MikroTik

diddie17

Hi, I have a number of CAPSMAN provisioned AP's that are working perfectly, but trying to add a new one to the mix is causing me some issues. On the existing AP's, Static Virtual seems to work fine because they have been provisioned with mac addresses that can be matched. The manual says CAP will cr...

diddie17

Might just be a typo when you typed up the post, but the pool definition looks wrong -

made a pool for th eDHCP server
/ip pool add name=dhcp-pool-vlan222 ranges=192.169.222.100-192.168.222.200

I think the starting range should be 192.168.222.100 not 192.169.222.100

diddie17

There's not enough information in your question to form a view, but I'm guessing it's not your main internet router as then the Mikrotik would be the gateway and then at a wild guess, maybe the router might need a route to the gateway. The laptop will probably get a gatway from the DHCP and will the...

diddie17

I'm not sure I understand exactly what you are trying to do. Did you want to be using a different subnet on the second router? unless you specifically want a seperate subnet, I think chances are you would be better off configuring the second router as a switch only by bridging together all of the po...

diddie17

Without seeing your config, it's difficult to say for sure, but I suspect you just need to add a route

/ip route
add distance=1 gateway=192.168.0.1

diddie17

Yep, as per https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features , the CRS3xx is the only switch/router to maintain HW offload on the bridge when configuring VLAN filtering on the bridge. You would configure the CRS326 using VLAN filtering on the bridge, but for the RB3011, if you want VLAN sw...

diddie17

I'm no expert (I come here to learn generally rather than to advise), am a long way away from being able to take on paid work and am just as likely to be corrected by the next expert that comes along, but I don't understand the need for all of the bridges in your VLAN configuration. My understanding...

diddie17

I'm not an expert on this, but @mkx educated me on this the other day. According to RFC2131 https://tools.ietf.org/html/rfc2131 Both server and recieving client should check the allocated address is not already in use. As a consistency check, the allocating server SHOULD probe the reused address bef...

diddie17

I haven't tried it, but just as another option, check out dasiu's post in the following thread which if I've understood it correctly would give you up to 8 wirespeed ports with VLAN's

viewtopic.php?f=3&t=136530&p=673668&hil ... ch#p673668

diddie17

I'm not sure why the majority of the suggestions are pre-6.41 since that hasn't been the case for almost a year now. You've got most of it right but here is what needs to happen. 1) Do not use the Switch setup. That's wrong, it's done via the Bridge now. I'm very happy to be corrected, but for my o...

diddie17

It might be optional, but I think it's the /ip dhcp-server network command that sets the netmask in my config, with an entry matching each pool. It probably should sort itself out as a default, but doesn't look like it is in your example. From https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server net...

diddie17

Agree with Quackyo, and even then be prepared for possible differences in the way the hardware works. I recently tried to move config from a hAP AC Lite to a hAP AC. I thought it should be pretty close and didn't expect to see any differences. I ran into real issues and differences with VLAN config ...

diddie17

A /64 provision is a little mean from your ISP. I guess at one level you should be happy that the ISP provides any IPv6 connectivity, many still don't. The ISP I use provides a routed /48, with a seperate /64 Network Discovery Prefix. This is used to automatically address the WAN interface of my Rou...

diddie17

This Wiki page probably covers it better than I could https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features The key is that of the CRS series only the CRS3XX supports Bridge VLAN filtering whilst maintaining HW offload. In other words, if you configure anything other than a CRS3XX with Bridge V...

diddie17

There may be an easier or better way, but the way I have done exactly this, which to the best of my knowledge is working fine is to first define all of the possible band combinations that I want to use. The 5GHz channels have extensions and the 2.4GHz channels don't. /caps-man channel add band=5ghz-...

diddie17

It sounds like you are almost there, but I would avoid the VLAN filtering on the bridge in combination with the switch chip. I think it's one or the other, but someone might come along and correct me any minute :-) As a starting point I would try to stick to connecting on the CRS first without using...

diddie17

... I believe the DHCP Server will check with a ping to make sure an address is free before assigning the address from the pool. Actually both DHCP server AND client should check availability of an address as per RFC2131 . Good to know, thanks for the correction. I'm glad there are more knowledagbl...

diddie17

I guess in terms of how you configure it, it probably depends on what your other requirements are, including routing requirements between the VLAN's. I have a CRS125 as my core switch, and multiple hAP AC's (mostly Lite with one standard) and one SwOS switch, all running with 3 VLAN;s across them. W...

diddie17

Absolutley, you can set a static lease by adding an entry to the DHCP leases for the specific MAC address of the device. An easy way to do this is to let the device pick up a dynamic IP addressfrom the pool, open up the dynamic entry and click on make static. Then you can change the IP address to wh...

diddie17

For anyone followign on behind that can't get the QCA8337 working, I did finally work this out. It seems to be to do with the fact that the QCA8337 supports hybrib tagging. From the Wiki - VLAN Hybrid ports which can forward both tagged and untagged traffic are supported only by some Gigabit switch ...

diddie17

Your gateway and Ether1 addresses don't match. One is 172.19.59.253 and the other is 172.19.59.254.

diddie17

You could use the IP Scan within the tools menu, which will allow you to scan ranges of addresses on specific or all interfaces.

diddie17

I've switched to using management forwarding now as I just found it more stable, but I used to use local forwarding on hAP's connected to a CAPsMAN server and the DHCP was done centrally and not locally, so I know it's possible. I don't have the config anymore, so I can't look up how I did it, but i...

diddie17

Ok, but why can't you? What have you tried? what problems are you having? what is your configuration?

I'm not going to come and plug it all in for you. You have to give us some help to understand what issues you are having.

diddie17

I suspect it's a different situation, but the only time I've generally had issues connecting a client to the CAPsMAN contoller is when I have reset and reconfigured a hAP, losing the certificate on the hAP. You have to then revoke the matching certificate on the CAPsMAN controler to allow the client...

diddie17

I've just checked it will be fine, just go with the script and use the default power levels in the script.

diddie17

I've seen this happening now on iphones, all types of Amazon echos, various types of Sonos and a Macbook Pro laptop. I haven't seen it happening on Windows laptops yet, but given I only have 2 and 1 of them is alway hardwired and the other in not used very frequently, I suspect it will happen. I hav...

diddie17

I've just had a look on my hAP ac and both wlan1 and wlan2 (2.4Ghz and 5Ghz) seem to run at 17ish as normal power, which is what the script uses, so I guess it will be fine. I just logged into winbox, went into wireless, double clicked on wlan1 and looked at the TxPower and current TXPower tabs. You...

diddie17

Just as a thought, that does make the assumption that low power and normal power are the same values for wlan1 and wlan 2. If they aren't you would need to add extra variables for low power and normal power for wlan2 as well.

diddie17

I can't test it and I haven't got a hAP ac² to run it on anyway, but assuming the script works on your hAP ac² as is, and you don't want to schedule them seperately, it looks like the quick and dirty way is probably just to add another radio name in parallel and just duplicate the commands. You will...

diddie17

Hi, Has anyone got any idea why the first 2 digits of the mac address keep changing on me? This happens on iPhones, Amazon Echo's, Sonos etc. and across multiple access points. I don't think I have seen it happen on a non wireless device yet, but I have so few that it might have done and I haven't n...

diddie17

If I understand what you are trying to do, yes that's correct. The Bridge is effectively joining those ports together into a switch. Anything outside of that switch will need to be routed to. In your configuration I think you want all of the internal ports to be switched and able to communicate free...

diddie17

I haven't tested the below code, but it is pretty simple, so should just work. If you start with no config and build a simple bridge like this, giving it the correct ip address for the range you want to use - /interface bridge add name=bridge-wireless protocol-mode=none /interface bridge port add br...

diddie17

I haven't tested this, but if you are looking at just using it as a switch with DHCP etc. coming from your main router, then without any wireless config, it should be pretty simple. I've taken a working config and ripped out everything but the base needed config. So, assuming you give it a managemen...

diddie17

Hi All, I've been banging my head on this for a while and hoped someone could enlighten me. I've got a hAP AC that I can't get to play nicely, but when I drop a spare hAP AC Lite in with essentially the same configuration it seems to my understanding at least to work perfectly. I've come to the conc...

diddie17

Hey oztony Sounds like the first thing to do would be to test whether the firewall is the issue. It would be very easy depending on the complexity of your configuration to have issues before the firewall even gets involved. I've never used MT firewalls as my firewalls are on a seperate Linux router,...

diddie17

No guarentee this is best practice and I'm happy for any of the experts out there to point out what I'm doing wrong, but below is an extract of a working config from a CRS125 using the switch chip to provide HW offload on the bridge for wirespeed switching with VLANs. Note however than I don't do an...

diddie17

I'm not sure I really understand what you are trying to do, but there was a part at the end that might be causing you an issue and you should check further. All of your devices are on the same subnet and to my understanding the firewall normally only kicks in if you are routing between subnets, not ...

diddie17

Let me fix that for you - "Basic consumer level routers" have a drop-down box with MAC/IP so you can simply select one You haven't bought a Basic consumer level router. The MT router with the RouterOS operating system on it doesn't have the hardware power of an enterprise grade unit, but c...

diddie17

Looks to me like you have VLAN Filtering turned on.

Based on this https://wiki.mikrotik.com/wiki/Manual:S ... p_Features turning on VLAN filtering on a CRS2XX turns off HW offload

diddie17

How is the F660 router set up? I don't know the model, but a quick search suggests it's capable of doing PPPoE passthrough. The advice on how to configure the hAP will depend on how the F660 is configured. Most people would I suspect configure the F660 for PPPoE passthrough and use the hAP as the ma...

diddie17

If there is no WiFI on the router and you are using a seperate AP, you won't be able to bridge wlan1, I think Anumrak probably misread the question. Eth1 should not be bridged if you are using it for WAN access, the bridge should be for eth2 to eth5. In your case, it seems like all you are trying to...

diddie17

And according that page, there is no vlan's specificed in example below I'm guessing a little, but I believe as per the table on the following page https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features CRS3xx can use bridge VLAN filtering and maintain hardware offload to switch at wire speed. ...

diddie17

I'm not 100% clear on what you are trying to do, but I think most of it can be done through the VLAN configuration on the switch chip. Certainly having trunks carrying multiple VLAN's is easy using the switch chip. The bit that I'm not sure about is how you intending to do the routing. Inside or out...

diddie17

Did you try plugging the PC in to ether 2 etc. as suggested - "plug your Mikrotik into the main router, start with ether2 on the Mikrotik, and if that doesn’t work, try 3, 4 & 5 in turn" 192.168.88.1 will not work anymore. When you type the IP address into quickset, you are changing it...

diddie17

Anav's advice is really good! The only quick question I'd have is that when you hit apply configuration in the quickset having set the Mikrotik address to 192.168.1.88, we are also turning off the DHCP server on the Mikrotik. If you are connected directly to the Mikrotik and nothing else, you will n...

diddie17

The Mikrotik firewall, based on the Linux iptables firewall functionallity. If you can't find the Mikrotik resources you need on the forum, there should be lots of iptables examples that can be easily ported across. I'm not a firewall expert, I know just enough to get myself in trouble. I have seen ...

diddie17

Sounds like you have all of your bases covered in terms of going backwards. Well done! If you really wanted to put it back as it was you could go back to the old firmware, reset to factory and restore which should put it back exactly as it was. There is risk with going backwards (no matter how small...

diddie17

Hi Max, You should go back and follow the instructions around the ether 1, they weren't really optional. Added to thet, you might at a later stage forget that ether1 is not configured, plug something in and swear lots because it isn't working :-). I did try to keep it simple and so didn't really exp...

diddie17

Thanks for the confirmation. It was probably my issue, but the issue that I had was that with manager forwarding was that I couldn't implement it successfully using the VLAN's without breaking the full switch chip implementaiton on the core swtich, meaning that all of the switching on the core switc...

diddie17

Sorry, didn't mean for the last post to sound critical in that you hadn't upgraded earlier, it was just a statement of fact in that it's a large jump and as a result lots can go wrong. Your first choice should be to try to connect to Winbox via WiFi as you said you can connect. Then at least you can...

diddie17

Assuming you only have NAT on the externally facing router and your internal routing between the 10. and 192. subnets is set up correctly, I can't think why the second router is relevent. Asuuming NAT is in play only on the first router then you would on the 1st router just need to enable port forwa...

diddie17

That's a big upgrade and encompasses the change to the new bridge switching structure. In it's own right that is a significant change and whilst mine upgraded through it without issues, there is a chance it's config dependent. You will probably need to either disconnect the hAP and bring it local to...

diddie17

Hi Max, I hope shortening your username is not an offence :-). I'll have a go at describing a simple setup through Winbox. I'm not a Mikrotik expert and I'm happy to be corrected by anyone that is. This works for me, but is not neccesarily best practice. Hopefully I haven't made any miktakes or ommi...

diddie17

Hi, The usual caveats apply. This is what is working for me, I'm a long way from being a Mikrotik expert and am happy to be corrected by someone who is. The config for running with the single bridge and the VLAN's managed by the switch chip is actually really simple. I did rip out a load of CAPsMAN ...

diddie17

Hi Sindy, Thinking back, actually I did get the VLAN traffic back into the CAPs controller. I was using a CRS as the controller, and what I couldn't get working was the manager forwarding with VLAN's and wirespeed switching on the switch chip on the CAPs controller. I could have manager forwarding, ...

diddie17

Hey Anav, No guarantee that this is best practice etc. I'm not a Mikrotik expert by any stretch of the imagination and I'm happy to be told that this is not recommended by someone who is, but the below is working for me and I hope it helps you :-) My wireless interfaces are managed by CAPsMAN, but a...

diddie17

Hi, I could never get Manager forwarding working with VLAN's and in the end settled for local forwarding. If you ever do find a solution, please let me know. Whilst I would agree that I would prefer to have manager forwarding, in the end, having spent a good number of hours trying to make it work, I...

diddie17

Hi, Just to remove any confusion, you may already understand the differennce, but if you don't, please make sure you understand the difference between MBps and Mbps as per http://home.earthlink.net/~flatlinecs/id48.html I've seen both written in the thread, and I'm unsure as to what you are working ...

diddie17

Hi, As anav said, giving you a Mikrotik is a bit of a cruel joke :-) and quite possibly they gave it to you because they couldn't make it work. Your starting problem is that I suspect you have the hAP set up as an internet access router with DHCP etc. Assuming you have winbox access, I would sstart ...

diddie17

Hi, I've read this a number of times and I think I understand what you are trying to do, although I may still not have it right in my head. I actually do something similar on the CRS125 in that I have 3 VLAN's running on it (all isolated from each other in groups of ports) and a seperate router with...

diddie17

In order of question - 1 - I'm not sure what you are trying to do. I'm not a ROS expert myself, but there are a couple of options if you are using Winbox that would help. RoMon allows you to use one instance as a master and then connect to it and from that master instance you can connect to any of t...

diddie17

Glad to hear you have a solution working that you are happy with. I've not had the stairs to contend with, but I've spent the evening working out how to get VLAN's working properly with the slave wireless stations to get guest and internal access working on ROS 6.41. The bridge and the hw offloading...

diddie17

Thinking about it your solution is a little different as the CRS125 I'm using as the CAPsMAN controller doesn't have it's own wireless. It does seem from what I can see that the RB2011 can manage it's own wireless interfaces with CAPsMAN though. Have a look at this where they configure the RB2011 wi...

diddie17

Unless I have misunderstood the question, I think it depends entirely on how you configure them. I use a CRS125 as the manager and have a number of HAP ac's as access points. I deploy under the CAPsMAN configurations tab 3 SSID's for each radio (2GHz & 5GHz) one master that's hidden using the hi...

diddie17

I wouldn't hold this up as a best practice example, and I'm sure someone will point out where I'm doing something wrong, but following is a working config for a CRS125 using ROS 6.41 with the new bridge, but also using the switch chip to implement VLAN's. I have stripped out all of the CAPsMAN confi...

diddie17

For anyone else struggling with anything similar, I did eventually solve this today on the HAP lite itself. In the end it's a relatively simple configuration, but with one key point. All ports are slaved to ether1, vlans 100, 200 & 300 are set up on the switch chip with all ports set as secure/a...

diddie17

To rephrase the question in case it makes it easier for people to digest -

Is it possible to do both switching and bridging at the same time for the same vlan?

diddie17

Hi All, I'm probably doing something a bit stupid, but I have been banging my head against this for a week or so and still can't sort it out. I have a home network with a CRS125 set up and working well with vlans 100, 200 and 300 just using the switch chip (just a L2 switch). I don't need to route t...

Search found 69 matches