I have a support/feature ticket on that topic (SUP-61929).

Also did a feature request...

And who would be this intruder between the computer, and the router connected directly with a network cable?

Apparantly it's called network, because I always have direct connections between computer and switch

Sorry, I've found the discussion here: viewtopic.php?t=164109

I don't need it - my switches (and the networks) are all under my physical control.

As long as there is no intruder in your network.
Yes, I'm also doing stuff like this, but it's not good security practice anymore: look for Zero Trust.

The switch support already SSH, HTTPS on RouterOS, simply use already included RouterOS instead of SwOS...

Funny advice... IMHO SwOS is much simpler and setup is faster for some use cases.

Hi,

is there no https support in the SwOS management web interface?

Actually I don't think that messing with 30+ VLANs makes it much easier to manage. I think I've got 6 or 7 VLANs at the moment and the firewall rules on the inter VLAN router are already much longer than what I call easy manageable. Also instead of 30+ routers (with bridge) I'd need 30+ switches the...

Hi, I want to deploy a configuration to a bunch of Mikrotik routers (> 30). The routers are used as follows: In a laboratory environment each router is used for a small, separated network. Inside of the separated networks there usually is a PC and some measurement equipment (connected via IP to the ...

Hi,

I've ordered a CSS326-24G-2S+RM which is not delivered, yet. Is MAC based VLAN via RADIUS possible in the meantime? This is a must have feature for me for access switches.

Thanks!

Thanks, that one works!

Thanks! But sorry, I've fogot to mention that I've already tried this one: But it gives the error and does not remove any rules.

I guess this is because of rule 0, which is a builtin rule for fasttrack.

Hi,
I want to sync my firewall settings from one VRRP router to another. Therefore I'm exporting the rules with . But before import on the second router I have to wipe out all firewall settings. How could I do this?

I've indeed missed this... And it makes so much sense! Thanks!

I guess this is caused because the route list has a dynamic route entry for each interface: vlan62 and vrrp62 which cannot be deactivated nor deleted. A possible workaround: Use the mangle rules to add a mark to all packets matching vlan62 and vrrp62. On the filter table use this mark instead of the...

Hello, I'm running 2 VRRP routers, that have some VLANS configured. See the interfaces: mikro-interfaces.png But now I've got a problem when setting up firewall rules. In the forward chain I'm trying to match against the output interface (which actually should be vrrp62), but I've noticed that some ...

Hi, did you figure out what was going wrong? I've run into a similar situation: I've exported my firewall rules on router A and imported them on router B. While everything seems to be fine on router A, on router B no packages get the established/related state. Package counters stay at 0. If I add a ...

BTW: MNDP was the right keyword

For this to work you need:
* allow inbound traffic on UDP port 5678
* enable ip->neighbors->discovery on WAN or all interfaces (I was missing this)

Of course you also need to allow WinBox traffic to TCP 8291, too.

I guess @OP is trying to get MNDP working on WAN interface. Which is IMO very stupid idea, but @OP might have a valid reason for doing it (e.g. in block of flats, every flat has its own MT router managed by landlord via WAN interface). Actually it's something like this. The WAN interfaces of severa...

Hi,

I've setup a router with quick setup and I'd like to allow the WinBox broadcast messages on the WAN interface, so that the router automatically can be found.

I've tried to allow inbound UDP traffic to port 5678, but still the router cannot be found in WinBox. What else do I have to do?

Thanks!

Hi,

I'd like to use Ed25519 SSH keys, too. I do not use any other key formats anymore.

Please add it!