranty?
MikroTik has warranty? xD just rip off those antennas and call it a day. It shouldn't break :D, at least not before end of warranty.
by lapsio
Sat Sep 08, 2018 5:23 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Can anyone from MikroTik confirm the antenna are removable on SMA or something? 2.4 uses standard R11e card like this one: https://mikrotik.com/product/R11e-2HnD so it has the same connectors for antennas as R11e. 5ghz idk but I believe they'll be removable as well. Probably with the same connector...
by lapsio
Sat Sep 08, 2018 4:46 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Also because some people may get impression that removed things are insignificant "details" and nobody uses them I'd like to note that it's not entirely true and those are not just useless gimmicks: no USB - usage of 3G/LTE modems doesn't need any itroduction. Some people use 3G as backup WAN, somet...
by lapsio
Sat Sep 08, 2018 3:21 pm
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 3971

Re: Whats the best current home routerboard for a gigabit ISP?

It stopped passing traffic, I could not connect to it neither via ssh, webfig nor winbox. The only cure was to remove power. Nothing in logs afterwards (no surprise here). I'd recommend using watchdog. It should handle such incident in matter of seconds. https://wiki.mikrotik.com/wiki/Manual:System...
by lapsio
Sat Sep 08, 2018 2:51 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Besides the fact that it is a >1GHz quad-core ARM, though, in the list of "added features" compared to 2011 you also left out the following: Quad-core (like I said) 1GiB of RAM (same as 3011, 8x as much as 2011U, 16x as much as 2011L) 0.5GiB of NAND storage (4x as much as 2011 and 3011) I said that...
by lapsio
Sat Sep 08, 2018 2:25 pm
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 3971

Re: Whats the best current home routerboard for a gigabit ISP?

There's as slight bug in switch chip in IPQ4xxx which bit me and MT doesn't have a solution (yet). It also runs hot and my personal experience is that it might freeze due to that (vertical position seems to help). I'm interested as well. I'm using switch chip in ac² quite actively (vlans for loopba...
by lapsio
Sat Sep 08, 2018 3:04 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Anyone venture a guess if btest will work better on these things than the CCR1016's we use for extended stress testing as I recall a CCR tops out at around the 2.5gbit udp mark ? If btest really is single core then I believe it should perform better than CCRs. It should in general perform better th...
by lapsio
Sat Sep 08, 2018 2:15 am
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 3971

Re: Whats the best current home routerboard for a gigabit ISP?

In all seriousness I'd get hAP ac² over RB4011. Imho more versatile at waaay lower price. 4011 is not representative mikrotik as it's really targeted, single purpose device. You won't even connect 3g/lte modem to it. Nor use much of hardware switch. hAP ac² is really nice device with great switch ch...
by lapsio
Sat Sep 08, 2018 12:26 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

What for this router have 10G sfp+ port? All switches summary have only 5G throughput.
Router on the stick. Inter VLAN routing basically. It's common use case actually if you don't have proper L3 switch.
by lapsio
Fri Sep 07, 2018 8:45 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

I look at this a different way - now you have a router capable of routing 10 Gbps peak throughput which is very close to CCR1009 number for half the cost. I totally agree that it is needed device. Cheap 10G router to make 10G more popular. It's cool. I just don't find it successor of RB2011. Look a...
by lapsio
Fri Sep 07, 2018 8:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

For me it's an issue of perception. They gave the device an X011 part number, implying that it was an updated but comparable replacement for the 2011's and 3011. But it isn't; it's a completely different animal. It hits especially badly if you take into account that many people (including me) asked...
by lapsio
Fri Sep 07, 2018 8:01 pm
Forum: RouterBOARD hardware
Topic: CRS317 with Noctua NF-A4x20, pros, cons, caveats.
Replies: 0
Views: 700

CRS317 with Noctua NF-A4x20, pros, cons, caveats.

So I noticed that many people who bought CRS317 as "home" switch replaced fans with Noctua in order to reduce noise level. I decided to do that as well so I guess I'll make small write-up about this topic. Lets start from basics. If we want to replace something, first we should know what are we actu...
by lapsio
Fri Sep 07, 2018 5:34 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

There is no speaker So... at the end of the day... It's kind of one trick pony. It's basically really simple and basic router that can route buttload of traffic due to SFP+ port and hardware AES. The end. Things removed comparing to RB2011: no USB no screen no beeper no USR led no meaningful switch...
by lapsio
Fri Sep 07, 2018 1:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

does Realtek RTL8367 manageable switch and support acl? Nope. It's crap :( https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features I think the chip has several possibilities implemented in hardware but are not yet implemented in RouterOS: http://www.realtek.com.tw/products/productsView.aspx?Lang...
by lapsio
Fri Sep 07, 2018 9:08 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

OK, just give me a real life application - combination of fastpath and "router on a stick". As in real life average packet size will be closer to 512 than 1500, fastpath is only way to achieve 10Gbps+ speeds, but that requires no config, "router on a stick" requires at least some configuration, so ...
by lapsio
Thu Sep 06, 2018 10:08 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Regarding the lack of USB, as there are a miniPCI-slot for wifi. Russian site with pictures of the inside: https://weblance.com.ua/389-mikrotik-gotovit-platformu-rb4011-na-baze-processorov-alpine-zayavlena-podderzhka-dual-band-wi-fi-s-mimo-4x4.html If Mikrotik could make a version of the R11e-LTE w...
by lapsio
Wed Sep 05, 2018 5:09 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Finally:

RB4011iGSplusRM-180905135303.png
That looks like beef, not gonna lie :D I wonder where this 10G limit in charts comes from because it doesn't really look like "natural" limit.
by lapsio
Tue Sep 04, 2018 12:54 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

https://forum.mikrotik.com/download/file.php?id=33451 Anybody else wondering why RB4011 CPU-throughput appears to be capped to 10Gbit/s? Assuming both Realtek GbE switchgroups are connected at 2.5Gbit/s each to the CPU (like RB1100AHx4), this leaves only 5Gbit/s possible thoughput for the 10GbE SFP...
by lapsio
Mon Sep 03, 2018 6:47 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Likely nothing has changed in the actual capability but such specifications are made because of complaints about high internal temperature and/or short lifetimes of the caps. Internal temperature of the router is not the same as ambient temperature! It usually is 10-20 degrees higher (depending on ...
by lapsio
Sun Sep 02, 2018 11:17 pm
Forum: RouterBOARD hardware
Topic: CRS317 fans - 5V or 12V?
Replies: 0
Views: 325

CRS317 fans - 5V or 12V?

Does anyone know whether CRS317 fans are 5V or 12V? I'd like to replace them with some Noctuas as I saw many people doing that but I'm not sure which variant should I get.
by lapsio
Sun Sep 02, 2018 9:41 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

If you google the wireless model you get the fcc report, it has internal pictures: No Fans Case looks Matt like the AC^2, and plastic? The main problem for me... is I want a new router now and it’s not on sale yet! There's article on one site. Case is full metal. Only bottom is plastic. Case is bas...
by lapsio
Sun Sep 02, 2018 9:36 pm
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1425

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

I use the mangle chain to divide traffic between two WANs, and the fasttrack doesn't seen to cause problems with it.
I thought that routing-mark is per-packet, not per-connection. If you assign routing mark on connection level it's gonna persist and be taken into account in routing rules?
by lapsio
Sun Sep 02, 2018 3:43 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

One question: why you need to push all that through the router? Why not to switch the most part? Long story short - MikroTik switches don't support VEPA and I use VEPA. And datacenter switches that support VEPA cost more than MikroTik router that can handle 10G lol. And I want to have stateful fire...
by lapsio
Sun Sep 02, 2018 2:51 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1425

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

Why would fasttrack be less secure than no fasttrack? The streaming is marked to be fasttracked after the firewall looks into it, so I don't get this. in filter chain - yeah but there's plenty of caveats. For example mangle chain and packet marking. Iirc fasttracked packets don't get processed on p...
by lapsio
Sun Sep 02, 2018 12:46 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1425

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

i suppose you put the 10g NIC on the pci express x16 slot of your motherboard Technically x8 because it's P67 chipset so it has x8/x8 pci-e 2.0 but card has x8 connector anyways. As it's 4x10G NIC it has theoretical throughput of around 36 gbps in such config. In practice probably above 20 or somet...
by lapsio
Sat Sep 01, 2018 11:03 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

i think a CPU like Broadcom stingray (8 core arm cortex a 72 at 3.0ghz) can beat a a tilera 72 core CPU at 1.0 ghz (like ccr1072) because of the much better single core performance That's true for many use cases but please take into account that routers like those are in most cases used in backbone...
by lapsio
Sat Sep 01, 2018 9:49 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Being a CCR1009 owner I can confirm - it is way overkill for home use. I ended with it only because I found one used for nearly the price of 3011. Otherwise it makes no sense, especially now, when you can get 4011 + CRS326 for the price of 1009. Though even home user can kill CCR1009 if you use too...
by lapsio
Sat Sep 01, 2018 8:08 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that. i think with rb4011rm ccr1009 is dead That's brave statement :D Still CCR1009 has number of features that RB4011 doesn't. It still has significantly higher routing performance, p...
by lapsio
Sat Sep 01, 2018 7:18 pm
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1425

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

So yeah. It's CCR1009 issue. It really does bottleneck on single TCP connection, even with 9k jumbo at 3.5 gbps. With standard 1500 frames it bottlenecks at around 1.2gbps. When fasttrack is disabled and we use bridge ip firewall Removing bridge interface (so that ip is assigned directly to VLAN int...
by lapsio
Sat Sep 01, 2018 2:38 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Is there a header inside one can attach a USB cable to?
I didn't notice any. If you google 4011 there's some Russian article with photos of PCB
by lapsio
Fri Aug 31, 2018 4:07 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

I'm actually interested to test this router with a full BGP table given the high clock speed and 10 gig port. Who knows? Could be a diamond in the rough for a border router ;-) I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that.
by lapsio
Fri Aug 31, 2018 1:08 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1425

CCR1009 - low single tcp tunnel performance? [SOLVED]

I recently managed to get my hands on Intel X710-DA4, CRS317 and CCR1009. However unfortunately... Performance is quite disappointing and I don't know who to blame. When I enable multiple tunnels in iperf then everything is cool - full 10G. However with single tunnel... not so much. If I use UDP for...
by lapsio
Thu Aug 30, 2018 10:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Oh boy, it does look ugly with those rack-mount ears attached. Luckily I can close rack's door. I wonder if LCD would suffice to maintain minimum level of sexapeal ... Well... At least it's not full width rackmount case that is like idk... 10cm deep or something similarly comical like RB2011 used t...
by lapsio
Thu Aug 30, 2018 10:13 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

... So it is still closer to RB3011 than to RB1100. And keeping in mind SFP+ port, the price is quite good. Yep. I wonder how it compares to CCRs if we're handling single TCP tunnel. Because single TCP tunnels don't really scale well so ironically this device could perform better with single 10G TC...
by lapsio
Thu Aug 30, 2018 9:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

I wonder what processors will we see in future RB1100 and CCR series, as RBx011 has 4x1.4GHz now... Prices are probably estimated but from what resellers suggest RB4011 won't be direct RB2011 successor as it's gonna be priced significantly higher (which obviously makes sense, after all it has the s...
by lapsio
Thu Aug 30, 2018 7:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

Two versions: Rackmount: http://files.i4wifi.cz/inc/_doc/attach/StoItem/7148/en_datasheet_RB4011iGS_RM.pdf with wifi: http://files.i4wifi.cz/inc/_doc/attach/StoItem/7150/en_datasheet_RB4011iGS_5HacQ2HnD_IN.pdf It doesn't really look like prototype :/ I think there won't be usb for us this time. No ...
by lapsio
Thu Aug 30, 2018 6:56 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

Re: RB4011

LCDs are this tiny "premium" touch that makes device look better than it actually is xD I love them. It's not like they're super useful but they just feel nice. It's not common to see LCD screens in this kind of hardware. F5 puts similar LCDs in their newer appliances that are waaaaay more expensive...
by lapsio
Thu Aug 30, 2018 3:51 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 359
Views: 66348

RB4011

So... Are we going to talk about it or is it tabu topic? :D

I'm personally quite disappointed with lack of LCD and USB.

NOTE: There's poll related to this thread: viewtopic.php?f=3&t=138969
by lapsio
Mon Aug 27, 2018 9:41 pm
Forum: Beginner Basics
Topic: quota Limit on WAN interfaces
Replies: 2
Views: 444

Re: quota Limit on WAN interfaces

Bump. Still relevant. for backup LTE links. I set up 128 kbps bandwidth limit but I calculated that it can still pretty easily use up whole per-month 10 GB data limit in around 1 week.
by lapsio
Mon Aug 27, 2018 8:06 pm
Forum: Wireless Networking
Topic: How to filter wifi traffic between AP stations on firewall? [SOLVED]
Replies: 6
Views: 1054

Re: How to filter wifi traffic between AP stations on firewall? [SOLVED]

... Well I actually just found even better solution - simply arp=local-proxy-arp. So just set default-forwarding=no on wireless interface and arp=local-proxy-arp on bridge where wlan interface is attached and where you have IP address and this way MikroTik will answer to all arp requests with own M...
by lapsio
Mon Aug 27, 2018 3:28 pm
Forum: RouterBOARD hardware
Topic: CRS3xx ingress+egress dual port mirror
Replies: 0
Views: 332

CRS3xx ingress+egress dual port mirror

How can I configure port lets say ether2 to mirror ingress to port 23 and egress to port 24 so that I won't have mirror link overcommit? If I recall it was possible in CRS2xx using mirror0 and mirror1.
by lapsio
Sun Aug 26, 2018 1:27 am
Forum: Wireless Networking
Topic: How to filter wifi traffic between AP stations on firewall? [SOLVED]
Replies: 6
Views: 1054

Re: How to pass traffic between AP stations through firewall? [SOLVED]

After all those years I finally solved this mystery. Solution was as simple as disabling default-forward and giving all stations /32 netmask via dhcp or static config (and probably enable ip-firewall on bridge). Now all packets go to router MAC and then router filters them on firewall in forward cha...
by lapsio
Sat Aug 25, 2018 10:33 pm
Forum: General
Topic: tls-host doesn't work in dstnat chain? [SOLVED]
Replies: 1
Views: 432

Re: tls-host doesn't work in dstnat chain? [SOLVED]

Okay it's pretty obvious. NAT decision is taken before 3-way handshake is finished as handshake is typically preformed by actual host and tls-host, layer-7-protocol, content and many other matchers can only be determined after handshake is finished because they base on connection packets content. So...
by lapsio
Sat Aug 25, 2018 10:01 pm
Forum: General
Topic: tls-host doesn't work in dstnat chain? [SOLVED]
Replies: 1
Views: 432

tls-host doesn't work in dstnat chain? [SOLVED]

I tried to kind of replicate nginx functionality using dstnat to different machines basing on tls-host (mostly to split openvpn on port 443 from https) however to my surprise this feature doesn't seem to work in dstnat chain. It works in prerouting chain though and according to: https://wiki.mikroti...
by lapsio
Sat Aug 25, 2018 6:52 pm
Forum: Wireless Networking
Topic: FreeRADIUS based MikroTik Wireless VLAN tagging
Replies: 0
Views: 593

FreeRADIUS based MikroTik Wireless VLAN tagging

I'm trying to assign users to different VLANs on wireless interface basing on RADIUS authentication. Basic RADIUS authentication works as expected but MikroTik-specific attributes don't seem to be assigned properly. This is my server side config of FreeRADIUS (mikrotik.dictionary is taken from here:...
by lapsio
Sat Aug 18, 2018 2:19 am
Forum: Wireless Networking
Topic: D-Link DWM-222 works only with CCR1009
Replies: 0
Views: 360

D-Link DWM-222 works only with CCR1009

I just bought Orange SIM card and D-Link DWM-222 usb modem for backup connection. I wanted to connect it to my edge router (hAP ac²) as backup gateway but it doesn't seem to work... I have really mixed results with it. At first I connected to hAP ac² and it didn't work. Then I connected to RB2011 an...
by lapsio
Fri Aug 17, 2018 5:56 pm
Forum: General
Topic: Loopback NAT is performed only once
Replies: 2
Views: 602

Re: Loopback NAT is performed only once

I just bought one more router dedicated as edge router... It was crappy idea anyways because RB2011 was really overloaded with tons of functionality it couldn't handle all at once. It's old and really obsolete router. I hope MikroTik makes refresh of RB2011 soon. With more recent CPU and perhaps two...
by lapsio
Fri Aug 17, 2018 5:45 pm
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 761

Re: Hairpin NAT bypasses firewall - potential security issue

Unless you reproduce it on router with exact config you posted, i.e. only that one drop rule in forward chain and nothing more , it must be some other rule allowing these packets to pass. Hmm. They don't pass with this exact config in CHR. But it does occur with my config when I add drop all as fir...
by lapsio
Fri Aug 17, 2018 4:59 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 528

Re: force push local address to gateway? (to avoid Hairpin NAT)

Look at this: https://forum.mikrotik.com/viewtopic.php?f=2&t=102483&p=509070&hilit=port#p508981 In the end I used srcnat to router's external IP so basically hairpin NAT just with public IP, not private. It works. Servers see in logs my external public IP and packets are "properly" forwarded. Excep...
by lapsio
Fri Aug 17, 2018 1:43 am
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 761

Re: Hairpin NAT bypasses firewall - potential security issue

... but even if it would send something back (it won't, because it has unconditional drop in forward, it won't route anything between any interfaces), bottom router wouldn't let it pass. The problem is - it would and it does. I didn't make this up from thin air. It's issue that occurs in my config....
by lapsio
Thu Aug 16, 2018 3:30 am
Forum: RouterBOARD hardware
Topic: S+RJ10 improperly auto negotiates to 10G
Replies: 3
Views: 902

Re: S+RJ10 improperly auto negotiates to 10G

This might help You: https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table#SFP.2B_interface_compatibility_settings_with_1G_links Oh okay. I read this bilion times in the past yet somehow I still forgot about this 1G sfp+ thingy. Still I believe that's not how autonegotiation is sup...
by lapsio
Thu Aug 16, 2018 1:37 am
Forum: RouterBOARD hardware
Topic: CRS317 10G -> 1G traffic slow, everything else fine
Replies: 21
Views: 7030

Re: CRS317 10G -> 1G traffic slow, everything else fine

SFP+RJ10 still reports up/down link state without a cable connected.
Still happens in August...
by lapsio
Thu Aug 16, 2018 1:29 am
Forum: RouterBOARD hardware
Topic: S+RJ10 improperly auto negotiates to 10G
Replies: 3
Views: 902

S+RJ10 improperly auto negotiates to 10G

I fairly doubt my laptop has 10G onboard NIC... especially that on laptop side it's negotiated to 1Gbps
P_20180816_001727_vHDR_On.jpg
by lapsio
Thu Aug 16, 2018 12:17 am
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2841

Re: S+RJ10 and Jumbo Frames

+1, why would jumbo frames not be supported on a 10G capable interface.... On the other hand... Name me one 10G copper SFP+ module other than mikrotik for 65$ brand new. Go on. I tried xD Until MikroTik saves us, 10G copper still costs kidney. Currently they saved us in 50% because no jumbo :P I bi...
by lapsio
Tue Aug 14, 2018 11:51 pm
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 761

Hairpin NAT bypasses firewall - potential security issue

I noticed that hairpin NAT on single interface bypasses firewall. net.png Let's assume following: bottom router: /ip address add address=192.168.0.1/30 interface=ether1 /ip address add address=192.168.4.1/24 interface=ether2 /ip address add address=192.168.2.1/24 interface=ether3 /ip firewall filter...
by lapsio
Tue Aug 14, 2018 10:46 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 528

Re: force push local address to gateway? (to avoid Hairpin NAT)

What is wrong with Harpin NAT? It is just name of technology which "other" routers do behind the scenes. One line for NAT. That is all. I just noticed that if I do what I just described MikroTik accepts all dst-nated packets, bypassing all firewall rules whatsoever ._. That's first thing. So basica...
by lapsio
Tue Aug 14, 2018 9:08 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 528

force push local address to gateway? (to avoid Hairpin NAT)

lets say I have public IP 66.66.66.66. I want to allow users from LAN access services exposed via public IP. Unfortunately there's quadrillion of zone-like firewall rules, PBR, QoS and tons of other crap. Adding exceptions everywhere for such traffic would be complete clusterf*ck and I'm trying to a...
by lapsio
Thu Aug 02, 2018 10:41 am
Forum: RouterBOARD hardware
Topic: Hap ac2 vs. Hex S
Replies: 8
Views: 6881

Re: Hap ac2 vs. Hex S

It's also worth to mention that hEX series has crappy switch chip while hAP ac2 has pretty decent one with VLANs support and stuff so you can also repurpose your device as managed L2 wire-speed switch. For me it was big deal as I wanted to loop traffic through IPS and ROS has issues with software br...
by lapsio
Mon Jul 30, 2018 11:48 pm
Forum: General
Topic: CRS317 - arp doesn't work
Replies: 3
Views: 436

Re: CRS317 - arp doesn't work

I assume the IP address is attached to the VLAN interface? Any ARP related settings? Maybe a full /export hide-sensitive I tied to isolate as tiny case as possible. So here I replicated issue with only 2 switches (without CCR involved): lapsio@linux-gjpj ~> cat SSHFS/Storage/mtk5 # jul/30/2018 22:3...
by lapsio
Mon Jul 30, 2018 10:13 pm
Forum: General
Topic: Loopback NAT is performed only once
Replies: 2
Views: 602

Loopback NAT is performed only once

I have two routers - CCR1009 and RB2011. I'd like to make CCR1009 core router and RB2011 edge router. However as CCR1009 doesn't have wifi I'd like to also repurpose RB2011 as AP, but still route networks on CCR1009. So in order to do so I bridged wifi interface with one of VLANs, withrout assigning...
by lapsio
Sun Jul 29, 2018 6:10 pm
Forum: General
Topic: How LACP affects ARP?
Replies: 0
Views: 295

How LACP affects ARP?

Recently I created multiple threads spinning around topic of ARP and LACP issues. I thought they're independent but after lots of testing I think I finally came to following conclusion: LACP affects ARP in some way in my setup. Every time I create LACP link there are some issues with propagating ARP...
by lapsio
Sat Jul 28, 2018 10:50 pm
Forum: Beginner Basics
Topic: How does MSTP work?
Replies: 0
Views: 524

How does MSTP work?

I thought that primary reason why we use MSTP is because it's VLAN-aware. However I made following switch config: /interface bridge add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=mstp vlan-filtering=yes /interface bridge port add bridge=br-hardware frame-types=admit-only-...
by lapsio
Sat Jul 28, 2018 9:06 pm
Forum: General
Topic: CRS317 - arp doesn't work
Replies: 3
Views: 436

CRS317 - arp doesn't work

I have following config on CRS317: /interface bridge add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] l2mtu=2028 name=ether1-rescue set [ find default-name=sfp-sfpplus1 ] l2mtu=9112 mtu=9000 set [ ...
by lapsio
Thu Jul 26, 2018 10:32 pm
Forum: RouterBOARD hardware
Topic: Affordable 10GBase-T for CRS317? [SOLVED]
Replies: 3
Views: 845

Re: Affordable 10GBase-T for CRS317? [SOLVED]

You should really be using fiber by the time you hit 10gig. /M I know, I'm mostly using DAC cables and LC uplinks because it's used as kind of "top-of-rack" switch interconnecting servers. Unfortunately one server has 10G copper onboard NIC. It'd be a bit of waste not to use it and our firewall wil...
by lapsio
Thu Jul 26, 2018 6:07 pm
Forum: RouterBOARD hardware
Topic: Affordable 10GBase-T for CRS317? [SOLVED]
Replies: 3
Views: 845

Affordable 10GBase-T for CRS317? [SOLVED]

Are there any affordable 10G copper SFP+ modules that should work with CRS317? The only sub 120$ module i could find is MikroTik S+RJ10 but it doesn't support jumbo frames so it doesn't count
by lapsio
Mon Jul 23, 2018 3:11 pm
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2841

Re: S+RJ10 and Jumbo Frames

anything changed in this topic? I'm in urge to get 10G routing with CCR1009 but I'm afraid it won't handle 10G on single connection (single core) without jumbo.
by lapsio
Sat Jul 21, 2018 4:13 pm
Forum: Beginner Basics
Topic: How to set 10G link speed without autonegotiation?
Replies: 2
Views: 546

Re: How to set 10G link speed without autonegotiation?

When I disable auto-negotiation on CCR1009 SFP+ cage I'm getting "no-link" at all. Not even 1G

Edit: Ok i't s because CCR1009 actually properly tries to establish 10G with autonegotiation disabled. Unlike CRS317 and CRS326
by lapsio
Sat Jul 21, 2018 3:50 pm
Forum: Beginner Basics
Topic: How to set 10G link speed without autonegotiation?
Replies: 2
Views: 546

How to set 10G link speed without autonegotiation?

I have CRS317 and CRS326. When auto-negotiation is enabled I'm getting both links to operate at 10G speed no problem. However if I set auto-negotiation to "no" they operate at 1G speed. How do I properly set fixed 10G speed? Here's config of interfaces on both switches and log: 25 RS name="sfp-sfppl...
by lapsio
Thu Jul 19, 2018 11:17 pm
Forum: RouterBOARD hardware
Topic: Are MikroTik 10G DAC cables "standard"? [SOLVED]
Replies: 7
Views: 2048

Re: Are MikroTik 10G DAC cables "standard"? [SOLVED]

Apparently they're not. Luckily I had Mikrotik 1m DAC laying around so I tested it before ordering more cables. It doesn't work. I also tried Mikrotik's SFP+ FC module and it doesn't work either. Card shows following error: 6205964200056624920.jpg I ordered Intel compatible DAC cable. I hope it's go...
by lapsio
Mon Jul 16, 2018 10:56 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming
Replies: 47
Views: 23748

Re: RouterBOARD naming

Why RB750G is not named RB750UG. The same about RB760iGS not being RB760UiGS? This naming scheme looks really inconsistent in practice :/ CRS and CCR naming schemes seem to be much more consistent. Also why those are not x2? They have 2 cores after all...
by lapsio
Sun Jul 15, 2018 6:26 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 639

Re: DST-NAT in bridge breaks forwarding [SOLVED]

Yes, you don't need an IP address but only a route that will direct ARP requests towards the correct interface. Unfortunately it doesn't work. Router already has address in 192.168.10.0/24 network as it's management one. It only doesn't have address in 192.168.4.0/24. NAT makes either 8.8.8.8 -> 19...
by lapsio
Sun Jul 15, 2018 5:07 pm
Forum: RouterBOARD hardware
Topic: CRS317 - any chance for bonding-rr offload?
Replies: 0
Views: 373

CRS317 - any chance for bonding-rr offload?

Is there any chance for bonding-rr to be hardware offloaded on CRS3xx series? Or it's not possible with currently used switch chip?
by lapsio
Sun Jul 15, 2018 5:36 am
Forum: Beginner Basics
Topic: Switching loop - why? [SOLVED]
Replies: 1
Views: 374

Re: Switching loop - why? [SOLVED]

It turns out sometimes VLAN interfaces on CCR1009 randomly don't get up and require disabling and reenabling... ._.
by lapsio
Sun Jul 15, 2018 3:55 am
Forum: Beginner Basics
Topic: Switching loop - why? [SOLVED]
Replies: 1
Views: 374

Switching loop - why? [SOLVED]

I'm quite new to Layer 2 (unfortunately i started from top of OSI and stepped down successively) so I decided to get some grip here. In order to test various more advanced configs I decided to create something like this: susecap607.png ports with dots represent tagged ports, colors represent untagge...
by lapsio
Sat Jul 14, 2018 11:23 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 639

Re: DST-NAT in bridge breaks forwarding [SOLVED]

So yes, as NAT is layer3 operation, box doing it should be part of a layer3 network. I blacklisted in-interface-list with unaddressed bridges from NAT to prevent NATing on unaddressed bridges. But another question is - how about mangle and PBR? Does assigning routing mark also force routing? I wond...
by lapsio
Sat Jul 14, 2018 6:28 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 639

DST-NAT in bridge breaks forwarding [SOLVED]

I have following setup: CRS326 --- CCR1009 --- RB2011 --- internet CCR1009 is bridging one network that spans between CRS326 and RB2011 (which is wifi network). RB2011 is router in this network there's DNS server connected to it. CCR doesn't have an IP address in this network. It just performs bridg...
by lapsio
Thu Jul 12, 2018 9:04 pm
Forum: RouterBOARD hardware
Topic: CRS317 keeps calling "home" (MikroTik cloud) [SOLVED]
Replies: 1
Views: 507

CRS317 keeps calling "home" (MikroTik cloud) [SOLVED]

I disabled MikroTik cloud time-update and ddns however my CRS317 still tries to send packets to UDP 81.198.87.240:15252, triggering alerts on firewall Why. Alerts: 18:04:19 firewall,info ccr: X_X service: in:br-service(vlan10-crs) out:br-service, src-mac cc:2d:e0:58:18:e0, proto UDP, 192.168.10.5:59...
by lapsio
Mon Jul 09, 2018 11:21 am
Forum: RouterBOARD hardware
Topic: MikroTik specification - is throughput "duplex"? [SOLVED]
Replies: 5
Views: 908

Re: MikroTik specification - is throughput "duplex"? [SOLVED]

After more detailed research and discussion we came to conclusion that what Cisco refers to as "bandwidth" is MikroTik's capacity, not throughput. So indeed CRS317 is all ports concurrent full duplex and in order to do so internal bus must handle 320 gbps of data 160 for input and 160 for output. I ...
by lapsio
Sun Jul 08, 2018 11:27 pm
Forum: RouterBOARD hardware
Topic: MikroTik specification - is throughput "duplex"? [SOLVED]
Replies: 5
Views: 908

Re: MikroTik specification - is throughput "duplex"? [SOLVED]

I know it's duplex 10G but it's still not clear to me whether it can actually handle 160 gbps in + 160 gbps out at once (all ports full duplex) or only 8 ports full duplex
by lapsio
Sun Jul 08, 2018 10:45 pm
Forum: RouterBOARD hardware
Topic: MikroTik specification - is throughput "duplex"? [SOLVED]
Replies: 5
Views: 908

MikroTik specification - is throughput "duplex"? [SOLVED]

I've been discussing with friend performance of CRS317. It claims ~160 gbps throughput. I thought it means it can basically handle all ports at 100% speed (16x in + 16x out = 16 streams = 160 gbps). However friend tells me that in order to handle all ports at 100% you need 360 gbps bus throughput be...
by lapsio
Sun Jul 08, 2018 4:22 pm
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 651

Re: CRS326 - why ether1 LED is always lit up?

. Very nice. Creative technology. It has actually legit use cases. As I won't use all ports for now I think I'll write script that will indicate bridge throughput meter the same way you can indicate wifi signal strength. Or CPU usage. Or some ping monitor that will indicate with leds if certain hos...
by lapsio
Sun Jul 08, 2018 1:25 am
Forum: RouterBOARD hardware
Topic: CRS317 /system health fans?
Replies: 0
Views: 359

CRS317 /system health fans?

Do those settings in /system health do anything? There's several fan related parameters hinted when trying to set some value but they don't seem to be functional.
by lapsio
Sat Jul 07, 2018 9:12 pm
Forum: General
Topic: Multiple connection-marks
Replies: 8
Views: 1894

Re: Multiple connection-marks

What kind of input to the generating script would you expect? It is a matter of two hours to write such script, but you'd spend the remaining 46 hours debugging it :-D What do you mean by doing the same for QoS queues - to create an own copy of the queue tree for each WAN? What if the WANs have dif...
by lapsio
Sat Jul 07, 2018 8:06 pm
Forum: General
Topic: Multiple connection-marks
Replies: 8
Views: 1894

Re: Multiple connection-marks

Hmm I wonder if it'd be possible to template it. I mean to create marks for QoS, marks for routing and make script that will duplicate given chain M times and will compute and replace new marks for each routing mark. And do the same for QoS queues. I know it would be just nobody has time to write su...
by lapsio
Sat Jul 07, 2018 5:02 pm
Forum: General
Topic: Multiple connection-marks
Replies: 8
Views: 1894

Re: Multiple connection-marks

Sorry for bump but is it possible now in different way? Routing marks are not stateful (unlike connection marks) so when you're overwriting them you either loose PBR info or QoS info for related packets. Is there any other way to acieve stateful routing-mark criteria AND stateful QoS criteria at the...
by lapsio
Fri Jul 06, 2018 12:19 am
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 651

Re: CRS326 - why ether1 LED is always lit up?

When I realized all LEDs are configurable I almost cried.
P_20180705_231351.gif
Never change MikroTik. Never change xD
by lapsio
Thu Jul 05, 2018 11:50 pm
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 651

Re: CRS326 - why ether1 LED is always lit up?

nvm for some reason it had set ether1 led indicator to bridge1 state. I think it was screwed up by update script to 6.41
by lapsio
Thu Jul 05, 2018 11:45 pm
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 651

CRS326 - why ether1 LED is always lit up?

I have CRS326 and the only connected interface is SFP+2. However ether1 LED seems to copy SFP+ LED state and blinks when there's traffic going through SFP+2. I'm a bit confused. When ether1 was master-port it somewhat made sense but now when there's no longer master port it's a bit... odd.
by lapsio
Wed Jul 04, 2018 11:56 am
Forum: RouterBOARD hardware
Topic: CRS326 - safe temperatures?
Replies: 2
Views: 673

Re: CRS326 - safe temperatures?

lapsio what are your ambient temperatures? In room probably around 26-ish or something. It's jsut normal room and it's summer so... Worse case is temperature inside this desk shelf which i'd say is something around 32-36? maybe. I'm not sure but it feels similar to temperature in workstation chassi...
by lapsio
Wed Jul 04, 2018 12:49 am
Forum: RouterBOARD hardware
Topic: CRS326 - safe temperatures?
Replies: 2
Views: 673

CRS326 - safe temperatures?

Hello, today my CRS326 and CRS317 arrived and I'm a bit concerned about operation temperatures. CRS317 has spinning fan and it deals with temperature quite fine sitting at 42-46 deg on idle but CRS326 seems to struggle with temperatures, idling at 76 deg. When I checked against my CCR1009-PC it does...
by lapsio
Fri Jun 29, 2018 3:36 am
Forum: General
Topic: CRS3xx - Inter VLAN switching?
Replies: 3
Views: 435

Re: CRS3xx - Inter VLAN switching?

I tried 'naive' way of switch rules aka force the same dst-port as source port without vlans and it didn't work (switch didn't reply to the same port) but hm... I didn't try to do that with MAC vlans enabled. That could possibly work. I'll try. Though MAC vlans itself are accomplished using switch r...
by lapsio
Fri Jun 29, 2018 1:58 am
Forum: General
Topic: CRS3xx - Inter VLAN switching?
Replies: 3
Views: 435

CRS3xx - Inter VLAN switching?

Is it possible to perform inter VLAN switching/bridging (wire speed) on single port with CRS3xx switches? I'm asking specifically about single port config because in such case simple VLAN stripping won't do the job as switch doesn't send packets back to the same port if it's not in separate VLAN (Mi...
by lapsio
Thu Jun 28, 2018 3:46 pm
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2841

Re: S+RJ10 and Jumbo Frames

According to Mikrotik support the S+RJ10 modules 'currently' do NOT Support Jumbo Frames. However, i did not get any answer if this as firmware/software limitation and might change in the future or if this a permanent hardware limitation. Can you even hypothetically upgrade SFP module firmware?... ...
by lapsio
Mon Jun 18, 2018 7:41 am
Forum: RouterBOARD hardware
Topic: Mikrotik RJ-45 Serial to APC RS232
Replies: 1
Views: 348

Re: Mikrotik RJ-45 Serial to APC RS232

No afaik. But ROS support for UPSes is quite limited so I don't think it'd make much sense anyways.
by lapsio
Mon Jun 18, 2018 7:39 am
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2841

Re: S+RJ10 and Jumbo Frames

Oh god, good to know I almost bought it for NAS connection where 9k jumbo is mandatory.
by lapsio
Mon Jun 18, 2018 7:29 am
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN refresh any soon?
Replies: 1
Views: 527

RB2011UiAS-2HnD-IN refresh any soon?

You did some refreshes/reeditions to some of your older products (slightly faster cpu, slightly more ram, newer wifi chip etc). Yet I see RB2011 still stays the same with 600mhz single core MIPS. It's starting to lag behind eg. hEX lineup while hEX is not really the same league. Especially RB2011UiA...
by lapsio
Wed Jun 06, 2018 4:25 pm
Forum: RouterBOARD hardware
Topic: Are MikroTik 10G DAC cables "standard"? [SOLVED]
Replies: 7
Views: 2048

Re: Are MikroTik 10G DAC cables "standard"? [SOLVED]

Hi, according to my experience at 10Gbps DAC, some cables are standard by brand, if you want to connect the mikrotik with an Intel PC, it will probably work; if you're trying to connect different mikrotiks using that DAC the it will definitely work, however if your idea is to connect to a different...
by lapsio
Wed Jun 06, 2018 1:51 am
Forum: General
Topic: MikroTik switch/bridge hair-pinning (reflective relay) support
Replies: 1
Views: 443

Re: MikroTik switch/bridge hair-pinning support

So... no, apparently it does not work in straightforward way. However on RouterOS it can be achieved by adding vlans in VMs and then bridging those vlans in ROS. I doubt it's possible on switches at wire speed though.
by lapsio
Tue Jun 05, 2018 11:48 pm
Forum: Beginner Basics
Topic: Invalid value for argument src-mac-address [SOLVED]
Replies: 1
Views: 631

Re: Invalid value for argument src-mac-address [SOLVED]

Oh it requires mask. And MAC mask is in weird format the same as mac, not short one. So eg:
5d:ad:43:b3:44:24/ff:ff:ff:ff:ff:ff
by lapsio
Tue Jun 05, 2018 9:42 pm
Forum: Beginner Basics
Topic: Invalid value for argument src-mac-address [SOLVED]
Replies: 1
Views: 631

Invalid value for argument src-mac-address [SOLVED]

I'm trying to create mac based vlan, however following command: /interface ethernet switch rule add switch=switch1 src-mac-address="62:8C:69:AA:5D:7C" new-vlan-id=1500 gives me error: Invalud value for argument src-mac-address. I also tried: /interface ethernet switch rule add switch=switch1 src-mac...
by lapsio
Tue Jun 05, 2018 4:41 pm
Forum: RouterBOARD hardware
Topic: Are MikroTik 10G DAC cables "standard"? [SOLVED]
Replies: 7
Views: 2048

Are MikroTik 10G DAC cables "standard"? [SOLVED]

Are DAC cables standarized across manufacturers just like optical connection standards or RJ45? I mean - is it possible to use MikroTik DAC cable to connect MikroTik device to lets say server with Intel X710 10G network card or other 10G SFP+ devices? Or do I need to get regular SFP+ modules? I'm mo...
by lapsio
Tue Jun 05, 2018 11:20 am
Forum: RouterBOARD hardware
Topic: CRS317 vertical operation? [SOLVED]
Replies: 3
Views: 609

Re: CRS317 vertical operation? [SOLVED]

There are heat pipes inside the case to transfer heat to external radiator. There is no fan on radiator and radiator ribs are designed for horizontal use of the case. You can use it vertically but it needs temp monitoring and perhaps some additional fan for external cooling. I had problems with lap...
by lapsio
Mon Jun 04, 2018 10:24 am
Forum: General
Topic: MikroTik switch/bridge hair-pinning (reflective relay) support
Replies: 1
Views: 443

MikroTik switch/bridge hair-pinning (reflective relay) support

I'm reading about VEPA virtualization and articles say that it requires hair pinning support on switch (sending packet back to the same interface). I honestly thought it's standard behavior of pretty much any switch but those articles confused me a bit. Do RouterOS or MikroTik switches work in such ...
by lapsio
Tue May 15, 2018 4:44 am
Forum: RouterBOARD hardware
Topic: CRS317 vertical operation? [SOLVED]
Replies: 3
Views: 609

CRS317 vertical operation? [SOLVED]

Does vertical placement of CRS317 affect device cooling solution in negative way? As in is this semi-passive heatsink optimized for horizontal operation or it shouldn't matter?
by lapsio
Fri Apr 27, 2018 11:38 pm
Forum: General
Topic: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?
Replies: 15
Views: 2530

Re: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?

hEX has hardware switch so in this case vlan settings in /interface bridge are supported by wire-speed switch chip. My question was regarding routers that DO NOT have hardware switch (like CCR series for example) and still have this option. Then it looks redundant to me a bit. Sounds like doing stuf...
by lapsio
Mon Apr 23, 2018 12:01 am
Forum: Wireless Networking
Topic: "Management frame protection" - 802.11w compatibility
Replies: 10
Views: 3481

Re: "Management frame protection" - 802.11w compatibility

No, really. It seriously stinks that it's not supported yet. I'm going to keep deauth myself for next 2 months and complain that my RB2011 wifi doesn't work as manifest.
by lapsio
Tue Mar 27, 2018 5:38 pm
Forum: RouterBOARD hardware
Topic: Routers with switch chip / CRS - switch downtime during reboot cycle?
Replies: 0
Views: 345

Routers with switch chip / CRS - switch downtime during reboot cycle?

Hello. I wonder - in context of RouterOS / SwOS reboot cycle - what is inactivity period of switch device? I'm not really talking about time in seconds but more about events, as in - does switch chip require full OS to be booted up or is switch active already during OS boot procedure, or power suppl...
by lapsio
Mon Mar 26, 2018 10:42 pm
Forum: Wireless Networking
Topic: MikroTik devices allowing 2 or more wifi radios?
Replies: 2
Views: 374

MikroTik devices allowing 2 or more wifi radios?

Which MikroTik devices (other than barebone Routerboards) allow multi 2.4Ghz radios (buying miniPCIe cards is acceptable requirement of course)?
by lapsio
Fri Mar 09, 2018 1:35 am
Forum: General
Topic: Multi-network with MikroTik OpenVPN?
Replies: 0
Views: 270

Multi-network with MikroTik OpenVPN?

Are there known some viable solutions for creating multi-network OpenVPN server on MikroTik? I mean that various clients are effectively put into various networks. I know that in "standard" case all clients are put into single bridge but maybe it's possible to figure out something with VLANs assigne...
by lapsio
Wed Mar 07, 2018 9:37 pm
Forum: Beginner Basics
Topic: Difference between /interface bridge filter and /ip filter?
Replies: 4
Views: 2430

Re: Difference between /interface bridge filter and /ip filter?

Stateful wirespeed hardware firewall in switch chip? Are you sure? If you need such functionality, only software running on really powerful hardware can provide that. Or you have to lower your requirements... I was afraid of that. Welp. Seems I'll need to continue using CCRs as op software bridges ...
by lapsio
Wed Mar 07, 2018 8:46 pm
Forum: Beginner Basics
Topic: Difference between /interface bridge filter and /ip filter?
Replies: 4
Views: 2430

Re: Difference between /interface bridge filter and /ip filter?

Does MikroTik allow hardware ACLs? Because performance of ROS firewall is okay for internet/DMZ traffic but for LAN it's not really there yet. I mean yeah sure I actually use CCR1009 and use it as bridge with firewall to handle multi gigabit firewall but it sounds like terrible misuse of device. So ...
by lapsio
Tue Mar 06, 2018 11:44 pm
Forum: Beginner Basics
Topic: Difference between /interface bridge filter and /ip filter?
Replies: 4
Views: 2430

Difference between /interface bridge filter and /ip filter?

What is difference between /interface bridge filter and /ip firewall filter with ip firewall enabled in bridge settings? I mean more technically - is bridge filter hardware accelerated or something? I'm currently using /ip firewall filter for all filtering including L3 filtering between individual b...
by lapsio
Thu Feb 22, 2018 11:38 pm
Forum: RouterBOARD hardware
Topic: CCR1009 CPU bottlenecking without jumbo frames [SOLVED]
Replies: 2
Views: 555

Re: CCR1009 CPU bottlenecking without jumbo frames [SOLVED]

False alarm - I forgot CPU has been downclocked to 400Mhz because performance used to be sufficient anyways...
by lapsio
Thu Feb 22, 2018 11:14 pm
Forum: RouterBOARD hardware
Topic: CCR1009 CPU bottlenecking without jumbo frames [SOLVED]
Replies: 2
Views: 555

CCR1009 CPU bottlenecking without jumbo frames [SOLVED]

Hello. I just noticed that CCR1009 seems to bottleneck on CPU when sending data between 2 servers where one has MTU 9000 and another has 1500. It bottlenecks on single core (all cores are 0 except 1 that is 100%) and transfer is capped at around 23 MB/s. After setting MTU to 9000 on both sides load ...
by lapsio
Mon Jan 29, 2018 5:06 pm
Forum: General
Topic: ADD DYNAMIC VLAN ASSIGNMENT.
Replies: 37
Views: 16200

Re: ADD DYNAMIC VLAN ASSIGNMENT.

Is ethernet dvlan implemented already or not yet?
by lapsio
Sun Jan 28, 2018 9:35 pm
Forum: General
Topic: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?
Replies: 15
Views: 2530

Re: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?

But of course we don't want any reduced functionality or bugs that are caused by the change :-) Well one thing I can tell for sure is that this "standard-compliant" handling of vlans in all common enterprise switches is reason why we had to use MikroTik routers and switches instead of Cisco ones in...
by lapsio
Sun Jan 28, 2018 6:45 pm
Forum: General
Topic: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?
Replies: 15
Views: 2530

VLAN aware bridges in 6.41 - difference between bridging /interface vlan?

Hi. What is functional difference between using /interface bridge vlan confing comparing to just creating /interface vlan on several interfaces and then bridging vlan interfaces? Also - is this new /interface bridge vlan menu replacement of old /interface ethernet switch vlan menu? (I can't check be...
by lapsio
Tue Jan 23, 2018 1:44 am
Forum: RouterBOARD hardware
Topic: Latency of CRS326/CSS326
Replies: 0
Views: 352

Latency of CRS326/CSS326

What is average transport latency of those MikroTik switches? I mean what is level of magnitude - miliseconds, microseconds, nanoseconds? With jumbo frames 9k lets say but it doesn't really matter to me if stats are known for other frame size. Are CRS226 slower/faster in this comparison?
by lapsio
Sun Dec 31, 2017 2:00 am
Forum: General
Topic: Apcupsd support?
Replies: 1
Views: 342

Apcupsd support?

Does MikroTik support connecting to remote UPS monitoring server using apcupsd? To eg. shutdown properly on low battery.
by lapsio
Sat Dec 09, 2017 4:47 am
Forum: RouterBOARD hardware
Topic: hEX nand size ONLY 16MB !!!!
Replies: 61
Views: 16730

Re: hEX nand size ONLY 16MB !!!!

Also I think there should be a desktop version of the RB3011, like the RB2011 desktop case. Agreed. There have been rumors that it's been actually planned but didn't come out due to insufficient resources availability. I'd totally get something like that tho :( Maybe at least offer standalone deskt...
by lapsio
Fri Dec 01, 2017 7:06 pm
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29307

Re: Why people pair UBNT APs with MikroTik routers?

My 2 cents... For some reason, i found that UBNT devices do a better job at bridging. So that makes it for me, 2 ubnt devices for link, Mtik Routers at the endpoints. How? You mean performance wise? Recently ROS moved to hw accelerated bridging from switch master port. Also there's fastpath and fas...
by lapsio
Fri Dec 01, 2017 7:02 pm
Forum: General
Topic: "New" default firewall config in ROS - why ipsec is default allowed?
Replies: 4
Views: 1762

Re: "New" default firewall config in ROS - why ipsec is default allowed?

Ipsec is accepted by RFC 6092 recommendations: ... Untracked was added also in relation to IPSec, in case when ipsec generates RAW rules automatically. ... Ok sounds legit for ipv4. However ipv6 variant allows to pass arbitrary traffic through ports 500 and 4500 even if there's no IPSec enabled on ...
by lapsio
Mon Nov 27, 2017 1:14 pm
Forum: General
Topic: "New" default firewall config in ROS - why ipsec is default allowed?
Replies: 4
Views: 1762

Re: "New" default firewall config in ROS - why ipsec is default allowed?

It's RB750G. Probably not updated since it arrived. Today I took it from our closet full of mikrotik devices because we sent like two dozens of RB950's to our clients for PoC installations and we simply ran out of "new" RBs so I had to resurrect some ancient junk. It had ROS v5 I don't remember whic...
by lapsio
Mon Nov 27, 2017 11:54 am
Forum: General
Topic: "New" default firewall config in ROS - why ipsec is default allowed?
Replies: 4
Views: 1762

"New" default firewall config in ROS - why ipsec is default allowed?

It might be a bit outdated question but for sure not too much as interface lists are still relatively new feature... anyways: Why new default ROS firewall config accepts by default ipsec wat??? it makes me feel really uncomfortable... And why default accept untracked connections - is there some tech...
by lapsio
Tue Nov 07, 2017 2:18 am
Forum: General
Topic: NATing entire subnet to bridge colliding address spaces
Replies: 1
Views: 223

NATing entire subnet to bridge colliding address spaces

I have 2 sites with own infrastructures. I'd like to connect them using VPN however unfortunately networks semantically the same (ones that should be bridged) have different address spaces so for example: site1---site2 192.168.2.0/24---172.16.14.0/24 192.168.4.0/24---172.30.130.0/24 192.168.3.0/24--...
by lapsio
Sat Oct 28, 2017 1:44 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29307

Re: Why people pair UBNT APs with MikroTik routers?

Recently few quite exotic client infrastructures and issues had led me to conclusion that any network device that doesn't allow running scripts (without additional Linux box) is usually realistically useless... I was also really surprised by fact that ROS ability to run user scripts on events/schedu...
by lapsio
Sun Oct 22, 2017 1:06 am
Forum: General
Topic: ROS firewall - DNS-ip corelarion enrichment?
Replies: 0
Views: 378

ROS firewall - DNS-ip corelarion enrichment?

Is there any "normal" way to corelate IP in ROS logs with DNS server running on ROS? I mean - I have firewall set up on ROS and DNS server. Is it possible for ROS to resolve IP to DNS using recent DNS queries?
by lapsio
Mon Oct 09, 2017 7:35 pm
Forum: Wireless Networking
Topic: What is connect-list and why do I need it?
Replies: 1
Views: 1064

What is connect-list and why do I need it?

Hello. I'm using MikroTik for many years and for the first time I got messages in logs like: sep/01 01:17:54 wireless,debug PiPi: wlan1: C2:9F:DB:8F:B5:20 failed to join recently sep/01 01:17:54 wireless,debug PiPi: wlan1: no network that satisfies connect-list, by default choose with strongest sign...
by lapsio
Sun Oct 08, 2017 10:30 pm
Forum: General
Topic: ROS ovpn-client doesn't verify server certificate.
Replies: 7
Views: 1329

Re: How ROS ovpn-client verifies server?

I tested it multiple times in various combinations and ovpn-client doesn't verify server certificate allowing trivial MIM attack and sniffing in networks with SSL decryptor proxy. I classify it as serious vulnerability making ovpn-client useless feature silently compromising security of network.
by lapsio
Fri Oct 06, 2017 3:44 pm
Forum: General
Topic: ROS ovpn-client doesn't verify server certificate.
Replies: 7
Views: 1329

Re: How ROS ovpn-client verifies server?

In order to see if it works I imported invalid certificate (of CA generated on other mikrotik, not one hosting ovpn) but ovpn-client still connects without any problem [lapsio@CHRgw] > /certificate print detail Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, ...
by lapsio
Fri Oct 06, 2017 1:53 am
Forum: General
Topic: ROS ovpn-client doesn't verify server certificate.
Replies: 7
Views: 1329

ROS ovpn-client doesn't verify server certificate.

I noticed that ovpn-client doesn't take server CA certificate as argument. How does ROS verify server then (if at all)
by lapsio
Wed Oct 04, 2017 7:47 pm
Forum: Wireless Networking
Topic: PEAP-MSCHAPv2
Replies: 46
Views: 7695

Re: PEAP-MSCHAPv2

Wait I was just trying to connect for an hour to realize that I had to type my username as supplicant-identity. What is difference between mschapv2-username and supplicant-identity? Linux systems (and Android) shows identity and anonymous identity or username and anonymous identity. Why those names ...
by lapsio
Fri Sep 29, 2017 4:20 pm
Forum: Wireless Networking
Topic: vwlan with CAPsMAN?
Replies: 1
Views: 286

Re: vwlan with CAPsMAN?

Okay I guess I figured it out - I need to add vwlans on CAPsMAN by adding more CAP interfaces on CAPsMAN with master interface set to original physical radio cap interface of CAP device. It'll create automatically vwlan interfaces on CAP device.
by lapsio
Fri Sep 29, 2017 3:49 pm
Forum: Wireless Networking
Topic: vwlan with CAPsMAN?
Replies: 1
Views: 286

vwlan with CAPsMAN?

Hello I'm testing what CAPsMAN is capable of and I really like fact that interfaces just appear on CAPsMAN device as "local" interfaces, but when I'm adding virtual wlans on CAP device it disconnects from CAPsMAN. I'm a bit confused - is there some other way of configuring multiple vwlan per radio w...
by lapsio
Thu Sep 28, 2017 12:31 pm
Forum: RouterBOARD hardware
Topic: How to use smart card slot in CCR?
Replies: 3
Views: 1954

Re: How to use smart card slot in CCR?

Okay so it seems this card is GlobalPlatform 2.1.1 Java Card (as mentioned in that old thread). I can order them as it looks quite affordable and easily available. I can get that even providing minimal volume is 20. http://www.cs-adams.pl/karta-hybrydowa-csa.html So assuming I have one, just unboxed...
by lapsio
Thu Sep 28, 2017 12:02 pm
Forum: RouterBOARD hardware
Topic: How to use smart card slot in CCR?
Replies: 3
Views: 1954

Re: How to use smart card slot in CCR?

I know I didn't want to necro bump topic without answer
by lapsio
Thu Sep 28, 2017 11:37 am
Forum: RouterBOARD hardware
Topic: How to use smart card slot in CCR?
Replies: 3
Views: 1954

How to use smart card slot in CCR?

How can I use Smart Card slot in CCR? As in how do i generate keys on such card and what card do I need (where to get such card)
by lapsio
Tue Sep 26, 2017 11:06 am
Forum: RouterBOARD hardware
Topic: Woobm-USB How Much Can It Do?
Replies: 31
Views: 4414

Re: Woobm-USB How Much Can It Do?

yes, RouterOS has supported USB-Serial adapters for quite some time.
What other kinds of usb devices does it support? >.>
by lapsio
Mon Sep 25, 2017 1:52 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM MPLS Support
Replies: 53
Views: 13989

Re: CRS317-1G-16S+RM MPLS Support

I´m dreaming of "Ethernet Over IP" (EoIP) with hardware acceleration on CRS317, .i.e. 10Gbit/s EoIP tunnels for Vmware VMotion (layer 2 interconnect). Would this be possible with the CRS317?
+1

But I doubt that it's ethernet over IP and IP is pretty much router stuff.
by lapsio
Mon Sep 25, 2017 12:54 pm
Forum: General
Topic: ROS anti-spoofing mechanics on routers/switches
Replies: 0
Views: 359

ROS anti-spoofing mechanics on routers/switches

Hello. Today I blew up lab network by accidentally assigning network address (172.30.130.30/24) to loopback device on one Linux machine. Linux responds to any address inside loopback assigned network so I ended up with machine that performed mass ip-spoofing and hijacked all IPs from entire network,...
by lapsio
Tue Sep 19, 2017 2:41 pm
Forum: RouterBOARD hardware
Topic: Mikrotik USB Port with WiFi USB Dongle
Replies: 13
Views: 17318

Re: Mikrotik USB Port with WiFi USB Dongle

Don't bother, it will not work no matter what anyone tell.
How about... forwarding USB to metarouter with openwrt? Then bridging it with virtual ethernet and using in host ROS? >.>
<determination intensifies> xD
by lapsio
Mon Sep 18, 2017 7:25 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM MPLS Support
Replies: 53
Views: 13989

Re: CRS317-1G-16S+RM MPLS Support

So .. I got landed with a batch of 3 of these .... and so far, VLans can't be configured in RouterOS/Winbox at all. Nevermind MPLS etc. Looks like the hardware hit the market before the software was ready. /M Welp... I guess you can say then that you use the only unmanaged full 10G switch in the ma...
by lapsio
Mon Sep 18, 2017 1:07 am
Forum: RouterBOARD hardware
Topic: hEX nand size ONLY 16MB !!!!
Replies: 61
Views: 16730

Re: hEX nand size ONLY 16MB !!!!

@jowos @netflow - hEX is multicore device - it wouldn't run metarouter anyways just like CCR don't. But I also don't like 16m storage. In fact - it's not really about storage bc idgaf but about storage expansion options - precisely why most devices don't have card slot and more importantly - why the...
by lapsio
Mon Sep 18, 2017 12:55 am
Forum: RouterBOARD hardware
Topic: Woobm-USB How Much Can It Do?
Replies: 31
Views: 4414

Re: Woobm-USB How Much Can It Do?

Yeah I'd also like to ask about this product. What it even is? Is it like routerboard with ROS powered via usb or is it more like just wifi card compatible with ROS devices with usb. Does ROS support other usb wifi cards as well? What Woobm really does and how ROS sees it. Can I use it as second wif...
by lapsio
Wed Sep 13, 2017 4:53 pm
Forum: Forwarding Protocols
Topic: ovpn client - routing loop problem
Replies: 0
Views: 379

ovpn client - routing loop problem

Hello. I'm using MikroTik CHR router as gateway for my VMs (physical interface forwarded to VM). Also for additional security and privacy it's using VPN client to connect to VPN server in my home. The problem is that when I actually AM at home it doesn't work properly for some reason. I think it's r...
by lapsio
Fri Sep 08, 2017 12:29 am
Forum: RouterBOARD hardware
Topic: Are routerboard products having silent hardware revisions?
Replies: 4
Views: 1418

Re: Are routerboard products having silent hardware revisions?

No I'm serious xD. I even found some old website that says it's 400mhz. So that I wonder what was previous cpu in this thing (if my theory is correct). Original mAP is quite old router, significantly older than hAP, hAP lite, mAP lite, hAP ac etc.
by lapsio
Thu Sep 07, 2017 11:35 pm
Forum: RouterBOARD hardware
Topic: Are routerboard products having silent hardware revisions?
Replies: 4
Views: 1418

Are routerboard products having silent hardware revisions?

Maybe my memory is a bit flawed but did this guy:

https://mikrotik.com/product/RBmAP2nD

always have 650 mhz cpu since the very first day it came out?
by lapsio
Sun Sep 03, 2017 11:44 pm
Forum: General
Topic: OpenVPN Server error: TLS failed
Replies: 43
Views: 76294

Re: OpenVPN Server error: TLS failed

Sorry for necro bumping but this issue seems to be still relevant. I'm getting TLS failed when require-certificate is set to "on". Without it openvpn works fine. I followed this tutorial: https://www.medo64.com/2016/12/simple-openvpn-server-on-mikrotik/ And additionally set certifiacates to trusted ...
by lapsio
Fri Sep 01, 2017 12:32 am
Forum: Scripting
Topic: mAP lite - easy physical script toggle?
Replies: 3
Views: 1089

Re: mAP lite - easy physical script toggle?

It turns out mikrotik is not ready after boot. Even after those 3 seconds. Waiting a bit more and doing everything really slowly makes scripts work properly. In case someone would be interested here are full scripts: [lapsio@PiPi] /system script> print without-paging Flags: I - invalid 0 name="modet...
by lapsio
Thu Aug 31, 2017 10:46 pm
Forum: Scripting
Topic: mAP lite - easy physical script toggle?
Replies: 3
Views: 1089

Re: mAP lite - easy physical script toggle?

I ran into an issue. Many issues: 1. [lapsio@PiPi] > /system routerboard mode-button set enabled=yes on-event=autorun Error, please generate supout file blah blah blah So i upgraded to release-candidate. Now it doesn't say anything. But I can't really print value and it doesn't seem to work [lapsio@...
by lapsio
Tue Aug 29, 2017 5:09 pm
Forum: Scripting
Topic: mAP lite - easy physical script toggle?
Replies: 3
Views: 1089

mAP lite - easy physical script toggle?

Hi I'm using mAP lite as my pocket swiss-knife ap / station for rackmount servers configuration when i need to connect them to dirty line or simply as ap on the go if there's no wifi in around. I made quite streamlined config scheme and script that is simple on/off toggle for station / ap mode (more...
by lapsio
Wed Aug 09, 2017 8:21 pm
Forum: RouterBOARD hardware
Topic: New product : HAP Mini (RB931-2ND)
Replies: 15
Views: 7885

Re: New product : HAP Mini (RB931-2ND)

Hello! So this MikroTik hAP mini can be used as a normal WIFI router right ? like Tp-LINK. And don't need to buy antennas or something else. Yes. It's preconfigured out of box this way. But you can use it for whatever you want. It uses internal antenna. Also comparing it to some consumer TP-Link is...
by lapsio
Wed Aug 02, 2017 12:41 pm
Forum: RouterBOARD hardware
Topic: Removing water residue
Replies: 6
Views: 698

Re: Removing water residue

Welp. I cleaned it but no luck so I gave up. Oh well at least I have some spare capacitors now xD
by lapsio
Mon Jul 31, 2017 11:39 am
Forum: RouterBOARD hardware
Topic: Removing water residue
Replies: 6
Views: 698

Re: Removing water residue

There are PCB specific cleaning sprays with rust and damp proof/removal effect, most come with a cleaning brush attachment to ease application (be gentle rubbing!).
You mean something like DeoxIT? I'm not sure how to google for such product.
by lapsio
Mon Jul 31, 2017 11:34 am
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM MPLS Support
Replies: 53
Views: 13989

Re: CRS317-1G-16S+RM MPLS Support

The system runs silently, but there are two fans for situations where ambient temperature gets close to maximum. They will run automatically and only when it gets too hot. Very nice! Would love if this mechanic could be added to the other CSS/CRS RM models as well. I agree it's incredibly awesome f...
by lapsio
Mon Jul 31, 2017 11:16 am
Forum: RouterBOARD hardware
Topic: Removing water residue
Replies: 6
Views: 698

Removing water residue

Hi. My friend asked me "to check if his router is dead". After disassembling it turned out that router has been watered at some point so badly that there's water residue all over the board. Unfortunately router has been connected to power and only power LED was active all the time. It's quite clear ...
by lapsio
Tue Jul 18, 2017 10:07 am
Forum: RouterBOARD hardware
Topic: CRS317 - any fresh info about that buddy?
Replies: 8
Views: 1312

Re: CRS317 - any fresh info about that buddy?

Oh god it's like few days in the market and It's already out of stock in case of many distributors xDDDD. I feel it'll be another CCR1009 in desktop chassis for which I had to wait 6 months to be available xD
by lapsio
Tue Jul 18, 2017 12:33 am
Forum: General
Topic: Any advantages of stateless firewall on RouterOS?
Replies: 4
Views: 808

Re: Any advantages of stateless firewall on RouterOS?

What do you mean by "pereformance hit" - memory, cpu or both? Also how serious it is? Device used here is RB951 so quite weak device considering it's handling monitoring traffic and parking lot hotspot I'd need to perform some tests to give more detailed info but roughly what's the performance impac...
by lapsio
Mon Jul 17, 2017 11:44 am
Forum: General
Topic: Any advantages of stateless firewall on RouterOS?
Replies: 4
Views: 808

Any advantages of stateless firewall on RouterOS?

I've noticed several times already that people configure RouterOS firewall in stateless fashion on production. Is there any actual reason not to use conntrack/fasttrack in more security critical installations? Because I have opportunity to "fix" terribly illegible and messed up mtk config backing mo...
by lapsio
Mon Jul 10, 2017 9:06 pm
Forum: Beginner Basics
Topic: Site-to-site VPN through NAT and firewall on one side
Replies: 1
Views: 523

Site-to-site VPN through NAT and firewall on one side

Hi, I need to connect remote lab network to primary lab network over VPN using VM installed in primary network. I have full control over remote lab however primary lab network is part of huge corporate infrastructure and port forwarding is not an option as It'd require a lot of changes. So network s...
by lapsio
Thu Jun 29, 2017 11:38 pm
Forum: Virtualization
Topic: Connecting to CHR over virtual serial port
Replies: 2
Views: 794

Re: Connecting to CHR over virtual serial port

Oooohh... so those 8 "linux" terms are not serial consoles... I can't believe I didn't realize that it's normal TTY, not STTY after more than decade in linux environments... I always used ROS on routerboards which never had VGA so somehow I assumed those are all unallocated serial ports, my bad. Tha...
by lapsio
Thu Jun 29, 2017 5:18 am
Forum: Virtualization
Topic: Connecting to CHR over virtual serial port
Replies: 2
Views: 794

Connecting to CHR over virtual serial port

I'm trying to connect to ROS in VirtualBox VM over serial port but it doesn't really seem to work. Did anyone manage to create such setup? When I'm connecting to ROS over certain serial it doesn't respond with anything even though /system console is enabled on all ports. I tried both host to guest a...
by lapsio
Fri Jun 16, 2017 6:16 pm
Forum: RouterBOARD hardware
Topic: Where did CRS226-24G-2S+RM disappear ?
Replies: 10
Views: 1905

Re: Where did CRS226-24G-2S+RM disappear ?

Besides - why 16mb flash? I mean it's understandable in those 19.99 routers like hAP lite,mini,mAP etc. But why CRS326? Why hEX, why PowerBox or OmniTik. Why all new devices that are not RB2011/RB3011/RB1100/CCR have 16mb flash? Is cost reduction really THAT high? You could at least give microSD slo...
by lapsio
Fri Jun 16, 2017 6:10 pm
Forum: RouterBOARD hardware
Topic: Where did CRS226-24G-2S+RM disappear ?
Replies: 10
Views: 1905

Re: Where did CRS226-24G-2S+RM disappear ?

It is still white, Lapsio, don't worry :)
Now I'm 100% convinced to get one
by lapsio
Thu Jun 15, 2017 3:50 am
Forum: RouterBOARD hardware
Topic: Powerful Wave 2 routers - when to expect?
Replies: 2
Views: 850

Re: Powerful Wave 2 routers - when to expect?

Look at when MTK introduced ac routers comparing to when this technology had hit the market.

So hold your horses cuz you're probably about to wait a while...
by lapsio
Thu Jun 15, 2017 3:33 am
Forum: RouterBOARD hardware
Topic: Where did CRS226-24G-2S+RM disappear ?
Replies: 10
Views: 1905

Re: Where did CRS226-24G-2S+RM disappear ?

But CRS326: Doesn't have LCD Has only 16 mb storage (my experience with hAP lite tells me that sometimes it's too few to even store few previous configuration versions and some scripts, and ROS behavior when you're out of storage is HIGHLY ambiguos. I got something like "unknown error") Higher power...
by lapsio
Wed Jun 07, 2017 12:41 am
Forum: RouterBOARD hardware
Topic: CRS317 - any fresh info about that buddy?
Replies: 8
Views: 1312

CRS317 - any fresh info about that buddy?

It's been a while since last time I heard any news about CRS317. Is there some new info? About expected release dates or something else interesting? Some pricing info, some photos, anything? Iirc it was announced for Q2 and it's June alreadys sooo... As long as you don't count from 0 it should be ou...
by lapsio
Mon Apr 03, 2017 2:03 am
Forum: SwOS
Topic: SwOS vs RouterOS considering switch-only functionality
Replies: 3
Views: 2002

SwOS vs RouterOS considering switch-only functionality

I have a question. Considering "refresh" of SwOS and that it's going to be available on this new hardcore 160 gbps switch - is it going to be new "flagship" OS for switch functionality? I mean - if I'm going to get CRS with RouterOS is it going to provide all functions available on CSS with SwOS, or...
by lapsio
Tue Mar 28, 2017 11:19 pm
Forum: Beginner Basics
Topic: DHCP assigns the same address to multiple machines
Replies: 1
Views: 380

Re: DHCP assigns the same address to multiple machines

Linux by default uses UUID as Client-ID for dhcp. Those were 2 cloned VMs with the same UUIDs. Changing Client-ID source to mac solved the issue. Just in case anyone has similar issue - options are: change UUID set unique MAC and set Client-ID source to MAC ([DHCP] ClientIdentifier=mac with systemd)...
by lapsio
Tue Mar 28, 2017 10:29 pm
Forum: Beginner Basics
Topic: DHCP assigns the same address to multiple machines
Replies: 1
Views: 380

DHCP assigns the same address to multiple machines

Hello. I've set up network and ROS offers the same address to 2 machines connected. Here's debug log: 19:19:42 dhcp,debug,packet dhcp-net1 received discover with id 1914728561 from 0.0.0.0 19:19:42 dhcp,debug,packet secs = 1 19:19:42 dhcp,debug,packet ciaddr = 0.0.0.0 19:19:42 dhcp,debug,packet chad...
by lapsio
Sun Mar 26, 2017 2:03 am
Forum: Virtualization
Topic: Adding more vCPUs increases latency
Replies: 4
Views: 761

Re: Adding more vCPUs increases latency

Ok. ROS version? Unless you are more specific it won't be possible to reproduce your results... Bugfix. I downloaded it like 4h ago xD I doubt they updated since then. 6.37.5. VDI image Other info: 2 interfaces (gw and lan), both bridged with host OS bridges - brwan and brvm. Functional vm bridged ...
by lapsio
Sun Mar 26, 2017 1:45 am
Forum: Virtualization
Topic: Adding more vCPUs increases latency
Replies: 4
Views: 761

Re: Adding more vCPUs increases latency

Which version?

Which kind of ethernet interface did you set in VirtualBox under Advanced settings?
virtio, KVM paravirtualization. VirtualBox 5.0.2
by lapsio
Sun Mar 26, 2017 12:31 am
Forum: Virtualization
Topic: Adding more vCPUs increases latency
Replies: 4
Views: 761

Adding more vCPUs increases latency

Hello Today I tried p-unlimited trial in VM and found out that when I add more than 1 vCPU latency skyrockets. With 1 vCPU I have 0.7 ms ping to edge router. However after increasing to 4 vCPUs ping dropped to above 9 ms (over 10 times). I trid it multiple times and it's reproducible. I'm using Virt...
by lapsio
Thu Mar 23, 2017 9:26 pm
Forum: Virtualization
Topic: RouterOS demo/limited free VM
Replies: 5
Views: 2484

Re: RouterOS demo/limited free VM

With VMware, it supports both vmxnet3 and pvscsi. I don't know about VirtualBox, but it should be very easy to try - either it will work or not. But I'm using Linux host so... Yes it is that simple. Except if it doesn't work - now step 2 - it doesn't work because ROS doesn't support it and it's nor...
by lapsio
Thu Mar 23, 2017 7:39 pm
Forum: Virtualization
Topic: RouterOS demo/limited free VM
Replies: 5
Views: 2484

Re: RouterOS demo/limited free VM

Oh it's just as simple as downloading and running image. Okay, ur the best xD. Also considering it's already CHR related thread... You could post some info about hypervisor settings (eg. you provide .vdi image so what settings should I use for VBox? I assumed Other Linux 2.6/3.x/4.x (32bit) but Othe...
by lapsio
Thu Mar 23, 2017 6:54 pm
Forum: Virtualization
Topic: RouterOS demo/limited free VM
Replies: 5
Views: 2484

RouterOS demo/limited free VM

Hi I remember some time ago I came across some info about educational limited ROS image or something like that - basically iirc it was possible to download VM image with router that had capped bandwidth at 1MB/s or something like that. Is that still available? And can I use it for software developme...
by lapsio
Mon Mar 13, 2017 10:51 am
Forum: RouterBOARD hardware
Topic: Which RB products feature system speaker?
Replies: 2
Views: 508

Which RB products feature system speaker?

Which routerboards feature system speaker (beeper)? Sometimes it's marked on block diagram but not all devices have them published on website.
by lapsio
Sat Mar 11, 2017 5:39 pm
Forum: General
Topic: What is MikroTik update server domain name?
Replies: 1
Views: 1666

Re: What is MikroTik update server domain name?

Okay tracked it down

upgrade.mikrotik.com
by lapsio
Sat Mar 11, 2017 5:23 pm
Forum: General
Topic: What is MikroTik update server domain name?
Replies: 1
Views: 1666

What is MikroTik update server domain name?

Hi. What domain names (or IPs) do I need to allow and on which port in orded to make auto uptade work? My firewall is blocking any internet access for important nodes and only update servers are whitelisted. I got IP 54.192.229.248 captured on fw but reverse DNS shows "cloudfront.net" so I'm not sur...
by lapsio
Thu Feb 23, 2017 2:21 pm
Forum: RouterBOARD hardware
Topic: CCR1009 local link performance - what sorcery is this???
Replies: 4
Views: 871

Re: CCR1009 local link performance - what sorcery is this???

it's a completely different CPU on those. A new Intel i7 CPU does more work per Hz than an old Pentium.. :) I thought Tile Gx is just another power efficiency optimized CPU like some ARM or MIPS. I totally didn't expect it to be anything high performance. It's... wow. I can't wait for metaROUTER su...
by lapsio
Thu Feb 23, 2017 2:10 pm
Forum: RouterBOARD hardware
Topic: CCR1009 local link performance - what sorcery is this???
Replies: 4
Views: 871

CCR1009 local link performance - what sorcery is this???

I used to have RB2011 as primary router between workstations. However I wanted to use firewall on bridge so fasttrack didn't work and I didn't want to use switch. Okay. Even with fasttrack RB2011 was bottlenecking at around 600-700mbps. Without fasttrack - it barely exceeded 120-150mbps when CPU was...
by lapsio
Fri Feb 17, 2017 12:38 am
Forum: Beginner Basics
Topic: Source based routing
Replies: 0
Views: 583

Source based routing

Hello lapsio@nuc ~> ip route show 10.0.0.0/24 dev brguestservice proto kernel scope link src 10.0.0.1 10.0.1.0/24 dev brguestlapsio proto kernel scope link src 10.0.1.1 10.0.2.0/24 dev brguestmilosz proto kernel scope link src 10.0.2.1 192.168.1.0/24 dev brhost proto kernel scope link src 192.168.1....
by lapsio
Fri Feb 17, 2017 12:20 am
Forum: General
Topic: Could you please change font color of combo interface? (bugfix?)
Replies: 2
Views: 564

Re: Could you please change font color of combo interface? (bugfix?)

As far as I know it's blue if the parent interface is disabled.
Oh. Indeed you seem to be right. That makes a bit of sense then. Kind of...
  • 1
  • 2