I have a RB5009. It is a fairly regular setup. 1 port is connected to a switch, and 2 ports are connected to two separate WANs (1gbit each). Everything works as usual. However after a while under 1 hour, the routing speed reduces. I can see about 20mbit on speedtest.net. When I restart the router. I...
I have DoH DNS working without any issues. I have multiple WAN. For client internet connection, the failover works. So if one WAN gateway is down, the other one is being used. However, this doesn't work for DoH queries. So the mikrotik router itself, doesn't use the failover WAN. This is what I have...
I am trying to create fast track for specific address lists. I have seen both examples of it on the forum. With both versions CPIU is lowered and I see fastrrack counter incremented in IP/Settings. Which one is suppose to be first? With this version, I see both fasttrack rule and accept rule packets...
I started using nextdns with DoH. it is working without any issues. I see that the hostname of mikrotik is always being captured as the device name. Is there a way to make mikrotik send dhcp client hotnames or something else with the request. It seems nextdns is accepting the information in various ...
I have an apple tv abroad. I have a mikrotik rb5009 router that works as wireguard server. I have another rb5009 router as wireguard client. I did a speed-test on apple tv. I can consistently see 50mbit/sec. Everything works but the app store. The search results and downloads randomly fail, or it wo...
I have two mikrotik routers connected with wireshark over the internet. My ip changed the ip address of the server router. The client still continued to remain connected to the server router. How is this possible? When i looked at the admin panel, i saw peer endpoint showing old ip address. Current ...
I have a device which uses vlan id 500. For this vlan there is a dhcp server attached and it works. However, for another device with a specific mac id, again using vlan id 500, i want to assign from another ip pool and another dhcp server.
Hello, I followed the instructions on this forum, and I am routing all of the traffic via wireguard. Nothing interesting here. However, I noticed that, if I disconnect wireguard, the route stays active, and the servers are unable to reach the internet. If I enable gateway=ping, the route doesn't wor...
Hello Sindy’s answer worked. I was following https://help.mikrotik.com/docs/display/ROS/WireGuard which has only one new manually added route. It fixed the problem. I am just curious why the documentation wasnt showing it As for not having a bridge for site 1, i was told on this forum that i didnt n...
Hello, I am trying to setup wireguard site to site. I am so close, but for some reason I can not ping or connect between sites. What am I missing? Handshake is there. Routing seems to work, but there is no connection. I flipped through the firewall, but no luck SITE A: reducted SITE B reducted
I setup l2tp vpn. it works as expected. When I access other vlans it also works. However, if I try to access a device in the same vlan it doesn't work. Unless I define masqarade. What is the reason for this?
On CHR, firewall rules are applied without any additional change.
I have a rb5009., will it be the same? Or Will it require some extra “redirect to cpu” etc to be able to apply rules to block some vlan accessing other vlan
I tested this on Cloud Hosted Router. It seems to work. VLANs are routed through the router, and I didn't use a bridge. If this is the case, is there a need for a bridge for this case? Will this be hardware offloaded on the real device?
I want to use a powerbox pro just as a switch with maximum hardware offloading as possible. I have this configuration, but I am not sure if changing anything will allow me to access even more wire speeds. Do I really need a bridge? Instead, will adding switch rules a faster, more hardware accelerate...
Hello, I want vlan 10 to access vlan 20, but not be able to access the internet (wan)? I couldn't find any negate filters on switch rules. So I am not sure how can I detect a device trying to access wan with switch rules to drop the package I know I can do all of this in the firewall, but I am curio...
I tried all combination of everything I tried. What's weird is that I used to have a hex s, and it worked without any problems. When I plug the same cables to the same ports on rb5009, it doesn't work. I have to flip them to get them to work
Hello I have two identical switches. They both provide poe out. If i connect switch1 to router port 1, and switch2 to router port 2, port1 has uplink but port 2 doesnt have uplink. No led light. If i connect switch2 to router port 1, and switch1 to router port 2, port1 and port 2 both have uplink Wh...
Hello I had a hex s. Never had a problem. Never required a restart. Recently, i switched to rb5009. Upgraded to latest software and firmware. Manually installed the same config. Everything worked for a week. Now, almost every day, some devices become unaccessible. They become accessible again after ...
Hello, I want to setup site-to-site vpn between two routers. I also want these two routers to host client to site VPN servers independently so that external laptops etc can connect to the network. Is this possible? Will there be collisions with the ports because they are expecting incoming vpn clien...
Let's ignore VLANs for now, as I'm unable to do it with that approach. Let's say I have 2 dhcp servers. dhcp server 1 with 10.1.2.0/24 dhcp server 2 with 10.1.3.0/24 The VLAN ID that the new device is connecting to is attached to dhcp server 1. So it gets the ip, and everything is working. However, ...
I tried to assign static ip via dhcp lease settings. I entered the mac id, entered static ip, selected dhcp server that i originally preffered(if the vlan was correct), nothing got assigned Esentially i am fine if i can assign the correct static ip to the new device, but for some reason, i think bec...
Tplink assigns a vlan id to incoming packet
Send it to mikrotik through trunk port
Router receives same vlan id for both access point and the new device
I have a unifi access point. I connect to a tplink switch and assigned a port based vlan id. My mikrotik router assigns the correct ip via dhcp server that is targeting the vlan. So all it good here. The access point has a port that i connected another device via ethernet. The switch naturally assig...
I have two ISPs. I connect to them via two modems and they give ip from the same ip block 192.168.1.xxx. I can make mikrotik connect via two seperate dhcp clients. I can not change the ip blocks. The only setting i can change is the router ip. So i can make router ip different. I can see that this l...
Thank you for all the insight. I have anothef question. Lets say i get 2 more internet connections. So 4 in total. Can i PPC only two at a time and assign it to a specific subnet? So for example Subnet 1 uses isp 1 and isp 2 Subnet 2 uses isp 3 and isp 4 And if for subnet 1, both isp 1 and isp 2 fai...
How do I change from gateway address check to an ip address like 8.8.8.8 and 8.8.4.4, so that mikrotik checks the actual internet connection and route traffic to the healthy ISP?
I am just surprised with we got it to work with just a route marking, rather than a bunch of connection markings and then route markings on top of those as described in the PCC wiki.
Ok. I figured it out. I don't know the reason, but at least I have it working. For some reason, when dst-address-type=!local is used. Things stop working as well. Just adding dst-address=!10.0.0.0/8 didn't work either. However when I tried reducted 192.168.xx.yy is not part of my local network reall...
If both rules are enabled: ping doesn't work
if only one rule is enabled(sometimes first rule, sometimes second I think. Can not be sure): ping works
if rules have a XXXYYYZZZ-1 and XXXYYYZZZ-2 routing mark: ping works
So what can be wrong when both of them are enabled?
Hah. Honestly, I don't know about the quotes. I just use winbox to select from the dropdown and check the negation checkbox. If quotes are not meant to be there, I can remove them.
The broken one is just your lines appended to it. Here it is:
Thank you. So just to be clear. All I have to do is to have this on my mangle, and remove existing records. Nothing else? The routing rules stays the same? I am afraid it did work. When I had these none of the servers were able to access the internet. /ip firewall mangle add action=mark-routing chai...
Hello I think the conversation led off tangent. I dont have a problem with vpn or try to load balance my connections via vpn to the internet. I want to do it to the physical servers on the LAN. Right now, i use ECMP, I underatanf PCC can distrubute the load better. I have many vlans and a bridge. I ...
I just have this for NAT. The modems have DMZ set, and direct all traffic to mikrotik dhcp clients with static ip addresses. When I said, I don't use NAT, I meant no special port forwarding. This much NAT seems to work with ECMP. /ip firewall nat add action=masquerade chain=srcnat \ src-address=10.0...
I think speedtest.net uses multiple connections for download. That is where i saw more than 50mbit. But yeah for the rest i get it. I just need help to change my config to pcc now. Can you help me with that please. I am not sure how to adapt my vlans and bridge to the pcc example
Ok. Let's say I want to apply the example here. https://wiki.mikrotik.com/wiki/Manual:PCC How would it work to my current setup? I have many vlans and a bridge. TTNET1 and TTNET2 are my ISPs. My modems only allows dhcp connection from it. Therefore, I have set DMZ on the modems, with a static ip for...
So is the recommended approach to abandon ECMP and instead use PCC? Will this allow me to distribute the connections evenly? Can i make the disrtibution ratio different for download and upload?
Thank yoh
I was hoping something like this. I know my maximum upload bandwidth is 5mbit per ISP. If for ISP1, I'm using 70% of upload bandwidth, and for ISP2, I'm using 30% of upload bandwidth, then the new upload should use ISP2. Is this an unrealistic expectation? As for my config. It is like this. I'm not ...
Hello I have two ISPs. Both have 50mbit download and 5mbit upload individually. I believe I have load balancing working correctly. When i do speed tests I can see around 90mbit download speeds. However during uploads, it never passes 5mbit. I even tried paralel but independent upload tests with iper...
I don't have any firewall rules setup yet. So those are clean. Can you tell me about the second rule that you describe of? I have all of these in place /ip firewall nat add action=masquerade chain=srcnat src-address=10.6.10.0/24 add action=masquerade chain=srcnat src-address=10.6.20.0/24 add action=...
Hello, My isp gives static ip, but my modem doesn't support bridge. So I need to connect my modem to mikrotik via DHCP client. I have also enabled DMZ for the local static IP that my modem is distributing. So far everything works. I am trying to setup port forwarding. I can access web winbox, so I k...
Hello, My ISP only allows me to use DHCP Client. Therefore my router only knows about an 192.168.x.x address. However my public IP is static. Let's say my public IP is 12.34.56.78. When I do a traceroute right now to my public IP, the packets reach the modem, and then the ISP, then comes back to my ...