MikroTik

un9edsda

[...] I was talking about fastPATH My bad. Tough if Fast T rack works for you, than Fast P ath should be too, since the former can't operate without the later. While we at the topic of FastPath (and FastTrack) the relevant sections of the documentation need some love, since IPv6 FastPath and FastTr...

un9edsda

Have you applied the command and the two rules (at the right spot) that @BrateloSlava and restarted the router as @Sit75 have suggested in the 7.18 beta thread? Edit: you may also have a look at @CGGXANNX 's note about IPv6 and TCP MSS and @felixka 's post about IPsec interaction with IPv6 FastPath.

un9edsda

The current consumer trend of 2.5 and 5.0 GBit devices seems to be somewhat redundant to me, since 10 GBit standard is more than two decades old and even 100 GBit standard is over a decade old now. Therefore nowadays second hand top shelf low latency 10 GBit NICs like the Solarflare ones which were ...

un9edsda

Upgrading to this version completely breaks routing on my RB5009 from my LAN's side. Every packet towards the router seems to get dropped, thus I can't access the config with winbox anymore. [...] the device still connects to the internet, and replies to ping from WAN. [...] I can also access the c...

un9edsda

The issue may be du to DHCP spoofing as described by @TrevinLC1997.

By the way I have a similar experience upon upgrading directly from 7.18.0RC2 to 7.19.0BETA2 and the network in question does use DHCP snooping and option 82 (MVRP is also used therefore the Mikrotik devices show up).

un9edsda

Router model: CCR2004-16G-2S+ Winbox v4 I removed v7.18 because it caused lag, Windows not closing, and changes not being saved when the "Save" or "OK" button was clicked. It was a horrible experience. You do know that WinBox is still is in beta, only at 4.0beta16... don't you (...

un9edsda

... We have 2 CCR1072s on v7.17 and v7.16.2, and neither will link the ether1 copper lan port (the one used for netbooting). You can physically see the port's LEDs light up, but in routerOS, the link remains down. We were able to replicate the issue with a spare CCR1072 that was running v6. The por...

un9edsda

Can we get v7.17 out the door and move to v7.18 beta so we can see what's new..... this version dragging now. I do appreciate stability and rigorous testing but I also want movement and new features as there are stuff I'm waiting for which may or may not be in next version. One new feature which is...

un9edsda

The different APs are mostly there due to the horrible antennas (antennae?) on most of my IoT devices on 2.4GHz. The environment here is also pretty bad; I see a couple of neighbours APs as stronger than my Mikrotiks :( @erlinden not asked about why you have different APs rather why you have differ...

un9edsda

Regarding fasttrack, it is expected behavior. Dhcp-snooping disables bridge fast-path which in turn affects the ability to fasttrack connections going over that bridge. See https://help.mikrotik.com/docs/spaces/ROS/pages/328227/Packet+Flow+in+RouterOS#PacketFlowinRouterOS-Requirements @EdPa is it d...

un9edsda

It works fine. In general, MikroTik switches take just about any SFP module you can throw at them. Definitely not true. For example Ubiquiti UACC-CM-RJ45-1G SFP to RJ45 Adapter is not useable with Mikrotik devices. To be on the safe side see MikroTik wired interface compatibility part of the docume...

un9edsda

... @anav: Thank a lot but is not a problem, I've a LOCAL bridge on ether2 with spcific DHCP and IP Address and I can reach the RB5009 @BartoszP: I already read it, now I've a varous VLAN on my RB5009 like the screen, the port ether4 is connected on Cisco Switch with port in Trunk, allowed vlan 2,3...

un9edsda

I seek a prosumer router, something similar to UniFi Dream Machine, but with newer hardware for WireGuard throughput and better customizations. Since it seems that you are tech savvy a separate router like the RB5009UPr+S+IN with a Marvell 88E6393X switch chip and WiFi Access Point(s) like the cAP ...

un9edsda

So my big ask is whether are you @NathanA (or anyone else) willing to create two additional versions of the script: one for NPTv6 NPTv6 sample rules by @Sob and another one for NAT66 NAT sample config by @IPANetEngineer in order to avoid the not so convenient effect that the dynamic address and pre...

un9edsda

... DHCPv6 Client's script is used to update the firewall rules as necessary. ... it makes sure that allocated subnet has the same prefix as the newly delegated one. Should help if script gets called before changes are propagated throughout RouterOS. /system/script/add name=nptv6 [...] /ipv6/dhpc-c...

un9edsda

Unfortunately in case of dual stack network, using ULA instead of global v6 address makes the OS preferring IPv4 over IPv6. I didn’t know this until I needed to use fd00 addresses and found out all my clients preferred ipv4. Then I found this RFC https://datatracker.ietf.org/doc/html/rfc6724#page-2...

un9edsda

Seems to be something in the RB4011, but I don't think I have the radio/networking kung fu to figure it out... Anything in the RB4011 specs that could be causing this, given its older hardware than the cAP acs? Please read New User Pathway To Config Success and New User Posting For Assistance by @a...

un9edsda

Here is setup, I hope i didnt break anything, I had to censor lots of stuff (IPs, names, descriptions...). Also some parts are WIP, so some rules are useless, or redundant. My goal in this phase is to prevent all these TCP connections establish, but allow internet traffic from inside to work. Which...

un9edsda

MikroTik can afford to just stick with latest stable kernel (upgrade once every 4–6 months) directly, though, ditch the LTS approach completely. I strongly disagree on this as MikroTik simply does not have the required engineering resources to make the necessary validation every six month. One can ...

un9edsda

... Losing HW offfload for wifi interfaces looks less impact, as the wifi interfaces are not serviced by the switch hardware, but via CPU anyway. "Use IP firewall" is an option setting for the bridge, but that is not HW offloadable. So in the AP, using bridge split-horizon should have min...

un9edsda

The only reason they cannot find each other would be due to firewalls on each PC. Well I use one more way to make this happen ( eg splitting 5GHz wifi devices from 2.4GHz wifi devices), or separating devices on one AP from another AP, in a fully bridged LAN.... Set same "horizon" value on...

un9edsda

When modifying your configuration I made the following assumptions as you have not included a network lay out nor a full configuration: you have four DHCP servers for your four VLANs: 1, network: 192.168.1.0 10, network: 192.168.10.0 20, network: 192.168.20.0 200, network: 192.168.200.0 your Raspbe...

un9edsda

OK so i have checked IGMP.. seems to be disabled all blank, nothing showing up on the IGMP menu.. i check ACls menu also blank nothing added or saved in the Menu as pictures below described.. other options RSTP is disabled also i have disabled it.. type EDGE showing as on picture.. its running on S...

un9edsda

I confirm 7.12 is unstable not only on hAP AC2, but on other ARM based devices too such as cAP AC and Chateau 5G. Unfortunately quality of testing latest ROS releases leaves much to be desired... Than it's time to Netinstall and /system/routerboard/upgrade if you haven't already and you may experie...

un9edsda

System Resources uptime: 18h5m28s version: 7.13.1 (stable) build-time: Jan/05/2024 13:51:11 factory-software: 6.43.10 # ... board-name: hAP ac^2 platform: MikroTik I do hope 7.14 will be more stable. Is it really time for netinstall, which I have never run for this device? If you you have never eve...

un9edsda

MikroTik should just adopt latest LTS 6.6.x. Linux LTS kernels have quite a short lifespan, the risk averse way is using the SLTS kernels maintained as part of the Civil Infrastructure Platform (CIP) , of which the latest is the v6.1(-rt) series. Just to put the length of support in perspective: th...

un9edsda

The problem here is that the multicast server it's outside of Vodafone router , on mikrotik I was unable to route multicast traffic, but I bet that the suggested solution with some additional attempts would work, if I understood the doc explanation it's all about routing and identifying the right p...

un9edsda

Thank you for extended explanation - will give it try. Thats very SAD that I have to jump to every existing (and new) laptop and ask users to do some tweaks in somewhere to have stable Teams call. Just monitored Teams call and it uses 2-3MB/sec connection with screen sharing and there were a lot ra...

un9edsda

Just a heads up, if you still have your hexS as you've posted earlier and want to use CAPsMAN to manage your shiny "new"(ly upgaded and performance increased) cAP ac with it (and also making use of the 802.11k 802.11v and 802.11r (fast)roaming feature), than it is strongly recommended to N...

un9edsda

... Also noticed that resetting again device to factory defaults will prevent again the access to the device, even using MAC address in Winbox. In this situation the only way to proceed is to netinstall again latest routerOS image and connect, again, using eth1 MAC address on Winbox. I'm facing thi...

un9edsda

It seems that I should have kept on reading just a bit more instead of click on reply as the information in it had been posted already.

un9edsda

... For anyone who got an ax3, an ax2 and an Android device, I propose a different, more direct testing strategy. It still involves pretty much default configs, all that good stuff that I've previously written out. Fixed channels, fixed everything, and an SSID different from anything else you've us...

un9edsda

No errors but still hangs. One of the laptops is now connected via LAN cable to RB4011 and do not see any hangs during a calls. Another laptop is connected via WiFi and see hangs during a calls. At same time I do 'pings' and traffic monitoring from WiFi-connected laptop - traffic hangs for same tim...

un9edsda

I tried to disable the IPv4 route cache under RouterOs 6.49.11 on this RB3011. ... This is around 17% to 18% speed loss regardless the traffic direction. The results are in the expected range of performance hit in this usage scenario. Were you able to test IPIP(v4) usage scenario where there is Fas...

un9edsda

Maybe it's time for cAP be... https://eu.store.ui.com/eu/en/products/u7-pro The U7 Pro will have even more issues than its predecessor since on the 6 GHz band client devices' maximum allowed EIRP will be lower than access points' therefore APs need higher gain antenna for the 6 GHz band than for th...

un9edsda

Hi, I'm not so experienced with mikrotik RouterOS and i'm having a problem with activating IGMP on my CRS326. When I enable IGMP on the bridge(set bridge igmp-snooping=yes) the switch becomes unavailable(so I have to connect the serial cable and undo the setting(set bridge igmp-snooping=no)). The g...

un9edsda

There is at least one change from 7.14beta4 to 7.14beta6 that is left out from the published changelog however it affects clients with Intel Wireless-AC 8265 (at least Windows 10 ones having the latest driver, version 20.70.32.1) when connecting to cAP ax. While these clients were able to connect wi...

un9edsda

So basically I'm stuck with a cAP ax I can't use since 5GHz just flat out doesn't work in CAPsMAN v7.13.x with this thing. This is most definitely a software issue. I've watched the YT videos, read the documentation, tried direct configuration of the AP and indirect using profiles to no avail. What...

un9edsda

Some people also suggest not actually using the firewall for IPv6, just enable firewalls on the hosts. I could do that, but I then have the inverted problem, how do I enable all local prefix-ranges to connect to my server, but not from WAN. Everything is just a workaround for a lack of addressing. ...

un9edsda

... The issue is that i purchased about 10 units of ccr2116 with v7.8 already on the device but most of my active ccr1036 are on v6.49.7 and am changing about 10 units of the ccr1036 to ccr2116 and i desire to downgrade the v7.8 on the ccr2116 to v6.49.7.but several efforts of downgrading the ccr21...

un9edsda

Thanks for those advices. I did try RouterOS 7.12 a few days ago and it was the same heavy slow down problem as i got a few months ago. Not a slight 10% or 20% slow down that seems to be seen globally with RouterOS7 specially on old devices, but an heavy slow down to around 20 mb/s download speed. ...

un9edsda

No i'm not using RouterOS 7 because on the RB3011 it does not work for me. The bandwidth fall down to something like 20 mb/s. I'm not alone with this problem. Then i reverted to RouterOS 6.49.11. I see. I don't know when was the last time you tried v7 on RB3011 and whether you went with the risk av...

un9edsda

By the way what throughput can you achieve when using IPIP with the undocumented allow-fast-path=yes setting instead of IPIPv6 where fast path is not supported? The other missing feature/setting in IPIPv6 that is present in IPIP(v4) is the dont-fragment one, tough this should not be an issue if ICMP...

un9edsda

This is very interesting but i do not think that the problem can be related to the QCA8337 switch chip setup because i'm using an RB3011. In this router the SFP interface is not in the switch1 or switch2 group. It is directly linked to the CPU1 through a 1 Gbps link. For LANs, i'm using the switch1...

un9edsda

... I have ATT fiber for my ISP with symmetrical 1Gbps service, but the RB for some reason won't do more than 50Mbps download. I have gone through all of the basic stuff at the lower end of the OSI model (cables, negotiation etc..,) and I don't see anything physically wrong (at least that is appare...

un9edsda

Thanks for a reply. Here's my config, however my firewall rules are empty but in that exported file it shows that there are plenty of rules # 2024-01-01 17:02:21 by RouterOS 7.11.2 #... /interface list add comment=defconf name=WAN add comment=defconf name=LAN /ip pool add name=dhcp ranges=192.168.8...

un9edsda

... (The IPIPv6 Tunnel will be used on the SFP Interface, on a VLAN) Actually i have a RB3011 that is limiting my IPv4 Internet access speed to around 350 mb/s. The CPU1 core is saturated at 100% by this Tunnel. ... Is this speed before or after heeding the advices of the documentation's Layer2 mis...

un9edsda

I have tried setting a mikrotik rb4011 with very basic configuration and it's having the same issues, the network is just almost unusable. We have tried setting the ISPs modem to router mode and the internet is working fine over their modem. But as soon as we connect the mikrotik as the router, eve...

un9edsda

Anyone that has dynamic ipv6 prefixes has the problem that in the event you get a prefix change, your rule stops working. This is even more error prone because if you accidentally remove an ipv6 address from your interface, the old address is gonna be gone for a few days (or is it 30 by default?), ...

un9edsda

Hi, I'm working on a provisioning system for a small ISP, we're automating deployment of a large number of mikrotik devices and we have existing infrastructure I'd like to integrate netinstall with. You may want to have a look at pyNetinstall - Free and Open Source netInstall implementation for Fla...

un9edsda

... What are the traffic requirements from the user perspective? What equipment do you have and what is the network design.....? Did you read carefully the question? It is generic and not related to any equipment. I want to block the router access from given VLANs conneced to the bridge ports of th...

un9edsda

A bit more detailed explanation: In the default configuration ether1 is part of the WAN interface list and probably it has not taken out from it, just sfp-sfpplus1 was added to it, therefore it was removed from that list. Fast Path was enabled on the bridge as it was not enabled. Internal path costs...

un9edsda

European Union countries ? More likely ETSI countries. By the way list of non overlapping EU/EEA ETSI channel lists with relevant EIRPs: /interface wifi channel add band=5ghz-a comment="EU/EEA ETSI RLAN 1 sub-band 1 - max. EIRP: 23 dBm (20\ 0 mW) - channel width 20 MHz - 802.11a - channel #36&...

un9edsda

However, *) wifi - use "Latvia" as default value for "country" property; is not a fix for a bug, but it is a new feature.

It can still be a bugfix tough, a legal one (introduced after legal finished the DD).

un9edsda

... 1. Internet Service Provider which use EPON technology (they use BDCOM P3600-08E on their end) 2. On my side Mikrotik 5009 router 3. With SFP module FoxGate ONU 1001XP-SFP ... I decided to switch it with one from FS.COM. I did tried to replace my SFP module with Generic Compatible EPON ONU SFP ...

un9edsda

I've tested doing a simple configuration of MACSEC, but I can't make it work (Invalid) and logging is not helping at all.

In your test you used the MACsec part of the documentation?

un9edsda

Okay, made that change and no improvement! Thank you for commenting! It would have helped if you if you had included a sketch from your network layout since your configuration has some "interesting" parts. Anyway it seems that you are using your 10Gbit SFP+ port for the 300/30 (down/up) M...

un9edsda

Back when I "learned the hard way" about Mikrotik AC devices... I could connect a device to a wAP AC at maybe 110 feet. But the air better be completely clear of any other devices on that channel. The event space I took over in October... had two UAP AC Mesh Pros. They were being asked wa...

un9edsda

I'm looking for an AP for very basic domestic use with outdoor range of about 120m. The only all in one model that might fit the bill is the mANTBox 52 15s (RBD22UGS-5HPacD2HnD-15S). If you rather have separate antenna, than there is it's "twin" without antenna: NetMetal ac² (RBD23UGS-5HP...

un9edsda

1. just read it "Built-in cards can only work with legacy drivers" - what have the drivers to do with the fact if they are configured via old capsman or via local configuration. That is no contraindicator. 2. now I've read it the 20th time. Still nothing in there which would explain the i...

un9edsda

... And yes, using local wifi capsman I cannot manage them but that is not what I'm trying to do. ... RB4011 (routeros+wireless) (wifi and legacy capsman available) cap1: local RB4011 wifi interfaces <- managed by legacy capsman cap2: ax3 <- managed by wifi capsman cap3: ac2 (with wifi-qcom-ac driv...

un9edsda

This is the export from the cAPac # jan/04/2024 09:22:08 by RouterOS 6.49.10 # software id = VIZX-79YQ # # model = RBcAPGi-5acD2nD /interface ethernet set [ find default-name=ether2 ] name=eth2emergaccess /interface bridge add name=bridge1 /interface wireless set [ find default-name=wlan1 ] country...

un9edsda

Another thing not to forget about is to setting up of the bridge priority, and path costs. Working costs: for 100 Mbps port(s): internal-path-cost=100000 path-cost=100000 for 1 Gbps port(s): internal-path-cost=10000 path-cost=10000 for 10 Gbps port(s) (like sfp-sfpplus1 to sfp-sfpplus24 and qsfpplus...

un9edsda

I need a sample config which has HW offloading using router OS and VLAN trunking setup so I can mirror and learn. I also posted a question about using two switches or a router @ wire speed to accomplish what i can't do with one switch because I am limited to either HW offloading for VLANs with filt...

un9edsda

I have a CCR2116-12G-4S+. My traffic levels are 3-4Gbit/s during peak hours. My current setup is that I have my downstream and upstreams running on a single SFP+ interface using VLANs. No bridge - this is a core router. Would there be any advantages (e.g. performance, lower CPU load, etc.) if I spl...

un9edsda

I would like to "chip in" in the discussion, because I have the same issue. We have inherited a client where the previous IT person set up unnecessarily complex network. There were 19 bridges, 19 vlans, 800 firewall rules, etc. Needles to say the network was crawling along on a RB3011. I ...

un9edsda

I can't see one of those layer 2 misconfigurations which would be applicable (I've checked and I'm not using VLAN filtering on the bridge) - a useful document however, and, it's given me some further insights. First of all sorry for the late reply. The RB5009s have a single Marvell Marvell 88E6393X...

un9edsda

There seems to be a typo/discrepancy in the new Wifi documentation's Channel properties section: according to the docs the one of the possible values of the band property is 5ghz-an however on an actual router said property value pair is

band=5ghz-n

.

un9edsda

... As soon as I enable wave2 capsman on my controller (RB4011 with wifi) my hap ac2 (running still wireless package until I'm ready with new capsman) stayed connected to legacy capsman. But I lost the local wifi interfaces of the RB4011 only. As soon as I disable wave2 capsman the local wifi inter...

un9edsda

Regarding RB5009's L3 Hardware Offloading expectation see @raimondsp 's post in L3 HW Offload support on RB5009 [SOLVED] . On the topic of RB5009'S 88E6393X switch chip capabilities check Bridge Hardware Offloading . And on the final part about what may cause your issues check out Layer2 misconfigur...

un9edsda

First of all thanks for the documentation @raimondsp . Upon checking it I have come across a thing that would be great if clarified: in Port settings ... By default, ports are untrusted and receive the lowest (0, best-effort) priority, where priority fields are cleared from the egress packets. Is th...

un9edsda

... Can you provide any feedback on when we might see a proper long term release? Omitting features ... would be ... preferred ... it's more important to have a bug-free release ... Having a v7 LTS would likely mean that v6 becomes unsupported which (if certain core functionality would be still mis...

un9edsda

On 7.9rc5 the IPv4 firewall address list does not resolve local static addresses, therefore those can not be referenced for filter rules for example. Example code: /ip/dns/static/add name=a-device.lan type=AAAA address=fd11:1111:1111:1::2 address-list=to_be_filtered_ipv6 /ip/dns/static/add name=a-de...

un9edsda

You cannot subnet a /64. Ask your provider for more space (a /60 or a /56 or a /48). This request is just as successful as asking the state to lower the standard VAT rate... It could be you already GET more space but have not yet understood how to activate it (with proper DHCPv6 client configuratio...

un9edsda

I just edited my previous reply with my DHCPv6 client script in order to replace it with an updated version. First of all thanks for @Sob for taking the first (published) swing here at the changing ipv6 prefix and for you @NathanA for creating a robust version of it which implements RFC6204/RFC7084...

un9edsda

i have setup a pppoe-server specific on that CCR1036 ethernet port.. just with the router wifi6.. and just with profile default from mikrotik with no limits.. max speed download wifi 300 ao 390mbps.. and upload speeds up to 700mbps .. tested with custom specific profiles created for 500mbps and 600...

un9edsda

Really? not... A switch for 5Gbps is one switch only also on client side. If you have to manage 100Mbps can suffice, but with 5Gbps you kill the CRS cpu... Although we do know from @IPANetEngineer about "l3 fw offload - stateful offload of IPv4 connections and NAT" and which features need...

un9edsda

... But when it will be supported in IPv6, rules by @sob won't be compatible ... without properly configuring firewall filter rules (either fasttrack rule or rules above fasttrack rule). The thing is: ... when connection is fasttracked, ... Essentially it'll skip everything after connection trackin...

un9edsda

Mangle and fasttrack are not compatible. Even in the case of the NPTv6 pair of rules that @Sob has provided ? /ipv6 firewall mangle add chain=postrouting action=snpt src-address=fd00:1234:5678:9a00::/56 src-prefix=fd00:1234:5678:9a00::/56 dst-prefix=publ:icpr:efix:b700::/56 add chain=prerouting act...

un9edsda

I recall setting up a script to download and update that blacklist, could those entries be taking up disk space? I can easily purge them and re-add them afterwards. It can be a reason for the "missing" space. However as @mkx has already written the risk averse method of changing over from...

un9edsda

The topology is as follows: Mayor ISP --> 10 Gbps --> CCR2216(BGP) --> 10Gbps --> CCR2004(Edge) --> 10Gbps(trying to limit to 5Gbps) --> <End user equipment>CCR2004 ... On the CCR2004 running v6.48 can't do a Queue with more than 4200Mbps(maybe a little bit more) but on the CCR2216 running v7.8 can...

un9edsda

removed excessive quotting of preceding post; be wise, quote smart, save network traffic Both the CRS354-48G-4S+2Q+RM and the CRS312-4C+8XG-RM supports L3 Hardware Offloading . Therefore both switches capable of hardware assisted inter VLAN routing at close to wire speed. For further information re...

un9edsda

2023 hAP ax lite has better performance, and is cheaper with lower power consumption

And on top of that it requires less complex configuration.

un9edsda

Just wondering of I can use bridge filtering functionality (or IP firewall filtering on the bridge) without disabling HW offload on LAN interface. ... At the moment I'm using HAP AC as my main router. Wifi is disabled as I'm using other wifi6 solution, so Mikrotik acts as a pure router. The hAP AC ...

un9edsda

is this related to a different hardware ..? i was looking to a hardware Plan for each of them and i couldnt find the big difference between them so anyone have any idea..? Quite possible as different hardware require different configuration (and those two are quite different). Have a look at post #...

un9edsda

Have a look at post #3 in the Bad performance (slow) of RB2011UAS-2HnD topic, than continue in the Layer2 misconfiguration section of the documentation.

un9edsda

i don't have the budget for a better MT router yet .. i'd be glad if you could help me. Post #3 and #5 in that topic is definitely not about buying a different router, rather about the optimal configuration of the RB2011UAS-2HnD. if i buy a Zyxel SPF+ module can i use it instead of my current FTTH ...

un9edsda

I used different approach and from what I remember bridge was offloaded, ports also. It's curious how the first device worked for a long time and why disabling MSTP magically solved the problem ! Thanks @Simonej. For quite a few Mikrotik devices there are quite some caveats in case of at first sigh...

un9edsda

can you introduce me to some place where i can learn how to configure this router and use its advanced features ?

See post #3 in Bad performance (slow) of RB2011UAS-2HnD and post #5 in the same topic for start.

un9edsda

I tried to remove any default configurations before reinstalling the software (NetInstall used), making sure that there were no bridges left in the configuration, but this did not add much stability. Please help me understand what's wrong! The risk averse method of moving from ROS v6 to ROS v7 is t...

un9edsda

This is the relevant part of config: /interface bridge add name=Bridge protocol-mode=mstp frame-types=admit-only-vlan-tagged ingress-filtering=yes vlan-filtering=yes /interface bridge port add bridge=Bridge interface=ether5 pvid=10 hw=yes /interface bridge vlan add bridge=Bridge tagged=Bridge,sfp-s...

un9edsda

... first check what you have installed on your computer. Many forum posts said to disable the firewall and antivirus, run as admin, etc, etc. It might come in handy for someone: the current (as of RouterOS v7.8 ) Netinstall procedure on a GNU/Linux system (Netinstall (CLI Linux) in MIkrotik parlan...

un9edsda

No the purchaser didnt do their homework as open vpn is not fully supported by MT and only recently has started trying to make it possible. Meanwhile wireguard which is faster and easier is available...................... No I made my homework. I knew that openvpn installed on the router uses tcp a...

un9edsda

The actual setup is, I want to use two switches - for redundancy purposes. They are both connected to each other with 1x 10Gbit. Each ESX host will use 4x 10Gbit "lanes/cables/ports" - two will go to the first switch, and two to the second switch. The ESX host itself has two different net...

un9edsda

Actually those are the results of RFC6296 section 2.6 Checksum-Neutral Mapping https://datatracker.ietf.org/doc/html/rfc6296#section-2.6 The checksum part is completely moot as I can't use this in the first place atm. Not using snpt/dnpt because it completely prevents the use of the firewall (which...

un9edsda

Strongly, strongly disagree. Having think tanks...err, "standards bodies" dictate how operators that are actually "in the trenches" so to speak should design and engineer their networks is NOT the right answer to the problem at hand. (goes on about how difficult it would be to h...

un9edsda

... ULA will stay and making it as easy as possible to translate to GUA should be our goal, even it if will cost us some speed. The resource costs of NPTv6 are manageable and RFC6296 IPv6-to-IPv6 Network Prefix Translation has been implemented in RouterOS quite a while ago as @Sob has pointed out a...

un9edsda

Is RB2011UiAS-2HnD-IN still in use? The maximum broadband of my device can only reach about 200M. According to the "Products" page it is not an EoL device. In multiple tests, I only managed to get maximum download speeds of around 200mbps, even with Fasttrack enabled. I've removed almost ...

un9edsda

@DarkNate : ... I'm not entirely sure what you mean with "you will need to use Provider independent address space (not ULA because they are broken in dual stack networks)". It might be a reference that by default in line with RFC6724 Default Address Selection for Internet Protocol Version...

un9edsda

What solution do you propose for those that have a dynamic IPv6 address and want static addresses on their LAN, so they use some form of NAT between their LAN and the public IPv6 prefix valid at that moment? Just grab some random public IPv6 address that appears not to be in use, but is not conside...

un9edsda

Related to the ULA discussion - ULA is functionally useless in dual stacked networks, as highlighted in the infloblox blog post above. It will almost never be used, so your mileage may vary if there is an expectation of using v6 by default in the presence of any IPv4 at all. There is an IETF draft ...

un9edsda

Yes, please! Network Prefix Translation (NPT, RFC6296) would make the adoption of IPv6 for the full network so much easier. At least those of us, whose IPS won't allow us the use of BGP... @Sob in Feature Request: IPv6 NAT66 Support in post #71 wrote a pair of sample firewall rules for NPTv6: /ipv6...

un9edsda

NAT config /ipv6 firewall nat add action=masquerade chain=srcnat dst-address=2000::/3 src-address=\ 200:c01d:c01a:beef::7ac0/128 to-address=2603:XXXX:XXXX:XXXX::2/128 Do you also happen to have solution for the following two common issues with IPv6 in residential deployments: Dynamic address and pr...

Search found 103 matches