Community discussions

Search found 2943 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 10
by mkx
Thu Oct 10, 2019 2:21 pm
Forum: Wireless Networking
Topic: Audience vs Eero?
Replies: 24
Views: 3418

Re: Audience vs Eero?

Distros in the US are sending out "we have Audience in stock".

But still not seeing anyone saying... "Yes I have used it... And..."

Everybody is waiting for you to share the experience :wink:
by mkx
Thu Oct 10, 2019 9:08 am
Forum: General
Topic: DHCP server question
Replies: 1
Views: 229

Re: DHCP server question

Figure out which device is "THA-101" and why it's reporting two distinct MAC addresses (using up two IP addresses). Then you might discover the reason it doesn't respond to pings ...
by mkx
Thu Oct 10, 2019 9:00 am
Forum: General
Topic: Collisions and deferred on gigabit port? how?
Replies: 3
Views: 332

Re: Collisions and deferred on gigabit port? how?

How do you get collisions on a gigabit port since it only operates in full duplex? My RBD52G (giga ethernet ports) shows this: /interface ethernet> monitor ether1 name: ether1 status: link-ok auto-negotiation: done rate: 1Gbps full-duplex: yes tx-flow-control: no rx-flow-control: no advertising: 10...
by mkx
Thu Oct 10, 2019 8:51 am
Forum: Beginner Basics
Topic: Very high latency on CHS with P10 trial.
Replies: 4
Views: 581

Re: Very high latency on CHS with P10 trial.

I think I have a bad AP, doing more testing I was able to replicate the issue with the hardware firewall with my device connected to a different AP. You never mentioned using wireless in your previous posts (although you did indicate the packet flow but obviously it was missing some hops). 1st rule...
by mkx
Thu Oct 10, 2019 8:43 am
Forum: Beginner Basics
Topic: hap2 ac firewall rules for Fronius Solar Inverter
Replies: 4
Views: 494

Re: hap2 ac firewall rules for Fronius Solar Inverter

You can select another port on WAN interface and forward it to port 80 on Fronius: /ip firewall nat add action=dst-nat chain=dstnat in-interface-list=WAN dst-port=8080 protocol=tcp \ to-addresses=<IP-OF-SOLAR-DEVICE> to-port=80 in the above example it's port 8080 which is available on WAN side. Then...
by mkx
Wed Oct 09, 2019 10:51 pm
Forum: Beginner Basics
Topic: DDNS does not let me access my Router [SOLVED]
Replies: 15
Views: 2123

Re: DDNS does not let me access my Router [SOLVED]

If PPPoE connection is terminated on RB, then correct WAN interface is pppoe-out1 (or whatever its name). And you don't have to specify both dst-address and in-interface in this case as most likely there's only one IP address bound to WAN interface. BTW, default settings use interface lists. To foll...
by mkx
Wed Oct 09, 2019 7:00 pm
Forum: Beginner Basics
Topic: VLAN with Router - Basic Setup [SOLVED]
Replies: 11
Views: 1331

Re: VLAN with Router - Basic Setup [SOLVED]

The VLAN setup is pretty flawed. I suggest you to go through this tutorial . Then come back with questions. BTW, VID=1 is used as default in many places. So try to avoid using VLAN with this VID to avoid some surprises. And try to avoid using "hybrid" ports (a port with a few tagged and one untagged...
by mkx
Wed Oct 09, 2019 4:23 pm
Forum: General
Topic: IIS cannot see the external IP when NAT
Replies: 11
Views: 1102

Re: IIS cannot see the external IP when NAT

If I remove it, I cannot access the camera or the website on the LAN add action=masquerade chain=srcnat out-interface=bridge1 Current code. add action=masquerade chain=srcnat out-interface=pppoe-out1 add action=dst-nat chain=dstnat dst-address=\ 115.77.218.118 dst-port=8080 protocol=tcp to-addresse...
by mkx
Wed Oct 09, 2019 3:22 pm
Forum: General
Topic: IIS cannot see the external IP when NAT
Replies: 11
Views: 1102

Re: IIS cannot see the external IP when NAT

The first part of my previous post (getting rid of one particular NAT rule) should fix the IIS log entries. The second part of my previous post (question about wanted functionality) still holds ... unless you introduced the quoted NAT rules in attempt to fix IIS log entries ... in this case, get rid...
by mkx
Wed Oct 09, 2019 3:19 pm
Forum: Beginner Basics
Topic: DDNS does not let me access my Router [SOLVED]
Replies: 15
Views: 2123

Re: DDNS does not let me access my Router [SOLVED]

Perhaps you could start off by reading firewall manual?
by mkx
Wed Oct 09, 2019 2:03 pm
Forum: Beginner Basics
Topic: DDNS does not let me access my Router [SOLVED]
Replies: 15
Views: 2123

Re: DDNS does not let me access my Router [SOLVED]

what to do now? Adjust /ip firewall filter rules to allow access to services you want to expose. However, it's a baaad idea to allow access to any of router's services from random internet IP address (let alone allowing it from any address). So it would be wise that you reconsider decision to allow...
by mkx
Wed Oct 09, 2019 9:13 am
Forum: RouterBOARD hardware
Topic: DISC Lite5 ac PtP NV2 Hickups and generally disapointing performance
Replies: 15
Views: 3788

Re: DISC Lite5 ac PtP NV2 Hickups and generally disapointing performance

Antenna gain on a Disc should be set to 21, you are running far too much power for a short link. Sorry for being a noob, is the antenna gain subtractive to the TX power? What I mean to ask is the antenna gain in dBm units? dB != dBm. The big picture about Tx power is this: in most (if not all) coun...
by mkx
Wed Oct 09, 2019 8:40 am
Forum: General
Topic: IIS cannot see the external IP when NAT
Replies: 11
Views: 1102

Re: IIS cannot see the external IP when NAT

Settings you shown are not conclusive, but I think you should get rid of this config line: add action=masquerade chain=srcnat out-interface=bridge1 It causes to masquerade src-address on every packet leaving router via any of interfaces that are members of bridge1 (and I assume that's your LAN). I g...
by mkx
Wed Oct 09, 2019 8:28 am
Forum: General
Topic: Winbox 64bit Version
Replies: 80
Views: 11217

Re: Winbox 64bit Version

So everyone came here for x64 support on mac. Just because Mac users are more vocal it doesn't mean that there aren't non-Mac (and non-Win) users who would appreciate 64-bit windows app for runnig in their wine (or other wine-like) environment. Unless Mikrotik somehow decide to support a few OS pla...
by mkx
Tue Oct 08, 2019 3:51 pm
Forum: General
Topic: intervlan routing
Replies: 13
Views: 1129

Re: intervlan routing

inter-VLAN routing is no different than any other routing. Prerequisite is that router has a few vlan interfaces, one for each VLAN which it needs to route. And appropriate IP address set on both interfaces. By default, ROS will route between any interfaces with IP address attached unless firewall f...
by mkx
Tue Oct 08, 2019 8:50 am
Forum: RouterBOARD hardware
Topic: DISC Lite5 ac PtP NV2 Hickups and generally disapointing performance
Replies: 15
Views: 3788

Re: DISC Lite5 ac PtP NV2 Hickups and generally disapointing performance

This is using BTest on the device itself. I suspect BTest is terrible at testing tcp, ... Bandwidth test is terrible when run on devices with less than fastest CPUs. If you do CPU profile while running bandwidth test, you'll most probably note 100% CPU load which means that CPU is (artificial) bott...
by mkx
Tue Oct 08, 2019 8:39 am
Forum: General
Topic: How to enable 2 Static public IP block´s /30 feed on 1 fiber SFP , split into 2 different mikrotiks.
Replies: 4
Views: 459

Re: How to enable 2 Static public IP block´s /30 feed on 1 fiber SFP , split into 2 different mikrotiks.

Let's call CCR1009 (the ISP facing) R1. And let's call CCR1036 (the remote one) R2. The simplest case: if R1 and R2 are (more or less) completely independent from L3 (IP) point of view, then you could bridge two SFP interfaces on R1 (one currently used for WAN and one currently used to connect to R2...
by mkx
Tue Oct 08, 2019 8:08 am
Forum: Beginner Basics
Topic: hap2 ac firewall rules for Fronius Solar Inverter
Replies: 4
Views: 494

Re: hap2 ac firewall rules for Fronius Solar Inverter

If i understood correctly.... Nope, UDP port 49049 is used by Inverter to connect to the cloud and should work just fine with default RouterOS config. What needs to be done is to forward port 80 from internet to Inverter. Like this: /ip firewall nat add action=dst-nat chain=dstnat in-interface-list...
by mkx
Mon Oct 07, 2019 11:14 pm
Forum: General
Topic: Daisy Chain on Wire Speed [SOLVED]
Replies: 12
Views: 3318

Re: Daisy Chain on Wire Speed [SOLVED]

what i meant was, that if I give an IP to the bridge i will be able to login to the routers which are working as a switch, but i guess this will make it routing, not switching. Nope, it's not like that. On devices with switch chip (that can do wirespeed switching between ether ports) router's CPU i...
by mkx
Mon Oct 07, 2019 3:50 pm
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 22
Views: 3454

Re: New High Performance Routers ! ?

Those tests are described here below the produt, in the Test tab: https://mikrotik.com/product/CCR1072-1G-8Splus#fndtn-testresults I think that the point of the whole thread is not about the tests, it's about potential new high-end routers. And I think we'd all love to get some clarifications from ...
by mkx
Mon Oct 07, 2019 3:33 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 33
Views: 3284

Re: Several isolated networks

Usually I only log alarming events and not the rest ... to avoid exactly the case you've run into: log overflow. And generally firewall drops are not the kind of data I want in my logs unless I smell something fishy and want to dig into it. So unless you want to determine why some device constantly ...
by mkx
Sat Oct 05, 2019 9:20 pm
Forum: General
Topic: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]
Replies: 10
Views: 3173

Re: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]

... if I remove all L3 access from the switch, how would you suggest accessing it for management? Not all of it, you should keep vlan20 and related L3 setup ... And make sure you firewall VLAN20 from the rest of LANs (and WAN) on your main router. The trouble with (over-configured) L3 devices is th...
by mkx
Sat Oct 05, 2019 7:51 pm
Forum: General
Topic: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]
Replies: 10
Views: 3173

Re: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]

BTW3: when things start to behave, make sure you configure also VLAN security parameters on /interface bridge port ... in particular frame-types and ingress-filtering properties of individual ports.
by mkx
Sat Oct 05, 2019 7:41 pm
Forum: General
Topic: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]
Replies: 10
Views: 3173

Re: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]

First of all, try to restart (cold boot by first powering down) both devices to make sure that running config is actually what's configured. BTW, if you're trying to ping CRS' address, you can't because br-trunk has to be tagged member of itself. Same goes with RB ... If things still don't behave af...
by mkx
Sat Oct 05, 2019 4:43 pm
Forum: Beginner Basics
Topic: Connecting Two Mikrotik routers / Two Subnets
Replies: 11
Views: 2752

Re: Connecting Two Mikrotik routers / Two Subnets

There's potential chance for having problems if you want connectivity between devices in different LAN subnets and you want to have firewall between them. If you want to have it, then the setup will have to be slightly more complicated. If you won't allow any connectivity between devices in both sub...
by mkx
Sat Oct 05, 2019 4:30 pm
Forum: General
Topic: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]
Replies: 10
Views: 3173

Re: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]

Yup, leave pvid set to 1 or whichever vid you're not going to use. How things work: if a port has pvid set, it will add VLAN tag to any untagged packets on ingress. And natural configuration would be to have same port set as untagged member of same VLAN ... so that VLAN tags get stripped on egress. ...
by mkx
Sat Oct 05, 2019 4:16 pm
Forum: General
Topic: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]
Replies: 10
Views: 3173

Re: VLAN between CRS328 and RB1100AHx4 not working [SOLVED]

1st rule: don't use pvid on bridge, rather explicitly configure vlan interface with appropriate vid (as you have it later in the config) 2nd rule: don't ever use pvid on trunk interfaces, run them all tagged (right now you have configuration mismatch... ether1 n CRS and ether2 on RB have pvid=10 set...
by mkx
Sat Oct 05, 2019 4:02 pm
Forum: General
Topic: Multicast VLAN Registration (MVR) support
Replies: 6
Views: 1720

Re: Multicast VLAN Registration (MVR) support

If I were you, I'd consider segmenting home LAN.
by mkx
Fri Oct 04, 2019 11:33 pm
Forum: General
Topic: Daisy Chain on Wire Speed [SOLVED]
Replies: 12
Views: 3318

Re: Daisy Chain on Wire Speed [SOLVED]

Almost all routerboards can work wirespeed with ports in bridge ... if there's a switch chip in the routerboard, all used ports are connected to same switch chip (you can check the block diagram for your routerboards) and no fancy functionality is used. If you are not going to use VLANs then it shou...
by mkx
Fri Oct 04, 2019 9:53 pm
Forum: General
Topic: Multicast VLAN Registration (MVR) support
Replies: 6
Views: 1720

Re: Multicast VLAN Registration (MVR) support

That's a great option, I agree. I even did that, however, the problem is, I need to route the traffic do to not let my internal network be shared with my ISP's network. If I simply create a bridge and put my LAN and my TV VLAN on it, I'll be sharing my traffic on L2 level with them. Not really. You...
by mkx
Fri Oct 04, 2019 11:56 am
Forum: General
Topic: Multicast VLAN Registration (MVR) support
Replies: 6
Views: 1720

Re: Multicast VLAN Registration (MVR) support

My strategy is to pass the IPTV VLAN switched to my LAN (select interfaces) so that Mikrotik is not interfering with multicasts. I even don't bother with IGMP (I let multicasts flood those we select ports), you may want to play with it ... but as a feature of switches (not routers).
by mkx
Fri Oct 04, 2019 11:38 am
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 33
Views: 3284

Re: Several isolated networks

Like this? Yup, something like this. By the way, under /interface list member. Should I remove this? add interface=eth10_cloud_key list=LAN Since I have: add interface=gastrofix_cloudkey_bridge list=LAN Indeed. BTW, it is advisable to use action=src-nat if your WAN address is static (as it seems to...
by mkx
Fri Oct 04, 2019 8:52 am
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 33
Views: 3284

Re: Several isolated networks

The bridge gastrofix_cloudkey_bridge definition is fine. But you'll have to go through config and replace interface eth4_gastrofix with interface gastrofix_cloudkey_bridge almost where ever you see it. A few places where it should be done: /ip dhcp-server /interface list member (it should be enough ...
by mkx
Thu Oct 03, 2019 10:06 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 33
Views: 3284

Re: Several isolated networks

AFAIK there's no correlation between settings in /ip dns and in /ip dhcp-server . The former are used by ROS built-in DNS client (which might be configured to relay DNS queries) while the later are used by DHCP clients (LAN hosts receiving settings from ROS' DHCP server). Which means that using conf...
by mkx
Thu Oct 03, 2019 4:06 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 33
Views: 3284

Re: Several isolated networks

DNS servers to be used for particular (DHCP / IP) subnet are defined as /ip dhcp-server network add address=192.168.7.0/24 gateway=192.168.7.1 netmask=24 dns-server=X.Y.Z.W,Y.Z.W.X domain=domain.tld so you can specify multiple comma-separated DNS server addresses. And optionally you can specify (sin...
by mkx
Thu Oct 03, 2019 3:57 pm
Forum: Beginner Basics
Topic: Routing on a stick for 250 VLANs with DHCP.
Replies: 4
Views: 576

Re: Routing on a stick for 250 VLANs with DHCP.

... I think to use CCR1036-8G-2S+. What do you think about it?

Personally I don't have any experience with this particular model. Hopefully some other user will chime in.
by mkx
Thu Oct 03, 2019 3:28 pm
Forum: General
Topic: How to NAT external Wake-On-Lan packet into specific VLAN
Replies: 2
Views: 426

Re: How to NAT external Wake-On-Lan packet into specific VLAN

WOL packet from internet is a plain UDP packet. Since you're specifying IP address on your dst-nat rule, it's then up to routing engine to select correct L3 interface (probably some vlan interface) which should pipe the packet to correct VLAN. Packet testing method is entirely different: it uses spe...
by mkx
Thu Oct 03, 2019 3:10 pm
Forum: General
Topic: SNTP not working
Replies: 19
Views: 3485

Re: SNTP not working

Strictly speaking, if some port on router's WAN interface is not already used for existing connection to the same remote address, then NAT process does not have to change src-port (connection tracking engine only needs to track the tuple protocol/src-address/src-port/NAT-address/NAT-port/dst-address...
by mkx
Thu Oct 03, 2019 2:58 pm
Forum: General
Topic: Traceroute problem
Replies: 6
Views: 877

Re: Traceroute problem

If I understand you right, the only problem is that you can't ping 8.8.8.8 from your mikrotik router (but from fortigate you can)? If that is so, then my guess is that ISP doesn't do NAT (or even blocks private IP addresses). And running /ping src-address=41.X.X.221 address=8.8.8.8 should work ...
by mkx
Thu Oct 03, 2019 2:45 pm
Forum: Beginner Basics
Topic: Several isolated networks
Replies: 33
Views: 3284

Re: Several isolated networks

Sorry for restarting this thread, but I am curious about how to set up DHCP on eth4. Range 192.168.7.42 to 192.168.7.80. Any help with this? create address-pool with wanted IP address range in /ip pool add appropriate network settings (which actualy define gateway address, DNS server address, etc.)...
by mkx
Thu Oct 03, 2019 2:25 pm
Forum: Beginner Basics
Topic: Can't manage my switch
Replies: 8
Views: 763

Re: Can't manage my switch

My 5 cents: don't use DHCP to configure addresses of any important gear (which includes LAN equipment) ... unless there's a really (and I mean REALLY) good reason for that. Not even static DHCP leases. It can happen only too easily that DHCP server is not available at time when that gadget restarts ...
by mkx
Thu Oct 03, 2019 2:15 pm
Forum: Beginner Basics
Topic: Routing on a stick for 250 VLANs with DHCP.
Replies: 4
Views: 576

Re: Routing on a stick for 250 VLANs with DHCP.

My guess is that you should be going for some higher-end solutions: RB1100AHx4 or CCR series (a CCR1016 would probably do), depending on which kind of interface you need to connect router to the rest of network (1Gbps copper or 1Gbps SFP or 10Gbps SFP+). Performance-wise a RB4011iGS+RM would do as g...
by mkx
Fri Sep 27, 2019 3:00 pm
Forum: Wireless Networking
Topic: CAP ac = 50 mbit max
Replies: 3
Views: 442

Re: CAP ac = 50 mbit max

Do you have /caps-man datapath local-forwarding set to yes or to no? If it's set to no, then the bottleneck can be CAPs manager device as well. Generally it's advisable to set things for local-forwarding=yes ...
by mkx
Fri Sep 27, 2019 2:52 pm
Forum: Beginner Basics
Topic: Does CRS326-24G come with license on purchase? [SOLVED]
Replies: 3
Views: 413

Re: Does CRS326-24G come with license on purchase? [SOLVED]

Product spec page states, that the device comes bundled with "license level 5". You can read about different license levels here . BTW, all Routerboard devices come with licenses included, only level varies. It is necessary to purchase license for using ROS x86 (running on generic PC hardware) or R...
by mkx
Fri Sep 27, 2019 8:50 am
Forum: General
Topic: VLANs for wifi and guest on router as AP
Replies: 2
Views: 318

Re: VLANs for wifi and guest on router as AP

Configuration I did - Please post complete configuration (output of /export hide-sensitive , you can omit the wireless security profiles). The part you posted indicates incorrect settings regarding bridge (the whole subtree), but it's hard to show what exactly is wrong with it without seeing the wh...
by mkx
Fri Sep 27, 2019 8:46 am
Forum: General
Topic: speed up local subnet-server subnet
Replies: 2
Views: 341

Re: speed up local subnet-server subnet

The two firewall filters should help. Although if your firewall filter rules are following the default filter rules set, then there's already a rule add action=fasttrack-connection chain=forward connection-state=established,related which should do the trick a few packets later than the pair of rules...
by mkx
Fri Sep 27, 2019 8:35 am
Forum: General
Topic: Block application for remote control
Replies: 2
Views: 283

Re: Block application for remote control

How about googling? Some of these apps have been already discussed on this forum.
by mkx
Fri Sep 27, 2019 8:27 am
Forum: Beginner Basics
Topic: How to hide a bridge?
Replies: 12
Views: 920

Re: How to hide a bridge?

... although what is /interface bridge filter add action=drop chain=input dst-port=68 in-interface=ether1 ip-protocol=udp mac-protocol=ip for? This one blocks DHCP offers and DHCP acknowledgements traveling from ether1 towards anywhere else. See description of DHCP operations . Which means that any...
by mkx
Thu Sep 26, 2019 7:34 pm
Forum: General
Topic: USB Modem
Replies: 2
Views: 274

Re: USB Modem

Beware that queues work well on the sending side of the bottle neck (i.e. your ADSL link), but can help only slightly on the receiving side (and only for TCP, doesn't help for UDP & co). So if the problem in your case is downlink, queues on your router might help but can't cure the problem.
by mkx
Thu Sep 26, 2019 7:29 pm
Forum: General
Topic: High-end switches like 48 x 10G and 24 x 40G
Replies: 3
Views: 345

Re: High-end switches like 48 x 10G and 24 x 40G

None of them has 48 sfp+ ports or 24 qsfp
Meaning that Mikrotik doesn't offer what you're looking for.
by mkx
Thu Sep 26, 2019 7:24 pm
Forum: General
Topic: Queue for World Of Warcraft.
Replies: 1
Views: 227

Re: Queue for World Of Warcraft.

Just in case you missed it: if you want mangling to happen, you have to disable fattrack-ing (by disabling the right rule in firewall filter list). Other than that, you can export complete configuration by executing /export hide-sensitive in a terminal window. Before posting output you probably want...
by mkx
Thu Sep 26, 2019 7:18 pm
Forum: Beginner Basics
Topic: Help to identify the correct products to buy (home net)
Replies: 4
Views: 387

Re: Help to identify the correct products to buy (home net)

If you expect that WiFi will be handy at that location, you can go for RBD52G-5HacD2HnD-TC which is a very decent router as well, plus it features both 2.4Ghz and 5GHz wireless. Why not the hAP AC2? Cost a (very) little more - but has more CPU, a better switch chip, more routing power and You can a...
by mkx
Thu Sep 26, 2019 5:08 pm
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1130

Re: Remote update hAP lite

latest .npk file can be succesfully uploaded manually to devices but maybe no space is left to complete update operation (after reboot they came back with the same version).
You should check the log about the reason for router not performing the upgrade.
by mkx
Thu Sep 26, 2019 5:01 pm
Forum: Beginner Basics
Topic: Help to identify the correct products to buy (home net)
Replies: 4
Views: 387

Re: Help to identify the correct products to buy (home net)

My 2 cents: consider using fibre connection between building A and building B. It's not only because 70m is quite a long stretch for anything higher than 1Gbps. Using fibre makes your investment future proof ... and resilient to any over-voltage effects that are about to happen (it's not question ab...
by mkx
Wed Sep 25, 2019 9:13 am
Forum: RouterBOARD hardware
Topic: LtAP mini vs LtAP for regular car?
Replies: 4
Views: 600

Re: LtAP mini vs LtAP for regular car?

... but if a car battery isn't producing 12V consistantly, it a problem with the car (or battery needs to be replaced)... so there that too... The problem with typical lead-acid batteries is that they perform worse at low temperatures ... even if they are in excellent conditions. And during those f...
by mkx
Wed Sep 25, 2019 8:40 am
Forum: General
Topic: NAT Rule Creation CRS309
Replies: 4
Views: 611

Re: NAT Rule Creation CRS309

Post your current config as shown by /export hide-sensitive (and redact any remaining sensitive information such as public IP address).
by mkx
Tue Sep 24, 2019 6:54 pm
Forum: General
Topic: Log Info problem
Replies: 1
Views: 218

Re: Log Info problem

You're using MAC winbox connection from your PC to router: https://wiki.mikrotik.com/wiki/Manual:IP/Services

I guess you should block it :-P
by mkx
Tue Sep 24, 2019 6:50 pm
Forum: General
Topic: http request to device in a static route takes a long time [SOLVED]
Replies: 4
Views: 421

Re: http request to device in a static route takes a long time [SOLVED]

Thinking of it: you have routing triangle and connection tracking firewall on router1 doesn't like it. Let's say you're running wget from PC with IP address 192.168.191.100. Here's what happens: client starts new connection towards 192.168.88.1. It notices it's not a directly accessible remote addre...
by mkx
Tue Sep 24, 2019 6:11 pm
Forum: General
Topic: can we do bonding in rb750r2 ?
Replies: 3
Views: 362

Re: can we do bonding in rb750r2 ?

I don't think that RB750r2 can route much more than 100Mbps with fasttrack disabled (implied by your use of mangle rules). And that's what you observed - 100% CPU when transferring at full speed. Bonding removes speed of single physical link as a bottleneck, it can't do anything about CPU load while...
by mkx
Tue Sep 24, 2019 6:02 pm
Forum: General
Topic: Using MESH for non-wifi Ring Network
Replies: 5
Views: 464

Re: Using MESH for non-wifi Ring Network

For this purpose there are well standardized and established protocols ... a bunch of Spanning Tree Protocols. You can get an idea about how they work from Wikipedia.
by mkx
Tue Sep 24, 2019 2:50 pm
Forum: Beginner Basics
Topic: Wired Extender Setup
Replies: 7
Views: 522

Re: Wired Extender Setup

... you can add as many caps as you want as long as they can communicate with the capsman.. ... and caps have to be able to communicate with capsman prior to configuring their wireless interface(s) ... which means that most of times caps devices will communicate with capsman over wired connections ...
by mkx
Tue Sep 24, 2019 2:45 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 33415

Re: v6.44.5 [long-term] is released!

The log says it all: package security needs package DHCP. Period.
by mkx
Tue Sep 24, 2019 2:34 pm
Forum: General
Topic: Router under Ddos atac on port 53 and 389.
Replies: 8
Views: 788

Re: Router under Ddos atac on port 53 and 389.

Source MAC address is likely peer router (the other side of WAN interface). The sad fact is that it's almost impossible to deal with DDoS attack other than (temporarily) drop all connections contributing to DDoS. In your case it's hard to do it as those packets seemingly originate from DNS servers a...
by mkx
Tue Sep 24, 2019 2:06 pm
Forum: General
Topic: http request to device in a static route takes a long time [SOLVED]
Replies: 4
Views: 421

Re: http request to device in a static route takes a long time [SOLVED]

There two things I'd think about: IP address (and setup) for LAN on router 1 is set on ether2 ... it should be on bridge I don't think router2 should be doing src-nat? In addition to that, there's nothing on router2 that would allow to connect to webfig via WAN interface (which is, if I understand i...
by mkx
Tue Sep 24, 2019 9:13 am
Forum: Beginner Basics
Topic: Silly Question About DHCP Server Mikrotik
Replies: 4
Views: 600

Re: Silly Question About DHCP Server Mikrotik

Is it possible to make different dhcp pool on each port of bridged interface? No, it's not possible. But what I want to achieve is because I want to run only 1 hotspot server because I don't want user to asked to relogin again when moved to another floor. In other hand, I want to differentiate the ...
by mkx
Mon Sep 23, 2019 3:27 pm
Forum: General
Topic: vlan routing - low speed
Replies: 3
Views: 387

Re: vlan routing - low speed

I wonder why it's faster in one direction than in the other Could depend on both computers running iperf, but it's hard to tell ... The CPU is not loaded during the test. I don't have any firewall rules between these networks. I use fasttrack. fasttrack and mangle rules are mutually exclusive. You ...
by mkx
Mon Sep 23, 2019 11:32 am
Forum: General
Topic: vlan routing - low speed
Replies: 3
Views: 387

Re: vlan routing - low speed

What does /tool profile cpu=all show during the throughput test? Does it show some particular CPU hitting 100%? Which process?

Do you have firewall filter rules configured on CCR? Does it use fasttrack?
by mkx
Mon Sep 23, 2019 11:23 am
Forum: Beginner Basics
Topic: netinstal no packages
Replies: 14
Views: 854

Re: netinstal no packages

-netinstall software to create a cf card. Fails to create MBR on device -netinstall software to netboot to Alix. PXE error Netinstall is very fragile ... both failures might be due to some firewall on your PC preventing netinstall from doing what it has to do. It is advisable to entirely disable fi...
by mkx
Sun Sep 22, 2019 7:22 pm
Forum: Beginner Basics
Topic: Tiered WAN services
Replies: 11
Views: 937

Re: Tiered WAN services

Virtual interface has to follow physical interface with regards to frequency channel used, channel width etc. So when one wants to use single radio for both uplink and own AP, then physical interface has to be station and virtual can be AP.
by mkx
Sun Sep 22, 2019 1:45 pm
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1949

Re: Better VLAN?

Perhaps you don't need 10 VAPs for 10 devices, perhaps you could group them together. Like based on whether they connect to some cloud or not (if yes, all devices connecting to same cloud can use same VLAN). Or based on their functionality (you might have single VLAN for both doorbell and video surv...
by mkx
Sun Sep 22, 2019 1:27 pm
Forum: General
Topic: MTU and L2 MTU on ether
Replies: 6
Views: 654

Re: MTU and L2 MTU on ether

L2 MTU is maximum (ethernet) packet size each of physical interfaces is capable of transmitting (and receiving). MTU is maximum L3 (IP) packet size which can pass the interface and should be less or equal to the L2 MTU. At the same time it should be set to whatever size peers (accessible through tha...
by mkx
Sun Sep 22, 2019 12:21 pm
Forum: Beginner Basics
Topic: Router on a stick using RB750 as router and RB450 as switch. [SOLVED]
Replies: 2
Views: 422

Re: Router on a stick using RB750 as router and RB450 as switch. [SOLVED]

... and then plugging my laptop into the ether2 of RB450G (vlanid=9), I do not get the DHCP address for the VLAN or the management IP. Surely your laptop is, at this stage, configured to simple untagged networking? It would be nice if you could export actual setup of your "switch" ... the configura...
by mkx
Sun Sep 22, 2019 12:06 pm
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1949

Re: Better VLAN?

As opposed to my arch enemy anav, I agree with him ;-) I never let my guests near my refrigerator :lol: I let guests near vacuum cleaner, but they are mostly not interested :wink: Seriously: around here I generally don't question people's strategic decissions, I only try to help them with dirty deta...
by mkx
Sun Sep 22, 2019 12:02 pm
Forum: Beginner Basics
Topic: Isolated Network
Replies: 10
Views: 1013

Re: Isolated Network

No, that is not correct.
Right :blush:
by mkx
Sun Sep 22, 2019 12:00 pm
Forum: Beginner Basics
Topic: PPPoe connection to ISP with tagged VLAN
Replies: 18
Views: 1694

Re: PPPoe connection to ISP with tagged VLAN

According to what you wrote about ISPs specifications your SFP module is the right one. Seems that the only thing missing is to set module to synchronize at 100Mbps. I've no idea how to do it :-(
by mkx
Sat Sep 21, 2019 6:38 pm
Forum: Beginner Basics
Topic: Better VLAN?
Replies: 25
Views: 1949

Re: Better VLAN?

It seems fine to me ...
by mkx
Sat Sep 21, 2019 6:32 pm
Forum: Beginner Basics
Topic: PPPoe connection to ISP with tagged VLAN
Replies: 18
Views: 1694

Re: PPPoe connection to ISP with tagged VLAN

This SFP seems to work with single optical fibre and uses different wavelengths for Tx and Rx. Are you sure you're using module that is complementary to the one used by ISP? I.e. if ISP is using 1310nm for Tx , then you should be using module which uses 1550nm for Tx (that's S- 53 LC20D) ... If, on ...
by mkx
Sat Sep 21, 2019 6:19 pm
Forum: Beginner Basics
Topic: Isolated Network
Replies: 10
Views: 1013

Re: Isolated Network

In adition to the two posts above, beware that subnet 192.168.1.0/23 actually contains 192.168.2.0/25 (192.168.1.0/23 are all IP addresses from 192.168.1.0 to 192.168.2.255 while 192.168.2.1/25 are IP addresses from 192.168.2.0 to 192.168.2.127).
by mkx
Sat Sep 21, 2019 6:13 pm
Forum: Beginner Basics
Topic: PPPoe connection to ISP with tagged VLAN
Replies: 18
Views: 1694

Re: PPPoe connection to ISP with tagged VLAN

If manual setting of speed doesn't work, you could try to allow auto-negotiation, but limit advertised speeds only to 100Mbps (both FD and HD).

Or you might have to try with another SFP module ... Mikrotiks seem to be quite picky about which modules work and which don't.
by mkx
Sat Sep 21, 2019 4:08 pm
Forum: General
Topic: Hardware offload on RB4011 with VLAN-s
Replies: 4
Views: 472

Re: Hardware offload on RB4011 with VLAN-s

Document regarding switch chip features states that VLAN tables are not available under ROS on RTL8367 switch chips. Making configuring VLANs on these switch chips impossible. (I've had something about that on my mind and I obviously created a shortcut of entire config subtree being unavailable ......
by mkx
Sat Sep 21, 2019 3:57 pm
Forum: General
Topic: Hardware offload on RB4011 with VLAN-s
Replies: 4
Views: 472

Re: Hardware offload on RB4011 with VLAN-s

The only way of configuring HW accelerated VLANs on all Routerboards except CRS3xx series is to use /interface ethernet switch configuration subtree. I don't have any RB4011, but I heard that this configuration subtree is not available. And yes, ports with tagged VLANs and PVID set to same value cau...
by mkx
Sat Sep 21, 2019 3:50 pm
Forum: Beginner Basics
Topic: PPPoe connection to ISP with tagged VLAN
Replies: 18
Views: 1694

Re: PPPoe connection to ISP with tagged VLAN

VLAN setup seems fine to me. However, this setting might get into the way: /interface bridge settings set use-ip-firewall-for-pppoe=yes I know you're not running PPPoE over a bridge, but never the less. And better get rid of that disabled bridge-vlan, who knows if it's really nowhere configured. I g...
by mkx
Sat Sep 21, 2019 3:34 pm
Forum: General
Topic: Fasttrack doesn't work (with VLAN) ?
Replies: 8
Views: 1140

Re: Fasttrack doesn't work (with VLAN) ?

As far as I understand FastTrack is built on top of FastPath and requires that the underlying interface supports it. And I guess FastPath is immediately disabled as soon as bridge VLAN filtering is enabled on anything but CRS3xx. FastPath documentation is quite vague about when fastpath is enabled....
by mkx
Sat Sep 21, 2019 2:45 pm
Forum: General
Topic: 317s storage and temperature acting strange [SOLVED]
Replies: 1
Views: 289

Re: 317s storage and temperature acting strange [SOLVED]

1) Free space is low but no files on flash. free-hdd-space: 2500.0KiB total-hdd-space: 16.0MiB bad-blocks: 0% That's normal. Built-in flash holds runing ROS, it's just not exposed to you. Only part of flash storage is exposed, but it's highly advisable not to use it fir anything write-intensive ......
by mkx
Sat Sep 21, 2019 2:39 pm
Forum: Beginner Basics
Topic: PPPoe connection to ISP with tagged VLAN
Replies: 18
Views: 1694

Re: PPPoe connection to ISP with tagged VLAN

Post complete configuration as presented by /export hide-sensitive ... and state the RB type, it might matter.

PPPoE over tagged works, but things have to be configured properly.
by mkx
Sat Sep 21, 2019 2:34 pm
Forum: Beginner Basics
Topic: Reset counters - no way or bug in WinBox?
Replies: 19
Views: 1991

Re: Reset counters - no way or bug in WinBox?

I could request such a special feature in the router, but who else would be interested?

Probably not many other people would really need such feature ... but that shouldn't stop you from bitching around :wink:
by mkx
Fri Sep 20, 2019 11:45 pm
Forum: Beginner Basics
Topic: Difference in 6db and 12db Groove antenna
Replies: 1
Views: 318

Re: Difference in 6db and 12db Groove antenna

In theory the difference between 6dBi antenna and 12dBi antenna is +6dB. In practice it can be anything between +6dB and possibly -10dB if antennae are not properly re-aligned if needed. With omni-directional antenna the only way of getting larger gain is to reduce vertical beam width - when talking...
by mkx
Fri Sep 20, 2019 9:36 pm
Forum: Wireless Networking
Topic: Static/Public IP entry help.
Replies: 2
Views: 349

Re: Static/Public IP entry help.

I'm pretty sure you don't have to enter IP address anywhere, you should be getting it as you'd get the dynamic one.
by mkx
Fri Sep 20, 2019 5:42 pm
Forum: RouterBOARD hardware
Topic: GPER usage questions
Replies: 31
Views: 3431

Re: GPER usage questions

guess this behaviour is related to PoE-detection in the switch ... no passive PoE-adapter in the arsenal to verify ... so check, before climb ! Normis explained that 802.3af/at powering only works when there's a compliant device down the line ... if there isn't one, passive PoE injector should be u...
by mkx
Fri Sep 20, 2019 5:34 pm
Forum: RouterBOARD hardware
Topic: Mikrotik RB941-2nD-TC LAN Port Problem
Replies: 3
Views: 488

Re: Mikrotik RB941-2nD-TC LAN Port Problem

The only problem I see (but doesn't mean it's breaking your LAN) is that LAN stuff (IP address, possibly DHCP server although I don't see it configured) is bound to ether2 instead of bridge ... The behaviour you're explaining might indeed indicate that your RB might be slowly dying and that you'd ha...
by mkx
Fri Sep 20, 2019 5:25 pm
Forum: Wireless Networking
Topic: Wifi station-mode for two SSIDs with virtualAP? [SOLVED]
Replies: 4
Views: 659

Re: Wifi station-mode for two SSIDs with virtualAP? [SOLVED]

Yes!
Please explain ... usual device with single radio, how can it become station of two distinct APs transmitting on different channels?
by mkx
Fri Sep 20, 2019 5:19 pm
Forum: General
Topic: hEX PoE // Powersupply
Replies: 6
Views: 796

Re: hEX PoE // Powersupply

The hEX can't handle 48V.
... and doesn't do PoE out.

But OP mentioned hEX PoE which handles 48V and can do 802.3af/at on output.
by mkx
Fri Sep 20, 2019 4:04 pm
Forum: General
Topic: hEX PoE // Powersupply
Replies: 6
Views: 796

Re: hEX PoE // Powersupply

Indeed you need 48V power supply. Any 48V power supply rated at least at 1A would do (but get some beefier one if this RB will deliver power to additional devices, up to 2.5A), just be careful about the DC plug dimensions. According to MT support , all routerboards feature same barrel-type power rec...
by mkx
Fri Sep 20, 2019 3:56 pm
Forum: General
Topic: Fasttrack doesn't work (with VLAN) ?
Replies: 8
Views: 1140

Re: Fasttrack doesn't work (with VLAN) ?

But that is beside the point and my question still remains - do anybody have some input on the "no fasttrack" question? Is fasttracking between two VLAN interfaces supposed to work? (Input VLANXXX, NAT to VLANYYY) . Fasttrack works for firewall with connection tracking enabled. Which is pretty much...
by mkx
Fri Sep 20, 2019 3:49 pm
Forum: General
Topic: More than 1 DHCP Clients possible on RouterOS?
Replies: 1
Views: 341

Re: More than 1 DHCP Clients possible on RouterOS?

If I understood you correctly ... you want to connect your cAP as client (station) to two distinct APs? That's only possible if one AP is running on 2.4GHz and another on 5GHz, but in that case you have two interfaces (default names wlan1 and wlan2) and you can start one DHCP client per interface. I...
by mkx
Thu Sep 19, 2019 10:48 pm
Forum: RouterBOARD hardware
Topic: Mikrotik RB941-2nD-TC LAN Port Problem
Replies: 3
Views: 488

Re: Mikrotik RB941-2nD-TC LAN Port Problem

You can try to replace power supply (in case it's aging and strarting to fail to provide rated amperage).

If that doesn't help, post complete configuration (execute /export hide-sensitive in command window), could be something weird there ...
by mkx
Wed Sep 18, 2019 11:41 pm
Forum: RouterBOARD hardware
Topic: Switch ability of 962UiGS-5HacT2HnT
Replies: 10
Views: 1191

Re: Switch ability of 962UiGS-5HacT2HnT

I'll wait until you post output of command /export hide-sensitive (redact public IP address if there's one).
by mkx
Wed Sep 18, 2019 5:10 pm
Forum: RouterBOARD hardware
Topic: Switch ability of 962UiGS-5HacT2HnT
Replies: 10
Views: 1191

Re: Switch ability of 962UiGS-5HacT2HnT

It is known that many windows NIC drivers strip off VLAN tags before processing packets. Hence sniffing using windows machine can not proove VLAN-related problems ...
by mkx
Wed Sep 18, 2019 2:43 pm
Forum: Beginner Basics
Topic: Link Router and Switch and administrate together with WinBox
Replies: 11
Views: 993

Re: Link Router and Switch and administrate together with WinBox

You might want to open new topic in SwOS section to get some advice about that.
by mkx
Wed Sep 18, 2019 11:48 am
Forum: Beginner Basics
Topic: Link Router and Switch and administrate together with WinBox
Replies: 11
Views: 993

Re: Link Router and Switch and administrate together with WinBox

You can use any interface to interconnect both devices (or even use more than one in a LACP bond). However, if you use RJ45 port, it'll be 1Gbps, if yu use SFP+ port, it can be 10Gbps (depending on modules/cable used). How to configure it in ROS? The interconnection port should be one of switched po...
by mkx
Wed Sep 18, 2019 10:28 am
Forum: RouterBOARD hardware
Topic: Switch ability of 962UiGS-5HacT2HnT
Replies: 10
Views: 1191

Re: Switch ability of 962UiGS-5HacT2HnT

But on trunked ports (hybrid actually) containing VLAN 201, packets from those devices can be captured without VLAN tag.

Please elaborate thos further ... how are you capturing packets and how in particular is the trunk configured?
by mkx
Mon Sep 16, 2019 8:50 pm
Forum: RouterBOARD hardware
Topic: Well, i have no idea what i need [SOLVED]
Replies: 2
Views: 542

Re: Well, i have no idea what i need [SOLVED]

When it comes to functionality, all Mikrotik devices are capabke of doing the same. Well, almost all, one can't realistically expect a $30 drvice to do some complex tasks such as BGP peering. The difference is in capacity obviously and hardware capabilities (not every Routerboard can use USB LTE sti...
by mkx
Mon Sep 16, 2019 8:32 pm
Forum: General
Topic: Directing all internet traffic through a device
Replies: 5
Views: 576

Re: Directing all internet traffic through a device

Relevant RFC 2132 defines option format to be array of octets and first octet (after the DHCP option number) should be the length of the array (and must be multiple of 4). So I assume that when defining option value should be entered as HEX number, e.g. 0x04c0a80a0d ... I've no idea what should be t...
by mkx
Mon Sep 16, 2019 4:32 pm
Forum: General
Topic: Directing all internet traffic through a device
Replies: 5
Views: 576

Re: Directing all internet traffic through a device

It's not exactly trivial to enforce special config to particular host. Perhaps the easist way would be using DHCP options ... create new one with code=3 (that's default gateway), enter the value (no idea how it should look like) and assign this option to static DHCP lease. Hopefully explicit DHCP op...
by mkx
Mon Sep 16, 2019 2:32 pm
Forum: General
Topic: Directing all internet traffic through a device
Replies: 5
Views: 576

Re: Directing all internet traffic through a device

The easiest way would be to set Rpi's IP address as default gateway on PC. If PC is getting it's network settings via DHCP server, you'll have to create static DHCP lease for that PC. On that particular lease you'll set different IP address as gateway. (It will be some more work than I just wrote, b...
by mkx
Mon Sep 16, 2019 2:25 pm
Forum: RouterBOARD hardware
Topic: Switch ability of 962UiGS-5HacT2HnT
Replies: 10
Views: 1191

Re: Switch ability of 962UiGS-5HacT2HnT

However the Bridge VLAN Filtering is currently only supported on CRS3xx series devices ... Small correction: above mentioned bridge VLAN filtering is supported across whole Routerboard device range ... but on all, except CRS3xx, functionality is implemented in software. Meaning that it's expected t...
by mkx
Mon Sep 16, 2019 2:16 pm
Forum: General
Topic: [Feature request] Quickset Loadbalance menu
Replies: 1
Views: 218

Re: [Feature request] Quickset Loadbalance menu

-1

IMHO load balance is a pretty complex thing (specially using WAN interfaces as your post implies), way beyond simplistic QuickSet stuff.
by mkx
Mon Sep 16, 2019 2:03 pm
Forum: Beginner Basics
Topic: Bridge "created from master port"
Replies: 2
Views: 318

Re: Bridge "created from master port"

Two questions:
  1. which version of ROS are you running
  2. what kind of user interface are you using to perform whatever you wanted (if GUI, which mode?)
by mkx
Mon Sep 16, 2019 12:12 pm
Forum: Beginner Basics
Topic: Link Router and Switch and administrate together with WinBox
Replies: 11
Views: 993

Re: Link Router and Switch and administrate together with WinBox

Yes, you'll have to configure CSS separately (as if your CRS didn't exist). While I don't have any personal experience with SwitchOS, it seems to have relatively simple webUI which allows to set up everything switch can do. And CSS will act as a switch, so no fancy L3 features there (that includes D...
by mkx
Mon Sep 16, 2019 12:02 pm
Forum: General
Topic: Performance problems with CRS112-8P-4S
Replies: 6
Views: 1507

Re: Performance problems with CRS112-8P-4S

Is the best way to use these just as a switch to add a bridge and add all ports to the bridge? I noticed the CPU increased significantly when adding VLANs even without any routing. CRS1xx don't offload much to hardware automatically. If they are only used as simple switches (no fancy features used)...
by mkx
Mon Sep 16, 2019 11:33 am
Forum: General
Topic: Laptops are trying to hack my router
Replies: 8
Views: 1086

Re: Laptops are trying to hack my router

Start with this https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router If you want to block access to router from guest network, block in firewall input chain all from this interface or IP range, allowing only needed services, i.e. DHCP, DNS, etc. I don't think this is answer to OPs question (h...
by mkx
Mon Sep 16, 2019 11:26 am
Forum: Beginner Basics
Topic: Link Router and Switch and administrate together with WinBox
Replies: 11
Views: 993

Re: Link Router and Switch and administrate together with WinBox

You will have to administer devices separately. Even more, CRS runs RouterOS (which you already experienced) while CSS runs SwitchOS ... and SwitchOS can only be administered using web-based GUI, you can't do it using winbox.
by mkx
Sun Sep 15, 2019 9:40 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD-IN remove default config
Replies: 2
Views: 439

Re: RB4011iGS+5HacQ2HnD-IN remove default config

If i manually remove the bridge created by default config which gets a ip from dhcp and no other interface is created the device is inaccessible have to hard reset the router and the router is connected directly to my laptop. It you if you do a reset with no default config enabled you can still acc...
by mkx
Sun Sep 15, 2019 5:12 pm
Forum: Beginner Basics
Topic: Routing all packets from a local IP to a specific external IP
Replies: 1
Views: 347

Re: Routing all packets from a local IP to a specific external IP

Use dst-nat just like you'd use it for connectivity from internet to some LAN service. So use rule something like /ip firewall nat add chain=dstnat action=dst-nat dst-address=192.168.1.23 to-address=<some internet IP address> However, there's a gotcha: router will only redirect packets to remote add...
by mkx
Sun Sep 15, 2019 12:30 pm
Forum: General
Topic: safe to upgrade from v6.35rc42 to current?
Replies: 7
Views: 747

Re: safe to upgrade from v6.35rc42 to current?

If you set boot sequence to /system routerboard settings set boot-device=try-ethernet-once-then-nand , then you don't have to press the button for RB to try netboot ... it'll try and if it doesn't find proper bootp server, it'll resume booting from NAND.
by mkx
Sat Sep 14, 2019 9:31 pm
Forum: RouterOS v7 BETA
Topic: VLAN hAP AC2
Replies: 9
Views: 2304

Re: VLAN hAP AC2

In former versions of ROS, bridge should have vlan-filtering=yes set for VLANs to work correctly.
by mkx
Sat Sep 14, 2019 2:59 pm
Forum: Beginner Basics
Topic: Routing and VLANs and IPs [SOLVED]
Replies: 2
Views: 494

Re: Routing and VLANs and IPs [SOLVED]

For proper configuration for IP interaction with VLAN you should add the following to what you've had while CRS worked fine as managed switch: /interface vlan add interface=bridge1 name=vlan100 vlan-id=100 /interface list member add list=LAN interface=vlan100 /interface bridge vlan add bridge=bridge...
by mkx
Sat Sep 14, 2019 12:08 pm
Forum: General
Topic: Firewall Filter rules for Microtik as Router on Stick configuration with D Link Switch
Replies: 3
Views: 508

Re: Firewall Filter rules for Microtik as Router on Stick configuration with D Link Switch

Before we get into details let me explain some basic stuff... Bridge functions very sim8larly to a switch, forwarding packets between member ports. Right now your RB has all ether ports member of same bridge. Which is kind of a problem due to 3 reasons: it seems like ether1 interface is used as WAN ...
by mkx
Fri Sep 13, 2019 12:28 pm
Forum: RouterBOARD hardware
Topic: 5 GHz Wifi
Replies: 3
Views: 580

Re: 5 GHz Wifi

AP probably shouldn't reboot when some client connects to it. It is possible though and I can think of a few reasons for it. One is weak power supply adapter. When client connects, AP will start to transmit at higher (full) power because of improper antenna (with too low gain). Thus it's causing hig...
by mkx
Fri Sep 13, 2019 12:16 pm
Forum: Beginner Basics
Topic: Wrong default route when router and modem start at the same time [SOLVED]
Replies: 5
Views: 656

Re: Wrong default route when router and modem start at the same time [SOLVED]

Set IP address to Mikrotik statically. Take any address from the same IP subnet as modem uses except from modem's own address (and network and broadcast addresses obviously). pppoe-client on Mikrotik should add default route ... but be sure to enable "add default route" on PPPoE client configuration...
by mkx
Fri Sep 13, 2019 11:52 am
Forum: General
Topic: Access UDP port 47808 via PPTP VPN
Replies: 4
Views: 509

Re: Access UDP port 47808 via PPTP VPN

Remove src-port option from the filter rule, it's still there: /ip firewall filter unset [ find src-port="47808" ] src-port (on my RB I had to use the double quotes for find to find something). BTW, you have 4 similar DST-NAT rules: add action=dst-nat chain=dstnat comment=192.168.1.33 disabled=yes d...
by mkx
Fri Sep 13, 2019 11:46 am
Forum: Beginner Basics
Topic: First config
Replies: 7
Views: 986

Re: First config

You should post complete configuration as all of the details matter ... run /export hide-sensitive and post it here inside [code] [/code] block.
by mkx
Fri Sep 13, 2019 11:40 am
Forum: Beginner Basics
Topic: Router on a Stick
Replies: 6
Views: 718

Re: Router on a Stick

It still doesn't look right ... but if it works for you, fine. Might stop working after some ROS upgrade though: when an interface is member of bridge, then all the rest of configuration should go to the bridge. In your case, ether2 is member of bridge named "bridge", and vlan interfaces should be a...
by mkx
Fri Sep 13, 2019 9:17 am
Forum: Beginner Basics
Topic: Router on a Stick
Replies: 6
Views: 718

Re: Router on a Stick

Your L2 VLAN setup is very far from complete (and what's done is wrong). I suggest you to read through this nice tutorial. After you're done and still have problems, come back with questions.
by mkx
Fri Sep 13, 2019 9:09 am
Forum: General
Topic: Host get disconnected and reconnected periodically
Replies: 1
Views: 299

Re: Host get disconnected and reconnected periodically

First of all describe topology and what kind of disconnects you experience (is it ethernet/wireless disconnects, DHCP lease expiry, connection breaks, ...). If there's a central Mikrotik device which suffers, post complete configuration (as printed out by executing command /export hide-sensitive fro...
by mkx
Thu Sep 12, 2019 8:13 pm
Forum: General
Topic: RB951Ui 2HnD rebootiing spontaneously [SOLVED]
Replies: 4
Views: 623

Re: RB951Ui 2HnD rebootiing spontaneously [SOLVED]

12V adaper is just fine for your RB ... if it can supply at least 0.6A. The problem is that power adapters tend to age (mostly because capacitors loose capacity due to various reasons) and their max current deteriorates. To a point when device wants to draw higher current than power adapter is capab...
by mkx
Thu Sep 12, 2019 5:58 pm
Forum: General
Topic: RB951Ui 2HnD rebootiing spontaneously [SOLVED]
Replies: 4
Views: 623

Re: RB951Ui 2HnD rebootiing spontaneously [SOLVED]

Try replacing power adapter, it might be getting old ...
by mkx
Thu Sep 12, 2019 5:39 pm
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 6
Views: 667

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

I think you should post full configuration. Fetch it executing command /export hide-sensitive and redact public IP addresses ...
by mkx
Thu Sep 12, 2019 8:31 am
Forum: RouterBOARD hardware
Topic: ltap mini can't use 5v power in
Replies: 3
Views: 373

Re: ltap mini can't use 5v power in

Stated max power consumption is 9W ... which is 1.8A @ 5V. Can your power adapter supply such current? Even micro USB connector (and port) might have hard time to pass such high current.
by mkx
Thu Sep 12, 2019 8:09 am
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 6
Views: 667

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

How did you try to ping internet via secondary modem? If by using /ping , you might have to set src-address with IP correct for interface DLINK . I've had my share of problems when RB chose wrong own address when pinging and the remote party did not have appropriate route to reply back. Other than t...
by mkx
Wed Sep 11, 2019 9:03 pm
Forum: RouterBOARD hardware
Topic: Audience
Replies: 33
Views: 6584

Re: Audience

When will come a Powerline modem for Audience?
There won't be one. Audience hasn't got USB port (at least I didn't see it mentioned), so you'll have to use generic PowerLine2ethernet devices.
by mkx
Wed Sep 11, 2019 8:58 pm
Forum: RouterBOARD hardware
Topic: 5 GHz Wifi
Replies: 3
Views: 580

Re: 5 GHz Wifi

It is quite vital to use antenna for correct requency band. If you use wrong antenna, in best case the signal will suck as the antenna gain will be low (could be something like -10 dBi or even lower instead of +3 dBi or +6 dBi). In worst case the PAs might get destroyed due to high VSWR.
by mkx
Wed Sep 11, 2019 8:42 pm
Forum: Beginner Basics
Topic: Switching vs. Ethernet Test Results - Understanding
Replies: 5
Views: 557

Re: Switching vs. Ethernet Test Results - Understanding

In ROS you first configure L2 stuff ... e.g. you create a bridge with selected interfaces as its members. "bridge" then offloads as much operations to the switching hardware and in your case that's just about everything related to intra-LAN traffic. On the "routing" CRS you'll leave out one ether in...
by mkx
Wed Sep 11, 2019 8:24 pm
Forum: Beginner Basics
Topic: Switching vs. Ethernet Test Results - Understanding
Replies: 5
Views: 557

Re: Switching vs. Ethernet Test Results - Understanding

For me the "blue" network is all within the same IP Subnet (192.168.88.xxx), so in my understanding (feel free to correct me) all traffic in there is "just" switched. You're absolutely right, I've looked at the chart without due dilligence. So in your case, routing would only happen between LAN and...
by mkx
Wed Sep 11, 2019 7:51 pm
Forum: Beginner Basics
Topic: Switching vs. Ethernet Test Results - Understanding
Replies: 5
Views: 557

Re: Switching vs. Ethernet Test Results - Understanding

Switching is when CRS moves ethernet frames from one interface to another one by using it's switching hardware. It means quite basic stuff, athough CRS3xx can do many L2 stuff by using switching hardware. I your case that's all traffic between LAN hosts in the same IP subnet. Bridging is similar to ...
by mkx
Wed Sep 11, 2019 11:25 am
Forum: General
Topic: PWR-LINE PRO
Replies: 9
Views: 805

Re: PWR-LINE PRO

Automatic fuses/switches are killing powerline. Same as wireless through reinforced concrete.
Parallel cable runs help somewhat ... as does a window in that concrete wall for wireless.
by mkx
Wed Sep 11, 2019 11:21 am
Forum: General
Topic: disable root bridge
Replies: 2
Views: 349

Re: disable root bridge

"root bridge" is a feature of xSTP. If RB in question can not create any loops (e.g. it only has one connection to the rest of network), then you can disable xSTP entirely:
/interface bridge
set [ find protocol-mode!=none ] protocol-mode=none
by mkx
Wed Sep 11, 2019 11:15 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 1130

Re: Remote update hAP lite

You can try to uninstall packages not needed, it might save enough space for upgrade to succeed.

If it doesn't help, then netinstall is the only way.
by mkx
Tue Sep 10, 2019 11:21 pm
Forum: General
Topic: Feature Request: Add LTE to WAN Interface List by default
Replies: 4
Views: 523

Re: Feature Request: Add LTE to WAN Interface List by default

LAN and WAN interface lists are extensively used in default firewall filter lists. But then LTE interface is not configured by default. But then, if "add default route" option is available, so should be "add to interface list" option with drop-down list to select from. Rationale: if LTE is meant to ...
by mkx
Tue Sep 10, 2019 5:12 pm
Forum: Beginner Basics
Topic: Video over IP
Replies: 7
Views: 956

Re: Video over IP

Are you using IGMP snooping? If yes, try to disable it and see if things start to behave.

The problem is that for IGMP snooping to work one needs multicast router present (IGMP querier). If there isn't one, then IGMP snooping only works reliably if there's single switch between source and sink ...
by mkx
Tue Sep 10, 2019 9:27 am
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 1364

Re: Bit confused by the existence of the hAP AC Lite?

However, Wi-Fi 5 devices can regularly get speeds well in excess of 150Mbps speedtest - one of my clients has Cisco access points connected via 10Gbps backbone and they regularly speedtest at well over 200Mbps. But with this device, even if the Wi-Fi is connected at these realistic speeds, the 100M...
by mkx
Tue Sep 10, 2019 9:13 am
Forum: Beginner Basics
Topic: RB750, Pi-Hole and cross interface communication
Replies: 37
Views: 3007

Re: RB750, Pi-Hole and cross interface communication

One thing I obviously don't understand: you have configuration for PPPoE in place ... but it has "dial-on-demand=yes" set. So is it used for connecting to internet or not? if yes, I suggest you to set dial-on-demand=no so that pppoe connection doesn't drop due to inactivity. At the same time you hav...
by mkx
Tue Sep 10, 2019 8:49 am
Forum: Beginner Basics
Topic: Understanding acmin-mac (mtik devices mac changes after reboot)
Replies: 3
Views: 387

Re: Understanding acmin-mac (mtik devices mac changes after reboot)

I'm afraid that if admin wants to have any kind of supervision, device needs constant IP address. Either set statically or set by DHCP but then one has to assure constant MAC. With ROS versatility it is impossible to come up with MAC addressing scheme which would persist over all the configuration v...
by mkx
Mon Sep 09, 2019 11:29 pm
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 1364

Re: Bit confused by the existence of the hAP AC Lite?

In theory maximum speed over wireless exceeds speed of wired ports indeed. In practice speed over wireless rarely reaches much more than one third of maximum speed in good radio conditions and less than that in sub-optimal radio conditions (e.g. when client is some distance and corners away from AP'...
by mkx
Mon Sep 09, 2019 8:25 pm
Forum: Beginner Basics
Topic: Unable to ping/trace from lan
Replies: 7
Views: 666

Re: Unable to ping/trace from lan

This NAT rule add action=dst-nat chain=dstnat comment=Ping protocol=icmp to-addresses=10.254.254.254 grabs just any ping request regardless where it starts and what is its destination and redirects it to 10.254.254.254 (which happens to be one of router's addresses). And similar problem is present o...
by mkx
Mon Sep 09, 2019 3:01 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35835

Re: RouterOS v7.0beta1 (ARM)

NV3 is coming? Personally, if I had to choose between 802.11ax and NV3, I'd rather get 802.11ax. Because it might boil down to such choice ... either use stock linux/producer driver and miss any vendor specific protocols (such as nstreme or NV2) or write own driver and include whatever bells and wh...
by mkx
Mon Sep 09, 2019 2:11 pm
Forum: General
Topic: Seeking Mikrotik capable providers in different countries
Replies: 2
Views: 334

Re: Seeking Mikrotik capable providers in different countries

No PM on this forum. You'll have to post some contact information if you want to get some feedback.
by mkx
Mon Sep 09, 2019 2:10 pm
Forum: General
Topic: Guidelines for changes when switching VPN To Wireless.
Replies: 1
Views: 233

Re: Guidelines for changes when switching VPN To Wireless.

You'll have to adjust routing settings.
by mkx
Mon Sep 09, 2019 11:38 am
Forum: Beginner Basics
Topic: Understanding acmin-mac (mtik devices mac changes after reboot)
Replies: 3
Views: 387

Re: Understanding acmin-mac (mtik devices mac changes after reboot)

In CLI definition of bridge has also option called "auto-mac" and if set to "no" (together with static setting of "admin-mac") MAC doesn't change over reboots. WebFig doesn't show "auto-mac" option explicitly, might be set implicitly when one unfolds the "Admin. MAC Address" window and sets the MAC ...
by mkx
Mon Sep 09, 2019 11:33 am
Forum: General
Topic: Request: FEC tunnel types
Replies: 27
Views: 3092

Re: Request: FEC tunnel types

That is a pretty specialist use case which would be better solved in a dedicated LTE router which also has multiple SIMs and radios. You can undoubtedly get these on the market already. Not to mention the fact that LTE also features quite good QoS portfolio and one could try to get somehow better Q...
by mkx
Mon Sep 09, 2019 8:40 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 912

Re: VLAN: Newbie Needs Guidance

Which customers are having problems, all of them (regardless VLAN) or only some?
by mkx
Mon Sep 09, 2019 8:34 am
Forum: General
Topic: VLAN: Newbie Needs Guidance
Replies: 16
Views: 912

Re: VLAN: Newbie Needs Guidance

Also have you tried fast track?

Using mangle rules excludes fast track.
by mkx
Mon Sep 09, 2019 8:30 am
Forum: General
Topic: Access Point Isolation
Replies: 1
Views: 290

Re: Access Point Isolation

You could configure AP's firewall so that it blocks any connectivity from wireless clients except connections towards internet. The above assumes that AP will not be simple AP (transparent), but will rather create its own subnet (with its own NAT etc.). The above is true for any Mikrotik device. All...
by mkx
Mon Sep 09, 2019 8:18 am
Forum: General
Topic: Request: FEC tunnel types
Replies: 27
Views: 3092

Re: Request: FEC tunnel types

End to end FEC to reduce packet loss and latency spikes across the entire path. Unless you turn ent-to-end connection into "lossy by design" connection, then FEC won't help with latency spikes ... any L1 technology, which does retransmissions on its own, will cause it. Wired technologies don't do i...
by mkx
Sun Sep 08, 2019 12:53 pm
Forum: Wireless Networking
Topic: which of this has good signal and quality?
Replies: 6
Views: 999

Re: which of this has good signal and quality?

The same principle holds for all of shown numbers: the larger the better. Note that some values are negative (e.g. Signal Strength) ... for example -59 dBm is larger than -73 dBm. Thanks, from your post for example signal to noise the value of it if the high value, for example, 70db is very good th...
by mkx
Sun Sep 08, 2019 12:34 pm
Forum: General
Topic: Request: FEC tunnel types
Replies: 27
Views: 3092

Re: Request: FEC tunnel types

@Amm0: what makes you claim that LTE is lossy? @mkx, let's call it "noisy" - mainly suggest that with LTE, or Wi-Fi, the L2/L1 stuff that deals with the noise (e.g. ACM) does have side-effects at L3, and that's where FEC might be able to mitigate frame loss. I can assure you (was working profession...
by mkx
Sun Sep 08, 2019 12:02 pm
Forum: Beginner Basics
Topic: How to prevent lockout in bridged-switch AP setup?
Replies: 1
Views: 334

Re: How to prevent lockout in bridged-switch AP setup?

You should set the hAP ac2's IP address to some address from your subnet. How to do it depends on how is hAP ac2 currently configured. Try to post complete config in text form, you can get it by executing command " /export hide-sensitive " inside a terminal window. And use [ code] environment here, ...
by mkx
Sat Sep 07, 2019 11:47 pm
Forum: Wireless Networking
Topic: which of this has good signal and quality?
Replies: 6
Views: 999

Re: which of this has good signal and quality?

The same principle holds for all of shown numbers: the larger the better. Note that some values are negative (e.g. Signal Strength) ... for example -59 dBm is larger than -73 dBm.
by mkx
Sat Sep 07, 2019 11:37 pm
Forum: General
Topic: Multiples Web Servers - Public ip adress
Replies: 4
Views: 642

Re: Multiples Web Servers - Public ip adress

You can't get client's IP address because web proxy is not transparent ... rather it's a part of a chain chain where ROS web server takes request from client, then sends same request to internal server and then relays the response. Behaviour is the same as with some renown web server software (e.g. ...
by mkx
Sat Sep 07, 2019 4:46 pm
Forum: General
Topic: pppoe on ONT and public ips on mikrotik
Replies: 4
Views: 666

Re: pppoe on ONT and public ips on mikrotik

It is simple routing, e.g. /ip route add dst-address=XXX.XXX.YYY.ZZZ/32 gateway=<IP of CCR> add dst-address=XXX.XXX.YYY.WWW/30 gateway=<IP of pfSense> Both CCR and pfSense should use hEX as their gateway (probably default one). BTW, firewall will trigger on the traffic to these IP addresses as well,...
by mkx
Sat Sep 07, 2019 4:35 pm
Forum: Beginner Basics
Topic: Somehow im blind
Replies: 5
Views: 741

Re: Somehow im blind

Can it be because client PC can't resolve FQDN to IP? Does pinging some public IP address (e.g. 8.8.8.8 ) work?

DHCP server network is missing setting of DNS server(s) ...
by mkx
Sat Sep 07, 2019 3:10 pm
Forum: General
Topic: pppoe on ONT and public ips on mikrotik
Replies: 4
Views: 666

Re: pppoe on ONT and public ips on mikrotik

The subnrt of 8 IPs is routed to you via PPPoE interface. Whichever device is terminating the PPPoE will have to know where to route those IP addresses. Which is easy to do on Mikrotik, I don't know how can it be done on ONT.
by mkx
Sat Sep 07, 2019 3:02 pm
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

Just one small clarification, does the DNS get assigned from the Networks section under the DHCP Server? It does. A small correction to my previous post: DHCP server actually auto-selects correct DHCP network settings, matching the interface to which server instance is bound. One has to set the cor...
by mkx
Sat Sep 07, 2019 2:56 pm
Forum: General
Topic: Sofware VLAN/Bridge on RuterOS explained.
Replies: 59
Views: 16563

Re: Sofware VLAN/Bridge on RuterOS explained.

When you start to mess with L2 (e.g. VLANs), you really have to be careful not to break your current management connection to device. Always be sure to leave one device with old configuration so you can use one of ports to re-gain connection. And use winbox with MAC connectivity ... it won't help if...
by mkx
Sat Sep 07, 2019 2:50 pm
Forum: General
Topic: Hardware Switching RouterOS multiple VLANs
Replies: 2
Views: 594

Re: Hardware Switching RouterOS multiple VLANs

Or, if you want, you can read some nice tutorial with examples explained. If configured this way, things will be done in hardware on CRS3xx ...
by mkx
Sat Sep 07, 2019 2:44 pm
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

Yoh have to create two DHCP address pools and assign each to corresponding DHCP server (with matching DHCP network). DHCP server doesn't check if served DHCP lease corresponds to other DHCP lease parameters ...
Right now you're using same DHCP address pool for both DHCP server instances ...
by mkx
Sat Sep 07, 2019 1:49 pm
Forum: Beginner Basics
Topic: Problem connecting two MikroTiks [SOLVED]
Replies: 5
Views: 719

Re: Problem connecting two MikroTiks [SOLVED]

Either use media coverters (a pair probably) that properly supports autonegotiation (I'm not sure there are such things).
Or use 100Mbps media coverters.
Or use a (dumb) switch between 1Gbps media coverter and hAP ac lite.
by mkx
Sat Sep 07, 2019 1:43 pm
Forum: Beginner Basics
Topic: bizarre performance issue with packet sniffer
Replies: 9
Views: 965

Re: bizarre performance issue with packet sniffer

fasttrack has mostly default rules that user can't change, right? how can i diagnose/troubleshoot fasttrack? i even tried to do a forwarding accept before fasttrack rule, no avail. Any firewall filter rule can be changed, including the default ones. As to rule trouble shooting ... I don't know any ...
by mkx
Fri Sep 06, 2019 8:15 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

If you will use your TP-Link, you'll 1) use same frequency for both connection between APs and connection clinent-TPLink (loosing lots of capacity) and 2) have huge problems with connectiviry between TP-Link clients and the rest of LAN ... It wouldn't even work as wireless repeater because that reli...
by mkx
Fri Sep 06, 2019 7:57 pm
Forum: Beginner Basics
Topic: bizarre performance issue with packet sniffer
Replies: 9
Views: 965

Re: bizarre performance issue with packet sniffer

fasttrack is a certain feature of connection tracked firewall ... when conditions are met and connection gets fasttrack mark, then (majority of) packets belonging to such connection skip firewall processing altogether. And mangling and IPsec policy matching and ... Only one of many packets gets trea...
by mkx
Fri Sep 06, 2019 6:04 pm
Forum: Beginner Basics
Topic: bizarre performance issue with packet sniffer
Replies: 9
Views: 965

Re: bizarre performance issue with packet sniffer

Packet sniffer disables fast-track. Try disabling the firewall filter rule which enables fast-track to see if this makes any difference.

If it does, then you'll have to check the packet flow and which rule grabs or misses the initial packets causing them to be misrouted ...
by mkx
Fri Sep 06, 2019 5:56 pm
Forum: Beginner Basics
Topic: Issue with bridge, VLANs and DHCP [SOLVED]
Replies: 2
Views: 325

Re: Issue with bridge, VLANs and DHCP [SOLVED]

Start off by using some other VID instead of 1 for the "red" VLAN ... VID=1 is used as default in many places and can thus cause unexpected behaviour. Bridge port ether2 needs to have pvid setting as well. In /interface bridge vlan bridge1 needs to be listed as tagged member of VLANs where you want ...
by mkx
Fri Sep 06, 2019 5:46 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

As I wrote: get another Mikrotik AP which has dual-band wireless. Another hAP ac2 would be great, hAP ac lite would do as well (but worse than hAP ac2 as it only has single chain 5GHz). Then you'll have to find a spot, where signal strength of existing AP is at least -75 dB and at the same time offe...
by mkx
Fri Sep 06, 2019 5:26 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

Preferably add another AP which would connect to LAN using cable. If that's not possible, add another dual-band AP and use one of frequency bands for point-to-point connection between existing AP and the new one. Wireless range extenders (repeaters) are worst solution because they consume air-time o...
by mkx
Fri Sep 06, 2019 4:55 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

Signal strength of -85 is, as you discovered yourself, beyond the edge of usability ... So it seems you'll have to add another AP for those WiFi enabled kitchen appliances ....
by mkx
Fri Sep 06, 2019 4:48 pm
Forum: General
Topic: SSH and RDP blacklist CPU usage
Replies: 4
Views: 541

Re: SSH and RDP blacklist CPU usage

According to firewall rules (extremely poor firewall I must say) you posted, every single packet passing router (in any direction) is being matched against those rules (in chain=forward). If you kept the default firewall filter rules and only added needed rules in the appropriate places, you'd have ...
by mkx
Fri Sep 06, 2019 4:35 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

10 steps and 1 wall - specially if the wall is reinforced concrete - is huge for 5GHz and big for 2.4GHz ...

What's the signal strength (numeric value) in the kitchen?
by mkx
Fri Sep 06, 2019 4:06 pm
Forum: Wireless Networking
Topic: Wifi range is really bad for a reason
Replies: 17
Views: 1436

Re: Wifi range is really bad for a reason

What does the number -54 in column just left of the bar chart mean? If it's signal strength, then that's a very good signal, most of wireless devices will normally work down to around -75 ... and by "normally work" I mean they will get throughput around 1/4 of nominal speed (if nominal speed is, say...
by mkx
Fri Sep 06, 2019 3:09 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

At least in pfSense (probably on other FW’s as well), you cannot ping the GW, it there is no FW-rule allowing that. Depends how particular FW philosophy works. In ROS, default behaviour is that FW allows everything. One can revert this by explicit drop as last rule in rule chain. At the same time, ...
by mkx
Fri Sep 06, 2019 3:03 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35835

Re: RouterOS v7.0beta1 (ARM)

Any reason you can think of to actually upgrade & try this v7 ? Don't think my RB3011 here will become faster or more stable. More stable definitely not, faster likely not ... according to changelog, kindly published by @krisjanisj, not even more functionalities. So, unless you like to live on the ...
by mkx
Fri Sep 06, 2019 3:01 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35835

Re: RouterOS v7.0beta1 (ARM)

Added ext4 support ? [admin@MikroTik] > sys reso print uptime: 2m16s version: 7.0beta1 (development) build-time: Sep/05/2019 15:08:48 [admin@MikroTik] /disk> format-drive file-system= ext3 fat32 i guess not. One thing is user-land tool to format drive. Another thing is plugging USB stick already fo...
by mkx
Fri Sep 06, 2019 2:55 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154821

Re: RouterOS v7.0 beta1 - when?

Ros v7 is release!

No, it's not. ROS v7beta is in public testing ...
by mkx
Fri Sep 06, 2019 2:54 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154821

Re: RouterOS v7.0 beta1 - when?

No current ETA can be given but won't be years...

:lol:
by mkx
Fri Sep 06, 2019 1:32 pm
Forum: Beginner Basics
Topic: RouterOS VLAN tagging on multiple ports
Replies: 3
Views: 328

Re: RouterOS VLAN tagging on multiple ports

In the second thought: you might actually want to configure eth7 and eth8 as bond device. And use bond device as anchor for all the rest of setup.
by mkx
Fri Sep 06, 2019 12:48 pm
Forum: Beginner Basics
Topic: RouterOS VLAN tagging on multiple ports
Replies: 3
Views: 328

Re: RouterOS VLAN tagging on multiple ports

If your CCR doesn't have switch chip (I read that the oldest versions did have one while later versions don't have one), then you should follow the 'new' vlan-filtering=yes bridge setup. Which allows you to have both tagged and untagged traffic running between bridge ports (such bridge acts as a sma...
by mkx
Fri Sep 06, 2019 12:33 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35835

Re: RouterOS v7.0beta1 (ARM)

So instead of a kernel from 2012 we are now going to have a kernel from 2017. Lets hope they can update this to the 4.19 version soon. Why stop at 4.19 ... MT should go for 5.3 ... ROS 7.0 is beta, and linux kernel 5.3 is RC. With current pace, linux kernel will be at least at 5.8 long term before ...
by mkx
Fri Sep 06, 2019 9:04 am
Forum: General
Topic: can ping IP from router but clients cannot access IP
Replies: 9
Views: 684

Re: can ping IP from router but clients cannot access IP

> ip firewall nat
[jason@sosedge] /ip firewall nat> chain=srcnat action=masquerade out-interface=eth01_uplink
syntax error (line 1 column 6)
[jason@sosedge] /ip firewall nat> add chain=srcnat action=masquerade out-interface=eth01_uplink
by mkx
Fri Sep 06, 2019 8:57 am
Forum: Beginner Basics
Topic: Change DDNS name (Mikrotik cloud)
Replies: 10
Views: 1062

Re: Change DDNS name (Mikrotik cloud)

I guess it became a political topic )) Indeed. ... I guess too a Mikrotik router is enough protected to consider it safe. Not exactly true all the time. The problem with Mikrotik is that router admin can do just anything, including f*ck up the firewall (if we dismiss the real possibility that there...
by mkx
Thu Sep 05, 2019 3:43 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

- If I connect the PC, it gets IPV4 and IPV6 addresses assigned from pfsense. So that works. Meaning that CRS is doing its job just fine. - If I try to ping pfsense with the RouterOS ping tool using standard ping, or try to do the same from the test-pc, I do not get a connection - if I use the Rout...
by mkx
Thu Sep 05, 2019 3:30 pm
Forum: Beginner Basics
Topic: Convert Wifi to Wired
Replies: 4
Views: 540

Re: Convert Wifi to Wired

Any wireless-capable Routerboard device will do. But: wireless bridge generally only works if devices on both ends of wireless link are made by same vendor. The reason is that there is no standard way of creating truly transparent wireless bridge and vendors created own proprietary extensions to wor...
by mkx
Thu Sep 05, 2019 11:18 am
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

1) The VLAN I would like to create is a transparrant VLAN. It should not have an IP-address. I need to reach/ping the real devices attached to (!) the VLAN, not a "VLAN-device" (whatever it is) You wrote that you can get ARP communication between the two "real" devices ... kindly explain us what do...
by mkx
Wed Sep 04, 2019 11:39 pm
Forum: General
Topic: Two RB2011 with extra LAN
Replies: 6
Views: 686

Re: Two RB2011 with extra LAN

The setup you outlined in post #3 seems to be spot on in this case. When you're done with L2 setup, proceed with L3 setup. Some asorted notes: "eth1 WAN" setup will obviously go directly to eth1 interface on RB1. Then you'll need VLAN interface with vlan-id=10 for LAN IP setup on RB1 ... you'll both...
by mkx
Wed Sep 04, 2019 12:08 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

Many people get confused because of bridge's dual personality: "something like a switch" ... one defines member interfaces and bridge (more or less) intelligently moves traffic between those interfaces. In case of CRS3xx this is mostly offloaded to switch hardware, the rest of RouterBoard devices do...
by mkx
Wed Sep 04, 2019 11:04 am
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

If I focus on VLAN 123, there are a few things that don't seem entirely right ... which might (or might not) explain why pinging from PC to pfSense (via CRS) doesn't work (but ARP, being L2 protocol, does): VLAN interface VLAN123 should be parented to VirtualSwitch1 (not "04 RouterData" .. .because ...
by mkx
Wed Sep 04, 2019 9:15 am
Forum: General
Topic: Low Throughput on 2011 [SOLVED]
Replies: 5
Views: 589

Re: Low Throughput on 2011 [SOLVED]

I can only guess (perhaps some other forum guru will come to rescue) ... you have mangle rule which doesn't work if packets, which have to be mangled, are fast-tracked. So disabling fast-path in your case actually causes fast-track to be disabled, making mangle rule working. The proper way of doing ...
by mkx
Wed Sep 04, 2019 8:23 am
Forum: General
Topic: Low Throughput on 2011 [SOLVED]
Replies: 5
Views: 589

Re: Low Throughput on 2011 [SOLVED]

Any good reason for this setting: /ip settings set allow-fast-path=no I believe it might kill the RB's performance. Anyway, there might be two reasons for limit: ports eth6-eth10 are 100Mbps only run CPU profile while hammering RB with traffic to see if CPU is bottleneck (and which process is consum...
by mkx
Wed Sep 04, 2019 8:18 am
Forum: General
Topic: Two RB2011 with extra LAN
Replies: 6
Views: 686

Re: Two RB2011 with extra LAN

Well, your latest explanation changes the game slightly. So if I understand you correctly: you actually have two WAN connections, one over eth1 and one over eth3 (both on RB1) ... you want to relay eth3 WAN to RB2? On RB1, port eth2 is trunk towards RB2. The rest of ports (eth4-eth10) are used as LA...
by mkx
Wed Sep 04, 2019 7:58 am
Forum: Beginner Basics
Topic: IPv6 hosts reachable behind LAN
Replies: 4
Views: 500

Re: IPv6 hosts reachable behind LAN

I can still ping my laptop behind...but can't login via ssh to it... Probably icmp is enabled by default or by this rule above... Any better method to test from an IPv6 host outside to test that a firewall rule works fine? ICMPv6 is essential for IPv6 to work, so it's normal that ping on IPv6 works...
by mkx
Wed Sep 04, 2019 7:53 am
Forum: Beginner Basics
Topic: IPv6 hosts reachable behind LAN
Replies: 4
Views: 500

Re: IPv6 hosts reachable behind LAN

The mentioned default IPv6 firewall setup is a bit more complex (the code below is from 6.45.1): /ipv6 firewall address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address" address-list add list=bad_ipv6 address=::1 comment="defconf: lo" address-list add list=bad_ipv6 address...
by mkx
Tue Sep 03, 2019 11:30 pm
Forum: General
Topic: SSH and RDP blacklist CPU usage
Replies: 4
Views: 541

Re: SSH and RDP blacklist CPU usage

Firewall filter rule order matters and, if applicable, rules that "consume" most packets should come earlier. If all packets must get evaluated afainst some 5 extra rules, then no wonder that router is struggling. But then we can't say as you chose not to tell us the whole story by not showing compl...
by mkx
Tue Sep 03, 2019 11:24 pm
Forum: Beginner Basics
Topic: IPv6 hosts reachable behind LAN
Replies: 4
Views: 500

Re: IPv6 hosts reachable behind LAN

Start off with default rules for IPv6 firewall ... they are hidden inside script that you can get by executing /system default-configuration print under /ipv6 firewall
by mkx
Tue Sep 03, 2019 11:18 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

I strongly suggest you to post current config on CRS, export it by executing command /export (do include leading '/'). Without that we can play whack-a-mole for days without any result, because I can not imagine how you implemented in ROS what you described in your previous posts...
by mkx
Tue Sep 03, 2019 4:09 pm
Forum: General
Topic: Need help with VLAN Trunks [SOLVED]
Replies: 4
Views: 721

Re: Need help with VLAN Trunks [SOLVED]

You mixed old school setup ( /interface ethernet switch subtree) and new school setup ( /interface bridge subtree). I suggest you to stick with new school, IMHO the user interface is less confusing (if one can say so) but it does come with performance hit (if it hits you, you can still revamp the co...
by mkx
Tue Sep 03, 2019 8:54 am
Forum: General
Topic: Two RB2011 with extra LAN
Replies: 6
Views: 686

Re: Two RB2011 with extra LAN

If you want to span single LAN1 over both RBs (and likewise LAN2), then you'll have to use VLANs on the eth2 (interconnect). If you're not familiar with VLANs, then I suggest you to read through this excellent tutorial . While it might not perform optimally on your two RB2011s, you'll get going (and...
by mkx
Mon Sep 02, 2019 11:14 pm
Forum: General
Topic: Need help with VLAN Trunks [SOLVED]
Replies: 4
Views: 721

Re: Need help with VLAN Trunks [SOLVED]

Post full config of your device as shown by executing /export hide-sensitive (obfuscate public IP address) and enclose it to [code] environment.
by mkx
Mon Sep 02, 2019 11:10 pm
Forum: General
Topic: CRS125-24G-1S TCP (and other?) traffic exiting access port is sometimes tagged and sometimes not
Replies: 6
Views: 572

Re: CRS125-24G-1S TCP (and other?) traffic exiting access port is sometimes tagged and sometimes not

Any input from Mikrotik Support on this? If you really want to receive input from Mikrotik Support, then posting in this forum is not the best way. More likely you'll get some input if you sent the question to support@mikrotik.com ... and attach supout.rif, it'll contain complete device state and w...
by mkx
Mon Sep 02, 2019 2:55 pm
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

OK, I can try to give some ideas about how to get to the end state. If I understand right, the intended end state will include one untagged and one tagged VLAN. This should be possible even if only single physical connection will connect whole LAN with router. If you don't intend to use other ether ...
by mkx
Mon Sep 02, 2019 2:20 pm
Forum: General
Topic: Firewall Filter rules for Microtik as Router on Stick configuration with D Link Switch
Replies: 3
Views: 508

Re: Firewall Filter rules for Microtik as Router on Stick configuration with D Link Switch

Please post complete configuration ... in text form. You can get it by opening terminal window (you can open it from winbox) and execute command /export hide-sensitive (the leading slash is important). Before posting, obfuscate public IP address (if it's set statically) ... and post ti inside [ code...
by mkx
Mon Sep 02, 2019 2:16 pm
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

I'd rather not prepare you some half-baked recipe for migration phase ... It'd be much simpler if you reconfigured LAN in one big leap ... but I can understand that might not be desirable and smooth migration (invisible to users) might be preferred. So, if some fellow forum member is willing to help...
by mkx
Mon Sep 02, 2019 8:31 am
Forum: RouterBOARD hardware
Topic: How to use QSFP+ port of CRS326-24S+2Q?
Replies: 3
Views: 595

Re: How to use QSFP+ port of CRS326-24S+2Q?

It's been explained (somewhere on this forum, can't find the right thread now) that QSFP ports present them selves differently depending on type of QSFP module plugged in. If true QSFP-to-QSFP is plugged in, then single QSFP interface will be shown and it's speed will be 40 Gbps. If QSFP-to-4xSFP+ i...
by mkx
Mon Sep 02, 2019 8:20 am
Forum: General
Topic: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]
Replies: 10
Views: 1003

Re: Assigning DCHP Server to VLANS + VLAN Trunking Help [SOLVED]

There are a few conceptual and practical problems with your setup. First practical problem: although you did configure VLANs, it's done slightly wrong (interface vlan20 on ether9 which is member of bridge ... if ether ports are members of bridge, no other configuration should touch those ports direc...
by mkx
Sun Sep 01, 2019 11:31 pm
Forum: General
Topic: Winbox 64bit Version
Replies: 80
Views: 11217

Re: Winbox 64bit Version

I fully agree with what @kiler129 wrote. And I'll add: while I fully respect the personal preferences of users about OS (my choice is Linux) I also think that every professional has to adapt his toolbox to the tools needed/available for doing his job. And for administering network(s) of Mikrotik dev...
by mkx
Sun Sep 01, 2019 11:20 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

There are two things which are connected, but in ROS configured more or less independently: membership of ports on VLANs ... either tagged or untagged with PVID set. port security For each port it is possible to set options which define which kind of frames are allowed on ingress. Options are ingres...
by mkx
Sun Sep 01, 2019 9:54 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

When one adds VLANs to ethernet, another layer gets added ... which is above ethernet and below IP. To reflect that, in ROS one creates VLAN interfaces on top of physical interface(s) and sets IP stuff on those VLAN interfaces. Conceptual complication is if one uses hybrid ports, i.e. both tagged an...
by mkx
Sun Sep 01, 2019 4:46 pm
Forum: RouterBOARD hardware
Topic: Powerline and Powerline AP
Replies: 3
Views: 624

Re: Powerline and Powerline AP

Well, they will probably work, but not anything near the declared speed. Then it probably also depends on particular HomePlug implementation, some vendor might work better than other. Luckily ground fault breakers and surge arresters are usually mounted on the perimeter of house wiring so they work ...
by mkx
Sun Sep 01, 2019 4:28 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15711

Re: v6.45.5 [stable] is released!

Hi all, first post but long time forum lurker... I'm struggling to get this update on my RouterBOARD 941-2nD hAP lite Current version 6.45.2 to 6.45.5 Error not enough disk space 7.3MiB required and only 7.3iMiB is free I've cleared out all the files and rebooted [admin@R1] > /file print # NAME TYP...
by mkx
Sun Sep 01, 2019 12:08 am
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2147

Re: Cannot get simple VLAN to work on CRS317 ☹

Two questions: 1) I have to admit, that I do not at all understand why there is a VLAN section under menu-item "interface". Can some one explain, what is the goal? (There is a vlan section under bridge, what IMHO should do !!??) 2) Can someone explain why the IPV4-ping is not working, where the IPV...
by mkx
Sat Aug 31, 2019 6:01 pm
Forum: Wireless Networking
Topic: Secondary Channel
Replies: 1
Views: 424

Re: Secondary Channel

AFAIK only RB4011 (wireless version) supports (non-contigous) 80+80 MHz ... it's been explained that for contigous 160MHz channel one doesn't need to set secondary channel.

Capsman is different beast and secondary-channel setting is used differently.
by mkx
Sat Aug 31, 2019 5:09 pm
Forum: General
Topic: Address list limitations on number of entries
Replies: 2
Views: 371

Re: Address list limitations on number of entries

If your list contains individual host addresses which are at least partly continous, then you could reduce the number of entries by merging the continous addresses to (small) subnets. I the lust was: 20.20.30.13 20.40.50.42 20.40.50.43 20.30.66.77 then you could write it as 20.20.30.13 20.40.50.42/3...
by mkx
Sat Aug 31, 2019 4:30 pm
Forum: Beginner Basics
Topic: RB3011UiAS-RM is not showing USB Stick anymore
Replies: 4
Views: 655

Re: RB3011UiAS-RM is not showing USB Stick anymore

Nope, your RB doesn't seem to notice the USB device. Here's how it looks on my RBD52G when USB flash disk is plugged in: [fu@bar] /system resource usb> print # DEVICE VENDOR NAME SPEED 0 1-0 Linux 3.3.5 xhci-hcd-ipq40xx xHCI Host Controller 480 1 2-0 Linux 3.3.5 xhci-hcd-ipq40xx xHCI Host Controller...
by mkx
Sat Aug 31, 2019 3:00 pm
Forum: RouterBOARD hardware
Topic: LAN Ports issue
Replies: 2
Views: 538

Re: LAN Ports issue

No sign of working as status lights corresponding to ether ports don't light up or blink .. not even on device on the other end of the cable? And you tried with different devices otherwise known to be flawless?

Or no sign of working as no traffic passes despites status lights indicating link?
by mkx
Sat Aug 31, 2019 2:55 pm
Forum: Beginner Basics
Topic: RB3011UiAS-RM is not showing USB Stick anymore
Replies: 4
Views: 655

Re: RB3011UiAS-RM is not showing USB Stick anymore

Which way the RB is not recognising the stick? Does it show under /system resources usb ? Any pluged device should show there even if device isn't supported in ROS whatsoever. If it does but doesn't show as disk, then you'll have to reinitialize it ... if the USB device doesn't show under USB device...
by mkx
Sat Aug 31, 2019 12:10 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 1374

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Keep using CRS as switch and go for something small as router .... RB750Gr3 would do fine. Or a RBD52G, you'd get wireless for free. Both have HW acceleration for (some variants of) IPsec encryption ...
by mkx
Sat Aug 31, 2019 12:03 pm
Forum: General
Topic: CRS317 ROS new switch method with HW offload [SOLVED]
Replies: 4
Views: 556

Re: CRS317 ROS new switch method with HW offload [SOLVED]

As @Dude2048 explained ... single bridge it is. If switching can't be offloaded, then traffic is handled by CPU which is relatively slow in CRS3xx devices. Not capable of transfer speeds anywhere near wirespeeds. Which means CRS3xx are not really fit for inter-VLAN routing.
by mkx
Sat Aug 31, 2019 11:56 am
Forum: General
Topic: CRS317 ROS new switch method with HW offload [SOLVED]
Replies: 4
Views: 556

Re: CRS317 ROS new switch method with HW offload [SOLVED]

Your approach is correct. Generally it is advisable to configure single bridge per device as generally only one bridge can offload operations to underlying hardware (you can verify that by executing command /interface bridge port print , HW-offloaded ports show flag 'H' in front of port name). CRS3x...
by mkx
Sat Aug 31, 2019 11:50 am
Forum: Beginner Basics
Topic: How to configure the VLANs - two trunk and one access port
Replies: 4
Views: 674

Re: How to configure the VLANs - two trunk and one access port

I recomend to start by reading this excellent tutorial. After you do it and still have troubles, come back with concrete questions.
by mkx
Fri Aug 30, 2019 11:57 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 1374

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

Official test results for your CRS do show, that simple routing without filter rules can be quite slow if packet size is small (PPS gets limited). With full-size packets your device should be able to route at leas few times more than whst you get. And who knows what test app used actually does ... J...
by mkx
Fri Aug 30, 2019 11:47 pm
Forum: RouterBOARD hardware
Topic: CWDM (one side), SFP wavelength specific on other end [SOLVED]
Replies: 3
Views: 692

Re: CWDM (one side), SFP wavelength specific on other end [SOLVED]

My limited testing with a few types of SFP (and SFP+) modules (some branded Ericsson and some OEM) with wavelengths between 1290 and 1610nm, both CWDM and "usual" 1310nm ones, showed that receiving photo-diode is always wide-band. E.g. link successfully established between "usual" 1310nm SFP and 157...
by mkx
Fri Aug 30, 2019 11:24 pm
Forum: General
Topic: CRS112-8G-4S > No 100mbps fiber [SOLVED]
Replies: 11
Views: 1374

Re: CRS112-8G-4S > No 100mbps fiber [SOLVED]

I don't think the problem is in switching v.s. bridging, this distinction only affects ether interfaces that are handling traffic for same broadcast domain, in your caee the Skynet subnet. Your current setup probably offloads traffic to switch chip as it is, you can verify it by executing command /i...
by mkx
Fri Aug 30, 2019 11:08 pm
Forum: General
Topic: Mikrotik Vlans
Replies: 1
Views: 405

Re: Mikrotik Vlans

If interface is already added as bridge port, but you need to change some of its properties, use set : /interface bridge port add bridge=bridge interface=sfp-sfpplus1 # set pvid on this port set [ find interface=sfp-sfpplus1 ] pvid=100 In ROS, VLAN settings are split in two sections: /interface brid...
by mkx
Fri Aug 30, 2019 10:35 pm
Forum: General
Topic: Remote Access to CRS309
Replies: 1
Views: 282

Re: Remote Access to CRS309

From what you posted it's not clear which port is tagged member and which is untagged member. Better post output of /interface bridge export and use [code] environment to improve readability. Indicate which interface has LAN IP address configured.
by mkx
Fri Aug 30, 2019 10:07 pm
Forum: Beginner Basics
Topic: Configure simple bridge+vlan, No ping; missing something basic? [SOLVED]
Replies: 3
Views: 637

Re: Configure simple bridge+vlan, No ping; missing something basic? [SOLVED]

As you created vlan88 interface on bridge and set bridge "interface" as tagged member port of VLAN 88, setting pvid on bridge to the same value is wrong ... (re)set pvid on bridge interface to pvid=1 ... Btw, if VLANs 20 and 70 are going to be used on wlan only, then bridge "interface" doesn't have ...
by mkx
Fri Aug 30, 2019 8:56 am
Forum: Wireless Networking
Topic: VirtualAP Bridging
Replies: 4
Views: 629

Re: VirtualAP Bridging

Try to post complete running config of hAP ac2 ... use /export hide-sensitive and don't obfuscate too much. Without that we can only guess what you configured and what not.
by mkx
Fri Aug 30, 2019 8:39 am
Forum: General
Topic: VLAN configuration approach, correct or not ?
Replies: 5
Views: 652

Re: VLAN configuration approach, correct or not ?

(1) VLANs configured at the Router chip (Software based) : This is the most universal way to configure VLANs but you will be forcing the Routing chip to behave as a L3 switch with inter-VLAN routing. This method works on any Mikrotik device (Switch or Router alike) and requires you to configure 1 V...
by mkx
Fri Aug 30, 2019 8:31 am
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1990

Re: Bridge VLAN Filtering help [SOLVED]

... in a nutshell, assymetric vlan allows you to "switch" between VLAN's, so you don't have to "route" between these VLAN's Well, actually it does on egress what a typical windows NIC driver does on ingress ... strips all VLAN headers :lol: "switching" between VLANs is one of (benefitial if admin i...
by mkx
Thu Aug 29, 2019 11:51 pm
Forum: Wireless Networking
Topic: Bridged vlan on physical interfaces to the new (vlan bridge filtering)
Replies: 9
Views: 960

Re: Bridged vlan on physical interfaces to the new (vlan bridge filtering)

... two clients associated to different APs which are interconnected transparently at L2 can send frames to each other regardless the APs being set to block client-to-client forwarding. But this is easily resolved using bridge horizon where all bridge ports can forward traffic to one "uplink" port ...
by mkx
Thu Aug 29, 2019 11:34 pm
Forum: Beginner Basics
Topic: VLAN between two routers. Can it work!? If so how?
Replies: 9
Views: 853

Re: VLAN between two routers. Can it work!? If so how?

- so, yesterday I did a very basic speedtest to the only two 10G devices I have at the moment, the NAS and my PC. * Both connected to the CRS317. Both on another VLAN So you took your brand new Ferrari and went on to plow the field. If NAS and PC are in different VLANs, then transfers between tgem ...
by mkx
Thu Aug 29, 2019 4:53 pm
Forum: Beginner Basics
Topic: Mikrotik HAP Lite Home AP, Fritz 7590 as modem
Replies: 5
Views: 593

Re: Mikrotik HAP Lite Home AP, Fritz 7590 as modem

Connection from hAP to Fritz is considered as WAN for hAP and by default, connections from WAN to LAN are firewalled. At the same time, all connections from LAN to WAN are NAT-ed (they all appear to come from hAP regardless the original LAN client). To solve the problem you have two possibilities (o...
by mkx
Thu Aug 29, 2019 3:29 pm
Forum: Wireless Networking
Topic: Bridged vlan on physical interfaces to the new (vlan bridge filtering)
Replies: 9
Views: 960

Re: Bridged vlan on physical interfaces to the new (vlan bridge filtering)

Conceptually VLANs are almost as separate LANs. They separate devices on L2 (ethernet) level. If, on the other hand, you want to have those devices in same L2 domain (because you want to use single DHCP server which is L2/L3 service and serves IP addresses from single L3 domain (IP subnet), then you...
by mkx
Thu Aug 29, 2019 3:16 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1990

Re: Bridge VLAN Filtering help [SOLVED]

I think there was a possible error/omission in the config and that was what I was pointing out or at least asking. So I didn't react to your post. I'll deny that it might be due to oversight from my side ;-) Seriously though: yes, you're right (and that's why I didn't react ... so sorry I deprived ...
by mkx
Thu Aug 29, 2019 2:58 pm
Forum: Beginner Basics
Topic: RBM11G + R11e-LTE not working
Replies: 34
Views: 2615

Re: RBM11G + R11e-LTE not working

netinstall wipes all the configuration ... then it might resume default configuration (whatever that means for RBM11G) or no configuration, depending on what you select when doing netinstall ...
by mkx
Thu Aug 29, 2019 9:24 am
Forum: General
Topic: ROS7: Requests for wireless features
Replies: 7
Views: 1384

Re: ROS7: Requests for wireless features

I expect a miracle!

You know the timeline: we deliver the impossible immediately, for miracles you have to wait for a while ;-)
by mkx
Thu Aug 29, 2019 8:33 am
Forum: RouterBOARD hardware
Topic: Powerline and Powerline AP
Replies: 3
Views: 624

Re: Powerline and Powerline AP

Generally power-line works great when both (all) units are plugged to the same power circuit (i.e. on the same side of single fuse/breaker). In this case it seems that max distance is around 300 metres (but don't expect any kind of decent speed there). It works fine when units are plugged to differe...
by mkx
Thu Aug 29, 2019 8:20 am
Forum: General
Topic: CAPSMAN - Control or disable ethernet interfaces?
Replies: 1
Views: 218

Re: CAPSMAN - Control or disable ethernet interfaces?

You'll have to do it manually indeed. capsman only configures wireless interfaces, but doesn't touch neither bridge or any other interfaces.
by mkx
Thu Aug 29, 2019 8:11 am
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1990

Re: Bridge VLAN Filtering help [SOLVED]

@anav, you're such a moving target (and my eyes are getting old as well) so it's hard to focus on you ;-) ... but anyway, I was just jumping in to explain @pe1chl the possible use case of this "huh?" feature. You boys are doing well so I'll stop to interfere.
by mkx
Wed Aug 28, 2019 11:19 pm
Forum: Wireless Networking
Topic: Two "mANT30 PA" as passive repeater. Possibly?
Replies: 3
Views: 447

Re: Two "mANT30 PA" as passive repeater. Possibly?

Do you think this is possible? Hardly. Passive repeater ideally transmits all energy received by one antenna over the other antenna. If AP at point A transmits signal at +30 dBm (includes antenna gain) and potential station at point B would receive that signal at say -40dBm (which includes antenna ...
by mkx
Wed Aug 28, 2019 10:47 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1990

Re: Bridge VLAN Filtering help [SOLVED]

In my Netgear switch the same port can be untagged member of several different VLANs and the pvid defines what tag the received packets get, and I think the configuration of the MikroTik bridge VLAN filtering allows the same thing, but why would you want that? My good old Dlink switch has this func...
by mkx
Wed Aug 28, 2019 10:07 pm
Forum: Beginner Basics
Topic: hAP ac^2 Suddenly stopped reaching gateway periodically
Replies: 6
Views: 860

Re: hAP ac^2 Suddenly stopped reaching gateway periodically

Regarding ROS version: my RBD52G is currently running 6.45.1 and is stable. Regarding disabling switch-chip: set hw=no on all ether ports in /interface bridge port . You can verify the status by executing /interface bridge port print ... before disabling HW offload those ports should have a 'H' in t...
by mkx
Wed Aug 28, 2019 9:27 am
Forum: Beginner Basics
Topic: Help Help !! can not route between VLAN's :( :(
Replies: 8
Views: 889

Re: Help Help !! can not route between VLAN's :( :(

- the CRS-internal ping test which also did not and still does not forward the pings !!! very confusing! :shock:

What exactly are your executing for this test?
by mkx
Wed Aug 28, 2019 9:15 am
Forum: General
Topic: Serious problem: Free HDD Space 0 KiB, no space to save settings. RouterOS 6.45.3 [SOLVED]
Replies: 9
Views: 1219

Re: Serious problem: Free HDD Space 0 KiB, no space to save settings. RouterOS 6.45.3 [SOLVED]

Are you running User manager on this unit? If yes, then you really must add some disk storage ... for two reasons: 1. capacity, 2. built-in flash longevity (frequent wites wear off the flash storage, if built-in flash fails, your device becomes a brick without possibility to repair it).
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10