Community discussions

MikroTik App

Search found 13486 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 45
by mkx
Tue Dec 24, 2024 11:58 pm
Forum: Wireless Networking
Topic: Mikrotik AX PTP Netmetal AX
Replies: 11
Views: 568

Re: Mikrotik AX PTP Netmetal AX

not only does the ping drop, but the connection is also interrupted
Which connection? The wireless link? Winbox management connection?
by mkx
Tue Dec 24, 2024 3:51 pm
Forum: Wireless Networking
Topic: Mikrotik AX PTP Netmetal AX
Replies: 11
Views: 568

Re: Mikrotik AX PTP Netmetal AX

Looking at ping responses is mostly useless. If link is fully utilized, then those pings will get queued and seemingly dropped ... in reality they will likely get around but with round trip delay larger than 1s (which is usual timeout value), responses will be ignored by ping application. Try to run...
by mkx
Tue Dec 24, 2024 3:33 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 264
Views: 86399

Re: v7.17rc [testing] is released!

New beta 7.18 for christmas? I wish Not likely. So far, beta only came out after previous version was released as stable. 7.17 is still Release Candidate and folks @MT are running out of time ... it's almost Christmas eve, Latvia is at UTC+2 which means it's 3:30 PM and almost end of office time.
by mkx
Tue Dec 24, 2024 12:09 pm
Forum: General
Topic: Question related to "RouterOS bridge mysteries explained"
Replies: 8
Views: 433

Re: Question related to "RouterOS bridge mysteries explained"

@HeptaZ, did you read through excellent Using RouterOS to VLAN your network tutorial?

Because most of discussion in this thread is about VLANs and they are explained pretty well in the tutorial I linked above.
by mkx
Tue Dec 24, 2024 12:02 pm
Forum: General
Topic: Problem with smtp gmail and tls setting
Replies: 3
Views: 193

Re: Problem with smtp gmail and tls setting

There are things to be set-up on gmail side, check their article: https://support.google.com/a/answer/2520500?hl=en

Then it could be TLS support mismatch. AFAIK ROS supports up to TLS 1.2 and some sites already require minimum of TLS 1.3 (not sure if gmail does).
by mkx
Tue Dec 24, 2024 11:23 am
Forum: Wireless Networking
Topic: Mikrotik AX PTP Netmetal AX
Replies: 11
Views: 568

Re: Mikrotik AX PTP Netmetal AX

Check setting of property configuration.distance . Here's description: distance () Maximum link distance in kilometers, needs to be set for long-range outdoor links. The value should reflect the distance to the AP or station that is furthest from the device. Unconfigured value allows usage of 2 km l...
by mkx
Tue Dec 24, 2024 11:18 am
Forum: General
Topic: access to MKT even though its offline
Replies: 3
Views: 190

Re: access to MKT even though its offline

If there's a chain of accessibility (i.e. you can access R1 but cant access R2 directly, while R1 can access R2), then you can use CLI (ssh, MAC telnet, normal telnet) if any of these is allowed on R2. ROS includes clients for all mentioned protocols. The only issue is with MAC telnet, ancient versi...
by mkx
Tue Dec 24, 2024 11:13 am
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 153
Views: 19724

Re: hap ax3 random wireless disconnects

Mikrotik app for Android shows the following value of dtim-period setting:

It might be artifact (by Tik app) for not having property set at all ... in which case default value (1) would be used.

When in doubt, always use CLI to verify ... and report a bug in UI to MT to get it fixed.
by mkx
Tue Dec 24, 2024 10:36 am
Forum: Wireless Networking
Topic: HAP ax3 : still support 2.4G standard B or not ?
Replies: 2
Views: 169

Re: HAP ax3 : still support 2.4G standard B or not ?

Setting of band property on new wifi actually only limits the newest generation of wifi technology but allows all the older. So by setting band=2ghz-n one is allowing B, G and N, but not AX. When constructing AP for really old devices, one has to be extra careful with security settings: B-only devic...
by mkx
Tue Dec 24, 2024 9:27 am
Forum: General
Topic: Rb 951 configuration
Replies: 2
Views: 157

Re: Rb 951 configuration

I'm trying to configure my rb951 to access Internet from ISP router but after setting the static IP ( 192.168.100.100/24) and checking routes and when I try to ping google.com Does your ISP support DHCP as means of obtaining IP config for clients? If it does, then use it, it's usually less error-pr...
by mkx
Tue Dec 24, 2024 9:15 am
Forum: Beginner Basics
Topic: Help needed - How to mitigate DDOS atacks with dns
Replies: 18
Views: 1236

Re: Help needed - How to mitigate DDOS atacks with dns

I’m sure I listened to a MuM talk once that forwarding a packet to black hole takes less CPU than dropping? If there's a very effective way of doing it. Otherwise I doubt it. But whatever one does, packets definitely have to be silently dropped (as opposed to rejecting them with ICMP port unavailab...
by mkx
Mon Dec 23, 2024 2:23 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 153
Views: 19724

Re: hap ax3 random wireless disconnects

Had same issues, changed DTIM values to 3 for 5GHz (it was 10 by default), the same was proposed upper in the thread, 2 days - no disconnects so far. A random thread from quite some time ago ... which concluded that DTIM interval longer than around 3 can (and will) cause problems with certain stati...
by mkx
Mon Dec 23, 2024 12:58 pm
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 51
Views: 6174

Re: Newsletter #122 | December 2024

But it seems the CRS304 can FastTrack at 1700 which would be acceptable for a 2.5G WAN. Not in my book. I'm paying monthly fee to ISP and I certainly want to have hardware which can use all of what I'm paying for. Otherwise I can save a few euros (every month) and live with slightly slower WAN link...
by mkx
Mon Dec 23, 2024 12:50 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 264
Views: 86399

Re: v7.17rc [testing] is released!

Don't know how far 2.4ghz interference can go for USB3. The test computer is around 2/3 meters away from the next AP. The big problem is interference between locally connected interfaces (i.e. hAP ax3 with flakey USB3 stick plugged in and 2.4GHz radio ... USB3 activity will interfere with Rx path o...
by mkx
Mon Dec 23, 2024 12:26 pm
Forum: RouterBOARD hardware
Topic: Expanding the storage capacity of CRS520 [SOLVED]
Replies: 4
Views: 1032

Re: Expanding the storage capacity of CRS520 [SOLVED]

I'm here with @chechito wondering why TF? CRS520 comes with list price of almost 2200$ and power consumption exceeding 120W. So one doesn't really save much by not adding a small server to the network, a high-end raspberry pi would dance around CRS520 when it comes to server functions (stock samba v...
by mkx
Mon Dec 23, 2024 12:14 pm
Forum: Wireless Networking
Topic: WiFi Access Points Maxes at 300mbps D/L
Replies: 18
Views: 796

Re: WiFi Access Points Maxes at 300mbps D/L

... so I don't see how the hEX could have any influence on the problem Some interference in form of timing jitter affecting TCP window scaling? Experience with official test results says that figure listed under "Ethernet test results -> Routing -> 25 ip filter rules -> 512 bytes [packet size]...
by mkx
Mon Dec 23, 2024 11:54 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 264
Views: 86399

Re: v7.17rc [testing] is released!

CPU in hAP ax3 can shuffle around 2.5Gbps (look at test results for bridging) and that's pretty lean on CPU (no packet processing, only passing between two ethernet interfaces). With SMB there's plenty of processing involved. And USB in SoC IPQ-6010 is 3.0, so max 5Gbps (including overhead) possible...
by mkx
Mon Dec 23, 2024 11:45 am
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 51
Views: 6174

Re: Newsletter #122 | December 2024

What you showed looks like a really old product for legacy customers. 40G and very slow at routing. CRS devices are switches (remember this fact by heart!) ... and many can route at wirespeed if properly configured for L3HW offload (with certain limitations which are device class dependent). If any...
by mkx
Mon Dec 23, 2024 10:51 am
Forum: General
Topic: Question related to "RouterOS bridge mysteries explained"
Replies: 8
Views: 433

Re: Question related to "RouterOS bridge mysteries explained"

When port is used as stand-alone, then switch-chip passes frames to CPU (via cpu-facing bridge port) as they are ... then CPU does VLAN header manipulations (via VLAN interfaces attached to such stand alone port). So in this case no L2HW offload. It's rather similar when bridge is used ... and L2HW ...
by mkx
Mon Dec 23, 2024 9:25 am
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 51
Views: 6174

Re: Newsletter #122 | December 2024

One can get a 2x 25G card for 135 euro. Add processing power, necessary to route at 25+ Gbps and price tag is easily around 1000€ ... and you've got a mere 2-port router. And I'm pretty sure that such price tag is outside of MT users' comfort zone. So my guess is that we won't be seeing full 10Gbps...
by mkx
Sun Dec 22, 2024 6:57 pm
Forum: Wireless Networking
Topic: Audience backhaul issues
Replies: 4
Views: 294

Re: Audience backhaul issues

What do I need to consider for the additional units? The problem is that one wireless station can only be connected to one bridge at a time. This problem kicks in when e.g. you need a chain of APs like this: ethernet -> AP1 <- wireless1 -> AP2 <- wireless2 -> AP3 <- wireless3 -> AP4 (etc) Let's say...
by mkx
Sun Dec 22, 2024 5:01 pm
Forum: General
Topic: RouterOS bridge mysteries explained
Replies: 93
Views: 35030

Re: RouterOS bridge mysteries explained

@sindy if I understood correctly, there should be two "entities" capable of switching, the switch chip and the switching functional block in the cpu? In the context of bridge nyszeries explanation forget about switch chip (the real, piece of hardware). In this context, there's only switch...
by mkx
Sun Dec 22, 2024 4:25 pm
Forum: RouterBOARD hardware
Topic: Run Multiple VLAN With Single DHCP Server
Replies: 3
Views: 314

Re: Run Multiple VLAN With Single DHCP Server

Because we use existing device from several brand on our client, we need follow their default VID for their management. If it's only management, then you can bridge all 3 VLANs. I'll assume you have ether5 off-bridge and have something like this: /interface/vlan add interface=ether5 vlan-id=98 name...
by mkx
Sun Dec 22, 2024 4:07 pm
Forum: Wireless Networking
Topic: Audience backhaul issues
Replies: 4
Views: 294

Re: Audience backhaul issues

Also 50 cm can be too close. This. Depending on channel selected, but ... As I mentioned, I've got single Audience, so the 4x4 radio is used in AP mode as well ... and my tablet, which currently resides around 3m away (and 1.5m below) with LOS, shows signal strength of -35dBm. Which is on the highe...
by mkx
Sat Dec 21, 2024 1:06 pm
Forum: General
Topic: Problem with lower ports on CGNAT LTE conn
Replies: 4
Views: 342

Re: Problem with lower ports on CGNAT LTE conn

IMO it would be smart to ask MNO if they can give a public IP address and how much would that cost. I know a few MNOs who provide public IP addresses to those asking for one at small cost (or no cost at all).
by mkx
Sat Dec 21, 2024 11:16 am
Forum: General
Topic: How to reach a router behind a CGNAT? [SOLVED]
Replies: 10
Views: 662

Re: How to reach a router behind a CGNAT? [SOLVED]

BTH function is done exactly for such cases.
by mkx
Sat Dec 21, 2024 11:08 am
Forum: General
Topic: Problem with lower ports on CGNAT LTE conn
Replies: 4
Views: 342

Re: Problem with lower ports on CGNAT LTE conn

Some MNOs run firewall blocking certain types of traffic (typically with low destination port numbers because these are often used by servers). And some do CGNAT in a senseless manner. When those two worlds collide, anything can happen. Basically wireless broadband is mostly not fit for anything els...
by mkx
Fri Dec 20, 2024 11:52 pm
Forum: General
Topic: Moving Audience CAPsMAN config to RB5009 while retaining mesh functionality
Replies: 4
Views: 361

Re: Moving Audience CAPsMAN config to RB5009 while retaining mesh functionality

Using CAPsMAN to provision audiences' "public radios" (i.e. the ones serving normal client devices) gives opportunity of better client mobility ... APs, participating in client mobility, have to be controlled by single entity (e.g. CAPsMAN) for all the mobility features (802.11 r/k/v) to w...
by mkx
Fri Dec 20, 2024 11:41 pm
Forum: Beginner Basics
Topic: Unale to get OpenVPN to work on RBD52G-5HacD2HnD (Firmware: 6.49.17)
Replies: 9
Views: 758

Re: Unale to get OpenVPN to work on RBD52G-5HacD2HnD (Firmware: 6.49.17)

hAP ac2 can run v7 pretty fine. But : its 16MB flash is tiny and it's very likely it'll get full (and then all sorts of funny things start to happen). Base routeros v7 uses around 13MB of it, any wireless (legacy or new wifi) another 2MB or slightly more ... so not much free for config and/or additi...
by mkx
Fri Dec 20, 2024 1:46 pm
Forum: Wireless Networking
Topic: difference between vlan tag on wifi driver and bridge
Replies: 2
Views: 262

Re: difference between vlan tag on wifi driver and bridge

Generally it doesn't matter which way you do it if you configure wifi manually. In this case the only difference is if one uses multiple VLANs with single SSID, such scenario can't be implemented with bridge handling all VLAN tagging. If you use CAPsMAN and VLANs, then it takes lots of fussing (and ...
by mkx
Fri Dec 20, 2024 1:36 pm
Forum: General
Topic: The IP of the bridge is occasionally unavailable
Replies: 13
Views: 622

Re: The IP of the bridge is occasionally unavailable

How does profile output look like while pings are timing out?
by mkx
Fri Dec 20, 2024 1:31 pm
Forum: General
Topic: Moving Audience CAPsMAN config to RB5009 while retaining mesh functionality
Replies: 4
Views: 361

Re: Moving Audience CAPsMAN config to RB5009 while retaining mesh functionality

CAPsMAN doesn't configure backhaul ... which in usual AP installation is ethernet while in mesh it's the 4x4 radio (I guess it's called wlan2 when running wireless drivers, it's wifi2 when running wifi-qcom-ac drivers). Further more, radios loose their setup if they loose connectivity towards CAPsMA...
by mkx
Fri Dec 20, 2024 10:18 am
Forum: General
Topic: NAT cannot record real IP addresses
Replies: 8
Views: 512

Re: NAT cannot record real IP addresses

The second rule hints at use of hairpin NAT because in-interface=bridge to-addresses=192.168.88.244 ... default config has 192.168.88.0/24 on LAN and bridge is the interface used by roouter to talk to LAN. And if that's how you need it, then you need the masquerade rule which obfuscates actual src-a...
by mkx
Fri Dec 20, 2024 9:23 am
Forum: General
Topic: NAT cannot record real IP addresses
Replies: 8
Views: 512

Re: NAT cannot record real IP addresses

It's the last rule (masquerade) which messes src-address. In principle it's not needed unless you require "hairpin NAT" ... in which case thrte's no way around it.

Unless you create separate IP subnet fot the server.
by mkx
Fri Dec 20, 2024 9:17 am
Forum: Beginner Basics
Topic: RB5009 in the hands of a newbie, Gateway problem
Replies: 17
Views: 1183

Re: RB5009 in the hands of a newbie, Gateway problem



Don't think so.
Not on RB5009 with 8 ether ports :lol:
Then they should have called it the RB5008 LOL
Then use port 8, use your imagination, drink some moose milk!!!
5009 is indeed an odd number for a router ... specially because it's even :lol:
by mkx
Thu Dec 19, 2024 11:08 pm
Forum: General
Topic: NTP Synchronization Issue with HMI in a Router-Switch Setup
Replies: 3
Views: 317

Re: NTP Synchronization Issue with HMI in a Router-Switch Setup

Verify on Mikrotik that NTP client is properly synchronized. Without that, NTP server won't allow further clients to synchronize to it. ROS NTP server doesn't use own RTC as time source (among other reasons because MT hardware doesn't have RTC).
by mkx
Thu Dec 19, 2024 7:23 pm
Forum: Beginner Basics
Topic: Wireless Bridge
Replies: 9
Views: 606

Re: Wireless Bridge

Move DHCP client from ether1 to "JJMarketing Wireless Bridge". Also remove comment on DHCP client as your device doesn't have WAN interface. Two other minor things: remove bridge with name bridge1 ... it's not used at all setting names of items to settings with spaces in them makes config ...
by mkx
Thu Dec 19, 2024 4:28 pm
Forum: Beginner Basics
Topic: Wireless Bridge
Replies: 9
Views: 606

Re: Wireless Bridge

As I wrote: provide us with actual configuration and we'll proceed from there.
by mkx
Thu Dec 19, 2024 4:27 pm
Forum: Beginner Basics
Topic: problem with vlan configuration
Replies: 10
Views: 561

Re: problem with vlan configuration

You've set 192.168.10.1/24 to one interface and 192.168.10.2/24 to the other interface. Every normal device will assume these two addresses are in same subnet and hence directly accessible without explicitly using router. And bridge is here to pass traffic from ether1 to ether2 (with appropriate VLA...
by mkx
Thu Dec 19, 2024 4:17 pm
Forum: General
Topic: Issues with MikroTik Router Upgrades
Replies: 6
Views: 493

Re: Issues with MikroTik Router Upgrades

I have some problems with my MikroTik Routers. I plan to upgrade all MKT devices from version 6.46.6 to 7.16.1. I think that MT would recommend you to use ROS built-in updater (under /system/packages/update). As already mentioned, there will be a few steps: while running 6.46.6, upgrade it to lates...
by mkx
Thu Dec 19, 2024 4:05 pm
Forum: Beginner Basics
Topic: Wireless Bridge
Replies: 9
Views: 606

Re: Wireless Bridge

Basically your list of tasks performed seems about right for an AP/switch combo ... which then needs another device acting as router / DHCP server / etc in same ethernet network. Can you post current configuration? Open terminal window (from GUI) or connect to device using SSH. Then execute command ...
by mkx
Thu Dec 19, 2024 11:01 am
Forum: RouterBOARD hardware
Topic: 5009 version with wifi ?
Replies: 62
Views: 3632

Re: 5009 version with wifi ?

I have no closet solution. There are devices with better form factor (and WAF) than RB5009 when it comes to placing/mounting anywhere else than inside rack. To be absolutely clear: I'm not saying that there's no place for wireless routers any more ... my main point being that RB5009 / L009 form fac...
by mkx
Thu Dec 19, 2024 10:59 am
Forum: General
Topic: Is my routerboard RB750r2 Bricked? No response from router for netinstall
Replies: 4
Views: 363

Re: Is my routerboard RB750r2 Bricked? No response from router for netinstall

I have tried doing a netinstall as follows: 1. Press and hold reset button 2. Insert power cable. 3. Wait for flashing act light, continue to wait for On act light, continue to wait act light off. then release reset button. [snip] Running wireshark on the used ethernet I can see the routerboard sen...
by mkx
Thu Dec 19, 2024 8:33 am
Forum: RouterBOARD hardware
Topic: 5009 version with wifi ?
Replies: 62
Views: 3632

Re: 5009 version with wifi ?

IMO the big problem with powerfull wireless routers is the fact that with increasing "mainstream" wifi frequencies (5GHz now, 6GHz coming) it's necessary to deploy multiple APs on the same area where with 2.4GHz APs it was enough to have single AP. And those multiple APs have to be positio...
by mkx
Thu Dec 19, 2024 8:08 am
Forum: Wireless Networking
Topic: CapsMan - can't get 20Mhz channels on 2.4Ghz [SOLVED]
Replies: 6
Views: 557

Re: CapsMan - can't get 20Mhz channels on 2.4Ghz [SOLVED]

About 160MHz channel width, that's for APs capable of using it. First one which can is wAP AX (and it works just fine 8) ). Actually ... audience was first 8) : 2 L radio-mac=2C:C8:1B:77:DE:EA tx-chains=0,1,2,3 rx-chains=0,1,2,3 bands=5ghz-a:20mhz,5ghz-n:20mhz,20/40mhz,5ghz-ac:20mhz,20/40mhz, 20/40...
by mkx
Wed Dec 18, 2024 11:39 pm
Forum: General
Topic: The IP of the bridge is occasionally unavailable
Replies: 13
Views: 622

Re: The IP of the bridge is occasionally unavailable

To the topic: so basically your core switch doesn't respond to every ping sent at, regardless of where it was sent from. So it might be something about core switch IP configuration (or it might actually be overloaded ... run CPU profiler and see if that might be the case). CPU total is about 16-24 ...
by mkx
Wed Dec 18, 2024 4:01 pm
Forum: General
Topic: The IP of the bridge is occasionally unavailable
Replies: 13
Views: 622

Re: The IP of the bridge is occasionally unavailable

Is it normal that the first interface has the same mac as the bridge? This is default behaviour if you don't set bridge MAC manually (bridge assumes MAC address of first member port). To the topic: so basically your core switch doesn't respond to every ping sent at, regardless of where it was sent ...
by mkx
Wed Dec 18, 2024 8:46 am
Forum: Beginner Basics
Topic: Assign IP address to a bridge?
Replies: 5
Views: 615

Re: Assign IP address to a bridge?

Can you provide some basic real world examples on when I need L3 access to the bridge from the CPU?

Management of said device (used as switch) from network connected to one of bridged ports.

Routing between single off-bridge port (WAN) and bridged ports (LAN).

Etc.
by mkx
Tue Dec 17, 2024 10:53 pm
Forum: Beginner Basics
Topic: Assign IP address to a bridge?
Replies: 5
Views: 615

Re: Assign IP address to a bridge?

Bridge has a few personalities, neatly explained in this tutorial: https://forum.mikrotik.com/viewtopic.php?t=173692 One of personalities is interface allowing CPU to communicate with L2 network joined together by bridge (the switch-like personality). If CPU is to communicate on L3 with devices memb...
by mkx
Tue Dec 17, 2024 8:42 pm
Forum: Wireless Networking
Topic: Help with creating wireless access to switch with managment VLAN
Replies: 3
Views: 332

Re: Help with creating wireless access to switch with managment VLAN

The DE FACTO guide on setting up VLAN for ROS https://forum.mikrotik.com/viewtopic.php?t=143620 Configuration, based on linked tutorial, will work fine ... but sloooowly because CRS1xx can't offload bridge config to switch chip. Instead one has to configure things directly on switch chip: https://h...
by mkx
Tue Dec 17, 2024 8:34 pm
Forum: General
Topic: When the WAN network card is bound to multiple IPs, there is an issue with the source IP for system remote logging
Replies: 6
Views: 512

Re: When the WAN network card is bound to multiple IPs, there is an issue with the source IP for system remote logging

It's possible to set pref-src property on static routes, e.g. /ip/route add dst-address=0.0.0.0/0 gateway=172.16.1.1 pref-src=172.16.1.30 Then router uses this address when making new connection using that particular route. But I don't know if the same selection applies if destination is in same IP ...
by mkx
Mon Dec 16, 2024 9:48 pm
Forum: General
Topic: "no enough permission" Error
Replies: 5
Views: 387

Re: "no enough permission" Error

... restore config from export (not backup!).

Or, better yet, start from default config and apply minimum changes required. It's possible that flakey config allowed exploit to succeed.
by mkx
Mon Dec 16, 2024 9:45 pm
Forum: Wireless Networking
Topic: No CAPsMan forwarding on new CAPsMan?
Replies: 17
Views: 1148

Re: No CAPsMan forwarding on new CAPsMan?

Whatever datapath settings from capsman config are enforced on CAP side. E.g. bridge name ...

How to split traffic? Most straight forward using VLANs (if not using wifi-qcom-ac driver on CAP) or some L2 tunneling (e.g. EoIP) if VLANs absolutely aren't possible.
by mkx
Mon Dec 16, 2024 9:37 pm
Forum: Wireless Networking
Topic: Replaced Router, must re-enter WiFi passphrase? [SOLVED]
Replies: 6
Views: 501

Re: Replaced Router, must re-enter WiFi passphrase? [SOLVED]

Some devices try to identify the network to set appropriate firewall setup (e.g. home/work/public) ... e.g. winfows does that. And among other information gateway's MAC address is taken into account. And I guess some (paranoid) devices might require re-entering pass phrase simply to make owner aware...
by mkx
Mon Dec 16, 2024 9:26 pm
Forum: Wireless Networking
Topic: CAPsMAN DHCP Server for CAP AX Client
Replies: 5
Views: 367

Re: CAPsMAN DHCP Server for CAP AX Client

... when using the previous generation access point, I only need to configure a profile in CAPsMAN that goes to each datapath. As I wrote: with new CAPsMAN there is no capsman-forwarding any more. Wireless interfaces, even though provisioned by CAPsMAN, are attached locally to CAP's bridge and loca...
by mkx
Mon Dec 16, 2024 9:04 pm
Forum: Beginner Basics
Topic: DHCP client - keep having link down [SOLVED]
Replies: 13
Views: 1051

Re: DHCP client - keep having link down [SOLVED]

Can you please point me where are the defaults firewall rules?
Open terminal and execute
/system/default-configuration/print

(as user with admin privileges)
by mkx
Mon Dec 16, 2024 8:57 am
Forum: RouterBOARD hardware
Topic: hEX refresh (E50UG) - router for gigabit internet?
Replies: 24
Views: 3220

Re: hEX refresh (E50UG) - router for gigabit internet?

wifi-qcom is an extra package. Dont install it. No drivers - no radio. I think the point is that WiFi module costs money that could have been spent elsewhere (better CPU, 2 Gbps eth1-CPU link etc) or just excluded to make the price less. Commodity hardware, used as heart of MT devices, often alread...
by mkx
Mon Dec 16, 2024 8:49 am
Forum: Wireless Networking
Topic: CAPsMAN DHCP Server for CAP AX Client
Replies: 5
Views: 367

Re: CAPsMAN DHCP Server for CAP AX Client

New wifi CAPsMAN doesn't offer capsman forwarding. Which means that without VLANs CAP is joining normal LAN. And traffic then normally doesn't hit CAPsMAN. When it comes to DHCP ... when DHCP client (WiFi station in your case) sends out DHCP Discovery , every DHCP server in same L2 broadcast domain ...
by mkx
Mon Dec 16, 2024 8:39 am
Forum: Wireless Networking
Topic: Band steering - "priority" to 5Ghz [SOLVED]
Replies: 55
Views: 40054

Re: Band steering - "priority" to 5Ghz [SOLVED]

Seems that connect-priority 0/1 improved the situation. Devices now do switch to 5ghz, but it does not seem due to actual steering, but because they eventually take that decision themselves. WiFi standards (802.11 anything ) don't standardize handovers (at decision of network entity), they standard...
by mkx
Mon Dec 16, 2024 8:24 am
Forum: General
Topic: ROS 6.49 - Device Discovery issue when VLAN is used
Replies: 4
Views: 1434

Re: ROS 6.49 - Device Discovery issue when VLAN is used

Does this problem still exist in Ros 7? This problem never existed for me, neither in v6 nor in v7. I cannot delete PVID on the bridge interface. You can't delete PVID ... but if you set bridge CPU-facing port with frame-types=admit-only-vlan-tagged , then PVID setting will become irrelevant. After...
by mkx
Sat Dec 14, 2024 8:57 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 267
Views: 32461

Re: wAP ax?

It shows who has everything to say in your household.

As if it's not the same in your household :-P


We are speaking about WAF here, not about HAlF :wink:
by mkx
Sat Dec 14, 2024 8:50 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1197

Re: L009 - don't like it...

Set aside the whining, I don't see a difference between hexs and L009: I don't have either hEX S nor L009 ... so only guessing: it could be that L009 doesn't allow PoE out if it's powered via PoE in ... while hEX S did? The fact is that PoE 802.3 comes with some stringent spcifications (which MT mo...
by mkx
Sat Dec 14, 2024 8:36 pm
Forum: General
Topic: How to configure bond with 2 switches and NAS [SOLVED]
Replies: 8
Views: 735

Re: How to configure bond with 2 switches and NAS [SOLVED]

What are my options to achieve 20gbps speeds ? I thought 802.3ad would give this with layer3+4 hashing, but even with multiple-streams (iperf3 -P) I get capped at 10gbps. I noticed that iperf3 is using same port for all streams, so I guess that can explain it. IMO you should stick to 802.3ad ... wi...
by mkx
Sat Dec 14, 2024 8:21 pm
Forum: Beginner Basics
Topic: DHCP client - keep having link down [SOLVED]
Replies: 13
Views: 1051

Re: DHCP client - keep having link down [SOLVED]

Generally I'd say that your current firewall is .... inadequate. IMO default rules are much better than yours. So I guess you have very good reasons for ditching default and implementing .... what you have now. However, it does seem weird if DDoS attack would cause your router to drop ethernet link....
by mkx
Sat Dec 14, 2024 12:16 am
Forum: General
Topic: How to configure bond with 2 switches and NAS [SOLVED]
Replies: 8
Views: 735

Re: How to configure bond with 2 switches and NAS [SOLVED]

My other Linux server that is 2x2.5G bonded on Linux side and is connected to Layer3 TP-link switch. I didn't have to do any config changes on switch to make this bond work. There are some bond modes, available in linux, which don't require switch to know there's bond involved ... but it works well...
by mkx
Sat Dec 14, 2024 12:03 am
Forum: Beginner Basics
Topic: DHCP client - keep having link down [SOLVED]
Replies: 13
Views: 1051

Re: DHCP client - keep having link down [SOLVED]

I can't see anything weird...

One line above the message about loosing DHCP lease it mentions link down on ether8-WAN ... so you'll have to investigate why link between your router and ISP device drops. There are plenty of possible reasons for that ...
by mkx
Fri Dec 13, 2024 4:55 pm
Forum: Beginner Basics
Topic: DHCP client - keep having link down [SOLVED]
Replies: 13
Views: 1051

Re: DHCP client - keep having link down [SOLVED]

... but randomly appears
dhcp-client on ether8-WAN lost IP address 89.XXX.XX.18 - lease stopped locally

Can you show us log lines immediately preceding the quoted message (a few tens of seconds of history should do it) ... in general anything related to ether8-WAN port or DHCP.
by mkx
Fri Dec 13, 2024 4:49 pm
Forum: General
Topic: CCR2004-1G-12S+2XS - Hardware switching features
Replies: 4
Views: 4216

Re: CCR2004-1G-12S+2XS - Hardware switching features

I bought this thing. It has 25G interfaces to be a typical bridge, but there is no way to transfer even 10G in bridge mode. Is this some kind of joke? You bought router which happens to have 2x 25Gbps ports (and some others). Official test results tell that thing can route at speeds between 5Gbps a...
by mkx
Fri Dec 13, 2024 3:34 pm
Forum: General
Topic: How to configure bond with 2 switches and NAS [SOLVED]
Replies: 8
Views: 735

Re: How to configure bond with 2 switches and NAS [SOLVED]

So nothing to be done on Linux itself ? Of course there is, bonds have to be configured on both sides of logical link. And bond mode (e.g. 802.3ad) has to match (Tx hash strategy can be different on both ends). I guess you didn't get feedback on linux-side config because that is largely of scope of...
by mkx
Fri Dec 13, 2024 8:26 am
Forum: RouterBOARD hardware
Topic: Where is the Audience AX?
Replies: 10
Views: 1136

Re: Where is the Audience AX?

Let's assume they are working on it.

You know what they say: assumption is mother of all f**ups. So let's not assume anything ... not with Mikrotik :wink:
by mkx
Fri Dec 13, 2024 8:18 am
Forum: General
Topic: Still no TLS 1.3?
Replies: 11
Views: 941

Re: Still no TLS 1.3?

As long as TLS 1.2 is still considered secure and ROS supports secure ciphers, I couldn't care less. Everything else is compliance BS. It's is not just about security, TLS 1.3 have more optimal handshake, less round trips. True. But when it comes to managing your router/switch/AP, how many hundreds...
by mkx
Fri Dec 13, 2024 8:14 am
Forum: Beginner Basics
Topic: Is device damage possible when using PoE switch?
Replies: 5
Views: 619

Re: Is device damage possible when using PoE switch?

... if for whatever reasons you applied an excessive voltage to ether1 I would expect It to fry, not the other ports.

If this happened, then this is quite a problem ... because netinstall works only ether1.
by mkx
Thu Dec 12, 2024 6:52 pm
Forum: RouterBOARD hardware
Topic: Where is the Audience AX?
Replies: 10
Views: 1136

Re: Where is the Audience AX?

I don't understand why mikrotik doesn't have some kind of roadmap...

Wait ... Mikrotik has a roadmap?

I'd love to buy an Audience ax or two as long as it's as good as current Audience (I simply love it).
by mkx
Thu Dec 12, 2024 6:44 pm
Forum: RouterBOARD hardware
Topic: CCR1016 / Temperature sensor defect?
Replies: 2
Views: 442

Re: CCR1016 / Temperature sensor defect?

There have been previous reports on this forum about CCRs with similar symptoms. All have been resolved by replacing capacitors in PSU and/or main board, which showed signs of failing (bulged ends). When doing it, make sure that replacement capacitors match capacity of original ones (too big differe...
by mkx
Thu Dec 12, 2024 9:09 am
Forum: Wireless Networking
Topic: mANT Box 52 15s setup
Replies: 1
Views: 205

Re: mANT Box 52 15s setup

Are ether1 and wlan2 members of same bridge? Broadcast packets are in principle not routed, only switched/bridged.

And possible misconception: if only traffic flowing is broadcast, then it'll only affect Tx counters not Rx (only port connecting to broadcast source(s) will show Rx activity).
by mkx
Thu Dec 12, 2024 9:06 am
Forum: Beginner Basics
Topic: Share 10Gb Internet connection ccr2004-1G-12S+2XS
Replies: 7
Views: 787

Re: Share 10Gb Internet connection ccr2004-1G-12S+2XS

Bridge is only necessary if one wants to switch between bridge member ports. If device is used as pure router (strictly routing between ports), then bridge is not needed (and if it's used then one has to take extra steps to block L2 communication between different ports).
by mkx
Thu Dec 12, 2024 8:37 am
Forum: Beginner Basics
Topic: RB960PGS as internal routers
Replies: 1
Views: 305

Re: RB960PGS as internal routers

Post textual export of configuration of your RB960PGS. I suspect that the problem is in routing indeed. Either you have to add routes to different remote locations on main router or you have to configure SRC-NAT on each of remote location routers. Personally I'd go for first option as it allows you ...
by mkx
Wed Dec 11, 2024 12:19 pm
Forum: General
Topic: IP Cloud (Dynamic DNS) down?
Replies: 101
Views: 14453

Re: mynetname is down ?

just use your own dns, set up a cname to the ugly domain name and problem solved. Is not. Even if your own DNS server can reply with CNAME record, clients still won't be able to resolve the serial.sn.mynetname.net ... the only way around it is to actually update A record on your DNS server whenever...
by mkx
Wed Dec 11, 2024 12:15 pm
Forum: Beginner Basics
Topic: Issue with Layer7 Protocol and Address List in RouterOS v7.16
Replies: 11
Views: 842

Re: Issue with Layer7 Protocol and Address List in RouterOS v7.16

It should match http://youtube.com but not a lot more.
AFAIK not even protocol (http), only host name, e.g. youtube.com ...
by mkx
Wed Dec 11, 2024 12:14 pm
Forum: Beginner Basics
Topic: Issue with Layer7 Protocol and Address List in RouterOS v7.16
Replies: 11
Views: 842

Re: Issue with Layer7 Protocol and Address List in RouterOS v7.16

As I already wrote: if those domain names are not sent from client towards server in plain text, then L7 matcher won't be able to match them. You can verify if this is indeed a problem by doing a wireshark recording (on client machine would be fine) and check initial few packets, sent from client to...
by mkx
Wed Dec 11, 2024 11:43 am
Forum: RouterBOARD hardware
Topic: Has Mikrotik finally solved port flapping issue in the newer hardware?
Replies: 43
Views: 19932

Re: Has Mikrotik finally solved port flapping issue in the newer hardware?

I have mentioned about this problem in 2019, fife years passed and still the same. CRS326 is unusable at all. Do you actually have problems with CRS326 or is only the stats which are worrying you? And an idea: screenshot shows really low port speeds (10Mbps, 100Mbps) for ports with most link downs....
by mkx
Wed Dec 11, 2024 11:29 am
Forum: General
Topic: Blocking Static IP assignments
Replies: 3
Views: 466

Re: Blocking Static IP assignments

Only on the bridge, as that's what the IP stack is linked to. The Ethernet interfaces are just member ports of the bridge in this setup. ... which also means that access to other networks (including internet) can be controlled in this way. But: communication between devices on same IP subnet (even ...
by mkx
Wed Dec 11, 2024 11:28 am
Forum: Beginner Basics
Topic: Issue with Layer7 Protocol and Address List in RouterOS v7.16
Replies: 11
Views: 842

Re: Issue with Layer7 Protocol and Address List in RouterOS v7.16

Almost definitely the two rules you showed are not full firewall config. Or is it? Regarding L7: almost everything now days works over encrypted communications (httpS) and almost every server/client combination supports TLS v1.3. In TLS v1.3 also SNI is encrypted, hence L7 regex rule in ROS can not ...
by mkx
Wed Dec 11, 2024 8:53 am
Forum: RouterBOARD hardware
Topic: Serving GPS data from a LAN-connected receiver?
Replies: 2
Views: 409

Re: Serving GPS data from a LAN-connected receiver?

Unfortunately, one drawback of my setup is that my location data is random. At one point websites think I'm in southern California, and then a day or two later I'm supposedly outside Chicago. AFAIK this has nothing to do with your actual physical location, it's got to do with some GeoIP databases ....
by mkx
Wed Dec 11, 2024 8:42 am
Forum: General
Topic: Limited Bandwidth on Thunderbird? [SOLVED]
Replies: 6
Views: 677

Re: Limited Bandwidth on Thunderbird? [SOLVED]

My experience with Gmail and IMAP is that when there are many messages in inbox (several thousand which in my case translates into a couple of gigabytes of space consumed), then sync rate plummets. IMO nothing to do with router.
by mkx
Tue Dec 10, 2024 3:42 pm
Forum: General
Topic: Winbox on arm64
Replies: 5
Views: 619

Re: Winbox on arm64

Drawback: you probably can not use MAC access (I'm not even sure you can do that using Wine, never used it myself). It's possible to use winbox over MAC using wine (just tried winbox 3.35 x64 in linux). For CLI over MAC I guess there's no real option now, MT doesn't provide MAC telnet client for wi...
by mkx
Tue Dec 10, 2024 12:24 pm
Forum: General
Topic: VLAN Experts' help needed
Replies: 14
Views: 1125

Re: VLAN Experts' help needed

Can you set one of ISP router ports as trunk port? Routers, provided by Telekom Slovenije, have option to set each port as either "data", "IPTV" or "both" ... the later being trunk mode. This way you'll get IPTV already (natively) VLAN tagged (and internet probably unta...
by mkx
Tue Dec 10, 2024 12:15 pm
Forum: General
Topic: VLAN Experts' help needed
Replies: 14
Views: 1125

Re: VLAN Experts' help needed

Just seeing lots of devices on the interface with torch that should not be there at all, nothing to do with IPTV multicast. If IPTV of Makedonski Telekom is anything similar to same thing of Telekom Slovenije, then VLAN for IPTV is switched for many IPTV customers ... and you will be able to see so...
by mkx
Tue Dec 10, 2024 9:23 am
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2
Replies: 13
Views: 1888

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2

... translating it to new CAPsMAN and wave2 will most likely be the next challenge once I've established a working VALN setup. So one step at a time... :) Well ... support for VLANs in wifi-qcom-ac package is next to none (while wireless has pretty good support), so if you're struggling with VLANs ...
by mkx
Tue Dec 10, 2024 9:08 am
Forum: General
Topic: Do AP's come with all router functions?
Replies: 19
Views: 1346

Re: Do AP's come with all router functions?

Normally "AP" are strictly AP's. All Mikrotik's APs (all are running ROS) are "wireless router" in parlance of many other vendors. Mikrotik doesn't have any "AP only" device at the moment (and never did so far, can't say anything about future models). However, it's pos...
by mkx
Mon Dec 09, 2024 3:05 pm
Forum: Beginner Basics
Topic: Strange IPv4 behaviour in a local network
Replies: 6
Views: 687

Re: Strange IPv4 behaviour in a local network

OK, post the config of your RB2011. Execute /export file=anynameyouwish from command line (terminal window), fetch resulting file off device, open it with your favourite text editor, redact any sensitive data (such as serial number, WiFi PSK, any other password) and copy-paste it here inside [ quote...
by mkx
Mon Dec 09, 2024 2:53 pm
Forum: General
Topic: Initial config of CRS304-4XG-IN?
Replies: 3
Views: 293

Re: Initial config of CRS304-4XG-IN?

I'm pretty sure that if you reset your CRS to defaults, it'll come out configured as "dumb switch" even when running ROS. The only item to be done after that is to adjust IP address if you don't like the one used by default. Shouldn't be too hard when using Webfig (just try to avoid Quicks...
by mkx
Mon Dec 09, 2024 2:50 pm
Forum: Beginner Basics
Topic: Strange IPv4 behaviour in a local network
Replies: 6
Views: 687

Re: Strange IPv4 behaviour in a local network

Just edited my previous post ... check addressing, it seems odd.
by mkx
Mon Dec 09, 2024 2:31 pm
Forum: Beginner Basics
Topic: Strange IPv4 behaviour in a local network
Replies: 6
Views: 687

Re: Strange IPv4 behaviour in a local network

The :ffff: notation of IPv4 addresses are not due to router, they are due to web server logging settings (quite usual if web server supports both IPv4 and IPv6). You're saying that communication across sebnets works using NAT? So where is the PC you're using to manage vacuum? And where's vacuum? Qui...
by mkx
Mon Dec 09, 2024 2:28 pm
Forum: General
Topic: CCR2216 - Issues
Replies: 11
Views: 1180

Re: CCR2216 - Issues

The text from product page you quoted was there before L3HW became available on CCR2216. It seems that L3HW got broken in latest stable ROS (7.16.2) ... it's likely it runs out of routes memory. And when using device "with several full tables", this likely gets triggered much faster than w...
by mkx
Mon Dec 09, 2024 2:21 pm
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2
Replies: 13
Views: 1888

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2

Apart from VLAN stuff (@anav already gave you some good advice) ... are you intending to use hAP ac lite as AP as well? If not, then you better remove wireless package and install wifi-qcom-ac on Audience, its wireless will really take off and fly. You'll have to use the new CAPsMAN (available under...
by mkx
Mon Dec 09, 2024 2:07 pm
Forum: General
Topic: DHCP server injects additional characters when using "DHCP Options"
Replies: 8
Views: 881

Re: DHCP server injects additional characters when using "DHCP Options"

My concern with this workaround is that when you append this null character to the filename, it's going to change the length and might confuse some PXE clients ("pxelinux.0" has lenght "10", but with null added it's going to be 11 (hex 1A) and I assume some clients might not lik...
by mkx
Sun Dec 08, 2024 11:10 am
Forum: General
Topic: Wi‑Fi 7 / 802.11be
Replies: 96
Views: 32073

Re: Wi‑Fi 7 / 802.11be

Guess who will be buying a tplink the first sale I see on their wifi7 products.......
No idea. Can you give us a hint?
by mkx
Sun Dec 08, 2024 11:00 am
Forum: General
Topic: Mangle and Fasttrack [SOLVED]
Replies: 9
Views: 3511

Re: Mangle and Fasttrack

What can I do?

By disabling fasttrack, processing gets much more CPU-intensive. Depending on router model used it often means that router is no more capable of routing at high speeds.
by mkx
Sun Dec 08, 2024 10:57 am
Forum: Beginner Basics
Topic: Help me to set a local domain.
Replies: 1
Views: 373

Re: Help me to set a local domain.

Basic thing is DNS ... and if you want to use domain name globaly, then you need to register your domain and name servers for it globally (through one of domain registrars). Your cloud provider can probably help you with it. This process is not RouterOS specific in any way.
by mkx
Sun Dec 08, 2024 10:50 am
Forum: Beginner Basics
Topic: Why can I nmap using public IP from LAN? [SOLVED]
Replies: 2
Views: 597

Re: Why can I nmap using public IP from LAN? [SOLVED]

When running default config, ROS relies on ingress interfaces rather than source or destination address. So when you try to establish connection to any of router's addresses , ROS first determines it's a connection to be handled by router itself ... hence it'll use FW chain=input. And then rules che...
by mkx
Sun Dec 08, 2024 10:36 am
Forum: Beginner Basics
Topic: VLAN config help request for Mikrotik and Cisco
Replies: 5
Views: 1111

Re: VLAN config help request for Mikrotik and Cisco

Is it possible to keep the switch in default Vlan = 1 mode and configure the vlan(10, 20, 30) only to build the network between the cisco ap and mikrotik router. It is possible. If you configure MT with "native VLAN", then VID=1 is used as native VLAN by default. So just don't configure V...
by mkx
Sun Dec 08, 2024 10:30 am
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1381

Re: Help with setup issues on RB951

@anav is saying that RB951U is like 15 years old model and if somebody sold it to you as new, then that business has some seriously old stuff on stock. Never mind that it's not officially declared as EoL, it's old never the less.

You still didn't tell us about ROS version running on your RB.
by mkx
Sat Dec 07, 2024 3:35 pm
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1381

Re: Help with setup issues on RB951

It could be other reasons as well ... @OP did not start with too many details, e.g. he did not mention exact model (there are 951U and 951G ... not that it matters in this case). Neither he mentioned ROS version and if it's an old one, it may have some vulnerabilities (fixed in last few years) which...
by mkx
Sat Dec 07, 2024 12:02 pm
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1381

Re: Help with setup issues on RB951

Of course it's always possible that router was compromised from LAN side (some computer running malware) so if things happen again, check your LAN clients (or restrict access to router management to a dedicated management port). That would mean a real weak passwd was used or someone in the 'trust' ...
by mkx
Sat Dec 07, 2024 11:29 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 264
Views: 86399

Re: v7.17rc [testing] is released!

I noticed that the "Total HDD size" is now reported as 16.0 MiB while I am sure it was like 15.2 MiB before, so that has changed in some recent release. Seeing your post I went to check my hAP ac2 running 7.16.2 ... and my hAP ac2 also shows 16.0MB total flash size. So this flash size inc...
by mkx
Sat Dec 07, 2024 11:22 am
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1381

Re: Help with setup issues on RB951

But just out of curiosity, what router would you recommend? Have a look at hAP ax2 (or hAP ax3). They have decent CPU built in and are not too expensive (wifi is a bonus, if you don't need it, you can completely disable it which reduces ROS footprint). Definitely come with one of best price/perform...
by mkx
Sat Dec 07, 2024 11:17 am
Forum: Beginner Basics
Topic: Help with setup issues on RB951
Replies: 16
Views: 1381

Re: Help with setup issues on RB951

3l I cannot backup, or change admin group permissions, I get not permitted (9). This item from your symptom list is consistent with several reports of router being compromised (atrackers created another account with full permissions whike permissions of admin account are reduced). The only proper w...
by mkx
Fri Dec 06, 2024 8:31 pm
Forum: Beginner Basics
Topic: 200k hrs @25C MTBF
Replies: 2
Views: 597

Re: 200k hrs @25C MTBF

That's ambient temperature.
by mkx
Fri Dec 06, 2024 7:07 pm
Forum: RouterBOARD hardware
Topic: Switch in RB509/L009 FormFactor
Replies: 8
Views: 1766

Re: Switch in RB509/L009 FormFactor

While waiting for a CRS in this form factor: L009 makes a decent switch with 8 ports (ether2-7+sfp) and with out-of-band management port (ether1). Its MSRP is the same as CSS610. Indeed CSS offers one ethernet port and one SFP+ port more ... and both SFP+ ports are 10Gbps (SFP on L009 is 2.5Gbps onl...
by mkx
Fri Dec 06, 2024 6:38 pm
Forum: General
Topic: DHCPv6 Stateful Server
Replies: 3
Views: 443

Re: DHCPv6 Stateful Server

Are you sure that all of your devices actually support use of DHCPv6? Android, for example, doesn't.
by mkx
Fri Dec 06, 2024 6:29 pm
Forum: General
Topic: CloudFlare DNS Not Blocking XXX sites
Replies: 6
Views: 776

Re: CloudFlare DNS Not Blocking XXX sites

Some recent versions of some browsers use their own DoH ... ignoring system-wide DNS settings. So could it be a browser problem? If thus turns to be the case, then ... it's not a problem, it's a feature ... because it works around whatever limitations any ISP (or home owner) - possibly driven by ma...
by mkx
Thu Dec 05, 2024 10:06 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75007

Re: CSS326-24G-2S+RM hangs until power cycle

If UTP cable doesn't affect bits passing too much (i.e. if it doesn't drop or invent bits or whole frames), then both link partners should see identical frames. So it shouldn't matter which side of UTP cable captures traffic.
by mkx
Thu Dec 05, 2024 9:37 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 34
Views: 7030

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

That's mostly what I had in mind ... plus setting frame-types the same way as it's done for ether1
by mkx
Thu Dec 05, 2024 9:34 pm
Forum: General
Topic: CloudFlare DNS Not Blocking XXX sites
Replies: 6
Views: 776

Re: CloudFlare DNS Not Blocking XXX sites

Some recent versions of some browsers use their own DoH ... ignoring system-wide DNS settings.
by mkx
Thu Dec 05, 2024 9:19 pm
Forum: Beginner Basics
Topic: hAP ax lite LTE6 how to set as repeater
Replies: 13
Views: 1302

Re: hAP ax lite LTE6 how to set as repeater

Your device can not run v6, it's limited to v7. So you'll have to take tutorials with a few grains of salt. And while starting to think about your way forward, upgrade your device to latest v7 (7.16.2 at the time of writing this post) ... I recommend using built-in updater (webfig or winbox or CLI) ...
by mkx
Thu Dec 05, 2024 9:15 pm
Forum: Beginner Basics
Topic: Solum RNDIS device - not listed in interfaces
Replies: 3
Views: 765

Re: Solum RNDIS device - not listed in interfaces

While ROS is based on linux kernel, it0s pretty trimmed down to fit tight storage and RAM. So typucally it ships with very few device drivers. And knowing name of device doesn't have anything with driver availability. Having written that: it's highly likely that your gadget is not supported in ROS. ...
by mkx
Wed Dec 04, 2024 10:14 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75007

Re: CSS326-24G-2S+RM hangs until power cycle

I guess you could.
by mkx
Wed Dec 04, 2024 10:04 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 34
Views: 7030

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

You have ether1 on hAP ac2 configured as trunk port. If you want to connect additional cAP ac to ether5 of hAP ac2, then you can simply configure ether5 identically to ether1 ... add it to bridge and set the same VLAN properties.
by mkx
Wed Dec 04, 2024 9:57 pm
Forum: General
Topic: hAP ac2 after update doesn't work [SOLVED]
Replies: 3
Views: 618

Re: hAP ac2 after update doesn't work [SOLVED]

Netinstall is your next step.
by mkx
Wed Dec 04, 2024 9:46 pm
Forum: Beginner Basics
Topic: Problem with clients
Replies: 4
Views: 1562

Re: Problem with clients

The "active address" in that row seems to be assigned to MAC address 00:00:00:00:00:00, so maybe the base issue is not the missing client id, but the (empty) MAC. I can't imagine how could this happen. DHCP server does receive "DHCP discover" and "DHCP request" packets...
by mkx
Wed Dec 04, 2024 3:14 pm
Forum: General
Topic: Is mAP still relevant with RouterOS 7.16 ?
Replies: 5
Views: 589

Re: Is mAP still relevant with RouterOS 7.16 ?

It is more an issue with its routing speed, that may be too slow for your requirements, it should be in the 150-200 Mbit range. And how are you going to do that with only 100Mb ports ??? :lol: There are 2 ethernet interfaces and WiFi being (in theory) faster than 100Mbps. And ethernet ports are (ac...
by mkx
Wed Dec 04, 2024 3:02 pm
Forum: General
Topic: Random reboots on RB4011 since 7.13/7.14
Replies: 22
Views: 3582

Re: Random reboots on RB4011 since 7.13/7.14

"Or" is not an "exclusive or" so you can use "one of two" as well as "two of two" inputs. No, it's "use the one with higher voltage". Only if both supply voltages are almost exactly the same, then device will draw power from both (not necessarily ex...
by mkx
Wed Dec 04, 2024 2:55 pm
Forum: Beginner Basics
Topic: Problem with clients
Replies: 4
Views: 1562

Re: Problem with clients

Client ID is something DHCP clients supply to server (and not the other way around). When DHCP server decides on which lease to offer, it first checks "Client ID" ... and only if that value was not provided by client, it falls back to using client MAC address (as identifier). Indeed most D...
by mkx
Wed Dec 04, 2024 2:40 pm
Forum: Beginner Basics
Topic: Can't connect to one of my 2 RBSXT 5HnD
Replies: 13
Views: 2150

Re: Can't connect to one of my 2 RBSXT 5HnD

In CLI you can get radio link details by running command /interface wireless registration-table print stats IMO, signal strength of around -60dBm is pretty decent. Ideally signal-to-noise value will be as high as possible (30dB or more) which then should offer good service. One value which does show...
by mkx
Tue Dec 03, 2024 11:11 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75007

Re: CSS326-24G-2S+RM hangs until power cycle

I don't have any CSS, but I'd expect it to have mirror functionality. However, since those frames break CSS, they might not come out of CSS via mirror port. Which means you'd have to use another managed switch between CSS and one of connected servers and configure mirror port on that switch.
by mkx
Tue Dec 03, 2024 11:07 pm
Forum: RouterBOARD hardware
Topic: RBM33G + USB console connection to external device
Replies: 1
Views: 325

Re: RBM33G + USB console connection to external device

Connecting USB hub to Mikrotik should work, so you should be able to connect multiple USB devices (mind the power output capability, MT devices usually don't allow much more than standard 500mA, you may have to use powered USB hub). I'm not sure though how many serial ports are supported in ROS ... ...
by mkx
Tue Dec 03, 2024 11:00 pm
Forum: Wireless Networking
Topic: Nstreme nv2 are not suported
Replies: 2
Views: 328

Re: Nstreme nv2 are not suported

AFAIK nv2 and nstreme are supported on all radios which run (now legacy) wireless driver. These protocols are not supported by new wifi driver (wifi-qcom and wifi-qcom-ac), which is required on AX devices (and supported on many AC devices). So in short: nstreme and nv2 work on older Mikrotik wifi de...
by mkx
Tue Dec 03, 2024 10:50 pm
Forum: General
Topic: CRS510-8XS-2XQ-IN High CPU Netwoking process
Replies: 11
Views: 984

Re: CRS510-8XS-2XQ-IN High CPU Netwoking process

CRS devices are essentially switches ... as in L2 devices. Yes, running ROS on them does add L3 (routing), but without careful configuration those functions will be done by (slow) CPU. But: there's L3HW offload and it might work for you. Further reading: https://help.mikrotik.com/docs/spaces/ROS/pag...
by mkx
Tue Dec 03, 2024 3:53 pm
Forum: Beginner Basics
Topic: Can't connect to one of my 2 RBSXT 5HnD
Replies: 13
Views: 2150

Re: Can't connect to one of my 2 RBSXT 5HnD

It would be great if you could post also configuration of the other end (the one you can't get into). While looking at config of "this end", I see a few things: there's some firewall, but with a few errors (like using interface which is "enslaved" to bridge as in- or out-interfac...
by mkx
Tue Dec 03, 2024 11:26 am
Forum: Wireless Networking
Topic: WiFi 6 security configuration [SOLVED]
Replies: 7
Views: 803

Re: WiFi 6 security configuration [SOLVED]

It's encryption of the password. Password is always encrypted. If not set, default encryption is used: ccmp https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-SecurityProperties in here it is said, that it is - A list of ciphers to support for encrypting unicast traffic. Correct: e...
by mkx
Tue Dec 03, 2024 11:23 am
Forum: Wireless Networking
Topic: WiFi 6 security configuration [SOLVED]
Replies: 7
Views: 803

Re: WiFi 6 security configuration [SOLVED]

When checking with CLI: note that setting property to empty string (i.e. "") is not the same as not setting it at all. Ok, and then what happens if it is set to empty string (i.e. "") and what happens if it is not set at all? When this property is not set at all, default (ccmp) ...
by mkx
Tue Dec 03, 2024 11:02 am
Forum: Wireless Networking
Topic: WiFi 6 security configuration [SOLVED]
Replies: 7
Views: 803

Re: WiFi 6 security configuration [SOLVED]

If nothing is set in encryption property (but check in CLI if that's actually the case), then default will apply ... which is "CCMP" (good old AES in WPA2). When checking with CLI: note that setting property to empty string (i.e. "") is not the same as not setting it at all. You ...
by mkx
Tue Dec 03, 2024 9:03 am
Forum: Beginner Basics
Topic: rb5009 sfp altibox fiber
Replies: 12
Views: 1456

Re: rb5009 sfp altibox fiber

According to SFP diagnostics, it seems that Rx works ... One can not be sure if Tx is fine as well without checking on the other side of fiber, but on your side seems to be fine as well.
by mkx
Tue Dec 03, 2024 8:56 am
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75007

Re: CSS326-24G-2S+RM hangs until power cycle

@jfreak53: if you can pinpoint the problem to certain packet contents, then you'd make MT (and humanity) a favour if you could sniff off those frames and send MT the capture file. IMO this is the only way allowing MT to actually fix it. Unless they see those packets and analyze which combination of ...
by mkx
Tue Dec 03, 2024 8:42 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2522

Re: IPv6 Configuration RB4011

By whoever manages cisco ... Or, if it's really ISP (I'm surprised you can see config of your upstream router), let them explain to you how you're supposed to use the /56 they are assigning to you. I suspect that they expect your router to do proxy ARP thingie on WAN port ... which is, IMO, wrong.
by mkx
Tue Dec 03, 2024 8:26 am
Forum: Beginner Basics
Topic: Can't connect to one of my 2 RBSXT 5HnD
Replies: 13
Views: 2150

Re: Can't connect to one of my 2 RBSXT 5HnD

Screenshots are (mostly) useless, you can remove it as well. Open terminal window and execute /export file=aynnameyouwish ... fetch resulting file to your management computer, open it with your favourite text editor, redact any sensitive information (such as serial number, public IP address, wireles...
by mkx
Tue Dec 03, 2024 8:22 am
Forum: Beginner Basics
Topic: rb5009 sfp altibox fiber
Replies: 12
Views: 1456

Re: rb5009 sfp altibox fiber

How exactly is your SFP port configured? Post outputs of commands /interface/ethernet/export /interface/ethernet/monitor [ find default-name=sfp-sfpplus1 ] once My guess so far: since MT SFP is without "+" (i.e. 1Gbps) and RB5009 SFP port is SFP+ (i.e. 10Gbps), you'll have to disable auto ...
by mkx
Mon Dec 02, 2024 5:58 pm
Forum: General
Topic: Question about LACP and bonding
Replies: 7
Views: 721

Re: Question about LACP and bonding

... MSTP is the most universally compatible one.
I thought RSTP was the most common one?
by mkx
Mon Dec 02, 2024 5:55 pm
Forum: Beginner Basics
Topic: HAPac^2 Ethernet Mode
Replies: 5
Views: 841

Re: HAPac^2 Ethernet Mode

Unfortunately, that is what I was doing, and it wasn't working. As in: I disabled wifi interfaces via UI (of any kind) but wifi signal was still being transmitted? Or is it you expected the button magically dissable/enable wifi interfaces without you configuring anything special? Or something compl...
by mkx
Mon Dec 02, 2024 3:43 pm
Forum: General
Topic: What do these packets mean
Replies: 21
Views: 1509

Re: What do these packets mean

What I don't understand is how these IoT devices' packets are being heard, received, and repeated by the AP onto the wired network when there is no established wireless connection between the IoT device and the AP. You said that APs are Unifi ... so the question is for Ubiquiti support ... to verif...
by mkx
Mon Dec 02, 2024 3:31 pm
Forum: Virtualization
Topic: VSF like support on switches [SOLVED]
Replies: 5
Views: 1439

Re: VSF like support on switches [SOLVED]

In this case, the configuration no longer takes place on the physical switch but on the virtual switch which is spanned over the physical switch. (At least in the world of HPE/Aruba) Therefore it is also a kind of virtualisation. The only difference is that the switch itself becomes virtual, not th...
by mkx
Mon Dec 02, 2024 3:28 pm
Forum: General
Topic: What do these packets mean
Replies: 21
Views: 1509

Re: What do these packets mean

Since packets are broadcast, you'll always see them on hEX, passing in any possible direction ... whether they are getting received somewhere or not. And it's up to anyone's guess as to what's their purpose (and if they would cease to flow if all IoT gadgets would be happy with their connectivity to...
by mkx
Mon Dec 02, 2024 3:25 pm
Forum: Beginner Basics
Topic: management IP on bridge or vlan interface for CRS310 switch [SOLVED]
Replies: 2
Views: 531

Re: management IP on bridge or vlan interface for CRS310 switch [SOLVED]

If you insist that management VLAN resides on VID 1, then it's a). Reason: default config uses VID=1 for all sorts of configuration (e.g. PVID on all ports, including bridge CPU-facing port ). It is possible to get it going as tagged (which is where VLAN interfaces come into play), but it's a tediou...
by mkx
Mon Dec 02, 2024 3:18 pm
Forum: General
Topic: Feature requests
Replies: 1792
Views: 677372

Re: Wake On Lan in winbox leases context menu

something like an entry in the context menu Of which menu? You are surely aware that when device is in sleep mode, it doesn't transmit anything and all caches (e.g. ARP cache, list of DHCP leases, etc.) will forget about it probably long before you'd want to send WoL packet to it, aren't you? Which...
by mkx
Mon Dec 02, 2024 3:12 pm
Forum: General
Topic: What do these packets mean
Replies: 21
Views: 1509

Re: What do these packets mean

Since these frames are some kind of broadcasts, you may want to set multicast-enhance=enabled on wifi interface of your AP ... it may or may not help with the problem.
by mkx
Mon Dec 02, 2024 3:02 pm
Forum: Beginner Basics
Topic: correcting password field via CLI
Replies: 5
Views: 609

Re: correcting password field via CLI

I can't say about user manager, but usually it should work something like this: set [ find customer=admin username=123456789 password="" ] password="verySecretStuff" Not sure about how to go around 1350 users other than having external script which creates ROS script (with comman...
by mkx
Mon Dec 02, 2024 11:15 am
Forum: Wireless Networking
Topic: wAP ax?
Replies: 267
Views: 32461

Re: wAP ax?

Stickers already exist:

They are nice. But let's see what proper W considers as improvement to WAF ... I somehow expect that it's not MT logo stickers no matter what color they are :lol:
by mkx
Mon Dec 02, 2024 11:13 am
Forum: General
Topic: Mikrotik and Mellanox QSFP cable
Replies: 8
Views: 741

Re: Mikrotik and Mellanox QSFP cable

Any reason not to upgrade your CRS to ROS version 7.16.2 ?
by mkx
Mon Dec 02, 2024 10:37 am
Forum: Virtualization
Topic: VSF like support on switches [SOLVED]
Replies: 5
Views: 1439

Re: VSF like support on switches [SOLVED]

Mikrotik supports MLAG. Would that fit at least minimum requirements?

BTW, this doesn't seem to have anything to do with topic of this forum section (virtualization) which is running ROS on virtual machines.
by mkx
Mon Dec 02, 2024 9:24 am
Forum: Wireless Networking
Topic: New PPSK functionality
Replies: 52
Views: 4887

Re: New PPSK functionality

The MIPSBE devices would be great if they added it ... When they first released wifiwave2 package, it's been said that wave2 requires lots of CPU power and lots of RAM. Old hAP ac lacks both (yeah, hAP ac2 with 128MB RAM can run wifi drivers, but barely so ... minimum RAM for wifiwave2 was set at 2...
by mkx
Mon Dec 02, 2024 9:21 am
Forum: Wireless Networking
Topic: wAP ax?
Replies: 267
Views: 32461

Re: wAP ax?

I just said anything but some kind of metallic sticker :lol: Now who knows what will arrive from Temu...

Definitely post some photos after WAFization of wAP ax ... Ws tend to have similar views on such matters. :wink:
by mkx
Mon Dec 02, 2024 9:17 am
Forum: Wireless Networking
Topic: Improving Localization Accuracy with MikroTik RouterBOARD
Replies: 5
Views: 548

Re: Improving Localization Accuracy with MikroTik RouterBOARD

Since your "project" involves some calculations ... just for comparison: when calculating signal coverage of mobile networks using professional RF propagation tools and then comparing it to reality (measured on the field using professional measurement equipment, such as PN scanners and wha...
by mkx
Mon Dec 02, 2024 9:00 am
Forum: Wireless Networking
Topic: New PPSK functionality
Replies: 52
Views: 4887

Re: New PPSK functionality

yes, it should.
Not really ... wifi-qcom-ac is only available for routers with ARM architecture ... AC devices of other architectures are "doomed" to run legacy wireless driver ... which doesn't support any new functionality (like PPSK) and I believe it never will.
by mkx
Mon Dec 02, 2024 8:56 am
Forum: General
Topic: What am I missing about Let's Encrypt support?
Replies: 5
Views: 674

Re: What am I missing about Let's Encrypt support?

This is exactly the same on all servers that support LetsEncrypt. It doesn't have to be. On servers which offer more configuration flexibility one can allow only URLs with path names starting with /.well-known/acme-challenge/ and send 404 for the rest ... or 301 redirecting to https ... or tarpit r...
by mkx
Mon Dec 02, 2024 8:48 am
Forum: Beginner Basics
Topic: Forward chain "drop all else"- counter is zero
Replies: 10
Views: 998

Re: Forward chain "drop all else"- counter is zero

Ideally there would be 0 dropped packets (because nobody would be trying to anything bad to you). In reality there's always some bots scanning internet for new victims of their deeds. I guess there will be more dropped packets if bots "smell the blood" (there are many reasons for that, one...
by mkx
Mon Dec 02, 2024 8:42 am
Forum: Beginner Basics
Topic: Can't connect to one of my 2 RBSXT 5HnD
Replies: 13
Views: 2150

Re: Can't connect to one of my 2 RBSXT 5HnD

Show us configuration of both devices ... and mention IP address of management PC (running Winbox or web browser) and where it's connected (physically). Without seeing exact configuration it's impossible to tell the reason why it doesn't work the way you wanted it to.
by mkx
Mon Dec 02, 2024 8:38 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 2076

Re: Difference between two Interface Lists

It’s about wider compatibility: a DHCP client on the physical interface that connects to the modem and a static route to <MODEM-IP>/32 through the said interface applies to both scenarios (ISP with DHCP and ISP with PPP). A static IP in the LAN of the modem applies “cleanly” only to the ISP with PP...
by mkx
Sun Dec 01, 2024 9:56 pm
Forum: Beginner Basics
Topic: VLANs leaking behind a switch? [SOLVED]
Replies: 8
Views: 1079

Re: VLANs leaking behind a switch? [SOLVED]

... and I still wanted several VLANs untagged on the same port (because my WiFi APs are not VLAN aware).
But does this really work for you? Only one VLAN can have bidirectional traffic (single PVID per port).
by mkx
Sun Dec 01, 2024 9:52 pm
Forum: Beginner Basics
Topic: Forward chain "drop all else"- counter is zero
Replies: 10
Views: 998

Re: Forward chain "drop all else"- counter is zero

In my case, accept (fasttrack counter) is at 2TB and another 2TB for "slow track"... 32MB drop invalid on input and 32MB drop invalid on forward ... and 178MB drop all else (on input ... nothing on forward).
by mkx
Sun Dec 01, 2024 1:53 pm
Forum: Beginner Basics
Topic: Forward chain "drop all else"- counter is zero
Replies: 10
Views: 998

Re: Forward chain "drop all else"- counter is zero

It does make sense to drop "invalid" packets early, they might match some allow rule down the chain.
by mkx
Sun Dec 01, 2024 1:49 pm
Forum: Beginner Basics
Topic: VLAN config help request for Mikrotik and Cisco
Replies: 5
Views: 1111

Re: VLAN config help request for Mikrotik and Cisco

Configure port on router as trunk with all VLANs needed ... here's how to do VLANs in ROS: https://forum.mikrotik.com/viewtopic.php?f=23&t=143620 ... Tutorial may be geared towards switch-like configs, but is usable also for routers (even router-on-a-stick variety). And a suggestion: upgrade you...
by mkx
Sun Dec 01, 2024 11:33 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 2076

Re: Difference between two Interface Lists

So why bother with a dual IPv4 when you can just have a route that works in either setup? Adding a /32 route doesn't work with peer which uses "normal" /24 addressing ... And, again, doesn't add to security. One has to treat modem as being hostile and adding interface, connecting modem, t...
by mkx
Sat Nov 30, 2024 8:03 pm
Forum: Wireless Networking
Topic: WAP60G: one vertical, other horizontal?
Replies: 3
Views: 419

Re: WAP60G: one vertical, other horizontal?

I don't think rotating drvices at angle would be a problem by itself. However there are at least two (minor?) issues to think about: wAP60G uses beam forming, so it can direct main lobe in "optimal" direction. But not in any direction, range span is 60° in horizontal direction and only 30°...
by mkx
Sat Nov 30, 2024 7:44 pm
Forum: General
Topic: Feature requests
Replies: 1792
Views: 677372

Re: Feature requests

Don't know if this has been discussed already ...
There's such a feature already: port extender. Not many devices are compatible ... and it comes with some serious gotchas. But it's here.
by mkx
Sat Nov 30, 2024 10:43 am
Forum: Beginner Basics
Topic: VLANs leaking behind a switch? [SOLVED]
Replies: 8
Views: 1079

Re: VLANs leaking behind a switch? [SOLVED]

I didn't manage to get IPv6 addresses not leaking across VLANs when using SLAAC to assign addresses. Did you fix the switch VLAN settings according to @anav's instructions? If port is untagged member of multiple VLANs, then broadcasts of all VLANs will egress through that port (and being untagged o...
by mkx
Fri Nov 29, 2024 9:19 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 34
Views: 7030

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

To better understand the process, could you clarify where exactly the packets get tagged in the WireGuard setup? :mrgreen: The smiley you used makes me wonder whether you expect an answer or not. But anyway, here it is: wireguard is IP tunnel so natively it doesn't carry (nor care about) VLAN tags....
by mkx
Fri Nov 29, 2024 9:12 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 966

Re: Bug in version in winbox and in routerboard

Again (and read my lips:) there's RouterOS version and Routerboot version. Both are distinct.
by mkx
Fri Nov 29, 2024 9:00 pm
Forum: General
Topic: Bug in version in winbox and in routerboard
Replies: 11
Views: 966

Re: Bug in version in winbox and in routerboard

RouterOS (as in windows OS) is at 7.16.2. But: RouterBoot (as in BIOS / UEFI) is at 7.16.1. RouterBoot upgrade files are shipped to device along with RouterOS but it's not installed automatically. Hit that "Upgrade" button and reboot device.
by mkx
Fri Nov 29, 2024 8:54 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 964

Re: Adding existing preformatted disks

In that case, the Linux kernel is GPL licensed code and as such we should be able to see the sources with modifications from MT ... I don't think that MT linux kernel contains many changes ... apart from some specific device drivers and some patches. I think it's more about missing features. E.g. d...
by mkx
Fri Nov 29, 2024 3:55 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 964

Re: Adding existing preformatted disks

The ROS uses Linux kernel underneath anyway and I assume the very same tools underneath as any usual Linux distro ... Here you assume wrong, so nothing you wrote after this point doesn't necessarily reflect reality. ROS indeed runs linux kernel ... but if we can believe MT guys around here (and I d...
by mkx
Fri Nov 29, 2024 3:49 pm
Forum: Beginner Basics
Topic: Setup mAP in reverse config from default
Replies: 18
Views: 1442

Re: Setup mAP in reverse config from default

Yes DHCP client sends out broadcast packets when doing DHCP discover and bridge will send these frames out via all member ports. In principle only one DHCP server is necessary per L2 broadcast domain and if there are multiple servers in given L2 broadcast domain (not wrong by itself), it's expected...
by mkx
Fri Nov 29, 2024 1:12 pm
Forum: Beginner Basics
Topic: rb5009 sfp altibox fiber
Replies: 12
Views: 1456

Re: rb5009 sfp altibox fiber

This gbic is working fine with a Ubiquiti Edgerouter X which i'm using right now. ROS is a bit notorious for not supporting properly just any SFP module, thrown at. So the positive experience when using same SFP in different device brand means very little in this case (it only proves that SFP can t...
by mkx
Fri Nov 29, 2024 1:05 pm
Forum: General
Topic: Stations connected to CRS310 switch cannot get IP from DHCP server connected to sfpplus port
Replies: 4
Views: 811

Re: Stations connected to CRS310 switch cannot get IP from DHCP server connected to sfpplus port

Try to check in depth what's going on with SFP+ port and module. ROS is a bit notorious for not supporting just any SFP/SFP+ module properly ...


Also verify as to which physical port corresponds to MAC address, set as bridge MAC address.
by mkx
Fri Nov 29, 2024 1:03 pm
Forum: General
Topic: DHCP issue on hAP ax3
Replies: 5
Views: 745

Re: DHCP issue on hAP ax3

Well, anyway. Logs don't show anything related to hardware issues (link downs or whatever) ... which likely means some L3 problem. In that case you'll have to troubleshoot the issue while problem persists ... like running traceroute (on a LAN PC) towards e.g. 8.8.8.8 and see where things break ... i...
by mkx
Fri Nov 29, 2024 12:57 pm
Forum: General
Topic: how to create a master port on crs
Replies: 4
Views: 589

Re: how to create a master port on crs

Errmm ... that's an article from 2014 ?!
That was my point exactly :wink:
by mkx
Fri Nov 29, 2024 12:42 pm
Forum: General
Topic: DHCP issue on hAP ax3
Replies: 5
Views: 745

Re: DHCP issue on hAP ax3

With default logging config, ethernet port link-downs are logged. Also PPPoE client outages are logged (and as far as my experience goes, they correlate 100% when there are problems with ethernet port connectivity). With logs you showed (and assuming you didn't filter any events ... either by reconf...
by mkx
Fri Nov 29, 2024 12:38 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 964

Re: Adding existing preformatted disks

Even with "plain" file systems (e.g. ext4) it's sometimes necessary to reformat drive (possibly due to lack of support for some type of partition table or some such). But with encrypted drives I'd say it's even more necessary to reformat drive ... it would be logical to me that encryption ...
by mkx
Fri Nov 29, 2024 10:57 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2522

Re: IPv6 Configuration RB4011

Looked at cisco config and I think the problem lies there: interface GigabitEthernet0/1 description ** LAN ** ip address 201.201.201.201 255.255.255.240 no ip redirects no ip unreachables no ip proxy-arp duplex auto speed auto ipv6 address 2001:db8:20a0::1/56 anycast no cdp enable It effectively say...
by mkx
Fri Nov 29, 2024 10:53 am
Forum: Beginner Basics
Topic: rb5009 sfp altibox fiber
Replies: 12
Views: 1456

Re: rb5009 sfp altibox fiber

IMO the problem is this:
advertising: 1G-baseX
link-partner-advertising:

Note the empty field "link-partner-advertising". Which means that autonegotiation doesn't happen. Try to set port speed to 1Gbps and disable autonegotiation on sfp-sfpplus1 port (under ethernet configuration).
by mkx
Fri Nov 29, 2024 8:51 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2522

Re: IPv6 Configuration RB4011

You actually need to set advertise=yes on addresses on interfaces where there are devices which should use your router as their gateway ... without it, router will not send out RAs and SLAAC then doesn't work. In your opening post, you write "When I try to configure the LAN and define new prefi...
by mkx
Fri Nov 29, 2024 8:37 am
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 34
Views: 7030

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

I just had a quick look at HUB configuration and it seems to me that routing configuration is flawed: /ip address # You probably don't need this: add address=192.168.0.223/24 comment=defconf interface=BR1 network=192.168.0.0 # and you probably don't need this either: add address=192.168.0.223/24 int...
by mkx
Fri Nov 29, 2024 8:16 am
Forum: General
Topic: DHCP issue on hAP ax3
Replies: 5
Views: 745

Re: DHCP issue on hAP ax3

Is there anything related in logs?
by mkx
Fri Nov 29, 2024 8:14 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2522

Re: IPv6 Configuration RB4011

Can you post configuration from your MT router, at least the /ipv6 part? You can omit firewall part, it probably isn't important in the context of problems you're seeing.
by mkx
Fri Nov 29, 2024 7:00 am
Forum: General
Topic: how to create a master port on crs
Replies: 4
Views: 589

Re: how to create a master port on crs

Can you post the link to tutorial you're referring to? It's quite likely outdated, master port configuration style was abandoned in ROS 6.41 (quite a few years ago) and was replaced by bridge. And before you proceed, I recommend you to upgrade ROS to latest v6 stable (6.49.something), v7 is probably...
by mkx
Fri Nov 29, 2024 6:50 am
Forum: Beginner Basics
Topic: Firewall rule can't match packet by interface
Replies: 6
Views: 785

Re: Firewall rule can't match packet by interface

At least pist the exact rule which doesn't work for you. And a detail, it might be a hint: firewall rules may be executed before egress interface is known, routing decission is made after most firewall processing is done. Also: screenshot in opening post also hints that ping is originated from route...
by mkx
Thu Nov 28, 2024 3:26 pm
Forum: Virtualization
Topic: Are there prebuilt Linux Images for Metarouter? (OpenWrt or other Linux distros)
Replies: 2
Views: 492

Re: Are there prebuilt Linux Images for Metarouter? (OpenWrt or other Linux distros)

Metarouter is R.I.P. on RouterOS since many moons ago (at least in reality if not officially). It's replaced with container functionality ... but this functionality is not available on all platforms and if one seriously wants to use it (or wants to seriously use it) one better uses a very decent RB ...
by mkx
Thu Nov 28, 2024 3:20 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1956

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

Actualy ax hardware I tested on 7.16.2 on MikroTik have only fixed channels, example 5500 but not 5510 Yup, that's pretty normal on today's mainstream wireless stations (e.g. smart phones) ... they only support standard channel center frequencies. When creating MT-MT point-to-(multi)point link, thi...
by mkx
Thu Nov 28, 2024 3:12 pm
Forum: General
Topic: How to block webpages by URL?
Replies: 5
Views: 726

Re: How to block webpages by URL?

You can't block specific URLs (chosen between different URLs targeting same FQDN host or IP address). Generic reason is that there's no guarantee that whole URL will fit single IP packet. And FW (L7 as well) works with IP packet granularity. So if one uses IP packets with MTU size of 40 bytes, then ...
by mkx
Thu Nov 28, 2024 2:32 pm
Forum: General
Topic: Lightning Strike and Switch Lost Connection (temporarily)
Replies: 6
Views: 1258

Re: Lightning Strike and Switch Lost Connection (temporarily)

In the meantime your devices probably have restarted ...

... or remained in some undefined state if the brief moment without power flowing lasted just the right duration. And in this case one has to reboot device.
by mkx
Thu Nov 28, 2024 8:38 am
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1956

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

But do think using default 20/40/80Mhz channel width might be cause of at least some of the frequent AX complaints... I don't think that 20/40/80MHz is causing complaints. After all, this kind of channel arrangement is (supposed to be) backwards compatible with devices supporting only narrower chan...
by mkx
Wed Nov 27, 2024 6:08 pm
Forum: General
Topic: PPPOE on Fiber: reduced download speed, while upload is full-speed
Replies: 7
Views: 806

Re: PPPOE on Fiber: reduced download speed, while upload is full-speed

If considering RB4011 and RB5009 ... then RB4011 is technically inferior in many aspects (slower CPU, uses 2 switch chips and SFP is connected directly to CPU, doesn't have USB port, etc.). Just thought to mention this to contrast higher WAF of RB4011 :wink: Regarding hEX S performance: that rule of...
by mkx
Wed Nov 27, 2024 6:01 pm
Forum: General
Topic: Complaints from v7.17rc [testing]
Replies: 45
Views: 3955

Re: Complaints from v7.17rc [testing]

about downgrades, there is ZERO logical reason to knowingly downgrade to a version with a known CVE, possibly allowing easy access to the device by a hacker. Zero. Do not try to find it. This is new to me ... that ROS upgrader has built in function to check certain ROS package against database of C...
by mkx
Wed Nov 27, 2024 11:00 am
Forum: Wireless Networking
Topic: Chateau 5G ax - 802.11ac and ax support [SOLVED]
Replies: 5
Views: 644

Re: Chateau 5G ax - 802.11ac and ax support [SOLVED]

You may want to look at output of command /interface/wifi/print and /interface/wifi/security/print (run them in terminal window ... you can start one from WinBox or connect to device using ssh) ... and look for "encryption" property in both outputs. Only then you'll see what is actually co...
by mkx
Wed Nov 27, 2024 9:04 am
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 34
Views: 7030

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

After you uninstall wireless package and install wifi-qcom-ac package - verify that it's actually installed, cAP ac XL has only 16MB storage space which is really tight - (and upgrade routerboard firmware for good measure ... and cold boot device for another good measure), it may be good to reset de...
by mkx
Wed Nov 27, 2024 9:00 am
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1956

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

I just NEVER see anyone recommend narrowing channel width for AX... which got me questioning physics. My guess: none of the vocal AX supporters considers 2.4GHz band as viable WiFi band any more (everybody is looking at 6GHz now days). I've thought of a reason to go with 20MHz channels (instead of ...
by mkx
Wed Nov 27, 2024 8:52 am
Forum: General
Topic: CRS310 and issues with different speed/ports
Replies: 6
Views: 714

Re: CRS310 and issues with different speed/ports

The problem with communication pausing and/or packets being dropped when there's speed change (most notably from faster to slower, e.g. ingress port is 10Gbps and egress port is 2.5Gbps) is buffering. A switch has only certain amount of buffer and if there's a burst of frames, switch needs to buffer...
by mkx
Tue Nov 26, 2024 9:52 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1956

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

I know AX uses OFDMA to better handle this ... ... so do G and N (and A) ... actually only B uses DSSS with 22MHz-wide channels. So in this respect AX is nothing new. What AX adds is 1024QAM (N stops at 64QAM) so it can reach higher speeds when SINR is great. And reduces subcarrier spacing by facto...
by mkx
Tue Nov 26, 2024 1:49 pm
Forum: General
Topic: Doubt regarding network configuration with VLAN in AP
Replies: 8
Views: 1005

Re: Doubt regarding network configuration with VLAN in AP

When doing L2 stuff, it's responsibility of device sending frame (can be originating host, can be router) to find out destination MAC address. And L2 entity (switch) then passes frame to correct port. If sender doesn't know destination MAC address, it can send it to broadcast MAC address. Both when ...
by mkx
Tue Nov 26, 2024 1:40 pm
Forum: General
Topic: Strange slow RX but not TX
Replies: 21
Views: 3410

Re: Strange slow RX but not TX

Problem with using public servers (including iperf3 servers) is that there might be bottlenecks other than "last mile". I tried iperf3 server from the screenshots of @CGGXANNX and I got shitty performance in both directions. In both directions I see fair amount of retransmissions ... and f...
by mkx
Tue Nov 26, 2024 1:31 pm
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 948

Re: bridge has stopped working, all ports marked as not running

Anything in logs regarding bridge or its ports?

Are ports, marked as "not running", connected to devices which are powered up?
by mkx
Tue Nov 26, 2024 11:11 am
Forum: General
Topic: Hairpin NAT - acces to my web site on local server [SOLVED]
Replies: 3
Views: 589

Re: Hairpin NAT - acces to my web site on local server [SOLVED]

And you're entirely sure that <public IP> is the exactly the same that browser uses when trying to connect to your web site?
by mkx
Tue Nov 26, 2024 9:20 am
Forum: Beginner Basics
Topic: Problem with WAX204 (AP mode) in VLAN setup and security questions [SOLVED]
Replies: 4
Views: 563

Re: Problem with WAX204 (AP mode) in VLAN setup and security questions [SOLVED]

Switch Configuration (Port 7 - AP): - Member of VLAN 1,100 - Tagged on VLAN 100 (WiFi) - Untagged on VLAN 1 (default) - PVID 100 The last two bullets contradict each other. Setting PVID on port means that anything untagged on physical media outside the device (e.g. ethernet cable), connected to thi...
by mkx
Tue Nov 26, 2024 9:14 am
Forum: Beginner Basics
Topic: Do source ports matter?
Replies: 1
Views: 424

Re: Do source ports matter?

Now here's my main question: do source ports matter? Generally source ports don't matter ... unless they do. As you found out, some ISPs block some well known ports and UDP 123 is often one of them (it used to be abused by some DDoS amplification attacks), UDP 53 is another one. Vast majority servi...
by mkx
Tue Nov 26, 2024 9:03 am
Forum: General
Topic: wAP coverage -- picture included
Replies: 43
Views: 3454

Re: wAP coverage -- picture included

mANTbox has a pretty narrow-beam antenna. Have a look at diagrams, published in product's quick guide . Since Tx power is generally limited by country regulations, this means that decent signal strength is only available in directions with maximum antenna gain and elsewhere signal strength is pretty...
by mkx
Tue Nov 26, 2024 8:58 am
Forum: General
Topic: Doubt regarding network configuration with VLAN in AP
Replies: 8
Views: 1005

Re: Doubt regarding network configuration with VLAN in AP

a switch and a router - generally speaking, are the same devices ... While we're generally speaking, switch and router are very different devices. (Ethernet) Switch does ethernet frame forwarding between ethernet ports based on SRC and DST MAC addresses and FDB (Forwarding DataBase). And router doe...
by mkx
Mon Nov 25, 2024 7:24 pm
Forum: General
Topic: WAN interface Passes more data than the LAN interface
Replies: 13
Views: 1062

Re: WAN interface Passes more data than the LAN interface

Hmmm ... the way I read OP's screenshot is that WAN Rx is considerably larger than LAN Tx .... which means that router is dropping some of traffic comming to router from internet. Which means that firewall is doing its thing.
by mkx
Mon Nov 25, 2024 4:22 pm
Forum: General
Topic: Doubt regarding network configuration with VLAN in AP
Replies: 8
Views: 1005

Re: Doubt regarding network configuration with VLAN in AP

If AP can add/remove VLAN tags as needed, then the switch in between doesn't have to know about VLAN tags at all. The only (minimum) requirement for that switch is that is supports using "baby jumbo frames" ... that is ethernet frames with payload size of 1504 bytes (VLAN header adds 4 byt...
by mkx
Mon Nov 25, 2024 12:28 pm
Forum: Wireless Networking
Topic: wAP ax as replacement for old UniFi AC Pro?
Replies: 11
Views: 1343

Re: wAP ax as replacement for old UniFi AC Pro?

Now, if the off-center ball with a flat bottom shape is correct, if you mount a wAP in the center of the ceiling, the apartment below your room should enjoy better coverage than you? :shock: Probably not ... because apart from "back side" (where signal level is supposed to be like 20dB lo...
by mkx
Mon Nov 25, 2024 12:23 pm
Forum: Wireless Networking
Topic: How to increase wifi signal distance/strenght ?
Replies: 10
Views: 901

Re: How to increase wifi signal distance/strenght ?

For play use a cable, any other consideration is useless ... My guess: @OP doesn't have any wired network infrastructure available ... and/or he fell for "use wireless, it's better than fresh bread" motto of sellers of wireless equipment. Now his multi-player experience suffers but he'd p...
by mkx
Mon Nov 25, 2024 12:15 pm
Forum: Beginner Basics
Topic: Can I upgrade RB750 Version 5.25 [SOLVED]
Replies: 1
Views: 490

Re: Can I upgrade RB750 Version 5.25 [SOLVED]

The ancient ROS version is only supported by (almost) equally ancient versions of WinBox ... I'd go for something older than 3.20 (I don't remember exactly when ROS and winbox changed in this respect). Download link is e.g. https://download.mikrotik.com/routeros/winbox/3.20/winbox.exe (change "...
by mkx
Mon Nov 25, 2024 9:21 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 264
Views: 86399

Re: v7.17rc [testing] is released!

Why does the Winbox client share the same JSON file with the web interface? I can't understand this design choice. It is possible to create a "skin" ... like hiding certain interface items. And at least winbox 3 did conform to those skin settings. Which probably means that winbox is suppo...
by mkx
Mon Nov 25, 2024 9:11 am
Forum: Wireless Networking
Topic: How to increase wifi signal distance/strenght ?
Replies: 10
Views: 901

Re: How to increase wifi signal distance/strenght ?

- 60db is a pretty good signal already. @OP is not saying he's getting - 60 db , he's saying he's getting 60 % of signal. And only <insert your favourite deity here> knows what kind of signal that means. My experience with 3G and 4G phones says that some vendors set 100% at values where service onl...
by mkx
Mon Nov 25, 2024 9:00 am
Forum: General
Topic: Help diagnosing daily network outage at approximately the same time
Replies: 3
Views: 682

Re: Help diagnosing daily network outage at approximately the same time

Here's an article, somehow explaining different STP options: https://help.mikrotik.com/docs/spaces/ROS/pages/328068/Bridging+and+Switching#BridgingandSwitching-Per-portSTP According to my understanding, BPDU-guard is almost exactly opposite from setting port as edge: BPDU-guard disables port if it d...
by mkx
Mon Nov 25, 2024 8:27 am
Forum: Beginner Basics
Topic: ARP table
Replies: 3
Views: 906

Re: ARP table

Depending on setup, MAC addresses of "neighbouring" devices can be in different places: /ip/arp/print As already mentioned, this table contains MAC addresses and IP addresses of devices, which somehow communicated with RB device on IP layer. Values in Status column are explained in this ar...
by mkx
Sun Nov 24, 2024 2:33 pm
Forum: Beginner Basics
Topic: Could anyone audit my setup? [SOLVED]
Replies: 4
Views: 818

Re: Could anyone audit my setup? [SOLVED]

It seems fine. It's on a paranoid side, I'd do two more things: for performance reasons I'd enable fasttrack: /ip firewall filter add action=fasttrack-connection chain=forward comment="fasttrack established,related" connection-state=established,related It should be pushed to the top of rul...
by mkx
Sun Nov 24, 2024 12:03 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 34
Views: 7030

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

The config you posted seems to be old one ... with capsman settings still under /caps-man ... but to provision your hAP ax2 you need to configure CAPsMAN under /interface/wifi ... e.g. /interface/wifi/capsman/set enabled=yes . Etc. I missed that your CAP device is hAP ax2 in your previous post. So y...
by mkx
Sun Nov 24, 2024 11:36 am
Forum: General
Topic: Bridge -> Bond -> 2x Ethernet MTU Setting?
Replies: 6
Views: 805

Re: Bridge -> Bond -> 2x Ethernet MTU Setting?

MTU is L3 setting ... which means at least these two things: switches (as L2 entities) don't have much to do with it, they just have to be able to pass those jumbo frames (L2MTU has to be at least MTU+ethernet overhead+VLAN overhead isf used) whole IP subnet has to use same MTU ... all devices and r...
by mkx
Sat Nov 23, 2024 2:07 pm
Forum: General
Topic: Device will use IP from Server
Replies: 17
Views: 1168

Re: Device will use IP from Server

In addition: does any of LAN infratructure devices have proxy-ARP enabled? I see many people enable it without understanding what it does and then run into problems caused by it.
by mkx
Sat Nov 23, 2024 2:01 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 490
Views: 189429

Re: v7.16.1 [stable] is released!

There's been some kind of confusing situation. It doesn't make any sense. I have two 4011s with firmware 7.16.1 that were fine a week ago. Today I noticed that DHCPv6 client on both devices stopped working normally. I have not made any changes to the settings. Did devices reboot in between by any c...
by mkx
Fri Nov 22, 2024 5:08 pm
Forum: Beginner Basics
Topic: Need Help on PPPoE Over Trunk
Replies: 2
Views: 679

Re: Need Help on PPPoE Over Trunk

Assuming that ISP device (modem? GPON ONT?) is working as untagged ... you'll have to create something like this: switch port, connecting to ISP, needs to be configured as untagged/access port with PVID / native VLAN set to 41 switch port, connecting to router, has to be configured as tagged/trunk a...
by mkx
Fri Nov 22, 2024 12:14 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 34
Views: 7030

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

Two things: you are running the new "wifi" driver on cAP (optional package wifi-qcom-ac installed I presume), so you'll have to configure the matching CAPsMAN on RB4011 ... and for that, you'll have to focus on /interface/wifi and its subtree (that's the place to configure new CAPsMAN). It...
by mkx
Thu Nov 21, 2024 11:43 pm
Forum: General
Topic: Beginner question about MTUs
Replies: 1
Views: 440

Re: Beginner question about MTUs

L2 devices (switches) don't fragment large frames, they silently discard them. And all devices inside same broadcast domain (most commonly this means same IP subnet) have to be set up with same MTU (traffic from small MTU towards large MTU is fine, traffic in opposite direction will get dropped). Th...
by mkx
Thu Nov 21, 2024 11:23 pm
Forum: General
Topic: DNS failover for redudancy
Replies: 5
Views: 658

Re: DNS failover for redudancy

Apparently, I speak truth. ;-)

Don't know about that ... your post was around 244 lines too long for me to even start reading it at full attentiveness.
by mkx
Thu Nov 21, 2024 11:12 pm
Forum: Beginner Basics
Topic: RB4011 wont run at default CPU frequency
Replies: 8
Views: 761

Re: RB4011 wont run at default CPU frequency

If I understand DDM he's trying to set frequency to "auto" ... which is default since around 6.47.

@DDM: read about device mode ... in particular, you'll have to enable routerboard property (i.e. set it to yes).

Edit: meh, have slow fingers
by mkx
Thu Nov 21, 2024 9:27 am
Forum: General
Topic: DNS failover for redudancy
Replies: 5
Views: 658

Re: DNS failover for redudancy

There are a few places where DNS servers are mentioned: /ip/dns/set servers=<list of IP addresses> This one is used for DNS process in router itself to be able to do any queries. If not for other things, it's important to be working for ROS update checks (and downloads). Or anything else that ROS ne...
by mkx
Thu Nov 21, 2024 9:09 am
Forum: General
Topic: Help diagnosing daily network outage at approximately the same time
Replies: 3
Views: 682

Re: Help diagnosing daily network outage at approximately the same time

It could be some rogue device somewhere on the edge of your network which initiates STP topology changes. And there are plenty of devices which can do it, e.g. any server running VMs can do it (they tend to run bridges for connecting VMs to network) or servers running any containers, etc. I'd start ...
by mkx
Thu Nov 21, 2024 8:50 am
Forum: Beginner Basics
Topic: CRS354-48P-4S+2Q+ replacement issues
Replies: 1
Views: 372

Re: CRS354-48P-4S+2Q+ replacement issues

First off: CRS354 (the whole CRS family of devices as a matter of fact) is a switch not a router. Yes, if running RouterOS, it can route and if carefully configured, it can route at wirespeed (if not carefully configured, it can route at very low speeds, like 200 M bps cumulative between any combina...
by mkx
Thu Nov 21, 2024 8:36 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 2076

Re: Difference between two Interface Lists

By setting an IP address on the WAN interface you negatively affect setups where upstream uses DHCP or static assignment as the interface will end up with multiple addresses. I don't exactly understand your argument. I guess that vast majority of devices use static IP subnet for LAN (just like ROS ...
by mkx
Wed Nov 20, 2024 5:09 pm
Forum: General
Topic: DNS failover for redudancy
Replies: 5
Views: 658

Re: DNS failover for redudancy

1) it entirely depends on DNS clients. But mostly they operate like this: start using first DNS server. As long as replies are getting back (even if negative answers), client will use same DNS server. If DNS server fails to reply, then client switches over to using second DNS server. And keeps using...
by mkx
Wed Nov 20, 2024 12:29 pm
Forum: General
Topic: How do I assign static IPv6 address to devices from the router?
Replies: 3
Views: 560

Re: How do I assign static IPv6 address to devices from the router?

This is mission "nearly impossible". One issue is DHCPv6 server on ROS ... it doesn't support giving out IPv6 addresses, it only hands out prefixes (there are some recent activities which may improve DHCPv6 server by adding address assignment functionality). And the big issue is client sup...
by mkx
Wed Nov 20, 2024 11:59 am
Forum: Announcements
Topic: v6.49.17 [stable] is released!
Replies: 18
Views: 69857

Re: v6.49.17 [stable] is released!

Well, why not just mention that in changelog?
When did MT make changelogs easily understandable?
by mkx
Wed Nov 20, 2024 9:48 am
Forum: Announcements
Topic: v6.49.17 [stable] is released!
Replies: 18
Views: 69857

Re: v6.49.17 [stable] is released!

Perhaps some of those v6-only hardware got R2 (with some slight HW changes, requiring minor changes in some device driver?) Since such change doesn't apply to already shipped hardware, ROS change can be factory-only (and it doesn't have to be publicly available since new devices can not be downgrade...
by mkx
Wed Nov 20, 2024 9:38 am
Forum: Beginner Basics
Topic: Trying to trunk between two switches [SOLVED]
Replies: 5
Views: 935

Re: Trying to trunk between two switches [SOLVED]

On both switches: if you're using VLAN Interface, anchored off bridge, then bridge CPU-facing port has to be tagged member of corresponging VLAN:


E.g.:
/interface bridge vlan
add bridge=SW1 tagged=SW1,ether8 vlan-ids=40
/ip dhcp-client
add interface=Management
by mkx
Wed Nov 20, 2024 9:31 am
Forum: Beginner Basics
Topic: Help DNS approach to Faster Browsing
Replies: 25
Views: 2133

Re: Help DNS approach to Faster Browsing

Do any ISPs still use squid proxy/cache servers ? Can't speak about ISPs, but in my company (with a few remote offices) we're forced to use proxy server (squid) for remote offices to be able to exit to internet (the connection between remote offices and main office is over some MAN which offers the...
by mkx
Wed Nov 20, 2024 9:25 am
Forum: Beginner Basics
Topic: LTE modem 4G (bands 3,20) and 5G (band n78) [SOLVED]
Replies: 3
Views: 647

Re: LTE modem 4G (bands 3,20) and 5G (band n78) [SOLVED]

There is any Mikrotik modem (only modem) that suports this 3 bands? If you're thinking of attaching modem directly to RB5009, then the only option would be USB modem ... and no, MT doesn't offer any USB modems what so ever. So the only option would be to go with models, mentioned by @gigabyte091 .....
by mkx
Wed Nov 20, 2024 9:18 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 2076

Re: Difference between two Interface Lists

So I added IP address (from modem's "LAN" IP subnet) to my ether port linking with modem. Any particular reason you chose this approach rather than adding <IP>/32 route? The latter should work for both PPPoE and bridged Simplicity. BTW, adding /32 route doesn't make it any more secure (th...
by mkx
Tue Nov 19, 2024 12:30 pm
Forum: Beginner Basics
Topic: WiFi router + cAP ax [SOLVED]
Replies: 3
Views: 503

Re: WiFi router + cAP ax [SOLVED]

Depending on requirements (WAN speed being one of more important ones) ... but hAP ax3 is generally one of better choices.
by mkx
Tue Nov 19, 2024 12:28 pm
Forum: Beginner Basics
Topic: Update to v7.17beta5 crashed several CCR2004-1G-12S+2XS devices - config recovery?
Replies: 2
Views: 572

Re: Update to v7.17beta5 crashed several CCR2004-1G-12S+2XS devices - config recovery?

It is possible to netinstall (older version, 7.17beta4) while keeping configuration. You can try this and see if it works out.
by mkx
Tue Nov 19, 2024 8:27 am
Forum: Wireless Networking
Topic: wAP ax?
Replies: 267
Views: 32461

Re: wAP ax?

Thanks for the image. So wAP AX seems to be directional. Correct antenna gains seem to be around ~7dBi in the frontal direction. Around 7 dBi for 2.4GHz band and around 5 dBi for 5GHz band. There's definition about "directionality": antenna beam width is angle where antenna gain drops by 3...
by mkx
Sun Nov 17, 2024 1:51 pm
Forum: RouterBOARD hardware
Topic: RB260GSP can power up by POE on port 1? [SOLVED]
Replies: 2
Views: 693

Re: RB260GSP can power up by POE on port 1? [SOLVED]

Your company switch most likely works as "802.3 af/at" and provides around 48V. Which is pretty much incompatible with RB260GSP PoE-in requirements. Provided power adapter is almost certainly 24V and RB260GSP only works as "passive PoE". Which is, again, completely incompatible w...
by mkx
Sun Nov 17, 2024 11:41 am
Forum: General
Topic: RB3011UiAS Slow Upload [SOLVED]
Replies: 4
Views: 742

Re: RB3011UiAS Slow Upload [SOLVED]

Try disabling LCD altogether. It's known that updating LCD contents affects router's performance quite signifficantly. You posted terse (or verbose?) expirt which includes all sorts of default settings making it much less readable ... at least zo me. So if you do another export (a "normal"...
by mkx
Sun Nov 17, 2024 11:31 am
Forum: General
Topic: CAPSMAN WiFi Wave2 [SOLVED]
Replies: 5
Views: 1089

Re: CAPSMAN WiFi Wave2 [SOLVED]

As the complete bandwidth of 2.4GHz radio is 40MHz wide.... Not exactly true. WiFi 2.4GHz band extends from 2401MHz (lower boundary of channel 1) to 2473MHz (upper boundary of channel 11, relevant in NA) or 2483MHz (upper boundary of channel 13, relevant in EU and almost everywhere else than NA). W...
by mkx
Sun Nov 17, 2024 11:12 am
Forum: General
Topic: CRS-310-8G+2s as controller bridge
Replies: 1
Views: 313

Re: CRS-310-8G+2s as controller bridge

Port extender functionality (either CB or PE) has to be run by switch chip to be effective. So there are 3 possibilities: switch chip used in CRS310 doesn't support this feature support is not yet implemented in ROS documentation is outdated Whichever it is, you could get a definitive answer only di...
by mkx
Sun Nov 17, 2024 11:01 am
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 2076

Re: Difference between two Interface Lists

"off-topic": Why you should add the eth port that is connected to the isp modem to the WAN list? (I'm using PPPoE) It depends. In my case ISP's modem has management interface (Web-based UI) and for that it has "LAN" IP address. Even though I put it in bridge mode and run PPPoE c...
by mkx
Sat Nov 16, 2024 5:03 pm
Forum: Beginner Basics
Topic: Difference between two Interface Lists
Replies: 19
Views: 2076

Re: Difference between two Interface Lists

My question is: In short: interface is the thing which delivers frame to RouterOS. Most often it has IP address set. This "property" is not passed to parent entities. E.g. if you have a few ether ports members of a bridge and teaffuc is tagged so there's also a VLAN interface anchored off...
by mkx
Sat Nov 16, 2024 10:31 am
Forum: Wireless Networking
Topic: trunk in bridge mode
Replies: 2
Views: 582

Re: trunk in bridge mode

If bridge configuration on SXT doesn't have any VKSN-related config, then its IP layer communicates strictly vua untagged frames. Diagram mentions VID 2 as being used as native on trunk between cisco snd SXT (at least the upper-left pair), which means that 192.168.2.0/24 should be used in VLAN 2 on ...
by mkx
Fri Nov 15, 2024 7:39 pm
Forum: Wireless Networking
Topic: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]
Replies: 34
Views: 7030

Re: Feasibility of CAPsMAN VLAN and VPN Configuration on Point to Multi-Point with RB4011iGS+RM [SOLVED]

Commenting on config from attached rsc file ... You shouldn't set use-service-tag=yes , it switches over to different type of VLAN headers. And no tag stacking. All in all device config is a mess. So I suggest you to start over: install ROS 7.16.1 on your hAP ac2, it'll improve wifi performance quit...
by mkx
Fri Nov 15, 2024 7:07 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 160723

Re: v7.17beta [testing] is released!

What does "D" mean in Current Channel?
I'd say it means DFS.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 45