On the Zyxel, you would seem to need to set the PVID parameter on ports 3,5,15,16 to 10 or 20 as appropriate. I would change port 1 as well to only allow tagged frames, eventually, after you've got it working. (Your diagram is wrong too - the line pointing to port 5 actually seems to point to port ...

That is not the complete config. :-( No ethernet interface No interface bridge ports, no interface bridge vlans no firewall rules etc........ Could care less about the pictures for now as I want to make sure what is hitting the zyxel device is correct.......... I made for my router "restore de...

Based on the "S" on the left, is ether3 configured as bridge port? That would not be right. If you need the port only for these two vlans, remove it from bridge. If you need it as part of bridge (for other untagged traffic), here is some reading material: https://wiki.mikrotik.com/wiki/Ma...

Great thanks for the diagram! To see if there is an issue on the MT side of the house please post your config
/export hide-sensitive file=yourconfigapr25

Here are my config of the hAP ac2 as .rsc file. And screenshots of Zyxel gs1900 with all VLANs.

Hi guys, I have problem with implementing my topology shema(in attachment). I created 2 Vlans (10 and 20) on my hAP ac2 interface ether3. I used ether 3 as trunk port. Also i made two DHCP servers on each VLANs. VLAN 10 - 192.168.10.0/24 VLAN 20 - 192.168.20.0/24 Then i connect my zyxel1900-24 inter...

Hi, guys
It's working on all my routers now. I did't do any changes.
Solved.

Hi, I have problem with sending backup to my G-mail. This logic of sending backup email (Script+Scheduler each weak) working from September 2018, but now i can't do it for some reason. On my account i have disabled 2FA and enabled access to not secure apps. Why can I get this kind of problem? No mat...

You are opening a VPN server up to the world and are unhappy the world is trying to use it. Are you expecting the genuine VPN connections from a set IP address(es) or range or is it more a road warrior kind of setup? If you are expecting specific IP's then you can add them to a list and amend your ...

Hey. Just google for networks your ISP'es uses and add them in source address list. With second rule you can drop any input traffic. Should I add provider's networks to the first rule in src adr list? Explain me plz how it would work. How can i block this IP address which i sent in the logs, for ex...

Hi, guys.

I deployed PPTP+GRE VPN on my Router RB3011. I created firewall rules which allow pptp&gre input traffic.

But sometimes i see such connection attempts to my PPTP.


I ask about your advice: How can i prevent and exclude such attempts?

Hi, guys. Below is my previous post. Now i have 2.6 firmware version on my CSS326-24G-2S+RM and 248 days and 04:53:15 hours uptime. Disabled «Flow control» on uplink port on others it is works. Upgrading fireware to 2.6 ver and disabling Flow Control on the uplink port helped me to fix this problem ...

Hi, guys. Need some help. There are two offices. In the first office i have MikroTik RB3011 and i deploy VPN server on it. Other office is co-working office in business center, where our company leases room for a few employees. I have task: make for those employees in other office static public IP c...

Hello, guys)

Yesterday i deployed CAPsMAN in my office for wireless network. All is good, but I have question: How i can monitoring Client Connection Quality now? Where i can look for quality of signal?

Hi, i need your smart advice. On my office i having MikroTik RB2011UiAS-2HnD-IN now. But today i faced with problem of bad quality of downloading pages both on PCs (connected via ethernet) and mobile phones ( via wi-fi ). When i saw this problem router AP had 40 STAs via wi-fi and 60 PCs connected v...

I Solved this problem with this action: changing gateway interface on IP address of gateway.

Hi I have 2 ISP providers and one LAN network. One of ISPs is main and all traffic going through it. Another i use automatically when main ISP is not reachable. Now i need to route all traffic from some PCs in my LAN(192.168.88.x) trough second ISP. At first, i created new Address list (Firewall > A...

Hi, guys. I have the issue. Description: In the office i have 2 routers (RB2011 and hAP ac^2). The first router (RB2011) has white IP from ISP. On it's boards, after NAT, set up DHCP for LAN(192.168.88.0). Wired and wireless networks united in this LAN. The second router(hAP ac^2) connected to the f...

It means someone trying to get in. These messages are written for every attempt, successful or unsuccessful. For unsuccessful authentication typically there are no additional messages (default configuration). If authentication was successful, there should be message like 'username logged in'. Succe...

Today i found those logs on my MikroTik RB2011UiAS-2HnD (Screenshot #1). Not long ago i allowed pptp (pptp+gre in the firewall). Later i created few vpn users for connection to pptp. But today i was shocked when i saw those logs (i don't know this IPs). Then I checked when my vpn-users authorized on...

I had such kind of the invasion too. And now i updated routerOS from 6.41 to 6.42.3. I changed all user's passwords and update my router from the backup which i had before the invasion. But i find this string(screenshot) in the terminal window. What is it mean? This note came from a backup when the...

I had such kind of the invasion too.

And now i updated routerOS from 6.41 to 6.42.3. I changed all user's passwords and update my router from the backup which i had before the invasion.

But i find this string(screenshot) in the terminal window. What is it mean?

CRS125-24G-1S-2HnD (RouterOS 6.40.4) Layer7 site blocking does not work. Already in the mangle connection without a mark firewall configuration: / ip firewall layer7-protocol add name = BlockSite regexp = "^. * (facebook | yahoo.com). * $" / ip firewall mangle add action = mark-connection ...

the problem is solved - after the firmware update the errors have disappeared

Rx Overruns on CSS326-24G-2S+RM > 1000 for 1 hour on the uplink port. Traffic is a maximum of 40Mbps on this port. On other ports, traffic is less than 3Mbps and it is all going to the uplink port (all computers work only with the Internet - they do not communicate with each other). Can the frame bu...