Doesn’t sound right. Maybe best to exchange it. Mine is two years old, and I just put it back into use this weekend. The power up reset on it is very consistent (even consistently taking it back to the originally installed firmware). When I do that, it comes up with DHCP enabled. I used Firefox and ...

Thanks!

Thanks. Yes, definitely the full access out and related back in. I'm wondering more about the input chain. So if router has ports A, B and C open, is there a benefit to having the firewall restrict to just A, B and C also?

I noticed most of the default firewall rules allow LAN clients full access to the router. I understand that the router only has a handful of ports open (in my case 53/tcp, 53/udp, 67/udp, 68/udp, 123/udp and Winbox). For more restrictive VLANS (used for guest access or IOT devices), is there any add...

The NTP client does not store the DNS name, but converts it to the IP and stores that (in Winbox). So each time you enter a name (e.g. pool.ntp.org), it will populate with new IPs from the pool. When it does that, I believe it re-synchronizes. So just write a script to repopulate those values. :loca...

No. It's not exactly as I thought. The first one is not real rule, you can't disable it. But it shows that you have fasttrack enabled and I don't know if there's a way to close fasttracked connection. Could you use a script to knock down all the existing connections for that IP? https://forum.mikro...

I'm using a similar approach.. I've got a CRS326 with a single bridge; ports 1-8 are untagged and 9-16 are in a VLAN. All ports on the switch show HW offloaded. I believe you can only HW offload 1 bridge.
https://wiki.mikrotik.com/wiki/Manual:L ... witch_chip

The best source I've found on Rpi VLANs is: https://www.sbprojects.net/projects/raspberrypi/vlan.php (unfortunately, Raspbian changed how it does things, so anything over a year old isn't completely correct) If you do the VLANs first, and then install pihole, you get prompted for which interface to ...

Just using MKX's rpi configuration... It's got the rpi on 192.168.11.13 as a static IP on VLAN 11, and on 192.168.15.42 as a static IP on VLAN 15. So on the router... /ip dhcp-server network add address=192.168.11.0/24 dns-server=\ 192.168.11.13,208.67.222.222,208.67.220.220 gateway=192.168.11.1 add...

++++++++++++++++++++++ Wait , what if for the vlans I want lets say vlan11,100,200,69,66 I use the gateway IP of the associated subnet as the DNS server (AS I DO NOW). Then since its really the router I am pointing them at....... I tell the router send all my DNS requests to the pi-hole. Is that po...

I hope I’m understanding your issue right. The Rasp Pi can support as many VLANs as you need, right? Setup in /etc/dhcpcd.conf. I have 2 on mine with separate DHCP on each, but expect to go to 4 soon. Doesn’t seem to cause any issue for the Pi-Hole app. It just shows the appropriate originating IP.

Funny! My brother, who works on networks at a small carrier, told me the same thing last night.

By the way, my Mikrotik stuff was a Christmas gift from him. Something to keep me occupied.... it's certainly done that!

Thanks very much for clarifying this for me. Probably because I'm new to all this, I did not quite get that understanding out of the VLAN post. I appreciate your thorough replay. Hopefully, in the coming days I'll take a stab at implementing this. Worst case, I've become very familiar with the reset...

Been reading pcunite's work on VLANs. https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 I have a question about "Switch with a separate router (RoaS)". I understand why these examples fully VLAN all traffic. However, in my small system, I'd prefer to mix in untagged traffic as sli...

Perfect! Bedankt!

I recently got a hEX S and a Ubitquiti UniFi AC Lite. To set this up I initially used Quick Set in Winbox. I then added a guest network. On the AP, I tagged the guest SSID with vlan 10, and put a separate bridge on the router. Today, I was playing with the firewall and made changes to account for al...