Community discussions

Search found 2489 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 50
by mkx
Wed Jul 24, 2019 9:27 am
Forum: Wireless Networking
Topic: 160MHz support for US RB4011
Replies: 2
Views: 86

Re: 160MHz support for US RB4011

For 160MHz channel, it would have to be possible to use a contigous 160MHz frequency channel. Which with limitations from "united states3" is not the case: chunk from 5170MHz to 5250MHz is exactly 80MHz wide, thus it can be used for 80MHz channel or 80+80MHz channel (one half of it) chunk from 5735M...
by mkx
Tue Jul 23, 2019 10:58 pm
Forum: RouterBOARD hardware
Topic: NetInstall -> Flashing with RouterOS 6.45.1
Replies: 2
Views: 289

Re: NetInstall -> Flashing with RouterOS 6.45.1

Hello Mikrotik support,

This forum is not really official support channel, rather users's chat room with occasional MT personnel fly-by. If you expect response from MT, contact them at support@mikrotik.com ...
by mkx
Tue Jul 23, 2019 8:05 pm
Forum: General
Topic: Bond: link loss is not detected by Mikrotik (LACP)
Replies: 3
Views: 244

Re: Bond: link loss is not detected by Mikrotik (LACP)

Mii monitoring works approximately as well as speed (and duplex) auto-negotiation. I.e. it can sometimes fail if connection is marginal ... Which opens a question: is there a good reason not to allow autonegotiation on those two links?
by mkx
Tue Jul 23, 2019 4:03 pm
Forum: Wireless Networking
Topic: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station?
Replies: 2
Views: 159

Re: Mikrotik AP using 40Mhz but not find on the AP on the Ubiquiti station?

A few days ago I was playing with similar setup (PtP link on 5GHz) and I had a similar problem. I was using two hAP ac lites (so Mikrotik on both sides). One thing: according to wikipedia list of channels , frequency 5800 doesn't seem to be a valid channel, it seems like one should choose either 578...
by mkx
Tue Jul 23, 2019 3:53 pm
Forum: General
Topic: [ASK] FastTrack for SpeedTest
Replies: 6
Views: 285

Re: [ASK] FastTrack for SpeedTest

Of course it will not be useful for fasttrack, because connection marks are not processed for fasttracked connections. I guess it may serve OP's purpose ... connection marks are not processed for fasttracked connections because once a connection is fasttracked, it can not be un-fasttracked and will...
by mkx
Tue Jul 23, 2019 10:58 am
Forum: General
Topic: Watchdog biting on an unreliable connection - queue issue
Replies: 2
Views: 132

Re: Watchdog biting on an unreliable connection - queue issue

My personal view (I'm sure many around here will disagree) is that ICMP with so many network admins (and "admins") blocking it is inherently unreliable. Thus it's unfit to depend upon for device watchdog unless you control all devices involved. E.g. it is probably fine to use pings against some othe...
by mkx
Tue Jul 23, 2019 10:44 am
Forum: Beginner Basics
Topic: Q: src.port <> dst.port
Replies: 4
Views: 226

Re: Q: src.port <> dst.port

Regarding firewall > nat forwarding settings .. In general>src.port field there is "25,80,443,587" and in action>dst.port field there is "25-587" Be careful. There are 3 distinct port settings: src-port , dst-port and to-ports ... src-port check the port used by client. Usually that's some random h...
by mkx
Mon Jul 22, 2019 10:18 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 62
Views: 3632

Re: 1wan + 2 lan isolated from each other

Sigh ... You mentioned: you don't have corresponding /ip dhcp-server network nor /ip dhcp-server ... . Maybe I don´t understand you but I think I do have the network: add address=192.168.1.200/30 dhcp-option=option_para_deco dns-server=172.26.23.3 gateway=192.168.1.1 \ netmask=24 and no need for a d...
by mkx
Mon Jul 22, 2019 7:09 pm
Forum: RouterBOARD hardware
Topic: Mikrotik RBSXTR (No Modem) 9dBi 60 degree LTE Antenna
Replies: 8
Views: 669

Re: Mikrotik RBSXTR (No Modem) 9dBi 60 degree LTE Antenna

I'm not to knowledgeable when it comes to antennas. The negative gain... this is usually in relation to something? In short: yes, this is relative figure - imaginnary truly omni-directional antenna would have gain of 0dBi). Higher the number, better signal. The most ordinary dipole antennae have ga...
by mkx
Mon Jul 22, 2019 4:29 pm
Forum: General
Topic: IPTV Lan Help.
Replies: 10
Views: 557

Re: IPTV Lan Help.

Solution by @sindy is for sure more resource-effective. I just wrote minimum changes from your current setup. I'd suggest you first implement my changes and if IPTV starts to work, go ahead and implement what @sindy wrote.
by mkx
Mon Jul 22, 2019 4:27 pm
Forum: General
Topic: Bond: link loss is not detected by Mikrotik (LACP)
Replies: 3
Views: 244

Re: Bond: link loss is not detected by Mikrotik (LACP)

What is setting of link-monitoring attribute of bond? Not every interface and every mode supports all possible values.
by mkx
Mon Jul 22, 2019 4:21 pm
Forum: General
Topic: NAT and Firewall forward rules
Replies: 5
Views: 265

Re: NAT and Firewall forward rules

Default ROS firewall includes the following two rules: ... filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked" ... filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-inte...
by mkx
Mon Jul 22, 2019 4:09 pm
Forum: Beginner Basics
Topic: New filter rules ?
Replies: 6
Views: 402

Re: New filter rules ?

Rules #0, #6 and #7 are around for quite some time (let's say at least since 6.42 if not earlier ... rule #0 is probably around ever since fast-track got introduced) ... rule #4 is new to me as well ...
by mkx
Mon Jul 22, 2019 4:03 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 62
Views: 3632

Re: 1wan + 2 lan isolated from each other

I don't know what exactly you mean by "I must have stopped the ipTV service" ... but you don't have DHCP server running on LAN2 - you don't have corresponding /ip dhcp-server network nor /ip dhcp-server ...
by mkx
Mon Jul 22, 2019 9:18 am
Forum: General
Topic: IPTV Lan Help.
Replies: 10
Views: 557

Re: IPTV Lan Help.

OpenWRT IPTV create a switch -> Vlan 20 CPU = Tagged ethernet1/wan connection = Tagged ethernet3/IPTV connection = Untagged Create an interface name: IPTV static address: 192.168.2.245 IPV4 gateway: 255.255.255.0 Physical settings Vlan interface:eth0.20 This part would be probably translated to ROS...
by mkx
Sun Jul 21, 2019 12:33 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 104
Views: 12983

Re: v6.45.2 [stable] is released!

Did you reboot device after uploading additional .npk's? What does log contain about it?

BTW, security requires DHCP package ....
by mkx
Sun Jul 21, 2019 11:53 am
Forum: RouterBOARD hardware
Topic: Mikrotik RBSXTR (No Modem) 9dBi 60 degree LTE Antenna
Replies: 8
Views: 669

Re: Mikrotik RBSXTR (No Modem) 9dBi 60 degree LTE Antenna

The PDF linked in previous post shows gain pattern in the bottom two charts. The left chart shows gain as function of frequency in low frequency bands and prooves that the dish is mediocre antenna for these frequencies at best (simple dipole antenna would have gain of around 2dBi but in narrow frequ...
by mkx
Sat Jul 20, 2019 5:58 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 104
Views: 12983

Re: v6.45.2 [stable] is released!

Cannot upgrade HAP lite series

Did you bother to scan through even this topic? It's been mentioned many times that hAP lite devices have low amount RAM and flash and sadly some steps have to be taken to get them to upgrade.
by mkx
Sat Jul 20, 2019 5:55 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 104
Views: 12983

Re: v6.45.2 [stable] is released!

Sysadmins that know Mikrotik well also know not to update anything for a few days after release or to do updates on non-critical test HW first. It's always nice to see a new release, but then I always have to check the forum to see how broken it actually is... that's the reality. But Mikrotik is al...
by mkx
Sat Jul 20, 2019 5:46 pm
Forum: General
Topic: Need to set up access to NAS openvpn
Replies: 40
Views: 2078

Re: Need to set up access to NAS openvpn

True about the mask, but it really is unusual, /18 is huge network .... One of larger ISPs in my country (which in turn is fairly small) operating FTTH and VDSL used /16 netmask until a year ago. They went to /17 after that. Still some way to reach /18 ;-) Their network is running fairly good, seem...
by mkx
Sat Jul 20, 2019 2:52 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 104
Views: 12983

Re: v6.45.2 [stable] is released!

I've got a hAP-lite and hAP-mini in a test setup for OSPF routing, neither will upgrade. hAP's need quite some free RAM, they download upgrade packages to RAM disk. I fear that devices with tiny 32MB RAMs are on their edge if you run OSPF ... as it needs some RAM to contain routing tables. Same pro...
by mkx
Fri Jul 19, 2019 1:21 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 45
Views: 8119

Re: v6.46beta [testing] is released!

I understand that they are using TTL this way to spread users over the servers. Using short TTL for load-sharing is abuse of DNS TTL. This kind of load sharing should be done by adding multiple A records to same FQDM and let DNS round-robin mechanism to spread the load. I understand that it's out o...
by mkx
Fri Jul 19, 2019 9:07 am
Forum: General
Topic: Block Chromecast
Replies: 5
Views: 426

Re: Block Chromecast

There are a few problems with your setup. I'm assuming your AP1 has similar configuration ... AP1 (LAN part of it at least) and AP2 share same L2 domain ... this is an assumption as you didn't post config of AP1. Which means that only one DHCP server (on one of APs) should be running Your subnet is ...
by mkx
Fri Jul 19, 2019 8:42 am
Forum: Beginner Basics
Topic: cant ping the second subnet on vpn site to site
Replies: 3
Views: 245

Re: cant ping the second subnet on vpn site to site

Probably it has to do with your fi]/ip firewall[/i] settings ... on both HQ and branch routers. Crystal ball is moot these days, so instead post complete config of both routers and we might get some idea. Export configs using /export hide-sensitive ...
by mkx
Fri Jul 19, 2019 8:38 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 62
Views: 3632

Re: 1wan + 2 lan isolated from each other

Using custom chains has certainly some good effects: you can reuse same filters for multiple original chains (e.g. if you want to limit ICMP traffic to certain types and you want to do it for both chain=input and chain=forward) and you jump to the generic chain (filter rule execution returns to the ...
by mkx
Thu Jul 18, 2019 11:00 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 553
Views: 131768

Re: RouterOS v7.0 beta1 - when?

Another one time... When chupaca... When can we use ROS v7?
We won't use ROS v7, ROS v7 will use us ...
by mkx
Thu Jul 18, 2019 10:57 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 45
Views: 8119

Re: v6.46beta [testing] is released!

It would be nice if the TTL of the resolved domain could be ignored in the settings of IKEv2. TTL in DNS system is there with a reason. Every sane DNS admin will have loong TTLs when changes are not expected. So when TTL is short, it shouldn't be overriden, could be that IP address will really chan...
by mkx
Thu Jul 18, 2019 10:36 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 62
Views: 3632

Re: 1wan + 2 lan isolated from each other

The top-most firewall rule accepts just everything and none of later rules for chain=forward don't restrict anything. The default fast-track rule greediness is limited by condition connection-state=established,related . But fast-tracking also goes in the way of mangling, so you may want to disable t...
by mkx
Thu Jul 18, 2019 10:11 pm
Forum: General
Topic: RB750GR3 dropping camera data
Replies: 7
Views: 522

Re: RB750GR3 dropping camera data

However, there's a loopback adapter which then gives the camera an IP of 192.168.0.129.

Can you post a sketch of network layout with physical connections and addresses of the interfaces? Can be hand-drawn and photographed.
by mkx
Thu Jul 18, 2019 10:05 pm
Forum: General
Topic: Block Chromecast
Replies: 5
Views: 426

Re: Block Chromecast

By using chain=forward ... input is for traffic targeting router/AP itself.

And even if you fix it, it can happen it still won't work, depending on overall configuration of AP2. So if it doesn't work, post complete output of command /export hide-sensitive
by mkx
Thu Jul 18, 2019 6:09 pm
Forum: General
Topic: RB750GR3 dropping camera data
Replies: 7
Views: 522

Re: RB750GR3 dropping camera data

Move ip address to "interface" bridge1 ... your current setup is not correct even though things seem to work somehow. While it might seem that it has nothing to do with your problems, it might interfere (some weird problems have already been reported in this forum that went away after such error was...
by mkx
Thu Jul 18, 2019 5:49 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 56670

Re: v6.45.1 [stable] is released!

My thinking is that using STP to create redundant links between two directly attached devices is (slight) abuse.

In this case it would be better to use bonding. There are many varieties, if you only want to have backup line, you can use active-backup mode.
by mkx
Thu Jul 18, 2019 9:16 am
Forum: General
Topic: Possible to get port MAC used in Agent Remote ID field?
Replies: 3
Views: 249

Re: Possible to get port MAC used in Agent Remote ID field?

What you see in Remote Agent ID is HEX notation of text string "CC:2D:E0:67:38:B9" ... 0x43 is "C", 0x3a is ":" etc. If you wanted Remote Agent ID returned in the same way as MAC (less formatting, which includes ":" signs), you'd have to enter port name as some text garbage, but in ISO 8859-2 code p...
by mkx
Thu Jul 18, 2019 9:06 am
Forum: General
Topic: Firewall question
Replies: 6
Views: 414

Re: Firewall question

SMTP servers have all the information needed to make educated decision about rate limiting. Some SMTP servers support limiting incoming mail rate.
by mkx
Thu Jul 18, 2019 8:53 am
Forum: Beginner Basics
Topic: Redirecting to another port [SOLVED]
Replies: 6
Views: 413

Re: Redirecting to another port [SOLVED]

You'll have to use /interface bridge settings set use-ip-firewall=yes , disable HW acceleration on one (or both) involved ether ports (to force traffic through router's CPU) and then construct appropriate NAT rules (probably a single rule would do but make it specific enough so that it doesn't mess ...
by mkx
Thu Jul 18, 2019 8:44 am
Forum: Beginner Basics
Topic: Interface Confusion IP Firewall Filter
Replies: 1
Views: 162

Re: Interface Confusion IP Firewall Filter

ROS firewall has notion of connection states. Usual approach is to use a quite general firewall rule near to beginning of firewall rule list add action=accept chain=forward connection-state=established,related,untracked which passes packets of connections which have already been allowed by other rul...
by mkx
Thu Jul 18, 2019 8:31 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 62
Views: 3632

Re: 1wan + 2 lan isolated from each other

How should I proceed with the firewall to separate the lans? see post #24 by @anav In addition to those 2 rules, add rule which allows necessary connectivity between management devices in 192.168.1.0/24 and AP (IP address 172.16.24.120) ... possibly limit the connectivity to only a few necessary po...
by mkx
Thu Jul 18, 2019 8:15 am
Forum: Beginner Basics
Topic: VLAN Bridge Filtering ALternative
Replies: 9
Views: 721

Re: VLAN Bridge Filtering ALternative

Specs say that RB450Gx4 uses IPQ4019 SoC which in turn is supposed to have AR8327 switch chip embedded. If it's true what @tdw writes about Atheros' proprietary extension (and I believe he's right) and if that embedded switch chip really is complete AR8327 (I've mild doubts about that, my RBD52G usi...
by mkx
Thu Jul 18, 2019 8:08 am
Forum: Beginner Basics
Topic: APbridge mode vs Station mode [SOLVED]
Replies: 3
Views: 303

Re: APbridge mode vs Station mode [SOLVED]

what is the difference between the ap-bridge mode and station mode. Basic operation of WiFi is point to multipoint. The role of central device (access point) are numerous: it broadcasts system information, such as SSID, encryption configuration (WEP, WPA, WPA2), etc. selects frequency channel to wo...
by mkx
Wed Jul 17, 2019 9:03 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 62
Views: 3632

Re: 1wan + 2 lan isolated from each other

I still think that Ubiquiti AP doesn't like address 172.16.24.2 for its management interface. And that RB config is fine regarding that. What still confuses me is that it obviously falls back to some weird default configuration if it can't connect to management console after restart. Can't you confi...
by mkx
Wed Jul 17, 2019 5:32 pm
Forum: Beginner Basics
Topic: VLAN Bridge Filtering ALternative
Replies: 9
Views: 721

Re: VLAN Bridge Filtering ALternative

Sadly modern SOHO-class RB devices seem to contain crippled switch chips ... Internally Mikrotik will be using VLANs to perform this multiplexing/demuliplexing with the Realtek and MediaTek switch chips, and don't provide any user access to VLAN functionality. Thanks for the explanation and link to...
by mkx
Wed Jul 17, 2019 5:18 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 553
Views: 131768

Re: RouterOS v7.0 beta1 - when?

Will not run, you need one core per pixel.
Image
by mkx
Wed Jul 17, 2019 5:13 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 56670

Re: v6.45.1 [stable] is released!

It's when I apply the bridge config that things gets weird...
As @pe1chl wrote: you have to remove router functionality by hand (either via GUI or CLI, just don't use quickset).
by mkx
Wed Jul 17, 2019 11:38 am
Forum: General
Topic: Mikrotik Point to Multi Point Configuration
Replies: 6
Views: 349

Re: Mikrotik Point to Multi Point Configuration

... but different ip, right?
That would make management easier.
by mkx
Wed Jul 17, 2019 11:33 am
Forum: General
Topic: Mikrotik Point to Multi Point Configuration
Replies: 6
Views: 349

Re: Mikrotik Point to Multi Point Configuration

Correct. But do read about different station modes ... the usual "station" mode might not give you the functionality you are after ...
by mkx
Wed Jul 17, 2019 11:26 am
Forum: General
Topic: Why Mikrotik ???
Replies: 31
Views: 5145

Re: Why Mikrotik ???

I wasn't ware of that (I thought they only had maritime border after Алекса́ндр II Никола́евич sold Alaska to the USA) ... where is that land border located?
by mkx
Wed Jul 17, 2019 11:22 am
Forum: General
Topic: Mikrotik Point to Multi Point Configuration
Replies: 6
Views: 349

Re: Mikrotik Point to Multi Point Configuration

ap-bridge is the one serving multiple stations. And that happens to be default wireless mode. If you want mikrotik box to act as client of an AP, you have to change its mode to some variety of "station" ... you can read about differences in manual.
by mkx
Wed Jul 17, 2019 11:19 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 62
Views: 3632

Re: 1wan + 2 lan isolated from each other

I guess the real issue here is how Unifi console wants to connect to AP (and vice versa) ... BTW, in which subnet is Unifi console sitting? Could be that AP wants permanent connection to Unifi console and if it looses it (due to some IP reconfig), it reverts to some kind of defaults?
by mkx
Wed Jul 17, 2019 11:03 am
Forum: General
Topic: Why Mikrotik ???
Replies: 31
Views: 5145

Re: Why Mikrotik ???

This is highly offensive to Latvians. We have no connection to russia ...

Last time I checked (it was like right now), Latvia had 216km of connection to Russia with at least 7 major doors ... not counting backdoors :wink:
by mkx
Wed Jul 17, 2019 10:46 am
Forum: General
Topic: rb750gr3 Gigabit auto negotiation
Replies: 15
Views: 978

Re: rb750gr3 Gigabit auto negotiation

I do understand that, but when you just like to see interface info and write this and get: /interface ethernet set [ find default-name=ether1 ] name=ether1-Wan speed=100Mbps Its not intuitive at all what is then the speed is showing. speed=100Mbps could then be. Actual speed? Auto negotiation off s...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 50