MikroTik

On my RBD52G-5HacD2HnD and RB4011iGS+5HacQ2HnD with the wifi-qcom-ac package, I discovered that when the first user connects, the wireless interface goes through the RSTP listening and learning states, despite the Edge property being set to auto. In such a situation, you can forget about seamless ro...

akakua

/routing/route print detail

akakua

Do you have routes to 172.16.10.0/28, 172.16.20.0/28, 172.16.30.0/24, 72.16.50.0/24 on router 192.168.1.1?

akakua

You can use l2tpv3.

akakua

Hardware offload does not work in bridge - ports on hAP ax3

Check the list of switch chips that supports hardware offloading - https://help.mikrotik.com/docs/display/ ... Offloading

akakua

Just set the following addresses:
Bridge1: 192.168.222.1/24
Bridge2: 192.168.48.1/22

akakua

But if I still wanted to, how would one go about fixing this problem above?

quote tdw
You could change from RSTP to MSTP, which supports different groups of VLANs on parallel paths, disable spanning tree entirely, or bond the interfaces together as best fits your setup.

akakua

you can specify a mask instead of an address. for example 192.168.88.0/26, so the queue will cover the range 192.168.88.0-192.168.88.63

akakua

You bought an ethernet SFP module, but your isp uses gpon.

akakua

Port - L2
Interface - L3

akakua

/ip firewall filter add action=drop chain=forward connection-state=new out-interface=ether1 src-address=192.0.0.0/24 place-before=0

akakua

Youtube uses QUIC protocol, not HTTPS.

akakua

Set on "client router" -
ipv6/settings/set accept-router-advertisements=yes

akakua

Be aware that the default action of the routing filter chain is "reject"

https://help.mikrotik.com/docs/display/ ... nd+Filters

akakua

https://en.wikipedia.org/wiki/Unix_time

akakua

viewtopic.php?t=143620

akakua

If you need to use one interface(ether or bond) with vlans, just set on it vlan interfaces. If you need trunk vlans between ports of the router - use bridge with vlan filtering.

akakua

Just use main as mgmt.

akakua

https://help.mikrotik.com/docs/display/ ... interfaces
Enlighten yourself.
I gave you the config, just use it.

akakua

Try to delete this weird vlan interface\bridge interface thing and use this config /interface bridge add name=bridge_VF vlan-filtering=yes /interface bridge port add bridge=bridge_VF interface=bond1 add bridge=bridge_VF interface=bond2 /interface bridge vlan add bridge=bridge_VF tagged=bridge_VF,bon...

akakua

I checked on several PCs and found on all of them that only one ip interface listens to multicast [FF02::1]:5678 when I use winbox. For example, if a PC has a wireless and wired interface, it can only listen on the wireless interface, and if you connect to the Mikrotik via cable, then the router in ...

akakua

ip dhcp-server set dhcp1 address-pool=static-only

akakua

Create dynamic vlan entry with added tagged bridge to it in "interface/bridge/vlan/" when i set interface vlan on bridge with vlan filtering enabled, like you alredy doing it with pvid.

akakua

Answer why you use doh as domain name resolver - this will be reason.

akakua

Try routing/route/print

akakua

/interface bridge vlan add bridge=bridge tagged="bridge,ether24_opnsense2,ether23_opnsense1,ether21_SynoBond\ 1,sfp-sfpplus3_proxmox,sfp-sfpplus1_wifi" untagged=\ ether2_nosbox,ether3_IPMI-edgebox,ether1_edgebox vlan-ids=10 add bridge=bridge tagged="bridge,ether24_opnsense2,ether23_o...

akakua

Do you have route on switch to vlan networks?

akakua

No.
You need bonding. https://help.mikrotik.com/docs/display/ROS/Bonding

akakua

Routes on switches?

akakua

You can ask them to give you control of the entire 56.56.56.0/27 network and create second /29 network between ESXi and their router. You must set second IP on interface ether1 of CHR from the /29 network and set a default route via IP address from the /29 network of their router. They must set the ...

akakua

I think all devices are on the same network. when the server sends data to its gateway on .3, then chr forwards it to its gateway .1 (this explains the rx tx rate in the upload test) the response is returned directly via .1 to the server (this explains the rx tx rate in the download test)

akakua

What netmasks is used for ip interfaces of mikrotik chr and main gateway of server?

akakua

does ptpp have vulnerabilities (not mitm attacks, because the guys from the log are not capable of this) that allow you to take over the server or log in to it without a login and password?

akakua

You can use whitelist or port knocking. Or you can use strong usernames and passwords and just ignore this messages.

akakua

At least you can connect via serial port and do some diagnostic. Maybe need to upgrade routerboard?

akakua

What's new in 7.3beta34 (2022-Apr-20 08:23): *) bgp - improved stability when editing BGP template; *) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe; *) dhcpv4-server - added "age" parameter for dynamic leases; *) dhcpv4-server - fixed minor logging typo; ...

akakua

https://en.wikipedia.org/wiki/Link-local_address

akakua

hw-offload=yes means that this rule can be offloaded to hardware, as long as it supports offloading.

Thank you so much, now everything has become clear. Can you tell me where can I find more information about the Firewall hardware offloading implementation in RouterOS?

akakua

Airtime fairness is enabled by default for wifiwave2 interfaces. What about WMM support in wifiwave2? I discovered that the fasttrack-conection rule of default firewall on my RB951G-2HnD changed, now it looks like this: ip firewall filter add action=fasttrack-connection chain=forward comment="...

akakua

A rule without context is not much help. Questions - "Which FW rule permits 'services'" and "Could someone explain to me where is the corresponding INPUT rule for the 'services' to be accepted by the firewall?" Answer - "/ip firewall filter add action=drop chain=input comme...

akakua

/ip firewall filter add action=drop chain=input comment="Input drop all not coming from LAN" in-interface-list=!LAN

akakua

/tool mac-server set allowed-interface-list=none
/tool mac-server mac-winbox set allowed-interface-list=none
/tool mac-server ping set enabled=no

akakua

https://en.wikipedia.org/wiki/Spanning_Tree_Protocol

akakua

/ip firewall nat add action=masquerade chain=srcnat out-interface="VLAN1425"

akakua

If they give you IP address in network 172.16.10.0/24, then you can do "masq" to interface cam vlan, but if you need real routing, then ask your ISP to add static route to your local network (192.168.1.0/24) on gateway of cams network (172.16.10.0/24) (they never do that)

akakua

Add static route to 172.16.50.0 on router A.

akakua

I just noticed that I have a Mikrotik device appearing in my DHCP table. As far as I knew: 1. I only had two Mikrotik devices on-site. 2. Both were not connected. 3. Both were assigned static IPs when in use (prior to disconnection). I've tried: 1. Connecting to the IP address of this device, and I...

Search found 58 matches