MikroTik

NA9D

DOH! I hate when that happens!

NA9D

The ZT servers are still in use. The docs mention this: A common misunderstanding is to conflate network controllers with root servers (planet and moons). Root servers are connection facilitators that operate at the VL1 level. Network controllers are configuration managers and certificate authoritie...

NA9D

First of all - thanks for the tip on opening the port on the router. Open on the WAN side - yes?

I just tried it again this time w/o entering the address and yeah, it worked - assigned an IP. OK. I have no idea where the cockpit error was. Oh well.

NA9D

OK. Strange. I'll try creating another network and seeing if I can duplicate my problem...

NA9D

HEY! That worked!!!! WOOT! Lurker888 thank you once again. And thanks to the others here as well. Looks like the key is that if you specify additional routes with a gateway address, you MUST assign that gateway address to whatever member is functioning as the gateway - it takes a static assignment. ...

NA9D

Wait a minute... Looking at your entries: /zerotier/controller/set 0 private=yes ip-range=172.30.30.100-172.30.30.100 routes=172.30.30.0/24,0.0.0.0/0@172.30.30.1 /zerotier/controller/member/set 0 authorized=yes ip-address=172.30.30.1 You set the IP address of the router OUTSIDE of the IP address ran...

NA9D

Hmm.

OK. Interesting...I'll try it again...

Could it be that since you are specifying a specific gateway IP address in the ZeroTier subnet that the router doesn't do a DHCP assignment but instead is expecting a fixed IP?

NA9D

/zerotier/controller # as array set [find] routes=("2.0/24@10.1.1.1","17.0/8@10.1.1.1") # or as string set [find] routes="2.0/8@10.1.1.1,17.0/8@10.1.1.1" # both forms work - so routes US military and Apple IPs to a ZT member at 10.1.1.1 # & resolve the 2.0 into 2.0...

NA9D

Well, that "client' is the router itself. My point is that when the extra routes are added, an IP address is never assigned. I'm happy to try it all over again for the tenth time. The IP address is assigned rapidly when using the example setup. So I don't think that it is taking a while.

NA9D

No. I did. That's one of the steps. When you first add the network you are denied. But then you add it: Columns: NAME, MAC-ADDRESS, NETWORK, STATUS # NAME MAC-ADDRESS NETWORK STATUS 0 NA9DNET 46:92:71:60:00:60 5fb30d356dc2cd47 ACCESS_DENIED So yes. Here is it access denied. Now you go and list the m...

NA9D

Here's an example of one of my attempts at this. Excuse some of the typos in the terminal session! In this case, I tried to add a global 0.0.0.0/0 route to the 172.27.10.11 address. [admin@MikroTik] /zerotier> controller/add name=ZT-NA9D instance=zt1 ip-range=172.27.10.10-172.17.10.20 private=yes ro...

NA9D

I have followed the tutorial exactly. When I enter the steps exactly like they say and with the route example they use (and I've tried it with multiple different IP subnets) things work fine and the instance of the router is given an IP address. It's when I try to add the extra routes that I get zer...

NA9D

With most managed switches (Cisco, Ubiquiti, etc), the management VLAN is non-routable. So if you want to route from your LAN to other VLANs and back, you need to use a routable VLAN. Some switch models I've seen do allow it on the management VLAN but most do not. When I was setting up the VLAN rout...

NA9D

When I set the config up like that, I don't get an IP Address assigned to the router's ZT client. Nothing gets assigned. I assumed I was doing something wrong. As far as forwarding between subnets - not sure. I've got multiple subnets on the router already. I don't have an issue with those or when u...

NA9D

No you have me curious and I’ll have to read this whole thread!

. But I have a five hour drive ahead of me.

Have you added the guest vlan as an interface of the LAN?

NA9D

Here's the link to the writeup I did. It was only thanks to Lurker88 that I was able to do this: https://forum.mikrotik.com/viewtopic.php?t=214252 I have 16 VLANs. Two managed switches and the Mikrortik all connected by 10G links. Traffic routes smoothly through all of them and between all of them. ...

NA9D

You can set which interface gets DCHP requests. You should really have a separate VLAN set up for your LAN that is different from the management VLAN of your switches. Put all your LAN traffic on that VLAN (maybe you do - I'll be honest I haven't read the entire thread). Then set the DHCP server to ...

NA9D

Hey all, I'm experimenting with Zerotier and have been following the steps listed in the documentation at: https://help.mikrotik.com/docs/spaces/ROS/pages/83755083/ZeroTier#ZeroTier-Controller I've successfully created a Zerotier connection using the Zerotier Central portal. I've also successfully c...

NA9D

Cool! Thanks! I'll check it out.

NA9D

Hey all, I am looking for a way to send multicast UDP traffic over a remote VPN connection. From what I have looked at Zerotier provides this functionality. I've have Zerotier installed on my router. I have it on my phone. I've successfully made a connection into my LAN, can ping devices, etc. All g...

NA9D

I just created a guide for setting up InterVLAN routing on the MikroTik. I posted it in the user submitted articles section. Do a search on InterVLAN routing. I have about 16 VLANs I am using to route along with normal LAN traffic.

NA9D

I just did a whole write up on Inter-VLAN routing using the Mikrotik routers. It works like a charm. My article is available in the section for useful user submitted articles.

NA9D

Absolutely. Here you go. I've removed my VPN keys and all along with my router serial number. The rest should be OK. Note there are a couple routing rules in the file that are disabled that were I added when I first set this up. They aren't needed any more so I'll eventually delete them.

NA9D

Hey everyone, In another forum post, I discussed some issues I was having with routing traffic into multiple VLANs on my network. With the help of forum members (especially Lurker88), I was able to successfully set up inter-VLAN routing and it works great. Attached is a step by step guide I put toge...

NA9D

Sure. Didn't know that existed!

NA9D

I've created a step by step guide that will hopefully help others. I believe I captured all the steps. Please let me know if you find this helpful.

NA9D

In another post, I started a rather long discussion on routing VLANs with MIkroTik routers. Thanks to the help of those in the forum, particularly Lurker88, I was able to successfully set up VLAN routing. As there are a lot of steps to this and in order to help others, I have put together the attach...

NA9D

Sure! Before we did anything we enabled setting the CPU frequency to a fixed, maximum frequency and making a second partition of the storage space so things could easily get reverted if they got mucked up. First of all - on the router, we created the VLANs that I needed to route into Second - Took p...

NA9D

Hi all, A quick update. Lurker888 and I have been working in a Google chat and we got everything working really well. The issue was the triangular routing. We have trunked all my VLANs up to the router and applied some filtering and it all works great! Very pleased. Lurker888 knows his stuff! Kudos ...

NA9D

Sure.

NA9D

Sure. I'm good with that. I don't know if there's private messages available here. How do you want me to get you my info?

NA9D

OK. I have some good news. I have removed the VLANs from the bridge and added them as tagged to the SFP port. I have now configured a trunk on the Ubiquity switch and VLAN traffic is flowing to the Mikrotik! And I have not lost control of the Mikrotik either... However, I'm not sure how to route tra...

NA9D

This may be a bit confusing - and it is - but this is called weak/strong host model, and it is a thing. I dare you to look it up, follow what few references there are, and come back with your hair half torn out.

No thanks. I'll take your word on it!

Attached is the full config...

NA9D

OK. This is weird. It is working on port 7 of the router.... But ether7 is on the bridge. The port numbers in the config should match the physical ports yes? And my Mac is definitely on 192.168.100.0... en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 9000 options=50b<RXCSUM,TXCSUM,...

NA9D

It's a Mac. There's one NIC active. My WiFi is turned off. I don't have a route file.

Screenshot 2025-01-20 at 3.29.45 PM.png

Screenshot 2025-01-20 at 3.30.55 PM.png

NA9D

I deleted the last entry for the bridge. Still no dice.

Full config attached. I really appreciate the help...

NA9D

jon@Jons-Mac-mini ~ % ping 192.168.100.254 PING 192.168.100.254 (192.168.100.254): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 ping: sendto: No route to host Request timeout for icmp_seq 4 ping: sendto: Ho...

NA9D

Something isn't right. I cannot ping the new address at all - even when my computer is connected directly to port 8 on the router and I have an address in the 192.168.100.0 subnet... /interface ethernet set [ find default-name=ether1 ] l2mtu=9216 mtu=9216 set [ find default-name=ether2 ] l2mtu=9216 ...

NA9D

The things you might have missed: * You should assign an address/subnet to ether8 that is *different* from the one you use otherwise use e.g. 192.168.100.0.1/24 This I did not do. It was just an unused address in my regular subnet. * You should add ether8 to the interface list LAN, so the firewall ...

NA9D

OK. Trying to make this off-bridge port. Below is what I have set up, but if I disconnect the SFP port and connect port 8, I get no connectivity. I'm not able to ping 192.168.1.254... What am I doing wrong... /interface ethernet set [ find default-name=ether1 ] l2mtu=9216 mtu=9216 set [ find default...

NA9D

I am not really aware of the behavior of bridges in Linux. I am aware of how VLANs work in systems like Cisco, HP, Ubiquity, etc. I know the bridge is basically the overall fabric of the switch. Right now, I have created all my VLANs, assigned IPs to them, but they are all just assigned to the bridg...

NA9D

So I'm adding VLANs to the Mikrotik. Here's what I am seeing so far, but I am not sure I am doing it correctly: /interface vlan add interface=bridge mtu=9212 name=vlan10 vlan-id=10 ...... /ip address add address=192.168.1.1/23 comment=defconf interface=bridge network=\ 192.168.0.0 add address=10.0.1...

NA9D

Yes, we trade stability and performance for cost. You hit the nail on the head! You'd be amazed how funky people get about being able to view their TV! As for trunking up to the rb5009, it's not a concern of the hardware, it's more of the idea of the amount of constant traffic over the link. It runs...

NA9D

Another slight possibility, I don't know if this will work at all, it depends a lot on the L3 switch. You could reconfigure the DHCP server on the 5009 to point the default route of the LAN network at the L3 switch IP Address. Then the devices would send their packets to the switch (for both intern...

NA9D

[...] OK. So the VLAN for the 192.168.0.0/23 stuff is easy as it's already on its own VLAN since you can't use the management VLAN for routing. So that's easy - add it to a trunk. Now the problem is the 10.0.0.0 data. I could add every VLAN to the trunk except now we are going to be passing gigabit...

NA9D

The question is how do I force my switch to send all LAN subnet traffic to the router instead of direct. I tried adding a route and it didn't do anything.

NA9D

It actually makes sense now. Your network design with the mismatching prefix lengths and real-time switching of vlans is not networking best practice, but whatever works for you. Maybe if you haven't started out 10 years ago, you could make use of more modern multicast protocols, but you goal is ob...

NA9D

A further comment. So part of what I do that requires a lot of bandwidth is we can capture images on our devices and view them on the computer. This integrates well with my software that controls the system. The newest and highest end devices have an MJPEG stream option but we can still capture imag...

NA9D

This is a really long post but you guys wanted to know the details so here you go.... This is again where a diagram would be infinitely useful. It can be ascii art or whatever. See below and I'll explain in more detail after I answer your questions What is the situation? Am I correct: * The thingies...

NA9D

Just a guess, but regarding the triangular routing issue: NA9D, you mentioned having a Layer 3 switch configured with all your VLANs and your 192.x network. Is this switch capable of inter-VLAN routing? If so, it might help eliminate unnecessary hops and improve efficiency, as traffic between the V...

NA9D

Solution 2 This is the one I would encourage. Configure the L3 switch to send traffic to 192.168.0.0/23 through the Mikrotik. This done by: * Allocate a subnet just for routing purposes. Let this be 192.168.111.8/30. This subnet has to be defined both on the Mikrotik and the L3 switch. This subnet ...

NA9D

I’m all ears for how to solve that. Do I have something wrong on my switch? Traceroute from my 10.0.0.0 devices out to a LAN device does not go through the router. So seems like that’s where I need to fix this?

NA9D

OK. Quick answer. Removed all but the route entries and performance slowed back to a crawl. Added back in the notrack RAW entries and it all is working fine: /ip firewall raw add action=notrack chain=prerouting dst-address=10.0.0.0/8 in-interface=\ bridge src-address=192.168.0.0/23 add action=notrac...

NA9D

By the way the route: /ip route add disabled=no dst-address=10.0.0.0/8 gateway=192.168.1.198 routing-table=main suppress-hw-offload=no creates a routing situation where packets may be (will be) sent back and forth between your Mikrotik and your L3 switch. Consider the case that on the 10.0.0.0/8 ne...

NA9D

I think I’ve done that. But for clarity: WAN is just cable internet. That’s it. Cable modem with 2.5 Gbit connection going to port 1 on the router. 10 Gbit fiber connection to my L3 switch. LAN is on 192.168.0.0/23 subnet. I also have a number of VLANs that are all in the 10.0.0.0/8 subnet. The rout...

NA9D

Just a little addendum: For now I would skip the raw rules entirely. Configure everything to your satisfaction. Verify. Measure. And if you want/need more performance, add them back in. OK. I'm confused. 1.) Creating just the route by itself does not work well. That's why I am here. 2.) rplant sugg...

NA9D

Table refers to Routing Table(s). There is the main table which holds the majority of routes ( associated with IP addresses and subnets ) WAN etc. Special Tables...... not in main, created by admin for the purposes of sending traffic out a different table than the normal routing tables normally use...

NA9D

Cool. What is *not* needed: * fasttrack cannot (and silently will not) be applied to notracked traffic (fasttrack modifies the conntrack entry, which is nonexistent for untracked) - for a given traffic it is either/or * the routing rules - the default is to look at the main table for any routing de...

NA9D

Quick update... After applying these settings, I set the router up for my LAN address space, DHCP pool, static leases, etc. I then put it into the network... Wow. What a difference! It's now forwarding all the traffic beautifully! I don't know which if all the items I listed in the post above are al...

NA9D

Here's the route: Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; c - CONNECT, s - STATIC; H - HW-OFFLOADED Columns: DST-ADDRESS, GATEWAY, DISTANCE # DST-ADDRESS GATEWAY DISTANCE 0 IsH 10.0.0.0/8 192.168.1.198 1 DAc 192.168.88.0/24 bridge So far the Mikrotik CLI has not been very kind to me. I've hard...

NA9D

OK. I think I found the spot in the firewall section to add the rules under RAW. There is also a section in firewall rules where you can set a fasttrack connection which has hardware offloading. Is that something to use as well? And when I now go into the routing table rule, it now shows the rule as...

NA9D

Thanks all, Let me look some more at the docs and see if I can figure some of this stuff out. Very informative. Right now, I don't have much of a config in the router as I had factory defaulted it. So let me start playing with it some more, make the changes and test it out. Then if needed, I can rep...

NA9D

OK so help me with the rules please: rule 1: in interface = bridge, src ip address=192.168.1.0/24 dest ip address = 10.0.0.0/8 action = notrack rule 2 in interface = bridge, src ip address=10.0.0.0/8 dest ip address = 192.168.1.0/24 action = notrack Here's what I see in the router when setting up th...

NA9D

From Device on 192.168.1.x network to 10.0.0.0/8 likely goes from device to 5009 then to Switch then to 10.x.x.x device. (Hopefully often the 5009 will issue a redirect so traffic from device on 192.168.1.x will know to go direct to Switch, but device might well ignore it) That would be 100% correc...

NA9D

No. I’m simply setting the route between subnets with the switch at the gateway. The L3 switch is doing the routing between VLANs.

The router is redirecting any traffic for the 10.0.0.0 network to the L3 switch.

NA9D

The VLANs are all on the switch. Just the routing table is on the gateway device.

NA9D

I haven't given IP addresses to the specific interfaces. When I'm using maximum data, I'm pulling a total of about 600 Mb/s from maybe 10 different VLANs. But your comment about basically making the L3 switch the LAN router has a lot of merit. The switch is obviously able to handle routing all the t...

NA9D

weird. 5009 should handle 2gb of traffic like it's nothing. i vote misconfiguration. It's not 2gbit of traffic. It's handling the routing between my LAN and my VLANs. Speed across the LAN and out to the internet was fine. I was able to run speed tests from multiple computers and was easily getting ...

NA9D

And let's put it this way - if there's something else I need to do to speed up the routing across the router, then great. I would love to keep it. Let me explain my network. I have a main LAN in the 192.168.0.0/23 subnet. I have multiple VLANs that are all segments of the 10.0.0.0 subnet. These VLAN...

NA9D

Oh no. It was tremendously slow. Connectivity was there. Just extremely slow. Unless there is something more to do in this device than just setting a static route in the routing table. Put my EdgeRouter X back in (which has hardware offloading) and everything is working great. Really wanted to use t...

NA9D

Thanks everyone for the replies. I appreciate it. This is really too bad. Great device otherwise. Already have it removed from my network and boxed up.

NA9D

I will be returning it to Amazon in the US. I’m bummed. This is a great router otherwise. But I need the L3 hardware acceleration. With my application, the way it is right now is just way to slow and unusable. I can’t even load a web page from a device on the second network. My previous $100 Ubiquit...

NA9D

Thank you. Well that answers that...Back to Amazon it goes!

NA9D

Hi all, Just yesterday I received my RB5009UG+S+ and I am trying to set up Hardware offloading for Layer 3 routing. I upgraded to RouterOS 7.17. According to the online docs, I should be able to enter these commands in the terminal /interface/ethernet/switch set 0 l3-hw-offloading=yes /interface/eth...

Search found 74 matches