MikroTik

quotengrote

Thank you very much Sob, that worked! For anyone interested: [admin@rb5009] > ip/firewall/filter/ [admin@rb5009] /ip/firewall/filter> export # oct/07/2022 21:20:41 by RouterOS 7.6beta6 # software id = 5XXXXXF # # model = RB5009UG+S+ # serial number = EXXXXXA /ip firewall filter add action=accept cha...

quotengrote

@rextended and all

Thank you very much, all of these worked for me.

Wishes
mg

quotengrote

Hi, i have following Network: 2022-10-07 20_42_55-nw.md Preview — C__Users_mg_Desktop — Atom.png My Domain resolves to the dynamic WAN-IP of my router. And get dstnat'ed to a server in VLAN2. From VLAN2 the Server is reachable because i have Split-DNS and the domain resolves to the internal IP. On t...

quotengrote

Same error on ROS7; with ROS6 it works as expected.

quotengrote

With ROS6 this Syntax works as expected.

quotengrote

Hi, when i set a variable like: :global xx "pppoe-out-fb" i cant use it in this where question: /ip/address/get [find where interface "$xx" ] invalid internal item number Where is the problem? Device: /system/resource> print uptime: 3w1d18h4m48s version: 7.6beta6 (development) bu...

quotengrote

And with 7.2 released its works now on something stable.

quotengrote

Same with rc6.

quotengrote

Still working great with rc5.

quotengrote

Can confirm that it is still working as expected with 7.2rc4.

No other Issues with my Home Network.

quotengrote

There is a switch property l3-hw-offloading , which I'm not sure only setting offloading for L3 VLAN routing only or also for L3 fasttrack. I had to set to yes to get everything working. Mine was set to no, can't remember if this is the default or if it was me. Is set to no on my rb5009 [admin@rb50...

quotengrote

Found a minor Bug?

Ctrl+l

does not clear the cli in WinBox anymore.

-> SUP-73039

quotengrote

Never touched that value myself, must be a default-value.

quotengrote

[admin@rb5009] /interface/bridge> export # jan/29/2022 12:23:18 by RouterOS 7.2rc3 # software id = 56R5-PRTF # # model = RB5009UG+S+ /interface bridge add frame-types=admit-only-vlan-tagged name=bridge1 protocol-mode=none vlan-filtering=yes /interface bridge port add bridge=bridge1 frame-types=admi...

quotengrote

[admin@rb5009] /ip/firewall/filter> export # jan/29/2022 11:47:34 by RouterOS 7.2rc3 # software id = 56R5-PRTF # # model = RB5009UG+S+ /ip firewall filter add action=fasttrack-connection chain=forward comment="TEST FASTTRACK" connection-state=\ established,related hw-offload=yes add actio...

quotengrote

Follow up... my ONE simple Queue is also <s>working</s> not interfering with anything: [admin@rb5009] /queue> export # jan/29/2022 11:39:40 by RouterOS 7.2rc3 # software id = 56R5-PRTF # # model = RB5009UG+S+ /queue simple add max-limit=30M/200M name=limit-win3-upload target=192.168.2.65/32 time=7h-...

quotengrote

*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled; *) l3hw - added HW offloaded FastTrack support for inter-VLAN routing; I have some difficulties to have this working. On which devices should this work ? RB4011 ? RB5009 ? Many thanks ! Works good f...

quotengrote

With rc3 Fastrack with bridge-vlan-filtering is working. Almost half the CPU-Load with three times the troughput. 2022-01-29 11_33_12-admin@192.168.2.1 (rb5009) - WinBox (64bit) v7.2rc3 on RB5009UG+S+ (arm64).png 2022-01-29 11_32_38-QEMU (vm-test-vlan10) - noVNC - Vivaldi.png 2022-01-29 11_32_31-adm...

quotengrote

Short question, how do you roll back? Netinstall or just dumping a old npk on the device?

quotengrote

*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;

That could explain viewtopic.php?p=908851#p907193

quotengrote

I think it has something todo with this: viewtopic.php?t=182699

*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;

So maybe it isnt working in 7.1 atm.

quotengrote

@ConnyMercier
I dont get FastPath enabled, only FastTrack... do you have an idea?

quotengrote

I see that FastTrack is enabled but not FastPath, maybe thats why the FastTrack-Rule is counting the traffic.

2022-01-21 12_37_00-admin@192.168.2.1 (rb5009) - WinBox (64bit) v7.1.1 on RB5009UG+S+ (arm64).png

quotengrote

Thats is the Firewall Config at the moment. Did i miss anything? The throughput with fasttrack or fasttrack disabled is almost the same. And i see the counters from fasttrack and my normal rules increase. [admin@rb5009] > ip firewall/ [admin@rb5009] /ip/firewall> export hide-sensitive # jan/20/2022 ...

quotengrote

If you have a SFP+ to SFP+ Cable lying around,the easy Solution, is to try connecting the switch and Router via 10Gbits. Did that a moment ago. :-D 2022-01-20 14_27_28-QEMU (vm-test-vlan10) - noVNC - Vivaldi.png 2022-01-20 14_27_38-QEMU (vm-test-vlan10) - noVNC - Vivaldi.png ...and et voila 2.x GBi...

quotengrote

Ok, but how i can i force the Link-Speed to 2.5GBit/s? If i disable "Auto Negotiation" is see only this:

2022-01-20 14_13_02-admin@192.168.2.224 (crs309) - WinBox (64bit) v6.49.2 on CRS309-1G-8S+ (arm).png

quotengrote

It is, but im using the 2,5GBit/s Interface. So something is off, maybe i can test later if the sfp+ Port behaves the same.

2022-01-20 14_09_40-admin@192.168.2.1 (rb5009) - WinBox (64bit) v7.1.1 on RB5009UG+S+ (arm64).png

quotengrote

Thx for the info. The WIki states: /ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related /ip firewall filter add chain=forward action=accept connection-state=established,related But even if i do that, or marked the connection with a mangle rule and le...

quotengrote

Do you have an idea?

quotengrote

Did not know that, thx.

quotengrote

It worked, thank you very much. But it would be so much better, it RouterOS scripting had some useful error reporting. Just imagine how it could be, even simple "syntax error at line 1, column 9" would be so beautiful. Maybe one day... That would be great... Wishes mg PS: For the docs: # s...

quotengrote

Hi, i have that simple Script for netwatch: :log error "wireguard-tunnel down: wireguard_s2s_ag"; /interface/wireguard/disable wireguard_s2s_ag; :delay 4000ms; /interface/wireguard/enable wireguard_s2s_ag; :log info "Restart wireguard-tunnel: wireguard_s2s_ag"; The first one work...

quotengrote

Hi, iperf: iperf3 -c <ip> -P 2 --bidir Config: [admin@rb5009] > export hide-sensitive # jan/12/2022 14:22:19 by RouterOS 7.1.1 # software id = 56R5-PRTF # # model = RB5009UG+S+ /interface bridge add frame-types=admit-only-vlan-tagged name=bridge1 protocol-mode=none vlan-filtering=yes /interface ethe...

quotengrote

Hi all, what is the correct way to test the inter-vlan-routing capacity/bandwidth properly? At the moment i have a hypervisor with a 10G-Trunk with 4 VLANS, and a VM in each VLAN with a router-on-stick RB5009 who does the routing between the vlans. For tests i have disabled all Firewall Rules. VM_VL...

quotengrote

Hi, i have changed my Firewall Rules to a default Drop rule. Did i have made any errors? The router is used in my house with a few Servers. /ip firewall filter add action=accept chain=input connection-state=established,related log-prefix="Allow established, related: " add action=accept cha...

quotengrote

After a long long time... i have finished the vlan project. May it be helpful for others... Network https://i.ibb.co/Brtj0bH/2022-01-03-14-24-20-Heim-Netzwerk-bersicht-Dokuwiki-mgrote-net-Vivaldi.png Router [admin@rb5009] > export hide-sensitive # jan/03/2022 14:19:17 by RouterOS 7.1.1 # software id...

quotengrote

Hi all, i created a small Munin Plugin for Mikrotik devices. It works without SNMP and reads directly from an ssh connection. It shows: bad blocks cpu load disk usage mem usage sector writes reboot/total cpu-temp So, if somebody is interested, or have improvements... https://git.mgrote.net/mg/munin-...

quotengrote

As for the other two rules, its narrowed down to who has access to the router...... only need one rule! add action=accept chain=input in-interface-list=-manage src-address-list=mgmt_access Yep, i will change it. Personally, I would not post my ssh port or my winbox port on a config either :-) (very...

quotengrote

I fail to see any firewall rules on your router and then you put some on the switch?? The config is flawed thus i The router is new, i havent done anything besides that config. The Switch is already(but not the vlans) configured. my normal router config looks like that: [admin@rb5009] > export hide...

quotengrote

Should i make a extra rule always allowing ether8 mgmt-access then?

quotengrote

Hi, im just switching from my hEX to a RB5009 and want to use VLANs. VLAN 2 - for almost anything VLAN10 - for Work VLAN20 - for Guests At the moment my Network is ike this: https://i.ibb.co/3md0NKJ/2021-10-02-18-15-33-Greenshot.png On the RB5009 eth1 goes to the crs309 eth2 to wan eth3 is a port fo...

quotengrote

Hi, im just switching from my hEX to a RB5009 and want to use VLANs. VLAN 2 - for almost anything VLAN10 - for Work VLAN20 - for Guests At the moment my Network is ike this: https://i.ibb.co/3md0NKJ/2021-10-02-18-15-33-Greenshot.png On the RB5009 eth1 goes to the crs309 eth2 to wan eth3 is a port fo...

Search found 42 matches