MikroTik

jbl42

As Ca6ko wrote, it is important that the network interface used for netinstall is the one and only active network interface on the host running netinstall. All others must be disabled before netinstall is started. My usual setup to run netinstall is to run in a virtual machine with an USB Ethernet a...

jbl42

Make sure you specify a session file (e.g. <own>) in your connection.

After wiping out sessions and creating a new one it indeed works.
I'm happy to stand corrected!

jbl42

I'm not ;-) I only apply such filters for stupid paying customers wanting it. Because they only know YouTube for video and Facebook for social media. So they think trying to block those two sites helps anything. What I sometimes do on sites with low bandwidth uplink is using tls-host rules to apply ...

jbl42

add software-id column in winbox neighbors discovery section. software-id column is available in neighbor window in Show Columns... menu (down looking arrow on the right) But a long standing feature request is that WinBox keeps selected columns and does not set them back to defaults for every new s...

jbl42

What I do on "important" RB5009 is to sacrifice ether8 for mgmt port. I make it not part of the main bridge nor part of the LAN interface group and bind a static ip directly to ether8, allow winbox/webui/ssh on it. So if I mess up bridge settings or FW rules in a way not even MAC access is...

jbl42

Beside running services, I can also see value in Docker for testing and debugging: Temporary starting up a minimal Debian or Ubuntu image on a remote router to run tools like flent, cacti or nagios from the router's remote point of view could come in handy.

jbl42

Yes, using tls-host is in my experience the best result with least effort add action=reject chain=forward in-interface-list=LAN protocol=tcp reject-with=tcp-reset tls-host=*.googlevideo.com Plus a rule to block quic. It is resistant to DoHS, but not against VPN. It requires only one simple and easy ...

jbl42

As always with technical problems: It is not about who is right. It is about what works. In summary: Youtube can be blocked to a certain extend for the average user by forwarding DNS to a commercial DNS service like Cloudflare, Umbrella etc. They have the abilities to track and adapt to the constant...

jbl42

To add something more constructive to all the complaints: I'm happy with the state of ROS 7.x on RB5009. For heavy SOHO and small branch applications, they work reliable with not much complaints except some SFP+ module issues solvable by using other SFPs. Also Docker is appreciated to run services l...

jbl42

jbl42

I read something about using switch ACLs but this doesn´t seem to be supported on my switch cpus (QCA 8513L) According to https://help.mikrotik.com/docs/pages/viewpage.action?pageId=103841835 CRS125 should have switch ACLs available in /interface ethernet switch acl At the other hand, LLDP should n...

jbl42

I don't think it is the heat in my case. In the interface it shows the temperature of the sfp around 30 celcius while it shuts down at 95 No, it's not. The RB5009 is quite picky with SFP(+) modules. Many do not work, but do work on RB4011 (which also required many ROS upgrades to solve SFP problem ...

jbl42

Bugs and things like BFD have no "enabled=yes" switch in RouterOS configuration files, sorry Sorry Normis, but writing nonsense like "there is no enabled=true for BFD" after 18+ months of claiming to work on it is just pathetic. If 18 months is not enough for MikroTik to bring B...

jbl42

Eh, Jletti42

My Italian is rusty, but still I think I got that one

jbl42

Beside protocol issues, the important thing to know is that youtube content is delivered using a world wide CDS (content delivery system). Most of it runs on Google's own infrastructure, part of it is also rented from Akamai and similar. So the list of youtube hosts is a) large and b) constantly cha...

jbl42

It's been odd to me that rb4011 sporting a fairly powerful hw lacks usb port and now it's disappointing to know there's no workaround for it either. Yes. Especially regarding the fact the RB4011 SoC features a USB3.0 controller. Still for some reason MikroTik decided not to add a USB port for RB401...

jbl42

This issue was introduced with 7.5, and still happening with 7.6: https://forum.mikrotik.com/viewtopic.php?t=190072#p964372 It was reported to be fixed, but is still appears in the current 7.7 beta https://forum.mikrotik.com/viewtopic.php?t=190351#p965140 For our three CCR2216, we had to go back to ...

jbl42

Two pieces of metal, one cast and one sheet, two sets of LAN terminals, an USB, SFP, and some other connectors, plus a printed board with some chips on it. Always funny when some random guys know things better. The shortage affects especially "simple" chips. Like small uCs, voltage contro...

jbl42

The UBNT are much more stable (and you have to like the UniFi controller thing), but if you need an AP running reliable in a busy bar or office, with 10+ neighbor SSIDs fighting each other, they still have issues. In such locations, it is worth to spend some £200 - £250 for a lower end professional ...

jbl42

I have a RB5009 in "production" at home running 7.6 (7.5 and 7.4 before). 1Gbit fiber, SFP+ module, NAT, some medium firewalling, 4 VLANs with HW filtering on the bridge, some simple queues and wireguard server. 2 persons frequently working from home, with heavy VPN usage, Teams/Zoom confe...

jbl42

*) sfp - added 2.5G SFP module support for RB5009;

Thanks. If AutoNeg is disabled and speed fixed to 2.5GB, it works with an ISP provided PON-ONT in RB5009 SFP+ port.

jbl42

For RB5009, we were able to get our hands on some rb5009upr+s+in. We do not need the PoE, but better than nothing. We also had to bite the bullet and buy some expensive Cisco boxes, because CCR2216 is available nowhere with unknown date of restocking. We still have global chip shortage. My employer ...

jbl42

The last email from support... they recommended changing the lease time on the router and Extending the Key Exchange time out to something longer than the 5 min default. This is sheer desperation. There are long standing issues with key exchange on MT WiFi, but this is not related to noise/HD probl...

jbl42

the fact that Wifi 6 ax is still not fully baked at Mikrotik

WiFi in general at MikroTik is not even closed to be baked.
I'm a MikroTik router proponent, but do yourself a favor and stay away from any MikroTik WiFi.

jbl42

I'm going to evaluate for the coming days...luckily an RB5009 has 1Gbytes so there is some headroom ... but stil.... If I read your chart right, the memory consumption increased by about 4MB in about 6h and seems to stabilize towards the end of the available data. PiHole is caching things like reso...

jbl42

No, I did not try to disable L3HW.
I don't see any value in running a ROS version with broken L3HW on a CCR2216. As you mentioned, the large scale L3HW capabilities are the reason to pay the extra money for a CCR2216 in the first place.

jbl42

I think I have to rephrase my question: what´s better in 6.47.9 wifiwise than with 6.49.7 ?

Nothing we know about, and hardly related to TX power.
But everything after 6.47.9 is worse than 6.47.9.
No more details known beyond what is mentioned in the (incomplete and sketchy) ROS release notes.

jbl42

Its not MTs fault, its Apple fault to use mDNS. As a hobbyist, this might be a valid point. As a professional: Have you ever tried to sell gear not supporting the managements beloved iThings to a company? Ever tried to explain to a "important" manager that his shiny new iPad Pro cannot co...

jbl42

Is it related to the TX power setting, which is not available in newer versions? No, it is related to issues with the ROS 7.x WiFi driver for hAP lite and hAP mini. TX power was removed to comply with regulation. But contrary to popular belief, increasing TX power does not help much anyway. WiFi is...

jbl42

Installed 7.6 without issues on several RB4011(no WiFi) and R5009. Basic setups (NAT, VLAN filtered bridge, some simple queues, basic firewalling, DHCP client/server), all working fine so far. Different on CCR2216: BPG/OSPF with large (300'000+) tables and L3HW enabled is unstable and peer connectio...

jbl42

It is and was a sad story: Never put MT WiFi APs into noisy environments, especially not if you are the one being called if things do not work: The 2.4Ghz Radio will kind of lock up every few hours or days, requiring a reboot to get clients connecting again For 5Ghz, if using DFS channels (what is i...

jbl42

Yes, 224.0.0.0/24 addresses shall not be and are not routed by normal routing. That's why an additional mDNS reflector is required in the first place to propagate mDNS among subnets. Technically, it is an odd thing to do. But practically there are many add-on implementations by Cisco et al to make A...

jbl42

At least for the Zyxel APs I used so far, intra-bss blocking blocks communication between clients (STAs) on the same AP using the same SSID, independent of 2.4/5GHz band. Other brands calls the same feature client isolation. This is often used for public APs in Hotels, Bars, Shops etc. for security ...

jbl42

"NIST compliance" is a very broad term. NIST (National Institute of Standards and Technology, a US Federal Organization) has many different standards in different revisions. Some of them also combine or overlap with US federal standards like FIPS . I suggest to ask for the exact standard n...

jbl42

The price difference mainly comes from thw 2216 providing 25GBit local links with 100Gbit uplinks vs. 2116 with 1Gbit local links and 10Gbit uplinks. 25/100 Gbit vs 1/10Gbit switch chip makes a big price difference. If your routing/QOS is CPU based and the load high enough for the CPU being the bott...

jbl42

SFP(+) is an unofficial standard and only specifies the mechanical and electrical interface. There are different protocols possible between the SFP port and the inserted module. Depending on speed and copper vs optical: MII, GMII, SGMII, raw 4b5b, raw 8b10b, and many more. Technically, a SFP(+) host...

jbl42

1. I'm not sure the OP is talking about RB5009UPr. The "normal" RB5009 also has PoE in on ether1 2. The 7.6beta6 release notes do not mention any PoE in related fix 3. Running betas on production devices is a no-go. So are you telling us RB5009UPr is not ready for production yet? An then t...

jbl42

Updated two RB4011 and one RB5009 in our testlab and one RB5009 at my home network 7.4.1 -> 7.5 without issues so far. Used features: intra VLAN routing (no BGP/OSPF) with srcNAT towards WAN, bridging 5-7 VLANs with HW filtering, 30-50 FW rules, some simple queues, NTP server/client, DHCP server/cli...

jbl42

As I said before, free filtering platform or software (ex. Pi-Hole) are suitable if the Organization has a skilled admin supporting the service. And if there is no need for enterprise features (such as Active Directory integration, Google workspace synchronization, etc). Most companies using MT equ...

jbl42

I would like to be able to access the same VLANs of building B, basically as if I were connected directly to the router of building B. How can I go about transporting VLANs through NAT? (The masquerade is involved) VLAN is Layer2, NAT happens on Layer3. You need a L2 over L3 tunnel, like EoIP and s...

jbl42

RB5009 does support EEE 802.3az on ether1 - ether8. I have several RB5009s connected to Cisco switches and EEE is supported and operational on Cisco <-> RB5009 1GB connections. It is not mentioned in the MT specs, It is not visible, cannot be disabled. But its there and it works. Here an example of ...

jbl42

In general: If the specs of a PoE source device do not explicitly mention galvanic isolation for PoE, there is none. It is quite expensive to build in. Devices like MikroTik, Ubnt, TP etc all miss galvanic isolation on the PoE outs. The PoE GND is directly connected to the power supply ground of the...

jbl42

I was able to pass the card through to a Linux VM running ubuntu 20.04 and it shows 1G but I can almost get 10G through it with iperf. I was hoping to be able have the card show up as vmnics. Glad to hear it worked. The AR8151 network chip is actually a 1GB chip, but the virtual chip as emulated by...

jbl42

The CSS610-8P (and CSS610-8G) is built based on the Marvell 88E6390X switch chip. SwitchOS lite runs on a small CPU integrated into the switch chip, what makes the very low price point possible, compared to other brand's managed PoE 2x10GB switches. But the drawback is it has not enough resources to...

jbl42

That's not true. It's called limiting access. For example, say you wanted to expose port 22 to another vlan, but not port 23, you can limit what can communicate. Exactly. Even Enterprise boxes from Cisco, Juniper and the usual suspects provide mDNS proxies to allow AppleTV based screen sharing amon...

jbl42

The CCR2004-1G-2XS-PCIe emulates a Atheros 1GB chip towards the host supported by the Linux atl1c driver. It requires a patch added by MikroTik so it is recognized as 10/25GB interface. Currently it is only supported by recent Linux kernels. Not in Windows , FreeBSD (yet) or VMWare7 (I suppose you a...

jbl42

Also of note, I have spun up a CHR and I am able to connect to it via MAC from a laptop on the same layer 2 but from the Windows 11 machine, I am unable. I have gone so far as to move ports on the CRS305 for this Window 11 machine and still see the same issue. Same here: Winbox-mac can not connect ...

jbl42

But on CRS-8P that have both 48 and 24, , if I plug non mikrotik device like a PMP450i are provided 48V, if I plug AF5XHD or AF60-LR, are provided 24V without force anything. The handshake do the choice....??? The PMP450i supports 802.at active PoE in. The CRS-8P supports 802.3af/at @48V and passiv...

jbl42

https://hub.docker.com/r/andrius/asterisk
should run on RB5009/RB4011 and similar arm/arm64 MT devices, but did not try it yet.

jbl42

Do we need to buy additional Power Supply? According to specs, RB5009UPr+S+IN reserves 20W for its own usage, leaving max 130W for devices running on PoE supply. Or 76W with the included PSU. So if the total power consumption of attached PoE devices stays below 76W (which is the case for many appli...

jbl42

Ping to the next hop timeout, and ping to any other IP say no route. I have a deadline this week to get it working, so I'm desperate for help! I have a deadline this week to get it working, so I'm desperate for help! No ROS version, no config export, no details on your setup, nothing about what you...

jbl42

We have some branches connected through Mikrotik PPTP As others have suggested, you might read about PPTP and consider switching to wireguard: https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security we have disabled their Internet usage by disabling masquerade nat. Disabling masque...

jbl42

Anyway, Mikrotik has worse issues with radars than others, as far as I can tell Absolutely. In noisy environments, MikroTik APs tend to "detect" radars all over the place and constantly jump DFS channels. There are many complaints about this in the forum. If non-DFS schannels are not an o...

jbl42

I would think the AP would send an appropriate errormessage and the clients would then go through the complete authentication cycle instead of using the fast PMKSA. Yes, obviously that is what's going wrong. According to 802.11r, it is not based on error codes, but by the AP initating a full IEEE 8...

jbl42

> *) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces; If 802.11r is enabled (`security.ft=yes`) some devices can't reconnect to an AP after the latter gets rebooted. In my case it was an iPhone with iOS 15.5. Logs show the following: mac-address@wifi2 rejected, c...

jbl42

I can remember a link to a thread were someone actually did soldering PCIe sockets onto an RB5009 board. It was either on reddit or here, could not find it in a quick search. He could not get it to work. Most likely there are other components in addition to the PCIe sockets required to be soldered. ...

jbl42

Bro, what are you smoking? Grow up. Netmap is NOT stateless. I use it on ISP BNGs and also in my personal home router for /32s and the same thing for normal home users who are my clients. I have given up to ask you how iptables netmap statefuly accepts incoming UDP content streams to a port request...

jbl42

And every freakin distributor loves to lock in the end user with their specific solution aka "triple play" and likes. And besides VLAN and other related stuff, all using specific port numbers, transport initialization, multiple streams using different transports and sometimes even proprie...

jbl42

Repeat after me: There Are No Standards, Not Even for IPTV. :D Sniffing the Transport field in the outgoing RTSP request as defined in RFC2326 is enough to have all those IPTV solutions working. Transport: RTP; unicast;client_port=12345 OpenWRT manages to handle all those IPTV services with just th...

jbl42

Bottom line, it's virtually impossible to implement a general RTSP "helper" since there isn't just one "standard". Quite the opposite there are many different ones including proprietary solutions and they all differ depending of intended application. While I agree on this, I thi...

jbl42

Isn't that just "architectures supported by dockerhub"? When you compile your own binaries, you could use any architecture, of course easiest is to use the architectures supported by gcc. Yes. Dockerd and associated utilities can be installed and/or built anywhere a recent enough working ...

jbl42

Only x86, arm and arm64 Architectures supported by Docker are ARM ARM 64 IBM POWER IBM Z PowerPC 64 LE x86 x86-64 Docker does not support MIPS or Tilera (TILE support anyway was removed from official Linux kernels in 2018 ). While technically Docker most likely could be ported to Linux/MIPS or Linu...

jbl42

Im getting this error in red now which I didn't have before the upgrade anyone know best way to resolve it?

Remove the bandwitdth from the cake queue type and configure traffic limits within the queue itself.

jbl42

If the users instead to submit problems to support@mikrotilk.com do a mess on user forum So reporting the same issue over and over to support is better than reporting the same issue again in the forum? And why is MT support telling me to report issues with betas in the forum? And how does it come y...

jbl42

If the user read the whole topic to see if someone has already asked or reported the same thing, instead of making another post virtually identical, there will probably be no errors and everything would be more readable ... Nope, the user is not exepcted to read the whole topic for a (beta) release...

jbl42

As far as I have tested, this authentication using APP password has limited use. You can not logg inn to an gmail account with it (using web), so you can not change anything. There are (IMHO perfect legitimate) reasons for APP passwords: If it leaks, you just can revoke the APP password using your ...

jbl42

Updated the RB5009 at home (admittedly also kind of YOLO with 3 teenagers ;-) from 7.2.2 to 7.3.
No new issues so far, config export diff is clean.
Same with two lab RB4011 at work.

jbl42

In both routers
Code: Select all
/system routerboard settings set auto-upgrade=yes
was configured and routerboard firmware version was v7.2.3

You have remote routers on auto-upgrade and get them updated at the same day of a new 7.x release?
You seem to be more the YOLO type of admin ¯\_(ツ)_/¯

jbl42

Also, in such cases it will be sufficient to have a simple queue tree with e.g. 4 or 8 priorities derived from DSCP, similar to what you have with WiFi WMM. But it appears that some people really are only satisfied when having CAKE. That's what we did for many years before there was Cake. The beaut...

jbl42

It's usually pretty hard to saturate >1Gbs connections without proper test equipment so that's probably why you don't see any major difference ie only achieves 10-15 ms latency. Also buffer bloat is usually less of an issue for symetric lines like 1000/1000. In extreme cases like 1000/50 cable inte...

jbl42

I have a 1Gbit fiber connection over pppoe and when i use these settings ( corrected for 1000mb up and 1000mb down ) this does not improve things, only losing some bandwith. Even when setting bandwith to 900mb up and down, the bufferbloat remains te same ( about +10ms to +15ms on a 2ms unloaded pin...

jbl42

@nrz If you you deliberately want to missinterpret what I wrote, you can read or that way. Fell free not to listen to your customers, many of them beta testing your stuff and sharing their decades of experience for free. Just continue debating your customers and knowing things better. Luckily my sal...

jbl42

If you are referring to BFD,. I'm referring to BGP Multipath selection, BGP Aggregation, RFC 6666, RFC 6286,BGP Advertisement monitoring and BGP Prefix limit (prefix limit has "initial support" with 7.3 after having having MT officials here in the forum claiming it is not needed at all). ...

jbl42

Regarding the non-existing progress on BGP and IPv6 in ROS7, I really wonder to whom MT is planning to sell all the new CCR2000 high-end devices not able to run ROS6. With all the more advanced features missing, who is supposed to buy those devices? They are way overpowered for home applications, an...

jbl42

What's new in 7.3beta40 (2022-May-11 12:18): !) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled); Ok. Cake is not allowed for simple queues and tree queues anymore. Will be disabled. Got it. What's new in 7.3rc1 (2022-May-27 11:50): *) queu...

jbl42

The maximal raw WiFi bandwidth with ac2 2x2 Mimo is 866MBit/s (2x433). Connection at the theoretical max rate will only work in the same room a few meters away from the RB4011, if it at all. A room away it will be closer to 200-300MBit raw WiFi rate. The practical per client TCP bandwidth as measuer...

jbl42

Surely, download is shaped and controlled by the ISP and upload by the client? What am I not understanding here with everyone wanting Cake on Simple Queue? See here for an example were the DL/UL is shaped by the ISP to 500/100 https://forum.mikrotik.com/viewtopic.php?p=935980#p935980 The cake simpl...

jbl42

Are there any advantages at the RouterOS v7.2.3? It depends. For the average IPV4 NAT home/smb router, ROS 7 works fine. Plus you get Wireguard and fq_codel/cake queues. For the more advanced stuff (IPv6, "real" routing with BGP/OSPF, advanced queue trees, VXLAN, MLPS, ...) ROS 7 is not y...

jbl42

To avoid further flooding of the 7.30beta thread with Cake topics, here some results taken from my home network: RB5009, ROS 7.2.2, Fiber uplink at SFP1 using PPPoE with NAT capped at nominal 500/100 by the ISP equipment at the other end of the fiber. The ISP UL shaper does a not so bad job, but the...

jbl42

If the rumored price of about 210€ turns out to be true, it is even a very good offer if it is just used as a "normal" 2x SFP28 NIC in pass-through mode for Linux servers.

jbl42

My guess is RSTP on those switch chips was added at the same time as the VLAN-filtering and the footnote can just be updated Yes, for devices using RTL8367 (like RB4011), l2hw offload for STP/RSTP was introduced at the same time as VLAN filtering. And because ether1-5 and ether 6-10 are connected t...

jbl42

I do not have a spare parts to test on win 10, but probably the string is emulated, not real.... (win 10/11 is the same from this point of view) According to the block diagram , the Ethernet controllers exposed to the PCIe host are indeed not "real". They are kind of emulated inside the A...

jbl42

Hosts' DHCP times out before router is fully up to hand out IPs.. Hosts pick their own RFC3927 address and remain offline. Some hosts retry the DHCP discovery and come online properly.. Once the router is back, run a script on the switch disabling all client switch ports and reenabling them after s...

jbl42

Looking at the 2nd capture sniff02.png At packet #241-243 the SIP host sends 3x SIP CANCEL, which the MikroTik fails to deliver to the PBX and hence bounce with ICMP code 3 (Host unreachable). After that (starting at #254), the PBX on 192.168.1.252 starts responding again, but never with something e...

jbl42

But it works for physical ones, for example, my WAN interface is ether1. I haven't tested if it actually functions properly, but RouterOS let's me assign the queue. In my tests it never was possible to attach cake as interface queues on virtual interfaces. But what works, at least for me up to ROS ...

jbl42

Yes, the Anynode-device is registered to our PBX. And it is registering every 3 minutes. Have you tried to increase the udp-stream-timeout to 5m in /ip/firewall/connection/tracking ? The default value is 3m (minutes), same as your phone's register interval. Maybe the connection times on small inter...

jbl42

How do you specify the Cake bandwidth on asymetric links?

limit-at=DOWN/UP ?

There is no limit-at=DOWN/UP for interface queues.

jbl42

the cake was a lie all along bros....

:-) memories...

jbl42

CAKE type was always meant only for interface queue, it had no effect when used in simple queue. I'm confused. I run 2 cake queue types on my WAN bridge interface in a simple queue and it works without issues. In a WAN interface queue , how do i specify different rates for asymetric lines? Further,...

jbl42

I see, thanks for the link! That looks like OM3 glass and not plastic to me. 8) But anyway still very cheap. After checking it out: You're right. The "PVC (OFNR)" is bout the coating of the fiber, not the fiber itself. And yes, fs.com is a real price dumper. (I'm not affiliated with fs.co...

jbl42

@jbl42: you probably just mean multimode fibre (which is glas, but that´s also getting cheaper), or is there really a plastic fibre solution for 1G and for let´s say longer than >30m? We used fs.com OM3 Multimode PVC (OFNR) with success for such applications: https://www.fs.com/products/74385.html?...

jbl42

Multimode plastic fiber stuff has gotten very cheap. For WAPs exposed on poles, using cheap plastic fiber for the network link solves all problems with EMC, potential differences and surges. If the WAP is missing SFP, use a cheap media converter to convert to copper on top of the pole. The power sup...

jbl42

If we had a public bug tracker / issues list currently known it would be so much easier. If we are at it, proper release notes would make thighs easier too. "fixed an issue with xy" is less than helpful to decide if it is worth to take the risk of an update. Especially nowadays, were ROS ...

jbl42

wouldn't it also bottleneck on 1 out of 16 cores with the CCR2116? A single TCP connection is always handled on 1 CPU core. This is required to avoid packet reordering. So if you run a speedtest using only one TCP connection, it will max out 1 core also on CCR2116. But if you run several connection...

jbl42

Come on, this has already been discussed 20 times before! YES, the default was changed. YES, devices that were installed from defaults before that change now display a warning. YES, that warning is needlessly alarming. This is ALL already known. This is only known for frequent reader. Known issues ...

jbl42

When you have 20 rules that each check different variant of ICMP and you replace that with a jump to a separate chain it will perform a factor of ~20 better. I know ICMP is just an example for the principle here. But if we are at it anyway: I never got why so many people try to tamper with ICMP in ...

jbl42

100 total for input + output + forward chain ? Yes, 100 "non raw" rules in total. What happens above those 100 rules ? Is the performance drop linear or exponential ? (I'm asking because I'm interested in the 5009 once PIM-SM is supported) For our uses cases, it is good enough if RB5009 f...

jbl42

how is possible reach 140G if the max speed of combined port are 100G? (or not?) As I understand it, we are discussing the speed of the established link, not the effective throughput. The CCR2216 block diagram states "2x100 GB full duplex" for the QSFP ports. It should be possible to esta...

jbl42

Does anyone have figures showing "when it stops being negligible" ? The impact and scalability of FW rules is depending on device capabilities like number and speed of CPU cores, RAM size and l3hw offload in the switch chip. So it is hard to come up with numbers among different MT devices...

jbl42

The RB5009 quick set config gives you the equivalent of a normal "dumb" home NAT router: - DHCP client towards WAN - DHCP server for LAN - DNS server for LAN (forwarding to DNS received by DHCP client on WAN) - srcNAT (masquerade) towards LAN - all connections LAN -> WAN allowed - all conn...

jbl42

however when I plug in my ccr2216 with the 40g transceiver in port qsfp #1, the qsfp port #2 does not show 100G speed available only 40g. For your setup, QSFP-1 should run in 4x10GB mode and QSFP-2 in 4x25GB mode. I seems like running QSFP-1 with 4x10GB somehow disables 4x25GB on QSFP-2. Most likel...

jbl42

Do you have some kind of evidence to back up the claim that the RB4011, RB5009, etc will do the job? The RB5009 maxes out a 1GB uplink with PPPoE with 10-30% CPU load on all 4 cores in my personal experience. I has a 4x 1.4GHz 64bit Arm Cortex-A72 CPU compared to 2x 800MHz ARMv7 32bit wich is a lot...

jbl42

Hi strods No issue, thanks for your hard work. Normally I'm not the type getting grumpy in vendor forums. The reason I did tis time is the following: *) leds - fixed wireless related LED behavior with WW2 package; *) ww2 - fixed VLAN tag handling; So those two ww2 related fixes were tested on 7.2.2 ...

jbl42

But in case of such a blocking problem I would expect either a delay of the stable version, or a warning "do not upgrade to this version when you use wifiwave2". In the normal world yes. In the world of Mikrotik labels like "stable" and "RC" and are just randomly attac...

jbl42

What's new in 7.3beta37 (2022-Apr-25 15:29): *) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34); And the same bug was also introduced in 7.2.2 "stable", which was released later than 7.3beta37... Bugs introduced in v7.3beta34 also appear in 7....

jbl42

We use RB5009 and RB4011 as site routers for small branch offices with good success, while we are mostly a Cisco and Juniper shop for HQ and larger sites. Now we started to investigate VXLAN for near-future use, most of our Juniper/Cisco boxes can do VXLAN in HW at full wire speed. I would love to m...

jbl42

RB5009 supports L2 hw offloading for VLAN filtering. All traffic not addressed to the CPU interface is handled by the switch chip with wire speed and not visible to the CPU, hence it does not appear in torch. To torch bridge traffic with active VLAN filtering, temporarly disable HW offload on all br...

jbl42

PPTP is inherently unsafe by today standards, see https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security If you have known IP ranges from were your PTPP users are connecting, you can improve the situation a little bit by restricting source IPs of PPTP clients. But still, if securit...

jbl42

The RB5009 has issues if the switch traffic ingress port runs at higher rate than the egress port, in your case towards PC2 with 100MBit. There are several topics discussing this, the biggest is this one, discussing the same issue when mixing 2.5GB and 1GB. https://forum.mikrotik.com/viewtopic.php?p...

jbl42

According to the 802.3az standard, EEE shall only be enabled if agreed on both ends during link auto negotiation, using a special "next page" for EEE. Some devices allow to force-enable EEE if auto negotiation is disabled, but this is not conforming to the 802.3az spec. So either the RB500...

jbl42

This looks like congestion problems if download traffic ingresses with 2.5GB at ether1 and gets bridged (switched) towards the ether2-8 1GB ports. As the bridge ingress port is faster than the egress port, the switch chip queue for the egress port overruns and packets get dropped. This causes packet...

jbl42

There must be a very good reason why this "basic" feature is not added to the Linux kernel for over 15 years. So there is no simple toggle "enable RTSP helper". While I personaly do not have a need for a RTSP proxy in ROS, there still is a very good reason there is none in the L...

jbl42

Really looks like using a different main router makes both of your smartphones connecting with 20MHz only while the TV stick is able to connect with 80MHz at the same time. Very weird indeed... Looks like an obscure bug only happening for some "special" combination. I suggest to contact Mi...

jbl42

My ISP give me unlimited traffic but after 10GB it droped me download speed to 3Mbs ... How else can you know bandwidth has dropped if not specifically testing for it ? Checking for the total traffic of the interface to reach 10GB? It is available in interface stats and can also be read by scripts....

jbl42

As far as I can see you are using your local private IP as source for outgoing public internet traffic, because no NAT. Private IPs are not routed in public Internet, so there will never be a resonse from any server with public IP. The outgoing traffic visible in your screenshot is your ping request...

jbl42

@jbl42, VLANs 0 and 4095 are reserved and VLAN with id 1 is the default VLAN used by MikroTik and should not be used... It is explained here https://en.wikipedia.org/wiki/IEEE_802.1Q Yep. VLAN1 is used by MT implementation as default PVID for all ports, same as for many other vendors too. But in of...

jbl42

My problem is, i noticed that when im upstairs i have full net speed and mobile phone says that wifi link speed is 866 mbps. When im downstairs, wifi link speed is 192 mbps and im standing right below the AP. (I checked with winbox in the router to be sure that phone is indeed connected to downstai...

jbl42

please advise what went wrong.it is nearly 1 year old.

Obviously some electronics stuff inside broke, overheated and the unit died. Such things happen.
Return it to your retailer and get it replaced. If it is less than a year old, it is most likely replaced under warranty.

jbl42

bind() failed: An attempt was made to access a socket in a way forbidden by its access permissions. [10013] This is an error coming from the windows socket API when netinstall tries to open (bind) the listening port for incoming netinstall boot request. There are usualy two reasons for this: Anothe...

jbl42

If a bridge has protocol-mode=none it will forward packets with a destination MAC address 01:80:C2:00:00:0x, this is not compliant with 802.1D but has its uses. It not only violates 802.1D, it has the potential to mess up VOIP settings by propagating LLDP-MED to all ports. If you set protocol-mode=...

jbl42

VLAN-id=1 should not be used in your configuration... Read here : https://help.mikrotik.com/docs/display/ROS/VLAN " The IEEE 802.1Q standard has reserved VLAN IDs with special use cases, the following VLAN IDs should not be used in generic VLAN setups: 0, 1, 4095" Source: link above... @z...

jbl42

For inter vlan routing (aka HW-Offloading Connected Routes). For example if i have two access switch connected to a CRS317. Each access switch is a separate L2 with a /24 subnet. Now if the CRS317 attempts to route between those two networks, two /32 routes a creaded in the routing table of the swi...

jbl42

So for now the best workaround is to disable the "Bridge Port" column in winbox, then we can safely enter DHCP leases & ARP list windows again without disrupting router stability.

It is not sure the information is not polled when the column is hidden in Winbox.

jbl42

Just advising that this problem is also triggered whenever viewing the “IP → ARP List” Window .. Also, this is not a Winbox problem, as the issue occurs even if you access these menus from Webfig. The IP/Arp window has a column "bridge port", same as the DHCP lease windows. This info is c...

jbl42

that's also why RJ45 console cable is part of the basic toolkit of every network technician. (except that you need multiple adaptors, because various network equipment vendors use diferent pinouts) While MikroTik is using the Cisco pinout which is by far the most common among vendors. But yes, ther...

jbl42

3.3V * 700mA = 2.3W The S+RJ10 copper SFP is rated with 2.4W and officially supported for RB4011. So your SFP is OK regarding power consumption for RB4011. Not sure about the RB260GS. But in my experience, the RB4011 in general is a bit picky with SFP support. Especially for "exotic" ones ...

jbl42

Switching performance is depending on the capabilities of the device's switch chip. There might be differences in available features, but the switching throughput ist not depending on ROS vs SwOS. There are some ROS only devices with switch chips not providing l2hw for bridges, so the CPU has to han...

jbl42

The problem is that tv company has multiple streams(10to12) in one multicast ip, where the difference is in the port. Some mikrotiks has eoip connection over internet with the main one, and if a stb connected to these mikrotiks, require one of streams in a ip multicast with multiple streams, all st...

jbl42

@BettyRNorahDeniels GPON (Gigbabit Passive Optical Network) SFPs in general are different to normal optical transceivers. GPON is a shared medium and requires special encription and time sliceing for media access. GPON SFPs conatain local intelligence handling all this low level stuff autonomiously ...

jbl42

am i doing something wrong or is this just a fact of life with the little Hex mips running out of steam? Queues require disabling fastpath so the poor little single core 850MHz MIPS just works it's butt off with routing, NAT and queue ;-) Presumably cake is even more cpu intensive? Efficiency was o...

jbl42

Do you know the user/password to login? If not, there is no way (at least we all hope so ;-). Except doing a factory reset (netinstall) losing everthing. If you have user/pw, you can use serial terminal to access the device and view/export config. RJ45 serial cables are cheap and avaialble everywher...

jbl42

working, but only in CLI

If 88cc is used for mac-protocol, the switch rule can also be set up using Winbox.
The protocoll name lldp (ethertype 0x88cc) is only known on the CLI, not in Winbox.

jbl42

A few days with Winbox connected, but showing only the interface table = no flaps and graphs look ok. As soon as I add DHCP server / lease table = gaps started to appear on graphs immediately and all ports flapped after around 2.5 hours. This. I can reproduce this on a RB5009 running 7.1.1: Having ...

jbl42

I could solve similar issues on RB5009 and 7.1.1 by setting frame-types=admit-only-untagged-and-priority-tagged for the untagged access ports. This setting should not be necessary and should have affect on ingress only. But still it helped for me to get rid of wrong egress tags for HW offloaded acce...

jbl42

Just give one Band more power, make another one weaker, so devices automaticly will connect to the prefered band, if it is your wish... That's what Mikrotik is telling us for years. But band steering is much more than having different TX power for different bands. This might help if a station newly...

jbl42

This is a Marvell reference design for the 88E6393X switch chip used in RB5009:

E55ndoPUcAAa0gA.jpg

A RB5010UG+2S+IN would not have the leftmost 10G SFP+ cage and use the port towards the CPU. The rest is not much wider than a RB5009.

jbl42

I do not see much value in the 1/4 of 1U format. Probably this could change if there are future switches etc in the same format combining different devices. Cramming 4 routers in 1U looks nice, but in most practical installation there is no value to have 4 RB5009 type of boxes in 1U. Granted, this m...

jbl42

The point of the post you yeah-butted was that the OP can't expect to run a single iperf3 client across the router, all set up with the good strong filtering RouterOS allows, and expect to fill the 10G fiber upstream. Agreed. But often I see setups and bechmarks concentrating on single connection p...

jbl42

Single-threaded, as I qualified it, or do you have to get all four cores working to achieve it, as I expect? A single TCP connection is always handled by one thread to avoid packet reordering hampering throughput. In my RB4011 experience, single TCP srcNAT connections max out at 1-3 GB, depending o...

jbl42

The RB5009 switch chip has 3x10GB and 8x1GB ports. 10GB is used for CPU, SFP+ and 2.5GB on ether1 (dedicated PHY chip), ether2-8 go to 7 of the 1GB port and the 8th 1GB port goes to nowhere (and is also missing in the RB5009 block diagram). This seems like wasting potential for a 2nd SFP+ port and g...

jbl42

Worse, in the case of the RB4011, it's tied to the CPU, not to the switch chip so any single-threaded test is likely to choke down to 1-2 Gbit/sec. If this is worse depends on the usage scenarios. Having the SFP+ directly attached to the RB4011 CPU makes it very good for router on a stick applicati...

jbl42

Assuming you will do srcNAT towards 10GB WAN, I would recommend to also consider RB5009. It has a SFP+ too and about 30% more CPU power compared to RB4011, but there is no WiFi version (yet?). NAT is handled by the CPU and the RB5009 is capable of NAT routing about 5GB to/from WAN, depending on amou...

jbl42

Switching vendors for wifi was a bitter pill to swallow... But the amount of complaints and trouble tickets made it absolutely essential. This and the simple fact that MT WiFi still lacks MU-MIMO, Bandsteering, 802.11k/v/r mandated for almost all customer installation those days. The "wave2&qu...

jbl42

replace youtube by pornhub and having kids ;) That's the point: What do you achive with blocking pornhub? There is redtube, xvideos, xhamster and many, many more. They will always find one not on your blocklist, ending in a hare and hedgehog game. And they have friends with parents not caring or la...

jbl42

RB5009 does NOT support l3-hw-offloading (List of supported devices). Setting hw-offload=yes for FastTrack firewall has a recommendatory meaning (i.e., "please offload if you can"). The actual HW offloading state of FastTrack connections appears in the connection list (H flag): I see. Tha...

jbl42

Consider not upgrading to ROS 7 if you are using a RB4011iGS ... It depends. For serious routing and working IPv6 support, RB4011 better stays on 6.49.2 For more home/small office/lab oriented setups (some VLAN/bridging, some queues for VOIP, some firewalling, outgoing srcNAT, no IPv6) RB4011 works...

jbl42

Weird, checked it again and now l3-hw-offloading is no and I can't set it to yes neither No idea how that worked before, I fiddled around a lot.. However, with v7.2rc3 I have fasttrack forward rules with hw offload working on RB5009. Did not find time for propper testing yet, but a quick ipperf run ...

jbl42

L3 offloading working on 5009 here too, as described by @quotengrote. There is a switch property l3-hw-offloading , which I'm not sure only setting offloading for L3 VLAN routing only or also for L3 fasttrack. I had to set to yes to get everything working. Mine was set to no, can't remember if this ...

jbl42

What is the RB3011 CPU load while running speedtests to your ISP? Is the fasttrack rule counting bytes, showing it works? In general, RB3011 strugles with passing 1GBit with NAT and routing doing anything more than simple srcNAT and fasttrack. The offcial RB3011 spec for small packets with NAT routi...

jbl42

2) Major issues with IPv6 in certain scenarios. It seems Linux based hosts (Synology for example) with everything standard, MTU 1500, etc are seeing 25-50% packet loss. On a 10G or 1G link download is around 250Mbps and upload around 25Mbps. The same on macOS 1G link I get gigabit both ways. IPv6 o...

jbl42

What's new in 7.2rc3 (2022-Jan-28 16:33):
*) bridge - fixed filter and NAT "set-priority" action;

Seems like this got fixed with 7.2rc3

jbl42

Your config looks right. The RB5009 on ROS 7.1.1 and 7.2rc1 has issues with DSCP and VLAN IDs and priorities. The initial report was about troubles with outgoing PPPoE and VLANs. Other users have reported the same also for VLAN ifaces directly attached to physical etherX interfaces, breaking SIP ove...

jbl42

I have a simple CAKE queue running in the WAN facing bridge interface. It works great, TX bufferbloat goes down from >50ms to ca. 5ms. So funtion-wise nothin to complain. What confuses me is RX/TX in CLI properties [admin@RB5009] > /queue/simple print name="queue1" target=bridge1_vlan2 par...

jbl42

I'm working on a network with 2 Switchzilla SG250 floor switches connected to a RB5009 acting as router and core switch. switch-sz(gi8) <--> (ether4)RB5009-bridge1-l2hw(ether3) <--> (gi1)switch-wz Very happy with that so far, RB5009 bridge1 bridging, VLAN filtering, STP, IGMP and DHCP snooping is al...

jbl42

Does anyone know if the same issue happens on 2.5GB+ LAN connections? In my tests, 2.5GB has isssues on ether1 and also on SFP+. 10GB works fine on SFP+, 1GB works fine on all ports. Never tested 5GB on SFP+ due to lack of a device supporting it. While ether2-8 go to 1GB ports of the switch chip, S...

jbl42

Clearly not reading the release notes. What's new in 7.1rc3 (2021-Sep-08 13:29): *) added IPSec hardware acceleration support for RB5009; Good to hear I stand corrected for IPSEC and 7.1. Can't wait to give it a new try. My last tests happend on 7.0.5, and I missed the 7.1rc3 release notes just che...

jbl42

AFAIK ipv6 RA is using ipv6 mcast group ff02::2. This is link-local and as such according to the docs always flooded, independant of MLD snooping. But still it seems the MLD querier is required to keep the ff02::2 MDB entries alive when L2 hw offload is enabled. With bridge L2 hw offload multicast l...

jbl42

Afaik, there is no IPSEC HW acceleration yet on the RB5009. Thus, Wireguard is done in software. Currently not. But the RB5009 SoC supports crypto HW offload for IPSEC, Wireguard etc. MT support told me making it available in future ROS releases is to be expected. Until this happens, the RB4011 is ...

jbl42

Just be aware that the ROS bridge IGMP querier is not VLAN aware: Only untagged IGMP/MLD general membership queries are generated, IGMP queries are sent with IPv4 0.0.0.0 source address , MLD queries are sent with IPv6 link-local address of the bridge interface. The bridge will not send queries if a...

jbl42

Besides, in any circumstances I'm getting new-vlan-priority not supported for this switch while trying to apply switch-rules on Marvell-88E6393X [admin@RB5009] /interface/ethernet/switch> rule add switch=switch1 ports=ether2,ether8 vlan-id=100 new-vlan-id=101 [admin@RB5009] /interface/ethernet/swit...

jbl42

There is s similar report here

jbl42

That very issue is still occuring using 7.1.1 on RB5009 (arm64). VLAN PCP/802.1p is not properly set through bridge filter rule. In my experience, bridge filter rules do not work on RB5009 for bridges with L2 hw offload enabled. But adding PCP/802.1p priorites works for me on RB5009 using interface...

jbl42

But I don't understand why this would change anything, all ports on the RB5009 are connected to the 88E6393X switch? The 88E6393X is a 11port switch chip: 3x 10GB raw MI and 8x 1GB with integrated PHYs. One 10GB goes to the CPU, one to the SFP+ and the 3rd is connected to a 2.5GB PHY chip ( QCA8081...

jbl42

I have the same problem. I have a CRS326-24G-2S+IN with a S+RJ10 and lately the SFP+ module has been hitting about 110C and experiencing high packet loss. Is it possible to manually change the speed to 5 or 2.5GbE to lower the temperature? 10GbE SFP+ modules are in general problematic regarding ove...

jbl42

*)health - improved temperature reporting

We can confirm -274° temp readings in System/Health and SNMP fixed on RB4011 with 6.49.1 (in our case introduced with 6.49.0)

jbl42

Would it be so hard to add a drop box with all the network interfaces in it like TFTP32 and TFTP64 do? That way I dont have to cripple my VPN adapters, bridge devices, VirtualBox, Wifi, WWAN adapters etc and then remember to enable them all again manually. Yes please. I also have >10 network interf...

jbl42

wifiwave2 supports 802.11w (Management Frame Protection, standardized in 2009) and MU-MIMO (available from other vendors since 2015). At least on the 4 devices were it is supported at all. But not 802.11r, which is required for fast roaming with WPA-Enterprise to allow WiFi roaming without interrupt...

jbl42

Seems that the WiFi is godforsaken. No 802.11ax , no wifi 6E. Ok, message undestood, Mikrotik. You have leave us. Much worse: Not even 802.11k/v/r support for WiFi5. meaning it can't beuse outside SOHO applications. MikroTik has obviously given up on WiFi. Use the routers, they are excellent. But d...

jbl42

I would like to chime in for all saying Etherboot on the LCD screen == bricked......no. it just means you should backup config before an upgrade. which was mentioned in the very first post on this thread and other recent ROS release announcements. This is commonly called a softbrick, meaning it can...

jbl42

The SFP rate select signal is on Pin 7/RS0 (RS = Rate Select). The new ROS setting allows to set he state of SFP Pin7/RS0 The SFP specification (not public) says This is an optional input used to control the receiver bandwidth for compatibility with multiple data rates (most likely Fibre Channel 1x ...

jbl42

Many 1G SFPs contain a Ethernet Copper/Optical PHY chip talking SGMII to the SFP host. The autoneg is handled by the PHY, not the SFP host. The physical bitrate for SGMII is always 1GB, for 100MB every byte is repeated 10x, for 10MB 100x. Looks like the reported bitrate is the physical SGMII rate be...

jbl42

Yes, this is unlikely a bug in the new version. We regularly see the RB temperature sensors return absolute zero when they cannot get a proper reading, in any version of RouterOS. This might be a coincidence. But checking our SNMP log, we only see occasional -274° temp values on the two RB4011 upda...

jbl42

Confirm the temp reading problem in System/Health on RB4011 and 6.49:
The temp changes between -274° and the correct value every 10-15s.
Voltage value is OK.

-274° is probably some internal zero raw value converted to degrees (-273.15° is absolute zero temp).

jbl42

Yes of course we know MTs are phoning home. And yes we know they stop doing it after after we configured them. And our tight monitoring is nothing special or to be proud of. It's just what is mandated in our highly regulated domain. And all of our competitors do the same. Because they have to. Same ...

jbl42

Android is "phoning home" all kind of stuff to Google and every other 3rd party willing to pay Google for data. Not to speak of all the ad-tracking networks it talks to all the time. And no, Android is not open source. Big parts are, but the relevant data sensitive bits (Google Play Servic...

jbl42

The reason you did not get much response is you did not make your researches and did not ask specific questions. "It does not work please tell me what to do without making me educating myself at least a bit" is not what encourage people to help. WiFi for gaming is a bad idea in general and...

jbl42

We have seen CRS, RB4011 and RB5009 devices having auto neg issues with fibre and copper 1G SFP modules running in 10G SFP+ ports. Auto neg status never completes, depending on the device at the other end resulting link is reported as none, 100MB or 1GB and is prone to flaps. Connections to media co...

jbl42

Yes, I sometimes forget the optical stuff has gotten very cheap to... But I think we deviated from the OPs question if an RB4011 can be powered by an active PoE 802.3at or 802.3af switch at ether1 altough not explitly specified. In our experience, it works without problems on 802.3af ports. On 802.3...

jbl42

I had the same issue with an S-RJ01 SFP in a RB4011 running 7.1rc4 and a cable/port working stable with all other tested devices. Sometimes it connects at 1GB with autoneg enabled, when the SFP port is disabled and reenabled some seconds later using Winbox or terminal. What helped to get a stable 1G...

jbl42

The difference is you can get the 0.5m fs.com DAC for 10€ while 2x SFP+ LC module and a fibre to connect them will be 60-100€. For some unknown reason MikroTik decided not to spend a few bucks to add propper DAC driving circuits to the RB4011 SFP+ port. This makes short distance 10G connections requ...

jbl42

We have several RB4011 supplied by eth1/802.3at from switches of different brands (Cisco, HPE, Zyxel and others) without any problems. According to the switch logs, the RB4011 properly negotiates af/at on eth1, although not specified. In our experience, the power consumption of a RB4011 with 4 or le...

jbl42

1476: -20 IP -4 GRE

After rethinking it, i stand corrected: @xvo is right, the correct value is 1476 (GRE Interface MTU)

jbl42

First thing I would recommend is to check is the MTU of the GRE Interface(s). MTU mismatches can cause repacketing ouf outgoing GRE traffic substancialy incerasing the CPU load. If I remember right the MTU for GRE IPv4 interfaces should be 1436 1.436 byte (payload) + 20 byte (TCP header) + 20 byte (...

jbl42

*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4); RB4011 and RB1100AHx4 have more than one RTL8367 chip (one for ports 1-5 and 6-10 on RB4011). HW acceleration for VLAN filtering is obviously only possible on ether ports on the same chip. Question is...

jbl42

So I've tried a disable and enable of sfp-sfpplus1 after a reboot and S-RJ01 now works properly on this RB4011, I'm getting 1500 MRU/MTU on the PPPoE Client :) This was finally solved with 6.47.10 (long-term) and 6.48.3 (stable), see change logs. We could remove all our scripts fiddling with SFP MT...

jbl42

Updated several RB4011 with complicated configs without issues so far. *) rb4011 - fixed SFP+ port MTU setting after link state change; *) rb4011 - improved SFP+ port stability after boot-up Finally. After many months of having to use scripts to disable/wait 2seconds/enable SFP port to work around l...

jbl42

I have a Unifi AC Pro in another room and the 5G always works. We experimented a lot and had the same results: APs from Ubiquiti, Zyxel, Cisco, Aruba and even Netgear are wirkong fine on 5Ghz DFS channels, whereas MT APs at the exact same spot constantly "detects" radars and keeps jumping...

jbl42

I found the topic interesting and could spare some time the last weekend to do some experiments. @Che is right: Masquerade is tight to a physical interface, not to an IP. Masquerade uses the IP of the specified out interface as NAT source. If the interface goes down, loses the IP or the IP changes t...

jbl42

But the clients cannot see each other. The router can see them all tough. What exactly is the question? That clients should not see each other? That's impossible to achieve as long as they share same (unmanaged) ethernet network For those interested in the details: Running more than one IP address ...

jbl42

It's a shame that a single CPU thread limits it in such a way though.. This is in the nature of TCP: TCP guarantees applications running on top of TCP sockets that all bytes are received in the exact same order as the were sent. Even if the packets transporting those bytes get reordered during tran...

jbl42

I'm running this on Big Sur without problems: https://github.com/nrlquaker/winbox-mac Despite the installation instructions, it runs perfectly and self-contained without need for HomeBrew. Just Download the ZIP using the green "Code" button. Unzip it and double click the contained Winbox-m...

jbl42

I.e. setting hw=no on the ports through which the phones are connected should do the same thing as running the torch does: let those frames be delivered to the CPU port. This will not help. The switch logic is the same, HW or virtual in SW. There is no reason for it to forward such a packet to the ...

jbl42

My understanding is that the routing table takes priority. If WAN1 comes back up, then connections that were going out through WAN2 will then go via WAN1 if it has a lower distance value But because of connection tracking, connections will go out WAN1 with the source IP address of WAN2 (src-nat/mas...

jbl42

When 6E products are available and shipping, I plan/hope to add around 1-hundred Wi-Fi 6E APs to my towers which will co-exist next to our existing hundred-plus 5-GHz APs. Regarding the fact MikroTik has not even a device with full ac/WiFi 5 support and no ax/WiFi 6 device in the pipeline there is ...

jbl42

Maybe it helps to disable "station-roaming" on client APs on site 2 and 3
viewtopic.php?f=7&t=151290#p848270

jbl42

This solved my problem too. I discovered afterward that this is officially documented :https://wiki.mikrotik.com/wiki/Manual:I ... on-Roaming Still it's weird MT Devices in station mode lose connections during background scans. Latency spikes during BG scan are to be expected (that's why gamers usi...

jbl42

yes, it seems as some of the traffic would maintain the backup path once swapped for the main connection failure. The backup is flawless because there is "no choice".. the sessions are dead for the down of the WAN1, but when WAN1 comes up again you don't have a down of the WAN2 so all tha...

jbl42

According to our tests the RB4011 SFP+ port only works reliable with fixed-rate SFP modules and disabled autoneg in ROS interface settings. Technically, copper 1000-Base-TX can not work without autoneg. 1GB autoneg includes essential things like clock master/slave role determination and link trainin...

jbl42

My guess is that the reason why it works when torch is running is that activation of torch bypasses the standard L2 forwarding on the bridge, so the IP stack gets the frames from the phone even though they come with a wrong destination MAC address. If torch is activated on an interface, all ingress...

jbl42

We replaced the MT S-RJ01 with a spare SwissGBIC SG-1G-T (OEM version of FS.com SFP-GB-GE-T https://www.fs.com/uk/products/75324.html). The SG-1G-T is 1000BaseT only. After disabling auto neg and forcing 1G full duplex on sfp-sfpplus1 we got a stable link using the same 70m S/FTP cabling. You could...

Search found 211 matches