MikroTik

pimmie

It's running wifi-qcom-ac indeed

pimmie

What devices/arch are you using, `wifi-qcom` or `wifi-qcom-ac`? As mentioned, similar 2Gz-only devices still connect fine on the AC3 but not on the AX2 since upgrading to v7.16.1. Both devices are fully upgraded to v7.16.1 and both were using shared security profiles with WPA2 & WPA3 since forev...

pimmie

See viewtopic.php?t=212826, might be related?

pimmie

Since forever I've been using shared security settings for both 2Ghz & 5Ghz networks, i.e. the security settings set a single password to be used for both WPA2 & WPA3. Unfortunately since upgrading to v7.16.1 (upgraded both ros as rb, didnt try 7.16.0), this shared security setting complete ...

pimmie

There was a similar post some time ago and that op posted more details: https://forum.mikrotik.com/viewtopic.php?p=1068656#p1068656 Ignoring the exact use-case, I have used a mAp lite myself when traveling to 'bridge' hotel wifi networks for my laptop and/or phone. I guess that's similar as what you...

pimmie

You could try to use a USB-tester to check if the ax3 is at least supplying a normal usb voltage (5V). If for whatever reason the ax3 delivers a higher voltage then that could probably be a reason for your USB dongles getting ruined. Although it seems unlikely, it's not impossible... Did you also pl...

pimmie

1) Never (at least not on purpose, I guess I used it as it auto loads/saves per device?) 2) Start a new winbox or user session? 3) As far as I now understand, sessions are basically user-defined UI presets? If so, don't use file options like Open/Save but have a dropdown with all listed presets and ...

pimmie

Have you tried setting the interface template for the gre interface to a network type of ptp-unnumbered instead of just ptp? Have no xp with Juniper, but that resolved it for me a couple of times. Even though the neighbour did have an IP address and each device could ping each other's GRE-tunnel ip

pimmie

Sure, but sometimes that's not how learning new things work. And aren't we all here to learn things we didn't knew yet?

pimmie

Shouldnt you be using `/system/package/update/check-for-updates` and `/system/package/update/download` ? Or is that v7 only?

pimmie

Can you reproduce the issue with a site like this too: https://websocketking.com/? After loading the page make sure to connect to the demo/echo endpoint and wait for the log to say `Connected to wss://echo.websocket.org`. Asking because the youtube streaming platform might bring quite a bit of compl...

pimmie

You should also be able to change the width of each column yourself? Hover with your mouse between two column headers, note that the mouse pointer turns into a double arrow and then drag left/right while holding the left mouse button to change the column width. If that doesn't work maybe one of styl...

pimmie

Ok, with such an attitude I guess you are not seriously trying to resolve the issue then. If you are serious, be nice towards people who are trying to help you and read up on https://debug.guide/.

Debugging like that guide specifies is part of real life for technicians too!

pimmie

Can you reproduce the issue on a clean RouterOS install with a minimal configuration?

Do you have Private Wifi enabled on iOS? Also latest iOS installed, I think that's 17.4.1?

pimmie

Their privacy policy starts with The company Amnezia (hereinafter – the "company", "we", "us") , but nowhere do they seem to give more information about that company, like where are they located (ie under which jurisdiction to they fall)? They say that data can be trans...

pimmie

Why would you still use IKEv2 as opposed to wireguard? For a site-to-site I can see why IKEv2 might still have some advantages, but not sure why it would be beneficial for a phone/road warrior?

pimmie

To be clear, are you taking about Apple iOS or Cisco IOS?

pimmie

The dst-address are not needed in the routing rules, you should remove those. Only add a rule that says `interface=ether2-Client1 action=lookup-only-in-table table=to_Client1` etc It might help to divide the task up into smaller steps so you limit the amount of complexity and things that can go wron...

pimmie

Installed in a village-hotel with around 180 rooms.
...
1) Powers tx at 10/16 dBm,

- 180 rooms and 200 APs? Does that mean that every room has a single AP, how big are those rooms?!
- How did you decide on 10/16 dBm?

pimmie

I don't think that's possible currently unless you implement a script to monitor the address list for you and update the dst-nat rule if needed. I agree with you that it would be nice if it was possible to use (single) host aliases everywhere (ie also outside ip firewall) using either an ip or mac a...

pimmie

It's never advisable to try to circumvent restrictions put by your employer on your business laptop, often this can be grounds for a discharge. For many, many reasons it's best to just not use your business laptop for private stuff, and giving your diagram it seems you are even trying to pull this o...

pimmie

Your example rule might be a bit too minimalistic, what are you trying to do exactly? A list means N addresses, but dst-nat can only forward traffic to 1 address.

pimmie

@patterno

You are at least missing a routing rule, you've created a routing table but those are empty atm and you have to add each client ethX to the correct table using a routing rule (with action=lookup-only-in-table).

And the static routes you added should be tweaked a bit more too

pimmie

Write a blog post about the DO's and DONT's you experienced while setting this up so that others can learn from your experience and maybe even prevent them from making the same mistakes you did. F.e. how did you implement routing and authentication?

pimmie

So I have set a VPN interface as the default 0.0.0.0/0 route on the main routing table Personally I have a strong preference for the other way around, just let the main/default routing table handle 'normal' traffic and use a custom routing table for vpn's and other complicated routes. That way it's...

pimmie

Yeah, it's starting to get confusing but I also meant the dst-address of the business client not network client. As in I assume that client 1 has their own external ip A.B.C.1 that was being forwarded to 192.168.150.150 and client 2 had A.B.C.2 that was also being forwarded to 192.168.150.150. In an...

pimmie

Also when trying to start Webex conference calls with the Routing turned on, it takes about 3 minutes to start the call @howdey57 If speed is ok then why did you mention the above? Which DNS servers do you expect the clients to exit in the UK to use? In your config all 65.x clients seem to use `dns...

pimmie

@tangent OP said the following and I assume he meant that each client has a separate external ip / network range they are on entirely separate networks @pattemo Assuming the two servers can already be reached at the moment, can you draw a network diagram of how it works now? And how/why does the new...

pimmie

I think you should be able to add two routing tables, add each interface to their own routing table (using a routing rule) and then use a mangle rule to forward incoming traffic to either routing table using a routing mark.

pimmie

By doing it. But most importantly learn about how network technologies work in general, not just how to do something in RouterOS. F.e. if you want to setup a VPN connection, do you mean Wireguard, Ipsec or OpenVPN? Learn about the differences, then read up about the one you choose. Only after that y...

pimmie

Personally I would probably just wait unless the lower wireless speed is actually costing you (more than) the cost of an ax3. Afaik Mikrotik hasn't announced anything yet but given that WIFI7 devices are being certified, Qualcomm already has multiple WIFI7 platforms available, I wouldn't be surprise...

pimmie

Slow network could also be an indication of a MTU/MSS issue. You dont seem to have any change-mss mangle rules? My advise would be to start with a ping and follow those packets to see if they follow the expected path both in FR as UK using torch/tcpdump. If a standard ping works, try to set the size...

pimmie

Im not super well adversed in network design and am looking for advise how to setup this following network diagram (diagrams.net link) Couple of remarks: Each site / router RN is connected with each other through a (partial) mesh wireguard setup The routers will be a mix of routeros and linux device...

pimmie

Is the difference in output for the ping command when using count=2 vs count=3 expected? See output below, for count=2 there is no summary line printed. For count=1 I can understand why RouterOS doesn't print a summary, even though for scripting purposes it would be nice to be able to always toggle ...

pimmie

Although that is a workaround/solution for now it rounds up to a bit of a hacked together switch. With that said, for myself, I plan on buying a CRS328-24P-4S+RM to solve my POE and 10Gbit needs for now. With it's 4x SFP+ it will allow me to uplink my router (CCR1009) with 10Gbps and then my deskto...

pimmie

Well that seems slightly silly. Why the double NAT? Just have the Hex do all the routing and turn the 2011 into a switch and AP (if your's is wireless). The Hex has a better CPU and more memory. I fully agree with this, the Hex is much faster in (almost?) all aspects. What I did was export my confi...

pimmie

Not bad at all. Wish they'd make a "cheap rackmount" version of this too!
Maybe someone will make a bracket that can hold 1-3 of these in a 1U panel?
Could be made to fit some other MikroTik models as well...

Already exists, MaxxWave MW-RA-750-3

pimmie

So just to confirm what i am reading, Hex v3 to Strongswan ipsec in transport will yeild somewhere around 100Mbits, and in tunnel can yield more? I want to put one of these in front of my 2011 for the aes128 HW encryption wanna make sure i can hit at least 75/75 Finally received a RB750Gr3 yesterda...

pimmie

As a follow up for other people facing this problem, after help from Uldis he found the issue to be the vlan interfaces on the cap device (the rb2011 in my case). Their interface should be bridge-local and not ether1, so like this: rb2011 config (cap): /interface vlan add interface=bridge-local l2mt...

pimmie

I have been looking at this for a couple of days and unfortunately I can't find what I am doing wrong, hopefully someone here can point me in the right direction. I am trying a simple setup, a CRS125-24G-1S as CAPsMAN and a RB2011 as CAP. The test I am running is for two ssid's, a public ssid (ssid-...

pimmie

Resolution I received by email from Mikrotik support:

in RouteroS 6.x it will not be possible to bring all this information together. You will have to wait till RouterOS 7.x release to see what hosts on what port are available.

pimmie

the oid mac-address / .1.3.6.1.2.1.2.2.1.6.1

Sorry, I copied the wrong oid. It should be .1.3.6.1.2.1.17.4.3.1.2

pimmie

As I also have some projects coming up, I wonder if Mikrotik/Normis could give some rough estimate when the 3011 and hAP ac will become available? A small follow up for fellow anxious waiters; we gave Mikrotik a call and on the phone they said both devices should be available end of Q3 / last week ...

pimmie

I have been using the oid mac-address / .1.3.6.1.2.1.2.2.1.6.1 as well to monitor connected devices on my switches and experienced the same issue with RouterOS as pe1chl describes. To me this sounds as a bug in the system. As pe1chl indicates the correct information is actually available in WinBox (...

pimmie

As I also have some projects coming up, I wonder if Mikrotik/Normis could give some rough estimate when the 3011 and hAP ac will become available? Allthough I understand that you can't give us an exact date, it should be possible to give us a 'within 1, 2 or 3 months' date range. E.g. if you already...

pimmie

RB3011 is cool upgrade for 2011 (esp all gigabit and full-size USB), but why not go for dual-band AC wi-fi as well. Maybe not in all versions, but at least as a top one? With such it can be an outstanding home/soho router, without - just very nice one. :) P.S. It is somewhat strange to have dual-ba...

pimmie

Does the 3011 series also include dual band 5Ghz by default or do we need to buy/switch miniPCIe cards ourselves? As the specs of the 2011 are quite similair to the CRS125 series, are there plans to upgrade the CRS125 series as well with the new ARM processor? A 3011 or CRS125v2 with dual band 2.4/5...

Search found 47 matches