Any idea why PoE auto was removed for L009?

Most likely the hardware did not (reliably) support it...

That's unfortunate because it had been working reliably for me with a hap ax2 until I upgraded.

I just ran into this too. I wonder with the rationale / reasoning is for this? Not only did it take a bit of time to sort out this morning, but I preferred auto-on.

Thank you for looking at my config. #11 is my problem. Definitely operator error! (1) The vlan100 addresses are the management addresses. The idea was to use vlan78 for capsman, but I initially had some trouble with it and just opened it up to all ports at some point and never went back to clean it ...

Please forgive my crude network diagram. https://i.imgur.com/s9ZyHDd.png I think this should be sanitized well without leaving out anything important. Some firewall filter rules are disabled because I used them while I was testing a few things out. Currently I have the dns, winbox and ssh rules disa...

Interestingly enough this works /ip firewall filter add action=accept chain=input comment="vpn server" in-interface=wgsrv When above the wireguard port rule /ip firewall filter add action=accept chain=input comment="vpn server" dst-port=13233 protocol=udp But not with the subnet ...

Hi anav, Thanks again for your reply. To confirm... Adding more FW filter rules for the specific ssh and winbox ports does allow me to connect to the router without the wireguard interface in the LAN list. So this portion appears to be working as expected. The only thing I'm a bit confused about now...

Allowing DNS from the wireguard interface worked well. I still wasn't able to access Winbox over the tunnel with the src-address rule, but I can look into that later. I'm not against adding the wireguard interface to the LAN list. I was more just curious why it wasn't working the other way and which...

/interface wireguard peers add allowed-address= 192.0.2.241/32 /ip firewall filter add action=accept chain=input comment="allow Wireguard traffic" src-address= 192.0.2.240/28 The incoming wireguard user (assuming thats you the ADMIN) to access DNS must have access on the input chain which...