Community discussions

Search found 2943 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 10
by mkx
Wed Sep 18, 2019 10:28 am
Forum: RouterBOARD hardware
Topic: Switch ability of 962UiGS-5HacT2HnT
Replies: 10
Views: 1191

Re: Switch ability of 962UiGS-5HacT2HnT

But on trunked ports (hybrid actually) containing VLAN 201, packets from those devices can be captured without VLAN tag.

Please elaborate thos further ... how are you capturing packets and how in particular is the trunk configured?
by mkx
Mon Sep 16, 2019 8:50 pm
Forum: RouterBOARD hardware
Topic: Well, i have no idea what i need [SOLVED]
Replies: 2
Views: 542

Re: Well, i have no idea what i need [SOLVED]

When it comes to functionality, all Mikrotik devices are capabke of doing the same. Well, almost all, one can't realistically expect a $30 drvice to do some complex tasks such as BGP peering. The difference is in capacity obviously and hardware capabilities (not every Routerboard can use USB LTE sti...
by mkx
Mon Sep 16, 2019 8:32 pm
Forum: General
Topic: Directing all internet traffic through a device
Replies: 5
Views: 576

Re: Directing all internet traffic through a device

Relevant RFC 2132 defines option format to be array of octets and first octet (after the DHCP option number) should be the length of the array (and must be multiple of 4). So I assume that when defining option value should be entered as HEX number, e.g. 0x04c0a80a0d ... I've no idea what should be t...
by mkx
Mon Sep 16, 2019 4:32 pm
Forum: General
Topic: Directing all internet traffic through a device
Replies: 5
Views: 576

Re: Directing all internet traffic through a device

It's not exactly trivial to enforce special config to particular host. Perhaps the easist way would be using DHCP options ... create new one with code=3 (that's default gateway), enter the value (no idea how it should look like) and assign this option to static DHCP lease. Hopefully explicit DHCP op...
by mkx
Mon Sep 16, 2019 2:32 pm
Forum: General
Topic: Directing all internet traffic through a device
Replies: 5
Views: 576

Re: Directing all internet traffic through a device

The easiest way would be to set Rpi's IP address as default gateway on PC. If PC is getting it's network settings via DHCP server, you'll have to create static DHCP lease for that PC. On that particular lease you'll set different IP address as gateway. (It will be some more work than I just wrote, b...
by mkx
Mon Sep 16, 2019 2:25 pm
Forum: RouterBOARD hardware
Topic: Switch ability of 962UiGS-5HacT2HnT
Replies: 10
Views: 1191

Re: Switch ability of 962UiGS-5HacT2HnT

However the Bridge VLAN Filtering is currently only supported on CRS3xx series devices ... Small correction: above mentioned bridge VLAN filtering is supported across whole Routerboard device range ... but on all, except CRS3xx, functionality is implemented in software. Meaning that it's expected t...
by mkx
Mon Sep 16, 2019 2:16 pm
Forum: General
Topic: [Feature request] Quickset Loadbalance menu
Replies: 1
Views: 218

Re: [Feature request] Quickset Loadbalance menu

-1

IMHO load balance is a pretty complex thing (specially using WAN interfaces as your post implies), way beyond simplistic QuickSet stuff.
by mkx
Mon Sep 16, 2019 2:03 pm
Forum: Beginner Basics
Topic: Bridge "created from master port"
Replies: 2
Views: 318

Re: Bridge "created from master port"

Two questions:
  1. which version of ROS are you running
  2. what kind of user interface are you using to perform whatever you wanted (if GUI, which mode?)
by mkx
Mon Sep 16, 2019 12:12 pm
Forum: Beginner Basics
Topic: Link Router and Switch and administrate together with WinBox
Replies: 11
Views: 993

Re: Link Router and Switch and administrate together with WinBox

Yes, you'll have to configure CSS separately (as if your CRS didn't exist). While I don't have any personal experience with SwitchOS, it seems to have relatively simple webUI which allows to set up everything switch can do. And CSS will act as a switch, so no fancy L3 features there (that includes D...
by mkx
Mon Sep 16, 2019 12:02 pm
Forum: General
Topic: Performance problems with CRS112-8P-4S
Replies: 6
Views: 1507

Re: Performance problems with CRS112-8P-4S

Is the best way to use these just as a switch to add a bridge and add all ports to the bridge? I noticed the CPU increased significantly when adding VLANs even without any routing. CRS1xx don't offload much to hardware automatically. If they are only used as simple switches (no fancy features used)...
by mkx
Mon Sep 16, 2019 11:33 am
Forum: General
Topic: Laptops are trying to hack my router
Replies: 8
Views: 1086

Re: Laptops are trying to hack my router

Start with this https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router If you want to block access to router from guest network, block in firewall input chain all from this interface or IP range, allowing only needed services, i.e. DHCP, DNS, etc. I don't think this is answer to OPs question (h...
by mkx
Mon Sep 16, 2019 11:26 am
Forum: Beginner Basics
Topic: Link Router and Switch and administrate together with WinBox
Replies: 11
Views: 993

Re: Link Router and Switch and administrate together with WinBox

You will have to administer devices separately. Even more, CRS runs RouterOS (which you already experienced) while CSS runs SwitchOS ... and SwitchOS can only be administered using web-based GUI, you can't do it using winbox.
by mkx
Sun Sep 15, 2019 9:40 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD-IN remove default config
Replies: 2
Views: 439

Re: RB4011iGS+5HacQ2HnD-IN remove default config

If i manually remove the bridge created by default config which gets a ip from dhcp and no other interface is created the device is inaccessible have to hard reset the router and the router is connected directly to my laptop. It you if you do a reset with no default config enabled you can still acc...
by mkx
Sun Sep 15, 2019 5:12 pm
Forum: Beginner Basics
Topic: Routing all packets from a local IP to a specific external IP
Replies: 1
Views: 347

Re: Routing all packets from a local IP to a specific external IP

Use dst-nat just like you'd use it for connectivity from internet to some LAN service. So use rule something like /ip firewall nat add chain=dstnat action=dst-nat dst-address=192.168.1.23 to-address=<some internet IP address> However, there's a gotcha: router will only redirect packets to remote add...
by mkx
Sun Sep 15, 2019 12:30 pm
Forum: General
Topic: safe to upgrade from v6.35rc42 to current?
Replies: 7
Views: 747

Re: safe to upgrade from v6.35rc42 to current?

If you set boot sequence to /system routerboard settings set boot-device=try-ethernet-once-then-nand , then you don't have to press the button for RB to try netboot ... it'll try and if it doesn't find proper bootp server, it'll resume booting from NAND.
by mkx
Sat Sep 14, 2019 9:31 pm
Forum: RouterOS v7 BETA
Topic: VLAN hAP AC2
Replies: 9
Views: 2304

Re: VLAN hAP AC2

In former versions of ROS, bridge should have vlan-filtering=yes set for VLANs to work correctly.
by mkx
Sat Sep 14, 2019 2:59 pm
Forum: Beginner Basics
Topic: Routing and VLANs and IPs [SOLVED]
Replies: 2
Views: 494

Re: Routing and VLANs and IPs [SOLVED]

For proper configuration for IP interaction with VLAN you should add the following to what you've had while CRS worked fine as managed switch: /interface vlan add interface=bridge1 name=vlan100 vlan-id=100 /interface list member add list=LAN interface=vlan100 /interface bridge vlan add bridge=bridge...
by mkx
Sat Sep 14, 2019 12:08 pm
Forum: General
Topic: Firewall Filter rules for Microtik as Router on Stick configuration with D Link Switch
Replies: 3
Views: 508

Re: Firewall Filter rules for Microtik as Router on Stick configuration with D Link Switch

Before we get into details let me explain some basic stuff... Bridge functions very sim8larly to a switch, forwarding packets between member ports. Right now your RB has all ether ports member of same bridge. Which is kind of a problem due to 3 reasons: it seems like ether1 interface is used as WAN ...
by mkx
Fri Sep 13, 2019 12:28 pm
Forum: RouterBOARD hardware
Topic: 5 GHz Wifi
Replies: 3
Views: 580

Re: 5 GHz Wifi

AP probably shouldn't reboot when some client connects to it. It is possible though and I can think of a few reasons for it. One is weak power supply adapter. When client connects, AP will start to transmit at higher (full) power because of improper antenna (with too low gain). Thus it's causing hig...
by mkx
Fri Sep 13, 2019 12:16 pm
Forum: Beginner Basics
Topic: Wrong default route when router and modem start at the same time [SOLVED]
Replies: 5
Views: 656

Re: Wrong default route when router and modem start at the same time [SOLVED]

Set IP address to Mikrotik statically. Take any address from the same IP subnet as modem uses except from modem's own address (and network and broadcast addresses obviously). pppoe-client on Mikrotik should add default route ... but be sure to enable "add default route" on PPPoE client configuration...
by mkx
Fri Sep 13, 2019 11:52 am
Forum: General
Topic: Access UDP port 47808 via PPTP VPN
Replies: 4
Views: 509

Re: Access UDP port 47808 via PPTP VPN

Remove src-port option from the filter rule, it's still there: /ip firewall filter unset [ find src-port="47808" ] src-port (on my RB I had to use the double quotes for find to find something). BTW, you have 4 similar DST-NAT rules: add action=dst-nat chain=dstnat comment=192.168.1.33 disabled=yes d...
by mkx
Fri Sep 13, 2019 11:46 am
Forum: Beginner Basics
Topic: First config
Replies: 7
Views: 986

Re: First config

You should post complete configuration as all of the details matter ... run /export hide-sensitive and post it here inside [code] [/code] block.
by mkx
Fri Sep 13, 2019 11:40 am
Forum: Beginner Basics
Topic: Router on a Stick
Replies: 6
Views: 718

Re: Router on a Stick

It still doesn't look right ... but if it works for you, fine. Might stop working after some ROS upgrade though: when an interface is member of bridge, then all the rest of configuration should go to the bridge. In your case, ether2 is member of bridge named "bridge", and vlan interfaces should be a...
by mkx
Fri Sep 13, 2019 9:17 am
Forum: Beginner Basics
Topic: Router on a Stick
Replies: 6
Views: 718

Re: Router on a Stick

Your L2 VLAN setup is very far from complete (and what's done is wrong). I suggest you to read through this nice tutorial. After you're done and still have problems, come back with questions.
by mkx
Fri Sep 13, 2019 9:09 am
Forum: General
Topic: Host get disconnected and reconnected periodically
Replies: 1
Views: 299

Re: Host get disconnected and reconnected periodically

First of all describe topology and what kind of disconnects you experience (is it ethernet/wireless disconnects, DHCP lease expiry, connection breaks, ...). If there's a central Mikrotik device which suffers, post complete configuration (as printed out by executing command /export hide-sensitive fro...
by mkx
Thu Sep 12, 2019 8:13 pm
Forum: General
Topic: RB951Ui 2HnD rebootiing spontaneously [SOLVED]
Replies: 4
Views: 623

Re: RB951Ui 2HnD rebootiing spontaneously [SOLVED]

12V adaper is just fine for your RB ... if it can supply at least 0.6A. The problem is that power adapters tend to age (mostly because capacitors loose capacity due to various reasons) and their max current deteriorates. To a point when device wants to draw higher current than power adapter is capab...
by mkx
Thu Sep 12, 2019 5:58 pm
Forum: General
Topic: RB951Ui 2HnD rebootiing spontaneously [SOLVED]
Replies: 4
Views: 623

Re: RB951Ui 2HnD rebootiing spontaneously [SOLVED]

Try replacing power adapter, it might be getting old ...
by mkx
Thu Sep 12, 2019 5:39 pm
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 6
Views: 667

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

I think you should post full configuration. Fetch it executing command /export hide-sensitive and redact public IP addresses ...
by mkx
Thu Sep 12, 2019 8:31 am
Forum: RouterBOARD hardware
Topic: ltap mini can't use 5v power in
Replies: 3
Views: 373

Re: ltap mini can't use 5v power in

Stated max power consumption is 9W ... which is 1.8A @ 5V. Can your power adapter supply such current? Even micro USB connector (and port) might have hard time to pass such high current.
by mkx
Thu Sep 12, 2019 8:09 am
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 6
Views: 667

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

How did you try to ping internet via secondary modem? If by using /ping , you might have to set src-address with IP correct for interface DLINK . I've had my share of problems when RB chose wrong own address when pinging and the remote party did not have appropriate route to reply back. Other than t...
by mkx
Wed Sep 11, 2019 9:03 pm
Forum: RouterBOARD hardware
Topic: Audience
Replies: 33
Views: 6583

Re: Audience

When will come a Powerline modem for Audience?
There won't be one. Audience hasn't got USB port (at least I didn't see it mentioned), so you'll have to use generic PowerLine2ethernet devices.
by mkx
Wed Sep 11, 2019 8:58 pm
Forum: RouterBOARD hardware
Topic: 5 GHz Wifi
Replies: 3
Views: 580

Re: 5 GHz Wifi

It is quite vital to use antenna for correct requency band. If you use wrong antenna, in best case the signal will suck as the antenna gain will be low (could be something like -10 dBi or even lower instead of +3 dBi or +6 dBi). In worst case the PAs might get destroyed due to high VSWR.
by mkx
Wed Sep 11, 2019 8:42 pm
Forum: Beginner Basics
Topic: Switching vs. Ethernet Test Results - Understanding
Replies: 5
Views: 557

Re: Switching vs. Ethernet Test Results - Understanding

In ROS you first configure L2 stuff ... e.g. you create a bridge with selected interfaces as its members. "bridge" then offloads as much operations to the switching hardware and in your case that's just about everything related to intra-LAN traffic. On the "routing" CRS you'll leave out one ether in...
by mkx
Wed Sep 11, 2019 8:24 pm
Forum: Beginner Basics
Topic: Switching vs. Ethernet Test Results - Understanding
Replies: 5
Views: 557

Re: Switching vs. Ethernet Test Results - Understanding

For me the "blue" network is all within the same IP Subnet (192.168.88.xxx), so in my understanding (feel free to correct me) all traffic in there is "just" switched. You're absolutely right, I've looked at the chart without due dilligence. So in your case, routing would only happen between LAN and...
by mkx
Wed Sep 11, 2019 7:51 pm
Forum: Beginner Basics
Topic: Switching vs. Ethernet Test Results - Understanding
Replies: 5
Views: 557

Re: Switching vs. Ethernet Test Results - Understanding

Switching is when CRS moves ethernet frames from one interface to another one by using it's switching hardware. It means quite basic stuff, athough CRS3xx can do many L2 stuff by using switching hardware. I your case that's all traffic between LAN hosts in the same IP subnet. Bridging is similar to ...
by mkx
Wed Sep 11, 2019 11:25 am
Forum: General
Topic: PWR-LINE PRO
Replies: 9
Views: 805

Re: PWR-LINE PRO

Automatic fuses/switches are killing powerline. Same as wireless through reinforced concrete.
Parallel cable runs help somewhat ... as does a window in that concrete wall for wireless.
by mkx
Wed Sep 11, 2019 11:21 am
Forum: General
Topic: disable root bridge
Replies: 2
Views: 349

Re: disable root bridge

"root bridge" is a feature of xSTP. If RB in question can not create any loops (e.g. it only has one connection to the rest of network), then you can disable xSTP entirely:
/interface bridge
set [ find protocol-mode!=none ] protocol-mode=none
by mkx
Wed Sep 11, 2019 11:15 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1130

Re: Remote update hAP lite

You can try to uninstall packages not needed, it might save enough space for upgrade to succeed.

If it doesn't help, then netinstall is the only way.
by mkx
Tue Sep 10, 2019 11:21 pm
Forum: General
Topic: Feature Request: Add LTE to WAN Interface List by default
Replies: 4
Views: 523

Re: Feature Request: Add LTE to WAN Interface List by default

LAN and WAN interface lists are extensively used in default firewall filter lists. But then LTE interface is not configured by default. But then, if "add default route" option is available, so should be "add to interface list" option with drop-down list to select from. Rationale: if LTE is meant to ...
by mkx
Tue Sep 10, 2019 5:12 pm
Forum: Beginner Basics
Topic: Video over IP
Replies: 7
Views: 956

Re: Video over IP

Are you using IGMP snooping? If yes, try to disable it and see if things start to behave.

The problem is that for IGMP snooping to work one needs multicast router present (IGMP querier). If there isn't one, then IGMP snooping only works reliably if there's single switch between source and sink ...
by mkx
Tue Sep 10, 2019 9:27 am
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 1364

Re: Bit confused by the existence of the hAP AC Lite?

However, Wi-Fi 5 devices can regularly get speeds well in excess of 150Mbps speedtest - one of my clients has Cisco access points connected via 10Gbps backbone and they regularly speedtest at well over 200Mbps. But with this device, even if the Wi-Fi is connected at these realistic speeds, the 100M...
by mkx
Tue Sep 10, 2019 9:13 am
Forum: Beginner Basics
Topic: RB750, Pi-Hole and cross interface communication
Replies: 37
Views: 3007

Re: RB750, Pi-Hole and cross interface communication

One thing I obviously don't understand: you have configuration for PPPoE in place ... but it has "dial-on-demand=yes" set. So is it used for connecting to internet or not? if yes, I suggest you to set dial-on-demand=no so that pppoe connection doesn't drop due to inactivity. At the same time you hav...
by mkx
Tue Sep 10, 2019 8:49 am
Forum: Beginner Basics
Topic: Understanding acmin-mac (mtik devices mac changes after reboot)
Replies: 3
Views: 387

Re: Understanding acmin-mac (mtik devices mac changes after reboot)

I'm afraid that if admin wants to have any kind of supervision, device needs constant IP address. Either set statically or set by DHCP but then one has to assure constant MAC. With ROS versatility it is impossible to come up with MAC addressing scheme which would persist over all the configuration v...
by mkx
Mon Sep 09, 2019 11:29 pm
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 1364

Re: Bit confused by the existence of the hAP AC Lite?

In theory maximum speed over wireless exceeds speed of wired ports indeed. In practice speed over wireless rarely reaches much more than one third of maximum speed in good radio conditions and less than that in sub-optimal radio conditions (e.g. when client is some distance and corners away from AP'...
by mkx
Mon Sep 09, 2019 8:25 pm
Forum: Beginner Basics
Topic: Unable to ping/trace from lan
Replies: 7
Views: 666

Re: Unable to ping/trace from lan

This NAT rule add action=dst-nat chain=dstnat comment=Ping protocol=icmp to-addresses=10.254.254.254 grabs just any ping request regardless where it starts and what is its destination and redirects it to 10.254.254.254 (which happens to be one of router's addresses). And similar problem is present o...
by mkx
Mon Sep 09, 2019 3:01 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35835

Re: RouterOS v7.0beta1 (ARM)

NV3 is coming? Personally, if I had to choose between 802.11ax and NV3, I'd rather get 802.11ax. Because it might boil down to such choice ... either use stock linux/producer driver and miss any vendor specific protocols (such as nstreme or NV2) or write own driver and include whatever bells and wh...
by mkx
Mon Sep 09, 2019 2:11 pm
Forum: General
Topic: Seeking Mikrotik capable providers in different countries
Replies: 2
Views: 334

Re: Seeking Mikrotik capable providers in different countries

No PM on this forum. You'll have to post some contact information if you want to get some feedback.
by mkx
Mon Sep 09, 2019 2:10 pm
Forum: General
Topic: Guidelines for changes when switching VPN To Wireless.
Replies: 1
Views: 233

Re: Guidelines for changes when switching VPN To Wireless.

You'll have to adjust routing settings.
by mkx
Mon Sep 09, 2019 11:38 am
Forum: Beginner Basics
Topic: Understanding acmin-mac (mtik devices mac changes after reboot)
Replies: 3
Views: 387

Re: Understanding acmin-mac (mtik devices mac changes after reboot)

In CLI definition of bridge has also option called "auto-mac" and if set to "no" (together with static setting of "admin-mac") MAC doesn't change over reboots. WebFig doesn't show "auto-mac" option explicitly, might be set implicitly when one unfolds the "Admin. MAC Address" window and sets the MAC ...
by mkx
Mon Sep 09, 2019 11:33 am
Forum: General
Topic: Request: FEC tunnel types
Replies: 27
Views: 3092

Re: Request: FEC tunnel types

That is a pretty specialist use case which would be better solved in a dedicated LTE router which also has multiple SIMs and radios. You can undoubtedly get these on the market already. Not to mention the fact that LTE also features quite good QoS portfolio and one could try to get somehow better Q...
by mkx
Mon Sep 09, 2019 8:40 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 912

Re: VLAN: Newbie Needs Guidance

Which customers are having problems, all of them (regardless VLAN) or only some?
by mkx
Mon Sep 09, 2019 8:34 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 912

Re: VLAN: Newbie Needs Guidance

Also have you tried fast track?

Using mangle rules excludes fast track.
by mkx
Mon Sep 09, 2019 8:30 am
Forum: General
Topic: Access Point Isolation
Replies: 1
Views: 290

Re: Access Point Isolation

You could configure AP's firewall so that it blocks any connectivity from wireless clients except connections towards internet. The above assumes that AP will not be simple AP (transparent), but will rather create its own subnet (with its own NAT etc.). The above is true for any Mikrotik device. All...
by mkx
Mon Sep 09, 2019 8:18 am
Forum: General
Topic: Request: FEC tunnel types
Replies: 27
Views: 3092

Re: Request: FEC tunnel types

End to end FEC to reduce packet loss and latency spikes across the entire path. Unless you turn ent-to-end connection into "lossy by design" connection, then FEC won't help with latency spikes ... any L1 technology, which does retransmissions on its own, will cause it. Wired technologies don't do i...
by mkx
Sun Sep 08, 2019 12:53 pm
Forum: Wireless Networking
Topic: which of this has good signal and quality?
Replies: 6
Views: 999

Re: which of this has good signal and quality?

The same principle holds for all of shown numbers: the larger the better. Note that some values are negative (e.g. Signal Strength) ... for example -59 dBm is larger than -73 dBm. Thanks, from your post for example signal to noise the value of it if the high value, for example, 70db is very good th...
by mkx
Sun Sep 08, 2019 12:34 pm
Forum: General
Topic: Request: FEC tunnel types
Replies: 27
Views: 3092

Re: Request: FEC tunnel types

@Amm0: what makes you claim that LTE is lossy? @mkx, let's call it "noisy" - mainly suggest that with LTE, or Wi-Fi, the L2/L1 stuff that deals with the noise (e.g. ACM) does have side-effects at L3, and that's where FEC might be able to mitigate frame loss. I can assure you (was working profession...
by mkx
Sun Sep 08, 2019 12:02 pm
Forum: Beginner Basics
Topic: How to prevent lockout in bridged-switch AP setup?
Replies: 1
Views: 334

Re: How to prevent lockout in bridged-switch AP setup?

You should set the hAP ac2's IP address to some address from your subnet. How to do it depends on how is hAP ac2 currently configured. Try to post complete config in text form, you can get it by executing command " /export hide-sensitive " inside a terminal window. And use [ code] environment here, ...
by mkx
Sat Sep 07, 2019 11:47 pm
Forum: Wireless Networking
Topic: which of this has good signal and quality?
Replies: 6
Views: 999

Re: which of this has good signal and quality?

The same principle holds for all of shown numbers: the larger the better. Note that some values are negative (e.g. Signal Strength) ... for example -59 dBm is larger than -73 dBm.
by mkx
Sat Sep 07, 2019 11:37 pm
Forum: General
Topic: Multiples Web Servers - Public ip adress
Replies: 4
Views: 642

Re: Multiples Web Servers - Public ip adress

You can't get client's IP address because web proxy is not transparent ... rather it's a part of a chain chain where ROS web server takes request from client, then sends same request to internal server and then relays the response. Behaviour is the same as with some renown web server software (e.g. ...
by mkx
Sat Sep 07, 2019 4:46 pm
Forum: General
Topic: pppoe on ONT and public ips on mikrotik
Replies: 4
Views: 665

Re: pppoe on ONT and public ips on mikrotik

It is simple routing, e.g. /ip route add dst-address=XXX.XXX.YYY.ZZZ/32 gateway=<IP of CCR> add dst-address=XXX.XXX.YYY.WWW/30 gateway=<IP of pfSense> Both CCR and pfSense should use hEX as their gateway (probably default one). BTW, firewall will trigger on the traffic to these IP addresses as well,...
by mkx
Sat Sep 07, 2019 4:35 pm
Forum: Beginner Basics
Topic: Somehow im blind
Replies: 5
Views: 741

Re: Somehow im blind

Can it be because client PC can't resolve FQDN to IP? Does pinging some public IP address (e.g. 8.8.8.8 ) work?

DHCP server network is missing setting of DNS server(s) ...
by mkx
Sat Sep 07, 2019 3:10 pm
Forum: General
Topic: pppoe on ONT and public ips on mikrotik
Replies: 4
Views: 665

Re: pppoe on ONT and public ips on mikrotik

The subnrt of 8 IPs is routed to you via PPPoE interface. Whichever device is terminating the PPPoE will have to know where to route those IP addresses. Which is easy to do on Mikrotik, I don't know how can it be done on ONT.
by mkx
Sat Sep 07, 2019 3:02 pm
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

Just one small clarification, does the DNS get assigned from the Networks section under the DHCP Server? It does. A small correction to my previous post: DHCP server actually auto-selects correct DHCP network settings, matching the interface to which server instance is bound. One has to set the cor...
by mkx
Sat Sep 07, 2019 2:56 pm
Forum: General
Topic: Sofware VLAN/Bridge on RuterOS explained.
Replies: 59
Views: 16563

Re: Sofware VLAN/Bridge on RuterOS explained.

When you start to mess with L2 (e.g. VLANs), you really have to be careful not to break your current management connection to device. Always be sure to leave one device with old configuration so you can use one of ports to re-gain connection. And use winbox with MAC connectivity ... it won't help if...
by mkx
Sat Sep 07, 2019 2:50 pm
Forum: General
Topic: Hardware Switching RouterOS multiple VLANs
Replies: 2
Views: 594

Re: Hardware Switching RouterOS multiple VLANs

Or, if you want, you can read some nice tutorial with examples explained. If configured this way, things will be done in hardware on CRS3xx ...
by mkx
Sat Sep 07, 2019 2:44 pm
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

Yoh have to create two DHCP address pools and assign each to corresponding DHCP server (with matching DHCP network). DHCP server doesn't check if served DHCP lease corresponds to other DHCP lease parameters ...
Right now you're using same DHCP address pool for both DHCP server instances ...
by mkx
Sat Sep 07, 2019 1:49 pm
Forum: Beginner Basics
Topic: Problem connecting two MikroTiks [SOLVED]
Replies: 5
Views: 719

Re: Problem connecting two MikroTiks [SOLVED]

Either use media coverters (a pair probably) that properly supports autonegotiation (I'm not sure there are such things).
Or use 100Mbps media coverters.
Or use a (dumb) switch between 1Gbps media coverter and hAP ac lite.
by mkx
Sat Sep 07, 2019 1:43 pm
Forum: Beginner Basics
Topic: bizarre performance issue with packet sniffer
Replies: 9
Views: 965

Re: bizarre performance issue with packet sniffer

fasttrack has mostly default rules that user can't change, right? how can i diagnose/troubleshoot fasttrack? i even tried to do a forwarding accept before fasttrack rule, no avail. Any firewall filter rule can be changed, including the default ones. As to rule trouble shooting ... I don't know any ...
by mkx
Fri Sep 06, 2019 8:15 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

If you will use your TP-Link, you'll 1) use same frequency for both connection between APs and connection clinent-TPLink (loosing lots of capacity) and 2) have huge problems with connectiviry between TP-Link clients and the rest of LAN ... It wouldn't even work as wireless repeater because that reli...
by mkx
Fri Sep 06, 2019 7:57 pm
Forum: Beginner Basics
Topic: bizarre performance issue with packet sniffer
Replies: 9
Views: 965

Re: bizarre performance issue with packet sniffer

fasttrack is a certain feature of connection tracked firewall ... when conditions are met and connection gets fasttrack mark, then (majority of) packets belonging to such connection skip firewall processing altogether. And mangling and IPsec policy matching and ... Only one of many packets gets trea...
by mkx
Fri Sep 06, 2019 6:04 pm
Forum: Beginner Basics
Topic: bizarre performance issue with packet sniffer
Replies: 9
Views: 965

Re: bizarre performance issue with packet sniffer

Packet sniffer disables fast-track. Try disabling the firewall filter rule which enables fast-track to see if this makes any difference.

If it does, then you'll have to check the packet flow and which rule grabs or misses the initial packets causing them to be misrouted ...
by mkx
Fri Sep 06, 2019 5:56 pm
Forum: Beginner Basics
Topic: Issue with bridge, VLANs and DHCP [SOLVED]
Replies: 2
Views: 325

Re: Issue with bridge, VLANs and DHCP [SOLVED]

Start off by using some other VID instead of 1 for the "red" VLAN ... VID=1 is used as default in many places and can thus cause unexpected behaviour. Bridge port ether2 needs to have pvid setting as well. In /interface bridge vlan bridge1 needs to be listed as tagged member of VLANs where you want ...
by mkx
Fri Sep 06, 2019 5:46 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

As I wrote: get another Mikrotik AP which has dual-band wireless. Another hAP ac2 would be great, hAP ac lite would do as well (but worse than hAP ac2 as it only has single chain 5GHz). Then you'll have to find a spot, where signal strength of existing AP is at least -75 dB and at the same time offe...
by mkx
Fri Sep 06, 2019 5:26 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

Preferably add another AP which would connect to LAN using cable. If that's not possible, add another dual-band AP and use one of frequency bands for point-to-point connection between existing AP and the new one. Wireless range extenders (repeaters) are worst solution because they consume air-time o...
by mkx
Fri Sep 06, 2019 4:55 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

Signal strength of -85 is, as you discovered yourself, beyond the edge of usability ... So it seems you'll have to add another AP for those WiFi enabled kitchen appliances ....
by mkx
Fri Sep 06, 2019 4:48 pm
Forum: General
Topic: SSH and RDP blacklist CPU usage
Replies: 4
Views: 541

Re: SSH and RDP blacklist CPU usage

According to firewall rules (extremely poor firewall I must say) you posted, every single packet passing router (in any direction) is being matched against those rules (in chain=forward). If you kept the default firewall filter rules and only added needed rules in the appropriate places, you'd have ...
by mkx
Fri Sep 06, 2019 4:35 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

10 steps and 1 wall - specially if the wall is reinforced concrete - is huge for 5GHz and big for 2.4GHz ...

What's the signal strength (numeric value) in the kitchen?
by mkx
Fri Sep 06, 2019 4:06 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

What does the number -54 in column just left of the bar chart mean? If it's signal strength, then that's a very good signal, most of wireless devices will normally work down to around -75 ... and by "normally work" I mean they will get throughput around 1/4 of nominal speed (if nominal speed is, say...
by mkx
Fri Sep 06, 2019 3:09 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

At least in pfSense (probably on other FW’s as well), you cannot ping the GW, it there is no FW-rule allowing that. Depends how particular FW philosophy works. In ROS, default behaviour is that FW allows everything. One can revert this by explicit drop as last rule in rule chain. At the same time, ...
by mkx
Fri Sep 06, 2019 3:03 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35835

Re: RouterOS v7.0beta1 (ARM)

Any reason you can think of to actually upgrade & try this v7 ? Don't think my RB3011 here will become faster or more stable. More stable definitely not, faster likely not ... according to changelog, kindly published by @krisjanisj, not even more functionalities. So, unless you like to live on the ...
by mkx
Fri Sep 06, 2019 3:01 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35835

Re: RouterOS v7.0beta1 (ARM)

Added ext4 support ? [admin@MikroTik] > sys reso print uptime: 2m16s version: 7.0beta1 (development) build-time: Sep/05/2019 15:08:48 [admin@MikroTik] /disk> format-drive file-system= ext3 fat32 i guess not. One thing is user-land tool to format drive. Another thing is plugging USB stick already fo...
by mkx
Fri Sep 06, 2019 2:55 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154814

Re: RouterOS v7.0 beta1 - when?

Ros v7 is release!

No, it's not. ROS v7beta is in public testing ...
by mkx
Fri Sep 06, 2019 2:54 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154814

Re: RouterOS v7.0 beta1 - when?

No current ETA can be given but won't be years...

:lol:
by mkx
Fri Sep 06, 2019 1:32 pm
Forum: Beginner Basics
Topic: RouterOS VLAN tagging on multiple ports
Replies: 3
Views: 328

Re: RouterOS VLAN tagging on multiple ports

In the second thought: you might actually want to configure eth7 and eth8 as bond device. And use bond device as anchor for all the rest of setup.
by mkx
Fri Sep 06, 2019 12:48 pm
Forum: Beginner Basics
Topic: RouterOS VLAN tagging on multiple ports
Replies: 3
Views: 328

Re: RouterOS VLAN tagging on multiple ports

If your CCR doesn't have switch chip (I read that the oldest versions did have one while later versions don't have one), then you should follow the 'new' vlan-filtering=yes bridge setup. Which allows you to have both tagged and untagged traffic running between bridge ports (such bridge acts as a sma...
by mkx
Fri Sep 06, 2019 12:33 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35835

Re: RouterOS v7.0beta1 (ARM)

So instead of a kernel from 2012 we are now going to have a kernel from 2017. Lets hope they can update this to the 4.19 version soon. Why stop at 4.19 ... MT should go for 5.3 ... ROS 7.0 is beta, and linux kernel 5.3 is RC. With current pace, linux kernel will be at least at 5.8 long term before ...
by mkx
Fri Sep 06, 2019 9:04 am
Forum: General
Topic: can ping IP from router but clients cannot access IP
Replies: 9
Views: 684

Re: can ping IP from router but clients cannot access IP

> ip firewall nat
[jason@sosedge] /ip firewall nat> chain=srcnat action=masquerade out-interface=eth01_uplink
syntax error (line 1 column 6)
[jason@sosedge] /ip firewall nat> add chain=srcnat action=masquerade out-interface=eth01_uplink
by mkx
Fri Sep 06, 2019 8:57 am
Forum: Beginner Basics
Topic: Change DDNS name (Mikrotik cloud)
Replies: 10
Views: 1062

Re: Change DDNS name (Mikrotik cloud)

I guess it became a political topic )) Indeed. ... I guess too a Mikrotik router is enough protected to consider it safe. Not exactly true all the time. The problem with Mikrotik is that router admin can do just anything, including f*ck up the firewall (if we dismiss the real possibility that there...
by mkx
Thu Sep 05, 2019 3:43 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

- If I connect the PC, it gets IPV4 and IPV6 addresses assigned from pfsense. So that works. Meaning that CRS is doing its job just fine. - If I try to ping pfsense with the RouterOS ping tool using standard ping, or try to do the same from the test-pc, I do not get a connection - if I use the Rout...
by mkx
Thu Sep 05, 2019 3:30 pm
Forum: Beginner Basics
Topic: Convert Wifi to Wired
Replies: 4
Views: 540

Re: Convert Wifi to Wired

Any wireless-capable Routerboard device will do. But: wireless bridge generally only works if devices on both ends of wireless link are made by same vendor. The reason is that there is no standard way of creating truly transparent wireless bridge and vendors created own proprietary extensions to wor...
by mkx
Thu Sep 05, 2019 11:18 am
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

1) The VLAN I would like to create is a transparrant VLAN. It should not have an IP-address. I need to reach/ping the real devices attached to (!) the VLAN, not a "VLAN-device" (whatever it is) You wrote that you can get ARP communication between the two "real" devices ... kindly explain us what do...
by mkx
Wed Sep 04, 2019 11:39 pm
Forum: General
Topic: Two RB2011 with extra LAN
Replies: 6
Views: 686

Re: Two RB2011 with extra LAN

The setup you outlined in post #3 seems to be spot on in this case. When you're done with L2 setup, proceed with L3 setup. Some asorted notes: "eth1 WAN" setup will obviously go directly to eth1 interface on RB1. Then you'll need VLAN interface with vlan-id=10 for LAN IP setup on RB1 ... you'll both...
by mkx
Wed Sep 04, 2019 12:08 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

Many people get confused because of bridge's dual personality: "something like a switch" ... one defines member interfaces and bridge (more or less) intelligently moves traffic between those interfaces. In case of CRS3xx this is mostly offloaded to switch hardware, the rest of RouterBoard devices do...
by mkx
Wed Sep 04, 2019 11:04 am
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

If I focus on VLAN 123, there are a few things that don't seem entirely right ... which might (or might not) explain why pinging from PC to pfSense (via CRS) doesn't work (but ARP, being L2 protocol, does): VLAN interface VLAN123 should be parented to VirtualSwitch1 (not "04 RouterData" .. .because ...
by mkx
Wed Sep 04, 2019 9:15 am
Forum: General
Topic: Low Throughput on 2011 [SOLVED]
Replies: 5
Views: 589

Re: Low Throughput on 2011 [SOLVED]

I can only guess (perhaps some other forum guru will come to rescue) ... you have mangle rule which doesn't work if packets, which have to be mangled, are fast-tracked. So disabling fast-path in your case actually causes fast-track to be disabled, making mangle rule working. The proper way of doing ...
by mkx
Wed Sep 04, 2019 8:23 am
Forum: General
Topic: Low Throughput on 2011 [SOLVED]
Replies: 5
Views: 589

Re: Low Throughput on 2011 [SOLVED]

Any good reason for this setting: /ip settings set allow-fast-path=no I believe it might kill the RB's performance. Anyway, there might be two reasons for limit: ports eth6-eth10 are 100Mbps only run CPU profile while hammering RB with traffic to see if CPU is bottleneck (and which process is consum...
by mkx
Wed Sep 04, 2019 8:18 am
Forum: General
Topic: Two RB2011 with extra LAN
Replies: 6
Views: 686

Re: Two RB2011 with extra LAN

Well, your latest explanation changes the game slightly. So if I understand you correctly: you actually have two WAN connections, one over eth1 and one over eth3 (both on RB1) ... you want to relay eth3 WAN to RB2? On RB1, port eth2 is trunk towards RB2. The rest of ports (eth4-eth10) are used as LA...
by mkx
Wed Sep 04, 2019 7:58 am
Forum: Beginner Basics
Topic: IPv6 hosts reachable behind LAN
Replies: 4
Views: 500

Re: IPv6 hosts reachable behind LAN

I can still ping my laptop behind...but can't login via ssh to it... Probably icmp is enabled by default or by this rule above... Any better method to test from an IPv6 host outside to test that a firewall rule works fine? ICMPv6 is essential for IPv6 to work, so it's normal that ping on IPv6 works...
by mkx
Wed Sep 04, 2019 7:53 am
Forum: Beginner Basics
Topic: IPv6 hosts reachable behind LAN
Replies: 4
Views: 500

Re: IPv6 hosts reachable behind LAN

The mentioned default IPv6 firewall setup is a bit more complex (the code below is from 6.45.1): /ipv6 firewall address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address" address-list add list=bad_ipv6 address=::1 comment="defconf: lo" address-list add list=bad_ipv6 address...
by mkx
Tue Sep 03, 2019 11:30 pm
Forum: General
Topic: SSH and RDP blacklist CPU usage
Replies: 4
Views: 541

Re: SSH and RDP blacklist CPU usage

Firewall filter rule order matters and, if applicable, rules that "consume" most packets should come earlier. If all packets must get evaluated afainst some 5 extra rules, then no wonder that router is struggling. But then we can't say as you chose not to tell us the whole story by not showing compl...
by mkx
Tue Sep 03, 2019 11:24 pm
Forum: Beginner Basics
Topic: IPv6 hosts reachable behind LAN
Replies: 4
Views: 500

Re: IPv6 hosts reachable behind LAN

Start off with default rules for IPv6 firewall ... they are hidden inside script that you can get by executing /system default-configuration print under /ipv6 firewall
by mkx
Tue Sep 03, 2019 11:18 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

I strongly suggest you to post current config on CRS, export it by executing command /export (do include leading '/'). Without that we can play whack-a-mole for days without any result, because I can not imagine how you implemented in ROS what you described in your previous posts...
by mkx
Tue Sep 03, 2019 4:09 pm
Forum: General
Topic: Need help with VLAN Trunks [SOLVED]
Replies: 4
Views: 721

Re: Need help with VLAN Trunks [SOLVED]

You mixed old school setup ( /interface ethernet switch subtree) and new school setup ( /interface bridge subtree). I suggest you to stick with new school, IMHO the user interface is less confusing (if one can say so) but it does come with performance hit (if it hits you, you can still revamp the co...
by mkx
Tue Sep 03, 2019 8:54 am
Forum: General
Topic: Two RB2011 with extra LAN
Replies: 6
Views: 686

Re: Two RB2011 with extra LAN

If you want to span single LAN1 over both RBs (and likewise LAN2), then you'll have to use VLANs on the eth2 (interconnect). If you're not familiar with VLANs, then I suggest you to read through this excellent tutorial . While it might not perform optimally on your two RB2011s, you'll get going (and...
by mkx
Mon Sep 02, 2019 11:14 pm
Forum: General
Topic: Need help with VLAN Trunks [SOLVED]
Replies: 4
Views: 721

Re: Need help with VLAN Trunks [SOLVED]

Post full config of your device as shown by executing /export hide-sensitive (obfuscate public IP address) and enclose it to [code] environment.
by mkx
Mon Sep 02, 2019 11:10 pm
Forum: General
Topic: CRS125-24G-1S TCP (and other?) traffic exiting access port is sometimes tagged and sometimes not
Replies: 6
Views: 571

Re: CRS125-24G-1S TCP (and other?) traffic exiting access port is sometimes tagged and sometimes not

Any input from Mikrotik Support on this? If you really want to receive input from Mikrotik Support, then posting in this forum is not the best way. More likely you'll get some input if you sent the question to support@mikrotik.com ... and attach supout.rif, it'll contain complete device state and w...
by mkx
Mon Sep 02, 2019 2:55 pm
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

OK, I can try to give some ideas about how to get to the end state. If I understand right, the intended end state will include one untagged and one tagged VLAN. This should be possible even if only single physical connection will connect whole LAN with router. If you don't intend to use other ether ...
by mkx
Mon Sep 02, 2019 2:20 pm
Forum: General
Topic: Firewall Filter rules for Microtik as Router on Stick configuration with D Link Switch
Replies: 3
Views: 508

Re: Firewall Filter rules for Microtik as Router on Stick configuration with D Link Switch

Please post complete configuration ... in text form. You can get it by opening terminal window (you can open it from winbox) and execute command /export hide-sensitive (the leading slash is important). Before posting, obfuscate public IP address (if it's set statically) ... and post ti inside [ code...
by mkx
Mon Sep 02, 2019 2:16 pm
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

I'd rather not prepare you some half-baked recipe for migration phase ... It'd be much simpler if you reconfigured LAN in one big leap ... but I can understand that might not be desirable and smooth migration (invisible to users) might be preferred. So, if some fellow forum member is willing to help...
by mkx
Mon Sep 02, 2019 8:31 am
Forum: RouterBOARD hardware
Topic: How to use QSFP+ port of CRS326-24S+2Q?
Replies: 3
Views: 595

Re: How to use QSFP+ port of CRS326-24S+2Q?

It's been explained (somewhere on this forum, can't find the right thread now) that QSFP ports present them selves differently depending on type of QSFP module plugged in. If true QSFP-to-QSFP is plugged in, then single QSFP interface will be shown and it's speed will be 40 Gbps. If QSFP-to-4xSFP+ i...
by mkx
Mon Sep 02, 2019 8:20 am
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

There are a few conceptual and practical problems with your setup. First practical problem: although you did configure VLANs, it's done slightly wrong (interface vlan20 on ether9 which is member of bridge ... if ether ports are members of bridge, no other configuration should touch those ports direc...
by mkx
Sun Sep 01, 2019 11:31 pm
Forum: General
Topic: Winbox 64bit Version
Replies: 80
Views: 11214

Re: Winbox 64bit Version

I fully agree with what @kiler129 wrote. And I'll add: while I fully respect the personal preferences of users about OS (my choice is Linux) I also think that every professional has to adapt his toolbox to the tools needed/available for doing his job. And for administering network(s) of Mikrotik dev...
by mkx
Sun Sep 01, 2019 11:20 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

There are two things which are connected, but in ROS configured more or less independently: membership of ports on VLANs ... either tagged or untagged with PVID set. port security For each port it is possible to set options which define which kind of frames are allowed on ingress. Options are ingres...
by mkx
Sun Sep 01, 2019 9:54 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

When one adds VLANs to ethernet, another layer gets added ... which is above ethernet and below IP. To reflect that, in ROS one creates VLAN interfaces on top of physical interface(s) and sets IP stuff on those VLAN interfaces. Conceptual complication is if one uses hybrid ports, i.e. both tagged an...
by mkx
Sun Sep 01, 2019 4:46 pm
Forum: RouterBOARD hardware
Topic: Powerline and Powerline AP
Replies: 3
Views: 624

Re: Powerline and Powerline AP

Well, they will probably work, but not anything near the declared speed. Then it probably also depends on particular HomePlug implementation, some vendor might work better than other. Luckily ground fault breakers and surge arresters are usually mounted on the perimeter of house wiring so they work ...
by mkx
Sun Sep 01, 2019 4:28 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15709

Re: v6.45.5 [stable] is released!

Hi all, first post but long time forum lurker... I'm struggling to get this update on my RouterBOARD 941-2nD hAP lite Current version 6.45.2 to 6.45.5 Error not enough disk space 7.3MiB required and only 7.3iMiB is free I've cleared out all the files and rebooted [admin@R1] > /file print # NAME TYP...
by mkx
Sun Sep 01, 2019 12:08 am
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

Two questions: 1) I have to admit, that I do not at all understand why there is a VLAN section under menu-item "interface". Can some one explain, what is the goal? (There is a vlan section under bridge, what IMHO should do !!??) 2) Can someone explain why the IPV4-ping is not working, where the IPV...
by mkx
Sat Aug 31, 2019 6:01 pm
Forum: Wireless Networking
Topic: Secondary Channel
Replies: 1
Views: 424

Re: Secondary Channel

AFAIK only RB4011 (wireless version) supports (non-contigous) 80+80 MHz ... it's been explained that for contigous 160MHz channel one doesn't need to set secondary channel.

Capsman is different beast and secondary-channel setting is used differently.
by mkx
Sat Aug 31, 2019 5:09 pm
Forum: General
Topic: Address list limitations on number of entries
Replies: 2
Views: 371

Re: Address list limitations on number of entries

If your list contains individual host addresses which are at least partly continous, then you could reduce the number of entries by merging the continous addresses to (small) subnets. I the lust was: 20.20.30.13 20.40.50.42 20.40.50.43 20.30.66.77 then you could write it as 20.20.30.13 20.40.50.42/3...
by mkx
Sat Aug 31, 2019 4:30 pm
Forum: Beginner Basics
Topic: RB3011UiAS-RM is not showing USB Stick anymore
Replies: 4
Views: 655

Re: RB3011UiAS-RM is not showing USB Stick anymore

Nope, your RB doesn't seem to notice the USB device. Here's how it looks on my RBD52G when USB flash disk is plugged in: [fu@bar] /system resource usb> print # DEVICE VENDOR NAME SPEED 0 1-0 Linux 3.3.5 xhci-hcd-ipq40xx xHCI Host Controller 480 1 2-0 Linux 3.3.5 xhci-hcd-ipq40xx xHCI Host Controller...
by mkx
Sat Aug 31, 2019 3:00 pm
Forum: RouterBOARD hardware
Topic: LAN Ports issue
Replies: 2
Views: 538

Re: LAN Ports issue

No sign of working as status lights corresponding to ether ports don't light up or blink .. not even on device on the other end of the cable? And you tried with different devices otherwise known to be flawless?

Or no sign of working as no traffic passes despites status lights indicating link?
by mkx
Sat Aug 31, 2019 2:55 pm
Forum: Beginner Basics
Topic: RB3011UiAS-RM is not showing USB Stick anymore
Replies: 4
Views: 655

Re: RB3011UiAS-RM is not showing USB Stick anymore

Which way the RB is not recognising the stick? Does it show under /system resources usb ? Any pluged device should show there even if device isn't supported in ROS whatsoever. If it does but doesn't show as disk, then you'll have to reinitialize it ... if the USB device doesn't show under USB device...
by mkx
Sat Aug 31, 2019 12:10 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 1374

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Keep using CRS as switch and go for something small as router .... RB750Gr3 would do fine. Or a RBD52G, you'd get wireless for free. Both have HW acceleration for (some variants of) IPsec encryption ...
by mkx
Sat Aug 31, 2019 12:03 pm
Forum: General
Topic: CRS317 ROS new switch method with HW offload [SOLVED]
Replies: 4
Views: 556

Re: CRS317 ROS new switch method with HW offload [SOLVED]

As @Dude2048 explained ... single bridge it is. If switching can't be offloaded, then traffic is handled by CPU which is relatively slow in CRS3xx devices. Not capable of transfer speeds anywhere near wirespeeds. Which means CRS3xx are not really fit for inter-VLAN routing.
by mkx
Sat Aug 31, 2019 11:56 am
Forum: General
Topic: CRS317 ROS new switch method with HW offload [SOLVED]
Replies: 4
Views: 556

Re: CRS317 ROS new switch method with HW offload [SOLVED]

Your approach is correct. Generally it is advisable to configure single bridge per device as generally only one bridge can offload operations to underlying hardware (you can verify that by executing command /interface bridge port print , HW-offloaded ports show flag 'H' in front of port name). CRS3x...
by mkx
Sat Aug 31, 2019 11:50 am
Forum: Beginner Basics
Topic: How to configure the VLANs - two trunk and one access port
Replies: 4
Views: 674

Re: How to configure the VLANs - two trunk and one access port

I recomend to start by reading this excellent tutorial. After you do it and still have troubles, come back with concrete questions.
by mkx
Fri Aug 30, 2019 11:57 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 1374

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Official test results for your CRS do show, that simple routing without filter rules can be quite slow if packet size is small (PPS gets limited). With full-size packets your device should be able to route at leas few times more than whst you get. And who knows what test app used actually does ... J...
by mkx
Fri Aug 30, 2019 11:47 pm
Forum: RouterBOARD hardware
Topic: CWDM (one side), SFP wavelength specific on other end [SOLVED]
Replies: 3
Views: 691

Re: CWDM (one side), SFP wavelength specific on other end [SOLVED]

My limited testing with a few types of SFP (and SFP+) modules (some branded Ericsson and some OEM) with wavelengths between 1290 and 1610nm, both CWDM and "usual" 1310nm ones, showed that receiving photo-diode is always wide-band. E.g. link successfully established between "usual" 1310nm SFP and 157...
by mkx
Fri Aug 30, 2019 11:24 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 1374

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

I don't think the problem is in switching v.s. bridging, this distinction only affects ether interfaces that are handling traffic for same broadcast domain, in your caee the Skynet subnet. Your current setup probably offloads traffic to switch chip as it is, you can verify it by executing command /i...
by mkx
Fri Aug 30, 2019 11:08 pm
Forum: General
Topic: Mikrotik Vlans
Replies: 1
Views: 405

Re: Mikrotik Vlans

If interface is already added as bridge port, but you need to change some of its properties, use set : /interface bridge port add bridge=bridge interface=sfp-sfpplus1 # set pvid on this port set [ find interface=sfp-sfpplus1 ] pvid=100 In ROS, VLAN settings are split in two sections: /interface brid...
by mkx
Fri Aug 30, 2019 10:35 pm
Forum: General
Topic: Remote Access to CRS309
Replies: 1
Views: 282

Re: Remote Access to CRS309

From what you posted it's not clear which port is tagged member and which is untagged member. Better post output of /interface bridge export and use [code] environment to improve readability. Indicate which interface has LAN IP address configured.
by mkx
Fri Aug 30, 2019 10:07 pm
Forum: Beginner Basics
Topic: Configure simple bridge+vlan, No ping; missing something basic? [SOLVED]
Replies: 3
Views: 637

Re: Configure simple bridge+vlan, No ping; missing something basic? [SOLVED]

As you created vlan88 interface on bridge and set bridge "interface" as tagged member port of VLAN 88, setting pvid on bridge to the same value is wrong ... (re)set pvid on bridge interface to pvid=1 ... Btw, if VLANs 20 and 70 are going to be used on wlan only, then bridge "interface" doesn't have ...
by mkx
Fri Aug 30, 2019 8:56 am
Forum: Wireless Networking
Topic: VirtualAP Bridging
Replies: 4
Views: 629

Re: VirtualAP Bridging

Try to post complete running config of hAP ac2 ... use /export hide-sensitive and don't obfuscate too much. Without that we can only guess what you configured and what not.
by mkx
Fri Aug 30, 2019 8:39 am
Forum: General
Topic: VLAN configuration approach, correct or not ?
Replies: 5
Views: 652

Re: VLAN configuration approach, correct or not ?

(1) VLANs configured at the Router chip (Software based) : This is the most universal way to configure VLANs but you will be forcing the Routing chip to behave as a L3 switch with inter-VLAN routing. This method works on any Mikrotik device (Switch or Router alike) and requires you to configure 1 V...
by mkx
Fri Aug 30, 2019 8:31 am
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1990

Re: Bridge VLAN Filtering help [SOLVED]

... in a nutshell, assymetric vlan allows you to "switch" between VLAN's, so you don't have to "route" between these VLAN's Well, actually it does on egress what a typical windows NIC driver does on ingress ... strips all VLAN headers :lol: "switching" between VLANs is one of (benefitial if admin i...
by mkx
Thu Aug 29, 2019 11:51 pm
Forum: Wireless Networking
Topic: Bridged vlan on physical interfaces to the new (vlan bridge filtering)
Replies: 9
Views: 960

Re: Bridged vlan on physical interfaces to the new (vlan bridge filtering)

... two clients associated to different APs which are interconnected transparently at L2 can send frames to each other regardless the APs being set to block client-to-client forwarding. But this is easily resolved using bridge horizon where all bridge ports can forward traffic to one "uplink" port ...
by mkx
Thu Aug 29, 2019 11:34 pm
Forum: Beginner Basics
Topic: VLAN between two routers. Can it work!? If so how?
Replies: 9
Views: 853

Re: VLAN between two routers. Can it work!? If so how?

- so, yesterday I did a very basic speedtest to the only two 10G devices I have at the moment, the NAS and my PC. * Both connected to the CRS317. Both on another VLAN So you took your brand new Ferrari and went on to plow the field. If NAS and PC are in different VLANs, then transfers between tgem ...
by mkx
Thu Aug 29, 2019 4:53 pm
Forum: Beginner Basics
Topic: Mikrotik HAP Lite Home AP, Fritz 7590 as modem
Replies: 5
Views: 593

Re: Mikrotik HAP Lite Home AP, Fritz 7590 as modem

Connection from hAP to Fritz is considered as WAN for hAP and by default, connections from WAN to LAN are firewalled. At the same time, all connections from LAN to WAN are NAT-ed (they all appear to come from hAP regardless the original LAN client). To solve the problem you have two possibilities (o...
by mkx
Thu Aug 29, 2019 3:29 pm
Forum: Wireless Networking
Topic: Bridged vlan on physical interfaces to the new (vlan bridge filtering)
Replies: 9
Views: 960

Re: Bridged vlan on physical interfaces to the new (vlan bridge filtering)

Conceptually VLANs are almost as separate LANs. They separate devices on L2 (ethernet) level. If, on the other hand, you want to have those devices in same L2 domain (because you want to use single DHCP server which is L2/L3 service and serves IP addresses from single L3 domain (IP subnet), then you...
by mkx
Thu Aug 29, 2019 3:16 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1990

Re: Bridge VLAN Filtering help [SOLVED]

I think there was a possible error/omission in the config and that was what I was pointing out or at least asking. So I didn't react to your post. I'll deny that it might be due to oversight from my side ;-) Seriously though: yes, you're right (and that's why I didn't react ... so sorry I deprived ...
by mkx
Thu Aug 29, 2019 2:58 pm
Forum: Beginner Basics
Topic: RBM11G + R11e-LTE not working
Replies: 34
Views: 2615

Re: RBM11G + R11e-LTE not working

netinstall wipes all the configuration ... then it might resume default configuration (whatever that means for RBM11G) or no configuration, depending on what you select when doing netinstall ...
by mkx
Thu Aug 29, 2019 9:24 am
Forum: General
Topic: ROS7: Requests for wireless features
Replies: 7
Views: 1384

Re: ROS7: Requests for wireless features

I expect a miracle!

You know the timeline: we deliver the impossible immediately, for miracles you have to wait for a while ;-)
by mkx
Thu Aug 29, 2019 8:33 am
Forum: RouterBOARD hardware
Topic: Powerline and Powerline AP
Replies: 3
Views: 624

Re: Powerline and Powerline AP

Generally power-line works great when both (all) units are plugged to the same power circuit (i.e. on the same side of single fuse/breaker). In this case it seems that max distance is around 300 metres (but don't expect any kind of decent speed there). It works fine when units are plugged to differe...
by mkx
Thu Aug 29, 2019 8:20 am
Forum: General
Topic: CAPSMAN - Control or disable ethernet interfaces?
Replies: 1
Views: 218

Re: CAPSMAN - Control or disable ethernet interfaces?

You'll have to do it manually indeed. capsman only configures wireless interfaces, but doesn't touch neither bridge or any other interfaces.
by mkx
Thu Aug 29, 2019 8:11 am
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1990

Re: Bridge VLAN Filtering help [SOLVED]

@anav, you're such a moving target (and my eyes are getting old as well) so it's hard to focus on you ;-) ... but anyway, I was just jumping in to explain @pe1chl the possible use case of this "huh?" feature. You boys are doing well so I'll stop to interfere.
by mkx
Wed Aug 28, 2019 11:19 pm
Forum: Wireless Networking
Topic: Two "mANT30 PA" as passive repeater. Possibly?
Replies: 3
Views: 447

Re: Two "mANT30 PA" as passive repeater. Possibly?

Do you think this is possible? Hardly. Passive repeater ideally transmits all energy received by one antenna over the other antenna. If AP at point A transmits signal at +30 dBm (includes antenna gain) and potential station at point B would receive that signal at say -40dBm (which includes antenna ...
by mkx
Wed Aug 28, 2019 10:47 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1990

Re: Bridge VLAN Filtering help [SOLVED]

In my Netgear switch the same port can be untagged member of several different VLANs and the pvid defines what tag the received packets get, and I think the configuration of the MikroTik bridge VLAN filtering allows the same thing, but why would you want that? My good old Dlink switch has this func...
by mkx
Wed Aug 28, 2019 10:07 pm
Forum: Beginner Basics
Topic: hAP ac^2 Suddenly stopped reaching gateway periodically
Replies: 6
Views: 860

Re: hAP ac^2 Suddenly stopped reaching gateway periodically

Regarding ROS version: my RBD52G is currently running 6.45.1 and is stable. Regarding disabling switch-chip: set hw=no on all ether ports in /interface bridge port . You can verify the status by executing /interface bridge port print ... before disabling HW offload those ports should have a 'H' in t...
by mkx
Wed Aug 28, 2019 9:27 am
Forum: Beginner Basics
Topic: Help Help !! can not route between VLAN's :( :(
Replies: 8
Views: 889

Re: Help Help !! can not route between VLAN's :( :(

- the CRS-internal ping test which also did not and still does not forward the pings !!! very confusing! :shock:

What exactly are your executing for this test?
by mkx
Wed Aug 28, 2019 9:15 am
Forum: General
Topic: Serious problem: Free HDD Space 0 KiB, no space to save settings. RouterOS 6.45.3 [SOLVED]
Replies: 9
Views: 1219

Re: Serious problem: Free HDD Space 0 KiB, no space to save settings. RouterOS 6.45.3 [SOLVED]

Are you running User manager on this unit? If yes, then you really must add some disk storage ... for two reasons: 1. capacity, 2. built-in flash longevity (frequent wites wear off the flash storage, if built-in flash fails, your device becomes a brick without possibility to repair it).
by mkx
Wed Aug 28, 2019 9:07 am
Forum: General
Topic: Hardware Offload off and no Internet connection the first min/sek...
Replies: 2
Views: 442

Re: Hardware Offload off and no Internet connection the first min/sek...

The firewall rules you posted don't warrant use of "use IP firewall" on bridge ... as they all affect the connectivity towards internet and my personal view is that firewall should be running on main router (which ever it is). In addition to that, layer7 rules are very CPU intensive while CRS3xx hav...
by mkx
Wed Aug 28, 2019 9:00 am
Forum: Beginner Basics
Topic: RBM11G + R11e-LTE not working
Replies: 34
Views: 2615

Re: RBM11G + R11e-LTE not working

I realized that the internet dns have from internet have this format aa.bb But..when i create the dhcp server the dns range have this format aaa.bbb..could this create the problem? The format doesn't matter much as long as there are 4 numbers separated with a dot. I.e. 008.008.008.008 is exactly th...
by mkx
Wed Aug 28, 2019 8:58 am
Forum: Beginner Basics
Topic: RBM11G + R11e-LTE not working
Replies: 34
Views: 2615

Re: RBM11G + R11e-LTE not working

Then, probably the problem is that you not have DNS servers on your DHCP. This. Router basically doesn't deal with domain names, it only works with IP addresses. So if you can ping 8.8.8.8 from your PC , then router is forwarding packets between LAN and WAN just fine. You really need to focus on ho...
by mkx
Wed Aug 28, 2019 8:46 am
Forum: Beginner Basics
Topic: RB4011iGS with more subnets
Replies: 11
Views: 1171

Re: RB4011iGS with more subnets

If the RB configuration you posted is complete, then firewall is non-existing (and the device is thus open for any attacks). I strongly suggest to start again, this time select reset with factory defaults to have a very sensible firewall rules enabled. Anyway, if we start from empty firewall, you ca...
by mkx
Wed Aug 28, 2019 8:32 am
Forum: Beginner Basics
Topic: hAP ac^2 Suddenly stopped reaching gateway periodically
Replies: 6
Views: 860

Re: hAP ac^2 Suddenly stopped reaching gateway periodically

I've had similar issue with RBD52G, which went away after I did the following two things: upgrade ROS to 6.44 effectively stopped using switch chip for forwarding the traffice between ether ports (my setup includes VLANs and I configured bridge vlan-filtering which means all ethernet frames have to ...
by mkx
Wed Aug 28, 2019 8:27 am
Forum: Beginner Basics
Topic: Help Help !! can not route between VLAN's :( :(
Replies: 8
Views: 889

Re: Help Help !! can not route between VLAN's :( :(

- I did not post the whole config, mainly because it is big and probably just take the attention away from what at this moment my main problem is. "inter vlan routing". Behavoir is rather vague. As example I cannot ping between GW192.168.216.1 and GW 192.168.218.1. And I can not ping the GW192.168....
by mkx
Tue Aug 27, 2019 8:47 pm
Forum: Beginner Basics
Topic: Very Vague CPU-port- and Bridge-port-access and Bridge to VLAN-binding!
Replies: 1
Views: 274

Re: Very Vague CPU-port- and Bridge-port-access and Bridge to VLAN-binding!

I'm not quite sure that I understand all the details of your "complaint". I agree that VLANs are slightly confusing on ROS. But there is one thing that I guess confuses many people: the bridge. Bridge in ROS has two personalities: "kind of a switch" personality which passes traffic between member po...
by mkx
Tue Aug 27, 2019 4:43 pm
Forum: Beginner Basics
Topic: Remote Name Server [SOLVED]
Replies: 5
Views: 565

Re: Remote Name Server [SOLVED]

Tripple-check that the DST-NAT rule is correct. Also verify that firewall filter rules allow that connection (default filter rule allowing connections with connection-state=dst-nat is fine). Check bind config that it is not denying resolution for non-local clients (it should allow resolution of doma...
by mkx
Tue Aug 27, 2019 3:51 pm
Forum: General
Topic: The LTAP can switch the Dual SIM when the RSSI was weakness?
Replies: 52
Views: 3942

Re: The LTAP can switch the Dual SIM when the RSSI was weakness?

But, please, use RSRP for indication of signal strength ... RSSI includes also all the interference.
by mkx
Tue Aug 27, 2019 2:00 pm
Forum: Beginner Basics
Topic: tag all untagged traffic - can't get it working
Replies: 12
Views: 964

Re: tag all untagged traffic - can't get it working

It is advisable to configure all VLANs are tagged ... which doesn't mean it can not be untagged on the ethernet ports.
I'm having a hard time digesting this one, can you elaborate a little bit please?
Did you study the tutorial I linked in one of my previous posts?
by mkx
Tue Aug 27, 2019 1:55 pm
Forum: General
Topic: ICMP Firewall Potential Bug
Replies: 13
Views: 1160

Re: ICMP Firewall Potential Bug

What would carrier's usually do for this type of thing? This is our new border router before our transit. As a non-ISP person, I'd say ISP/carrier should not firewall much (if any at all) ... not on it's border router anyways. Either leave it to customers or do it at access routers ... unless you d...
by mkx
Tue Aug 27, 2019 1:51 pm
Forum: General
Topic: VLAN configuration approach, correct or not ?
Replies: 5
Views: 652

Re: VLAN configuration approach, correct or not ?

The new (since ROS version 6.41) approach is to have single VLAN-aware bridge spanning all LAN ports. Something in the line of following example: /interface bridge add name=bridge vlan-filtering=yes /interface bridge port add bridge=bridge ingress-filtering=yes frame-types=admit-only-untagged-and-pr...
by mkx
Tue Aug 27, 2019 12:48 pm
Forum: Beginner Basics
Topic: tag all untagged traffic - can't get it working
Replies: 12
Views: 964

Re: tag all untagged traffic - can't get it working

The mentioned tutorial is explaining the "bridge VLAN" (mentioned as #2 on my list). What you describe you want to do is perfectly doable. The tutorial briefly touches the "hybrid" setup - one VLAN untagged (native) and the rest of VLANs tagged, but also notes that hybrid access is a bit problematic...
by mkx
Tue Aug 27, 2019 12:34 pm
Forum: Beginner Basics
Topic: Help Help !! can not route between VLAN's :( :(
Replies: 8
Views: 889

Re: Help Help !! can not route between VLAN's :( :(

My guess is that the problem is what I wrote in the paragraph starting with "BTW, when constructing a member list of interfaces ...". However, I can't tell if that's the main reason because reasons for things not working as intended are numerous and you chose not to show complete configuration stuff.
by mkx
Tue Aug 27, 2019 10:55 am
Forum: Beginner Basics
Topic: Remote Name Server [SOLVED]
Replies: 5
Views: 565

Re: Remote Name Server [SOLVED]

May I install NS behind Mikrotik? (for this plan)

Sure you can. And establish port forwarding (port 53, protocols both TCP and UDP, forwarded to the server you'll use as NS).
by mkx
Tue Aug 27, 2019 9:21 am
Forum: General
Topic: ICMP Firewall Potential Bug
Replies: 13
Views: 1160

Re: ICMP Firewall Potential Bug

What is my solution to allow traceroutes into my network? If the traceroute uses UDP packets, it mostly selects a random destination UDP port and you can't really do anything to make it work if you don't want to open up just everything. If traceroute uses TCP packets (there's a tcptraceroute in lin...
by mkx
Tue Aug 27, 2019 8:55 am
Forum: General
Topic: Weird IPv6 stuff
Replies: 4
Views: 487

Re: Weird IPv6 stuff

How did router assign the anycast address to itself? If I issue /ipv6 address add interface=ether1 from-pool=<IPv6 pool name> then it will auto select a valid unicast address ... If you set it manually (as in /ipv6 address set interface=ether1 address=aaaa:bbbb::/64 ) then as I said, IPv6 in current...
by mkx
Tue Aug 27, 2019 8:41 am
Forum: Beginner Basics
Topic: Help Help !! can not route between VLAN's :( :(
Replies: 8
Views: 889

Re: Help Help !! can not route between VLAN's :( :(

The VLAN setup in config export is a minor mess. I suggest you to read through this tutorial . BTW, when constructing a member list of interfaces, only individual interface names may be enclosed in double quotes, not the whole list. I.e. tagged="05 GS1920,VirtualSwitch1,11 NAS_EM0" is not the same a...
by mkx
Tue Aug 27, 2019 8:32 am
Forum: Beginner Basics
Topic: tag all untagged traffic - can't get it working
Replies: 12
Views: 964

Re: tag all untagged traffic - can't get it working

I do have a VLAN configured in a bridge. The config command you posted a few posts back indicates that you're configuring VLANs on switch chip. So there are two ways of doing it: On switch chip You configure things in /interface ethernet switch port and /interface ethernet switch vlan configuraton ...
by mkx
Tue Aug 27, 2019 8:15 am
Forum: General
Topic: Request: FEC tunnel types
Replies: 27
Views: 3092

Re: Request: FEC tunnel types

@Amm0: what makes you claim that LTE is lossy?
by mkx
Mon Aug 26, 2019 8:27 pm
Forum: General
Topic: ICMP Firewall Potential Bug
Replies: 13
Views: 1160

Re: ICMP Firewall Potential Bug

Different traceroute programmes use different packet types. Some use same ICMP packets (windows does it IIRC), some use some UDP (linux does it).
by mkx
Mon Aug 26, 2019 8:11 pm
Forum: Beginner Basics
Topic: RBM11G + R11e-LTE not working
Replies: 34
Views: 2615

Re: RBM11G + R11e-LTE not working

What do print the following commands? /interface print detail /ip dhcp-client print detail # obfuscate any public data /ip address print detail # you might want to obfuscate public WAN address here /ip route print detail # obfuscate the public route Just try to obfuscate public data following the sa...
by mkx
Mon Aug 26, 2019 7:34 pm
Forum: General
Topic: Force NTP Client Update
Replies: 5
Views: 427

Re: Force NTP Client Update

Hey ntp client will determine on it's own how frequently it should poll the upstream server for time update. Usually it starts at 64s and backs down down to 1024s, once clocks are in sync and drift is under control. The problem is that mine is drifting too much for some reason, I need to manually u...
by mkx
Mon Aug 26, 2019 7:04 pm
Forum: General
Topic: Weird IPv6 stuff
Replies: 4
Views: 487

Re: Weird IPv6 stuff

2001:4bb8:248:2868::/64 is a network address (similar to aaa.bb.cc.0/24 in IPv4) do setting this address as host address is invalid (ability to set it anyway is a bug, but then lots of IPv6 implementation in current ROS is buggy).
by mkx
Mon Aug 26, 2019 6:55 pm
Forum: Beginner Basics
Topic: Remote Name Server [SOLVED]
Replies: 5
Views: 565

Re: Remote Name Server [SOLVED]

Could I use one IP address to two (or more) domain? Yes, if different subdomains resolve to same IP address. Most (if no all) HTTP servers support name based virtual servers. Non-ancient HTTPS srrvers do as well (using TLS SNI). How could I delegate to sub.domain.com to world wide? Could I use this...
by mkx
Mon Aug 26, 2019 6:47 pm
Forum: Beginner Basics
Topic: RBM11G + R11e-LTE not working
Replies: 34
Views: 2615

Re: RBM11G + R11e-LTE not working

Post full configuration of RBM11G ... you can get it by executing command /export hide-sensitive in a command window. Hide sensitive data (such as usernames and passwords) and then post it here, enclosing it in [code][/code] environment for better readability..
by mkx
Mon Aug 26, 2019 6:42 pm
Forum: Beginner Basics
Topic: hAP AC2 as main router over bridge setup
Replies: 2
Views: 371

Re: hAP AC2 as main router over bridge setup

Personally I'd add another RBD52G where Technicolor is. Then I'd forget about Technicolor's wireless, routing and firewalling (in short: configure it to bridge mode so that it semi-transparently passes traffic to your main RB). Then I'd configure one of RBD52Gs (possibly the one in the store room) t...
by mkx
Mon Aug 26, 2019 12:13 pm
Forum: Beginner Basics
Topic: RBM11G + R11e-LTE not working
Replies: 34
Views: 2615

Re: RBM11G + R11e-LTE not working

Does internet work on RBM11G itself? You can check it by executing
/ping www.google.com
If this works, then it's something about LAN setup (either IP settings on router, DHCP settings or firewall rules). If it doesn't, then it's something about LTE and/or WAN setup.
by mkx
Mon Aug 26, 2019 8:39 am
Forum: Beginner Basics
Topic: RBM11G + R11e-LTE not working
Replies: 34
Views: 2615

Re: RBM11G + R11e-LTE not working

IP -> Firewall -> NAT Add Chain: srcnat Out. Interface: lte1 Action: Masquerade (This on "action" tab) Regards. Or, better yet (if using firewall rules resembling default rules from recent ROS versions) add lte1 interface to WAN interface list. It'll magically make RB to use all the right firewall ...
by mkx
Mon Aug 26, 2019 8:38 am
Forum: Beginner Basics
Topic: Wireless CM9
Replies: 1
Views: 239

Re: Wireless CM9

A quick search in the internet reveals one CM9 minipci wireless card ... which seems to be single radio (with dual chain), but 2.4/5 GHz selectable. Which means you need two cards for your use case.
by mkx
Mon Aug 26, 2019 8:26 am
Forum: Beginner Basics
Topic: RB4011iGS with more subnets
Replies: 11
Views: 1171

Re: RB4011iGS with more subnets

The shown configuration doesn't correspond to how you described the config: - ether2 is 192.168.10.1/24, DHCP - connected to PC1 (Windows, IP 192.168.10.254) - ether10 is 192.168.20.1/24, DHCP - connected to PC2 (Windows, IP 192.168.20.254) The config doesn't show any IP config on ether2 - there's a...
by mkx
Sun Aug 25, 2019 10:59 pm
Forum: Wireless Networking
Topic: WiFi QOS keeps mobile device awake (WMM?)
Replies: 3
Views: 588

Re: WiFi QOS keeps mobile device awake (WMM?)

So you set keepalive-frames=enabled and then you find odd the fact that clients are kept alive?
by mkx
Sun Aug 25, 2019 10:47 pm
Forum: Beginner Basics
Topic: RB4011iGS with more subnets
Replies: 11
Views: 1171

Re: RB4011iGS with more subnets

As somebody replied in some thread: the magic ball department is using another forum. If you want to get some useful input here, start by posting complete configuration - you can get it running /export hide-sensitive in command window.
by mkx
Sat Aug 24, 2019 10:30 pm
Forum: General
Topic: NTP Server Open to Internet
Replies: 1
Views: 306

Re: NTP Server Open to Internet

You'll have to add a firewall filter which will allow connections to UDP port 123 in chain=input ... and place this firewall rule above general drop all rule for same chain.
by mkx
Sat Aug 24, 2019 10:21 pm
Forum: Beginner Basics
Topic: Providing re-sellers real IP
Replies: 4
Views: 586

Re: Providing re-sellers real IP

First guess: you currently have one generic SRC-NAT rule (possibly with action=masquerade). You'll have to add specific SRC-NAT rule for each reseller, i.e. /ip firewall nat add action=src-nat chain=srcnat comment="reseller1" out-interface=<ISP interface> src-address=192.168.60.1/30 to-addresses=00...
by mkx
Sat Aug 24, 2019 8:22 pm
Forum: Beginner Basics
Topic: Need help with specific configuration on mAP lite
Replies: 4
Views: 551

Re: Need help with specific configuration on mAP lite

As your main wifi AP is not Mikrotik, you are very limited in selection of station modes. Really read tge manual document I linked in my previous post, it'll explain all the problems you're facing. I'm not familiar with QuickSet modes so I can't comment of feasibility of CPE mode for this particular...
by mkx
Sat Aug 24, 2019 8:13 pm
Forum: Beginner Basics
Topic: Providing re-sellers real IP
Replies: 4
Views: 586

Re: Providing re-sellers real IP

First guess: you currently have one generic SRC-NAT rule (possibly with action=masquerade). You'll have to add specific SRC-NAT rule for each reseller, i.e. /ip firewall nat add action=src-nat chain=srcnat comment="reseller1" out-interface=<ISP interface> src-address=192.168.60.1/30 to-addresses=000...
by mkx
Sat Aug 24, 2019 7:57 pm
Forum: General
Topic: Plex + Dynamic IP + DHCP IP
Replies: 4
Views: 511

Re: Plex + Dynamic IP + DHCP IP

... but will the hEX always force this MAC to x.x.x.27, nomatter wifi or rj45? DHCP server doesn't know hor does it care which interface Plex uses to connect to LAN, it only cares about MAC address ... so if Plex will use same MAC address for either wired or wlan connection, then DHCP server will o...
by mkx
Sat Aug 24, 2019 7:37 pm
Forum: Beginner Basics
Topic: Need help with specific configuration on mAP lite
Replies: 4
Views: 551

Re: Need help with specific configuration on mAP lite

The problem you're facing is that plain 802.11 doesn't support wireless bridges (which would transparently connect two parts of wired network). Most of WiFi vendors solve this using some proprietary extensions, so does Mikrotik. This, however, means that both APs participating in such bridge have to...
by mkx
Sat Aug 24, 2019 3:19 pm
Forum: General
Topic: Plex + Dynamic IP + DHCP IP
Replies: 4
Views: 511

Re: Plex + Dynamic IP + DHCP IP

For DST-NAT the WAN IP address doesn't really matter, it can be done without referencing it. However, destination (LAN/DMZ server) needs to have static IP address. And this part is not possible (at least with ROS DHCP server) if server's MAC address changes (each network interface has different MAC ...
by mkx
Sat Aug 24, 2019 12:43 pm
Forum: Beginner Basics
Topic: How to dumb bridge (?) using hAP ac lite
Replies: 11
Views: 1028

Re: How to dumb bridge (?) using hAP ac lite

Well, it isn't showing up in winbox.
I'm not sure about this, but it could be that device is not accepting MAC connections over ether1 ... so if your management PC is connected to ether1, try to plug it to some other ether port ...
by mkx
Sat Aug 24, 2019 12:37 pm
Forum: General
Topic: Recommended upgrade paths?
Replies: 2
Views: 468

Re: Recommended upgrade paths?

My suggestion for upgrades: export configuration to plain text using command /export verbose file=exported-config.rsc and copy file to management computer first upgrade to latest release with same major version number (e.g. upgrade the 4.10 device to 4.17) then upgrade it to lowest version with next...
by mkx
Fri Aug 23, 2019 10:41 pm
Forum: RouterBOARD hardware
Topic: RB2011UIAS-2HND-IN completely dead
Replies: 5
Views: 834

Re: RB2011UIAS-2HND-IN completely dead

I'd try with another power supply anyway. The modern switching type of power supplies tend to fail in the way that they provide correct voltage when not under load. When loaded, they drop the voltage and as the time goes by, voltage drop increases to the point when powered device no longer works (co...
by mkx
Fri Aug 23, 2019 10:25 pm
Forum: Wireless Networking
Topic: wireless repeater mode and IPv6 [SOLVED]
Replies: 4
Views: 560

Re: wireless repeater mode and IPv6 [SOLVED]

If both AP3 and AP2 are mikrotik, then you can create transparent wireless hop if you set one of the two APs to mode=bridge or mode=ap-bridge (the former if both APs are used exclusively for point-to-point connection, the later if master AP should serve "normal" stations as well). The other AP shoul...
by mkx
Fri Aug 23, 2019 10:16 pm
Forum: General
Topic: Routing or Bridge for p2p wireless link
Replies: 4
Views: 493

Re: Routing or Bridge for p2p wireless link

Bridge means less package processing on the involved devices ... which means lower delay and possibly higher throughput. However, bridge also means broadcasts (including ARP requests) for the whole subnet will hit all the wireless links (presumably bottlenecks) ... which means somewhat reduced throu...
by mkx
Fri Aug 23, 2019 9:45 pm
Forum: General
Topic: Firewall Rules PPPoE vs ethernet-port
Replies: 9
Views: 970

Re: Firewall Rules PPPoE vs ethernet-port

Just noticed: on the "non-standard" router the accept filter rule is in chain=forward ... should be in chain=input if IPsec is terminated on router itself. Thank you for your input. Tried also with chain=input - doesn't work either. I'm under the impression I didn't explain the setup good enough: M...
by mkx
Fri Aug 23, 2019 8:08 pm
Forum: Beginner Basics
Topic: How to dumb bridge (?) using hAP ac lite
Replies: 11
Views: 1028

Re: How to dumb bridge (?) using hAP ac lite

Winbox searches for routerboard devices and presents a list. Then you select presented device. Devices don't need IP address configured.

When device is reset to no configuration, it doesn't have IP address nor runs DHCP client ...
by mkx
Fri Aug 23, 2019 7:55 pm
Forum: General
Topic: Firewall Rules PPPoE vs ethernet-port
Replies: 9
Views: 970

Re: Firewall Rules PPPoE vs ethernet-port

Just noticed: on the "non-standard" router the accept filter rule is in chain=forward ... should be in chain=input if IPsec is terminated on router itself.
by mkx
Fri Aug 23, 2019 4:28 pm
Forum: General
Topic: Test for leaking VLAN's
Replies: 4
Views: 523

Re: Test for leaking VLAN's

First off you have to decide how you're supposed to see that a packet has leaked to the wrong VLAN. VLAN ID is obviously a wrong choice (specially so in the untagged section of a VLAN). You could look for packets with sender/receiver MAC address which are not supposed to be in the observed VLAN ... ...
by mkx
Fri Aug 23, 2019 4:20 pm
Forum: General
Topic: Firewall Rules PPPoE vs ethernet-port
Replies: 9
Views: 970

Re: Firewall Rules PPPoE vs ethernet-port

Are you absolutely positive that the "black box router" is transparent regarding udp ports 500 and 1701?

Generally firewall rules don't care about different ports other than using them as additional match criterion.
by mkx
Fri Aug 23, 2019 4:13 pm
Forum: Beginner Basics
Topic: Simplifying my forward chain? [SOLVED]
Replies: 6
Views: 676

Re: Simplifying my forward chain? [SOLVED]

Safer (and sometimes easier) way is to construct a list of explicitly allowed connections and drop the rest at the end. Your current one is the opposite: drop watever you thought it should be dropped and (implicitly) allow the rest. Any way you do it, there's an essential rule missing in your curren...
by mkx
Fri Aug 23, 2019 4:09 pm
Forum: Beginner Basics
Topic: VLAN on ISP connection
Replies: 2
Views: 366

Re: VLAN on ISP connection

The most straightnforward way, but with some limitations which might bite you in the future, would be this: keep ether1 (ISP) off any bridge at all costs create needed vlan interfaces off the ether1 - you probably already created one for VLAN 640 so you need to add one for VLAN 300 and possibly one ...
by mkx
Fri Aug 23, 2019 3:50 pm
Forum: General
Topic: Passive POE question (RB4011iGS+RM / cAP ac)
Replies: 1
Views: 369

Re: Passive POE question (RB4011iGS+RM / cAP ac)

PoE out for RB4011 actually says 600mA for voltages less than 30V and 400mA for voltages above 30V. Specs say about cAP ac consumption that it's 13W without attachments and 24W maximum. I'm not surewhat does count as attachment, but let's say you want to power "bare" cAP acs, so let's calculate with...
by mkx
Fri Aug 23, 2019 9:27 am
Forum: General
Topic: RB960PGS with POE burns in lightning
Replies: 1
Views: 303

Re: RB960PGS with POE burns in lightning

... inside the village there are RB960PGS connected to each other on cat5e cable ... Lightning strikes, even if not really near, can cause considerable voltage inducted in any metallic cable. Which includes cat5e cables if those are not laid inside some steel-reinforced concrete which would shield ...
by mkx
Fri Aug 23, 2019 9:09 am
Forum: Beginner Basics
Topic: How to dumb bridge (?) using hAP ac lite
Replies: 11
Views: 1028

Re: How to dumb bridge (?) using hAP ac lite

... reset the hAP ac lite with no defaults connect ot hAP ac lite using winbox MAC connection and configure the following: I thought that combination of these two steps would leave device with no configuration whatsoever, no bridge etc. I'm pretty sure that the first quoted bullet can not be achiev...
by mkx
Fri Aug 23, 2019 8:16 am
Forum: Beginner Basics
Topic: How to effectively configure 6 hEX units ?
Replies: 5
Views: 697

Re: How to effectively configure 6 hEX units ?

Configure 1 how you want it. Do an /export and then do a full reset on the others and import the .rsc file you made from the first one. Which would cover all but last two OP's points (SSH keys and password) ... those two are only possible to automate by using (binary) backups which should not be us...
by mkx
Fri Aug 23, 2019 8:06 am
Forum: Announcements
Topic: hAP lite
Replies: 389
Views: 164136

Re: hAP lite

Something like RB450Gx4 ...?
Or, if amount of RAM and storage offered by RB450Gx4 is not needed, a RBD52G (with wireless disabled) might be considered as well ... comes with a case and lower price-tag while offering same wired performance.
by mkx
Thu Aug 22, 2019 1:44 pm
Forum: General
Topic: fasttrack or RAW is better for blocking ddos attacks?
Replies: 2
Views: 324

Re: fasttrack or RAW is better for blocking ddos attacks?

On the other hand, if you need connection tracking enabled, then RAW is the place to drop DDOS packets.
by mkx
Thu Aug 22, 2019 8:40 am
Forum: Beginner Basics
Topic: How to dumb bridge (?) using hAP ac lite
Replies: 11
Views: 1028

Re: How to dumb bridge (?) using hAP ac lite

I'm not sure about the QuickSet modes (I'm pretty sure there isn't one for exactly this setup, but there might be something really close to it ... and I may be entirely wrong about this), but you could go this way: download and install winbox to your management computer (if you're not familiar: that...
by mkx
Thu Aug 22, 2019 8:33 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154814

Re: RouterOS v7.0 beta1 - when?

Maybe you are going backwards :)

Seems like that indeed :wink:

I certainly hope that folders from @Normis' screenshot are created in advance and that 7.0alpha219 was empty at the time ... which would mean that there are 219 alpha releases to go before we get some public RC :mrgreen:
by mkx
Wed Aug 21, 2019 3:43 pm
Forum: Beginner Basics
Topic: Remote Winbox access blocked from IP Services IP auto fill in from address, How do i stop the auto config
Replies: 1
Views: 300

Re: Remote Winbox access blocked from IP Services IP auto fill in from address, How do i stop the auto config

There was a winbox vulnerability present for quite a while which allowed remote user to use winbox service without knowing correct password (and username). You may want to check this thread to check if your problems are related ...
by mkx
Wed Aug 21, 2019 9:15 am
Forum: General
Topic: question about CCR 1072 CPU
Replies: 3
Views: 525

Re: question about CCR 1072 CPU

CPU producer marks CPUs with stock frequency with a reason. And the reason is that according to tests (and 6-sigma process) the CPU will run at stock frequency without a glitch for designed life-time. If the same CPU is run at higher frequency, it might not run without a glitch (over-clocking tricks...
by mkx
Wed Aug 21, 2019 9:03 am
Forum: General
Topic: Question about CCR and inter-vlan routing performances
Replies: 7
Views: 838

Re: Question about CCR and inter-vlan routing performances

I am more concerned if the CCR can use more than one CPU core when you have all traffic on 1 interface. (normally when you run 8 different interfaces the interrupt load and part of the filtering is spread over 8 cores) Even if interrupts are mapped statically (i.e. portX always interrupts coreY) - ...
by mkx
Tue Aug 20, 2019 10:57 pm
Forum: General
Topic: CCR1036 inter-vlan routing performance issue
Replies: 1
Views: 258

Re: CCR1036 inter-vlan routing performance issue

I'm afraid you're hitting the ceiling for single-connection throughput. Routing is single core per connection. If you'll test multiple parallel connections (e.g. 10), router will use more cores and cumulative throughput will be better.
by mkx
Tue Aug 20, 2019 10:52 pm
Forum: General
Topic: Not receive Advertising Link Partner SFP+, to SFP+
Replies: 1
Views: 300

Re: Not receive Advertising Link Partner SFP+, to SFP+

Auto negotiation is set to disabled. In this case there is no advertisements ... instead parameters are hard set to 1Gbps full-duplex. If the other end is not set to exactly the same, it's likely to see link failure...
by mkx
Tue Aug 20, 2019 10:46 pm
Forum: Beginner Basics
Topic: 4G LTE Confusion
Replies: 3
Views: 541

Re: 4G LTE Confusion

SXT-4g support ONLY 4G. It will not connect over anything other. SXT-LTE support 4G+3G+2G. In addition to that, 4G supports less of commonly used frequency bands than LTE (bands 1 - 2100MHz and 8 - 900 MHz). Also TDD band support is different. Whether this matters or not ... you'll have to find out...
by mkx
Tue Aug 20, 2019 3:02 pm
Forum: General
Topic: 1:1 Nat from ISP Can't port forward
Replies: 2
Views: 382

Re: 1:1 Nat from ISP Can't port forward

Probably you don't need netmap, you rather need (a few) simple DST-NAT rules ... where dst-address is router's WAN IP address (192.168.0.1) ... router knows nothing about real WAN IP, it is already hidden by ISP's modem.
by mkx
Tue Aug 20, 2019 12:36 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207859

Re: Feature requests

2. With your topic you want to say that the accuracy difference NTP+1PPS versus IEEE1588 is insignificant? 3. If in the future I decide to use a PTP/IEEE1588 grandmaster server and broadcast/unicast the clock via a VLAN, will this process of tagging/untagging have a big impact on the accuracy of th...
by mkx
Tue Aug 20, 2019 12:10 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207859

Re: Feature requests

1. Is there any component/hardware (eg: GPS) of a Mikrotik equipment which can provide to the other LAN equipment such kind of signal (1PPS)? 1. No idea. If I have to choose, then I'd hesitantly choose a yes. According to wiki (https://wiki.mikrotik.com/wiki/Manual:System/GPS): Note: The time is no...
by mkx
Tue Aug 20, 2019 11:30 am
Forum: General
Topic: RB450G to RB450G☓4 How to Transfer State
Replies: 10
Views: 1038

Re: RB450G to RB450G☓4 How to Transfer State

... would like to transfer my DNS cache of my establish, related IP state to the new router. The old router I had kept the default IP address (192.168.88.1); however, on the new router, the address and range is 10.0.8.2-10.0.8.254 with router on 10.0.8.1. You can't. Connection tracking states are m...
by mkx
Mon Aug 19, 2019 10:05 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207859

Re: Feature requests

2. If you use NTP (which is the most precise timing protocol supported by mikrotik) to propagate the time, then I don't think you gain much by using 1PPS source ... Precission gain will have order of magnitude of milliseconds and that's also order of magnitude of precission obtainable using NTP ove...
by mkx
Mon Aug 19, 2019 9:37 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207859

Re: Feature requests

Still I want to ask you about 1PPS signal. 1. Is there any component/hardware (eg: GPS) of a Mikrotik equipment which can provide to the other LAN equipment such kind of signal (1PPS)? 2. I have a heX router (NTP client) which is synchronized to a RB1100AH (NTP server). Directly connected to heX, t...
by mkx
Mon Aug 19, 2019 5:15 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207859

Re: Feature requests

Answer to questions 1,2,4 and 5 is: No. Variation of answer to question 2: most decent switches/routers are good enough as a (single?) step in otherwise fully IEEE1588-compliant path if they are lightly loaded so that delay jitter is really low. This way the additional constant delay due to active d...
by mkx
Sun Aug 18, 2019 11:30 am
Forum: Wireless Networking
Topic: Bridge VLAN performance drop
Replies: 1
Views: 329

Re: Bridge VLAN performance drop

CRS3xx should have HW offload support for VLANs ... if things are configured properly it should not experience any slowdowns in intra-VLAN frame forwarding. You shoukd be aware that CRS devices are essentially switches and L3 (routing) performance is lagging far behind. So whether the observed 30% p...
by mkx
Sat Aug 17, 2019 6:24 pm
Forum: Beginner Basics
Topic: Routing both lan and wan on one interface
Replies: 1
Views: 359

Re: Routing both lan and wan on one interface

It is possible and I'm sure there are many ways to do it. From L2 (connectivity) point of view, you can use separate VLANs to separate different networks (WAN v.s. LAN) passing the same wire. From L3 point kf view, you may want to consider if firewalling the WAN-addressed virtual server should be do...
by mkx
Sat Aug 03, 2019 9:19 pm
Forum: General
Topic: Transparent NAT
Replies: 5
Views: 558

Re: Transparent NAT

Most LTE modems playing smart by doing NAT themselves are not configurable enough to do netmap-style of NAT ... even if they do, you should find a way to configure that on the LTE modem thingy, nothing to be done on RB. And since you want to perform NAT on CCR in a smart way, you can't do netmap-sty...
by mkx
Sat Aug 03, 2019 7:31 pm
Forum: RouterBOARD hardware
Topic: CRS112x strange issue [SOLVED]
Replies: 7
Views: 1013

Re: CRS112x strange issue [SOLVED]

How are PCs set-up ... IP address, subnet mask, default gateway? Is there a DHCP server involved or you set them up manually?
by mkx
Sat Aug 03, 2019 5:07 pm
Forum: RouterBOARD hardware
Topic: CRS112x strange issue [SOLVED]
Replies: 7
Views: 1013

Re: CRS112x strange issue [SOLVED]

Did you tey to reboot CRS after change of IP? It shouldn't matter, but who knows ...

Does /interface bridge port print show 'H' in flags column for ether and sfp ports?
by mkx
Sat Aug 03, 2019 2:35 pm
Forum: Beginner Basics
Topic: Access DSL modem in "bridge mode" behind Mikrotik [SOLVED]
Replies: 12
Views: 1227

Re: Access DSL modem in "bridge mode" behind Mikrotik [SOLVED]

When you're testing ping from PfSense, does counter of the appropriate masquerade rule increase?
by mkx
Sat Aug 03, 2019 1:04 pm
Forum: Beginner Basics
Topic: Not showing IP on connected devices [SOLVED]
Replies: 13
Views: 1094

Re: Not showing IP on connected devices [SOLVED]

Please post output of command /export hide-sensitive (run it from a command window) ... and obfuscate public addresses ... paste it inside [code][/code] environment for better readability.

No need for verbosity, but do post complete setup, sometimes problems are hidden elsewhere.
by mkx
Sat Aug 03, 2019 12:58 pm
Forum: Beginner Basics
Topic: Two VLANs in a bridge or two bridges
Replies: 2
Views: 454

Re: Two VLANs in a bridge or two bridges

Option with two bridges allows HW offload on ether ports of one of bridges (probably you want this on LAN bridge), while single-bridge-multiple-VLAN does not if VLANs are configured on bridge.. If functionality-wise you're happy with your current setup, then you should stick to it. If you stick to t...
by mkx
Sat Aug 03, 2019 12:30 pm
Forum: Beginner Basics
Topic: Access DSL modem in "bridge mode" behind Mikrotik [SOLVED]
Replies: 12
Views: 1227

Re: Access DSL modem in "bridge mode" behind Mikrotik [SOLVED]

Does PfSense know about 172.16.2.0/24? Or it treats it as "normal" WAN address?

Can your RB ping Vigor?
by mkx
Sat Aug 03, 2019 10:19 am
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1444

Re: Very simple VLAN

Thanks - and is there a simple way to "tie" the two subnets together so that everything (including broadcast) works across them both? Subnets and common broadcast domains don't go together. Unless you know well what you're doing ... but then you wouldn't be asking this particular question here ...
by mkx
Sat Aug 03, 2019 10:16 am
Forum: Beginner Basics
Topic: Port Forward/Passthrough
Replies: 5
Views: 542

Re: Port Forward/Passthrough

By default, connections from LAN to WAN are not restricted in any way. The only requirement us a working SRC-NAT configuration (which is there by default on SOHO models as well unless WAN connectivity type is a non-common one). You're mentioning a /25 WAN subnet which indicates a non-common setup (f...
by mkx
Fri Aug 02, 2019 7:39 pm
Forum: Beginner Basics
Topic: Routing between bridged interfaces and a port [SOLVED]
Replies: 1
Views: 386

Re: Routing between bridged interfaces and a port [SOLVED]

Router needs IP address for each subnet it should be routing to/from.

Read up some IP routing basics ... when you do, don't skip the part with multiple routers in same network, this is the part where fun begins.
by mkx
Fri Aug 02, 2019 2:32 pm
Forum: Beginner Basics
Topic: Router for 1Gbit Wan from Mikrotik (What model?)
Replies: 4
Views: 744

Re: Router for 1Gbit Wan from Mikrotik (What model?)

CRS line are switches with L3 functionality. It's fine to use them with ROS as switches (you don't have to boot SwOS for that). You should go for RB line, such as RB750Gr3 (which probably barely reaches your requirements) or some faster model (those typically come with bigger number of ports) such a...
by mkx
Thu Aug 01, 2019 5:41 pm
Forum: General
Topic: CRS317-1G-16S+RM as storage switch
Replies: 4
Views: 651

Re: CRS317-1G-16S+RM as storage switch

CRSes will be as good as any other managed switch with regard to iSCSI...
by mkx
Thu Aug 01, 2019 3:10 pm
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 18
Views: 2316

Re: GPeR question

I can see a communication noise happening around here. How about MT guys writing a few lines of technical description about GPeR ... what is it, how it works. Doesn't really have to disclose some patented technology ... I guess it's about a fairly simple (electrical) signal shaper with some DC bypas...
by mkx
Thu Aug 01, 2019 12:33 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming
Replies: 47
Views: 24522

Re: RouterBOARD naming

1. I prefer the classic or Hex-S (!) style :-)

Say hello to Flintstones next time you meet them :wink:

Black is new white :lol:
by mkx
Thu Aug 01, 2019 12:30 pm
Forum: RouterBOARD hardware
Topic: 1100x4 unexpected downgrade
Replies: 4
Views: 531

Re: 1100x4 unexpected downgrade

This could happen if NAND was partitioned (for fall-back) and the backup partition never got updated (neither ROS nor config). The mechanism is such that routerboot starts device from the other partition if there's an error making RB to reboot. Power outage counts as such (personally I don't think p...
by mkx
Thu Aug 01, 2019 12:24 pm
Forum: Wireless Networking
Topic: Long range connection
Replies: 17
Views: 1468

Re: Long range connection

Other technologies like 4G use a lot more power and they can do it. Just a tad of nitpicking: user's equipment in 4G operates at similar Tx powers as WiFi (max Tx power at around 20dBm) and also uses similarly shitty antennae (with gain around 0dBi) ... the difference is in the base stations: those...
by mkx
Thu Aug 01, 2019 7:02 am
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 1164

Re: No internet on LAN - hex rb750gr3 with E3372

So did you try to add lte1 interface to WAN interface list? Did it do the trick or not?
by mkx
Wed Jul 31, 2019 10:20 pm
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 1164

Re: No internet on LAN - hex rb750gr3 with E3372

None of your routing information/config is there?? Probably because all of it is dynamic. /ip route print and /ip address print would reveal lots of things. Before posting output of these commands do obfuscate public IP addresses ... but do it consistently so that it will be obvious what belongs to...
by mkx
Wed Jul 31, 2019 3:49 pm
Forum: Beginner Basics
Topic: NAT is blocking the acess to that port when active
Replies: 2
Views: 380

Re: NAT is blocking the acess to that port when active

Probably your DST-NAT rule is too general. Execute command /ip firewall nat export in a terminal window and post result here.
by mkx
Tue Jul 30, 2019 11:25 pm
Forum: General
Topic: NAT to a local server
Replies: 25
Views: 1885

Re: NAT to a local server

When setting in-interface=bridge NAT should stop working for connections from WAN ...
by mkx
Tue Jul 30, 2019 11:11 pm
Forum: Wireless Networking
Topic: How to get signal-strength from wireless card
Replies: 3
Views: 537

Re: How to get signal-strength from wireless card

Signal strength has its meaning for the receiving party. When device is in station mode, it only talks to single peer and signal strength of that peer is a fairly good indication of the two-way connection quality. When device is in ap mode (any of them), it's talking to many peers and none of them c...
by mkx
Tue Jul 30, 2019 5:31 pm
Forum: General
Topic: Calculating Power Consumption for POE
Replies: 2
Views: 411

Re: Calculating Power Consumption for POE

cAP ac supports PoE-out ... connected PoE client would count as attachment. Some other devices feature USB ports which can be used to connect some power-hungry peripherials, such as LTE modems or flash sticks... Or miniPCIe slots to add wireless or LTE interfaces ... All of those count as attachments.
by mkx
Tue Jul 30, 2019 5:22 pm
Forum: General
Topic: Router OS in GSM environment
Replies: 2
Views: 413

Re: Router OS in GSM environment

Routeros is about data (IP in particular) routing. If you're talking about VoIP, then many people did it. If you're talking about GSM circuit-switched voice, then ROS won't help you. Not many GSM chipsets support digital voice break-out ... and even if some does, it is 64kbps ADPCM or something simi...
by mkx
Mon Jul 29, 2019 11:16 pm
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 18
Views: 2316

Re: GPeR question

1) Of course it matters (and two port has nothing to do with it) Really ... what's the big difference between 2-port ethernet hub and 2-port ethernet switch? And yes, port count has everything to do with it. Instead of forwarding frame to the other port because forwarding table (MAC address list) o...
by mkx
Mon Jul 29, 2019 5:49 pm
Forum: General
Topic: PPPoE Client as main Link 3G as Backup
Replies: 1
Views: 304

Re: PPPoE Client as main Link 3G as Backup

How about searching for mikrotik dual wan failover using your favourite internet search page? One of top results is this manual page, seems promissing to me.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10