Hi All,
I wonder if anyone was successful in getting fasttrack configuration working fine with streaming service - Spotify connect.
Whenever fasttrack is enabled on my CRS125 running on 6.49.18 OS, I’m unable to connect with my audio devices using Spotofy connect service. When I switch it off, the service works like a charm.
I do not want to resign from all prons coming from fasstrack, but I want to use streaming service as well. Is there a way to connect both things?
Any hints, folks?
/Kuba
Hi
As you probably already noticed in some of the post, it’s all about the configuration of the hardware.
Hence if you want some help, also post your current config + some hints on what is what.
/export minus passes / sensitive stuff
For RouterOS 6 it has to explicitly be
/export hide-sensitive file=xyz
because unlike RouterOS 7, the sensitive data are not excluded by default.
ALSO ensure you remove the device serial number and any public WANIP information
Hi,
See my config
# jun/09/2025 07:33:18 by RouterOS 6.49.18
#
# model = CRS125-24G-1S
/interface bridge
add disabled=yes name=lan-bridge
add name=my-bridge
/interface ethernet
set [ find default-name=ether1 ] comment="WAN"
set [ find default-name=ether2 ] comment="[A_SL_01]"
set [ find default-name=ether3 ] comment="[A_SL_02]"
set [ find default-name=ether4 ] comment="[A_SL_03] WiiM Taras"
set [ find default-name=ether5 ] comment="[A_SL_04] TV Samsung"
set [ find default-name=ether6 ] comment="[A_SL_05] Amplituner Onkyo"
set [ find default-name=ether7 ] comment="[A_SL_06] AP Salon"
set [ find default-name=ether8 ] comment="Dahua Garaz"
set [ find default-name=ether9 ] comment="[A_PR_01] Centrala Alarmowa"
set [ find default-name=ether10 ] auto-negotiation=no comment=\
"[B_GB_01] Amplituner" disabled=yes speed=100Mbps
set [ find default-name=ether11 ] comment="[B_GB_02]"
set [ find default-name=ether12 ] advertise=\
100M-half,100M-full,1000M-half,1000M-full comment=\
"[B_GB_03] HP" full-duplex=no
set [ find default-name=ether13 ] comment="[B_GB_04] Praca"
set [ find default-name=ether14 ] comment="[B_GB_05] Drukarka"
set [ find default-name=ether15 ] comment="[B_GB_06] Podloga" disabled=yes
set [ find default-name=ether16 ] comment="[B_GB_07]"
set [ find default-name=ether17 ] comment="[B_GB_08] AP Gabinet"
set [ find default-name=ether18 ] comment="[B_DL_01] Bruno 1" disabled=yes
set [ find default-name=ether19 ] comment="[B_DL_02] Bruno 2" disabled=yes
set [ find default-name=ether20 ] comment="[B_DP_01] Olaf 1" disabled=yes
set [ find default-name=ether21 ] comment="[B_DP_02] Olaf 2" disabled=yes
set [ find default-name=ether22 ] comment="[B_GO_01] AP Gard Ogolna"
set [ find default-name=ether23 ] comment="CRS112 8xPoE switch"
set [ find default-name=ether24 ] comment="[A_GR_01] AP Garaz"
set [ find default-name=sfp1 ] comment=Fiber disabled=yes
/interface vlan
add interface=my-bridge name=vlan59 vlan-id=59
add interface=my-bridge name=vlan69 vlan-id=69
add interface=my-bridge name=vlan79 vlan-id=79
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="ether2,ether3,eth\
er4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,eth\
er14,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether\
24"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool-vlan59 ranges=10.59.0.2-10.59.0.254
add name=pool-vlan69 ranges=10.69.0.2-10.69.0.254
add name=pool-vlan79 ranges=10.79.0.2-10.79.0.254
add name=pool-lan ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=pool-vlan59 disabled=no interface=vlan59 name=dhcp-vlan59
add address-pool=pool-vlan69 disabled=no interface=vlan69 lease-time=\
23h59m59s name=dhcp-vlan69
add address-pool=pool-vlan79 disabled=no interface=vlan79 lease-time=10h \
name=dhcp-vlan79
add address-pool=pool-lan disabled=no interface=lan-bridge name=dhcp-lan
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=my-bridge interface=ether2
add bridge=my-bridge interface=ether3
add bridge=my-bridge interface=ether4
add bridge=my-bridge interface=ether5
add bridge=my-bridge interface=ether6
add bridge=my-bridge interface=ether7
add bridge=my-bridge interface=ether8
add bridge=my-bridge interface=ether9
add bridge=my-bridge interface=ether10
add bridge=my-bridge interface=ether11
add bridge=my-bridge interface=ether12
add bridge=my-bridge interface=ether13
add bridge=my-bridge interface=ether14
add bridge=my-bridge interface=ether16
add bridge=my-bridge interface=ether18
add bridge=my-bridge interface=ether19
add bridge=my-bridge interface=ether20
add bridge=my-bridge interface=ether21
add bridge=my-bridge interface=ether22
add bridge=lan-bridge interface=ether15
add bridge=my-bridge interface=ether24
add bridge=my-bridge interface=ether23
add bridge=my-bridge interface=ether17
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether7,ether17,ether22,ether24,switch1-cpu vlan-id=59
add tagged-ports=ether7,ether17,ether22,ether23,ether24,switch1-cpu vlan-id=\
69
add tagged-ports=ether7,ether17,ether22,ether23,ether24,switch1-cpu vlan-id=\
79
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=69 ports=ether2
add customer-vid=0 new-customer-vid=69 ports=ether3
add customer-vid=0 new-customer-vid=69 ports=ether4
add customer-vid=0 new-customer-vid=69 ports=ether5
add customer-vid=0 new-customer-vid=69 ports=ether6
add customer-vid=0 new-customer-vid=79 ports=ether8
add customer-vid=0 new-customer-vid=79 ports=ether9
add customer-vid=0 new-customer-vid=69 ports=ether10
add customer-vid=0 new-customer-vid=69 ports=ether11
add customer-vid=0 new-customer-vid=69 ports=ether13
add customer-vid=0 new-customer-vid=69 ports=ether14
add customer-vid=0 new-customer-vid=69 ports=ether16
add customer-vid=0 new-customer-vid=69 ports=ether18
add customer-vid=0 new-customer-vid=69 ports=ether19
add customer-vid=0 new-customer-vid=69 ports=ether20
add customer-vid=0 new-customer-vid=69 ports=ether21
add customer-vid=0 new-customer-vid=69 ports=ether17
add customer-vid=0 new-customer-vid=69 ports=ether7
add customer-vid=0 new-customer-vid=69 ports=ether22
add customer-vid=0 new-customer-vid=69 ports=ether12
add customer-vid=0 new-customer-vid=69 ports=ether24
/interface ethernet switch vlan
add ports="ether2,ether3,ether4,ether5,ether6,ether7,ether9,ether10,ether11,et\
her12,ether13,ether14,ether16,ether17,ether18,ether19,ether20,ether21,ethe\
r22,ether23,ether24,switch1-cpu" vlan-id=69
add ports=ether7,ether8,ether9,ether17,ether22,ether23,ether24,switch1-cpu \
vlan-id=79
add ports=ether7,ether17,ether22,ether24,switch1-cpu vlan-id=59
/ip address
add address=192.168.1.1/24 interface=lan-bridge network=192.168.1.0
add address=10.59.0.1/24 interface=vlan59 network=10.59.0.0
add address=10.69.0.1/24 interface=vlan69 network=10.69.0.0
add address=10.79.0.1/24 interface=vlan79 network=10.79.0.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
[...]
/ip dns
set allow-remote-requests=yes servers=10.69.0.1,8.8.8.8
/ip dns static
add address=10.69.0.251 name=nas.my.home
/ip firewall address-list
add address=0.0.0.0/8 list=not_in_internet
add address=172.16.0.0/12 list=not_in_internet
add address=192.168.0.0/16 list=not_in_internet
add address=169.254.0.0/16 list=not_in_internet
add address=127.0.0.0/8 list=not_in_internet
add address=224.0.0.0/4 list=not_in_internet
add address=198.18.0.0/15 list=not_in_internet
add address=192.0.0.0/24 list=not_in_internet
add address=192.0.2.0/24 list=not_in_internet
add address=198.51.100.0/24 list=not_in_internet
add address=203.0.113.0/24 list=not_in_internet
add address=100.64.0.0/10 list=not_in_internet
add address=240.0.0.0/4 list=not_in_internet
add address=192.88.99.0/24 list=not_in_internet
/ip firewall filter
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid
add action=fasttrack-connection chain=forward connection-state=\
established,related disabled=yes
add action=accept chain=forward comment="Allow Established connections" \
connection-state=established
add action=accept chain=input comment="Allow LAN connections from 10.59.x.x" \
disabled=yes in-interface=!ether1 src-address=10.59.0.0/24
add action=accept chain=input comment=\
"Allow LAN connections from 192.168.1.x" in-interface=!ether1 \
src-address=192.168.1.0/24
add action=accept chain=input comment="Allow LAN connections from 10.59.x.x" \
in-interface=!ether1 src-address=10.79.0.0/24
add action=accept chain=input comment="Allow LAN connections from 10.69.x.x" \
in-interface=!ether1 src-address=10.69.0.0/24
add action=drop chain=input comment="Drop everything else"
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=vlan69 type=internal
/system clock
set time-zone-name=Europe/Warsaw
/tool bandwidth-server
set enabled=no
In addition, see my lan setup.
I have 3 audio devices, with Spotify service built-in. All 3 devices apears on the list of available devices in Spotify but I am unable to connect with them from any device (mobile, laptop). This happens when fasttrack is enabled. Everything starts to work on Spotify when I disable fasttrack.
mt.rsc (8.35 KB)
Huh. That’s…really strange.
The forwarding firewall and NAT parts of your config seem pretty basic. (In fact, I think that 3rd rule, the “accept” for “connection-state=established”, is probably not really doing anything for you, since after it there are no further “chain=forward” filter rules that would try to drop anything, and the default behavior is “accept” anyway. It’s harmless to keep it in place for just in case you ever do add some forwarding drop rules later but don’t want to forget about adding that, though I would probably change it to “connection-state=established,related” so it catches all of the same traffic that the “action=fasttrack-connection” rule above it does.)
From my reading up on Spotify Connect, you’re basically remote-controlling one Spotify client from another, and the client being controlled just talks to Spotify’s servers directly to fetch the music it has been instructed to play back (so this isn’t working anything like, say, Apple Airplay, where the audio stream is being relayed through the remote control device). The remote control part can happen across the internet, in which case I could see how NAT might come into play (the client you want to control is going to have to punch a hole in the NAT somehow so that it can await “unsolicited” remote-control commands to come to it from the internet)…but if I am understanding your diagram correctly, you are trying to control your receivers from either your phone or your laptop, BOTH of which are on the same VLAN that the receivers are! And my understanding is that when the player and the remote control are both on the same ethernet broadcast domain, the two clients talk to each other directly over the LAN, not via the internet (finding each other through Zeroconf / mDNS)!
Given that, I’m having trouble understanding how Fasttrack’s got anything to do with anything here. Though clearly it does, or you wouldn’t be posting this. It does mean, though, that we are likely missing pieces of the picture.
Can you not see the receivers at all in your device list on your phone or PC when this problem is occurring? Or can you see them, but when you try to instruct them to play, they don’t seem to work? From either your phone or PC, do you notice any problem with accessing the Spotify service itself (playing back music directly on the phone/PC) while Fasttrack is enabled?
Hi Nathan,
All 3 audio devices appear on the list of available devices on Spotify apps (on desktop app on laptop and mobile app on phone). And yes, all receivers are part of the same network/vlan. In terms of device discovery on Spotify apps, all is fine. What I’m unable to do is to stream a music from a controller (Pc/Phone) to another audio device. “Connecting…” seems never ending.
However, your reply provoked me to do further testing (mDNS). Interesting enough, there is one device I can stream a music to from all controllers. It is the one connected via WiFi (Onkyo A). I can play the music on this receiver from my laptop and/or phone. Even when fasttrack is enabled! wtf?
Surprisingly, music streaming Laptop ↔ Onkyo B (both wired, part of the same VLAN) does not work with FT enabled, but Eth/Wifi works fine with FT enabled.
And my understanding is that when the player and the remote control are both on the same ethernet broadcast domain, the two clients talk to each other directly over the LAN, not via the internet
That was my understanding too, ather this finding I’m totally confused.
Why are you tagging and untagging the same ports into VLAN 69? Specifically:
# tagged section; all ports but actual trunk ports should probably be removed, since you're untagging them below
add tagged-ports=ether7,ether17,ether22,ether23,ether24,switch1-cpu vlan-id=69
# untagged sections
add customer-vid=0 new-customer-vid=69 ports=ether17
add customer-vid=0 new-customer-vid=69 ports=ether7
add customer-vid=0 new-customer-vid=69 ports=ether22
add customer-vid=0 new-customer-vid=69 ports=ether24
add ports="ether2,ether3,ether4,ether5,ether6,ether7,ether9, \
ether10,ether11,ether12,ether13,ether14,ether16,ether17,ether18, \
ether19,ether20,ether21,ether22,ether23,ether24,switch1-cpu" \
vlan-id=69
Because of the dual-configuration, these packets are likely being punted to the CPU, and with Fasttrack on (and bypassing a step or two), the CPU is no longer “fixing” the VLAN tags.
That’s my theory, anyway.
Hi sirbryan,
Porta eth7, eth17, eth22 and eth24 are the ports to which Access Points are connected to. Each of AP broadcast 3 different networks. Those networks refer to vlan config on CRS125 (vlan 59,69 and 79). So those ports are trunks.
The same eth ports are mentioned in the other config:
add ports="ether2,ether3,ether4,ether5,ether6,ether7,ether9, \
ether10,ether11,ether12,ether13,ether14,ether16,ether17,ether18, \
ether19,ether20,ether21,ether22,ether23,ether24,switch1-cpu" \
vlan-id=69
I
Otherwise, how would APs know which network they should get an IP from? In my scenario, all IPs are getting IP from 10.69.0.0/24 network, the same network where home equipments are connected to. That is audio devices, laptops, phones etc.
If that would be the reason, then how to explain the fact that I can stream a music to one particular audio device (connected via AP)? And I’m not trying to be pretend I’m clever. I’m just trying to understand what is going on.
In reference to what Nathan said before, the only thing that came to my mind was mDNS config. I reviewed the config of APs (on unifi controller) and found out that mDNS was enabled for vlan69. Then I thought it makes sense and this could be the reason why streaming to Onkyo A that is connected via WiFi works fine. But then I switched this feature off for vlan69 and the streaming was not interrupted. Then I got back to square one, where I don’t know what is going on.
You have to decide: either ports ether7, ether17, ether 22 and ether24 are untagged for VLAN 69 … in which case they should keep PVID settings (customer-vid=0 new-customer-vid=69) but should not be set as tagged ports on egress. Or they are tagged ports for VLAN 69 … in which case they should not have PVID settings configured and should remain set as tagged for egress.
As things are now, if device connected to one of these ports “talks” untagged frames, then on ingress those frames get tagged … but on egress remain tagged (VLAN tag does not get stripped). Which in principle should not work at all, while in reality if that device is Windows it might work (because many Windows NIC drivers, if not configured for VLAN, silently strip VLAN headers on ingress) but possibly not in all cases.
BTW, in case nobody mentioned it yet: CRS125 is a switch, not router. Yes, since it’s running ROS, it can route … but at very low speed (200Mbps, give or take) and having fasttrack enabled helps a lot. But, as you noticed, fasttrack does take shortcuts to achieve that speed-up .. and taking shortcuts has always potential to break things.
Hi mkx,
Thanks for the feedback. I have changed the VLAN configuration. I removed PVID settings, leaving only egress tagging.
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether7,ether17,ether22,ether24,switch1-cpu vlan-id=59
add tagged-ports=ether7,ether17,ether22,ether23,ether24,switch1-cpu vlan-id=\
69
add tagged-ports=ether7,ether17,ether22,ether23,ether24,switch1-cpu vlan-id=\
79
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=69 ports=ether2
add customer-vid=0 new-customer-vid=69 ports=ether3
add customer-vid=0 new-customer-vid=69 ports=ether4
add customer-vid=0 new-customer-vid=69 ports=ether5
add customer-vid=0 new-customer-vid=69 ports=ether6
add customer-vid=0 new-customer-vid=79 ports=ether8
add customer-vid=0 new-customer-vid=79 ports=ether9
add customer-vid=0 new-customer-vid=69 ports=ether10
add customer-vid=0 new-customer-vid=69 ports=ether11
add customer-vid=0 new-customer-vid=69 ports=ether13
add customer-vid=0 new-customer-vid=69 ports=ether14
add customer-vid=0 new-customer-vid=69 ports=ether16
add customer-vid=0 new-customer-vid=69 ports=ether18
add customer-vid=0 new-customer-vid=69 ports=ether19
add customer-vid=0 new-customer-vid=69 ports=ether20
add customer-vid=0 new-customer-vid=69 ports=ether21
add customer-vid=0 disabled=yes new-customer-vid=69 ports=ether17
add customer-vid=0 disabled=yes new-customer-vid=69 ports=ether7
add customer-vid=0 disabled=yes new-customer-vid=69 ports=ether22
add customer-vid=0 new-customer-vid=69 ports=ether12
add customer-vid=0 disabled=yes new-customer-vid=69 ports=ether24
I restarted all Access Points as well. No difference - I’m unable to stream music to WiiM and Onkyo B receivers with fasttrack enabled.
Only a guess, but this sounds to me suspiciously like an MTU issue. Are you sure you have L2MTU configured properly? It’s quite usual for the normal (slow) path to fragment packets, but for fast path to simply drop oversized packets.
More to the heart of the matter: the nice thing about Mikrotik’s fasttrack implementation is that it only applies to packets (streams) selectively. Why not just exempt traffic to/from your streaming devices from fasttrack and leave it on for the rest?
I guess they don’t generate that much traffic, so although theoretically you might see a bit of increase in CPU utilization, it’s very doubtful you’d even notice.
Is the AP doing some kind of multicast to unicast translation? I know Ubiquiti can do this.
Are the APs’ configs identical. Your diagram shows your phone connecting to AP3 and the Onkyo to AP 2. Does it work if you’re on the same AP as the stereo system, or on a separate AP, or both?
My second theory is the AP is acting as the switch/bridge between your phone and the receiver, so it’s bypassing the router altogether.
Also, in the Bridge/Ports section, does the switch show an H next to all the ports?
Hi sirbryan,
I ckecked Multicast to unicast translation options. Indeed, such option is available on the controller. Regardless to its state (ON/OFF), the result is/was the same.
APs config is the same. Everything is done via controller (Network 9.1.120). It was my simplicity. Of course, clients are jumping from one AP to another, depending on the signal strength. When I did the recent test, my phone was connected to one AP, and Onkyo A (that works fine) was connected to different AP. When I was doing some testing the other day, my phone was connected to the same AP as Onkyo A and it was working fine as well. So regardless to which AP clients are connected to, streaming to one particular audio device works OK.
My second theory is the AP is acting as the switch/bridge between your phone and the receiver, so it’s bypassing the router altogether.
Interesting. Let me do some further testing around this. I will disable WiFi completely on my laptop, connect with VLAN69 by ethernet port and try to stream music to Onkyo A.
And yes, Hard offloading is enabled on all ports.
Interesting. Let me do some further testing around this. I will disable WiFi completely on my laptop, connect with VLAN69 by ethernet port and try to stream music to Onkyo A.
Ok, I disabled wifi card on my laptop. Ethernet connectivity only.
PC IP: 10.69.0.248, eth12
Onkyo A: 10.69.0.9, connected via AP with 10.69.0.40
Onkyo B: 10.69.0.13, eth2
WiiM AMP: 10.69.0.12, eth4
Result: Streaming possible from PC to Onkyo A only. Spotify client refuses to connect with Wiim and Onkyo B ← with fasttrack enabled.
Just after I disable fasttrack, streaming works fine to all devices.
I followed luker888 suggestion:
More to the heart of the matter: the nice thing about Mikrotik’s fasttrack implementation is that it only applies to packets (streams) selectively. Why not just exempt traffic to/from your streaming devices from fasttrack and leave it on for the rest?
Not elegant, but at least it works. I would call it: perfect workaround that will last forever.
Here are the two firewall filter rules I added right before fasttrack:
add action=accept chain=forward comment="ommit fasttrack; enable streaming" connection-state=established,related dst-address-list=not_for_fasttrack
add action=accept chain=forward comment="ommit fasttrack; enable streaming" connection-state=established,related src-address-list=not_for_fasttrack
and:
add address=10.69.0.12 list=not_for_fasttrack
add address=10.69.0.13 list=not_for_fasttrack