Community discussions

Search found 469 matches

  • 1
  • 2
by lapsio
Wed Sep 19, 2018 10:13 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Is there a recommended SFP+ 10G Copper module that is proven to negotiate to 1G reliably?
I believe it's ROS/routerboard issue. Not SFP modules issue.
by lapsio
Wed Sep 19, 2018 10:11 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Today Im copy configuration from HAP AC to CRS326-24G-2S+RM(RouterOS mode) and configure sfp+ as WAN insted of SFP(on hap ac) and pppoe, multicats, voip, iptv work normaly as in hap ac... Does this mean that it will also work on RB4011 or can different CPU/Switch chip produce some problems? Im chec...
by lapsio
Mon Sep 17, 2018 11:22 pm
Forum: Wireless Networking
Topic: Why is MikroTik's new product—S+RJ10 10GBASE-T module so cheap?
Replies: 10
Views: 4303

Re: Why is MikroTik's new product—S+RJ10 10GBASE-T module so cheap?

It doesn't support jumbo frames. That's 100$ cut from price. And improperly autonegotiates to non-10G speeds. That's remaining 35$ from price and voila - from 200$ to 65$ :D Plus it probably has 'meh' compatibility. Other MikroTik SFP+ modules I use didn't work with Intel X710-DA4 network card for e...
by lapsio
Mon Sep 17, 2018 10:45 pm
Forum: Beginner Basics
Topic: Mikrotik SPF + unable to get full bandwidth
Replies: 5
Views: 705

Re: Mikrotik SPF + unable to get full bandwidth

We found our simple queue is affecting our ports and also I enabled fastrack to get full throughput. But if i enable fastract our queue tree wouldn't work. I need to find a way to make this work. Thank you guys. To get 10G with CCR1009 without fasttrack you need jumbo 9k. And single connection will...
by lapsio
Mon Sep 17, 2018 10:36 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

You should probably use SFP+ module, not SFP one to avoid sloppyness. For example: https://mikrotik.com/product/s_rj10 It should support all link rates, including 10Mbps one :D Yes it should . Too bad it doesn't. I have this particular module. It negotiates to 10G when connected laptop. When I disa...
by lapsio
Mon Sep 17, 2018 9:38 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Thank you for the explanation. I know I'm getting ahead of myself on the config before the device is even shipping. But based on the 2.5Gb/s limitation for each switch chip, it would be best to place devices with a majority of internet traffic on the same switch chip as the port being used for WAN?...
by lapsio
Sun Sep 16, 2018 11:45 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1769

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The actual role of the optional fan is to reduce the heat transfer effect from one device (HDD) to another (CPU), which can create unstable operation of the device. Example - Condition of normal operation of the central processor is not more than 60 ° C; - The detected normal operating temperature ...
by lapsio
Sat Sep 15, 2018 5:35 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Or does it bridge the two switch groups together? ^ This 2. What is the performance impact bridging the two switch groups together? Does it disable hw acceleration (IPv4 forwarding, IPv6 forwarding, fast path, etc.)? Depends on CPU. In RB2011 performance hit was quite significant but second switch ...
by lapsio
Wed Sep 12, 2018 1:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Still it is a pity that we don't have proper switching available, you will never know when you would actually need it. I'm using RB2011 as small "ports extension" switch + AP for CCR1009. Because CCR1009 has significantly higher routing performance it made sense to use RB2011 switch just as switch ...
by lapsio
Tue Sep 11, 2018 11:08 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1769

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The 2013 University of Virginia study of 10,000 hard drives in a Microsoft datacenter found that the annual failure rate steadily increases with temperature , from about 4% per year at 27 °C to about 10% per year at 44 °C (Figure 5). Assuming an Arrhenius equation, that gives twice the number of fa...
by lapsio
Tue Sep 11, 2018 8:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

I have one question about WiFi version RB4011(RB4011iGS+5HacQ2HnD-IN). Currently I use hAP ac(RB962UiGS-5HacT2HnT) for my home network. Im remove ISP modem and put optical transciver into mikrotik and setup firewall rules, pppoe, vlan's, capsman, vpn's... For Internet I use pppoe on sfp1 interface....
by lapsio
Tue Sep 11, 2018 7:08 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1769

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

The 70 deg. Celsius Mikrotik is saying the device can take might be true. But I am not willing to test the theory only to have to replace the routers every 1-2 years. In my experience, all electronics like to stay cool. Not too cool, but definitely not too warm for too long. My CCR1009 is idling at...
by lapsio
Tue Sep 11, 2018 3:22 pm
Forum: RouterBOARD hardware
Topic: CRS326 and 802.3ad / LACP bonding with VLANs, no HW offload
Replies: 5
Views: 1929

Re: CRS326 and 802.3ad / LACP bonding with VLANs, no HW offload

I'm on latest ROS (6.43.7 i think) and I have HW accelerated xor bonding between CRS317 and CRS326. It happened to me that bonding interface acceleration sometimes "derps" after you perform reconfiguration of interfaces and looses HW state. Putting interface down and up or rebooting device usually s...
by lapsio
Tue Sep 11, 2018 3:15 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 1769

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

I'm not sure whether quad core ARM 1.4 ghz requires such cooling tho... You could at least try to mount low profile fan on the inside to keep U1 size compliance lol
by lapsio
Mon Sep 10, 2018 3:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

I wonder if mini-pcie toUSB adapter will work in this router? In such a way we could have had USB at the expense of 2ghz radio. why don't use any minipcie 2ghz capable wireless card? RB4011 has included 2.4 ghz card. Question was if we can get USB instead of 2.4 ghz. For example to get 3G/LTE USB m...
by lapsio
Mon Sep 10, 2018 12:44 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 8904

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

I agree, that likely the CPU won't need the fans, nevertheless MikroTik does control the fan speed via the CPU temperature. I also agree that I you don't find another POE switch with similar features/performance at that price point. I likely will give the Noctua fans a try. Please note that Noctua ...
by lapsio
Mon Sep 10, 2018 12:29 am
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 4014

Re: RB4011 - Poll - ONE thing you'd change

Whatever we request it is too late I guess... Note that RB2011 had multiple versions and they didn't come out all at once. More "full" versions with more bells and whistles came later, after most basic 2011L variant. Also this post is not only about telling what we don't like about RB4011 in partic...
by lapsio
Sun Sep 09, 2018 4:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Hey everyone! Let's have a poll :D

Let's tell MikroTik what we expect from RB4011 viewtopic.php?f=3&t=138969&p=684987#p684987
by lapsio
Sun Sep 09, 2018 4:11 pm
Forum: RouterBOARD hardware
Topic: RB4011 - Poll - ONE thing you'd change
Replies: 15
Views: 4014

RB4011 - Poll - ONE thing you'd change

So RB4011 is quite polarizing topic. There's a lot of excitement and happiness but also a lot of disappointment. Now let's imagine that MikroTik could make revision of RB4011 that would add ONE feature that you miss the most - what would it be? Let's make some poll, shall we? :D What is YOUR most mi...
by lapsio
Sat Sep 08, 2018 8:12 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

... will not come off without a fight... and warranty?
MikroTik has warranty? xD just rip off those antennas and call it a day. It shouldn't break :D, at least not before end of warranty.
by lapsio
Sat Sep 08, 2018 5:23 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Can anyone from MikroTik confirm the antenna are removable on SMA or something? 2.4 uses standard R11e card like this one: https://mikrotik.com/product/R11e-2HnD so it has the same connectors for antennas as R11e. 5ghz idk but I believe they'll be removable as well. Probably with the same connector...
by lapsio
Sat Sep 08, 2018 4:46 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Also because some people may get impression that removed things are insignificant "details" and nobody uses them I'd like to note that it's not entirely true and those are not just useless gimmicks: no USB - usage of 3G/LTE modems doesn't need any itroduction. Some people use 3G as backup WAN, somet...
by lapsio
Sat Sep 08, 2018 3:21 pm
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 4007

Re: Whats the best current home routerboard for a gigabit ISP?

It stopped passing traffic, I could not connect to it neither via ssh, webfig nor winbox. The only cure was to remove power. Nothing in logs afterwards (no surprise here). I'd recommend using watchdog. It should handle such incident in matter of seconds. https://wiki.mikrotik.com/wiki/Manual:System...
by lapsio
Sat Sep 08, 2018 2:51 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Besides the fact that it is a >1GHz quad-core ARM, though, in the list of "added features" compared to 2011 you also left out the following: Quad-core (like I said) 1GiB of RAM (same as 3011, 8x as much as 2011U, 16x as much as 2011L) 0.5GiB of NAND storage (4x as much as 2011 and 3011) I said that...
by lapsio
Sat Sep 08, 2018 2:25 pm
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 4007

Re: Whats the best current home routerboard for a gigabit ISP?

There's as slight bug in switch chip in IPQ4xxx which bit me and MT doesn't have a solution (yet). It also runs hot and my personal experience is that it might freeze due to that (vertical position seems to help). I'm interested as well. I'm using switch chip in ac² quite actively (vlans for loopba...
by lapsio
Sat Sep 08, 2018 3:04 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Anyone venture a guess if btest will work better on these things than the CCR1016's we use for extended stress testing as I recall a CCR tops out at around the 2.5gbit udp mark ? If btest really is single core then I believe it should perform better than CCRs. It should in general perform better th...
by lapsio
Sat Sep 08, 2018 2:15 am
Forum: RouterBOARD hardware
Topic: Whats the best current home routerboard for a gigabit ISP?
Replies: 15
Views: 4007

Re: Whats the best current home routerboard for a gigabit ISP?

In all seriousness I'd get hAP ac² over RB4011. Imho more versatile at waaay lower price. 4011 is not representative mikrotik as it's really targeted, single purpose device. You won't even connect 3g/lte modem to it. Nor use much of hardware switch. hAP ac² is really nice device with great switch ch...
by lapsio
Sat Sep 08, 2018 12:26 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

What for this router have 10G sfp+ port? All switches summary have only 5G throughput.
Router on the stick. Inter VLAN routing basically. It's common use case actually if you don't have proper L3 switch.
by lapsio
Fri Sep 07, 2018 8:45 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

I look at this a different way - now you have a router capable of routing 10 Gbps peak throughput which is very close to CCR1009 number for half the cost. I totally agree that it is needed device. Cheap 10G router to make 10G more popular. It's cool. I just don't find it successor of RB2011. Look a...
by lapsio
Fri Sep 07, 2018 8:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

For me it's an issue of perception. They gave the device an X011 part number, implying that it was an updated but comparable replacement for the 2011's and 3011. But it isn't; it's a completely different animal. It hits especially badly if you take into account that many people (including me) asked...
by lapsio
Fri Sep 07, 2018 8:01 pm
Forum: RouterBOARD hardware
Topic: CRS317 with Noctua NF-A4x20, pros, cons, caveats.
Replies: 0
Views: 705

CRS317 with Noctua NF-A4x20, pros, cons, caveats.

So I noticed that many people who bought CRS317 as "home" switch replaced fans with Noctua in order to reduce noise level. I decided to do that as well so I guess I'll make small write-up about this topic. Lets start from basics. If we want to replace something, first we should know what are we actu...
by lapsio
Fri Sep 07, 2018 5:34 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

There is no speaker So... at the end of the day... It's kind of one trick pony. It's basically really simple and basic router that can route buttload of traffic due to SFP+ port and hardware AES. The end. Things removed comparing to RB2011: no USB no screen no beeper no USR led no meaningful switch...
by lapsio
Fri Sep 07, 2018 1:14 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

does Realtek RTL8367 manageable switch and support acl? Nope. It's crap :( https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features I think the chip has several possibilities implemented in hardware but are not yet implemented in RouterOS: http://www.realtek.com.tw/products/productsView.aspx?Lang...
by lapsio
Fri Sep 07, 2018 9:08 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

OK, just give me a real life application - combination of fastpath and "router on a stick". As in real life average packet size will be closer to 512 than 1500, fastpath is only way to achieve 10Gbps+ speeds, but that requires no config, "router on a stick" requires at least some configuration, so ...
by lapsio
Thu Sep 06, 2018 10:08 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Regarding the lack of USB, as there are a miniPCI-slot for wifi. Russian site with pictures of the inside: https://weblance.com.ua/389-mikrotik-gotovit-platformu-rb4011-na-baze-processorov-alpine-zayavlena-podderzhka-dual-band-wi-fi-s-mimo-4x4.html If Mikrotik could make a version of the R11e-LTE w...
by lapsio
Wed Sep 05, 2018 5:09 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Finally:

RB4011iGSplusRM-180905135303.png
That looks like beef, not gonna lie :D I wonder where this 10G limit in charts comes from because it doesn't really look like "natural" limit.
by lapsio
Tue Sep 04, 2018 12:54 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

https://forum.mikrotik.com/download/file.php?id=33451 Anybody else wondering why RB4011 CPU-throughput appears to be capped to 10Gbit/s? Assuming both Realtek GbE switchgroups are connected at 2.5Gbit/s each to the CPU (like RB1100AHx4), this leaves only 5Gbit/s possible thoughput for the 10GbE SFP...
by lapsio
Mon Sep 03, 2018 6:47 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Likely nothing has changed in the actual capability but such specifications are made because of complaints about high internal temperature and/or short lifetimes of the caps. Internal temperature of the router is not the same as ambient temperature! It usually is 10-20 degrees higher (depending on ...
by lapsio
Sun Sep 02, 2018 11:17 pm
Forum: RouterBOARD hardware
Topic: CRS317 fans - 5V or 12V?
Replies: 0
Views: 325

CRS317 fans - 5V or 12V?

Does anyone know whether CRS317 fans are 5V or 12V? I'd like to replace them with some Noctuas as I saw many people doing that but I'm not sure which variant should I get.
by lapsio
Sun Sep 02, 2018 9:41 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

If you google the wireless model you get the fcc report, it has internal pictures: No Fans Case looks Matt like the AC^2, and plastic? The main problem for me... is I want a new router now and it’s not on sale yet! There's article on one site. Case is full metal. Only bottom is plastic. Case is bas...
by lapsio
Sun Sep 02, 2018 9:36 pm
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1428

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

I use the mangle chain to divide traffic between two WANs, and the fasttrack doesn't seen to cause problems with it.
I thought that routing-mark is per-packet, not per-connection. If you assign routing mark on connection level it's gonna persist and be taken into account in routing rules?
by lapsio
Sun Sep 02, 2018 3:43 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

One question: why you need to push all that through the router? Why not to switch the most part? Long story short - MikroTik switches don't support VEPA and I use VEPA. And datacenter switches that support VEPA cost more than MikroTik router that can handle 10G lol. And I want to have stateful fire...
by lapsio
Sun Sep 02, 2018 2:51 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1428

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

Why would fasttrack be less secure than no fasttrack? The streaming is marked to be fasttracked after the firewall looks into it, so I don't get this. in filter chain - yeah but there's plenty of caveats. For example mangle chain and packet marking. Iirc fasttracked packets don't get processed on p...
by lapsio
Sun Sep 02, 2018 12:46 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1428

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

i suppose you put the 10g NIC on the pci express x16 slot of your motherboard Technically x8 because it's P67 chipset so it has x8/x8 pci-e 2.0 but card has x8 connector anyways. As it's 4x10G NIC it has theoretical throughput of around 36 gbps in such config. In practice probably above 20 or somet...
by lapsio
Sat Sep 01, 2018 11:03 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

i think a CPU like Broadcom stingray (8 core arm cortex a 72 at 3.0ghz) can beat a a tilera 72 core CPU at 1.0 ghz (like ccr1072) because of the much better single core performance That's true for many use cases but please take into account that routers like those are in most cases used in backbone...
by lapsio
Sat Sep 01, 2018 9:49 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Being a CCR1009 owner I can confirm - it is way overkill for home use. I ended with it only because I found one used for nearly the price of 3011. Otherwise it makes no sense, especially now, when you can get 4011 + CRS326 for the price of 1009. Though even home user can kill CCR1009 if you use too...
by lapsio
Sat Sep 01, 2018 8:08 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that. i think with rb4011rm ccr1009 is dead That's brave statement :D Still CCR1009 has number of features that RB4011 doesn't. It still has significantly higher routing performance, p...
by lapsio
Sat Sep 01, 2018 7:18 pm
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1428

Re: CCR1009 - low single tcp tunnel performance? [SOLVED]

So yeah. It's CCR1009 issue. It really does bottleneck on single TCP connection, even with 9k jumbo at 3.5 gbps. With standard 1500 frames it bottlenecks at around 1.2gbps. When fasttrack is disabled and we use bridge ip firewall Removing bridge interface (so that ip is assigned directly to VLAN int...
by lapsio
Sat Sep 01, 2018 2:38 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Is there a header inside one can attach a USB cable to?
I didn't notice any. If you google 4011 there's some Russian article with photos of PCB
by lapsio
Fri Aug 31, 2018 4:07 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

I'm actually interested to test this router with a full BGP table given the high clock speed and 10 gig port. Who knows? Could be a diamond in the rough for a border router ;-) I'm especially interested in RB4011 vs CCR1009 on single 10G point to point connection. CCR seems to struggle with that.
by lapsio
Fri Aug 31, 2018 1:08 am
Forum: RouterBOARD hardware
Topic: CCR1009 - low single tcp tunnel performance? [SOLVED]
Replies: 9
Views: 1428

CCR1009 - low single tcp tunnel performance? [SOLVED]

I recently managed to get my hands on Intel X710-DA4, CRS317 and CCR1009. However unfortunately... Performance is quite disappointing and I don't know who to blame. When I enable multiple tunnels in iperf then everything is cool - full 10G. However with single tunnel... not so much. If I use UDP for...
by lapsio
Thu Aug 30, 2018 10:53 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Oh boy, it does look ugly with those rack-mount ears attached. Luckily I can close rack's door. I wonder if LCD would suffice to maintain minimum level of sexapeal ... Well... At least it's not full width rackmount case that is like idk... 10cm deep or something similarly comical like RB2011 used t...
by lapsio
Thu Aug 30, 2018 10:13 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

... So it is still closer to RB3011 than to RB1100. And keeping in mind SFP+ port, the price is quite good. Yep. I wonder how it compares to CCRs if we're handling single TCP tunnel. Because single TCP tunnels don't really scale well so ironically this device could perform better with single 10G TC...
by lapsio
Thu Aug 30, 2018 9:20 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

I wonder what processors will we see in future RB1100 and CCR series, as RBx011 has 4x1.4GHz now... Prices are probably estimated but from what resellers suggest RB4011 won't be direct RB2011 successor as it's gonna be priced significantly higher (which obviously makes sense, after all it has the s...
by lapsio
Thu Aug 30, 2018 7:27 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

Two versions: Rackmount: http://files.i4wifi.cz/inc/_doc/attach/StoItem/7148/en_datasheet_RB4011iGS_RM.pdf with wifi: http://files.i4wifi.cz/inc/_doc/attach/StoItem/7150/en_datasheet_RB4011iGS_5HacQ2HnD_IN.pdf It doesn't really look like prototype :/ I think there won't be usb for us this time. No ...
by lapsio
Thu Aug 30, 2018 6:56 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

Re: RB4011

LCDs are this tiny "premium" touch that makes device look better than it actually is xD I love them. It's not like they're super useful but they just feel nice. It's not common to see LCD screens in this kind of hardware. F5 puts similar LCDs in their newer appliances that are waaaaay more expensive...
by lapsio
Thu Aug 30, 2018 3:51 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 361
Views: 66859

RB4011

So... Are we going to talk about it or is it tabu topic? :D

I'm personally quite disappointed with lack of LCD and USB.

NOTE: There's poll related to this thread: viewtopic.php?f=3&t=138969
by lapsio
Mon Aug 27, 2018 9:41 pm
Forum: Beginner Basics
Topic: quota Limit on WAN interfaces
Replies: 2
Views: 446

Re: quota Limit on WAN interfaces

Bump. Still relevant. for backup LTE links. I set up 128 kbps bandwidth limit but I calculated that it can still pretty easily use up whole per-month 10 GB data limit in around 1 week.
by lapsio
Mon Aug 27, 2018 8:06 pm
Forum: Wireless Networking
Topic: How to filter wifi traffic between AP stations on firewall? [SOLVED]
Replies: 6
Views: 1058

Re: How to filter wifi traffic between AP stations on firewall? [SOLVED]

... Well I actually just found even better solution - simply arp=local-proxy-arp. So just set default-forwarding=no on wireless interface and arp=local-proxy-arp on bridge where wlan interface is attached and where you have IP address and this way MikroTik will answer to all arp requests with own M...
by lapsio
Mon Aug 27, 2018 3:28 pm
Forum: RouterBOARD hardware
Topic: CRS3xx ingress+egress dual port mirror
Replies: 0
Views: 334

CRS3xx ingress+egress dual port mirror

How can I configure port lets say ether2 to mirror ingress to port 23 and egress to port 24 so that I won't have mirror link overcommit? If I recall it was possible in CRS2xx using mirror0 and mirror1.
by lapsio
Sun Aug 26, 2018 1:27 am
Forum: Wireless Networking
Topic: How to filter wifi traffic between AP stations on firewall? [SOLVED]
Replies: 6
Views: 1058

Re: How to pass traffic between AP stations through firewall? [SOLVED]

After all those years I finally solved this mystery. Solution was as simple as disabling default-forward and giving all stations /32 netmask via dhcp or static config (and probably enable ip-firewall on bridge). Now all packets go to router MAC and then router filters them on firewall in forward cha...
by lapsio
Sat Aug 25, 2018 10:33 pm
Forum: General
Topic: tls-host doesn't work in dstnat chain? [SOLVED]
Replies: 1
Views: 434

Re: tls-host doesn't work in dstnat chain? [SOLVED]

Okay it's pretty obvious. NAT decision is taken before 3-way handshake is finished as handshake is typically preformed by actual host and tls-host, layer-7-protocol, content and many other matchers can only be determined after handshake is finished because they base on connection packets content. So...
by lapsio
Sat Aug 25, 2018 10:01 pm
Forum: General
Topic: tls-host doesn't work in dstnat chain? [SOLVED]
Replies: 1
Views: 434

tls-host doesn't work in dstnat chain? [SOLVED]

I tried to kind of replicate nginx functionality using dstnat to different machines basing on tls-host (mostly to split openvpn on port 443 from https) however to my surprise this feature doesn't seem to work in dstnat chain. It works in prerouting chain though and according to: https://wiki.mikroti...
by lapsio
Sat Aug 25, 2018 6:52 pm
Forum: Wireless Networking
Topic: FreeRADIUS based MikroTik Wireless VLAN tagging
Replies: 0
Views: 595

FreeRADIUS based MikroTik Wireless VLAN tagging

I'm trying to assign users to different VLANs on wireless interface basing on RADIUS authentication. Basic RADIUS authentication works as expected but MikroTik-specific attributes don't seem to be assigned properly. This is my server side config of FreeRADIUS (mikrotik.dictionary is taken from here:...
by lapsio
Sat Aug 18, 2018 2:19 am
Forum: Wireless Networking
Topic: D-Link DWM-222 works only with CCR1009
Replies: 0
Views: 361

D-Link DWM-222 works only with CCR1009

I just bought Orange SIM card and D-Link DWM-222 usb modem for backup connection. I wanted to connect it to my edge router (hAP ac²) as backup gateway but it doesn't seem to work... I have really mixed results with it. At first I connected to hAP ac² and it didn't work. Then I connected to RB2011 an...
by lapsio
Fri Aug 17, 2018 5:56 pm
Forum: General
Topic: Loopback NAT is performed only once
Replies: 2
Views: 603

Re: Loopback NAT is performed only once

I just bought one more router dedicated as edge router... It was crappy idea anyways because RB2011 was really overloaded with tons of functionality it couldn't handle all at once. It's old and really obsolete router. I hope MikroTik makes refresh of RB2011 soon. With more recent CPU and perhaps two...
by lapsio
Fri Aug 17, 2018 5:45 pm
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 765

Re: Hairpin NAT bypasses firewall - potential security issue

Unless you reproduce it on router with exact config you posted, i.e. only that one drop rule in forward chain and nothing more , it must be some other rule allowing these packets to pass. Hmm. They don't pass with this exact config in CHR. But it does occur with my config when I add drop all as fir...
by lapsio
Fri Aug 17, 2018 4:59 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 530

Re: force push local address to gateway? (to avoid Hairpin NAT)

Look at this: https://forum.mikrotik.com/viewtopic.php?f=2&t=102483&p=509070&hilit=port#p508981 In the end I used srcnat to router's external IP so basically hairpin NAT just with public IP, not private. It works. Servers see in logs my external public IP and packets are "properly" forwarded. Excep...
by lapsio
Fri Aug 17, 2018 1:43 am
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 765

Re: Hairpin NAT bypasses firewall - potential security issue

... but even if it would send something back (it won't, because it has unconditional drop in forward, it won't route anything between any interfaces), bottom router wouldn't let it pass. The problem is - it would and it does. I didn't make this up from thin air. It's issue that occurs in my config....
by lapsio
Thu Aug 16, 2018 3:30 am
Forum: RouterBOARD hardware
Topic: S+RJ10 improperly auto negotiates to 10G
Replies: 3
Views: 905

Re: S+RJ10 improperly auto negotiates to 10G

This might help You: https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table#SFP.2B_interface_compatibility_settings_with_1G_links Oh okay. I read this bilion times in the past yet somehow I still forgot about this 1G sfp+ thingy. Still I believe that's not how autonegotiation is sup...
by lapsio
Thu Aug 16, 2018 1:37 am
Forum: RouterBOARD hardware
Topic: CRS317 10G -> 1G traffic slow, everything else fine
Replies: 21
Views: 7063

Re: CRS317 10G -> 1G traffic slow, everything else fine

SFP+RJ10 still reports up/down link state without a cable connected.
Still happens in August...
by lapsio
Thu Aug 16, 2018 1:29 am
Forum: RouterBOARD hardware
Topic: S+RJ10 improperly auto negotiates to 10G
Replies: 3
Views: 905

S+RJ10 improperly auto negotiates to 10G

I fairly doubt my laptop has 10G onboard NIC... especially that on laptop side it's negotiated to 1Gbps
P_20180816_001727_vHDR_On.jpg
by lapsio
Thu Aug 16, 2018 12:17 am
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2850

Re: S+RJ10 and Jumbo Frames

+1, why would jumbo frames not be supported on a 10G capable interface.... On the other hand... Name me one 10G copper SFP+ module other than mikrotik for 65$ brand new. Go on. I tried xD Until MikroTik saves us, 10G copper still costs kidney. Currently they saved us in 50% because no jumbo :P I bi...
by lapsio
Tue Aug 14, 2018 11:51 pm
Forum: General
Topic: Hairpin NAT bypasses firewall - potential security issue
Replies: 6
Views: 765

Hairpin NAT bypasses firewall - potential security issue

I noticed that hairpin NAT on single interface bypasses firewall. net.png Let's assume following: bottom router: /ip address add address=192.168.0.1/30 interface=ether1 /ip address add address=192.168.4.1/24 interface=ether2 /ip address add address=192.168.2.1/24 interface=ether3 /ip firewall filter...
by lapsio
Tue Aug 14, 2018 10:46 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 530

Re: force push local address to gateway? (to avoid Hairpin NAT)

What is wrong with Harpin NAT? It is just name of technology which "other" routers do behind the scenes. One line for NAT. That is all. I just noticed that if I do what I just described MikroTik accepts all dst-nated packets, bypassing all firewall rules whatsoever ._. That's first thing. So basica...
by lapsio
Tue Aug 14, 2018 9:08 pm
Forum: General
Topic: force push local address to gateway? (to avoid Hairpin NAT)
Replies: 4
Views: 530

force push local address to gateway? (to avoid Hairpin NAT)

lets say I have public IP 66.66.66.66. I want to allow users from LAN access services exposed via public IP. Unfortunately there's quadrillion of zone-like firewall rules, PBR, QoS and tons of other crap. Adding exceptions everywhere for such traffic would be complete clusterf*ck and I'm trying to a...
by lapsio
Thu Aug 02, 2018 10:41 am
Forum: RouterBOARD hardware
Topic: Hap ac2 vs. Hex S
Replies: 8
Views: 6930

Re: Hap ac2 vs. Hex S

It's also worth to mention that hEX series has crappy switch chip while hAP ac2 has pretty decent one with VLANs support and stuff so you can also repurpose your device as managed L2 wire-speed switch. For me it was big deal as I wanted to loop traffic through IPS and ROS has issues with software br...
by lapsio
Mon Jul 30, 2018 11:48 pm
Forum: General
Topic: CRS317 - arp doesn't work
Replies: 3
Views: 440

Re: CRS317 - arp doesn't work

I assume the IP address is attached to the VLAN interface? Any ARP related settings? Maybe a full /export hide-sensitive I tied to isolate as tiny case as possible. So here I replicated issue with only 2 switches (without CCR involved): lapsio@linux-gjpj ~> cat SSHFS/Storage/mtk5 # jul/30/2018 22:3...
by lapsio
Mon Jul 30, 2018 10:13 pm
Forum: General
Topic: Loopback NAT is performed only once
Replies: 2
Views: 603

Loopback NAT is performed only once

I have two routers - CCR1009 and RB2011. I'd like to make CCR1009 core router and RB2011 edge router. However as CCR1009 doesn't have wifi I'd like to also repurpose RB2011 as AP, but still route networks on CCR1009. So in order to do so I bridged wifi interface with one of VLANs, withrout assigning...
by lapsio
Sun Jul 29, 2018 6:10 pm
Forum: General
Topic: How LACP affects ARP?
Replies: 0
Views: 300

How LACP affects ARP?

Recently I created multiple threads spinning around topic of ARP and LACP issues. I thought they're independent but after lots of testing I think I finally came to following conclusion: LACP affects ARP in some way in my setup. Every time I create LACP link there are some issues with propagating ARP...
by lapsio
Sat Jul 28, 2018 10:50 pm
Forum: Beginner Basics
Topic: How does MSTP work?
Replies: 0
Views: 527

How does MSTP work?

I thought that primary reason why we use MSTP is because it's VLAN-aware. However I made following switch config: /interface bridge add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=mstp vlan-filtering=yes /interface bridge port add bridge=br-hardware frame-types=admit-only-...
by lapsio
Sat Jul 28, 2018 9:06 pm
Forum: General
Topic: CRS317 - arp doesn't work
Replies: 3
Views: 440

CRS317 - arp doesn't work

I have following config on CRS317: /interface bridge add admin-mac=CC:2D:E0:58:18:E0 auto-mac=no name=br-hardware protocol-mode=none vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] l2mtu=2028 name=ether1-rescue set [ find default-name=sfp-sfpplus1 ] l2mtu=9112 mtu=9000 set [ ...
by lapsio
Thu Jul 26, 2018 10:32 pm
Forum: RouterBOARD hardware
Topic: Affordable 10GBase-T for CRS317? [SOLVED]
Replies: 3
Views: 846

Re: Affordable 10GBase-T for CRS317? [SOLVED]

You should really be using fiber by the time you hit 10gig. /M I know, I'm mostly using DAC cables and LC uplinks because it's used as kind of "top-of-rack" switch interconnecting servers. Unfortunately one server has 10G copper onboard NIC. It'd be a bit of waste not to use it and our firewall wil...
by lapsio
Thu Jul 26, 2018 6:07 pm
Forum: RouterBOARD hardware
Topic: Affordable 10GBase-T for CRS317? [SOLVED]
Replies: 3
Views: 846

Affordable 10GBase-T for CRS317? [SOLVED]

Are there any affordable 10G copper SFP+ modules that should work with CRS317? The only sub 120$ module i could find is MikroTik S+RJ10 but it doesn't support jumbo frames so it doesn't count
by lapsio
Mon Jul 23, 2018 3:11 pm
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2850

Re: S+RJ10 and Jumbo Frames

anything changed in this topic? I'm in urge to get 10G routing with CCR1009 but I'm afraid it won't handle 10G on single connection (single core) without jumbo.
by lapsio
Sat Jul 21, 2018 4:13 pm
Forum: Beginner Basics
Topic: How to set 10G link speed without autonegotiation?
Replies: 2
Views: 553

Re: How to set 10G link speed without autonegotiation?

When I disable auto-negotiation on CCR1009 SFP+ cage I'm getting "no-link" at all. Not even 1G

Edit: Ok i't s because CCR1009 actually properly tries to establish 10G with autonegotiation disabled. Unlike CRS317 and CRS326
by lapsio
Sat Jul 21, 2018 3:50 pm
Forum: Beginner Basics
Topic: How to set 10G link speed without autonegotiation?
Replies: 2
Views: 553

How to set 10G link speed without autonegotiation?

I have CRS317 and CRS326. When auto-negotiation is enabled I'm getting both links to operate at 10G speed no problem. However if I set auto-negotiation to "no" they operate at 1G speed. How do I properly set fixed 10G speed? Here's config of interfaces on both switches and log: 25 RS name="sfp-sfppl...
by lapsio
Thu Jul 19, 2018 11:17 pm
Forum: RouterBOARD hardware
Topic: Are MikroTik 10G DAC cables "standard"? [SOLVED]
Replies: 7
Views: 2054

Re: Are MikroTik 10G DAC cables "standard"? [SOLVED]

Apparently they're not. Luckily I had Mikrotik 1m DAC laying around so I tested it before ordering more cables. It doesn't work. I also tried Mikrotik's SFP+ FC module and it doesn't work either. Card shows following error: 6205964200056624920.jpg I ordered Intel compatible DAC cable. I hope it's go...
by lapsio
Mon Jul 16, 2018 10:56 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming
Replies: 47
Views: 23818

Re: RouterBOARD naming

Why RB750G is not named RB750UG. The same about RB760iGS not being RB760UiGS? This naming scheme looks really inconsistent in practice :/ CRS and CCR naming schemes seem to be much more consistent. Also why those are not x2? They have 2 cores after all...
by lapsio
Sun Jul 15, 2018 6:26 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 642

Re: DST-NAT in bridge breaks forwarding [SOLVED]

Yes, you don't need an IP address but only a route that will direct ARP requests towards the correct interface. Unfortunately it doesn't work. Router already has address in 192.168.10.0/24 network as it's management one. It only doesn't have address in 192.168.4.0/24. NAT makes either 8.8.8.8 -> 19...
by lapsio
Sun Jul 15, 2018 5:07 pm
Forum: RouterBOARD hardware
Topic: CRS317 - any chance for bonding-rr offload?
Replies: 0
Views: 376

CRS317 - any chance for bonding-rr offload?

Is there any chance for bonding-rr to be hardware offloaded on CRS3xx series? Or it's not possible with currently used switch chip?
by lapsio
Sun Jul 15, 2018 5:36 am
Forum: Beginner Basics
Topic: Switching loop - why? [SOLVED]
Replies: 1
Views: 376

Re: Switching loop - why? [SOLVED]

It turns out sometimes VLAN interfaces on CCR1009 randomly don't get up and require disabling and reenabling... ._.
by lapsio
Sun Jul 15, 2018 3:55 am
Forum: Beginner Basics
Topic: Switching loop - why? [SOLVED]
Replies: 1
Views: 376

Switching loop - why? [SOLVED]

I'm quite new to Layer 2 (unfortunately i started from top of OSI and stepped down successively) so I decided to get some grip here. In order to test various more advanced configs I decided to create something like this: susecap607.png ports with dots represent tagged ports, colors represent untagge...
by lapsio
Sat Jul 14, 2018 11:23 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 642

Re: DST-NAT in bridge breaks forwarding [SOLVED]

So yes, as NAT is layer3 operation, box doing it should be part of a layer3 network. I blacklisted in-interface-list with unaddressed bridges from NAT to prevent NATing on unaddressed bridges. But another question is - how about mangle and PBR? Does assigning routing mark also force routing? I wond...
by lapsio
Sat Jul 14, 2018 6:28 pm
Forum: Beginner Basics
Topic: DST-NAT in bridge breaks forwarding [SOLVED]
Replies: 5
Views: 642

DST-NAT in bridge breaks forwarding [SOLVED]

I have following setup: CRS326 --- CCR1009 --- RB2011 --- internet CCR1009 is bridging one network that spans between CRS326 and RB2011 (which is wifi network). RB2011 is router in this network there's DNS server connected to it. CCR doesn't have an IP address in this network. It just performs bridg...
by lapsio
Thu Jul 12, 2018 9:04 pm
Forum: RouterBOARD hardware
Topic: CRS317 keeps calling "home" (MikroTik cloud) [SOLVED]
Replies: 1
Views: 508

CRS317 keeps calling "home" (MikroTik cloud) [SOLVED]

I disabled MikroTik cloud time-update and ddns however my CRS317 still tries to send packets to UDP 81.198.87.240:15252, triggering alerts on firewall Why. Alerts: 18:04:19 firewall,info ccr: X_X service: in:br-service(vlan10-crs) out:br-service, src-mac cc:2d:e0:58:18:e0, proto UDP, 192.168.10.5:59...
by lapsio
Mon Jul 09, 2018 11:21 am
Forum: RouterBOARD hardware
Topic: MikroTik specification - is throughput "duplex"? [SOLVED]
Replies: 5
Views: 913

Re: MikroTik specification - is throughput "duplex"? [SOLVED]

After more detailed research and discussion we came to conclusion that what Cisco refers to as "bandwidth" is MikroTik's capacity, not throughput. So indeed CRS317 is all ports concurrent full duplex and in order to do so internal bus must handle 320 gbps of data 160 for input and 160 for output. I ...
by lapsio
Sun Jul 08, 2018 11:27 pm
Forum: RouterBOARD hardware
Topic: MikroTik specification - is throughput "duplex"? [SOLVED]
Replies: 5
Views: 913

Re: MikroTik specification - is throughput "duplex"? [SOLVED]

I know it's duplex 10G but it's still not clear to me whether it can actually handle 160 gbps in + 160 gbps out at once (all ports full duplex) or only 8 ports full duplex
by lapsio
Sun Jul 08, 2018 10:45 pm
Forum: RouterBOARD hardware
Topic: MikroTik specification - is throughput "duplex"? [SOLVED]
Replies: 5
Views: 913

MikroTik specification - is throughput "duplex"? [SOLVED]

I've been discussing with friend performance of CRS317. It claims ~160 gbps throughput. I thought it means it can basically handle all ports at 100% speed (16x in + 16x out = 16 streams = 160 gbps). However friend tells me that in order to handle all ports at 100% you need 360 gbps bus throughput be...
by lapsio
Sun Jul 08, 2018 4:22 pm
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 652

Re: CRS326 - why ether1 LED is always lit up?

. Very nice. Creative technology. It has actually legit use cases. As I won't use all ports for now I think I'll write script that will indicate bridge throughput meter the same way you can indicate wifi signal strength. Or CPU usage. Or some ping monitor that will indicate with leds if certain hos...
by lapsio
Sun Jul 08, 2018 1:25 am
Forum: RouterBOARD hardware
Topic: CRS317 /system health fans?
Replies: 0
Views: 359

CRS317 /system health fans?

Do those settings in /system health do anything? There's several fan related parameters hinted when trying to set some value but they don't seem to be functional.
by lapsio
Sat Jul 07, 2018 9:12 pm
Forum: General
Topic: Multiple connection-marks
Replies: 8
Views: 1899

Re: Multiple connection-marks

What kind of input to the generating script would you expect? It is a matter of two hours to write such script, but you'd spend the remaining 46 hours debugging it :-D What do you mean by doing the same for QoS queues - to create an own copy of the queue tree for each WAN? What if the WANs have dif...
by lapsio
Sat Jul 07, 2018 8:06 pm
Forum: General
Topic: Multiple connection-marks
Replies: 8
Views: 1899

Re: Multiple connection-marks

Hmm I wonder if it'd be possible to template it. I mean to create marks for QoS, marks for routing and make script that will duplicate given chain M times and will compute and replace new marks for each routing mark. And do the same for QoS queues. I know it would be just nobody has time to write su...
by lapsio
Sat Jul 07, 2018 5:02 pm
Forum: General
Topic: Multiple connection-marks
Replies: 8
Views: 1899

Re: Multiple connection-marks

Sorry for bump but is it possible now in different way? Routing marks are not stateful (unlike connection marks) so when you're overwriting them you either loose PBR info or QoS info for related packets. Is there any other way to acieve stateful routing-mark criteria AND stateful QoS criteria at the...
by lapsio
Fri Jul 06, 2018 12:19 am
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 652

Re: CRS326 - why ether1 LED is always lit up?

When I realized all LEDs are configurable I almost cried.
P_20180705_231351.gif
Never change MikroTik. Never change xD
by lapsio
Thu Jul 05, 2018 11:50 pm
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 652

Re: CRS326 - why ether1 LED is always lit up?

nvm for some reason it had set ether1 led indicator to bridge1 state. I think it was screwed up by update script to 6.41
by lapsio
Thu Jul 05, 2018 11:45 pm
Forum: RouterBOARD hardware
Topic: CRS326 - why ether1 LED is always lit up?
Replies: 5
Views: 652

CRS326 - why ether1 LED is always lit up?

I have CRS326 and the only connected interface is SFP+2. However ether1 LED seems to copy SFP+ LED state and blinks when there's traffic going through SFP+2. I'm a bit confused. When ether1 was master-port it somewhat made sense but now when there's no longer master port it's a bit... odd.
by lapsio
Wed Jul 04, 2018 11:56 am
Forum: RouterBOARD hardware
Topic: CRS326 - safe temperatures?
Replies: 2
Views: 676

Re: CRS326 - safe temperatures?

lapsio what are your ambient temperatures? In room probably around 26-ish or something. It's jsut normal room and it's summer so... Worse case is temperature inside this desk shelf which i'd say is something around 32-36? maybe. I'm not sure but it feels similar to temperature in workstation chassi...
by lapsio
Wed Jul 04, 2018 12:49 am
Forum: RouterBOARD hardware
Topic: CRS326 - safe temperatures?
Replies: 2
Views: 676

CRS326 - safe temperatures?

Hello, today my CRS326 and CRS317 arrived and I'm a bit concerned about operation temperatures. CRS317 has spinning fan and it deals with temperature quite fine sitting at 42-46 deg on idle but CRS326 seems to struggle with temperatures, idling at 76 deg. When I checked against my CCR1009-PC it does...
by lapsio
Fri Jun 29, 2018 3:36 am
Forum: General
Topic: CRS3xx - Inter VLAN switching?
Replies: 3
Views: 436

Re: CRS3xx - Inter VLAN switching?

I tried 'naive' way of switch rules aka force the same dst-port as source port without vlans and it didn't work (switch didn't reply to the same port) but hm... I didn't try to do that with MAC vlans enabled. That could possibly work. I'll try. Though MAC vlans itself are accomplished using switch r...
by lapsio
Fri Jun 29, 2018 1:58 am
Forum: General
Topic: CRS3xx - Inter VLAN switching?
Replies: 3
Views: 436

CRS3xx - Inter VLAN switching?

Is it possible to perform inter VLAN switching/bridging (wire speed) on single port with CRS3xx switches? I'm asking specifically about single port config because in such case simple VLAN stripping won't do the job as switch doesn't send packets back to the same port if it's not in separate VLAN (Mi...
by lapsio
Thu Jun 28, 2018 3:46 pm
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2850

Re: S+RJ10 and Jumbo Frames

According to Mikrotik support the S+RJ10 modules 'currently' do NOT Support Jumbo Frames. However, i did not get any answer if this as firmware/software limitation and might change in the future or if this a permanent hardware limitation. Can you even hypothetically upgrade SFP module firmware?... ...
by lapsio
Mon Jun 18, 2018 7:41 am
Forum: RouterBOARD hardware
Topic: Mikrotik RJ-45 Serial to APC RS232
Replies: 1
Views: 348

Re: Mikrotik RJ-45 Serial to APC RS232

No afaik. But ROS support for UPSes is quite limited so I don't think it'd make much sense anyways.
by lapsio
Mon Jun 18, 2018 7:39 am
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2850

Re: S+RJ10 and Jumbo Frames

Oh god, good to know I almost bought it for NAS connection where 9k jumbo is mandatory.
by lapsio
Mon Jun 18, 2018 7:29 am
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN refresh any soon?
Replies: 1
Views: 527

RB2011UiAS-2HnD-IN refresh any soon?

You did some refreshes/reeditions to some of your older products (slightly faster cpu, slightly more ram, newer wifi chip etc). Yet I see RB2011 still stays the same with 600mhz single core MIPS. It's starting to lag behind eg. hEX lineup while hEX is not really the same league. Especially RB2011UiA...
by lapsio
Wed Jun 06, 2018 4:25 pm
Forum: RouterBOARD hardware
Topic: Are MikroTik 10G DAC cables "standard"? [SOLVED]
Replies: 7
Views: 2054

Re: Are MikroTik 10G DAC cables "standard"? [SOLVED]

Hi, according to my experience at 10Gbps DAC, some cables are standard by brand, if you want to connect the mikrotik with an Intel PC, it will probably work; if you're trying to connect different mikrotiks using that DAC the it will definitely work, however if your idea is to connect to a different...
by lapsio
Wed Jun 06, 2018 1:51 am
Forum: General
Topic: MikroTik switch/bridge hair-pinning (reflective relay) support
Replies: 1
Views: 446

Re: MikroTik switch/bridge hair-pinning support

So... no, apparently it does not work in straightforward way. However on RouterOS it can be achieved by adding vlans in VMs and then bridging those vlans in ROS. I doubt it's possible on switches at wire speed though.
by lapsio
Tue Jun 05, 2018 11:48 pm
Forum: Beginner Basics
Topic: Invalid value for argument src-mac-address [SOLVED]
Replies: 1
Views: 635

Re: Invalid value for argument src-mac-address [SOLVED]

Oh it requires mask. And MAC mask is in weird format the same as mac, not short one. So eg:
5d:ad:43:b3:44:24/ff:ff:ff:ff:ff:ff
by lapsio
Tue Jun 05, 2018 9:42 pm
Forum: Beginner Basics
Topic: Invalid value for argument src-mac-address [SOLVED]
Replies: 1
Views: 635

Invalid value for argument src-mac-address [SOLVED]

I'm trying to create mac based vlan, however following command: /interface ethernet switch rule add switch=switch1 src-mac-address="62:8C:69:AA:5D:7C" new-vlan-id=1500 gives me error: Invalud value for argument src-mac-address. I also tried: /interface ethernet switch rule add switch=switch1 src-mac...
by lapsio
Tue Jun 05, 2018 4:41 pm
Forum: RouterBOARD hardware
Topic: Are MikroTik 10G DAC cables "standard"? [SOLVED]
Replies: 7
Views: 2054

Are MikroTik 10G DAC cables "standard"? [SOLVED]

Are DAC cables standarized across manufacturers just like optical connection standards or RJ45? I mean - is it possible to use MikroTik DAC cable to connect MikroTik device to lets say server with Intel X710 10G network card or other 10G SFP+ devices? Or do I need to get regular SFP+ modules? I'm mo...
by lapsio
Tue Jun 05, 2018 11:20 am
Forum: RouterBOARD hardware
Topic: CRS317 vertical operation? [SOLVED]
Replies: 3
Views: 611

Re: CRS317 vertical operation? [SOLVED]

There are heat pipes inside the case to transfer heat to external radiator. There is no fan on radiator and radiator ribs are designed for horizontal use of the case. You can use it vertically but it needs temp monitoring and perhaps some additional fan for external cooling. I had problems with lap...
by lapsio
Mon Jun 04, 2018 10:24 am
Forum: General
Topic: MikroTik switch/bridge hair-pinning (reflective relay) support
Replies: 1
Views: 446

MikroTik switch/bridge hair-pinning (reflective relay) support

I'm reading about VEPA virtualization and articles say that it requires hair pinning support on switch (sending packet back to the same interface). I honestly thought it's standard behavior of pretty much any switch but those articles confused me a bit. Do RouterOS or MikroTik switches work in such ...
by lapsio
Tue May 15, 2018 4:44 am
Forum: RouterBOARD hardware
Topic: CRS317 vertical operation? [SOLVED]
Replies: 3
Views: 611

CRS317 vertical operation? [SOLVED]

Does vertical placement of CRS317 affect device cooling solution in negative way? As in is this semi-passive heatsink optimized for horizontal operation or it shouldn't matter?
by lapsio
Fri Apr 27, 2018 11:38 pm
Forum: General
Topic: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?
Replies: 15
Views: 2537

Re: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?

hEX has hardware switch so in this case vlan settings in /interface bridge are supported by wire-speed switch chip. My question was regarding routers that DO NOT have hardware switch (like CCR series for example) and still have this option. Then it looks redundant to me a bit. Sounds like doing stuf...
by lapsio
Mon Apr 23, 2018 12:01 am
Forum: Wireless Networking
Topic: "Management frame protection" - 802.11w compatibility
Replies: 10
Views: 3487

Re: "Management frame protection" - 802.11w compatibility

No, really. It seriously stinks that it's not supported yet. I'm going to keep deauth myself for next 2 months and complain that my RB2011 wifi doesn't work as manifest.
by lapsio
Tue Mar 27, 2018 5:38 pm
Forum: RouterBOARD hardware
Topic: Routers with switch chip / CRS - switch downtime during reboot cycle?
Replies: 0
Views: 346

Routers with switch chip / CRS - switch downtime during reboot cycle?

Hello. I wonder - in context of RouterOS / SwOS reboot cycle - what is inactivity period of switch device? I'm not really talking about time in seconds but more about events, as in - does switch chip require full OS to be booted up or is switch active already during OS boot procedure, or power suppl...
by lapsio
Mon Mar 26, 2018 10:42 pm
Forum: Wireless Networking
Topic: MikroTik devices allowing 2 or more wifi radios?
Replies: 2
Views: 375

MikroTik devices allowing 2 or more wifi radios?

Which MikroTik devices (other than barebone Routerboards) allow multi 2.4Ghz radios (buying miniPCIe cards is acceptable requirement of course)?
by lapsio
Fri Mar 09, 2018 1:35 am
Forum: General
Topic: Multi-network with MikroTik OpenVPN?
Replies: 0
Views: 270

Multi-network with MikroTik OpenVPN?

Are there known some viable solutions for creating multi-network OpenVPN server on MikroTik? I mean that various clients are effectively put into various networks. I know that in "standard" case all clients are put into single bridge but maybe it's possible to figure out something with VLANs assigne...
by lapsio
Wed Mar 07, 2018 9:37 pm
Forum: Beginner Basics
Topic: Difference between /interface bridge filter and /ip filter?
Replies: 4
Views: 2440

Re: Difference between /interface bridge filter and /ip filter?

Stateful wirespeed hardware firewall in switch chip? Are you sure? If you need such functionality, only software running on really powerful hardware can provide that. Or you have to lower your requirements... I was afraid of that. Welp. Seems I'll need to continue using CCRs as op software bridges ...
by lapsio
Wed Mar 07, 2018 8:46 pm
Forum: Beginner Basics
Topic: Difference between /interface bridge filter and /ip filter?
Replies: 4
Views: 2440

Re: Difference between /interface bridge filter and /ip filter?

Does MikroTik allow hardware ACLs? Because performance of ROS firewall is okay for internet/DMZ traffic but for LAN it's not really there yet. I mean yeah sure I actually use CCR1009 and use it as bridge with firewall to handle multi gigabit firewall but it sounds like terrible misuse of device. So ...
by lapsio
Tue Mar 06, 2018 11:44 pm
Forum: Beginner Basics
Topic: Difference between /interface bridge filter and /ip filter?
Replies: 4
Views: 2440

Difference between /interface bridge filter and /ip filter?

What is difference between /interface bridge filter and /ip firewall filter with ip firewall enabled in bridge settings? I mean more technically - is bridge filter hardware accelerated or something? I'm currently using /ip firewall filter for all filtering including L3 filtering between individual b...
by lapsio
Thu Feb 22, 2018 11:38 pm
Forum: RouterBOARD hardware
Topic: CCR1009 CPU bottlenecking without jumbo frames [SOLVED]
Replies: 2
Views: 557

Re: CCR1009 CPU bottlenecking without jumbo frames [SOLVED]

False alarm - I forgot CPU has been downclocked to 400Mhz because performance used to be sufficient anyways...
by lapsio
Thu Feb 22, 2018 11:14 pm
Forum: RouterBOARD hardware
Topic: CCR1009 CPU bottlenecking without jumbo frames [SOLVED]
Replies: 2
Views: 557

CCR1009 CPU bottlenecking without jumbo frames [SOLVED]

Hello. I just noticed that CCR1009 seems to bottleneck on CPU when sending data between 2 servers where one has MTU 9000 and another has 1500. It bottlenecks on single core (all cores are 0 except 1 that is 100%) and transfer is capped at around 23 MB/s. After setting MTU to 9000 on both sides load ...
by lapsio
Mon Jan 29, 2018 5:06 pm
Forum: General
Topic: ADD DYNAMIC VLAN ASSIGNMENT.
Replies: 37
Views: 16214

Re: ADD DYNAMIC VLAN ASSIGNMENT.

Is ethernet dvlan implemented already or not yet?
by lapsio
Sun Jan 28, 2018 9:35 pm
Forum: General
Topic: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?
Replies: 15
Views: 2537

Re: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?

But of course we don't want any reduced functionality or bugs that are caused by the change :-) Well one thing I can tell for sure is that this "standard-compliant" handling of vlans in all common enterprise switches is reason why we had to use MikroTik routers and switches instead of Cisco ones in...
by lapsio
Sun Jan 28, 2018 6:45 pm
Forum: General
Topic: VLAN aware bridges in 6.41 - difference between bridging /interface vlan?
Replies: 15
Views: 2537

VLAN aware bridges in 6.41 - difference between bridging /interface vlan?

Hi. What is functional difference between using /interface bridge vlan confing comparing to just creating /interface vlan on several interfaces and then bridging vlan interfaces? Also - is this new /interface bridge vlan menu replacement of old /interface ethernet switch vlan menu? (I can't check be...
by lapsio
Tue Jan 23, 2018 1:44 am
Forum: RouterBOARD hardware
Topic: Latency of CRS326/CSS326
Replies: 0
Views: 352

Latency of CRS326/CSS326

What is average transport latency of those MikroTik switches? I mean what is level of magnitude - miliseconds, microseconds, nanoseconds? With jumbo frames 9k lets say but it doesn't really matter to me if stats are known for other frame size. Are CRS226 slower/faster in this comparison?
by lapsio
Sun Dec 31, 2017 2:00 am
Forum: General
Topic: Apcupsd support?
Replies: 1
Views: 346

Apcupsd support?

Does MikroTik support connecting to remote UPS monitoring server using apcupsd? To eg. shutdown properly on low battery.
by lapsio
Sat Dec 09, 2017 4:47 am
Forum: RouterBOARD hardware
Topic: hEX nand size ONLY 16MB !!!!
Replies: 61
Views: 16757

Re: hEX nand size ONLY 16MB !!!!

Also I think there should be a desktop version of the RB3011, like the RB2011 desktop case. Agreed. There have been rumors that it's been actually planned but didn't come out due to insufficient resources availability. I'd totally get something like that tho :( Maybe at least offer standalone deskt...
by lapsio
Fri Dec 01, 2017 7:06 pm
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29378

Re: Why people pair UBNT APs with MikroTik routers?

My 2 cents... For some reason, i found that UBNT devices do a better job at bridging. So that makes it for me, 2 ubnt devices for link, Mtik Routers at the endpoints. How? You mean performance wise? Recently ROS moved to hw accelerated bridging from switch master port. Also there's fastpath and fas...
by lapsio
Fri Dec 01, 2017 7:02 pm
Forum: General
Topic: "New" default firewall config in ROS - why ipsec is default allowed?
Replies: 4
Views: 1768

Re: "New" default firewall config in ROS - why ipsec is default allowed?

Ipsec is accepted by RFC 6092 recommendations: ... Untracked was added also in relation to IPSec, in case when ipsec generates RAW rules automatically. ... Ok sounds legit for ipv4. However ipv6 variant allows to pass arbitrary traffic through ports 500 and 4500 even if there's no IPSec enabled on ...
by lapsio
Mon Nov 27, 2017 1:14 pm
Forum: General
Topic: "New" default firewall config in ROS - why ipsec is default allowed?
Replies: 4
Views: 1768

Re: "New" default firewall config in ROS - why ipsec is default allowed?

It's RB750G. Probably not updated since it arrived. Today I took it from our closet full of mikrotik devices because we sent like two dozens of RB950's to our clients for PoC installations and we simply ran out of "new" RBs so I had to resurrect some ancient junk. It had ROS v5 I don't remember whic...
by lapsio
Mon Nov 27, 2017 11:54 am
Forum: General
Topic: "New" default firewall config in ROS - why ipsec is default allowed?
Replies: 4
Views: 1768

"New" default firewall config in ROS - why ipsec is default allowed?

It might be a bit outdated question but for sure not too much as interface lists are still relatively new feature... anyways: Why new default ROS firewall config accepts by default ipsec wat??? it makes me feel really uncomfortable... And why default accept untracked connections - is there some tech...
by lapsio
Tue Nov 07, 2017 2:18 am
Forum: General
Topic: NATing entire subnet to bridge colliding address spaces
Replies: 1
Views: 223

NATing entire subnet to bridge colliding address spaces

I have 2 sites with own infrastructures. I'd like to connect them using VPN however unfortunately networks semantically the same (ones that should be bridged) have different address spaces so for example: site1---site2 192.168.2.0/24---172.16.14.0/24 192.168.4.0/24---172.30.130.0/24 192.168.3.0/24--...
by lapsio
Sat Oct 28, 2017 1:44 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29378

Re: Why people pair UBNT APs with MikroTik routers?

Recently few quite exotic client infrastructures and issues had led me to conclusion that any network device that doesn't allow running scripts (without additional Linux box) is usually realistically useless... I was also really surprised by fact that ROS ability to run user scripts on events/schedu...
by lapsio
Sun Oct 22, 2017 1:06 am
Forum: General
Topic: ROS firewall - DNS-ip corelarion enrichment?
Replies: 0
Views: 379

ROS firewall - DNS-ip corelarion enrichment?

Is there any "normal" way to corelate IP in ROS logs with DNS server running on ROS? I mean - I have firewall set up on ROS and DNS server. Is it possible for ROS to resolve IP to DNS using recent DNS queries?
by lapsio
Mon Oct 09, 2017 7:35 pm
Forum: Wireless Networking
Topic: What is connect-list and why do I need it?
Replies: 1
Views: 1068

What is connect-list and why do I need it?

Hello. I'm using MikroTik for many years and for the first time I got messages in logs like: sep/01 01:17:54 wireless,debug PiPi: wlan1: C2:9F:DB:8F:B5:20 failed to join recently sep/01 01:17:54 wireless,debug PiPi: wlan1: no network that satisfies connect-list, by default choose with strongest sign...
by lapsio
Sun Oct 08, 2017 10:30 pm
Forum: General
Topic: ROS ovpn-client doesn't verify server certificate.
Replies: 7
Views: 1340

Re: How ROS ovpn-client verifies server?

I tested it multiple times in various combinations and ovpn-client doesn't verify server certificate allowing trivial MIM attack and sniffing in networks with SSL decryptor proxy. I classify it as serious vulnerability making ovpn-client useless feature silently compromising security of network.
by lapsio
Fri Oct 06, 2017 3:44 pm
Forum: General
Topic: ROS ovpn-client doesn't verify server certificate.
Replies: 7
Views: 1340

Re: How ROS ovpn-client verifies server?

In order to see if it works I imported invalid certificate (of CA generated on other mikrotik, not one hosting ovpn) but ovpn-client still connects without any problem [lapsio@CHRgw] > /certificate print detail Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, ...
by lapsio
Fri Oct 06, 2017 1:53 am
Forum: General
Topic: ROS ovpn-client doesn't verify server certificate.
Replies: 7
Views: 1340

ROS ovpn-client doesn't verify server certificate.

I noticed that ovpn-client doesn't take server CA certificate as argument. How does ROS verify server then (if at all)
by lapsio
Wed Oct 04, 2017 7:47 pm
Forum: Wireless Networking
Topic: PEAP-MSCHAPv2
Replies: 46
Views: 7727

Re: PEAP-MSCHAPv2

Wait I was just trying to connect for an hour to realize that I had to type my username as supplicant-identity. What is difference between mschapv2-username and supplicant-identity? Linux systems (and Android) shows identity and anonymous identity or username and anonymous identity. Why those names ...
by lapsio
Fri Sep 29, 2017 4:20 pm
Forum: Wireless Networking
Topic: vwlan with CAPsMAN?
Replies: 1
Views: 286

Re: vwlan with CAPsMAN?

Okay I guess I figured it out - I need to add vwlans on CAPsMAN by adding more CAP interfaces on CAPsMAN with master interface set to original physical radio cap interface of CAP device. It'll create automatically vwlan interfaces on CAP device.
by lapsio
Fri Sep 29, 2017 3:49 pm
Forum: Wireless Networking
Topic: vwlan with CAPsMAN?
Replies: 1
Views: 286

vwlan with CAPsMAN?

Hello I'm testing what CAPsMAN is capable of and I really like fact that interfaces just appear on CAPsMAN device as "local" interfaces, but when I'm adding virtual wlans on CAP device it disconnects from CAPsMAN. I'm a bit confused - is there some other way of configuring multiple vwlan per radio w...
by lapsio
Thu Sep 28, 2017 12:31 pm
Forum: RouterBOARD hardware
Topic: How to use smart card slot in CCR?
Replies: 3
Views: 1962

Re: How to use smart card slot in CCR?

Okay so it seems this card is GlobalPlatform 2.1.1 Java Card (as mentioned in that old thread). I can order them as it looks quite affordable and easily available. I can get that even providing minimal volume is 20. http://www.cs-adams.pl/karta-hybrydowa-csa.html So assuming I have one, just unboxed...
by lapsio
Thu Sep 28, 2017 12:02 pm
Forum: RouterBOARD hardware
Topic: How to use smart card slot in CCR?
Replies: 3
Views: 1962

Re: How to use smart card slot in CCR?

I know I didn't want to necro bump topic without answer
by lapsio
Thu Sep 28, 2017 11:37 am
Forum: RouterBOARD hardware
Topic: How to use smart card slot in CCR?
Replies: 3
Views: 1962

How to use smart card slot in CCR?

How can I use Smart Card slot in CCR? As in how do i generate keys on such card and what card do I need (where to get such card)
by lapsio
Tue Sep 26, 2017 11:06 am
Forum: RouterBOARD hardware
Topic: Woobm-USB How Much Can It Do?
Replies: 31
Views: 4437

Re: Woobm-USB How Much Can It Do?

yes, RouterOS has supported USB-Serial adapters for quite some time.
What other kinds of usb devices does it support? >.>
by lapsio
Mon Sep 25, 2017 1:52 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM MPLS Support
Replies: 53
Views: 14004

Re: CRS317-1G-16S+RM MPLS Support

I´m dreaming of "Ethernet Over IP" (EoIP) with hardware acceleration on CRS317, .i.e. 10Gbit/s EoIP tunnels for Vmware VMotion (layer 2 interconnect). Would this be possible with the CRS317?
+1

But I doubt that it's ethernet over IP and IP is pretty much router stuff.
by lapsio
Mon Sep 25, 2017 12:54 pm
Forum: General
Topic: ROS anti-spoofing mechanics on routers/switches
Replies: 0
Views: 360

ROS anti-spoofing mechanics on routers/switches

Hello. Today I blew up lab network by accidentally assigning network address (172.30.130.30/24) to loopback device on one Linux machine. Linux responds to any address inside loopback assigned network so I ended up with machine that performed mass ip-spoofing and hijacked all IPs from entire network,...
by lapsio
Tue Sep 19, 2017 2:41 pm
Forum: RouterBOARD hardware
Topic: Mikrotik USB Port with WiFi USB Dongle
Replies: 13
Views: 17355

Re: Mikrotik USB Port with WiFi USB Dongle

Don't bother, it will not work no matter what anyone tell.
How about... forwarding USB to metarouter with openwrt? Then bridging it with virtual ethernet and using in host ROS? >.>
<determination intensifies> xD
by lapsio
Mon Sep 18, 2017 7:25 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM MPLS Support
Replies: 53
Views: 14004

Re: CRS317-1G-16S+RM MPLS Support

So .. I got landed with a batch of 3 of these .... and so far, VLans can't be configured in RouterOS/Winbox at all. Nevermind MPLS etc. Looks like the hardware hit the market before the software was ready. /M Welp... I guess you can say then that you use the only unmanaged full 10G switch in the ma...
by lapsio
Mon Sep 18, 2017 1:07 am
Forum: RouterBOARD hardware
Topic: hEX nand size ONLY 16MB !!!!
Replies: 61
Views: 16757

Re: hEX nand size ONLY 16MB !!!!

@jowos @netflow - hEX is multicore device - it wouldn't run metarouter anyways just like CCR don't. But I also don't like 16m storage. In fact - it's not really about storage bc idgaf but about storage expansion options - precisely why most devices don't have card slot and more importantly - why the...
by lapsio
Mon Sep 18, 2017 12:55 am
Forum: RouterBOARD hardware
Topic: Woobm-USB How Much Can It Do?
Replies: 31
Views: 4437

Re: Woobm-USB How Much Can It Do?

Yeah I'd also like to ask about this product. What it even is? Is it like routerboard with ROS powered via usb or is it more like just wifi card compatible with ROS devices with usb. Does ROS support other usb wifi cards as well? What Woobm really does and how ROS sees it. Can I use it as second wif...
by lapsio
Wed Sep 13, 2017 4:53 pm
Forum: Forwarding Protocols
Topic: ovpn client - routing loop problem
Replies: 0
Views: 379

ovpn client - routing loop problem

Hello. I'm using MikroTik CHR router as gateway for my VMs (physical interface forwarded to VM). Also for additional security and privacy it's using VPN client to connect to VPN server in my home. The problem is that when I actually AM at home it doesn't work properly for some reason. I think it's r...
by lapsio
Fri Sep 08, 2017 12:29 am
Forum: RouterBOARD hardware
Topic: Are routerboard products having silent hardware revisions?
Replies: 4
Views: 1421

Re: Are routerboard products having silent hardware revisions?

No I'm serious xD. I even found some old website that says it's 400mhz. So that I wonder what was previous cpu in this thing (if my theory is correct). Original mAP is quite old router, significantly older than hAP, hAP lite, mAP lite, hAP ac etc.
by lapsio
Thu Sep 07, 2017 11:35 pm
Forum: RouterBOARD hardware
Topic: Are routerboard products having silent hardware revisions?
Replies: 4
Views: 1421

Are routerboard products having silent hardware revisions?

Maybe my memory is a bit flawed but did this guy:

https://mikrotik.com/product/RBmAP2nD

always have 650 mhz cpu since the very first day it came out?
by lapsio
Sun Sep 03, 2017 11:44 pm
Forum: General
Topic: OpenVPN Server error: TLS failed
Replies: 43
Views: 76369

Re: OpenVPN Server error: TLS failed

Sorry for necro bumping but this issue seems to be still relevant. I'm getting TLS failed when require-certificate is set to "on". Without it openvpn works fine. I followed this tutorial: https://www.medo64.com/2016/12/simple-openvpn-server-on-mikrotik/ And additionally set certifiacates to trusted ...
by lapsio
Fri Sep 01, 2017 12:32 am
Forum: Scripting
Topic: mAP lite - easy physical script toggle?
Replies: 3
Views: 1093

Re: mAP lite - easy physical script toggle?

It turns out mikrotik is not ready after boot. Even after those 3 seconds. Waiting a bit more and doing everything really slowly makes scripts work properly. In case someone would be interested here are full scripts: [lapsio@PiPi] /system script> print without-paging Flags: I - invalid 0 name="modet...
by lapsio
Thu Aug 31, 2017 10:46 pm
Forum: Scripting
Topic: mAP lite - easy physical script toggle?
Replies: 3
Views: 1093

Re: mAP lite - easy physical script toggle?

I ran into an issue. Many issues: 1. [lapsio@PiPi] > /system routerboard mode-button set enabled=yes on-event=autorun Error, please generate supout file blah blah blah So i upgraded to release-candidate. Now it doesn't say anything. But I can't really print value and it doesn't seem to work [lapsio@...
by lapsio
Tue Aug 29, 2017 5:09 pm
Forum: Scripting
Topic: mAP lite - easy physical script toggle?
Replies: 3
Views: 1093

mAP lite - easy physical script toggle?

Hi I'm using mAP lite as my pocket swiss-knife ap / station for rackmount servers configuration when i need to connect them to dirty line or simply as ap on the go if there's no wifi in around. I made quite streamlined config scheme and script that is simple on/off toggle for station / ap mode (more...
by lapsio
Wed Aug 09, 2017 8:21 pm
Forum: RouterBOARD hardware
Topic: New product : HAP Mini (RB931-2ND)
Replies: 15
Views: 7891

Re: New product : HAP Mini (RB931-2ND)

Hello! So this MikroTik hAP mini can be used as a normal WIFI router right ? like Tp-LINK. And don't need to buy antennas or something else. Yes. It's preconfigured out of box this way. But you can use it for whatever you want. It uses internal antenna. Also comparing it to some consumer TP-Link is...
by lapsio
Wed Aug 02, 2017 12:41 pm
Forum: RouterBOARD hardware
Topic: Removing water residue
Replies: 6
Views: 698

Re: Removing water residue

Welp. I cleaned it but no luck so I gave up. Oh well at least I have some spare capacitors now xD
by lapsio
Mon Jul 31, 2017 11:39 am
Forum: RouterBOARD hardware
Topic: Removing water residue
Replies: 6
Views: 698

Re: Removing water residue

There are PCB specific cleaning sprays with rust and damp proof/removal effect, most come with a cleaning brush attachment to ease application (be gentle rubbing!).
You mean something like DeoxIT? I'm not sure how to google for such product.
by lapsio
Mon Jul 31, 2017 11:34 am
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM MPLS Support
Replies: 53
Views: 14004

Re: CRS317-1G-16S+RM MPLS Support

The system runs silently, but there are two fans for situations where ambient temperature gets close to maximum. They will run automatically and only when it gets too hot. Very nice! Would love if this mechanic could be added to the other CSS/CRS RM models as well. I agree it's incredibly awesome f...
by lapsio
Mon Jul 31, 2017 11:16 am
Forum: RouterBOARD hardware
Topic: Removing water residue
Replies: 6
Views: 698

Removing water residue

Hi. My friend asked me "to check if his router is dead". After disassembling it turned out that router has been watered at some point so badly that there's water residue all over the board. Unfortunately router has been connected to power and only power LED was active all the time. It's quite clear ...
by lapsio
Tue Jul 18, 2017 10:07 am
Forum: RouterBOARD hardware
Topic: CRS317 - any fresh info about that buddy?
Replies: 8
Views: 1313

Re: CRS317 - any fresh info about that buddy?

Oh god it's like few days in the market and It's already out of stock in case of many distributors xDDDD. I feel it'll be another CCR1009 in desktop chassis for which I had to wait 6 months to be available xD
by lapsio
Tue Jul 18, 2017 12:33 am
Forum: General
Topic: Any advantages of stateless firewall on RouterOS?
Replies: 4
Views: 812

Re: Any advantages of stateless firewall on RouterOS?

What do you mean by "pereformance hit" - memory, cpu or both? Also how serious it is? Device used here is RB951 so quite weak device considering it's handling monitoring traffic and parking lot hotspot I'd need to perform some tests to give more detailed info but roughly what's the performance impac...
by lapsio
Mon Jul 17, 2017 11:44 am
Forum: General
Topic: Any advantages of stateless firewall on RouterOS?
Replies: 4
Views: 812

Any advantages of stateless firewall on RouterOS?

I've noticed several times already that people configure RouterOS firewall in stateless fashion on production. Is there any actual reason not to use conntrack/fasttrack in more security critical installations? Because I have opportunity to "fix" terribly illegible and messed up mtk config backing mo...
by lapsio
Mon Jul 10, 2017 9:06 pm
Forum: Beginner Basics
Topic: Site-to-site VPN through NAT and firewall on one side
Replies: 1
Views: 524

Site-to-site VPN through NAT and firewall on one side

Hi, I need to connect remote lab network to primary lab network over VPN using VM installed in primary network. I have full control over remote lab however primary lab network is part of huge corporate infrastructure and port forwarding is not an option as It'd require a lot of changes. So network s...
by lapsio
Thu Jun 29, 2017 11:38 pm
Forum: Virtualization
Topic: Connecting to CHR over virtual serial port
Replies: 2
Views: 801

Re: Connecting to CHR over virtual serial port

Oooohh... so those 8 "linux" terms are not serial consoles... I can't believe I didn't realize that it's normal TTY, not STTY after more than decade in linux environments... I always used ROS on routerboards which never had VGA so somehow I assumed those are all unallocated serial ports, my bad. Tha...
by lapsio
Thu Jun 29, 2017 5:18 am
Forum: Virtualization
Topic: Connecting to CHR over virtual serial port
Replies: 2
Views: 801

Connecting to CHR over virtual serial port

I'm trying to connect to ROS in VirtualBox VM over serial port but it doesn't really seem to work. Did anyone manage to create such setup? When I'm connecting to ROS over certain serial it doesn't respond with anything even though /system console is enabled on all ports. I tried both host to guest a...
by lapsio
Fri Jun 16, 2017 6:16 pm
Forum: RouterBOARD hardware
Topic: Where did CRS226-24G-2S+RM disappear ?
Replies: 10
Views: 1909

Re: Where did CRS226-24G-2S+RM disappear ?

Besides - why 16mb flash? I mean it's understandable in those 19.99 routers like hAP lite,mini,mAP etc. But why CRS326? Why hEX, why PowerBox or OmniTik. Why all new devices that are not RB2011/RB3011/RB1100/CCR have 16mb flash? Is cost reduction really THAT high? You could at least give microSD slo...
by lapsio
Fri Jun 16, 2017 6:10 pm
Forum: RouterBOARD hardware
Topic: Where did CRS226-24G-2S+RM disappear ?
Replies: 10
Views: 1909

Re: Where did CRS226-24G-2S+RM disappear ?

It is still white, Lapsio, don't worry :)
Now I'm 100% convinced to get one
by lapsio
Thu Jun 15, 2017 3:50 am
Forum: RouterBOARD hardware
Topic: Powerful Wave 2 routers - when to expect?
Replies: 2
Views: 851

Re: Powerful Wave 2 routers - when to expect?

Look at when MTK introduced ac routers comparing to when this technology had hit the market.

So hold your horses cuz you're probably about to wait a while...
by lapsio
Thu Jun 15, 2017 3:33 am
Forum: RouterBOARD hardware
Topic: Where did CRS226-24G-2S+RM disappear ?
Replies: 10
Views: 1909

Re: Where did CRS226-24G-2S+RM disappear ?

But CRS326: Doesn't have LCD Has only 16 mb storage (my experience with hAP lite tells me that sometimes it's too few to even store few previous configuration versions and some scripts, and ROS behavior when you're out of storage is HIGHLY ambiguos. I got something like "unknown error") Higher power...
by lapsio
Wed Jun 07, 2017 12:41 am
Forum: RouterBOARD hardware
Topic: CRS317 - any fresh info about that buddy?
Replies: 8
Views: 1313

CRS317 - any fresh info about that buddy?

It's been a while since last time I heard any news about CRS317. Is there some new info? About expected release dates or something else interesting? Some pricing info, some photos, anything? Iirc it was announced for Q2 and it's June alreadys sooo... As long as you don't count from 0 it should be ou...
by lapsio
Mon Apr 03, 2017 2:03 am
Forum: SwOS
Topic: SwOS vs RouterOS considering switch-only functionality
Replies: 3
Views: 2016

SwOS vs RouterOS considering switch-only functionality

I have a question. Considering "refresh" of SwOS and that it's going to be available on this new hardcore 160 gbps switch - is it going to be new "flagship" OS for switch functionality? I mean - if I'm going to get CRS with RouterOS is it going to provide all functions available on CSS with SwOS, or...
by lapsio
Tue Mar 28, 2017 11:19 pm
Forum: Beginner Basics
Topic: DHCP assigns the same address to multiple machines
Replies: 1
Views: 382

Re: DHCP assigns the same address to multiple machines

Linux by default uses UUID as Client-ID for dhcp. Those were 2 cloned VMs with the same UUIDs. Changing Client-ID source to mac solved the issue. Just in case anyone has similar issue - options are: change UUID set unique MAC and set Client-ID source to MAC ([DHCP] ClientIdentifier=mac with systemd)...
by lapsio
Tue Mar 28, 2017 10:29 pm
Forum: Beginner Basics
Topic: DHCP assigns the same address to multiple machines
Replies: 1
Views: 382

DHCP assigns the same address to multiple machines

Hello. I've set up network and ROS offers the same address to 2 machines connected. Here's debug log: 19:19:42 dhcp,debug,packet dhcp-net1 received discover with id 1914728561 from 0.0.0.0 19:19:42 dhcp,debug,packet secs = 1 19:19:42 dhcp,debug,packet ciaddr = 0.0.0.0 19:19:42 dhcp,debug,packet chad...
by lapsio
Sun Mar 26, 2017 2:03 am
Forum: Virtualization
Topic: Adding more vCPUs increases latency
Replies: 4
Views: 771

Re: Adding more vCPUs increases latency

Ok. ROS version? Unless you are more specific it won't be possible to reproduce your results... Bugfix. I downloaded it like 4h ago xD I doubt they updated since then. 6.37.5. VDI image Other info: 2 interfaces (gw and lan), both bridged with host OS bridges - brwan and brvm. Functional vm bridged ...
by lapsio
Sun Mar 26, 2017 1:45 am
Forum: Virtualization
Topic: Adding more vCPUs increases latency
Replies: 4
Views: 771

Re: Adding more vCPUs increases latency

Which version?

Which kind of ethernet interface did you set in VirtualBox under Advanced settings?
virtio, KVM paravirtualization. VirtualBox 5.0.2
by lapsio
Sun Mar 26, 2017 12:31 am
Forum: Virtualization
Topic: Adding more vCPUs increases latency
Replies: 4
Views: 771

Adding more vCPUs increases latency

Hello Today I tried p-unlimited trial in VM and found out that when I add more than 1 vCPU latency skyrockets. With 1 vCPU I have 0.7 ms ping to edge router. However after increasing to 4 vCPUs ping dropped to above 9 ms (over 10 times). I trid it multiple times and it's reproducible. I'm using Virt...
by lapsio
Thu Mar 23, 2017 9:26 pm
Forum: Virtualization
Topic: RouterOS demo/limited free VM
Replies: 5
Views: 2497

Re: RouterOS demo/limited free VM

With VMware, it supports both vmxnet3 and pvscsi. I don't know about VirtualBox, but it should be very easy to try - either it will work or not. But I'm using Linux host so... Yes it is that simple. Except if it doesn't work - now step 2 - it doesn't work because ROS doesn't support it and it's nor...
by lapsio
Thu Mar 23, 2017 7:39 pm
Forum: Virtualization
Topic: RouterOS demo/limited free VM
Replies: 5
Views: 2497

Re: RouterOS demo/limited free VM

Oh it's just as simple as downloading and running image. Okay, ur the best xD. Also considering it's already CHR related thread... You could post some info about hypervisor settings (eg. you provide .vdi image so what settings should I use for VBox? I assumed Other Linux 2.6/3.x/4.x (32bit) but Othe...
by lapsio
Thu Mar 23, 2017 6:54 pm
Forum: Virtualization
Topic: RouterOS demo/limited free VM
Replies: 5
Views: 2497

RouterOS demo/limited free VM

Hi I remember some time ago I came across some info about educational limited ROS image or something like that - basically iirc it was possible to download VM image with router that had capped bandwidth at 1MB/s or something like that. Is that still available? And can I use it for software developme...
by lapsio
Mon Mar 13, 2017 10:51 am
Forum: RouterBOARD hardware
Topic: Which RB products feature system speaker?
Replies: 2
Views: 509

Which RB products feature system speaker?

Which routerboards feature system speaker (beeper)? Sometimes it's marked on block diagram but not all devices have them published on website.
by lapsio
Sat Mar 11, 2017 5:39 pm
Forum: General
Topic: What is MikroTik update server domain name?
Replies: 1
Views: 1668

Re: What is MikroTik update server domain name?

Okay tracked it down

upgrade.mikrotik.com
by lapsio
Sat Mar 11, 2017 5:23 pm
Forum: General
Topic: What is MikroTik update server domain name?
Replies: 1
Views: 1668

What is MikroTik update server domain name?

Hi. What domain names (or IPs) do I need to allow and on which port in orded to make auto uptade work? My firewall is blocking any internet access for important nodes and only update servers are whitelisted. I got IP 54.192.229.248 captured on fw but reverse DNS shows "cloudfront.net" so I'm not sur...
by lapsio
Thu Feb 23, 2017 2:21 pm
Forum: RouterBOARD hardware
Topic: CCR1009 local link performance - what sorcery is this???
Replies: 4
Views: 872

Re: CCR1009 local link performance - what sorcery is this???

it's a completely different CPU on those. A new Intel i7 CPU does more work per Hz than an old Pentium.. :) I thought Tile Gx is just another power efficiency optimized CPU like some ARM or MIPS. I totally didn't expect it to be anything high performance. It's... wow. I can't wait for metaROUTER su...
by lapsio
Thu Feb 23, 2017 2:10 pm
Forum: RouterBOARD hardware
Topic: CCR1009 local link performance - what sorcery is this???
Replies: 4
Views: 872

CCR1009 local link performance - what sorcery is this???

I used to have RB2011 as primary router between workstations. However I wanted to use firewall on bridge so fasttrack didn't work and I didn't want to use switch. Okay. Even with fasttrack RB2011 was bottlenecking at around 600-700mbps. Without fasttrack - it barely exceeded 120-150mbps when CPU was...
by lapsio
Fri Feb 17, 2017 12:38 am
Forum: Beginner Basics
Topic: Source based routing
Replies: 0
Views: 584

Source based routing

Hello lapsio@nuc ~> ip route show 10.0.0.0/24 dev brguestservice proto kernel scope link src 10.0.0.1 10.0.1.0/24 dev brguestlapsio proto kernel scope link src 10.0.1.1 10.0.2.0/24 dev brguestmilosz proto kernel scope link src 10.0.2.1 192.168.1.0/24 dev brhost proto kernel scope link src 192.168.1....
by lapsio
Fri Feb 17, 2017 12:20 am
Forum: General
Topic: Could you please change font color of combo interface? (bugfix?)
Replies: 2
Views: 564

Re: Could you please change font color of combo interface? (bugfix?)

As far as I know it's blue if the parent interface is disabled.
Oh. Indeed you seem to be right. That makes a bit of sense then. Kind of...
by lapsio
Thu Feb 16, 2017 9:08 pm
Forum: General
Topic: Could you please change font color of combo interface? (bugfix?)
Replies: 2
Views: 564

Could you please change font color of combo interface? (bugfix?)

Uhm... Could you please change color of combo interfaces in ssh/serial console? Because it's kind of illegible af... https://dl.dropbox.com/u/44131220/undeletable/susecap318.png No, seriously. Change it. https://dl.dropbox.com/u/44131220/undeletable/susecap318b.png OH JUST COME ON https://dl.dropbox...
by lapsio
Thu Feb 16, 2017 12:42 am
Forum: Beginner Basics
Topic: src addr in output chain
Replies: 1
Views: 296

src addr in output chain

Maybe quite silly question but - what is src address of packets going through output chain? 127.0.0.1 or interface address? Iirc on linux it's always 127.0.0.1 so i'd assume it's the same for MTK.
by lapsio
Tue Feb 14, 2017 9:15 pm
Forum: Beginner Basics
Topic: Maximizing MTU
Replies: 5
Views: 944

Re: Maximizing MTU

Mhm. So I need separate subnet & bridge for devices with 9k MTU, 4k MTU, and 1.5k MTU? That sounds like some management overhead and more points of failure but well if that's the only option then okay I guess :<
by lapsio
Tue Feb 14, 2017 8:28 pm
Forum: Beginner Basics
Topic: Maximizing MTU
Replies: 5
Views: 944

Re: Maximizing MTU

Don't use a bridge for things where you want best performance... Keep your servers on a separate switch and use jumboframes only there. Yeah but I also want firewall. I prefer firewall and general control/monitoring over performance. I have ip-firewall enabled on all bridge interfaces anyways so tr...
by lapsio
Tue Feb 14, 2017 8:07 pm
Forum: Beginner Basics
Topic: Maximizing MTU
Replies: 5
Views: 944

Maximizing MTU

Hi I had really nice plan to push MTU of primary bridge between servers to around 4-9k since it's supported by both CCR1009 and RB44Ge. However once I created bridge and added some VLANs to it in order to bridge with RB2011 as AP i noticed that L2 MTU dropped to max value supported by RB2011. Then a...
by lapsio
Fri Feb 10, 2017 6:51 pm
Forum: Beginner Basics
Topic: dst NAT ports range offset
Replies: 1
Views: 507

dst NAT ports range offset

Is it possible to perform port remap on whole range of ports? Lets say I have 3 servers .2.2, .2.3, .2.4 and one public IP .1.1 Is it possible to remap all 1024 privileged ports in following manner: ,1,1:[8000....9023] -> .2.2:[0..1023] .1.1:[9024...10047] -> .2.3:[0..1023] .1.1:[10048..11071] -> .2...
by lapsio
Sun Jan 29, 2017 8:06 am
Forum: RouterBOARD hardware
Topic: Poor quality of bundled manuals
Replies: 8
Views: 1011

Re: Poor quality of bundled manuals

How much bandwith you have? It's for LAN only. I use 10TB btrfs RAID6 array in PC with plenty of data (various graphical projects etc I'm not professionally related to networking, it's just hobby). From time to time I'm syncing it with laptop or backup drives in second machine over LAN and it takes...
by lapsio
Sun Jan 29, 2017 7:44 am
Forum: RouterBOARD hardware
Topic: Poor quality of bundled manuals
Replies: 8
Views: 1011

Re: Poor quality of bundled manuals

some type of hardware are buyed from professional. i do not see any CCR inside one home There always must be this first time https://lapsio.bestpony.ml/public/inet/ccr0.jpg all declaration of conformity, guide, brochure are online, why waste paper? I know I'm totally fine with online documents. The...
by lapsio
Sat Jan 28, 2017 9:11 pm
Forum: RouterBOARD hardware
Topic: What is exactly direct attach cable?... Does it contain SFP+ interface?
Replies: 15
Views: 2620

Re: What is exactly direct attach cable?... Does it contain SFP+ interface?

There's also a product called "active optical cable" which is a cable, usually uniaxial single mode fiber with a permanently attached pair of transceivers. It's hard for me to see the appeal of such a product over just getting a pair of SFP/SFP+/QSFP+ transceivers, and a pre-terminated lc-upc/lc-up...
by lapsio
Sat Jan 28, 2017 4:31 pm
Forum: RouterBOARD hardware
Topic: Poor quality of bundled manuals
Replies: 8
Views: 1011

Re: Poor quality of bundled manuals

CSR? CRS is not like CCR ... Manuals should reflect the physical model differences and contain the basic safety information. I'm kind of disappointed because whereas there's available RouterOS documentation which pretty much covers any aspect of software side I feel strong lack of corresponding doc...
by lapsio
Fri Jan 27, 2017 11:00 pm
Forum: RouterBOARD hardware
Topic: Poor quality of bundled manuals
Replies: 8
Views: 1011

Poor quality of bundled manuals

Hello I'd just like to point out that CCR manual mentions 192.168.88.1 as default IP on port Ether1 whereas irl there's no IP assigned to any port out of box / after factory reset and I had to assign it using touchscreen. I'm not sure if it's just my hardware but I've noticed the same thing about RB...
by lapsio
Thu Jan 26, 2017 3:34 pm
Forum: RouterBOARD hardware
Topic: How to remove MikroTik 1m DAC cable? [SOLVED]
Replies: 2
Views: 720

Re: How to remove MikroTik 1m DAC cable? [SOLVED]

Thanks it worked :)
by lapsio
Thu Jan 26, 2017 4:50 am
Forum: RouterBOARD hardware
Topic: How to remove MikroTik 1m DAC cable? [SOLVED]
Replies: 2
Views: 720

How to remove MikroTik 1m DAC cable? [SOLVED]

Hi I installed 1m DAC between RB2011 and CCR1009. It clicked and now I don't know how to pull it out. I tried dragging this black latch but it doesn't seem to work and latch looks quite fragile I don't want to damage it. I found some instructions about 40G qsfp modules that you should push cable and...
by lapsio
Thu Jan 26, 2017 2:54 am
Forum: RouterBOARD hardware
Topic: Which switch with CCR1016-12G?
Replies: 17
Views: 1944

Re: Which switch with CCR1016-12G?

Finally we got Mikrotik RB/CCR1016-12G (router) TP-LINK TL-SG1048 (switch) A question. I will connect 2 lines (two ISP) to same router, is it possible? Creating vlan maybe? BTW, I connect switch to port 2 of router (for example), can router see 48 ports switch? Thanks again. Afaik RouterOS doesn't ...
by lapsio
Thu Jan 26, 2017 2:48 am
Forum: Beginner Basics
Topic: How to connect to CCR1009 using RS232?
Replies: 1
Views: 687

How to connect to CCR1009 using RS232?

Hi, CC1009-PC just arrived and providing it has RS232 port and I happen to have RS232 port in PC and RS232 cable I'd like to configure router using RS232 instead of ssh/web/winbox. So I connected cable aaaand I think it doesn't work. I never really used serial port in Linux before. I tried to connec...
by lapsio
Sat Jan 21, 2017 2:14 am
Forum: RouterBOARD hardware
Topic: Which switch with CCR1016-12G?
Replies: 17
Views: 1944

Re: Which switch with CCR1016-12G?

Maybe CSS326 then? it's using SwOS but it's significantly cheaper. And still provides 10g despite low price.
by lapsio
Wed Jan 18, 2017 2:29 am
Forum: RouterBOARD hardware
Topic: CSS326-24G-2S+RM - with POE
Replies: 7
Views: 5617

Re: CSS326-24G-2S+RM - with POE

The CCS looks more like a "smart" switch, i.e to compete with the lower end other brands "managed" switches - yet the Mikrotik has more features. Interesting that they are continuing with SWOS though. It's still confusing I keep failing to get difference between SwOS and ROS /switch menu in webfig ...
by lapsio
Mon Jan 16, 2017 10:58 pm
Forum: RouterBOARD hardware
Topic: CSS326-24G-2S+RM - with POE
Replies: 7
Views: 5617

Re: CSS326-24G-2S+RM - with POE

What is difference between CRS226 and CCS326? And why CCS is so much cheaper? Is it only about SwOS? Does SwOS offer less than ROS from switch functionality point of view?
by lapsio
Mon Jan 16, 2017 10:36 pm
Forum: RouterBOARD hardware
Topic: RB3011UiAS-RM max internet speed
Replies: 3
Views: 1328

Re: RB3011UiAS-RM max internet speed

That assumes of course your configuration doesn't disable fasttrack. Performance impact from lack of fasttrack is serious (on RB2011 in my case it drops from around 800mbps to barely above 100mbps)
by lapsio
Sun Jan 15, 2017 11:33 pm
Forum: RouterBOARD hardware
Topic: New product : HAP Mini (RB931-2ND)
Replies: 15
Views: 7891

Re: New product : HAP Mini (RB931-2ND)

OOOEEEMGEEE this is the cutest little MikroTik I've ever seen! And I thought mAP lite is already cute. Must have as personal portable mtk router on the go :D
by lapsio
Sun Jan 15, 2017 11:27 pm
Forum: Scripting
Topic: Some Music
Replies: 10
Views: 13314

Re: Some Music

Oh my god... This is exactly what i was looking for as notification sound about detected server failure... MORE :D
by lapsio
Sun Jan 15, 2017 7:02 pm
Forum: Beginner Basics
Topic: What's the reason to use SwOS instead of RouterOS?
Replies: 11
Views: 7851

Re: What's the reason to use SwOS instead of RouterOS?

Just because it's an OS doesn't mean that it can just be installed anywhere, swos can only be installed on rb260/260gsp I thought it's based on Linux kernel like RouterOS. I never saw in my life device not capable of booting Linux as long as arch is supported and there's a way to provide boot image.
by lapsio
Sun Jan 15, 2017 6:36 pm
Forum: Beginner Basics
Topic: What's the reason to use SwOS instead of RouterOS?
Replies: 11
Views: 7851

Re: What's the reason to use SwOS instead of RouterOS?

I think you missing the question and it's a good one. What reason would you have to use swos vs routers (except if you haven't managed to learn the difficult paths of the switch menu). All switching is hardware (or should be) so there is no performance benefit. RouterOs then has all of its built in...
by lapsio
Sun Jan 15, 2017 2:50 pm
Forum: Beginner Basics
Topic: What's the reason to use SwOS instead of RouterOS?
Replies: 11
Views: 7851

Re: What's the reason to use SwOS instead of RouterOS?

Swos is suitable for limited hardware. Lighter than RouterOS so when you have good hardware run RouterOS. Question was related to announced CSR317 which is supposed to support both thus I'm quite confused. It totally doesn't look like "limited hardware" at least not more limited than current CRS se...
by lapsio
Sun Jan 15, 2017 2:40 pm
Forum: Beginner Basics
Topic: What's the reason to use SwOS instead of RouterOS?
Replies: 11
Views: 7851

What's the reason to use SwOS instead of RouterOS?

Is there any reason to use SwOS instead of RouterOS on devices that support both? As in - does SwOS provide any feature ROS doesn't?
by lapsio
Sat Jan 14, 2017 12:51 pm
Forum: RouterBOARD hardware
Topic: What is exactly direct attach cable?... Does it contain SFP+ interface?
Replies: 15
Views: 2620

Re: What is exactly direct attach cable?... Does it contain SFP+ interface?

... Is it okay? I tried looking for 850nm but most shops don't mention wavelength so I'm a bit confused. It's ok for S+85DLC03D but why don't you use the DAC ? I must say It was quite disappointing to hear that DAC is copper :< Because I really wanted to use optical interface for the first time in ...
by lapsio
Fri Jan 13, 2017 5:11 pm
Forum: RouterBOARD hardware
Topic: What is exactly direct attach cable?... Does it contain SFP+ interface?
Replies: 15
Views: 2620

Re: What is exactly direct attach cable?... Does it contain SFP+ interface?

Sorry, I tried really hard to not ask "lazy questions" but I'm googling for hours, reading dozens of optical patchcords guides and I still have no idea which parameters of cable matter. For now I know that I need: LC-LC multi mode duplex Patchcord, possibly good quality (OM2/3 means good right?). Is...
by lapsio
Fri Jan 13, 2017 10:19 am
Forum: RouterBOARD hardware
Topic: What is exactly direct attach cable?... Does it contain SFP+ interface?
Replies: 15
Views: 2620

Re: What is exactly direct attach cable?... Does it contain SFP+ interface?

To make it explicit: DAC cable is not optical cable, but copper cable.
:o

Is S+85DLC03D faster then (lower latency)? Or it makes no difference on such short distance? Or higher latency because of optical signal generation overhead?
by lapsio
Fri Jan 13, 2017 4:47 am
Forum: RouterBOARD hardware
Topic: What is exactly direct attach cable?... Does it contain SFP+ interface?
Replies: 15
Views: 2620

Re: What is exactly direct attach cable?... Does it contain SFP+ interface?

I think it would be nice if MTK would explicitly mention that package includes SFP+ interfaces. At least in brochure or somewhere deeper. I mean well I know I could be more careful with shopping but still for people new in this topic it's not that obvious and photos usually show products with some a...
by lapsio
Thu Jan 12, 2017 8:46 pm
Forum: RouterBOARD hardware
Topic: What is exactly direct attach cable?... Does it contain SFP+ interface?
Replies: 15
Views: 2620

What is exactly direct attach cable?... Does it contain SFP+ interface?

Hello I ordered CCR1009 and I'm planning to connect it to CSR using 10g SFP+. So I also ordered 2x S+85DLC03D and 1m direct attach sfp+ cable. Because well I thought it's CABLE I can plug into those S+85DLC03D as name says. But... I see that there's 1m/3m DAC on SFP comparibility list and... I think...
by lapsio
Thu Jan 12, 2017 7:06 pm
Forum: RouterBOARD hardware
Topic: CCR1009-PC how it handles overheating?
Replies: 7
Views: 1564

CCR1009-PC how it handles overheating?

Hello I have some questions regarding cooling of CCR1009 in PC variant. It's relatively powerful device, passively cooled unlike rackmoount version and also has a bit downclocked CPU. Passive cooling is quite static from hardware point of view as there's no equivalent of increasing fan rpm, so here ...
by lapsio
Thu Jan 12, 2017 4:21 pm
Forum: General
Topic: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?
Replies: 7
Views: 2194

Re: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?

fastest way to get packet through - FASTPATH if you need connection tracking (NAT in most cases) , and nothing else - FASTTRACK. If you need to use other features, but some traffic doesn't require connection tracking - RAW table Can I use FASTPATH on RouterOS? Edit: nvm found it. There's quite a lo...
by lapsio
Wed Jan 11, 2017 10:36 pm
Forum: General
Topic: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?
Replies: 7
Views: 2194

Re: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?

JFYI: accept action in raw table does not mean to bypass all others. Oh. So action accept in RAW just ends packet processing in RAW table? I thought it maybe stops all tables processing as in skips NAT, filtering, mangling etc. In case it doesn't i guess it makes sense how those 2 things can't be u...
by lapsio
Wed Jan 11, 2017 5:45 pm
Forum: General
Topic: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?
Replies: 7
Views: 2194

Re: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?

as you know raw is feature to drop packets before connection tracking it means that we can drop packets before the packets process by router. fast track (FastPath+contrack=fasttrack) actually usage of fast track and raw dependence based on scenario and solution.(fast track use mange facility and wo...
by lapsio
Mon Jan 09, 2017 8:30 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM MPLS Support
Replies: 53
Views: 14004

Re: CRS317-1G-16S+RM MPLS Support

So it seems from the looks of it on the back we see a heatsink. Does that mean that this switch will be fully fanless? Or will it have a fan on the inside? I think this heatsink looks exactly the same as one in CCR1009-PC so my blind guess is that it's passive because this heatsink internally looks...
by lapsio
Mon Jan 09, 2017 7:46 pm
Forum: Scripting
Topic: swap 2 interfaces in whole config
Replies: 1
Views: 332

swap 2 interfaces in whole config

Hi I'm using RB2011 as terminal router and I made terrible mistake of using gigabit interface for WAN even though it's only 60/6 DSL. All other 4 gigabit ports are used for machines capable of producing gigabit traffic. Now one gigabit socket got physically damaged and doesn't work so I need 1 more ...
by lapsio
Sat Jan 07, 2017 10:26 am
Forum: General
Topic: winbox for ubuntu
Replies: 37
Views: 34921

Re: winbox for ubuntu

I'm still at a loss as to why using WINE to run Winbox is such an issue? Why not implore devs to do something useful rather than create functionality we already have? Idk, have you ever read "Why it's bad idea to install X in production environment"? or "Why it's bad idea to install gcc in producti...
by lapsio
Fri Jan 06, 2017 11:51 am
Forum: General
Topic: winbox for ubuntu
Replies: 37
Views: 34921

Re: winbox for ubuntu

I'm still at a loss as to why using WINE to run Winbox is such an issue? Why not implore devs to do something useful rather than create functionality we already have? Idk, have you ever read "Why it's bad idea to install X in production environment"? or "Why it's bad idea to install gcc in producti...
by lapsio
Mon Dec 19, 2016 8:22 pm
Forum: RouterBOARD hardware
Topic: New CCR1009-7G-1C-1S+PC ?
Replies: 5
Views: 3367

Re: New CCR1009-7G-1C-1S+PC ?

I wanted to order it but it was available for literally 2 days and now It's out of stock again... Was it like pilot series to check if it sells well and real supplies are still to come or we need to wait another 3 months till it's gonna be available again?
by lapsio
Mon Dec 19, 2016 2:12 pm
Forum: General
Topic: V7 ALPHA/BETA Testers needed?
Replies: 45
Views: 10507

Re: V7 ALPHA/BETA Testers needed?

You obviously didn't get what I am talking about... I am not moaning here that I so desperately want v7 and they should release an unfinished anything - I am ok with v6 and its features but what I don't like is how the way how the whole v7 thing is being communicated. Mikrotik should give some offi...
by lapsio
Sun Dec 18, 2016 6:06 pm
Forum: General
Topic: winbox for ubuntu
Replies: 37
Views: 34921

Re: winbox for ubuntu

I am waiting for a snap rather than a deb or rpm.
We can have .tar.gz because I don't see any reason why should it be packaged for deb, for rpm, for slax, for arch, for gentoo, for slackware, for whatever the hell you use...
by lapsio
Sun Dec 18, 2016 5:51 pm
Forum: Beginner Basics
Topic: Mikrotik hap lite - hardware sufficient for me?
Replies: 7
Views: 1413

Re: Mikrotik hap lite - hardware sufficient for me?

I'm using 2 hAPs lite and RB2011 and biggest problem with hAP lite is 10/100 ethernet. I mean when you're using this device in LAN for lets say transferring data through Samba shares or NFS, sshfs, ftp, whatev you'll be seriously bottlenecked by 10/100 socket. It's around 8-10MB/s realistically. Whe...
by lapsio
Sun Dec 18, 2016 5:36 pm
Forum: General
Topic: V7 ALPHA/BETA Testers needed?
Replies: 45
Views: 10507

Re: V7 ALPHA/BETA Testers needed?

Forum section says "RouterOS v6 RC and v7 BETA". But apart from this thread I don't see anything about v7 nor any download links or something. So is there actually any v7 BETA or it's just misleading forum section name that probably should be changed in order to avoid misunderstanding?
by lapsio
Sat Dec 17, 2016 8:28 pm
Forum: General
Topic: winbox for ubuntu
Replies: 37
Views: 34921

Re: winbox for ubuntu

Ideally winbox should be written in Java, let say using swing as GUI, or even much better newly created technology JavaFX You mean like now Linux users complain about WINE as huge "useless" dependency, with Java WinBox everyone could join the party and complain the same way about Java? Yep, sounds ...
by lapsio
Sat Dec 17, 2016 6:48 pm
Forum: General
Topic: Feature request: Port-based VLAN for routers with switch-chip
Replies: 14
Views: 2274

Re: Feature request: Port-based VLAN for routers with switch-chip

In fact I guess MTK switches don't support it either.

https://community.hpe.com/t5/Switches-H ... -p/3652542

Here you can find some guy trying to do that on HP switch and it didn't work as expected.
by lapsio
Sat Dec 17, 2016 6:26 pm
Forum: General
Topic: Feature request: Port-based VLAN for routers with switch-chip
Replies: 14
Views: 2274

Re: Feature request: Port-based VLAN for routers with switch-chip

So packets incoming to port 3 or 4 should be assigned to... which VLAN? Because I'm afraid packet can be assigned only to 1 VLAN. I think i see what you mean now by port-based VLANs and why you see it as something different from internal tagged vlans. I don't know if it always works like this but in...
  • 1
  • 2