MikroTik

biomesh

My crs317 with 7.8 works fine with inter and intra vlan traffic on the same or different interfaces.

biomesh

Upgraded the following with no issues (been running over 34 hours)

ccr2004-16g-2s+, crs317, crs326-24g, crs112, cap ac, chr, crs318

biomesh

Flashfig is still listed as an option on the support website

https://help.mikrotik.com/docs/display/ROS/Flashfig

biomesh

The reset button puts it into reset config mode, caps mode or netinstall mode. Choose which one works best for you.

You might need to have it be a cap temporarily so you can reset it the way you want it to.

biomesh

/system/reset-configuration caps-mode=no

biomesh

Are you out of space on your disk/flash?

biomesh

Do you get full speed if you test from a device with only a 1 gig nic?

biomesh

My l3hw offload for ipv6 on a crs317 works with no issues. Here is my ipv6 specific config: /interface ethernet switch set 0 l3-hw-offloading=yes /interface ethernet switch l3hw-settings set ipv6-hw=yes /ipv6 address add address=fd00:70::1 interface=vlan70 add address=fd00::2 advertise=no interface=...

biomesh

@Larin my ccr2004-16G has factory firmware 7.4.1 and factory software of 7.3.1, so not out of the ordinary it seems. What does seem concerning is that you had so many writes during your uptime of less than 5 hours.

Are you doing any work with containers or a lot of graphing?

biomesh

Why do you quote whole preceding post? Does it help answering? Do you repeat what your interlocutor says when you discuss?

For a CHR instance without an active license

biomesh

If any device needs 48v, you need to have a 48v power supply attached. The switch can have both a 24v and 48v adapter connected to power different devices connected to the switch at the same time.

biomesh

Actually market is full of other brand AX AP's for half of that.
The cheapest competitor in the US would be UniF--k AP lite. Which is $100.

I would not say it is full of $50 AX APs but you can find a Zyxel wifi 6 AP on amazon for $75 USD. Its not what I would buy, but there are options.

biomesh

Under /ip settings you have ip-forward=no. If you want the router to route packets between networks that needs to be set to yes.

biomesh

The 12S+ had some issues initially with reboots (related to the port extender in the block diagram). I have not heard of issues with current versions, 7.5+, but they did exist. Be sure to check the test results and block diagram to see what the router can really do. The 2004-16G versions don't have ...

biomesh

To get the full logging, you would need to have the nextdns client installed on the devices or install it somewhere (docker, raspi, etc) in router mode (setup-router true). Depending on the mikrotik device used, this can definitely be run as a docker container.

biomesh

Also if you use the nextdns client (on a raspi, server, or in a docker container) you can specify different mac addresses to point to different configs. This is what I use to apply extra security to devices my kids use.

biomesh

I use the pro for myself and my parents - for the last 30 days we have had 1.5 mil queries with the bulk of them coming from my home network.

biomesh

If its a small charity, why not just use the "pro" nextdns plan which is $20 USD a year?

biomesh

Use a command similar to

/interface/bridge/port set bridge=bridge-wan interface=ether1 hw=no

Repeat for all interfaces in the wan bridge.

biomesh

You can only hardware offload on one bridge at a time. Remove the wan bridge, as it is not a bridged interface by default.

biomesh

Since you won't share an export, there is only so much others on the forum can do to help.

I would start by checking fasttrack requirements

https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

And then open a ticket with support.

biomesh

More chains do help wrt MU-MIMO.

The cpu/ram would also need to be adjusted to handle the extra load.

biomesh

At least it is better than the sdcard slot on the ccr1009 and ROS7 where it just does not work anymore. Clearly defined expectations/features are better than empty promises.

biomesh

The crs112 is a switch with very basic routing capacity.

https://mikrotik.com/product/CRS112-8G- ... estresults

Depending on your config ~30Mbps is probably to be expected.

The device only has a 400MHz Mips cpu, so it won't be able to do much on the routing side.

biomesh

Do you get full speeds using a 1G port on your lan / 5009 instead of the 2.5G port?

biomesh

You admit you made a risky decision, and yet now want 'fairness'.

Either quietly email support and see if they can help, or buy a new license, or get rid of the device.

There isn't anything else to discuss anymore.

biomesh

Check https://mikrotik.com/buy/

but it looks suspicious to me if the manufacturing third party (or whoever this is) would be trying to sell items outside of the normal distribution channels.

biomesh

Just FYI my CCR1009 was running 7.5 for over a month without issues. I replaced it with a CCR2004, so the 1009 is not currently in use. The only issues I had with 7.x and the CCR1009 were/are: - sd card no longer works - in earlier 7.x version there was a bug with l2tp/ipsec where it would go into h...

biomesh

You might want to netinstall the device to make sure there isn't an issue with the flash or the os install. I would also check the capacitors to make sure none are failing. If you have a backup power supply, I would also test that as well.

biomesh

I also create a vlan interface assigned to the bridge which will have the management IP. /interface vlan add interface=bridge1 name=vlan88 vlan-id=88 /ip address add address=192.168.88.1/24 comment=defconf interface=vlan88 network=\ 192.168.88.0 /interface bridge vlan add bridge=bridge tagged=bridge...

biomesh

Here is a snippet - not going into the actual enabling of l3hw as that is in the manual/wiki. This should be most of it to understand how I use it. CRS317 /ip address add address=192.168.6.1/23 interface=vlan600 network=192.168.6.0 add address=192.168.5.1/24 interface=vlan500 network=192.168.5.0 add...

biomesh

For soho, if you only have one subnet and you are not using the switch as your main router, then there really is no benefit. If you have multiple subnets/vlans on your network but use a separate router, then yes there is a definite benefit. If you use your crs device as a router, it might be better ...

biomesh

On a CCR2004-16G-2S+ I get ~4.6 Gbps single threaded iperf with no wireguard both directions. With wireguard, I get 1.17Gbps (without -R) and 833Mbps (with -R). All tests single threaded. You might want to check your wireguard config on the computer or firewall/antivirus, etc.

biomesh

I'm pretty sure you are hitting the max that this device can provide, considering you are using PPPOE and multi-wan (with the associated rules). The performance tests for 6.x show for a 512 packet size of 385.4 Mbps speed, which will be higher than 7.x due to the removal of the Linux route cache in ...

biomesh

I have bought a lot of mikrotik devices and I don't think I have ever seen a power supply "made" by them. I am sure they buy power supplies from different vendors as needs or supply levels change.

biomesh

The crs3xx series (many of them) have arm cpus. Many of the cpus have multiple cores, but with the older kernel could only use one with ros 6. With ros 7, these extra cores were enabled due to the newer Linux kernel. The crs328 is the only device so far that has had the extra core disabled in ros7.

biomesh

I have not had any reboot issues with a ccr2004-16G-2S+.

It shipped with 7.3.1, but upgraded it to 7.4 and subsequently to 7.5 and 7.6 with no issues.

It was an easy upgrade from my 1009.

biomesh

How about removing

client-mac-limit=0

from your dhcp server.

biomesh

Those two changelog entries don't mention anything about WinBox, from which you provided the screenshots. Look for them in CLI. These work via winbox on all of the devices that I upgraded. crs317, crs318, crs326, ccr2004, crs112, cap ac. For the cap ac and crs112 obviously the l3hw options are not ...

biomesh

Some models, like CCRs don't come with an extensive default config as they are not designed for inexperienced users. https://wiki.mikrotik.com/wiki/Manual:Default_Configurations Start with the forums or help website and build the config (disconnected from the Internet) https://help.mikrotik.com/docs...

biomesh

If it broke everyone's voip, I'm sure there would be more than just a handful of people reporting an issue. I am currently using 7.5 and have been regularly updating ROS with no issues on my voip services. I use asterisk connecting to multiple providers. You could post your config or revert and open...

biomesh

I finally decided to test ipv6 l3hw offloading on my crs317 with l3hw ipv4 already enabled. It was a few quick changes and now I get full 10gbps ipv6 on my internal vlans.

biomesh

No, only devices listed with voltage/current/temperature/fan sensors will have health data. The ~$25 device has none of those.

https://mikrotik.com/product/RB941-2nD

biomesh

Yes, look at the different docs for CRS318-16P-2S+. That is the full model number.

biomesh

Basic config dhcp client on the wan interface saving pd to a pool /ipv6 dhcp-client add add-default-route=yes interface=wan pool-name=comcast_ipv6 \ prefix-hint=::/60 request=address,prefix use-peer-dns=no ip address/prefix (::/64) assigned from the pd pool /ipv6 address add from-pool=comcast_ipv6 i...

biomesh

I don't know how popular these were. They were discontinued in 2018 I believe.

For ram it should show the correct amount. For disk, It could have been partitioned.

biomesh

First off the crs series - especially the 1xx and 2xx versions are primarily switches. You won't get great routing performance off of these devices. Second, running a speed test on a device itself is not the correct way to test as the device will use a lot of the CPU to just run the bandwidth test i...

biomesh

The original gesp looked like this

https://www.streakwave.com/mikrotik-ges ... -protector

The docs probably refer to the newer model.

Do you have the older or newer model?

biomesh

Wow a level 6 license.

biomesh

See what features can be hardware offloaded on a CRS317 https://help.mikrotik.com/docs/display/ROS/L3+Hardware+Offloading?src=contextnavpagetreemode If this is all you need now and in the future, go with a CRS317. If you need more than this or expect you will need more in the future get a CCR (or bo...

biomesh

I would make sure you test iperf going from the server to the client (either using -d or -R option). The output you show is the "upload" on your ISP test. If that shows 1Gbps, then the switch is working properly - it doesn't do anything special for out of your local subnet traffic unless y...

biomesh

If iperf both ways between switches work (with and without the -R option) then the issue would be at the firewall.

Check to see what the load is on the firewall and also check to see if you have enabled jumbo frames elsewhere in your network that is possibly being fragmented at the firewall.

biomesh

There is no automated way integrated that will sync capsman config between devices. You could script syncing changes or use the rest api to make changes on multiple servers at the same time.

biomesh

You can leave the router/gateway address the way it is, but set the network to 192.168.0.0 on the interface that has 192.168.1.1 assigned.

biomesh

Capsman also has the ability to set multiple capsman managers: When the list of available CAPsMANs is built, CAP selects a CAPsMAN based on the following rules: if caps-man-names parameter specifies allowed manager names (/system identity of CAPsMAN), CAP will prefer the CAPsMAN that is earlier in t...

biomesh

ccr1009
crs318
crs317
crs326-24G
crs112-8G
cap-ac

All upgraded with no issues- upgraded from 7.3.

biomesh

That switch supports passive poe in (10-30V) according to the docs. This is only used to power the switch itself and not other connected devices.

https://mikrotik.com/product/CRS326-24G-2SplusRM

biomesh

I suggest using a CHR version of routeros. It is a vm based install and you can choose the version based on max speed on the interfaces used. There is a 60 day trial license that can be used to verify functionality before spending any money on a license. The CHR licenses can be transferred between V...

biomesh

I would not start over - here is a sample config for reference: /interface bridge add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge1 priority=0x2000 \ pvid=75 vlan-filtering=yes /interface ethernet set [ find default-name=ether1 ] l2mtu=9080 mtu=9000 set [ find default-name=ether2 ] l2mtu=9080...

biomesh

- you don't need vlan interfaces on a switch unless you are going to implement l3hw offloading (and perform routing) or want to assign an ip address for management to one of the vlans going through/to the switch (this vlan would be assigned to the bridge) - your ip address is assigned to ether2 and ...

biomesh

Did you enable l3hw offloading? This is primarily a switch and while there are some layer 3 routing features offloaded to the switch chip, the CPU is not going to be able to handle much routing outside of the functionality in the l3hw offloading specs. https://help.mikrotik.com/docs/display/ROS/L3+H...

biomesh

You don't have any firewall rules (only nat) and that also includes fasttrack. Perhaps look at enabling fasttrack to see if that helps.

biomesh

A bridge is only necessary if you have to extend a network across multiple interfaces. If you only use one lan port (even with multiple vlan interfaces) you don't need to use a bridge.

I was just mentioning it as something to consider testing.

biomesh

For the OP, you are only using two ports (wan and lan) so the bridge is not really necessary. I know on a ccr1009 the routing speed and cpu doesn't really differ with or without a bridge, but it might on your device. Are you using iperf for some of these tests btw? That would be the best way to test.

biomesh

zerotier is only available for arm devices.

biomesh

Any chance you might share some stats regarding mem and disk usage for some of the containers? So far I am only using a container I built for nextdns that is based on a small debian image. The tar file is 110MB and I still have the tar file on my disk and using ~300MB disk (I have other files on th...

biomesh

Did you install the container package from the "all packages" zip file?

biomesh

Updated my containers from the 7.0x beta and was redeploy it on my CHR with no issues.

biomesh

Just use vlans, and make sure it is properly configured. There is no reason why it can't work, but it does take more effort to configure than basic configs.

biomesh

If you see it on both, I would just skip capsman on 7.x for now.

biomesh

Since it is reporting out of memory conditions on the hap lite (which has 32MB RAM) you should probably move the capsman server to the cap lite since it has 64 MB RAM and let the hap lite be a capsman client. If you only have two APs, you could also just skip capsman and configure them separately. T...

biomesh

I see that your 192.168.1.x pool includes 192.168.1.1 which is already assigned to the router itself. It would not cause reboots, but should be fixed. The CCR devices do not come with a default firewall and so you must add one. I only see one firewall rule so you should work on that https://help.mik...

biomesh

Can you export and post your config so others can see what is configured on the device?

biomesh

The crs112 also has this issue. Reading the interface stats will increase the cpu load quite a bit.

I reported this issue, but I don't think there is much priority to look at or fix this on the mipsbe devices.

biomesh

The only other suggestion I would make is to check the power supply. A bad or failing PS can have many different symptoms.

biomesh

This whole topic seems odd to me - just opening the case does not void the warranty, at least in the US. What you do once the case is open, makes more of a difference. If you have a model that takes nvme/ssd/ram and you add or replace a user controlled component, then I would say the warranty is sti...

biomesh

You have the wifiwave2 package installed which does not work with capsman.

biomesh

Are both of the devices using the same ISP? I see your results from your work server is fine.

I was just wondering if they are on the same ISP since there could be an issue with bandwidth limits on peering points between networks along the way if they are not on the same ISP.

biomesh

He is at site 1 downloading from site 2, from what I understand.

biomesh

The device can run on either voltage to power the device. The device will use the highest voltage connected to it to power itself though.

biomesh

If it's under warranty, I would rma it. if not, perhaps someone else can give you things to check on the board itself for repairs.

biomesh

The wording is a bit off - he is downloading (100 mbps) from the second site (600mbps), so ideally it would be close to 100mbps in ideal/perfect situations.

Have you tried iperf3 between sites?

biomesh

It should not matter. I would try with one power supply at a time, if you have different ones, try those.

From your description, this is the poe version of the switch, if it was not then you could also try to power via poe in.

biomesh

For the slower ports/interfaces try and set the ingress / egress port speed (switch interface) to close to what the interface can actually support. In the past when I used a 2.5 gb sfp+ adapter I had to set the rate to 2400 to get basically no retries and full speed (basically when sending traffic t...

biomesh

Make sure you reference

https://wiki.mikrotik.com/wiki/MikroTik ... patibility

Also note that 10gbaseT sfp+ devices can generate a lot of heat

https://wiki.mikrotik.com/wiki/S%2BRJ10 ... l_guidance

biomesh

Are the same type of sfp/sfp+ modules installed in both devices?

The temp reading (not cpu temp) on a number of switch models comes from the sfp/sfp+ modules themselves.

biomesh

I think it is hilarious that gdanov thinks software companies will always provide full details of fixed bugs. I have worked for a global software company for over 20 years in a support role and found that while customers might think they are owed detailed answers on bugs/defects, it really depends o...

biomesh

Is
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;

Related to random high cpu seen on startup on TILE that shows as "networking" when using profile?

biomesh

I would disable wpa2-eap and set the group key update to at least an hour (maybe more)

biomesh

You are better off posting an export of your config.

biomesh

Well, you can mention to her .. usually she's the one doing flushing :-P Well clearly she doesnt want to go to bed next to someone with soap in their hair!!. Out of curiosity, how many flushes does it take to get all the shampoo out?? I used to joke with my kids about using the "toilet twirl&q...

biomesh

Think of it this way:

How bad is it to clean your dishes/laundry in your toilet?

Can you do it - yes
Should you do it - no

biomesh

If you do actually use capsman on such a slow device as a crs112, I world suggest not using capsman forwarding.

biomesh

Get a supout and submit it to support. I have seen this a few times, but I can't reproduce the issue at will.

biomesh

Post an export of your config so that members can see what needs to be fixed.

biomesh

The SMIPS devices are for very light use / lab / toy use. Don't expect it to do much, especially with 32MB RAM.

biomesh

But I think the OP wants to build a network for 200 people for $25 USD. Isn't the cheapest way the best way?

biomesh

They key question here: HOW did you get to that 7.2rc7 version ? Coming from ROS6 OR ROS7 <7.1 and then upgrade upgrade upgrade ? Or netinstall from a version >=7.1 and then moving on to 7.2rc7 ?? I am going to assume the first option. And then it DOES apply, if I understood it well. Strods did not...

biomesh

Since this is a dns, web server or reverse proxy configuration issue, I would open a ticket to get someone internally to fix.

biomesh

If you are running the bandwidth tests on the devices themselves that is the issue. This is primarily a switch and the cpu will get overloaded from generating the traffic. Normally you will setup two devices (destop, laptop, etc) to run bandwidth test and have the switch "between" the two ...

biomesh

Option 66 is tftp server name not tftp server address(option 150). Using that option decodes correctly in wireshark when using a URL. You can use 'https://192.168.1.1:8090' s'https://192.168.1.1:8090' I would use the packet sniffer from the router to make sure it is being sent. If wireshark decodes ...

biomesh

Why are you using a http url for a tftp address? RFC5859 states this needs to be an IP address (or multiple IP addresses) not a URL. You need to convert each octet of the IP address to HEX and then set the option. For instance if I have two tftp servers: 192.168.6.1 and 10.1.1.1 it would be: 0xC0A80...

biomesh

Looking at the block diagram, eth1-eth5 has access to both cpus. You have a module in sfp1 (looing at the comments on the interface at least) which means sfp1 and eth6-eth10 only have access to one cpu core. You could try to move the interfaces around to see if that helps performance. You don't stat...

biomesh

The crs305 is primarily a switch with some l3 features. With version 7 you can get some l3 hardware offloading of the routing, but that device does not support offloading of fasttrack or nat. Due to this limitation, your speeds, if you plan on using a firewall would be pretty low. You could try a cr...

biomesh

Here are the relevant snippets: /interface bridge add admin-mac=AA:BB:CC:DD:EE:FF auto-mac=no name=bridge1 priority=0x2000 \ pvid=75 vlan-filtering=yes /interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether24,bridge1 vlan-ids=75 /ip dhcp-client add interface=bridge1 On this dev...

biomesh

I have used the dhcp client/bridge combo for quite some time on crs3xx switches. It worked flawlessly in the 6.x and 7.x versions until 7.2rc2/3. I reported the issue with support and in my report pointed out that switching to tagged/vlan interface config did indeed work. Both methods have their use...

biomesh

Post your config if you want good feedback and not guesses.

biomesh

I would try local forwarding as you aren't using a super powerful device as a capsman server.
This would be in your data path config.

biomesh

Learning the hard way.... Post Mortem analysis: Press any key within 2 seconds to enter setup.. loading kernel... OK setting up elf image... OK jumping to kernel code Could not mount ubifs/yaffs filesystem: No such device This just means you need to netinstall. This is a random issue seen at least ...

biomesh

When you see Could not mount ubifs/yaffs filesystem This means you need to netinstall. I had this happen on my ccr1009 during one of the 7.x updates - the rest of the 7.x updates were fine. Imo, it looks like something is corrupting the partition/partition table. In my case it was 7.2rc2 to 7.2rc3. ...

biomesh

Does it run correctly without using sudo? It runs fine on a Linux VM in my lab using root.

biomesh

The netinstall binary is compiled for intel architectures (i686/x86_64) and won't run on arm devices, like a Raspberry PI.

biomesh

Had an issue with the upgrade ccr1009 - the nand /filesystem was corrupt and had to netinstall. I also was able to duplicate the issue with high utilization on the ccr1009 with regards to l2tp/ipsec. I had no issues with the netinstall/reimport with the exception of the certs, which is to be expecte...

biomesh

On my crs3xx devices seems to have broken access to my management interfaces (dhcp client on the bridge). The switches work but I can't manage them except through a console cable. ccr1009, cap ac, crs112, and chr working fine. I think this has to do with some of the changes to vlan filtering. **mayb...

biomesh

Have you tried a different power supply (swap the one with the bad device with one of the good ones) or maybe netinstalled the device?

It could be some sort of nand/flash issue and that it why I mentioned netinstall.

biomesh

An insecure router can remain that way until it is compromised.

If load has not changed going to or through the server, outside of a hardware failure(which this does not seem too be the case) then you should really start to closely look at the config.

biomesh

If you can't post the export you should deal with mikrotik support only. Since this is a user forum we can only help if we have actual examples/exports to look at.

biomesh

Using iperf3 and my ccr1009 and wireguard I average 450Mbps at ~50% cpu. This is on 7.2rc1.

biomesh

Those with dual core support were a different chipset 98dx82xx series vs 98dx3236.

My guess is that kernel support for the 98dx3236 was not complete with the old kernel in 6x

biomesh

According to the following PDF, they are dual core. I am guessing the updated kernel in v7 allowed for the use of both cores vs the v6 kernel.

https://wifimag.ro/pdf/Prestera_98DX3336_pb.pdf

biomesh

16M of flash is really too small no matter what. I was trying to point out that the smips devices have more issues than the rest due to limited flash and memory. Outside of the smips devices I have not had issues upgrading 6.x. Going to 7.x I had issues but that is because I used separate packages. ...

biomesh

While I think the minimum amount of flash should be higher 64M or 128M and Ram should start at 128M, this would increase the cost of the devices. In your case you reference the hap light which is basically the cheapest device mt sells (along with the hap mini) at $20 usd. It only has 16M of flash - ...

biomesh

You are using it as a router, generally not a good idea for a switch. You might get better performance using the l3hw offloading on this device with ros 7 (which you are using)

https://help.mikrotik.com/docs/display/ ... Offloading

biomesh

If it's only used for switching it should not be hitting the CPU at all. If you get high CPU during the tests, then you have a configuration issue and you should post an export of your config. If you are using it for routing, well, this might be the best you will get as this is primarily a switch wi...

biomesh

All of the other devices with that chipset - hapac2/capac/wap ac show it as part of the SoC as well.

biomesh

If you use capsman, then some settings are enabled by default and some cannot be changed. As for WMM it is enabled when using capsman. I am unsure why you would not want to use it.

biomesh

There is an open bug with sd cards on the ccr1009 models (at least) on 7.x

biomesh

It could - just a bit more work on the programming side since the ::1:0:0:0:1/64 etc would need to calculate the source PD and then determine how to apply the value. With a /48 it could be a literal assignment. Perhaps the command could be written as ::{1}:0:0:0:1/64 etc to determine if it is a lite...

biomesh

I think that would help if you have a static (or fairly static) larger delegation. In my case I get a /60 from comcast and it can change (not often, but it can), so the /48 prefix example would not work in my situation. I am just looking for delegation stickiness when assigning addresses/prefixes fr...

biomesh

I submitted the following as a feature request. Any feedback, support or improvements to the idea are welcome. When ipv6 is used with a pd and addresses are assigned to interfaces with the from-pool option, the assignment seems totally random. Is there a way there could be a preferred address option...

biomesh

This version broke communication between a crs318 and a crs317 with a SFP+ 10Gbase-T adapters (same adapter type on both ends). It works fine with 7.1 and 7.1.1.

biomesh

Did you disable your layer 7 rule as well for your test?

biomesh

I mean if you go to the FCC website... They have year downs of the units. And the boards are stamped as Emplus.

I didn't see it on the eap660HD pdfs, but the quality is not that good. The ethernet/power/reset layout on the tp-link is also different compared to the engenius/netgear models.

biomesh

TP-Link and Eugenius clearly went to the same OEM this time around. Looks like Emplus WAP380 is definitely the Eugenius WAP.

Are you thinking of the Netgear APs? They are basically the engenius APs but with less RAM.

biomesh

There is problem with sending e-mails from router in Netwatch tool (Up and Down scripts) Sending from Terminal is OK /tool e-mail send to="someone@somedomain.tld" subject="Failover is UP" body="Main ISP failed..." tls=yes The same command in Netwatch, tab Up and Down s...

biomesh

Looks like I lost access to SD cards on my CCR1009 with this release. My existing sd card is not visible and a new card is also not visible.

biomesh

I saw my ccr1009 had 95+% utilization on 4 cores (represented as "networking" in the profile tool) and l2tp/ipsec (looked more like an ipsec issue) would not connect as a client. A reboot had everything back to normal. I did not get a supout.rif, but I will get one if I see the issue again.

biomesh

On devices with only 16M of flash I always use the minimum packages needed. The upgrade worked on most devices, but any with the wireless package installed it failed with the space error. When the device is wired, this is just an extra reboot to remove the package and reboot then upgrade. For device...

biomesh

Either rebuild the image/container or map it to persistent storage on the router.

biomesh

It could be something else, but linking at 10M half duplex is highly suspicious of a bad cable.

biomesh

Check the values for
Settings -> asterisk sip settings -> general sip settings -> nat settings -> local networks

If your network is not listed here, it will be precessed as at nat connection, even if it is not.

One of the symptoms of mis configured nat settings is no audio.

biomesh

Running winbox with windows with counters/statistics (like firewall or interface) will increase the CPU quite a bit. You are using one(if not the) slowest of the CPUs available on current hardware. I suggest closing all windows in your session and close /re-open winbox. Your CPU will most likely be ...

biomesh

I would start by only using one bridge and making sure all ports are hardware offloaded.

Normally by just having one bridge and all ports assigned to it will take care of it.

biomesh

Scenario: Bob reads about this, Bob updates his unsecured router, Bob sets protected routerboot thinking at it as a security measure, confirms it with the press of the button. Pedro gets in Bobs unsecured router easily, sees the protected bootloader set, changes the reformat-hold-button and reforma...

biomesh

Thanks Normis - great motivation to get people to upgrade!

biomesh

If you need 10 up to 10G ports then the CRS317 would be the best fit if you plan on using some 1G only SFP adapters or if you are going to use SFP+ DACs for some connections.

https://wiki.mikrotik.com/wiki/S%2BRJ10 ... l_guidance

biomesh

Set it a bit below, perhaps 900-920 Mbps. Basically run iperf tests until you see the retries drop to zero or almost zero for the correct value.

biomesh

The ccr1009 can route around 7-8 Gbps with or without a bridge involved. It really does not matter with the tests I have done in the past.

biomesh

Is the slowness only on the customers download/receiving speed but not the upload/send?

If so, I would set an egress rate limit on the port to see if that addresses the issue for you.

biomesh

It would be also interesting to see exports from what you call a good/clean config vs one that is hacked.

biomesh

Run /tool/profile
and see what is taking up the CPU. If you have an export you can post that as well.

biomesh

biomesh

Each radio can either be 5g or 2g. You need a separate provisioning rule/entry for each radio. This means a dual band device would need 2 separate rules.

biomesh

I always recommend the following when using a device with usb but no console port:

https://mikrotik.com/product/woobm

biomesh

Capsman at this time, cannot manage radios using the wave2 package.

biomesh

If it's mainly just the apple devices, try to increase the lease time. Others have reported issues with shorter lease times on apple devices.

biomesh

Generally speaking local-forwarding=no means all wifi traffic will be handled by the capsman server (via a bridge interface) and will be slower than with local-forwarding=yes - many times much slower. I have never heard of faster performance with local-forwarding=no unless you have something very od...

biomesh

Generally you would start with your dhcp client to get the prefixes and add them to a pool: /ipv6 dhcp-client add add-default-route=yes interface=wan pool-name=comcast_ipv6 prefix-hint=::/60 request=address,prefix use-peer-dns=no Then you just need to add an address to the the vlan interface that co...

biomesh

The fan holes only fit 30x30 fans so that is your limitation. I ran then externally mounted from a USB power supply adapter for a while until I got tired of the sound. Not the most professional looking, but it works.

biomesh

The space available on the IN cases only allow for a 30x30 fan, which there are not as many choices as the fans for the RM version which allow for 40x40 fans. For the most part you are left with using fans for raspberry pis. These are generally cheap and can run 3.3v or 5v but are not very quiet.

biomesh

My CRS326 (IN version) has two small holes, not four and the holes are smaller and don't have any threads like any other rack capable mikrotik devices. Your best best is a shelf like stated above.

biomesh

As you can see from hes config above he did that, so did i, while you are right and old protocols are total performanse killers and cause problems, in this case its not helping. His config did not have those settings, thus the suggestion. Those are the settings I use with zero issues. I don't use a...

biomesh

I would set your 2ghz channels to 2ghz-onlyn or at least 2ghz-g/n. For 5ghz set it to 5ghz-n/ac. You could have issues negotiating the older protocols.

biomesh

If you have the APs spread out you could use the access list and have accept rules for those MAC addresses to each AP with a signal level that is really good i.e. (-50..120). This way if the device gets too far away from any one AP it will only connect to one of the APs. This won't help though if th...

biomesh

Do they randomize the full mac address or just the last three octets (or something similar)? If part of the mac address is consistent between devices you could use the mac mask option to only have the rule to apply to certain mac address ranges. There is no way that I can see where you can limit the...

biomesh

I don't see an issue with your vlan config on the router, but you could have an issue with your switch. As for the IPv6 config, you really should not hard reference a prefix allocation unless you are 100% sure they are static as you will break your config easily. The default IPv6 address assignment ...

biomesh

or is your NetPower 16P capable of delivering 48V while being powered at 24V ?

These devices don't have a way for you to select what the power source is for the switch itself. It will use the source with the highest voltage.

biomesh

Just a guess since there is no export, but the channels could be set to Auto and it's using a dfs channel. Some devices won't even attempt to look at anything in the dfs range.

biomesh

Removing and re-adding the veth interface and container allowed it to start again. Containers should be able to start properly after an OS upgrade.

biomesh

My chr test system can no longer start the container that worked on rc3. No debug log output at all.

biomesh

Run iperf tests through endpoints connected through the switch, not the bandwidth test on the switch itself.

biomesh

You can specify multiple capsman servers on a cap but it will only use one at a time.

biomesh

Click the down arrow next to that field to get another value to select wlan2.

biomesh

The linux netinstall docs are here:

https://help.mikrotik.com/docs/display/ ... nsforLinux

I saw the segfaults, but I think it was before I exposed the ports in the container or I had something else misconfigured.

biomesh

Is the client Id the same in the lease? This is really the unique identifier and if you don't have one on the lease, it falls back to the Mac address.

I would just check to see if the device connected is trying to send a different client Id or let's say one with all zeros.

biomesh

It has nothing to do with roaming. It just has to do with the creation of the capsman interfaces. If you are going to use access rules for specific AP interfaces, then you will want "create enabled" vs "create dynamic enabled". I had capsman set with dynamic interfaces until I ne...

biomesh

Yes, just create access rules using the interface option. The first rule would be for the external AP(accept). If you have two radios then you would have two rules. Then underneath those you would have the rules for the internal aps, but for every accept rule, also add the signal range you are looki...

biomesh

The best examples are in the wiki:

https://wiki.mikrotik.com/wiki/Manual:C ... s_examples

(tdw beat me by a few minutes)

biomesh

I don't have a Mac os device, but normally with netinstall, the client address (-a) is on the same network as the server. When running on routeros docker, netinstall will fail to run if this is not correct.

So in your case it could be "-a 192.168.65.100"

biomesh

about time someone tried to use nextdns. is it working well? sending client device names etc?

It works just like the nextdns client that I run on some raspberrypis - no problems at all.

biomesh

@Zacharias: 1) If you change the PVID, on switch2, you are effectively changing the vlan it is on and so it cannot communicate with it anymore, especially with vlan-filtering and ingress-filtering enabled 2) The traffic coming from the bridge (internal) what is affected by this setting - if you are ...

biomesh

Well, unfortunately it does not work that way. I assumed that and spent a LOT of time on it. I could only get a bridged mode of 172.17.0.0/16 to work and not a bridged mode to my local network. Perhaps there is a way, but there is almost no docs on the feature as it is new. From what I have seen, on...

biomesh

Getting netinstall to work in a container is not difficult when using host networking. When using bridge mode - which is the only mode I have seen on the examples for ROS it won't work. The container will reside in a 172.17.0.0/16 network and when you run netinstall you have to provide an ip address...

biomesh

Here is my config for the nextdns client for use on CHR. The nextdns client does have builds for ARM, so for those interested it would probably work there as well. Dockerfile: FROM debian:bullseye-slim RUN apt-get update && apt-get install -y apt-transport-https curl && \ curl -o /us...

biomesh

For management, you can either set the pvid or create a vlan interface and assign it to the bridge. The DHCP client or IP address would be set on the bridge when using pvid but would be handled via the vlan interface otherwise.

biomesh

You only have vlan 201 defined on one port. It will not get switched to any other port. You would have to tag another port or set the pvid on another port to 201. If you are trying to route between vlans, this is best done on your router, not the switch. To route with this switch you would need ros7...

biomesh

I was trying to add a bridge to my CHR (running on vmware) and once I set auto-mac=no (with a unique MAC address) then ARP would stop working. Setting auto-mac=yes instantly reverted back to normal operation. A reboot did not resolve the issue. I have a hap ac2 running the same version with auto-mac...

biomesh

The 2004-16G-2S+ uses different hardware (the same switch chip in the 5009) which is not in the original 2004. Until more people buy the 16G-2S+ version it will be hard to say what the real issue is with these devices.

biomesh

1) Don't run a speedtest / bandwidth test directly on the devices themselves. These are very slow CPU - 400Mhz. Instead run iperf tests on two devices connected to the switches/routers. 2) If you just connect via winbox, and don't have any interface window open, CPU utilization is under 10%. if you ...

biomesh

From what I see on mine, it draws power from the highest voltage source, not the one with the least load.

biomesh

Is there a way for these names that are reported as having malware, etc to be disabled via a blacklist? This way if the person running one of these devices emails support they can have their devices validated before it is re enabled. This would prevent the whole domain from being blocked. (Note: I u...

biomesh

LE has supported wildcard certs for years:

https://community.letsencrypt.org/t/acm ... ards/55578

biomesh

Compare your IP address commands. Your vlan60 is missing the subnet mask.

biomesh

The rule is flagged as inactive and invalid since the time range is not in the current time. It will become active during that specific time range. If you see this during the actual time you want it to be active, you might want to change your time range. I would start by just changing 0s to 1s to se...

biomesh

My CRS317 with ambient temp at 25C and running 6.48.4 (with updated firmware) has a cpu temp of 47C and overall temp of 51C. This includes one 10GbaseT copper adapter and 9 SFP+ DACs. The CPU is between 2-3% utilization. My fans never run (except on reboot of course) I have a feeling that something ...

biomesh

You might be able, depending on coverage area and distance to the garage, use a wireless wire kit to connect the house and garage and use whatever AP you want in the garage for 2.4/5 g access.

biomesh

msatter's comment was related to your topic for this post

biomesh

You need a level 4 license for the device to act as an AP.

https://wiki.mikrotik.com/wiki/Manual:L ... nse_Levels

biomesh

I have the Ccr1009-8g-1s-1s+PC and those shipped with 24V power bricks. With .4, the voltage is showing ~40V instead of ~24V.

biomesh

I have a CCR1009 with the incorrect voltage reported, like post #5. Seems to only affect tile based devices. All of my arm or mipsbe devices with voltage monitoring are correct.

Search found 536 matches