MikroTik

squeeze

I'd consider switching to L2TP+ipsec or EoIP+ipsec(for mikrotik on both sides), both use UDP and encryption and should perform the same or better in performance. OpenVPN on UDP has been requested years ago and won't come too soon on Mikrotik, probably never. SHA256 is supported on the mentioned pro...

squeeze

This is worthless advice from Mikrotik support, if they really are asking you to remove the default bridge configuration, even for testing.

squeeze

Different cable.

squeeze

TCP port 80 is the default HTTP port. This is basic World Wide Web and TCP protocol knowledge. In other words, all web browsers implicitly understand http://example.com as http://example.com:80. If you actually need both of these services on this default (unsecured) web services port, then there is ...

squeeze

Unless you have a switch chip, its single bridge for all VLANs. Also, why are you explicitly disabling hardware offloading?

You may also need to add the bridge name itself to the "tagged=" list for trunks to other devices.

squeeze

The IPQ4018 SoC supports beamforming (802.11ac TxBF), but that would require a phased antenna array design, which is highly unlikely. Basically, the chip is far more advanced than this specific device can fully support.

squeeze

Still no signature checking or HTTPS... man in the middle can easily compromise administrator's PC. https://i.imgur.com/TX7G9pq.gifv I was wondering what you meant. I did a Wireshark http monitor after pressing Check for Updates in Winbox: GET /routeros/winbox/LATEST.3 HTTP/1.1 HTTP/1.1 200 OK (app...

squeeze

No, return it and get a hAP AC or hAP AC lite. RB750Gr3 is a pure wired router.

Better yet, state your WiFi requirements for a more precise recommendation.

squeeze

/system leds set [find] type=off

worked for me. Thank you for the inspiration.

squeeze

From their homepage: WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. So one day it may become great and i...

squeeze

Nope, pls check viewtopic.php?f=2&t=132576

I meant WLAN<->WAN (not Ethernet LAN<->WAN). Thank you for the clarification.

squeeze

Is it possible to batch set the type of all LEDs in one line or command string?

Pseudo-example:

/system leds set [find where leds=XXX] type=off

Can the above work and what would XXX be to set all LEDs regardless of names?

squeeze

winbox.exe is now signed executable;

Thank you.

squeeze

Based on the above findings, the problem comes from the link between the data of APs and the routing block to the external interface WAN port. If the hAP ac^2 is configured as an AP, it should work very well. So, it is a LAN-WAN routing issue. Can I confirm with all on here who have posted data acr...

squeeze

IP has no source address validation - that is the reason why IP spoofing exists at all - therefore you cannot trust the source IP from unknown sources.

squeeze

You've isolated the problem to RB2011 or all its clients and all their physical connections (except cable to issue PC). Isolate the problem much more to the PC or router, i.e. physically disconnect all other clients to the RB2011 ports or disable their Ethernet/WiFi interfaces on the router. If prob...

squeeze

You can test as reliably as iperf3 (though without the range of options) using the Windows btest.exe application or Bandwidth Test on other router devices, as long as you run it from two devices through the router being tested. Btest actually has functionality iperf3 does not, though iperf2 has: you...

squeeze

Let's hope that Mikrotik is going to develop better support in router, for OpenVPN and IKE2 as client.

And Wireguard which trounces both of them for security, throughput, and latency.

squeeze

Nevermind.

squeeze

Before anything else. I just want to clarify your initial post for other new people: The best additional protections for your new Mikrotik router are simply everything on " Manual:Securing Your Router " page before the "Firewall" section. Absolutely stop reading past this point :...

squeeze

Either you, 1. Be very careful to understand what parts constitute every component of your firewall from the Default Configuration, then re-apply them to your customized setup, OR 2. Export your config, save the non-firewall parts that you changed from default, then factory reset the router and star...

squeeze

IP by default has no source validation.

They are forging/spoofing their source IP to probe your MT weaknesses, i.e. one of which is the ND port.

Depending on what type of business you run, you can just ignore it if you're not some type of ISP, as far as I'm aware.

squeeze

Web and SSH are already as cross-platform as it is possible to be. On top of that, Mikrotik's feature-complete CLI is much easier to use and learn than competitors, afaik. No one but some subset of power users would want anything more, and power users already have access to emulators and VMs, includ...

squeeze

Impressive six year thread for a feature that appears almost trivial for Mikrotik compared to direct competitors (*) and would instantly increase their popularity with businesses scaling up and larger enterprises ... How strange to ignore such an easy win when they have already done 90% of the leg w...

squeeze

Hi, I can confirm that the hAP AC connects with 3 chans to a newer MacBookPro on 1G+ Thruput tested with iperf3 from this MBP to a server on the wired part of my local network On 1GB wire I get approx 960Mbit/s On 5GHz wifi I get approx 530Mbit/s This 530Mbit/s seems about the max because the hAP A...

squeeze

Make sure your trunk port is a tagged member of your management VLAN. Ideally, avoid the use of VLAN ID 1, which seems to correspond to the default VLAN ID of Mikrotik, therefore used for untagged traffic. Like some other devices, this common default VLAN ID either does not behave exactly like other...

squeeze

Would be nice if people would not talk so loosely about wildly different WiFi models. After all this thread started specifically about the hAP AC Lite and an asymmetric download issue. provide client and distance information. Are you using an AC client and what type, e.g. phone, tablet, laptop, MacB...

squeeze

i reset the router still the same problem i removed torrent rules What does that mean? If you firmware or factory reset the router, how could you remove any "torrent rules". There should not be any. You need to test the router with a perfectly default configuration from a reset back to fi...

squeeze

TL;DR. Centralization in security information helps Mikrotik every bit as it does its existing customers, prospective customers and the broader community. Mikrotik need to be much more direct and centralized about even the very basics, like what specific vulnerabilities have been fixed and when (we...

squeeze

This is 5Ghz on my hAP AC2

http://www.speedtest.net/result/7188352780

We cannot see the image and your speed test information is useless without knowing the expected speed of the connection.

squeeze

Is there a method in RouterOS or otherwise in Mikrotik routers to disable wireless radios, such as for WiFi, so that they consume no power? If not, what about minimum power consumption? Does simply disabling the RouterOS Wireless interfaces in the device user interface have any impact on power draws...

squeeze

Do not interfere with it, just return it as faulty and describe the reason for useful feedback to all. This is clearly a hardware QA issue, i.e. probably not even an issue with the model at all. Also, why are you considering to interfer with the faulty hardware of a brand new device, especially for ...

squeeze

Out of interest, can you determine the make and model of the ISP's router?

squeeze

So I have bought hAP ac2 and its amazing, on same settings as my RB951G cpu usage is only 2-3% when fully using 100 Mbit PPPoE, while on RB951G cpu usage was ~20% ( with fastpath, without it was double that ). Did you get 900/100 Mbit WAN connection speed with the hAP ac2, PPPoE and same IP firewal...

squeeze

Thank you very much for the report and your careful research!

Do you or anyone else happen to know if the new hAP ac² (RBD52G-5HacD2HnD-TC (International), RBD52G-5HacD2HnD-TC-US (USA)) would also have similar issues with USB controllers?

squeeze

It is implemented in only few models unfortunately. Isn't port mirroring supported in almost all the switch chips ? Oh nevermind, you meant this about the cable test: This works on SXT-G, SXT Lite, RB711G, RB2011, RB750 series and other devices with the same switch chips, and also the Cloud Core se...

squeeze

I would have loved to hear sindy's suggestions for an alternative. At this price point, you could consider building your own pfSense box or even get an RT-AC86U as an edge VPN router, if you care about OpenVPN performance at all. Both of those have fast enough CPUs with hardware acceleration (AES-NI...

squeeze

There is no single device on the market that could guarantee all those features, especially at that price point. If you really want all those features, your time and money is likely better served researching separate devices, i.e. a router just for routing tech + NAT + (basic) VPN, connected to a sw...

squeeze

Router: /system logging topics=dhcp Process of elimination: MAC "lock": unlock whatever it is you did with the MAC. If it works, then you know it is this, or what do you mean? Device: test with a different device Connection logical type: check with another network or a different band (2.4G...

squeeze

Just being going through my Wireless settings: Why is WMM disabled by default in 802.11n/ac devices? This is already perverse because those standards are stated to require tools in WMM for HT (High Throughput) link rates, i.e. greater than 54Mbps (*) and is enabled by default for Wi-Fi Certified dev...

squeeze

First, Mikrotik routers with the latest RouterOS and firmware appear already very private and have a high security potential. The default is nothing available on the WAN and no responses except to pings. Even penetration tools like nmap will find no WAN leaks with all conventional scans. If your rou...

squeeze

I conducted a simple experiment and changed VLAN ID 1 everywhere to VLAN ID 4. DHCP on that subnet promptly started working on one of the "Default" VLAN ports of the router. That is, I did the equivalent of: /interface vlan set interface=bridge-vlan name=Default vlan-id=4 set interface=bri...

squeeze

Device: RB750Gr3 on RouterOS 6.41.3 Problem: DHCP clients are not receiving IPs from the default or native VLAN (VLAN ID 1). I tested both a default VLAN port on the router and a native VLAN port on a VLAN-aware switch attached to the trunk. Neither worked. DHCP works on all other ports. Context: a...

squeeze

Solution: The key was realizing that, despite the VLAN ID user interface to the NIC in Windows, my PC client was not VLAN-aware. So, having a tagged management port was preventing the router from talking to the PC above Layer 2. This occurred to me after the Wireshark software traffic analyzer coul...

squeeze

FIRST POST I recently purchased an RB750Gr3 for home use. I am just trying to get a simple VLAN setup working, including a Management port on the Hex itself and a Management VLAN. Using typical VLAN membership tables I have seen on other routers, this is my intent: VLAN Ports 2 3 4 5 1 X U U U Segre...

Search found 145 matches