Community discussions

Search found 2450 matches

by mkx
Thu May 17, 2018 9:42 pm
Forum: Beginner Basics
Topic: RB3011 and EAP245
Replies: 1
Views: 254

Re: RB3011 and EAP245

No, you can not. Mikrotik's "passive PoE" is nothing like 802.3at.

A hint: RB accepts 10-30V. 802.3at is -48V (nominally, in reality it can be up to -60V).
by mkx
Sat May 12, 2018 12:50 pm
Forum: General
Topic: Issues related to upgrading, downgrading and infected routers
Replies: 2
Views: 298

Re: Issues related to upgrading, downgrading and infected routers

ROS and firmware upgrades only patch the vulnerabilities through which routers got infected. If infection changed configuration or added scripts, then you need to review them manually. There's no way upgrade could determine which part of setup is intended by legitimate admin and which part is added ...
by mkx
Thu May 10, 2018 11:38 pm
Forum: Beginner Basics
Topic: Access Control between VLANs
Replies: 53
Views: 5585

Re: Access Control between VLANs

By default, routers will route between all of its IP interfaces. If you want to prevent it, you have to use firewall filtering. Something like this: /ip firewall filter add chain=forward action=deny src-address=first.ip.sub.net/24 dst-address=second.ip.sub.net/24 comment="No routing between subnets ...
by mkx
Thu May 10, 2018 11:07 pm
Forum: Beginner Basics
Topic: Can't find multiroom speakers on Mikrotik network
Replies: 6
Views: 622

Re: Can't find multiroom speakers on Mikrotik network

It could be the following: if there are two unrelated DHCP servers serving same physical network, then both react to DHCP requests. Then it's up to server speed and pure luck as to which DHCP reply is selected by DHCP client. You could be unlucky next time ...
by mkx
Thu May 10, 2018 11:02 pm
Forum: Announcements
Topic: Significant improvement for wireless Nv2 PtMP
Replies: 245
Views: 49799

Re: Significant improvement for wireless Nv2 PtMP

@WirelessRudy: indeed if you only replace equipment and keep the wireless parameters the same, you get better performance. What I was trying to show is that it's only normal that 'ac' has better performance because that's simply necessary for 'ac' modus operandi. Without it, 'ac' performance would b...
by mkx
Thu May 10, 2018 6:23 pm
Forum: Announcements
Topic: Significant improvement for wireless Nv2 PtMP
Replies: 245
Views: 49799

Re: Significant improvement for wireless Nv2 PtMP

- Apart from that, 'ac' chipsets are 1 to 2dB more powerful then its 'n' counterparts. See the specs of MT radios. (An SXT-5Lite has 22dBm at MCS7 where the SXT-5acLite has 25dBm. An Omnitik has 26dBm at MCS7 but the Omnitik-ac has 27dBm. - Newer chipsets (like the 'ac' chipset) usually also have b...
by mkx
Thu May 10, 2018 5:46 pm
Forum: Announcements
Topic: Significant improvement for wireless Nv2 PtMP
Replies: 245
Views: 49799

Re: Significant improvement for wireless Nv2 PtMP

Even some LTE networks use TDD based TDMA. Which LTE networks? Please bear in mind that OFDMA as used in LTE is partly TDMA (probably OFDMA in 802.11ac as well, I don't know the details). Partly in a sense that block of orthogonal frequencies is assigned to single client device at a time and assign...
by mkx
Wed May 09, 2018 4:55 pm
Forum: General
Topic: Block uploading
Replies: 2
Views: 504

Re: Block uploading

You're trying to prevent that PC form any internet access or only HTTP access or something completely different? Anyhow, you would probably have to use chain= forward ... chain=output is for router-originating traffic, forward is for traffic that is passing router (e.g. LAN PCs communicating with in...
by mkx
Tue May 08, 2018 11:39 am
Forum: Beginner Basics
Topic: port forwarding issue
Replies: 3
Views: 420

Re: port forwarding issue

...and when i go to http://192.168.1.100 it's forwarded my to the server 10.0.0.8 instate of mikrotik webfig From where do you try to connect? From your LAN? If yes, then you need to implement "hairpin-nat" ... search around this forum, it's been described quite a few times. If you're trying to tes...
by mkx
Mon May 07, 2018 11:58 am
Forum: Wireless Networking
Topic: Only 3 x 60Ghz bands for 60G devices?
Replies: 17
Views: 2637

Re: Only 3 x 60Ghz bands for 60G devices?

4). Like my side note on 1). Carriers or high-end solution providers are not the ones making 60Ghz a success technology. It's the bottom end (wifi at home/office) or WISP's that will. In urban areas its a very high capacity solution at very little costs. I can easily beat fiber with this technology...
by mkx
Mon May 07, 2018 11:40 am
Forum: General
Topic: Block mikrotik cloud access from outside
Replies: 5
Views: 549

Re: Block mikrotik cloud access from outside

Sure it is possible. /ip firewall filter add action=drop chain=input comment="block htp access from WAN interface" \ dst-port=80 protocol=tcp in-interface=<your WAN interface> This rule will allow http access from all interfaces (including VPN) except from the interface you'll configure as WAN inter...
by mkx
Mon May 07, 2018 11:36 am
Forum: General
Topic: Static Default Route - I'm missing something [SOLVED]
Replies: 21
Views: 2584

Re: Static Default Route - I'm missing something [SOLVED]

Depends - is it a RAC cluster thats divided, or has Data Guard gone rogue..
... but I'm totally lost in that and it drives me mad....
Wow, so you are human after all :D
My bet is on highly advanced AI :lol:

Other than that ... hats off, sindy!
by mkx
Mon May 07, 2018 11:31 am
Forum: General
Topic: QCA8337 switch add vlan tag to bridge
Replies: 10
Views: 1174

Re: QCA8337 switch add vlan tag to bridge

If I may jump into this conversation (again): I highly recommend NOT to mix tagged and untagged (or implicitly tagged) traffic on (inside of) ethernet ports. When I was trying to get my set-up working, I suspect part of a problem was that I tried to use VLAN ID=1 on one of ports. When I changed that...
by mkx
Sun May 06, 2018 12:48 pm
Forum: General
Topic: MTU & Actual MTU [SOLVED]
Replies: 5
Views: 3388

Re: MTU & Actual MTU [SOLVED]

My 5 cents ... I might be wrong. MTU is property of an interface and is upwards limited by capacity of underlying layers. Nowadays it's mostly limited by configuration setting though. It is a property of particular transport layer (as defined by OSI), without stating explicitly one can only assume, ...
by mkx
Sun May 06, 2018 11:40 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 61
Views: 9403

Re: CCR1036 Power Supply

Capacitors are the two black cylindric elements with metal-exposed tops. The one farther from wires (right one on first attached photo) looks suspiciously bloated. If you can find somebody with soldering skills, have both of them replaced with new ones of same capacity.
by mkx
Sun May 06, 2018 11:35 am
Forum: General
Topic: QCA8337 switch add vlan tag to bridge
Replies: 10
Views: 1174

Re: QCA8337 switch add vlan tag to bridge

But before doing that, unless you are an adrenaline addict, remove one LAN port from the switch and assign a separate IP address in a separate subnet to it so that you had a management connection while you'll be rebuilding everything else. Then reconnect your management PC to that port and do the r...
by mkx
Fri May 04, 2018 9:40 pm
Forum: Beginner Basics
Topic: 2 way communication between 2 subnets 2 interfaces [SOLVED]
Replies: 13
Views: 3546

Re: 2 way communication between 2 subnets 2 interfaces [SOLVED]

Exact command to add a route highly depends on server's OS. I'm pretty sure you didn't mention it in this thread. On linux command looks like this: route add -net 192.168.20.0 netmask 255.255.255.0 gw 192.168.0.233 But then, on linux, this solution works until server restart. Permanent change is don...
by mkx
Fri May 04, 2018 4:50 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 42337

Re: v6.42.1 [current]

I understand the benefits of using DHCP in case of assigning "static" addresses. But there's a big gotcha: if customer changes router (different MAC address of its WAN port), this will break setup. This depends on the ISP configuration. It is also possible to assign the address to a "Circuit ID" in...
by mkx
Fri May 04, 2018 4:37 pm
Forum: Beginner Basics
Topic: Differences between "Port based" and "bridge based" VLAN
Replies: 22
Views: 3931

Re: Differences between "Port based" and "bridge based" VLAN

The FW rules are only partial. Example: ping from adminVLAN towards VLAN10: - passes router on the way "there" according to top-most filter (allowing to forward any packet, originating Admin subnet) - drops on the way "back". Doesn't pass top-most rule (src-address is from VlanFriends), doesn't pass...
by mkx
Fri May 04, 2018 3:23 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 42337

Re: v6.42.1 [current]

The advantage of using DHCP is that it configures the address, netmask, gateway (default route) and DNS resolvers (and maybe even NTP servers) automatically and without error. I understand the benefits of using DHCP in case of assigning "static" addresses. But there's a big gotcha: if customer chan...
by mkx
Fri May 04, 2018 3:06 pm
Forum: Beginner Basics
Topic: Configuring Mikrotik Router OS to access internet through my D-Link router [SOLVED]
Replies: 19
Views: 6983

Re: Configuring Mikrotik Router OS to access internet through my D-Link router [SOLVED]

I already forgot the details (it's been a while since I was using D-Link routers), but to follow @solar77 advice, you have to disable DHCP server on D-Link. I guess you should be able to find that setting somewhere in Setup->Network Settings. What is quite obvious from screenshots is that both D-Lin...
by mkx
Fri May 04, 2018 2:51 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 42337

Re: v6.42.1 [current]

RB2011UiAS-2HnD I get the Internet by DHCP After upgrade to 6.42.1 : On 6.42.0 work fine... if ISP (or router before this) dhcp lease is short (i guess it is 5minutes in Your case), with 6.42.1 version mikrotik asks for ip ~30seconds before lease (not ~2min). If there are many dhcp users, a lot bro...
by mkx
Fri May 04, 2018 8:04 am
Forum: Beginner Basics
Topic: 2 way communication between 2 subnets 2 interfaces [SOLVED]
Replies: 13
Views: 3546

Re: 2 way communication between 2 subnets 2 interfaces [SOLVED]

The reason why your solution to the problem works is because you have both L3 (IP) subnets sharing same L2 (ethernet) network. Shoukd this change it will stop working. Proper solution (apart from changing configuration on sonicwall) would be to add route on the said server (instead of adding IP addr...
by mkx
Thu May 03, 2018 5:11 pm
Forum: General
Topic: PSN NAT Type
Replies: 5
Views: 1077

Re: PSN NAT Type

I can't tell you why your setup is not working. But what it does struck me weird is your dstnat rules. You have two, one for UDP and one for TCP, and the only action is adding DST address to a list ... and when talking about dstnat, DST address (before DST NAT does anything) is router's WAN address....
by mkx
Thu May 03, 2018 4:06 pm
Forum: General
Topic: PWR-Line AP
Replies: 38
Views: 6635

Re: PWR-Line AP

I can only guess, but my guess is that it will be using power-line communication standard for one of it's interfaces. If done correctly, it will be compatible to other similar products to mix in same network.
by mkx
Thu May 03, 2018 3:13 pm
Forum: Beginner Basics
Topic: Multiple DHCP Server within one subnet
Replies: 11
Views: 1284

Re: Multiple DHCP Server within one subnet

If you're dividing your LAN to 4 subnets, you also need to assign RB3011 4 different LAN addresses (e.g. 192.168.88.1, 192.168.89.1, 192.168.90.1 and 192.168.91.1) to corresponding bridges. And use 24-bit subnet mask (e.g. 192.168.89.1/24, ...). You can use same IP addresses for any other services y...
by mkx
Thu May 03, 2018 11:46 am
Forum: Announcements
Topic: Newsletter #82 (May 2018)
Replies: 38
Views: 10754

Re: Newsletter #82 (May 2018)

Common guys! Is it so hard to take a look at calendar (online or paper one)? The phrase is ambiguous, but it still means something that is bound to happen either in week 19 or week 20 this year. Definitely not in week 18!
by mkx
Tue May 01, 2018 10:31 pm
Forum: Beginner Basics
Topic: Differences between "Port based" and "bridge based" VLAN
Replies: 22
Views: 3931

Re: Differences between "Port based" and "bridge based" VLAN

With filter rule you're rejecting all traffic between private subnets except for traffic incomming through ether1. That might seem fine, but you're dropping related traffic - replies in the opposite direction.
by mkx
Sun Apr 29, 2018 11:43 pm
Forum: General
Topic: CRS112-8G-4S-IN as fiber coupler & media converter
Replies: 5
Views: 397

Re: CRS112-8G-4S-IN as fiber coupler & media converter

The problem with bridges in current post-6.40 versions of ROS is that only one can have hardware offloading enabled, or so they say ... So better use single bridge to enjoy full speed and explicitly create a couple of VLANs. Explicit configuration is better than implicit, when reviewing settings aft...
by mkx
Sun Apr 29, 2018 9:38 pm
Forum: Beginner Basics
Topic: Not able to use devices in other IP-range [SOLVED]
Replies: 2
Views: 305

Re: Not able to use devices in other IP-range [SOLVED]

You need to add some configuration in 192.168.192.0 network. If you can do, then add static route on ISP modem/router ... network 192.168.88.0/24 gateway 192.168.192.39. If you can't do that, then there are a few possibilities: - manually add route (described above) to all devices in 192.168.192.x t...
by mkx
Sun Apr 29, 2018 9:22 pm
Forum: Beginner Basics
Topic: Differences between "Port based" and "bridge based" VLAN
Replies: 22
Views: 3931

Re: Differences between "Port based" and "bridge based" VLAN

@anav: Spartacus has got drop rules in forward chain which do prevent L3 connectivity between his subnets. As far as I understood it's only router's addresses that are reachable from "wrong" VLANs/subnets.
by mkx
Sun Apr 29, 2018 2:31 pm
Forum: Beginner Basics
Topic: Differences between "Port based" and "bridge based" VLAN
Replies: 22
Views: 3931

Re: Differences between "Port based" and "bridge based" VLAN

So the only thing not working according to your expectations is that access to your router's address works even from the "wrong" VLAN? This does screw up mental process of setting up FW rules for protecting router from LAN segments. It wouldn't get me surprised if it would turn out that packet proce...
by mkx
Sun Apr 29, 2018 12:08 pm
Forum: General
Topic: Dual WAN Dual LAN Setup
Replies: 50
Views: 9141

Re: Dual WAN Dual LAN Setup

Although maybe not, but for another reason. Port 25 is for mail servers (server to server communication), clients are supposed to use port 587. What makes the difference between SMTP client and SMTP server? Is it software (e.g. Thunderbird VS postfix)? Or is it some kind of administrative demarcati...
by mkx
Sun Apr 29, 2018 11:06 am
Forum: Beginner Basics
Topic: Differences between "Port based" and "bridge based" VLAN
Replies: 22
Views: 3931

Re: Differences between "Port based" and "bridge based" VLAN

Just don't use Quickset ... your setup is well beyond intended use of quickset and it doesn't show correct values.
by mkx
Sat Apr 28, 2018 11:51 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature Request] Auto-detection of APN's with LTE
Replies: 3
Views: 738

Re: [Feature Request] Auto-detection of APN's with LTE

Big name vendors do wicked things as well. I have 2.4GHz AP set to channel 13 (don't ask). I've got a brand new LG G6 and it wouldn't pick up the WiFi ... wouldn't detect SSID (showed a few others from my neighbours). After I put in SIM card, it picked SSID just fine. Obviously it had to locate itse...
by mkx
Sat Apr 28, 2018 11:42 pm
Forum: General
Topic: CRS112-8G-4S-IN as fiber coupler & media converter
Replies: 5
Views: 397

Re: CRS112-8G-4S-IN as fiber coupler & media converter

I'd configure VLANs. They would be kind of imaginary as they would be only used internally inside single RB. They would only have access ports, no trunk ports. Use two VLANs, one per SFP/ether port group ... If number of fibres between the buildings is a problem, trunk ports could be used for those ...
by mkx
Sat Apr 28, 2018 11:25 pm
Forum: Beginner Basics
Topic: PPTP Routing
Replies: 3
Views: 317

Re: PPTP Routing

The way you set-up route is: to reach network 10.0.0.0/24, go through gateway 192.168.92.254. You need to set-up route towards network, not from network.
by mkx
Sat Apr 28, 2018 10:53 pm
Forum: Beginner Basics
Topic: Firewall Rules: Block ICMP from WAN (PPPOE connection) [SOLVED]
Replies: 22
Views: 2296

Re: Firewall Rules: Block ICMP from WAN (PPPOE connection) [SOLVED]

Ether1 in your case is merely physical interface carrying packets encapsulated into PPPoE. Your wan interface is pppoe-out1 and you should use that interface in FW rules that protect your router from evil internet. As to firewall: you're blocking echo-reply ... meaning that if you use ping tool on y...
by mkx
Sat Apr 28, 2018 10:38 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature Request] Auto-detection of APN's with LTE
Replies: 3
Views: 738

Re: [Feature Request] Auto-detection of APN's with LTE

Phones are not "auto-detecting" APNs ... there's no way of doing it, APNs are not broadcast or anything. Phones are loaded with some default settings for every mobile network in the universe (and close proximity) and when they see which network they are connecting to, they offer user some (almost wo...
by mkx
Sat Apr 28, 2018 7:23 pm
Forum: Beginner Basics
Topic: Can't access ipcam from my modem router behind mikrotik
Replies: 11
Views: 989

Re: Can't access ipcam from my modem router behind mikrotik

For starters omit router's internal IP address from dst-nat rule. It's almost impossible to have packet targeted for 192.168.0.1 enter router through WAN interface. Secondly check your address scheme. Unless you have 23-bit net addresses in use then 192.168. 0 .1 is not in same subnet as 192.168. 1 ...
by mkx
Fri Apr 27, 2018 6:16 pm
Forum: General
Topic: How to Configure Miktotik ROS conneted to a cisco 890 router to only act as a hotspot
Replies: 6
Views: 548

Re: How to Configure Miktotik ROS conneted to a cisco 890 router to only act as a hotspot

You can connect cisco-bound ethernet cable to ether2 and disable dhcp server on MT box. Default config has bridging between ether ports (except for ether1) and wlan which works just fine even for DHCP requests of wlan clients. And tape-off ether1 port so you know it's not useable :wink: Beware of th...
by mkx
Fri Apr 27, 2018 4:44 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Linux hosts in VPN
Replies: 3
Views: 564

Re: Linux hosts in VPN

I'd check routing configuration on linux hosts. Could be that to access some subnets, your MT is not used as gateway?
by mkx
Fri Apr 27, 2018 4:34 pm
Forum: Beginner Basics
Topic: Allow trafic betwen different subnets.
Replies: 26
Views: 1564

Re: Allow trafic betwen different subnets.

Is ether6 trunk (all tagged) or hybrid (some untagged together with tagged) port? If it's trunk then it woukd perhaps work better if that port wasn't member of bridge. If it's hybrid, I'd make it trunk by creating another VLAN, used for passing otherwise untagged traffic over trunk connections. N.b....
by mkx
Fri Apr 27, 2018 2:18 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 42337

Re: v6.42.1 [current]

Default route distance should be 1 or more. It used to be 0 and upgrade magic doesn't fix it.
by mkx
Wed Apr 25, 2018 9:56 pm
Forum: Beginner Basics
Topic: Allow only one specified port to a LAN host
Replies: 8
Views: 578

Re: Allow only one specified port to a LAN host

Can this be simplified by only using two rules??
If so, is it fair to say, that frog is bloated LOL.
Theoretically IP can carry protocols other than TCP and UDP ... so if one really wants to pass only TCP or UDP, then she can't omit protocolin FW rule.
by mkx
Wed Apr 25, 2018 6:11 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 42337

Re: v6.42.1 [current]

@bennyh: I assume that you have RB's IP address set on bridge. Do you have admin-mac statically set and auto-mac=no? If not, bridge will assume mac address from one of member interfaces and if that member interface (momentarily) drops from bridge (I can imagine that happening when you change propert...
by mkx
Tue Apr 24, 2018 11:46 pm
Forum: Announcements
Topic: Significant improvement for 60 GHz solutions
Replies: 44
Views: 14512

Re: Significant improvement for 60 GHz solutions

Improvements in SW many times improve overall functionality. Therefore one can not say what's HW specification... better to refer to it as "system" specification. In my company (I work for mobile division of incumbent telco) we have an internal joke about vendors: "yet again they managed to speed-up...
by mkx
Tue Apr 24, 2018 5:29 pm
Forum: Beginner Basics
Topic: upgrading RouterOS
Replies: 8
Views: 876

Re: upgrading RouterOS

When it comes to tricky restorations it is handy to have text file with all configuration. It is created by executing
/export file=<filename.txt>
And don't forget to fetch it to management machine.
by mkx
Mon Apr 23, 2018 11:05 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 152807

Re: Advisory: Vulnerability exploiting the Winbox port

Mikrotik SHOULD PUBLISH a how to scrub the unit clean so it gets rid of whatever that virus planted or send you a new unit.
netinstall without previous configuration ....
by mkx
Mon Apr 23, 2018 6:18 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 152807

Re: Advisory: Vulnerability exploiting the Winbox port

Only closing winbox port is enough? what about api and api-ssl ports? Disable any service you really really don't need. If you don't know what's it about, then you don't need it. Whatever remains (either winbox, https or ssh), protect with firewall as much as possible. Leave it open from only a few...